/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package types contains all types and logic required by the Teleport API.
package types
import (
"fmt"
"reflect"
"slices"
"sort"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/constants"
"github.com/gravitational/teleport/api/utils"
)
// AccessRequest is a request for temporarily granted roles
type AccessRequest interface {
ResourceWithLabels
// GetUser gets the name of the requesting user
GetUser() string
// GetRoles gets the roles being requested by the user
GetRoles() []string
// SetRoles overrides the roles being requested by the user
SetRoles([]string)
// GetState gets the current state of the request
GetState() RequestState
// SetState sets the approval state of the request
SetState(RequestState) error
// GetCreationTime gets the time at which the request was
// originally registered with the auth server.
GetCreationTime() time.Time
// SetCreationTime sets the creation time of the request.
SetCreationTime(time.Time)
// GetAccessExpiry gets the expiration time for the elevated certificate
// that will be issued if the Access Request is approved.
GetAccessExpiry() time.Time
// GetAssumeStartTime gets the time the roles can be assumed
// if the Access Request is approved.
GetAssumeStartTime() *time.Time
// SetAssumeStartTime sets the time the roles can be assumed
// if the Access Request is approved.
SetAssumeStartTime(time.Time)
// SetAccessExpiry sets the expiration time for the elevated certificate
// that will be issued if the Access Request is approved.
SetAccessExpiry(time.Time)
// GetSessionTLL gets the session TTL for generated certificates.
GetSessionTLL() time.Time
// SetSessionTLL sets the session TTL for generated certificates.
SetSessionTLL(time.Time)
// GetRequestReason gets the reason for the request's creation.
GetRequestReason() string
// SetRequestReason sets the reason for the request's creation.
SetRequestReason(string)
// GetResolveReason gets the reason for the request's resolution.
GetResolveReason() string
// SetResolveReason sets the reason for the request's resolution.
SetResolveReason(string)
// GetResolveAnnotations gets the annotations associated with
// the request's resolution.
GetResolveAnnotations() map[string][]string
// SetResolveAnnotations sets the annotations associated with
// the request's resolution.
SetResolveAnnotations(map[string][]string)
// GetSystemAnnotations gets the teleport-applied annotations.
GetSystemAnnotations() map[string][]string
// SetSystemAnnotations sets the teleport-applied annotations.
SetSystemAnnotations(map[string][]string)
// GetOriginalRoles gets the original (pre-override) role list.
GetOriginalRoles() []string
// GetThresholds gets the review thresholds.
GetThresholds() []AccessReviewThreshold
// SetThresholds sets the review thresholds (internal use only).
SetThresholds([]AccessReviewThreshold)
// GetRoleThresholdMapping gets the rtm. See documentation of the
// AccessRequestSpecV3.RoleThresholdMapping field for details.
GetRoleThresholdMapping() map[string]ThresholdIndexSets
// SetRoleThresholdMapping sets the rtm (internal use only). See documentation
// of the AccessRequestSpecV3.RoleThresholdMapping field for details.
SetRoleThresholdMapping(map[string]ThresholdIndexSets)
// GetReviews gets the list of currently applied access reviews.
GetReviews() []AccessReview
// SetReviews sets the list of currently applied access reviews (internal use only).
SetReviews([]AccessReview)
// GetPromotedAccessListName returns the access list name that this access request
// was promoted to.
GetPromotedAccessListName() string
// SetPromotedAccessListName sets the access list name that this access request
// was promoted to.
SetPromotedAccessListName(name string)
// GetPromotedAccessListTitle returns the access list title that this access request
// was promoted to.
GetPromotedAccessListTitle() string
// SetPromotedAccessListTitle sets the access list title that this access request
// was promoted to.
SetPromotedAccessListTitle(string)
// GetSuggestedReviewers gets the suggested reviewer list.
GetSuggestedReviewers() []string
// SetSuggestedReviewers sets the suggested reviewer list.
SetSuggestedReviewers([]string)
// GetRequestedResourceIDs gets the resource IDs to which access is being requested.
GetRequestedResourceIDs() []ResourceID
// SetRequestedResourceIDs sets the resource IDs to which access is being requested.
SetRequestedResourceIDs([]ResourceID)
// GetLoginHint gets the requested login hint.
GetLoginHint() string
// SetLoginHint sets the requested login hint.
SetLoginHint(string)
// GetMaxDuration gets the maximum time at which the access should be approved for.
GetMaxDuration() time.Time
// SetMaxDuration sets the maximum time at which the access should be approved for.
SetMaxDuration(time.Time)
// GetDryRun returns true if this request should not be created and is only
// a dry run to validate request capabilities.
GetDryRun() bool
// SetDryRun sets the dry run flag on the request.
SetDryRun(bool)
// GetDryRunEnrichment gets the dry run enrichment data.
GetDryRunEnrichment() *AccessRequestDryRunEnrichment
// SetDryRunEnrichment sets the dry run enrichment data.
SetDryRunEnrichment(*AccessRequestDryRunEnrichment)
// GetRequestKind gets the kind of request.
GetRequestKind() AccessRequestKind
// SetRequestKind sets the kind (short/long-term) of request.
SetRequestKind(AccessRequestKind)
// Copy returns a copy of the access request resource.
Copy() AccessRequest
// GetLongTermResourceGrouping gets the long-term resource grouping, if present.
GetLongTermResourceGrouping() *LongTermResourceGrouping
// SetLongTermResourceGrouping sets the long-term resource grouping.
SetLongTermResourceGrouping(*LongTermResourceGrouping)
}
// NewAccessRequest assembles an AccessRequest resource.
func NewAccessRequest(name string, user string, roles ...string) (AccessRequest, error) {
return NewAccessRequestWithResources(name, user, roles, []ResourceID{})
}
// NewAccessRequestWithResources assembles an AccessRequest resource with
// requested resources.
func NewAccessRequestWithResources(name string, user string, roles []string, resourceIDs []ResourceID) (AccessRequest, error) {
req := AccessRequestV3{
Metadata: Metadata{
Name: name,
},
Spec: AccessRequestSpecV3{
User: user,
Roles: slices.Clone(roles),
RequestedResourceIDs: append([]ResourceID{}, resourceIDs...),
},
}
if err := req.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return &req, nil
}
// GetUser gets User
func (r *AccessRequestV3) GetUser() string {
return r.Spec.User
}
// GetRoles gets Roles
func (r *AccessRequestV3) GetRoles() []string {
return r.Spec.Roles
}
// SetRoles sets Roles
func (r *AccessRequestV3) SetRoles(roles []string) {
r.Spec.Roles = roles
}
// GetState gets State
func (r *AccessRequestV3) GetState() RequestState {
return r.Spec.State
}
// SetState sets State
func (r *AccessRequestV3) SetState(state RequestState) error {
if r.Spec.State.IsDenied() {
if state.IsDenied() {
return nil
}
return trace.BadParameter("cannot set request-state %q (already denied)", state.String())
}
r.Spec.State = state
return nil
}
// GetCreationTime gets CreationTime
func (r *AccessRequestV3) GetCreationTime() time.Time {
return r.Spec.Created
}
// SetCreationTime sets CreationTime
func (r *AccessRequestV3) SetCreationTime(t time.Time) {
r.Spec.Created = t.UTC()
}
// GetAccessExpiry gets AccessExpiry
func (r *AccessRequestV3) GetAccessExpiry() time.Time {
return r.Spec.Expires
}
// GetAssumeStartTime gets AssumeStartTime
func (r *AccessRequestV3) GetAssumeStartTime() *time.Time {
return r.Spec.AssumeStartTime
}
// SetAssumeStartTime sets AssumeStartTime
func (r *AccessRequestV3) SetAssumeStartTime(t time.Time) {
r.Spec.AssumeStartTime = &t
}
// SetAccessExpiry sets AccessExpiry
func (r *AccessRequestV3) SetAccessExpiry(expiry time.Time) {
r.Spec.Expires = expiry.UTC()
}
// GetSessionTLL gets SessionTLL
func (r *AccessRequestV3) GetSessionTLL() time.Time {
return r.Spec.SessionTTL
}
// SetSessionTLL sets SessionTLL
func (r *AccessRequestV3) SetSessionTLL(t time.Time) {
r.Spec.SessionTTL = t.UTC()
}
// GetRequestReason gets RequestReason
func (r *AccessRequestV3) GetRequestReason() string {
return r.Spec.RequestReason
}
// SetRequestReason sets RequestReason
func (r *AccessRequestV3) SetRequestReason(reason string) {
r.Spec.RequestReason = reason
}
// GetResolveReason gets ResolveReason
func (r *AccessRequestV3) GetResolveReason() string {
return r.Spec.ResolveReason
}
// SetResolveReason sets ResolveReason
func (r *AccessRequestV3) SetResolveReason(reason string) {
r.Spec.ResolveReason = reason
}
// GetResolveAnnotations gets ResolveAnnotations
func (r *AccessRequestV3) GetResolveAnnotations() map[string][]string {
return r.Spec.ResolveAnnotations
}
// SetResolveAnnotations sets ResolveAnnotations
func (r *AccessRequestV3) SetResolveAnnotations(annotations map[string][]string) {
r.Spec.ResolveAnnotations = annotations
}
// GetSystemAnnotations gets SystemAnnotations
func (r *AccessRequestV3) GetSystemAnnotations() map[string][]string {
return r.Spec.SystemAnnotations
}
// SetSystemAnnotations sets SystemAnnotations
func (r *AccessRequestV3) SetSystemAnnotations(annotations map[string][]string) {
r.Spec.SystemAnnotations = annotations
}
func (r *AccessRequestV3) GetOriginalRoles() []string {
if l := len(r.Spec.RoleThresholdMapping); l == 0 || l == len(r.Spec.Roles) {
// rtm is unspecified or original role list is unmodified. since the rtm
// keys and role list are identical until role subselection is applied,
// we can return the role list directly.
return r.Spec.Roles
}
// role subselection has been applied. calculate original roles
// by collecting the keys of the rtm.
roles := make([]string, 0, len(r.Spec.RoleThresholdMapping))
for role := range r.Spec.RoleThresholdMapping {
roles = append(roles, role)
}
sort.Strings(roles)
return roles
}
// GetThresholds gets the review thresholds.
func (r *AccessRequestV3) GetThresholds() []AccessReviewThreshold {
return r.Spec.Thresholds
}
// SetThresholds sets the review thresholds.
func (r *AccessRequestV3) SetThresholds(thresholds []AccessReviewThreshold) {
r.Spec.Thresholds = thresholds
}
// GetRoleThresholdMapping gets the rtm.
func (r *AccessRequestV3) GetRoleThresholdMapping() map[string]ThresholdIndexSets {
return r.Spec.RoleThresholdMapping
}
// SetRoleThresholdMapping sets the rtm (internal use only).
func (r *AccessRequestV3) SetRoleThresholdMapping(rtm map[string]ThresholdIndexSets) {
r.Spec.RoleThresholdMapping = rtm
}
// SetReviews sets the list of currently applied access reviews.
func (r *AccessRequestV3) SetReviews(revs []AccessReview) {
utcRevs := make([]AccessReview, len(revs))
for i, rev := range revs {
utcRevs[i] = rev
utcRevs[i].Created = rev.Created.UTC()
}
r.Spec.Reviews = utcRevs
}
// GetReviews gets the list of currently applied access reviews.
func (r *AccessRequestV3) GetReviews() []AccessReview {
return r.Spec.Reviews
}
// GetSuggestedReviewers gets the suggested reviewer list.
func (r *AccessRequestV3) GetSuggestedReviewers() []string {
return r.Spec.SuggestedReviewers
}
// SetSuggestedReviewers sets the suggested reviewer list.
func (r *AccessRequestV3) SetSuggestedReviewers(reviewers []string) {
r.Spec.SuggestedReviewers = reviewers
}
// GetPromotedAccessListName returns PromotedAccessListName.
func (r *AccessRequestV3) GetPromotedAccessListName() string {
if r.Spec.AccessList == nil {
return ""
}
return r.Spec.AccessList.Name
}
// SetPromotedAccessListName sets PromotedAccessListName.
func (r *AccessRequestV3) SetPromotedAccessListName(name string) {
if r.Spec.AccessList == nil {
r.Spec.AccessList = &PromotedAccessList{}
}
r.Spec.AccessList.Name = name
}
// GetPromotedAccessListTitle returns PromotedAccessListTitle.
func (r *AccessRequestV3) GetPromotedAccessListTitle() string {
if r.Spec.AccessList == nil {
return ""
}
return r.Spec.AccessList.Title
}
// SetPromotedAccessListTitle sets PromotedAccessListTitle.
func (r *AccessRequestV3) SetPromotedAccessListTitle(title string) {
if r.Spec.AccessList == nil {
r.Spec.AccessList = &PromotedAccessList{}
}
r.Spec.AccessList.Title = title
}
// setStaticFields sets static resource header and metadata fields.
func (r *AccessRequestV3) setStaticFields() {
r.Kind = KindAccessRequest
r.Version = V3
}
// CheckAndSetDefaults validates set values and sets default values
func (r *AccessRequestV3) CheckAndSetDefaults() error {
r.setStaticFields()
if err := r.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if r.Spec.State.IsNone() {
r.Spec.State = RequestState_PENDING
}
if r.GetState().IsPending() {
if r.GetResolveReason() != "" {
return trace.BadParameter("pending requests cannot include resolve reason")
}
if len(r.GetResolveAnnotations()) != 0 {
return trace.BadParameter("pending requests cannot include resolve annotations")
}
}
if r.GetUser() == "" {
return trace.BadParameter("access request user name not set")
}
if r.Spec.Roles == nil {
r.Spec.Roles = []string{}
}
if r.Spec.RequestedResourceIDs == nil {
r.Spec.RequestedResourceIDs = []ResourceID{}
}
if len(r.GetRoles()) == 0 && len(r.GetRequestedResourceIDs()) == 0 {
return trace.BadParameter("access request does not specify any roles or resources")
}
// dedupe and sort roles to simplify comparing role lists
r.Spec.Roles = utils.Deduplicate(r.Spec.Roles)
sort.Strings(r.Spec.Roles)
return nil
}
// GetKind gets Kind
func (r *AccessRequestV3) GetKind() string {
return r.Kind
}
// GetSubKind gets SubKind
func (r *AccessRequestV3) GetSubKind() string {
return r.SubKind
}
// SetSubKind sets SubKind
func (r *AccessRequestV3) SetSubKind(subKind string) {
r.SubKind = subKind
}
// GetVersion gets Version
func (r *AccessRequestV3) GetVersion() string {
return r.Version
}
// GetName gets Name
func (r *AccessRequestV3) GetName() string {
return r.Metadata.Name
}
// SetName sets Name
func (r *AccessRequestV3) SetName(name string) {
r.Metadata.Name = name
}
// Expiry gets Expiry
func (r *AccessRequestV3) Expiry() time.Time {
// Fallback on existing expiry in metadata if not set in spec.
if r.Spec.ResourceExpiry != nil {
return *r.Spec.ResourceExpiry
}
return r.Metadata.Expiry()
}
// SetExpiry sets Expiry
func (r *AccessRequestV3) SetExpiry(expiry time.Time) {
t := expiry.UTC()
r.Spec.ResourceExpiry = &t
}
// GetMetadata gets Metadata
func (r *AccessRequestV3) GetMetadata() Metadata {
return r.Metadata
}
// GetRevision returns the revision
func (r *AccessRequestV3) GetRevision() string {
return r.Metadata.GetRevision()
}
// SetRevision sets the revision
func (r *AccessRequestV3) SetRevision(rev string) {
r.Metadata.SetRevision(rev)
}
// GetRequestedResourceIDs gets the resource IDs to which access is being requested.
func (r *AccessRequestV3) GetRequestedResourceIDs() []ResourceID {
return append([]ResourceID{}, r.Spec.RequestedResourceIDs...)
}
// SetRequestedResourceIDs sets the resource IDs to which access is being requested.
func (r *AccessRequestV3) SetRequestedResourceIDs(ids []ResourceID) {
r.Spec.RequestedResourceIDs = append([]ResourceID{}, ids...)
}
// GetLoginHint gets the requested login hint.
func (r *AccessRequestV3) GetLoginHint() string {
return r.Spec.LoginHint
}
// SetLoginHint sets the requested login hint.
func (r *AccessRequestV3) SetLoginHint(login string) {
r.Spec.LoginHint = login
}
// GetDryRun returns true if this request should not be created and is only
// a dry run to validate request capabilities.
func (r *AccessRequestV3) GetDryRun() bool {
return r.Spec.DryRun
}
// GetMaxDuration gets the maximum time at which the access should be approved for.
func (r *AccessRequestV3) GetMaxDuration() time.Time {
return r.Spec.MaxDuration
}
// SetMaxDuration sets the maximum time at which the access should be approved for.
func (r *AccessRequestV3) SetMaxDuration(t time.Time) {
r.Spec.MaxDuration = t
}
// SetDryRun sets the dry run flag on the request.
func (r *AccessRequestV3) SetDryRun(dryRun bool) {
r.Spec.DryRun = dryRun
}
// GetDryRunEnrichment gets the dry run enrichment data.
func (r *AccessRequestV3) GetDryRunEnrichment() *AccessRequestDryRunEnrichment {
return r.Spec.DryRunEnrichment
}
// SetDryRunEnrichment sets the dry run enrichment data.
func (r *AccessRequestV3) SetDryRunEnrichment(enrichment *AccessRequestDryRunEnrichment) {
r.Spec.DryRunEnrichment = enrichment
}
// GetRequestKind gets the kind of request.
func (r *AccessRequestV3) GetRequestKind() AccessRequestKind {
return r.Spec.RequestKind
}
// SetRequestKind sets the kind (short/long-term) of request.
func (r *AccessRequestV3) SetRequestKind(kind AccessRequestKind) {
r.Spec.RequestKind = kind
}
// GetLongTermResourceGrouping gets the long-term resource grouping, if present.
func (r *AccessRequestV3) GetLongTermResourceGrouping() *LongTermResourceGrouping {
return r.Spec.LongTermGrouping
}
// SetLongTermResourceGrouping sets the long-term resource grouping suggestion.
func (r *AccessRequestV3) SetLongTermResourceGrouping(grouping *LongTermResourceGrouping) {
r.Spec.LongTermGrouping = grouping
}
// IsLongTerm checks if the request kind is long-term.
func (a AccessRequestKind) IsLongTerm() bool {
return a == AccessRequestKind_LONG_TERM
}
// IsShortTerm checks if the request kind is explicitly short-term, or is undefined.
func (a AccessRequestKind) IsShortTerm() bool {
return a != AccessRequestKind_LONG_TERM
}
// Copy returns a copy of the access request resource.
func (r *AccessRequestV3) Copy() AccessRequest {
return utils.CloneProtoMsg(r)
}
// GetLabel retrieves the label with the provided key. If not found
// value will be empty and ok will be false.
func (r *AccessRequestV3) GetLabel(key string) (value string, ok bool) {
v, ok := r.Metadata.Labels[key]
return v, ok
}
// GetStaticLabels returns the access request static labels.
func (r *AccessRequestV3) GetStaticLabels() map[string]string {
return r.Metadata.Labels
}
// SetStaticLabels sets the access request static labels.
func (r *AccessRequestV3) SetStaticLabels(sl map[string]string) {
r.Metadata.Labels = sl
}
// GetAllLabels returns the access request static labels.
func (r *AccessRequestV3) GetAllLabels() map[string]string {
return r.Metadata.Labels
}
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (r *AccessRequestV3) MatchSearch(values []string) bool {
fieldVals := append(utils.MapToStrings(r.GetAllLabels()), r.GetName(), r.GetUser())
fieldVals = append(fieldVals, r.GetRoles()...)
for _, resource := range r.GetRequestedResourceIDs() {
fieldVals = append(fieldVals, resource.Name)
}
return MatchSearch(fieldVals, values, nil)
}
// Origin returns the origin value of the resource.
func (r *AccessRequestV3) Origin() string {
return r.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (r *AccessRequestV3) SetOrigin(origin string) {
r.Metadata.SetOrigin(origin)
}
// String returns a text representation of this AccessRequest
func (r *AccessRequestV3) String() string {
return fmt.Sprintf("AccessRequest(user=%v,roles=%+v)", r.Spec.User, r.Spec.Roles)
}
func (c AccessReviewConditions) IsZero() bool {
return reflect.ValueOf(c).IsZero()
}
func (s AccessReviewSubmission) Check() error {
if s.RequestID == "" {
return trace.BadParameter("missing request ID")
}
return s.Review.Check()
}
func (s AccessReview) Check() error {
if s.Author == "" {
return trace.BadParameter("missing review author")
}
return nil
}
// GetAccessListName returns the access list name used for the promotion.
func (s AccessReview) GetAccessListName() string {
if s.AccessList == nil {
return ""
}
return s.AccessList.Name
}
// GetAccessListTitle returns the access list title used for the promotion.
func (s AccessReview) GetAccessListTitle() string {
if s.AccessList == nil {
return ""
}
return s.AccessList.Title
}
// IsEqual t is equivalent to the provide AccessReviewThreshold.
func (t *AccessReviewThreshold) IsEqual(o *AccessReviewThreshold) bool {
return deriveTeleportEqualAccessReviewThreshold(t, o)
}
// AccessRequestUpdate encompasses the parameters of a
// SetAccessRequestState call.
type AccessRequestUpdate struct {
// RequestID is the ID of the request to be updated.
RequestID string
// State is the state that the target request
// should resolve to.
State RequestState
// Reason is an optional description of *why* the
// the request is being resolved.
Reason string
// Annotations supplies extra data associated with
// the resolution; primarily for audit purposes.
Annotations map[string][]string
// Roles, if non-empty declares a list of roles
// that should override the role list of the request.
// This parameter is only accepted on approvals
// and must be a subset of the role list originally
// present on the request.
Roles []string
// AssumeStartTime sets the time the requestor can assume
// the requested roles.
AssumeStartTime *time.Time
}
// Check validates the request's fields
func (u *AccessRequestUpdate) Check() error {
if u.RequestID == "" {
return trace.BadParameter("missing request id")
}
if u.State.IsNone() {
return trace.BadParameter("missing request state")
}
if len(u.Roles) > 0 && !u.State.IsApproved() {
return trace.BadParameter("cannot override roles when setting state: %s", u.State)
}
return nil
}
// RequestReasonMode can be either "required" or "optional". Empty-string is treated as "optional".
// If a role has the request reason mode set to "required", then reason is required for all Access
// Requests requesting roles or resources allowed by this role. It applies only to users who have
// this role assigned.
type RequestReasonMode string
const (
// RequestReasonModeRequired indicates required mode. See [[RequestReasonMode]] godoc for
// more details.
RequestReasonModeRequired RequestReasonMode = "required"
// RequestReasonModeRequired indicates optional mode. See [[RequestReasonMode]] godoc for
// more details.
RequestReasonModeOptional RequestReasonMode = "optional"
)
var allRequestReasonModes = []RequestReasonMode{
RequestReasonModeRequired,
RequestReasonModeOptional,
}
// Required checks if this mode is "required". Empty mode is treated as "optional".
func (m RequestReasonMode) Required() bool {
switch m {
case RequestReasonModeRequired:
return true
default:
return false
}
}
// Check validates this mode value. Note that an empty value is considered invalid.
func (m RequestReasonMode) Check() error {
for _, x := range allRequestReasonModes {
if m == x {
return nil
}
}
return trace.BadParameter("unrecognized request reason mode %q, must be one of: %v",
m, allRequestReasonModes)
}
// RequestStrategy is an indicator of how access requests
// should be handled for holders of a given role.
type RequestStrategy string
const (
// RequestStrategyOptional is the default request strategy,
// indicating that no special actions/requirements exist.
RequestStrategyOptional RequestStrategy = "optional"
// RequestStrategyReason indicates that client implementations
// should automatically generate wildcard requests on login, and
// users should be prompted for a reason.
RequestStrategyReason RequestStrategy = "reason"
// RequestStrategyAlways indicates that client implementations
// should automatically generate wildcard requests on login, but
// that reasons are not required.
RequestStrategyAlways RequestStrategy = "always"
)
// ShouldAutoRequest checks if the request strategy
// indicates that a request should be automatically
// generated on login.
func (s RequestStrategy) ShouldAutoRequest() bool {
switch s {
case RequestStrategyReason, RequestStrategyAlways:
return true
default:
return false
}
}
// RequireReason checks if the request strategy
// is one that requires users to always supply
// reasons with their requests.
func (s RequestStrategy) RequireReason() bool {
return s == RequestStrategyReason
}
// stateVariants allows iteration of the expected variants
// of RequestState.
var stateVariants = [5]RequestState{
RequestState_NONE,
RequestState_PENDING,
RequestState_APPROVED,
RequestState_DENIED,
RequestState_PROMOTED,
}
// Parse attempts to interpret a value as a string representation
// of a RequestState.
func (s *RequestState) Parse(val string) error {
for _, state := range stateVariants {
if state.String() == val {
*s = state
return nil
}
}
return trace.BadParameter("unknown request state: %q", val)
}
// IsNone request state
func (s RequestState) IsNone() bool {
return s == RequestState_NONE
}
// IsPending request state
func (s RequestState) IsPending() bool {
return s == RequestState_PENDING
}
// IsApproved request state
func (s RequestState) IsApproved() bool {
return s == RequestState_APPROVED
}
// IsDenied request state
func (s RequestState) IsDenied() bool {
return s == RequestState_DENIED
}
// IsPromoted returns true is the request in the PROMOTED state.
func (s RequestState) IsPromoted() bool {
return s == RequestState_PROMOTED
}
// IsResolved request state
func (s RequestState) IsResolved() bool {
return s.IsApproved() || s.IsDenied() || s.IsPromoted()
}
// key values for map encoding of request filter
const (
keyID = "id"
keyUser = "user"
keyState = "state"
)
// IntoMap copies AccessRequestFilter values into a map
func (f *AccessRequestFilter) IntoMap() map[string]string {
m := make(map[string]string)
if f.ID != "" {
m[keyID] = f.ID
}
if f.User != "" {
m[keyUser] = f.User
}
if !f.State.IsNone() {
m[keyState] = f.State.String()
}
return m
}
// FromMap copies values from a map into this AccessRequestFilter value
func (f *AccessRequestFilter) FromMap(m map[string]string) error {
for key, val := range m {
switch key {
case keyID:
f.ID = val
case keyUser:
f.User = val
case keyState:
if err := f.State.Parse(val); err != nil {
return trace.Wrap(err)
}
default:
return trace.BadParameter("unknown filter key %s", key)
}
}
return nil
}
func hasReviewed(req AccessRequest, author string) bool {
reviews := req.GetReviews()
var reviewers []string
for _, review := range reviews {
reviewers = append(reviewers, review.Author)
}
return slices.Contains(reviewers, author)
}
// Match checks if a given access request matches this filter.
func (f *AccessRequestFilter) Match(req AccessRequest) bool {
// only return if the request was made by the api requester
if f.Scope == AccessRequestScope_MY_REQUESTS && req.GetUser() != f.Requester {
return false
}
// a user cannot review their own requests
if f.Scope == AccessRequestScope_NEEDS_REVIEW {
if req.GetUser() == f.Requester {
return false
}
if req.GetState() != RequestState_PENDING {
return false
}
if hasReviewed(req, f.Requester) {
return false
}
}
// only match if the api requester has submit a review
if f.Scope == AccessRequestScope_REVIEWED {
// users cant review their own requests so we can early return
if req.GetUser() == f.Requester {
return false
}
if !hasReviewed(req, f.Requester) {
return false
}
}
if !req.MatchSearch(f.SearchKeywords) {
return false
}
if f.ID != "" && req.GetName() != f.ID {
return false
}
if f.User != "" && req.GetUser() != f.User {
return false
}
if !f.State.IsNone() && req.GetState() != f.State {
return false
}
return true
}
// AccessRequests is a list of AccessRequest resources.
type AccessRequests []AccessRequest
// ToMap returns these access requests as a map keyed by access request name.
func (a AccessRequests) ToMap() map[string]AccessRequest {
m := make(map[string]AccessRequest)
for _, accessRequest := range a {
m[accessRequest.GetName()] = accessRequest
}
return m
}
// AsResources returns these access requests as resources with labels.
func (a AccessRequests) AsResources() (resources ResourcesWithLabels) {
for _, accessRequest := range a {
resources = append(resources, accessRequest)
}
return resources
}
// Len returns the slice length.
func (a AccessRequests) Len() int { return len(a) }
// Less compares access requests by name.
func (a AccessRequests) Less(i, j int) bool { return a[i].GetName() < a[j].GetName() }
// Swap swaps two access requests.
func (a AccessRequests) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
// NewAccessRequestAllowedPromotions returns a new AccessRequestAllowedPromotions resource.
func NewAccessRequestAllowedPromotions(promotions []*AccessRequestAllowedPromotion) *AccessRequestAllowedPromotions {
if promotions == nil {
promotions = make([]*AccessRequestAllowedPromotion, 0)
}
return &AccessRequestAllowedPromotions{
Promotions: promotions,
}
}
// ValidateAssumeStartTime returns error if start time is in an invalid range.
func ValidateAssumeStartTime(assumeStartTime time.Time, accessExpiry time.Time, creationTime time.Time) error {
// Guard against requesting a start time before the request creation time.
if assumeStartTime.Before(creationTime) {
return trace.BadParameter("assume start time has to be after %v", creationTime.Format(time.RFC3339))
}
// Guard against requesting a start time after access expiry.
if assumeStartTime.After(accessExpiry) || assumeStartTime.Equal(accessExpiry) {
return trace.BadParameter("assume start time must be prior to access expiry time at %v",
accessExpiry.Format(time.RFC3339))
}
// Access expiry can be greater than constants.MaxAssumeStartDuration, but start time
// should be on or before constants.MaxAssumeStartDuration.
maxAssumableStartTime := creationTime.Add(constants.MaxAssumeStartDuration)
if maxAssumableStartTime.Before(accessExpiry) && assumeStartTime.After(maxAssumableStartTime) {
return trace.BadParameter("assume start time is too far in the future, latest time allowed is %v",
maxAssumableStartTime.Format(time.RFC3339))
}
return nil
}
/*
* Copyright 2021 Gravitational, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package types
import (
"time"
"github.com/gravitational/trace"
)
// NewRecoveryCodes creates a new RecoveryCodes with the given codes and created
// time.
func NewRecoveryCodes(codes []RecoveryCode, created time.Time, username string) (*RecoveryCodesV1, error) {
rc := &RecoveryCodesV1{
Metadata: Metadata{
Name: username,
},
Spec: RecoveryCodesSpecV1{
Codes: codes,
Created: created,
},
}
if err := rc.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return rc, nil
}
// CheckAndSetDefaults validates fields and populates empty fields with default values.
func (t *RecoveryCodesV1) CheckAndSetDefaults() error {
t.setStaticFields()
if err := t.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if t.Spec.Codes == nil {
return trace.BadParameter("missing Codes field")
}
if t.Spec.Created.IsZero() {
return trace.BadParameter("missing Created field")
}
return nil
}
func (t *RecoveryCodesV1) setStaticFields() {
t.Kind = KindRecoveryCodes
t.Version = V1
}
// GetCodes returns recovery codes.
func (t *RecoveryCodesV1) GetCodes() []RecoveryCode {
return t.Spec.Codes
}
// RecoveryAttempt represents an unsuccessful attempt at recovering a user's account.
type RecoveryAttempt struct {
// Time is time of the attempt.
Time time.Time `json:"time"`
// Expires defines the time when this attempt should expire.
Expires time.Time `json:"expires"`
}
func (a *RecoveryAttempt) Check() error {
switch {
case a.Time.IsZero():
return trace.BadParameter("missing parameter time")
case a.Expires.IsZero():
return trace.BadParameter("missing parameter expires")
}
return nil
}
// IsMaxFailedRecoveryAttempt determines if user reached their max failed attempts.
// Attempts list is expected to come sorted from oldest to latest time.
func IsMaxFailedRecoveryAttempt(maxAttempts int, attempts []*RecoveryAttempt, now time.Time) bool {
var failed int
for i := len(attempts) - 1; i >= 0; i-- {
if attempts[i].Expires.After(now) {
failed++
}
if failed >= maxAttempts {
return true
}
}
return false
}
/*
Copyright 2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"fmt"
"iter"
"net/url"
"slices"
"strconv"
"strings"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/constants"
"github.com/gravitational/teleport/api/types/compare"
"github.com/gravitational/teleport/api/utils"
netutils "github.com/gravitational/teleport/api/utils/net"
)
var _ compare.IsEqual[Application] = (*AppV3)(nil)
// Application represents a web, TCP or cloud console application.
type Application interface {
// ResourceWithLabels provides common resource methods.
ResourceWithLabels
// GetNamespace returns the app namespace.
GetNamespace() string
// GetStaticLabels returns the app static labels.
GetStaticLabels() map[string]string
// SetStaticLabels sets the app static labels.
SetStaticLabels(map[string]string)
// GetDynamicLabels returns the app dynamic labels.
GetDynamicLabels() map[string]CommandLabel
// SetDynamicLabels sets the app dynamic labels.
SetDynamicLabels(map[string]CommandLabel)
// String returns string representation of the app.
String() string
// GetDescription returns the app description.
GetDescription() string
// GetURI returns the app connection endpoint.
GetURI() string
// SetURI sets the app endpoint.
SetURI(string)
// GetPublicAddr returns the app public address.
GetPublicAddr() string
// SetPublicAddr sets the app public address.
SetPublicAddr(s string)
// GetInsecureSkipVerify returns the app insecure setting.
GetInsecureSkipVerify() bool
// GetRewrite returns the app rewrite configuration.
GetRewrite() *Rewrite
// IsAWSConsole returns true if this app is AWS management console.
IsAWSConsole() bool
// IsAzureCloud returns true if this app represents Azure Cloud instance.
IsAzureCloud() bool
// IsGCP returns true if this app represents GCP instance.
IsGCP() bool
// IsTCP returns true if this app represents a TCP endpoint.
IsTCP() bool
// IsMCP returns true if this app represents a MCP server.
IsMCP() bool
// GetProtocol returns the application protocol.
GetProtocol() string
// GetAWSAccountID returns value of label containing AWS account ID on this app.
GetAWSAccountID() string
// GetAWSExternalID returns the AWS External ID configured for this app.
GetAWSExternalID() string
// GetAWSRolesAnywhereProfileARN returns the AWS IAM Roles Anywhere Profile ARN which originated this App.
GetAWSRolesAnywhereProfileARN() string
// GetAWSRolesAnywhereAcceptRoleSessionName returns whether the IAM Roles Anywhere Profile supports defining a custom AWS Session Name.
GetAWSRolesAnywhereAcceptRoleSessionName() bool
// GetUserGroups will get the list of user group IDs associated with the application.
GetUserGroups() []string
// SetUserGroups will set the list of user group IDs associated with the application.
SetUserGroups([]string)
// Copy returns a copy of this app resource.
Copy() *AppV3
// GetIntegration will return the Integration.
// If present, the Application must use the Integration's credentials instead of ambient credentials to access Cloud APIs.
GetIntegration() string
// GetRequiredAppNames will return a list of required apps names that should be authenticated during this apps authentication process.
GetRequiredAppNames() []string
// GetUseAnyProxyPublicAddr will return true if a client should rebuild this app's fqdn based on the proxy's public addr.
GetUseAnyProxyPublicAddr() bool
// GetCORS returns the CORS configuration for the app.
GetCORS() *CORSPolicy
// GetTCPPorts returns port ranges supported by the app to which connections can be forwarded to.
GetTCPPorts() PortRanges
// SetTCPPorts sets port ranges to which connections can be forwarded to.
SetTCPPorts([]*PortRange)
// GetIdentityCenter fetches identity center info for the app, if any.
GetIdentityCenter() *AppIdentityCenter
// GetMCP fetches MCP specific configuration.
GetMCP() *MCP
// IsEqual determines if two application resources are equivalent to one another.
IsEqual(Application) bool
}
// NewAppV3 creates a new app resource.
func NewAppV3(meta Metadata, spec AppSpecV3) (*AppV3, error) {
app := &AppV3{
Metadata: meta,
Spec: spec,
}
if err := app.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return app, nil
}
// GetVersion returns the app resource version.
func (a *AppV3) GetVersion() string {
return a.Version
}
// GetKind returns the app resource kind.
func (a *AppV3) GetKind() string {
return a.Kind
}
// GetSubKind returns the app resource subkind.
func (a *AppV3) GetSubKind() string {
return a.SubKind
}
// SetSubKind sets the app resource subkind.
func (a *AppV3) SetSubKind(sk string) {
a.SubKind = sk
}
// GetRevision returns the revision
func (a *AppV3) GetRevision() string {
return a.Metadata.GetRevision()
}
// SetRevision sets the revision
func (a *AppV3) SetRevision(rev string) {
a.Metadata.SetRevision(rev)
}
// GetMetadata returns the app resource metadata.
func (a *AppV3) GetMetadata() Metadata {
return a.Metadata
}
// Origin returns the origin value of the resource.
func (a *AppV3) Origin() string {
return a.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (a *AppV3) SetOrigin(origin string) {
a.Metadata.SetOrigin(origin)
}
// GetNamespace returns the app resource namespace.
func (a *AppV3) GetNamespace() string {
return a.Metadata.Namespace
}
// SetExpiry sets the app resource expiration time.
func (a *AppV3) SetExpiry(expiry time.Time) {
a.Metadata.SetExpiry(expiry)
}
// Expiry returns the app resource expiration time.
func (a *AppV3) Expiry() time.Time {
return a.Metadata.Expiry()
}
// GetName returns the app resource name.
func (a *AppV3) GetName() string {
return a.Metadata.Name
}
// SetName sets the app resource name.
func (a *AppV3) SetName(name string) {
a.Metadata.Name = name
}
// GetStaticLabels returns the app static labels.
func (a *AppV3) GetStaticLabels() map[string]string {
return a.Metadata.Labels
}
// SetStaticLabels sets the app static labels.
func (a *AppV3) SetStaticLabels(sl map[string]string) {
a.Metadata.Labels = sl
}
// GetDynamicLabels returns the app dynamic labels.
func (a *AppV3) GetDynamicLabels() map[string]CommandLabel {
if a.Spec.DynamicLabels == nil {
return nil
}
return V2ToLabels(a.Spec.DynamicLabels)
}
// SetDynamicLabels sets the app dynamic labels
func (a *AppV3) SetDynamicLabels(dl map[string]CommandLabel) {
a.Spec.DynamicLabels = LabelsToV2(dl)
}
// GetLabel retrieves the label with the provided key. If not found
// value will be empty and ok will be false.
func (a *AppV3) GetLabel(key string) (value string, ok bool) {
if cmd, ok := a.Spec.DynamicLabels[key]; ok {
return cmd.Result, ok
}
v, ok := a.Metadata.Labels[key]
return v, ok
}
// GetAllLabels returns the app combined static and dynamic labels.
func (a *AppV3) GetAllLabels() map[string]string {
return CombineLabels(a.Metadata.Labels, a.Spec.DynamicLabels)
}
// GetDescription returns the app description.
func (a *AppV3) GetDescription() string {
return a.Metadata.Description
}
// GetURI returns the app connection address.
func (a *AppV3) GetURI() string {
return a.Spec.URI
}
// SetURI sets the app connection address.
func (a *AppV3) SetURI(uri string) {
a.Spec.URI = uri
}
// GetPublicAddr returns the app public address.
func (a *AppV3) GetPublicAddr() string {
return a.Spec.PublicAddr
}
// SetPublicAddr sets the app public address.
func (a *AppV3) SetPublicAddr(addr string) {
a.Spec.PublicAddr = addr
}
// GetInsecureSkipVerify returns the app insecure setting.
func (a *AppV3) GetInsecureSkipVerify() bool {
return a.Spec.InsecureSkipVerify
}
// GetRewrite returns the app rewrite configuration.
func (a *AppV3) GetRewrite() *Rewrite {
return a.Spec.Rewrite
}
// IsAWSConsole returns true if this app is AWS management console.
func (a *AppV3) IsAWSConsole() bool {
// TODO(greedy52) support region based console URL like:
// https://us-east-1.console.aws.amazon.com/
for _, consoleURL := range []string{
constants.AWSConsoleURL,
constants.AWSUSGovConsoleURL,
constants.AWSCNConsoleURL,
constants.AWSQuickSightURL,
} {
if strings.HasPrefix(a.Spec.URI, consoleURL) {
return true
}
}
return a.Spec.Cloud == CloudAWS
}
// IsAzureCloud returns true if this app is Azure Cloud instance.
func (a *AppV3) IsAzureCloud() bool {
return a.Spec.Cloud == CloudAzure
}
// IsGCP returns true if this app is GCP instance.
func (a *AppV3) IsGCP() bool {
return a.Spec.Cloud == CloudGCP
}
// IsTCP returns true if this app represents a TCP endpoint.
func (a *AppV3) IsTCP() bool {
return IsAppTCP(a.Spec.URI)
}
// IsMCP returns true if provided uri is an MCP app.
func (a *AppV3) IsMCP() bool {
return IsAppMCP(a.Spec.URI)
}
func IsAppTCP(uri string) bool {
return strings.HasPrefix(uri, "tcp://")
}
// IsAppMCP returns true if provided uri is an MCP app.
func IsAppMCP(uri string) bool {
return GetMCPServerTransportType(uri) != ""
}
// GetProtocol returns the application protocol.
func (a *AppV3) GetProtocol() string {
if a.IsTCP() {
return "TCP"
}
if a.IsMCP() {
return "MCP"
}
return "HTTP"
}
// GetAWSAccountID returns value of label containing AWS account ID on this app.
func (a *AppV3) GetAWSAccountID() string {
return a.Metadata.Labels[constants.AWSAccountIDLabel]
}
// GetAWSExternalID returns the AWS External ID configured for this app.
func (a *AppV3) GetAWSExternalID() string {
if a.Spec.AWS == nil {
return ""
}
return a.Spec.AWS.ExternalID
}
// GetAWSRolesAnywhereProfileARN returns the AWS IAM Roles Anywhere Profile ARN which originated this App.
func (a *AppV3) GetAWSRolesAnywhereProfileARN() string {
if a.Spec.AWS == nil || a.Spec.AWS.RolesAnywhereProfile == nil {
return ""
}
return a.Spec.AWS.RolesAnywhereProfile.ProfileARN
}
// GetAWSRolesAnywhereAcceptRoleSessionName returns whether the IAM Roles Anywhere Profile supports defining a custom AWS Session Name.
func (a *AppV3) GetAWSRolesAnywhereAcceptRoleSessionName() bool {
if a.Spec.AWS == nil || a.Spec.AWS.RolesAnywhereProfile == nil {
return false
}
return a.Spec.AWS.RolesAnywhereProfile.AcceptRoleSessionName
}
// GetUserGroups will get the list of user group IDss associated with the application.
func (a *AppV3) GetUserGroups() []string {
return a.Spec.UserGroups
}
// SetUserGroups will set the list of user group IDs associated with the application.
func (a *AppV3) SetUserGroups(userGroups []string) {
a.Spec.UserGroups = userGroups
}
// GetTCPPorts returns port ranges supported by the app to which connections can be forwarded to.
func (a *AppV3) GetTCPPorts() PortRanges {
return a.Spec.TCPPorts
}
// SetTCPPorts sets port ranges to which connections can be forwarded to.
func (a *AppV3) SetTCPPorts(ports []*PortRange) {
a.Spec.TCPPorts = ports
}
// GetIntegration will return the Integration.
// If present, the Application must use the Integration's credentials instead of ambient credentials to access Cloud APIs.
func (a *AppV3) GetIntegration() string {
return a.Spec.Integration
}
// String returns the app string representation.
func (a *AppV3) String() string {
return fmt.Sprintf("App(Name=%v, PublicAddr=%v, Labels=%v)",
a.GetName(), a.GetPublicAddr(), a.GetAllLabels())
}
// Copy returns a copy of this database resource.
func (a *AppV3) Copy() *AppV3 {
return utils.CloneProtoMsg(a)
}
func (a *AppV3) GetRequiredAppNames() []string {
return a.Spec.RequiredAppNames
}
func (a *AppV3) GetUseAnyProxyPublicAddr() bool {
return a.Spec.UseAnyProxyPublicAddr
}
func (a *AppV3) GetCORS() *CORSPolicy {
return a.Spec.CORS
}
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (a *AppV3) MatchSearch(values []string) bool {
fieldVals := append(utils.MapToStrings(a.GetAllLabels()), a.GetName(), a.GetDescription(), a.GetPublicAddr())
return MatchSearch(fieldVals, values, nil)
}
// setStaticFields sets static resource header and metadata fields.
func (a *AppV3) setStaticFields() {
a.Kind = KindApp
a.Version = V3
}
// CheckAndSetDefaults checks and sets default values for any missing fields.
func (a *AppV3) CheckAndSetDefaults() error {
a.setStaticFields()
if err := a.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
for key := range a.Spec.DynamicLabels {
if !IsValidLabelKey(key) {
return trace.BadParameter("app %q invalid label key: %q", a.GetName(), key)
}
}
if a.Spec.URI == "" {
switch {
case a.Spec.Cloud != "":
a.Spec.URI = fmt.Sprintf("cloud://%v", a.Spec.Cloud)
case a.Spec.MCP != nil && a.Spec.MCP.Command != "":
a.Spec.URI = SchemeMCPStdio + "://"
default:
return trace.BadParameter("app %q URI is empty", a.GetName())
}
}
if a.Spec.Cloud == "" && a.IsAWSConsole() {
a.Spec.Cloud = CloudAWS
}
switch a.Spec.Cloud {
case "", CloudAWS, CloudAzure, CloudGCP:
break
default:
return trace.BadParameter("app %q has unexpected Cloud value %q", a.GetName(), a.Spec.Cloud)
}
publicAddr := a.Spec.PublicAddr
// If the public addr has digits in a sub-host and a port, it might cause url.Parse to fail.
// Eg of a failing url: 123.teleport.example.com:3080
// This is not a valid URL, but we have been using it as such.
// To prevent this from failing, we add the `//`.
if !strings.Contains(publicAddr, "//") && strings.Contains(publicAddr, ":") {
publicAddr = "//" + publicAddr
}
publicAddrURL, err := url.Parse(publicAddr)
if err != nil {
return trace.BadParameter("invalid PublicAddr format: %v", err)
}
host := a.Spec.PublicAddr
if publicAddrURL.Host != "" {
host = publicAddrURL.Host
}
if strings.HasPrefix(host, constants.KubeTeleportProxyALPNPrefix) {
return trace.BadParameter("app %q DNS prefix found in %q public_url is reserved for internal usage",
constants.KubeTeleportProxyALPNPrefix, a.Spec.PublicAddr)
}
if a.Spec.Rewrite != nil {
switch a.Spec.Rewrite.JWTClaims {
case "", JWTClaimsRewriteRolesAndTraits, JWTClaimsRewriteRoles, JWTClaimsRewriteNone, JWTClaimsRewriteTraits:
default:
return trace.BadParameter("app %q has unexpected JWT rewrite value %q", a.GetName(), a.Spec.Rewrite.JWTClaims)
}
}
if len(a.Spec.TCPPorts) != 0 {
if err := a.checkTCPPorts(); err != nil {
return trace.Wrap(err)
}
}
if a.IsMCP() {
a.SetSubKind(SubKindMCP)
if err := a.checkMCP(); err != nil {
return trace.Wrap(err)
}
}
// Set an "app-sub-kind" label can be used for RBAC.
if a.SubKind != "" {
if a.Metadata.Labels == nil {
a.Metadata.Labels = make(map[string]string)
}
a.Metadata.Labels[AppSubKindLabel] = a.SubKind
}
return nil
}
func (a *AppV3) checkTCPPorts() error {
// Parsing the URI here does not break compatibility. The URI is parsed only if Ports are present.
// This means that old apps that do have invalid URIs but don't use Ports can continue existing.
uri, err := url.Parse(a.Spec.URI)
if err != nil {
return trace.BadParameter("invalid app URI format: %v", err)
}
// The scheme of URI is enforced to be "tcp" on purpose. This way in the future we can add
// multi-port support to web apps without throwing hard errors when a cluster with a multi-port
// web app gets downgraded to a version which supports multi-port only for TCP apps.
//
// For now, we simply ignore the Ports field set on non-TCP apps.
if uri.Scheme != "tcp" {
return nil
}
if uri.Port() != "" {
return trace.BadParameter("TCP app URI %q must not include a port number when the app spec defines a list of ports", a.Spec.URI)
}
for _, portRange := range a.Spec.TCPPorts {
if err := netutils.ValidatePortRange(int(portRange.Port), int(portRange.EndPort)); err != nil {
return trace.Wrap(err, "validating a port range of a TCP app")
}
}
return nil
}
func (a *AppV3) checkMCP() error {
switch GetMCPServerTransportType(a.Spec.URI) {
case MCPTransportStdio:
return trace.Wrap(a.checkMCPStdio())
case MCPTransportSSE, MCPTransportHTTP:
_, err := url.Parse(a.Spec.URI)
return trace.Wrap(err)
default:
return trace.BadParameter("unsupported MCP server %q with URI %q", a.GetName(), a.Spec.URI)
}
}
func (a *AppV3) checkMCPStdio() error {
// Skip validation for internal demo resource.
if resourceType, _ := a.GetLabel(TeleportInternalResourceType); resourceType == DemoResource {
return nil
}
if a.Spec.MCP == nil {
return trace.BadParameter("MCP server %q is missing 'mcp' spec", a.GetName())
}
if a.Spec.MCP.Command == "" {
return trace.BadParameter("MCP server %q is missing 'command' which specifies the executable to launch the MCP server. Arguments should be specified through the 'args' field", a.GetName())
}
if a.Spec.MCP.RunAsHostUser == "" {
return trace.BadParameter("MCP server %q is missing 'run_as_host_user' which specifies a valid host user to execute the command", a.GetName())
}
return nil
}
// GetIdentityCenter returns the Identity Center information for the app, if any.
// May be nil.
func (a *AppV3) GetIdentityCenter() *AppIdentityCenter {
return a.Spec.IdentityCenter
}
// GetDisplayName fetches a human-readable display name for the App.
func (a *AppV3) GetDisplayName() string {
// Only Identity Center apps have a display name at this point. Returning
// the empty string signals to the caller they should fall back to whatever
// they have been using in the past.
if a.Spec.IdentityCenter == nil {
return ""
}
return a.Metadata.Description
}
// IsEqual determines if two application resources are equivalent to one another.
func (a *AppV3) IsEqual(i Application) bool {
if other, ok := i.(*AppV3); ok {
return deriveTeleportEqualAppV3(a, other)
}
return false
}
// GetMCP returns MCP specific configuration.
func (a *AppV3) GetMCP() *MCP {
return a.Spec.MCP
}
// DeduplicateApps deduplicates apps by combination of app name and public address.
// Apps can have the same name but also could have different addresses.
func DeduplicateApps(apps []Application) []Application {
return slices.Collect(DeduplicatedApps(slices.Values(apps)))
}
// DeduplicatedApps iterates deduplicated apps by combination of app name and
// public address. This is the iter.Seq version of DeduplicateApps.
func DeduplicatedApps(apps iter.Seq[Application]) iter.Seq[Application] {
type key struct{ name, addr string }
seen := make(map[key]struct{})
return func(yield func(Application) bool) {
for app := range apps {
key := key{app.GetName(), app.GetPublicAddr()}
if _, ok := seen[key]; ok {
continue
}
seen[key] = struct{}{}
if !yield(app) {
return
}
}
}
}
// Apps is a list of app resources.
type Apps []Application
// Find returns app with the specified name or nil.
func (a Apps) Find(name string) Application {
for _, app := range a {
if app.GetName() == name {
return app
}
}
return nil
}
// AsResources returns these apps as resources with labels.
func (a Apps) AsResources() (resources ResourcesWithLabels) {
for _, app := range a {
resources = append(resources, app)
}
return resources
}
// Len returns the slice length.
func (a Apps) Len() int { return len(a) }
// Less compares apps by name.
func (a Apps) Less(i, j int) bool { return a[i].GetName() < a[j].GetName() }
// Swap swaps two apps.
func (a Apps) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
// GetPermissionSets fetches the list of permission sets from the Identity Center
// app information. Handles nil identity center values.
func (a *AppIdentityCenter) GetPermissionSets() []*IdentityCenterPermissionSet {
if a == nil {
return nil
}
return a.PermissionSets
}
// PortRanges is a list of port ranges.
type PortRanges []*PortRange
// Contains checks if targetPort is within any of the port ranges.
func (p PortRanges) Contains(targetPort int) bool {
return slices.ContainsFunc(p, func(portRange *PortRange) bool {
return netutils.IsPortInRange(int(portRange.Port), int(portRange.EndPort), targetPort)
})
}
// String returns a string representation of port ranges.
func (p PortRanges) String() string {
var builder strings.Builder
for i, portRange := range p {
if i > 0 {
builder.WriteString(", ")
}
builder.WriteString(portRange.String())
}
return builder.String()
}
// String returns a string representation of a port range.
func (p *PortRange) String() string {
if p.EndPort == 0 {
return strconv.Itoa(int(p.Port))
} else {
return fmt.Sprintf("%d-%d", p.Port, p.EndPort)
}
}
// GetMCPServerTransportType returns the transport of the MCP server based on
// the URI. If no MCP transport type can be determined from the URI, an empty
// string is returned.
func GetMCPServerTransportType(uri string) string {
parsed, err := url.Parse(uri)
if err != nil {
return ""
}
switch parsed.Scheme {
case SchemeMCPStdio:
return MCPTransportStdio
case SchemeMCPSSEHTTP, SchemeMCPSSEHTTPS:
return MCPTransportSSE
case SchemeMCPHTTP, SchemeMCPHTTPS:
return MCPTransportHTTP
default:
return ""
}
}
/*
Copyright 2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"fmt"
"iter"
"slices"
"sort"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api"
"github.com/gravitational/teleport/api/constants"
componentfeaturesv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/componentfeatures/v1"
"github.com/gravitational/teleport/api/utils"
"github.com/gravitational/teleport/api/utils/iterutils"
)
// AppServer represents a single proxied web app.
type AppServer interface {
// ResourceWithLabels provides common resource methods.
ResourceWithLabels
// GetNamespace returns server namespace.
GetNamespace() string
// GetTeleportVersion returns the teleport version the server is running on.
GetTeleportVersion() string
// GetHostname returns the server hostname.
GetHostname() string
// GetHostID returns ID of the host the server is running on.
GetHostID() string
// GetRotation gets the state of certificate authority rotation.
GetRotation() Rotation
// SetRotation sets the state of certificate authority rotation.
SetRotation(Rotation)
// String returns string representation of the server.
String() string
// Copy returns a copy of this app server object.
Copy() AppServer
// CloneResource returns a copy of the AppServer as a ResourceWithLabels
CloneResource() ResourceWithLabels
// GetApp returns the app this app server proxies.
GetApp() Application
// SetApp sets the app this app server proxies.
SetApp(Application) error
// GetTunnelType returns the tunnel type associated with the app server.
GetTunnelType() TunnelType
// ProxiedService provides common methods for a proxied service.
ProxiedService
// GetRelayGroup returns the name of the Relay group that the app server is
// connected to.
GetRelayGroup() string
// GetRelayIDs returns the list of Relay host IDs that the app server is
// connected to.
GetRelayIDs() []string
// GetScope returns the scope this server belongs to.
GetScope() string
// GetComponentFeatures returns the ComponentFeatures supported by this AppServer.
GetComponentFeatures() *componentfeaturesv1.ComponentFeatures
// SetComponentFeatures sets the ComponentFeatures supported by this AppServer.
SetComponentFeatures(*componentfeaturesv1.ComponentFeatures)
}
// NewAppServerV3 creates a new app server instance.
func NewAppServerV3(meta Metadata, spec AppServerSpecV3) (*AppServerV3, error) {
s := &AppServerV3{
Metadata: meta,
Spec: spec,
}
if err := s.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return s, nil
}
// NewAppServerV3FromApp creates a new app server from the provided app.
func NewAppServerV3FromApp(app *AppV3, hostname, hostID string) (*AppServerV3, error) {
return NewAppServerV3(Metadata{
Name: app.GetName(),
}, AppServerSpecV3{
Hostname: hostname,
HostID: hostID,
App: app,
})
}
// NewAppServerForAWSOIDCIntegration creates a new AppServer that will be used to grant AWS App Access
// using the AWSOIDC credentials.
func NewAppServerForAWSOIDCIntegration(integrationName, hostID, publicAddr string, labels map[string]string) (*AppServerV3, error) {
return NewAppServerV3(Metadata{
Name: integrationName,
Labels: labels,
}, AppServerSpecV3{
HostID: hostID,
App: &AppV3{Metadata: Metadata{
Name: integrationName,
Labels: labels,
}, Spec: AppSpecV3{
URI: constants.AWSConsoleURL,
Integration: integrationName,
PublicAddr: publicAddr,
}},
})
}
// GetComponentFeatures returns the ComponentFeatures supported by this AppServer.
func (s *AppServerV3) GetComponentFeatures() *componentfeaturesv1.ComponentFeatures {
return s.Spec.ComponentFeatures
}
// SetComponentFeatures sets the ComponentFeatures supported by this AppServer.
func (s *AppServerV3) SetComponentFeatures(cf *componentfeaturesv1.ComponentFeatures) {
s.Spec.ComponentFeatures = cf
}
// GetVersion returns the database server resource version.
func (s *AppServerV3) GetVersion() string {
return s.Version
}
// GetTeleportVersion returns the Teleport version the server is running.
func (s *AppServerV3) GetTeleportVersion() string {
return s.Spec.Version
}
// GetHostname returns the database server hostname.
func (s *AppServerV3) GetHostname() string {
return s.Spec.Hostname
}
// GetHostID returns ID of the host the server is running on.
func (s *AppServerV3) GetHostID() string {
return s.Spec.HostID
}
// GetKind returns the resource kind.
func (s *AppServerV3) GetKind() string {
return s.Kind
}
// GetSubKind returns the resource subkind.
func (s *AppServerV3) GetSubKind() string {
return s.SubKind
}
// SetSubKind sets the resource subkind.
func (s *AppServerV3) SetSubKind(sk string) {
s.SubKind = sk
}
// GetRevision returns the revision
func (s *AppServerV3) GetRevision() string {
return s.Metadata.GetRevision()
}
// SetRevision sets the revision
func (s *AppServerV3) SetRevision(rev string) {
s.Metadata.SetRevision(rev)
}
// GetMetadata returns the resource metadata.
func (s *AppServerV3) GetMetadata() Metadata {
return s.Metadata
}
// GetNamespace returns the resource namespace.
func (s *AppServerV3) GetNamespace() string {
return s.Metadata.Namespace
}
// SetExpiry sets the resource expiry time.
func (s *AppServerV3) SetExpiry(expiry time.Time) {
s.Metadata.SetExpiry(expiry)
}
// Expiry returns the resource expiry time.
func (s *AppServerV3) Expiry() time.Time {
return s.Metadata.Expiry()
}
// GetName returns the resource name.
func (s *AppServerV3) GetName() string {
return s.Metadata.Name
}
// SetName sets the resource name.
func (s *AppServerV3) SetName(name string) {
s.Metadata.Name = name
}
// GetRotation returns the server CA rotation state.
func (s *AppServerV3) GetRotation() Rotation {
return s.Spec.Rotation
}
// SetRotation sets the server CA rotation state.
func (s *AppServerV3) SetRotation(r Rotation) {
s.Spec.Rotation = r
}
// GetApp returns the app this app server proxies.
func (s *AppServerV3) GetApp() Application {
if s.Spec.App == nil {
return nil
}
return s.Spec.App
}
// SetApp sets the app this app server proxies.
func (s *AppServerV3) SetApp(app Application) error {
appV3, ok := app.(*AppV3)
if !ok {
return trace.BadParameter("expected *AppV3, got %T", app)
}
s.Spec.App = appV3
return nil
}
// GetTunnelType returns the tunnel type associated with the app server.
func (s *AppServerV3) GetTunnelType() TunnelType {
switch {
case s.Origin() == OriginOkta:
return OktaTunnel
default:
return AppTunnel
}
}
// String returns the server string representation.
func (s *AppServerV3) String() string {
return fmt.Sprintf("AppServer(Name=%v, Version=%v, Hostname=%v, HostID=%v, App=%v)",
s.GetName(), s.GetTeleportVersion(), s.GetHostname(), s.GetHostID(), s.GetApp())
}
// setStaticFields sets static resource header and metadata fields.
func (s *AppServerV3) setStaticFields() {
s.Kind = KindAppServer
s.Version = V3
}
// CheckAndSetDefaults checks and sets default values for any missing fields.
func (s *AppServerV3) CheckAndSetDefaults() error {
s.setStaticFields()
if err := s.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if s.Spec.HostID == "" {
return trace.BadParameter("missing app server HostID")
}
if s.Spec.Version == "" {
s.Spec.Version = api.Version
}
if s.Spec.App == nil {
return trace.BadParameter("missing app server App")
}
if err := s.Spec.App.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
return nil
}
// Origin returns the origin value of the resource.
func (s *AppServerV3) Origin() string {
return s.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (s *AppServerV3) SetOrigin(origin string) {
s.Metadata.SetOrigin(origin)
}
// GetProxyID returns a list of proxy ids this server is connected to.
func (s *AppServerV3) GetProxyIDs() []string {
return s.Spec.ProxyIDs
}
// SetProxyID sets the proxy ids this server is connected to.
func (s *AppServerV3) SetProxyIDs(proxyIDs []string) {
s.Spec.ProxyIDs = proxyIDs
}
// GetRelayGroup implements [AppServer].
func (s *AppServerV3) GetRelayGroup() string {
if s == nil {
return ""
}
return s.Spec.RelayGroup
}
// GetRelayIDs implements [AppServer].
func (s *AppServerV3) GetRelayIDs() []string {
if s == nil {
return nil
}
return s.Spec.RelayIds
}
// GetLabel retrieves the label with the provided key. If not found
// value will be empty and ok will be false.
func (s *AppServerV3) GetLabel(key string) (value string, ok bool) {
if s.Spec.App != nil {
if v, ok := s.Spec.App.GetLabel(key); ok {
return v, ok
}
}
v, ok := s.Metadata.Labels[key]
return v, ok
}
// GetAllLabels returns all resource's labels. Considering:
// * Static labels from `Metadata.Labels` and `Spec.App`.
// * Dynamic labels from `Spec.App.Spec`.
func (s *AppServerV3) GetAllLabels() map[string]string {
staticLabels := make(map[string]string)
for name, value := range s.Metadata.Labels {
staticLabels[name] = value
}
var dynamicLabels map[string]CommandLabelV2
if s.Spec.App != nil {
for name, value := range s.Spec.App.Metadata.Labels {
staticLabels[name] = value
}
dynamicLabels = s.Spec.App.Spec.DynamicLabels
}
return CombineLabels(staticLabels, dynamicLabels)
}
// GetStaticLabels returns the app server static labels.
func (s *AppServerV3) GetStaticLabels() map[string]string {
return s.Metadata.Labels
}
// SetStaticLabels sets the app server static labels.
func (s *AppServerV3) SetStaticLabels(sl map[string]string) {
s.Metadata.Labels = sl
}
// Copy returns a copy of this app server object.
func (s *AppServerV3) Copy() AppServer {
return utils.CloneProtoMsg(s)
}
func (s *AppServerV3) CloneResource() ResourceWithLabels {
return s.Copy()
}
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (s *AppServerV3) MatchSearch(values []string) bool {
return MatchSearch(nil, values, nil)
}
// GetScope returns the scope this server belongs to.
func (s *AppServerV3) GetScope() string {
return s.Scope
}
// AppServers represents a list of app servers.
type AppServers []AppServer
// Len returns the slice length.
func (s AppServers) Len() int { return len(s) }
// Less compares app servers by name and host ID.
func (s AppServers) Less(i, j int) bool {
switch {
case s[i].GetName() < s[j].GetName():
return true
case s[i].GetName() > s[j].GetName():
return false
default:
return s[i].GetHostID() < s[j].GetHostID()
}
}
// Swap swaps two app servers.
func (s AppServers) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
// SortByCustom custom sorts by given sort criteria.
func (s AppServers) SortByCustom(sortBy SortBy) error {
if sortBy.Field == "" {
return nil
}
// We assume sorting by type AppServer, we are really
// wanting to sort its contained resource Application.
isDesc := sortBy.IsDesc
switch sortBy.Field {
case ResourceMetadataName:
sort.SliceStable(s, func(i, j int) bool {
return stringCompare(s[i].GetApp().GetName(), s[j].GetApp().GetName(), isDesc)
})
case ResourceSpecDescription:
sort.SliceStable(s, func(i, j int) bool {
return stringCompare(s[i].GetApp().GetDescription(), s[j].GetApp().GetDescription(), isDesc)
})
case ResourceSpecPublicAddr:
sort.SliceStable(s, func(i, j int) bool {
return stringCompare(s[i].GetApp().GetPublicAddr(), s[j].GetApp().GetPublicAddr(), isDesc)
})
default:
return trace.NotImplemented("sorting by field %q for resource %q is not supported", sortBy.Field, KindAppServer)
}
return nil
}
// AsResources returns app servers as type resources with labels.
func (s AppServers) AsResources() []ResourceWithLabels {
resources := make([]ResourceWithLabels, 0, len(s))
for _, server := range s {
resources = append(resources, ResourceWithLabels(server))
}
return resources
}
// GetFieldVals returns list of select field values.
func (s AppServers) GetFieldVals(field string) ([]string, error) {
vals := make([]string, 0, len(s))
switch field {
case ResourceMetadataName:
for _, server := range s {
vals = append(vals, server.GetApp().GetName())
}
case ResourceSpecDescription:
for _, server := range s {
vals = append(vals, server.GetApp().GetDescription())
}
case ResourceSpecPublicAddr:
for _, server := range s {
vals = append(vals, server.GetApp().GetPublicAddr())
}
default:
return nil, trace.NotImplemented("getting field %q for resource %q is not supported", field, KindAppServer)
}
return vals, nil
}
// Applications iterates over the applications that the AppServers proxy.
func (s AppServers) Applications() iter.Seq[Application] {
return iterutils.Map(func(appServer AppServer) Application {
return appServer.GetApp()
}, slices.Values(s))
}
/*
Copyright 2022 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"encoding/json"
"github.com/gravitational/trace"
saml2 "github.com/russellhaering/gosaml2"
)
// AssertionInfo is an alias for saml2.AssertionInfo with additional methods, required for serialization to/from protobuf.
// With those we can reference it with an option like so: `(gogoproto.customtype) = "AssertionInfo"`
type AssertionInfo saml2.AssertionInfo
func (a *AssertionInfo) Size() int {
bytes, err := json.Marshal(a)
if err != nil {
return 0
}
return len(bytes)
}
func (a *AssertionInfo) Unmarshal(bytes []byte) error {
return trace.Wrap(json.Unmarshal(bytes, a))
}
func (a *AssertionInfo) MarshalTo(bytes []byte) (int, error) {
out, err := json.Marshal(a)
if err != nil {
return 0, trace.Wrap(err)
}
if len(out) > cap(bytes) {
return 0, trace.BadParameter("capacity too low: %v, need %v", cap(bytes), len(out))
}
copy(bytes, out)
return len(out), nil
}
/*
Copyright 2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
// ClusterAuditConfig defines cluster-wide audit log configuration. This is
// a configuration resource, never create more than one instance of it.
type ClusterAuditConfig interface {
Resource
// Type gets the audit backend type.
Type() string
// SetType sets the audit backend type.
SetType(string)
// Region gets a cloud provider region.
Region() string
// SetRegion sets a cloud provider region.
SetRegion(string)
// ShouldUploadSessions returns whether audit config
// instructs server to upload sessions.
ShouldUploadSessions() bool
// AuditSessionsURI gets the audit sessions URI.
AuditSessionsURI() string
// SetAuditSessionsURI sets the audit sessions URI.
SetAuditSessionsURI(string)
// AuditEventsURIs gets the audit events URIs.
AuditEventsURIs() []string
// SetAuditEventsURIs sets the audit events URIs.
SetAuditEventsURIs([]string)
// SetUseFIPSEndpoint sets the FIPS endpoint state for S3/Dynamo backends.
SetUseFIPSEndpoint(state ClusterAuditConfigSpecV2_FIPSEndpointState)
// GetUseFIPSEndpoint gets the current FIPS endpoint setting
GetUseFIPSEndpoint() ClusterAuditConfigSpecV2_FIPSEndpointState
// EnableContinuousBackups is used to enable (or disable) PITR (Point-In-Time Recovery).
EnableContinuousBackups() bool
// EnableAutoScaling is used to enable (or disable) auto scaling policy.
EnableAutoScaling() bool
// ReadMaxCapacity is the maximum provisioned read capacity.
ReadMaxCapacity() int64
// ReadMinCapacity is the minimum provisioned read capacity.
ReadMinCapacity() int64
// ReadTargetValue is the ratio of consumed read to provisioned capacity.
ReadTargetValue() float64
// WriteMaxCapacity is the maximum provisioned write capacity.
WriteMaxCapacity() int64
// WriteMinCapacity is the minimum provisioned write capacity.
WriteMinCapacity() int64
// WriteTargetValue is the ratio of consumed write to provisioned capacity.
WriteTargetValue() float64
// RetentionPeriod is the retention period for audit events.
RetentionPeriod() *Duration
// Clone performs a deep copy.
Clone() ClusterAuditConfig
}
// NewClusterAuditConfig is a convenience method to to create ClusterAuditConfigV2.
func NewClusterAuditConfig(spec ClusterAuditConfigSpecV2) (ClusterAuditConfig, error) {
auditConfig := &ClusterAuditConfigV2{Spec: spec}
if err := auditConfig.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return auditConfig, nil
}
// DefaultClusterAuditConfig returns the default audit log configuration.
func DefaultClusterAuditConfig() ClusterAuditConfig {
config, _ := NewClusterAuditConfig(ClusterAuditConfigSpecV2{})
return config
}
// GetVersion returns resource version.
func (c *ClusterAuditConfigV2) GetVersion() string {
return c.Version
}
// GetName returns the name of the resource.
func (c *ClusterAuditConfigV2) GetName() string {
return c.Metadata.Name
}
// SetName sets the name of the resource.
func (c *ClusterAuditConfigV2) SetName(e string) {
c.Metadata.Name = e
}
// SetExpiry sets expiry time for the object.
func (c *ClusterAuditConfigV2) SetExpiry(expires time.Time) {
c.Metadata.SetExpiry(expires)
}
// Expiry returns object expiry setting.
func (c *ClusterAuditConfigV2) Expiry() time.Time {
return c.Metadata.Expiry()
}
// GetMetadata returns object metadata.
func (c *ClusterAuditConfigV2) GetMetadata() Metadata {
return c.Metadata
}
// GetRevision returns the revision
func (c *ClusterAuditConfigV2) GetRevision() string {
return c.Metadata.GetRevision()
}
// SetRevision sets the revision
func (c *ClusterAuditConfigV2) SetRevision(rev string) {
c.Metadata.SetRevision(rev)
}
// GetKind returns resource kind.
func (c *ClusterAuditConfigV2) GetKind() string {
return c.Kind
}
// GetSubKind returns resource subkind.
func (c *ClusterAuditConfigV2) GetSubKind() string {
return c.SubKind
}
// SetSubKind sets resource subkind.
func (c *ClusterAuditConfigV2) SetSubKind(sk string) {
c.SubKind = sk
}
// Type gets the audit backend type.
func (c *ClusterAuditConfigV2) Type() string {
return c.Spec.Type
}
// SetType sets the audit backend type.
func (c *ClusterAuditConfigV2) SetType(backendType string) {
c.Spec.Type = backendType
}
// Region gets a cloud provider region.
func (c *ClusterAuditConfigV2) Region() string {
return c.Spec.Region
}
// SetRegion sets a cloud provider region.
func (c *ClusterAuditConfigV2) SetRegion(region string) {
c.Spec.Region = region
}
// ShouldUploadSessions returns whether audit config
// instructs server to upload sessions.
func (c *ClusterAuditConfigV2) ShouldUploadSessions() bool {
return c.Spec.AuditSessionsURI != ""
}
// AuditSessionsURI gets the audit sessions URI.
func (c *ClusterAuditConfigV2) AuditSessionsURI() string {
return c.Spec.AuditSessionsURI
}
// SetAuditSessionsURI sets the audit sessions URI.
func (c *ClusterAuditConfigV2) SetAuditSessionsURI(uri string) {
c.Spec.AuditSessionsURI = uri
}
// AuditEventsURIs gets the audit events URIs.
func (c *ClusterAuditConfigV2) AuditEventsURIs() []string {
return c.Spec.AuditEventsURI
}
// SetAuditEventsURIs sets the audit events URIs.
func (c *ClusterAuditConfigV2) SetAuditEventsURIs(uris []string) {
c.Spec.AuditEventsURI = uris
}
// SetUseFIPSEndpoint sets the FIPS endpoint state for S3/Dynamo backends.
func (c *ClusterAuditConfigV2) SetUseFIPSEndpoint(state ClusterAuditConfigSpecV2_FIPSEndpointState) {
c.Spec.UseFIPSEndpoint = state
}
// GetUseFIPSEndpoint gets the current FIPS endpoint setting
func (c *ClusterAuditConfigV2) GetUseFIPSEndpoint() ClusterAuditConfigSpecV2_FIPSEndpointState {
return c.Spec.UseFIPSEndpoint
}
// EnableContinuousBackups is used to enable (or disable) PITR (Point-In-Time Recovery).
func (c *ClusterAuditConfigV2) EnableContinuousBackups() bool {
return c.Spec.EnableContinuousBackups
}
// EnableAutoScaling is used to enable (or disable) auto scaling policy.
func (c *ClusterAuditConfigV2) EnableAutoScaling() bool {
return c.Spec.EnableAutoScaling
}
// ReadMaxCapacity is the maximum provisioned read capacity.
func (c *ClusterAuditConfigV2) ReadMaxCapacity() int64 {
return c.Spec.ReadMaxCapacity
}
// ReadMinCapacity is the minimum provisioned read capacity.
func (c *ClusterAuditConfigV2) ReadMinCapacity() int64 {
return c.Spec.ReadMinCapacity
}
// ReadTargetValue is the ratio of consumed read to provisioned capacity.
func (c *ClusterAuditConfigV2) ReadTargetValue() float64 {
return c.Spec.ReadTargetValue
}
// WriteMaxCapacity is the maximum provisioned write capacity.
func (c *ClusterAuditConfigV2) WriteMaxCapacity() int64 {
return c.Spec.WriteMaxCapacity
}
// WriteMinCapacity is the minimum provisioned write capacity.
func (c *ClusterAuditConfigV2) WriteMinCapacity() int64 {
return c.Spec.WriteMinCapacity
}
// WriteTargetValue is the ratio of consumed write to provisioned capacity.
func (c *ClusterAuditConfigV2) WriteTargetValue() float64 {
return c.Spec.WriteTargetValue
}
// RetentionPeriod is the retention period for audit events.
func (c *ClusterAuditConfigV2) RetentionPeriod() *Duration {
value := c.Spec.RetentionPeriod
return &value
}
// Clone performs a deep copy.
func (c *ClusterAuditConfigV2) Clone() ClusterAuditConfig {
return utils.CloneProtoMsg(c)
}
// setStaticFields sets static resource header and metadata fields.
func (c *ClusterAuditConfigV2) setStaticFields() {
c.Kind = KindClusterAuditConfig
c.Version = V2
c.Metadata.Name = MetaNameClusterAuditConfig
}
// CheckAndSetDefaults verifies the constraints for ClusterAuditConfig.
func (c *ClusterAuditConfigV2) CheckAndSetDefaults() error {
c.setStaticFields()
if err := c.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
return nil
}
/*
Copyright 2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"context"
"encoding/json"
"fmt"
"log/slog"
"net/url"
"slices"
"strings"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/constants"
"github.com/gravitational/teleport/api/defaults"
"github.com/gravitational/teleport/api/utils"
"github.com/gravitational/teleport/api/utils/keys"
"github.com/gravitational/teleport/api/utils/keys/hardwarekey"
"github.com/gravitational/teleport/api/utils/tlsutils"
)
var (
// ErrPasswordlessRequiresWebauthn is issued if a passwordless challenge is
// requested but WebAuthn isn't enabled.
ErrPasswordlessRequiresWebauthn = &trace.BadParameterError{
Message: "passwordless requires WebAuthn",
}
// ErrPasswordlessDisabledBySettings is issued if a passwordless challenge is
// requested but passwordless is disabled by cluster settings.
// See AuthPreferenceV2.AuthPreferenceV2.
ErrPasswordlessDisabledBySettings = &trace.BadParameterError{
Message: "passwordless disabled by cluster settings",
}
// ErrPassswordlessLoginBySSOUser is issued if an SSO user tries to login
// using passwordless.
ErrPassswordlessLoginBySSOUser = &trace.AccessDeniedError{
Message: "SSO user cannot login using passwordless",
}
// ErrNonExistingRoleAssigned is issued if the user has a role that doesn't exist in
// Teleport. We have a check which prevents directly assigned roles to be deleted by auth,
// but it can be bypassed in some circumstances. E.g. roles generated by a plugin are
// deleted during plugin cleanup.
ErrNonExistingRoleAssigned = &trace.AccessDeniedError{
Message: "User is assigned one or more roles that no longer exist in Teleport. Ask your cluster admin to verify and remove direct assignments to roles which no longer exist.",
}
)
// AuthPreference defines the authentication preferences for a specific
// cluster. It defines the type (local, oidc) and second factor (off, otp, oidc).
// AuthPreference is a configuration resource, never create more than one instance
// of it.
type AuthPreference interface {
// Resource provides common resource properties.
ResourceWithOrigin
// GetType gets the type of authentication: local, saml, or oidc.
GetType() string
// SetType sets the type of authentication: local, saml, or oidc.
SetType(string)
// SetSecondFactor sets the type of second factor.
// Deprecated: only used in tests to set the deprecated off/optional values.
SetSecondFactor(constants.SecondFactorType)
// GetSecondFactors gets a list of supported second factors.
GetSecondFactors() []SecondFactorType
// SetSecondFactors sets the list of supported second factors.
SetSecondFactors(...SecondFactorType)
// GetPreferredLocalMFA returns a server-side hint for clients to pick an MFA
// method when various options are available.
// It is empty if there is nothing to suggest.
GetPreferredLocalMFA() constants.SecondFactorType
// IsSecondFactorEnabled checks if second factor is enabled.
IsSecondFactorEnabled() bool
// IsSecondFactorEnforced checks if second factor is enforced.
IsSecondFactorEnforced() bool
// IsSecondFactorLocalAllowed checks if a local second factor method is enabled (webauthn, totp).
IsSecondFactorLocalAllowed() bool
// IsSecondFactorTOTPAllowed checks if users can use TOTP as an MFA method.
IsSecondFactorTOTPAllowed() bool
// IsSecondFactorWebauthnAllowed checks if users can use WebAuthn as an MFA method.
IsSecondFactorWebauthnAllowed() bool
// IsSecondFactorSSOAllowed checks if users can use SSO as an MFA method.
IsSecondFactorSSOAllowed() bool
// IsAdminActionMFAEnforced checks if admin action MFA is enforced.
IsAdminActionMFAEnforced() bool
// GetConnectorName gets the name of the OIDC or SAML connector to use. If
// this value is empty, we fall back to the first connector in the backend.
GetConnectorName() string
// SetConnectorName sets the name of the OIDC or SAML connector to use. If
// this value is empty, we fall back to the first connector in the backend.
SetConnectorName(string)
// GetU2F gets the U2F configuration settings.
GetU2F() (*U2F, error)
// SetU2F sets the U2F configuration settings.
SetU2F(*U2F)
// GetWebauthn returns the Webauthn configuration settings.
GetWebauthn() (*Webauthn, error)
// SetWebauthn sets the Webauthn configuration settings.
SetWebauthn(*Webauthn)
// GetAllowPasswordless returns if passwordless is allowed by cluster
// settings.
GetAllowPasswordless() bool
// SetAllowPasswordless sets the value of the allow passwordless setting.
SetAllowPasswordless(b bool)
// GetAllowHeadless returns if headless is allowed by cluster settings.
GetAllowHeadless() bool
// SetAllowHeadless sets the value of the allow headless setting.
SetAllowHeadless(b bool)
// SetRequireMFAType sets the type of MFA requirement enforced for this cluster.
SetRequireMFAType(RequireMFAType)
// GetRequireMFAType returns the type of MFA requirement enforced for this cluster.
GetRequireMFAType() RequireMFAType
// GetPrivateKeyPolicy returns the configured private key policy for the cluster.
GetPrivateKeyPolicy() keys.PrivateKeyPolicy
// GetHardwareKey returns the hardware key settings configured for the cluster.
GetHardwareKey() (*HardwareKey, error)
// GetPIVSlot returns the configured piv slot for the cluster.
GetPIVSlot() hardwarekey.PIVSlotKeyString
// GetHardwareKeySerialNumberValidation returns the cluster's hardware key
// serial number validation settings.
GetHardwareKeySerialNumberValidation() (*HardwareKeySerialNumberValidation, error)
// GetPIVPINCacheTTL returns the configured piv pin cache duration for the cluster.
GetPIVPINCacheTTL() time.Duration
// GetDisconnectExpiredCert returns disconnect expired certificate setting
GetDisconnectExpiredCert() bool
// SetDisconnectExpiredCert sets disconnect client with expired certificate setting
SetDisconnectExpiredCert(bool)
// GetAllowLocalAuth gets if local authentication is allowed.
GetAllowLocalAuth() bool
// SetAllowLocalAuth sets if local authentication is allowed.
SetAllowLocalAuth(bool)
// GetMessageOfTheDay fetches the MOTD
GetMessageOfTheDay() string
// SetMessageOfTheDay sets the MOTD
SetMessageOfTheDay(string)
// GetLockingMode gets the cluster-wide locking mode default.
GetLockingMode() constants.LockingMode
// SetLockingMode sets the cluster-wide locking mode default.
SetLockingMode(constants.LockingMode)
// GetDeviceTrust returns the cluster device trust settings, or nil if no
// explicit configurations are present.
GetDeviceTrust() *DeviceTrust
// SetDeviceTrust sets the cluster device trust settings.
SetDeviceTrust(*DeviceTrust)
// IsSAMLIdPEnabled returns true if the SAML IdP is enabled.
IsSAMLIdPEnabled() bool
// SetSAMLIdPEnabled sets the SAML IdP to enabled.
SetSAMLIdPEnabled(bool)
// GetDefaultSessionTTL retrieves the max session ttl
GetDefaultSessionTTL() Duration
// SetDefaultSessionTTL sets the max session ttl
SetDefaultSessionTTL(Duration)
// GetOktaSyncPeriod returns the duration between Okta synchronization calls if the Okta service is running.
GetOktaSyncPeriod() time.Duration
// SetOktaSyncPeriod sets the duration between Okta synchronzation calls.
SetOktaSyncPeriod(timeBetweenSyncs time.Duration)
// GetSignatureAlgorithmSuite gets the signature algorithm suite.
GetSignatureAlgorithmSuite() SignatureAlgorithmSuite
// SetSignatureAlgorithmSuite sets the signature algorithm suite.
SetSignatureAlgorithmSuite(SignatureAlgorithmSuite)
// SetDefaultSignatureAlgorithmSuite sets default signature algorithm suite
// based on the params. This is meant for a default auth preference in a
// brand new cluster or after resetting the auth preference.
SetDefaultSignatureAlgorithmSuite(SignatureAlgorithmSuiteParams)
// CheckSignatureAlgorithmSuite returns an error if the current signature
// algorithm suite is incompatible with [params].
CheckSignatureAlgorithmSuite(SignatureAlgorithmSuiteParams) error
// GetStableUNIXUserConfig returns the stable UNIX user configuration.
GetStableUNIXUserConfig() *StableUNIXUserConfig
// SetStableUNIXUserConfig sets the stable UNIX user configuration.
SetStableUNIXUserConfig(*StableUNIXUserConfig)
// String represents a human readable version of authentication settings.
String() string
// Clone makes a deep copy of the AuthPreference.
Clone() AuthPreference
}
// NewAuthPreference is a convenience method to to create AuthPreferenceV2.
func NewAuthPreference(spec AuthPreferenceSpecV2) (AuthPreference, error) {
return newAuthPreferenceWithLabels(spec, map[string]string{})
}
// NewAuthPreferenceFromConfigFile is a convenience method to create
// AuthPreferenceV2 labeled as originating from config file.
func NewAuthPreferenceFromConfigFile(spec AuthPreferenceSpecV2) (AuthPreference, error) {
return newAuthPreferenceWithLabels(spec, map[string]string{
OriginLabel: OriginConfigFile,
})
}
// NewAuthPreferenceWithLabels is a convenience method to create
// AuthPreferenceV2 with a specific map of labels.
func newAuthPreferenceWithLabels(spec AuthPreferenceSpecV2, labels map[string]string) (AuthPreference, error) {
pref := &AuthPreferenceV2{
Metadata: Metadata{
Labels: labels,
},
Spec: spec,
}
if err := pref.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return pref, nil
}
// DefaultAuthPreference returns the default authentication preferences.
func DefaultAuthPreference() AuthPreference {
authPref, _ := newAuthPreferenceWithLabels(AuthPreferenceSpecV2{
// This is useful as a static value, but the real default signature
// algorithm suite depends on the cluster FIPS and HSM settings, and
// gets written by [AuthPreferenceV2.SetDefaultSignatureAlgorithmSuite]
// wherever a default auth preference will actually be persisted.
// It is set here so that many existing tests using this get the
// benefits of the balanced-v1 suite.
SignatureAlgorithmSuite: SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_BALANCED_V1,
}, map[string]string{
OriginLabel: OriginDefaults,
})
return authPref
}
// GetVersion returns resource version.
func (c *AuthPreferenceV2) GetVersion() string {
return c.Version
}
// GetName returns the name of the resource.
func (c *AuthPreferenceV2) GetName() string {
return c.Metadata.Name
}
// SetName sets the name of the resource.
func (c *AuthPreferenceV2) SetName(e string) {
c.Metadata.Name = e
}
// SetExpiry sets expiry time for the object.
func (c *AuthPreferenceV2) SetExpiry(expires time.Time) {
c.Metadata.SetExpiry(expires)
}
// Expiry returns object expiry setting.
func (c *AuthPreferenceV2) Expiry() time.Time {
return c.Metadata.Expiry()
}
// GetMetadata returns object metadata.
func (c *AuthPreferenceV2) GetMetadata() Metadata {
return c.Metadata
}
// GetRevision returns the revision
func (c *AuthPreferenceV2) GetRevision() string {
return c.Metadata.GetRevision()
}
// SetRevision sets the revision
func (c *AuthPreferenceV2) SetRevision(rev string) {
c.Metadata.SetRevision(rev)
}
// Origin returns the origin value of the resource.
func (c *AuthPreferenceV2) Origin() string {
return c.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (c *AuthPreferenceV2) SetOrigin(origin string) {
c.Metadata.SetOrigin(origin)
}
// GetKind returns resource kind.
func (c *AuthPreferenceV2) GetKind() string {
return c.Kind
}
// GetSubKind returns resource subkind.
func (c *AuthPreferenceV2) GetSubKind() string {
return c.SubKind
}
// SetSubKind sets resource subkind.
func (c *AuthPreferenceV2) SetSubKind(sk string) {
c.SubKind = sk
}
// GetType returns the type of authentication.
func (c *AuthPreferenceV2) GetType() string {
return c.Spec.Type
}
// SetType sets the type of authentication.
func (c *AuthPreferenceV2) SetType(s string) {
c.Spec.Type = s
}
// SetSecondFactor sets the type of second factor.
func (c *AuthPreferenceV2) SetSecondFactor(s constants.SecondFactorType) {
c.Spec.SecondFactor = s
// Unset SecondFactors, only one can be set at a time.
c.Spec.SecondFactors = nil
}
// GetSecondFactors gets a list of supported second factors.
func (c *AuthPreferenceV2) GetSecondFactors() []SecondFactorType {
if len(c.Spec.SecondFactors) > 0 {
return c.Spec.SecondFactors
}
// If SecondFactors isn't set, try to convert the old SecondFactor field.
return secondFactorsFromLegacySecondFactor(c.Spec.SecondFactor)
}
// SetSecondFactors sets the list of supported second factors.
func (c *AuthPreferenceV2) SetSecondFactors(sfs ...SecondFactorType) {
c.Spec.SecondFactors = sfs
// Unset SecondFactor, only one can be set at a time.
c.Spec.SecondFactor = ""
}
// GetPreferredLocalMFA returns a server-side hint for clients to pick an MFA
// method when various options are available.
// It is empty if there is nothing to suggest.
func (c *AuthPreferenceV2) GetPreferredLocalMFA() constants.SecondFactorType {
if c.IsSecondFactorWebauthnAllowed() {
return secondFactorTypeWebauthnString
}
if c.IsSecondFactorTOTPAllowed() {
return secondFactorTypeOTPString
}
return ""
}
// IsSecondFactorEnforced checks if second factor is enabled.
func (c *AuthPreferenceV2) IsSecondFactorEnabled() bool {
// TODO(Joerger): outside of tests, second factor should always be enabled.
// All calls should be removed and the old off/optional second factors removed.
return len(c.GetSecondFactors()) > 0
}
// IsSecondFactorEnforced checks if second factor is enforced.
func (c *AuthPreferenceV2) IsSecondFactorEnforced() bool {
// TODO(Joerger): outside of tests, second factor should always be enforced.
// All calls should be removed and the old off/optional second factors removed.
return len(c.GetSecondFactors()) > 0 && c.Spec.SecondFactor != constants.SecondFactorOptional
}
// IsSecondFactorLocalAllowed checks if a local second factor method is enabled.
func (c *AuthPreferenceV2) IsSecondFactorLocalAllowed() bool {
return c.IsSecondFactorTOTPAllowed() || c.IsSecondFactorWebauthnAllowed()
}
// IsSecondFactorTOTPAllowed checks if users can use TOTP as an MFA method.
func (c *AuthPreferenceV2) IsSecondFactorTOTPAllowed() bool {
return slices.Contains(c.GetSecondFactors(), SecondFactorType_SECOND_FACTOR_TYPE_OTP)
}
// IsSecondFactorWebauthnAllowed checks if users can use WebAuthn as an MFA method.
func (c *AuthPreferenceV2) IsSecondFactorWebauthnAllowed() bool {
return slices.Contains(c.GetSecondFactors(), SecondFactorType_SECOND_FACTOR_TYPE_WEBAUTHN)
}
// IsSecondFactorSSOAllowed checks if users can use SSO as an MFA method.
func (c *AuthPreferenceV2) IsSecondFactorSSOAllowed() bool {
return slices.Contains(c.GetSecondFactors(), SecondFactorType_SECOND_FACTOR_TYPE_SSO)
}
// IsAdminActionMFAEnforced checks if admin action MFA is enforced.
func (c *AuthPreferenceV2) IsAdminActionMFAEnforced() bool {
// OTP is not supported for Admin MFA.
return c.IsSecondFactorEnforced() && !c.IsSecondFactorTOTPAllowed()
}
// GetConnectorName gets the name of the OIDC or SAML connector to use. If
// this value is empty, we fall back to the first connector in the backend.
func (c *AuthPreferenceV2) GetConnectorName() string {
return c.Spec.ConnectorName
}
// SetConnectorName sets the name of the OIDC or SAML connector to use. If
// this value is empty, we fall back to the first connector in the backend.
func (c *AuthPreferenceV2) SetConnectorName(cn string) {
c.Spec.ConnectorName = cn
}
// GetU2F gets the U2F configuration settings.
func (c *AuthPreferenceV2) GetU2F() (*U2F, error) {
if c.Spec.U2F == nil {
return nil, trace.NotFound("U2F is not configured in this cluster")
}
return c.Spec.U2F, nil
}
// SetU2F sets the U2F configuration settings.
func (c *AuthPreferenceV2) SetU2F(u2f *U2F) {
c.Spec.U2F = u2f
}
func (c *AuthPreferenceV2) GetWebauthn() (*Webauthn, error) {
if c.Spec.Webauthn == nil {
return nil, trace.NotFound("Webauthn is not configured in this cluster, please contact your administrator and ask them to follow https://goteleport.com/docs/admin-guides/access-controls/guides/webauthn/")
}
return c.Spec.Webauthn, nil
}
func (c *AuthPreferenceV2) SetWebauthn(w *Webauthn) {
c.Spec.Webauthn = w
}
func (c *AuthPreferenceV2) GetAllowPasswordless() bool {
return c.Spec.AllowPasswordless != nil && c.Spec.AllowPasswordless.Value
}
func (c *AuthPreferenceV2) SetAllowPasswordless(b bool) {
c.Spec.AllowPasswordless = NewBoolOption(b)
}
func (c *AuthPreferenceV2) GetAllowHeadless() bool {
return c.Spec.AllowHeadless != nil && c.Spec.AllowHeadless.Value
}
func (c *AuthPreferenceV2) SetAllowHeadless(b bool) {
c.Spec.AllowHeadless = NewBoolOption(b)
}
// SetRequireMFAType sets the type of MFA requirement enforced for this cluster.
func (c *AuthPreferenceV2) SetRequireMFAType(t RequireMFAType) {
c.Spec.RequireMFAType = t
}
// GetRequireMFAType returns the type of MFA requirement enforced for this cluster.
func (c *AuthPreferenceV2) GetRequireMFAType() RequireMFAType {
return c.Spec.RequireMFAType
}
// GetPrivateKeyPolicy returns the configured private key policy for the cluster.
func (c *AuthPreferenceV2) GetPrivateKeyPolicy() keys.PrivateKeyPolicy {
switch c.Spec.RequireMFAType {
case RequireMFAType_SESSION_AND_HARDWARE_KEY:
return keys.PrivateKeyPolicyHardwareKey
case RequireMFAType_HARDWARE_KEY_TOUCH:
return keys.PrivateKeyPolicyHardwareKeyTouch
case RequireMFAType_HARDWARE_KEY_PIN:
return keys.PrivateKeyPolicyHardwareKeyPIN
case RequireMFAType_HARDWARE_KEY_TOUCH_AND_PIN:
return keys.PrivateKeyPolicyHardwareKeyTouchAndPIN
default:
return keys.PrivateKeyPolicyNone
}
}
// GetHardwareKey returns the hardware key settings configured for the cluster.
func (c *AuthPreferenceV2) GetHardwareKey() (*HardwareKey, error) {
if c.Spec.HardwareKey == nil {
return nil, trace.NotFound("Hardware key support is not configured in this cluster")
}
return c.Spec.HardwareKey, nil
}
// GetPIVSlot returns the configured piv slot for the cluster.
func (c *AuthPreferenceV2) GetPIVSlot() hardwarekey.PIVSlotKeyString {
if hk, err := c.GetHardwareKey(); err == nil {
return hardwarekey.PIVSlotKeyString(hk.PIVSlot)
}
return ""
}
// GetHardwareKeySerialNumberValidation returns the cluster's hardware key
// serial number validation settings.
func (c *AuthPreferenceV2) GetHardwareKeySerialNumberValidation() (*HardwareKeySerialNumberValidation, error) {
if c.Spec.HardwareKey == nil || c.Spec.HardwareKey.SerialNumberValidation == nil {
return nil, trace.NotFound("Hardware key serial number validation is not configured in this cluster")
}
return c.Spec.HardwareKey.SerialNumberValidation, nil
}
// GetPIVPINCacheTTL returns the configured piv pin cache duration for the cluster.
func (c *AuthPreferenceV2) GetPIVPINCacheTTL() time.Duration {
if c.Spec.HardwareKey == nil {
return 0
}
return time.Duration(c.Spec.HardwareKey.PinCacheTTL)
}
// GetDisconnectExpiredCert returns disconnect expired certificate setting
func (c *AuthPreferenceV2) GetDisconnectExpiredCert() bool {
return c.Spec.DisconnectExpiredCert.Value
}
// SetDisconnectExpiredCert sets disconnect client with expired certificate setting
func (c *AuthPreferenceV2) SetDisconnectExpiredCert(b bool) {
c.Spec.DisconnectExpiredCert = NewBoolOption(b)
}
// GetAllowLocalAuth gets if local authentication is allowed.
func (c *AuthPreferenceV2) GetAllowLocalAuth() bool {
return c.Spec.AllowLocalAuth.Value
}
// SetAllowLocalAuth gets if local authentication is allowed.
func (c *AuthPreferenceV2) SetAllowLocalAuth(b bool) {
c.Spec.AllowLocalAuth = NewBoolOption(b)
}
// GetMessageOfTheDay gets the current Message Of The Day. May be empty.
func (c *AuthPreferenceV2) GetMessageOfTheDay() string {
return c.Spec.MessageOfTheDay
}
// SetMessageOfTheDay sets the current Message Of The Day. May be empty.
func (c *AuthPreferenceV2) SetMessageOfTheDay(motd string) {
c.Spec.MessageOfTheDay = motd
}
// GetLockingMode gets the cluster-wide locking mode default.
func (c *AuthPreferenceV2) GetLockingMode() constants.LockingMode {
return c.Spec.LockingMode
}
// SetLockingMode sets the cluster-wide locking mode default.
func (c *AuthPreferenceV2) SetLockingMode(mode constants.LockingMode) {
c.Spec.LockingMode = mode
}
// GetDeviceTrust returns the cluster device trust settings, or nil if no
// explicit configurations are present.
func (c *AuthPreferenceV2) GetDeviceTrust() *DeviceTrust {
if c == nil {
return nil
}
return c.Spec.DeviceTrust
}
// SetDeviceTrust sets the cluster device trust settings.
func (c *AuthPreferenceV2) SetDeviceTrust(dt *DeviceTrust) {
c.Spec.DeviceTrust = dt
}
// IsSAMLIdPEnabled returns true if the SAML IdP is enabled.
func (c *AuthPreferenceV2) IsSAMLIdPEnabled() bool {
return c.Spec.IDP.SAML.Enabled.Value
}
// SetSAMLIdPEnabled sets the SAML IdP to enabled.
func (c *AuthPreferenceV2) SetSAMLIdPEnabled(enabled bool) {
c.Spec.IDP.SAML.Enabled = NewBoolOption(enabled)
}
// SetDefaultSessionTTL sets the default session ttl
func (c *AuthPreferenceV2) SetDefaultSessionTTL(sessionTTL Duration) {
c.Spec.DefaultSessionTTL = sessionTTL
}
// GetDefaultSessionTTL retrieves the default session ttl
func (c *AuthPreferenceV2) GetDefaultSessionTTL() Duration {
return c.Spec.DefaultSessionTTL
}
// GetOktaSyncPeriod returns the duration between Okta synchronization calls if the Okta service is running.
func (c *AuthPreferenceV2) GetOktaSyncPeriod() time.Duration {
return c.Spec.Okta.SyncPeriod.Duration()
}
// SetOktaSyncPeriod sets the duration between Okta synchronzation calls.
func (c *AuthPreferenceV2) SetOktaSyncPeriod(syncPeriod time.Duration) {
c.Spec.Okta.SyncPeriod = Duration(syncPeriod)
}
// setStaticFields sets static resource header and metadata fields.
func (c *AuthPreferenceV2) setStaticFields() {
c.Kind = KindClusterAuthPreference
c.Version = V2
c.Metadata.Name = MetaNameClusterAuthPreference
}
// GetSignatureAlgorithmSuite gets the signature algorithm suite.
func (c *AuthPreferenceV2) GetSignatureAlgorithmSuite() SignatureAlgorithmSuite {
return c.Spec.SignatureAlgorithmSuite
}
// SetSignatureAlgorithmSuite sets the signature algorithm suite.
func (c *AuthPreferenceV2) SetSignatureAlgorithmSuite(suite SignatureAlgorithmSuite) {
c.Spec.SignatureAlgorithmSuite = suite
}
// SignatureAlgorithmSuiteParams is a set of parameters used to determine if a
// configured signature algorithm suite is valid, or to set a default signature
// algorithm suite.
type SignatureAlgorithmSuiteParams struct {
// FIPS should be true if running in FIPS mode.
FIPS bool
// UsingHSMOrKMS should be true if the auth server is configured to
// use an HSM or KMS.
UsingHSMOrKMS bool
// Cloud should be true when running in Teleport Cloud.
Cloud bool
}
// SetDefaultSignatureAlgorithmSuite sets default signature algorithm suite
// based on the params. This is meant for a default auth preference in a
// brand new cluster or after resetting the auth preference.
func (c *AuthPreferenceV2) SetDefaultSignatureAlgorithmSuite(params SignatureAlgorithmSuiteParams) {
switch {
case c.Spec.SignatureAlgorithmSuite != SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_UNSPECIFIED && c.Metadata.Labels[OriginLabel] != OriginDefaults:
// If the suite is set and it's not a default value, return.
return
case params.FIPS:
c.SetSignatureAlgorithmSuite(SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_FIPS_V1)
case params.UsingHSMOrKMS || params.Cloud:
// Cloud may eventually migrate existing CA keys to a KMS, to keep
// this option open we default to hsm-v1 suite.
c.SetSignatureAlgorithmSuite(SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_HSM_V1)
default:
c.SetSignatureAlgorithmSuite(SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_BALANCED_V1)
}
}
var (
errNonFIPSSignatureAlgorithmSuite = &trace.BadParameterError{Message: `non-FIPS compliant authentication setting: "signature_algorithm_suite" must be "fips-v1" or "legacy"`}
errNonHSMSignatureAlgorithmSuite = &trace.BadParameterError{Message: `configured "signature_algorithm_suite" is unsupported when "ca_key_params" configures an HSM or KMS, supported values: ["hsm-v1", "fips-v1", "legacy"]`}
errNonCloudSignatureAlgorithmSuite = &trace.BadParameterError{Message: `configured "signature_algorithm_suite" is unsupported in Teleport Cloud, supported values: ["hsm-v1", "fips-v1", "legacy"]`}
)
// CheckSignatureAlgorithmSuite returns an error if the current signature
// algorithm suite is incompatible with [params].
func (c *AuthPreferenceV2) CheckSignatureAlgorithmSuite(params SignatureAlgorithmSuiteParams) error {
switch c.GetSignatureAlgorithmSuite() {
case SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_UNSPECIFIED,
SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_LEGACY,
SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_FIPS_V1:
// legacy, fips-v1, and unspecified are always valid.
case SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_HSM_V1:
if params.FIPS {
return trace.Wrap(errNonFIPSSignatureAlgorithmSuite)
}
case SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_BALANCED_V1:
if params.FIPS {
return trace.Wrap(errNonFIPSSignatureAlgorithmSuite)
}
if params.UsingHSMOrKMS {
return trace.Wrap(errNonHSMSignatureAlgorithmSuite)
}
if params.Cloud {
// Cloud may eventually migrate existing CA keys to a KMS, to keep
// this option open we prevent the balanced-v1 suite.
return trace.Wrap(errNonCloudSignatureAlgorithmSuite)
}
default:
return trace.Errorf("unhandled signature_algorithm_suite %q: this is a bug", c.GetSignatureAlgorithmSuite())
}
return nil
}
// GetStableUNIXUserConfig implements [AuthPreference].
func (c *AuthPreferenceV2) GetStableUNIXUserConfig() *StableUNIXUserConfig {
if c == nil {
return nil
}
return c.Spec.StableUnixUserConfig
}
// SetStableUNIXUserConfig implements [AuthPreference].
func (c *AuthPreferenceV2) SetStableUNIXUserConfig(cfg *StableUNIXUserConfig) {
c.Spec.StableUnixUserConfig = cfg
}
// CheckAndSetDefaults verifies the constraints for AuthPreference.
func (c *AuthPreferenceV2) CheckAndSetDefaults() error {
c.setStaticFields()
if err := c.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if c.Spec.Type == "" {
c.Spec.Type = constants.Local
}
if c.Spec.AllowLocalAuth == nil {
c.Spec.AllowLocalAuth = NewBoolOption(true)
}
if c.Spec.DisconnectExpiredCert == nil {
c.Spec.DisconnectExpiredCert = NewBoolOption(false)
}
if c.Spec.LockingMode == "" {
c.Spec.LockingMode = constants.LockingModeBestEffort
}
if c.Origin() == "" {
c.SetOrigin(OriginDynamic)
}
if c.Spec.DefaultSessionTTL == 0 {
c.Spec.DefaultSessionTTL = Duration(defaults.CertDuration)
}
switch c.Spec.Type {
case constants.Local, constants.OIDC, constants.SAML, constants.Github:
// Note that "type:local" and "local_auth:false" is considered a valid
// setting, as it is a common idiom for clusters that rely on dynamic
// configuration.
default:
return trace.BadParameter("authentication type %q not supported", c.Spec.Type)
}
// Validate SecondFactor and SecondFactors.
if c.Spec.SecondFactor != "" && len(c.Spec.SecondFactors) > 0 {
return trace.BadParameter("must set either SecondFactor or SecondFactors, not both")
}
switch c.Spec.SecondFactor {
case constants.SecondFactorOff, constants.SecondFactorOTP, constants.SecondFactorWebauthn, constants.SecondFactorOn, constants.SecondFactorOptional:
case constants.SecondFactorU2F:
const deprecationMessage = `` +
`Second Factor "u2f" is deprecated and marked for removal, using "webauthn" instead. ` +
`Please update your configuration to use WebAuthn. ` +
`Refer to https://goteleport.com/docs/admin-guides/access-controls/guides/webauthn/`
slog.WarnContext(context.Background(), deprecationMessage)
c.Spec.SecondFactor = constants.SecondFactorWebauthn
case "":
// default to OTP if SecondFactors is also not set.
if len(c.Spec.SecondFactors) == 0 {
c.Spec.SecondFactor = constants.SecondFactorOTP
}
default:
return trace.BadParameter("second factor type %q not supported", c.Spec.SecondFactor)
}
// Validate expected fields for webauthn.
hasWebauthn := c.IsSecondFactorWebauthnAllowed()
if hasWebauthn {
// If U2F is present validate it, we can derive Webauthn from it.
if c.Spec.U2F != nil {
if err := c.Spec.U2F.Check(); err != nil {
return trace.Wrap(err)
}
if c.Spec.Webauthn == nil {
// Not a problem, try to derive from U2F.
c.Spec.Webauthn = &Webauthn{}
}
if err := c.Spec.Webauthn.CheckAndSetDefaults(c.Spec.U2F); err != nil {
return trace.Wrap(err)
}
}
if c.Spec.Webauthn == nil {
return trace.BadParameter("missing required webauthn configuration")
}
if err := c.Spec.Webauthn.CheckAndSetDefaults(c.Spec.U2F); err != nil {
return trace.Wrap(err)
}
}
// Set/validate AllowPasswordless. We need Webauthn first to do this properly.
switch {
case c.Spec.AllowPasswordless == nil:
c.Spec.AllowPasswordless = NewBoolOption(hasWebauthn)
case !hasWebauthn && c.Spec.AllowPasswordless.Value:
return trace.BadParameter("missing required Webauthn configuration for passwordless=true")
}
// Set/validate AllowHeadless. We need Webauthn first to do this properly.
switch {
case c.Spec.AllowHeadless == nil:
c.Spec.AllowHeadless = NewBoolOption(hasWebauthn)
case !hasWebauthn && c.Spec.AllowHeadless.Value:
return trace.BadParameter("missing required Webauthn configuration for headless=true")
}
// Prevent local lockout by disabling local second factor methods.
if c.GetAllowLocalAuth() && c.IsSecondFactorEnforced() && !c.IsSecondFactorLocalAllowed() {
if c.IsSecondFactorSSOAllowed() {
trace.BadParameter("missing a local second factor method for local users (otp, webauthn), either add a local second factor method or disable local auth")
}
return trace.BadParameter("missing a local second factor method for local users (otp, webauthn)")
}
// Validate connector name for type=local.
if c.Spec.Type == constants.Local {
switch connectorName := c.Spec.ConnectorName; connectorName {
case "", constants.LocalConnector: // OK
case constants.PasswordlessConnector:
if !c.Spec.AllowPasswordless.Value {
return trace.BadParameter("invalid local connector %q, passwordless not allowed by cluster settings", connectorName)
}
case constants.HeadlessConnector:
if !c.Spec.AllowHeadless.Value {
return trace.BadParameter("invalid local connector %q, headless not allowed by cluster settings", connectorName)
}
default:
return trace.BadParameter("invalid local connector %q", connectorName)
}
}
switch c.Spec.LockingMode {
case constants.LockingModeBestEffort, constants.LockingModeStrict:
default:
return trace.BadParameter("locking mode %q not supported", c.Spec.LockingMode)
}
if dt := c.Spec.DeviceTrust; dt != nil {
switch dt.Mode {
case "": // OK, "default" mode. Varies depending on OSS or Enterprise.
case constants.DeviceTrustModeOff,
constants.DeviceTrustModeOptional,
constants.DeviceTrustModeRequired,
constants.DeviceTrustModeRequiredForHumans: // OK.
default:
return trace.BadParameter("device trust mode %q not supported", dt.Mode)
}
// Ensure configured ekcert_allowed_cas are valid
for _, pem := range dt.EKCertAllowedCAs {
if err := isValidCertificatePEM(pem); err != nil {
return trace.BadParameter("device trust has invalid EKCert allowed CAs entry: %v", err)
}
}
}
if hk, err := c.GetHardwareKey(); err == nil && hk.PIVSlot != "" {
if err := hardwarekey.PIVSlotKeyString(hk.PIVSlot).Validate(); err != nil {
return trace.Wrap(err)
}
}
// Make sure the IdP section is populated.
if c.Spec.IDP == nil {
c.Spec.IDP = &IdPOptions{}
}
// Make sure the SAML section is populated.
if c.Spec.IDP.SAML == nil {
c.Spec.IDP.SAML = &IdPSAMLOptions{}
}
// Make sure the SAML enabled field is populated.
if c.Spec.IDP.SAML.Enabled == nil {
// Enable the IdP by default.
c.Spec.IDP.SAML.Enabled = NewBoolOption(true)
}
// Make sure the Okta field is populated.
if c.Spec.Okta == nil {
c.Spec.Okta = &OktaOptions{}
}
if c.GetPIVPINCacheTTL() > constants.MaxPIVPINCacheTTL {
return trace.BadParameter("piv_pin_cache_ttl cannot be larger than %s", constants.MaxPIVPINCacheTTL)
}
return nil
}
// String represents a human readable version of authentication settings.
func (c *AuthPreferenceV2) String() string {
return fmt.Sprintf("AuthPreference(Type=%q,SecondFactors=%q)", c.Spec.Type, c.GetSecondFactors())
}
// Clone returns a copy of the AuthPreference resource.
func (c *AuthPreferenceV2) Clone() AuthPreference {
return utils.CloneProtoMsg(c)
}
func (u *U2F) Check() error {
if u.AppID == "" {
return trace.BadParameter("u2f configuration missing app_id")
}
for _, ca := range u.DeviceAttestationCAs {
if err := isValidCertificatePEM(ca); err != nil {
return trace.BadParameter("u2f configuration has an invalid attestation CA: %v", err)
}
}
return nil
}
func (w *Webauthn) CheckAndSetDefaults(u *U2F) error {
// RPID.
switch {
case w.RPID != "": // Explicit RPID
_, err := url.Parse(w.RPID)
if err != nil {
return trace.BadParameter("webauthn rp_id is not a valid URI: %v", err)
}
case u != nil && w.RPID == "": // Infer RPID from U2F app_id
parsedAppID, err := url.Parse(u.AppID)
if err != nil {
return trace.BadParameter("webauthn missing rp_id and U2F app_id is not an URL (%v)", err)
}
var rpID string
switch {
case parsedAppID.Host != "":
rpID = parsedAppID.Host
rpID = strings.Split(rpID, ":")[0] // Remove :port, if present
case parsedAppID.Path == u.AppID:
// App ID is not a proper URL, take it literally.
rpID = u.AppID
default:
return trace.BadParameter("failed to infer webauthn RPID from U2F App ID (%q)", u.AppID)
}
slog.InfoContext(context.Background(), "WebAuthn: RPID inferred from U2F configuration", "rpid", rpID)
w.RPID = rpID
default:
return trace.BadParameter("webauthn configuration missing rp_id")
}
// AttestationAllowedCAs.
switch {
case u != nil && len(u.DeviceAttestationCAs) > 0 && len(w.AttestationAllowedCAs) == 0 && len(w.AttestationDeniedCAs) == 0:
slog.InfoContext(context.Background(), "WebAuthn: using U2F device attestation CAs as allowed CAs")
w.AttestationAllowedCAs = u.DeviceAttestationCAs
default:
for _, pem := range w.AttestationAllowedCAs {
if err := isValidCertificatePEM(pem); err != nil {
return trace.BadParameter("webauthn allowed CAs entry invalid: %v", err)
}
}
}
// AttestationDeniedCAs.
for _, pem := range w.AttestationDeniedCAs {
if err := isValidCertificatePEM(pem); err != nil {
return trace.BadParameter("webauthn denied CAs entry invalid: %v", err)
}
}
return nil
}
func isValidCertificatePEM(pem string) error {
_, err := tlsutils.ParseCertificatePEM([]byte(pem))
return err
}
// Check validates WebauthnLocalAuth, returning an error if it's not valid.
func (wal *WebauthnLocalAuth) Check() error {
if len(wal.UserID) == 0 {
return trace.BadParameter("missing UserID field")
}
return nil
}
// IsSessionMFARequired returns whether this RequireMFAType requires per-session MFA.
func (r RequireMFAType) IsSessionMFARequired() bool {
return r != RequireMFAType_OFF
}
// MarshalJSON marshals RequireMFAType to boolean or string.
func (r *RequireMFAType) MarshalYAML() (interface{}, error) {
val, err := r.encode()
if err != nil {
return nil, trace.Wrap(err)
}
return val, nil
}
// UnmarshalYAML supports parsing RequireMFAType from boolean or alias.
func (r *RequireMFAType) UnmarshalYAML(unmarshal func(interface{}) error) error {
var val interface{}
err := unmarshal(&val)
if err != nil {
return trace.Wrap(err)
}
err = r.decode(val)
return trace.Wrap(err)
}
// MarshalJSON marshals RequireMFAType to boolean or string.
func (r *RequireMFAType) MarshalJSON() ([]byte, error) {
val, err := r.encode()
if err != nil {
return nil, trace.Wrap(err)
}
out, err := json.Marshal(val)
return out, trace.Wrap(err)
}
// UnmarshalJSON supports parsing RequireMFAType from boolean or alias.
func (r *RequireMFAType) UnmarshalJSON(data []byte) error {
var val interface{}
err := json.Unmarshal(data, &val)
if err != nil {
return trace.Wrap(err)
}
err = r.decode(val)
return trace.Wrap(err)
}
const (
// RequireMFATypeHardwareKeyString is the string representation of RequireMFATypeHardwareKey
RequireMFATypeHardwareKeyString = "hardware_key"
// RequireMFATypeHardwareKeyTouchString is the string representation of RequireMFATypeHardwareKeyTouch
RequireMFATypeHardwareKeyTouchString = "hardware_key_touch"
// RequireMFATypeHardwareKeyPINString is the string representation of RequireMFATypeHardwareKeyPIN
RequireMFATypeHardwareKeyPINString = "hardware_key_pin"
// RequireMFATypeHardwareKeyTouchAndPINString is the string representation of RequireMFATypeHardwareKeyTouchAndPIN
RequireMFATypeHardwareKeyTouchAndPINString = "hardware_key_touch_and_pin"
)
// encode RequireMFAType into a string or boolean. This is necessary for
// backwards compatibility with the json/yaml tag "require_session_mfa",
// which used to be a boolean.
func (r *RequireMFAType) encode() (interface{}, error) {
switch *r {
case RequireMFAType_OFF:
return false, nil
case RequireMFAType_SESSION:
return true, nil
case RequireMFAType_SESSION_AND_HARDWARE_KEY:
return RequireMFATypeHardwareKeyString, nil
case RequireMFAType_HARDWARE_KEY_TOUCH:
return RequireMFATypeHardwareKeyTouchString, nil
case RequireMFAType_HARDWARE_KEY_PIN:
return RequireMFATypeHardwareKeyPINString, nil
case RequireMFAType_HARDWARE_KEY_TOUCH_AND_PIN:
return RequireMFATypeHardwareKeyTouchAndPINString, nil
default:
return nil, trace.BadParameter("RequireMFAType invalid value %v", *r)
}
}
// decode RequireMFAType from a string or boolean. This is necessary for
// backwards compatibility with the json/yaml tag "require_session_mfa",
// which used to be a boolean.
func (r *RequireMFAType) decode(val interface{}) error {
switch v := val.(type) {
case string:
switch v {
case RequireMFATypeHardwareKeyString:
*r = RequireMFAType_SESSION_AND_HARDWARE_KEY
case RequireMFATypeHardwareKeyTouchString:
*r = RequireMFAType_HARDWARE_KEY_TOUCH
case RequireMFATypeHardwareKeyPINString:
*r = RequireMFAType_HARDWARE_KEY_PIN
case RequireMFATypeHardwareKeyTouchAndPINString:
*r = RequireMFAType_HARDWARE_KEY_TOUCH_AND_PIN
case "":
// default to off
*r = RequireMFAType_OFF
default:
// try parsing as a boolean
switch strings.ToLower(v) {
case "yes", "yeah", "y", "true", "1", "on":
*r = RequireMFAType_SESSION
case "no", "nope", "n", "false", "0", "off":
*r = RequireMFAType_OFF
default:
return trace.BadParameter("RequireMFAType invalid value %v", val)
}
}
case bool:
if v {
*r = RequireMFAType_SESSION
} else {
*r = RequireMFAType_OFF
}
case int32:
return trace.Wrap(r.setFromEnum(v))
case int64:
return trace.Wrap(r.setFromEnum(int32(v)))
case int:
return trace.Wrap(r.setFromEnum(int32(v)))
case float64:
return trace.Wrap(r.setFromEnum(int32(v)))
case float32:
return trace.Wrap(r.setFromEnum(int32(v)))
default:
return trace.BadParameter("RequireMFAType invalid type %T", val)
}
return nil
}
// setFromEnum sets the value from enum value as int32.
func (r *RequireMFAType) setFromEnum(val int32) error {
if _, ok := RequireMFAType_name[val]; !ok {
return trace.BadParameter("invalid required mfa mode %v", val)
}
*r = RequireMFAType(val)
return nil
}
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"fmt"
"slices"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/constants"
"github.com/gravitational/teleport/api/utils"
)
// CertAuthority is a host or user certificate authority that can check and if
// it has private key stored as well, sign it too.
type CertAuthority interface {
// ResourceWithSecrets sets common resource properties
ResourceWithSecrets
// SetMetadata sets CA metadata
SetMetadata(meta Metadata)
// GetID returns certificate authority ID -
// combined type and name
GetID() CertAuthID
// GetType returns user or host certificate authority
GetType() CertAuthType
// GetClusterName returns cluster name this cert authority
// is associated with
GetClusterName() string
GetActiveKeys() CAKeySet
SetActiveKeys(CAKeySet) error
GetAdditionalTrustedKeys() CAKeySet
SetAdditionalTrustedKeys(CAKeySet) error
GetTrustedSSHKeyPairs() []*SSHKeyPair
GetTrustedTLSKeyPairs() []*TLSKeyPair
GetTrustedJWTKeyPairs() []*JWTKeyPair
// CombinedMapping is used to specify combined mapping from legacy property Roles
// and new property RoleMap
CombinedMapping() RoleMap
// GetRoleMap returns role map property
GetRoleMap() RoleMap
// SetRoleMap sets role map
SetRoleMap(m RoleMap)
// GetRoles returns a list of roles assumed by users signed by this CA
GetRoles() []string
// SetRoles sets assigned roles for this certificate authority
SetRoles(roles []string)
// AddRole adds a role to ca role list
AddRole(name string)
// String returns human readable version of the CertAuthority
String() string
// GetRotation returns rotation state.
GetRotation() Rotation
// SetRotation sets rotation state.
SetRotation(Rotation)
// AllKeyTypes returns the set of all different key types in the CA.
AllKeyTypes() []string
// Clone returns a copy of the cert authority object.
Clone() CertAuthority
}
// NewCertAuthority returns new cert authority
func NewCertAuthority(spec CertAuthoritySpecV2) (CertAuthority, error) {
ca := &CertAuthorityV2{Spec: spec}
if err := ca.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return ca, nil
}
// GetVersion returns resource version
func (ca *CertAuthorityV2) GetVersion() string {
return ca.Version
}
// GetKind returns resource kind
func (ca *CertAuthorityV2) GetKind() string {
return ca.Kind
}
// GetSubKind returns resource sub kind
func (ca *CertAuthorityV2) GetSubKind() string {
return ca.SubKind
}
// SetSubKind sets resource subkind
func (ca *CertAuthorityV2) SetSubKind(s string) {
ca.SubKind = s
}
// Clone returns a copy of the cert authority object.
func (ca *CertAuthorityV2) Clone() CertAuthority {
return utils.CloneProtoMsg(ca)
}
// GetRotation returns rotation state.
func (ca *CertAuthorityV2) GetRotation() Rotation {
if ca.Spec.Rotation == nil {
return Rotation{}
}
return *ca.Spec.Rotation
}
// SetRotation sets rotation state.
func (ca *CertAuthorityV2) SetRotation(r Rotation) {
ca.Spec.Rotation = &r
}
// SetMetadata sets object metadata
func (ca *CertAuthorityV2) SetMetadata(meta Metadata) {
ca.Metadata = meta
}
// GetMetadata returns object metadata
func (ca *CertAuthorityV2) GetMetadata() Metadata {
return ca.Metadata
}
// SetExpiry sets expiry time for the object
func (ca *CertAuthorityV2) SetExpiry(expires time.Time) {
ca.Metadata.SetExpiry(expires)
}
// Expiry returns object expiry setting
func (ca *CertAuthorityV2) Expiry() time.Time {
return ca.Metadata.Expiry()
}
// GetRevision returns the revision
func (ca *CertAuthorityV2) GetRevision() string {
return ca.Metadata.GetRevision()
}
// SetRevision sets the revision
func (ca *CertAuthorityV2) SetRevision(rev string) {
ca.Metadata.SetRevision(rev)
}
// WithoutSecrets returns an instance of resource without secrets.
func (ca *CertAuthorityV2) WithoutSecrets() Resource {
ca2 := ca.Clone()
RemoveCASecrets(ca2)
return ca2
}
// RemoveCASecrets removes private (SSH, TLS, and JWT) keys from certificate
// authority.
func RemoveCASecrets(ca CertAuthority) {
cav2, ok := ca.(*CertAuthorityV2)
if !ok {
return
}
cav2.Spec.ActiveKeys = cav2.Spec.ActiveKeys.WithoutSecrets()
cav2.Spec.AdditionalTrustedKeys = cav2.Spec.AdditionalTrustedKeys.WithoutSecrets()
}
// String returns human readable version of the CertAuthorityV2.
func (ca *CertAuthorityV2) String() string {
return fmt.Sprintf("CA(name=%v, type=%v)", ca.GetClusterName(), ca.GetType())
}
// AddRole adds a role to ca role list
func (ca *CertAuthorityV2) AddRole(name string) {
for _, r := range ca.Spec.Roles {
if r == name {
return
}
}
ca.Spec.Roles = append(ca.Spec.Roles, name)
}
// GetID returns certificate authority ID -
// combined type and name
func (ca *CertAuthorityV2) GetID() CertAuthID {
return CertAuthID{Type: ca.Spec.Type, DomainName: ca.Metadata.Name}
}
// SetName sets cert authority name
func (ca *CertAuthorityV2) SetName(name string) {
ca.Metadata.SetName(name)
}
// GetName returns cert authority name
func (ca *CertAuthorityV2) GetName() string {
return ca.Metadata.Name
}
// GetType returns user or host certificate authority
func (ca *CertAuthorityV2) GetType() CertAuthType {
return ca.Spec.Type
}
// GetClusterName returns cluster name this cert authority
// is associated with.
func (ca *CertAuthorityV2) GetClusterName() string {
return ca.Spec.ClusterName
}
// GetRoles returns a list of roles assumed by users signed by this CA
func (ca *CertAuthorityV2) GetRoles() []string {
return ca.Spec.Roles
}
// SetRoles sets assigned roles for this certificate authority
func (ca *CertAuthorityV2) SetRoles(roles []string) {
ca.Spec.Roles = roles
}
// CombinedMapping is used to specify combined mapping from legacy property Roles
// and new property RoleMap
func (ca *CertAuthorityV2) CombinedMapping() RoleMap {
if len(ca.Spec.Roles) != 0 {
return RoleMap([]RoleMapping{{Remote: Wildcard, Local: ca.Spec.Roles}})
}
return RoleMap(ca.Spec.RoleMap)
}
// GetRoleMap returns role map property
func (ca *CertAuthorityV2) GetRoleMap() RoleMap {
return RoleMap(ca.Spec.RoleMap)
}
// SetRoleMap sets role map
func (ca *CertAuthorityV2) SetRoleMap(m RoleMap) {
ca.Spec.RoleMap = []RoleMapping(m)
}
// ID returns id (consisting of domain name and type) that
// identifies the authority this key belongs to
func (ca *CertAuthorityV2) ID() *CertAuthID {
return &CertAuthID{DomainName: ca.Spec.ClusterName, Type: ca.Spec.Type}
}
func (ca *CertAuthorityV2) GetActiveKeys() CAKeySet {
return ca.Spec.ActiveKeys
}
func (ca *CertAuthorityV2) SetActiveKeys(ks CAKeySet) error {
if err := ks.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
ca.Spec.ActiveKeys = ks
return nil
}
func (ca *CertAuthorityV2) GetAdditionalTrustedKeys() CAKeySet {
return ca.Spec.AdditionalTrustedKeys
}
func (ca *CertAuthorityV2) SetAdditionalTrustedKeys(ks CAKeySet) error {
if err := ks.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
ca.Spec.AdditionalTrustedKeys = ks
return nil
}
func (ca *CertAuthorityV2) GetTrustedSSHKeyPairs() []*SSHKeyPair {
var kps []*SSHKeyPair
for _, k := range ca.GetActiveKeys().SSH {
kps = append(kps, k.Clone())
}
for _, k := range ca.GetAdditionalTrustedKeys().SSH {
kps = append(kps, k.Clone())
}
return kps
}
func (ca *CertAuthorityV2) GetTrustedTLSKeyPairs() []*TLSKeyPair {
var kps []*TLSKeyPair
for _, k := range ca.GetActiveKeys().TLS {
kps = append(kps, k.Clone())
}
for _, k := range ca.GetAdditionalTrustedKeys().TLS {
kps = append(kps, k.Clone())
}
return kps
}
func (ca *CertAuthorityV2) GetTrustedJWTKeyPairs() []*JWTKeyPair {
var kps []*JWTKeyPair
for _, k := range ca.GetActiveKeys().JWT {
kps = append(kps, k.Clone())
}
for _, k := range ca.GetAdditionalTrustedKeys().JWT {
kps = append(kps, k.Clone())
}
return kps
}
// setStaticFields sets static resource header and metadata fields.
func (ca *CertAuthorityV2) setStaticFields() {
ca.Kind = KindCertAuthority
ca.Version = V2
// ca.Metadata.Name and ca.Spec.ClusterName should always be equal.
if ca.Metadata.Name == "" {
ca.Metadata.Name = ca.Spec.ClusterName
} else {
ca.Spec.ClusterName = ca.Metadata.Name
}
}
// CheckAndSetDefaults checks and set default values for any missing fields.
func (ca *CertAuthorityV2) CheckAndSetDefaults() error {
ca.setStaticFields()
if err := ca.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if ca.SubKind == "" {
ca.SubKind = string(ca.Spec.Type)
}
if err := ca.ID().Check(); err != nil {
return trace.Wrap(err)
}
if err := ca.Spec.ActiveKeys.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if err := ca.Spec.AdditionalTrustedKeys.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if err := ca.Spec.Rotation.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if err := ca.GetType().Check(); err != nil {
return trace.Wrap(err)
}
return nil
}
// AllKeyTypes returns the set of all different key types in the CA.
func (ca *CertAuthorityV2) AllKeyTypes() []string {
keyTypes := make(map[PrivateKeyType]struct{})
for _, keySet := range []CAKeySet{ca.Spec.ActiveKeys, ca.Spec.AdditionalTrustedKeys} {
for _, keyPair := range keySet.SSH {
keyTypes[keyPair.PrivateKeyType] = struct{}{}
}
for _, keyPair := range keySet.TLS {
keyTypes[keyPair.KeyType] = struct{}{}
}
for _, keyPair := range keySet.JWT {
keyTypes[keyPair.PrivateKeyType] = struct{}{}
}
}
var strs []string
for k := range keyTypes {
strs = append(strs, k.String())
}
return strs
}
const (
// RotationStateStandby is initial status of the rotation -
// nothing is being rotated.
RotationStateStandby = "standby"
// RotationStateInProgress - that rotation is in progress.
RotationStateInProgress = "in_progress"
// RotationPhaseStandby is the initial phase of the rotation
// it means no operations have started.
RotationPhaseStandby = "standby"
// RotationPhaseInit = is a phase of the rotation
// when new certificate authority is issued, but not used
// It is necessary for remote trusted clusters to fetch the
// new certificate authority, otherwise the new clients
// will reject it
RotationPhaseInit = "init"
// RotationPhaseUpdateClients is a phase of the rotation
// when client credentials will have to be updated and reloaded
// but servers will use and respond with old credentials
// because clients have no idea about new credentials at first.
RotationPhaseUpdateClients = "update_clients"
// RotationPhaseUpdateServers is a phase of the rotation
// when servers will have to reload and should start serving
// TLS and SSH certificates signed by new CA.
RotationPhaseUpdateServers = "update_servers"
// RotationPhaseRollback means that rotation is rolling
// back to the old certificate authority.
RotationPhaseRollback = "rollback"
// RotationModeManual is a manual rotation mode when all phases
// are set by the operator.
RotationModeManual = "manual"
// RotationModeAuto is set to go through all phases by the schedule.
RotationModeAuto = "auto"
)
// RotatePhases lists all supported rotation phases
var RotatePhases = []string{
RotationPhaseInit,
RotationPhaseStandby,
RotationPhaseUpdateClients,
RotationPhaseUpdateServers,
RotationPhaseRollback,
}
// Matches returns true if this state rotation matches
// external rotation state, phase and rotation ID should match,
// notice that matches does not behave like Equals because it does not require
// all fields to be the same.
func (r *Rotation) Matches(rotation Rotation) bool {
return r.CurrentID == rotation.CurrentID && r.State == rotation.State && r.Phase == rotation.Phase
}
// IsZero checks if this is the zero value of Rotation. Works on nil and non-nil rotation
// values.
func (r *Rotation) IsZero() bool {
if r == nil {
return true
}
return r.Matches(Rotation{})
}
// LastRotatedDescription returns human friendly description.
func (r *Rotation) LastRotatedDescription() string {
if r.LastRotated.IsZero() {
return "never updated"
}
return fmt.Sprintf("last rotated %v", r.LastRotated.Format(constants.HumanDateFormatSeconds))
}
// PhaseDescription returns human friendly description of a current rotation phase.
func (r *Rotation) PhaseDescription() string {
switch r.Phase {
case RotationPhaseInit:
return "initialized"
case RotationPhaseStandby, "":
return "on standby"
case RotationPhaseUpdateClients:
return "rotating clients"
case RotationPhaseUpdateServers:
return "rotating servers"
case RotationPhaseRollback:
return "rolling back"
default:
return fmt.Sprintf("unknown phase: %q", r.Phase)
}
}
// String returns user friendly information about certificate authority.
func (r *Rotation) String() string {
switch r.State {
case "", RotationStateStandby:
if r.LastRotated.IsZero() {
return "standby (never rotated)"
}
return fmt.Sprintf("standby (last rotated: %v)", r.LastRotated.Format(constants.HumanDateFormatSeconds))
case RotationStateInProgress:
switch r.Mode {
case RotationModeManual:
return fmt.Sprintf("in progress (mode: manual, phase: %s)", r.Phase)
default:
return fmt.Sprintf("in progress (mode: automatic, phase: %s, started: %v, ending: %v)",
r.Phase,
r.Started.Format(constants.HumanDateFormatSeconds),
r.Started.Add(r.GracePeriod.Duration()).Format(constants.HumanDateFormatSeconds),
)
}
default:
return "unknown"
}
}
// CheckAndSetDefaults checks and sets default rotation parameters.
func (r *Rotation) CheckAndSetDefaults() error {
if r == nil {
return nil
}
switch r.Phase {
case "", RotationPhaseInit, RotationPhaseStandby, RotationPhaseRollback, RotationPhaseUpdateClients, RotationPhaseUpdateServers:
default:
return trace.BadParameter("unsupported phase: %q", r.Phase)
}
switch r.Mode {
case "", RotationModeAuto, RotationModeManual:
default:
return trace.BadParameter("unsupported mode: %q", r.Mode)
}
switch r.State {
case "":
r.State = RotationStateStandby
case RotationStateStandby:
case RotationStateInProgress:
if r.CurrentID == "" {
return trace.BadParameter("set 'current_id' parameter for in progress rotation")
}
if r.Started.IsZero() {
return trace.BadParameter("set 'started' parameter for in progress rotation")
}
default:
return trace.BadParameter(
"unsupported rotation 'state': %q, supported states are: %q, %q",
r.State, RotationStateStandby, RotationStateInProgress)
}
return nil
}
// GenerateSchedule generates schedule based on the time period, using
// even time periods between rotation phases.
func GenerateSchedule(now time.Time, gracePeriod time.Duration) (*RotationSchedule, error) {
if gracePeriod <= 0 {
return nil, trace.BadParameter("invalid grace period %q, provide value > 0", gracePeriod)
}
return &RotationSchedule{
UpdateClients: now.UTC().Add(gracePeriod / 3),
UpdateServers: now.UTC().Add((gracePeriod * 2) / 3),
Standby: now.UTC().Add(gracePeriod),
}, nil
}
// CheckAndSetDefaults checks and sets default values of the rotation schedule.
func (s *RotationSchedule) CheckAndSetDefaults(now time.Time) error {
if s.UpdateServers.IsZero() {
return trace.BadParameter("phase %q has no time switch scheduled", RotationPhaseUpdateServers)
}
if s.Standby.IsZero() {
return trace.BadParameter("phase %q has no time switch scheduled", RotationPhaseStandby)
}
if s.Standby.Before(s.UpdateServers) {
return trace.BadParameter("phase %q can not be scheduled before %q", RotationPhaseStandby, RotationPhaseUpdateServers)
}
if s.UpdateServers.Before(now) {
return trace.BadParameter("phase %q can not be scheduled in the past", RotationPhaseUpdateServers)
}
if s.Standby.Before(now) {
return trace.BadParameter("phase %q can not be scheduled in the past", RotationPhaseStandby)
}
return nil
}
// Clone returns a deep copy of TLSKeyPair that can be mutated without
// modifying the original.
func (k *TLSKeyPair) Clone() *TLSKeyPair {
return &TLSKeyPair{
KeyType: k.KeyType,
Key: slices.Clone(k.Key),
Cert: slices.Clone(k.Cert),
CRL: slices.Clone(k.CRL),
}
}
// Clone returns a deep copy of JWTKeyPair that can be mutated without
// modifying the original.
func (k *JWTKeyPair) Clone() *JWTKeyPair {
return &JWTKeyPair{
PrivateKeyType: k.PrivateKeyType,
PrivateKey: slices.Clone(k.PrivateKey),
PublicKey: slices.Clone(k.PublicKey),
}
}
// Clone returns a deep copy of SSHKeyPair that can be mutated without
// modifying the original.
func (k *SSHKeyPair) Clone() *SSHKeyPair {
return &SSHKeyPair{
PrivateKeyType: k.PrivateKeyType,
PrivateKey: slices.Clone(k.PrivateKey),
PublicKey: slices.Clone(k.PublicKey),
}
}
// Clone returns a deep copy of CAKeySet that can be mutated without modifying
// the original.
func (ks CAKeySet) Clone() CAKeySet {
var out CAKeySet
if len(ks.TLS) > 0 {
out.TLS = make([]*TLSKeyPair, 0, len(ks.TLS))
for _, k := range ks.TLS {
out.TLS = append(out.TLS, k.Clone())
}
}
if len(ks.JWT) > 0 {
out.JWT = make([]*JWTKeyPair, 0, len(ks.JWT))
for _, k := range ks.JWT {
out.JWT = append(out.JWT, k.Clone())
}
}
if len(ks.SSH) > 0 {
out.SSH = make([]*SSHKeyPair, 0, len(ks.SSH))
for _, k := range ks.SSH {
out.SSH = append(out.SSH, k.Clone())
}
}
return out
}
// WithoutSecrets returns a deep copy of CAKeySet with all secret fields
// (private keys) removed.
func (ks CAKeySet) WithoutSecrets() CAKeySet {
ks = ks.Clone()
for _, k := range ks.SSH {
k.PrivateKey = nil
}
for _, k := range ks.TLS {
k.Key = nil
}
for _, k := range ks.JWT {
k.PrivateKey = nil
}
return ks
}
// CheckAndSetDefaults validates CAKeySet and sets defaults on any empty fields
// as needed.
func (ks CAKeySet) CheckAndSetDefaults() error {
for _, kp := range ks.SSH {
if err := kp.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
}
for _, kp := range ks.TLS {
if err := kp.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
}
for _, kp := range ks.JWT {
if err := kp.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
}
return nil
}
// Empty returns true if the CAKeySet holds no keys
func (ks *CAKeySet) Empty() bool {
return len(ks.SSH) == 0 && len(ks.TLS) == 0 && len(ks.JWT) == 0
}
// CheckAndSetDefaults validates SSHKeyPair and sets defaults on any empty
// fields as needed.
func (k *SSHKeyPair) CheckAndSetDefaults() error {
if len(k.PublicKey) == 0 {
return trace.BadParameter("SSH key pair missing public key")
}
return nil
}
// CheckAndSetDefaults validates TLSKeyPair and sets defaults on any empty
// fields as needed.
func (k *TLSKeyPair) CheckAndSetDefaults() error {
if len(k.Cert) == 0 {
return trace.BadParameter("TLS key pair missing certificate")
}
return nil
}
// CheckAndSetDefaults validates JWTKeyPair and sets defaults on any empty
// fields as needed.
func (k *JWTKeyPair) CheckAndSetDefaults() error {
if len(k.PublicKey) == 0 {
return trace.BadParameter("JWT key pair missing public key")
}
return nil
}
type CertAuthorityFilter map[CertAuthType]string
func (f CertAuthorityFilter) IsEmpty() bool {
return len(f) == 0
}
// Match checks if a given CA matches this filter.
func (f CertAuthorityFilter) Match(ca CertAuthority) bool {
if len(f) == 0 {
return true
}
return f[ca.GetType()] == Wildcard || f[ca.GetType()] == ca.GetClusterName()
}
// IntoMap makes this filter into a map for use as the Filter in a WatchKind.
func (f CertAuthorityFilter) IntoMap() map[string]string {
if len(f) == 0 {
return nil
}
m := make(map[string]string, len(f))
for caType, name := range f {
m[string(caType)] = name
}
return m
}
// FromMap converts the provided map into this filter.
func (f *CertAuthorityFilter) FromMap(m map[string]string) {
if len(m) == 0 {
*f = nil
return
}
*f = make(CertAuthorityFilter, len(m))
// there's not a lot of value in rejecting unknown values from the filter
for key, val := range m {
(*f)[CertAuthType(key)] = val
}
}
// Contains checks if the CA filter contains another CA filter as a subset.
// Unlike other filters, a CA filter's scope becomes more broad as map keys
// are added to it.
// Therefore, to check if kind's filter contains the subset's filter,
// we should check that the subset's keys are all present in kind and as
// narrow or narrower.
// A special case is when kind's filter is either empty or specifies all
// authorities, in which case it is as broad as possible and subset's filter
// is always contained within it.
func (f CertAuthorityFilter) Contains(other CertAuthorityFilter) bool {
if len(f) == 0 {
// f has no filter, which is as broad as possible.
return true
}
if len(other) == 0 {
// f has a filter, but other does not.
// treat this as "contained" if f's filter is for all authorities.
for _, caType := range CertAuthTypes {
clusterName, ok := f[caType]
if !ok || clusterName != Wildcard {
return false
}
}
return true
}
for k, v := range other {
v2, ok := f[k]
if !ok || (v2 != Wildcard && v2 != v) {
return false
}
}
return true
}
/*
Copyright 2022 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"net/url"
"regexp"
"sort"
"time"
"unicode"
"github.com/gravitational/trace"
)
// matchAlertLabelKey is a fairly conservative allowed charset for label keys.
var matchAlertLabelKey = regexp.MustCompile(`^[a-z0-9\.\-\/]+$`).MatchString
// matchAlertLabelVal is a slightly more permissive matcher for label values.
var matchAlertLabelVal = regexp.MustCompile(`^[a-z0-9\.\-_\/:|]+$`).MatchString
// matchAlertLabelLinkTextVal only allows alphanumeric characters and spaces.
var matchAlertLabelLinkTextVal = regexp.MustCompile(`^[a-zA-Z0-9 ]+$`).MatchString
const validLinkDestination = "goteleport.com"
type alertOptions struct {
labels map[string]string
severity AlertSeverity
created time.Time
expires time.Time
}
// AlertOption is a functional option for alert construction.
type AlertOption func(options *alertOptions)
// WithAlertLabel constructs an alert with the specified label.
func WithAlertLabel(key, val string) AlertOption {
return func(options *alertOptions) {
if options.labels == nil {
options.labels = make(map[string]string)
}
options.labels[key] = val
}
}
// WithAlertSeverity sets the severity of an alert (defaults to MEDIUM).
func WithAlertSeverity(severity AlertSeverity) AlertOption {
return func(options *alertOptions) {
options.severity = severity
}
}
// WithAlertCreated sets the alert's creation time. Auth server automatically fills
// this before inserting the alert in the backend if none is set.
func WithAlertCreated(created time.Time) AlertOption {
return func(options *alertOptions) {
options.created = created.UTC()
}
}
// WithAlertExpires sets the alerts expiry time. Auth server automatically applies a
// 24h expiry before inserting the alert in the backend if none is set.
func WithAlertExpires(expires time.Time) AlertOption {
return func(options *alertOptions) {
options.expires = expires.UTC()
}
}
// NewClusterAlert creates a new cluster alert.
func NewClusterAlert(name string, message string, opts ...AlertOption) (ClusterAlert, error) {
options := alertOptions{
severity: AlertSeverity_MEDIUM,
}
for _, opt := range opts {
opt(&options)
}
alert := ClusterAlert{
ResourceHeader: ResourceHeader{
Metadata: Metadata{
Name: name,
Labels: options.labels,
Expires: &options.expires,
},
},
Spec: ClusterAlertSpec{
Severity: options.severity,
Message: message,
Created: options.created,
},
}
if err := alert.CheckAndSetDefaults(); err != nil {
return ClusterAlert{}, trace.Wrap(err)
}
return alert, nil
}
// SortClusterAlerts applies the default cluster alert sorting, prioritizing
// elements by a combination of severity and creation time. Alerts are sorted
// with higher severity alerts first, and alerts of the same priority are sorted
// with newer alerts first.
func SortClusterAlerts(alerts []ClusterAlert) {
sort.Slice(alerts, func(i, j int) bool {
if alerts[i].Spec.Severity == alerts[j].Spec.Severity {
return alerts[i].Spec.Created.After(alerts[j].Spec.Created)
}
return alerts[i].Spec.Severity > alerts[j].Spec.Severity
})
}
func (c *ClusterAlert) setDefaults() {
if c.Kind == "" {
c.Kind = KindClusterAlert
}
if c.Version == "" {
c.Version = V1
}
}
// CheckAndSetDefaults verifies required fields.
func (c *ClusterAlert) CheckAndSetDefaults() error {
c.setDefaults()
if c.Version != V1 {
return trace.BadParameter("unsupported cluster alert version: %s", c.Version)
}
if c.Kind != KindClusterAlert {
return trace.BadParameter("expected kind %s, got %q", KindClusterAlert, c.Kind)
}
if c.Metadata.Name == "" {
return trace.BadParameter("alert name must be specified")
}
if err := c.CheckMessage(); err != nil {
return trace.Wrap(err)
}
for key, val := range c.Metadata.Labels {
if !matchAlertLabelKey(key) {
return trace.BadParameter("invalid alert label key: %q", key)
}
switch key {
case AlertLink:
u, err := url.Parse(val)
if err != nil {
return trace.BadParameter("invalid alert: label link %q is not a valid URL", val)
}
if u.Hostname() != validLinkDestination {
return trace.BadParameter("invalid alert: label link not allowed %q", val)
}
case AlertLinkText:
if !matchAlertLabelLinkTextVal(val) {
return trace.BadParameter("invalid alert: label button text not allowed: %q", val)
}
default:
if !matchAlertLabelVal(val) {
// for links, we relax the conditions on label values
return trace.BadParameter("invalid alert label value: %q", val)
}
}
}
return nil
}
func (c *ClusterAlert) CheckMessage() error {
if c.Spec.Message == "" {
return trace.BadParameter("alert message must be specified")
}
for _, c := range c.Spec.Message {
if unicode.IsControl(c) {
return trace.BadParameter("control characters not supported in alerts")
}
}
return nil
}
// Match checks if the given cluster alert matches this query.
func (r *GetClusterAlertsRequest) Match(alert ClusterAlert) bool {
if alert.Spec.Severity < r.Severity {
return false
}
if r.AlertID != "" && r.AlertID != alert.Metadata.Name {
return false
}
for key, val := range r.Labels {
if alert.Metadata.Labels[key] != val {
return false
}
}
return true
}
func (ack *AlertAcknowledgement) Check() error {
if ack.AlertID == "" {
return trace.BadParameter("missing alert id in ack")
}
if ack.Reason == "" {
return trace.BadParameter("ack reason must be specified")
}
for _, c := range ack.Reason {
if unicode.IsControl(c) {
return trace.BadParameter("control characters not supported in ack reason")
}
}
if ack.Expires.IsZero() {
return trace.BadParameter("missing expiry time")
}
return nil
}
/*
Copyright 2017 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"fmt"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
// ClusterName defines the name of the cluster. This is a configuration
// resource, never create more than one instance of it.
type ClusterName interface {
// Resource provides common resource properties.
Resource
// SetClusterName sets the name of the cluster.
SetClusterName(string)
// GetClusterName gets the name of the cluster.
GetClusterName() string
// SetClusterID sets the ID of the cluster.
SetClusterID(string)
// GetClusterID gets the ID of the cluster.
GetClusterID() string
// Clone performs a deep copy.
Clone() ClusterName
}
// NewClusterName is a convenience wrapper to create a ClusterName resource.
func NewClusterName(spec ClusterNameSpecV2) (ClusterName, error) {
cn := &ClusterNameV2{Spec: spec}
if err := cn.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return cn, nil
}
// GetVersion returns resource version
func (c *ClusterNameV2) GetVersion() string {
return c.Version
}
// GetKind returns resource kind
func (c *ClusterNameV2) GetKind() string {
return c.Kind
}
// GetSubKind returns resource sub kind
func (c *ClusterNameV2) GetSubKind() string {
return c.SubKind
}
// SetSubKind sets resource subkind
func (c *ClusterNameV2) SetSubKind(sk string) {
c.SubKind = sk
}
// GetRevision returns the revision
func (c *ClusterNameV2) GetRevision() string {
return c.Metadata.GetRevision()
}
// SetRevision sets the revision
func (c *ClusterNameV2) SetRevision(rev string) {
c.Metadata.SetRevision(rev)
}
// GetName returns the name of the cluster.
func (c *ClusterNameV2) GetName() string {
return c.Metadata.Name
}
// SetName sets the name of the cluster.
func (c *ClusterNameV2) SetName(e string) {
c.Metadata.Name = e
}
// Expiry returns object expiry setting
func (c *ClusterNameV2) Expiry() time.Time {
return c.Metadata.Expiry()
}
// SetExpiry sets expiry time for the object
func (c *ClusterNameV2) SetExpiry(expires time.Time) {
c.Metadata.SetExpiry(expires)
}
// GetMetadata returns object metadata
func (c *ClusterNameV2) GetMetadata() Metadata {
return c.Metadata
}
// SetClusterName sets the name of the cluster.
func (c *ClusterNameV2) SetClusterName(n string) {
c.Spec.ClusterName = n
}
// GetClusterName gets the name of the cluster.
func (c *ClusterNameV2) GetClusterName() string {
return c.Spec.ClusterName
}
// SetClusterID sets the ID of the cluster.
func (c *ClusterNameV2) SetClusterID(id string) {
c.Spec.ClusterID = id
}
// GetClusterID gets the ID of the cluster.
func (c *ClusterNameV2) GetClusterID() string {
return c.Spec.ClusterID
}
// Clone performs a deep copy.
func (c *ClusterNameV2) Clone() ClusterName {
return utils.CloneProtoMsg(c)
}
// setStaticFields sets static resource header and metadata fields.
func (c *ClusterNameV2) setStaticFields() {
c.Kind = KindClusterName
c.Version = V2
c.Metadata.Name = MetaNameClusterName
}
// CheckAndSetDefaults checks validity of all parameters and sets defaults.
func (c *ClusterNameV2) CheckAndSetDefaults() error {
c.setStaticFields()
if err := c.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if c.Spec.ClusterName == "" {
return trace.BadParameter("cluster name is required")
}
if c.Spec.ClusterID == "" {
return trace.BadParameter("cluster ID is required")
}
return nil
}
// String represents a human readable version of the cluster name.
func (c *ClusterNameV2) String() string {
return fmt.Sprintf("ClusterName(%v, ID=%v)", c.Spec.ClusterName, c.Spec.ClusterID)
}
/*
Copyright 2022 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
const (
// DiagnosticMessageSuccess is the message used when we the Connection was successful
DiagnosticMessageSuccess = "success"
// DiagnosticMessageFailed is the message used when we the Connection failed
DiagnosticMessageFailed = "failed"
)
// ConnectionDiagnostic represents a Connection Diagnostic.
type ConnectionDiagnostic interface {
// ResourceWithLabels provides common resource methods.
ResourceWithLabels
// Whether the connection was successful
IsSuccess() bool
// Sets the success flag
SetSuccess(bool)
// The underlying message
GetMessage() string
// Sets the undderlying message
SetMessage(string)
// The connection test traces
GetTraces() []*ConnectionDiagnosticTrace
// AppendTrace adds a trace to the ConnectionDiagnostic Traces
AppendTrace(*ConnectionDiagnosticTrace)
}
type ConnectionsDiagnostic []ConnectionDiagnostic
var _ ConnectionDiagnostic = &ConnectionDiagnosticV1{}
// NewConnectionDiagnosticV1 creates a new ConnectionDiagnosticV1 resource.
func NewConnectionDiagnosticV1(name string, labels map[string]string, spec ConnectionDiagnosticSpecV1) (*ConnectionDiagnosticV1, error) {
c := &ConnectionDiagnosticV1{
ResourceHeader: ResourceHeader{
Version: V1,
Kind: KindConnectionDiagnostic,
Metadata: Metadata{
Name: name,
Labels: labels,
},
},
Spec: spec,
}
if err := c.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return c, nil
}
// CheckAndSetDefaults checks and sets default values for any missing fields.
func (c *ConnectionDiagnosticV1) CheckAndSetDefaults() error {
if c.Spec.Message == "" {
return trace.BadParameter("ConnectionDiagnosticV1.Spec missing Message field")
}
return nil
}
// IsSuccess returns whether the connection was successful
func (c *ConnectionDiagnosticV1) IsSuccess() bool {
return c.Spec.Success
}
// SetSuccess sets whether the Connection was a success or not
func (c *ConnectionDiagnosticV1) SetSuccess(b bool) {
c.Spec.Success = b
}
// GetMessage returns the connection diagnostic message.
func (c *ConnectionDiagnosticV1) GetMessage() string {
return c.Spec.Message
}
// SetMessage sets the summary message of the Connection Diagnostic
func (c *ConnectionDiagnosticV1) SetMessage(s string) {
c.Spec.Message = s
}
// GetTraces returns the connection test traces
func (c *ConnectionDiagnosticV1) GetTraces() []*ConnectionDiagnosticTrace {
return c.Spec.Traces
}
// AppendTrace adds a trace into the Traces list
func (c *ConnectionDiagnosticV1) AppendTrace(trace *ConnectionDiagnosticTrace) {
c.Spec.Traces = append(c.Spec.Traces, trace)
}
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (c *ConnectionDiagnosticV1) MatchSearch(values []string) bool {
fieldVals := append(utils.MapToStrings(c.GetAllLabels()), c.GetName())
return MatchSearch(fieldVals, values, nil)
}
// SetStaticLabels sets the connection diagnostic static labels.
func (c *ConnectionDiagnosticV1) SetStaticLabels(sl map[string]string) {
c.Metadata.Labels = sl
}
// NewTraceDiagnosticConnection creates a new Connection Diagnostic Trace.
// If traceErr is not nil, it will set the Status to FAILED, SUCCESS otherwise.
func NewTraceDiagnosticConnection(traceType ConnectionDiagnosticTrace_TraceType, details string, traceErr error) *ConnectionDiagnosticTrace {
ret := &ConnectionDiagnosticTrace{
Status: ConnectionDiagnosticTrace_SUCCESS,
Type: traceType,
Details: details,
}
if traceErr != nil {
ret.Status = ConnectionDiagnosticTrace_FAILED
ret.Error = traceErr.Error()
}
return ret
}
/*
Copyright 2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"context"
"encoding/json"
"fmt"
"log/slog"
"regexp"
"strings"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/types/compare"
"github.com/gravitational/teleport/api/utils"
atlasutils "github.com/gravitational/teleport/api/utils/atlas"
awsutils "github.com/gravitational/teleport/api/utils/aws"
azureutils "github.com/gravitational/teleport/api/utils/azure"
gcputils "github.com/gravitational/teleport/api/utils/gcp"
)
var _ compare.IsEqual[Database] = (*DatabaseV3)(nil)
// Database represents a single database proxied by a database server.
type Database interface {
// ResourceWithLabels provides common resource methods.
ResourceWithLabels
// GetNamespace returns the database namespace.
GetNamespace() string
// GetStaticLabels returns the database static labels.
GetStaticLabels() map[string]string
// SetStaticLabels sets the database static labels.
SetStaticLabels(map[string]string)
// GetDynamicLabels returns the database dynamic labels.
GetDynamicLabels() map[string]CommandLabel
// SetDynamicLabels sets the database dynamic labels.
SetDynamicLabels(map[string]CommandLabel)
// String returns string representation of the database.
String() string
// GetDescription returns the database description.
GetDescription() string
// GetProtocol returns the database protocol.
GetProtocol() string
// GetURI returns the database connection endpoint.
GetURI() string
// SetURI sets the database connection endpoint.
SetURI(string)
// GetCA returns the database CA certificate.
GetCA() string
// SetCA sets the database CA certificate in the Spec.TLS field.
SetCA(string)
// GetTLS returns the database TLS configuration.
GetTLS() DatabaseTLS
// SetStatusCA sets the database CA certificate in the status field.
SetStatusCA(string)
// GetStatusCA gets the database CA certificate in the status field.
GetStatusCA() string
// GetMySQL returns the database options from spec.
GetMySQL() MySQLOptions
// GetOracle returns the database options from spec.
GetOracle() OracleOptions
// GetMySQLServerVersion returns the MySQL server version either from configuration or
// reported by the database.
GetMySQLServerVersion() string
// SetMySQLServerVersion sets the runtime MySQL server version.
SetMySQLServerVersion(version string)
// GetAWS returns the database AWS metadata.
GetAWS() AWS
// SetStatusAWS sets the database AWS metadata in the status field.
SetStatusAWS(AWS)
// SetAWSExternalID sets the database AWS external ID in the Spec.AWS field.
SetAWSExternalID(id string)
// SetAWSAssumeRole sets the database AWS assume role arn in the Spec.AWS field.
SetAWSAssumeRole(roleARN string)
// IsGCPHosted returns true if the database is hosted by GCP.
IsGCPHosted() bool
// GetGCP returns GCP information for Cloud SQL databases.
GetGCP() GCPCloudSQL
// GetGCPProjectID returns Project ID for GCP databases.
GetGCPProjectID() (string, error)
// GetAzure returns Azure database server metadata.
GetAzure() Azure
// SetStatusAzure sets the database Azure metadata in the status field.
SetStatusAzure(Azure)
// GetAD returns Active Directory database configuration.
GetAD() AD
// GetType returns the database authentication type: self-hosted, RDS, Redshift or Cloud SQL.
GetType() string
// GetSecretStore returns secret store configurations.
GetSecretStore() SecretStore
// GetManagedUsers returns a list of database users that are managed by Teleport.
GetManagedUsers() []string
// SetManagedUsers sets a list of database users that are managed by Teleport.
SetManagedUsers(users []string)
// GetMongoAtlas returns Mongo Atlas database metadata.
GetMongoAtlas() MongoAtlas
// IsRDS returns true if this is an RDS/Aurora database.
IsRDS() bool
// IsRDSProxy returns true if this is an RDS Proxy database.
IsRDSProxy() bool
// IsRedshift returns true if this is a Redshift database.
IsRedshift() bool
// IsCloudSQL returns true if this is a Cloud SQL database.
IsCloudSQL() bool
// IsAzure returns true if this is an Azure database.
IsAzure() bool
// IsElastiCache returns true if this is an AWS ElastiCache database.
IsElastiCache() bool
// IsElastiCacheServerless returns true if this is an AWS ElastiCache Serverless database.
IsElastiCacheServerless() bool
// IsMemoryDB returns true if this is an AWS MemoryDB database.
IsMemoryDB() bool
// IsAWSHosted returns true if database is hosted by AWS.
IsAWSHosted() bool
// IsCloudHosted returns true if database is hosted in the cloud (AWS, Azure or Cloud SQL).
IsCloudHosted() bool
// RequireAWSIAMRolesAsUsers returns true for database types that require
// AWS IAM roles as database users.
RequireAWSIAMRolesAsUsers() bool
// SupportAWSIAMRoleARNAsUsers returns true for database types that support
// AWS IAM roles as database users.
SupportAWSIAMRoleARNAsUsers() bool
// Copy returns a copy of this database resource.
Copy() *DatabaseV3
// GetAdminUser returns database privileged user information.
GetAdminUser() DatabaseAdminUser
// SupportsAutoUsers returns true if this database supports automatic
// user provisioning.
SupportsAutoUsers() bool
// GetEndpointType returns the endpoint type of the database, if available.
GetEndpointType() string
// GetCloud gets the cloud this database is running on, or an empty string if it
// isn't running on a cloud provider.
GetCloud() string
// IsUsernameCaseInsensitive returns true if the database username is case
// insensitive.
IsUsernameCaseInsensitive() bool
// IsAutoUsersEnabled returns true if the database has auto user
// provisioning enabled.
IsAutoUsersEnabled() bool
// IsEqual determines if two database resources are equivalent to one another.
IsEqual(Database) bool
}
// NewDatabaseV3 creates a new database resource.
func NewDatabaseV3(meta Metadata, spec DatabaseSpecV3) (*DatabaseV3, error) {
database := &DatabaseV3{
Metadata: meta,
Spec: spec,
}
if err := database.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return database, nil
}
// GetVersion returns the database resource version.
func (d *DatabaseV3) GetVersion() string {
return d.Version
}
// GetKind returns the database resource kind.
func (d *DatabaseV3) GetKind() string {
return d.Kind
}
// GetSubKind returns the database resource subkind.
func (d *DatabaseV3) GetSubKind() string {
return d.SubKind
}
// SetSubKind sets the database resource subkind.
func (d *DatabaseV3) SetSubKind(sk string) {
d.SubKind = sk
}
// GetRevision returns the revision
func (d *DatabaseV3) GetRevision() string {
return d.Metadata.GetRevision()
}
// SetRevision sets the revision
func (d *DatabaseV3) SetRevision(rev string) {
d.Metadata.SetRevision(rev)
}
// GetMetadata returns the database resource metadata.
func (d *DatabaseV3) GetMetadata() Metadata {
return d.Metadata
}
// Origin returns the origin value of the resource.
func (d *DatabaseV3) Origin() string {
return d.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (d *DatabaseV3) SetOrigin(origin string) {
d.Metadata.SetOrigin(origin)
}
// GetNamespace returns the database resource namespace.
func (d *DatabaseV3) GetNamespace() string {
return d.Metadata.Namespace
}
// SetExpiry sets the database resource expiration time.
func (d *DatabaseV3) SetExpiry(expiry time.Time) {
d.Metadata.SetExpiry(expiry)
}
// Expiry returns the database resource expiration time.
func (d *DatabaseV3) Expiry() time.Time {
return d.Metadata.Expiry()
}
// GetName returns the database resource name.
func (d *DatabaseV3) GetName() string {
return d.Metadata.Name
}
// SetName sets the database resource name.
func (d *DatabaseV3) SetName(name string) {
d.Metadata.Name = name
}
// GetStaticLabels returns the database static labels.
func (d *DatabaseV3) GetStaticLabels() map[string]string {
return d.Metadata.Labels
}
// SetStaticLabels sets the database static labels.
func (d *DatabaseV3) SetStaticLabels(sl map[string]string) {
d.Metadata.Labels = sl
}
// GetDynamicLabels returns the database dynamic labels.
func (d *DatabaseV3) GetDynamicLabels() map[string]CommandLabel {
if d.Spec.DynamicLabels == nil {
return nil
}
return V2ToLabels(d.Spec.DynamicLabels)
}
// SetDynamicLabels sets the database dynamic labels
func (d *DatabaseV3) SetDynamicLabels(dl map[string]CommandLabel) {
d.Spec.DynamicLabels = LabelsToV2(dl)
}
// GetLabel retrieves the label with the provided key. If not found
// value will be empty and ok will be false.
func (d *DatabaseV3) GetLabel(key string) (value string, ok bool) {
if cmd, ok := d.Spec.DynamicLabels[key]; ok {
return cmd.Result, ok
}
v, ok := d.Metadata.Labels[key]
return v, ok
}
// GetAllLabels returns the database combined static and dynamic labels.
func (d *DatabaseV3) GetAllLabels() map[string]string {
return CombineLabels(d.Metadata.Labels, d.Spec.DynamicLabels)
}
// GetDescription returns the database description.
func (d *DatabaseV3) GetDescription() string {
return d.Metadata.Description
}
// GetProtocol returns the database protocol.
func (d *DatabaseV3) GetProtocol() string {
return d.Spec.Protocol
}
// GetURI returns the database connection address.
func (d *DatabaseV3) GetURI() string {
return d.Spec.URI
}
// SetURI sets the database connection address.
func (d *DatabaseV3) SetURI(uri string) {
d.Spec.URI = uri
}
// GetAdminUser returns database privileged user information.
func (d *DatabaseV3) GetAdminUser() (ret DatabaseAdminUser) {
// First check the spec.
if d.Spec.AdminUser != nil {
ret = *d.Spec.AdminUser
}
// If it's not in the spec, check labels.
// TODO Azure will require different labels.
if ret.Name == "" {
ret.Name = d.Metadata.Labels[DatabaseAdminLabel]
}
if ret.DefaultDatabase == "" {
ret.DefaultDatabase = d.Metadata.Labels[DatabaseAdminDefaultDatabaseLabel]
}
return
}
// GetOracle returns the Oracle options from spec.
func (d *DatabaseV3) GetOracle() OracleOptions {
return d.Spec.Oracle
}
// SupportsAutoUsers returns true if this database supports automatic user
// provisioning.
func (d *DatabaseV3) SupportsAutoUsers() bool {
switch d.GetProtocol() {
case DatabaseProtocolPostgreSQL:
switch d.GetType() {
case DatabaseTypeSelfHosted, DatabaseTypeRDS, DatabaseTypeRedshift:
return true
}
case DatabaseProtocolMySQL:
switch d.GetType() {
case DatabaseTypeSelfHosted, DatabaseTypeRDS:
return true
}
case DatabaseProtocolMongoDB:
switch d.GetType() {
case DatabaseTypeSelfHosted:
return true
}
}
return false
}
// GetCA returns the database CA certificate. If more than one CA is set, then
// the user provided CA is returned first (Spec field).
// Auto-downloaded CA certificate is returned otherwise.
func (d *DatabaseV3) GetCA() string {
if d.Spec.TLS.CACert != "" {
return d.Spec.TLS.CACert
}
if d.Spec.CACert != "" {
return d.Spec.CACert
}
return d.Status.CACert
}
// SetCA sets the database CA certificate in the Spec.TLS.CACert field.
func (d *DatabaseV3) SetCA(caCert string) {
d.Spec.TLS.CACert = caCert
}
// GetTLS returns Database TLS configuration.
func (d *DatabaseV3) GetTLS() DatabaseTLS {
return d.Spec.TLS
}
// SetStatusCA sets the database CA certificate in the status field.
func (d *DatabaseV3) SetStatusCA(ca string) {
d.Status.CACert = ca
}
// GetStatusCA gets the database CA certificate in the status field.
func (d *DatabaseV3) GetStatusCA() string {
return d.Status.CACert
}
// GetMySQL returns the MySQL options from spec.
func (d *DatabaseV3) GetMySQL() MySQLOptions {
return d.Spec.MySQL
}
// GetMySQLServerVersion returns the MySQL server version reported by the database or the value from configuration
// if the first one is not available.
func (d *DatabaseV3) GetMySQLServerVersion() string {
if d.Status.MySQL.ServerVersion != "" {
return d.Status.MySQL.ServerVersion
}
return d.Spec.MySQL.ServerVersion
}
// SetMySQLServerVersion sets the runtime MySQL server version.
func (d *DatabaseV3) SetMySQLServerVersion(version string) {
d.Status.MySQL.ServerVersion = version
}
// IsEmpty returns true if AWS metadata is empty.
func (a AWS) IsEmpty() bool {
return deriveTeleportEqualAWS(&a, &AWS{})
}
// Partition returns the AWS partition based on the region.
func (a AWS) Partition() string {
return awsutils.GetPartitionFromRegion(a.Region)
}
// GetAWS returns the database AWS metadata.
func (d *DatabaseV3) GetAWS() AWS {
if !d.Status.AWS.IsEmpty() {
return d.Status.AWS
}
return d.Spec.AWS
}
// SetStatusAWS sets the database AWS metadata in the status field.
func (d *DatabaseV3) SetStatusAWS(aws AWS) {
d.Status.AWS = aws
}
// SetAWSExternalID sets the database AWS external ID in the Spec.AWS field.
func (d *DatabaseV3) SetAWSExternalID(id string) {
d.Spec.AWS.ExternalID = id
}
// SetAWSAssumeRole sets the database AWS assume role arn in the Spec.AWS field.
func (d *DatabaseV3) SetAWSAssumeRole(roleARN string) {
d.Spec.AWS.AssumeRoleARN = roleARN
}
// IsEmpty returns true if GCP metadata is empty.
func (g GCPCloudSQL) IsEmpty() bool {
return deriveTeleportEqualGCPCloudSQL(&g, &GCPCloudSQL{})
}
// IsEmpty returns true if AlloyDB options are empty.
func (a AlloyDB) IsEmpty() bool {
return deriveTeleportEqualAlloyDB(&a, &AlloyDB{})
}
// GetGCP returns GCP information for Cloud SQL databases.
func (d *DatabaseV3) GetGCP() GCPCloudSQL {
return d.Spec.GCP
}
// IsEmpty returns true if Azure metadata is empty.
func (a Azure) IsEmpty() bool {
return deriveTeleportEqualAzure(&a, &Azure{})
}
// GetAzure returns Azure database server metadata.
func (d *DatabaseV3) GetAzure() Azure {
if !d.Status.Azure.IsEmpty() {
return d.Status.Azure
}
return d.Spec.Azure
}
// SetStatusAzure sets the database Azure metadata in the status field.
func (d *DatabaseV3) SetStatusAzure(azure Azure) {
d.Status.Azure = azure
}
// GetAD returns Active Directory database configuration.
func (d *DatabaseV3) GetAD() AD {
return d.Spec.AD
}
// IsRDS returns true if this is an AWS RDS/Aurora instance.
func (d *DatabaseV3) IsRDS() bool {
return d.GetType() == DatabaseTypeRDS
}
// IsRDSProxy returns true if this is an AWS RDS Proxy database.
func (d *DatabaseV3) IsRDSProxy() bool {
return d.GetType() == DatabaseTypeRDSProxy
}
// IsRedshift returns true if this is a Redshift database instance.
func (d *DatabaseV3) IsRedshift() bool {
return d.GetType() == DatabaseTypeRedshift
}
// IsCloudSQL returns true if this database is a Cloud SQL instance.
func (d *DatabaseV3) IsCloudSQL() bool {
return d.GetType() == DatabaseTypeCloudSQL
}
// IsAlloyDB returns true if this database is a GCP-hosted AlloyDB instance.
func (d *DatabaseV3) IsAlloyDB() bool {
return d.GetType() == DatabaseTypeAlloyDB
}
// IsAzure returns true if this is Azure hosted database.
func (d *DatabaseV3) IsAzure() bool {
return d.GetType() == DatabaseTypeAzure
}
// IsElastiCache returns true if this is an AWS ElastiCache database.
func (d *DatabaseV3) IsElastiCache() bool {
return d.GetType() == DatabaseTypeElastiCache
}
// IsElastiCacheServerless returns true if this is an AWS ElastiCache database.
func (d *DatabaseV3) IsElastiCacheServerless() bool {
return d.GetType() == DatabaseTypeElastiCacheServerless
}
// IsMemoryDB returns true if this is an AWS MemoryDB database.
func (d *DatabaseV3) IsMemoryDB() bool {
return d.GetType() == DatabaseTypeMemoryDB
}
// IsAWSKeyspaces returns true if this is an AWS hosted Cassandra database.
func (d *DatabaseV3) IsAWSKeyspaces() bool {
return d.GetType() == DatabaseTypeAWSKeyspaces
}
// IsDynamoDB returns true if this is an AWS hosted DynamoDB database.
func (d *DatabaseV3) IsDynamoDB() bool {
return d.GetType() == DatabaseTypeDynamoDB
}
// IsOpenSearch returns true if this is an AWS hosted OpenSearch instance.
func (d *DatabaseV3) IsOpenSearch() bool {
return d.GetType() == DatabaseTypeOpenSearch
}
// IsSpanner returns true if this is a GCloud Spanner database.
func (d *DatabaseV3) IsSpanner() bool {
return d.GetType() == DatabaseTypeSpanner
}
// IsAWSHosted returns true if database is hosted by AWS.
func (d *DatabaseV3) IsAWSHosted() bool {
_, ok := d.getAWSType()
return ok
}
// IsCloudHosted returns true if database is hosted in the cloud (AWS, Azure or
// Cloud SQL).
func (d *DatabaseV3) IsCloudHosted() bool {
return d.IsAWSHosted() || d.IsGCPHosted() || d.IsAzure()
}
// GetCloud gets the cloud this database is running on, or an empty string if it
// isn't running on a cloud provider.
func (d *DatabaseV3) GetCloud() string {
switch {
case d.IsAWSHosted():
return CloudAWS
case d.IsGCPHosted():
return CloudGCP
case d.IsAzure():
return CloudAzure
default:
return ""
}
}
// IsGCPHosted returns true if the database is hosted by GCP.
func (d *DatabaseV3) IsGCPHosted() bool {
_, ok := d.getGCPType()
return ok
}
// GetGCPProjectID returns Project ID for GCP databases.
func (d *DatabaseV3) GetGCPProjectID() (string, error) {
dbType, isGCP := d.getGCPType()
if !isGCP {
return "", trace.NotFound("%v is not a GCP database; db type: %v", d.GetName(), dbType)
}
switch dbType {
case DatabaseTypeAlloyDB:
info, err := gcputils.ParseAlloyDBConnectionURI(d.GetURI())
if err != nil {
return "", trace.Wrap(err)
}
return info.ProjectID, nil
default:
return d.GetGCP().ProjectID, nil
}
}
// getAWSType returns the gcp hosted database type.
func (d *DatabaseV3) getGCPType() (string, bool) {
if d.Spec.Protocol == DatabaseTypeSpanner {
return DatabaseTypeSpanner, true
}
if gcputils.IsAlloyDBConnectionURI(d.Spec.URI) {
return DatabaseTypeAlloyDB, true
}
gcp := d.GetGCP()
if gcp.IsEmpty() {
return "", false
}
// This check catches the case when URI is not prefixed with `alloydb://`, and yet spec.gcp.alloydb is not empty.
// Most likely this is due to a typo in URI or misconfiguration (copy-pasting the URI without adding the prefix).
//
// Making it clear this is AlloyDB instance will prevent CloudSQL-specific logic to fire,
// but also make it eligible for AlloyDB-specific validation to run, which will catch the URI problem.
if !gcp.AlloyDB.IsEmpty() {
return DatabaseTypeAlloyDB, true
}
return DatabaseTypeCloudSQL, true
}
// getAWSType returns the database type.
func (d *DatabaseV3) getAWSType() (string, bool) {
aws := d.GetAWS()
switch d.Spec.Protocol {
case DatabaseTypeCassandra:
if !aws.IsEmpty() {
return DatabaseTypeAWSKeyspaces, true
}
case DatabaseTypeDynamoDB:
return DatabaseTypeDynamoDB, true
case DatabaseTypeOpenSearch:
return DatabaseTypeOpenSearch, true
case DatabaseProtocolOracle:
if !aws.IsEmpty() {
return DatabaseTypeRDSOracle, true
}
}
if aws.Redshift.ClusterID != "" {
return DatabaseTypeRedshift, true
}
if aws.RedshiftServerless.WorkgroupName != "" || aws.RedshiftServerless.EndpointName != "" {
return DatabaseTypeRedshiftServerless, true
}
if aws.ElastiCache.ReplicationGroupID != "" {
return DatabaseTypeElastiCache, true
}
if aws.ElastiCacheServerless.CacheName != "" {
return DatabaseTypeElastiCacheServerless, true
}
if aws.MemoryDB.ClusterName != "" {
return DatabaseTypeMemoryDB, true
}
if aws.RDSProxy.Name != "" || aws.RDSProxy.CustomEndpointName != "" {
return DatabaseTypeRDSProxy, true
}
if aws.DocumentDB.ClusterID != "" || aws.DocumentDB.InstanceID != "" {
return DatabaseTypeDocumentDB, true
}
if aws.Region != "" || aws.RDS.InstanceID != "" || aws.RDS.ResourceID != "" || aws.RDS.ClusterID != "" {
return DatabaseTypeRDS, true
}
return "", false
}
// GetType returns the database type.
func (d *DatabaseV3) GetType() string {
if d.GetMongoAtlas().Name != "" {
return DatabaseTypeMongoAtlas
}
if awsType, ok := d.getAWSType(); ok {
return awsType
}
if gcpType, ok := d.getGCPType(); ok {
return gcpType
}
if d.GetAzure().Name != "" {
return DatabaseTypeAzure
}
return DatabaseTypeSelfHosted
}
// String returns the database string representation.
func (d *DatabaseV3) String() string {
return fmt.Sprintf("Database(Name=%v, Type=%v, Labels=%v)",
d.GetName(), d.GetType(), d.GetAllLabels())
}
// Copy returns a copy of this database resource.
func (d *DatabaseV3) Copy() *DatabaseV3 {
return utils.CloneProtoMsg(d)
}
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (d *DatabaseV3) MatchSearch(values []string) bool {
fieldVals := append(utils.MapToStrings(d.GetAllLabels()), d.GetName(), d.GetDescription(), d.GetProtocol(), d.GetType())
var custom func(string) bool
switch d.GetType() {
case DatabaseTypeCloudSQL:
custom = func(val string) bool {
return strings.EqualFold(val, "cloud") || strings.EqualFold(val, "cloud sql")
}
}
return MatchSearch(fieldVals, values, custom)
}
// setStaticFields sets static resource header and metadata fields.
func (d *DatabaseV3) setStaticFields() {
d.Kind = KindDatabase
d.Version = V3
}
// validDatabaseNameRegexp filters the allowed characters in database names.
// This is the (almost) the same regexp used to check for valid DNS 1035 labels,
// except we allow uppercase chars.
var validDatabaseNameRegexp = regexp.MustCompile(`^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$`)
// ValidateDatabaseName returns an error if a given string is not a valid
// Database name.
// Unlike application access proxy, database name doesn't necessarily
// need to be a valid subdomain but use the same validation logic for the
// simplicity and consistency, except two differences: don't restrict names to
// 63 chars in length and allow upper case chars.
func ValidateDatabaseName(name string) error {
return ValidateResourceName(validDatabaseNameRegexp, name)
}
// CheckAndSetDefaults checks and sets default values for any missing fields.
func (d *DatabaseV3) CheckAndSetDefaults() error {
d.setStaticFields()
if err := d.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if err := ValidateDatabaseName(d.GetName()); err != nil {
return trace.Wrap(err, "invalid database name")
}
for key := range d.Spec.DynamicLabels {
if !IsValidLabelKey(key) {
return trace.BadParameter("database %q invalid label key: %q", d.GetName(), key)
}
}
if d.Spec.Protocol == "" {
return trace.BadParameter("database %q protocol is empty", d.GetName())
}
if d.Spec.URI == "" {
switch d.GetType() {
case DatabaseTypeAWSKeyspaces:
if d.Spec.AWS.Region != "" {
// In case of AWS Hosted Cassandra allow to omit URI.
// The URL will be constructed from the database resource based on the region and account ID.
d.Spec.URI = awsutils.CassandraEndpointURLForRegion(d.Spec.AWS.Region)
} else {
return trace.BadParameter("AWS Keyspaces database %q URI is empty and cannot be derived without a configured AWS region",
d.GetName())
}
case DatabaseTypeDynamoDB:
if d.Spec.AWS.Region != "" {
d.Spec.URI = awsutils.DynamoDBURIForRegion(d.Spec.AWS.Region)
} else {
return trace.BadParameter("DynamoDB database %q URI is empty and cannot be derived without a configured AWS region",
d.GetName())
}
case DatabaseTypeSpanner:
// All Spanner requests go to the same spanner google API endpoint.
d.Spec.URI = gcputils.SpannerEndpoint
default:
return trace.BadParameter("database %q URI is empty", d.GetName())
}
}
if d.Spec.MySQL.ServerVersion != "" && d.Spec.Protocol != "mysql" {
return trace.BadParameter("database %q MySQL ServerVersion can be only set for MySQL database",
d.GetName())
}
// In case of RDS, Aurora or Redshift, AWS information such as region or
// cluster ID can be extracted from the endpoint if not provided.
switch {
case gcputils.IsSpannerEndpoint(d.Spec.URI) || d.IsSpanner():
if d.Spec.GCP.ProjectID == "" {
return trace.BadParameter("GCP Spanner database %q missing GCP project ID",
d.GetName())
}
if d.Spec.GCP.InstanceID == "" {
return trace.BadParameter("GCP Spanner database %q missing GCP instance ID",
d.GetName())
}
case d.IsAlloyDB():
if err := d.handleAlloyDBConfig(); err != nil {
return trace.Wrap(err)
}
case d.IsDynamoDB():
if err := d.handleDynamoDBConfig(); err != nil {
return trace.Wrap(err)
}
case d.IsOpenSearch():
if err := d.handleOpenSearchConfig(); err != nil {
return trace.Wrap(err)
}
case awsutils.IsRDSEndpoint(d.Spec.URI):
details, err := awsutils.ParseRDSEndpoint(d.Spec.URI)
if err != nil {
slog.WarnContext(context.Background(), "Failed to parse RDS endpoint.", "uri", d.Spec.URI, "error", err)
break
}
if d.Spec.AWS.RDS.InstanceID == "" {
d.Spec.AWS.RDS.InstanceID = details.InstanceID
}
if d.Spec.AWS.RDS.ClusterID == "" {
d.Spec.AWS.RDS.ClusterID = details.ClusterID
}
if d.Spec.AWS.RDSProxy.Name == "" {
d.Spec.AWS.RDSProxy.Name = details.ProxyName
}
if d.Spec.AWS.RDSProxy.CustomEndpointName == "" {
d.Spec.AWS.RDSProxy.CustomEndpointName = details.ProxyCustomEndpointName
}
if d.Spec.AWS.Region == "" {
d.Spec.AWS.Region = details.Region
}
if details.ClusterCustomEndpointName != "" && d.Spec.AWS.RDS.ClusterID == "" {
return trace.BadParameter("database %q missing RDS ClusterID for RDS Aurora custom endpoint %v",
d.GetName(), d.Spec.URI)
}
case awsutils.IsRedshiftEndpoint(d.Spec.URI):
clusterID, region, err := awsutils.ParseRedshiftEndpoint(d.Spec.URI)
if err != nil {
return trace.Wrap(err)
}
if d.Spec.AWS.Redshift.ClusterID == "" {
d.Spec.AWS.Redshift.ClusterID = clusterID
}
if d.Spec.AWS.Region == "" {
d.Spec.AWS.Region = region
}
case awsutils.IsRedshiftServerlessEndpoint(d.Spec.URI):
details, err := awsutils.ParseRedshiftServerlessEndpoint(d.Spec.URI)
if err != nil {
slog.WarnContext(context.Background(), "Failed to parse Redshift Serverless endpoint.", "uri", d.Spec.URI, "error", err)
break
}
if d.Spec.AWS.RedshiftServerless.WorkgroupName == "" {
d.Spec.AWS.RedshiftServerless.WorkgroupName = details.WorkgroupName
}
if d.Spec.AWS.RedshiftServerless.EndpointName == "" {
d.Spec.AWS.RedshiftServerless.EndpointName = details.EndpointName
}
if d.Spec.AWS.AccountID == "" {
d.Spec.AWS.AccountID = details.AccountID
}
if d.Spec.AWS.Region == "" {
d.Spec.AWS.Region = details.Region
}
case awsutils.IsElastiCacheEndpoint(d.Spec.URI):
endpointInfo, err := awsutils.ParseElastiCacheEndpoint(d.Spec.URI)
if err != nil {
slog.WarnContext(context.Background(), "Failed to parse ElastiCache endpoint", "uri", d.Spec.URI, "error", err)
break
}
if d.Spec.AWS.ElastiCache.ReplicationGroupID == "" {
d.Spec.AWS.ElastiCache.ReplicationGroupID = endpointInfo.ID
}
if d.Spec.AWS.Region == "" {
d.Spec.AWS.Region = endpointInfo.Region
}
d.Spec.AWS.ElastiCache.TransitEncryptionEnabled = endpointInfo.TransitEncryptionEnabled
d.Spec.AWS.ElastiCache.EndpointType = endpointInfo.EndpointType
case awsutils.IsElastiCacheServerlessEndpoint(d.Spec.URI):
info, err := awsutils.ParseElastiCacheServerlessEndpoint(d.Spec.URI)
if err != nil {
slog.WarnContext(context.Background(), "Failed to parse ElastiCache Serverless endpoint",
"uri", d.Spec.URI,
"error", err,
)
break
}
if d.Spec.AWS.ElastiCacheServerless.CacheName == "" {
d.Spec.AWS.ElastiCacheServerless.CacheName = info.ID
}
if d.Spec.AWS.Region == "" {
d.Spec.AWS.Region = info.Region
}
case awsutils.IsMemoryDBEndpoint(d.Spec.URI):
endpointInfo, err := awsutils.ParseMemoryDBEndpoint(d.Spec.URI)
if err != nil {
slog.WarnContext(context.Background(), "Failed to parse MemoryDB endpoint", "uri", d.Spec.URI, "error", err)
break
}
if d.Spec.AWS.MemoryDB.ClusterName == "" {
d.Spec.AWS.MemoryDB.ClusterName = endpointInfo.ID
}
if d.Spec.AWS.Region == "" {
d.Spec.AWS.Region = endpointInfo.Region
}
d.Spec.AWS.MemoryDB.TLSEnabled = endpointInfo.TransitEncryptionEnabled
d.Spec.AWS.MemoryDB.EndpointType = endpointInfo.EndpointType
case awsutils.IsDocumentDBEndpoint(d.Spec.URI):
endpointInfo, err := awsutils.ParseDocumentDBEndpoint(d.Spec.URI)
if err != nil {
slog.WarnContext(context.Background(), "Failed to parse DocumentDB endpoint.", "uri", d.Spec.URI, "error", err)
break
}
if d.Spec.AWS.DocumentDB.ClusterID == "" {
d.Spec.AWS.DocumentDB.ClusterID = endpointInfo.ClusterID
}
if d.Spec.AWS.DocumentDB.InstanceID == "" {
d.Spec.AWS.DocumentDB.InstanceID = endpointInfo.InstanceID
}
if d.Spec.AWS.Region == "" {
d.Spec.AWS.Region = endpointInfo.Region
}
d.Spec.AWS.DocumentDB.EndpointType = endpointInfo.EndpointType
case azureutils.IsDatabaseEndpoint(d.Spec.URI):
// For Azure MySQL and PostgreSQL.
name, err := azureutils.ParseDatabaseEndpoint(d.Spec.URI)
if err != nil {
return trace.Wrap(err)
}
if d.Spec.Azure.Name == "" {
d.Spec.Azure.Name = name
}
case awsutils.IsKeyspacesEndpoint(d.Spec.URI):
if d.Spec.AWS.AccountID == "" {
return trace.BadParameter("database %q AWS account ID is empty",
d.GetName())
}
if d.Spec.AWS.Region == "" {
switch {
case d.IsAWSKeyspaces():
region, err := awsutils.CassandraEndpointRegion(d.Spec.URI)
if err != nil {
return trace.Wrap(err)
}
d.Spec.AWS.Region = region
default:
return trace.BadParameter("database %q AWS region is empty",
d.GetName())
}
}
case azureutils.IsCacheForRedisEndpoint(d.Spec.URI):
// ResourceID is required for fetching Redis tokens.
if d.Spec.Azure.ResourceID == "" {
return trace.BadParameter("database %q Azure resource ID is empty",
d.GetName())
}
name, err := azureutils.ParseCacheForRedisEndpoint(d.Spec.URI)
if err != nil {
return trace.Wrap(err)
}
if d.Spec.Azure.Name == "" {
d.Spec.Azure.Name = name
}
case azureutils.IsMSSQLServerEndpoint(d.Spec.URI):
if d.Spec.Azure.Name == "" {
name, err := azureutils.ParseMSSQLEndpoint(d.Spec.URI)
if err != nil {
return trace.Wrap(err)
}
d.Spec.Azure.Name = name
}
case atlasutils.IsAtlasEndpoint(d.Spec.URI):
name, err := atlasutils.ParseAtlasEndpoint(d.Spec.URI)
if err != nil {
return trace.Wrap(err)
}
d.Spec.MongoAtlas.Name = name
}
// Validate AWS Specific configuration
if d.Spec.AWS.AccountID != "" {
if err := awsutils.IsValidAccountID(d.Spec.AWS.AccountID); err != nil {
return trace.BadParameter("database %q has invalid AWS account ID: %v",
d.GetName(), err)
}
}
if d.Spec.AWS.ExternalID != "" && d.Spec.AWS.AssumeRoleARN == "" && !d.RequireAWSIAMRolesAsUsers() {
// Databases that use database username to assume an IAM role do not
// need assume_role_arn in configuration when external_id is set.
return trace.BadParameter("AWS database %q has external_id %q, but assume_role_arn is empty",
d.GetName(), d.Spec.AWS.ExternalID)
}
// Validate Cloud SQL specific configuration.
switch {
case d.Spec.GCP.ProjectID != "" && d.Spec.GCP.InstanceID == "":
return trace.BadParameter("database %q missing Cloud SQL instance ID",
d.GetName())
case d.Spec.GCP.ProjectID == "" && d.Spec.GCP.InstanceID != "":
return trace.BadParameter("database %q missing Cloud SQL project ID",
d.GetName())
}
// Admin user should only be specified for databases that support automatic
// user provisioning.
if d.GetAdminUser().Name != "" && !d.SupportsAutoUsers() {
return trace.BadParameter("cannot set admin user on database %q: %v/%v databases don't support automatic user provisioning yet",
d.GetName(), d.GetProtocol(), d.GetType())
}
switch protocol := d.GetProtocol(); protocol {
case DatabaseProtocolClickHouseHTTP, DatabaseProtocolClickHouse:
const (
clickhouseNativeSchema = "clickhouse"
clickhouseHTTPSchema = "https"
)
parts := strings.Split(d.GetURI(), ":")
if len(parts) == 3 {
break
} else if len(parts) != 2 {
return trace.BadParameter("invalid ClickHouse URL %s", d.GetURI())
}
if !strings.HasPrefix(d.Spec.URI, clickhouseHTTPSchema) && protocol == DatabaseProtocolClickHouseHTTP {
d.Spec.URI = fmt.Sprintf("%s://%s", clickhouseHTTPSchema, d.Spec.URI)
}
if protocol == DatabaseProtocolClickHouse {
d.Spec.URI = fmt.Sprintf("%s://%s", clickhouseNativeSchema, d.Spec.URI)
}
}
const defaultKRB5FilePath = "/etc/krb5.conf"
// The presence of AD Domain indicates the AD configuration will be used.
// In those cases, set the default KRB5 file location if not present.
if d.Spec.AD.Domain != "" && d.Spec.AD.Krb5File == "" {
d.Spec.AD.Krb5File = defaultKRB5FilePath
}
return nil
}
// IsEqual determines if two database resources are equivalent to one another.
func (d *DatabaseV3) IsEqual(i Database) bool {
if other, ok := i.(*DatabaseV3); ok {
return deriveTeleportEqualDatabaseV3(d, other)
}
return false
}
// handleAlloyDBConfig validates AlloyDB configuration.
func (d *DatabaseV3) handleAlloyDBConfig() error {
// default to private endpoint type, but only if override isn't set.
if d.Spec.GCP.AlloyDB.EndpointType == "" && d.Spec.GCP.AlloyDB.EndpointOverride == "" {
d.Spec.GCP.AlloyDB.EndpointType = string(gcputils.AlloyDBEndpointTypePrivate)
}
err := gcputils.ValidateAlloyDBEndpointType(d.Spec.GCP.AlloyDB.EndpointType)
if err != nil {
return trace.Wrap(err)
}
info, err := gcputils.ParseAlloyDBConnectionURI(d.Spec.URI)
if err != nil {
return trace.Wrap(err, "failed to parse AlloyDB connection URI")
}
// ensure the GCP fields are empty: we want to avoid redundant information in the database spec.
if d.Spec.GCP.InstanceID != "" {
return trace.BadParameter("database %q the gcp.instance_id field should be empty but is %q instead; the GCP instance ID configured through URI %q will be automatically used instead",
d.GetName(), d.Spec.GCP.InstanceID, info.InstanceID)
}
if d.Spec.GCP.ProjectID != "" {
return trace.BadParameter("database %q the gcp.project_id field should be empty but is %q instead; the GCP project ID configured through URI %q will be automatically used instead",
d.GetName(), d.Spec.GCP.ProjectID, info.ProjectID)
}
return nil
}
// handleDynamoDBConfig handles DynamoDB configuration checking.
func (d *DatabaseV3) handleDynamoDBConfig() error {
if d.Spec.AWS.AccountID == "" {
return trace.BadParameter("database %q AWS account ID is empty", d.GetName())
}
info, err := awsutils.ParseDynamoDBEndpoint(d.Spec.URI)
switch {
case err != nil:
// when region parsing returns an error but the region is set, it's ok because we can just construct the URI using the region,
// so we check if the region is configured to see if this is really a configuration error.
if d.Spec.AWS.Region == "" {
// the AWS region is empty and we can't derive it from the URI, so this is a config error.
return trace.BadParameter("database %q AWS region is empty and cannot be derived from the URI %q",
d.GetName(), d.Spec.URI)
}
if awsutils.IsAWSEndpoint(d.Spec.URI) {
// The user configured an AWS URI that doesn't look like a DynamoDB endpoint.
// The URI must look like <service>.<region>.<partition> or <region>.<partition>
return trace.Wrap(err)
}
case d.Spec.AWS.Region == "":
// if the AWS region is empty we can just use the region extracted from the URI.
d.Spec.AWS.Region = info.Region
case d.Spec.AWS.Region != info.Region:
// if the AWS region is not empty but doesn't match the URI, this may indicate a user configuration mistake.
return trace.BadParameter("database %q AWS region %q does not match the configured URI region %q,"+
" omit the URI and it will be derived automatically for the configured AWS region",
d.GetName(), d.Spec.AWS.Region, info.Region)
}
if d.Spec.URI == "" {
d.Spec.URI = awsutils.DynamoDBURIForRegion(d.Spec.AWS.Region)
}
return nil
}
// handleOpenSearchConfig handles OpenSearch configuration checks.
func (d *DatabaseV3) handleOpenSearchConfig() error {
if d.Spec.AWS.AccountID == "" {
return trace.BadParameter("database %q AWS account ID is empty", d.GetName())
}
info, err := awsutils.ParseOpensearchEndpoint(d.Spec.URI)
switch {
case err != nil:
// parsing the endpoint can return an error, especially if the custom endpoint feature is in use.
// this is fine as long as we have the region explicitly configured.
if d.Spec.AWS.Region == "" {
// the AWS region is empty, and we can't derive it from the URI, so this is a config error.
return trace.BadParameter("database %q AWS region is missing and cannot be derived from the URI %q",
d.GetName(), d.Spec.URI)
}
if awsutils.IsAWSEndpoint(d.Spec.URI) {
// The user configured an AWS URI that doesn't look like a OpenSearch endpoint.
// The URI must look like: <region>.<service>.<partition>.
return trace.Wrap(err)
}
case d.Spec.AWS.Region == "":
// if the AWS region is empty we can just use the region extracted from the URI.
d.Spec.AWS.Region = info.Region
case d.Spec.AWS.Region != info.Region:
// if the AWS region is not empty but doesn't match the URI, this may indicate a user configuration mistake.
return trace.BadParameter("database %q AWS region %q does not match the configured URI region %q,"+
" omit the URI and it will be derived automatically for the configured AWS region",
d.GetName(), d.Spec.AWS.Region, info.Region)
}
return nil
}
// GetSecretStore returns secret store configurations.
func (d *DatabaseV3) GetSecretStore() SecretStore {
return d.Spec.AWS.SecretStore
}
// GetManagedUsers returns a list of database users that are managed by Teleport.
func (d *DatabaseV3) GetManagedUsers() []string {
return d.Status.ManagedUsers
}
// SetManagedUsers sets a list of database users that are managed by Teleport.
func (d *DatabaseV3) SetManagedUsers(users []string) {
d.Status.ManagedUsers = users
}
// GetMongoAtlas returns Mongo Atlas database metadata.
func (d *DatabaseV3) GetMongoAtlas() MongoAtlas {
return d.Spec.MongoAtlas
}
// RequireAWSIAMRolesAsUsers returns true for database types that require AWS
// IAM roles as database users.
// IMPORTANT: if you add a database that requires AWS IAM Roles as users,
// and that database supports discovery, be sure to update RequireAWSIAMRolesAsUsersMatchers
// in matchers_aws.go as well.
func (d *DatabaseV3) RequireAWSIAMRolesAsUsers() bool {
awsType, ok := d.getAWSType()
if !ok {
return false
}
switch awsType {
case DatabaseTypeAWSKeyspaces,
DatabaseTypeDynamoDB,
DatabaseTypeOpenSearch,
DatabaseTypeRedshiftServerless,
DatabaseTypeDocumentDB:
return true
default:
return false
}
}
// SupportAWSIAMRoleARNAsUsers returns true for database types that support AWS
// IAM roles as database users.
func (d *DatabaseV3) SupportAWSIAMRoleARNAsUsers() bool {
switch d.GetType() {
// Note that databases in this list use IAM auth when:
// - the database user is a full AWS role ARN role
// - or the database user starts with "role/"
//
// Other database users will fallback to default auth methods (e.g X.509 for
// MongoAtlas, regular auth token for Redshift).
//
// Therefore it is important to make sure "/" is an invalid character for
// regular in-database usernames so that "role/" can be differentiated from
// regular usernames.
case DatabaseTypeMongoAtlas,
DatabaseTypeRedshift:
return true
default:
return false
}
}
// GetEndpointType returns the endpoint type of the database, if available.
func (d *DatabaseV3) GetEndpointType() string {
if endpointType, ok := d.GetStaticLabels()[DiscoveryLabelEndpointType]; ok {
return endpointType
}
switch d.GetType() {
case DatabaseTypeElastiCache:
return d.GetAWS().ElastiCache.EndpointType
case DatabaseTypeElastiCacheServerless:
// ElastiCache Serverless endpoints are always cluster mode.
return awsutils.ElastiCacheConfigurationEndpoint
case DatabaseTypeMemoryDB:
return d.GetAWS().MemoryDB.EndpointType
case DatabaseTypeOpenSearch:
return d.GetAWS().OpenSearch.EndpointType
case DatabaseTypeRDS:
// If not available from discovery tags, get the endpoint type from the
// URL.
if details, err := awsutils.ParseRDSEndpoint(d.GetURI()); err == nil {
return details.EndpointType
}
case DatabaseTypeDocumentDB:
return d.GetAWS().DocumentDB.EndpointType
}
return ""
}
// IsUsernameCaseInsensitive returns true if the database username is case
// insensitive.
func (d *DatabaseV3) IsUsernameCaseInsensitive() bool {
// CockroachDB usernames are case-insensitive:
// https://www.cockroachlabs.com/docs/stable/create-user#user-names
return d.GetProtocol() == DatabaseProtocolCockroachDB
}
// IsAutoUsersEnabled returns true if the database has auto user
// provisioning enabled.
func (d *DatabaseV3) IsAutoUsersEnabled() bool {
return d.SupportsAutoUsers() && d.GetAdminUser().Name != ""
}
const (
// DatabaseProtocolPostgreSQL is the PostgreSQL database protocol.
DatabaseProtocolPostgreSQL = "postgres"
// DatabaseProtocolClickHouseHTTP is the ClickHouse database HTTP protocol.
DatabaseProtocolClickHouseHTTP = "clickhouse-http"
// DatabaseProtocolClickHouse is the ClickHouse database native write protocol.
DatabaseProtocolClickHouse = "clickhouse"
// DatabaseProtocolMySQL is the MySQL database protocol.
DatabaseProtocolMySQL = "mysql"
// DatabaseProtocolMongoDB is the MongoDB database protocol.
DatabaseProtocolMongoDB = "mongodb"
// DatabaseProtocolCockroachDB is the CockroachDB database protocol.
DatabaseProtocolCockroachDB = "cockroachdb"
// DatabaseProtocolOracle is the Oracle database protocol.
DatabaseProtocolOracle = "oracle"
// DatabaseTypeSelfHosted is the self-hosted type of database.
DatabaseTypeSelfHosted = "self-hosted"
// DatabaseTypeRDS is AWS-hosted RDS or Aurora database.
DatabaseTypeRDS = "rds"
// DatabaseTypeRDSProxy is an AWS-hosted RDS Proxy.
DatabaseTypeRDSProxy = "rdsproxy"
// DatabaseTypeRedshift is AWS Redshift database.
DatabaseTypeRedshift = "redshift"
// DatabaseTypeRedshiftServerless is AWS Redshift Serverless database.
DatabaseTypeRedshiftServerless = "redshift-serverless"
// DatabaseTypeCloudSQL is GCP-hosted Cloud SQL database.
DatabaseTypeCloudSQL = "gcp"
// DatabaseTypeAlloyDB is GCP-hosted AlloyDB database.
DatabaseTypeAlloyDB = "alloydb"
// DatabaseTypeSpanner is a GCP Spanner instance.
DatabaseTypeSpanner = "spanner"
// DatabaseTypeAzure is Azure-hosted database.
DatabaseTypeAzure = "azure"
// DatabaseTypeElastiCache is AWS-hosted ElastiCache database.
DatabaseTypeElastiCache = "elasticache"
// DatabaseTypeElastiCacheServerless is AWS-hosted ElastiCache serverless database.
DatabaseTypeElastiCacheServerless = "elasticache-serverless"
// DatabaseTypeMemoryDB is AWS-hosted MemoryDB database.
DatabaseTypeMemoryDB = "memorydb"
// DatabaseTypeAWSKeyspaces is AWS-hosted Keyspaces database (Cassandra).
DatabaseTypeAWSKeyspaces = "keyspace"
// DatabaseTypeCassandra is AWS-hosted Keyspace database.
DatabaseTypeCassandra = "cassandra"
// DatabaseTypeDynamoDB is a DynamoDB database.
DatabaseTypeDynamoDB = "dynamodb"
// DatabaseTypeOpenSearch is AWS-hosted OpenSearch instance.
DatabaseTypeOpenSearch = "opensearch"
// DatabaseTypeMongoAtlas
DatabaseTypeMongoAtlas = "mongo-atlas"
// DatabaseTypeDocumentDB is the database type for AWS-hosted DocumentDB.
DatabaseTypeDocumentDB = "docdb"
// DatabaseTypeRDSOracle is AWS-hosted Oracle instance.
DatabaseTypeRDSOracle = "rds-oracle"
)
// GetServerName returns the GCP database project and instance as "<project-id>:<instance-id>".
func (gcp GCPCloudSQL) GetServerName() string {
return fmt.Sprintf("%s:%s", gcp.ProjectID, gcp.InstanceID)
}
// DeduplicateDatabases deduplicates databases by name.
func DeduplicateDatabases(databases []Database) (result []Database) {
seen := make(map[string]struct{})
for _, database := range databases {
if _, ok := seen[database.GetName()]; ok {
continue
}
seen[database.GetName()] = struct{}{}
result = append(result, database)
}
return result
}
// Databases is a list of database resources.
type Databases []Database
// ToMap returns these databases as a map keyed by database name.
func (d Databases) ToMap() map[string]Database {
m := make(map[string]Database)
for _, database := range d {
m[database.GetName()] = database
}
return m
}
// AsResources returns these databases as resources with labels.
func (d Databases) AsResources() (resources ResourcesWithLabels) {
for _, database := range d {
resources = append(resources, database)
}
return resources
}
// Len returns the slice length.
func (d Databases) Len() int { return len(d) }
// Less compares databases by name.
func (d Databases) Less(i, j int) bool { return d[i].GetName() < d[j].GetName() }
// Swap swaps two databases.
func (d Databases) Swap(i, j int) { d[i], d[j] = d[j], d[i] }
// UnmarshalJSON supports parsing DatabaseTLSMode from number or string.
func (d *DatabaseTLSMode) UnmarshalJSON(data []byte) error {
type loopBreaker DatabaseTLSMode
var val loopBreaker
// try as number first.
if err := json.Unmarshal(data, &val); err == nil {
*d = DatabaseTLSMode(val)
return nil
}
// fallback to string.
var s string
if err := json.Unmarshal(data, &s); err != nil {
return trace.Wrap(err)
}
return d.decodeName(s)
}
// UnmarshalYAML supports parsing DatabaseTLSMode from number or string.
func (d *DatabaseTLSMode) UnmarshalYAML(unmarshal func(interface{}) error) error {
// try as number first.
type loopBreaker DatabaseTLSMode
var val loopBreaker
if err := unmarshal(&val); err == nil {
*d = DatabaseTLSMode(val)
return nil
}
// fallback to string.
var s string
if err := unmarshal(&s); err != nil {
return trace.Wrap(err)
}
return d.decodeName(s)
}
// decodeName decodes DatabaseTLSMode from a string. This is necessary for
// allowing tctl commands to work with the same names as documented in Teleport
// configuration, rather than requiring it be specified as an unreadable enum
// number.
func (d *DatabaseTLSMode) decodeName(name string) error {
switch name {
case "verify-full", "":
*d = DatabaseTLSMode_VERIFY_FULL
return nil
case "verify-ca":
*d = DatabaseTLSMode_VERIFY_CA
return nil
case "insecure":
*d = DatabaseTLSMode_INSECURE
return nil
}
return trace.BadParameter("DatabaseTLSMode invalid value %v", d)
}
// MarshalJSON supports marshaling enum value into it's string value.
func (s *IAMPolicyStatus) MarshalJSON() ([]byte, error) {
return json.Marshal(s.String())
}
// UnmarshalJSON supports unmarshaling enum string value back to number.
func (s *IAMPolicyStatus) UnmarshalJSON(data []byte) error {
if len(data) == 0 {
return nil
}
var stringVal string
if err := json.Unmarshal(data, &stringVal); err != nil {
return err
}
*s = IAMPolicyStatus(IAMPolicyStatus_value[stringVal])
return nil
}
// IsAuditLogEnabled returns if Oracle Audit Log was enabled
func (o OracleOptions) IsAuditLogEnabled() bool {
return o.AuditUser != ""
}
// Copyright 2023 Gravitational, Inc
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package types
import "github.com/gravitational/trace"
// DatabasePermissions is a list of DatabasePermission objects.
type DatabasePermissions []DatabasePermission
func (m *DatabasePermission) CheckAndSetDefaults() error {
if len(m.Permissions) == 0 {
return trace.BadParameter("database permission list cannot be empty")
}
for _, permission := range m.Permissions {
if permission == "" {
return trace.BadParameter("individual database permissions cannot be empty strings")
}
}
for key, val := range m.Match {
if key == Wildcard && (len(val) != 1 || val[0] != Wildcard) {
return trace.BadParameter("database permission: selector *:<val> is not supported")
}
}
return nil
}
/*
Copyright 2020-2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"fmt"
"maps"
"sort"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api"
"github.com/gravitational/teleport/api/utils"
)
// DatabaseServer represents a database access server.
type DatabaseServer interface {
// ResourceWithLabels provides common resource methods.
ResourceWithLabels
// GetNamespace returns server namespace.
GetNamespace() string
// GetTeleportVersion returns the teleport version the server is running on.
GetTeleportVersion() string
// GetHostname returns the server hostname.
GetHostname() string
// GetHostID returns ID of the host the server is running on.
GetHostID() string
// GetRotation gets the state of certificate authority rotation.
GetRotation() Rotation
// SetRotation sets the state of certificate authority rotation.
SetRotation(Rotation)
// String returns string representation of the server.
String() string
// Copy returns a copy of this database server object.
Copy() DatabaseServer
// CloneResource returns a copy of the DatabaseServer as a ResourceWithLabels
CloneResource() ResourceWithLabels
// GetDatabase returns the database this database server proxies.
GetDatabase() Database
// SetDatabase sets the database this database server proxies.
SetDatabase(Database) error
// ProxiedService provides common methods for a proxied service.
ProxiedService
// GetRelayGroup returns the name of the Relay group that the database
// server is connected to.
GetRelayGroup() string
// GetRelayIDs returns the list of Relay host IDs that the database server
// is connected to.
GetRelayIDs() []string
// GetTargetHealth returns the database server's target health.
GetTargetHealth() TargetHealth
// SetTargetHealth sets the database server's target health.
SetTargetHealth(h TargetHealth)
// GetTargetHealthStatus returns target health status
GetTargetHealthStatus() TargetHealthStatus
// SetTargetHealthStatus sets target health status
SetTargetHealthStatus(status TargetHealthStatus)
// GetScope returns the scope this server belongs to.
GetScope() string
}
// NewDatabaseServerV3 creates a new database server instance.
func NewDatabaseServerV3(meta Metadata, spec DatabaseServerSpecV3) (*DatabaseServerV3, error) {
s := &DatabaseServerV3{
Metadata: meta,
Spec: spec,
}
if err := s.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return s, nil
}
// GetVersion returns the database server resource version.
func (s *DatabaseServerV3) GetVersion() string {
return s.Version
}
// GetTeleportVersion returns the Teleport version the server is running.
func (s *DatabaseServerV3) GetTeleportVersion() string {
return s.Spec.Version
}
// GetHostname returns the database server hostname.
func (s *DatabaseServerV3) GetHostname() string {
return s.Spec.Hostname
}
// GetHostID returns ID of the host the server is running on.
func (s *DatabaseServerV3) GetHostID() string {
return s.Spec.HostID
}
// GetKind returns the resource kind.
func (s *DatabaseServerV3) GetKind() string {
return s.Kind
}
// GetSubKind returns the resource subkind.
func (s *DatabaseServerV3) GetSubKind() string {
return s.SubKind
}
// SetSubKind sets the resource subkind.
func (s *DatabaseServerV3) SetSubKind(sk string) {
s.SubKind = sk
}
// GetRevision returns the revision
func (s *DatabaseServerV3) GetRevision() string {
return s.Metadata.GetRevision()
}
// SetRevision sets the revision
func (s *DatabaseServerV3) SetRevision(rev string) {
s.Metadata.SetRevision(rev)
}
// GetMetadata returns the resource metadata.
func (s *DatabaseServerV3) GetMetadata() Metadata {
return s.Metadata
}
// GetNamespace returns the resource namespace.
func (s *DatabaseServerV3) GetNamespace() string {
return s.Metadata.Namespace
}
// SetExpiry sets the resource expiry time.
func (s *DatabaseServerV3) SetExpiry(expiry time.Time) {
s.Metadata.SetExpiry(expiry)
}
// Expiry returns the resource expiry time.
func (s *DatabaseServerV3) Expiry() time.Time {
return s.Metadata.Expiry()
}
// GetName returns the resource name.
func (s *DatabaseServerV3) GetName() string {
return s.Metadata.Name
}
// SetName sets the resource name.
func (s *DatabaseServerV3) SetName(name string) {
s.Metadata.Name = name
}
// GetRotation returns the server CA rotation state.
func (s *DatabaseServerV3) GetRotation() Rotation {
return s.Spec.Rotation
}
// SetRotation sets the server CA rotation state.
func (s *DatabaseServerV3) SetRotation(r Rotation) {
s.Spec.Rotation = r
}
// GetDatabase returns the database this database server proxies.
func (s *DatabaseServerV3) GetDatabase() Database {
if s.Spec.Database == nil {
return nil
}
return s.Spec.Database
}
// SetDatabase sets the database this database server proxies.
func (s *DatabaseServerV3) SetDatabase(database Database) error {
databaseV3, ok := database.(*DatabaseV3)
if !ok {
return trace.BadParameter("expected *DatabaseV3, got %T", database)
}
s.Spec.Database = databaseV3
return nil
}
// GetProxyID returns a list of proxy ids this server is connected to.
func (s *DatabaseServerV3) GetProxyIDs() []string {
return s.Spec.ProxyIDs
}
// SetProxyID sets the proxy ids this server is connected to.
func (s *DatabaseServerV3) SetProxyIDs(proxyIDs []string) {
s.Spec.ProxyIDs = proxyIDs
}
// GetRelayGroup implements [DatabaseServer].
func (s *DatabaseServerV3) GetRelayGroup() string {
if s == nil {
return ""
}
return s.Spec.RelayGroup
}
// GetRelayIDs implements [DatabaseServer].
func (s *DatabaseServerV3) GetRelayIDs() []string {
if s == nil {
return nil
}
return s.Spec.RelayIds
}
// String returns the server string representation.
func (s *DatabaseServerV3) String() string {
return fmt.Sprintf("DatabaseServer(Name=%v, Version=%v, Hostname=%v, HostID=%v, Database=%v)",
s.GetName(), s.GetTeleportVersion(), s.GetHostname(), s.GetHostID(), s.GetDatabase())
}
// setStaticFields sets static resource header and metadata fields.
func (s *DatabaseServerV3) setStaticFields() {
s.Kind = KindDatabaseServer
s.Version = V3
}
// CheckAndSetDefaults checks and sets default values for any missing fields.
func (s *DatabaseServerV3) CheckAndSetDefaults() error {
s.setStaticFields()
if err := s.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if s.Spec.HostID == "" {
return trace.BadParameter("missing database server HostID")
}
if s.Spec.Hostname == "" {
return trace.BadParameter("missing database server Hostname")
}
if s.Spec.Version == "" {
s.Spec.Version = api.Version
}
if s.Spec.Database == nil {
return trace.BadParameter("missing database server Database")
}
if err := s.Spec.Database.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
return nil
}
// Origin returns the origin value of the resource.
func (s *DatabaseServerV3) Origin() string {
return s.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (s *DatabaseServerV3) SetOrigin(origin string) {
s.Metadata.SetOrigin(origin)
}
// GetLabel retrieves the label with the provided key. If not found
// value will be empty and ok will be false.
func (s *DatabaseServerV3) GetLabel(key string) (value string, ok bool) {
if s.Spec.Database != nil {
if v, ok := s.Spec.Database.GetLabel(key); ok {
return v, ok
}
}
v, ok := s.Metadata.Labels[key]
return v, ok
}
// GetAllLabels returns all resource's labels. Considering:
// * Static labels from `Metadata.Labels` and `Spec.Database`.
// * Dynamic labels from `Spec.DynamicLabels`.
func (s *DatabaseServerV3) GetAllLabels() map[string]string {
staticLabels := map[string]string{}
maps.Copy(staticLabels, s.Metadata.Labels)
if s.Spec.Database != nil {
maps.Copy(staticLabels, s.Spec.Database.GetAllLabels())
}
return staticLabels
}
// GetStaticLabels returns the database server static labels.
func (s *DatabaseServerV3) GetStaticLabels() map[string]string {
return s.Metadata.Labels
}
// SetStaticLabels sets the database server static labels.
func (s *DatabaseServerV3) SetStaticLabels(sl map[string]string) {
s.Metadata.Labels = sl
}
// Copy returns a copy of this database server object.
func (s *DatabaseServerV3) Copy() DatabaseServer {
return utils.CloneProtoMsg(s)
}
// GetScope returns the scope this server belongs to.
func (s *DatabaseServerV3) GetScope() string {
return s.Scope
}
// CloneResource returns a copy of this database server object.
func (s *DatabaseServerV3) CloneResource() ResourceWithLabels {
return s.Copy()
}
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (s *DatabaseServerV3) MatchSearch(values []string) bool {
return MatchSearch(nil, values, nil)
}
// GetTargetHealth returns the database server's target health.
func (s *DatabaseServerV3) GetTargetHealth() TargetHealth {
if s.Status.TargetHealth == nil {
return TargetHealth{}
}
return *s.Status.TargetHealth
}
// SetTargetHealth sets the database server's target health status.
func (s *DatabaseServerV3) SetTargetHealth(h TargetHealth) {
s.Status.TargetHealth = &h
}
// GetTargetHealthStatus returns target health status
func (s *DatabaseServerV3) GetTargetHealthStatus() TargetHealthStatus {
if s.Status.TargetHealth == nil {
return ""
}
return TargetHealthStatus(s.Status.TargetHealth.Status)
}
// SetTargetHealthStatus sets target health status
func (s *DatabaseServerV3) SetTargetHealthStatus(status TargetHealthStatus) {
if s.Status.TargetHealth == nil {
s.Status.TargetHealth = &TargetHealth{}
}
s.Status.TargetHealth.Status = string(status)
}
// DatabaseServers represents a list of database servers.
type DatabaseServers []DatabaseServer
// Len returns the slice length.
func (s DatabaseServers) Len() int { return len(s) }
// Less compares database servers by name and host ID.
func (s DatabaseServers) Less(i, j int) bool {
switch {
case s[i].GetName() < s[j].GetName():
return true
case s[i].GetName() > s[j].GetName():
return false
default:
return s[i].GetHostID() < s[j].GetHostID()
}
}
// Swap swaps two database servers.
func (s DatabaseServers) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
// SortByCustom custom sorts by given sort criteria.
func (s DatabaseServers) SortByCustom(sortBy SortBy) error {
if sortBy.Field == "" {
return nil
}
// We assume sorting by type DatabaseServer, we are really
// wanting to sort its contained resource Database.
isDesc := sortBy.IsDesc
switch sortBy.Field {
case ResourceMetadataName:
sort.SliceStable(s, func(i, j int) bool {
return stringCompare(s[i].GetDatabase().GetName(), s[j].GetDatabase().GetName(), isDesc)
})
case ResourceSpecDescription:
sort.SliceStable(s, func(i, j int) bool {
return stringCompare(s[i].GetDatabase().GetDescription(), s[j].GetDatabase().GetDescription(), isDesc)
})
case ResourceSpecType:
sort.SliceStable(s, func(i, j int) bool {
return stringCompare(s[i].GetDatabase().GetType(), s[j].GetDatabase().GetType(), isDesc)
})
default:
return trace.NotImplemented("sorting by field %q for resource %q is not supported", sortBy.Field, KindDatabaseServer)
}
return nil
}
// AsResources returns db servers as type resources with labels.
func (s DatabaseServers) AsResources() []ResourceWithLabels {
resources := make([]ResourceWithLabels, 0, len(s))
for _, server := range s {
resources = append(resources, ResourceWithLabels(server))
}
return resources
}
// GetFieldVals returns list of select field values.
func (s DatabaseServers) GetFieldVals(field string) ([]string, error) {
vals := make([]string, 0, len(s))
switch field {
case ResourceMetadataName:
for _, server := range s {
vals = append(vals, server.GetDatabase().GetName())
}
case ResourceSpecDescription:
for _, server := range s {
vals = append(vals, server.GetDatabase().GetDescription())
}
case ResourceSpecType:
for _, server := range s {
vals = append(vals, server.GetDatabase().GetType())
}
default:
return nil, trace.NotImplemented("getting field %q for resource %q is not supported", field, KindDatabaseServer)
}
return vals, nil
}
// ToDatabases converts database servers to a list of databases and
// deduplicates the databases by name.
func (s DatabaseServers) ToDatabases() []Database {
databases := make([]Database, 0, len(s))
for _, server := range s {
databases = append(databases, server.GetDatabase())
}
return DeduplicateDatabases(databases)
}
/*
Copyright 2022 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
// DatabaseService represents a DatabaseService (agent).
type DatabaseService interface {
// ResourceWithLabels provides common resource methods.
ResourceWithLabels
// GetNamespace returns the resource namespace.
GetNamespace() string
// GetResourceMatchers returns the resource matchers of the DatabaseService.
// Database services deployed by Teleport have known configurations where
// we will only define a single resource matcher.
GetResourceMatchers() []*DatabaseResourceMatcher
// GetHostname returns the hostname where this Database Service is running.
GetHostname() string
// Clone creates a copy of the service.
Clone() DatabaseService
}
// NewDatabaseServiceV1 creates a new DatabaseService instance.
func NewDatabaseServiceV1(meta Metadata, spec DatabaseServiceSpecV1) (*DatabaseServiceV1, error) {
s := &DatabaseServiceV1{
ResourceHeader: ResourceHeader{
Metadata: meta,
},
Spec: spec,
}
if err := s.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return s, nil
}
func (s *DatabaseServiceV1) setStaticFields() {
s.Kind = KindDatabaseService
s.Version = V1
}
// CheckAndSetDefaults checks and sets default values for any missing fields.
func (s *DatabaseServiceV1) CheckAndSetDefaults() error {
s.setStaticFields()
return trace.Wrap(s.ResourceHeader.CheckAndSetDefaults())
}
// GetResourceMatchers returns the resource matchers of the DatabaseService.
func (s *DatabaseServiceV1) GetResourceMatchers() []*DatabaseResourceMatcher {
return s.Spec.ResourceMatchers
}
// GetHostname returns the hostname where this Database Service is running.
func (s *DatabaseServiceV1) GetHostname() string {
return s.Spec.Hostname
}
// GetNamespace returns the resource namespace.
func (s *DatabaseServiceV1) GetNamespace() string {
return s.Metadata.Namespace
}
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (s *DatabaseServiceV1) MatchSearch(values []string) bool {
fieldVals := append(utils.MapToStrings(s.GetAllLabels()), s.GetName())
return MatchSearch(fieldVals, values, nil)
}
// Clone creates a clone of this service.
func (s *DatabaseServiceV1) Clone() DatabaseService {
return utils.CloneProtoMsg(s)
}
// Code generated by goderive DO NOT EDIT.
package types
import (
"bytes"
)
// deriveTeleportEqualAccessReviewThreshold returns whether this and that are equal.
func deriveTeleportEqualAccessReviewThreshold(this, that *AccessReviewThreshold) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Name == that.Name &&
this.Filter == that.Filter &&
this.Approve == that.Approve &&
this.Deny == that.Deny
}
// deriveTeleportEqualAppV3 returns whether this and that are equal.
func deriveTeleportEqualAppV3(this, that *AppV3) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Kind == that.Kind &&
this.SubKind == that.SubKind &&
this.Version == that.Version &&
deriveTeleportEqualMetadata(&this.Metadata, &that.Metadata) &&
deriveTeleportEqual(&this.Spec, &that.Spec)
}
// deriveTeleportEqualAWS returns whether this and that are equal.
func deriveTeleportEqualAWS(this, that *AWS) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Region == that.Region &&
deriveTeleportEqual_(&this.Redshift, &that.Redshift) &&
deriveTeleportEqual_1(&this.RDS, &that.RDS) &&
this.AccountID == that.AccountID &&
deriveTeleportEqual_2(&this.ElastiCache, &that.ElastiCache) &&
deriveTeleportEqual_3(&this.SecretStore, &that.SecretStore) &&
deriveTeleportEqual_4(&this.MemoryDB, &that.MemoryDB) &&
deriveTeleportEqual_5(&this.RDSProxy, &that.RDSProxy) &&
deriveTeleportEqual_6(&this.RedshiftServerless, &that.RedshiftServerless) &&
this.ExternalID == that.ExternalID &&
this.AssumeRoleARN == that.AssumeRoleARN &&
deriveTeleportEqual_7(&this.OpenSearch, &that.OpenSearch) &&
this.IAMPolicyStatus == that.IAMPolicyStatus &&
deriveTeleportEqual_8(this.SessionTags, that.SessionTags) &&
deriveTeleportEqual_9(&this.DocumentDB, &that.DocumentDB) &&
deriveTeleportEqual_10(&this.ElastiCacheServerless, &that.ElastiCacheServerless)
}
// deriveTeleportEqualGCPCloudSQL returns whether this and that are equal.
func deriveTeleportEqualGCPCloudSQL(this, that *GCPCloudSQL) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.ProjectID == that.ProjectID &&
this.InstanceID == that.InstanceID &&
deriveTeleportEqualAlloyDB(&this.AlloyDB, &that.AlloyDB)
}
// deriveTeleportEqualAlloyDB returns whether this and that are equal.
func deriveTeleportEqualAlloyDB(this, that *AlloyDB) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.EndpointType == that.EndpointType &&
this.EndpointOverride == that.EndpointOverride
}
// deriveTeleportEqualAzure returns whether this and that are equal.
func deriveTeleportEqualAzure(this, that *Azure) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Name == that.Name &&
this.ResourceID == that.ResourceID &&
deriveTeleportEqual_11(&this.Redis, &that.Redis) &&
this.IsFlexiServer == that.IsFlexiServer
}
// deriveTeleportEqualDatabaseV3 returns whether this and that are equal.
func deriveTeleportEqualDatabaseV3(this, that *DatabaseV3) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Kind == that.Kind &&
this.SubKind == that.SubKind &&
this.Version == that.Version &&
deriveTeleportEqualMetadata(&this.Metadata, &that.Metadata) &&
deriveTeleportEqual_12(&this.Spec, &that.Spec)
}
// deriveTeleportEqualDynamicWindowsDesktopV1 returns whether this and that are equal.
func deriveTeleportEqualDynamicWindowsDesktopV1(this, that *DynamicWindowsDesktopV1) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
deriveTeleportEqualResourceHeader(&this.ResourceHeader, &that.ResourceHeader) &&
deriveTeleportEqual_13(&this.Spec, &that.Spec)
}
// deriveTeleportEqualWindowsDesktopV3 returns whether this and that are equal.
func deriveTeleportEqualWindowsDesktopV3(this, that *WindowsDesktopV3) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
deriveTeleportEqualResourceHeader(&this.ResourceHeader, &that.ResourceHeader) &&
deriveTeleportEqual_14(&this.Spec, &that.Spec)
}
// deriveTeleportEqualKubeAzure returns whether this and that are equal.
func deriveTeleportEqualKubeAzure(this, that *KubeAzure) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.ResourceName == that.ResourceName &&
this.ResourceGroup == that.ResourceGroup &&
this.TenantID == that.TenantID &&
this.SubscriptionID == that.SubscriptionID
}
// deriveTeleportEqualKubeAWS returns whether this and that are equal.
func deriveTeleportEqualKubeAWS(this, that *KubeAWS) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Region == that.Region &&
this.AccountID == that.AccountID &&
this.Name == that.Name
}
// deriveTeleportEqualKubeGCP returns whether this and that are equal.
func deriveTeleportEqualKubeGCP(this, that *KubeGCP) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Location == that.Location &&
this.ProjectID == that.ProjectID &&
this.Name == that.Name
}
// deriveTeleportEqualKubernetesClusterV3 returns whether this and that are equal.
func deriveTeleportEqualKubernetesClusterV3(this, that *KubernetesClusterV3) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Kind == that.Kind &&
this.SubKind == that.SubKind &&
this.Version == that.Version &&
deriveTeleportEqualMetadata(&this.Metadata, &that.Metadata) &&
deriveTeleportEqual_15(&this.Spec, &that.Spec)
}
// deriveTeleportEqualKubernetesClusterStatus returns whether this and that are equal.
func deriveTeleportEqualKubernetesClusterStatus(this, that *KubernetesClusterStatus) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
deriveTeleportEqual_16(this.Discovery, that.Discovery)
}
// deriveTeleportEqualKubernetesServerV3 returns whether this and that are equal.
func deriveTeleportEqualKubernetesServerV3(this, that *KubernetesServerV3) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Kind == that.Kind &&
this.SubKind == that.SubKind &&
this.Version == that.Version &&
deriveTeleportEqualMetadata(&this.Metadata, &that.Metadata) &&
deriveTeleportEqual_17(&this.Spec, &that.Spec) &&
this.Scope == that.Scope
}
// deriveTeleportEqualAWSOrganizationMatcher returns whether this and that are equal.
func deriveTeleportEqualAWSOrganizationMatcher(this, that *AWSOrganizationMatcher) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.OrganizationID == that.OrganizationID &&
deriveTeleportEqual_18(this.OrganizationalUnits, that.OrganizationalUnits)
}
// deriveTeleportEqualOktaAssignmentV1 returns whether this and that are equal.
func deriveTeleportEqualOktaAssignmentV1(this, that *OktaAssignmentV1) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
deriveTeleportEqualResourceHeader(&this.ResourceHeader, &that.ResourceHeader) &&
deriveTeleportEqual_19(&this.Spec, &that.Spec)
}
// deriveTeleportEqualResourceHeader returns whether this and that are equal.
func deriveTeleportEqualResourceHeader(this, that *ResourceHeader) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Kind == that.Kind &&
this.SubKind == that.SubKind &&
this.Version == that.Version &&
deriveTeleportEqualMetadata(&this.Metadata, &that.Metadata)
}
// deriveTeleportEqualMetadata returns whether this and that are equal.
func deriveTeleportEqualMetadata(this, that *Metadata) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Name == that.Name &&
this.Namespace == that.Namespace &&
this.Description == that.Description &&
deriveTeleportEqual_8(this.Labels, that.Labels) &&
((this.Expires == nil && that.Expires == nil) || (this.Expires != nil && that.Expires != nil && (*(this.Expires)).Equal(*(that.Expires))))
}
// deriveTeleportEqualUserGroupV1 returns whether this and that are equal.
func deriveTeleportEqualUserGroupV1(this, that *UserGroupV1) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
deriveTeleportEqualResourceHeader(&this.ResourceHeader, &that.ResourceHeader) &&
deriveTeleportEqual_20(&this.Spec, &that.Spec)
}
// deriveTeleportEqual returns whether this and that are equal.
func deriveTeleportEqual(this, that *AppSpecV3) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.URI == that.URI &&
this.PublicAddr == that.PublicAddr &&
deriveTeleportEqual_21(this.DynamicLabels, that.DynamicLabels) &&
this.InsecureSkipVerify == that.InsecureSkipVerify &&
deriveTeleportEqual_22(this.Rewrite, that.Rewrite) &&
deriveTeleportEqual_23(this.AWS, that.AWS) &&
this.Cloud == that.Cloud &&
deriveTeleportEqual_24(this.UserGroups, that.UserGroups) &&
this.Integration == that.Integration &&
deriveTeleportEqual_24(this.RequiredAppNames, that.RequiredAppNames) &&
deriveTeleportEqual_25(this.CORS, that.CORS) &&
deriveTeleportEqual_26(this.IdentityCenter, that.IdentityCenter) &&
deriveTeleportEqual_27(this.TCPPorts, that.TCPPorts) &&
this.UseAnyProxyPublicAddr == that.UseAnyProxyPublicAddr &&
deriveTeleportEqual_28(this.MCP, that.MCP)
}
// deriveTeleportEqual_ returns whether this and that are equal.
func deriveTeleportEqual_(this, that *Redshift) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.ClusterID == that.ClusterID
}
// deriveTeleportEqual_1 returns whether this and that are equal.
func deriveTeleportEqual_1(this, that *RDS) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.InstanceID == that.InstanceID &&
this.ClusterID == that.ClusterID &&
this.ResourceID == that.ResourceID &&
this.IAMAuth == that.IAMAuth &&
deriveTeleportEqual_24(this.Subnets, that.Subnets) &&
this.VPCID == that.VPCID &&
deriveTeleportEqual_24(this.SecurityGroups, that.SecurityGroups)
}
// deriveTeleportEqual_2 returns whether this and that are equal.
func deriveTeleportEqual_2(this, that *ElastiCache) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.ReplicationGroupID == that.ReplicationGroupID &&
deriveTeleportEqual_24(this.UserGroupIDs, that.UserGroupIDs) &&
this.TransitEncryptionEnabled == that.TransitEncryptionEnabled &&
this.EndpointType == that.EndpointType
}
// deriveTeleportEqual_3 returns whether this and that are equal.
func deriveTeleportEqual_3(this, that *SecretStore) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.KeyPrefix == that.KeyPrefix &&
this.KMSKeyID == that.KMSKeyID
}
// deriveTeleportEqual_4 returns whether this and that are equal.
func deriveTeleportEqual_4(this, that *MemoryDB) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.ClusterName == that.ClusterName &&
this.ACLName == that.ACLName &&
this.TLSEnabled == that.TLSEnabled &&
this.EndpointType == that.EndpointType
}
// deriveTeleportEqual_5 returns whether this and that are equal.
func deriveTeleportEqual_5(this, that *RDSProxy) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Name == that.Name &&
this.CustomEndpointName == that.CustomEndpointName &&
this.ResourceID == that.ResourceID
}
// deriveTeleportEqual_6 returns whether this and that are equal.
func deriveTeleportEqual_6(this, that *RedshiftServerless) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.WorkgroupName == that.WorkgroupName &&
this.EndpointName == that.EndpointName &&
this.WorkgroupID == that.WorkgroupID
}
// deriveTeleportEqual_7 returns whether this and that are equal.
func deriveTeleportEqual_7(this, that *OpenSearch) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.DomainName == that.DomainName &&
this.DomainID == that.DomainID &&
this.EndpointType == that.EndpointType
}
// deriveTeleportEqual_8 returns whether this and that are equal.
func deriveTeleportEqual_8(this, that map[string]string) bool {
if this == nil || that == nil {
return this == nil && that == nil
}
if len(this) != len(that) {
return false
}
for k, v := range this {
thatv, ok := that[k]
if !ok {
return false
}
if !(v == thatv) {
return false
}
}
return true
}
// deriveTeleportEqual_9 returns whether this and that are equal.
func deriveTeleportEqual_9(this, that *DocumentDB) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.ClusterID == that.ClusterID &&
this.InstanceID == that.InstanceID &&
this.EndpointType == that.EndpointType
}
// deriveTeleportEqual_10 returns whether this and that are equal.
func deriveTeleportEqual_10(this, that *ElastiCacheServerless) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.CacheName == that.CacheName
}
// deriveTeleportEqual_11 returns whether this and that are equal.
func deriveTeleportEqual_11(this, that *AzureRedis) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.ClusteringPolicy == that.ClusteringPolicy
}
// deriveTeleportEqual_12 returns whether this and that are equal.
func deriveTeleportEqual_12(this, that *DatabaseSpecV3) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Protocol == that.Protocol &&
this.URI == that.URI &&
this.CACert == that.CACert &&
deriveTeleportEqual_21(this.DynamicLabels, that.DynamicLabels) &&
deriveTeleportEqualAWS(&this.AWS, &that.AWS) &&
deriveTeleportEqualGCPCloudSQL(&this.GCP, &that.GCP) &&
deriveTeleportEqualAzure(&this.Azure, &that.Azure) &&
deriveTeleportEqual_29(&this.TLS, &that.TLS) &&
deriveTeleportEqual_30(&this.AD, &that.AD) &&
deriveTeleportEqual_31(&this.MySQL, &that.MySQL) &&
deriveTeleportEqual_32(this.AdminUser, that.AdminUser) &&
deriveTeleportEqual_33(&this.MongoAtlas, &that.MongoAtlas) &&
deriveTeleportEqual_34(&this.Oracle, &that.Oracle)
}
// deriveTeleportEqual_13 returns whether this and that are equal.
func deriveTeleportEqual_13(this, that *DynamicWindowsDesktopSpecV1) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Addr == that.Addr &&
this.Domain == that.Domain &&
this.NonAD == that.NonAD &&
deriveTeleportEqual_35(this.ScreenSize, that.ScreenSize)
}
// deriveTeleportEqual_14 returns whether this and that are equal.
func deriveTeleportEqual_14(this, that *WindowsDesktopSpecV3) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Addr == that.Addr &&
this.Domain == that.Domain &&
this.HostID == that.HostID &&
this.NonAD == that.NonAD &&
deriveTeleportEqual_35(this.ScreenSize, that.ScreenSize)
}
// deriveTeleportEqual_15 returns whether this and that are equal.
func deriveTeleportEqual_15(this, that *KubernetesClusterSpecV3) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
deriveTeleportEqual_21(this.DynamicLabels, that.DynamicLabels) &&
bytes.Equal(this.Kubeconfig, that.Kubeconfig) &&
deriveTeleportEqualKubeAzure(&this.Azure, &that.Azure) &&
deriveTeleportEqualKubeAWS(&this.AWS, &that.AWS) &&
deriveTeleportEqualKubeGCP(&this.GCP, &that.GCP)
}
// deriveTeleportEqual_16 returns whether this and that are equal.
func deriveTeleportEqual_16(this, that *KubernetesClusterDiscoveryStatus) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
deriveTeleportEqual_36(this.Aws, that.Aws)
}
// deriveTeleportEqual_17 returns whether this and that are equal.
func deriveTeleportEqual_17(this, that *KubernetesServerSpecV3) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Version == that.Version &&
this.Hostname == that.Hostname &&
this.HostID == that.HostID &&
deriveTeleportEqual_37(&this.Rotation, &that.Rotation) &&
deriveTeleportEqualKubernetesClusterV3(this.Cluster, that.Cluster) &&
deriveTeleportEqual_24(this.ProxyIDs, that.ProxyIDs) &&
this.RelayGroup == that.RelayGroup &&
deriveTeleportEqual_24(this.RelayIds, that.RelayIds)
}
// deriveTeleportEqual_18 returns whether this and that are equal.
func deriveTeleportEqual_18(this, that *AWSOrganizationUnitsMatcher) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
deriveTeleportEqual_24(this.Include, that.Include) &&
deriveTeleportEqual_24(this.Exclude, that.Exclude)
}
// deriveTeleportEqual_19 returns whether this and that are equal.
func deriveTeleportEqual_19(this, that *OktaAssignmentSpecV1) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.User == that.User &&
deriveTeleportEqual_38(this.Targets, that.Targets) &&
this.CleanupTime.Equal(that.CleanupTime) &&
this.Status == that.Status &&
this.LastTransition.Equal(that.LastTransition) &&
this.Finalized == that.Finalized
}
// deriveTeleportEqual_20 returns whether this and that are equal.
func deriveTeleportEqual_20(this, that *UserGroupSpecV1) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
deriveTeleportEqual_24(this.Applications, that.Applications)
}
// deriveTeleportEqual_21 returns whether this and that are equal.
func deriveTeleportEqual_21(this, that map[string]CommandLabelV2) bool {
if this == nil || that == nil {
return this == nil && that == nil
}
if len(this) != len(that) {
return false
}
for k, v := range this {
thatv, ok := that[k]
if !ok {
return false
}
if !(deriveTeleportEqual_39(&v, &thatv)) {
return false
}
}
return true
}
// deriveTeleportEqual_22 returns whether this and that are equal.
func deriveTeleportEqual_22(this, that *Rewrite) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
deriveTeleportEqual_24(this.Redirect, that.Redirect) &&
deriveTeleportEqual_40(this.Headers, that.Headers) &&
this.JWTClaims == that.JWTClaims
}
// deriveTeleportEqual_23 returns whether this and that are equal.
func deriveTeleportEqual_23(this, that *AppAWS) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.ExternalID == that.ExternalID &&
deriveTeleportEqual_41(this.RolesAnywhereProfile, that.RolesAnywhereProfile)
}
// deriveTeleportEqual_24 returns whether this and that are equal.
func deriveTeleportEqual_24(this, that []string) bool {
if this == nil || that == nil {
return this == nil && that == nil
}
if len(this) != len(that) {
return false
}
for i := 0; i < len(this); i++ {
if !(this[i] == that[i]) {
return false
}
}
return true
}
// deriveTeleportEqual_25 returns whether this and that are equal.
func deriveTeleportEqual_25(this, that *CORSPolicy) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
deriveTeleportEqual_24(this.AllowedOrigins, that.AllowedOrigins) &&
deriveTeleportEqual_24(this.AllowedMethods, that.AllowedMethods) &&
deriveTeleportEqual_24(this.AllowedHeaders, that.AllowedHeaders) &&
this.AllowCredentials == that.AllowCredentials &&
this.MaxAge == that.MaxAge &&
deriveTeleportEqual_24(this.ExposedHeaders, that.ExposedHeaders)
}
// deriveTeleportEqual_26 returns whether this and that are equal.
func deriveTeleportEqual_26(this, that *AppIdentityCenter) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.AccountID == that.AccountID &&
deriveTeleportEqual_42(this.PermissionSets, that.PermissionSets)
}
// deriveTeleportEqual_27 returns whether this and that are equal.
func deriveTeleportEqual_27(this, that []*PortRange) bool {
if this == nil || that == nil {
return this == nil && that == nil
}
if len(this) != len(that) {
return false
}
for i := 0; i < len(this); i++ {
if !(deriveTeleportEqual_43(this[i], that[i])) {
return false
}
}
return true
}
// deriveTeleportEqual_28 returns whether this and that are equal.
func deriveTeleportEqual_28(this, that *MCP) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Command == that.Command &&
deriveTeleportEqual_24(this.Args, that.Args) &&
this.RunAsHostUser == that.RunAsHostUser
}
// deriveTeleportEqual_29 returns whether this and that are equal.
func deriveTeleportEqual_29(this, that *DatabaseTLS) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Mode == that.Mode &&
this.CACert == that.CACert &&
this.ServerName == that.ServerName &&
this.TrustSystemCertPool == that.TrustSystemCertPool
}
// deriveTeleportEqual_30 returns whether this and that are equal.
func deriveTeleportEqual_30(this, that *AD) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.KeytabFile == that.KeytabFile &&
this.Krb5File == that.Krb5File &&
this.Domain == that.Domain &&
this.SPN == that.SPN &&
this.LDAPCert == that.LDAPCert &&
this.KDCHostName == that.KDCHostName &&
this.LDAPServiceAccountName == that.LDAPServiceAccountName &&
this.LDAPServiceAccountSID == that.LDAPServiceAccountSID
}
// deriveTeleportEqual_31 returns whether this and that are equal.
func deriveTeleportEqual_31(this, that *MySQLOptions) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.ServerVersion == that.ServerVersion
}
// deriveTeleportEqual_32 returns whether this and that are equal.
func deriveTeleportEqual_32(this, that *DatabaseAdminUser) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Name == that.Name &&
this.DefaultDatabase == that.DefaultDatabase
}
// deriveTeleportEqual_33 returns whether this and that are equal.
func deriveTeleportEqual_33(this, that *MongoAtlas) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Name == that.Name
}
// deriveTeleportEqual_34 returns whether this and that are equal.
func deriveTeleportEqual_34(this, that *OracleOptions) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.AuditUser == that.AuditUser &&
this.RetryCount == that.RetryCount &&
this.ShuffleHostnames == that.ShuffleHostnames
}
// deriveTeleportEqual_35 returns whether this and that are equal.
func deriveTeleportEqual_35(this, that *Resolution) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Width == that.Width &&
this.Height == that.Height
}
// deriveTeleportEqual_36 returns whether this and that are equal.
func deriveTeleportEqual_36(this, that *KubernetesClusterAWSStatus) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.SetupAccessForArn == that.SetupAccessForArn &&
this.Integration == that.Integration &&
deriveTeleportEqual_44(this.DiscoveryAssumedRole, that.DiscoveryAssumedRole)
}
// deriveTeleportEqual_37 returns whether this and that are equal.
func deriveTeleportEqual_37(this, that *Rotation) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.State == that.State &&
this.Phase == that.Phase &&
this.Mode == that.Mode &&
this.CurrentID == that.CurrentID &&
this.Started.Equal(that.Started) &&
this.GracePeriod == that.GracePeriod &&
this.LastRotated.Equal(that.LastRotated) &&
deriveTeleportEqual_45(&this.Schedule, &that.Schedule)
}
// deriveTeleportEqual_38 returns whether this and that are equal.
func deriveTeleportEqual_38(this, that []*OktaAssignmentTargetV1) bool {
if this == nil || that == nil {
return this == nil && that == nil
}
if len(this) != len(that) {
return false
}
for i := 0; i < len(this); i++ {
if !(deriveTeleportEqual_46(this[i], that[i])) {
return false
}
}
return true
}
// deriveTeleportEqual_39 returns whether this and that are equal.
func deriveTeleportEqual_39(this, that *CommandLabelV2) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Period == that.Period &&
deriveTeleportEqual_24(this.Command, that.Command) &&
this.Result == that.Result
}
// deriveTeleportEqual_40 returns whether this and that are equal.
func deriveTeleportEqual_40(this, that []*Header) bool {
if this == nil || that == nil {
return this == nil && that == nil
}
if len(this) != len(that) {
return false
}
for i := 0; i < len(this); i++ {
if !(deriveTeleportEqual_47(this[i], that[i])) {
return false
}
}
return true
}
// deriveTeleportEqual_41 returns whether this and that are equal.
func deriveTeleportEqual_41(this, that *AppAWSRolesAnywhereProfile) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.ProfileARN == that.ProfileARN &&
this.AcceptRoleSessionName == that.AcceptRoleSessionName
}
// deriveTeleportEqual_42 returns whether this and that are equal.
func deriveTeleportEqual_42(this, that []*IdentityCenterPermissionSet) bool {
if this == nil || that == nil {
return this == nil && that == nil
}
if len(this) != len(that) {
return false
}
for i := 0; i < len(this); i++ {
if !(deriveTeleportEqual_48(this[i], that[i])) {
return false
}
}
return true
}
// deriveTeleportEqual_43 returns whether this and that are equal.
func deriveTeleportEqual_43(this, that *PortRange) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Port == that.Port &&
this.EndPort == that.EndPort
}
// deriveTeleportEqual_44 returns whether this and that are equal.
func deriveTeleportEqual_44(this, that *AssumeRole) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.RoleARN == that.RoleARN &&
this.ExternalID == that.ExternalID &&
this.RoleName == that.RoleName
}
// deriveTeleportEqual_45 returns whether this and that are equal.
func deriveTeleportEqual_45(this, that *RotationSchedule) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.UpdateClients.Equal(that.UpdateClients) &&
this.UpdateServers.Equal(that.UpdateServers) &&
this.Standby.Equal(that.Standby)
}
// deriveTeleportEqual_46 returns whether this and that are equal.
func deriveTeleportEqual_46(this, that *OktaAssignmentTargetV1) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Type == that.Type &&
this.Id == that.Id
}
// deriveTeleportEqual_47 returns whether this and that are equal.
func deriveTeleportEqual_47(this, that *Header) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.Name == that.Name &&
this.Value == that.Value
}
// deriveTeleportEqual_48 returns whether this and that are equal.
func deriveTeleportEqual_48(this, that *IdentityCenterPermissionSet) bool {
return (this == nil && that == nil) ||
this != nil && that != nil &&
this.ARN == that.ARN &&
this.Name == that.Name &&
this.AssignmentID == that.AssignmentID
}
/*
Copyright 2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"sort"
"strings"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/types/compare"
"github.com/gravitational/teleport/api/utils"
)
const (
MaxRDPScreenWidth = 8192
MaxRDPScreenHeight = 8192
)
var _ compare.IsEqual[WindowsDesktop] = (*WindowsDesktopV3)(nil)
// WindowsDesktopService represents a Windows desktop service instance.
type WindowsDesktopService interface {
// ResourceWithLabels provides common resource methods.
ResourceWithLabels
// GetAddr returns the network address of this service.
GetAddr() string
// GetVersion returns the teleport binary version of this service.
GetTeleportVersion() string
// GetHostname returns the hostname of this service
GetHostname() string
// ProxiedService provides common methods for a proxied service.
ProxiedService
// GetRelayGroup returns the name of the Relay group that this service is
// connected to.
GetRelayGroup() string
// GetRelayIDs returns the list of Relay host IDs that this service is
// connected to.
GetRelayIDs() []string
// Clone creates a copy of the service.
Clone() WindowsDesktopService
}
type WindowsDesktopServices []WindowsDesktopService
// AsResources returns windows desktops as type resources with labels.
func (s WindowsDesktopServices) AsResources() []ResourceWithLabels {
resources := make([]ResourceWithLabels, 0, len(s))
for _, server := range s {
resources = append(resources, ResourceWithLabels(server))
}
return resources
}
var _ WindowsDesktopService = &WindowsDesktopServiceV3{}
// NewWindowsDesktopServiceV3 creates a new WindowsDesktopServiceV3 resource.
func NewWindowsDesktopServiceV3(meta Metadata, spec WindowsDesktopServiceSpecV3) (*WindowsDesktopServiceV3, error) {
s := &WindowsDesktopServiceV3{
ResourceHeader: ResourceHeader{
Metadata: meta,
},
Spec: spec,
}
if err := s.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return s, nil
}
func (s *WindowsDesktopServiceV3) setStaticFields() {
s.Kind = KindWindowsDesktopService
s.Version = V3
}
// CheckAndSetDefaults checks and sets default values for any missing fields.
func (s *WindowsDesktopServiceV3) CheckAndSetDefaults() error {
if s.Spec.Addr == "" {
return trace.BadParameter("WindowsDesktopServiceV3.Spec missing Addr field")
}
if s.Spec.TeleportVersion == "" {
return trace.BadParameter("WindowsDesktopServiceV3.Spec missing TeleportVersion field")
}
s.setStaticFields()
if err := s.ResourceHeader.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
return nil
}
// GetAddr returns the network address of this service.
func (s *WindowsDesktopServiceV3) GetAddr() string {
return s.Spec.Addr
}
// GetTeleportVersion returns the teleport binary version of this service.
func (s *WindowsDesktopServiceV3) GetTeleportVersion() string {
return s.Spec.TeleportVersion
}
// GetProxyID returns a list of proxy ids this server is connected to.
func (s *WindowsDesktopServiceV3) GetProxyIDs() []string {
return s.Spec.ProxyIDs
}
// SetProxyID sets the proxy ids this server is connected to.
func (s *WindowsDesktopServiceV3) SetProxyIDs(proxyIDs []string) {
s.Spec.ProxyIDs = proxyIDs
}
// GetRelayGroup implements [WindowsDesktopService].
func (s *WindowsDesktopServiceV3) GetRelayGroup() string {
if s == nil {
return ""
}
return s.Spec.RelayGroup
}
// GetRelayIDs implements [WindowsDesktopService].
func (s *WindowsDesktopServiceV3) GetRelayIDs() []string {
if s == nil {
return nil
}
return s.Spec.RelayIds
}
// GetHostname returns the windows hostname of this service.
func (s *WindowsDesktopServiceV3) GetHostname() string {
return s.Spec.Hostname
}
// Clone creates a copy of the service.
func (s *WindowsDesktopServiceV3) Clone() WindowsDesktopService {
return utils.CloneProtoMsg(s)
}
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (s *WindowsDesktopServiceV3) MatchSearch(values []string) bool {
fieldVals := append(utils.MapToStrings(s.GetAllLabels()), s.GetName(), s.GetHostname())
return MatchSearch(fieldVals, values, nil)
}
// DynamicWindowsDesktop represents a Windows desktop host that is automatically discovered by Windows Desktop Service.
type DynamicWindowsDesktop interface {
// ResourceWithLabels provides common resource methods.
ResourceWithLabels
// GetAddr returns the network address of this host.
GetAddr() string
// GetDomain returns the ActiveDirectory domain of this host.
GetDomain() string
// NonAD checks whether this is a standalone host that
// is not joined to an Active Directory domain.
NonAD() bool
// GetScreenSize returns the desired size of the screen to use for sessions
// to this host. Returns (0, 0) if no screen size is set, which means to
// use the size passed by the client over TDP.
GetScreenSize() (width, height uint32)
// Copy returns a copy of this dynamic Windows desktop
Copy() DynamicWindowsDesktop
}
var _ DynamicWindowsDesktop = &DynamicWindowsDesktopV1{}
// NewDynamicWindowsDesktopV1 creates a new DynamicWindowsDesktopV1 resource.
func NewDynamicWindowsDesktopV1(name string, labels map[string]string, spec DynamicWindowsDesktopSpecV1) (*DynamicWindowsDesktopV1, error) {
d := &DynamicWindowsDesktopV1{
ResourceHeader: ResourceHeader{
Metadata: Metadata{
Name: name,
Labels: labels,
},
},
Spec: spec,
}
if err := d.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return d, nil
}
func (d *DynamicWindowsDesktopV1) setStaticFields() {
d.Kind = KindDynamicWindowsDesktop
d.Version = V1
}
// CheckAndSetDefaults checks and sets default values for any missing fields.
func (d *DynamicWindowsDesktopV1) CheckAndSetDefaults() error {
if d.Spec.Addr == "" {
return trace.BadParameter("DynamicWindowsDesktopV1.Spec missing Addr field")
}
if err := checkNameAndScreenSize(d.GetName(), d.Spec.ScreenSize); err != nil {
return trace.Wrap(err)
}
d.setStaticFields()
if err := d.ResourceHeader.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
return nil
}
func (d *DynamicWindowsDesktopV1) GetScreenSize() (width, height uint32) {
if d.Spec.ScreenSize == nil {
return 0, 0
}
return d.Spec.ScreenSize.Width, d.Spec.ScreenSize.Height
}
// NonAD checks whether host is part of Active Directory
func (d *DynamicWindowsDesktopV1) NonAD() bool {
return d.Spec.NonAD
}
// GetAddr returns the network address of this host.
func (d *DynamicWindowsDesktopV1) GetAddr() string {
return d.Spec.Addr
}
// GetDomain returns the Active Directory domain of this host.
func (d *DynamicWindowsDesktopV1) GetDomain() string {
return d.Spec.Domain
}
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (d *DynamicWindowsDesktopV1) MatchSearch(values []string) bool {
fieldVals := append(utils.MapToStrings(d.GetAllLabels()), d.GetName(), d.GetAddr())
return MatchSearch(fieldVals, values, nil)
}
// Copy returns a deep copy of this dynamic Windows desktop object.
func (d *DynamicWindowsDesktopV1) Copy() DynamicWindowsDesktop {
return utils.CloneProtoMsg(d)
}
// IsEqual determines if two dynamic Windows desktop resources are equivalent to one another.
func (d *DynamicWindowsDesktopV1) IsEqual(i DynamicWindowsDesktop) bool {
if other, ok := i.(*DynamicWindowsDesktopV1); ok {
return deriveTeleportEqualDynamicWindowsDesktopV1(d, other)
}
return false
}
// DynamicWindowsDesktops represents a list of Windows desktops.
type DynamicWindowsDesktops []DynamicWindowsDesktop
// Len returns the slice length.
func (s DynamicWindowsDesktops) Len() int { return len(s) }
// Less compares desktops by name and host ID.
func (s DynamicWindowsDesktops) Less(i, j int) bool {
return s[i].GetName() < s[j].GetName()
}
// Swap swaps two windows desktops.
func (s DynamicWindowsDesktops) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
// SortByCustom custom sorts by given sort criteria.
func (s DynamicWindowsDesktops) SortByCustom(sortBy SortBy) error {
if sortBy.Field == "" {
return nil
}
isDesc := sortBy.IsDesc
switch sortBy.Field {
case ResourceMetadataName:
sort.SliceStable(s, func(i, j int) bool {
return stringCompare(s[i].GetName(), s[j].GetName(), isDesc)
})
case ResourceSpecAddr:
sort.SliceStable(s, func(i, j int) bool {
return stringCompare(s[i].GetAddr(), s[j].GetAddr(), isDesc)
})
default:
return trace.NotImplemented("sorting by field %q for resource %q is not supported", sortBy.Field, KindDynamicWindowsDesktop)
}
return nil
}
// AsResources returns dynamic windows desktops as type resources with labels.
func (s DynamicWindowsDesktops) AsResources() []ResourceWithLabels {
resources := make([]ResourceWithLabels, 0, len(s))
for _, server := range s {
resources = append(resources, ResourceWithLabels(server))
}
return resources
}
// GetFieldVals returns list of select field values.
func (s DynamicWindowsDesktops) GetFieldVals(field string) ([]string, error) {
vals := make([]string, 0, len(s))
switch field {
case ResourceMetadataName:
for _, server := range s {
vals = append(vals, server.GetName())
}
case ResourceSpecAddr:
for _, server := range s {
vals = append(vals, server.GetAddr())
}
default:
return nil, trace.NotImplemented("getting field %q for resource %q is not supported", field, KindDynamicWindowsDesktop)
}
return vals, nil
}
// WindowsDesktop represents a Windows desktop host.
type WindowsDesktop interface {
// ResourceWithLabels provides common resource methods.
ResourceWithLabels
// GetAddr returns the network address of this host.
GetAddr() string
// GetDomain returns the ActiveDirectory domain of this host.
GetDomain() string
// GetHostID returns the ID of the Windows Desktop Service reporting the desktop.
GetHostID() string
// NonAD checks whether this is a standalone host that
// is not joined to an Active Directory domain.
NonAD() bool
// GetScreenSize returns the desired size of the screen to use for sessions
// to this host. Returns (0, 0) if no screen size is set, which means to
// use the size passed by the client over TDP.
GetScreenSize() (width, height uint32)
// Copy returns a copy of this windows desktop
Copy() WindowsDesktop
// CloneResource returns a copy of the WindowDesktop as a ResourceWithLabels
CloneResource() ResourceWithLabels
}
var _ WindowsDesktop = &WindowsDesktopV3{}
// NewWindowsDesktopV3 creates a new WindowsDesktopV3 resource.
func NewWindowsDesktopV3(name string, labels map[string]string, spec WindowsDesktopSpecV3) (*WindowsDesktopV3, error) {
d := &WindowsDesktopV3{
ResourceHeader: ResourceHeader{
Metadata: Metadata{
Name: name,
Labels: labels,
},
},
Spec: spec,
}
if err := d.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return d, nil
}
func (d *WindowsDesktopV3) setStaticFields() {
d.Kind = KindWindowsDesktop
d.Version = V3
}
// CheckAndSetDefaults checks and sets default values for any missing fields.
func (d *WindowsDesktopV3) CheckAndSetDefaults() error {
if d.Spec.Addr == "" {
return trace.BadParameter("WindowsDesktopV3.Spec missing Addr field")
}
if err := checkNameAndScreenSize(d.GetName(), d.Spec.ScreenSize); err != nil {
return trace.Wrap(err)
}
d.setStaticFields()
if err := d.ResourceHeader.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
return nil
}
func (d *WindowsDesktopV3) GetScreenSize() (width, height uint32) {
if d.Spec.ScreenSize == nil {
return 0, 0
}
return d.Spec.ScreenSize.Width, d.Spec.ScreenSize.Height
}
// NonAD checks whether host is part of Active Directory
func (d *WindowsDesktopV3) NonAD() bool {
return d.Spec.NonAD
}
// GetAddr returns the network address of this host.
func (d *WindowsDesktopV3) GetAddr() string {
return d.Spec.Addr
}
// GetHostID returns the HostID for the associated desktop service.
func (d *WindowsDesktopV3) GetHostID() string {
return d.Spec.HostID
}
// GetDomain returns the Active Directory domain of this host.
func (d *WindowsDesktopV3) GetDomain() string {
return d.Spec.Domain
}
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (d *WindowsDesktopV3) MatchSearch(values []string) bool {
fieldVals := append(utils.MapToStrings(d.GetAllLabels()), d.GetName(), d.GetAddr())
return MatchSearch(fieldVals, values, nil)
}
// Copy returns a copy of this windows desktop object.
func (d *WindowsDesktopV3) Copy() WindowsDesktop {
return utils.CloneProtoMsg(d)
}
func (d *WindowsDesktopV3) CloneResource() ResourceWithLabels {
return d.Copy()
}
// IsEqual determines if two windows desktop resources are equivalent to one another.
func (d *WindowsDesktopV3) IsEqual(i WindowsDesktop) bool {
if other, ok := i.(*WindowsDesktopV3); ok {
return deriveTeleportEqualWindowsDesktopV3(d, other)
}
return false
}
// Match checks if a given desktop request matches this filter.
func (f *WindowsDesktopFilter) Match(req WindowsDesktop) bool {
if f.HostID != "" && req.GetHostID() != f.HostID {
return false
}
if f.Name != "" && req.GetName() != f.Name {
return false
}
return true
}
// WindowsDesktops represents a list of Windows desktops.
type WindowsDesktops []WindowsDesktop
// Len returns the slice length.
func (s WindowsDesktops) Len() int { return len(s) }
// Less compares desktops by name and host ID.
func (s WindowsDesktops) Less(i, j int) bool {
switch {
case s[i].GetName() < s[j].GetName():
return true
case s[i].GetName() > s[j].GetName():
return false
default:
return s[i].GetHostID() < s[j].GetHostID()
}
}
// Swap swaps two windows desktops.
func (s WindowsDesktops) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
// SortByCustom custom sorts by given sort criteria.
func (s WindowsDesktops) SortByCustom(sortBy SortBy) error {
if sortBy.Field == "" {
return nil
}
isDesc := sortBy.IsDesc
switch sortBy.Field {
case ResourceMetadataName:
sort.SliceStable(s, func(i, j int) bool {
return stringCompare(s[i].GetName(), s[j].GetName(), isDesc)
})
case ResourceSpecAddr:
sort.SliceStable(s, func(i, j int) bool {
return stringCompare(s[i].GetAddr(), s[j].GetAddr(), isDesc)
})
default:
return trace.NotImplemented("sorting by field %q for resource %q is not supported", sortBy.Field, KindWindowsDesktop)
}
return nil
}
// AsResources returns windows desktops as type resources with labels.
func (s WindowsDesktops) AsResources() []ResourceWithLabels {
resources := make([]ResourceWithLabels, 0, len(s))
for _, server := range s {
resources = append(resources, ResourceWithLabels(server))
}
return resources
}
// GetFieldVals returns list of select field values.
func (s WindowsDesktops) GetFieldVals(field string) ([]string, error) {
vals := make([]string, 0, len(s))
switch field {
case ResourceMetadataName:
for _, server := range s {
vals = append(vals, server.GetName())
}
case ResourceSpecAddr:
for _, server := range s {
vals = append(vals, server.GetAddr())
}
default:
return nil, trace.NotImplemented("getting field %q for resource %q is not supported", field, KindWindowsDesktop)
}
return vals, nil
}
// ListWindowsDesktopsResponse is a response type to ListWindowsDesktops.
type ListWindowsDesktopsResponse struct {
Desktops []WindowsDesktop
NextKey string
}
// ListWindowsDesktopsRequest is a request type to ListWindowsDesktops.
type ListWindowsDesktopsRequest struct {
WindowsDesktopFilter
Limit int
StartKey, PredicateExpression string
Labels map[string]string
SearchKeywords []string
}
// ListDynamicWindowsDesktopsResponse is a response type to ListDynamicWindowsDesktops.
type ListDynamicWindowsDesktopsResponse struct {
Desktops []DynamicWindowsDesktop
NextKey string
}
// ListWindowsDesktopServicesResponse is a response type to ListWindowsDesktopServices.
type ListWindowsDesktopServicesResponse struct {
DesktopServices []WindowsDesktopService
NextKey string
}
// ListWindowsDesktopServicesRequest is a request type to ListWindowsDesktopServices.
type ListWindowsDesktopServicesRequest struct {
Limit int
StartKey, PredicateExpression string
Labels map[string]string
SearchKeywords []string
}
func checkNameAndScreenSize(name string, screenSize *Resolution) error {
// We use SNI to identify the desktop to route a connection to,
// and '.' will add an extra subdomain, preventing Teleport from
// correctly establishing TLS connections.
if strings.Contains(name, ".") {
return trace.BadParameter("invalid name %q: desktop names cannot contain periods", name)
}
if screenSize != nil && (screenSize.Width > MaxRDPScreenWidth || screenSize.Height > MaxRDPScreenHeight) {
return trace.BadParameter("screen size %dx%d too big (maximum %dx%d)",
screenSize.Width, screenSize.Height, MaxRDPScreenWidth, MaxRDPScreenHeight)
}
return nil
}
// RDPLicenseKey is struct for retrieving licenses from backend cache, used only internally
type RDPLicenseKey struct {
Version uint32 // e.g. 0x000a0002
Issuer string // e.g. example.com
Company string // e.g. Example Corporation
ProductID string // e.g. A02
}
// Copyright 2023 Gravitational, Inc
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package types
import (
"time"
"github.com/google/uuid"
"github.com/gravitational/trace"
"google.golang.org/protobuf/types/known/timestamppb"
devicepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/devicetrust/v1"
)
// CheckAndSetDefaults checks DeviceV1 fields to catch simple errors, and sets
// default values for all fields with defaults.
func (d *DeviceV1) CheckAndSetDefaults() error {
if d == nil {
return trace.BadParameter("device is nil")
}
// Assign defaults:
// - Kind = device
// - Metadata.Name = UUID
// - Spec.EnrollStatus = unspecified
// - Spec.Credential.AttestationType = unspecified
if d.Kind == "" {
d.Kind = KindDevice
} else if d.Kind != KindDevice { // sanity check
return trace.BadParameter("unexpected resource kind %q, must be %q", d.Kind, KindDevice)
}
if d.Metadata.Name == "" {
d.Metadata.Name = uuid.NewString()
}
if d.Spec.EnrollStatus == "" {
d.Spec.EnrollStatus = ResourceDeviceEnrollStatusToString(devicepb.DeviceEnrollStatus_DEVICE_ENROLL_STATUS_UNSPECIFIED)
}
if d.Spec.Credential != nil && d.Spec.Credential.DeviceAttestationType == "" {
d.Spec.Credential.DeviceAttestationType = ResourceDeviceAttestationTypeToString(devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_UNSPECIFIED)
}
// Validate Header/Metadata.
if err := d.ResourceHeader.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
// Validate "simple" fields.
switch {
case d.Spec.OsType == "":
return trace.BadParameter("missing OS type")
case d.Spec.AssetTag == "":
return trace.BadParameter("missing asset tag")
}
// Validate enum conversions.
if _, err := ResourceOSTypeFromString(d.Spec.OsType); err != nil {
return trace.Wrap(err)
}
if _, err := ResourceDeviceEnrollStatusFromString(d.Spec.EnrollStatus); err != nil {
return trace.Wrap(err)
}
if d.Spec.Credential != nil {
if _, err := ResourceDeviceAttestationTypeFromString(d.Spec.Credential.DeviceAttestationType); err != nil {
return trace.Wrap(err)
}
}
if d.Spec.Source != nil {
if _, err := ResourceDeviceOriginFromString(d.Spec.Source.Origin); err != nil {
return trace.Wrap(err)
}
}
return nil
}
// DeviceFromResource converts a resource DeviceV1 to an API devicepb.Device.
func DeviceFromResource(res *DeviceV1) (*devicepb.Device, error) {
if res == nil {
return nil, trace.BadParameter("device is nil")
}
toTimePB := func(t *time.Time) *timestamppb.Timestamp {
if t == nil {
return nil
}
return timestamppb.New(*t)
}
osType, err := ResourceOSTypeFromString(res.Spec.OsType)
if err != nil {
return nil, trace.Wrap(err)
}
enrollStatus, err := ResourceDeviceEnrollStatusFromString(res.Spec.EnrollStatus)
if err != nil {
return nil, trace.Wrap(err)
}
var cred *devicepb.DeviceCredential
if res.Spec.Credential != nil {
attestationType, err := ResourceDeviceAttestationTypeFromString(
res.Spec.Credential.DeviceAttestationType,
)
if err != nil {
return nil, trace.Wrap(err)
}
cred = &devicepb.DeviceCredential{
Id: res.Spec.Credential.Id,
PublicKeyDer: res.Spec.Credential.PublicKeyDer,
DeviceAttestationType: attestationType,
TpmEkcertSerial: res.Spec.Credential.TpmEkcertSerial,
TpmAkPublic: res.Spec.Credential.TpmAkPublic,
}
}
collectedData := make([]*devicepb.DeviceCollectedData, len(res.Spec.CollectedData))
for i, d := range res.Spec.CollectedData {
dataOSType, err := ResourceOSTypeFromString(d.OsType)
if err != nil {
return nil, trace.Wrap(err)
}
collectedData[i] = &devicepb.DeviceCollectedData{
CollectTime: toTimePB(d.CollectTime),
RecordTime: toTimePB(d.RecordTime),
OsType: dataOSType,
SerialNumber: d.SerialNumber,
ModelIdentifier: d.ModelIdentifier,
OsVersion: d.OsVersion,
OsBuild: d.OsBuild,
OsUsername: d.OsUsername,
JamfBinaryVersion: d.JamfBinaryVersion,
MacosEnrollmentProfiles: d.MacosEnrollmentProfiles,
ReportedAssetTag: d.ReportedAssetTag,
SystemSerialNumber: d.SystemSerialNumber,
BaseBoardSerialNumber: d.BaseBoardSerialNumber,
TpmPlatformAttestation: tpmPlatformAttestationFromResource(
d.TpmPlatformAttestation,
),
OsId: d.OsId,
}
}
var source *devicepb.DeviceSource
if s := res.Spec.Source; s != nil {
origin, err := ResourceDeviceOriginFromString(s.Origin)
if err != nil {
return nil, trace.Wrap(err)
}
source = &devicepb.DeviceSource{
Name: s.Name,
Origin: origin,
}
}
var profile *devicepb.DeviceProfile
if p := res.Spec.Profile; p != nil {
profile = &devicepb.DeviceProfile{
UpdateTime: toTimePB(p.UpdateTime),
ModelIdentifier: p.ModelIdentifier,
OsVersion: p.OsVersion,
OsBuild: p.OsBuild,
OsBuildSupplemental: p.OsBuildSupplemental,
OsUsernames: p.OsUsernames,
JamfBinaryVersion: p.JamfBinaryVersion,
ExternalId: p.ExternalId,
OsId: p.OsId,
}
}
return &devicepb.Device{
ApiVersion: res.Version,
Id: res.Metadata.Name,
OsType: osType,
AssetTag: res.Spec.AssetTag,
CreateTime: toTimePB(res.Spec.CreateTime),
UpdateTime: toTimePB(res.Spec.UpdateTime),
EnrollStatus: enrollStatus,
Credential: cred,
CollectedData: collectedData,
Source: source,
Profile: profile,
Owner: res.Spec.Owner,
}, nil
}
// DeviceToResource converts an API devicepb.Device to a resource DeviceV1 and
// assigns all default fields.
func DeviceToResource(dev *devicepb.Device) *DeviceV1 {
if dev == nil {
return nil
}
toTimePtr := func(pb *timestamppb.Timestamp) *time.Time {
if pb == nil {
return nil
}
t := pb.AsTime()
return &t
}
var cred *DeviceCredential
if dev.Credential != nil {
cred = &DeviceCredential{
Id: dev.Credential.Id,
PublicKeyDer: dev.Credential.PublicKeyDer,
DeviceAttestationType: ResourceDeviceAttestationTypeToString(
dev.Credential.DeviceAttestationType,
),
TpmEkcertSerial: dev.Credential.TpmEkcertSerial,
TpmAkPublic: dev.Credential.TpmAkPublic,
}
}
collectedData := make([]*DeviceCollectedData, len(dev.CollectedData))
for i, d := range dev.CollectedData {
collectedData[i] = &DeviceCollectedData{
CollectTime: toTimePtr(d.CollectTime),
RecordTime: toTimePtr(d.RecordTime),
OsType: ResourceOSTypeToString(d.OsType),
SerialNumber: d.SerialNumber,
ModelIdentifier: d.ModelIdentifier,
OsVersion: d.OsVersion,
OsBuild: d.OsBuild,
OsUsername: d.OsUsername,
JamfBinaryVersion: d.JamfBinaryVersion,
MacosEnrollmentProfiles: d.MacosEnrollmentProfiles,
ReportedAssetTag: d.ReportedAssetTag,
SystemSerialNumber: d.SystemSerialNumber,
BaseBoardSerialNumber: d.BaseBoardSerialNumber,
TpmPlatformAttestation: tpmPlatformAttestationToResource(
d.TpmPlatformAttestation,
),
OsId: d.OsId,
}
}
var source *DeviceSource
if s := dev.Source; s != nil {
source = &DeviceSource{
Name: s.Name,
Origin: ResourceDeviceOriginToString(s.Origin),
}
}
var profile *DeviceProfile
if p := dev.Profile; p != nil {
profile = &DeviceProfile{
UpdateTime: toTimePtr(p.UpdateTime),
ModelIdentifier: p.ModelIdentifier,
OsVersion: p.OsVersion,
OsBuild: p.OsBuild,
OsBuildSupplemental: p.OsBuildSupplemental,
OsUsernames: p.OsUsernames,
JamfBinaryVersion: p.JamfBinaryVersion,
ExternalId: p.ExternalId,
OsId: p.OsId,
}
}
res := &DeviceV1{
ResourceHeader: ResourceHeader{
Kind: KindDevice,
Version: dev.ApiVersion,
Metadata: Metadata{
Name: dev.Id,
},
},
Spec: &DeviceSpec{
OsType: ResourceOSTypeToString(dev.OsType),
AssetTag: dev.AssetTag,
CreateTime: toTimePtr(dev.CreateTime),
UpdateTime: toTimePtr(dev.UpdateTime),
EnrollStatus: ResourceDeviceEnrollStatusToString(dev.EnrollStatus),
Credential: cred,
CollectedData: collectedData,
Source: source,
Profile: profile,
Owner: dev.Owner,
},
}
_ = res.CheckAndSetDefaults() // assign default fields
return res
}
func tpmPlatformAttestationToResource(pa *devicepb.TPMPlatformAttestation) *TPMPlatformAttestation {
if pa == nil {
return nil
}
var outPlatParams *TPMPlatformParameters
if pa.PlatformParameters != nil {
var quotes []*TPMQuote
for _, q := range pa.PlatformParameters.Quotes {
quotes = append(quotes, &TPMQuote{
Quote: q.Quote,
Signature: q.Signature,
})
}
var pcrs []*TPMPCR
for _, pcr := range pa.PlatformParameters.Pcrs {
pcrs = append(pcrs, &TPMPCR{
Index: pcr.Index,
Digest: pcr.Digest,
DigestAlg: pcr.DigestAlg,
})
}
outPlatParams = &TPMPlatformParameters{
Quotes: quotes,
Pcrs: pcrs,
EventLog: pa.PlatformParameters.EventLog,
}
}
return &TPMPlatformAttestation{
Nonce: pa.Nonce,
PlatformParameters: outPlatParams,
}
}
func tpmPlatformAttestationFromResource(pa *TPMPlatformAttestation) *devicepb.TPMPlatformAttestation {
if pa == nil {
return nil
}
var outPlatParams *devicepb.TPMPlatformParameters
if pa.PlatformParameters != nil {
var quotes []*devicepb.TPMQuote
for _, q := range pa.PlatformParameters.Quotes {
quotes = append(quotes, &devicepb.TPMQuote{
Quote: q.Quote,
Signature: q.Signature,
})
}
var pcrs []*devicepb.TPMPCR
for _, pcr := range pa.PlatformParameters.Pcrs {
pcrs = append(pcrs, &devicepb.TPMPCR{
Index: pcr.Index,
Digest: pcr.Digest,
DigestAlg: pcr.DigestAlg,
})
}
outPlatParams = &devicepb.TPMPlatformParameters{
Quotes: quotes,
EventLog: pa.PlatformParameters.EventLog,
Pcrs: pcrs,
}
}
return &devicepb.TPMPlatformAttestation{
Nonce: pa.Nonce,
PlatformParameters: outPlatParams,
}
}
// ResourceOSTypeToString converts OSType to a string representation suitable
// for use in resource fields.
func ResourceOSTypeToString(osType devicepb.OSType) string {
switch osType {
case devicepb.OSType_OS_TYPE_UNSPECIFIED:
return "unspecified"
case devicepb.OSType_OS_TYPE_LINUX:
return "linux"
case devicepb.OSType_OS_TYPE_MACOS:
return "macos"
case devicepb.OSType_OS_TYPE_WINDOWS:
return "windows"
default:
return osType.String()
}
}
// ResourceOSTypeFromString converts a string representation of OSType suitable
// for resource fields to OSType.
func ResourceOSTypeFromString(osType string) (devicepb.OSType, error) {
switch osType {
case "", "unspecified":
return devicepb.OSType_OS_TYPE_UNSPECIFIED, nil
case "linux":
return devicepb.OSType_OS_TYPE_LINUX, nil
case "macos":
return devicepb.OSType_OS_TYPE_MACOS, nil
case "windows":
return devicepb.OSType_OS_TYPE_WINDOWS, nil
default:
return devicepb.OSType_OS_TYPE_UNSPECIFIED, trace.BadParameter("unknown os type %q", osType)
}
}
// ResourceDeviceEnrollStatusToString converts DeviceEnrollStatus to a string
// representation suitable for use in resource fields.
func ResourceDeviceEnrollStatusToString(enrollStatus devicepb.DeviceEnrollStatus) string {
switch enrollStatus {
case devicepb.DeviceEnrollStatus_DEVICE_ENROLL_STATUS_ENROLLED:
return "enrolled"
case devicepb.DeviceEnrollStatus_DEVICE_ENROLL_STATUS_NOT_ENROLLED:
return "not_enrolled"
case devicepb.DeviceEnrollStatus_DEVICE_ENROLL_STATUS_UNSPECIFIED:
return "unspecified"
default:
return enrollStatus.String()
}
}
// ResourceDeviceEnrollStatusFromString converts a string representation of
// DeviceEnrollStatus suitable for resource fields to DeviceEnrollStatus.
func ResourceDeviceEnrollStatusFromString(enrollStatus string) (devicepb.DeviceEnrollStatus, error) {
switch enrollStatus {
case "enrolled":
return devicepb.DeviceEnrollStatus_DEVICE_ENROLL_STATUS_ENROLLED, nil
case "not_enrolled":
return devicepb.DeviceEnrollStatus_DEVICE_ENROLL_STATUS_NOT_ENROLLED, nil
case "unspecified":
return devicepb.DeviceEnrollStatus_DEVICE_ENROLL_STATUS_UNSPECIFIED, nil
// In the terraform provider, enroll_status is an optional field and can be empty.
case "":
return devicepb.DeviceEnrollStatus_DEVICE_ENROLL_STATUS_UNSPECIFIED, nil
default:
return devicepb.DeviceEnrollStatus_DEVICE_ENROLL_STATUS_UNSPECIFIED, trace.BadParameter("unknown enroll status %q", enrollStatus)
}
}
func ResourceDeviceAttestationTypeToString(
attestationType devicepb.DeviceAttestationType,
) string {
switch attestationType {
case devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_UNSPECIFIED:
// Default to empty, so it doesn't show in non-TPM devices.
return ""
case devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM_EKPUB:
return "tpm_ekpub"
case devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM_EKCERT:
return "tpm_ekcert"
case devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM_EKCERT_TRUSTED:
return "tpm_ekcert_trusted"
default:
return attestationType.String()
}
}
func ResourceDeviceAttestationTypeFromString(
attestationType string,
) (devicepb.DeviceAttestationType, error) {
switch attestationType {
case "unspecified", "":
return devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_UNSPECIFIED, nil
case "tpm_ekpub":
return devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM_EKPUB, nil
case "tpm_ekcert":
return devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM_EKCERT, nil
case "tpm_ekcert_trusted":
return devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM_EKCERT_TRUSTED, nil
default:
return devicepb.DeviceAttestationType_DEVICE_ATTESTATION_TYPE_UNSPECIFIED, trace.BadParameter("unknown attestation type %q", attestationType)
}
}
func ResourceDeviceOriginToString(o devicepb.DeviceOrigin) string {
switch o {
case devicepb.DeviceOrigin_DEVICE_ORIGIN_UNSPECIFIED:
return "unspecified"
case devicepb.DeviceOrigin_DEVICE_ORIGIN_API:
return "api"
case devicepb.DeviceOrigin_DEVICE_ORIGIN_JAMF:
return "jamf"
case devicepb.DeviceOrigin_DEVICE_ORIGIN_INTUNE:
return "intune"
default:
return o.String()
}
}
func ResourceDeviceOriginFromString(s string) (devicepb.DeviceOrigin, error) {
switch s {
case "", "unspecified":
return devicepb.DeviceOrigin_DEVICE_ORIGIN_UNSPECIFIED, nil
case "api":
return devicepb.DeviceOrigin_DEVICE_ORIGIN_API, nil
case "jamf":
return devicepb.DeviceOrigin_DEVICE_ORIGIN_JAMF, nil
case "intune":
return devicepb.DeviceOrigin_DEVICE_ORIGIN_INTUNE, nil
default:
return devicepb.DeviceOrigin_DEVICE_ORIGIN_UNSPECIFIED, trace.BadParameter("unknown device origin %q", s)
}
}
// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: teleport/legacy/types/device.proto
package types
import (
fmt "fmt"
_ "github.com/gogo/protobuf/gogoproto"
proto "github.com/gogo/protobuf/proto"
_ "github.com/gogo/protobuf/types"
github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
io "io"
math "math"
math_bits "math/bits"
time "time"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
var _ = time.Kitchen
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
// DeviceV1 is the resource representation of teleport.devicetrust.v1.Device.
type DeviceV1 struct {
// Header is the common resource header.
//
// - Kind is always "device".
// - SubKind is unused.
// - Version is equivalent to teleport.devicetrust.v1.Device.api_version.
// - Metadata.Name is equivalent to teleport.devicetrust.v1.Device.Id.
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
// Specification of the device.
Spec *DeviceSpec `protobuf:"bytes,5,opt,name=spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DeviceV1) Reset() { *m = DeviceV1{} }
func (m *DeviceV1) String() string { return proto.CompactTextString(m) }
func (*DeviceV1) ProtoMessage() {}
func (*DeviceV1) Descriptor() ([]byte, []int) {
return fileDescriptor_aceaef1b58496e7d, []int{0}
}
func (m *DeviceV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DeviceV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DeviceV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DeviceV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_DeviceV1.Merge(m, src)
}
func (m *DeviceV1) XXX_Size() int {
return m.Size()
}
func (m *DeviceV1) XXX_DiscardUnknown() {
xxx_messageInfo_DeviceV1.DiscardUnknown(m)
}
var xxx_messageInfo_DeviceV1 proto.InternalMessageInfo
// DeviceSpec is a device specification.
// Roughly matches teleport.devicetrust.v1.Device, with some fields changed for
// better UX.
type DeviceSpec struct {
OsType string `protobuf:"bytes,1,opt,name=os_type,json=osType,proto3" json:"os_type"`
AssetTag string `protobuf:"bytes,2,opt,name=asset_tag,json=assetTag,proto3" json:"asset_tag"`
CreateTime *time.Time `protobuf:"bytes,3,opt,name=create_time,json=createTime,proto3,stdtime" json:"create_time"`
UpdateTime *time.Time `protobuf:"bytes,4,opt,name=update_time,json=updateTime,proto3,stdtime" json:"update_time"`
EnrollStatus string `protobuf:"bytes,5,opt,name=enroll_status,json=enrollStatus,proto3" json:"enroll_status"`
Credential *DeviceCredential `protobuf:"bytes,6,opt,name=credential,proto3" json:"credential,omitempty"`
CollectedData []*DeviceCollectedData `protobuf:"bytes,7,rep,name=collected_data,json=collectedData,proto3" json:"collected_data,omitempty"`
Source *DeviceSource `protobuf:"bytes,8,opt,name=source,proto3" json:"source,omitempty"`
Profile *DeviceProfile `protobuf:"bytes,9,opt,name=profile,proto3" json:"profile,omitempty"`
Owner string `protobuf:"bytes,10,opt,name=owner,proto3" json:"owner,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DeviceSpec) Reset() { *m = DeviceSpec{} }
func (m *DeviceSpec) String() string { return proto.CompactTextString(m) }
func (*DeviceSpec) ProtoMessage() {}
func (*DeviceSpec) Descriptor() ([]byte, []int) {
return fileDescriptor_aceaef1b58496e7d, []int{1}
}
func (m *DeviceSpec) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DeviceSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DeviceSpec.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DeviceSpec) XXX_Merge(src proto.Message) {
xxx_messageInfo_DeviceSpec.Merge(m, src)
}
func (m *DeviceSpec) XXX_Size() int {
return m.Size()
}
func (m *DeviceSpec) XXX_DiscardUnknown() {
xxx_messageInfo_DeviceSpec.DiscardUnknown(m)
}
var xxx_messageInfo_DeviceSpec proto.InternalMessageInfo
// DeviceCredential is the resource representation of
// teleport.devicetrust.v1.DeviceCredential.
type DeviceCredential struct {
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id"`
PublicKeyDer []byte `protobuf:"bytes,2,opt,name=public_key_der,json=publicKeyDer,proto3" json:"public_key_der,omitempty"`
DeviceAttestationType string `protobuf:"bytes,3,opt,name=device_attestation_type,json=deviceAttestationType,proto3" json:"device_attestation_type,omitempty"`
TpmEkcertSerial string `protobuf:"bytes,4,opt,name=tpm_ekcert_serial,json=tpmEkcertSerial,proto3" json:"tpm_ekcert_serial,omitempty"`
TpmAkPublic []byte `protobuf:"bytes,5,opt,name=tpm_ak_public,json=tpmAkPublic,proto3" json:"tpm_ak_public,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DeviceCredential) Reset() { *m = DeviceCredential{} }
func (m *DeviceCredential) String() string { return proto.CompactTextString(m) }
func (*DeviceCredential) ProtoMessage() {}
func (*DeviceCredential) Descriptor() ([]byte, []int) {
return fileDescriptor_aceaef1b58496e7d, []int{2}
}
func (m *DeviceCredential) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DeviceCredential) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DeviceCredential.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DeviceCredential) XXX_Merge(src proto.Message) {
xxx_messageInfo_DeviceCredential.Merge(m, src)
}
func (m *DeviceCredential) XXX_Size() int {
return m.Size()
}
func (m *DeviceCredential) XXX_DiscardUnknown() {
xxx_messageInfo_DeviceCredential.DiscardUnknown(m)
}
var xxx_messageInfo_DeviceCredential proto.InternalMessageInfo
// DeviceCollectedData is the resource representation of
// teleport.devicetrust.v1.DeviceCollectedData.
type DeviceCollectedData struct {
CollectTime *time.Time `protobuf:"bytes,1,opt,name=collect_time,json=collectTime,proto3,stdtime" json:"collect_time"`
RecordTime *time.Time `protobuf:"bytes,2,opt,name=record_time,json=recordTime,proto3,stdtime" json:"record_time"`
OsType string `protobuf:"bytes,3,opt,name=os_type,json=osType,proto3" json:"os_type"`
SerialNumber string `protobuf:"bytes,4,opt,name=serial_number,json=serialNumber,proto3" json:"serial_number,omitempty"`
ModelIdentifier string `protobuf:"bytes,5,opt,name=model_identifier,json=modelIdentifier,proto3" json:"model_identifier,omitempty"`
OsVersion string `protobuf:"bytes,6,opt,name=os_version,json=osVersion,proto3" json:"os_version,omitempty"`
OsBuild string `protobuf:"bytes,7,opt,name=os_build,json=osBuild,proto3" json:"os_build,omitempty"`
OsUsername string `protobuf:"bytes,8,opt,name=os_username,json=osUsername,proto3" json:"os_username,omitempty"`
JamfBinaryVersion string `protobuf:"bytes,9,opt,name=jamf_binary_version,json=jamfBinaryVersion,proto3" json:"jamf_binary_version,omitempty"`
MacosEnrollmentProfiles string `protobuf:"bytes,10,opt,name=macos_enrollment_profiles,json=macosEnrollmentProfiles,proto3" json:"macos_enrollment_profiles,omitempty"`
ReportedAssetTag string `protobuf:"bytes,11,opt,name=reported_asset_tag,json=reportedAssetTag,proto3" json:"reported_asset_tag,omitempty"`
SystemSerialNumber string `protobuf:"bytes,12,opt,name=system_serial_number,json=systemSerialNumber,proto3" json:"system_serial_number,omitempty"`
BaseBoardSerialNumber string `protobuf:"bytes,13,opt,name=base_board_serial_number,json=baseBoardSerialNumber,proto3" json:"base_board_serial_number,omitempty"`
TpmPlatformAttestation *TPMPlatformAttestation `protobuf:"bytes,14,opt,name=tpm_platform_attestation,json=tpmPlatformAttestation,proto3" json:"tpm_platform_attestation,omitempty"`
OsId string `protobuf:"bytes,15,opt,name=os_id,json=osId,proto3" json:"os_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DeviceCollectedData) Reset() { *m = DeviceCollectedData{} }
func (m *DeviceCollectedData) String() string { return proto.CompactTextString(m) }
func (*DeviceCollectedData) ProtoMessage() {}
func (*DeviceCollectedData) Descriptor() ([]byte, []int) {
return fileDescriptor_aceaef1b58496e7d, []int{3}
}
func (m *DeviceCollectedData) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DeviceCollectedData) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DeviceCollectedData.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DeviceCollectedData) XXX_Merge(src proto.Message) {
xxx_messageInfo_DeviceCollectedData.Merge(m, src)
}
func (m *DeviceCollectedData) XXX_Size() int {
return m.Size()
}
func (m *DeviceCollectedData) XXX_DiscardUnknown() {
xxx_messageInfo_DeviceCollectedData.DiscardUnknown(m)
}
var xxx_messageInfo_DeviceCollectedData proto.InternalMessageInfo
// TPMPCR is the resource representation of teleport.devicetrust.v1.TPMPCR.
type TPMPCR struct {
Index int32 `protobuf:"varint,1,opt,name=index,proto3" json:"index"`
Digest []byte `protobuf:"bytes,2,opt,name=digest,proto3" json:"digest"`
DigestAlg uint64 `protobuf:"varint,3,opt,name=digest_alg,json=digestAlg,proto3" json:"digest_alg"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *TPMPCR) Reset() { *m = TPMPCR{} }
func (m *TPMPCR) String() string { return proto.CompactTextString(m) }
func (*TPMPCR) ProtoMessage() {}
func (*TPMPCR) Descriptor() ([]byte, []int) {
return fileDescriptor_aceaef1b58496e7d, []int{4}
}
func (m *TPMPCR) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *TPMPCR) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_TPMPCR.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *TPMPCR) XXX_Merge(src proto.Message) {
xxx_messageInfo_TPMPCR.Merge(m, src)
}
func (m *TPMPCR) XXX_Size() int {
return m.Size()
}
func (m *TPMPCR) XXX_DiscardUnknown() {
xxx_messageInfo_TPMPCR.DiscardUnknown(m)
}
var xxx_messageInfo_TPMPCR proto.InternalMessageInfo
// TPMQuote is the resource representation of teleport.devicetrust.v1.TPMQuote.
type TPMQuote struct {
Quote []byte `protobuf:"bytes,1,opt,name=quote,proto3" json:"quote"`
Signature []byte `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *TPMQuote) Reset() { *m = TPMQuote{} }
func (m *TPMQuote) String() string { return proto.CompactTextString(m) }
func (*TPMQuote) ProtoMessage() {}
func (*TPMQuote) Descriptor() ([]byte, []int) {
return fileDescriptor_aceaef1b58496e7d, []int{5}
}
func (m *TPMQuote) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *TPMQuote) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_TPMQuote.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *TPMQuote) XXX_Merge(src proto.Message) {
xxx_messageInfo_TPMQuote.Merge(m, src)
}
func (m *TPMQuote) XXX_Size() int {
return m.Size()
}
func (m *TPMQuote) XXX_DiscardUnknown() {
xxx_messageInfo_TPMQuote.DiscardUnknown(m)
}
var xxx_messageInfo_TPMQuote proto.InternalMessageInfo
// TPMPlatformParameters is the resource representation of
// teleport.devicetrust.v1.TPMPlatformParameters.
type TPMPlatformParameters struct {
Quotes []*TPMQuote `protobuf:"bytes,1,rep,name=quotes,proto3" json:"quotes"`
Pcrs []*TPMPCR `protobuf:"bytes,2,rep,name=pcrs,proto3" json:"pcrs"`
EventLog []byte `protobuf:"bytes,3,opt,name=event_log,json=eventLog,proto3" json:"event_log"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *TPMPlatformParameters) Reset() { *m = TPMPlatformParameters{} }
func (m *TPMPlatformParameters) String() string { return proto.CompactTextString(m) }
func (*TPMPlatformParameters) ProtoMessage() {}
func (*TPMPlatformParameters) Descriptor() ([]byte, []int) {
return fileDescriptor_aceaef1b58496e7d, []int{6}
}
func (m *TPMPlatformParameters) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *TPMPlatformParameters) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_TPMPlatformParameters.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *TPMPlatformParameters) XXX_Merge(src proto.Message) {
xxx_messageInfo_TPMPlatformParameters.Merge(m, src)
}
func (m *TPMPlatformParameters) XXX_Size() int {
return m.Size()
}
func (m *TPMPlatformParameters) XXX_DiscardUnknown() {
xxx_messageInfo_TPMPlatformParameters.DiscardUnknown(m)
}
var xxx_messageInfo_TPMPlatformParameters proto.InternalMessageInfo
// TPMPlatformAttestation is the resource representation of
// teleport.devicetrust.v1.TPMPlatformAttestation.
type TPMPlatformAttestation struct {
Nonce []byte `protobuf:"bytes,1,opt,name=nonce,proto3" json:"nonce,omitempty"`
PlatformParameters *TPMPlatformParameters `protobuf:"bytes,2,opt,name=platform_parameters,json=platformParameters,proto3" json:"platform_parameters,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *TPMPlatformAttestation) Reset() { *m = TPMPlatformAttestation{} }
func (m *TPMPlatformAttestation) String() string { return proto.CompactTextString(m) }
func (*TPMPlatformAttestation) ProtoMessage() {}
func (*TPMPlatformAttestation) Descriptor() ([]byte, []int) {
return fileDescriptor_aceaef1b58496e7d, []int{7}
}
func (m *TPMPlatformAttestation) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *TPMPlatformAttestation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_TPMPlatformAttestation.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *TPMPlatformAttestation) XXX_Merge(src proto.Message) {
xxx_messageInfo_TPMPlatformAttestation.Merge(m, src)
}
func (m *TPMPlatformAttestation) XXX_Size() int {
return m.Size()
}
func (m *TPMPlatformAttestation) XXX_DiscardUnknown() {
xxx_messageInfo_TPMPlatformAttestation.DiscardUnknown(m)
}
var xxx_messageInfo_TPMPlatformAttestation proto.InternalMessageInfo
// DeviceSource is the resource representation of
// teleport.devicetrust.v1.DeviceSource..
type DeviceSource struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name"`
Origin string `protobuf:"bytes,2,opt,name=origin,proto3" json:"origin"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DeviceSource) Reset() { *m = DeviceSource{} }
func (m *DeviceSource) String() string { return proto.CompactTextString(m) }
func (*DeviceSource) ProtoMessage() {}
func (*DeviceSource) Descriptor() ([]byte, []int) {
return fileDescriptor_aceaef1b58496e7d, []int{8}
}
func (m *DeviceSource) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DeviceSource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DeviceSource.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DeviceSource) XXX_Merge(src proto.Message) {
xxx_messageInfo_DeviceSource.Merge(m, src)
}
func (m *DeviceSource) XXX_Size() int {
return m.Size()
}
func (m *DeviceSource) XXX_DiscardUnknown() {
xxx_messageInfo_DeviceSource.DiscardUnknown(m)
}
var xxx_messageInfo_DeviceSource proto.InternalMessageInfo
// DeviceProfile is the resource representation of
// teleport.devicetrust.v1.DeviceProfile.
type DeviceProfile struct {
UpdateTime *time.Time `protobuf:"bytes,1,opt,name=update_time,json=updateTime,proto3,stdtime" json:"update_time,omitempty"`
ModelIdentifier string `protobuf:"bytes,2,opt,name=model_identifier,json=modelIdentifier,proto3" json:"model_identifier,omitempty"`
OsVersion string `protobuf:"bytes,3,opt,name=os_version,json=osVersion,proto3" json:"os_version,omitempty"`
OsBuild string `protobuf:"bytes,4,opt,name=os_build,json=osBuild,proto3" json:"os_build,omitempty"`
OsUsernames []string `protobuf:"bytes,5,rep,name=os_usernames,json=osUsernames,proto3" json:"os_usernames,omitempty"`
JamfBinaryVersion string `protobuf:"bytes,6,opt,name=jamf_binary_version,json=jamfBinaryVersion,proto3" json:"jamf_binary_version,omitempty"`
ExternalId string `protobuf:"bytes,7,opt,name=external_id,json=externalId,proto3" json:"external_id,omitempty"`
OsBuildSupplemental string `protobuf:"bytes,8,opt,name=os_build_supplemental,json=osBuildSupplemental,proto3" json:"os_build_supplemental,omitempty"`
OsId string `protobuf:"bytes,9,opt,name=os_id,json=osId,proto3" json:"os_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DeviceProfile) Reset() { *m = DeviceProfile{} }
func (m *DeviceProfile) String() string { return proto.CompactTextString(m) }
func (*DeviceProfile) ProtoMessage() {}
func (*DeviceProfile) Descriptor() ([]byte, []int) {
return fileDescriptor_aceaef1b58496e7d, []int{9}
}
func (m *DeviceProfile) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DeviceProfile) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DeviceProfile.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DeviceProfile) XXX_Merge(src proto.Message) {
xxx_messageInfo_DeviceProfile.Merge(m, src)
}
func (m *DeviceProfile) XXX_Size() int {
return m.Size()
}
func (m *DeviceProfile) XXX_DiscardUnknown() {
xxx_messageInfo_DeviceProfile.DiscardUnknown(m)
}
var xxx_messageInfo_DeviceProfile proto.InternalMessageInfo
func init() {
proto.RegisterType((*DeviceV1)(nil), "types.DeviceV1")
proto.RegisterType((*DeviceSpec)(nil), "types.DeviceSpec")
proto.RegisterType((*DeviceCredential)(nil), "types.DeviceCredential")
proto.RegisterType((*DeviceCollectedData)(nil), "types.DeviceCollectedData")
proto.RegisterType((*TPMPCR)(nil), "types.TPMPCR")
proto.RegisterType((*TPMQuote)(nil), "types.TPMQuote")
proto.RegisterType((*TPMPlatformParameters)(nil), "types.TPMPlatformParameters")
proto.RegisterType((*TPMPlatformAttestation)(nil), "types.TPMPlatformAttestation")
proto.RegisterType((*DeviceSource)(nil), "types.DeviceSource")
proto.RegisterType((*DeviceProfile)(nil), "types.DeviceProfile")
}
func init() {
proto.RegisterFile("teleport/legacy/types/device.proto", fileDescriptor_aceaef1b58496e7d)
}
var fileDescriptor_aceaef1b58496e7d = []byte{
// 1495 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x57, 0xdd, 0x6e, 0x1b, 0xc5,
0x17, 0xaf, 0x1d, 0xc7, 0x89, 0xc7, 0x76, 0x3e, 0x26, 0x5f, 0xdb, 0x34, 0xcd, 0xb4, 0xee, 0xff,
0xa3, 0x50, 0x88, 0x55, 0x2a, 0x81, 0x54, 0x54, 0x41, 0xb6, 0xad, 0x44, 0x54, 0x5a, 0xb9, 0x9b,
0x50, 0x50, 0x25, 0xb4, 0x1a, 0xef, 0x4e, 0xcc, 0x92, 0x5d, 0xcf, 0xb2, 0x33, 0x0e, 0xb5, 0x84,
0x84, 0x78, 0x03, 0xde, 0x01, 0xf1, 0x08, 0xbc, 0x43, 0x2f, 0x7b, 0x8f, 0x34, 0x40, 0x2f, 0xf7,
0x96, 0x17, 0x40, 0x73, 0x66, 0x6d, 0x8f, 0x1b, 0x47, 0xad, 0x80, 0x1b, 0xef, 0xee, 0xef, 0x77,
0xce, 0x6f, 0x66, 0xcf, 0x9e, 0x8f, 0x31, 0x6a, 0x49, 0x16, 0xb3, 0x94, 0x67, 0xb2, 0x1d, 0xb3,
0x1e, 0x0d, 0x86, 0x6d, 0x39, 0x4c, 0x99, 0x68, 0x87, 0xec, 0x34, 0x0a, 0xd8, 0x5e, 0x9a, 0x71,
0xc9, 0xf1, 0x3c, 0x60, 0xdb, 0xeb, 0x3d, 0xde, 0xe3, 0x80, 0xb4, 0xf5, 0x9d, 0x21, 0xb7, 0x49,
0x8f, 0xf3, 0x5e, 0xcc, 0xda, 0xf0, 0xd4, 0x1d, 0x1c, 0xb7, 0x65, 0x94, 0x30, 0x21, 0x69, 0x92,
0x16, 0x06, 0x57, 0x67, 0xaf, 0x00, 0xbf, 0xc6, 0xa4, 0xf5, 0x0c, 0x2d, 0xde, 0x83, 0x05, 0x9f,
0xdc, 0xc4, 0x1f, 0xa2, 0xea, 0x27, 0x8c, 0x86, 0x2c, 0x73, 0x4a, 0x57, 0x4a, 0xd7, 0xeb, 0xef,
0x6d, 0xec, 0x19, 0x4b, 0x8f, 0x09, 0x3e, 0xc8, 0x02, 0x66, 0x48, 0xb7, 0xf1, 0x5c, 0x91, 0x0b,
0x2f, 0x14, 0x29, 0xe5, 0x8a, 0x5c, 0xf0, 0x0a, 0x17, 0xdc, 0x46, 0x15, 0x91, 0xb2, 0xc0, 0x99,
0x07, 0xd7, 0xd5, 0xc2, 0xd5, 0x68, 0x1f, 0xa6, 0x2c, 0x70, 0x17, 0x73, 0x45, 0xc0, 0xc4, 0x83,
0xdf, 0xd6, 0x4f, 0xf3, 0x08, 0x4d, 0x68, 0xfc, 0x1f, 0xb4, 0xc0, 0x85, 0xaf, 0xbd, 0x60, 0xf5,
0x9a, 0x5b, 0xcf, 0x15, 0x19, 0x41, 0x5e, 0x95, 0x8b, 0xa3, 0x61, 0xca, 0xf0, 0xdb, 0xa8, 0x46,
0x85, 0x60, 0xd2, 0x97, 0xb4, 0xe7, 0x94, 0xc1, 0xae, 0x99, 0x2b, 0x32, 0x01, 0xbd, 0x45, 0xb8,
0x3d, 0xa2, 0x3d, 0xdc, 0x41, 0xf5, 0x20, 0x63, 0x54, 0x32, 0x5f, 0xc7, 0xc5, 0x99, 0x83, 0x8d,
0x6d, 0xef, 0x99, 0xa0, 0xed, 0x8d, 0x82, 0xb6, 0x77, 0x34, 0x0a, 0x9a, 0xbb, 0x96, 0x2b, 0x62,
0xbb, 0xfc, 0xf8, 0x1b, 0x29, 0x79, 0xc8, 0x00, 0xda, 0x4a, 0x2b, 0x0e, 0xd2, 0x70, 0xac, 0x58,
0x79, 0x33, 0x45, 0xcb, 0xc5, 0x28, 0x1a, 0x00, 0x14, 0xdf, 0x47, 0x4d, 0xd6, 0xcf, 0x78, 0x1c,
0xfb, 0x42, 0x52, 0x39, 0x10, 0x10, 0xbe, 0x9a, 0xbb, 0x9a, 0x2b, 0x32, 0x4d, 0x78, 0x0d, 0xf3,
0x78, 0x08, 0x4f, 0xf8, 0x31, 0xd2, 0xfb, 0x0a, 0x59, 0x5f, 0x46, 0x34, 0x76, 0xaa, 0xb0, 0x91,
0xad, 0xa9, 0x98, 0xdf, 0x1d, 0xd3, 0xae, 0x93, 0x2b, 0xb2, 0x3e, 0x31, 0x7f, 0x87, 0x27, 0x91,
0x64, 0x49, 0x2a, 0x87, 0x9e, 0x25, 0x82, 0x7d, 0xb4, 0x14, 0xf0, 0x38, 0x66, 0x81, 0x64, 0xa1,
0x1f, 0x52, 0x49, 0x9d, 0x85, 0x2b, 0x73, 0xf0, 0x7e, 0x53, 0xb2, 0x23, 0x93, 0x7b, 0x54, 0x52,
0x77, 0x27, 0x57, 0xc4, 0x99, 0xf6, 0xb2, 0xd4, 0x9b, 0x81, 0x6d, 0x8c, 0xf7, 0x51, 0xd5, 0xe4,
0x91, 0xb3, 0x08, 0xfb, 0x5d, 0x9b, 0xce, 0x11, 0xa0, 0xdc, 0xf5, 0x5c, 0x91, 0x15, 0x63, 0x66,
0x29, 0x15, 0x8e, 0xf8, 0x3e, 0x5a, 0x48, 0x33, 0x7e, 0x1c, 0xc5, 0xcc, 0xa9, 0x81, 0xc6, 0xfa,
0x94, 0x46, 0xc7, 0x70, 0xee, 0x46, 0xae, 0xc8, 0x6a, 0x61, 0x68, 0xa9, 0x8c, 0x7c, 0xf1, 0x5b,
0x68, 0x9e, 0x7f, 0xdb, 0x67, 0x99, 0x83, 0x20, 0xda, 0xfa, 0x2b, 0x2d, 0x03, 0x60, 0x19, 0x1b,
0x8b, 0xd6, 0xaf, 0x65, 0xb4, 0xf2, 0x6a, 0x40, 0xf1, 0x26, 0x2a, 0x47, 0x61, 0x91, 0xa6, 0xd5,
0x5c, 0x91, 0x72, 0x14, 0x7a, 0xe5, 0x28, 0xc4, 0x2e, 0x5a, 0x4a, 0x07, 0xdd, 0x38, 0x0a, 0xfc,
0x13, 0x36, 0xf4, 0x75, 0x21, 0xe9, 0x14, 0x6d, 0x98, 0x30, 0x4d, 0x33, 0xd6, 0x4a, 0x0d, 0xc3,
0x3c, 0x60, 0xc3, 0x7b, 0x2c, 0xc3, 0x5f, 0xa2, 0x2d, 0xd3, 0x01, 0x7c, 0x2a, 0xa5, 0x4e, 0x23,
0x19, 0xf1, 0xbe, 0xa9, 0x8b, 0x39, 0x58, 0xf0, 0xbf, 0xb9, 0x22, 0x57, 0xcf, 0x31, 0xb1, 0x54,
0x37, 0x8c, 0xc9, 0xfe, 0xc4, 0x02, 0x0a, 0xe8, 0x01, 0x5a, 0x95, 0x69, 0xe2, 0xb3, 0x93, 0x80,
0x65, 0xd2, 0x17, 0x2c, 0xd3, 0xf9, 0x53, 0x01, 0x61, 0x92, 0x2b, 0x72, 0xe9, 0x0c, 0x69, 0x49,
0x2e, 0xcb, 0x34, 0xb9, 0x0f, 0xdc, 0x21, 0x50, 0xf8, 0x23, 0xd4, 0xd4, 0xf6, 0xf4, 0xc4, 0x37,
0xaf, 0x00, 0xd9, 0xdb, 0x70, 0x2f, 0xe5, 0x8a, 0x6c, 0x4d, 0x11, 0x96, 0x48, 0x5d, 0xa6, 0xc9,
0xfe, 0x49, 0x07, 0xe0, 0xd6, 0x0f, 0x35, 0xb4, 0x36, 0x23, 0xaf, 0xf0, 0x21, 0x6a, 0x14, 0xb9,
0x63, 0x2a, 0xad, 0xf4, 0xda, 0x4a, 0xd3, 0x79, 0x33, 0xe5, 0x03, 0xa5, 0x56, 0x2f, 0x90, 0x51,
0xf5, 0x66, 0x2c, 0xe0, 0x59, 0x68, 0x34, 0xcb, 0x6f, 0x56, 0xbd, 0x96, 0x8b, 0xa9, 0x5e, 0x03,
0x80, 0xa2, 0xd5, 0xb3, 0xe6, 0xce, 0xef, 0x59, 0x1f, 0xa3, 0xa6, 0x09, 0xa5, 0xdf, 0x1f, 0x24,
0x5d, 0x96, 0x15, 0xe1, 0x86, 0x28, 0x4d, 0x11, 0x76, 0x4e, 0x18, 0xe2, 0x11, 0xe0, 0xf8, 0x00,
0xad, 0x24, 0x3c, 0x64, 0xb1, 0x1f, 0x41, 0x06, 0x1e, 0x47, 0x2c, 0x2b, 0x1a, 0xc5, 0x6e, 0xae,
0xc8, 0xf6, 0xab, 0x9c, 0xfd, 0xc9, 0x80, 0x3b, 0x18, 0x53, 0xf8, 0x03, 0x84, 0xb8, 0xf0, 0x4f,
0x59, 0x26, 0x22, 0xde, 0x87, 0xc6, 0x51, 0x33, 0xfd, 0x61, 0x82, 0x5a, 0xee, 0x35, 0x2e, 0x9e,
0x18, 0x10, 0xdf, 0x44, 0x8b, 0x5c, 0xf8, 0xdd, 0x41, 0x14, 0x87, 0xce, 0x02, 0xb8, 0x6d, 0xe6,
0x8a, 0xe0, 0x11, 0x66, 0x97, 0x19, 0x17, 0xae, 0x86, 0xf0, 0x6d, 0x54, 0xe7, 0xc2, 0x1f, 0x08,
0x96, 0xf5, 0x69, 0x62, 0xaa, 0xbe, 0xe6, 0x5e, 0xcc, 0x15, 0xd9, 0xb0, 0x60, 0xbb, 0x1b, 0x71,
0xf1, 0x59, 0x81, 0xe2, 0xc7, 0x68, 0xed, 0x6b, 0x9a, 0x1c, 0xfb, 0xdd, 0xa8, 0x4f, 0xb3, 0xe1,
0x78, 0xc3, 0x35, 0xd0, 0xb8, 0x9a, 0x2b, 0x72, 0x79, 0x06, 0x6d, 0x69, 0xad, 0x6a, 0xda, 0x05,
0x76, 0xf4, 0x06, 0x01, 0xba, 0x98, 0xd0, 0x80, 0x0b, 0xdf, 0x74, 0xd2, 0x84, 0xf5, 0xa5, 0x5f,
0x74, 0x04, 0x51, 0x74, 0x82, 0xff, 0xe7, 0x8a, 0x5c, 0x3b, 0xd7, 0xc8, 0x92, 0xdf, 0x02, 0xa3,
0xfb, 0x63, 0x9b, 0xa2, 0xf3, 0x08, 0xfc, 0x08, 0xe1, 0x0c, 0x46, 0x2e, 0x0b, 0xfd, 0xc9, 0xa4,
0xaa, 0x83, 0xfa, 0x95, 0x5c, 0x91, 0x9d, 0xb3, 0xac, 0x25, 0xbb, 0x32, 0x62, 0xf7, 0x47, 0x43,
0xec, 0x08, 0xad, 0x8b, 0xa1, 0x90, 0x2c, 0xf1, 0xa7, 0x73, 0xa8, 0x01, 0x8a, 0xad, 0x5c, 0x91,
0xdd, 0x59, 0xbc, 0xa5, 0x89, 0x0d, 0x7f, 0x68, 0x27, 0x94, 0x8f, 0x9c, 0x2e, 0x15, 0xcc, 0xef,
0x72, 0x9a, 0x85, 0xaf, 0x28, 0x37, 0x41, 0xf9, 0x7f, 0xb9, 0x22, 0xad, 0xf3, 0x6c, 0xec, 0x36,
0xa3, 0x6d, 0x5c, 0x6d, 0x32, 0xb5, 0xc0, 0xf7, 0xc8, 0xd1, 0x0d, 0x20, 0x8d, 0xa9, 0x3c, 0xe6,
0x59, 0x62, 0x37, 0x2a, 0x67, 0x09, 0x0a, 0xef, 0x72, 0xd1, 0xb9, 0x8f, 0x3a, 0x0f, 0x3b, 0x85,
0x95, 0xd5, 0xab, 0xcc, 0xfa, 0xe7, 0x49, 0x58, 0xeb, 0x6f, 0xca, 0x34, 0x99, 0xe1, 0x8f, 0xaf,
0xa3, 0x79, 0x2e, 0xfc, 0x28, 0x74, 0x96, 0xad, 0x16, 0xaf, 0x01, 0xcb, 0xb7, 0xc2, 0xc5, 0x41,
0xd8, 0xfa, 0x0e, 0x55, 0xf5, 0x1e, 0xee, 0x7a, 0x98, 0xa0, 0xf9, 0xa8, 0x1f, 0xb2, 0x67, 0xd0,
0x6e, 0xe6, 0xdd, 0x5a, 0xae, 0x88, 0x01, 0x3c, 0x73, 0xc1, 0x2d, 0x54, 0x0d, 0xa3, 0x1e, 0x13,
0xb2, 0xe8, 0xeb, 0x28, 0x57, 0xa4, 0x40, 0xbc, 0xe2, 0x8a, 0xdf, 0x45, 0xc8, 0xdc, 0xf9, 0x34,
0xee, 0x41, 0x5b, 0xa8, 0xb8, 0x4b, 0xb9, 0x22, 0x16, 0xea, 0xd5, 0xcc, 0xfd, 0x7e, 0xdc, 0x6b,
0x7d, 0x81, 0x16, 0x8f, 0x3a, 0x0f, 0x1f, 0x0f, 0xb8, 0x64, 0x7a, 0xfd, 0x6f, 0xf4, 0x0d, 0xac,
0xdf, 0x30, 0xeb, 0x03, 0xe0, 0x99, 0x0b, 0xbe, 0x81, 0x6a, 0x22, 0xea, 0xf5, 0xa9, 0x1c, 0x64,
0xac, 0xd8, 0x02, 0x9c, 0x7e, 0xc6, 0xa0, 0x37, 0xb9, 0x6d, 0xfd, 0x5c, 0x42, 0x1b, 0x56, 0x70,
0x3b, 0x34, 0xa3, 0x09, 0x93, 0x2c, 0x13, 0xf8, 0x16, 0xaa, 0x82, 0x9e, 0x70, 0x4a, 0x30, 0xe1,
0x97, 0x27, 0x9f, 0x02, 0x36, 0x62, 0xde, 0xcb, 0x98, 0x78, 0xc5, 0x15, 0xdf, 0x40, 0x95, 0x34,
0xc8, 0x84, 0x53, 0x06, 0x97, 0xa6, 0xf5, 0xf5, 0xee, 0x7a, 0xe6, 0x6c, 0xa7, 0x69, 0x0f, 0x7e,
0xf5, 0x31, 0x8d, 0x9d, 0xea, 0xd2, 0x89, 0xb9, 0x89, 0x41, 0xb1, 0xd1, 0x31, 0xe8, 0x2d, 0xc2,
0xed, 0xa7, 0xbc, 0xd7, 0xfa, 0xa5, 0x84, 0x36, 0x67, 0x27, 0x81, 0x9e, 0xd3, 0x7d, 0xde, 0x0f,
0x46, 0x01, 0x81, 0x8f, 0x08, 0x80, 0x3d, 0xa7, 0x01, 0xc0, 0x29, 0x5a, 0x1b, 0x67, 0x4a, 0x3a,
0x7e, 0xd5, 0xa2, 0xc9, 0xef, 0x9c, 0xcd, 0xb5, 0x49, 0x38, 0x4c, 0x37, 0x99, 0xe1, 0x6c, 0xd7,
0x50, 0x7a, 0xc6, 0xad, 0xd5, 0x41, 0x0d, 0xfb, 0xe4, 0x82, 0x77, 0x50, 0x05, 0xda, 0x9c, 0x39,
0x16, 0x40, 0x44, 0xf4, 0xb3, 0x07, 0xbf, 0x3a, 0x75, 0x78, 0x16, 0xf5, 0xa2, 0x7e, 0x71, 0x6a,
0x85, 0x10, 0x1b, 0xc4, 0x2b, 0xae, 0xad, 0x3f, 0x2b, 0xa8, 0x39, 0x75, 0x90, 0xc1, 0x4f, 0xa7,
0x0f, 0x9c, 0xaf, 0x1f, 0x83, 0x97, 0x75, 0x77, 0xb5, 0x5c, 0x26, 0xef, 0x70, 0xe6, 0xe8, 0x39,
0x6b, 0xa8, 0x94, 0xff, 0x8d, 0xa1, 0x32, 0xf7, 0xf7, 0x86, 0x4a, 0xe5, 0xcd, 0x86, 0xca, 0x1d,
0xd4, 0xb0, 0xa6, 0x87, 0x3e, 0x30, 0xcf, 0x5d, 0xaf, 0xb9, 0xdb, 0xb9, 0x22, 0x9b, 0x36, 0x6e,
0x9f, 0x38, 0x26, 0x63, 0x45, 0x9c, 0x37, 0x57, 0xaa, 0xff, 0x60, 0xae, 0xdc, 0x46, 0x75, 0xf6,
0x4c, 0xea, 0x05, 0x74, 0xbc, 0x8a, 0xe1, 0x08, 0x63, 0xce, 0x82, 0xed, 0x31, 0x37, 0x82, 0x0f,
0x42, 0xfc, 0x39, 0xda, 0x18, 0xbd, 0xac, 0x2f, 0x06, 0x69, 0x1a, 0x33, 0x3d, 0x4d, 0x68, 0x5c,
0x0c, 0xcb, 0x6b, 0xb9, 0x22, 0x64, 0xa6, 0x81, 0xa5, 0xb7, 0x56, 0x84, 0xe6, 0xd0, 0xa2, 0x27,
0xfd, 0xaf, 0xf6, 0x9a, 0xfe, 0xe7, 0xde, 0x79, 0xfe, 0xc7, 0xee, 0x85, 0xe7, 0x2f, 0x77, 0x4b,
0x2f, 0x5e, 0xee, 0x96, 0x7e, 0x7f, 0xb9, 0x5b, 0x7a, 0x7a, 0xa3, 0x17, 0xc9, 0xaf, 0x06, 0xdd,
0xbd, 0x80, 0x27, 0xed, 0x5e, 0x46, 0x4f, 0x23, 0x53, 0x8e, 0x34, 0x6e, 0x8f, 0xff, 0x4f, 0xd2,
0x34, 0x32, 0x7f, 0x23, 0xbb, 0x55, 0xc8, 0xc2, 0x5b, 0x7f, 0x05, 0x00, 0x00, 0xff, 0xff, 0x81,
0x57, 0x28, 0xe7, 0xce, 0x0e, 0x00, 0x00,
}
func (m *DeviceV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DeviceV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DeviceV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Spec != nil {
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintDevice(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
}
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintDevice(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *DeviceSpec) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DeviceSpec) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DeviceSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Owner) > 0 {
i -= len(m.Owner)
copy(dAtA[i:], m.Owner)
i = encodeVarintDevice(dAtA, i, uint64(len(m.Owner)))
i--
dAtA[i] = 0x52
}
if m.Profile != nil {
{
size, err := m.Profile.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintDevice(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
}
if m.Source != nil {
{
size, err := m.Source.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintDevice(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x42
}
if len(m.CollectedData) > 0 {
for iNdEx := len(m.CollectedData) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.CollectedData[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintDevice(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x3a
}
}
if m.Credential != nil {
{
size, err := m.Credential.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintDevice(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
if len(m.EnrollStatus) > 0 {
i -= len(m.EnrollStatus)
copy(dAtA[i:], m.EnrollStatus)
i = encodeVarintDevice(dAtA, i, uint64(len(m.EnrollStatus)))
i--
dAtA[i] = 0x2a
}
if m.UpdateTime != nil {
n6, err6 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.UpdateTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.UpdateTime):])
if err6 != nil {
return 0, err6
}
i -= n6
i = encodeVarintDevice(dAtA, i, uint64(n6))
i--
dAtA[i] = 0x22
}
if m.CreateTime != nil {
n7, err7 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.CreateTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.CreateTime):])
if err7 != nil {
return 0, err7
}
i -= n7
i = encodeVarintDevice(dAtA, i, uint64(n7))
i--
dAtA[i] = 0x1a
}
if len(m.AssetTag) > 0 {
i -= len(m.AssetTag)
copy(dAtA[i:], m.AssetTag)
i = encodeVarintDevice(dAtA, i, uint64(len(m.AssetTag)))
i--
dAtA[i] = 0x12
}
if len(m.OsType) > 0 {
i -= len(m.OsType)
copy(dAtA[i:], m.OsType)
i = encodeVarintDevice(dAtA, i, uint64(len(m.OsType)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *DeviceCredential) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DeviceCredential) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DeviceCredential) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.TpmAkPublic) > 0 {
i -= len(m.TpmAkPublic)
copy(dAtA[i:], m.TpmAkPublic)
i = encodeVarintDevice(dAtA, i, uint64(len(m.TpmAkPublic)))
i--
dAtA[i] = 0x2a
}
if len(m.TpmEkcertSerial) > 0 {
i -= len(m.TpmEkcertSerial)
copy(dAtA[i:], m.TpmEkcertSerial)
i = encodeVarintDevice(dAtA, i, uint64(len(m.TpmEkcertSerial)))
i--
dAtA[i] = 0x22
}
if len(m.DeviceAttestationType) > 0 {
i -= len(m.DeviceAttestationType)
copy(dAtA[i:], m.DeviceAttestationType)
i = encodeVarintDevice(dAtA, i, uint64(len(m.DeviceAttestationType)))
i--
dAtA[i] = 0x1a
}
if len(m.PublicKeyDer) > 0 {
i -= len(m.PublicKeyDer)
copy(dAtA[i:], m.PublicKeyDer)
i = encodeVarintDevice(dAtA, i, uint64(len(m.PublicKeyDer)))
i--
dAtA[i] = 0x12
}
if len(m.Id) > 0 {
i -= len(m.Id)
copy(dAtA[i:], m.Id)
i = encodeVarintDevice(dAtA, i, uint64(len(m.Id)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *DeviceCollectedData) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DeviceCollectedData) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DeviceCollectedData) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.OsId) > 0 {
i -= len(m.OsId)
copy(dAtA[i:], m.OsId)
i = encodeVarintDevice(dAtA, i, uint64(len(m.OsId)))
i--
dAtA[i] = 0x7a
}
if m.TpmPlatformAttestation != nil {
{
size, err := m.TpmPlatformAttestation.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintDevice(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x72
}
if len(m.BaseBoardSerialNumber) > 0 {
i -= len(m.BaseBoardSerialNumber)
copy(dAtA[i:], m.BaseBoardSerialNumber)
i = encodeVarintDevice(dAtA, i, uint64(len(m.BaseBoardSerialNumber)))
i--
dAtA[i] = 0x6a
}
if len(m.SystemSerialNumber) > 0 {
i -= len(m.SystemSerialNumber)
copy(dAtA[i:], m.SystemSerialNumber)
i = encodeVarintDevice(dAtA, i, uint64(len(m.SystemSerialNumber)))
i--
dAtA[i] = 0x62
}
if len(m.ReportedAssetTag) > 0 {
i -= len(m.ReportedAssetTag)
copy(dAtA[i:], m.ReportedAssetTag)
i = encodeVarintDevice(dAtA, i, uint64(len(m.ReportedAssetTag)))
i--
dAtA[i] = 0x5a
}
if len(m.MacosEnrollmentProfiles) > 0 {
i -= len(m.MacosEnrollmentProfiles)
copy(dAtA[i:], m.MacosEnrollmentProfiles)
i = encodeVarintDevice(dAtA, i, uint64(len(m.MacosEnrollmentProfiles)))
i--
dAtA[i] = 0x52
}
if len(m.JamfBinaryVersion) > 0 {
i -= len(m.JamfBinaryVersion)
copy(dAtA[i:], m.JamfBinaryVersion)
i = encodeVarintDevice(dAtA, i, uint64(len(m.JamfBinaryVersion)))
i--
dAtA[i] = 0x4a
}
if len(m.OsUsername) > 0 {
i -= len(m.OsUsername)
copy(dAtA[i:], m.OsUsername)
i = encodeVarintDevice(dAtA, i, uint64(len(m.OsUsername)))
i--
dAtA[i] = 0x42
}
if len(m.OsBuild) > 0 {
i -= len(m.OsBuild)
copy(dAtA[i:], m.OsBuild)
i = encodeVarintDevice(dAtA, i, uint64(len(m.OsBuild)))
i--
dAtA[i] = 0x3a
}
if len(m.OsVersion) > 0 {
i -= len(m.OsVersion)
copy(dAtA[i:], m.OsVersion)
i = encodeVarintDevice(dAtA, i, uint64(len(m.OsVersion)))
i--
dAtA[i] = 0x32
}
if len(m.ModelIdentifier) > 0 {
i -= len(m.ModelIdentifier)
copy(dAtA[i:], m.ModelIdentifier)
i = encodeVarintDevice(dAtA, i, uint64(len(m.ModelIdentifier)))
i--
dAtA[i] = 0x2a
}
if len(m.SerialNumber) > 0 {
i -= len(m.SerialNumber)
copy(dAtA[i:], m.SerialNumber)
i = encodeVarintDevice(dAtA, i, uint64(len(m.SerialNumber)))
i--
dAtA[i] = 0x22
}
if len(m.OsType) > 0 {
i -= len(m.OsType)
copy(dAtA[i:], m.OsType)
i = encodeVarintDevice(dAtA, i, uint64(len(m.OsType)))
i--
dAtA[i] = 0x1a
}
if m.RecordTime != nil {
n9, err9 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.RecordTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.RecordTime):])
if err9 != nil {
return 0, err9
}
i -= n9
i = encodeVarintDevice(dAtA, i, uint64(n9))
i--
dAtA[i] = 0x12
}
if m.CollectTime != nil {
n10, err10 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.CollectTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.CollectTime):])
if err10 != nil {
return 0, err10
}
i -= n10
i = encodeVarintDevice(dAtA, i, uint64(n10))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *TPMPCR) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *TPMPCR) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TPMPCR) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.DigestAlg != 0 {
i = encodeVarintDevice(dAtA, i, uint64(m.DigestAlg))
i--
dAtA[i] = 0x18
}
if len(m.Digest) > 0 {
i -= len(m.Digest)
copy(dAtA[i:], m.Digest)
i = encodeVarintDevice(dAtA, i, uint64(len(m.Digest)))
i--
dAtA[i] = 0x12
}
if m.Index != 0 {
i = encodeVarintDevice(dAtA, i, uint64(m.Index))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *TPMQuote) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *TPMQuote) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TPMQuote) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Signature) > 0 {
i -= len(m.Signature)
copy(dAtA[i:], m.Signature)
i = encodeVarintDevice(dAtA, i, uint64(len(m.Signature)))
i--
dAtA[i] = 0x12
}
if len(m.Quote) > 0 {
i -= len(m.Quote)
copy(dAtA[i:], m.Quote)
i = encodeVarintDevice(dAtA, i, uint64(len(m.Quote)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *TPMPlatformParameters) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *TPMPlatformParameters) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TPMPlatformParameters) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.EventLog) > 0 {
i -= len(m.EventLog)
copy(dAtA[i:], m.EventLog)
i = encodeVarintDevice(dAtA, i, uint64(len(m.EventLog)))
i--
dAtA[i] = 0x1a
}
if len(m.Pcrs) > 0 {
for iNdEx := len(m.Pcrs) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Pcrs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintDevice(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
}
if len(m.Quotes) > 0 {
for iNdEx := len(m.Quotes) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Quotes[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintDevice(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *TPMPlatformAttestation) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *TPMPlatformAttestation) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TPMPlatformAttestation) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.PlatformParameters != nil {
{
size, err := m.PlatformParameters.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintDevice(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
if len(m.Nonce) > 0 {
i -= len(m.Nonce)
copy(dAtA[i:], m.Nonce)
i = encodeVarintDevice(dAtA, i, uint64(len(m.Nonce)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *DeviceSource) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DeviceSource) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DeviceSource) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Origin) > 0 {
i -= len(m.Origin)
copy(dAtA[i:], m.Origin)
i = encodeVarintDevice(dAtA, i, uint64(len(m.Origin)))
i--
dAtA[i] = 0x12
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintDevice(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *DeviceProfile) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DeviceProfile) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DeviceProfile) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.OsId) > 0 {
i -= len(m.OsId)
copy(dAtA[i:], m.OsId)
i = encodeVarintDevice(dAtA, i, uint64(len(m.OsId)))
i--
dAtA[i] = 0x4a
}
if len(m.OsBuildSupplemental) > 0 {
i -= len(m.OsBuildSupplemental)
copy(dAtA[i:], m.OsBuildSupplemental)
i = encodeVarintDevice(dAtA, i, uint64(len(m.OsBuildSupplemental)))
i--
dAtA[i] = 0x42
}
if len(m.ExternalId) > 0 {
i -= len(m.ExternalId)
copy(dAtA[i:], m.ExternalId)
i = encodeVarintDevice(dAtA, i, uint64(len(m.ExternalId)))
i--
dAtA[i] = 0x3a
}
if len(m.JamfBinaryVersion) > 0 {
i -= len(m.JamfBinaryVersion)
copy(dAtA[i:], m.JamfBinaryVersion)
i = encodeVarintDevice(dAtA, i, uint64(len(m.JamfBinaryVersion)))
i--
dAtA[i] = 0x32
}
if len(m.OsUsernames) > 0 {
for iNdEx := len(m.OsUsernames) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.OsUsernames[iNdEx])
copy(dAtA[i:], m.OsUsernames[iNdEx])
i = encodeVarintDevice(dAtA, i, uint64(len(m.OsUsernames[iNdEx])))
i--
dAtA[i] = 0x2a
}
}
if len(m.OsBuild) > 0 {
i -= len(m.OsBuild)
copy(dAtA[i:], m.OsBuild)
i = encodeVarintDevice(dAtA, i, uint64(len(m.OsBuild)))
i--
dAtA[i] = 0x22
}
if len(m.OsVersion) > 0 {
i -= len(m.OsVersion)
copy(dAtA[i:], m.OsVersion)
i = encodeVarintDevice(dAtA, i, uint64(len(m.OsVersion)))
i--
dAtA[i] = 0x1a
}
if len(m.ModelIdentifier) > 0 {
i -= len(m.ModelIdentifier)
copy(dAtA[i:], m.ModelIdentifier)
i = encodeVarintDevice(dAtA, i, uint64(len(m.ModelIdentifier)))
i--
dAtA[i] = 0x12
}
if m.UpdateTime != nil {
n12, err12 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.UpdateTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.UpdateTime):])
if err12 != nil {
return 0, err12
}
i -= n12
i = encodeVarintDevice(dAtA, i, uint64(n12))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func encodeVarintDevice(dAtA []byte, offset int, v uint64) int {
offset -= sovDevice(v)
base := offset
for v >= 1<<7 {
dAtA[offset] = uint8(v&0x7f | 0x80)
v >>= 7
offset++
}
dAtA[offset] = uint8(v)
return base
}
func (m *DeviceV1) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = m.ResourceHeader.Size()
n += 1 + l + sovDevice(uint64(l))
if m.Spec != nil {
l = m.Spec.Size()
n += 1 + l + sovDevice(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DeviceSpec) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.OsType)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.AssetTag)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
if m.CreateTime != nil {
l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.CreateTime)
n += 1 + l + sovDevice(uint64(l))
}
if m.UpdateTime != nil {
l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.UpdateTime)
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.EnrollStatus)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
if m.Credential != nil {
l = m.Credential.Size()
n += 1 + l + sovDevice(uint64(l))
}
if len(m.CollectedData) > 0 {
for _, e := range m.CollectedData {
l = e.Size()
n += 1 + l + sovDevice(uint64(l))
}
}
if m.Source != nil {
l = m.Source.Size()
n += 1 + l + sovDevice(uint64(l))
}
if m.Profile != nil {
l = m.Profile.Size()
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.Owner)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DeviceCredential) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Id)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.PublicKeyDer)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.DeviceAttestationType)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.TpmEkcertSerial)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.TpmAkPublic)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DeviceCollectedData) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.CollectTime != nil {
l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.CollectTime)
n += 1 + l + sovDevice(uint64(l))
}
if m.RecordTime != nil {
l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.RecordTime)
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.OsType)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.SerialNumber)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.ModelIdentifier)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.OsVersion)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.OsBuild)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.OsUsername)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.JamfBinaryVersion)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.MacosEnrollmentProfiles)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.ReportedAssetTag)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.SystemSerialNumber)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.BaseBoardSerialNumber)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
if m.TpmPlatformAttestation != nil {
l = m.TpmPlatformAttestation.Size()
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.OsId)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *TPMPCR) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Index != 0 {
n += 1 + sovDevice(uint64(m.Index))
}
l = len(m.Digest)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
if m.DigestAlg != 0 {
n += 1 + sovDevice(uint64(m.DigestAlg))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *TPMQuote) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Quote)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.Signature)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *TPMPlatformParameters) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Quotes) > 0 {
for _, e := range m.Quotes {
l = e.Size()
n += 1 + l + sovDevice(uint64(l))
}
}
if len(m.Pcrs) > 0 {
for _, e := range m.Pcrs {
l = e.Size()
n += 1 + l + sovDevice(uint64(l))
}
}
l = len(m.EventLog)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *TPMPlatformAttestation) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Nonce)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
if m.PlatformParameters != nil {
l = m.PlatformParameters.Size()
n += 1 + l + sovDevice(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DeviceSource) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.Origin)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DeviceProfile) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.UpdateTime != nil {
l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.UpdateTime)
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.ModelIdentifier)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.OsVersion)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.OsBuild)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
if len(m.OsUsernames) > 0 {
for _, s := range m.OsUsernames {
l = len(s)
n += 1 + l + sovDevice(uint64(l))
}
}
l = len(m.JamfBinaryVersion)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.ExternalId)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.OsBuildSupplemental)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
l = len(m.OsId)
if l > 0 {
n += 1 + l + sovDevice(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func sovDevice(x uint64) (n int) {
return (math_bits.Len64(x|1) + 6) / 7
}
func sozDevice(x uint64) (n int) {
return sovDevice(uint64((x << 1) ^ uint64((int64(x) >> 63))))
}
func (m *DeviceV1) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: DeviceV1: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: DeviceV1: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field ResourceHeader", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if err := m.ResourceHeader.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 5:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.Spec == nil {
m.Spec = &DeviceSpec{}
}
if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipDevice(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthDevice
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *DeviceSpec) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: DeviceSpec: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: DeviceSpec: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field OsType", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.OsType = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field AssetTag", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.AssetTag = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 3:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field CreateTime", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.CreateTime == nil {
m.CreateTime = new(time.Time)
}
if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(m.CreateTime, dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 4:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field UpdateTime", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.UpdateTime == nil {
m.UpdateTime = new(time.Time)
}
if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(m.UpdateTime, dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 5:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field EnrollStatus", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.EnrollStatus = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 6:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Credential", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.Credential == nil {
m.Credential = &DeviceCredential{}
}
if err := m.Credential.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 7:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field CollectedData", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.CollectedData = append(m.CollectedData, &DeviceCollectedData{})
if err := m.CollectedData[len(m.CollectedData)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 8:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Source", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.Source == nil {
m.Source = &DeviceSource{}
}
if err := m.Source.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 9:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Profile", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.Profile == nil {
m.Profile = &DeviceProfile{}
}
if err := m.Profile.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 10:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Owner", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Owner = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipDevice(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthDevice
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *DeviceCredential) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: DeviceCredential: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: DeviceCredential: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Id", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Id = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field PublicKeyDer", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.PublicKeyDer = append(m.PublicKeyDer[:0], dAtA[iNdEx:postIndex]...)
if m.PublicKeyDer == nil {
m.PublicKeyDer = []byte{}
}
iNdEx = postIndex
case 3:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field DeviceAttestationType", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.DeviceAttestationType = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 4:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field TpmEkcertSerial", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.TpmEkcertSerial = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 5:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field TpmAkPublic", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.TpmAkPublic = append(m.TpmAkPublic[:0], dAtA[iNdEx:postIndex]...)
if m.TpmAkPublic == nil {
m.TpmAkPublic = []byte{}
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipDevice(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthDevice
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *DeviceCollectedData) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: DeviceCollectedData: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: DeviceCollectedData: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field CollectTime", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.CollectTime == nil {
m.CollectTime = new(time.Time)
}
if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(m.CollectTime, dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field RecordTime", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.RecordTime == nil {
m.RecordTime = new(time.Time)
}
if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(m.RecordTime, dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 3:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field OsType", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.OsType = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 4:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field SerialNumber", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.SerialNumber = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 5:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field ModelIdentifier", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.ModelIdentifier = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 6:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field OsVersion", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.OsVersion = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 7:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field OsBuild", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.OsBuild = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 8:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field OsUsername", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.OsUsername = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 9:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field JamfBinaryVersion", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.JamfBinaryVersion = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 10:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field MacosEnrollmentProfiles", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.MacosEnrollmentProfiles = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 11:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field ReportedAssetTag", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.ReportedAssetTag = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 12:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field SystemSerialNumber", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.SystemSerialNumber = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 13:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field BaseBoardSerialNumber", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.BaseBoardSerialNumber = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 14:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field TpmPlatformAttestation", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.TpmPlatformAttestation == nil {
m.TpmPlatformAttestation = &TPMPlatformAttestation{}
}
if err := m.TpmPlatformAttestation.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 15:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field OsId", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.OsId = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipDevice(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthDevice
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *TPMPCR) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: TPMPCR: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: TPMPCR: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field Index", wireType)
}
m.Index = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.Index |= int32(b&0x7F) << shift
if b < 0x80 {
break
}
}
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Digest", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Digest = append(m.Digest[:0], dAtA[iNdEx:postIndex]...)
if m.Digest == nil {
m.Digest = []byte{}
}
iNdEx = postIndex
case 3:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field DigestAlg", wireType)
}
m.DigestAlg = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.DigestAlg |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
default:
iNdEx = preIndex
skippy, err := skipDevice(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthDevice
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *TPMQuote) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: TPMQuote: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: TPMQuote: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Quote", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Quote = append(m.Quote[:0], dAtA[iNdEx:postIndex]...)
if m.Quote == nil {
m.Quote = []byte{}
}
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Signature", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Signature = append(m.Signature[:0], dAtA[iNdEx:postIndex]...)
if m.Signature == nil {
m.Signature = []byte{}
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipDevice(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthDevice
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *TPMPlatformParameters) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: TPMPlatformParameters: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: TPMPlatformParameters: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Quotes", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Quotes = append(m.Quotes, &TPMQuote{})
if err := m.Quotes[len(m.Quotes)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Pcrs", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Pcrs = append(m.Pcrs, &TPMPCR{})
if err := m.Pcrs[len(m.Pcrs)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 3:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field EventLog", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.EventLog = append(m.EventLog[:0], dAtA[iNdEx:postIndex]...)
if m.EventLog == nil {
m.EventLog = []byte{}
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipDevice(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthDevice
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *TPMPlatformAttestation) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: TPMPlatformAttestation: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: TPMPlatformAttestation: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Nonce", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Nonce = append(m.Nonce[:0], dAtA[iNdEx:postIndex]...)
if m.Nonce == nil {
m.Nonce = []byte{}
}
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field PlatformParameters", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.PlatformParameters == nil {
m.PlatformParameters = &TPMPlatformParameters{}
}
if err := m.PlatformParameters.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipDevice(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthDevice
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *DeviceSource) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: DeviceSource: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: DeviceSource: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Name = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Origin", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Origin = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipDevice(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthDevice
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *DeviceProfile) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: DeviceProfile: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: DeviceProfile: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field UpdateTime", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.UpdateTime == nil {
m.UpdateTime = new(time.Time)
}
if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(m.UpdateTime, dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field ModelIdentifier", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.ModelIdentifier = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 3:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field OsVersion", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.OsVersion = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 4:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field OsBuild", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.OsBuild = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 5:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field OsUsernames", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.OsUsernames = append(m.OsUsernames, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
case 6:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field JamfBinaryVersion", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.JamfBinaryVersion = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 7:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field ExternalId", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.ExternalId = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 8:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field OsBuildSupplemental", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.OsBuildSupplemental = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 9:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field OsId", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.OsId = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipDevice(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthDevice
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func skipDevice(dAtA []byte) (n int, err error) {
l := len(dAtA)
iNdEx := 0
depth := 0
for iNdEx < l {
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowDevice
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
wireType := int(wire & 0x7)
switch wireType {
case 0:
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowDevice
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
iNdEx++
if dAtA[iNdEx-1] < 0x80 {
break
}
}
case 1:
iNdEx += 8
case 2:
var length int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowDevice
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
length |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
if length < 0 {
return 0, ErrInvalidLengthDevice
}
iNdEx += length
case 3:
depth++
case 4:
if depth == 0 {
return 0, ErrUnexpectedEndOfGroupDevice
}
depth--
case 5:
iNdEx += 4
default:
return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
}
if iNdEx < 0 {
return 0, ErrInvalidLengthDevice
}
if depth == 0 {
return iNdEx, nil
}
}
return 0, io.ErrUnexpectedEOF
}
var (
ErrInvalidLengthDevice = fmt.Errorf("proto: negative length found during unmarshaling")
ErrIntOverflowDevice = fmt.Errorf("proto: integer overflow")
ErrUnexpectedEndOfGroupDevice = fmt.Errorf("proto: unexpected end of group")
)
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"encoding/json"
"fmt"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/constants"
)
// Duration is a wrapper around duration to set up custom marshal/unmarshal
type Duration time.Duration
// Duration returns time.Duration from Duration typex
func (d Duration) Duration() time.Duration {
return time.Duration(d)
}
// Value returns time.Duration value of this wrapper
func (d Duration) Value() time.Duration {
return time.Duration(d)
}
// MarshalJSON marshals Duration to string
func (d Duration) MarshalJSON() ([]byte, error) {
return json.Marshal(d.Duration().String())
}
// UnmarshalJSON interprets the given bytes as a Duration value
func (d *Duration) UnmarshalJSON(data []byte) error {
if len(data) == 0 {
return nil
}
var stringVar string
if err := json.Unmarshal(data, &stringVar); err != nil {
return trace.Wrap(err)
}
if stringVar == constants.DurationNever {
*d = Duration(0)
return nil
}
out, err := parseDuration(stringVar)
if err != nil {
return trace.BadParameter("%s", err)
}
*d = out
return nil
}
// MarshalYAML marshals duration into YAML value,
// encodes it as a string in format "1m"
func (d Duration) MarshalYAML() (interface{}, error) {
return fmt.Sprintf("%v", d.Duration()), nil
}
// UnmarshalYAML unmarshals duration from YAML value.
func (d *Duration) UnmarshalYAML(unmarshal func(interface{}) error) error {
var stringVar string
if err := unmarshal(&stringVar); err != nil {
return trace.Wrap(err)
}
if stringVar == constants.DurationNever {
*d = Duration(0)
return nil
}
out, err := parseDuration(stringVar)
if err != nil {
return trace.BadParameter("%s", err)
}
*d = out
return nil
}
// MaxDuration returns the maximum duration value
func MaxDuration() Duration {
return NewDuration(1<<63 - 1)
}
// NewDuration converts the given time.Duration value to a duration
func NewDuration(d time.Duration) Duration {
return Duration(d)
}
// leadingInt consumes the leading [0-9]* from s.
func leadingInt(s string) (x int64, rem string, err error) {
i := 0
for ; i < len(s); i++ {
c := s[i]
if c < '0' || c > '9' {
break
}
if x > (1<<63-1)/10 {
// overflow
return 0, "", trace.BadParameter("time: bad [0-9]*")
}
x = x*10 + int64(c) - '0'
if x < 0 {
// overflow
return 0, "", trace.BadParameter("time: bad [0-9]*")
}
}
return x, s[i:], nil
}
// leadingFraction consumes the leading [0-9]* from s.
// It is used only for fractions, so does not return an error on overflow,
// it just stops accumulating precision.
func leadingFraction(s string) (x int64, scale float64, rem string) {
i := 0
scale = 1
overflow := false
for ; i < len(s); i++ {
c := s[i]
if c < '0' || c > '9' {
break
}
if overflow {
continue
}
if x > (1<<63-1)/10 {
// It's possible for overflow to give a positive number, so take care.
overflow = true
continue
}
y := x*10 + int64(c) - '0'
if y < 0 {
overflow = true
continue
}
x = y
scale *= 10
}
return x, scale, s[i:]
}
var unitMap = map[string]int64{
"ns": int64(time.Nanosecond),
"us": int64(time.Microsecond),
"µs": int64(time.Microsecond), // U+00B5 = micro symbol
"μs": int64(time.Microsecond), // U+03BC = Greek letter mu
"ms": int64(time.Millisecond),
"s": int64(time.Second),
"m": int64(time.Minute),
"h": int64(time.Hour),
"d": int64(time.Hour * 24),
"mo": int64(time.Hour * 24 * 30),
"y": int64(time.Hour * 24 * 365),
}
// parseDuration parses a duration string.
// A duration string is a possibly signed sequence of
// decimal numbers, each with optional fraction and a unit suffix,
// such as "300ms", "-1.5h" or "2h45m".
// Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h".
func parseDuration(s string) (Duration, error) {
// [-+]?([0-9]*(\.[0-9]*)?[a-z]+)+
orig := s
var d int64
neg := false
// Consume [-+]?
if s != "" {
c := s[0]
if c == '-' || c == '+' {
neg = c == '-'
s = s[1:]
}
}
// Special case: if all that is left is "0", this is zero.
if s == "0" {
return 0, nil
}
if s == "" {
return 0, trace.BadParameter("time: invalid duration %q", orig)
}
for s != "" {
var (
v, f int64 // integers before, after decimal point
scale float64 = 1 // value = v + f/scale
)
var err error
// The next character must be [0-9.]
if s[0] != '.' && (s[0] < '0' || s[0] > '9') {
return 0, trace.BadParameter("time: invalid duration %q", orig)
}
// Consume [0-9]*
pl := len(s)
v, s, err = leadingInt(s)
if err != nil {
return 0, trace.BadParameter("time: invalid duration %q", orig)
}
pre := pl != len(s) // whether we consumed anything before a period
// Consume (\.[0-9]*)?
post := false
if s != "" && s[0] == '.' {
s = s[1:]
pl := len(s)
f, scale, s = leadingFraction(s)
post = pl != len(s)
}
if !pre && !post {
// no digits (e.g. ".s" or "-.s")
return 0, trace.BadParameter("time: invalid duration %q", orig)
}
// Consume unit.
i := 0
for ; i < len(s); i++ {
c := s[i]
if c == '.' || '0' <= c && c <= '9' {
break
}
}
if i == 0 {
return 0, trace.BadParameter("time: missing unit in duration %q", orig)
}
u := s[:i]
s = s[i:]
unit, ok := unitMap[u]
if !ok {
return 0, trace.BadParameter("time: unknown unit in duration %q", orig)
}
if v > (1<<63-1)/unit {
// overflow
return 0, trace.BadParameter("time: invalid duration %q", orig)
}
v *= unit
if f > 0 {
// float64 is needed to be nanosecond accurate for fractions of hours.
// v >= 0 && (f*unit/scale) <= 3.6e+12 (ns/h, h is the largest unit)
v += int64(float64(f) * (float64(unit) / scale))
if v < 0 {
// overflow
return 0, trace.BadParameter("time: invalid duration %q", orig)
}
}
d += v
if d < 0 {
// overflow
return 0, trace.BadParameter("time: invalid duration %q", orig)
}
}
if neg {
d = -d
}
return Duration(d), nil
}
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"context"
"fmt"
"github.com/gravitational/trace"
)
// String returns text description of this event
func (r Event) String() string {
if r.Type == OpDelete {
return fmt.Sprintf("%v(%v/%v)", r.Type, r.Resource.GetKind(), r.Resource.GetSubKind())
}
return fmt.Sprintf("%v(%v)", r.Type, r.Resource)
}
// Event represents an event that happened in the backend
type Event struct {
// Type is the event type
Type OpType
// Resource is a modified or deleted resource
// in case of deleted resources, only resource header
// will be provided
Resource Resource
}
// OpType specifies operation type
type OpType int
const (
// OpUnreliable is used to indicate the event stream has become unreliable
// for maintaining an up-to-date view of the data.
OpUnreliable OpType = iota - 2
// OpInvalid is returned for invalid operations
OpInvalid
// OpInit is returned by the system whenever the system
// is initialized, init operation is always sent
// as a first event over the channel, so the client
// can verify that watch has been established.
OpInit
// OpPut is returned for Put events
OpPut
// OpDelete is returned for Delete events
OpDelete
// OpGet is used for tracking, not present in the event stream
OpGet
)
// String returns user-friendly description of the operation
func (o OpType) String() string {
switch o {
case OpUnreliable:
return "Unreliable"
case OpInvalid:
return "Invalid"
case OpInit:
return "Init"
case OpPut:
return "Put"
case OpDelete:
return "Delete"
case OpGet:
return "Get"
default:
return "unknown"
}
}
// Watch sets up watch on the event
type Watch struct {
// Name is used for debugging purposes
Name string
// Kinds specifies kinds of objects to watch
// and whether to load secret data for them
Kinds []WatchKind
// QueueSize is an optional queue size
QueueSize int
// MetricComponent is used for reporting
MetricComponent string
// AllowPartialSuccess enables a mode in which a watch will succeed if some of the requested kinds aren't available.
// When this is set, the client must inspect the WatchStatus resource attached to the first OpInit event emitted
// by the watcher for a list of kinds confirmed by the event source. Kinds requested but omitted from the confirmation
// will not be included in the event stream.
// If AllowPartialSuccess was set, but OpInit doesn't have a resource attached, it means that the event source
// doesn't support partial success and all requested resource kinds should be considered confirmed.
AllowPartialSuccess bool
}
// Matches attempts to determine if the supplied event matches
// this WatchKind. If the WatchKind is misconfigured, or the
// event appears malformed, an error is returned.
func (kind WatchKind) Matches(e Event) (bool, error) {
if kind.Kind != e.Resource.GetKind() {
return false, nil
}
if kind.Name != "" && kind.Name != e.Resource.GetName() {
return false, nil
}
// we don't have a good model for filtering non-put events,
// so only apply filters to OpPut events.
if len(kind.Filter) > 0 && e.Type == OpPut {
switch res := e.Resource.(type) {
case AccessRequest:
var filter AccessRequestFilter
if err := filter.FromMap(kind.Filter); err != nil {
return false, trace.Wrap(err)
}
return filter.Match(res), nil
case WebSession:
var filter WebSessionFilter
if err := filter.FromMap(kind.Filter); err != nil {
return false, trace.Wrap(err)
}
return filter.Match(res), nil
case Lock:
var target LockTarget
if err := target.FromMap(kind.Filter); err != nil {
return false, trace.Wrap(err)
}
return target.Match(res), nil
case CertAuthority:
var filter CertAuthorityFilter
filter.FromMap(kind.Filter)
return filter.Match(res), nil
case *HeadlessAuthentication:
var filter HeadlessAuthenticationFilter
filter.FromMap(kind.Filter)
return filter.Match(res), nil
default:
// we don't know about this filter, let the event through
}
}
return true, nil
}
// IsTrivial returns true iff the WatchKind only specifies a Kind but no other field.
func (kind WatchKind) IsTrivial() bool {
return kind.SubKind == "" && kind.Name == "" && kind.Version == "" && !kind.LoadSecrets && len(kind.Filter) == 0
}
// Contains determines whether kind (receiver) targets exactly the same or a wider scope of events as the given subset kind.
// Generally this means that if kind specifies a filter, its subset must have exactly the same or a narrower one.
// Currently, does not take resource versions into account.
func (kind WatchKind) Contains(subset WatchKind) bool {
// kind and subkind must always be equal
if kind.Kind != subset.Kind || kind.SubKind != subset.SubKind {
return false
}
if kind.Name != "" && kind.Name != subset.Name {
return false
}
if !kind.LoadSecrets && subset.LoadSecrets {
return false
}
if kind.Kind == KindCertAuthority {
var a, b CertAuthorityFilter
a.FromMap(kind.Filter)
b.FromMap(subset.Filter)
return a.Contains(b)
}
for k, v := range kind.Filter {
if subset.Filter[k] != v {
return false
}
}
return true
}
// Events returns new events interface
type Events interface {
// NewWatcher returns a new event watcher
NewWatcher(ctx context.Context, watch Watch) (Watcher, error)
}
// Watcher returns watcher
type Watcher interface {
// Events returns channel with events
Events() <-chan Event
// Done returns the channel signaling the closure
Done() <-chan struct{}
// Close closes the watcher and releases
// all associated resources
Close() error
// Error returns error associated with watcher
Error() error
}
/*
Copyright 2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"encoding/json"
"github.com/gravitational/trace"
)
var certExtensionTypeName = map[CertExtensionType]string{
CertExtensionType_SSH: "ssh",
}
var certExtensionTypeValue = map[string]CertExtensionType{
"ssh": CertExtensionType_SSH,
}
func (t CertExtensionType) MarshalJSON() ([]byte, error) {
name, ok := certExtensionTypeName[t]
if !ok {
return nil, trace.Errorf("invalid certificate extension type: %q", t)
}
return json.Marshal(name)
}
func (t *CertExtensionType) UnmarshalJSON(b []byte) error {
var anyVal any
if err := json.Unmarshal(b, &anyVal); err != nil {
return err
}
switch val := anyVal.(type) {
case string:
enumVal, ok := certExtensionTypeValue[val]
if !ok {
return trace.Errorf("invalid certificate extension type: %q", string(b))
}
*t = enumVal
return nil
case int32:
return t.setFromEnum(val)
case int:
return t.setFromEnum(int32(val))
case int64:
return t.setFromEnum(int32(val))
case float64:
return trace.Wrap(t.setFromEnum(int32(val)))
case float32:
return trace.Wrap(t.setFromEnum(int32(val)))
default:
return trace.BadParameter("unexpected type %T", val)
}
}
// setFromEnum sets the value from enum value as int32.
func (t *CertExtensionType) setFromEnum(val int32) error {
if _, ok := CertExtensionType_name[val]; !ok {
return trace.BadParameter("invalid cert extension mode %v", val)
}
*t = CertExtensionType(val)
return nil
}
var certExtensionModeName = map[CertExtensionMode]string{
CertExtensionMode_EXTENSION: "extension",
}
var certExtensionModeValue = map[string]CertExtensionMode{
"extension": CertExtensionMode_EXTENSION,
}
func (t CertExtensionMode) MarshalJSON() ([]byte, error) {
name, ok := certExtensionModeName[t]
if !ok {
return nil, trace.Errorf("invalid certificate extension mode: %q", t)
}
return json.Marshal(name)
}
func (t *CertExtensionMode) UnmarshalJSON(b []byte) error {
var anyVal any
if err := json.Unmarshal(b, &anyVal); err != nil {
return err
}
switch val := anyVal.(type) {
case string:
enumVal, ok := certExtensionModeValue[val]
if !ok {
return trace.Errorf("invalid certificate extension mode: %q", string(b))
}
*t = enumVal
return nil
case int32:
return t.setFromEnum(val)
case int:
return t.setFromEnum(int32(val))
case int64:
return t.setFromEnum(int32(val))
case float64:
return trace.Wrap(t.setFromEnum(int32(val)))
case float32:
return trace.Wrap(t.setFromEnum(int32(val)))
default:
return trace.BadParameter("unexpected type %T", val)
}
}
// setFromEnum sets the value from enum value as int32.
func (t *CertExtensionMode) setFromEnum(val int32) error {
if _, ok := CertExtensionMode_name[val]; !ok {
return trace.BadParameter("invalid cert extension mode %v", val)
}
*t = CertExtensionMode(val)
return nil
}
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"context"
"log/slog"
"time"
"github.com/gravitational/trace"
"golang.org/x/crypto/ssh"
"github.com/gravitational/teleport/api/defaults"
"github.com/gravitational/teleport/api/utils"
)
const (
GithubURL = "https://github.com"
GithubAPIURL = "https://api.github.com"
)
// GithubConnector defines an interface for a Github OAuth2 connector
type GithubConnector interface {
// ResourceWithSecrets is a common interface for all resources
ResourceWithSecrets
ResourceWithOrigin
// SetMetadata sets object metadata
SetMetadata(meta Metadata)
// GetClientID returns the connector client ID
GetClientID() string
// SetClientID sets the connector client ID
SetClientID(string)
// GetClientSecret returns the connector client secret
GetClientSecret() string
// SetClientSecret sets the connector client secret
SetClientSecret(string)
// GetRedirectURL returns the connector redirect URL
GetRedirectURL() string
// SetRedirectURL sets the connector redirect URL
SetRedirectURL(string)
// GetTeamsToLogins returns the mapping of Github teams to allowed logins
GetTeamsToLogins() []TeamMapping
// SetTeamsToLogins sets the mapping of Github teams to allowed logins
SetTeamsToLogins([]TeamMapping)
// GetTeamsToRoles returns the mapping of Github teams to allowed roles
GetTeamsToRoles() []TeamRolesMapping
// SetTeamsToRoles sets the mapping of Github teams to allowed roles
SetTeamsToRoles([]TeamRolesMapping)
// MapClaims returns the list of allows logins based on the retrieved claims
// returns list of logins and kubernetes groups
MapClaims(GithubClaims) (roles []string, kubeGroups []string, kubeUsers []string)
// GetDisplay returns the connector display name
GetDisplay() string
// SetDisplay sets the connector display name
SetDisplay(string)
// GetEndpointURL returns the endpoint URL
GetEndpointURL() string
// GetAPIEndpointURL returns the API endpoint URL
GetAPIEndpointURL() string
// GetClientRedirectSettings returns the client redirect settings.
GetClientRedirectSettings() *SSOClientRedirectSettings
// GetUserMatchers returns the set of glob patterns to narrow down which username(s) this auth connector should
// match for identifier-first login.
GetUserMatchers() []string
// SetUserMatchers sets the set of glob patterns to narrow down which username(s) this auth connector should match
// for identifier-first login.
SetUserMatchers([]string)
}
// NewGithubConnector creates a new Github connector from name and spec
func NewGithubConnector(name string, spec GithubConnectorSpecV3) (GithubConnector, error) {
c := &GithubConnectorV3{
Metadata: Metadata{
Name: name,
},
Spec: spec,
}
if err := c.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return c, nil
}
// GetVersion returns resource version
func (c *GithubConnectorV3) GetVersion() string {
return c.Version
}
// GetKind returns resource kind
func (c *GithubConnectorV3) GetKind() string {
return c.Kind
}
// GetSubKind returns resource sub kind
func (c *GithubConnectorV3) GetSubKind() string {
return c.SubKind
}
// SetSubKind sets resource subkind
func (c *GithubConnectorV3) SetSubKind(s string) {
c.SubKind = s
}
// GetRevision returns the revision
func (c *GithubConnectorV3) GetRevision() string {
return c.Metadata.GetRevision()
}
// SetRevision sets the revision
func (c *GithubConnectorV3) SetRevision(rev string) {
c.Metadata.SetRevision(rev)
}
// GetName returns the name of the connector
func (c *GithubConnectorV3) GetName() string {
return c.Metadata.GetName()
}
// SetName sets the connector name
func (c *GithubConnectorV3) SetName(name string) {
c.Metadata.SetName(name)
}
// Expiry returns the connector expiration time
func (c *GithubConnectorV3) Expiry() time.Time {
return c.Metadata.Expiry()
}
// SetExpiry sets the connector expiration time
func (c *GithubConnectorV3) SetExpiry(expires time.Time) {
c.Metadata.SetExpiry(expires)
}
// SetMetadata sets connector metadata
func (c *GithubConnectorV3) SetMetadata(meta Metadata) {
c.Metadata = meta
}
// GetMetadata returns the connector metadata
func (c *GithubConnectorV3) GetMetadata() Metadata {
return c.Metadata
}
// Origin returns the origin value of the resource.
func (c *GithubConnectorV3) Origin() string {
return c.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (c *GithubConnectorV3) SetOrigin(origin string) {
c.Metadata.SetOrigin(origin)
}
// WithoutSecrets returns an instance of resource without secrets.
func (c *GithubConnectorV3) WithoutSecrets() Resource {
if c.GetClientSecret() == "" {
return c
}
c2 := *c
c2.SetClientSecret("")
return &c2
}
// setStaticFields sets static resource header and metadata fields.
func (c *GithubConnectorV3) setStaticFields() {
c.Kind = KindGithubConnector
c.Version = V3
}
// CheckAndSetDefaults verifies the connector is valid and sets some defaults
func (c *GithubConnectorV3) CheckAndSetDefaults() error {
c.setStaticFields()
if err := c.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
// DELETE IN 11.0.0
if len(c.Spec.TeamsToLogins) > 0 {
slog.WarnContext(context.Background(), "GitHub connector field teams_to_logins is deprecated and will be removed in the next version. Please use teams_to_roles instead.")
}
// make sure claim mappings have either roles or a role template
for i, v := range c.Spec.TeamsToLogins {
if v.Team == "" {
return trace.BadParameter("team_to_logins mapping #%v is invalid, team is empty.", i+1)
}
}
for i, v := range c.Spec.TeamsToRoles {
if v.Team == "" {
return trace.BadParameter("team_to_roles mapping #%v is invalid, team is empty.", i+1)
}
}
if len(c.Spec.TeamsToLogins)+len(c.Spec.TeamsToRoles) == 0 {
return trace.BadParameter("team_to_logins or team_to_roles mapping is invalid, no mappings defined.")
}
return nil
}
// GetClientID returns the connector client ID
func (c *GithubConnectorV3) GetClientID() string {
return c.Spec.ClientID
}
// SetClientID sets the connector client ID
func (c *GithubConnectorV3) SetClientID(id string) {
c.Spec.ClientID = id
}
// GetClientSecret returns the connector client secret
func (c *GithubConnectorV3) GetClientSecret() string {
return c.Spec.ClientSecret
}
// SetClientSecret sets the connector client secret
func (c *GithubConnectorV3) SetClientSecret(secret string) {
c.Spec.ClientSecret = secret
}
// GetRedirectURL returns the connector redirect URL
func (c *GithubConnectorV3) GetRedirectURL() string {
return c.Spec.RedirectURL
}
// SetRedirectURL sets the connector redirect URL
func (c *GithubConnectorV3) SetRedirectURL(redirectURL string) {
c.Spec.RedirectURL = redirectURL
}
// GetTeamsToLogins returns the connector team membership mappings
//
// DEPRECATED: use GetTeamsToRoles instead
func (c *GithubConnectorV3) GetTeamsToLogins() []TeamMapping {
return c.Spec.TeamsToLogins
}
// SetTeamsToLogins sets the connector team membership mappings
//
// DEPRECATED: use SetTeamsToRoles instead
func (c *GithubConnectorV3) SetTeamsToLogins(teamsToLogins []TeamMapping) {
c.Spec.TeamsToLogins = teamsToLogins
}
// GetTeamsToRoles returns the mapping of Github teams to allowed roles
func (c *GithubConnectorV3) GetTeamsToRoles() []TeamRolesMapping {
return c.Spec.TeamsToRoles
}
// SetTeamsToRoles sets the mapping of Github teams to allowed roles
func (c *GithubConnectorV3) SetTeamsToRoles(m []TeamRolesMapping) {
c.Spec.TeamsToRoles = m
}
// GetDisplay returns the connector display name
func (c *GithubConnectorV3) GetDisplay() string {
return c.Spec.Display
}
// SetDisplay sets the connector display name
func (c *GithubConnectorV3) SetDisplay(display string) {
c.Spec.Display = display
}
// GetEndpointURL returns the endpoint URL
func (c *GithubConnectorV3) GetEndpointURL() string {
return GithubURL
}
// GetEndpointURL returns the API endpoint URL
func (c *GithubConnectorV3) GetAPIEndpointURL() string {
return GithubAPIURL
}
// GetClientRedirectSettings returns the client redirect settings.
func (c *GithubConnectorV3) GetClientRedirectSettings() *SSOClientRedirectSettings {
if c == nil {
return nil
}
return c.Spec.ClientRedirectSettings
}
// MapClaims returns a list of logins based on the provided claims,
// returns a list of logins and list of kubernetes groups
func (c *GithubConnectorV3) MapClaims(claims GithubClaims) ([]string, []string, []string) {
var roles, kubeGroups, kubeUsers []string
for _, mapping := range c.GetTeamsToLogins() {
teams, ok := claims.OrganizationToTeams[mapping.Organization]
if !ok {
// the user does not belong to this organization
continue
}
for _, team := range teams {
// see if the user belongs to this team
if team == mapping.Team {
roles = append(roles, mapping.Logins...)
kubeGroups = append(kubeGroups, mapping.KubeGroups...)
kubeUsers = append(kubeUsers, mapping.KubeUsers...)
}
}
}
for _, mapping := range c.GetTeamsToRoles() {
teams, ok := claims.OrganizationToTeams[mapping.Organization]
if !ok {
// the user does not belong to this organization
continue
}
for _, team := range teams {
// see if the user belongs to this team
if team == mapping.Team {
roles = append(roles, mapping.Roles...)
}
}
}
return utils.Deduplicate(roles), utils.Deduplicate(kubeGroups), utils.Deduplicate(kubeUsers)
}
// GetUserMatchers returns the set of glob patterns to narrow down which username(s) this auth connector should
// match for identifier-first login.
func (r *GithubConnectorV3) GetUserMatchers() []string {
if r.Spec.UserMatchers == nil {
return nil
}
return r.Spec.UserMatchers
}
// SetUserMatchers sets the set of glob patterns to narrow down which username(s) this auth connector should match
// for identifier-first login.
func (r *GithubConnectorV3) SetUserMatchers(userMatchers []string) {
r.Spec.UserMatchers = userMatchers
}
// SetExpiry sets expiry time for the object
func (r *GithubAuthRequest) SetExpiry(expires time.Time) {
r.Expires = &expires
}
// Expiry returns object expiry setting.
func (r *GithubAuthRequest) Expiry() time.Time {
if r.Expires == nil {
return time.Time{}
}
return *r.Expires
}
// Check makes sure the request is valid
func (r *GithubAuthRequest) Check() error {
authenticatedUserFlow := r.AuthenticatedUser != ""
regularLoginFlow := !r.SSOTestFlow && !authenticatedUserFlow
switch {
case r.ConnectorID == "":
return trace.BadParameter("missing ConnectorID")
case r.StateToken == "":
return trace.BadParameter("missing StateToken")
// we could collapse these two checks into one, but the error message would become ambiguous.
case r.SSOTestFlow && r.ConnectorSpec == nil:
return trace.BadParameter("ConnectorSpec cannot be nil when SSOTestFlow is true")
case authenticatedUserFlow && r.ConnectorSpec == nil:
return trace.BadParameter("ConnectorSpec cannot be nil for authenticated user")
case regularLoginFlow && r.ConnectorSpec != nil:
return trace.BadParameter("ConnectorSpec must be nil")
}
if len(r.SshPublicKey) > 0 {
_, _, _, _, err := ssh.ParseAuthorizedKey(r.SshPublicKey)
if err != nil {
return trace.BadParameter("bad SSH public key: %v", err)
}
}
if (len(r.SshPublicKey) != 0 || len(r.TlsPublicKey) != 0) &&
(r.CertTTL > defaults.MaxCertDuration || r.CertTTL < defaults.MinCertDuration) {
return trace.BadParameter("wrong CertTTL")
}
return nil
}
/*
Copyright 2023 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"time"
"github.com/gravitational/trace"
)
// NewHeadlessAuthentication creates a new a headless authentication resource.
func NewHeadlessAuthentication(username, name string, expires time.Time) (*HeadlessAuthentication, error) {
ha := &HeadlessAuthentication{
ResourceHeader: ResourceHeader{
Metadata: Metadata{
Name: name,
Expires: &expires,
},
},
User: username,
}
return ha, ha.CheckAndSetDefaults()
}
// CheckAndSetDefaults does basic validation and default setting.
func (h *HeadlessAuthentication) CheckAndSetDefaults() error {
h.setStaticFields()
if err := h.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if h.Metadata.Expires == nil || h.Metadata.Expires.IsZero() {
return trace.BadParameter("headless authentication resource must have non-zero header.metadata.expires")
}
if h.User == "" {
return trace.BadParameter("headless authentication resource must have non-empty user")
}
if h.Version == "" {
h.Version = V1
}
return nil
}
// setStaticFields sets static resource header and metadata fields.
func (h *HeadlessAuthentication) setStaticFields() {
h.Kind = KindHeadlessAuthentication
}
// Stringify returns the readable string for a headless authentication state.
func (h HeadlessAuthenticationState) Stringify() string {
switch h {
case HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_PENDING:
return "pending"
case HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_DENIED:
return "denied"
case HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_APPROVED:
return "approved"
default:
return "unknown"
}
}
// IsUnspecified headless authentication state. This usually means the headless
// authentication resource is a headless authentication stub, with limited data.
func (s HeadlessAuthenticationState) IsUnspecified() bool {
return s == HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_UNSPECIFIED
}
// IsPending headless authentication state.
func (s HeadlessAuthenticationState) IsPending() bool {
return s == HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_PENDING
}
// headlessStateVariants allows iteration of the expected variants
// of HeadlessAuthenticationState.
var headlessStateVariants = [4]HeadlessAuthenticationState{
HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_UNSPECIFIED,
HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_PENDING,
HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_DENIED,
HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_APPROVED,
}
// Parse attempts to interpret a value as a string representation
// of a HeadlessAuthenticationState.
func (s *HeadlessAuthenticationState) Parse(val string) error {
for _, state := range headlessStateVariants {
if state.String() == val {
*s = state
return nil
}
}
return trace.BadParameter("unknown request state: %q", val)
}
// HeadlessAuthenticationFilter encodes filter params for headless authentications.
type HeadlessAuthenticationFilter struct {
Name string
Username string
State HeadlessAuthenticationState
}
// key values for map encoding of headless authn filter.
const (
headlessFilterKeyName = "name"
headlessFilterKeyUsername = "username"
headlessFilterKeyState = "state"
)
// IntoMap copies HeadlessAuthenticationFilter values into a map.
func (f *HeadlessAuthenticationFilter) IntoMap() map[string]string {
m := make(map[string]string)
if f.Name != "" {
m[headlessFilterKeyName] = f.Name
}
if f.Username != "" {
m[headlessFilterKeyUsername] = f.Username
}
if !f.State.IsUnspecified() {
m[headlessFilterKeyState] = f.State.String()
}
return m
}
// FromMap copies values from a map into this HeadlessAuthenticationFilter value.
func (f *HeadlessAuthenticationFilter) FromMap(m map[string]string) error {
for key, val := range m {
switch key {
case headlessFilterKeyName:
f.Name = val
case headlessFilterKeyUsername:
f.Username = val
case headlessFilterKeyState:
if err := f.State.Parse(val); err != nil {
return trace.Wrap(err)
}
default:
return trace.BadParameter("unknown filter key %s", key)
}
}
return nil
}
// Match checks if a given headless authentication matches this filter.
func (f *HeadlessAuthenticationFilter) Match(req *HeadlessAuthentication) bool {
if f.Name != "" && req.GetName() != f.Name {
return false
}
if f.Username != "" && req.User != f.Username {
return false
}
if !f.State.IsUnspecified() && req.State != f.State {
return false
}
return true
}
/*
* Copyright 2022 Gravitational, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package types
import (
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
// Installer is an installer script resource
type Installer interface {
Resource
// GetScript returns the contents of the installer script
GetScript() string
// SetScript sets the installer script
SetScript(string)
String() string
// Clone returns a copy of the installer.
Clone() Installer
}
// NewInstallerV1 returns a new installer resource
func NewInstallerV1(name, script string) (*InstallerV1, error) {
installer := &InstallerV1{
Metadata: Metadata{
Name: name,
},
Spec: InstallerSpecV1{
Script: script,
},
}
if err := installer.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return installer, nil
}
// MustNewInstallerV1 creates a new installer resource from the provided script.
//
// Panics in case of any error when creating the resource.
func MustNewInstallerV1(name, script string) *InstallerV1 {
inst, err := NewInstallerV1(name, script)
if err != nil {
panic(err)
}
return inst
}
// Clone returns a copy of the installer.
func (c *InstallerV1) Clone() Installer {
return utils.CloneProtoMsg(c)
}
// CheckAndSetDefaults implements Installer
func (c *InstallerV1) CheckAndSetDefaults() error {
c.setStaticFields()
return trace.Wrap(c.Metadata.CheckAndSetDefaults())
}
// GetVersion returns resource version.
func (c *InstallerV1) GetVersion() string {
return c.Version
}
// GetName returns the name of the resource.
func (c *InstallerV1) GetName() string {
return c.Metadata.Name
}
// SetName sets the name of the resource.
func (c *InstallerV1) SetName(e string) {
c.Metadata.Name = e
}
// SetExpiry sets expiry time for the object.
func (c *InstallerV1) SetExpiry(expires time.Time) {
c.Metadata.SetExpiry(expires)
}
// Expiry returns object expiry setting.
func (c *InstallerV1) Expiry() time.Time {
return c.Metadata.Expiry()
}
// GetMetadata returns object metadata.
func (c *InstallerV1) GetMetadata() Metadata {
return c.Metadata
}
// GetRevision returns the revision
func (c *InstallerV1) GetRevision() string {
return c.Metadata.GetRevision()
}
// SetRevision sets the revision
func (c *InstallerV1) SetRevision(rev string) {
c.Metadata.SetRevision(rev)
}
// GetKind returns resource kind.
func (c *InstallerV1) GetKind() string {
return c.Kind
}
// GetSubKind returns resource subkind.
func (c *InstallerV1) GetSubKind() string {
return c.SubKind
}
// SetSubKind sets resource subkind.
func (c *InstallerV1) SetSubKind(sk string) {
c.SubKind = sk
}
func (c *InstallerV1) GetScript() string {
return c.Spec.Script
}
func (c *InstallerV1) SetScript(s string) {
c.Spec.Script = s
}
// setStaticFields sets static resource header and metadata fields.
func (c *InstallerV1) setStaticFields() {
c.Kind = KindInstaller
c.Version = V1
}
/*
Copyright 2022 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"slices"
"strings"
"time"
"github.com/coreos/go-semver/semver"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/defaults"
"github.com/gravitational/teleport/api/utils"
)
// Match checks if the given instance appears to match this filter.
func (f InstanceFilter) Match(i Instance) bool {
if f.ServerID != "" && f.ServerID != i.GetName() {
return false
}
if f.Version != "" && f.Version != i.GetTeleportVersion() {
// TODO(fspmarshall): move some of the lib/versioncontrol helpers to
// the api package and finalize version matching syntax so that we
// can do normalization and wildcard matching.
return false
}
if fv, ok := parseVersionRelaxed(f.OlderThanVersion); ok {
if iv, ok := parseVersionRelaxed(i.GetTeleportVersion()); ok {
if !iv.LessThan(fv) {
return false
}
}
}
if fv, ok := parseVersionRelaxed(f.NewerThanVersion); ok {
iv, ok := parseVersionRelaxed(i.GetTeleportVersion())
if !ok {
// treat instances with invalid versions are less/older than
// valid versions.
return false
}
if !fv.LessThan(iv) {
return false
}
}
// if Services was specified, ensure instance has at least one of the listed services.
if len(f.Services) != 0 && slices.IndexFunc(f.Services, i.HasService) == -1 {
return false
}
if f.ExternalUpgrader != "" && f.ExternalUpgrader != i.GetExternalUpgrader() {
return false
}
// empty upgrader matches all, so we have a separate bool flag for
// specifically matching instances with no ext upgrader defined.
if f.NoExtUpgrader && i.GetExternalUpgrader() != "" {
return false
}
// Empty update group matches all.
if f.UpdateGroup != "" {
if updateInfo := i.GetUpdaterInfo(); updateInfo == nil || updateInfo.UpdateGroup != f.UpdateGroup {
return false
}
}
return true
}
// shorthandChars are expected characters in version shorthand (e.g. "1" or "1.0" are shorthand for "1.0.0").
const shorthandChars = "0123456789."
// normalizeVersionShorthand attempts to convert go-style semver into the stricter semver
// notation expected by coreos/go-semver.
func normalizeVersionShorthand(version string) string {
version = strings.TrimPrefix(version, "v")
for _, c := range version {
if !strings.ContainsRune(shorthandChars, c) {
return version
}
}
switch strings.Count(version, ".") {
case 0:
return version + ".0.0"
case 1:
return version + ".0"
default:
return version
}
}
// parseVersionRelaxed wraps standard semver parsing with shorthand normalization.
func parseVersionRelaxed(version string) (ver semver.Version, ok bool) {
if version == "" {
return semver.Version{}, false
}
if ver.Set(normalizeVersionShorthand(version)) != nil {
return semver.Version{}, false
}
return ver, true
}
// Instance describes the configuration/status of a unique teleport server identity. Each
// instance may be running one or more teleport services, and may have multiple processes
// associated with it.
type Instance interface {
Resource
// GetTeleportVersion gets the teleport version reported by the instance.
GetTeleportVersion() string
// GetServices gets the running services reported by the instance. This list is not
// guaranteed to consist only of valid teleport services. Invalid/unexpected services
// should be ignored.
GetServices() []SystemRole
// HasService checks if this instance advertises the specified service.
HasService(SystemRole) bool
// GetHostname gets the hostname reported by the instance.
GetHostname() string
// GetAuthID gets the server ID of the auth server that most recently reported
// having observed this instance.
GetAuthID() string
// GetLastSeen gets the most recent time that an auth server reported having
// seen this instance.
GetLastSeen() time.Time
// SetLastSeen sets the most recent time that an auth server reported having
// seen this instance. Generally, if this value is being updated, the caller
// should follow up by calling SyncLogAndResourceExpiry so that the control log
// and resource-level expiry values can be reevaluated.
SetLastSeen(time.Time)
// GetExternalUpgrader gets the upgrader value as represented in the most recent
// hello message from this instance. This value corresponds to the TELEPORT_EXT_UPGRADER
// env var that is set when agents are configured to export schedule values to external
// upgraders.
GetExternalUpgrader() string
// GetExternalUpgraderVersion gets the reported upgrader version. This value corresponds
// to the TELEPORT_EXT_UPGRADER_VERSION env var that is set when agents are configured.
GetExternalUpgraderVersion() string
// SyncLogAndResourceExpiry filters expired entries from the control log and updates
// the resource-level expiry. All calculations are performed relative to the value of
// the LastSeen field, and the supplied TTL is used only as a default. The actual TTL
// of an instance resource may be longer than the supplied TTL if one or more control
// log entries use a custom TTL.
SyncLogAndResourceExpiry(ttl time.Duration)
// GetControlLog gets the instance control log entries associated with this instance.
// The control log is a log of recent events related to an auth server's administration
// of an instance's state. Auth servers generally ensure that they have successfully
// written to the log *prior* to actually attempting the planned action. As a result,
// the log may contain things that never actually happened.
GetControlLog() []InstanceControlLogEntry
// AppendControlLog appends entries to the control log. The control log is sorted by time,
// so appends do not need to be performed in any particular order.
AppendControlLog(entries ...InstanceControlLogEntry)
// GetLastMeasurement returns information about the system clocks of the auth service and
// another instance.
GetLastMeasurement() *SystemClockMeasurement
// GetUpdaterInfo returns information about the instance updater.
GetUpdaterInfo() *UpdaterV2Info
// Clone performs a deep copy on this instance.
Clone() Instance
}
// NewInstance assembles a new instance resource.
func NewInstance(serverID string, spec InstanceSpecV1) (Instance, error) {
instance := &InstanceV1{
ResourceHeader: ResourceHeader{
Metadata: Metadata{
Name: serverID,
},
},
Spec: spec,
}
if err := instance.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return instance, nil
}
func (i *InstanceV1) CheckAndSetDefaults() error {
i.setStaticFields()
if err := i.ResourceHeader.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if i.Version != V1 {
return trace.BadParameter("unsupported instance resource version: %s", i.Version)
}
if i.Kind != KindInstance {
return trace.BadParameter("unexpected resource kind: %q (expected %s)", i.Kind, KindInstance)
}
if i.Metadata.Namespace != "" && i.Metadata.Namespace != defaults.Namespace {
return trace.BadParameter("invalid namespace %q (namespaces are deprecated)", i.Metadata.Namespace)
}
return nil
}
func (i *InstanceV1) setStaticFields() {
if i.Version == "" {
i.Version = V1
}
if i.Kind == "" {
i.Kind = KindInstance
}
}
func (i *InstanceV1) SyncLogAndResourceExpiry(ttl time.Duration) {
// expire control log entries relative to LastSeen.
logExpiry := i.expireControlLog(i.Spec.LastSeen, ttl)
// calculate the default resource expiry.
resourceExpiry := i.Spec.LastSeen.Add(ttl)
// if one or more log entries want to outlive the default resource
// expiry, we bump the resource expiry to match.
if logExpiry.After(resourceExpiry) {
resourceExpiry = logExpiry
}
i.Metadata.SetExpiry(resourceExpiry.UTC())
}
func (i *InstanceV1) GetTeleportVersion() string {
return i.Spec.Version
}
func (i *InstanceV1) GetServices() []SystemRole {
return i.Spec.Services
}
func (i *InstanceV1) HasService(s SystemRole) bool {
return slices.Contains(i.Spec.Services, s)
}
func (i *InstanceV1) GetHostname() string {
return i.Spec.Hostname
}
func (i *InstanceV1) GetAuthID() string {
return i.Spec.AuthID
}
func (i *InstanceV1) GetLastSeen() time.Time {
return i.Spec.LastSeen
}
func (i *InstanceV1) SetLastSeen(t time.Time) {
i.Spec.LastSeen = t.UTC()
}
func (i *InstanceV1) GetExternalUpgrader() string {
return i.Spec.ExternalUpgrader
}
func (i *InstanceV1) GetExternalUpgraderVersion() string {
return i.Spec.ExternalUpgraderVersion
}
func (i *InstanceV1) GetUpdaterInfo() *UpdaterV2Info {
return i.Spec.UpdaterInfo
}
func (i *InstanceV1) GetControlLog() []InstanceControlLogEntry {
return i.Spec.ControlLog
}
func (i *InstanceV1) AppendControlLog(entries ...InstanceControlLogEntry) {
n := len(i.Spec.ControlLog)
i.Spec.ControlLog = append(i.Spec.ControlLog, entries...)
for idx, entry := range i.Spec.ControlLog[n:] {
// ensure that all provided timestamps are UTC (non-UTC timestamps can cause
// panics in proto logic).
i.Spec.ControlLog[idx].Time = entry.Time.UTC()
}
slices.SortFunc(i.Spec.ControlLog, func(a, b InstanceControlLogEntry) int {
return a.Time.Compare(b.Time)
})
}
func (i *InstanceV1) GetLastMeasurement() *SystemClockMeasurement {
return i.Spec.LastMeasurement
}
// expireControlLog removes expired entries from the control log relative to the supplied
// "now" value. The supplied ttl is used as the default ttl for entries that do not specify
// a custom ttl value. The returned timestamp is the observed expiry that was furthest in
// the future.
func (i *InstanceV1) expireControlLog(now time.Time, ttl time.Duration) time.Time {
now = now.UTC()
filtered := i.Spec.ControlLog[:0]
var latestExpiry time.Time
for _, entry := range i.Spec.ControlLog {
entryTTL := entry.TTL
if entryTTL == 0 {
entryTTL = ttl
}
if entry.Time.IsZero() {
entry.Time = now
}
expiry := entry.Time.Add(entryTTL)
if now.After(expiry) {
continue
}
if expiry.After(latestExpiry) {
latestExpiry = expiry
}
filtered = append(filtered, entry)
}
// ensure that we don't preserve pointers in the now out of
// range portion of the control log by zeroing the diff.
for idx := len(filtered); idx < len(i.Spec.ControlLog); idx++ {
i.Spec.ControlLog[idx] = InstanceControlLogEntry{}
}
i.Spec.ControlLog = filtered
return latestExpiry
}
func (i *InstanceV1) Clone() Instance {
return utils.CloneProtoMsg(i)
}
func (e *InstanceControlLogEntry) Clone() InstanceControlLogEntry {
e.Time = e.Time.UTC()
return *utils.CloneProtoMsg(e)
}
/*
Copyright 2023 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"encoding/json"
"fmt"
"net/url"
"slices"
"github.com/gravitational/trace"
"google.golang.org/protobuf/encoding/protojson"
"google.golang.org/protobuf/protoadapt"
"github.com/gravitational/teleport/api/utils"
)
const (
// IntegrationSubKindAWSOIDC is an integration with AWS that uses OpenID Connect as an Identity Provider.
IntegrationSubKindAWSOIDC = "aws-oidc"
// IntegrationSubKindAzureOIDC is an integration with Azure that uses OpenID Connect as an Identity Provider.
IntegrationSubKindAzureOIDC = "azure-oidc"
// IntegrationSubKindGitHub is an integration with GitHub.
IntegrationSubKindGitHub = "github"
// IntegrationSubKindAWSRolesAnywhere is an integration with AWS that uses AWS IAM Roles Anywhere as trust and source of credentials.
IntegrationSubKindAWSRolesAnywhere = "aws-ra"
)
// integrationSubKindValues is a list of supported integration subkind values.
var integrationSubKindValues = []string{
IntegrationSubKindAWSOIDC,
IntegrationSubKindAzureOIDC,
IntegrationSubKindAWSRolesAnywhere,
IntegrationSubKindGitHub,
}
const (
// IntegrationAWSOIDCAudienceUnspecified denotes an empty audience value. Empty audience value
// is used to maintain default OIDC integration behavior and backward compatibility.
IntegrationAWSOIDCAudienceUnspecified = ""
// IntegrationAWSOIDCAudienceAWSIdentityCenter is an audience name for the Teleport AWS Idenity Center plugin.
IntegrationAWSOIDCAudienceAWSIdentityCenter = "aws-identity-center"
)
// integrationAWSOIDCAudienceValues is a list of the supported AWS OIDC Audience
// values. If this list is updated, be sure to also update the audience field's
// godoc string in the [AWSOIDCIntegrationSpecV1] protobuf definition.
var integrationAWSOIDCAudienceValues = []string{
IntegrationAWSOIDCAudienceUnspecified,
IntegrationAWSOIDCAudienceAWSIdentityCenter,
}
const (
// IntegrationAWSRolesAnywhereProfileSyncStatusSuccess indicates that the profile sync was successful.
IntegrationAWSRolesAnywhereProfileSyncStatusSuccess = "SUCCESS"
// IntegrationAWSRolesAnywhereProfileSyncStatusError indicates that the profile sync failed.
IntegrationAWSRolesAnywhereProfileSyncStatusError = "ERROR"
)
// Integration specifies is a connection configuration between Teleport and a 3rd party system.
type Integration interface {
ResourceWithLabels
// CanChangeStateTo checks if the current Integration can be updated for the provided integration.
CanChangeStateTo(Integration) error
// GetAWSOIDCIntegrationSpec returns the `aws-oidc` spec fields.
GetAWSOIDCIntegrationSpec() *AWSOIDCIntegrationSpecV1
// SetAWSOIDCIntegrationSpec sets the `aws-oidc` spec fields.
SetAWSOIDCIntegrationSpec(*AWSOIDCIntegrationSpecV1)
// SetAWSOIDCRoleARN sets the RoleARN of the AWS OIDC Spec.
SetAWSOIDCRoleARN(string)
// SetAWSOIDCIssuerS3URI sets the IssuerS3URI of the AWS OIDC Spec.
// Eg, s3://my-bucket/my-prefix
SetAWSOIDCIssuerS3URI(string)
// GetAzureOIDCIntegrationSpec returns the `azure-oidc` spec fields.
GetAzureOIDCIntegrationSpec() *AzureOIDCIntegrationSpecV1
// SetAzureOIDCIntegrationSpec sets the `azure-oidc` spec fields.
SetAzureOIDCIntegrationSpec(*AzureOIDCIntegrationSpecV1)
// GetGitHubIntegrationSpec returns the GitHub spec.
GetGitHubIntegrationSpec() *GitHubIntegrationSpecV1
// SetGitHubIntegrationSpec returns the GitHub spec.
SetGitHubIntegrationSpec(*GitHubIntegrationSpecV1)
// GetAWSRolesAnywhereIntegrationSpec returns the `aws-ra` spec fields.
GetAWSRolesAnywhereIntegrationSpec() *AWSRAIntegrationSpecV1
// SetAWSRolesAnywhereIntegrationSpec sets the `aws-ra` spec fields.
SetAWSRolesAnywhereIntegrationSpec(*AWSRAIntegrationSpecV1)
// SetCredentials updates credentials.
SetCredentials(creds PluginCredentials) error
// GetCredentials retrieves credentials.
GetCredentials() PluginCredentials
// WithoutCredentials returns a copy without credentials.
WithoutCredentials() Integration
// GetStatus retrieves the integration status.
GetStatus() IntegrationStatusV1
// SetStatus updates the integration status.
SetStatus(IntegrationStatusV1)
// Clone returns a copy of the integration.
Clone() Integration
}
var _ ResourceWithLabels = (*IntegrationV1)(nil)
// NewIntegrationAWSOIDC returns a new `aws-oidc` subkind Integration
func NewIntegrationAWSOIDC(md Metadata, spec *AWSOIDCIntegrationSpecV1) (*IntegrationV1, error) {
ig := &IntegrationV1{
ResourceHeader: ResourceHeader{
Metadata: md,
Kind: KindIntegration,
Version: V1,
SubKind: IntegrationSubKindAWSOIDC,
},
Spec: IntegrationSpecV1{
SubKindSpec: &IntegrationSpecV1_AWSOIDC{
AWSOIDC: spec,
},
},
}
if err := ig.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return ig, nil
}
// NewIntegrationAzureOIDC returns a new `azure-oidc` subkind Integration
func NewIntegrationAzureOIDC(md Metadata, spec *AzureOIDCIntegrationSpecV1) (*IntegrationV1, error) {
ig := &IntegrationV1{
ResourceHeader: ResourceHeader{
Metadata: md,
Kind: KindIntegration,
Version: V1,
SubKind: IntegrationSubKindAzureOIDC,
},
Spec: IntegrationSpecV1{
SubKindSpec: &IntegrationSpecV1_AzureOIDC{
AzureOIDC: spec,
},
},
}
if err := ig.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return ig, nil
}
// NewIntegrationGitHub returns a new `github` subkind Integration
func NewIntegrationGitHub(md Metadata, spec *GitHubIntegrationSpecV1) (*IntegrationV1, error) {
ig := &IntegrationV1{
ResourceHeader: ResourceHeader{
Metadata: md,
Kind: KindIntegration,
Version: V1,
SubKind: IntegrationSubKindGitHub,
},
Spec: IntegrationSpecV1{
SubKindSpec: &IntegrationSpecV1_GitHub{
GitHub: spec,
},
},
}
if err := ig.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return ig, nil
}
// NewIntegrationAWSRA returns a new `aws-ra` subkind Integration
func NewIntegrationAWSRA(md Metadata, spec *AWSRAIntegrationSpecV1) (*IntegrationV1, error) {
ig := &IntegrationV1{
ResourceHeader: ResourceHeader{
Metadata: md,
Kind: KindIntegration,
Version: V1,
SubKind: IntegrationSubKindAWSRolesAnywhere,
},
Spec: IntegrationSpecV1{
SubKindSpec: &IntegrationSpecV1_AWSRA{
AWSRA: spec,
},
},
}
if err := ig.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return ig, nil
}
// String returns the integration string representation.
func (ig *IntegrationV1) String() string {
return fmt.Sprintf("IntegrationV1(Name=%v, SubKind=%s, Labels=%v)",
ig.GetName(), ig.GetSubKind(), ig.GetAllLabels())
}
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (ig *IntegrationV1) MatchSearch(values []string) bool {
fieldVals := append(utils.MapToStrings(ig.GetAllLabels()), ig.GetName(), ig.GetSubKind())
return MatchSearch(fieldVals, values, nil)
}
// setStaticFields sets static resource header and metadata fields.
func (ig *IntegrationV1) setStaticFields() {
ig.Kind = KindIntegration
ig.Version = V1
}
// CheckAndSetDefaults checks and sets default values
func (ig *IntegrationV1) CheckAndSetDefaults() error {
ig.setStaticFields()
if err := ig.ResourceHeader.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
return trace.Wrap(ig.Spec.CheckAndSetDefaults())
}
// CanChangeStateTo checks if the current Integration can be updated for the provided integration.
func (ig *IntegrationV1) CanChangeStateTo(newState Integration) error {
if ig.SubKind != newState.GetSubKind() {
return trace.BadParameter("cannot update %q fields for a %q integration", newState.GetSubKind(), ig.SubKind)
}
if x, ok := newState.(interface{ CheckAndSetDefaults() error }); ok {
if err := x.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
}
return nil
}
// CheckAndSetDefaults validates and sets default values for a integration.
func (s *IntegrationSpecV1) CheckAndSetDefaults() error {
if s.SubKindSpec == nil {
return trace.BadParameter("missing required subkind spec")
}
switch integrationSubKind := s.SubKindSpec.(type) {
case *IntegrationSpecV1_AWSOIDC:
err := integrationSubKind.CheckAndSetDefaults()
if err != nil {
return trace.Wrap(err)
}
case *IntegrationSpecV1_AzureOIDC:
err := integrationSubKind.Validate()
if err != nil {
return trace.Wrap(err)
}
case *IntegrationSpecV1_GitHub:
if err := integrationSubKind.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
return nil
case *IntegrationSpecV1_AWSRA:
if err := integrationSubKind.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
default:
return trace.BadParameter("unknown integration subkind: %T", integrationSubKind)
}
return nil
}
// CheckAndSetDefaults validates the configuration for AWS OIDC integration subkind.
func (s *IntegrationSpecV1_AWSOIDC) CheckAndSetDefaults() error {
if s == nil || s.AWSOIDC == nil {
return trace.BadParameter("aws_oidc is required for %q subkind", IntegrationSubKindAWSOIDC)
}
if s.AWSOIDC.RoleARN == "" {
return trace.BadParameter("role_arn is required for %q subkind", IntegrationSubKindAWSOIDC)
}
// The Issuer can be empty.
// In that case it will use the cluster's web endpoint.
if s.AWSOIDC.IssuerS3URI != "" {
issuerS3URL, err := url.Parse(s.AWSOIDC.IssuerS3URI)
if err != nil {
return trace.BadParameter("unable to parse issuer s3 uri, valid format (eg, s3://my-bucket/my-prefix)")
}
if issuerS3URL.Scheme != "s3" || issuerS3URL.Host == "" || issuerS3URL.Path == "" {
return trace.BadParameter("issuer s3 uri must be in a valid format (eg, s3://my-bucket/my-prefix)")
}
}
if err := s.ValidateAudience(); err != nil {
return trace.Wrap(err)
}
return nil
}
// ValidateAudience validates if the audience field is configured with
// a supported audience value.
func (s *IntegrationSpecV1_AWSOIDC) ValidateAudience() error {
if !slices.Contains(integrationAWSOIDCAudienceValues, s.AWSOIDC.Audience) {
return trace.BadParameter("unsupported audience value %q, supported values are %q",
s.AWSOIDC.Audience,
integrationAWSOIDCAudienceValues,
)
}
return nil
}
// Validate validates the configuration for Azure OIDC integration subkind.
func (s *IntegrationSpecV1_AzureOIDC) Validate() error {
if s == nil || s.AzureOIDC == nil {
return trace.BadParameter("azure_oidc is required for %q subkind", IntegrationSubKindAzureOIDC)
}
if s.AzureOIDC.TenantID == "" {
return trace.BadParameter("tenant_id must be set")
}
if s.AzureOIDC.ClientID == "" {
return trace.BadParameter("client_id must be set")
}
return nil
}
// CheckAndSetDefaults validates the configuration for GitHub integration subkind.
func (s *IntegrationSpecV1_GitHub) CheckAndSetDefaults() error {
if s == nil || s.GitHub == nil {
return trace.BadParameter("github spec must be set for GitHub integrations")
}
if err := ValidateGitHubOrganizationName(s.GitHub.Organization); err != nil {
return trace.Wrap(err, "invalid GitHub organization name")
}
return nil
}
// CheckAndSetDefaults validates the configuration for AWS IAM Roles Anywhere integration subkind.
func (s *IntegrationSpecV1_AWSRA) CheckAndSetDefaults() error {
if s == nil || s.AWSRA == nil {
return trace.BadParameter("aws_ra is required for %q subkind", IntegrationSubKindAWSRolesAnywhere)
}
if s.AWSRA.TrustAnchorARN == "" {
return trace.BadParameter("trust_anchor_arn is required for %q subkind", IntegrationSubKindAWSRolesAnywhere)
}
if s.AWSRA.ProfileSyncConfig == nil {
s.AWSRA.ProfileSyncConfig = &AWSRolesAnywhereProfileSyncConfig{}
}
if s.AWSRA.ProfileSyncConfig.Enabled {
if s.AWSRA.ProfileSyncConfig.ProfileARN == "" {
return trace.BadParameter("profile_sync_config.profile_arn is required when profile_sync_config is enabled")
}
if s.AWSRA.ProfileSyncConfig.RoleARN == "" {
return trace.BadParameter("profile_sync_config.role_arn is required when profile_sync_config is enabled")
}
}
return nil
}
// GetAWSOIDCIntegrationSpec returns the specific spec fields for `aws-oidc` subkind integrations.
func (ig *IntegrationV1) GetAWSOIDCIntegrationSpec() *AWSOIDCIntegrationSpecV1 {
return ig.Spec.GetAWSOIDC()
}
// SetAWSOIDCIntegrationSpec sets the specific fields for the `aws-oidc` subkind integration.
func (ig *IntegrationV1) SetAWSOIDCIntegrationSpec(awsOIDCSpec *AWSOIDCIntegrationSpecV1) {
ig.Spec.SubKindSpec = &IntegrationSpecV1_AWSOIDC{
AWSOIDC: awsOIDCSpec,
}
}
// SetAWSOIDCRoleARN sets the RoleARN of the AWS OIDC Spec.
func (ig *IntegrationV1) SetAWSOIDCRoleARN(roleARN string) {
currentSubSpec := ig.Spec.GetAWSOIDC()
if currentSubSpec == nil {
currentSubSpec = &AWSOIDCIntegrationSpecV1{}
}
currentSubSpec.RoleARN = roleARN
ig.Spec.SubKindSpec = &IntegrationSpecV1_AWSOIDC{
AWSOIDC: currentSubSpec,
}
}
// SetAWSOIDCIssuer sets the Issuer of the AWS OIDC Spec.
func (ig *IntegrationV1) SetAWSOIDCIssuerS3URI(issuerS3URI string) {
currentSubSpec := ig.Spec.GetAWSOIDC()
if currentSubSpec == nil {
currentSubSpec = &AWSOIDCIntegrationSpecV1{}
}
currentSubSpec.IssuerS3URI = issuerS3URI
ig.Spec.SubKindSpec = &IntegrationSpecV1_AWSOIDC{
AWSOIDC: currentSubSpec,
}
}
// GetAzureOIDCIntegrationSpec returns the specific spec fields for `azure-oidc` subkind integrations.
func (ig *IntegrationV1) GetAzureOIDCIntegrationSpec() *AzureOIDCIntegrationSpecV1 {
return ig.Spec.GetAzureOIDC()
}
// SetAzureOIDCIntegrationSpec sets the `azure-oidc` spec fields.
func (ig *IntegrationV1) SetAzureOIDCIntegrationSpec(spec *AzureOIDCIntegrationSpecV1) {
ig.Spec.SubKindSpec = &IntegrationSpecV1_AzureOIDC{
AzureOIDC: spec,
}
}
// GetGitHubIntegrationSpec returns the GitHub spec.
func (ig *IntegrationV1) GetGitHubIntegrationSpec() *GitHubIntegrationSpecV1 {
return ig.Spec.GetGitHub()
}
// SetGitHubIntegrationSpec returns the GitHub spec.
func (ig *IntegrationV1) SetGitHubIntegrationSpec(spec *GitHubIntegrationSpecV1) {
ig.Spec.SubKindSpec = &IntegrationSpecV1_GitHub{
GitHub: spec,
}
}
// GetAWSRolesAnywhereIntegrationSpec returns the specific spec fields for `aws-ra` subkind integrations.
func (ig *IntegrationV1) GetAWSRolesAnywhereIntegrationSpec() *AWSRAIntegrationSpecV1 {
return ig.Spec.GetAWSRA()
}
// SetAWSRolesAnywhereIntegrationSpec sets the specific fields for the `aws-ra` subkind integration.
func (ig *IntegrationV1) SetAWSRolesAnywhereIntegrationSpec(awsRASpec *AWSRAIntegrationSpecV1) {
ig.Spec.SubKindSpec = &IntegrationSpecV1_AWSRA{
AWSRA: awsRASpec,
}
}
// Integrations is a list of Integration resources.
type Integrations []Integration
// AsResources returns these groups as resources with labels.
func (igs Integrations) AsResources() []ResourceWithLabels {
resources := make([]ResourceWithLabels, len(igs))
for i, ig := range igs {
resources[i] = ig
}
return resources
}
// Len returns the slice length.
func (igs Integrations) Len() int { return len(igs) }
// Less compares integrations by name.
func (igs Integrations) Less(i, j int) bool { return igs[i].GetName() < igs[j].GetName() }
// Swap swaps two integrations.
func (igs Integrations) Swap(i, j int) { igs[i], igs[j] = igs[j], igs[i] }
// UnmarshalJSON is a custom unmarshaller for JSON format.
// It is required because the Spec.SubKindSpec proto field is a oneof.
// This translates into two issues when generating golang code:
// - the Spec.SubKindSpec field in Go is an interface
// - it creates an extra field to store the oneof values
//
// Spec.SubKindSpec is an interface because it can have one of multiple values,
// even though there's only one type for now: aws_oidc.
// When trying to unmarshal this field, we must provide a concrete type.
// To do so, we unmarshal just the root fields (ResourceHeader: Name, Kind, SubKind, Version, Metadata)
// and then use its SubKind to provide a concrete type for the Spec.SubKindSpec field.
// Unmarshalling the remaining fields uses the standard json.Unmarshal over the Spec field.
//
// Spec.SubKindSpec is an extra field which only adds clutter
// This method pulls those fields into a higher level.
// So, instead of:
//
// spec.subkind_spec.aws_oidc.role_arn: xyz
//
// It will be:
//
// spec.aws_oidc.role_arn: xyz
func (ig *IntegrationV1) UnmarshalJSON(data []byte) error {
var integration IntegrationV1
d := struct {
ResourceHeader `json:""`
Spec struct {
AWSOIDC json.RawMessage `json:"aws_oidc"`
AzureOIDC json.RawMessage `json:"azure_oidc"`
GitHub json.RawMessage `json:"github"`
AWSRA json.RawMessage `json:"aws_ra"`
Credentials json.RawMessage `json:"credentials"`
} `json:"spec"`
Status IntegrationStatusV1 `json:"status,omitempty"`
}{}
err := json.Unmarshal(data, &d)
if err != nil {
return trace.Wrap(err)
}
integration.ResourceHeader = d.ResourceHeader
integration.Status = d.Status
if len(d.Spec.Credentials) != 0 {
var credentials PluginCredentialsV1
if err := (protojson.UnmarshalOptions{DiscardUnknown: true}).Unmarshal(d.Spec.Credentials, protoadapt.MessageV2Of(&credentials)); err != nil {
return trace.Wrap(err)
}
integration.Spec.Credentials = &credentials
}
switch integration.SubKind {
case IntegrationSubKindAWSOIDC:
subkindSpec := &IntegrationSpecV1_AWSOIDC{
AWSOIDC: &AWSOIDCIntegrationSpecV1{},
}
if err := json.Unmarshal(d.Spec.AWSOIDC, subkindSpec.AWSOIDC); err != nil {
return trace.Wrap(err)
}
integration.Spec.SubKindSpec = subkindSpec
case IntegrationSubKindAzureOIDC:
subkindSpec := &IntegrationSpecV1_AzureOIDC{
AzureOIDC: &AzureOIDCIntegrationSpecV1{},
}
if err := json.Unmarshal(d.Spec.AzureOIDC, subkindSpec.AzureOIDC); err != nil {
return trace.Wrap(err)
}
integration.Spec.SubKindSpec = subkindSpec
case IntegrationSubKindGitHub:
subkindSpec := &IntegrationSpecV1_GitHub{
GitHub: &GitHubIntegrationSpecV1{},
}
if err := json.Unmarshal(d.Spec.GitHub, subkindSpec.GitHub); err != nil {
return trace.Wrap(err)
}
integration.Spec.SubKindSpec = subkindSpec
case IntegrationSubKindAWSRolesAnywhere:
subkindSpec := &IntegrationSpecV1_AWSRA{
AWSRA: &AWSRAIntegrationSpecV1{},
}
if err := json.Unmarshal(d.Spec.AWSRA, subkindSpec.AWSRA); err != nil {
return trace.Wrap(err)
}
integration.Spec.SubKindSpec = subkindSpec
default:
return trace.BadParameter("invalid subkind %q", integration.ResourceHeader.SubKind)
}
if err := integration.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
*ig = integration
return nil
}
// MarshalJSON is a custom marshaller for JSON format.
// gogoproto doesn't allow for oneof json tags [https://github.com/gogo/protobuf/issues/623]
// So, this is required to correctly use snake_case for every field.
// Please see [IntegrationV1.UnmarshalJSON] for more information.
func (ig *IntegrationV1) MarshalJSON() ([]byte, error) {
d := struct {
ResourceHeader `json:""`
Spec struct {
AWSOIDC AWSOIDCIntegrationSpecV1 `json:"aws_oidc,omitempty"`
AzureOIDC AzureOIDCIntegrationSpecV1 `json:"azure_oidc,omitempty"`
GitHub GitHubIntegrationSpecV1 `json:"github,omitempty"`
AWSRA AWSRAIntegrationSpecV1 `json:"aws_ra,omitempty"`
Credentials json.RawMessage `json:"credentials,omitempty"`
} `json:"spec"`
Status IntegrationStatusV1 `json:"status,omitempty"`
}{}
d.ResourceHeader = ig.ResourceHeader
d.Status = ig.Status
if ig.Spec.Credentials != nil {
data, err := protojson.Marshal(protoadapt.MessageV2Of(ig.Spec.Credentials))
if err != nil {
return nil, trace.Wrap(err)
}
d.Spec.Credentials = json.RawMessage(data)
}
switch ig.SubKind {
case IntegrationSubKindAWSOIDC:
if ig.GetAWSOIDCIntegrationSpec() == nil {
return nil, trace.BadParameter("missing spec for %q subkind", ig.SubKind)
}
d.Spec.AWSOIDC = *ig.GetAWSOIDCIntegrationSpec()
case IntegrationSubKindAzureOIDC:
if ig.GetAzureOIDCIntegrationSpec() == nil {
return nil, trace.BadParameter("missing spec for %q subkind", ig.SubKind)
}
d.Spec.AzureOIDC = *ig.GetAzureOIDCIntegrationSpec()
case IntegrationSubKindGitHub:
if ig.GetGitHubIntegrationSpec() == nil {
return nil, trace.BadParameter("missing spec for %q subkind", ig.SubKind)
}
d.Spec.GitHub = *ig.GetGitHubIntegrationSpec()
case IntegrationSubKindAWSRolesAnywhere:
if ig.GetAWSRolesAnywhereIntegrationSpec() == nil {
return nil, trace.BadParameter("missing spec for %q subkind", ig.SubKind)
}
d.Spec.AWSRA = *ig.GetAWSRolesAnywhereIntegrationSpec()
default:
return nil, trace.BadParameter("invalid subkind %q, supported values are %q", ig.SubKind, integrationSubKindValues)
}
out, err := json.Marshal(d)
return out, trace.Wrap(err)
}
// SetStatus updates the integration status.
func (ig *IntegrationV1) SetStatus(status IntegrationStatusV1) {
ig.Status = status
}
// GetStatus retrieves the integration status.
func (ig *IntegrationV1) GetStatus() IntegrationStatusV1 {
return ig.Status
}
// SetCredentials updates credentials.
func (ig *IntegrationV1) SetCredentials(creds PluginCredentials) error {
if creds == nil {
ig.Spec.Credentials = nil
return nil
}
switch creds := creds.(type) {
case *PluginCredentialsV1:
ig.Spec.Credentials = creds
default:
return trace.BadParameter("unsupported plugin credential type %T", creds)
}
return nil
}
// GetCredentials retrieves credentials.
func (ig *IntegrationV1) GetCredentials() PluginCredentials {
// This function returns an interface so return nil explicitly.
if ig.Spec.Credentials == nil {
return nil
}
return ig.Spec.Credentials
}
// Clone returns a copy of the integration.
func (ig *IntegrationV1) Clone() Integration {
return utils.CloneProtoMsg(ig)
}
// WithoutCredentials returns a copy without credentials.
func (ig *IntegrationV1) WithoutCredentials() Integration {
if ig == nil || ig.GetCredentials() == nil {
return ig
}
clone := utils.CloneProtoMsg(ig)
clone.SetCredentials(nil)
return clone
}
/*
Copyright 2024 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"regexp"
"github.com/gravitational/trace"
)
// validGitHubOrganizationName filters the allowed characters in GitHub
// organization name.
//
// GitHub shows the following error when inputing an invalid org name:
// The name '_' may only contain alphanumeric characters or single hyphens, and
// cannot begin or end with a hyphen.
var validGitHubOrganizationName = regexp.MustCompile(`^[a-zA-Z0-9]([-a-zA-Z0-9]*[a-zA-Z0-9])?$`)
// ValidateGitHubOrganizationName returns an error if a given string is not a
// valid GitHub organization name.
func ValidateGitHubOrganizationName(name string) error {
const maxGitHubOrgNameLength = 39
if len(name) > maxGitHubOrgNameLength {
return trace.BadParameter("GitHub organization name cannot exceed %d characters", maxGitHubOrgNameLength)
}
return ValidateResourceName(validGitHubOrganizationName, name)
}
// Copyright 2023 Gravitational, Inc
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package types
import (
"net/url"
"slices"
"strings"
"github.com/gravitational/trace"
)
const (
// JamfOnMissingNOOP is the textual representation for the NOOP on_missing
// action.
JamfOnMissingNoop = "NOOP"
// JamfOnMissingDelete is the textual representation for the DELETE on_missing
// action.
JamfOnMissingDelete = "DELETE"
)
// JamfOnMissingActions is a slice of all textual on_missing representations,
// excluding the empty string.
var JamfOnMissingActions = []string{
JamfOnMissingNoop,
JamfOnMissingDelete,
}
// ValidateJamfSpecV1 validates a [JamfSpecV1] instance.
func ValidateJamfSpecV1(s *JamfSpecV1) error {
if s == nil {
return trace.BadParameter("spec required")
}
switch u, err := url.Parse(s.ApiEndpoint); {
case err != nil:
return trace.BadParameter("invalid API endpoint: %v", err)
case u.Host == "":
return trace.BadParameter("invalid API endpoint: missing hostname")
}
for i, e := range s.Inventory {
switch {
case e == nil:
return trace.BadParameter("inventory entry #%v is nil", i)
case e.OnMissing != "" && !slices.Contains(JamfOnMissingActions, e.OnMissing):
return trace.BadParameter(
"inventory[%v]: invalid on_missing action %q (expect empty or one of [%v])",
i, e.OnMissing, strings.Join(JamfOnMissingActions, ","))
}
syncPartial := e.SyncPeriodPartial
syncFull := e.SyncPeriodFull
if syncFull > 0 && syncPartial >= syncFull {
return trace.BadParameter("inventory[%v]: sync_period_partial is greater or equal to sync_period_full, partial syncs will never happen", i)
}
}
return nil
}
/*
Copyright 2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/types/wrappers"
)
// GenerateAppTokenRequest are the parameters used to generate an application token.
type GenerateAppTokenRequest struct {
// Username is the Teleport identity.
Username string
// Roles are the roles assigned to the user within Teleport.
Roles []string
// Traits are the traits assigned to the user within Teleport.
Traits wrappers.Traits
// Expiry is time to live for the token.
Expires time.Time
// URI is the URI of the recipient application.
URI string
// AuthorityType configures which Teleport authority issues the JWT token.
AuthorityType CertAuthType
}
// Check validates the request.
func (p *GenerateAppTokenRequest) Check() error {
if p.Username == "" {
return trace.BadParameter("username missing")
}
if p.Expires.IsZero() {
return trace.BadParameter("expires missing")
}
if p.URI == "" {
return trace.BadParameter("uri missing")
}
return nil
}
// GenerateSnowflakeJWT are the parameters used to generate a Snowflake JWT.
type GenerateSnowflakeJWT struct {
// Username is the Teleport identity.
Username string
// Account is the Snowflake account name.
Account string
}
// Check validates the request.
func (p *GenerateSnowflakeJWT) Check() error {
if p.Username == "" {
return trace.BadParameter("username missing")
}
if p.Account == "" {
return trace.BadParameter("missing account")
}
return nil
}
/*
Copyright 2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"fmt"
"regexp"
"slices"
"sort"
"strings"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/types/compare"
"github.com/gravitational/teleport/api/utils"
)
var _ compare.IsEqual[KubeCluster] = (*KubernetesClusterV3)(nil)
// KubeCluster represents a kubernetes cluster.
type KubeCluster interface {
// ResourceWithLabels provides common resource methods.
ResourceWithLabels
// GetNamespace returns the kube cluster namespace.
GetNamespace() string
// GetStaticLabels returns the kube cluster static labels.
GetStaticLabels() map[string]string
// SetStaticLabels sets the kube cluster static labels.
SetStaticLabels(map[string]string)
// GetDynamicLabels returns the kube cluster dynamic labels.
GetDynamicLabels() map[string]CommandLabel
// SetDynamicLabels sets the kube cluster dynamic labels.
SetDynamicLabels(map[string]CommandLabel)
// GetKubeconfig returns the kubeconfig payload.
GetKubeconfig() []byte
// SetKubeconfig sets the kubeconfig.
SetKubeconfig([]byte)
// String returns string representation of the kube cluster.
String() string
// GetDescription returns the kube cluster description.
GetDescription() string
// GetAzureConfig gets the Azure config.
GetAzureConfig() KubeAzure
// SetAzureConfig sets the Azure config.
SetAzureConfig(KubeAzure)
// GetAWSConfig gets the AWS config.
GetAWSConfig() KubeAWS
// SetAWSConfig sets the AWS config.
SetAWSConfig(KubeAWS)
// GetGCPConfig gets the GCP config.
GetGCPConfig() KubeGCP
// SetGCPConfig sets the GCP config.
SetGCPConfig(KubeGCP)
// IsAzure indentifies if the KubeCluster contains Azure details.
IsAzure() bool
// IsAWS indentifies if the KubeCluster contains AWS details.
IsAWS() bool
// IsGCP indentifies if the KubeCluster contains GCP details.
IsGCP() bool
// IsKubeconfig identifies if the KubeCluster contains kubeconfig data.
IsKubeconfig() bool
// Copy returns a copy of this kube cluster resource.
Copy() KubeCluster
// GetCloud gets the cloud this kube cluster is running on, or an empty string if it
// isn't running on a cloud provider.
GetCloud() string
// IsEqual determines if two Kubernetes cluster resources are equivalent.
IsEqual(KubeCluster) bool
// GetStatus gets the kube cluster status.
GetStatus() *KubernetesClusterStatus
// SetStatus sets the kube cluster status.
SetStatus(*KubernetesClusterStatus)
}
// DiscoveredEKSCluster represents a server discovered by EKS discovery fetchers.
type DiscoveredEKSCluster interface {
// KubeCluster is base discovered cluster.
KubeCluster
// GetKubeCluster returns base cluster.
GetKubeCluster() KubeCluster
// GetIntegration returns integration name used when discovering this cluster.
GetIntegration() string
// GetKubeAppDiscovery returns setting showing if Kubernetes App Discovery show be enabled for the discovered cluster.
GetKubeAppDiscovery() bool
}
// NewKubernetesClusterV3FromLegacyCluster creates a new Kubernetes cluster resource
// from the legacy type.
func NewKubernetesClusterV3FromLegacyCluster(namespace string, cluster *KubernetesCluster) (*KubernetesClusterV3, error) {
k := &KubernetesClusterV3{
Metadata: Metadata{
Name: cluster.Name,
Namespace: namespace,
Labels: cluster.StaticLabels,
},
Spec: KubernetesClusterSpecV3{
DynamicLabels: cluster.DynamicLabels,
},
}
if err := k.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return k, nil
}
// NewKubernetesClusterV3WithoutSecrets creates a new copy of the provided cluster
// but without secrets/credentials.
func NewKubernetesClusterV3WithoutSecrets(cluster KubeCluster) (*KubernetesClusterV3, error) {
// Force a copy of the cluster to deep copy the Metadata fields.
copiedCluster := cluster.Copy()
clusterWithoutCreds, err := NewKubernetesClusterV3(
copiedCluster.GetMetadata(),
KubernetesClusterSpecV3{
DynamicLabels: LabelsToV2(copiedCluster.GetDynamicLabels()),
},
)
return clusterWithoutCreds, trace.Wrap(err)
}
// NewKubernetesClusterV3 creates a new Kubernetes cluster resource.
func NewKubernetesClusterV3(meta Metadata, spec KubernetesClusterSpecV3) (*KubernetesClusterV3, error) {
k := &KubernetesClusterV3{
Metadata: meta,
Spec: spec,
}
if err := k.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return k, nil
}
// GetVersion returns the resource version.
func (k *KubernetesClusterV3) GetVersion() string {
return k.Version
}
// GetKind returns the resource kind.
func (k *KubernetesClusterV3) GetKind() string {
return k.Kind
}
// GetSubKind returns the app resource subkind.
func (k *KubernetesClusterV3) GetSubKind() string {
return k.SubKind
}
// SetSubKind sets the app resource subkind.
func (k *KubernetesClusterV3) SetSubKind(sk string) {
k.SubKind = sk
}
// GetRevision returns the revision
func (k *KubernetesClusterV3) GetRevision() string {
return k.Metadata.GetRevision()
}
// SetRevision sets the revision
func (k *KubernetesClusterV3) SetRevision(rev string) {
k.Metadata.SetRevision(rev)
}
// GetMetadata returns the resource metadata.
func (k *KubernetesClusterV3) GetMetadata() Metadata {
return k.Metadata
}
// Origin returns the origin value of the resource.
func (k *KubernetesClusterV3) Origin() string {
return k.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (k *KubernetesClusterV3) SetOrigin(origin string) {
k.Metadata.SetOrigin(origin)
}
// GetNamespace returns the kube resource namespace.
func (k *KubernetesClusterV3) GetNamespace() string {
return k.Metadata.Namespace
}
// SetExpiry sets the kube resource expiration time.
func (k *KubernetesClusterV3) SetExpiry(expiry time.Time) {
k.Metadata.SetExpiry(expiry)
}
// Expiry returns the kube resource expiration time.
func (k *KubernetesClusterV3) Expiry() time.Time {
return k.Metadata.Expiry()
}
// GetName returns the kube resource name.
func (k *KubernetesClusterV3) GetName() string {
return k.Metadata.Name
}
// SetName sets the resource name.
func (k *KubernetesClusterV3) SetName(name string) {
k.Metadata.Name = name
}
// GetLabel retrieves the label with the provided key. If not found
// value will be empty and ok will be false.
func (k *KubernetesClusterV3) GetLabel(key string) (value string, ok bool) {
if cmd, ok := k.Spec.DynamicLabels[key]; ok {
return cmd.Result, ok
}
v, ok := k.Metadata.Labels[key]
return v, ok
}
// GetStaticLabels returns the static labels.
func (k *KubernetesClusterV3) GetStaticLabels() map[string]string {
return k.Metadata.Labels
}
// SetStaticLabels sets the static labels.
func (k *KubernetesClusterV3) SetStaticLabels(sl map[string]string) {
k.Metadata.Labels = sl
}
// GetKubeconfig returns the kubeconfig payload.
func (k *KubernetesClusterV3) GetKubeconfig() []byte {
return k.Spec.Kubeconfig
}
// SetKubeconfig sets the kubeconfig.
func (k *KubernetesClusterV3) SetKubeconfig(cfg []byte) {
k.Spec.Kubeconfig = cfg
}
// GetDynamicLabels returns the dynamic labels.
func (k *KubernetesClusterV3) GetDynamicLabels() map[string]CommandLabel {
if k.Spec.DynamicLabels == nil {
return nil
}
return V2ToLabels(k.Spec.DynamicLabels)
}
// SetDynamicLabels sets the dynamic labels
func (k *KubernetesClusterV3) SetDynamicLabels(dl map[string]CommandLabel) {
k.Spec.DynamicLabels = LabelsToV2(dl)
}
// GetAllLabels returns the combined static and dynamic labels.
func (k *KubernetesClusterV3) GetAllLabels() map[string]string {
return CombineLabels(k.Metadata.Labels, k.Spec.DynamicLabels)
}
// GetDescription returns the description.
func (k *KubernetesClusterV3) GetDescription() string {
return k.Metadata.Description
}
// GetAzureConfig gets the Azure config.
func (k *KubernetesClusterV3) GetAzureConfig() KubeAzure {
return k.Spec.Azure
}
// SetAzureConfig sets the Azure config.
func (k *KubernetesClusterV3) SetAzureConfig(cfg KubeAzure) {
k.Spec.Azure = cfg
}
// GetAWSConfig gets the AWS config.
func (k *KubernetesClusterV3) GetAWSConfig() KubeAWS {
return k.Spec.AWS
}
// SetAWSConfig sets the AWS config.
func (k *KubernetesClusterV3) SetAWSConfig(cfg KubeAWS) {
k.Spec.AWS = cfg
}
// GetGCPConfig gets the GCP config.
func (k *KubernetesClusterV3) GetGCPConfig() KubeGCP {
return k.Spec.GCP
}
// SetGCPConfig sets the GCP config.
func (k *KubernetesClusterV3) SetGCPConfig(cfg KubeGCP) {
k.Spec.GCP = cfg
}
// IsAzure indentifies if the KubeCluster contains Azure details.
func (k *KubernetesClusterV3) IsAzure() bool {
return !deriveTeleportEqualKubeAzure(&k.Spec.Azure, &KubeAzure{})
}
// IsAWS indentifies if the KubeCluster contains AWS details.
func (k *KubernetesClusterV3) IsAWS() bool {
return !deriveTeleportEqualKubeAWS(&k.Spec.AWS, &KubeAWS{})
}
// IsGCP indentifies if the KubeCluster contains GCP details.
func (k *KubernetesClusterV3) IsGCP() bool {
return !deriveTeleportEqualKubeGCP(&k.Spec.GCP, &KubeGCP{})
}
// GetCloud gets the cloud this kube cluster is running on, or an empty string if it
// isn't running on a cloud provider.
func (k *KubernetesClusterV3) GetCloud() string {
switch {
case k.IsAzure():
return CloudAzure
case k.IsAWS():
return CloudAWS
case k.IsGCP():
return CloudGCP
default:
return ""
}
}
// IsKubeconfig identifies if the KubeCluster contains kubeconfig data.
func (k *KubernetesClusterV3) IsKubeconfig() bool {
return len(k.Spec.Kubeconfig) > 0
}
// String returns the string representation.
func (k *KubernetesClusterV3) String() string {
return fmt.Sprintf("KubernetesCluster(Name=%v, Labels=%v)",
k.GetName(), k.GetAllLabels())
}
// Copy returns a copy of this resource.
func (k *KubernetesClusterV3) Copy() KubeCluster {
return utils.CloneProtoMsg(k)
}
// GetStatus gets the kube cluster status.
func (k *KubernetesClusterV3) GetStatus() *KubernetesClusterStatus {
if k == nil {
return nil
}
return k.Status
}
// SetStatus sets the kube cluster status.
func (k *KubernetesClusterV3) SetStatus(status *KubernetesClusterStatus) {
k.Status = status
}
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (k *KubernetesClusterV3) MatchSearch(values []string) bool {
fieldVals := append(utils.MapToStrings(k.GetAllLabels()), k.GetName())
return MatchSearch(fieldVals, values, nil)
}
// setStaticFields sets static resource header and metadata fields.
func (k *KubernetesClusterV3) setStaticFields() {
k.Kind = KindKubernetesCluster
k.Version = V3
}
// validKubeClusterName filters the allowed characters in kubernetes cluster
// names. We need this because cluster names are used for cert filenames on the
// client side, in the ~/.tsh directory. Restricting characters helps with
// sneaky cluster names being used for client directory traversal and exploits.
var validKubeClusterName = regexp.MustCompile(`^[a-zA-Z0-9._-]+$`)
// ValidateKubeClusterName returns an error if a given string is not a valid
// KubeCluster name.
func ValidateKubeClusterName(name string) error {
return ValidateResourceName(validKubeClusterName, name)
}
// CheckAndSetDefaults checks and sets default values for any missing fields.
func (k *KubernetesClusterV3) CheckAndSetDefaults() error {
k.setStaticFields()
if err := k.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
for key := range k.Spec.DynamicLabels {
if !IsValidLabelKey(key) {
return trace.BadParameter("kubernetes cluster %q invalid label key: %q", k.GetName(), key)
}
}
if err := ValidateKubeClusterName(k.Metadata.Name); err != nil {
return trace.Wrap(err, "invalid kubernetes cluster name")
}
if err := k.Spec.Azure.CheckAndSetDefaults(); err != nil && k.IsAzure() {
return trace.Wrap(err)
}
if err := k.Spec.AWS.CheckAndSetDefaults(); err != nil && k.IsAWS() {
return trace.Wrap(err)
}
if err := k.Spec.GCP.CheckAndSetDefaults(); err != nil && k.IsGCP() {
return trace.Wrap(err)
}
return nil
}
// IsEqual determines if two Kubernetes cluster resources are equivalent.
func (k *KubernetesClusterV3) IsEqual(i KubeCluster) bool {
if other, ok := i.(*KubernetesClusterV3); ok {
return deriveTeleportEqualKubernetesClusterV3(k, other)
}
return false
}
func (k KubeAzure) CheckAndSetDefaults() error {
if len(k.ResourceGroup) == 0 {
return trace.BadParameter("invalid Azure ResourceGroup")
}
if len(k.ResourceName) == 0 {
return trace.BadParameter("invalid Azure ResourceName")
}
if len(k.SubscriptionID) == 0 {
return trace.BadParameter("invalid Azure SubscriptionID")
}
return nil
}
func (k KubeAWS) CheckAndSetDefaults() error {
if len(k.Region) == 0 {
return trace.BadParameter("invalid AWS Region")
}
if len(k.Name) == 0 {
return trace.BadParameter("invalid AWS Name")
}
if len(k.AccountID) == 0 {
return trace.BadParameter("invalid AWS AccountID")
}
return nil
}
func (k KubeGCP) CheckAndSetDefaults() error {
if len(k.Location) == 0 {
return trace.BadParameter("invalid GCP Location")
}
if len(k.ProjectID) == 0 {
return trace.BadParameter("invalid GCP ProjectID")
}
if len(k.Name) == 0 {
return trace.BadParameter("invalid GCP Name")
}
return nil
}
// KubeClusters represents a list of kube clusters.
type KubeClusters []KubeCluster
// Find returns kube cluster with the specified name or nil.
func (s KubeClusters) Find(name string) KubeCluster {
for _, cluster := range s {
if cluster.GetName() == name {
return cluster
}
}
return nil
}
// ToMap returns these kubernetes clusters as a map keyed by cluster name.
func (s KubeClusters) ToMap() map[string]KubeCluster {
m := make(map[string]KubeCluster)
for _, kubeCluster := range s {
m[kubeCluster.GetName()] = kubeCluster
}
return m
}
// Len returns the slice length.
func (s KubeClusters) Len() int { return len(s) }
// Less compares kube clusters by name.
func (s KubeClusters) Less(i, j int) bool {
return s[i].GetName() < s[j].GetName()
}
// Swap swaps two kube clusters.
func (s KubeClusters) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
// SortByCustom custom sorts by given sort criteria.
func (s KubeClusters) SortByCustom(sortBy SortBy) error {
if sortBy.Field == "" {
return nil
}
isDesc := sortBy.IsDesc
switch sortBy.Field {
case ResourceMetadataName:
sort.SliceStable(s, func(i, j int) bool {
return stringCompare(s[i].GetName(), s[j].GetName(), isDesc)
})
default:
return trace.NotImplemented("sorting by field %q for resource %q is not supported", sortBy.Field, KindKubernetesCluster)
}
return nil
}
// AsResources returns as type resources with labels.
func (s KubeClusters) AsResources() ResourcesWithLabels {
resources := make(ResourcesWithLabels, 0, len(s))
for _, cluster := range s {
resources = append(resources, ResourceWithLabels(cluster))
}
return resources
}
// GetFieldVals returns list of select field values.
func (s KubeClusters) GetFieldVals(field string) ([]string, error) {
vals := make([]string, 0, len(s))
switch field {
case ResourceMetadataName:
for _, server := range s {
vals = append(vals, server.GetName())
}
default:
return nil, trace.NotImplemented("getting field %q for resource %q is not supported", field, KindKubernetesCluster)
}
return vals, nil
}
// DeduplicateKubeClusters deduplicates kube clusters by name.
func DeduplicateKubeClusters(kubeclusters []KubeCluster) []KubeCluster {
seen := make(map[string]struct{})
result := make([]KubeCluster, 0, len(kubeclusters))
for _, cluster := range kubeclusters {
if _, ok := seen[cluster.GetName()]; ok {
continue
}
seen[cluster.GetName()] = struct{}{}
result = append(result, cluster)
}
return result
}
var _ ResourceWithLabels = (*KubernetesResourceV1)(nil)
// NewKubernetesResourceV1 creates a new kubernetes resource .
func NewKubernetesResourceV1(kind string, namespaced bool, meta Metadata, spec KubernetesResourceSpecV1) (*KubernetesResourceV1, error) {
resource := &KubernetesResourceV1{
Kind: kind,
Metadata: meta,
Spec: spec,
}
if err := resource.CheckAndSetDefaults(namespaced); err != nil {
return nil, trace.Wrap(err)
}
return resource, nil
}
// GetKind returns resource kind.
func (k *KubernetesResourceV1) GetKind() string {
return k.Kind
}
// GetSubKind returns resource subkind.
func (k *KubernetesResourceV1) GetSubKind() string {
return k.SubKind
}
// GetVersion returns resource version.
func (k *KubernetesResourceV1) GetVersion() string {
return k.Version
}
// GetMetadata returns object metadata.
func (k *KubernetesResourceV1) GetMetadata() Metadata {
return k.Metadata
}
// SetSubKind sets resource subkind.
func (k *KubernetesResourceV1) SetSubKind(subKind string) {
k.SubKind = subKind
}
// GetName returns the name of the resource.
func (k *KubernetesResourceV1) GetName() string {
return k.Metadata.GetName()
}
// SetName sets the name of the resource.
func (k *KubernetesResourceV1) SetName(name string) {
k.Metadata.SetName(name)
}
// Expiry returns object expiry setting.
func (k *KubernetesResourceV1) Expiry() time.Time {
return k.Metadata.Expiry()
}
// SetExpiry sets object expiry.
func (k *KubernetesResourceV1) SetExpiry(expire time.Time) {
k.Metadata.SetExpiry(expire)
}
// GetRevision returns the revision
func (k *KubernetesResourceV1) GetRevision() string {
return k.Metadata.GetRevision()
}
// SetRevision sets the revision
func (k *KubernetesResourceV1) SetRevision(rev string) {
k.Metadata.SetRevision(rev)
}
// CheckAndSetDefaults validates the Resource and sets any empty fields to
// default values.
func (k *KubernetesResourceV1) CheckAndSetDefaults(namespaced bool) error {
k.setStaticFields()
if !slices.Contains(KubernetesResourcesKinds, k.Kind) && !strings.HasPrefix(k.Kind, AccessRequestPrefixKindKube) {
return trace.BadParameter("invalid kind %q defined; allowed values: %v, %s<kind>", k.Kind, KubernetesResourcesKinds, AccessRequestPrefixKindKube)
}
if err := k.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
// Unless the resource is cluster-wide, it must have a namespace.
if len(k.Spec.Namespace) == 0 && namespaced {
return trace.BadParameter("missing kubernetes namespace")
}
return nil
}
// setStaticFields sets static resource header and metadata fields.
func (k *KubernetesResourceV1) setStaticFields() {
k.Version = V1
}
// Origin returns the origin value of the resource.
func (k *KubernetesResourceV1) Origin() string {
return k.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (k *KubernetesResourceV1) SetOrigin(origin string) {
k.Metadata.SetOrigin(origin)
}
// GetLabel retrieves the label with the provided key. If not found
// value will be empty and ok will be false.
func (k *KubernetesResourceV1) GetLabel(key string) (value string, ok bool) {
v, ok := k.Metadata.Labels[key]
return v, ok
}
// GetAllLabels returns all resource's labels.
func (k *KubernetesResourceV1) GetAllLabels() map[string]string {
return k.Metadata.Labels
}
// GetStaticLabels returns the resource's static labels.
func (k *KubernetesResourceV1) GetStaticLabels() map[string]string {
return k.Metadata.Labels
}
// SetStaticLabels sets the resource's static labels.
func (k *KubernetesResourceV1) SetStaticLabels(sl map[string]string) {
k.Metadata.Labels = sl
}
// MatchSearch goes through select field values of a resource
// and tries to match against the list of search values.
func (k *KubernetesResourceV1) MatchSearch(searchValues []string) bool {
fieldVals := append(utils.MapToStrings(k.GetAllLabels()), k.GetName(), k.Spec.Namespace)
return MatchSearch(fieldVals, searchValues, nil)
}
// KubeResources represents a list of Kubernetes resources.
type KubeResources []*KubernetesResourceV1
// Find returns Kubernetes resource with the specified name or nil if the resource
// was not found.
func (k KubeResources) Find(name string) *KubernetesResourceV1 {
for _, cluster := range k {
if cluster.GetName() == name {
return cluster
}
}
return nil
}
// ToMap returns these kubernetes resources as a map keyed by resource name.
func (k KubeResources) ToMap() map[string]*KubernetesResourceV1 {
m := make(map[string]*KubernetesResourceV1)
for _, kubeCluster := range k {
m[kubeCluster.GetName()] = kubeCluster
}
return m
}
// Len returns the slice length.
func (k KubeResources) Len() int { return len(k) }
// Less compares Kubernetes resources by name.
func (k KubeResources) Less(i, j int) bool {
return k[i].GetName() < k[j].GetName()
}
// Swap swaps two Kubernetes resources.
func (k KubeResources) Swap(i, j int) { k[i], k[j] = k[j], k[i] }
// SortByCustom custom sorts by given sort criteria.
func (k KubeResources) SortByCustom(sortBy SortBy) error {
if sortBy.Field == "" {
return nil
}
isDesc := sortBy.IsDesc
switch sortBy.Field {
case ResourceMetadataName:
sort.SliceStable(k, func(i, j int) bool {
return stringCompare(k[i].GetName(), k[j].GetName(), isDesc)
})
default:
return trace.NotImplemented("sorting by field %q for kubernetes resources is not supported", sortBy.Field)
}
return nil
}
// AsResources returns as type resources with labels.
func (k KubeResources) AsResources() ResourcesWithLabels {
resources := make(ResourcesWithLabels, 0, len(k))
for _, resource := range k {
resources = append(resources, ResourceWithLabels(resource))
}
return resources
}
// KubeResource represents either a KubernetesResource or RequestKubernetesResource.
type KubeResource interface {
GetAPIGroup() string
GetKind() string
GetNamespace() string
SetAPIGroup(string)
SetKind(string)
SetNamespace(string)
}
// Setter/Getter to enable generics.
func (m *RequestKubernetesResource) GetAPIGroup() string { return m.APIGroup }
func (m *KubernetesResource) GetAPIGroup() string { return m.APIGroup }
func (m *RequestKubernetesResource) SetAPIGroup(group string) { m.APIGroup = group }
func (m *KubernetesResource) SetAPIGroup(group string) { m.APIGroup = group }
func (m *RequestKubernetesResource) GetKind() string { return m.Kind }
func (m *KubernetesResource) GetKind() string { return m.Kind }
func (m *RequestKubernetesResource) SetKind(kind string) { m.Kind = kind }
func (m *KubernetesResource) SetKind(kind string) { m.Kind = kind }
func (m *RequestKubernetesResource) GetNamespace() string { return "" }
func (m *KubernetesResource) GetNamespace() string { return m.Namespace }
func (m *RequestKubernetesResource) SetNamespace(ns string) {}
func (m *KubernetesResource) SetNamespace(ns string) { m.Namespace = ns }
// IsEqual determines if two KubernetesClusterStatus are equivalent.
func (c *KubernetesClusterStatus) IsEqual(other *KubernetesClusterStatus) bool {
return deriveTeleportEqualKubernetesClusterStatus(c, other)
}
/*
Copyright 2022 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"fmt"
"sort"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api"
"github.com/gravitational/teleport/api/types/compare"
"github.com/gravitational/teleport/api/utils"
)
var _ compare.IsEqual[KubeServer] = (*KubernetesServerV3)(nil)
// KubeServer represents a single Kubernetes server.
type KubeServer interface {
// ResourceWithLabels provides common resource methods.
ResourceWithLabels
// GetNamespace returns server namespace.
GetNamespace() string
// GetTeleportVersion returns the teleport version the server is running on.
GetTeleportVersion() string
// GetHostname returns the server hostname.
GetHostname() string
// GetHostID returns ID of the host the server is running on.
GetHostID() string
// GetRotation gets the state of certificate authority rotation.
GetRotation() Rotation
// SetRotation sets the state of certificate authority rotation.
SetRotation(Rotation)
// String returns string representation of the server.
String() string
// Copy returns a copy of this kube server object.
Copy() KubeServer
// CloneResource returns a copy of the KubeServer as a ResourceWithLabels
CloneResource() ResourceWithLabels
// GetCluster returns the Kubernetes Cluster this kube server proxies.
GetCluster() KubeCluster
// SetCluster sets the kube cluster this kube server server proxies.
SetCluster(KubeCluster) error
// ProxiedService provides common methods for a proxied service.
ProxiedService
// GetRelayGroup returns the name of the Relay group that the kube server is
// connected to.
GetRelayGroup() string
// GetRelayIDs returns the list of Relay host IDs that the kube server is
// connected to.
GetRelayIDs() []string
// GetTargetHealth gets health details for a target Kubernetes cluster.
GetTargetHealth() *TargetHealth
// SetTargetHealth sets health details for a target Kubernetes cluster.
SetTargetHealth(h *TargetHealth)
// GetTargetHealthStatus gets the health status of a target Kubernetes cluster.
GetTargetHealthStatus() TargetHealthStatus
// SetTargetHealthStatus sets the health status of a target Kubernetes cluster.
SetTargetHealthStatus(status TargetHealthStatus)
// GetScope returns the scope this server belongs to.
GetScope() string
}
// NewKubernetesServerV3 creates a new kube server instance.
func NewKubernetesServerV3(meta Metadata, spec KubernetesServerSpecV3) (*KubernetesServerV3, error) {
s := &KubernetesServerV3{
Metadata: meta,
Spec: spec,
}
if err := s.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return s, nil
}
// NewKubernetesServerV3FromCluster creates a new kubernetes server from the provided clusters.
func NewKubernetesServerV3FromCluster(cluster *KubernetesClusterV3, hostname, hostID string) (*KubernetesServerV3, error) {
return NewKubernetesServerV3(Metadata{
Name: cluster.GetName(),
}, KubernetesServerSpecV3{
Hostname: hostname,
HostID: hostID,
Cluster: cluster,
})
}
// GetVersion returns the kubernetes server resource version.
func (s *KubernetesServerV3) GetVersion() string {
return s.Version
}
// GetTeleportVersion returns the Teleport version the server is running.
func (s *KubernetesServerV3) GetTeleportVersion() string {
return s.Spec.Version
}
// GetHostname returns the kubernetes server hostname.
func (s *KubernetesServerV3) GetHostname() string {
return s.Spec.Hostname
}
// GetHostID returns ID of the host the server is running on.
func (s *KubernetesServerV3) GetHostID() string {
return s.Spec.HostID
}
// GetKind returns the resource kind.
func (s *KubernetesServerV3) GetKind() string {
return s.Kind
}
// GetSubKind returns the resource subkind.
func (s *KubernetesServerV3) GetSubKind() string {
return s.SubKind
}
// SetSubKind sets the resource subkind.
func (s *KubernetesServerV3) SetSubKind(sk string) {
s.SubKind = sk
}
// GetRevision returns the revision
func (s *KubernetesServerV3) GetRevision() string {
return s.Metadata.GetRevision()
}
// SetRevision sets the revision
func (s *KubernetesServerV3) SetRevision(rev string) {
s.Metadata.SetRevision(rev)
}
// GetMetadata returns the resource metadata.
func (s *KubernetesServerV3) GetMetadata() Metadata {
return s.Metadata
}
// GetNamespace returns the resource namespace.
func (s *KubernetesServerV3) GetNamespace() string {
return s.Metadata.Namespace
}
// SetExpiry sets the resource expiry time.
func (s *KubernetesServerV3) SetExpiry(expiry time.Time) {
s.Metadata.SetExpiry(expiry)
}
// Expiry returns the resource expiry time.
func (s *KubernetesServerV3) Expiry() time.Time {
return s.Metadata.Expiry()
}
// GetName returns the resource name.
func (s *KubernetesServerV3) GetName() string {
return s.Metadata.Name
}
// SetName sets the resource name.
func (s *KubernetesServerV3) SetName(name string) {
s.Metadata.Name = name
}
// GetRotation returns the server CA rotation state.
func (s *KubernetesServerV3) GetRotation() Rotation {
return s.Spec.Rotation
}
// SetRotation sets the server CA rotation state.
func (s *KubernetesServerV3) SetRotation(r Rotation) {
s.Spec.Rotation = r
}
// GetCluster returns the cluster this kube server proxies.
func (s *KubernetesServerV3) GetCluster() KubeCluster {
if s.Spec.Cluster == nil {
return nil
}
return s.Spec.Cluster
}
// SetCluster sets the cluster this kube server proxies.
func (s *KubernetesServerV3) SetCluster(cluster KubeCluster) error {
clusterV3, ok := cluster.(*KubernetesClusterV3)
if !ok {
return trace.BadParameter("expected *KubernetesClusterV3, got %T", cluster)
}
s.Spec.Cluster = clusterV3
return nil
}
// String returns the server string representation.
func (s *KubernetesServerV3) String() string {
return fmt.Sprintf("KubeServer(Name=%v, Version=%v, Hostname=%v, HostID=%v, Cluster=%v)",
s.GetName(), s.GetTeleportVersion(), s.GetHostname(), s.GetHostID(), s.GetCluster())
}
// setStaticFields sets static resource header and metadata fields.
func (s *KubernetesServerV3) setStaticFields() {
s.Kind = KindKubeServer
s.Version = V3
}
// CheckAndSetDefaults checks and sets default values for any missing fields.
func (s *KubernetesServerV3) CheckAndSetDefaults() error {
s.setStaticFields()
if err := s.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if s.Spec.HostID == "" {
return trace.BadParameter("missing kube server HostID")
}
if s.Spec.Version == "" {
s.Spec.Version = api.Version
}
if s.Spec.Cluster == nil {
return trace.BadParameter("missing kube server Cluster")
}
if err := s.Spec.Cluster.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
return nil
}
// Origin returns the origin value of the resource.
func (s *KubernetesServerV3) Origin() string {
return s.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (s *KubernetesServerV3) SetOrigin(origin string) {
s.Metadata.SetOrigin(origin)
}
// GetProxyIDs returns a list of proxy ids this server is connected to.
func (s *KubernetesServerV3) GetProxyIDs() []string {
return s.Spec.ProxyIDs
}
// SetProxyID sets the proxy ids this server is connected to.
func (s *KubernetesServerV3) SetProxyIDs(proxyIDs []string) {
s.Spec.ProxyIDs = proxyIDs
}
// GetRelayGroup implements [KubeServer].
func (s *KubernetesServerV3) GetRelayGroup() string {
if s == nil {
return ""
}
return s.Spec.RelayGroup
}
// GetRelayIDs implements [KubeServer].
func (s *KubernetesServerV3) GetRelayIDs() []string {
if s == nil {
return nil
}
return s.Spec.RelayIds
}
// GetLabel retrieves the label with the provided key. If not found
// value will be empty and ok will be false.
func (s *KubernetesServerV3) GetLabel(key string) (value string, ok bool) {
if s.Spec.Cluster != nil {
if v, ok := s.Spec.Cluster.GetLabel(key); ok {
return v, ok
}
}
v, ok := s.Metadata.Labels[key]
return v, ok
}
// GetAllLabels returns all resource's labels. Considering:
// * Static labels from `Metadata.Labels` and `Spec.Cluster`.
// * Dynamic labels from `Spec.Cluster.Spec`.
func (s *KubernetesServerV3) GetAllLabels() map[string]string {
staticLabels := make(map[string]string)
for name, value := range s.Metadata.Labels {
staticLabels[name] = value
}
var dynamicLabels map[string]CommandLabelV2
if s.Spec.Cluster != nil {
for name, value := range s.Spec.Cluster.Metadata.Labels {
staticLabels[name] = value
}
dynamicLabels = s.Spec.Cluster.Spec.DynamicLabels
}
return CombineLabels(staticLabels, dynamicLabels)
}
// GetStaticLabels returns the kube server static labels.
func (s *KubernetesServerV3) GetStaticLabels() map[string]string {
return s.Metadata.Labels
}
// SetStaticLabels sets the kube server static labels.
func (s *KubernetesServerV3) SetStaticLabels(sl map[string]string) {
s.Metadata.Labels = sl
}
// Copy returns a copy of this kube server object.
func (s *KubernetesServerV3) Copy() KubeServer {
return utils.CloneProtoMsg(s)
}
// CloneResource returns a copy of this kube server object.
func (s *KubernetesServerV3) CloneResource() ResourceWithLabels {
return s.Copy()
}
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (s *KubernetesServerV3) MatchSearch(values []string) bool {
return MatchSearch(nil, values, nil)
}
// IsEqual determines if two kube server resources are equivalent to one another.
func (k *KubernetesServerV3) IsEqual(i KubeServer) bool {
if other, ok := i.(*KubernetesServerV3); ok {
return deriveTeleportEqualKubernetesServerV3(k, other)
}
return false
}
// GetTargetHealth gets health details for a target Kubernetes cluster.
func (s *KubernetesServerV3) GetTargetHealth() *TargetHealth {
return s.GetStatus().GetTargetHealth()
}
// SetTargetHealth sets health details for a target Kubernetes cluster.
func (s *KubernetesServerV3) SetTargetHealth(h *TargetHealth) {
if s.Status == nil {
s.Status = &KubernetesServerStatusV3{}
}
s.Status.TargetHealth = h
}
// GetTargetHealthStatus gets the health status of a target Kubernetes cluster.
func (s *KubernetesServerV3) GetTargetHealthStatus() TargetHealthStatus {
health := s.GetStatus().GetTargetHealth()
if health == nil {
return TargetHealthStatusUnknown
}
return TargetHealthStatus(health.Status)
}
// SetTargetHealthStatus sets the health status of a target Kubernetes cluster.
func (s *KubernetesServerV3) SetTargetHealthStatus(status TargetHealthStatus) {
if s.Status == nil {
s.Status = &KubernetesServerStatusV3{}
}
if s.Status.TargetHealth == nil {
s.Status.TargetHealth = &TargetHealth{}
}
s.Status.TargetHealth.Status = string(status)
}
// GetStatus gets the Kubernetes server status.
func (s *KubernetesServerV3) GetStatus() *KubernetesServerStatusV3 {
if s == nil {
return nil
}
return s.Status
}
// GetScope returns the scope this server belongs to.
func (s *KubernetesServerV3) GetScope() string {
return s.Scope
}
// GetTargetHealth gets the health of a Kubernetes cluster.
func (s *KubernetesServerStatusV3) GetTargetHealth() *TargetHealth {
if s == nil {
return nil
}
return s.TargetHealth
}
// KubeServers represents a list of kube servers.
type KubeServers []KubeServer
// Len returns the slice length.
func (s KubeServers) Len() int { return len(s) }
// Less compares kube servers by name and host ID.
func (s KubeServers) Less(i, j int) bool {
switch {
case s[i].GetName() < s[j].GetName():
return true
case s[i].GetName() > s[j].GetName():
return false
default:
return s[i].GetHostID() < s[j].GetHostID()
}
}
// Swap swaps two kube servers.
func (s KubeServers) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
// ToMap returns these kubernetes clusters as a map keyed by cluster name.
func (s KubeServers) ToMap() map[string]KubeServer {
m := make(map[string]KubeServer, len(s))
for _, kubeServer := range s {
m[kubeServer.GetName()] = kubeServer
}
return m
}
// SortByCustom custom sorts by given sort criteria.
func (s KubeServers) SortByCustom(sortBy SortBy) error {
if sortBy.Field == "" {
return nil
}
// We assume sorting by type KubeServer, we are really
// wanting to sort its contained resource Cluster.
isDesc := sortBy.IsDesc
switch sortBy.Field {
case ResourceMetadataName:
sort.SliceStable(s, func(i, j int) bool {
return stringCompare(s[i].GetCluster().GetName(), s[j].GetCluster().GetName(), isDesc)
})
case ResourceSpecDescription:
sort.SliceStable(s, func(i, j int) bool {
return stringCompare(s[i].GetCluster().GetDescription(), s[j].GetCluster().GetDescription(), isDesc)
})
default:
return trace.NotImplemented("sorting by field %q for resource %q is not supported", sortBy.Field, KindKubeServer)
}
return nil
}
// AsResources returns kube servers as type resources with labels.
func (s KubeServers) AsResources() []ResourceWithLabels {
resources := make([]ResourceWithLabels, len(s))
for i, server := range s {
resources[i] = ResourceWithLabels(server)
}
return resources
}
// GetFieldVals returns list of select field values.
func (s KubeServers) GetFieldVals(field string) ([]string, error) {
vals := make([]string, 0, len(s))
switch field {
case ResourceMetadataName:
for _, server := range s {
vals = append(vals, server.GetCluster().GetName())
}
case ResourceSpecDescription:
for _, server := range s {
vals = append(vals, server.GetCluster().GetDescription())
}
default:
return nil, trace.NotImplemented("getting field %q for resource %q is not supported", field, KindKubeServer)
}
return vals, nil
}
/*
Copyright 2018-2019 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"fmt"
"strings"
"time"
"github.com/gravitational/trace"
)
// License defines teleport License Information
type License interface {
Resource
// GetReportsUsage returns true if the Teleport cluster should report usage
// to the Houston control plane.
GetReportsUsage() Bool
// SetReportsUsage sets the Houston usage reporting flag.
SetReportsUsage(Bool)
// GetSalesCenterReporting returns true if the Teleport cluster should
// report usage to Sales Center.
GetSalesCenterReporting() Bool
// SetSalesCenterReporting sets the Sales Center usage reporting flag.
SetSalesCenterReporting(Bool)
// GetCloud returns true if teleport cluster is hosted by Gravitational
GetCloud() Bool
// SetCloud sets cloud flag
SetCloud(Bool)
// GetAWSProductID returns product id that limits usage to AWS instance
// with a similar product ID
GetAWSProductID() string
// SetAWSProductID sets AWS product ID
SetAWSProductID(string)
// GetAWSAccountID limits usage to AWS instance within account ID
GetAWSAccountID() string
// SetAWSAccountID sets AWS account ID that will be limiting
// usage to AWS instance
SetAWSAccountID(accountID string)
// GetSupportsKubernetes returns kubernetes support flag
GetSupportsKubernetes() Bool
// SetSupportsKubernetes sets kubernetes support flag
SetSupportsKubernetes(Bool)
// GetSupportsApplicationAccess returns application access support flag
GetSupportsApplicationAccess() Bool
// SetSupportsApplicationAccess sets application access support flag
SetSupportsApplicationAccess(Bool)
// GetSupportsDatabaseAccess returns database access support flag
GetSupportsDatabaseAccess() Bool
// SetSupportsDatabaseAccess sets database access support flag
SetSupportsDatabaseAccess(Bool)
// GetSupportsDesktopAccess returns desktop access support flag
GetSupportsDesktopAccess() Bool
// SetSupportsDesktopAccess sets desktop access support flag
SetSupportsDesktopAccess(Bool)
// GetSupportsModeratedSessions returns moderated sessions support flag
// Note: this flag is unused in Teleport v11+ but it's still used to
// generate licenses that support older versions of Teleport
GetSupportsModeratedSessions() Bool
// SetSupportsModeratedSessions sets moderated sessions support flag
// Note: this flag is unused in Teleport v11+ but it's still used to
// generate licenses that support older versions of Teleport
SetSupportsModeratedSessions(Bool)
// GetSupportsMachineID returns MachineID support flag
// Note: this flag is unused in Teleport v11+ but it's still used to
// generate licenses that support older versions of Teleport
GetSupportsMachineID() Bool
// SetSupportsMachineID sets MachineID support flag
// Note: this flag is unused in Teleport v11+ but it's still used to
// generate licenses that support older versions of Teleport
SetSupportsMachineID(Bool)
// GetSupportsResourceAccessRequests returns resource access requests support flag
// Note: this flag is unused in Teleport v11+ but it's still used to
// generate licenses that support older versions of Teleport
GetSupportsResourceAccessRequests() Bool
// SetSupportsResourceAccessRequests sets resource access requests support flag
// Note: this flag is unused in Teleport v11+ but it's still used to
// generate licenses that support older versions of Teleport
SetSupportsResourceAccessRequests(Bool)
// GetSupportsFeatureHiding returns feature hiding support flag.
GetSupportsFeatureHiding() Bool
// SetSupportsFeatureHiding sets feature hiding support flag.
SetSupportsFeatureHiding(Bool)
// GetTrial returns the trial flag.
// Note: This is not applicable to Cloud licenses
GetTrial() Bool
// SetTrial sets the trial flag.
// Note: This is not applicable to Cloud licenses
SetTrial(Bool)
// SetLabels sets metadata labels
SetLabels(labels map[string]string)
// GetAccountID returns Account ID.
// Note: This is not applicable to all Cloud licenses
GetAccountID() string
// GetFeatureSource returns where the features should be loaded from.
//
// Deprecated.
// FeatureSource was used to differentiate between
// cloud+team vs cloud+enterprise. cloud+enterprise read from license
// and cloud+team read from salescenter. With the new EUB product,
// all cloud+ will read from salescenter.
GetFeatureSource() FeatureSource
// GetCustomTheme returns the name of the WebUI custom theme
GetCustomTheme() string
// SetCustomTheme sets the name of the WebUI custom theme
SetCustomTheme(themeName string)
// GetSupportsIdentityGovernanceSecurity returns IGS features support flag.
// IGS includes: access list, access request, access monitoring and device trust.
GetSupportsIdentityGovernanceSecurity() Bool
// SetSupportsIdentityGovernanceSecurity sets IGS feature support flag.
// IGS includes: access list, access request, access monitoring and device trust.
SetSupportsIdentityGovernanceSecurity(Bool)
// GetUsageBasedBilling returns if usage based billing is turned on or off
GetUsageBasedBilling() Bool
// SetUsageBasedBilling sets flag for usage based billing
SetUsageBasedBilling(Bool)
// GetAnonymizationKey returns a key that should be used to
// anonymize usage data if it's set.
GetAnonymizationKey() string
// SetAnonymizationKey sets the anonymization key.
SetAnonymizationKey(string)
// GetSupportsPolicy returns Teleport Policy support flag.
GetSupportsPolicy() Bool
// SetSupportsPolicy sets Teleport Policy support flag.
SetSupportsPolicy(Bool)
// GetEntitlements returns the Entitlements object
GetEntitlements() map[string]EntitlementInfo
// SetEntitlements sets the Entitlements object
SetEntitlements(map[string]EntitlementInfo)
}
// EntitlementInfo is the state and limits of a particular entitlement; Example for feature X:
// { Enabled: true, Limit: 0 } => unlimited access to feature X
// { Enabled: true, Limit: >0 } => limited access to feature X
// { Enabled: false, Limit: >=0 } => no access to feature X
type EntitlementInfo struct {
// Enabled indicates the feature is 'on' if true; feature is disabled if false
Enabled Bool
// Limit indicates the allotted amount of use when limited; if 0 use is unlimited
Limit int32
}
// FeatureSource defines where the list of features enabled
// by the license is.
type FeatureSource string
const (
FeatureSourceLicense FeatureSource = "license"
FeatureSourceCloud FeatureSource = "cloud"
)
// NewLicense is a convenience method to create LicenseV3.
func NewLicense(name string, spec LicenseSpecV3) (License, error) {
l := &LicenseV3{
Metadata: Metadata{
Name: name,
},
Spec: spec,
}
if err := l.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return l, nil
}
// LicenseV3 represents License resource version V3. When changing this, keep in
// mind that other consumers of teleport/api (Houston, Sales Center) might still
// need to generate or parse licenses for older versions of Teleport.
type LicenseV3 struct {
// Kind is a resource kind - always resource.
Kind string `json:"kind"`
// SubKind is a resource sub kind
SubKind string `json:"sub_kind,omitempty"`
// Version is a resource version.
Version string `json:"version"`
// Metadata is metadata about the resource.
Metadata Metadata `json:"metadata"`
// Spec is the specification of the resource.
Spec LicenseSpecV3 `json:"spec"`
}
// GetVersion returns resource version
func (c *LicenseV3) GetVersion() string {
return c.Version
}
// GetSubKind returns resource sub kind
func (c *LicenseV3) GetSubKind() string {
return c.SubKind
}
// SetSubKind sets resource subkind
func (c *LicenseV3) SetSubKind(s string) {
c.SubKind = s
}
// GetKind returns resource kind
func (c *LicenseV3) GetKind() string {
return c.Kind
}
// GetRevision returns the revision
func (c *LicenseV3) GetRevision() string {
return c.Metadata.GetRevision()
}
// SetRevision sets the revision
func (c *LicenseV3) SetRevision(rev string) {
c.Metadata.SetRevision(rev)
}
// GetName returns the name of the resource
func (c *LicenseV3) GetName() string {
return c.Metadata.Name
}
// SetLabels sets metadata labels
func (c *LicenseV3) SetLabels(labels map[string]string) {
c.Metadata.Labels = labels
}
// GetLabels returns metadata labels
func (c *LicenseV3) GetLabels() map[string]string {
return c.Metadata.Labels
}
// SetName sets the name of the resource
func (c *LicenseV3) SetName(name string) {
c.Metadata.Name = name
}
// Expiry returns object expiry setting
func (c *LicenseV3) Expiry() time.Time {
return c.Metadata.Expiry()
}
// SetExpiry sets object expiry
func (c *LicenseV3) SetExpiry(t time.Time) {
c.Metadata.SetExpiry(t)
}
// GetMetadata returns object metadata
func (c *LicenseV3) GetMetadata() Metadata {
return c.Metadata
}
// GetReportsUsage returns true if the Teleport cluster should report usage to
// the Houston control plane.
func (c *LicenseV3) GetReportsUsage() Bool {
return c.Spec.ReportsUsage
}
// GetSalesCenterReporting returns true if the Teleport cluster should report
// usage to Sales Center.
func (c *LicenseV3) GetSalesCenterReporting() Bool {
return c.Spec.SalesCenterReporting
}
// GetCloud returns true if teleport cluster is hosted by Gravitational
func (c *LicenseV3) GetCloud() Bool {
return c.Spec.Cloud
}
// SetCloud sets cloud flag
func (c *LicenseV3) SetCloud(cloud Bool) {
c.Spec.Cloud = cloud
}
// SetReportsUsage sets the Houston usage reporting flag.
func (c *LicenseV3) SetReportsUsage(reports Bool) {
c.Spec.ReportsUsage = reports
}
// SetSalesCenterReporting sets the Sales Center usage reporting flag.
func (c *LicenseV3) SetSalesCenterReporting(reports Bool) {
c.Spec.SalesCenterReporting = reports
}
// setStaticFields sets static resource header and metadata fields.
func (c *LicenseV3) setStaticFields() {
c.Kind = KindLicense
c.Version = V3
}
// CheckAndSetDefaults verifies the constraints for License.
func (c *LicenseV3) CheckAndSetDefaults() error {
c.setStaticFields()
if c.Spec.FeatureSource == "" {
c.Spec.FeatureSource = FeatureSourceLicense
}
if err := c.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
return nil
}
// GetAWSProductID returns product ID that limits usage to AWS instance
// with a similar product ID
func (c *LicenseV3) GetAWSProductID() string {
return c.Spec.AWSProductID
}
// SetAWSProductID sets AWS product ID
func (c *LicenseV3) SetAWSProductID(pid string) {
c.Spec.AWSProductID = pid
}
// GetAccountID sets AWS product ID
func (c *LicenseV3) GetAccountID() string {
return c.Spec.AccountID
}
// GetAWSAccountID limits usage to AWS instance within account ID
func (c *LicenseV3) GetAWSAccountID() string {
return c.Spec.AWSAccountID
}
// SetAWSAccountID sets AWS account ID that will be limiting
// usage to AWS instance
func (c *LicenseV3) SetAWSAccountID(accountID string) {
c.Spec.AWSAccountID = accountID
}
// GetSupportsKubernetes returns kubernetes support flag
func (c *LicenseV3) GetSupportsKubernetes() Bool {
return c.Spec.SupportsKubernetes
}
// SetSupportsKubernetes sets kubernetes support flag
func (c *LicenseV3) SetSupportsKubernetes(supportsK8s Bool) {
c.Spec.SupportsKubernetes = supportsK8s
}
// GetSupportsApplicationAccess returns application access support flag
func (c *LicenseV3) GetSupportsApplicationAccess() Bool {
// For backward compatibility return true if app access flag isn't set,
// or it will stop working for all users who are already using it and
// were issued licenses without this flag.
if c.Spec.SupportsApplicationAccess == nil {
return Bool(true)
}
return *c.Spec.SupportsApplicationAccess
}
// SetSupportsApplicationAccess sets application access support flag
func (c *LicenseV3) SetSupportsApplicationAccess(value Bool) {
c.Spec.SupportsApplicationAccess = &value
}
// GetSupportsDatabaseAccess returns database access support flag
func (c *LicenseV3) GetSupportsDatabaseAccess() Bool {
return c.Spec.SupportsDatabaseAccess
}
// SetSupportsDatabaseAccess sets database access support flag
func (c *LicenseV3) SetSupportsDatabaseAccess(value Bool) {
c.Spec.SupportsDatabaseAccess = value
}
// GetSupportsDesktopAccess returns desktop access support flag
func (c *LicenseV3) GetSupportsDesktopAccess() Bool {
return c.Spec.SupportsDesktopAccess
}
// SetSupportsDesktopAccess sets desktop access support flag
func (c *LicenseV3) SetSupportsDesktopAccess(value Bool) {
c.Spec.SupportsDesktopAccess = value
}
// GetSupportsModeratedSessions returns moderated sessions support flag
func (c *LicenseV3) GetSupportsModeratedSessions() Bool {
return c.Spec.SupportsModeratedSessions
}
// SetSupportsModeratedSessions sets moderated sessions support flag
func (c *LicenseV3) SetSupportsModeratedSessions(value Bool) {
c.Spec.SupportsModeratedSessions = value
}
// GetSupportsMachineID returns MachineID support flag
func (c *LicenseV3) GetSupportsMachineID() Bool {
return c.Spec.SupportsMachineID
}
// SetSupportsMachineID sets MachineID support flag
func (c *LicenseV3) SetSupportsMachineID(value Bool) {
c.Spec.SupportsMachineID = value
}
// GetSupportsResourceAccessRequests returns resource access requests support flag
func (c *LicenseV3) GetSupportsResourceAccessRequests() Bool {
return c.Spec.SupportsResourceAccessRequests
}
// SetSupportsResourceAccessRequests sets resource access requests support flag
func (c *LicenseV3) SetSupportsResourceAccessRequests(value Bool) {
c.Spec.SupportsResourceAccessRequests = value
}
// GetSupportsFeatureHiding returns feature hiding requests support flag
func (c *LicenseV3) GetSupportsFeatureHiding() Bool {
return c.Spec.SupportsFeatureHiding
}
// SetSupportsFeatureHiding sets feature hiding requests support flag
func (c *LicenseV3) SetSupportsFeatureHiding(value Bool) {
c.Spec.SupportsFeatureHiding = value
}
// GetCustomTheme returns the name of the WebUI custom theme
func (c *LicenseV3) GetCustomTheme() string {
return c.Spec.CustomTheme
}
// SetCustomTheme sets the name of the WebUI custom theme
func (c *LicenseV3) SetCustomTheme(themeName string) {
c.Spec.CustomTheme = themeName
}
// GetSupportsIdentityGovernanceSecurity returns IGS feature support flag.
// IGS includes: access list, access request, access monitoring and device trust.
func (c *LicenseV3) GetSupportsIdentityGovernanceSecurity() Bool {
return c.Spec.SupportsIdentityGovernanceSecurity
}
// SetSupportsIdentityGovernanceSecurity sets IGS feature support flag.
// IGS includes: access list, access request, access monitoring and device trust.
func (c *LicenseV3) SetSupportsIdentityGovernanceSecurity(b Bool) {
c.Spec.SupportsIdentityGovernanceSecurity = b
}
// GetUsageBasedBilling returns if usage based billing is turned on or off
func (c *LicenseV3) GetUsageBasedBilling() Bool {
return c.Spec.UsageBasedBilling
}
// SetUsageBasedBilling sets flag for usage based billing.
func (c *LicenseV3) SetUsageBasedBilling(b Bool) {
c.Spec.UsageBasedBilling = b
}
// GetTrial returns the trial flag
func (c *LicenseV3) GetTrial() Bool {
return c.Spec.Trial
}
// SetTrial sets the trial flag
func (c *LicenseV3) SetTrial(value Bool) {
c.Spec.Trial = value
}
// GetAnonymizationKey returns a key that should be used to
// anonymize usage data if it's set.
func (c *LicenseV3) GetAnonymizationKey() string {
return c.Spec.AnonymizationKey
}
// SetAnonymizationKey sets the anonymization key.
func (c *LicenseV3) SetAnonymizationKey(anonKey string) {
c.Spec.AnonymizationKey = anonKey
}
// GetSupportsPolicy returns Teleport Policy support flag
func (c *LicenseV3) GetSupportsPolicy() Bool {
return c.Spec.SupportsPolicy
}
// SetSupportsPolicy sets Teleport Policy support flag
func (c *LicenseV3) SetSupportsPolicy(value Bool) {
c.Spec.SupportsPolicy = value
}
// GetEntitlements returns Entitlements
func (c *LicenseV3) GetEntitlements() map[string]EntitlementInfo {
return c.Spec.Entitlements
}
// SetEntitlements sets Entitlements
func (c *LicenseV3) SetEntitlements(value map[string]EntitlementInfo) {
c.Spec.Entitlements = value
}
// String represents a human readable version of license enabled features
func (c *LicenseV3) String() string {
var features []string
if !c.Expiry().IsZero() {
features = append(features, fmt.Sprintf("expires at %v", c.Expiry()))
}
if c.GetTrial() {
features = append(features, "is trial")
}
if c.GetSalesCenterReporting() {
features = append(features, "reports usage")
}
if c.GetSupportsKubernetes() {
features = append(features, "supports kubernetes")
}
if c.GetSupportsApplicationAccess() {
features = append(features, "supports application access")
}
if c.GetSupportsDatabaseAccess() {
features = append(features, "supports database access")
}
if c.GetSupportsDesktopAccess() {
features = append(features, "supports desktop access")
}
if c.GetSupportsFeatureHiding() {
features = append(features, "supports feature hiding")
}
if c.GetCloud() {
features = append(features, "is hosted by Gravitational")
}
if c.GetAWSProductID() != "" {
features = append(features, fmt.Sprintf("is limited to AWS product ID %q", c.Spec.AWSProductID))
}
if c.GetAWSAccountID() != "" {
features = append(features, fmt.Sprintf("is limited to AWS account ID %q", c.Spec.AWSAccountID))
}
if len(features) == 0 {
return ""
}
return strings.Join(features, ",")
}
// GetFeatureSource returns the source Teleport should use to read the features
func (c *LicenseV3) GetFeatureSource() FeatureSource {
// defaults to License for backward compatibility
if c.Spec.FeatureSource == "" {
return FeatureSourceLicense
}
return c.Spec.FeatureSource
}
// LicenseSpecV3 is the actual data we care about for LicenseV3. When changing
// this, keep in mind that other consumers of teleport/api (Houston, Sales
// Center) might still need to generate or parse licenses for older versions of
// Teleport.
type LicenseSpecV3 struct {
// AccountID is a customer account ID
AccountID string `json:"account_id,omitempty"`
// AWSProductID limits usage to AWS instance with a product ID
AWSProductID string `json:"aws_pid,omitempty"`
// AWSAccountID limits usage to AWS instance within account ID
AWSAccountID string `json:"aws_account,omitempty"`
// SupportsKubernetes turns kubernetes support on or off
SupportsKubernetes Bool `json:"k8s"`
// SupportsApplicationAccess turns application access on or off
// Note it's a pointer for backward compatibility
SupportsApplicationAccess *Bool `json:"app,omitempty"`
// SupportsDatabaseAccess turns database access on or off
SupportsDatabaseAccess Bool `json:"db,omitempty"`
// SupportsDesktopAccess turns desktop access on or off
SupportsDesktopAccess Bool `json:"desktop,omitempty"`
// ReportsUsage turns Houston usage reporting on or off
ReportsUsage Bool `json:"usage,omitempty"`
// SalesCenterReporting turns Sales Center usage reporting on or off
SalesCenterReporting Bool `json:"reporting,omitempty"`
// Cloud is turned on when teleport is hosted by Gravitational
Cloud Bool `json:"cloud,omitempty"`
// SupportsModeratedSessions turns on moderated sessions
SupportsModeratedSessions Bool `json:"moderated_sessions,omitempty"`
// SupportsMachineID turns MachineID support on or off
SupportsMachineID Bool `json:"machine_id,omitempty"`
// SupportsResourceAccessRequests turns resource access request support on or off
SupportsResourceAccessRequests Bool `json:"resource_access_requests,omitempty"`
// SupportsFeatureHiding turns feature hiding support on or off
SupportsFeatureHiding Bool `json:"feature_hiding,omitempty"`
// Trial is true for trial licenses
Trial Bool `json:"trial,omitempty"`
// FeatureSource is the source of the set of enabled feature
//
// Deprecated.
// FeatureSource was used to differentiate between
// cloud+team vs cloud+enterprise. cloud+enterprise read from license
// and cloud+team read from salescenter. With the new EUB product,
// all cloud+ will read from salescenter.
FeatureSource FeatureSource `json:"feature_source"`
// CustomTheme is the name of the WebUI custom theme
CustomTheme string `json:"custom_theme,omitempty"`
// SupportsIdentityGovernanceSecurity turns IGS features on or off.
SupportsIdentityGovernanceSecurity Bool `json:"identity_governance_security,omitempty"`
// UsageBasedBilling determines if the user subscription is usage-based (pay-as-you-go).
UsageBasedBilling Bool `json:"usage_based_billing,omitempty"`
// AnonymizationKey is a key that is used to anonymize usage data when it is set.
// It should only be set when UsageBasedBilling is true.
AnonymizationKey string `json:"anonymization_key,omitempty"`
// SupportsPolicy turns Teleport Policy features on or off.
SupportsPolicy Bool `json:"policy,omitempty"`
// entitlements define a customer’s access to a specific features
Entitlements map[string]EntitlementInfo `json:"entitlements,omitempty"`
}
/*
Copyright 2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"strings"
"time"
"github.com/gogo/protobuf/proto"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
// Lock configures locking out of a particular access vector.
type Lock interface {
Resource
ResourceWithOrigin
ResourceWithLabels
// Target returns the lock's target.
Target() LockTarget
// SetTarget sets the lock's target.
SetTarget(LockTarget)
// Message returns the message displayed to locked-out users.
Message() string
// SetMessage sets the lock's user message.
SetMessage(string)
// LockExpiry returns when the lock ceases to be in force.
LockExpiry() *time.Time
// SetLockExpiry sets the lock's expiry.
SetLockExpiry(*time.Time)
// CreatedAt returns the time the lock was created.
CreatedAt() time.Time
// SetCreatedAt sets the lock's created time.
SetCreatedAt(time.Time)
// CreatedBy returns the user that created the lock.
CreatedBy() string
// SetCreatedBy sets the lock's creator.
SetCreatedBy(string)
// IsInForce returns whether the lock is in force at a particular time.
IsInForce(time.Time) bool
// Clone returns a copy of the lock.
Clone() Lock
}
// NewLock is a convenience method to create a Lock resource.
func NewLock(name string, spec LockSpecV2) (Lock, error) {
lock := &LockV2{
Metadata: Metadata{
Name: name,
},
Spec: spec,
}
if err := lock.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return lock, nil
}
// Clone returns a copy of the lock.
func (c *LockV2) Clone() Lock {
return utils.CloneProtoMsg(c)
}
// GetVersion returns resource version.
func (c *LockV2) GetVersion() string {
return c.Version
}
// GetName returns the name of the resource.
func (c *LockV2) GetName() string {
return c.Metadata.Name
}
// SetName sets the name of the resource.
func (c *LockV2) SetName(e string) {
c.Metadata.Name = e
}
// SetExpiry sets expiry time for the object.
func (c *LockV2) SetExpiry(expires time.Time) {
c.Metadata.SetExpiry(expires)
}
// Expiry returns object expiry setting.
func (c *LockV2) Expiry() time.Time {
return c.Metadata.Expiry()
}
// GetMetadata returns object metadata.
func (c *LockV2) GetMetadata() Metadata {
return c.Metadata
}
// GetRevision returns the revision
func (c *LockV2) GetRevision() string {
return c.Metadata.GetRevision()
}
// SetRevision sets the revision
func (c *LockV2) SetRevision(rev string) {
c.Metadata.SetRevision(rev)
}
// GetKind returns resource kind.
func (c *LockV2) GetKind() string {
return c.Kind
}
// GetSubKind returns resource subkind.
func (c *LockV2) GetSubKind() string {
return c.SubKind
}
// SetSubKind sets resource subkind.
func (c *LockV2) SetSubKind(sk string) {
c.SubKind = sk
}
// Target returns the lock's target.
func (c *LockV2) Target() LockTarget {
return c.Spec.Target
}
// SetTarget sets the lock's target.
func (c *LockV2) SetTarget(target LockTarget) {
c.Spec.Target = target
}
// Message returns the message displayed to locked-out users.
func (c *LockV2) Message() string {
return c.Spec.Message
}
// SetMessage sets the lock's user message.
func (c *LockV2) SetMessage(message string) {
c.Spec.Message = message
}
// LockExpiry returns when the lock ceases to be in force.
func (c *LockV2) LockExpiry() *time.Time {
return c.Spec.Expires
}
// SetLockExpiry sets the lock's expiry.
func (c *LockV2) SetLockExpiry(expiry *time.Time) {
c.Spec.Expires = expiry
}
func (c *LockV2) CreatedAt() time.Time {
return c.Spec.CreatedAt
}
func (c *LockV2) SetCreatedAt(t time.Time) {
c.Spec.CreatedAt = t
}
func (c *LockV2) CreatedBy() string {
return c.Spec.CreatedBy
}
func (c *LockV2) SetCreatedBy(user string) {
c.Spec.CreatedBy = user
}
// IsInForce returns whether the lock is in force at a particular time.
func (c *LockV2) IsInForce(t time.Time) bool {
if c.Spec.Expires == nil {
return true
}
return t.Before(*c.Spec.Expires)
}
// setStaticFields sets static resource header and metadata fields.
func (c *LockV2) setStaticFields() {
c.Kind = KindLock
c.Version = V2
}
// CheckAndSetDefaults verifies the constraints for Lock.
func (c *LockV2) CheckAndSetDefaults() error {
c.setStaticFields()
err := c.Metadata.CheckAndSetDefaults()
if err != nil {
return trace.Wrap(err)
}
if c.Spec.Target.IsEmpty() {
return trace.BadParameter("at least one target field must be set")
}
return nil
}
// Origin fetches the lock's origin, if any. Returns the empty string if no
// origin is set.
func (c *LockV2) Origin() string {
return c.Metadata.Labels[OriginLabel]
}
func (c *LockV2) SetOrigin(origin string) {
c.Metadata.SetOrigin(origin)
}
// GetLabel fetches the given user label, with the same semantics
// as a map read
func (c *LockV2) GetLabel(key string) (value string, ok bool) {
value, ok = c.Metadata.Labels[key]
return
}
// GetAllLabels fetches all the user labels.
func (c *LockV2) GetAllLabels() map[string]string {
return c.Metadata.Labels
}
// GetStaticLabels fetches all the user labels.
func (c *LockV2) GetStaticLabels() map[string]string {
return c.Metadata.Labels
}
// SetStaticLabels sets the entire label set for the user.
func (c *LockV2) SetStaticLabels(sl map[string]string) {
c.Metadata.Labels = sl
}
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (c *LockV2) MatchSearch(values []string) bool {
fieldVals := append(utils.MapToStrings(c.Metadata.Labels), c.GetName())
return MatchSearch(fieldVals, values, nil)
}
// IntoMap returns the target attributes in the form of a map.
func (t LockTarget) IntoMap() (map[string]string, error) {
m := map[string]string{}
if err := utils.ObjectToStruct(t, &m); err != nil {
return nil, trace.Wrap(err)
}
return m, nil
}
// FromMap copies values from a map into this LockTarget.
func (t *LockTarget) FromMap(m map[string]string) error {
return trace.Wrap(utils.ObjectToStruct(m, t))
}
// IsEmpty returns true if none of the target's fields is set.
func (t LockTarget) IsEmpty() bool {
return t.User == "" &&
t.Role == "" &&
t.Login == "" &&
t.MFADevice == "" &&
t.WindowsDesktop == "" &&
t.AccessRequest == "" &&
t.Device == "" &&
t.ServerID == "" &&
t.BotInstanceID == "" &&
t.JoinToken == ""
}
// Match returns true if the lock's target is matched by this target.
func (t LockTarget) Match(lock Lock) bool {
if t.IsEmpty() {
return false
}
lockTarget := lock.Target()
return (t.User == "" || lockTarget.User == t.User) &&
(t.Role == "" || lockTarget.Role == t.Role) &&
(t.Login == "" || lockTarget.Login == t.Login) &&
(t.MFADevice == "" || lockTarget.MFADevice == t.MFADevice) &&
(t.WindowsDesktop == "" || lockTarget.WindowsDesktop == t.WindowsDesktop) &&
(t.AccessRequest == "" || lockTarget.AccessRequest == t.AccessRequest) &&
(t.Device == "" || lockTarget.Device == t.Device) &&
(t.ServerID == "" || lockTarget.ServerID == t.ServerID) &&
(t.BotInstanceID == "" || lockTarget.BotInstanceID == t.BotInstanceID) &&
(t.JoinToken == "" || lockTarget.JoinToken == t.JoinToken)
}
// String returns string representation of the LockTarget.
func (t LockTarget) String() string {
return strings.TrimSpace(proto.CompactTextString(&t))
}
// Equals returns true when the two lock targets are equal.
func (t LockTarget) Equals(t2 LockTarget) bool {
return t.User == t2.User &&
t.Role == t2.Role &&
t.Login == t2.Login &&
t.MFADevice == t2.MFADevice &&
t.WindowsDesktop == t2.WindowsDesktop &&
t.AccessRequest == t2.AccessRequest &&
t.Device == t2.Device &&
t.ServerID == t2.ServerID &&
t.BotInstanceID == t2.BotInstanceID &&
t.JoinToken == t2.JoinToken
}
/*
Copyright 2022 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"strings"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
const (
// UpgraderKindKubeController is a short name used to identify the kube-controller-based
// external upgrader variant.
UpgraderKindKubeController = "kube"
// UpgraderKindSystemdUnit is a short name used to identify the systemd-unit-based
// external upgrader variant.
UpgraderKindSystemdUnit = "unit"
// UpgraderKindTeleportUpdate is a short name used to identify the teleport-update
// external upgrader variant.
UpgraderKindTeleportUpdate = "binary"
)
var validWeekdays = [7]time.Weekday{
time.Sunday,
time.Monday,
time.Tuesday,
time.Wednesday,
time.Thursday,
time.Friday,
time.Saturday,
}
// ParseWeekday attempts to interpret a string as a time.Weekday. In the interest of flexibility,
// parsing is case-insensitive and supports the common three-letter shorthand accepted by many
// common scheduling utilites (e.g. contab, systemd timers).
func ParseWeekday(s string) (day time.Weekday, ok bool) {
for _, w := range validWeekdays {
if strings.EqualFold(w.String(), s) || strings.EqualFold(w.String()[:3], s) {
return w, true
}
}
return time.Sunday, false
}
// ParseWeekdays attempts to parse a slice of strings representing week days.
// The slice must not be empty but can also contain a single value "*", representing the whole week.
// Day order doesn't matter but the same week day must not be present multiple times.
// In the interest of flexibility, parsing is case-insensitive and supports the common three-letter shorthand
// accepted by many common scheduling utilites (e.g. contab, systemd timers).
func ParseWeekdays(days []string) (map[time.Weekday]struct{}, error) {
if len(days) == 0 {
return nil, trace.BadParameter("empty weekdays list")
}
// Special case, we support wildcards.
if len(days) == 1 && days[0] == Wildcard {
return map[time.Weekday]struct{}{
time.Monday: {},
time.Tuesday: {},
time.Wednesday: {},
time.Thursday: {},
time.Friday: {},
time.Saturday: {},
time.Sunday: {},
}, nil
}
weekdays := make(map[time.Weekday]struct{}, 7)
for _, day := range days {
weekday, ok := ParseWeekday(day)
if !ok {
return nil, trace.BadParameter("failed to parse weekday: %v", day)
}
// Check if this is a duplicate
if _, ok := weekdays[weekday]; ok {
return nil, trace.BadParameter("duplicate weekday: %v", weekday.String())
}
weekdays[weekday] = struct{}{}
}
return weekdays, nil
}
// generator builds a closure that iterates valid maintenance config from the current day onward. Used in
// schedule export logic and tests.
func (w *AgentUpgradeWindow) generator(from time.Time) func() (start time.Time, end time.Time) {
from = from.UTC()
next := time.Date(
from.Year(),
from.Month(),
from.Day(),
int(w.UTCStartHour%24),
0, // min
0, // sec
0, // nsec
time.UTC,
)
var weekdays []time.Weekday
for _, d := range w.Weekdays {
if p, ok := ParseWeekday(d); ok {
weekdays = append(weekdays, p)
}
}
return func() (start time.Time, end time.Time) {
for { // safe because invalid weekdays have been filtered out
start = next
end = start.Add(time.Hour)
next = next.AddDate(0, 0, 1)
if len(weekdays) == 0 {
return
}
for _, day := range weekdays {
if start.Weekday() == day {
return
}
}
}
}
}
// Export exports the next `n` upgrade windows as a schedule object, starting from `from`.
func (w *AgentUpgradeWindow) Export(from time.Time, n int) AgentUpgradeSchedule {
gen := w.generator(from)
sched := AgentUpgradeSchedule{
Windows: make([]ScheduledAgentUpgradeWindow, 0, n),
}
for i := 0; i < n; i++ {
start, stop := gen()
sched.Windows = append(sched.Windows, ScheduledAgentUpgradeWindow{
Start: start.UTC(),
Stop: stop.UTC(),
})
}
return sched
}
func (s *AgentUpgradeSchedule) Clone() *AgentUpgradeSchedule {
return utils.CloneProtoMsg(s)
}
// NewClusterMaintenanceConfig creates a new maintenance config with no parameters set.
func NewClusterMaintenanceConfig() ClusterMaintenanceConfig {
var cmc ClusterMaintenanceConfigV1
cmc.setStaticFields()
return &cmc
}
// ClusterMaintenanceConfig represents a singleton config object used to schedule maintenance
// windows. Currently this config object's only purpose is to configure a global agent
// upgrade window, used to coordinate upgrade timing for non-control-plane agents.
type ClusterMaintenanceConfig interface {
Resource
// GetNonce gets the nonce of the maintenance config.
GetNonce() uint64
// WithNonce creates a shallow copy with a new nonce.
WithNonce(nonce uint64) any
// GetAgentUpgradeWindow gets the agent upgrade window.
GetAgentUpgradeWindow() (win AgentUpgradeWindow, ok bool)
// SetAgentUpgradeWindow sets the agent upgrade window.
SetAgentUpgradeWindow(win AgentUpgradeWindow)
// WithinUpgradeWindow returns true if the time is within the configured
// upgrade window.
WithinUpgradeWindow(t time.Time) bool
CheckAndSetDefaults() error
}
func (m *ClusterMaintenanceConfigV1) setStaticFields() {
if m.Version == "" {
m.Version = V1
}
if m.Kind == "" {
m.Kind = KindClusterMaintenanceConfig
}
if m.Metadata.Name == "" {
m.Metadata.Name = MetaNameClusterMaintenanceConfig
}
}
func (m *ClusterMaintenanceConfigV1) CheckAndSetDefaults() error {
m.setStaticFields()
if err := m.ResourceHeader.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if m.Version != V1 {
return trace.BadParameter("unexpected maintenance config resource version %q (expected %q)", m.Version, V1)
}
if m.Kind == MetaNameClusterMaintenanceConfig {
// normalize easy mixup
m.Kind = KindClusterMaintenanceConfig
}
if m.Kind != KindClusterMaintenanceConfig {
return trace.BadParameter("unexpected maintenance config kind %q (expected %q)", m.Kind, KindClusterMaintenanceConfig)
}
if m.Metadata.Name == KindClusterMaintenanceConfig {
// normalize easy mixup
m.Metadata.Name = MetaNameClusterMaintenanceConfig
}
if m.Metadata.Name != MetaNameClusterMaintenanceConfig {
return trace.BadParameter("unexpected maintenance config name %q (expected %q)", m.Metadata.Name, MetaNameClusterMaintenanceConfig)
}
if m.Spec.AgentUpgrades != nil {
if h := m.Spec.AgentUpgrades.UTCStartHour; h > 23 {
return trace.BadParameter("agent upgrade window utc start hour must be in range 0..23, got %d", h)
}
for _, day := range m.Spec.AgentUpgrades.Weekdays {
if _, ok := ParseWeekday(day); !ok {
return trace.BadParameter("invalid weekday in agent upgrade window: %q", day)
}
}
}
return nil
}
func (m *ClusterMaintenanceConfigV1) GetNonce() uint64 {
return m.Nonce
}
func (m *ClusterMaintenanceConfigV1) WithNonce(nonce uint64) any {
shallowCopy := *m
shallowCopy.Nonce = nonce
return &shallowCopy
}
func (m *ClusterMaintenanceConfigV1) GetAgentUpgradeWindow() (win AgentUpgradeWindow, ok bool) {
if m.Spec.AgentUpgrades == nil {
return AgentUpgradeWindow{}, false
}
return *m.Spec.AgentUpgrades, true
}
func (m *ClusterMaintenanceConfigV1) SetAgentUpgradeWindow(win AgentUpgradeWindow) {
m.Spec.AgentUpgrades = &win
}
// WithinUpgradeWindow returns true if the time is within the configured
// upgrade window.
func (m *ClusterMaintenanceConfigV1) WithinUpgradeWindow(t time.Time) bool {
upgradeWindow, ok := m.GetAgentUpgradeWindow()
if !ok {
return false
}
if len(upgradeWindow.Weekdays) == 0 {
if int(upgradeWindow.UTCStartHour) == t.Hour() {
return true
}
}
upgradeWeekDays, err := ParseWeekdays(upgradeWindow.Weekdays)
if err != nil {
return false
}
if _, ok := upgradeWeekDays[t.Weekday()]; !ok {
return false
}
return int(upgradeWindow.UTCStartHour) == t.Hour()
}
/*
Copyright 2023 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"net/url"
"strings"
"github.com/gravitational/trace"
)
// Matcher is an interface for cloud resource matchers.
type Matcher interface {
// GetTypes gets the types that the matcher can match.
GetTypes() []string
// CopyWithTypes copies the matcher with new types.
CopyWithTypes(t []string) Matcher
}
// CheckAndSetDefaults checks and sets defaults for HTTPProxySettings.
func (settings *HTTPProxySettings) CheckAndSetDefaults() error {
if settings == nil {
return nil
}
if !isValidHTTPProxyURL(settings.HTTPProxy) {
return trace.BadParameter("invalid http_proxy setting: %q", settings.HTTPProxy)
}
if !isValidHTTPProxyURL(settings.HTTPSProxy) {
return trace.BadParameter("invalid https_proxy setting: %q", settings.HTTPSProxy)
}
// NO_PROXY can contain multiple comma-separated values.
// Each value can have multiple formats: IP address, CIDR, domain name, etc.
// Each tool might have its own rules for parsing and validating NO_PROXY values.
// Due to this complexity and ambiguity, we skip strict validation here.
return nil
}
// We expect these variables to be used by Go code, so this method must allow at least all possible variations that are allowed by the golang.org/x/net/http/httpproxy.
func isValidHTTPProxyURL(proxyURL string) bool {
if proxyURL == "" {
return true
}
if !strings.HasPrefix("https://", proxyURL) && !strings.HasPrefix("http://", proxyURL) {
// See https://cs.opensource.google/go/x/net/+/refs/tags/v0.46.0:http/httpproxy/proxy.go;drc=cde1dda944dcf6350753df966bb5bda87a544842;l=154
proxyURL = "http://" + proxyURL
}
if _, err := url.Parse(proxyURL); err != nil {
return false
}
return true
}
/*
Copyright 2023 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"github.com/gravitational/trace"
awsapiutils "github.com/gravitational/teleport/api/utils/aws"
)
// CheckAndSetDefaults that the matcher is correct and adds default values.
func (a *AccessGraphSync) CheckAndSetDefaults() error {
for _, matcher := range a.AWS {
if err := matcher.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
}
return nil
}
func (a *AccessGraphAWSSync) CheckAndSetDefaults() error {
if len(a.Regions) == 0 {
return trace.BadParameter("discovery service requires at least one region")
}
for _, region := range a.Regions {
if err := awsapiutils.IsValidRegion(region); err != nil {
return trace.BadParameter("discovery service does not support region %q", region)
}
}
if a.CloudTrailLogs != nil {
if a.CloudTrailLogs.SQSQueue == "" {
return trace.BadParameter("discovery service requires SQS queue for CloudTrail logs")
}
if a.CloudTrailLogs.Region == "" {
return trace.BadParameter("discovery service requires Region for CloudTrail logs")
}
}
return nil
}
/*
Copyright 2023 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"os"
"slices"
"strconv"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/constants"
apiutils "github.com/gravitational/teleport/api/utils"
awsapiutils "github.com/gravitational/teleport/api/utils/aws"
)
const (
// IAMInviteTokenName is the name of the default Teleport IAM
// token to use when templating the script to be executed.
IAMInviteTokenName = "aws-discovery-iam-token"
// SSHDConfigPath is the path to the sshd config file to modify
// when using the agentless installer
SSHDConfigPath = "/etc/ssh/sshd_config"
// AWSInstallerDocument is the name of the default AWS document
// that will be called when executing the SSM command.
AWSInstallerDocument = "TeleportDiscoveryInstaller"
// AWSSSMDocumentRunShellScript is the `AWS-RunShellScript` SSM Document name.
// It is available in all AWS accounts and does not need to be manually created.
AWSSSMDocumentRunShellScript = "AWS-RunShellScript"
// AWSAgentlessInstallerDocument is the name of the default AWS document
// that will be called when executing the SSM command .
AWSAgentlessInstallerDocument = "TeleportAgentlessDiscoveryInstaller"
// AWSMatcherEC2 is the AWS matcher type for EC2 instances.
AWSMatcherEC2 = "ec2"
// AWSMatcherEKS is the AWS matcher type for AWS Kubernetes.
AWSMatcherEKS = "eks"
// AWSMatcherRDS is the AWS matcher type for RDS databases.
AWSMatcherRDS = "rds"
// AWSMatcherRDSProxy is the AWS matcher type for RDS Proxy databases.
AWSMatcherRDSProxy = "rdsproxy"
// AWSMatcherRedshift is the AWS matcher type for Redshift databases.
AWSMatcherRedshift = "redshift"
// AWSMatcherRedshiftServerless is the AWS matcher type for Redshift Serverless databases.
AWSMatcherRedshiftServerless = "redshift-serverless"
// AWSMatcherElastiCache is the AWS matcher type for ElastiCache databases.
AWSMatcherElastiCache = "elasticache"
// AWSMatcherElastiCacheServerless is the AWS matcher type for ElastiCacheServerless databases.
AWSMatcherElastiCacheServerless = "elasticache-serverless"
// AWSMatcherMemoryDB is the AWS matcher type for MemoryDB databases.
AWSMatcherMemoryDB = "memorydb"
// AWSMatcherOpenSearch is the AWS matcher type for OpenSearch databases.
AWSMatcherOpenSearch = "opensearch"
// AWSMatcherDocumentDB is the AWS matcher type for DocumentDB databases.
AWSMatcherDocumentDB = "docdb"
)
// SupportedAWSMatchers is list of AWS services currently supported by the
// Teleport discovery service.
var SupportedAWSMatchers = append([]string{
AWSMatcherEC2,
AWSMatcherEKS,
}, SupportedAWSDatabaseMatchers...)
// SupportedAWSDatabaseMatchers is a list of the AWS databases currently
// supported by the Teleport discovery service.
// IMPORTANT: when adding new Database matchers, make sure reference configs
// for both Discovery and Database Service are updated in docs.
var SupportedAWSDatabaseMatchers = []string{
AWSMatcherRDS,
AWSMatcherRDSProxy,
AWSMatcherRedshift,
AWSMatcherRedshiftServerless,
AWSMatcherElastiCache,
AWSMatcherElastiCacheServerless,
AWSMatcherMemoryDB,
AWSMatcherOpenSearch,
AWSMatcherDocumentDB,
}
// RequireAWSIAMRolesAsUsersMatchers is a list of the AWS databases that
// require AWS IAM roles as database users.
// IMPORTANT: if you add database matchers for AWS keyspaces, OpenSearch, or
// DynamoDB discovery, add them here and in RequireAWSIAMRolesAsUsers in
// api/types.
var RequireAWSIAMRolesAsUsersMatchers = []string{
AWSMatcherRedshiftServerless,
AWSMatcherOpenSearch,
AWSMatcherDocumentDB,
}
// GetTypes gets the types that the matcher can match.
func (m AWSMatcher) GetTypes() []string {
return m.Types
}
// CopyWithTypes copies the matcher with new types.
func (m AWSMatcher) CopyWithTypes(t []string) Matcher {
newMatcher := m
newMatcher.Types = t
return newMatcher
}
func isAlphanumericIncluding(s string, extraChars ...rune) bool {
for _, r := range s {
if (r >= 'a' && r <= 'z') || (r >= 'A' && r <= 'Z') || (r >= '0' && r <= '9') || slices.Contains(extraChars, r) {
continue
}
return false
}
return true
}
// IsRegionWildcard returns true if the matcher is configured to discover resources in all regions.
func (m *AWSMatcher) IsRegionWildcard() bool {
return len(m.Regions) == 1 && m.Regions[0] == Wildcard
}
// CheckAndSetDefaults that the matcher is correct and adds default values.
func (m *AWSMatcher) CheckAndSetDefaults() error {
for _, matcherType := range m.Types {
if !slices.Contains(SupportedAWSMatchers, matcherType) {
return trace.BadParameter("discovery service type does not support %q, supported resource types are: %v",
matcherType, SupportedAWSMatchers)
}
}
if len(m.Types) == 0 {
return trace.BadParameter("discovery service requires at least one type")
}
if len(m.Regions) == 0 {
return trace.BadParameter("discovery service requires at least one region, for EC2 you can also set the region to %q to iterate over all regions (requires account:ListRegions IAM permission)", Wildcard)
}
for _, region := range m.Regions {
if region == Wildcard {
if len(m.Regions) > 1 {
return trace.BadParameter("when using %q as region, no other regions can be specified", Wildcard)
}
break
}
if err := awsapiutils.IsValidRegion(region); err != nil {
return trace.BadParameter("discovery service does not support region %q", region)
}
}
if err := m.validateOrganizationAccountDiscovery(); err != nil {
return trace.Wrap(err)
}
if m.AssumeRole != nil {
if m.AssumeRole.RoleARN != "" {
if err := awsapiutils.CheckRoleARN(m.AssumeRole.RoleARN); err != nil {
return trace.BadParameter("invalid assume role: %v", err)
}
} else if m.AssumeRole.ExternalID != "" {
for _, t := range m.Types {
if !slices.Contains(RequireAWSIAMRolesAsUsersMatchers, t) {
return trace.BadParameter("discovery service AWS matcher assume_role_arn is empty, but has external_id %q",
m.AssumeRole.ExternalID)
}
}
}
}
if m.SetupAccessForARN != "" {
if !slices.Contains(m.Types, AWSMatcherEKS) {
return trace.BadParameter("discovery service AWS matcher setup_access_for_arn is only supported for eks")
}
if err := awsapiutils.CheckRoleARN(m.SetupAccessForARN); err != nil {
return trace.BadParameter("invalid setup access for ARN: %v", err)
}
}
if len(m.Tags) == 0 {
m.Tags = map[string]apiutils.Strings{Wildcard: {Wildcard}}
}
if m.Params == nil {
m.Params = &InstallerParams{
InstallTeleport: true,
}
}
switch m.Params.EnrollMode {
case InstallParamEnrollMode_INSTALL_PARAM_ENROLL_MODE_UNSPECIFIED:
m.Params.EnrollMode = InstallParamEnrollMode_INSTALL_PARAM_ENROLL_MODE_SCRIPT
if m.Integration != "" {
m.Params.EnrollMode = InstallParamEnrollMode_INSTALL_PARAM_ENROLL_MODE_EICE
}
case InstallParamEnrollMode_INSTALL_PARAM_ENROLL_MODE_EICE:
if m.Integration == "" {
return trace.BadParameter("integration is required for eice enroll mode")
}
case InstallParamEnrollMode_INSTALL_PARAM_ENROLL_MODE_SCRIPT:
default:
return trace.BadParameter("invalid enroll mode %s", m.Params.EnrollMode.String())
}
if slices.Contains(m.Types, AWSMatcherEC2) && m.Params.EnrollMode == InstallParamEnrollMode_INSTALL_PARAM_ENROLL_MODE_EICE {
if eiceEnabled, _ := strconv.ParseBool(os.Getenv(constants.UnstableEnableEICEEnvVar)); !eiceEnabled {
return trace.BadParameter(constants.EICEDisabledMessage)
}
}
switch m.Params.JoinMethod {
case JoinMethodIAM, "":
m.Params.JoinMethod = JoinMethodIAM
default:
return trace.BadParameter("only IAM joining is supported for EC2 auto-discovery")
}
if m.Params.JoinToken == "" {
m.Params.JoinToken = IAMInviteTokenName
}
if m.Params.SSHDConfig == "" {
m.Params.SSHDConfig = SSHDConfigPath
}
if m.Params.Suffix != "" {
if !isAlphanumericIncluding(m.Params.Suffix, '-') {
return trace.BadParameter("install.suffix can only contain alphanumeric characters and hyphens")
}
}
if m.Params.UpdateGroup != "" {
if !isAlphanumericIncluding(m.Params.UpdateGroup, '-') {
return trace.BadParameter("install.update_group can only contain alphanumeric characters and hyphens")
}
}
if err := m.Params.HTTPProxySettings.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if m.Params.ScriptName == "" {
m.Params.ScriptName = DefaultInstallerScriptNameAgentless
if m.Params.InstallTeleport {
m.Params.ScriptName = DefaultInstallerScriptName
}
}
if m.SSM == nil {
m.SSM = &AWSSSM{}
}
if m.SSM.DocumentName == "" {
m.SSM.DocumentName = AWSAgentlessInstallerDocument
if m.Params.InstallTeleport {
m.SSM.DocumentName = AWSInstallerDocument
}
}
return nil
}
// HasOrganizationMatcher returns true if the matcher has an organization ID set.
func (m *AWSMatcher) HasOrganizationMatcher() bool {
return m.Organization != nil && m.Organization.OrganizationID != ""
}
func (m *AWSMatcher) validateOrganizationAccountDiscovery() error {
if m.Organization.IsEmpty() {
return nil
}
if m.Organization.OrganizationID == "" {
return trace.BadParameter("organization ID required but missing")
}
if m.Organization.OrganizationalUnits == nil {
return trace.BadParameter("organizational units required but missing")
}
if len(m.Organization.OrganizationalUnits.Include) == 0 {
return trace.BadParameter("at least one organizational unit must be included ('*' can be used to include everything)")
}
if m.AssumeRole == nil || m.AssumeRole.RoleName == "" {
return trace.BadParameter("assume role name is required when organization id is set")
}
if m.AssumeRole.RoleARN != "" {
return trace.BadParameter("assume role must be set to the role name (not the arn) when discovering accounts")
}
if err := awsapiutils.IsValidIAMRoleName(m.AssumeRole.RoleName); err != nil {
return trace.BadParameter("assume role must be set to the role name (not the arn) when discovering accounts: %v", err)
}
return nil
}
// IsEmpty returns true if the AWSOrganizationMatcher is empty.
func (m *AWSOrganizationMatcher) IsEmpty() bool {
return m == nil || deriveTeleportEqualAWSOrganizationMatcher(&AWSOrganizationMatcher{}, m)
}
/*
Copyright 2023 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"slices"
"github.com/gravitational/trace"
apiutils "github.com/gravitational/teleport/api/utils"
)
const (
// AzureInviteTokenName is the name of the default token to use
// when templating the script to be executed on Azure.
AzureInviteTokenName = "azure-discovery-token"
// AzureMatcherVM is the Azure matcher type for Azure VMs.
AzureMatcherVM = "vm"
// AzureMatcherKubernetes is the Azure matcher type for Azure Kubernetes.
AzureMatcherKubernetes = "aks"
// AzureMatcherMySQL is the Azure matcher type for Azure MySQL databases.
AzureMatcherMySQL = "mysql"
// AzureMatcherPostgres is the Azure matcher type for Azure Postgres databases.
AzureMatcherPostgres = "postgres"
// AzureMatcherRedis is the Azure matcher type for Azure Cache for Redis databases.
AzureMatcherRedis = "redis"
// AzureMatcherSQLServer is the Azure matcher type for SQL Server databases.
AzureMatcherSQLServer = "sqlserver"
)
// SupportedAzureMatchers is list of Azure services currently supported by the
// Teleport discovery service.
// IMPORTANT: when adding new Database matchers, make sure reference configs
// for both Discovery and Database Service are updated in docs.
var SupportedAzureMatchers = []string{
AzureMatcherVM,
AzureMatcherKubernetes,
AzureMatcherMySQL,
AzureMatcherPostgres,
AzureMatcherRedis,
AzureMatcherSQLServer,
}
// GetTypes gets the types that the matcher can match.
func (m AzureMatcher) GetTypes() []string {
return m.Types
}
// CopyWithTypes copies the matcher with new types.
func (m AzureMatcher) CopyWithTypes(t []string) Matcher {
newMatcher := m
newMatcher.Types = t
return newMatcher
}
// CheckAndSetDefaults that the matcher is correct and adds default values.
func (m *AzureMatcher) CheckAndSetDefaults() error {
if len(m.Types) == 0 {
return trace.BadParameter("At least one Azure discovery service type must be specified, the supported resource types are: %v",
SupportedAzureMatchers)
}
for _, matcherType := range m.Types {
if !slices.Contains(SupportedAzureMatchers, matcherType) {
return trace.BadParameter("Azure discovery service type does not support %q resource type; supported resource types are: %v",
matcherType, SupportedAzureMatchers)
}
}
if slices.Contains(m.Types, AzureMatcherVM) {
if m.Params == nil {
m.Params = &InstallerParams{}
}
if m.Params.Azure == nil {
m.Params.Azure = &AzureInstallerParams{}
}
if m.Params.Suffix != "" {
if !isAlphanumericIncluding(m.Params.Suffix, '-') {
return trace.BadParameter("install.suffix can only contain alphanumeric characters and hyphens")
}
}
if m.Params.UpdateGroup != "" {
if !isAlphanumericIncluding(m.Params.UpdateGroup, '-') {
return trace.BadParameter("install.update_group can only contain alphanumeric characters and hyphens")
}
}
switch m.Params.JoinMethod {
case JoinMethodAzure, "":
m.Params.JoinMethod = JoinMethodAzure
default:
return trace.BadParameter("only Azure joining is supported for Azure auto-discovery")
}
if m.Params.JoinToken == "" {
m.Params.JoinToken = AzureInviteTokenName
}
if m.Params.ScriptName == "" {
m.Params.ScriptName = DefaultInstallerScriptName
}
if err := m.Params.HTTPProxySettings.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
}
if slices.Contains(m.Regions, Wildcard) || len(m.Regions) == 0 {
m.Regions = []string{Wildcard}
}
if slices.Contains(m.Subscriptions, Wildcard) || len(m.Subscriptions) == 0 {
m.Subscriptions = []string{Wildcard}
}
if slices.Contains(m.ResourceGroups, Wildcard) || len(m.ResourceGroups) == 0 {
m.ResourceGroups = []string{Wildcard}
}
if len(m.ResourceTags) == 0 {
m.ResourceTags = map[string]apiutils.Strings{
Wildcard: {Wildcard},
}
}
return nil
}
/*
Copyright 2023 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"slices"
"github.com/gravitational/trace"
apiutils "github.com/gravitational/teleport/api/utils"
)
const (
// GCPInviteTokenName is the name of the default token to use
// when templating the script to be executed on GCP.
GCPInviteTokenName = "gcp-discovery-token"
// GCPMatcherKubernetes is the GCP matcher type for GCP kubernetes.
GCPMatcherKubernetes = "gke"
// GCPMatcherCompute is the GCP matcher for GCP VMs.
GCPMatcherCompute = "gce"
)
// SupportedGCPMatchers is list of GCP services currently supported by the
// Teleport discovery service.
var SupportedGCPMatchers = []string{
GCPMatcherKubernetes,
GCPMatcherCompute,
}
// GetTypes gets the types that the matcher can match.
func (m GCPMatcher) GetTypes() []string {
return m.Types
}
// CopyWithTypes copies the matcher with new types.
func (m GCPMatcher) CopyWithTypes(t []string) Matcher {
newMatcher := m
newMatcher.Types = t
return newMatcher
}
// GetLabels gets the matcher's labels.
func (m GCPMatcher) GetLabels() Labels {
if len(m.Labels) != 0 {
return m.Labels
}
// Check Tags as well for backwards compatibility.
return m.Tags
}
// CheckAndSetDefaults that the matcher is correct and adds default values.
func (m *GCPMatcher) CheckAndSetDefaults() error {
if len(m.Types) == 0 {
return trace.BadParameter("At least one GCP discovery service type must be specified, the supported resource types are: %v",
SupportedGCPMatchers)
}
for _, matcherType := range m.Types {
if !slices.Contains(SupportedGCPMatchers, matcherType) {
return trace.BadParameter("GCP discovery service type does not support %q resource type; supported resource types are: %v",
matcherType, SupportedGCPMatchers)
}
}
if slices.Contains(m.Types, GCPMatcherCompute) {
if m.Params == nil {
m.Params = &InstallerParams{}
}
if m.Params.Suffix != "" {
if !isAlphanumericIncluding(m.Params.Suffix, '-') {
return trace.BadParameter("install.suffix can only contain alphanumeric characters and hyphens")
}
}
if m.Params.UpdateGroup != "" {
if !isAlphanumericIncluding(m.Params.UpdateGroup, '-') {
return trace.BadParameter("install.update_group can only contain alphanumeric characters and hyphens")
}
}
switch m.Params.JoinMethod {
case JoinMethodGCP, "":
m.Params.JoinMethod = JoinMethodGCP
default:
return trace.BadParameter("only GCP joining is supported for GCP auto-discovery")
}
if m.Params.JoinToken == "" {
m.Params.JoinToken = GCPInviteTokenName
}
if m.Params.ScriptName == "" {
m.Params.ScriptName = DefaultInstallerScriptName
}
if err := m.Params.HTTPProxySettings.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
}
if slices.Contains(m.Locations, Wildcard) || len(m.Locations) == 0 {
m.Locations = []string{Wildcard}
}
if slices.Contains(m.ProjectIDs, Wildcard) && len(m.ProjectIDs) > 1 {
return trace.BadParameter("GCP discovery service either supports wildcard project_ids or multiple values, but not both.")
}
if len(m.ProjectIDs) == 0 {
return trace.BadParameter("GCP discovery service project_ids does cannot be empty; please specify at least one value in project_ids.")
}
if len(m.Labels) > 0 && len(m.Tags) > 0 {
return trace.BadParameter("labels and tags should not both be set.")
}
if len(m.Tags) > 0 {
m.Labels = m.Tags
}
if len(m.Labels) == 0 {
m.Labels = map[string]apiutils.Strings{
Wildcard: {Wildcard},
}
}
return nil
}
/*
Copyright 2023 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"slices"
"github.com/gravitational/trace"
apiutils "github.com/gravitational/teleport/api/utils"
)
const (
// KubernetesMatchersApp is app matcher type for Kubernetes services
KubernetesMatchersApp = "app"
)
// SupportedKubernetesMatchers is a list of Kubernetes matchers supported by
// Teleport discovery service
var SupportedKubernetesMatchers = []string{
KubernetesMatchersApp,
}
// CheckAndSetDefaults that the matcher is correct and adds default values.
func (m *KubernetesMatcher) CheckAndSetDefaults() error {
for _, t := range m.Types {
if !slices.Contains(SupportedKubernetesMatchers, t) {
return trace.BadParameter("Kubernetes discovery does not support %q resource type; supported resource types are: %v",
t, SupportedKubernetesMatchers)
}
}
if len(m.Types) == 0 {
m.Types = []string{KubernetesMatchersApp}
}
if len(m.Namespaces) == 0 {
m.Namespaces = []string{Wildcard}
}
if len(m.Labels) == 0 {
m.Labels = map[string]apiutils.Strings{Wildcard: {Wildcard}}
}
return nil
}
// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: teleport/legacy/types/metadata.proto
package types
import (
fmt "fmt"
_ "github.com/gogo/protobuf/gogoproto"
proto "github.com/gogo/protobuf/proto"
_ "github.com/gogo/protobuf/types"
github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
io "io"
math "math"
math_bits "math/bits"
time "time"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
var _ = time.Kitchen
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
// Metadata is resource metadata
type Metadata struct {
// Name is an object name
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
// Namespace is object namespace. The field should be called "namespace"
// when it returns in Teleport 2.4.
Namespace string `protobuf:"bytes,2,opt,name=Namespace,proto3" json:"-"`
// Description is object description
Description string `protobuf:"bytes,3,opt,name=Description,proto3" json:"description,omitempty"`
// Labels is a set of labels
Labels map[string]string `protobuf:"bytes,5,rep,name=Labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// Expires is a global expiry time header can be set on any resource in the
// system.
Expires *time.Time `protobuf:"bytes,6,opt,name=Expires,proto3,stdtime" json:"expires,omitempty"`
// Revision is an opaque identifier which tracks the versions of a resource
// over time. Clients should ignore and not alter its value but must return
// the revision in any updates of a resource.
Revision string `protobuf:"bytes,8,opt,name=Revision,proto3" json:"revision,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Metadata) Reset() { *m = Metadata{} }
func (m *Metadata) String() string { return proto.CompactTextString(m) }
func (*Metadata) ProtoMessage() {}
func (*Metadata) Descriptor() ([]byte, []int) {
return fileDescriptor_f866f1a35cd57f3e, []int{0}
}
func (m *Metadata) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Metadata) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Metadata.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Metadata) XXX_Merge(src proto.Message) {
xxx_messageInfo_Metadata.Merge(m, src)
}
func (m *Metadata) XXX_Size() int {
return m.Size()
}
func (m *Metadata) XXX_DiscardUnknown() {
xxx_messageInfo_Metadata.DiscardUnknown(m)
}
var xxx_messageInfo_Metadata proto.InternalMessageInfo
func init() {
proto.RegisterType((*Metadata)(nil), "types.Metadata")
proto.RegisterMapType((map[string]string)(nil), "types.Metadata.LabelsEntry")
}
func init() {
proto.RegisterFile("teleport/legacy/types/metadata.proto", fileDescriptor_f866f1a35cd57f3e)
}
var fileDescriptor_f866f1a35cd57f3e = []byte{
// 410 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x4c, 0x52, 0xcb, 0x8e, 0xd3, 0x30,
0x14, 0xc5, 0x7d, 0x4d, 0xc6, 0xdd, 0x14, 0xab, 0xa0, 0x50, 0xa0, 0xae, 0x80, 0x45, 0x25, 0xc0,
0x96, 0xca, 0x86, 0x87, 0xd8, 0x54, 0x33, 0x8b, 0x41, 0xc0, 0xc2, 0xb0, 0x62, 0xe7, 0x76, 0x2e,
0xc1, 0x22, 0xae, 0xad, 0xc4, 0xad, 0xc8, 0x5f, 0xf0, 0x0f, 0xfc, 0x4c, 0x97, 0x7c, 0x41, 0x80,
0x2e, 0xf3, 0x15, 0x28, 0x76, 0x33, 0xcd, 0xca, 0xf7, 0x9e, 0x7b, 0x7c, 0x74, 0xcf, 0xd1, 0xc5,
0x4f, 0x1c, 0xa4, 0x60, 0x4d, 0xe6, 0x78, 0x0a, 0x89, 0x5c, 0x17, 0xdc, 0x15, 0x16, 0x72, 0xae,
0xc1, 0xc9, 0x6b, 0xe9, 0x24, 0xb3, 0x99, 0x71, 0x86, 0xf4, 0x3d, 0x3a, 0x19, 0x27, 0x26, 0x31,
0x1e, 0xe1, 0x75, 0x15, 0x86, 0x13, 0x9a, 0x18, 0x93, 0xa4, 0xc0, 0x7d, 0xb7, 0xda, 0x7e, 0xe5,
0x4e, 0x69, 0xc8, 0x9d, 0xd4, 0x36, 0x10, 0x1e, 0xfd, 0xea, 0xe2, 0xe8, 0xc3, 0x51, 0x90, 0x3c,
0xc0, 0xbd, 0x8f, 0x52, 0x43, 0x8c, 0x66, 0x68, 0x7e, 0xbe, 0x8c, 0xaa, 0x92, 0xf6, 0x36, 0x52,
0x83, 0xf0, 0x28, 0x79, 0x8c, 0xcf, 0xeb, 0x37, 0xb7, 0x72, 0x0d, 0x71, 0xc7, 0x53, 0xfa, 0x55,
0x49, 0xd1, 0x73, 0x71, 0xc2, 0xc9, 0x1b, 0x3c, 0xbc, 0x80, 0x7c, 0x9d, 0x29, 0xeb, 0x94, 0xd9,
0xc4, 0x5d, 0x4f, 0xbb, 0x57, 0x95, 0xf4, 0xce, 0xf5, 0x09, 0x7e, 0x66, 0xb4, 0x72, 0xa0, 0xad,
0x2b, 0x44, 0x9b, 0x4d, 0xae, 0xf0, 0xe0, 0xbd, 0x5c, 0x41, 0x9a, 0xc7, 0xfd, 0x59, 0x77, 0x3e,
0x5c, 0xdc, 0x67, 0xde, 0x1b, 0x6b, 0x16, 0x64, 0x61, 0x7a, 0xb9, 0x71, 0x59, 0xb1, 0x1c, 0x57,
0x25, 0x1d, 0xa5, 0x1e, 0x68, 0xe9, 0x1d, 0x05, 0xc8, 0x27, 0x7c, 0x76, 0xf9, 0xc3, 0xaa, 0x0c,
0xf2, 0x78, 0x30, 0x43, 0xf3, 0xe1, 0x62, 0xc2, 0x42, 0x14, 0xac, 0x89, 0x82, 0x7d, 0x6e, 0xa2,
0x58, 0x3e, 0xdc, 0x97, 0x14, 0x55, 0x25, 0xbd, 0x0d, 0xe1, 0xcb, 0x49, 0xef, 0xe7, 0x1f, 0x8a,
0x44, 0xa3, 0x44, 0x16, 0x38, 0x12, 0xb0, 0x53, 0x79, 0xed, 0x2c, 0xf2, 0xce, 0xee, 0x56, 0x25,
0x25, 0xd9, 0x11, 0x6b, 0xad, 0x71, 0xc3, 0x9b, 0xbc, 0xc2, 0xc3, 0xd6, 0xd6, 0x64, 0x84, 0xbb,
0xdf, 0xa1, 0x08, 0x09, 0x8b, 0xba, 0x24, 0x63, 0xdc, 0xdf, 0xc9, 0x74, 0x7b, 0x8c, 0x54, 0x84,
0xe6, 0x75, 0xe7, 0x25, 0x7a, 0xd7, 0x8b, 0xce, 0x46, 0x91, 0xe8, 0x5c, 0x5d, 0x2c, 0xdf, 0xee,
0xff, 0x4d, 0x6f, 0xed, 0x0f, 0x53, 0xf4, 0xfb, 0x30, 0x45, 0x7f, 0x0f, 0x53, 0xf4, 0xe5, 0x69,
0xa2, 0xdc, 0xb7, 0xed, 0x8a, 0xad, 0x8d, 0xe6, 0x49, 0x26, 0x77, 0xca, 0xc9, 0x3a, 0x42, 0x99,
0xf2, 0x9b, 0xa3, 0x91, 0x56, 0x85, 0x8b, 0x59, 0x0d, 0xbc, 0xe7, 0x17, 0xff, 0x03, 0x00, 0x00,
0xff, 0xff, 0x9e, 0xba, 0xeb, 0x92, 0x51, 0x02, 0x00, 0x00,
}
func (m *Metadata) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Metadata) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Metadata) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Revision) > 0 {
i -= len(m.Revision)
copy(dAtA[i:], m.Revision)
i = encodeVarintMetadata(dAtA, i, uint64(len(m.Revision)))
i--
dAtA[i] = 0x42
}
if m.Expires != nil {
n1, err1 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Expires):])
if err1 != nil {
return 0, err1
}
i -= n1
i = encodeVarintMetadata(dAtA, i, uint64(n1))
i--
dAtA[i] = 0x32
}
if len(m.Labels) > 0 {
for k := range m.Labels {
v := m.Labels[k]
baseI := i
i -= len(v)
copy(dAtA[i:], v)
i = encodeVarintMetadata(dAtA, i, uint64(len(v)))
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintMetadata(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintMetadata(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0x2a
}
}
if len(m.Description) > 0 {
i -= len(m.Description)
copy(dAtA[i:], m.Description)
i = encodeVarintMetadata(dAtA, i, uint64(len(m.Description)))
i--
dAtA[i] = 0x1a
}
if len(m.Namespace) > 0 {
i -= len(m.Namespace)
copy(dAtA[i:], m.Namespace)
i = encodeVarintMetadata(dAtA, i, uint64(len(m.Namespace)))
i--
dAtA[i] = 0x12
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintMetadata(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func encodeVarintMetadata(dAtA []byte, offset int, v uint64) int {
offset -= sovMetadata(v)
base := offset
for v >= 1<<7 {
dAtA[offset] = uint8(v&0x7f | 0x80)
v >>= 7
offset++
}
dAtA[offset] = uint8(v)
return base
}
func (m *Metadata) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovMetadata(uint64(l))
}
l = len(m.Namespace)
if l > 0 {
n += 1 + l + sovMetadata(uint64(l))
}
l = len(m.Description)
if l > 0 {
n += 1 + l + sovMetadata(uint64(l))
}
if len(m.Labels) > 0 {
for k, v := range m.Labels {
_ = k
_ = v
mapEntrySize := 1 + len(k) + sovMetadata(uint64(len(k))) + 1 + len(v) + sovMetadata(uint64(len(v)))
n += mapEntrySize + 1 + sovMetadata(uint64(mapEntrySize))
}
}
if m.Expires != nil {
l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.Expires)
n += 1 + l + sovMetadata(uint64(l))
}
l = len(m.Revision)
if l > 0 {
n += 1 + l + sovMetadata(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func sovMetadata(x uint64) (n int) {
return (math_bits.Len64(x|1) + 6) / 7
}
func sozMetadata(x uint64) (n int) {
return sovMetadata(uint64((x << 1) ^ uint64((int64(x) >> 63))))
}
func (m *Metadata) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMetadata
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: Metadata: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: Metadata: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMetadata
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthMetadata
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthMetadata
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Name = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMetadata
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthMetadata
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthMetadata
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Namespace = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 3:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Description", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMetadata
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthMetadata
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthMetadata
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Description = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 5:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMetadata
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthMetadata
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthMetadata
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.Labels == nil {
m.Labels = make(map[string]string)
}
var mapkey string
var mapvalue string
for iNdEx < postIndex {
entryPreIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMetadata
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
if fieldNum == 1 {
var stringLenmapkey uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMetadata
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLenmapkey |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLenmapkey := int(stringLenmapkey)
if intStringLenmapkey < 0 {
return ErrInvalidLengthMetadata
}
postStringIndexmapkey := iNdEx + intStringLenmapkey
if postStringIndexmapkey < 0 {
return ErrInvalidLengthMetadata
}
if postStringIndexmapkey > l {
return io.ErrUnexpectedEOF
}
mapkey = string(dAtA[iNdEx:postStringIndexmapkey])
iNdEx = postStringIndexmapkey
} else if fieldNum == 2 {
var stringLenmapvalue uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMetadata
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLenmapvalue |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLenmapvalue := int(stringLenmapvalue)
if intStringLenmapvalue < 0 {
return ErrInvalidLengthMetadata
}
postStringIndexmapvalue := iNdEx + intStringLenmapvalue
if postStringIndexmapvalue < 0 {
return ErrInvalidLengthMetadata
}
if postStringIndexmapvalue > l {
return io.ErrUnexpectedEOF
}
mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue])
iNdEx = postStringIndexmapvalue
} else {
iNdEx = entryPreIndex
skippy, err := skipMetadata(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthMetadata
}
if (iNdEx + skippy) > postIndex {
return io.ErrUnexpectedEOF
}
iNdEx += skippy
}
}
m.Labels[mapkey] = mapvalue
iNdEx = postIndex
case 6:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Expires", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMetadata
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthMetadata
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthMetadata
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.Expires == nil {
m.Expires = new(time.Time)
}
if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(m.Expires, dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 8:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Revision", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMetadata
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthMetadata
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthMetadata
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Revision = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipMetadata(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthMetadata
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func skipMetadata(dAtA []byte) (n int, err error) {
l := len(dAtA)
iNdEx := 0
depth := 0
for iNdEx < l {
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowMetadata
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
wireType := int(wire & 0x7)
switch wireType {
case 0:
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowMetadata
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
iNdEx++
if dAtA[iNdEx-1] < 0x80 {
break
}
}
case 1:
iNdEx += 8
case 2:
var length int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowMetadata
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
length |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
if length < 0 {
return 0, ErrInvalidLengthMetadata
}
iNdEx += length
case 3:
depth++
case 4:
if depth == 0 {
return 0, ErrUnexpectedEndOfGroupMetadata
}
depth--
case 5:
iNdEx += 4
default:
return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
}
if iNdEx < 0 {
return 0, ErrInvalidLengthMetadata
}
if depth == 0 {
return iNdEx, nil
}
}
return 0, io.ErrUnexpectedEOF
}
var (
ErrInvalidLengthMetadata = fmt.Errorf("proto: negative length found during unmarshaling")
ErrIntOverflowMetadata = fmt.Errorf("proto: integer overflow")
ErrUnexpectedEndOfGroupMetadata = fmt.Errorf("proto: unexpected end of group")
)
// Copyright 2022 Gravitational, Inc
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package types
import (
"bytes"
"time"
"github.com/gogo/protobuf/jsonpb" //nolint:depguard // needed for backwards compatibility
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
// NewMFADevice creates a new MFADevice with the given name. Caller must set
// the Device field in the returned MFADevice.
func NewMFADevice(name, id string, addedAt time.Time, device isMFADevice_Device) (*MFADevice, error) {
dev := &MFADevice{
Metadata: Metadata{
Name: name,
},
Id: id,
AddedAt: addedAt,
LastUsed: addedAt,
Device: device,
}
return dev, dev.CheckAndSetDefaults()
}
// setStaticFields sets static resource header and metadata fields.
func (d *MFADevice) setStaticFields() {
d.Kind = KindMFADevice
d.Version = V1
}
// CheckAndSetDefaults validates MFADevice fields and populates empty fields
// with default values.
func (d *MFADevice) CheckAndSetDefaults() error {
d.setStaticFields()
if err := d.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if d.Id == "" {
return trace.BadParameter("MFADevice missing ID field")
}
if d.AddedAt.IsZero() {
return trace.BadParameter("MFADevice missing AddedAt field")
}
if d.LastUsed.IsZero() {
return trace.BadParameter("MFADevice missing LastUsed field")
}
if d.LastUsed.Before(d.AddedAt) {
return trace.BadParameter("MFADevice LastUsed field must be earlier than AddedAt")
}
if d.Device == nil {
return trace.BadParameter("MFADevice missing Device field")
}
if err := d.validateDevice(); err != nil {
return trace.Wrap(err)
}
return nil
}
// validateDevice runs additional validations for OTP devices.
// Prefer adding new validation logic to types.MFADevice.CheckAndSetDefaults
// instead.
func (d *MFADevice) validateDevice() error {
switch dev := d.Device.(type) {
case *MFADevice_Totp:
if dev.Totp == nil {
return trace.BadParameter("MFADevice has malformed TOTPDevice")
}
if dev.Totp.Key == "" {
return trace.BadParameter("TOTPDevice missing Key field")
}
case *MFADevice_Webauthn:
if dev.Webauthn == nil {
return trace.BadParameter("MFADevice has malformed WebauthnDevice")
}
if len(dev.Webauthn.CredentialId) == 0 {
return trace.BadParameter("WebauthnDevice missing CredentialId field")
}
if len(dev.Webauthn.PublicKeyCbor) == 0 {
return trace.BadParameter("WebauthnDevice missing PublicKeyCbor field")
}
case *MFADevice_Sso:
if dev.Sso == nil {
return trace.BadParameter("MFADevice has malformed SSODevice")
}
if dev.Sso.ConnectorId == "" {
return trace.BadParameter("SSODevice missing ConnectorId field")
}
if dev.Sso.ConnectorType == "" {
return trace.BadParameter("SSODevice missing ConnectorType field")
}
case *MFADevice_U2F:
default:
return trace.BadParameter("MFADevice has Device field of unknown type %T", dev)
}
return nil
}
func (d *MFADevice) WithoutSensitiveData() (*MFADevice, error) {
if d == nil {
return nil, trace.BadParameter("cannot hide sensitive data on empty object")
}
out := utils.CloneProtoMsg(d)
switch mfad := out.Device.(type) {
case *MFADevice_Totp:
mfad.Totp.Key = ""
case *MFADevice_U2F:
// OK, no sensitive secrets.
case *MFADevice_Webauthn:
// OK, no sensitive secrets.
case *MFADevice_Sso:
// OK, no sensitive secrets.
default:
return nil, trace.BadParameter("unsupported MFADevice type %T", d.Device)
}
return out, nil
}
func (d *MFADevice) GetKind() string { return d.Kind }
func (d *MFADevice) GetSubKind() string { return d.SubKind }
func (d *MFADevice) SetSubKind(sk string) { d.SubKind = sk }
func (d *MFADevice) GetVersion() string { return d.Version }
func (d *MFADevice) GetMetadata() Metadata { return d.Metadata }
func (d *MFADevice) GetName() string { return d.Metadata.GetName() }
func (d *MFADevice) SetName(n string) { d.Metadata.SetName(n) }
func (d *MFADevice) GetRevision() string { return d.Metadata.GetRevision() }
func (d *MFADevice) SetRevision(rev string) { d.Metadata.SetRevision(rev) }
func (d *MFADevice) Expiry() time.Time { return d.Metadata.Expiry() }
func (d *MFADevice) SetExpiry(exp time.Time) { d.Metadata.SetExpiry(exp) }
// MFAType returns the human-readable name of the MFA protocol of this device.
func (d *MFADevice) MFAType() string {
switch d.Device.(type) {
case *MFADevice_Totp:
return "TOTP"
case *MFADevice_U2F:
return "U2F"
case *MFADevice_Webauthn:
return "WebAuthn"
case *MFADevice_Sso:
return "SSO"
default:
return "unknown"
}
}
func (d *MFADevice) MarshalJSON() ([]byte, error) {
buf := new(bytes.Buffer)
err := (&jsonpb.Marshaler{}).Marshal(buf, d)
return buf.Bytes(), trace.Wrap(err)
}
func (d *MFADevice) UnmarshalJSON(buf []byte) error {
unmarshaler := jsonpb.Unmarshaler{AllowUnknownFields: true}
err := unmarshaler.Unmarshal(bytes.NewReader(buf), d)
return trace.Wrap(err)
}
// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: teleport/legacy/types/mfa_device.proto
package types
import (
fmt "fmt"
_ "github.com/gogo/protobuf/gogoproto"
proto "github.com/gogo/protobuf/proto"
github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
types "github.com/gogo/protobuf/types"
io "io"
math "math"
math_bits "math/bits"
time "time"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
var _ = time.Kitchen
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
// MFADevice is a multi-factor authentication device, such as a security key or
// an OTP app.
type MFADevice struct {
// Boilerplate for implementing the Resource interface.
Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"`
SubKind string `protobuf:"bytes,2,opt,name=sub_kind,json=subKind,proto3" json:"sub_kind,omitempty"`
Version string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
Metadata Metadata `protobuf:"bytes,4,opt,name=metadata,proto3" json:"metadata"`
// ID is a UUID of this device.
Id string `protobuf:"bytes,5,opt,name=id,proto3" json:"id,omitempty"`
AddedAt time.Time `protobuf:"bytes,6,opt,name=added_at,json=addedAt,proto3,stdtime" json:"added_at"`
LastUsed time.Time `protobuf:"bytes,7,opt,name=last_used,json=lastUsed,proto3,stdtime" json:"last_used"`
// Types that are valid to be assigned to Device:
//
// *MFADevice_Totp
// *MFADevice_U2F
// *MFADevice_Webauthn
// *MFADevice_Sso
Device isMFADevice_Device `protobuf_oneof:"device"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MFADevice) Reset() { *m = MFADevice{} }
func (m *MFADevice) String() string { return proto.CompactTextString(m) }
func (*MFADevice) ProtoMessage() {}
func (*MFADevice) Descriptor() ([]byte, []int) {
return fileDescriptor_aee666f88c27ffea, []int{0}
}
func (m *MFADevice) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *MFADevice) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_MFADevice.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *MFADevice) XXX_Merge(src proto.Message) {
xxx_messageInfo_MFADevice.Merge(m, src)
}
func (m *MFADevice) XXX_Size() int {
return m.Size()
}
func (m *MFADevice) XXX_DiscardUnknown() {
xxx_messageInfo_MFADevice.DiscardUnknown(m)
}
var xxx_messageInfo_MFADevice proto.InternalMessageInfo
type isMFADevice_Device interface {
isMFADevice_Device()
MarshalTo([]byte) (int, error)
Size() int
}
type MFADevice_Totp struct {
Totp *TOTPDevice `protobuf:"bytes,8,opt,name=totp,proto3,oneof" json:"totp,omitempty"`
}
type MFADevice_U2F struct {
U2F *U2FDevice `protobuf:"bytes,9,opt,name=u2f,proto3,oneof" json:"u2f,omitempty"`
}
type MFADevice_Webauthn struct {
Webauthn *WebauthnDevice `protobuf:"bytes,10,opt,name=webauthn,proto3,oneof" json:"webauthn,omitempty"`
}
type MFADevice_Sso struct {
Sso *SSOMFADevice `protobuf:"bytes,11,opt,name=sso,proto3,oneof" json:"sso,omitempty"`
}
func (*MFADevice_Totp) isMFADevice_Device() {}
func (*MFADevice_U2F) isMFADevice_Device() {}
func (*MFADevice_Webauthn) isMFADevice_Device() {}
func (*MFADevice_Sso) isMFADevice_Device() {}
func (m *MFADevice) GetDevice() isMFADevice_Device {
if m != nil {
return m.Device
}
return nil
}
func (m *MFADevice) GetTotp() *TOTPDevice {
if x, ok := m.GetDevice().(*MFADevice_Totp); ok {
return x.Totp
}
return nil
}
func (m *MFADevice) GetU2F() *U2FDevice {
if x, ok := m.GetDevice().(*MFADevice_U2F); ok {
return x.U2F
}
return nil
}
func (m *MFADevice) GetWebauthn() *WebauthnDevice {
if x, ok := m.GetDevice().(*MFADevice_Webauthn); ok {
return x.Webauthn
}
return nil
}
func (m *MFADevice) GetSso() *SSOMFADevice {
if x, ok := m.GetDevice().(*MFADevice_Sso); ok {
return x.Sso
}
return nil
}
// XXX_OneofWrappers is for the internal use of the proto package.
func (*MFADevice) XXX_OneofWrappers() []interface{} {
return []interface{}{
(*MFADevice_Totp)(nil),
(*MFADevice_U2F)(nil),
(*MFADevice_Webauthn)(nil),
(*MFADevice_Sso)(nil),
}
}
// TOTPDevice holds the TOTP-specific fields of MFADevice.
type TOTPDevice struct {
Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *TOTPDevice) Reset() { *m = TOTPDevice{} }
func (m *TOTPDevice) String() string { return proto.CompactTextString(m) }
func (*TOTPDevice) ProtoMessage() {}
func (*TOTPDevice) Descriptor() ([]byte, []int) {
return fileDescriptor_aee666f88c27ffea, []int{1}
}
func (m *TOTPDevice) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *TOTPDevice) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_TOTPDevice.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *TOTPDevice) XXX_Merge(src proto.Message) {
xxx_messageInfo_TOTPDevice.Merge(m, src)
}
func (m *TOTPDevice) XXX_Size() int {
return m.Size()
}
func (m *TOTPDevice) XXX_DiscardUnknown() {
xxx_messageInfo_TOTPDevice.DiscardUnknown(m)
}
var xxx_messageInfo_TOTPDevice proto.InternalMessageInfo
// U2FDevice holds the U2F-specific fields of MFADevice.
type U2FDevice struct {
// KeyHandle uniquely identifies a key on a device
KeyHandle []byte `protobuf:"bytes,1,opt,name=key_handle,json=keyHandle,proto3" json:"key_handle,omitempty"`
// PubKey is an DER encoded ecdsa public key
PubKey []byte `protobuf:"bytes,2,opt,name=pub_key,json=pubKey,proto3" json:"pub_key,omitempty"`
// Counter is the latest seen value of the U2F usage counter.
Counter uint32 `protobuf:"varint,3,opt,name=counter,proto3" json:"counter,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *U2FDevice) Reset() { *m = U2FDevice{} }
func (m *U2FDevice) String() string { return proto.CompactTextString(m) }
func (*U2FDevice) ProtoMessage() {}
func (*U2FDevice) Descriptor() ([]byte, []int) {
return fileDescriptor_aee666f88c27ffea, []int{2}
}
func (m *U2FDevice) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *U2FDevice) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_U2FDevice.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *U2FDevice) XXX_Merge(src proto.Message) {
xxx_messageInfo_U2FDevice.Merge(m, src)
}
func (m *U2FDevice) XXX_Size() int {
return m.Size()
}
func (m *U2FDevice) XXX_DiscardUnknown() {
xxx_messageInfo_U2FDevice.DiscardUnknown(m)
}
var xxx_messageInfo_U2FDevice proto.InternalMessageInfo
// WebauthnDevice holds Webauthn-specific fields of MFADevice.
type WebauthnDevice struct {
// Credential ID for the authenticator.
CredentialId []byte `protobuf:"bytes,1,opt,name=credential_id,json=credentialId,proto3" json:"credential_id,omitempty"`
// Public key encoded in CBOR format.
// Webauthn support various key algorithms; CBOR encoding is used to reflect
// those choices.
// See https://w3c.github.io/webauthn/#sctn-alg-identifier for a starter
// reference.
PublicKeyCbor []byte `protobuf:"bytes,2,opt,name=public_key_cbor,json=publicKeyCbor,proto3" json:"public_key_cbor,omitempty"`
// Attestation format used by the authenticator, if any.
AttestationType string `protobuf:"bytes,3,opt,name=attestation_type,json=attestationType,proto3" json:"attestation_type,omitempty"`
// AAGUID is the globally unique identifier of the authenticator model.
// Zeroed for U2F devices.
Aaguid []byte `protobuf:"bytes,4,opt,name=aaguid,proto3" json:"aaguid,omitempty"`
// Signature counter for login operations.
// Actual counter values received from the authenticator are expected to be
// higher than the previously-stored value.
SignatureCounter uint32 `protobuf:"varint,5,opt,name=signature_counter,json=signatureCounter,proto3" json:"signature_counter,omitempty"`
// Raw attestation object, as returned by the authentication during
// registration.
// Absent for legacy entries (Teleport 8.x).
AttestationObject []byte `protobuf:"bytes,6,opt,name=attestation_object,json=attestationObject,proto3" json:"attestation_object,omitempty"`
// True if a resident key was requested during registration.
// Marks passwordless-capable devices.
// (Note that resident_key=true represents the server-side / Relying Party
// view of the registration process; the authenticator alone can determine
// if a key is truly resident.)
ResidentKey bool `protobuf:"varint,7,opt,name=resident_key,json=residentKey,proto3" json:"resident_key,omitempty"`
// Relying Party ID used by the credential.
// Recorded on registration for new credentials, or on first successful
// authentication for "old" credentials (created before the field existed).
// Ideally, this is always the same as the configured RPID.
// If an RPID change does happen, this helps Teleport detect it and react
// accordingly.
CredentialRpId string `protobuf:"bytes,8,opt,name=credential_rp_id,json=credentialRpId,proto3" json:"credential_rp_id,omitempty"`
// Authenticator Backup Eligibility (BE) bit, recorded during registration or
// backfill (for older authenticators).
// https://w3c.github.io/webauthn/#authdata-flags-be
CredentialBackupEligible *types.BoolValue `protobuf:"bytes,9,opt,name=credential_backup_eligible,json=credentialBackupEligible,proto3" json:"credential_backup_eligible,omitempty"`
// Authenticator Backup State (BS) bit, recorded during registration or
// backfill (for older authenticators).
// https://w3c.github.io/webauthn/#authdata-flags-bs
CredentialBackedUp *types.BoolValue `protobuf:"bytes,10,opt,name=credential_backed_up,json=credentialBackedUp,proto3" json:"credential_backed_up,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *WebauthnDevice) Reset() { *m = WebauthnDevice{} }
func (m *WebauthnDevice) String() string { return proto.CompactTextString(m) }
func (*WebauthnDevice) ProtoMessage() {}
func (*WebauthnDevice) Descriptor() ([]byte, []int) {
return fileDescriptor_aee666f88c27ffea, []int{3}
}
func (m *WebauthnDevice) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *WebauthnDevice) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_WebauthnDevice.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *WebauthnDevice) XXX_Merge(src proto.Message) {
xxx_messageInfo_WebauthnDevice.Merge(m, src)
}
func (m *WebauthnDevice) XXX_Size() int {
return m.Size()
}
func (m *WebauthnDevice) XXX_DiscardUnknown() {
xxx_messageInfo_WebauthnDevice.DiscardUnknown(m)
}
var xxx_messageInfo_WebauthnDevice proto.InternalMessageInfo
// SSOMFADevice contains details of an SSO MFA method.
type SSOMFADevice struct {
// connector_id is the ID of the SSO connector.
ConnectorId string `protobuf:"bytes,1,opt,name=connector_id,json=connectorId,proto3" json:"connector_id,omitempty"`
// connector_type is the type of the SSO connector.
ConnectorType string `protobuf:"bytes,2,opt,name=connector_type,json=connectorType,proto3" json:"connector_type,omitempty"`
// display_name is the display name of the SSO connector
DisplayName string `protobuf:"bytes,3,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SSOMFADevice) Reset() { *m = SSOMFADevice{} }
func (m *SSOMFADevice) String() string { return proto.CompactTextString(m) }
func (*SSOMFADevice) ProtoMessage() {}
func (*SSOMFADevice) Descriptor() ([]byte, []int) {
return fileDescriptor_aee666f88c27ffea, []int{4}
}
func (m *SSOMFADevice) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SSOMFADevice) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SSOMFADevice.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SSOMFADevice) XXX_Merge(src proto.Message) {
xxx_messageInfo_SSOMFADevice.Merge(m, src)
}
func (m *SSOMFADevice) XXX_Size() int {
return m.Size()
}
func (m *SSOMFADevice) XXX_DiscardUnknown() {
xxx_messageInfo_SSOMFADevice.DiscardUnknown(m)
}
var xxx_messageInfo_SSOMFADevice proto.InternalMessageInfo
func init() {
proto.RegisterType((*MFADevice)(nil), "types.MFADevice")
proto.RegisterType((*TOTPDevice)(nil), "types.TOTPDevice")
proto.RegisterType((*U2FDevice)(nil), "types.U2FDevice")
proto.RegisterType((*WebauthnDevice)(nil), "types.WebauthnDevice")
proto.RegisterType((*SSOMFADevice)(nil), "types.SSOMFADevice")
}
func init() {
proto.RegisterFile("teleport/legacy/types/mfa_device.proto", fileDescriptor_aee666f88c27ffea)
}
var fileDescriptor_aee666f88c27ffea = []byte{
// 785 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x54, 0xff, 0x6e, 0x1b, 0x45,
0x10, 0x8e, 0xe3, 0xc4, 0x3e, 0x8f, 0x9d, 0xc4, 0x59, 0x0a, 0x1c, 0x91, 0x70, 0x5a, 0x53, 0xda,
0xa0, 0x0a, 0x5b, 0xa4, 0x7f, 0x23, 0x14, 0x17, 0xaa, 0x46, 0xa1, 0x04, 0x5d, 0x1d, 0x40, 0x48,
0xe8, 0xb4, 0x77, 0x3b, 0xb9, 0x2c, 0x3e, 0xdf, 0xae, 0x6e, 0xf7, 0x52, 0x9d, 0x78, 0x09, 0x1e,
0x2b, 0x7f, 0x22, 0x1e, 0x80, 0x1f, 0x79, 0x03, 0xde, 0x00, 0xed, 0xde, 0xde, 0xd9, 0x0d, 0x02,
0x89, 0xff, 0x76, 0xbf, 0xf9, 0x66, 0x66, 0x67, 0xbe, 0x4f, 0x0b, 0x8f, 0x34, 0xa6, 0x28, 0x45,
0xae, 0xa7, 0x29, 0x26, 0x34, 0x2e, 0xa7, 0xba, 0x94, 0xa8, 0xa6, 0xcb, 0x4b, 0x1a, 0x32, 0xbc,
0xe6, 0x31, 0x4e, 0x64, 0x2e, 0xb4, 0x20, 0xdb, 0x16, 0x3f, 0xb8, 0x97, 0x88, 0x44, 0x58, 0x64,
0x6a, 0x4e, 0x55, 0xf0, 0xe0, 0x30, 0x11, 0x22, 0x49, 0x71, 0x6a, 0x6f, 0x51, 0x71, 0x39, 0xd5,
0x7c, 0x89, 0x4a, 0xd3, 0xa5, 0x74, 0x84, 0xd1, 0x5d, 0xc2, 0xeb, 0x9c, 0x4a, 0x89, 0xb9, 0x72,
0xf1, 0x87, 0xff, 0xf2, 0x0a, 0xd4, 0x94, 0x51, 0x4d, 0x2b, 0xd6, 0xf8, 0xd7, 0x36, 0xf4, 0x5e,
0x3e, 0x3f, 0xf9, 0xdc, 0xbe, 0x8b, 0x10, 0xd8, 0x5a, 0xf0, 0x8c, 0xf9, 0xad, 0xfb, 0xad, 0xa3,
0x5e, 0x60, 0xcf, 0xe4, 0x3d, 0xf0, 0x54, 0x11, 0x85, 0x16, 0xdf, 0xb4, 0x78, 0x57, 0x15, 0xd1,
0x99, 0x09, 0xf9, 0xd0, 0xbd, 0xc6, 0x5c, 0x71, 0x91, 0xf9, 0xed, 0x2a, 0xe2, 0xae, 0xe4, 0x13,
0xf0, 0xea, 0x46, 0xfe, 0xd6, 0xfd, 0xd6, 0x51, 0xff, 0x78, 0x6f, 0x62, 0xfb, 0x4f, 0x5e, 0x3a,
0x78, 0xb6, 0x75, 0xf3, 0xdb, 0xe1, 0x46, 0xd0, 0xd0, 0xc8, 0x2e, 0x6c, 0x72, 0xe6, 0x6f, 0xdb,
0x3a, 0x9b, 0x9c, 0x91, 0xcf, 0xc0, 0xa3, 0x8c, 0x21, 0x0b, 0xa9, 0xf6, 0x3b, 0xb6, 0xc4, 0xc1,
0xa4, 0x1a, 0x79, 0x52, 0x8f, 0x3c, 0x99, 0xd7, 0x3b, 0x99, 0x79, 0xa6, 0xda, 0xcf, 0xbf, 0x1f,
0xb6, 0x82, 0xae, 0xcd, 0x3a, 0xd1, 0xe4, 0x04, 0x7a, 0x29, 0x55, 0x3a, 0x2c, 0x14, 0x32, 0xbf,
0xfb, 0x3f, 0x2a, 0x78, 0x26, 0xed, 0x42, 0x21, 0x23, 0x8f, 0x61, 0x4b, 0x0b, 0x2d, 0x7d, 0xcf,
0x66, 0xef, 0xbb, 0x11, 0xe6, 0xe7, 0xf3, 0xaf, 0xab, 0x85, 0xbd, 0xd8, 0x08, 0x2c, 0x81, 0x3c,
0x84, 0x76, 0x71, 0x7c, 0xe9, 0xf7, 0x2c, 0x6f, 0xe8, 0x78, 0x17, 0xc7, 0xcf, 0x1b, 0x9a, 0x09,
0x93, 0xa7, 0xe0, 0xbd, 0xc6, 0x88, 0x16, 0xfa, 0x2a, 0xf3, 0xc1, 0x52, 0xdf, 0x76, 0xd4, 0x6f,
0x1d, 0xdc, 0xf0, 0x1b, 0x22, 0x79, 0x0c, 0x6d, 0xa5, 0x84, 0xdf, 0xb7, 0xfc, 0xb7, 0x1c, 0xff,
0xd5, 0xab, 0xf3, 0x46, 0x35, 0x53, 0x5d, 0x29, 0x31, 0xf3, 0xa0, 0x53, 0xd9, 0x6b, 0x3c, 0x02,
0x58, 0xbd, 0x91, 0x0c, 0xa1, 0xbd, 0xc0, 0xd2, 0x69, 0x6a, 0x8e, 0xe3, 0x1f, 0xa0, 0xd7, 0xbc,
0x8d, 0xbc, 0x0f, 0xb0, 0xc0, 0x32, 0xbc, 0xa2, 0x19, 0x4b, 0xd1, 0xb2, 0x06, 0x41, 0x6f, 0x81,
0xe5, 0x0b, 0x0b, 0x90, 0x77, 0xa1, 0x2b, 0x8d, 0xfc, 0x58, 0x5a, 0xf5, 0x07, 0x41, 0x47, 0x16,
0xd1, 0x19, 0x96, 0x46, 0xfc, 0x58, 0x14, 0x99, 0xc6, 0xdc, 0x8a, 0xbf, 0x13, 0xd4, 0xd7, 0xf1,
0x5f, 0x6d, 0xd8, 0x7d, 0x73, 0x20, 0xf2, 0x01, 0xec, 0xc4, 0x39, 0x32, 0xcc, 0x34, 0xa7, 0x69,
0xc8, 0x99, 0xeb, 0x33, 0x58, 0x81, 0xa7, 0x8c, 0x3c, 0x82, 0x3d, 0x59, 0x44, 0x29, 0x8f, 0x4d,
0xb7, 0x30, 0x8e, 0x44, 0xee, 0x5a, 0xee, 0x54, 0xf0, 0x19, 0x96, 0xcf, 0x22, 0x91, 0x93, 0x8f,
0x60, 0x48, 0xb5, 0x36, 0xb2, 0x69, 0x2e, 0xb2, 0xd0, 0x6c, 0xc4, 0xf9, 0x6f, 0x6f, 0x0d, 0x9f,
0x97, 0x12, 0xc9, 0x3b, 0xd0, 0xa1, 0x34, 0x29, 0x38, 0xb3, 0x2e, 0x1c, 0x04, 0xee, 0x46, 0x9e,
0xc0, 0xbe, 0xe2, 0x49, 0x46, 0x75, 0x91, 0x63, 0x58, 0x8f, 0xb1, 0x6d, 0xc7, 0x18, 0x36, 0x81,
0x67, 0x15, 0x4e, 0x3e, 0x06, 0xb2, 0xde, 0x4f, 0x44, 0x3f, 0x62, 0x5c, 0x79, 0x72, 0x10, 0xec,
0xaf, 0x45, 0xce, 0x6d, 0x80, 0x3c, 0x80, 0x41, 0x8e, 0x8a, 0x9b, 0xb9, 0xec, 0xda, 0x8c, 0xf5,
0xbc, 0xa0, 0x5f, 0x63, 0x66, 0x77, 0x47, 0x30, 0x5c, 0x5b, 0x47, 0x2e, 0xcd, 0x46, 0x3c, 0x3b,
0xc1, 0xee, 0x0a, 0x0f, 0xe4, 0x29, 0x23, 0xdf, 0xc1, 0xc1, 0x1a, 0x33, 0xa2, 0xf1, 0xa2, 0x90,
0x21, 0xa6, 0x3c, 0xe1, 0x51, 0x8a, 0xce, 0x6f, 0xff, 0x74, 0xf5, 0x4c, 0x88, 0xf4, 0x1b, 0x9a,
0x16, 0x18, 0xf8, 0xab, 0xec, 0x99, 0x4d, 0xfe, 0xc2, 0xe5, 0x92, 0x2f, 0xe1, 0xde, 0x9d, 0xca,
0xc8, 0xc2, 0x42, 0x3a, 0x63, 0xfe, 0x57, 0x4d, 0xf2, 0x66, 0x4d, 0x64, 0x17, 0x72, 0xfc, 0x13,
0x0c, 0xd6, 0x3d, 0x69, 0x96, 0x10, 0x8b, 0x2c, 0xc3, 0x58, 0x8b, 0xbc, 0xd6, 0xbb, 0x17, 0xf4,
0x1b, 0xec, 0x94, 0x91, 0x0f, 0x61, 0x77, 0x45, 0xb1, 0x22, 0x56, 0xdf, 0xcb, 0x4e, 0x83, 0x5a,
0x09, 0x1f, 0xc0, 0x80, 0x71, 0x25, 0x53, 0x5a, 0x86, 0x19, 0x5d, 0xd6, 0x4a, 0xf7, 0x1d, 0xf6,
0x15, 0x5d, 0xe2, 0xec, 0xd3, 0x9b, 0x3f, 0x47, 0x1b, 0x37, 0xb7, 0xa3, 0xd6, 0x2f, 0xb7, 0xa3,
0xd6, 0x1f, 0xb7, 0xa3, 0xd6, 0xf7, 0x4f, 0x12, 0xae, 0xaf, 0x8a, 0x68, 0x12, 0x8b, 0xe5, 0x34,
0xc9, 0xe9, 0x35, 0xaf, 0x14, 0xa2, 0xe9, 0xb4, 0xf9, 0x15, 0xa9, 0xe4, 0xd5, 0x97, 0x18, 0x75,
0xec, 0x8c, 0x4f, 0xff, 0x0e, 0x00, 0x00, 0xff, 0xff, 0x0b, 0x34, 0x9e, 0x36, 0xb8, 0x05, 0x00,
0x00,
}
func (m *MFADevice) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *MFADevice) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *MFADevice) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Device != nil {
{
size := m.Device.Size()
i -= size
if _, err := m.Device.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
}
}
n1, err1 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastUsed, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastUsed):])
if err1 != nil {
return 0, err1
}
i -= n1
i = encodeVarintMfaDevice(dAtA, i, uint64(n1))
i--
dAtA[i] = 0x3a
n2, err2 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.AddedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.AddedAt):])
if err2 != nil {
return 0, err2
}
i -= n2
i = encodeVarintMfaDevice(dAtA, i, uint64(n2))
i--
dAtA[i] = 0x32
if len(m.Id) > 0 {
i -= len(m.Id)
copy(dAtA[i:], m.Id)
i = encodeVarintMfaDevice(dAtA, i, uint64(len(m.Id)))
i--
dAtA[i] = 0x2a
}
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintMfaDevice(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintMfaDevice(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintMfaDevice(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintMfaDevice(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *MFADevice_Totp) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *MFADevice_Totp) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Totp != nil {
{
size, err := m.Totp.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintMfaDevice(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x42
}
return len(dAtA) - i, nil
}
func (m *MFADevice_U2F) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *MFADevice_U2F) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.U2F != nil {
{
size, err := m.U2F.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintMfaDevice(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
}
return len(dAtA) - i, nil
}
func (m *MFADevice_Webauthn) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *MFADevice_Webauthn) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Webauthn != nil {
{
size, err := m.Webauthn.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintMfaDevice(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x52
}
return len(dAtA) - i, nil
}
func (m *MFADevice_Sso) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *MFADevice_Sso) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Sso != nil {
{
size, err := m.Sso.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintMfaDevice(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x5a
}
return len(dAtA) - i, nil
}
func (m *TOTPDevice) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *TOTPDevice) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TOTPDevice) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Key) > 0 {
i -= len(m.Key)
copy(dAtA[i:], m.Key)
i = encodeVarintMfaDevice(dAtA, i, uint64(len(m.Key)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *U2FDevice) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *U2FDevice) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *U2FDevice) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Counter != 0 {
i = encodeVarintMfaDevice(dAtA, i, uint64(m.Counter))
i--
dAtA[i] = 0x18
}
if len(m.PubKey) > 0 {
i -= len(m.PubKey)
copy(dAtA[i:], m.PubKey)
i = encodeVarintMfaDevice(dAtA, i, uint64(len(m.PubKey)))
i--
dAtA[i] = 0x12
}
if len(m.KeyHandle) > 0 {
i -= len(m.KeyHandle)
copy(dAtA[i:], m.KeyHandle)
i = encodeVarintMfaDevice(dAtA, i, uint64(len(m.KeyHandle)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *WebauthnDevice) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *WebauthnDevice) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *WebauthnDevice) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.CredentialBackedUp != nil {
{
size, err := m.CredentialBackedUp.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintMfaDevice(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x52
}
if m.CredentialBackupEligible != nil {
{
size, err := m.CredentialBackupEligible.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintMfaDevice(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
}
if len(m.CredentialRpId) > 0 {
i -= len(m.CredentialRpId)
copy(dAtA[i:], m.CredentialRpId)
i = encodeVarintMfaDevice(dAtA, i, uint64(len(m.CredentialRpId)))
i--
dAtA[i] = 0x42
}
if m.ResidentKey {
i--
if m.ResidentKey {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x38
}
if len(m.AttestationObject) > 0 {
i -= len(m.AttestationObject)
copy(dAtA[i:], m.AttestationObject)
i = encodeVarintMfaDevice(dAtA, i, uint64(len(m.AttestationObject)))
i--
dAtA[i] = 0x32
}
if m.SignatureCounter != 0 {
i = encodeVarintMfaDevice(dAtA, i, uint64(m.SignatureCounter))
i--
dAtA[i] = 0x28
}
if len(m.Aaguid) > 0 {
i -= len(m.Aaguid)
copy(dAtA[i:], m.Aaguid)
i = encodeVarintMfaDevice(dAtA, i, uint64(len(m.Aaguid)))
i--
dAtA[i] = 0x22
}
if len(m.AttestationType) > 0 {
i -= len(m.AttestationType)
copy(dAtA[i:], m.AttestationType)
i = encodeVarintMfaDevice(dAtA, i, uint64(len(m.AttestationType)))
i--
dAtA[i] = 0x1a
}
if len(m.PublicKeyCbor) > 0 {
i -= len(m.PublicKeyCbor)
copy(dAtA[i:], m.PublicKeyCbor)
i = encodeVarintMfaDevice(dAtA, i, uint64(len(m.PublicKeyCbor)))
i--
dAtA[i] = 0x12
}
if len(m.CredentialId) > 0 {
i -= len(m.CredentialId)
copy(dAtA[i:], m.CredentialId)
i = encodeVarintMfaDevice(dAtA, i, uint64(len(m.CredentialId)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SSOMFADevice) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SSOMFADevice) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SSOMFADevice) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.DisplayName) > 0 {
i -= len(m.DisplayName)
copy(dAtA[i:], m.DisplayName)
i = encodeVarintMfaDevice(dAtA, i, uint64(len(m.DisplayName)))
i--
dAtA[i] = 0x1a
}
if len(m.ConnectorType) > 0 {
i -= len(m.ConnectorType)
copy(dAtA[i:], m.ConnectorType)
i = encodeVarintMfaDevice(dAtA, i, uint64(len(m.ConnectorType)))
i--
dAtA[i] = 0x12
}
if len(m.ConnectorId) > 0 {
i -= len(m.ConnectorId)
copy(dAtA[i:], m.ConnectorId)
i = encodeVarintMfaDevice(dAtA, i, uint64(len(m.ConnectorId)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func encodeVarintMfaDevice(dAtA []byte, offset int, v uint64) int {
offset -= sovMfaDevice(v)
base := offset
for v >= 1<<7 {
dAtA[offset] = uint8(v&0x7f | 0x80)
v >>= 7
offset++
}
dAtA[offset] = uint8(v)
return base
}
func (m *MFADevice) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovMfaDevice(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovMfaDevice(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovMfaDevice(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovMfaDevice(uint64(l))
l = len(m.Id)
if l > 0 {
n += 1 + l + sovMfaDevice(uint64(l))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.AddedAt)
n += 1 + l + sovMfaDevice(uint64(l))
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.LastUsed)
n += 1 + l + sovMfaDevice(uint64(l))
if m.Device != nil {
n += m.Device.Size()
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *MFADevice_Totp) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Totp != nil {
l = m.Totp.Size()
n += 1 + l + sovMfaDevice(uint64(l))
}
return n
}
func (m *MFADevice_U2F) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.U2F != nil {
l = m.U2F.Size()
n += 1 + l + sovMfaDevice(uint64(l))
}
return n
}
func (m *MFADevice_Webauthn) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Webauthn != nil {
l = m.Webauthn.Size()
n += 1 + l + sovMfaDevice(uint64(l))
}
return n
}
func (m *MFADevice_Sso) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Sso != nil {
l = m.Sso.Size()
n += 1 + l + sovMfaDevice(uint64(l))
}
return n
}
func (m *TOTPDevice) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Key)
if l > 0 {
n += 1 + l + sovMfaDevice(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *U2FDevice) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.KeyHandle)
if l > 0 {
n += 1 + l + sovMfaDevice(uint64(l))
}
l = len(m.PubKey)
if l > 0 {
n += 1 + l + sovMfaDevice(uint64(l))
}
if m.Counter != 0 {
n += 1 + sovMfaDevice(uint64(m.Counter))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *WebauthnDevice) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.CredentialId)
if l > 0 {
n += 1 + l + sovMfaDevice(uint64(l))
}
l = len(m.PublicKeyCbor)
if l > 0 {
n += 1 + l + sovMfaDevice(uint64(l))
}
l = len(m.AttestationType)
if l > 0 {
n += 1 + l + sovMfaDevice(uint64(l))
}
l = len(m.Aaguid)
if l > 0 {
n += 1 + l + sovMfaDevice(uint64(l))
}
if m.SignatureCounter != 0 {
n += 1 + sovMfaDevice(uint64(m.SignatureCounter))
}
l = len(m.AttestationObject)
if l > 0 {
n += 1 + l + sovMfaDevice(uint64(l))
}
if m.ResidentKey {
n += 2
}
l = len(m.CredentialRpId)
if l > 0 {
n += 1 + l + sovMfaDevice(uint64(l))
}
if m.CredentialBackupEligible != nil {
l = m.CredentialBackupEligible.Size()
n += 1 + l + sovMfaDevice(uint64(l))
}
if m.CredentialBackedUp != nil {
l = m.CredentialBackedUp.Size()
n += 1 + l + sovMfaDevice(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SSOMFADevice) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ConnectorId)
if l > 0 {
n += 1 + l + sovMfaDevice(uint64(l))
}
l = len(m.ConnectorType)
if l > 0 {
n += 1 + l + sovMfaDevice(uint64(l))
}
l = len(m.DisplayName)
if l > 0 {
n += 1 + l + sovMfaDevice(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func sovMfaDevice(x uint64) (n int) {
return (math_bits.Len64(x|1) + 6) / 7
}
func sozMfaDevice(x uint64) (n int) {
return sovMfaDevice(uint64((x << 1) ^ uint64((int64(x) >> 63))))
}
func (m *MFADevice) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: MFADevice: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: MFADevice: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Kind = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field SubKind", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.SubKind = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 3:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Version", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Version = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 4:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Metadata", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if err := m.Metadata.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 5:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Id", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Id = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 6:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field AddedAt", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.AddedAt, dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 7:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field LastUsed", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if err := github_com_gogo_protobuf_types.StdTimeUnmarshal(&m.LastUsed, dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 8:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Totp", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
v := &TOTPDevice{}
if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
m.Device = &MFADevice_Totp{v}
iNdEx = postIndex
case 9:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field U2F", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
v := &U2FDevice{}
if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
m.Device = &MFADevice_U2F{v}
iNdEx = postIndex
case 10:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Webauthn", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
v := &WebauthnDevice{}
if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
m.Device = &MFADevice_Webauthn{v}
iNdEx = postIndex
case 11:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Sso", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
v := &SSOMFADevice{}
if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
m.Device = &MFADevice_Sso{v}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipMfaDevice(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthMfaDevice
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *TOTPDevice) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: TOTPDevice: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: TOTPDevice: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Key = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipMfaDevice(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthMfaDevice
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *U2FDevice) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: U2FDevice: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: U2FDevice: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field KeyHandle", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.KeyHandle = append(m.KeyHandle[:0], dAtA[iNdEx:postIndex]...)
if m.KeyHandle == nil {
m.KeyHandle = []byte{}
}
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field PubKey", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.PubKey = append(m.PubKey[:0], dAtA[iNdEx:postIndex]...)
if m.PubKey == nil {
m.PubKey = []byte{}
}
iNdEx = postIndex
case 3:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field Counter", wireType)
}
m.Counter = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.Counter |= uint32(b&0x7F) << shift
if b < 0x80 {
break
}
}
default:
iNdEx = preIndex
skippy, err := skipMfaDevice(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthMfaDevice
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *WebauthnDevice) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: WebauthnDevice: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: WebauthnDevice: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field CredentialId", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.CredentialId = append(m.CredentialId[:0], dAtA[iNdEx:postIndex]...)
if m.CredentialId == nil {
m.CredentialId = []byte{}
}
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field PublicKeyCbor", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.PublicKeyCbor = append(m.PublicKeyCbor[:0], dAtA[iNdEx:postIndex]...)
if m.PublicKeyCbor == nil {
m.PublicKeyCbor = []byte{}
}
iNdEx = postIndex
case 3:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field AttestationType", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.AttestationType = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 4:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Aaguid", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Aaguid = append(m.Aaguid[:0], dAtA[iNdEx:postIndex]...)
if m.Aaguid == nil {
m.Aaguid = []byte{}
}
iNdEx = postIndex
case 5:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field SignatureCounter", wireType)
}
m.SignatureCounter = 0
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
m.SignatureCounter |= uint32(b&0x7F) << shift
if b < 0x80 {
break
}
}
case 6:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field AttestationObject", wireType)
}
var byteLen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
byteLen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if byteLen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + byteLen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.AttestationObject = append(m.AttestationObject[:0], dAtA[iNdEx:postIndex]...)
if m.AttestationObject == nil {
m.AttestationObject = []byte{}
}
iNdEx = postIndex
case 7:
if wireType != 0 {
return fmt.Errorf("proto: wrong wireType = %d for field ResidentKey", wireType)
}
var v int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
v |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
m.ResidentKey = bool(v != 0)
case 8:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field CredentialRpId", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.CredentialRpId = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 9:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field CredentialBackupEligible", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.CredentialBackupEligible == nil {
m.CredentialBackupEligible = &types.BoolValue{}
}
if err := m.CredentialBackupEligible.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 10:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field CredentialBackedUp", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.CredentialBackedUp == nil {
m.CredentialBackedUp = &types.BoolValue{}
}
if err := m.CredentialBackedUp.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipMfaDevice(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthMfaDevice
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *SSOMFADevice) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: SSOMFADevice: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: SSOMFADevice: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field ConnectorId", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.ConnectorId = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field ConnectorType", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.ConnectorType = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 3:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field DisplayName", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthMfaDevice
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthMfaDevice
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.DisplayName = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipMfaDevice(dAtA[iNdEx:])
if err != nil {
return err
}
if (skippy < 0) || (iNdEx+skippy) < 0 {
return ErrInvalidLengthMfaDevice
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func skipMfaDevice(dAtA []byte) (n int, err error) {
l := len(dAtA)
iNdEx := 0
depth := 0
for iNdEx < l {
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
wireType := int(wire & 0x7)
switch wireType {
case 0:
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
iNdEx++
if dAtA[iNdEx-1] < 0x80 {
break
}
}
case 1:
iNdEx += 8
case 2:
var length int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowMfaDevice
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
length |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
if length < 0 {
return 0, ErrInvalidLengthMfaDevice
}
iNdEx += length
case 3:
depth++
case 4:
if depth == 0 {
return 0, ErrUnexpectedEndOfGroupMfaDevice
}
depth--
case 5:
iNdEx += 4
default:
return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
}
if iNdEx < 0 {
return 0, ErrInvalidLengthMfaDevice
}
if depth == 0 {
return iNdEx, nil
}
}
return 0, io.ErrUnexpectedEOF
}
var (
ErrInvalidLengthMfaDevice = fmt.Errorf("proto: negative length found during unmarshaling")
ErrIntOverflowMfaDevice = fmt.Errorf("proto: integer overflow")
ErrUnexpectedEndOfGroupMfaDevice = fmt.Errorf("proto: unexpected end of group")
)
// Copyright 2025 Gravitational, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package types
import (
"slices"
"github.com/gravitational/trace"
)
const (
// MSGraphDefaultLoginEndpoint is the endpoint under which Microsoft identity platform APIs are available.
MSGraphDefaultLoginEndpoint = "https://login.microsoftonline.com"
// MSDefaultGraphEndpoint is the endpoint under which Microsoft Graph API is available.
MSGraphDefaultEndpoint = "https://graph.microsoft.com"
)
var (
validLoginEndpoints = []string{
"https://login.microsoftonline.com",
"https://login.microsoftonline.us",
"https://login.chinacloudapi.cn",
}
validGraphEndpoints = []string{
"https://graph.microsoft.com",
"https://graph.microsoft.us",
"https://dod-graph.microsoft.us",
"https://microsoftgraph.chinacloudapi.cn",
}
)
// ValidateMSGraphEndpoints checks if API endpoints point to one of the official deployments of
// the Microsoft identity platform and Microsoft Graph.
// https://learn.microsoft.com/en-us/graph/deployments
func ValidateMSGraphEndpoints(loginEndpoint, graphEndpoint string) error {
if loginEndpoint != "" && !slices.Contains(validLoginEndpoints, loginEndpoint) {
return trace.BadParameter("expected login endpoint to be one of %q, got %q", validLoginEndpoints, loginEndpoint)
}
if graphEndpoint != "" && !slices.Contains(validGraphEndpoints, graphEndpoint) {
return trace.BadParameter("expected graph endpoint to be one of %q, got %q", validGraphEndpoints, graphEndpoint)
}
return nil
}
const (
// EntraIDSecurityGroups represents security enabled Entra ID groups.
EntraIDSecurityGroups = "security-groups"
// EntraIDDirectoryRoles represents Entra ID directory roles.
EntraIDDirectoryRoles = "directory-roles"
// EntraIDAllGroups represents all types of Entra ID groups, including directory roles.
EntraIDAllGroups = "all-groups"
)
// EntraIDGroupsTypes defines supported Entra ID
// group types for Entra ID groups proivder.
var EntraIDGroupsTypes = []string{
EntraIDSecurityGroups,
EntraIDDirectoryRoles,
EntraIDAllGroups,
}
/*
Copyright 2015-2018 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"regexp"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/defaults"
)
// NewNamespace returns new namespace
func NewNamespace(name string) (Namespace, error) {
n := Namespace{
Metadata: Metadata{
Name: name,
},
}
if err := n.CheckAndSetDefaults(); err != nil {
return Namespace{}, trace.Wrap(err)
}
return n, nil
}
// DefaultNamespace returns the default namespace.
func DefaultNamespace() Namespace {
namespace, _ := NewNamespace(defaults.Namespace)
return namespace
}
// setStaticFields sets static resource header and metadata fields.
func (n *Namespace) setStaticFields() {
n.Kind = KindNamespace
n.Version = V2
}
// CheckAndSetDefaults checks validity of all parameters and sets defaults
func (n *Namespace) CheckAndSetDefaults() error {
n.setStaticFields()
if err := n.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if !IsValidNamespace(n.Metadata.Name) {
return trace.BadParameter("namespace %q is invalid", n.Metadata.Name)
}
return nil
}
// GetVersion returns resource version
func (n *Namespace) GetVersion() string {
return n.Version
}
// GetKind returns resource kind
func (n *Namespace) GetKind() string {
return n.Kind
}
// GetSubKind returns resource sub kind
func (n *Namespace) GetSubKind() string {
return n.SubKind
}
// SetSubKind sets resource subkind
func (n *Namespace) SetSubKind(sk string) {
n.SubKind = sk
}
// GetRevision returns the revision
func (n *Namespace) GetRevision() string {
return n.Metadata.GetRevision()
}
// SetRevision sets the revision
func (n *Namespace) SetRevision(rev string) {
n.Metadata.SetRevision(rev)
}
// GetName returns the name of the cluster.
func (n *Namespace) GetName() string {
return n.Metadata.Name
}
// SetName sets the name of the cluster.
func (n *Namespace) SetName(e string) {
n.Metadata.Name = e
}
// Expiry returns object expiry setting
func (n *Namespace) Expiry() time.Time {
return n.Metadata.Expiry()
}
// SetExpiry sets expiry time for the object
func (n *Namespace) SetExpiry(expires time.Time) {
n.Metadata.SetExpiry(expires)
}
// GetMetadata returns object metadata
func (n *Namespace) GetMetadata() Metadata {
return n.Metadata
}
// SortedNamespaces sorts namespaces
type SortedNamespaces []Namespace
// Len returns length of a role list
func (s SortedNamespaces) Len() int {
return len(s)
}
// Less compares roles by name
func (s SortedNamespaces) Less(i, j int) bool {
return s[i].Metadata.Name < s[j].Metadata.Name
}
// Swap swaps two roles in a list
func (s SortedNamespaces) Swap(i, j int) {
s[i], s[j] = s[j], s[i]
}
// IsValidNamespace checks if the namespace provided is valid
func IsValidNamespace(s string) bool {
return validNamespace.MatchString(s)
}
var validNamespace = regexp.MustCompile(`^[A-Za-z0-9]+$`)
// ValidateNamespaceDefault ensures that the namespace is the "default"
// namespace.
// This is a precursor to a hard-removal of namespaces.
func ValidateNamespaceDefault(ns string) error {
if ns == defaults.Namespace {
return nil
}
const message = "" +
"namespace %q invalid, custom namespaces are deprecated; " +
"the namespace field should be omitted or set to %q"
return trace.BadParameter(message, ns, defaults.Namespace)
}
/*
Copyright 2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"strings"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/defaults"
"github.com/gravitational/teleport/api/utils"
)
// ClusterNetworkingConfig defines cluster networking configuration. This is
// a configuration resource, never create more than one instance of it.
type ClusterNetworkingConfig interface {
ResourceWithOrigin
// GetClientIdleTimeout returns client idle timeout setting
GetClientIdleTimeout() time.Duration
// SetClientIdleTimeout sets client idle timeout setting
SetClientIdleTimeout(t time.Duration)
// GetKeepAliveInterval gets the keep-alive interval for server to client
// connections.
GetKeepAliveInterval() time.Duration
// SetKeepAliveInterval sets the keep-alive interval for server to client
// connections.
SetKeepAliveInterval(t time.Duration)
// GetKeepAliveCountMax gets the number of missed keep-alive messages before
// the server disconnects the client.
GetKeepAliveCountMax() int64
// SetKeepAliveCountMax sets the number of missed keep-alive messages before
// the server disconnects the client.
SetKeepAliveCountMax(c int64)
// GetSessionControlTimeout gets the session control timeout.
GetSessionControlTimeout() time.Duration
// SetSessionControlTimeout sets the session control timeout.
SetSessionControlTimeout(t time.Duration)
// GetClientIdleTimeoutMessage fetches the message to be sent to the client in
// the event of an idle timeout. An empty string implies no message should
// be sent.
GetClientIdleTimeoutMessage() string
// SetClientIdleTimeoutMessage sets the inactivity timeout disconnection message
// to be sent to the user.
SetClientIdleTimeoutMessage(string)
// GetWebIdleTimeout gets web idle timeout duration.
GetWebIdleTimeout() time.Duration
// SetWebIdleTimeout sets the web idle timeout duration.
SetWebIdleTimeout(time.Duration)
// GetProxyListenerMode gets the proxy listener mode.
GetProxyListenerMode() ProxyListenerMode
// SetProxyListenerMode sets the proxy listener mode.
SetProxyListenerMode(ProxyListenerMode)
// Clone performs a deep copy.
Clone() ClusterNetworkingConfig
// GetRoutingStrategy gets the routing strategy setting.
GetRoutingStrategy() RoutingStrategy
// SetRoutingStrategy sets the routing strategy setting.
SetRoutingStrategy(strategy RoutingStrategy)
// GetTunnelStrategy gets the tunnel strategy.
GetTunnelStrategyType() (TunnelStrategyType, error)
// GetAgentMeshTunnelStrategy gets the agent mesh tunnel strategy.
GetAgentMeshTunnelStrategy() *AgentMeshTunnelStrategy
// GetProxyPeeringTunnelStrategy gets the proxy peering tunnel strategy.
GetProxyPeeringTunnelStrategy() *ProxyPeeringTunnelStrategy
// SetTunnelStrategy sets the tunnel strategy.
SetTunnelStrategy(*TunnelStrategyV1)
// GetProxyPingInterval gets the proxy ping interval.
GetProxyPingInterval() time.Duration
// SetProxyPingInterval sets the proxy ping interval.
SetProxyPingInterval(time.Duration)
// GetCaseInsensitiveRouting gets the case-insensitive routing option.
GetCaseInsensitiveRouting() bool
// SetCaseInsensitiveRouting sets the case-insenstivie routing option.
SetCaseInsensitiveRouting(cir bool)
// GetSSHDialTimeout gets timeout value that should be used for SSH connections.
GetSSHDialTimeout() time.Duration
// SetSSHDialTimeout sets the timeout value that should be used for SSH connections.
SetSSHDialTimeout(t time.Duration)
}
// NewClusterNetworkingConfigFromConfigFile is a convenience method to create
// ClusterNetworkingConfigV2 labeled as originating from config file.
func NewClusterNetworkingConfigFromConfigFile(spec ClusterNetworkingConfigSpecV2) (ClusterNetworkingConfig, error) {
return newClusterNetworkingConfigWithLabels(spec, map[string]string{
OriginLabel: OriginConfigFile,
})
}
// DefaultClusterNetworkingConfig returns the default cluster networking config.
func DefaultClusterNetworkingConfig() ClusterNetworkingConfig {
config, _ := newClusterNetworkingConfigWithLabels(ClusterNetworkingConfigSpecV2{}, map[string]string{
OriginLabel: OriginDefaults,
})
return config
}
// newClusterNetworkingConfigWithLabels is a convenience method to create
// ClusterNetworkingConfigV2 with a specific map of labels.
func newClusterNetworkingConfigWithLabels(spec ClusterNetworkingConfigSpecV2, labels map[string]string) (ClusterNetworkingConfig, error) {
c := &ClusterNetworkingConfigV2{
Metadata: Metadata{
Labels: labels,
},
Spec: spec,
}
if err := c.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return c, nil
}
// GetVersion returns resource version.
func (c *ClusterNetworkingConfigV2) GetVersion() string {
return c.Version
}
// GetName returns the name of the resource.
func (c *ClusterNetworkingConfigV2) GetName() string {
return c.Metadata.Name
}
// SetName sets the name of the resource.
func (c *ClusterNetworkingConfigV2) SetName(name string) {
c.Metadata.Name = name
}
// SetExpiry sets expiry time for the object.
func (c *ClusterNetworkingConfigV2) SetExpiry(expires time.Time) {
c.Metadata.SetExpiry(expires)
}
// Expiry returns object expiry setting.
func (c *ClusterNetworkingConfigV2) Expiry() time.Time {
return c.Metadata.Expiry()
}
// GetMetadata returns object metadata.
func (c *ClusterNetworkingConfigV2) GetMetadata() Metadata {
return c.Metadata
}
// GetRevision returns the revision
func (c *ClusterNetworkingConfigV2) GetRevision() string {
return c.Metadata.GetRevision()
}
// SetRevision sets the revision
func (c *ClusterNetworkingConfigV2) SetRevision(rev string) {
c.Metadata.SetRevision(rev)
}
// Origin returns the origin value of the resource.
func (c *ClusterNetworkingConfigV2) Origin() string {
return c.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (c *ClusterNetworkingConfigV2) SetOrigin(origin string) {
c.Metadata.SetOrigin(origin)
}
// GetKind returns resource kind.
func (c *ClusterNetworkingConfigV2) GetKind() string {
return c.Kind
}
// GetSubKind returns resource subkind.
func (c *ClusterNetworkingConfigV2) GetSubKind() string {
return c.SubKind
}
// SetSubKind sets resource subkind.
func (c *ClusterNetworkingConfigV2) SetSubKind(sk string) {
c.SubKind = sk
}
// GetClientIdleTimeout returns client idle timeout setting.
func (c *ClusterNetworkingConfigV2) GetClientIdleTimeout() time.Duration {
return c.Spec.ClientIdleTimeout.Duration()
}
// SetClientIdleTimeout sets client idle timeout setting.
func (c *ClusterNetworkingConfigV2) SetClientIdleTimeout(d time.Duration) {
c.Spec.ClientIdleTimeout = Duration(d)
}
// GetKeepAliveInterval gets the keep-alive interval.
func (c *ClusterNetworkingConfigV2) GetKeepAliveInterval() time.Duration {
return c.Spec.KeepAliveInterval.Duration()
}
// SetKeepAliveInterval sets the keep-alive interval.
func (c *ClusterNetworkingConfigV2) SetKeepAliveInterval(t time.Duration) {
c.Spec.KeepAliveInterval = Duration(t)
}
// GetKeepAliveCountMax gets the number of missed keep-alive messages before
// the server disconnects the client.
func (c *ClusterNetworkingConfigV2) GetKeepAliveCountMax() int64 {
return c.Spec.KeepAliveCountMax
}
// SetKeepAliveCountMax sets the number of missed keep-alive messages before
// the server disconnects the client.
func (c *ClusterNetworkingConfigV2) SetKeepAliveCountMax(m int64) {
c.Spec.KeepAliveCountMax = m
}
// GetSessionControlTimeout gets the session control timeout.
func (c *ClusterNetworkingConfigV2) GetSessionControlTimeout() time.Duration {
return c.Spec.SessionControlTimeout.Duration()
}
// SetSessionControlTimeout sets the session control timeout.
func (c *ClusterNetworkingConfigV2) SetSessionControlTimeout(d time.Duration) {
c.Spec.SessionControlTimeout = Duration(d)
}
func (c *ClusterNetworkingConfigV2) GetClientIdleTimeoutMessage() string {
return c.Spec.ClientIdleTimeoutMessage
}
func (c *ClusterNetworkingConfigV2) SetClientIdleTimeoutMessage(msg string) {
c.Spec.ClientIdleTimeoutMessage = msg
}
// GetWebIdleTimeout gets the web idle timeout.
func (c *ClusterNetworkingConfigV2) GetWebIdleTimeout() time.Duration {
return c.Spec.WebIdleTimeout.Duration()
}
// SetWebIdleTimeout sets the web idle timeout.
func (c *ClusterNetworkingConfigV2) SetWebIdleTimeout(ttl time.Duration) {
c.Spec.WebIdleTimeout = Duration(ttl)
}
// GetProxyListenerMode gets the proxy listener mode.
func (c *ClusterNetworkingConfigV2) GetProxyListenerMode() ProxyListenerMode {
return c.Spec.ProxyListenerMode
}
// SetProxyListenerMode sets the proxy listener mode.
func (c *ClusterNetworkingConfigV2) SetProxyListenerMode(mode ProxyListenerMode) {
c.Spec.ProxyListenerMode = mode
}
// Clone performs a deep copy.
func (c *ClusterNetworkingConfigV2) Clone() ClusterNetworkingConfig {
return utils.CloneProtoMsg(c)
}
// setStaticFields sets static resource header and metadata fields.
func (c *ClusterNetworkingConfigV2) setStaticFields() {
c.Kind = KindClusterNetworkingConfig
c.Version = V2
c.Metadata.Name = MetaNameClusterNetworkingConfig
}
// GetRoutingStrategy gets the routing strategy setting.
func (c *ClusterNetworkingConfigV2) GetRoutingStrategy() RoutingStrategy {
return c.Spec.RoutingStrategy
}
// SetRoutingStrategy sets the routing strategy setting.
func (c *ClusterNetworkingConfigV2) SetRoutingStrategy(strategy RoutingStrategy) {
c.Spec.RoutingStrategy = strategy
}
// GetTunnelStrategy gets the tunnel strategy type.
func (c *ClusterNetworkingConfigV2) GetTunnelStrategyType() (TunnelStrategyType, error) {
if c.Spec.TunnelStrategy == nil {
return "", trace.BadParameter("tunnel strategy is nil")
}
switch c.Spec.TunnelStrategy.Strategy.(type) {
case *TunnelStrategyV1_AgentMesh:
return AgentMesh, nil
case *TunnelStrategyV1_ProxyPeering:
return ProxyPeering, nil
}
return "", trace.BadParameter("unknown tunnel strategy type: %T", c.Spec.TunnelStrategy.Strategy)
}
// GetAgentMeshTunnelStrategy gets the agent mesh tunnel strategy.
func (c *ClusterNetworkingConfigV2) GetAgentMeshTunnelStrategy() *AgentMeshTunnelStrategy {
return c.Spec.TunnelStrategy.GetAgentMesh()
}
// GetProxyPeeringTunnelStrategy gets the proxy peering tunnel strategy.
func (c *ClusterNetworkingConfigV2) GetProxyPeeringTunnelStrategy() *ProxyPeeringTunnelStrategy {
return c.Spec.TunnelStrategy.GetProxyPeering()
}
// SetTunnelStrategy sets the tunnel strategy.
func (c *ClusterNetworkingConfigV2) SetTunnelStrategy(strategy *TunnelStrategyV1) {
c.Spec.TunnelStrategy = strategy
}
// CheckAndSetDefaults verifies the constraints for ClusterNetworkingConfig.
func (c *ClusterNetworkingConfigV2) CheckAndSetDefaults() error {
c.setStaticFields()
if err := c.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
// Make sure origin value is always set.
if c.Origin() == "" {
c.SetOrigin(OriginDynamic)
}
// Set the keep-alive interval and max missed keep-alives.
if c.Spec.KeepAliveInterval.Duration() == 0 {
c.Spec.KeepAliveInterval = NewDuration(defaults.KeepAliveInterval())
}
if c.Spec.KeepAliveCountMax == 0 {
c.Spec.KeepAliveCountMax = int64(defaults.KeepAliveCountMax)
}
if c.Spec.TunnelStrategy == nil {
c.Spec.TunnelStrategy = &TunnelStrategyV1{
Strategy: DefaultTunnelStrategy(),
}
}
if err := c.Spec.TunnelStrategy.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
return nil
}
// GetProxyPingInterval gets the proxy ping interval.
func (c *ClusterNetworkingConfigV2) GetProxyPingInterval() time.Duration {
return c.Spec.ProxyPingInterval.Duration()
}
// SetProxyPingInterval sets the proxy ping interval.
func (c *ClusterNetworkingConfigV2) SetProxyPingInterval(interval time.Duration) {
c.Spec.ProxyPingInterval = Duration(interval)
}
// GetCaseInsensitiveRouting gets the case-insensitive routing option.
func (c *ClusterNetworkingConfigV2) GetCaseInsensitiveRouting() bool {
return c.Spec.CaseInsensitiveRouting
}
// SetCaseInsensitiveRouting sets the case-insensitive routing option.
func (c *ClusterNetworkingConfigV2) SetCaseInsensitiveRouting(cir bool) {
c.Spec.CaseInsensitiveRouting = cir
}
// GetSSHDialTimeout returns the timeout to be used for SSH connections.
// If the value is not set, or was intentionally set to zero or a negative value,
// [defaults.DefaultIOTimeout] is returned instead. This is because
// a zero value cannot be distinguished to mean no timeout, or
// that a value had never been set.
func (c *ClusterNetworkingConfigV2) GetSSHDialTimeout() time.Duration {
if c.Spec.SSHDialTimeout <= 0 {
return defaults.DefaultIOTimeout
}
return c.Spec.SSHDialTimeout.Duration()
}
// SetSSHDialTimeout updates the SSH connection timeout. The value is
// not validated, but will not be respected if zero or negative. See
// the docs on [ClusterNetworkingConfigV2.GetSSHDialTimeout] for more details.
func (c *ClusterNetworkingConfigV2) SetSSHDialTimeout(t time.Duration) {
c.Spec.SSHDialTimeout = Duration(t)
}
// MarshalYAML defines how a proxy listener mode should be marshaled to a string
func (p ProxyListenerMode) MarshalYAML() (interface{}, error) {
return strings.ToLower(p.String()), nil
}
// UnmarshalYAML unmarshalls proxy listener mode from YAML value.
func (p *ProxyListenerMode) UnmarshalYAML(unmarshal func(interface{}) error) error {
var stringVar string
if err := unmarshal(&stringVar); err != nil {
return trace.Wrap(err)
}
for k, v := range ProxyListenerMode_value {
if strings.EqualFold(k, stringVar) {
*p = ProxyListenerMode(v)
return nil
}
}
available := make([]string, 0, len(ProxyListenerMode_value))
for k := range ProxyListenerMode_value {
available = append(available, strings.ToLower(k))
}
return trace.BadParameter(
"proxy listener mode must be one of %s; got %q", strings.Join(available, ","), stringVar)
}
// MarshalYAML defines how a routing strategy should be marshaled to a string
func (s RoutingStrategy) MarshalYAML() (interface{}, error) {
return strings.ToLower(s.String()), nil
}
// UnmarshalYAML unmarshalls routing strategy from YAML value.
func (s *RoutingStrategy) UnmarshalYAML(unmarshal func(interface{}) error) error {
var stringVar string
if err := unmarshal(&stringVar); err != nil {
return trace.Wrap(err)
}
for k, v := range RoutingStrategy_value {
if strings.EqualFold(k, stringVar) {
*s = RoutingStrategy(v)
return nil
}
}
available := make([]string, 0, len(RoutingStrategy_value))
for k := range RoutingStrategy_value {
available = append(available, strings.ToLower(k))
}
return trace.BadParameter(
"routing strategy must be one of %s; got %q", strings.Join(available, ","), stringVar)
}
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"net/netip"
"net/url"
"os"
"slices"
"strconv"
"strings"
"time"
"github.com/gravitational/trace"
"golang.org/x/crypto/ssh"
"github.com/gravitational/teleport/api/constants"
"github.com/gravitational/teleport/api/defaults"
"github.com/gravitational/teleport/api/utils"
)
// OIDCConnector specifies configuration for Open ID Connect compatible external
// identity provider, e.g. google in some organization
type OIDCConnector interface {
// ResourceWithSecrets provides common methods for objects
ResourceWithSecrets
ResourceWithOrigin
// Validate will preform checks not found in CheckAndSetDefaults
// that should only be preformed when the OIDC connector resource
// itself is being created or updated, not when a OIDCConnector
// object is being created or updated.
Validate() error
// Issuer URL is the endpoint of the provider, e.g. https://accounts.google.com
GetIssuerURL() string
// ClientID is id for authentication client (in our case it's our Auth server)
GetClientID() string
// ClientSecret is used to authenticate our client and should not
// be visible to end user
GetClientSecret() string
// GetRedirectURLs returns list of redirect URLs.
GetRedirectURLs() []string
// GetACR returns the Authentication Context Class Reference (ACR) value.
GetACR() string
// GetProvider returns the identity provider.
GetProvider() string
// Display - Friendly name for this provider.
GetDisplay() string
// Scope is additional scopes set by provider
GetScope() []string
// ClaimsToRoles specifies dynamic mapping from claims to roles
GetClaimsToRoles() []ClaimMapping
// GetClaims returns list of claims expected by mappings
GetClaims() []string
// GetTraitMappings converts gets all claim mappings in the
// generic trait mapping format.
GetTraitMappings() TraitMappingSet
// SetClientSecret sets client secret to some value
SetClientSecret(secret string)
// SetClientID sets id for authentication client (in our case it's our Auth server)
SetClientID(string)
// SetIssuerURL sets the endpoint of the provider
SetIssuerURL(string)
// SetRedirectURLs sets the list of redirectURLs
SetRedirectURLs([]string)
// SetPrompt sets OIDC prompt value
SetPrompt(string)
// GetPrompt returns OIDC prompt value,
GetPrompt() string
// SetACR sets the Authentication Context Class Reference (ACR) value.
SetACR(string)
// SetProvider sets the identity provider.
SetProvider(string)
// SetScope sets additional scopes set by provider
SetScope([]string)
// SetClaimsToRoles sets dynamic mapping from claims to roles
SetClaimsToRoles([]ClaimMapping)
// GetUsernameClaim gets the name of the claim from the OIDC connector to be used as the user's username.
GetUsernameClaim() string
// SetDisplay sets friendly name for this provider.
SetDisplay(string)
// GetGoogleServiceAccountURI returns path to google service account URI
GetGoogleServiceAccountURI() string
// GetGoogleServiceAccount returns google service account json for Google
GetGoogleServiceAccount() string
// SetGoogleServiceAccount sets the google service account json contents
SetGoogleServiceAccount(string)
// GetGoogleAdminEmail returns a google admin user email
// https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
// "Note: Although you can use service accounts in applications that run from a Google Workspace (formerly G Suite) domain, service accounts are not members of your Google Workspace account and aren’t subject to domain policies set by administrators. For example, a policy set in the Google Workspace admin console to restrict the ability of end users to share documents outside of the domain would not apply to service accounts."
GetGoogleAdminEmail() string
// GetAllowUnverifiedEmail returns true if unverified emails should be allowed in received users.
GetAllowUnverifiedEmail() bool
// GetMaxAge returns the amount of time that user logins are
// valid for and true if MaxAge is set. If a user logs in, but then
// does not login again within this time period, they will be forced
// to re-authenticate.
GetMaxAge() (time.Duration, bool)
// GetClientRedirectSettings returns the client redirect settings.
GetClientRedirectSettings() *SSOClientRedirectSettings
// GetMFASettings returns the connector's MFA settings.
GetMFASettings() *OIDCConnectorMFASettings
// IsMFAEnabled returns whether the connector has MFA enabled.
IsMFAEnabled() bool
// WithMFASettings returns the connector will some settings overwritten set from MFA settings.
WithMFASettings() error
// IsPKCEEnabled returns true if the connector should add code_challenge information to auth requests.
IsPKCEEnabled() bool
// SetPKCEMode will set the pkce mode
SetPKCEMode(mode constants.OIDCPKCEMode)
// GetPKCEMode will return the PKCEMode of the connector.
GetPKCEMode() constants.OIDCPKCEMode
// GetUserMatchers returns the set of glob patterns to narrow down which username(s) this auth connector should
// match for identifier-first login.
GetUserMatchers() []string
// GetRequestObjectMode will return the RequestObjectMode of the connector.
GetRequestObjectMode() constants.OIDCRequestObjectMode
// SetRequestObjectMode sets the RequestObjectMode of the connector.
SetRequestObjectMode(mode constants.OIDCRequestObjectMode)
// SetUserMatchers sets the set of glob patterns to narrow down which username(s) this auth connector should match
// for identifier-first login.
SetUserMatchers([]string)
// GetEntraIDGroupsProvider returns Entra ID groups provider.
GetEntraIDGroupsProvider() *EntraIDGroupsProvider
// IsEntraIDGroupsProviderDisabled checks if the Entra ID groups provider is disabled.
IsEntraIDGroupsProviderDisabled() bool
}
// NewOIDCConnector returns a new OIDCConnector based off a name and OIDCConnectorSpecV3.
func NewOIDCConnector(name string, spec OIDCConnectorSpecV3) (OIDCConnector, error) {
o := &OIDCConnectorV3{
Metadata: Metadata{
Name: name,
},
Spec: spec,
}
if err := o.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return o, nil
}
// SetPrompt sets OIDC prompt value
func (o *OIDCConnectorV3) SetPrompt(p string) {
o.Spec.Prompt = p
}
// GetPrompt returns OIDC prompt value,
// * if not set, default to select_account for backwards compatibility
// * if set to none, it will be omitted
// * and any other non empty value, pass it as is
func (o *OIDCConnectorV3) GetPrompt() string {
if o.Spec.Prompt == "" {
return constants.OIDCPromptSelectAccount
}
if o.Spec.Prompt == constants.OIDCPromptNone {
return ""
}
return o.Spec.Prompt
}
// GetGoogleServiceAccountURI returns an optional path to google service account file
func (o *OIDCConnectorV3) GetGoogleServiceAccountURI() string {
return o.Spec.GoogleServiceAccountURI
}
// GetGoogleServiceAccount returns a string representing a Google service account
func (o *OIDCConnectorV3) GetGoogleServiceAccount() string {
return o.Spec.GoogleServiceAccount
}
// SetGoogleServiceAccount sets a string representing a Google service account
func (o *OIDCConnectorV3) SetGoogleServiceAccount(s string) {
o.Spec.GoogleServiceAccount = s
}
// GetGoogleAdminEmail returns a google admin user email
func (o *OIDCConnectorV3) GetGoogleAdminEmail() string {
return o.Spec.GoogleAdminEmail
}
// GetVersion returns resource version
func (o *OIDCConnectorV3) GetVersion() string {
return o.Version
}
// GetSubKind returns resource sub kind
func (o *OIDCConnectorV3) GetSubKind() string {
return o.SubKind
}
// SetSubKind sets resource subkind
func (o *OIDCConnectorV3) SetSubKind(s string) {
o.SubKind = s
}
// GetKind returns resource kind
func (o *OIDCConnectorV3) GetKind() string {
return o.Kind
}
// GetRevision returns the revision
func (o *OIDCConnectorV3) GetRevision() string {
return o.Metadata.GetRevision()
}
// SetRevision sets the revision
func (o *OIDCConnectorV3) SetRevision(rev string) {
o.Metadata.SetRevision(rev)
}
// WithoutSecrets returns an instance of resource without secrets.
func (o *OIDCConnectorV3) WithoutSecrets() Resource {
if o.GetClientSecret() == "" && o.GetGoogleServiceAccount() == "" {
return o
}
o2 := *o
o2.SetClientSecret("")
o2.SetGoogleServiceAccount("")
if o2.Spec.MFASettings != nil {
o2.Spec.MFASettings.ClientSecret = ""
}
return &o2
}
// V3 returns V3 version of the resource
func (o *OIDCConnectorV3) V3() *OIDCConnectorV3 {
return o
}
// SetDisplay sets friendly name for this provider.
func (o *OIDCConnectorV3) SetDisplay(display string) {
o.Spec.Display = display
}
// GetMetadata returns object metadata
func (o *OIDCConnectorV3) GetMetadata() Metadata {
return o.Metadata
}
// Origin returns the origin value of the resource.
func (o *OIDCConnectorV3) Origin() string {
return o.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (o *OIDCConnectorV3) SetOrigin(origin string) {
o.Metadata.SetOrigin(origin)
}
// SetExpiry sets expiry time for the object
func (o *OIDCConnectorV3) SetExpiry(expires time.Time) {
o.Metadata.SetExpiry(expires)
}
// Expiry returns object expiry setting
func (o *OIDCConnectorV3) Expiry() time.Time {
return o.Metadata.Expiry()
}
// GetName returns the name of the connector
func (o *OIDCConnectorV3) GetName() string {
return o.Metadata.GetName()
}
// SetName sets client secret to some value
func (o *OIDCConnectorV3) SetName(name string) {
o.Metadata.SetName(name)
}
// SetIssuerURL sets client secret to some value
func (o *OIDCConnectorV3) SetIssuerURL(issuerURL string) {
o.Spec.IssuerURL = issuerURL
}
// SetRedirectURLs sets the list of redirectURLs
func (o *OIDCConnectorV3) SetRedirectURLs(redirectURLs []string) {
o.Spec.RedirectURLs = redirectURLs
}
// SetACR sets the Authentication Context Class Reference (ACR) value.
func (o *OIDCConnectorV3) SetACR(acrValue string) {
o.Spec.ACR = acrValue
}
// SetProvider sets the identity provider.
func (o *OIDCConnectorV3) SetProvider(identityProvider string) {
o.Spec.Provider = identityProvider
}
// SetScope sets additional scopes set by provider
func (o *OIDCConnectorV3) SetScope(scope []string) {
o.Spec.Scope = scope
}
// SetClaimsToRoles sets dynamic mapping from claims to roles
func (o *OIDCConnectorV3) SetClaimsToRoles(claims []ClaimMapping) {
o.Spec.ClaimsToRoles = claims
}
// SetClientID sets id for authentication client (in our case it's our Auth server)
func (o *OIDCConnectorV3) SetClientID(clintID string) {
o.Spec.ClientID = clintID
}
// SetClientSecret sets client secret to some value
func (o *OIDCConnectorV3) SetClientSecret(secret string) {
o.Spec.ClientSecret = secret
}
// GetIssuerURL is the endpoint of the provider, e.g. https://accounts.google.com
func (o *OIDCConnectorV3) GetIssuerURL() string {
return o.Spec.IssuerURL
}
// GetClientID is id for authentication client (in our case it's our Auth server)
func (o *OIDCConnectorV3) GetClientID() string {
return o.Spec.ClientID
}
// GetClientSecret is used to authenticate our client and should not
// be visible to end user
func (o *OIDCConnectorV3) GetClientSecret() string {
return o.Spec.ClientSecret
}
// GetRedirectURLs returns a list of the connector's redirect URLs.
func (o *OIDCConnectorV3) GetRedirectURLs() []string {
return o.Spec.RedirectURLs
}
// GetACR returns the Authentication Context Class Reference (ACR) value.
func (o *OIDCConnectorV3) GetACR() string {
return o.Spec.ACR
}
// GetProvider returns the identity provider.
func (o *OIDCConnectorV3) GetProvider() string {
return o.Spec.Provider
}
// GetDisplay - Friendly name for this provider.
func (o *OIDCConnectorV3) GetDisplay() string {
if o.Spec.Display != "" {
return o.Spec.Display
}
return o.GetName()
}
// GetScope is additional scopes set by provider
func (o *OIDCConnectorV3) GetScope() []string {
return o.Spec.Scope
}
// GetUsernameClaim gets the name of the claim from the OIDC connector to be used as the user's username.
func (o *OIDCConnectorV3) GetUsernameClaim() string {
return o.Spec.UsernameClaim
}
// GetClaimsToRoles specifies dynamic mapping from claims to roles
func (o *OIDCConnectorV3) GetClaimsToRoles() []ClaimMapping {
return o.Spec.ClaimsToRoles
}
// GetClaims returns list of claims expected by mappings
func (o *OIDCConnectorV3) GetClaims() []string {
var out []string
for _, mapping := range o.Spec.ClaimsToRoles {
out = append(out, mapping.Claim)
}
return utils.Deduplicate(out)
}
// GetTraitMappings returns the OIDCConnector's TraitMappingSet
func (o *OIDCConnectorV3) GetTraitMappings() TraitMappingSet {
tms := make([]TraitMapping, 0, len(o.Spec.ClaimsToRoles))
for _, mapping := range o.Spec.ClaimsToRoles {
tms = append(tms, TraitMapping{
Trait: mapping.Claim,
Value: mapping.Value,
Roles: mapping.Roles,
})
}
return TraitMappingSet(tms)
}
// setStaticFields sets static resource header and metadata fields.
func (o *OIDCConnectorV3) setStaticFields() {
o.Kind = KindOIDCConnector
}
// CheckAndSetDefaults checks and set default values for any missing fields.
func (o *OIDCConnectorV3) CheckAndSetDefaults() error {
o.setStaticFields()
switch o.Version {
case V2, V3:
// V2 is also supported
case "":
o.Version = V3
default:
return trace.BadParameter("Version: invalid OIDC connector version %v", o.Version)
}
if err := o.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if name := o.Metadata.Name; slices.Contains(constants.SystemConnectors, name) {
return trace.BadParameter("ID: invalid connector name, %v is a reserved name", name)
}
if o.Spec.ClientID == "" {
return trace.BadParameter("OIDC connector is missing required client_id")
}
if o.Spec.ClientSecret == "" {
return trace.BadParameter("OIDC connector is missing required client_secret")
}
if strings.HasPrefix(o.Spec.ClientSecret, "file://") {
return trace.BadParameter("the client_secret must be a literal value, file:// URLs are not supported")
}
if len(o.GetClaimsToRoles()) == 0 {
return trace.BadParameter("claims_to_roles is empty, authorization with connector would never assign any roles")
}
for _, v := range o.Spec.ClaimsToRoles {
if len(v.Roles) == 0 {
return trace.BadParameter("add roles in claims_to_roles")
}
}
if _, err := url.Parse(o.GetIssuerURL()); err != nil {
return trace.BadParameter("bad IssuerURL '%v', err: %v", o.GetIssuerURL(), err)
}
if len(o.GetRedirectURLs()) == 0 {
return trace.BadParameter("RedirectURL: missing redirect_url")
}
for _, redirectURL := range o.GetRedirectURLs() {
if _, err := url.Parse(redirectURL); err != nil {
return trace.BadParameter("bad RedirectURL '%v', err: %v", redirectURL, err)
}
}
if o.GetGoogleServiceAccountURI() != "" && o.GetGoogleServiceAccount() != "" {
return trace.BadParameter("one of either google_service_account_uri or google_service_account is supported, not both")
}
if o.GetGoogleServiceAccountURI() != "" {
uri, err := utils.ParseSessionsURI(o.GetGoogleServiceAccountURI())
if err != nil {
return trace.Wrap(err)
}
if uri.Scheme != "file" {
return trace.BadParameter("only file:// scheme is supported for google_service_account_uri")
}
if o.GetGoogleAdminEmail() == "" {
return trace.BadParameter("whenever google_service_account_uri is specified, google_admin_email should be set as well, read https://developers.google.com/identity/protools/OAuth2ServiceAccount#delegatingauthority for more details")
}
}
if o.GetGoogleServiceAccount() != "" {
if o.GetGoogleAdminEmail() == "" {
return trace.BadParameter("whenever google_service_account is specified, google_admin_email should be set as well, read https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority for more details")
}
}
if o.Spec.MaxAge != nil {
maxAge := o.Spec.MaxAge.Value.Duration()
if maxAge < 0 {
return trace.BadParameter("max_age cannot be negative")
}
if maxAge.Round(time.Second) != maxAge {
return trace.BadParameter("max_age %q is invalid, cannot have sub-second units", maxAge.String())
}
}
if o.Spec.MFASettings != nil {
maxAge := o.Spec.MFASettings.MaxAge.Duration()
if maxAge < 0 {
return trace.BadParameter("max_age cannot be negative")
}
if maxAge.Round(time.Second) != maxAge {
return trace.BadParameter("max_age %q invalid, cannot have sub-second units", maxAge.String())
}
}
return nil
}
// Validate will preform checks not found in CheckAndSetDefaults
// that should only be preformed when the OIDC connector resource
// itself is being created or updated, not when a OIDCConnector
// object is being created or updated.
func (o *OIDCConnectorV3) Validate() error {
if o.Spec.ClientRedirectSettings != nil {
for _, cidrStr := range o.Spec.ClientRedirectSettings.InsecureAllowedCidrRanges {
_, err := netip.ParsePrefix(cidrStr)
if err != nil {
return trace.BadParameter("bad CIDR range in insecure_allowed_cidr_ranges '%s': %v", cidrStr, err)
}
}
}
entra := o.GetEntraIDGroupsProvider()
if entra != nil {
if err := entra.checkAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
}
return nil
}
// GetAllowUnverifiedEmail returns true if unverified emails should be allowed in received users.
func (o *OIDCConnectorV3) GetAllowUnverifiedEmail() bool {
return o.Spec.AllowUnverifiedEmail
}
// GetMaxAge returns the amount of time that user logins are
// valid for and true if MaxAge is set. If a user logs in, but then
// does not login again within this time period, they will be forced
// to re-authenticate.
func (o *OIDCConnectorV3) GetMaxAge() (time.Duration, bool) {
if o.Spec.MaxAge == nil {
return 0, false
}
return o.Spec.MaxAge.Value.Duration(), true
}
// GetClientRedirectSettings returns the client redirect settings.
func (o *OIDCConnectorV3) GetClientRedirectSettings() *SSOClientRedirectSettings {
if o == nil {
return nil
}
return o.Spec.ClientRedirectSettings
}
// GetMFASettings returns the connector's MFA settings.
func (o *OIDCConnectorV3) GetMFASettings() *OIDCConnectorMFASettings {
return o.Spec.MFASettings
}
// IsMFAEnabled returns whether the connector has MFA enabled.
func (o *OIDCConnectorV3) IsMFAEnabled() bool {
mfa := o.GetMFASettings()
return mfa != nil && mfa.Enabled
}
// IsPKCEEnabled returns true if the connector should add code_challenge information to auth requests.
func (o *OIDCConnectorV3) IsPKCEEnabled() bool {
return o.Spec.PKCEMode == string(constants.OIDCPKCEModeEnabled)
}
// SetPKCEMode will set the pkce mode
func (o *OIDCConnectorV3) SetPKCEMode(mode constants.OIDCPKCEMode) {
o.Spec.PKCEMode = string(mode)
}
// GetPKCEMode will return the PKCEMode of the connector.
func (o *OIDCConnectorV3) GetPKCEMode() constants.OIDCPKCEMode {
return constants.OIDCPKCEMode(o.Spec.PKCEMode)
}
// WithMFASettings returns the connector will some settings overwritten set from MFA settings.
func (o *OIDCConnectorV3) WithMFASettings() error {
if !o.IsMFAEnabled() {
return trace.BadParameter("this connector does not have MFA enabled")
}
o.Spec.ClientID = o.Spec.MFASettings.ClientId
o.Spec.ClientSecret = o.Spec.MFASettings.ClientSecret
o.Spec.ACR = o.Spec.MFASettings.AcrValues
o.Spec.Prompt = o.Spec.MFASettings.Prompt
// Overwrite the base connector's request object mode iff the MFA setting's
// request object mode is explicitly set. Otherwise, the base setting should be assumed.
if o.Spec.MFASettings.RequestObjectMode != string(constants.OIDCRequestObjectModeUnknown) {
o.Spec.RequestObjectMode = o.Spec.MFASettings.RequestObjectMode
}
// In rare cases, some providers will complain about the presence of the 'max_age'
// parameter in auth requests. Provide users with a workaround to omit it.
omitMaxAge, _ := strconv.ParseBool(os.Getenv("TELEPORT_OIDC_OMIT_MFA_MAX_AGE"))
if omitMaxAge {
o.Spec.MaxAge = nil
} else {
o.Spec.MaxAge = &MaxAge{
Value: o.Spec.MFASettings.MaxAge,
}
}
return nil
}
// GetUserMatchers returns the set of glob patterns to narrow down which username(s) this auth connector should
// match for identifier-first login.
func (r *OIDCConnectorV3) GetUserMatchers() []string {
if r.Spec.UserMatchers == nil {
return nil
}
return r.Spec.UserMatchers
}
// GetRequestObjectMode returns the configured OIDC request object mode.
func (r *OIDCConnectorV3) GetRequestObjectMode() constants.OIDCRequestObjectMode {
return constants.OIDCRequestObjectMode(r.Spec.RequestObjectMode)
}
// SetRequestObjectMode sets the OIDC request object mode.
func (r *OIDCConnectorV3) SetRequestObjectMode(mode constants.OIDCRequestObjectMode) {
r.Spec.RequestObjectMode = string(mode)
}
// SetUserMatchers sets the set of glob patterns to narrow down which username(s) this auth connector should match
// for identifier-first login.
func (r *OIDCConnectorV3) SetUserMatchers(userMatchers []string) {
r.Spec.UserMatchers = userMatchers
}
// Check returns nil if all parameters are great, err otherwise
func (r *OIDCAuthRequest) Check() error {
switch {
case r.ConnectorID == "":
return trace.BadParameter("ConnectorID: missing value")
case r.StateToken == "":
return trace.BadParameter("StateToken: missing value")
// we could collapse these two checks into one, but the error message would become ambiguous.
case r.SSOTestFlow && r.ConnectorSpec == nil:
return trace.BadParameter("ConnectorSpec cannot be nil when SSOTestFlow is true")
case !r.SSOTestFlow && r.ConnectorSpec != nil:
return trace.BadParameter("ConnectorSpec must be nil when SSOTestFlow is false")
}
if len(r.SshPublicKey) > 0 {
_, _, _, _, err := ssh.ParseAuthorizedKey(r.SshPublicKey)
if err != nil {
return trace.BadParameter("bad SSH public key: %v", err)
}
}
if (len(r.SshPublicKey) != 0 || len(r.TlsPublicKey) != 0) &&
(r.CertTTL > defaults.MaxCertDuration || r.CertTTL < defaults.MinCertDuration) {
return trace.BadParameter("wrong CertTTL")
}
return nil
}
func (e *EntraIDGroupsProvider) checkAndSetDefaults() error {
if e.GroupType != "" {
if !slices.Contains(EntraIDGroupsTypes, e.GroupType) {
return trace.BadParameter("expected group type to be one of %q, got %q", EntraIDGroupsTypes, e.GroupType)
}
}
if err := ValidateMSGraphEndpoints("", e.GraphEndpoint); err != nil {
return trace.Wrap(err)
}
return nil
}
// GetEntraIDGroupsProvider returns Entra ID groups provider.
func (o *OIDCConnectorV3) GetEntraIDGroupsProvider() *EntraIDGroupsProvider {
return o.Spec.EntraIdGroupsProvider
}
// IsEntraIDGroupsProviderDisabled checks if the Entra ID groups provider is disabled.
func (o *OIDCConnectorV3) IsEntraIDGroupsProviderDisabled() bool {
entra := o.Spec.EntraIdGroupsProvider
return entra != nil && entra.Disabled
}
/*
Copyright 2022 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"encoding/json"
"time"
"github.com/gravitational/trace"
)
// OIDCClaims is a redefinition of jose.Claims with additional methods, required for serialization to/from protobuf.
// With those we can reference it with an option like so: `(gogoproto.customtype) = "OIDCClaims"`
type OIDCClaims map[string]interface{}
// Size returns size of the object when marshaled
func (a *OIDCClaims) Size() int {
bytes, err := json.Marshal(a)
if err != nil {
return 0
}
return len(bytes)
}
// Unmarshal the object from provided buffer.
func (a *OIDCClaims) Unmarshal(bytes []byte) error {
return trace.Wrap(json.Unmarshal(bytes, a))
}
// MarshalTo marshals the object to sized buffer
func (a *OIDCClaims) MarshalTo(bytes []byte) (int, error) {
out, err := json.Marshal(a)
if err != nil {
return 0, trace.Wrap(err)
}
if len(out) > cap(bytes) {
return 0, trace.BadParameter("capacity too low: %v, need %v", cap(bytes), len(out))
}
copy(bytes, out)
return len(out), nil
}
// OIDCIdentity is a redefinition of oidc.Identity with additional methods, required for serialization to/from protobuf.
// With those we can reference it with an option like so: `(gogoproto.customtype) = "OIDCIdentity"`
type OIDCIdentity struct {
// ID is populated from "subject" claim.
ID string
// Name of user. Empty in current version of library.
Name string
// Email is populated from "email" claim.
Email string
// ExpiresAt populated from "exp" claim, represents expiry time.
ExpiresAt time.Time
}
// Size returns size of the object when marshaled
func (a *OIDCIdentity) Size() int {
bytes, err := json.Marshal(a)
if err != nil {
return 0
}
return len(bytes)
}
// Unmarshal the object from provided buffer.
func (a *OIDCIdentity) Unmarshal(bytes []byte) error {
return trace.Wrap(json.Unmarshal(bytes, a))
}
// MarshalTo marshals the object to sized buffer
func (a *OIDCIdentity) MarshalTo(bytes []byte) (int, error) {
out, err := json.Marshal(a)
if err != nil {
return 0, trace.Wrap(err)
}
if len(out) > cap(bytes) {
return 0, trace.BadParameter("capacity too low: %v, need %v", cap(bytes), len(out))
}
copy(bytes, out)
return len(out), nil
}
/*
Copyright 2023 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"context"
"fmt"
"log/slog"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/constants"
"github.com/gravitational/teleport/api/types/compare"
"github.com/gravitational/teleport/api/utils"
)
var _ compare.IsEqual[OktaAssignment] = (*OktaAssignmentV1)(nil)
// OktaImportRule specifies a rule for importing and labeling Okta applications and groups.
type OktaImportRule interface {
ResourceWithLabels
// GetPriority will return the priority of the Okta import rule.
GetPriority() int32
// GetMappings will return the list of mappings for the Okta import rule.
GetMappings() []OktaImportRuleMapping
// Clone returns a copy of the Okta import rule.
Clone() OktaImportRule
}
// NewOktaImportRule returns a new OktaImportRule.
func NewOktaImportRule(metadata Metadata, spec OktaImportRuleSpecV1) (OktaImportRule, error) {
o := &OktaImportRuleV1{
ResourceHeader: ResourceHeader{
Metadata: metadata,
},
Spec: spec,
}
if err := o.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return o, nil
}
// Clone returns a copy of the Okta import rule.
func (o *OktaImportRuleV1) Clone() OktaImportRule {
return utils.CloneProtoMsg(o)
}
// GetPriority will return the priority of the Okta import rule.
func (o *OktaImportRuleV1) GetPriority() int32 {
return o.Spec.Priority
}
// GetMappings will return the list of mappings for the Okta import rule.
func (o *OktaImportRuleV1) GetMappings() []OktaImportRuleMapping {
matches := make([]OktaImportRuleMapping, len(o.Spec.Mappings))
for i, match := range o.Spec.Mappings {
matches[i] = match
}
return matches
}
// String returns the Okta import rule string representation.
func (o *OktaImportRuleV1) String() string {
return fmt.Sprintf("OktaImportRuleV1(Name=%v, Labels=%v)",
o.GetName(), o.GetAllLabels())
}
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (o *OktaImportRuleV1) MatchSearch(values []string) bool {
fieldVals := append(utils.MapToStrings(o.GetAllLabels()), o.GetName())
return MatchSearch(fieldVals, values, nil)
}
// setStaticFields sets static resource header and metadata fields.
func (o *OktaImportRuleV1) setStaticFields() {
o.Kind = KindOktaImportRule
o.Version = V1
}
// CheckAndSetDefaults checks and sets default values
func (o *OktaImportRuleV1) CheckAndSetDefaults() error {
o.setStaticFields()
if err := o.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if o.Spec.Priority < 0 {
return trace.BadParameter("priority must be a positive number")
}
if len(o.Spec.Mappings) == 0 {
return trace.BadParameter("mappings is empty")
}
for _, mapping := range o.Spec.Mappings {
if err := mapping.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
}
return nil
}
// OktaImportRuleMapping is a list of matches that map match rules to labels.
type OktaImportRuleMapping interface {
// GetMatches returns all matches for a mapping.
GetMatches() []OktaImportRuleMatch
// GetAddLabels returns the labels that will be added for a mapping.
GetAddLabels() map[string]string
}
// GetMatches returns all matches for a mapping.
func (o *OktaImportRuleMappingV1) GetMatches() []OktaImportRuleMatch {
matches := make([]OktaImportRuleMatch, len(o.Match))
for i, match := range o.Match {
matches[i] = match
}
return matches
}
// GetAddLabels returns the labels that will be added for a mapping.
func (o *OktaImportRuleMappingV1) GetAddLabels() map[string]string {
return o.AddLabels
}
// CheckAndSetDefaults checks and sets default values
func (o *OktaImportRuleMappingV1) CheckAndSetDefaults() error {
for _, match := range o.Match {
if err := match.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
}
return nil
}
// OktaImportRuleMatch creates a new Okta import rule match.
type OktaImportRuleMatch interface {
// GetAppIDs returns whether or not this match contains an App ID match and, if so, the list of app IDs.
GetAppIDs() (bool, []string)
// GetGroupIDs returns whether or not this match contains a Group ID match and, if so, the list of app IDs.
GetGroupIDs() (bool, []string)
// GetAppNameRegexes returns whether or not this match contains app name regexes and, if so, the regexes.
GetAppNameRegexes() (bool, []string)
// GetGroupNameRegexes returns whether or not this match contains group name regexes and, if so, the regexes.
GetGroupNameRegexes() (bool, []string)
}
// GetAppIDs returns whether or not this match contains an App ID match and, if so, the list of app IDs.
func (o *OktaImportRuleMatchV1) GetAppIDs() (bool, []string) {
return len(o.AppIDs) > 0, o.AppIDs
}
// GetGroupIDs returns whether or not this match contains a Group ID match and, if so, the list of app IDs.
func (o *OktaImportRuleMatchV1) GetGroupIDs() (bool, []string) {
return len(o.GroupIDs) > 0, o.GroupIDs
}
// GetAppNameRegexes returns whether or not this match contains app name regexes and, if so, the regexes.
func (o *OktaImportRuleMatchV1) GetAppNameRegexes() (bool, []string) {
return len(o.AppNameRegexes) > 0, o.AppNameRegexes
}
// GetGroupNameRegexes returns whether or not this match contains group name regexes and, if so, the regexes.
func (o *OktaImportRuleMatchV1) GetGroupNameRegexes() (bool, []string) {
return len(o.GroupNameRegexes) > 0, o.GroupNameRegexes
}
// CheckAndSetDefaults checks and sets default values
func (o *OktaImportRuleMatchV1) CheckAndSetDefaults() error {
if len(o.AppIDs) > 0 && len(o.GroupIDs) > 0 {
return trace.BadParameter("only one of App IDs or Group IDs can be set")
}
return nil
}
// OktaAssignment is a representation of an action or set of actions taken by Teleport to assign Okta users
// to applications or groups. When modifying this object, please make sure to update
// tool/tctl/common/oktaassignment to reflect any new fields that were added.
type OktaAssignment interface {
ResourceWithLabels
// SetMetadata will set the metadata for the Okta assignment.
SetMetadata(metadata Metadata)
// GetUser will return the user that the Okta assignment actions applies to.
GetUser() string
// GetTargets will return the list of targets that will be assigned as part of this assignment.
GetTargets() []OktaAssignmentTarget
// GetCleanupTime will return the optional time that the assignment should be cleaned up.
GetCleanupTime() time.Time
// SetCleanupTime will set the cleanup time.
SetCleanupTime(time.Time)
// GetStatus gets the status of the assignment.
GetStatus() string
// SetStatus sets the status of the eassignment. Only allows valid transitions.
SetStatus(status string) error
// SetLastTransition sets the last transition time.
SetLastTransition(time.Time)
// GetLastTransition returns the time that the action last transitioned.
GetLastTransition() time.Time
// IsFinalized returns the finalized state.
IsFinalized() bool
// SetFinalized sets the finalized state
SetFinalized(bool)
// Copy returns a copy of this Okta assignment resource.
Copy() OktaAssignment
}
// NewOktaAssignment creates a new Okta assignment object.
func NewOktaAssignment(metadata Metadata, spec OktaAssignmentSpecV1) (OktaAssignment, error) {
o := &OktaAssignmentV1{
ResourceHeader: ResourceHeader{
Metadata: metadata,
},
Spec: spec,
}
if err := o.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return o, nil
}
// SetMetadata will set the metadata for the Okta assignment.
func (o *OktaAssignmentV1) SetMetadata(metadata Metadata) {
o.Metadata = metadata
}
// GetUser returns the user that the actions will be applied to.
func (o *OktaAssignmentV1) GetUser() string {
return o.Spec.User
}
// GetTargets returns the targets associated with the Okta assignment.
func (o *OktaAssignmentV1) GetTargets() []OktaAssignmentTarget {
targets := make([]OktaAssignmentTarget, len(o.Spec.Targets))
for i, target := range o.Spec.Targets {
targets[i] = target
}
return targets
}
// GetCleanupTime will return the optional time that the assignment should be cleaned up.
func (o *OktaAssignmentV1) GetCleanupTime() time.Time {
return o.Spec.CleanupTime
}
// SetCleanupTime will set the cleanup time.
func (o *OktaAssignmentV1) SetCleanupTime(cleanupTime time.Time) {
o.Spec.CleanupTime = cleanupTime.UTC()
}
// GetStatus gets the status of the assignment.
func (o *OktaAssignmentV1) GetStatus() string {
switch o.Spec.Status {
case OktaAssignmentSpecV1_PENDING:
return constants.OktaAssignmentStatusPending
case OktaAssignmentSpecV1_PROCESSING:
return constants.OktaAssignmentStatusProcessing
case OktaAssignmentSpecV1_SUCCESSFUL:
return constants.OktaAssignmentStatusSuccessful
case OktaAssignmentSpecV1_FAILED:
return constants.OktaAssignmentStatusFailed
default:
return constants.OktaAssignmentStatusUnknown
}
}
// SetStatus sets the status of the eassignment. Only allows valid transitions.
//
// Valid transitions are:
// * PENDING -> (PROCESSING)
// * PROCESSING -> (SUCCESSFUL, FAILED, PROCESSING)
// * SUCCESSFUL -> (PROCESSING)
// * FAILED -> (PROCESSING)
func (o *OktaAssignmentV1) SetStatus(status string) error {
invalidTransition := false
switch o.Spec.Status {
case OktaAssignmentSpecV1_PENDING:
switch status {
case constants.OktaAssignmentStatusProcessing:
default:
invalidTransition = true
}
case OktaAssignmentSpecV1_PROCESSING:
switch status {
case constants.OktaAssignmentStatusProcessing:
case constants.OktaAssignmentStatusSuccessful:
case constants.OktaAssignmentStatusFailed:
default:
invalidTransition = true
}
case OktaAssignmentSpecV1_SUCCESSFUL:
switch status {
case constants.OktaAssignmentStatusProcessing:
default:
invalidTransition = true
}
case OktaAssignmentSpecV1_FAILED:
switch status {
case constants.OktaAssignmentStatusProcessing:
default:
invalidTransition = true
}
case OktaAssignmentSpecV1_UNKNOWN:
// All transitions are allowed from UNKNOWN.
default:
invalidTransition = true
}
if invalidTransition {
return trace.BadParameter("invalid transition: %s -> %s", o.GetStatus(), status)
}
o.Spec.Status = OktaAssignmentStatusToProto(status)
return nil
}
// SetLastTransition sets the last transition time.
func (o *OktaAssignmentV1) SetLastTransition(time time.Time) {
o.Spec.LastTransition = time.UTC()
}
// GetLastTransition returns the optional time that the action last transitioned.
func (o *OktaAssignmentV1) GetLastTransition() time.Time {
return o.Spec.LastTransition
}
// IsFinalized returns the finalized state.
func (o *OktaAssignmentV1) IsFinalized() bool {
return o.Spec.Finalized
}
// SetFinalized sets the finalized state
func (o *OktaAssignmentV1) SetFinalized(finalized bool) {
o.Spec.Finalized = finalized
}
// Copy returns a copy of this Okta assignment resource.
func (o *OktaAssignmentV1) Copy() OktaAssignment {
return utils.CloneProtoMsg(o)
}
// String returns the Okta assignment rule string representation.
func (o *OktaAssignmentV1) String() string {
return fmt.Sprintf("OktaAssignmentV1(Name=%v, Labels=%v)",
o.GetName(), o.GetAllLabels())
}
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (o *OktaAssignmentV1) MatchSearch(values []string) bool {
fieldVals := append(utils.MapToStrings(o.GetAllLabels()), o.GetName())
return MatchSearch(fieldVals, values, nil)
}
// setStaticFields sets static resource header and metadata fields.
func (o *OktaAssignmentV1) setStaticFields() {
o.Kind = KindOktaAssignment
o.Version = V1
}
// CheckAndSetDefaults checks and sets default values
func (o *OktaAssignmentV1) CheckAndSetDefaults() error {
o.setStaticFields()
if err := o.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if o.Spec.User == "" {
return trace.BadParameter("user must not be empty")
}
// Make sure the times are UTC so that Copy() works properly.
o.Spec.CleanupTime = o.Spec.CleanupTime.UTC()
o.Spec.LastTransition = o.Spec.LastTransition.UTC()
return nil
}
// IsEqual determines if two okta assignment resources are equivalent to one another.
func (o *OktaAssignmentV1) IsEqual(i OktaAssignment) bool {
if other, ok := i.(*OktaAssignmentV1); ok {
return deriveTeleportEqualOktaAssignmentV1(o, other)
}
return false
}
// OktaAssignmentTarget is an target for an Okta assignment.
type OktaAssignmentTarget interface {
// GetTargetType returns the target type.
GetTargetType() string
// GetID returns the ID of the target.
GetID() string
}
// GetTargetType returns the target type.
func (o *OktaAssignmentTargetV1) GetTargetType() string {
switch o.Type {
case OktaAssignmentTargetV1_APPLICATION:
return constants.OktaAssignmentTargetApplication
case OktaAssignmentTargetV1_GROUP:
return constants.OktaAssignmentTargetGroup
default:
return constants.OktaAssignmentTargetUnknown
}
}
// GetID returns the ID of the action target.
func (o *OktaAssignmentTargetV1) GetID() string {
return o.Id
}
// OktaAssignments is a list of OktaAssignment resources.
type OktaAssignments []OktaAssignment
// ToMap returns these Okta assignments as a map keyed by Okta assignment name.
func (o OktaAssignments) ToMap() map[string]OktaAssignment {
m := make(map[string]OktaAssignment, len(o))
for _, oktaAssignment := range o {
m[oktaAssignment.GetName()] = oktaAssignment
}
return m
}
// AsResources returns these Okta assignments as resources with labels.
func (o OktaAssignments) AsResources() ResourcesWithLabels {
resources := make(ResourcesWithLabels, 0, len(o))
for _, oktaAssignment := range o {
resources = append(resources, oktaAssignment)
}
return resources
}
// Len returns the slice length.
func (o OktaAssignments) Len() int { return len(o) }
// Less compares Okta assignments by name.
func (o OktaAssignments) Less(i, j int) bool { return o[i].GetName() < o[j].GetName() }
// Swap swaps two Okta assignments.
func (o OktaAssignments) Swap(i, j int) { o[i], o[j] = o[j], o[i] }
// OktaAssignmentStatusToProto will convert the internal notion of an Okta status into the Okta status
// message understood by protobuf.
func OktaAssignmentStatusToProto(status string) OktaAssignmentSpecV1_OktaAssignmentStatus {
switch status {
case constants.OktaAssignmentStatusPending:
return OktaAssignmentSpecV1_PENDING
case constants.OktaAssignmentStatusProcessing:
return OktaAssignmentSpecV1_PROCESSING
case constants.OktaAssignmentStatusSuccessful:
return OktaAssignmentSpecV1_SUCCESSFUL
case constants.OktaAssignmentStatusFailed:
return OktaAssignmentSpecV1_FAILED
default:
return OktaAssignmentSpecV1_UNKNOWN
}
}
// OktaAssignmentStatusProtoToString will convert the Okta status known to protobuf into the internal notion
// of an Okta status.
func OktaAssignmentStatusProtoToString(status OktaAssignmentSpecV1_OktaAssignmentStatus) string {
switch status {
case OktaAssignmentSpecV1_PENDING:
return constants.OktaAssignmentStatusPending
case OktaAssignmentSpecV1_PROCESSING:
return constants.OktaAssignmentStatusProcessing
case OktaAssignmentSpecV1_SUCCESSFUL:
return constants.OktaAssignmentStatusSuccessful
case OktaAssignmentSpecV1_FAILED:
return constants.OktaAssignmentStatusFailed
default:
return constants.OktaAssignmentStatusUnknown
}
}
func (o *PluginOktaSettings) GetCredentialsInfo() *PluginOktaCredentialsInfo {
if o == nil {
return nil
}
return o.CredentialsInfo
}
func (o *PluginOktaSettings) GetSyncSettings() *PluginOktaSyncSettings {
if o == nil {
return nil
}
return o.SyncSettings
}
func (o *PluginOktaSyncSettings) GetEnableUserSync() bool {
if o == nil {
return false
}
return o.SyncUsers
}
func (o *PluginOktaSyncSettings) GetEnableAppGroupSync() bool {
if !o.GetEnableUserSync() {
return false
}
return !o.DisableSyncAppGroups
}
func (o *PluginOktaSyncSettings) GetEnableAccessListSync() bool {
if !o.GetEnableAppGroupSync() {
return false
}
return o.SyncAccessLists
}
func (o *PluginOktaSyncSettings) GetEnableBidirectionalSync() bool {
if !o.GetEnableAppGroupSync() {
return false
}
return !o.DisableBidirectionalSync
}
func (o *PluginOktaSyncSettings) GetEnableSystemLogExport() bool {
if o == nil {
return false
}
return o.EnableSystemLogExport
}
func (o *PluginOktaSyncSettings) GetAssignDefaultRoles() bool {
if o == nil {
return false
}
return !o.DisableAssignDefaultRoles
}
type OktaUserSyncSource string
// IsUnknown returns true if user sync source is empty or explicitly set to "unknown".
func (s OktaUserSyncSource) IsUnknown() bool {
switch s {
case "", OktaUserSyncSourceUnknown:
return true
default:
return false
}
}
const (
// OktaUserSyncSourceUnknown indicates the user sync source is not set.
OktaUserSyncSourceUnknown OktaUserSyncSource = "unknown"
// OktaUserSyncSourceSamlApp indicates users are synchronized from Okta SAML app for the connector assignments.
OktaUserSyncSourceSamlApp OktaUserSyncSource = "saml_app"
// OktaUserSyncSourceSamlOrg indicates users are synchronized Okta organization (legacy).
OktaUserSyncSourceOrg OktaUserSyncSource = "org"
)
func (o *PluginOktaSyncSettings) GetUserSyncSource() OktaUserSyncSource {
if o == nil {
return OktaUserSyncSourceUnknown
}
switch v := OktaUserSyncSource(o.UserSyncSource); v {
case "":
return OktaUserSyncSourceUnknown
case OktaUserSyncSourceUnknown, OktaUserSyncSourceSamlApp, OktaUserSyncSourceOrg:
return v
default:
slog.ErrorContext(context.Background(), "Unhandled PluginOktaSyncSettings_UserSyncSource, returning OktaUserSyncSourceUnknown", "value", o.UserSyncSource)
return OktaUserSyncSourceUnknown
}
}
func (o *PluginOktaSyncSettings) SetUserSyncSource(source OktaUserSyncSource) {
if o == nil {
panic("calling (*PluginOktaSyncSettings).SetUserSyncSource on nil pointer")
}
switch source {
case OktaUserSyncSourceUnknown, OktaUserSyncSourceSamlApp, OktaUserSyncSourceOrg:
o.UserSyncSource = string(source)
default:
slog.ErrorContext(context.Background(), "Unhandled OktaUserSyncSource, not doing anything", "value", source)
}
}
/*
Copyright 2022 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"bytes"
"net/url"
"time"
"github.com/gogo/protobuf/jsonpb" //nolint:depguard // needed for backwards compatibility
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
// PluginType represents the type of the plugin
type PluginType string
// AllPluginTypes is a list of all plugins known to Teleport.
var AllPluginTypes = []PluginType{
PluginTypeServiceNow,
PluginTypeSlack,
PluginTypeOpenAI,
PluginTypeOkta,
PluginTypeJamf,
PluginTypeIntune,
PluginTypeJira,
PluginTypeOpsgenie,
PluginTypePagerDuty,
PluginTypeMattermost,
PluginTypeDiscord,
PluginTypeEntraID,
PluginTypeSCIM,
PluginTypeDatadog,
PluginTypeAWSIdentityCenter,
PluginTypeEmail,
}
const (
// PluginTypeUnknown is returned when no plugin type matches.
PluginTypeUnknown PluginType = ""
// PluginTypeServiceNow is the Servicenow access request plugin
PluginTypeServiceNow = "servicenow"
// PluginTypeSlack is the Slack access request plugin
PluginTypeSlack = "slack"
// PluginTypeOpenAI is the OpenAI plugin
PluginTypeOpenAI = "openai"
// PluginTypeOkta is the Okta plugin
PluginTypeOkta = "okta"
// PluginTypeJamf is the Jamf MDM plugin
PluginTypeJamf = "jamf"
// PluginTypeIntune is the Intune MDM plugin
PluginTypeIntune = "intune"
// PluginTypeJira is the Jira access plugin
PluginTypeJira = "jira"
// PluginTypeOpsgenie is the Opsgenie access request plugin
PluginTypeOpsgenie = "opsgenie"
// PluginTypePagerDuty is the PagerDuty access plugin
PluginTypePagerDuty = "pagerduty"
// PluginTypeMattermost is the Mattermost access plugin
PluginTypeMattermost = "mattermost"
// PluginTypeDiscord indicates the Discord access plugin
PluginTypeDiscord = "discord"
// PluginTypeGitlab indicates the Gitlab access plugin
PluginTypeGitlab = "gitlab"
// PluginTypeGithub indicates the Github access plugin
PluginTypeGithub = "github"
// PluginTypeEntraID indicates the Entra ID sync plugin
PluginTypeEntraID = "entra-id"
// PluginTypeSCIM indicates a generic SCIM integration
PluginTypeSCIM = "scim"
// PluginTypeDatadog indicates the Datadog Incident Management plugin
PluginTypeDatadog = "datadog"
// PluginTypeAWSIdentityCenter indicates AWS Identity Center plugin
PluginTypeAWSIdentityCenter = "aws-identity-center"
// PluginTypeEmail indicates an Email Access Request plugin
PluginTypeEmail = "email"
// PluginTypeMSTeams indicates a Microsoft Teams integration
PluginTypeMSTeams = "msteams"
// PluginTypeNetIQ indicates a NetIQ integration
PluginTypeNetIQ = "netiq"
)
// PluginSubkind represents the type of the plugin, e.g., access request, MDM etc.
type PluginSubkind string
const (
// PluginSubkindUnknown is returned when no plugin subkind matches.
PluginSubkindUnknown PluginSubkind = ""
// PluginSubkindMDM represents MDM plugins collectively
PluginSubkindMDM = "mdm"
// PluginSubkindAccess represents access request plugins collectively
PluginSubkindAccess = "access"
// PluginSubkindAccessGraph represents access graph plugins collectively
PluginSubkindAccessGraph = "accessgraph"
// PluginSubkindProvisioning represents plugins that create and manage
// Teleport users and/or other resources from an external source
PluginSubkindProvisioning = "provisioning"
)
// Plugin represents a plugin instance
type Plugin interface {
// ResourceWithSecrets provides common resource methods.
ResourceWithSecrets
Clone() Plugin
GetCredentials() PluginCredentials
GetStatus() PluginStatus
GetType() PluginType
SetCredentials(PluginCredentials) error
SetStatus(PluginStatus) error
GetGeneration() string
CloneWithoutSecrets() Plugin
}
// PluginCredentials are the credentials embedded in Plugin
type PluginCredentials interface {
GetOauth2AccessToken() *PluginOAuth2AccessTokenCredentials
GetIdSecret() *PluginIdSecretCredential
GetStaticCredentialsRef() *PluginStaticCredentialsRef
}
// PluginStatus is the plugin status
type PluginStatus interface {
GetCode() PluginStatusCode
GetErrorMessage() string
GetLastRawError() string
GetLastSyncTime() time.Time
GetGitlab() *PluginGitlabStatusV1
GetEntraId() *PluginEntraIDStatusV1
GetOkta() *PluginOktaStatusV1
GetAwsIc() *PluginAWSICStatusV1
GetNetIq() *PluginNetIQStatusV1
SetDetails(isPluginStatusV1_Details)
}
// NewPluginV1 creates a new PluginV1 resource.
func NewPluginV1(metadata Metadata, spec PluginSpecV1, creds *PluginCredentialsV1) *PluginV1 {
p := &PluginV1{
Metadata: metadata,
Spec: spec,
}
if creds != nil {
p.SetCredentials(creds)
}
return p
}
// CheckAndSetDefaults checks validity of all parameters and sets defaults.
func (p *PluginV1) CheckAndSetDefaults() error {
p.setStaticFields()
if err := p.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
switch settings := p.Spec.Settings.(type) {
case *PluginSpecV1_SlackAccessPlugin:
// Check settings.
if settings.SlackAccessPlugin == nil {
return trace.BadParameter("settings must be set")
}
if err := settings.SlackAccessPlugin.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if p.Credentials == nil {
// TODO: after credential exchange during creation is implemented,
// this should validate that credentials are not empty
break
}
if p.Credentials.GetOauth2AccessToken() == nil {
return trace.BadParameter("Slack access plugin can only be used with OAuth2 access token credential type")
}
if err := p.Credentials.GetOauth2AccessToken().CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
case *PluginSpecV1_Openai:
if p.Credentials == nil {
return trace.BadParameter("credentials must be set")
}
bearer := p.Credentials.GetBearerToken()
if bearer == nil {
return trace.BadParameter("openai plugin must be used with the bearer token credential type")
}
if bearer.Token == "" {
return trace.BadParameter("Token must be specified")
}
case *PluginSpecV1_Opsgenie:
if settings.Opsgenie == nil {
return trace.BadParameter("missing opsgenie settings")
}
if err := settings.Opsgenie.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
staticCreds := p.Credentials.GetStaticCredentialsRef()
if staticCreds == nil {
return trace.BadParameter("opsgenie plugin must be used with the static credentials ref type")
}
if len(staticCreds.Labels) == 0 {
return trace.BadParameter("labels must be specified")
}
case *PluginSpecV1_Mattermost:
if settings.Mattermost == nil {
return trace.BadParameter("missing Mattermost settings")
}
if err := settings.Mattermost.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
staticCreds := p.Credentials.GetStaticCredentialsRef()
if staticCreds == nil {
return trace.BadParameter("Mattermost plugin must be used with the static credentials ref type")
}
if len(staticCreds.Labels) == 0 {
return trace.BadParameter("labels must be specified")
}
case *PluginSpecV1_Jamf:
// Check Jamf settings.
if settings.Jamf == nil {
return trace.BadParameter("missing Jamf settings")
}
if err := settings.Jamf.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if p.Credentials == nil {
return trace.BadParameter("credentials must be set")
}
staticCreds := p.Credentials.GetStaticCredentialsRef()
if staticCreds == nil {
return trace.BadParameter("jamf plugin must be used with the static credentials ref type")
}
if len(staticCreds.Labels) == 0 {
return trace.BadParameter("labels must be specified")
}
case *PluginSpecV1_Intune:
if settings.Intune == nil {
return trace.BadParameter("missing Intune settings")
}
if err := settings.Intune.Validate(); err != nil {
return trace.Wrap(err)
}
if p.Credentials == nil {
return trace.BadParameter("credentials must be set")
}
staticCreds := p.Credentials.GetStaticCredentialsRef()
if staticCreds == nil {
return trace.BadParameter("Intune plugin must be used with the static credentials ref type")
}
if len(staticCreds.Labels) == 0 {
return trace.BadParameter("labels must be specified")
}
case *PluginSpecV1_Jira:
if settings.Jira == nil {
return trace.BadParameter("missing Jira settings")
}
if err := settings.Jira.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if p.Credentials == nil {
return trace.BadParameter("credentials must be set")
}
staticCreds := p.Credentials.GetStaticCredentialsRef()
if staticCreds == nil {
return trace.BadParameter("jira plugin must be used with the static credentials ref type")
}
if len(staticCreds.Labels) == 0 {
return trace.BadParameter("labels must be specified")
}
case *PluginSpecV1_Okta:
// Check settings.
if settings.Okta == nil {
return trace.BadParameter("missing Okta settings")
}
if err := settings.Okta.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if p.Credentials == nil {
return trace.BadParameter("credentials must be set")
}
staticCreds := p.Credentials.GetStaticCredentialsRef()
if staticCreds == nil {
return trace.BadParameter("okta plugin must be used with the static credentials ref type")
}
if len(staticCreds.Labels) == 0 {
return trace.BadParameter("labels must be specified")
}
case *PluginSpecV1_PagerDuty:
if settings.PagerDuty == nil {
return trace.BadParameter("missing PagerDuty settings")
}
if err := settings.PagerDuty.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
case *PluginSpecV1_Discord:
if settings.Discord == nil {
return trace.BadParameter("missing Discord settings")
}
if err := settings.Discord.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
staticCreds := p.Credentials.GetStaticCredentialsRef()
if staticCreds == nil {
return trace.BadParameter("Discord plugin must be used with the static credentials ref type")
}
case *PluginSpecV1_ServiceNow:
if settings.ServiceNow == nil {
return trace.BadParameter("missing ServiceNow settings")
}
if err := settings.ServiceNow.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
staticCreds := p.Credentials.GetStaticCredentialsRef()
if staticCreds == nil {
return trace.BadParameter("ServiceNow plugin must be used with the static credentials ref type")
}
case *PluginSpecV1_Gitlab:
if settings.Gitlab == nil {
return trace.BadParameter("missing Gitlab settings")
}
if err := settings.Gitlab.Validate(); err != nil {
return trace.Wrap(err)
}
staticCreds := p.Credentials.GetStaticCredentialsRef()
if staticCreds == nil {
return trace.BadParameter("Gitlab plugin must be used with the static credentials ref type")
}
case *PluginSpecV1_EntraId:
if settings.EntraId == nil {
return trace.BadParameter("missing Entra ID settings")
}
if err := settings.EntraId.Validate(); err != nil {
return trace.Wrap(err)
}
// backfill the credentials source if it's not set.
if settings.EntraId.SyncSettings.CredentialsSource == EntraIDCredentialsSource_ENTRAID_CREDENTIALS_SOURCE_UNKNOWN {
settings.EntraId.SyncSettings.CredentialsSource = EntraIDCredentialsSource_ENTRAID_CREDENTIALS_SOURCE_OIDC
}
case *PluginSpecV1_Scim:
if settings.Scim == nil {
return trace.BadParameter("Must be used with SCIM settings")
}
if err := settings.Scim.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
case *PluginSpecV1_Datadog:
if settings.Datadog == nil {
return trace.BadParameter("missing Datadog settings")
}
if err := settings.Datadog.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
staticCreds := p.Credentials.GetStaticCredentialsRef()
if staticCreds == nil {
return trace.BadParameter("Datadog Incident Management plugin must be used with the static credentials ref type")
}
if len(staticCreds.Labels) == 0 {
return trace.BadParameter("labels must be specified")
}
case *PluginSpecV1_AwsIc:
if settings.AwsIc == nil {
return trace.BadParameter("Must be used with AWS Identity Center settings")
}
if err := settings.AwsIc.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
case *PluginSpecV1_Email:
if settings.Email == nil {
return trace.BadParameter("missing Email settings")
}
if err := settings.Email.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
staticCreds := p.Credentials.GetStaticCredentialsRef()
if staticCreds == nil {
return trace.BadParameter("Email plugin must be used with the static credentials ref type")
}
if len(staticCreds.Labels) == 0 {
return trace.BadParameter("labels must be specified")
}
case *PluginSpecV1_NetIq:
if settings.NetIq == nil {
return trace.BadParameter("missing NetIQ settings")
}
if err := settings.NetIq.Validate(); err != nil {
return trace.Wrap(err)
}
staticCreds := p.Credentials.GetStaticCredentialsRef()
if staticCreds == nil {
return trace.BadParameter("NetIQ plugin must be used with the static credentials ref type")
}
if len(staticCreds.Labels) == 0 {
return trace.BadParameter("labels must be specified")
}
case *PluginSpecV1_Github:
if settings.Github == nil {
return trace.BadParameter("missing Github settings")
}
if err := settings.Github.Validate(); err != nil {
return trace.Wrap(err)
}
staticCreds := p.Credentials.GetStaticCredentialsRef()
if staticCreds == nil {
return trace.BadParameter("Github plugin must be used with the static credentials ref type")
}
default:
return nil
}
return nil
}
// WithoutSecrets returns the Plugin as a Resource, with secrets removed.
// If you want to have a copy of the Plugin without secrets use CloneWithoutSecrets instead.
func (p *PluginV1) WithoutSecrets() Resource {
if p.Credentials == nil {
return p
}
p2 := p.Clone().(*PluginV1)
p2.SetCredentials(nil)
return p2
}
// CloneWithoutSecrets returns a deep copy of the Plugin instance with secrets removed.
// Use this when you need a separate Plugin object without secrets,
// rather than a Resource interface value as returned by WithoutSecrets.
func (p *PluginV1) CloneWithoutSecrets() Plugin {
out := p.Clone().(*PluginV1)
out.SetCredentials(nil)
return out
}
func (p *PluginV1) setStaticFields() {
p.Kind = KindPlugin
p.Version = V1
}
// Clone returns a copy of the Plugin instance
func (p *PluginV1) Clone() Plugin {
return utils.CloneProtoMsg(p)
}
// GetVersion returns resource version
func (p *PluginV1) GetVersion() string {
return p.Version
}
// GetKind returns resource kind
func (p *PluginV1) GetKind() string {
return p.Kind
}
// GetSubKind returns resource sub kind
func (p *PluginV1) GetSubKind() string {
return p.SubKind
}
// SetSubKind sets resource subkind
func (p *PluginV1) SetSubKind(s string) {
p.SubKind = s
}
// GetRevision returns the revision
func (p *PluginV1) GetRevision() string {
return p.Metadata.GetRevision()
}
// SetRevision sets the revision
func (p *PluginV1) SetRevision(rev string) {
p.Metadata.SetRevision(rev)
}
// GetMetadata returns object metadata
func (p *PluginV1) GetMetadata() Metadata {
return p.Metadata
}
// SetMetadata sets object metadata
func (p *PluginV1) SetMetadata(meta Metadata) {
p.Metadata = meta
}
// Expiry returns expiry time for the object
func (p *PluginV1) Expiry() time.Time {
return p.Metadata.Expiry()
}
// SetExpiry sets expiry time for the object
func (p *PluginV1) SetExpiry(expires time.Time) {
p.Metadata.SetExpiry(expires)
}
// GetName returns the name of the User
func (p *PluginV1) GetName() string {
return p.Metadata.Name
}
// SetName sets the name of the User
func (p *PluginV1) SetName(e string) {
p.Metadata.Name = e
}
// GetCredentials implements Plugin
func (p *PluginV1) GetCredentials() PluginCredentials {
return p.Credentials
}
// SetCredentials implements Plugin
func (p *PluginV1) SetCredentials(creds PluginCredentials) error {
if creds == nil {
p.Credentials = nil
return nil
}
switch creds := creds.(type) {
case *PluginCredentialsV1:
p.Credentials = creds
default:
return trace.BadParameter("unsupported plugin credential type %T", creds)
}
return nil
}
// GetStatus implements Plugin
func (p *PluginV1) GetStatus() PluginStatus {
return &p.Status
}
// SetStatus implements Plugin
func (p *PluginV1) SetStatus(status PluginStatus) error {
if status == nil {
p.Status = PluginStatusV1{}
return nil
}
switch status := status.(type) {
case *PluginStatusV1:
p.Status = *status
return nil
default:
return trace.BadParameter("unsupported plugin status type %T", status)
}
}
// GetGeneration returns the plugin generation.
func (p *PluginV1) GetGeneration() string {
return p.Spec.Generation
}
// GetType implements Plugin
func (p *PluginV1) GetType() PluginType {
switch p.Spec.Settings.(type) {
case *PluginSpecV1_SlackAccessPlugin:
return PluginTypeSlack
case *PluginSpecV1_Openai:
return PluginTypeOpenAI
case *PluginSpecV1_Okta:
return PluginTypeOkta
case *PluginSpecV1_Jamf:
return PluginTypeJamf
case *PluginSpecV1_Intune:
return PluginTypeIntune
case *PluginSpecV1_Jira:
return PluginTypeJira
case *PluginSpecV1_Opsgenie:
return PluginTypeOpsgenie
case *PluginSpecV1_PagerDuty:
return PluginTypePagerDuty
case *PluginSpecV1_Mattermost:
return PluginTypeMattermost
case *PluginSpecV1_Discord:
return PluginTypeDiscord
case *PluginSpecV1_ServiceNow:
return PluginTypeServiceNow
case *PluginSpecV1_Gitlab:
return PluginTypeGitlab
case *PluginSpecV1_Github:
return PluginTypeGithub
case *PluginSpecV1_EntraId:
return PluginTypeEntraID
case *PluginSpecV1_Scim:
return PluginTypeSCIM
case *PluginSpecV1_Datadog:
return PluginTypeDatadog
case *PluginSpecV1_AwsIc:
return PluginTypeAWSIdentityCenter
case *PluginSpecV1_Email:
return PluginTypeEmail
case *PluginSpecV1_Msteams:
return PluginTypeMSTeams
case *PluginSpecV1_NetIq:
return PluginTypeNetIQ
default:
return PluginTypeUnknown
}
}
// CheckAndSetDefaults validates and set the default values
func (s *PluginSlackAccessSettings) CheckAndSetDefaults() error {
if s.FallbackChannel == "" {
return trace.BadParameter("fallback_channel must be set")
}
return nil
}
// CheckAndSetDefaults validates and set the default values.
func (s *PluginOktaSettings) CheckAndSetDefaults() error {
if s.OrgUrl == "" {
return trace.BadParameter("org_url must be set")
}
// If sync settings is not set, upgrade the legacy values to a
// to a new SyncSettings block
if s.SyncSettings == nil {
// TODO(mdwn): Remove upgrade once modifications have been made in enterprise.
s.SyncSettings = &PluginOktaSyncSettings{
SyncUsers: s.EnableUserSync,
SsoConnectorId: s.SsoConnectorId,
}
}
if s.SyncSettings.SyncUsers && s.SyncSettings.SsoConnectorId == "" {
return trace.BadParameter("sso_connector_id must be set when user sync enabled")
}
if s.SyncSettings.SyncAccessLists && len(s.SyncSettings.DefaultOwners) == 0 {
return trace.BadParameter("default owners must be set when access list import is enabled")
}
if s.SyncSettings.UserSyncSource == "" {
s.SyncSettings.UserSyncSource = string(OktaUserSyncSourceUnknown)
}
return nil
}
// CheckAndSetDefaults validates and set the default values
func (s *PluginOpsgenieAccessSettings) CheckAndSetDefaults() error {
if s.ApiEndpoint == "" {
return trace.BadParameter("opsgenie api endpoint url must be set")
}
return nil
}
// CheckAndSetDefaults validates and set the default values.
func (s *PluginJamfSettings) CheckAndSetDefaults() error {
if s.JamfSpec.ApiEndpoint == "" {
return trace.BadParameter("api endpoint must be set")
}
return nil
}
func (s *PluginJiraSettings) CheckAndSetDefaults() error {
if s.ServerUrl == "" {
return trace.BadParameter("Jira server URL must be set")
}
if s.ProjectKey == "" {
return trace.BadParameter("Jira project key must be set")
}
if s.IssueType == "" {
return trace.BadParameter("Jira issue type must be set")
}
return nil
}
// CheckAndSetDefaults validates and set the default values
func (s *PluginMattermostSettings) CheckAndSetDefaults() error {
if s.ServerUrl == "" {
return trace.BadParameter("server url is required")
}
// If one field is defined, both should be required.
if len(s.Channel) > 0 || len(s.Team) > 0 {
if len(s.Team) == 0 {
return trace.BadParameter("team is required")
}
if len(s.Channel) == 0 {
return trace.BadParameter("channel is required")
}
}
return nil
}
// CheckAndSetDefaults validates and set the default values
func (c *PluginOAuth2AuthorizationCodeCredentials) CheckAndSetDefaults() error {
if c.AuthorizationCode == "" {
return trace.BadParameter("authorization_code must be set")
}
if c.RedirectUri == "" {
return trace.BadParameter("redirect_uri must be set")
}
return nil
}
// CheckAndSetDefaults validates and set the default PagerDuty values
func (c *PluginPagerDutySettings) CheckAndSetDefaults() error {
if c.ApiEndpoint == "" {
return trace.BadParameter("api_endpoint must be set")
}
if c.UserEmail == "" {
return trace.BadParameter("user_email must be set")
}
return nil
}
func (c *PluginDiscordSettings) CheckAndSetDefaults() error {
if len(c.RoleToRecipients) == 0 {
return trace.BadParameter("role_to_recipients must be set")
}
if _, present := c.RoleToRecipients[Wildcard]; !present {
return trace.BadParameter("role_to_recipients must contain default entry `*`")
}
return nil
}
// CheckAndSetDefaults checks that the required fields for the servicenow plugin are set.
func (c *PluginServiceNowSettings) CheckAndSetDefaults() error {
if c.ApiEndpoint == "" {
return trace.BadParameter("API endpoint must be set")
}
return nil
}
// CheckAndSetDefaults validates and set the default values
func (c *PluginOAuth2AccessTokenCredentials) CheckAndSetDefaults() error {
if c.AccessToken == "" {
return trace.BadParameter("access_token must be set")
}
if c.RefreshToken == "" {
return trace.BadParameter("refresh_token must be set")
}
c.Expires = c.Expires.UTC()
return nil
}
func (c *PluginEntraIDSettings) Validate() error {
if c.SyncSettings == nil {
return trace.BadParameter("sync_settings must be set")
}
if len(c.SyncSettings.DefaultOwners) == 0 {
return trace.BadParameter("sync_settings.default_owners must be set")
}
if c.SyncSettings.SsoConnectorId == "" {
return trace.BadParameter("sync_settings.sso_connector_id must be set")
}
return nil
}
func (c *PluginSCIMSettings) CheckAndSetDefaults() error {
if c.SamlConnectorName == "" && c.ConnectorInfo == nil {
// Don't print legacy filed.
return trace.BadParameter("connector_info must be set")
}
return nil
}
func (c *PluginDatadogAccessSettings) CheckAndSetDefaults() error {
if c.ApiEndpoint == "" {
return trace.BadParameter("api_endpoint must be set")
}
if c.FallbackRecipient == "" {
return trace.BadParameter("fallback_recipient must be set")
}
return nil
}
const (
// AWSICRolesSyncModeAll indicates that the AWS Identity Center integration
// should create and maintain roles for all possible Account Assignments.
AWSICRolesSyncModeAll string = "ALL"
// AWSICRolesSyncModeNone indicates that the AWS Identity Center integration
// should *not* create any roles representing potential account Account
// Assignments.
AWSICRolesSyncModeNone string = "NONE"
)
func (c *PluginAWSICSettings) CheckAndSetDefaults() error {
// Handle legacy records that pre-date the polymorphic Credentials settings
// TODO(tcsc): remove this check in v19
if c.Credentials == nil {
// Migrate the legacy, enum-based settings to the new polymorphic
// credential block
// Promote "unknown" credential source values to OIDC for backwards
// compatibility with old plugin records
if c.CredentialsSource == AWSICCredentialsSource_AWSIC_CREDENTIALS_SOURCE_UNKNOWN {
c.CredentialsSource = AWSICCredentialsSource_AWSIC_CREDENTIALS_SOURCE_OIDC
}
switch c.CredentialsSource {
case AWSICCredentialsSource_AWSIC_CREDENTIALS_SOURCE_OIDC:
c.Credentials = &AWSICCredentials{
Source: &AWSICCredentials_Oidc{
Oidc: &AWSICCredentialSourceOIDC{IntegrationName: c.IntegrationName},
},
}
case AWSICCredentialsSource_AWSIC_CREDENTIALS_SOURCE_SYSTEM:
c.Credentials = &AWSICCredentials{
Source: &AWSICCredentials_System{
System: &AWSICCredentialSourceSystem{},
},
}
}
}
if c.Arn == "" {
return trace.BadParameter("AWS Identity Center Instance ARN must be set")
}
if c.Region == "" {
return trace.BadParameter("AWS Identity Center region must be set")
}
if c.ProvisioningSpec == nil {
return trace.BadParameter("provisioning config must be set")
}
if err := c.ProvisioningSpec.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err, "checking provisioning config")
}
switch source := c.Credentials.GetSource().(type) {
case *AWSICCredentials_Oidc:
if source.Oidc.IntegrationName == "" {
return trace.BadParameter("AWS OIDC integration name must be set")
}
}
return nil
}
// UnmarshalJSON implements [json.Unmarshaler] for the AWSICCredentialsSource,
// forcing it to use the `jsonpb` unmarshaler, which understands how to unpack
// values generated from a protobuf `oneof` directive.
func (s *AWSICCredentials) UnmarshalJSON(b []byte) error {
if err := (&jsonpb.Unmarshaler{AllowUnknownFields: true}).Unmarshal(bytes.NewReader(b), s); err != nil {
return trace.Wrap(err)
}
return nil
}
// MarshalJSON implements [json.Marshaler] for the AWSICCredentials, forcing
// it to use the `jsonpb` marshaler, which understands how to pack values
// generated from a protobuf `oneof` directive.
func (s *AWSICCredentials) MarshalJSON() ([]byte, error) {
m := jsonpb.Marshaler{}
var buf bytes.Buffer
if err := m.Marshal(&buf, s); err != nil {
return nil, trace.Wrap(err)
}
return buf.Bytes(), nil
}
func (c *AWSICProvisioningSpec) CheckAndSetDefaults() error {
if c.BaseUrl == "" {
return trace.BadParameter("base URL data must be set")
}
return nil
}
// UnmarshalJSON implements [json.Unmarshaler] for the AWSICResourceFilter, forcing
// it to use the `jsonpb` unmarshaler, which understands how to unpack values
// generated from a protobuf `oneof` directive.
func (s *AWSICResourceFilter) UnmarshalJSON(b []byte) error {
if err := (&jsonpb.Unmarshaler{AllowUnknownFields: true}).Unmarshal(bytes.NewReader(b), s); err != nil {
return trace.Wrap(err)
}
return nil
}
// MarshalJSON implements [json.Marshaler] for the AWSICResourceFilter, forcing
// it to use the `jsonpb` marshaler, which understands how to pack values
// generated from a protobuf `oneof` directive.
func (s AWSICResourceFilter) MarshalJSON() ([]byte, error) {
m := jsonpb.Marshaler{}
var buf bytes.Buffer
if err := m.Marshal(&buf, &s); err != nil {
return nil, trace.Wrap(err)
}
return buf.Bytes(), nil
}
func (c *PluginEmailSettings) CheckAndSetDefaults() error {
if c.Sender == "" {
return trace.BadParameter("sender must be set")
}
if c.FallbackRecipient == "" {
return trace.BadParameter("fallback_recipient must be set")
}
switch spec := c.GetSpec().(type) {
case *PluginEmailSettings_MailgunSpec:
if c.GetMailgunSpec() == nil {
return trace.BadParameter("missing Mailgun Spec")
}
if err := c.GetMailgunSpec().CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
case *PluginEmailSettings_SmtpSpec:
if c.GetSmtpSpec() == nil {
return trace.BadParameter("missing SMTP Spec")
}
if err := c.GetSmtpSpec().CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
default:
return trace.BadParameter("unknown email spec: %T", spec)
}
return nil
}
func (c *MailgunSpec) CheckAndSetDefaults() error {
if c.Domain == "" {
return trace.BadParameter("domain must be set")
}
return nil
}
func (c *SMTPSpec) CheckAndSetDefaults() error {
if c.Host == "" {
return trace.BadParameter("host must be set")
}
if c.Port == 0 {
return trace.BadParameter("port must be set")
}
if c.StartTlsPolicy == "" {
return trace.BadParameter("start TLS policy must be set")
}
return nil
}
// GetCode returns the status code
func (c PluginStatusV1) GetCode() PluginStatusCode {
return c.Code
}
// GetErrorMessage returns the friendly error message.
func (c PluginStatusV1) GetErrorMessage() string {
return c.ErrorMessage
}
// GetLastRawError returns the raw error message.
func (c PluginStatusV1) GetLastRawError() string {
return c.LastRawError
}
// GetLastSyncTime returns the last run of the plugin.
func (c PluginStatusV1) GetLastSyncTime() time.Time {
return c.LastSyncTime
}
func (c *PluginStatusV1) SetDetails(settings isPluginStatusV1_Details) {
c.Details = settings
}
// CheckAndSetDefaults checks that the required fields for the Gitlab plugin are set.
func (c *PluginGitlabSettings) Validate() error {
if c.ApiEndpoint == "" {
return trace.BadParameter("API endpoint must be set")
}
return nil
}
func (c *PluginNetIQSettings) Validate() error {
if c.OauthIssuerEndpoint == "" {
return trace.BadParameter("oauth_issuer endpoint must be set")
}
if _, err := url.Parse(c.OauthIssuerEndpoint); err != nil {
return trace.BadParameter("oauth_issuer endpoint must be a valid URL")
}
if c.ApiEndpoint == "" {
return trace.BadParameter("api_endpoint must be set")
}
if _, err := url.Parse(c.ApiEndpoint); err != nil {
return trace.BadParameter("api_endpoint endpoint must be a valid URL")
}
return nil
}
// Validate checks that the required fields for the Github plugin are set.
func (c *PluginGithubSettings) Validate() error {
if c.ClientId == "" {
return trace.BadParameter("client_id must be set")
}
if c.OrganizationName == "" {
return trace.BadParameter("organization_name must be set")
}
return nil
}
// Validate checks that the required fields for the Intune plugin are set.
func (c *PluginIntuneSettings) Validate() error {
if c.Tenant == "" {
return trace.BadParameter("tenant must be set")
}
if err := ValidateMSGraphEndpoints(c.LoginEndpoint, c.GraphEndpoint); err != nil {
return trace.Wrap(err)
}
return nil
}
// UnmarshalJSON implements [json.Unmarshaler] for the PluginSyncFilter, forcing
// it to use the `jsonpb` unmarshaler, which understands how to unpack values
// generated from a protobuf `oneof` directive.
func (s *PluginSyncFilter) UnmarshalJSON(b []byte) error {
if err := (&jsonpb.Unmarshaler{AllowUnknownFields: true}).Unmarshal(bytes.NewReader(b), s); err != nil {
return trace.Wrap(err)
}
return nil
}
// MarshalJSON implements [json.Marshaler] for the PluginSyncFilter, forcing
// it to use the `jsonpb` marshaler, which understands how to pack values
// generated from a protobuf `oneof` directive.
func (s PluginSyncFilter) MarshalJSON() ([]byte, error) {
m := jsonpb.Marshaler{}
var buf bytes.Buffer
if err := m.Marshal(&buf, &s); err != nil {
return nil, trace.Wrap(err)
}
return buf.Bytes(), nil
}
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"fmt"
"time"
"github.com/gravitational/trace"
)
// PluginData is used by plugins to store per-resource state. An instance of PluginData
// corresponds to a resource which may be managed by one or more plugins. Data is stored
// as a mapping of the form `plugin -> key -> val`, effectively giving each plugin its own
// key-value store. Importantly, an instance of PluginData can only be created for a resource
// which currently exist, and automatically expires shortly after the corresponding resource.
// Currently, only the AccessRequest resource is supported.
type PluginData interface {
Resource
// Entries gets all entries.
Entries() map[string]*PluginDataEntry
// Update attempts to apply an update.
Update(params PluginDataUpdateParams) error
}
// NewPluginData configures a new PluginData instance associated
// with the supplied resource name (currently, this must be the
// name of an access request).
func NewPluginData(resourceName string, resourceKind string) (PluginData, error) {
data := PluginDataV3{
SubKind: resourceKind,
Metadata: Metadata{
Name: resourceName,
},
Spec: PluginDataSpecV3{
Entries: make(map[string]*PluginDataEntry),
},
}
if err := data.CheckAndSetDefaults(); err != nil {
return nil, err
}
return &data, nil
}
// GetKind returns resource kind
func (r *PluginDataV3) GetKind() string {
return r.Kind
}
// GetSubKind returns resource subkind
func (r *PluginDataV3) GetSubKind() string {
return r.SubKind
}
// SetSubKind sets resource subkind
func (r *PluginDataV3) SetSubKind(subKind string) {
r.SubKind = subKind
}
// GetVersion gets resource version
func (r *PluginDataV3) GetVersion() string {
return r.Version
}
// GetName gets resource name
func (r *PluginDataV3) GetName() string {
return r.Metadata.Name
}
// SetName sets resource name
func (r *PluginDataV3) SetName(name string) {
r.Metadata.Name = name
}
// Expiry returns object expiry setting
func (r *PluginDataV3) Expiry() time.Time {
return r.Metadata.Expiry()
}
// SetExpiry sets expiry time for the object
func (r *PluginDataV3) SetExpiry(expiry time.Time) {
r.Metadata.SetExpiry(expiry)
}
// GetMetadata gets the resource metadata
func (r *PluginDataV3) GetMetadata() Metadata {
return r.Metadata
}
// GetRevision returns the revision
func (r *PluginDataV3) GetRevision() string {
return r.Metadata.GetRevision()
}
// SetRevision sets the revision
func (r *PluginDataV3) SetRevision(rev string) {
r.Metadata.SetRevision(rev)
}
func (r *PluginDataV3) String() string {
return fmt.Sprintf("PluginData(kind=%s,resource=%s,entries=%d)", r.GetSubKind(), r.GetName(), len(r.Spec.Entries))
}
// setStaticFields sets static resource header and metadata fields.
func (r *PluginDataV3) setStaticFields() {
r.Kind = KindPluginData
r.Version = V3
}
// CheckAndSetDefaults checks and sets default values for PluginData.
func (r *PluginDataV3) CheckAndSetDefaults() error {
r.setStaticFields()
if err := r.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if r.SubKind == "" {
return trace.BadParameter("plugin data missing subkind")
}
return nil
}
// Entries returns the PluginData entires
func (r *PluginDataV3) Entries() map[string]*PluginDataEntry {
if r.Spec.Entries == nil {
r.Spec.Entries = make(map[string]*PluginDataEntry)
}
return r.Spec.Entries
}
// Update updates the PluginData
func (r *PluginDataV3) Update(params PluginDataUpdateParams) error {
// See #3286 for a complete discussion of the design constraints at play here.
if params.Kind != r.GetSubKind() {
return trace.BadParameter("resource kind mismatch in update params")
}
if params.Resource != r.GetName() {
return trace.BadParameter("resource name mismatch in update params")
}
// If expectations were given, ensure that they are met before continuing
if params.Expect != nil {
if err := r.checkExpectations(params.Plugin, params.Expect); err != nil {
return trace.Wrap(err)
}
}
// Ensure that Entries has been initialized
if r.Spec.Entries == nil {
r.Spec.Entries = make(map[string]*PluginDataEntry, 1)
}
// Ensure that the specific Plugin has been initialized
if r.Spec.Entries[params.Plugin] == nil {
r.Spec.Entries[params.Plugin] = &PluginDataEntry{
Data: make(map[string]string, len(params.Set)),
}
}
entry := r.Spec.Entries[params.Plugin]
for key, val := range params.Set {
// Keys which are explicitly set to the empty string are
// treated as DELETE operations.
if val == "" {
delete(entry.Data, key)
continue
}
entry.Data[key] = val
}
// Its possible that this update was simply clearing all data;
// if that is the case, remove the entry.
if len(entry.Data) == 0 {
delete(r.Spec.Entries, params.Plugin)
}
return nil
}
// checkExpectations verifies that the data for `plugin` matches the expected
// state described by `expect`. This function implements the behavior of the
// `PluginDataUpdateParams.Expect` mapping.
func (r *PluginDataV3) checkExpectations(plugin string, expect map[string]string) error {
var entry *PluginDataEntry
if r.Spec.Entries != nil {
entry = r.Spec.Entries[plugin]
}
if entry == nil {
// If no entry currently exists, then the only expectation that can
// match is one which only specifies fields which shouldn't exist.
for key, val := range expect {
if val != "" {
return trace.CompareFailed("expectations not met for field %q", key)
}
}
return nil
}
for key, val := range expect {
if entry.Data[key] != val {
return trace.CompareFailed("expectations not met for field %q", key)
}
}
return nil
}
// Match returns true if the PluginData given matches the filter
func (f *PluginDataFilter) Match(data PluginData) bool {
if f.Kind != "" && f.Kind != data.GetSubKind() {
return false
}
if f.Resource != "" && f.Resource != data.GetName() {
return false
}
if f.Plugin != "" {
if _, ok := data.Entries()[f.Plugin]; !ok {
return false
}
}
return true
}
/*
Copyright 2023 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
// PluginStaticCredentials are static credentials for plugins.
type PluginStaticCredentials interface {
// ResourceWithLabels provides common resource methods.
ResourceWithLabels
// GetAPIToken will return the attached API token if possible or empty if it is not present.
GetAPIToken() (apiToken string)
// GetBasicAuth will return the attached username and password. If they are not present, both
// the username and password will be mpty.
GetBasicAuth() (username string, password string)
// GetOAuthClientID will return the attached client ID. If it is not present, the client ID
// will be empty.
GetOAuthClientID() (clientID string)
// GetOAuthClientSecret will return the attached client ID and client secret. IF they are not
// present, the client ID and client secret will be empty.
GetOAuthClientSecret() (clientID string, clientSecret string)
// GetSSHCertAuthorities will return the attached SSH CA keys.
GetSSHCertAuthorities() []*SSHKeyPair
// GetPrivateKey will return the attached private key. If it is not present, the private key will
// be empty.
GetPrivateKey() []byte
// Clone returns a copy of the credentials.
Clone() PluginStaticCredentials
}
// NewPluginStaticCredentials creates a new PluginStaticCredentialsV1 resource.
func NewPluginStaticCredentials(metadata Metadata, spec PluginStaticCredentialsSpecV1) (PluginStaticCredentials, error) {
p := &PluginStaticCredentialsV1{
ResourceHeader: ResourceHeader{
Metadata: metadata,
},
Spec: &spec,
}
if err := p.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return p, nil
}
// Clone returns a copy of the credentials.
func (p *PluginStaticCredentialsV1) Clone() PluginStaticCredentials {
return utils.CloneProtoMsg(p)
}
// CheckAndSetDefaults checks validity of all parameters and sets defaults.
func (p *PluginStaticCredentialsV1) CheckAndSetDefaults() error {
p.setStaticFields()
if err := p.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
return trace.Wrap(p.Spec.CheckAndSetDefaults())
}
func (ps *PluginStaticCredentialsSpecV1) CheckAndSetDefaults() error {
switch credentials := ps.Credentials.(type) {
case *PluginStaticCredentialsSpecV1_APIToken:
if credentials.APIToken == "" {
return trace.BadParameter("api token object is missing")
}
case *PluginStaticCredentialsSpecV1_BasicAuth:
if credentials.BasicAuth == nil {
return trace.BadParameter("basic auth object is missing")
}
if credentials.BasicAuth.Username == "" {
return trace.BadParameter("username is empty")
}
if credentials.BasicAuth.Password == "" {
return trace.BadParameter("password is empty")
}
case *PluginStaticCredentialsSpecV1_OAuthClientSecret:
if credentials.OAuthClientSecret == nil {
return trace.BadParameter("oauth client secret object is missing")
}
if credentials.OAuthClientSecret.ClientId == "" {
return trace.BadParameter("client ID is empty")
}
if credentials.OAuthClientSecret.ClientSecret == "" {
return trace.BadParameter("client secret is empty")
}
case *PluginStaticCredentialsSpecV1_SSHCertAuthorities:
if credentials.SSHCertAuthorities == nil {
return trace.BadParameter("SSH CAs are missing")
}
for _, ca := range credentials.SSHCertAuthorities.CertAuthorities {
if err := ca.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err, "invalid SSH CA")
}
}
case *PluginStaticCredentialsSpecV1_PrivateKey:
if credentials.PrivateKey == nil {
return trace.BadParameter("private key object is missing")
}
if len(credentials.PrivateKey) == 0 {
return trace.BadParameter("private key is empty")
}
default:
return trace.BadParameter("credentials are not set or have an unknown type %T", credentials)
}
return nil
}
// setStaticFields sets static fields for the object.
func (p *PluginStaticCredentialsV1) setStaticFields() {
p.Kind = KindPluginStaticCredentials
p.Version = V1
}
// GetAPIToken will return the attached API token if possible or empty if it is not present.
func (p *PluginStaticCredentialsV1) GetAPIToken() (apiToken string) {
credentials, ok := p.Spec.Credentials.(*PluginStaticCredentialsSpecV1_APIToken)
if !ok {
return ""
}
return credentials.APIToken
}
// GetBasicAuth will return the attached username and password. If they are not present, both
// the username and password will be mpty.
func (p *PluginStaticCredentialsV1) GetBasicAuth() (username string, password string) {
credentials, ok := p.Spec.Credentials.(*PluginStaticCredentialsSpecV1_BasicAuth)
if !ok {
return "", ""
}
return credentials.BasicAuth.Username, credentials.BasicAuth.Password
}
// GetOAuthClientID will return the attached client ID. If it is not present, the client ID will be
// empty.
func (p *PluginStaticCredentialsV1) GetOAuthClientID() (clientID string) {
credentials, ok := p.Spec.Credentials.(*PluginStaticCredentialsSpecV1_OAuthClientSecret)
if !ok {
return ""
}
return credentials.OAuthClientSecret.ClientId
}
// GetOAuthClientSecret will return the attached client ID and client secret. IF they are not
// present, the client ID and client secret will be empty.
func (p *PluginStaticCredentialsV1) GetOAuthClientSecret() (clientID string, clientSecret string) {
credentials, ok := p.Spec.Credentials.(*PluginStaticCredentialsSpecV1_OAuthClientSecret)
if !ok {
return "", ""
}
return credentials.OAuthClientSecret.ClientId, credentials.OAuthClientSecret.ClientSecret
}
// GetSSHCertAuthorities will return the attached SSH CA keys.
func (p *PluginStaticCredentialsV1) GetSSHCertAuthorities() []*SSHKeyPair {
credentials, ok := p.Spec.Credentials.(*PluginStaticCredentialsSpecV1_SSHCertAuthorities)
if !ok {
return nil
}
return credentials.SSHCertAuthorities.CertAuthorities
}
// GetPrivateKey will return the attached private key. If it is not present, the private key will
// be empty.
func (p *PluginStaticCredentialsV1) GetPrivateKey() []byte {
credentials, ok := p.Spec.Credentials.(*PluginStaticCredentialsSpecV1_PrivateKey)
if !ok {
return nil
}
return credentials.PrivateKey
}
// MatchSearch is a dummy value as credentials are not searchable.
func (p *PluginStaticCredentialsV1) MatchSearch(_ []string) bool {
return false
}
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/constants"
"github.com/gravitational/teleport/api/defaults"
)
// Site represents a cluster of teleport nodes who collectively trust the same
// certificate authority (CA) and have a common name.
//
// The CA is represented by an auth server (or multiple auth servers, if running
// in HA mode)
type Site struct {
Name string `json:"name"`
LastConnected time.Time `json:"lastconnected"`
Status string `json:"status"`
}
// IsEmpty returns true if keepalive is empty,
// used to indicate that keepalive is not supported
func (s *KeepAlive) IsEmpty() bool {
return s.Name == ""
}
// GetType return the type of keep alive: either application or server.
func (s *KeepAlive) GetType() string {
switch s.Type {
case KeepAlive_NODE:
return constants.KeepAliveNode
case KeepAlive_APP:
return constants.KeepAliveApp
case KeepAlive_DATABASE:
return constants.KeepAliveDatabase
case KeepAlive_WINDOWS_DESKTOP:
return constants.KeepAliveWindowsDesktopService
case KeepAlive_KUBERNETES:
return constants.KeepAliveKube
case KeepAlive_DATABASE_SERVICE:
return constants.KeepAliveDatabaseService
default:
return constants.KeepAliveNode
}
}
// CheckAndSetDefaults validates this KeepAlive value and sets default values
func (s *KeepAlive) CheckAndSetDefaults() error {
if s.IsEmpty() {
return trace.BadParameter("missing resource name")
}
if s.Namespace == "" {
s.Namespace = defaults.Namespace
}
if err := ValidateNamespaceDefault(s.Namespace); err != nil {
return trace.Wrap(err)
}
return nil
}
// KeepAliver keeps object alive
type KeepAliver interface {
// KeepAlives allows to receive keep alives
KeepAlives() chan<- KeepAlive
// Done returns the channel signaling the closure
Done() <-chan struct{}
// Close closes the watcher and releases
// all associated resources
Close() error
// Error returns error associated with keep aliver if any
Error() error
}
/*
Copyright 2020-2022 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"crypto/x509"
"encoding/pem"
"fmt"
"net/url"
"slices"
"strings"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/defaults"
"github.com/gravitational/teleport/api/utils"
)
// JoinMethod is the method used for new nodes to join the cluster.
type JoinMethod string
const (
JoinMethodUnspecified JoinMethod = ""
// JoinMethodToken is the default join method, nodes join the cluster by
// presenting a secret token.
JoinMethodToken JoinMethod = "token"
// JoinMethodEC2 indicates that the node will join with the EC2 join method.
JoinMethodEC2 JoinMethod = "ec2"
// JoinMethodIAM indicates that the node will join with the IAM join method.
JoinMethodIAM JoinMethod = "iam"
// JoinMethodGitHub indicates that the node will join with the GitHub join
// method. Documentation regarding the implementation of this can be found
// in lib/githubactions
JoinMethodGitHub JoinMethod = "github"
// JoinMethodCircleCI indicates that the node will join with the CircleCI\
// join method. Documentation regarding the implementation of this can be
// found in lib/circleci
JoinMethodCircleCI JoinMethod = "circleci"
// JoinMethodKubernetes indicates that the node will join with the
// Kubernetes join method. Documentation regarding implementation can be
// found in lib/kubernetestoken
JoinMethodKubernetes JoinMethod = "kubernetes"
// JoinMethodAzure indicates that the node will join with the Azure join
// method.
JoinMethodAzure JoinMethod = "azure"
// JoinMethodGitLab indicates that the node will join with the GitLab
// join method. Documentation regarding implementation of this
// can be found in lib/gitlab
JoinMethodGitLab JoinMethod = "gitlab"
// JoinMethodGCP indicates that the node will join with the GCP join method.
// Documentation regarding implementation of this can be found in lib/gcp.
JoinMethodGCP JoinMethod = "gcp"
// JoinMethodSpacelift indicates the node will join with the SpaceLift join
// method. Documentation regarding implementation of this can be found in
// lib/spacelift.
JoinMethodSpacelift JoinMethod = "spacelift"
// JoinMethodTPM indicates that the node will join with the TPM join method.
// The core implementation of this join method can be found in lib/tpm.
JoinMethodTPM JoinMethod = "tpm"
// JoinMethodTerraformCloud indicates that the node will join using the Terraform
// join method. See lib/terraformcloud for more.
JoinMethodTerraformCloud JoinMethod = "terraform_cloud"
// JoinMethodBitbucket indicates that the node will join using the Bitbucket
// join method. See lib/bitbucket for more.
JoinMethodBitbucket JoinMethod = "bitbucket"
// JoinMethodOracle indicates that the node will join using the Oracle join
// method.
JoinMethodOracle JoinMethod = "oracle"
// JoinMethodAzureDevops indicates that the node will join using the Azure
// Devops join method.
JoinMethodAzureDevops JoinMethod = "azure_devops"
// JoinMethodBoundKeypair indicates the node will join using the Bound
// Keypair join method. See lib/boundkeypair for more.
JoinMethodBoundKeypair JoinMethod = "bound_keypair"
// JoinMethodEnv0 indicates the node will join using the env0 join method.
JoinMethodEnv0 JoinMethod = "env0"
)
var JoinMethods = []JoinMethod{
JoinMethodAzure,
JoinMethodAzureDevops,
JoinMethodBitbucket,
JoinMethodCircleCI,
JoinMethodEC2,
JoinMethodGCP,
JoinMethodGitHub,
JoinMethodGitLab,
JoinMethodIAM,
JoinMethodKubernetes,
JoinMethodSpacelift,
JoinMethodToken,
JoinMethodTPM,
JoinMethodTerraformCloud,
JoinMethodOracle,
JoinMethodBoundKeypair,
JoinMethodEnv0,
}
func ValidateJoinMethod(method JoinMethod) error {
hasJoinMethod := slices.Contains(JoinMethods, method)
if !hasJoinMethod {
return trace.BadParameter("join method must be one of %s", utils.JoinStrings(JoinMethods, ", "))
}
return nil
}
type KubernetesJoinType string
var (
KubernetesJoinTypeUnspecified KubernetesJoinType = ""
KubernetesJoinTypeInCluster KubernetesJoinType = "in_cluster"
KubernetesJoinTypeStaticJWKS KubernetesJoinType = "static_jwks"
KubernetesJoinTypeOIDC KubernetesJoinType = "oidc"
)
// ProvisionToken is a provisioning token
type ProvisionToken interface {
ResourceWithOrigin
// SetMetadata sets resource metatada
SetMetadata(meta Metadata)
// GetRoles returns a list of teleport roles
// that will be granted to the user of the token
// in the crendentials
GetRoles() SystemRoles
// SetRoles sets teleport roles
SetRoles(SystemRoles)
// SetLabels sets the tokens labels
SetLabels(map[string]string)
// GetAllowRules returns the list of allow rules
GetAllowRules() []*TokenRule
// SetAllowRules sets the allow rules
SetAllowRules([]*TokenRule)
// GetGCPRules will return the GCP rules within this token.
GetGCPRules() *ProvisionTokenSpecV2GCP
// GetGithubRules will return the GitHub rules within this token.
GetGithubRules() *ProvisionTokenSpecV2GitHub
// GetGitlabRules will return the GitLab rules within this token.
GetGitlabRules() *ProvisionTokenSpecV2GitLab
// GetAWSIIDTTL returns the TTL of EC2 IIDs
GetAWSIIDTTL() Duration
// GetJoinMethod returns joining method that must be used with this token.
GetJoinMethod() JoinMethod
// GetBotName returns the BotName field which must be set for joining bots.
GetBotName() string
// IsStatic returns true if the token is statically configured
IsStatic() bool
// GetSuggestedLabels returns the set of labels that the resource should add when adding itself to the cluster
GetSuggestedLabels() Labels
// GetSuggestedAgentMatcherLabels returns the set of labels that should be watched when an agent/service uses this token.
// An example of this is the Database Agent.
// When using the install-database.sh script, the script will add those labels as part of the `teleport.yaml` configuration.
// They are added to `db_service.resources.0.labels`.
GetSuggestedAgentMatcherLabels() Labels
// V1 returns V1 version of the resource
V1() *ProvisionTokenV1
// String returns user friendly representation of the resource
String() string
// GetSafeName returns the name of the token, sanitized appropriately for
// join methods where the name is secret. This should be used when logging
// the token name.
GetSafeName() string
// GetAssignedScope always returns an empty string because a [ProvisionToken] is always
// unscoped
GetAssignedScope() string
// GetSecret returns the token's secret value and a bool representing whether
// or not the token had a secret..
GetSecret() (string, bool)
// Clone creates a copy of the token.
Clone() ProvisionToken
}
// NewProvisionToken returns a new provision token with the given roles.
func NewProvisionToken(token string, roles SystemRoles, expires time.Time) (ProvisionToken, error) {
return NewProvisionTokenFromSpec(token, expires, ProvisionTokenSpecV2{
Roles: roles,
})
}
// NewProvisionTokenFromSpec returns a new provision token with the given spec.
func NewProvisionTokenFromSpec(token string, expires time.Time, spec ProvisionTokenSpecV2) (ProvisionToken, error) {
t := &ProvisionTokenV2{
Metadata: Metadata{
Name: token,
Expires: &expires,
},
Spec: spec,
}
if err := t.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return t, nil
}
// NewProvisionTokenFromSpecAndStatus returns a new provision token with the given spec.
func NewProvisionTokenFromSpecAndStatus(
token string, expires time.Time,
spec ProvisionTokenSpecV2,
status *ProvisionTokenStatusV2,
) (ProvisionToken, error) {
t := &ProvisionTokenV2{
Metadata: Metadata{
Name: token,
Expires: &expires,
},
Spec: spec,
Status: status,
}
if err := t.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return t, nil
}
// MustCreateProvisionToken returns a new valid provision token
// or panics, used in tests
func MustCreateProvisionToken(token string, roles SystemRoles, expires time.Time) ProvisionToken {
t, err := NewProvisionToken(token, roles, expires)
if err != nil {
panic(err)
}
return t
}
func (p *ProvisionTokenV2) Clone() ProvisionToken {
return utils.CloneProtoMsg(p)
}
// setStaticFields sets static resource header and metadata fields.
func (p *ProvisionTokenV2) setStaticFields() {
p.Kind = KindToken
p.Version = V2
}
// CheckAndSetDefaults checks and set default values for any missing fields.
func (p *ProvisionTokenV2) CheckAndSetDefaults() error {
p.setStaticFields()
if err := p.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if len(p.Spec.Roles) == 0 {
return trace.BadParameter("provisioning token is missing roles")
}
roles, err := NewTeleportRoles(SystemRoles(p.Spec.Roles).StringSlice())
if err != nil {
return trace.Wrap(err)
}
p.Spec.Roles = roles
if roles.Include(RoleBot) && p.Spec.BotName == "" {
return trace.BadParameter("token with role %q must set bot_name", RoleBot)
}
if p.Spec.BotName != "" && !roles.Include(RoleBot) {
return trace.BadParameter("can only set bot_name on token with role %q", RoleBot)
}
hasAllowRules := len(p.Spec.Allow) > 0
if p.Spec.JoinMethod == JoinMethodUnspecified {
// Default to the ec2 join method if any allow rules were specified,
// else default to the token method. These defaults are necessary for
// backwards compatibility.
if hasAllowRules {
p.Spec.JoinMethod = JoinMethodEC2
} else {
p.Spec.JoinMethod = JoinMethodToken
}
}
switch p.Spec.JoinMethod {
case JoinMethodToken:
if hasAllowRules {
return trace.BadParameter("allow rules are not compatible with the %q join method", JoinMethodToken)
}
case JoinMethodEC2:
if !hasAllowRules {
return trace.BadParameter("the %q join method requires defined token allow rules", JoinMethodEC2)
}
for _, allowRule := range p.Spec.Allow {
if allowRule.AWSARN != "" {
return trace.BadParameter(`the %q join method does not support the "aws_arn" parameter`, JoinMethodEC2)
}
if allowRule.AWSOrganizationID != "" {
return trace.BadParameter(`the %q join method does not support the "aws_organization_id" parameter`, JoinMethodEC2)
}
if allowRule.AWSAccount == "" && allowRule.AWSRole == "" {
return trace.BadParameter(`allow rule for %q join method must set "aws_account" or "aws_role"`, JoinMethodEC2)
}
}
if p.Spec.AWSIIDTTL == 0 {
// default to 5 minute ttl if unspecified
p.Spec.AWSIIDTTL = Duration(5 * time.Minute)
}
case JoinMethodIAM:
if !hasAllowRules {
return trace.BadParameter("the %q join method requires defined token allow rules", JoinMethodIAM)
}
for _, allowRule := range p.Spec.Allow {
if allowRule.AWSRole != "" {
return trace.BadParameter(`the %q join method does not support the "aws_role" parameter`, JoinMethodIAM)
}
if len(allowRule.AWSRegions) != 0 {
return trace.BadParameter(`the %q join method does not support the "aws_regions" parameter`, JoinMethodIAM)
}
if allowRule.AWSAccount == "" && allowRule.AWSARN == "" && allowRule.AWSOrganizationID == "" {
return trace.BadParameter(`allow rule for %q join method must set "aws_account", "aws_arn", or "aws_organization"`, JoinMethodIAM)
}
}
case JoinMethodGitHub:
providerCfg := p.Spec.GitHub
if providerCfg == nil {
return trace.BadParameter(
`"github" configuration must be provided for join method %q`,
JoinMethodGitHub,
)
}
if err := providerCfg.checkAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
case JoinMethodCircleCI:
providerCfg := p.Spec.CircleCI
if providerCfg == nil {
return trace.BadParameter(
`"cirleci" configuration must be provided for join method %q`,
JoinMethodCircleCI,
)
}
if err := providerCfg.checkAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
case JoinMethodKubernetes:
providerCfg := p.Spec.Kubernetes
if providerCfg == nil {
return trace.BadParameter(
`"kubernetes" configuration must be provided for the join method %q`,
JoinMethodKubernetes,
)
}
if err := providerCfg.checkAndSetDefaults(); err != nil {
return trace.Wrap(err, "spec.kubernetes:")
}
case JoinMethodAzure:
providerCfg := p.Spec.Azure
if providerCfg == nil {
return trace.BadParameter(
`"azure" configuration must be provided for the join method %q`,
JoinMethodAzure,
)
}
if err := providerCfg.checkAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
case JoinMethodGitLab:
providerCfg := p.Spec.GitLab
if providerCfg == nil {
return trace.BadParameter(
`"gitlab" configuration must be provided for the join method %q`,
JoinMethodGitLab,
)
}
if err := providerCfg.checkAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
case JoinMethodGCP:
providerCfg := p.Spec.GCP
if providerCfg == nil {
return trace.BadParameter(
`"gcp" configuration must be provided for the join method %q`,
JoinMethodGCP,
)
}
if err := providerCfg.checkAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
case JoinMethodSpacelift:
providerCfg := p.Spec.Spacelift
if providerCfg == nil {
return trace.BadParameter(
`spec.spacelift: must be configured for the join method %q`,
JoinMethodSpacelift,
)
}
if err := providerCfg.checkAndSetDefaults(); err != nil {
return trace.Wrap(err, "spec.spacelift: failed validation")
}
case JoinMethodTPM:
providerCfg := p.Spec.TPM
if providerCfg == nil {
return trace.BadParameter(
`spec.tpm: must be configured for the join method %q`,
JoinMethodTPM,
)
}
if err := providerCfg.validate(); err != nil {
return trace.Wrap(err, "spec.tpm: failed validation")
}
case JoinMethodTerraformCloud:
providerCfg := p.Spec.TerraformCloud
if providerCfg == nil {
return trace.BadParameter(
"spec.terraform_cloud: must be configured for the join method %q",
JoinMethodTerraformCloud,
)
}
if err := providerCfg.checkAndSetDefaults(); err != nil {
return trace.Wrap(err, "spec.terraform_cloud: failed validation")
}
case JoinMethodBitbucket:
providerCfg := p.Spec.Bitbucket
if providerCfg == nil {
return trace.BadParameter(
"spec.bitbucket: must be configured for the join method %q",
JoinMethodBitbucket,
)
}
if err := providerCfg.checkAndSetDefaults(); err != nil {
return trace.Wrap(err, "spec.bitbucket: failed validation")
}
case JoinMethodOracle:
providerCfg := p.Spec.Oracle
if providerCfg == nil {
return trace.BadParameter(
"spec.oracle: must be configured for the join method %q",
JoinMethodOracle,
)
}
if err := providerCfg.checkAndSetDefaults(); err != nil {
return trace.Wrap(err, "spec.oracle: failed validation")
}
case JoinMethodAzureDevops:
providerCfg := p.Spec.AzureDevops
if providerCfg == nil {
return trace.BadParameter(
"spec.azure_devops: must be configured for the join method %q",
JoinMethodAzureDevops,
)
}
if err := providerCfg.checkAndSetDefaults(); err != nil {
return trace.Wrap(err, "spec.azure_devops: failed validation")
}
case JoinMethodBoundKeypair:
if p.Spec.BoundKeypair == nil {
p.Spec.BoundKeypair = &ProvisionTokenSpecV2BoundKeypair{}
}
if err := p.Spec.BoundKeypair.checkAndSetDefaults(); err != nil {
return trace.Wrap(err, "spec.bound_keypair: failed validation")
}
case JoinMethodEnv0:
if p.Spec.Env0 == nil {
p.Spec.Env0 = &ProvisionTokenSpecV2Env0{}
}
if err := p.Spec.Env0.checkAndSetDefaults(); err != nil {
return trace.Wrap(err, "spec.env0: failed validation")
}
default:
return trace.BadParameter("unknown join method %q", p.Spec.JoinMethod)
}
return nil
}
// GetVersion returns resource version
func (p *ProvisionTokenV2) GetVersion() string {
return p.Version
}
// GetRoles returns a list of teleport roles
// that will be granted to the user of the token
// in the crendentials
func (p *ProvisionTokenV2) GetRoles() SystemRoles {
// Ensure that roles are case-insensitive.
return normalizedSystemRoles(SystemRoles(p.Spec.Roles).StringSlice())
}
// SetRoles sets teleport roles
func (p *ProvisionTokenV2) SetRoles(r SystemRoles) {
p.Spec.Roles = r
}
func (p *ProvisionTokenV2) SetLabels(l map[string]string) {
p.Metadata.Labels = l
}
// GetAllowRules returns the list of allow rules
func (p *ProvisionTokenV2) GetAllowRules() []*TokenRule {
return p.Spec.Allow
}
// SetAllowRules sets the allow rules.
func (p *ProvisionTokenV2) SetAllowRules(rules []*TokenRule) {
p.Spec.Allow = rules
}
// GetGCPRules will return the GCP rules within this token.
func (p *ProvisionTokenV2) GetGCPRules() *ProvisionTokenSpecV2GCP {
return p.Spec.GCP
}
// GetGithubRules will return the GitHub rules within this token.
func (p *ProvisionTokenV2) GetGithubRules() *ProvisionTokenSpecV2GitHub {
return p.Spec.GitHub
}
// GetGitlabRules will return the GitLab rules within this token.
func (p *ProvisionTokenV2) GetGitlabRules() *ProvisionTokenSpecV2GitLab {
return p.Spec.GitLab
}
// GetAWSIIDTTL returns the TTL of EC2 IIDs
func (p *ProvisionTokenV2) GetAWSIIDTTL() Duration {
return p.Spec.AWSIIDTTL
}
// GetJoinMethod returns joining method that must be used with this token.
func (p *ProvisionTokenV2) GetJoinMethod() JoinMethod {
return p.Spec.JoinMethod
}
// IsStatic returns true if the token is statically configured
func (p *ProvisionTokenV2) IsStatic() bool {
return p.Origin() == OriginConfigFile
}
// GetBotName returns the BotName field which must be set for joining bots.
func (p *ProvisionTokenV2) GetBotName() string {
return p.Spec.BotName
}
// GetKind returns resource kind
func (p *ProvisionTokenV2) GetKind() string {
return p.Kind
}
// GetSubKind returns resource sub kind
func (p *ProvisionTokenV2) GetSubKind() string {
return p.SubKind
}
// SetSubKind sets resource subkind
func (p *ProvisionTokenV2) SetSubKind(s string) {
p.SubKind = s
}
// GetRevision returns the revision
func (p *ProvisionTokenV2) GetRevision() string {
return p.Metadata.GetRevision()
}
// SetRevision sets the revision
func (p *ProvisionTokenV2) SetRevision(rev string) {
p.Metadata.SetRevision(rev)
}
// GetMetadata returns metadata
func (p *ProvisionTokenV2) GetMetadata() Metadata {
return p.Metadata
}
// SetMetadata sets resource metatada
func (p *ProvisionTokenV2) SetMetadata(meta Metadata) {
p.Metadata = meta
}
// Origin returns the origin value of the resource.
func (p *ProvisionTokenV2) Origin() string {
return p.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (p *ProvisionTokenV2) SetOrigin(origin string) {
p.Metadata.SetOrigin(origin)
}
// GetSuggestedLabels returns the labels the resource should set when using this token
func (p *ProvisionTokenV2) GetSuggestedLabels() Labels {
return p.Spec.SuggestedLabels
}
// GetAgentMatcherLabels returns the set of labels that should be watched when an agent/service uses this token.
// An example of this is the Database Agent.
// When using the install-database.sh script, the script will add those labels as part of the `teleport.yaml` configuration.
// They are added to `db_service.resources.0.labels`.
func (p *ProvisionTokenV2) GetSuggestedAgentMatcherLabels() Labels {
return p.Spec.SuggestedAgentMatcherLabels
}
// V1 returns V1 version of the resource
func (p *ProvisionTokenV2) V1() *ProvisionTokenV1 {
return &ProvisionTokenV1{
Roles: p.Spec.Roles,
Expires: p.Metadata.Expiry(),
Token: p.Metadata.Name,
}
}
// V2 returns V2 version of the resource
func (p *ProvisionTokenV2) V2() *ProvisionTokenV2 {
return p
}
// SetExpiry sets expiry time for the object
func (p *ProvisionTokenV2) SetExpiry(expires time.Time) {
p.Metadata.SetExpiry(expires)
}
// Expiry returns object expiry setting
func (p *ProvisionTokenV2) Expiry() time.Time {
return p.Metadata.Expiry()
}
// GetName returns the name of the provision token. This value can be secret!
// Use GetSafeName where the name may be logged.
func (p *ProvisionTokenV2) GetName() string {
return p.Metadata.Name
}
// SetName sets the name of the provision token.
func (p *ProvisionTokenV2) SetName(e string) {
p.Metadata.Name = e
}
// GetSafeName returns the name of the token, sanitized appropriately for
// join methods where the name is secret. This should be used when logging
// the token name.
func (p *ProvisionTokenV2) GetSafeName() string {
name := p.GetName()
if p.GetJoinMethod() != JoinMethodToken {
return name
}
// If the token name is short, we just blank the whole thing.
if len(name) < 16 {
return strings.Repeat("*", len(name))
}
// If the token name is longer, we can show the last 25% of it to help
// the operator identify it.
hiddenBefore := int(0.75 * float64(len(name)))
name = name[hiddenBefore:]
name = strings.Repeat("*", hiddenBefore) + name
return name
}
// GetAssignedScope always returns an empty string because a [ProvisionTokenV2] is always
// unscoped
func (p *ProvisionTokenV2) GetAssignedScope() string {
return ""
}
// GetSecret always returns an empty string and false because a [ProvisionTokenV2] does not have a
// dedicated secret value. The name itself is the secret for the "token" join method.
func (p *ProvisionTokenV2) GetSecret() (string, bool) {
return "", false
}
// String returns the human readable representation of a provisioning token.
func (p ProvisionTokenV2) String() string {
expires := "never"
if !p.Expiry().IsZero() {
expires = p.Expiry().String()
}
return fmt.Sprintf("ProvisionToken(Roles=%v, Expires=%v)", p.Spec.Roles, expires)
}
// ProvisionTokensToV1 converts provision tokens to V1 list
func ProvisionTokensToV1(in []ProvisionToken) []ProvisionTokenV1 {
if in == nil {
return nil
}
out := make([]ProvisionTokenV1, len(in))
for i := range in {
out[i] = *in[i].V1()
}
return out
}
// ProvisionTokensFromStatic converts static tokens to resource list
func ProvisionTokensFromStatic(in []ProvisionTokenV1) []ProvisionToken {
if in == nil {
return nil
}
out := make([]ProvisionToken, len(in))
for i := range in {
tok := in[i].V2()
tok.SetOrigin(OriginConfigFile)
out[i] = tok
}
return out
}
// V1 returns V1 version of the resource
func (p *ProvisionTokenV1) V1() *ProvisionTokenV1 {
return p
}
// V2 returns V2 version of the resource
func (p *ProvisionTokenV1) V2() *ProvisionTokenV2 {
t := &ProvisionTokenV2{
Kind: KindToken,
Version: V2,
Metadata: Metadata{
Name: p.Token,
Namespace: defaults.Namespace,
},
Spec: ProvisionTokenSpecV2{
Roles: p.Roles,
},
}
if !p.Expires.IsZero() {
t.SetExpiry(p.Expires)
}
t.CheckAndSetDefaults()
return t
}
// String returns the human readable representation of a provisioning token.
func (p ProvisionTokenV1) String() string {
expires := "never"
if p.Expires.Unix() != 0 {
expires = p.Expires.String()
}
return fmt.Sprintf("ProvisionToken(Roles=%v, Expires=%v)",
p.Roles, expires)
}
func (a *ProvisionTokenSpecV2GitHub) checkAndSetDefaults() error {
if len(a.Allow) == 0 {
return trace.BadParameter("the %q join method requires at least one token allow rule", JoinMethodGitHub)
}
for _, rule := range a.Allow {
repoSet := rule.Repository != ""
ownerSet := rule.RepositoryOwner != ""
subSet := rule.Sub != ""
if !subSet && !ownerSet && !repoSet {
return trace.BadParameter(
`allow rule for %q must include at least one of "repository", "repository_owner" or "sub"`,
JoinMethodGitHub,
)
}
}
if strings.Contains(a.EnterpriseServerHost, "/") {
return trace.BadParameter("'spec.github.enterprise_server_host' should not contain the scheme or path")
}
if a.EnterpriseServerHost != "" && a.EnterpriseSlug != "" {
return trace.BadParameter("'spec.github.enterprise_server_host' and `spec.github.enterprise_slug` cannot both be set")
}
return nil
}
func (a *ProvisionTokenSpecV2CircleCI) checkAndSetDefaults() error {
if len(a.Allow) == 0 {
return trace.BadParameter("the %q join method requires at least one token allow rule", JoinMethodCircleCI)
}
if a.OrganizationID == "" {
return trace.BadParameter("the %q join method requires 'organization_id' to be set", JoinMethodCircleCI)
}
for _, rule := range a.Allow {
projectSet := rule.ProjectID != ""
contextSet := rule.ContextID != ""
if !projectSet && !contextSet {
return trace.BadParameter(
`allow rule for %q must include at least "project_id" or "context_id"`,
JoinMethodCircleCI,
)
}
}
return nil
}
func (a *ProvisionTokenSpecV2Kubernetes) checkAndSetDefaults() error {
if len(a.Allow) == 0 {
return trace.BadParameter("allow: at least one rule must be set")
}
for i, allowRule := range a.Allow {
if allowRule.ServiceAccount == "" {
return trace.BadParameter(
"allow[%d].service_account: name of service account must be set",
i,
)
}
if len(strings.Split(allowRule.ServiceAccount, ":")) != 2 {
return trace.BadParameter(
`allow[%d].service_account: name of service account should be in format "namespace:service_account", got %q instead`,
i,
allowRule.ServiceAccount,
)
}
}
if a.Type == KubernetesJoinTypeUnspecified {
// For compatibility with older resources which did not have a Type
// field we default to "in_cluster".
a.Type = KubernetesJoinTypeInCluster
}
switch a.Type {
case KubernetesJoinTypeInCluster:
if a.StaticJWKS != nil {
return trace.BadParameter("static_jwks: must not be set when type is %q", KubernetesJoinTypeInCluster)
}
case KubernetesJoinTypeStaticJWKS:
if a.StaticJWKS == nil {
return trace.BadParameter("static_jwks: must be set when type is %q", KubernetesJoinTypeStaticJWKS)
}
if a.StaticJWKS.JWKS == "" {
return trace.BadParameter("static_jwks.jwks: must be set when type is %q", KubernetesJoinTypeStaticJWKS)
}
case KubernetesJoinTypeOIDC:
if a.OIDC == nil {
return trace.BadParameter("oidc: must be set when types is %q", KubernetesJoinTypeOIDC)
}
if a.OIDC.Issuer == "" {
return trace.BadParameter("oidc.issuer: must be set when type is %q", KubernetesJoinTypeOIDC)
}
parsed, err := url.Parse(a.OIDC.Issuer)
if err != nil {
return trace.BadParameter("oidc.issuer: must be a valid URL")
}
if parsed.Scheme == "http" {
if !a.OIDC.InsecureAllowHTTPIssuer {
return trace.BadParameter("oidc.issuer: must be https:// unless insecure_allow_http_issuer is set")
}
} else if parsed.Scheme != "https" {
return trace.BadParameter("oidc.issuer: invalid URL scheme, must be https://")
}
default:
return trace.BadParameter(
"type: must be one of (%s), got %q",
utils.JoinStrings([]string{
string(KubernetesJoinTypeInCluster),
string(KubernetesJoinTypeStaticJWKS),
string(KubernetesJoinTypeOIDC),
}, ", "),
a.Type,
)
}
return nil
}
func (a *ProvisionTokenSpecV2Azure) checkAndSetDefaults() error {
if len(a.Allow) == 0 {
return trace.BadParameter(
"the %q join method requires defined azure allow rules",
JoinMethodAzure,
)
}
for _, allowRule := range a.Allow {
if allowRule.Subscription == "" {
return trace.BadParameter(
"the %q join method requires azure allow rules with non-empty subscription",
JoinMethodAzure,
)
}
}
return nil
}
const defaultGitLabDomain = "gitlab.com"
func (a *ProvisionTokenSpecV2GitLab) checkAndSetDefaults() error {
if len(a.Allow) == 0 {
return trace.BadParameter(
"the %q join method requires defined gitlab allow rules",
JoinMethodGitLab,
)
}
for _, allowRule := range a.Allow {
if allowRule.Sub == "" && allowRule.NamespacePath == "" && allowRule.ProjectPath == "" && allowRule.CIConfigRefURI == "" {
return trace.BadParameter(
"the %q join method requires allow rules with at least one of ['sub', 'project_path', 'namespace_path', 'ci_config_ref_uri'] to ensure security.",
JoinMethodGitLab,
)
}
}
if a.Domain == "" {
a.Domain = defaultGitLabDomain
} else {
if strings.Contains(a.Domain, "/") {
return trace.BadParameter(
"'spec.gitlab.domain' should not contain the scheme or path",
)
}
}
return nil
}
func (a *ProvisionTokenSpecV2GCP) checkAndSetDefaults() error {
if len(a.Allow) == 0 {
return trace.BadParameter("the %q join method requires at least one token allow rule", JoinMethodGCP)
}
for _, allowRule := range a.Allow {
if len(allowRule.ProjectIDs) == 0 {
return trace.BadParameter(
"the %q join method requires gcp allow rules with at least one project ID",
JoinMethodGCP,
)
}
}
return nil
}
func (a *ProvisionTokenSpecV2Spacelift) checkAndSetDefaults() error {
if a.Hostname == "" {
return trace.BadParameter(
"hostname: should be set to the hostname of the spacelift tenant",
)
}
if strings.Contains(a.Hostname, "/") {
return trace.BadParameter(
"hostname: should not contain the scheme or path",
)
}
if len(a.Allow) == 0 {
return trace.BadParameter("allow: at least one rule must be set")
}
for i, allowRule := range a.Allow {
if allowRule.SpaceID == "" && allowRule.CallerID == "" {
return trace.BadParameter(
"allow[%d]: at least one of ['space_id', 'caller_id'] must be set",
i,
)
}
}
return nil
}
func (a *ProvisionTokenSpecV2TPM) validate() error {
for i, caData := range a.EKCertAllowedCAs {
p, _ := pem.Decode([]byte(caData))
if p == nil {
return trace.BadParameter(
"ekcert_allowed_cas[%d]: no pem block found",
i,
)
}
if p.Type != "CERTIFICATE" {
return trace.BadParameter(
"ekcert_allowed_cas[%d]: pem block is not 'CERTIFICATE' type",
i,
)
}
if _, err := x509.ParseCertificate(p.Bytes); err != nil {
return trace.Wrap(
err,
"ekcert_allowed_cas[%d]: parsing certificate",
i,
)
}
}
if len(a.Allow) == 0 {
return trace.BadParameter(
"allow: at least one rule must be set",
)
}
for i, allowRule := range a.Allow {
if len(allowRule.EKPublicHash) == 0 && len(allowRule.EKCertificateSerial) == 0 {
return trace.BadParameter(
"allow[%d]: at least one of ['ek_public_hash', 'ek_certificate_serial'] must be set",
i,
)
}
}
return nil
}
func (a *ProvisionTokenSpecV2TerraformCloud) checkAndSetDefaults() error {
if len(a.Allow) == 0 {
return trace.BadParameter("the %q join method requires at least one token allow rule", JoinMethodTerraformCloud)
}
// Note: an empty audience will fall back to the cluster name.
for i, allowRule := range a.Allow {
orgSet := allowRule.OrganizationID != "" || allowRule.OrganizationName != ""
projectSet := allowRule.ProjectID != "" || allowRule.ProjectName != ""
workspaceSet := allowRule.WorkspaceID != "" || allowRule.WorkspaceName != ""
if !orgSet {
return trace.BadParameter(
"allow[%d]: one of ['organization_id', 'organization_name'] must be set",
i,
)
}
if !projectSet && !workspaceSet {
return trace.BadParameter(
"allow[%d]: at least one of ['project_id', 'project_name', 'workspace_id', 'workspace_name'] must be set",
i,
)
}
}
return nil
}
func (a *ProvisionTokenSpecV2Bitbucket) checkAndSetDefaults() error {
if len(a.Allow) == 0 {
return trace.BadParameter("the %q join method requires at least one token allow rule", JoinMethodBitbucket)
}
if a.Audience == "" {
return trace.BadParameter("audience: an OpenID Connect Audience value is required")
}
if a.IdentityProviderURL == "" {
return trace.BadParameter("identity_provider_url: an identity provider URL is required")
}
for i, rule := range a.Allow {
workspaceSet := rule.WorkspaceUUID != ""
repositorySet := rule.RepositoryUUID != ""
if !workspaceSet && !repositorySet {
return trace.BadParameter(
"allow[%d]: at least one of ['workspace_uuid', 'repository_uuid'] must be set",
i,
)
}
}
return nil
}
// checkAndSetDefaults checks and sets defaults on the Oracle spec. This only
// covers basics like the presence of required fields; more complex validation
// (e.g. requiring the Oracle SDK) is in auth.validateOracleJoinToken.
func (a *ProvisionTokenSpecV2Oracle) checkAndSetDefaults() error {
if len(a.Allow) == 0 {
return trace.BadParameter("the %q join method requires at least one allow rule", JoinMethodOracle)
}
for i, rule := range a.Allow {
if rule.Tenancy == "" {
return trace.BadParameter(
"allow[%d]: tenancy must be set",
i,
)
}
if len(rule.Instances) > 100 {
return trace.BadParameter("allow[%d]: maximum 100 instances may be set (found %d)", i, len(rule.Instances))
}
}
return nil
}
// checkAndSetDefaults checks and sets defaults on the Azure Devops spec.
func (a *ProvisionTokenSpecV2AzureDevops) checkAndSetDefaults() error {
switch {
case len(a.Allow) == 0:
return trace.BadParameter(
"the %q join method requires at least one allow rule",
JoinMethodAzureDevops,
)
case a.OrganizationID == "":
return trace.BadParameter(
"organization_id: must be set",
)
}
for i, rule := range a.Allow {
subSet := rule.Sub != ""
projectNameSet := rule.ProjectName != ""
projectIDSet := rule.ProjectID != ""
if !subSet && !projectNameSet && !projectIDSet {
return trace.BadParameter(
"allow[%d]: at least one of ['sub', 'project_name', 'project_id'] must be set",
i,
)
}
}
return nil
}
func (a *ProvisionTokenSpecV2BoundKeypair) checkAndSetDefaults() error {
if a.Onboarding == nil {
a.Onboarding = &ProvisionTokenSpecV2BoundKeypair_OnboardingSpec{}
}
if a.Recovery == nil {
a.Recovery = &ProvisionTokenSpecV2BoundKeypair_RecoverySpec{}
}
// Limit must be >= 1 for the token to be useful. If zero, assume it's unset
// and provide a sane default.
if a.Recovery.Limit == 0 {
a.Recovery.Limit = 1
}
// Note: Recovery.Mode will be interpreted at joining time; it's zero value
// ("") is mapped to RecoveryModeStandard.
return nil
}
func (a *ProvisionTokenSpecV2Env0) checkAndSetDefaults() error {
if len(a.Allow) == 0 {
return trace.BadParameter("the %q join method requires at least one token allow rule", JoinMethodEnv0)
}
for i, allowRule := range a.Allow {
if allowRule.OrganizationID == "" {
return trace.BadParameter("allow[%d]: organization_id must be set", i)
}
if allowRule.ProjectID == "" && allowRule.ProjectName == "" {
return trace.BadParameter("allow[%d]: at least one of ['project_id', 'project_name'] must be set", i)
}
}
return nil
}
/*
Copyright 2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import "github.com/gravitational/trace"
// CheckAndSetDefaults checks for errors and sets defaults
func (r *RegisterUsingTokenRequest) CheckAndSetDefaults() error {
if r.HostID == "" && r.Role != RoleBot {
return trace.BadParameter("missing parameter HostID")
}
if r.Token == "" {
return trace.BadParameter("missing parameter Token")
}
if err := r.Role.Check(); err != nil {
return trace.Wrap(err)
}
return nil
}
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"fmt"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
// RemoteCluster represents a remote cluster that has connected via reverse tunnel
// to this cluster
type RemoteCluster interface {
// Resource provides common resource properties
Resource
// GetConnectionStatus returns connection status
GetConnectionStatus() string
// SetConnectionStatus sets connection status
SetConnectionStatus(string)
// GetLastHeartbeat returns last heartbeat of the cluster
GetLastHeartbeat() time.Time
// SetLastHeartbeat sets last heartbeat of the cluster
SetLastHeartbeat(t time.Time)
// SetMetadata sets remote cluster metatada
SetMetadata(Metadata)
// Clone performs a deep copy.
Clone() RemoteCluster
// GetLabel retrieves the label with the provided key. If not found value
// will be empty and ok will be false.
GetLabel(key string) (value string, ok bool)
// GetAllLabels returns all labels for the remote cluster
GetAllLabels() map[string]string
}
// NewRemoteCluster is a convenience way to create a RemoteCluster resource.
func NewRemoteCluster(name string) (RemoteCluster, error) {
c := &RemoteClusterV3{
Metadata: Metadata{
Name: name,
},
}
if err := c.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return c, nil
}
// GetVersion returns resource version
func (c *RemoteClusterV3) GetVersion() string {
return c.Version
}
// GetKind returns resource kind
func (c *RemoteClusterV3) GetKind() string {
return c.Kind
}
// GetSubKind returns resource sub kind
func (c *RemoteClusterV3) GetSubKind() string {
return c.SubKind
}
// SetSubKind sets resource subkind
func (c *RemoteClusterV3) SetSubKind(s string) {
c.SubKind = s
}
// GetRevision returns the revision
func (c *RemoteClusterV3) GetRevision() string {
return c.Metadata.GetRevision()
}
// SetRevision sets the revision
func (c *RemoteClusterV3) SetRevision(rev string) {
c.Metadata.SetRevision(rev)
}
// setStaticFields sets static resource header and metadata fields.
func (c *RemoteClusterV3) setStaticFields() {
c.Kind = KindRemoteCluster
c.Version = V3
}
// CheckAndSetDefaults checks and sets default values
func (c *RemoteClusterV3) CheckAndSetDefaults() error {
c.setStaticFields()
if err := c.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
return nil
}
// GetLastHeartbeat returns last heartbeat of the cluster
func (c *RemoteClusterV3) GetLastHeartbeat() time.Time {
return c.Status.LastHeartbeat
}
// SetLastHeartbeat sets last heartbeat of the cluster
func (c *RemoteClusterV3) SetLastHeartbeat(t time.Time) {
c.Status.LastHeartbeat = t
}
// Clone performs a deep copy.
func (c *RemoteClusterV3) Clone() RemoteCluster {
return utils.CloneProtoMsg(c)
}
// GetConnectionStatus returns connection status
func (c *RemoteClusterV3) GetConnectionStatus() string {
return c.Status.Connection
}
// SetConnectionStatus sets connection status
func (c *RemoteClusterV3) SetConnectionStatus(status string) {
c.Status.Connection = status
}
// GetMetadata returns object metadata
func (c *RemoteClusterV3) GetMetadata() Metadata {
return c.Metadata
}
// SetMetadata sets remote cluster metatada
func (c *RemoteClusterV3) SetMetadata(meta Metadata) {
c.Metadata = meta
}
// SetExpiry sets expiry time for the object
func (c *RemoteClusterV3) SetExpiry(expires time.Time) {
c.Metadata.SetExpiry(expires)
}
// Expiry returns object expiry setting
func (c *RemoteClusterV3) Expiry() time.Time {
return c.Metadata.Expiry()
}
// GetName returns the name of the RemoteCluster.
func (c *RemoteClusterV3) GetName() string {
return c.Metadata.Name
}
// SetName sets the name of the RemoteCluster.
func (c *RemoteClusterV3) SetName(e string) {
c.Metadata.Name = e
}
// String represents a human readable version of remote cluster settings.
func (c *RemoteClusterV3) String() string {
return fmt.Sprintf("RemoteCluster(%v, %v)", c.Metadata.Name, c.Status.Connection)
}
// GetLabel retrieves the label with the provided key. If not found value
// will be empty and ok will be false.
func (c *RemoteClusterV3) GetLabel(key string) (value string, ok bool) {
value, ok = c.Metadata.Labels[key]
return value, ok
}
// GetAllLabels returns all labels for the remote cluster. Remote clusters only
// have static labels.
func (c *RemoteClusterV3) GetAllLabels() map[string]string {
return c.Metadata.Labels
}
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"iter"
"regexp"
"slices"
"sort"
"strings"
"time"
"github.com/charlievieth/strcase"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/defaults"
"github.com/gravitational/teleport/api/types/common"
"github.com/gravitational/teleport/api/types/compare"
"github.com/gravitational/teleport/api/utils"
"github.com/gravitational/teleport/api/utils/iterutils"
)
var (
_ compare.IsEqual[*ResourceHeader] = (*ResourceHeader)(nil)
_ compare.IsEqual[*Metadata] = (*Metadata)(nil)
)
// Resource represents common properties for all resources.
//
// Please avoid adding new uses of Resource in the codebase. Instead, consider
// using concrete proto types directly or a manually declared subset of the
// Resource153 interface for new-style resources.
type Resource interface {
// GetKind returns resource kind
GetKind() string
// GetSubKind returns resource subkind
GetSubKind() string
// SetSubKind sets resource subkind
SetSubKind(string)
// GetVersion returns resource version
GetVersion() string
// GetName returns the name of the resource
GetName() string
// SetName sets the name of the resource
SetName(string)
// Expiry returns object expiry setting
Expiry() time.Time
// SetExpiry sets object expiry
SetExpiry(time.Time)
// GetMetadata returns object metadata
GetMetadata() Metadata
// GetRevision returns the revision
GetRevision() string
// SetRevision sets the revision
SetRevision(string)
}
// IsSystemResource checks to see if the given resource is considered
// part of the teleport system, as opposed to some user created resource
// or preset.
func IsSystemResource(r Resource) bool {
metadata := r.GetMetadata()
if t, ok := metadata.Labels[TeleportInternalResourceType]; ok {
return t == SystemResource
}
return false
}
// GetName fetches the name of the supplied resource. Useful when sorting lists
// of resources or building maps, etc.
func GetName[R Resource](r R) string {
return r.GetName()
}
// ResourceNames creates an iterator that loops through the provided slice of
// resources and return their names.
func ResourceNames[R Resource, S ~[]R](s S) iter.Seq[string] {
return iterutils.Map(GetName, slices.Values(s))
}
// CompareResourceByNames compares resources by their names.
func CompareResourceByNames[R Resource](a, b R) int {
return strings.Compare(a.GetName(), b.GetName())
}
// ResourceDetails includes details about the resource
type ResourceDetails struct {
Hostname string
FriendlyName string
}
// ResourceWithSecrets includes additional properties which must
// be provided by resources which *may* contain secrets.
type ResourceWithSecrets interface {
Resource
// WithoutSecrets returns an instance of the resource which
// has had all secrets removed. If the current resource has
// already had its secrets removed, this may be a no-op.
WithoutSecrets() Resource
}
// ResourceWithOrigin provides information on the origin of the resource
// (defaults, config-file, dynamic).
type ResourceWithOrigin interface {
Resource
// Origin returns the origin value of the resource.
Origin() string
// SetOrigin sets the origin value of the resource.
SetOrigin(string)
}
// ResourceWithLabels is a common interface for resources that have labels.
type ResourceWithLabels interface {
// ResourceWithOrigin is the base resource interface.
ResourceWithOrigin
// GetLabel retrieves the label with the provided key.
GetLabel(key string) (value string, ok bool)
// GetAllLabels returns all resource's labels.
GetAllLabels() map[string]string
// GetStaticLabels returns the resource's static labels.
GetStaticLabels() map[string]string
// SetStaticLabels sets the resource's static labels.
SetStaticLabels(sl map[string]string)
// MatchSearch goes through select field values of a resource
// and tries to match against the list of search values.
MatchSearch(searchValues []string) bool
}
// EnrichedResource is a [ResourceWithLabels] wrapped with
// additional user-specific information.
type EnrichedResource struct {
// ResourceWithLabels is the underlying resource.
ResourceWithLabels
// Logins that the user is allowed to access the above resource with.
Logins []string
// RequiresRequest is true if a resource is being returned to the user but requires
// an access request to access. This is done during `ListUnifiedResources` when
// searchAsRoles is true
RequiresRequest bool
}
// EnrichedResources is a wrapper of []*EnrichedResource.
// A EnrichedResource is a [ResourceWithLabels] wrapped with additional
// user-specific information.
type EnrichedResources []*EnrichedResource
// ToResourcesWithLabels converts to ResourcesWithLabels.
func (r EnrichedResources) ToResourcesWithLabels() ResourcesWithLabels {
ret := make(ResourcesWithLabels, 0, len(r))
for _, resource := range r {
ret = append(ret, resource.ResourceWithLabels)
}
return ret
}
// ResourcesWithLabels is a list of labeled resources.
type ResourcesWithLabels []ResourceWithLabels
// ResourcesWithLabelsMap is like ResourcesWithLabels, but a map from resource name to its value.
type ResourcesWithLabelsMap map[string]ResourceWithLabels
// ToMap returns these databases as a map keyed by database name.
func (r ResourcesWithLabels) ToMap() ResourcesWithLabelsMap {
rm := make(ResourcesWithLabelsMap, len(r))
// there may be duplicate resources in the input list.
// by iterating from end to start, the first resource of given name wins.
for i := len(r) - 1; i >= 0; i-- {
resource := r[i]
rm[resource.GetName()] = resource
}
return rm
}
// Len returns the slice length.
func (r ResourcesWithLabels) Len() int { return len(r) }
// Less compares resources by name.
func (r ResourcesWithLabels) Less(i, j int) bool { return r[i].GetName() < r[j].GetName() }
// Swap swaps two resources.
func (r ResourcesWithLabels) Swap(i, j int) { r[i], r[j] = r[j], r[i] }
// AsAppServers converts each resource into type AppServer.
func (r ResourcesWithLabels) AsAppServers() ([]AppServer, error) {
apps := make([]AppServer, 0, len(r))
for _, resource := range r {
app, ok := resource.(AppServer)
if !ok {
return nil, trace.BadParameter("expected types.AppServer, got: %T", resource)
}
apps = append(apps, app)
}
return apps, nil
}
// AsServers converts each resource into type Server.
func (r ResourcesWithLabels) AsServers() ([]Server, error) {
servers := make([]Server, 0, len(r))
for _, resource := range r {
server, ok := resource.(Server)
if !ok {
return nil, trace.BadParameter("expected types.Server, got: %T", resource)
}
servers = append(servers, server)
}
return servers, nil
}
// AsDatabases converts each resource into type Database.
func (r ResourcesWithLabels) AsDatabases() ([]Database, error) {
dbs := make([]Database, 0, len(r))
for _, resource := range r {
db, ok := resource.(Database)
if !ok {
return nil, trace.BadParameter("expected types.Database, got: %T", resource)
}
dbs = append(dbs, db)
}
return dbs, nil
}
// AsDatabaseServers converts each resource into type DatabaseServer.
func (r ResourcesWithLabels) AsDatabaseServers() ([]DatabaseServer, error) {
dbs := make([]DatabaseServer, 0, len(r))
for _, resource := range r {
db, ok := resource.(DatabaseServer)
if !ok {
return nil, trace.BadParameter("expected types.DatabaseServer, got: %T", resource)
}
dbs = append(dbs, db)
}
return dbs, nil
}
// AsDatabaseServices converts each resource into type DatabaseService.
func (r ResourcesWithLabels) AsDatabaseServices() ([]DatabaseService, error) {
services := make([]DatabaseService, len(r))
for i, resource := range r {
dbService, ok := resource.(DatabaseService)
if !ok {
return nil, trace.BadParameter("expected types.DatabaseService, got: %T", resource)
}
services[i] = dbService
}
return services, nil
}
// AsWindowsDesktops converts each resource into type WindowsDesktop.
func (r ResourcesWithLabels) AsWindowsDesktops() ([]WindowsDesktop, error) {
desktops := make([]WindowsDesktop, 0, len(r))
for _, resource := range r {
desktop, ok := resource.(WindowsDesktop)
if !ok {
return nil, trace.BadParameter("expected types.WindowsDesktop, got: %T", resource)
}
desktops = append(desktops, desktop)
}
return desktops, nil
}
// AsWindowsDesktopServices converts each resource into type WindowsDesktop.
func (r ResourcesWithLabels) AsWindowsDesktopServices() ([]WindowsDesktopService, error) {
desktopServices := make([]WindowsDesktopService, 0, len(r))
for _, resource := range r {
desktopService, ok := resource.(WindowsDesktopService)
if !ok {
return nil, trace.BadParameter("expected types.WindowsDesktopService, got: %T", resource)
}
desktopServices = append(desktopServices, desktopService)
}
return desktopServices, nil
}
// AsKubeClusters converts each resource into type KubeCluster.
func (r ResourcesWithLabels) AsKubeClusters() ([]KubeCluster, error) {
clusters := make([]KubeCluster, 0, len(r))
for _, resource := range r {
cluster, ok := resource.(KubeCluster)
if !ok {
return nil, trace.BadParameter("expected types.KubeCluster, got: %T", resource)
}
clusters = append(clusters, cluster)
}
return clusters, nil
}
// AsKubeServers converts each resource into type KubeServer.
func (r ResourcesWithLabels) AsKubeServers() ([]KubeServer, error) {
servers := make([]KubeServer, 0, len(r))
for _, resource := range r {
server, ok := resource.(KubeServer)
if !ok {
return nil, trace.BadParameter("expected types.KubeServer, got: %T", resource)
}
servers = append(servers, server)
}
return servers, nil
}
// AsUserGroups converts each resource into type UserGroup.
func (r ResourcesWithLabels) AsUserGroups() ([]UserGroup, error) {
userGroups := make([]UserGroup, 0, len(r))
for _, resource := range r {
userGroup, ok := resource.(UserGroup)
if !ok {
return nil, trace.BadParameter("expected types.UserGroup, got: %T", resource)
}
userGroups = append(userGroups, userGroup)
}
return userGroups, nil
}
// GetVersion returns resource version
func (h *ResourceHeader) GetVersion() string {
return h.Version
}
// GetRevision returns the revision
func (h *ResourceHeader) GetRevision() string {
return h.Metadata.GetRevision()
}
// SetRevision sets the revision
func (h *ResourceHeader) SetRevision(rev string) {
h.Metadata.SetRevision(rev)
}
// GetName returns the name of the resource
func (h *ResourceHeader) GetName() string {
return h.Metadata.Name
}
// SetName sets the name of the resource
func (h *ResourceHeader) SetName(v string) {
h.Metadata.SetName(v)
}
// Expiry returns object expiry setting
func (h *ResourceHeader) Expiry() time.Time {
return h.Metadata.Expiry()
}
// SetExpiry sets object expiry
func (h *ResourceHeader) SetExpiry(t time.Time) {
h.Metadata.SetExpiry(t)
}
// GetMetadata returns object metadata
func (h *ResourceHeader) GetMetadata() Metadata {
return h.Metadata
}
// GetKind returns resource kind
func (h *ResourceHeader) GetKind() string {
return h.Kind
}
// GetSubKind returns resource subkind
func (h *ResourceHeader) GetSubKind() string {
return h.SubKind
}
// SetSubKind sets resource subkind
func (h *ResourceHeader) SetSubKind(s string) {
h.SubKind = s
}
// Origin returns the origin value of the resource.
func (h *ResourceHeader) Origin() string {
return h.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (h *ResourceHeader) SetOrigin(origin string) {
h.Metadata.SetOrigin(origin)
}
// GetStaticLabels returns the static labels for the resource.
func (h *ResourceHeader) GetStaticLabels() map[string]string {
return h.Metadata.Labels
}
// SetStaticLabels sets the static labels for the resource.
func (h *ResourceHeader) SetStaticLabels(sl map[string]string) {
h.Metadata.Labels = sl
}
// GetLabel retrieves the label with the provided key. If not found
// value will be empty and ok will be false.
func (h *ResourceHeader) GetLabel(key string) (value string, ok bool) {
v, ok := h.Metadata.Labels[key]
return v, ok
}
// GetAllLabels returns all labels from the resource..
func (h *ResourceHeader) GetAllLabels() map[string]string {
return h.Metadata.Labels
}
// IsEqual determines if two resource header resources are equivalent to one another.
func (h *ResourceHeader) IsEqual(other *ResourceHeader) bool {
return deriveTeleportEqualResourceHeader(h, other)
}
func (h *ResourceHeader) CheckAndSetDefaults() error {
if h.Kind == "" {
return trace.BadParameter("resource has an empty Kind field")
}
if h.Version == "" {
return trace.BadParameter("resource has an empty Version field")
}
return trace.Wrap(h.Metadata.CheckAndSetDefaults())
}
// GetRevision returns the revision
func (m *Metadata) GetRevision() string {
return m.Revision
}
// SetRevision sets the revision
func (m *Metadata) SetRevision(rev string) {
m.Revision = rev
}
// GetMetadata returns object metadata
func (m *Metadata) GetMetadata() Metadata {
return *m
}
// GetName returns the name of the resource
func (m *Metadata) GetName() string {
return m.Name
}
// SetName sets the name of the resource
func (m *Metadata) SetName(name string) {
m.Name = name
}
// SetExpiry sets expiry time for the object
func (m *Metadata) SetExpiry(expires time.Time) {
m.Expires = &expires
}
// Expiry returns object expiry setting.
func (m *Metadata) Expiry() time.Time {
if m.Expires == nil {
return time.Time{}
}
return *m.Expires
}
// Origin returns the origin value of the resource.
func (m *Metadata) Origin() string {
if m.Labels == nil {
return ""
}
return m.Labels[OriginLabel]
}
// SetOrigin sets the origin value of the resource.
func (m *Metadata) SetOrigin(origin string) {
if m.Labels == nil {
m.Labels = map[string]string{}
}
m.Labels[OriginLabel] = origin
}
// IsEqual determines if two metadata resources are equivalent to one another.
func (m *Metadata) IsEqual(other *Metadata) bool {
return deriveTeleportEqualMetadata(m, other)
}
// CheckAndSetDefaults checks validity of all parameters and sets defaults
func (m *Metadata) CheckAndSetDefaults() error {
if m.Name == "" {
return trace.BadParameter("missing parameter Name")
}
if m.Namespace == "" {
m.Namespace = defaults.Namespace
}
if err := ValidateNamespaceDefault(m.Namespace); err != nil {
return trace.Wrap(err)
}
// adjust expires time to UTC if it's set
if m.Expires != nil {
utils.UTC(m.Expires)
}
for key := range m.Labels {
if !IsValidLabelKey(key) {
return trace.BadParameter("invalid label key: %q", key)
}
}
// Check the origin value.
if m.Origin() != "" {
if !slices.Contains(OriginValues, m.Origin()) {
return trace.BadParameter("invalid origin value %q, must be one of %v", m.Origin(), OriginValues)
}
}
return nil
}
// MatchLabels takes a map of labels and returns `true` if the resource has ALL
// of them.
func MatchLabels(resource ResourceWithLabels, labels map[string]string) bool {
for key, value := range labels {
if v, ok := resource.GetLabel(key); !ok || v != value {
return false
}
}
return true
}
// MatchKinds takes an array of strings that represent a Kind and
// returns true if the resource's kind matches any item in the given array.
func MatchKinds(resource ResourceWithLabels, kinds []string) bool {
if len(kinds) == 0 {
return true
}
resourceKind := resource.GetKind()
switch resourceKind {
case KindApp:
if slices.Contains(kinds, KindApp) {
return true
}
// MCP server resources are subkinds of app resources, but it is
// possible for certain APIs like ListUnifiedResources to use KindMCP as
// a kind filter.
return resource.GetSubKind() == SubKindMCP && slices.Contains(kinds, KindMCP)
case KindSAMLIdPServiceProvider, KindIdentityCenterAccount:
return slices.Contains(kinds, KindApp)
default:
return slices.Contains(kinds, resourceKind)
}
}
// IsValidLabelKey checks if the supplied string is a valid label key.
func IsValidLabelKey(s string) bool {
return common.IsValidLabelKey(s)
}
// MatchSearch goes through select field values from a resource
// and tries to match against the list of search values, ignoring case and order.
// Returns true if all search vals were matched (or if nil search vals).
// Returns false if no or partial match (or nil field values).
func MatchSearch(fieldVals []string, searchVals []string, customMatch func(val string) bool) bool {
Outer:
for _, searchV := range searchVals {
// Iterate through field values to look for a match.
for _, fieldV := range fieldVals {
if strcase.Contains(fieldV, searchV) {
continue Outer
}
}
if customMatch != nil && customMatch(searchV) {
continue
}
// When no fields matched a value, prematurely end if we can.
return false
}
return true
}
func stringCompare(a string, b string, isDesc bool) bool {
if isDesc {
return a > b
}
return a < b
}
var kindsOrder = []string{
"app", "db", "windows_desktop", "kube_cluster", "node",
}
// unifiedKindCompare compares two resource kinds and returns true if a is less than b.
// Note that it's not just a simple string comparison, since the UI names these
// kinds slightly differently, and hence uses a different alphabetical order for
// them.
//
// If resources are of the same kind, this function falls back to comparing
// their unified names.
func unifiedKindCompare(a, b ResourceWithLabels, isDesc bool) bool {
ak := a.GetKind()
bk := b.GetKind()
if ak == bk {
return unifiedNameCompare(a, b, isDesc)
}
ia := slices.Index(kindsOrder, ak)
ib := slices.Index(kindsOrder, bk)
if ia < 0 && ib < 0 {
// Fallback for a case of two unknown resources.
return stringCompare(ak, bk, isDesc)
}
if isDesc {
return ia > ib
}
return ia < ib
}
func unifiedNameCompare(a ResourceWithLabels, b ResourceWithLabels, isDesc bool) bool {
var nameA, nameB string
switch r := a.(type) {
case AppServer:
nameA = r.GetApp().GetName()
case DatabaseServer:
nameA = r.GetDatabase().GetName()
case KubeServer:
nameA = r.GetCluster().GetName()
case Server:
nameA = r.GetHostname()
default:
nameA = a.GetName()
}
switch r := b.(type) {
case AppServer:
nameB = r.GetApp().GetName()
case DatabaseServer:
nameB = r.GetDatabase().GetName()
case KubeServer:
nameB = r.GetCluster().GetName()
case Server:
nameB = r.GetHostname()
default:
nameB = a.GetName()
}
return stringCompare(strings.ToLower(nameA), strings.ToLower(nameB), isDesc)
}
func (r ResourcesWithLabels) SortByCustom(by SortBy) error {
isDesc := by.IsDesc
switch by.Field {
case ResourceMetadataName:
sort.SliceStable(r, func(i, j int) bool {
return unifiedNameCompare(r[i], r[j], isDesc)
})
case ResourceKind:
sort.SliceStable(r, func(i, j int) bool {
return unifiedKindCompare(r[i], r[j], isDesc)
})
default:
return trace.NotImplemented("sorting by field %q for unified resource %q is not supported", by.Field, KindUnifiedResource)
}
return nil
}
// ListResourcesResponse describes a non proto response to ListResources.
type ListResourcesResponse struct {
// Resources is a list of resource.
Resources []ResourceWithLabels
// NextKey is the next key to use as a starting point.
NextKey string
// TotalCount is the total number of resources available as a whole.
TotalCount int
}
// ValidateResourceName validates a resource name using a given regexp.
func ValidateResourceName(validationRegex *regexp.Regexp, name string) error {
if validationRegex.MatchString(name) {
return nil
}
return trace.BadParameter(
"%q does not match regex used for validation %q",
name, validationRegex.String(),
)
}
// FriendlyName will return the friendly name for a resource if it has one. Otherwise, it
// will return an empty string.
func FriendlyName(resource ResourceWithLabels) string {
// Right now, only resources sourced from Okta and nodes have friendly names.
if resource.Origin() == OriginOkta {
if appName, ok := resource.GetLabel(OktaAppNameLabel); ok {
return appName
} else if groupName, ok := resource.GetLabel(OktaGroupNameLabel); ok {
return groupName
} else if roleName, ok := resource.GetLabel(OktaRoleNameLabel); ok {
return roleName
}
return resource.GetMetadata().Description
}
switch rr := resource.(type) {
case interface{ GetHostname() string }:
return rr.GetHostname()
case interface{ GetDisplayName() string }:
return rr.GetDisplayName()
}
return ""
}
// GetOrigin returns the value set for the [OriginLabel].
// If the label is missing, an empty string is returned.
//
// Works for both [ResourceWithOrigin] and [ResourceMetadata] instances.
func GetOrigin(v any) (string, error) {
switch r := v.(type) {
case ResourceWithOrigin:
return r.Origin(), nil
case ResourceMetadata:
meta := r.GetMetadata()
if meta.Labels == nil {
return "", nil
}
return meta.Labels[OriginLabel], nil
}
return "", trace.BadParameter("unable to determine origin from resource of type %T", v)
}
// GetKind returns the kind, if one can be obtained, otherwise
// an empty string is returned.
//
// Works for both [Resource] and [ResourceMetadata] instances.
func GetKind(v any) (string, error) {
type kinder interface {
GetKind() string
}
if k, ok := v.(kinder); ok {
return k.GetKind(), nil
}
return "", trace.BadParameter("unable to determine kind from resource of type %T", v)
}
// GetRevision returns the revision, if one can be obtained, otherwise
// an empty string is returned.
//
// Works for both [Resource] and [ResourceMetadata] instances.
func GetRevision(v any) (string, error) {
switch r := v.(type) {
case Resource:
return r.GetRevision(), nil
case ResourceMetadata:
return r.GetMetadata().GetRevision(), nil
}
return "", trace.BadParameter("unable to determine revision from resource of type %T", v)
}
// SetRevision updates the revision if v supports the concept of revisions.
//
// Works for both [Resource] and [ResourceMetadata] instances.
func SetRevision(v any, revision string) error {
switch r := v.(type) {
case Resource:
r.SetRevision(revision)
return nil
case ResourceMetadata:
r.GetMetadata().Revision = revision
return nil
}
return trace.BadParameter("unable to set revision on resource of type %T", v)
}
// GetExpiry returns the expiration, if one can be obtained, otherwise returns
// an empty time `time.Time{}`, which is equivalent to no expiry.
//
// Works for both [Resource] and [ResourceMetadata] instances.
func GetExpiry(v any) (time.Time, error) {
switch r := v.(type) {
case Resource:
return r.Expiry(), nil
case ResourceMetadata:
// ResourceMetadata uses *timestamppb.Timestamp instead of time.Time. The zero value for this type is 01/01/1970.
// This is a problem for resources without explicit expiry set: they'd become obsolete on creation.
// For this reason, we check for nil expiry explicitly, and default it to time.Time{}.
exp := r.GetMetadata().GetExpires()
if exp == nil {
return time.Time{}, nil
}
return exp.AsTime(), nil
}
return time.Time{}, trace.BadParameter("unable to determine expiry from resource of type %T", v)
}
// Copyright 2023 Gravitational, Inc
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package types
import (
"encoding/json"
"time"
"google.golang.org/protobuf/encoding/protojson"
"google.golang.org/protobuf/proto"
"google.golang.org/protobuf/types/known/timestamppb"
headerv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/header/v1"
"github.com/gravitational/teleport/api/utils"
)
// ResourceMetadata is the smallest interface that defines a Teleport resource.
type ResourceMetadata interface {
// GetMetadata returns the generic resource metadata.
GetMetadata() *headerv1.Metadata
}
// Resource153 is a resource that follows RFD 153.
//
// It exists as a weak guideline for fields that resource protos must provide
// and as a way to adapt "new" resources to the legacy [Resource] interface.
//
// Strongly prefer using actual types, like *myprotov1.Foo, instead of this
// interface. If you do need to represent resources in a generic manner,
// consider declaring a smaller interface with only what you need.
//
// Embedding or further extending this interface is highly discouraged.
type Resource153 interface {
// GetKind returns the resource kind.
//
// Kind is usually hard-coded for each underlying type.
GetKind() string
// GetSubKind returns the resource sub-kind, if any.
GetSubKind() string
// GetVersion returns the resource API version.
//
// See [headerv1.Metadata.Revision] for an identifier of the resource over
// time.
GetVersion() string
// GetMetadata returns the generic resource metadata.
GetMetadata() *headerv1.Metadata
}
// LegacyToResource153 converts a legacy [Resource] into a [Resource153].
//
// Useful to handle old and new resources uniformly. If you can, consider
// further "downgrading" the Resource153 interface into the smallest subset that
// works for you (for example, [ResourceMetadata]).
func LegacyToResource153(r Resource) Resource153 {
return &legacyToResource153Adapter{inner: r}
}
type legacyToResource153Adapter struct {
inner Resource
}
// UnwrapT is an escape hatch for Resource instances that are piped down into the
// codebase as a legacy Resource.
//
// Ideally you shouldn't depend on this.
func (r *legacyToResource153Adapter) UnwrapT() Resource {
return r.inner
}
// MarshalJSON adds support for marshaling the wrapped resource (instead of
// marshaling the adapter itself).
func (r *legacyToResource153Adapter) MarshalJSON() ([]byte, error) {
return json.Marshal(r.inner)
}
func (r *legacyToResource153Adapter) GetKind() string {
return r.inner.GetKind()
}
// LegacyTo153Metadata converts a legacy [Metadata] object an RFD153-style
// [headerv1.Metadata] block
func LegacyTo153Metadata(md Metadata) *headerv1.Metadata {
var expires *timestamppb.Timestamp
if md.Expires != nil {
expires = timestamppb.New(*md.Expires)
}
return &headerv1.Metadata{
Name: md.Name,
Namespace: md.Namespace,
Description: md.Description,
Labels: md.Labels,
Expires: expires,
Revision: md.Revision,
}
}
func (r *legacyToResource153Adapter) GetMetadata() *headerv1.Metadata {
return LegacyTo153Metadata(r.inner.GetMetadata())
}
func (r *legacyToResource153Adapter) GetSubKind() string {
return r.inner.GetSubKind()
}
func (r *legacyToResource153Adapter) GetVersion() string {
return r.inner.GetVersion()
}
// Resource153ToLegacy transforms an RFD 153 style resource into a legacy
// [Resource] type. Implements [ResourceWithLabels] and CloneResource (where the)
// wrapped resource supports cloning).
//
// Resources153 implemented by proto-generated structs should use ProtoResource153ToLegacy
// instead as it will ensure the protobuf message is properly marshaled to JSON
// with protojson.
//
// Note that CheckAndSetDefaults is a noop for the returned resource and
// SetSubKind is not implemented and panics on use.
func Resource153ToLegacy[T Resource153](r T) Resource {
return &resource153ToLegacyAdapter[T]{inner: r}
}
// Resource153UnwrapperT returns a [T] from a wrapped RFD
// 153 style resource.
type Resource153UnwrapperT[T Resource153] interface{ UnwrapT() T }
// resource153ToLegacyAdapter wraps a new-style resource in a type implementing
// the legacy resource interfaces
type resource153ToLegacyAdapter[T Resource153] struct {
inner T
}
// UnwrapT is an escape hatch for Resource153 instances that are piped down into
// the codebase as a legacy Resource.
//
// Ideally you shouldn't depend on this.
func (r *resource153ToLegacyAdapter[T]) UnwrapT() T {
return r.inner
}
// MarshalJSON adds support for marshaling the wrapped resource (instead of
// marshaling the adapter itself).
func (r *resource153ToLegacyAdapter[T]) MarshalJSON() ([]byte, error) {
return json.Marshal(r.inner)
}
func (r *resource153ToLegacyAdapter[T]) Expiry() time.Time {
expires := r.inner.GetMetadata().Expires
// return zero time.time{} for zero *timestamppb.Timestamp, instead of 01/01/1970.
if expires == nil {
return time.Time{}
}
return expires.AsTime()
}
func (r *resource153ToLegacyAdapter[T]) GetKind() string {
return r.inner.GetKind()
}
// Metadata153ToLegacy converts RFD153-style resource metadata to legacy
// metadata.
func Metadata153ToLegacy(md *headerv1.Metadata) Metadata {
// use zero time.time{} for zero *timestamppb.Timestamp, instead of 01/01/1970.
expires := md.Expires.AsTime()
if md.Expires == nil {
expires = time.Time{}
}
return Metadata{
Name: md.Name,
Namespace: md.Namespace,
Description: md.Description,
Labels: md.Labels,
Expires: &expires,
Revision: md.Revision,
}
}
func (r *resource153ToLegacyAdapter[T]) GetMetadata() Metadata {
return Metadata153ToLegacy(r.inner.GetMetadata())
}
func (r *resource153ToLegacyAdapter[T]) GetName() string {
return r.inner.GetMetadata().Name
}
func (r *resource153ToLegacyAdapter[T]) GetRevision() string {
return r.inner.GetMetadata().Revision
}
func (r *resource153ToLegacyAdapter[T]) GetSubKind() string {
return r.inner.GetSubKind()
}
func (r *resource153ToLegacyAdapter[T]) GetVersion() string {
return r.inner.GetVersion()
}
func (r *resource153ToLegacyAdapter[T]) SetExpiry(t time.Time) {
r.inner.GetMetadata().Expires = timestamppb.New(t)
}
func (r *resource153ToLegacyAdapter[T]) SetName(name string) {
r.inner.GetMetadata().Name = name
}
func (r *resource153ToLegacyAdapter[T]) SetRevision(rev string) {
r.inner.GetMetadata().Revision = rev
}
func (r *resource153ToLegacyAdapter[T]) SetSubKind(subKind string) {
panic("interface Resource153 does not implement SetSubKind")
}
// Resource153ToResourceWithLabels wraps a [Resource153]-style resource in
// the legacy [Resource] and [ResourceWithLabels] interfaces.
//
// The same caveats that apply to [Resource153ToLegacy] apply.
func Resource153ToResourceWithLabels[T Resource153](r T) ResourceWithLabels {
return &resource153ToResourceWithLabelsAdapter[T]{
resource153ToLegacyAdapter[T]{
inner: r,
},
}
}
// resource153ToResourceWithLabelsAdapter wraps a new-style resource in a
// type implementing the legacy resource interfaces
type resource153ToResourceWithLabelsAdapter[T Resource153] struct {
resource153ToLegacyAdapter[T]
}
// UnwrapT is an escape hatch for Resource153 instances that are piped down into
// the codebase as a legacy Resource.
//
// Ideally you shouldn't depend on this.
func (r *resource153ToResourceWithLabelsAdapter[T]) UnwrapT() T {
return r.inner
}
// Origin implements ResourceWithLabels for the adapter.
func (r *resource153ToResourceWithLabelsAdapter[T]) Origin() string {
m := r.inner.GetMetadata()
if m == nil {
return ""
}
return m.Labels[OriginLabel]
}
// SetOrigin implements ResourceWithLabels for the adapter.
func (r *resource153ToResourceWithLabelsAdapter[T]) SetOrigin(origin string) {
m := r.inner.GetMetadata()
if m == nil {
return
}
m.Labels[OriginLabel] = origin
}
// GetLabel implements ResourceWithLabels for the adapter.
func (r *resource153ToResourceWithLabelsAdapter[T]) GetLabel(key string) (value string, ok bool) {
m := r.inner.GetMetadata()
if m == nil {
return "", false
}
value, ok = m.Labels[key]
return
}
// GetAllLabels implements ResourceWithLabels for the adapter.
func (r *resource153ToResourceWithLabelsAdapter[T]) GetAllLabels() map[string]string {
m := r.inner.GetMetadata()
if m == nil {
return nil
}
return m.Labels
}
// GetStaticLabels implements ResourceWithLabels for the adapter.
func (r *resource153ToResourceWithLabelsAdapter[T]) GetStaticLabels() map[string]string {
return r.GetAllLabels()
}
// SetStaticLabels implements ResourceWithLabels for the adapter.
func (r *resource153ToResourceWithLabelsAdapter[T]) SetStaticLabels(labels map[string]string) {
m := r.inner.GetMetadata()
if m == nil {
return
}
m.Labels = labels
}
// MatchSearch implements ResourceWithLabels for the adapter. If the underlying
// type exposes a MatchSearch method, this method will defer to that, otherwise
// it will match against the resource label values and name.
func (r *resource153ToResourceWithLabelsAdapter[T]) MatchSearch(searchValues []string) bool {
if matcher, ok := any(r.inner).(interface{ MatchSearch([]string) bool }); ok {
return matcher.MatchSearch(searchValues)
}
fieldVals := append(utils.MapToStrings(r.GetAllLabels()), r.GetName())
return MatchSearch(fieldVals, searchValues, nil)
}
// ProtoResource153 is a Resource153 implemented by a protobuf-generated struct.
type ProtoResource153 interface {
Resource153
proto.Message
}
type protoResource153ToLegacyAdapter[T ProtoResource153] struct {
inner T
resource153ToLegacyAdapter[T]
}
// UnwrapT is an escape hatch for Resource153 instances that are piped down into
// the codebase as a legacy Resource.
//
// Ideally you shouldn't depend on this.
func (r *protoResource153ToLegacyAdapter[T]) UnwrapT() T {
return r.inner
}
// MarshalJSON adds support for marshaling the wrapped resource (instead of
// marshaling the adapter itself).
func (r *protoResource153ToLegacyAdapter[T]) MarshalJSON() ([]byte, error) {
return protojson.MarshalOptions{
UseProtoNames: true,
}.Marshal(r.inner)
}
// ProtoResource153ToLegacy transforms an RFD 153 style resource implemented by
// a proto-generated struct into a legacy [Resource] type. Implements
// [ResourceWithLabels] and CloneResource (where the wrapped resource supports
// cloning).
//
// Note that CheckAndSetDefaults is a noop for the returned resource and
// SetSubKind is not implemented and panics on use.
func ProtoResource153ToLegacy[T ProtoResource153](r T) Resource {
return &protoResource153ToLegacyAdapter[T]{
r,
resource153ToLegacyAdapter[T]{r},
}
}
/*
Copyright 2022 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"encoding/json"
"fmt"
"slices"
"strings"
"github.com/gravitational/trace"
)
func (id *ResourceID) CheckAndSetDefaults() error {
if len(id.ClusterName) == 0 {
return trace.BadParameter("ResourceID must include ClusterName")
}
if len(id.Kind) == 0 {
return trace.BadParameter("ResourceID must include Kind")
}
if len(id.Name) == 0 {
return trace.BadParameter("ResourceID must include Name")
}
// TODO(@creack): DELETE IN v20.0.0. Here to maintain backwards compatibility with older clients.
if id.Kind != KindKubeNamespace && slices.Contains(KubernetesResourcesKinds, id.Kind) {
apiGroup := KubernetesResourcesV7KindGroups[id.Kind]
if slices.Contains(KubernetesClusterWideResourceKinds, id.Kind) {
id.Kind = AccessRequestPrefixKindKubeClusterWide + KubernetesResourcesKindsPlurals[id.Kind]
} else {
id.Kind = AccessRequestPrefixKindKubeNamespaced + KubernetesResourcesKindsPlurals[id.Kind]
}
if apiGroup != "" {
id.Kind += "." + apiGroup
}
}
if id.Kind != KindKubeNamespace && !slices.Contains(RequestableResourceKinds, id.Kind) && !strings.HasPrefix(id.Kind, AccessRequestPrefixKindKube) {
return trace.BadParameter("Resource kind %q is invalid or unsupported", id.Kind)
}
switch {
case id.Kind == KindKubeNamespace || strings.HasPrefix(id.Kind, AccessRequestPrefixKindKube):
return trace.Wrap(id.validateK8sSubResource())
case id.SubResourceName != "":
return trace.BadParameter("resource kind %q doesn't allow sub resources", id.Kind)
}
return nil
}
func (id *ResourceID) validateK8sSubResource() error {
if id.SubResourceName == "" {
return trace.BadParameter("resource of kind %q must include a subresource name", id.Kind)
}
isResourceClusterwide := id.Kind == KindKubeNamespace || slices.Contains(KubernetesClusterWideResourceKinds, id.Kind) || strings.HasPrefix(id.Kind, AccessRequestPrefixKindKubeClusterWide)
switch split := strings.Split(id.SubResourceName, "/"); {
case isResourceClusterwide && len(split) != 1:
return trace.BadParameter("subresource %q must follow the following format: <name>", id.SubResourceName)
case isResourceClusterwide && split[0] == "":
return trace.BadParameter("subresource %q must include a non-empty name: <name>", id.SubResourceName)
case !isResourceClusterwide && len(split) != 2:
return trace.BadParameter("subresource %q must follow the following format: <namespace>/<name>", id.SubResourceName)
case !isResourceClusterwide && split[0] == "":
return trace.BadParameter("subresource %q must include a non-empty namespace: <namespace>/<name>", id.SubResourceName)
case !isResourceClusterwide && split[1] == "":
return trace.BadParameter("subresource %q must include a non-empty name: <namespace>/<name>", id.SubResourceName)
}
return nil
}
// ResourceIDToString marshals a ResourceID to a string.
func ResourceIDToString(id ResourceID) string {
if id.SubResourceName == "" {
return fmt.Sprintf("/%s/%s/%s", id.ClusterName, id.Kind, id.Name)
}
return fmt.Sprintf("/%s/%s/%s/%s", id.ClusterName, id.Kind, id.Name, id.SubResourceName)
}
// ResourceIDFromString parses a ResourceID from a string. The string should
// have been obtained from ResourceIDToString.
func ResourceIDFromString(raw string) (ResourceID, error) {
if len(raw) < 1 || raw[0] != '/' {
return ResourceID{}, trace.BadParameter("%s is not a valid ResourceID string", raw)
}
raw = raw[1:]
// Should be safe for any Name as long as the ClusterName and Kind don't
// contain slashes, which should never happen.
parts := strings.SplitN(raw, "/", 3)
if len(parts) != 3 {
return ResourceID{}, trace.BadParameter("/%s is not a valid ResourceID string", raw)
}
resourceID := ResourceID{
ClusterName: parts[0],
Kind: parts[1],
Name: parts[2],
}
switch {
case slices.Contains(KubernetesResourcesKinds, resourceID.Kind) || strings.HasPrefix(resourceID.Kind, AccessRequestPrefixKindKube) || resourceID.Kind == KindKubeNamespace:
isResourceClusterWide := resourceID.Kind == KindKubeNamespace || slices.Contains(KubernetesClusterWideResourceKinds, resourceID.Kind) || strings.HasPrefix(resourceID.Kind, AccessRequestPrefixKindKubeClusterWide)
// Kubernetes forbids slashes "/" in Namespaces and Pod names, so it's safe to
// explode the resourceID.Name and extract the last two entries as namespace
// and name.
// Teleport allows the resource names to contain slashes, so we need to join
// splits[:len(splits)-2] to reconstruct the resource name that contains slashes.
// If splits slice does not have the correct size, resourceID.CheckAndSetDefaults()
// will fail because, for kind=pod, it's mandatory to present a non-empty
// namespace and name.
splits := strings.Split(resourceID.Name, "/")
if !isResourceClusterWide && len(splits) >= 3 {
resourceID.Name = strings.Join(splits[:len(splits)-2], "/")
resourceID.SubResourceName = strings.Join(splits[len(splits)-2:], "/")
} else if isResourceClusterWide && len(splits) >= 2 {
resourceID.Name = strings.Join(splits[:len(splits)-1], "/")
resourceID.SubResourceName = strings.Join(splits[len(splits)-1:], "/")
}
}
return resourceID, trace.Wrap(resourceID.CheckAndSetDefaults())
}
// ResourceIDsFromStrings parses a list of ResourceIDs from a list of strings.
// Each string should have been obtained from ResourceIDToString.
func ResourceIDsFromStrings(resourceIDStrs []string) ([]ResourceID, error) {
resourceIDs := make([]ResourceID, len(resourceIDStrs))
var err error
for i, resourceIDStr := range resourceIDStrs {
resourceIDs[i], err = ResourceIDFromString(resourceIDStr)
if err != nil {
return nil, trace.Wrap(err)
}
}
return resourceIDs, nil
}
// ResourceIDsToString marshals a list of ResourceIDs to a string.
func ResourceIDsToString(ids []ResourceID) (string, error) {
if len(ids) == 0 {
return "", nil
}
// Marshal each ID to a string using the custom helper.
var idStrings []string
for _, id := range ids {
idStrings = append(idStrings, ResourceIDToString(id))
}
// Marshal the entire list of strings as JSON (should properly handle any
// IDs containing commas or quotes).
bytes, err := json.Marshal(idStrings)
if err != nil {
return "", trace.BadParameter("failed to marshal resource IDs to JSON: %v", err)
}
return string(bytes), nil
}
// ResourceIDsFromString parses a list of resource IDs from a single string.
// The string should have been obtained from ResourceIDsToString.
func ResourceIDsFromString(raw string) ([]ResourceID, error) {
if raw == "" {
return nil, nil
}
// Parse the full list of strings.
var idStrings []string
if err := json.Unmarshal([]byte(raw), &idStrings); err != nil {
return nil, trace.BadParameter("failed to parse resource IDs from JSON: %v", err)
}
// Parse each ID using the custom helper.
resourceIDs := make([]ResourceID, 0, len(idStrings))
for _, idString := range idStrings {
id, err := ResourceIDFromString(idString)
if err != nil {
return nil, trace.Wrap(err)
}
resourceIDs = append(resourceIDs, id)
}
return resourceIDs, nil
}
/*
Copyright 2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
// NetworkRestrictions defines network restrictions applied to SSH session.
type NetworkRestrictions interface {
Resource
// GetAllow returns a list of allowed network addresses
GetAllow() []AddressCondition
// SetAllow sets a list of allowed network addresses
SetAllow(allow []AddressCondition)
// GetDeny returns a list of denied network addresses (overrides Allow list)
GetDeny() []AddressCondition
// SetDeny sets a list of denied network addresses (overrides Allow list)
SetDeny(deny []AddressCondition)
// Clone returns a copy of the network restrictions.
Clone() NetworkRestrictions
}
// NewNetworkRestrictions creates a new NetworkRestrictions with the given name.
func NewNetworkRestrictions() NetworkRestrictions {
return &NetworkRestrictionsV4{
Kind: KindNetworkRestrictions,
Version: V4,
Metadata: Metadata{
Name: MetaNameNetworkRestrictions,
},
}
}
// Clone returns a copy of the network restrictions.
func (r *NetworkRestrictionsV4) Clone() NetworkRestrictions {
return utils.CloneProtoMsg(r)
}
func (r *NetworkRestrictionsV4) setStaticFields() {
if r.Version == "" {
r.Version = V4
}
if r.Kind == "" {
r.Kind = KindNetworkRestrictions
}
if r.Metadata.Name == "" {
r.Metadata.Name = MetaNameNetworkRestrictions
}
}
// CheckAndSetDefaults validates NetworkRestrictions fields and populates empty fields
// with default values.
func (r *NetworkRestrictionsV4) CheckAndSetDefaults() error {
r.setStaticFields()
if err := r.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
return nil
}
func (r *NetworkRestrictionsV4) GetKind() string {
return r.Kind
}
func (r *NetworkRestrictionsV4) GetSubKind() string {
return r.SubKind
}
func (r *NetworkRestrictionsV4) SetSubKind(sk string) {
r.SubKind = sk
}
func (r *NetworkRestrictionsV4) GetVersion() string {
return r.Version
}
func (r *NetworkRestrictionsV4) GetMetadata() Metadata {
return r.Metadata
}
func (r *NetworkRestrictionsV4) GetName() string {
return r.Metadata.GetName()
}
func (r *NetworkRestrictionsV4) SetName(n string) {
r.Metadata.SetName(n)
}
// GetRevision returns the revision
func (r *NetworkRestrictionsV4) GetRevision() string {
return r.Metadata.GetRevision()
}
// SetRevision sets the revision
func (r *NetworkRestrictionsV4) SetRevision(rev string) {
r.Metadata.SetRevision(rev)
}
func (r *NetworkRestrictionsV4) Expiry() time.Time {
return r.Metadata.Expiry()
}
func (r *NetworkRestrictionsV4) SetExpiry(exp time.Time) {
r.Metadata.SetExpiry(exp)
}
func (r *NetworkRestrictionsV4) GetAllow() []AddressCondition {
return r.Spec.Allow
}
func (r *NetworkRestrictionsV4) SetAllow(allow []AddressCondition) {
r.Spec.Allow = allow
}
func (r *NetworkRestrictionsV4) GetDeny() []AddressCondition {
return r.Spec.Deny
}
func (r *NetworkRestrictionsV4) SetDeny(deny []AddressCondition) {
r.Spec.Deny = deny
}
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"encoding/json"
"fmt"
"net"
"path"
"slices"
"strings"
"time"
"github.com/gogo/protobuf/proto"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/constants"
"github.com/gravitational/teleport/api/defaults"
"github.com/gravitational/teleport/api/types/wrappers"
"github.com/gravitational/teleport/api/utils"
"github.com/gravitational/teleport/api/utils/keys"
)
type OnSessionLeaveAction string
const (
// OnSessionLeaveTerminate is a moderated sessions policy constant that terminates
// a session once the require policy is no longer fulfilled.
OnSessionLeaveTerminate OnSessionLeaveAction = "terminate"
// OnSessionLeaveTerminate is a moderated sessions policy constant that pauses
// a session once the require policies is no longer fulfilled. It is resumed
// once the requirements are fulfilled again.
OnSessionLeavePause OnSessionLeaveAction = "pause"
)
// Match checks if the given role matches this filter.
func (f *RoleFilter) Match(role *RoleV6) bool {
if f.SkipSystemRoles && IsSystemResource(role) {
return false
}
if len(f.SearchKeywords) != 0 {
if !role.MatchSearch(f.SearchKeywords) {
return false
}
}
return true
}
// Role contains a set of permissions or settings
type Role interface {
// Resource provides common resource methods.
ResourceWithLabels
// SetMetadata sets role metadata
SetMetadata(meta Metadata)
// GetOptions gets role options.
GetOptions() RoleOptions
// SetOptions sets role options
SetOptions(opt RoleOptions)
// GetCreateDatabaseUserMode gets the create database user mode option.
GetCreateDatabaseUserMode() CreateDatabaseUserMode
// GetLogins gets *nix system logins for allow or deny condition.
GetLogins(RoleConditionType) []string
// SetLogins sets *nix system logins for allow or deny condition.
SetLogins(RoleConditionType, []string)
// GetNamespaces gets a list of namespaces this role is allowed or denied access to.
GetNamespaces(RoleConditionType) []string
// SetNamespaces sets a list of namespaces this role is allowed or denied access to.
SetNamespaces(RoleConditionType, []string)
// GetRoleConditions gets the RoleConditions for the RoleConditionType.
GetRoleConditions(rct RoleConditionType) RoleConditions
// GetRequestReasonMode gets the RequestReasonMode for the RoleConditionType.
GetRequestReasonMode(RoleConditionType) RequestReasonMode
// GetLabelMatchers gets the LabelMatchers that match labels of resources of
// type [kind] this role is allowed or denied access to.
GetLabelMatchers(rct RoleConditionType, kind string) (LabelMatchers, error)
// SetLabelMatchers sets the LabelMatchers that match labels of resources of
// type [kind] this role is allowed or denied access to.
SetLabelMatchers(rct RoleConditionType, kind string, labelMatchers LabelMatchers) error
// GetNodeLabels gets the map of node labels this role is allowed or denied access to.
GetNodeLabels(RoleConditionType) Labels
// SetNodeLabels sets the map of node labels this role is allowed or denied access to.
SetNodeLabels(RoleConditionType, Labels)
// GetWorkloadIdentityLabels gets the map of node labels this role is
// allowed or denied access to.
GetWorkloadIdentityLabels(RoleConditionType) Labels
// SetWorkloadIdentityLabels sets the map of WorkloadIdentity labels this
// role is allowed or denied access to.
SetWorkloadIdentityLabels(RoleConditionType, Labels)
// GetAppLabels gets the map of app labels this role is allowed or denied access to.
GetAppLabels(RoleConditionType) Labels
// SetAppLabels sets the map of app labels this role is allowed or denied access to.
SetAppLabels(RoleConditionType, Labels)
// GetClusterLabels gets the map of cluster labels this role is allowed or denied access to.
GetClusterLabels(RoleConditionType) Labels
// SetClusterLabels sets the map of cluster labels this role is allowed or denied access to.
SetClusterLabels(RoleConditionType, Labels)
// GetKubernetesLabels gets the map of kubernetes labels this role is
// allowed or denied access to.
GetKubernetesLabels(RoleConditionType) Labels
// SetKubernetesLabels sets the map of kubernetes labels this role is
// allowed or denied access to.
SetKubernetesLabels(RoleConditionType, Labels)
// GetRules gets all allow or deny rules.
GetRules(rct RoleConditionType) []Rule
// SetRules sets an allow or deny rule.
SetRules(rct RoleConditionType, rules []Rule)
// GetKubeGroups returns kubernetes groups
GetKubeGroups(RoleConditionType) []string
// SetKubeGroups sets kubernetes groups for allow or deny condition.
SetKubeGroups(RoleConditionType, []string)
// GetKubeUsers returns kubernetes users to impersonate
GetKubeUsers(RoleConditionType) []string
// SetKubeUsers sets kubernetes users to impersonate for allow or deny condition.
SetKubeUsers(RoleConditionType, []string)
// GetKubeResources returns the Kubernetes Resources this role grants
// access to.
GetKubeResources(rct RoleConditionType) []KubernetesResource
// SetKubeResources configures the Kubernetes Resources for the RoleConditionType.
SetKubeResources(rct RoleConditionType, pods []KubernetesResource)
// GetRequestKubernetesResources returns the request Kubernetes resources.
GetRequestKubernetesResources(rct RoleConditionType) []RequestKubernetesResource
// SetRequestKubernetesResources sets the request kubernetes resources.
SetRequestKubernetesResources(rct RoleConditionType, resources []RequestKubernetesResource)
// GetAccessRequestConditions gets allow/deny conditions for access requests.
GetAccessRequestConditions(RoleConditionType) AccessRequestConditions
// SetAccessRequestConditions sets allow/deny conditions for access requests.
SetAccessRequestConditions(RoleConditionType, AccessRequestConditions)
// GetAccessReviewConditions gets allow/deny conditions for access review.
GetAccessReviewConditions(RoleConditionType) AccessReviewConditions
// SetAccessReviewConditions sets allow/deny conditions for access review.
SetAccessReviewConditions(RoleConditionType, AccessReviewConditions)
// GetDatabaseLabels gets the map of db labels this role is allowed or denied access to.
GetDatabaseLabels(RoleConditionType) Labels
// SetDatabaseLabels sets the map of db labels this role is allowed or denied access to.
SetDatabaseLabels(RoleConditionType, Labels)
// GetDatabaseNames gets a list of database names this role is allowed or denied access to.
GetDatabaseNames(RoleConditionType) []string
// SetDatabaseNames sets a list of database names this role is allowed or denied access to.
SetDatabaseNames(RoleConditionType, []string)
// GetDatabaseUsers gets a list of database users this role is allowed or denied access to.
GetDatabaseUsers(RoleConditionType) []string
// SetDatabaseUsers sets a list of database users this role is allowed or denied access to.
SetDatabaseUsers(RoleConditionType, []string)
// GetDatabaseRoles gets a list of database roles for auto-provisioned users.
GetDatabaseRoles(RoleConditionType) []string
// SetDatabaseRoles sets a list of database roles for auto-provisioned users.
SetDatabaseRoles(RoleConditionType, []string)
// GetDatabasePermissions gets database permissions for auto-provisioned users.
GetDatabasePermissions(rct RoleConditionType) DatabasePermissions
// SetDatabasePermissions sets database permissions for auto-provisioned users.
SetDatabasePermissions(RoleConditionType, DatabasePermissions)
// GetImpersonateConditions returns conditions this role is allowed or denied to impersonate.
GetImpersonateConditions(rct RoleConditionType) ImpersonateConditions
// SetImpersonateConditions sets conditions this role is allowed or denied to impersonate.
SetImpersonateConditions(rct RoleConditionType, cond ImpersonateConditions)
// GetAWSRoleARNs returns a list of AWS role ARNs this role is allowed to assume.
GetAWSRoleARNs(RoleConditionType) []string
// SetAWSRoleARNs sets a list of AWS role ARNs this role is allowed to assume.
SetAWSRoleARNs(RoleConditionType, []string)
// GetAzureIdentities returns a list of Azure identities this role is allowed to assume.
GetAzureIdentities(RoleConditionType) []string
// SetAzureIdentities sets a list of Azure identities this role is allowed to assume.
SetAzureIdentities(RoleConditionType, []string)
// GetGCPServiceAccounts returns a list of GCP service accounts this role is allowed to assume.
GetGCPServiceAccounts(RoleConditionType) []string
// SetGCPServiceAccounts sets a list of GCP service accounts this role is allowed to assume.
SetGCPServiceAccounts(RoleConditionType, []string)
// GetWindowsDesktopLabels gets the Windows desktop labels this role
// is allowed or denied access to.
GetWindowsDesktopLabels(RoleConditionType) Labels
// SetWindowsDesktopLabels sets the Windows desktop labels this role
// is allowed or denied access to.
SetWindowsDesktopLabels(RoleConditionType, Labels)
// GetWindowsLogins gets Windows desktop logins for allow or deny condition.
GetWindowsLogins(RoleConditionType) []string
// SetWindowsLogins sets Windows desktop logins for allow or deny condition.
SetWindowsLogins(RoleConditionType, []string)
// GetSessionRequirePolicies returns the RBAC required policies for a session.
GetSessionRequirePolicies() []*SessionRequirePolicy
// SetSessionRequirePolicies sets the RBAC required policies for a session.
SetSessionRequirePolicies([]*SessionRequirePolicy)
// GetSessionJoinPolicies returns the RBAC join policies for a session.
GetSessionJoinPolicies() []*SessionJoinPolicy
// SetSessionJoinPolicies sets the RBAC join policies for a session.
SetSessionJoinPolicies([]*SessionJoinPolicy)
// GetSessionPolicySet returns the RBAC policy set for a role.
GetSessionPolicySet() SessionTrackerPolicySet
// GetSearchAsRoles returns the list of extra roles which should apply to a
// user while they are searching for resources as part of a Resource Access
// Request, and defines the underlying roles which will be requested as part
// of any Resource Access Request.
GetSearchAsRoles(RoleConditionType) []string
// SetSearchAsRoles sets the list of extra roles which should apply to a
// user while they are searching for resources as part of a Resource Access
// Request, and defines the underlying roles which will be requested as part
// of any Resource Access Request.
SetSearchAsRoles(RoleConditionType, []string)
// GetPreviewAsRoles returns the list of extra roles which should apply to a
// reviewer while they are viewing a Resource Access Request for the
// purposes of viewing details such as the hostname and labels of requested
// resources.
GetPreviewAsRoles(RoleConditionType) []string
// SetPreviewAsRoles sets the list of extra roles which should apply to a
// reviewer while they are viewing a Resource Access Request for the
// purposes of viewing details such as the hostname and labels of requested
// resources.
SetPreviewAsRoles(RoleConditionType, []string)
// GetHostGroups gets the list of groups this role is put in when users are provisioned
GetHostGroups(RoleConditionType) []string
// SetHostGroups sets the list of groups this role is put in when users are provisioned
SetHostGroups(RoleConditionType, []string)
// GetDesktopGroups gets the list of groups this role is put in when desktop users are provisioned
GetDesktopGroups(RoleConditionType) []string
// SetDesktopGroups sets the list of groups this role is put in when desktop users are provisioned
SetDesktopGroups(RoleConditionType, []string)
// GetHostSudoers gets the list of sudoers entries for the role
GetHostSudoers(RoleConditionType) []string
// SetHostSudoers sets the list of sudoers entries for the role
SetHostSudoers(RoleConditionType, []string)
// GetPrivateKeyPolicy returns the private key policy enforced for this role.
GetPrivateKeyPolicy() keys.PrivateKeyPolicy
// GetDatabaseServiceLabels gets the map of db service labels this role is allowed or denied access to.
GetDatabaseServiceLabels(RoleConditionType) Labels
// SetDatabaseServiceLabels sets the map of db service labels this role is allowed or denied access to.
SetDatabaseServiceLabels(RoleConditionType, Labels)
// GetGroupLabels gets the map of group labels this role is allowed or denied access to.
GetGroupLabels(RoleConditionType) Labels
// SetGroupLabels sets the map of group labels this role is allowed or denied access to.
SetGroupLabels(RoleConditionType, Labels)
// GetSPIFFEConditions returns the allow or deny SPIFFERoleCondition.
GetSPIFFEConditions(rct RoleConditionType) []*SPIFFERoleCondition
// SetSPIFFEConditions sets the allow or deny SPIFFERoleCondition.
SetSPIFFEConditions(rct RoleConditionType, cond []*SPIFFERoleCondition)
// GetGitHubPermissions returns the allow or deny GitHub-related permissions.
GetGitHubPermissions(RoleConditionType) []GitHubPermission
// SetGitHubPermissions sets the allow or deny GitHub-related permissions.
SetGitHubPermissions(RoleConditionType, []GitHubPermission)
// GetIdentityCenterAccountAssignments fetches the allow or deny Account
// Assignments for the role
GetIdentityCenterAccountAssignments(RoleConditionType) []IdentityCenterAccountAssignment
// GetIdentityCenterAccountAssignments sets the allow or deny Account
// Assignments for the role
SetIdentityCenterAccountAssignments(RoleConditionType, []IdentityCenterAccountAssignment)
// GetMCPPermissions returns the allow or deny MCP permissions.
GetMCPPermissions(RoleConditionType) *MCPPermissions
// SetMCPPermissions sets the allow or deny MCP permissions.
SetMCPPermissions(RoleConditionType, *MCPPermissions)
// Clone creats a copy of the role.
Clone() Role
}
// DefaultRoleVersion for NewRole() and test helpers.
// When incrementing the role version, make sure to update the
// role version in the asset file used by the UI.
// See: web/packages/teleport/src/Roles/templates/role.yaml
const DefaultRoleVersion = V8
// NewRole constructs new standard V8 role.
// This creates a V8 role with V4+ RBAC semantics.
func NewRole(name string, spec RoleSpecV6) (Role, error) {
role, err := NewRoleWithVersion(name, DefaultRoleVersion, spec)
return role, trace.Wrap(err)
}
// NewRoleWithVersion constructs new standard role with the version specified.
func NewRoleWithVersion(name string, version string, spec RoleSpecV6) (Role, error) {
role := RoleV6{
Version: version,
Metadata: Metadata{
Name: name,
},
Spec: spec,
}
if err := role.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return &role, nil
}
// RoleConditionType specifies if it's an allow rule (true) or deny rule (false).
type RoleConditionType bool
const (
// Allow is the set of conditions that allow access.
Allow RoleConditionType = true
// Deny is the set of conditions that prevent access.
Deny RoleConditionType = false
)
// GetVersion returns resource version
func (r *RoleV6) GetVersion() string {
return r.Version
}
// GetKind returns resource kind
func (r *RoleV6) GetKind() string {
return r.Kind
}
// GetSubKind returns resource sub kind
func (r *RoleV6) GetSubKind() string {
return r.SubKind
}
// SetSubKind sets resource subkind
func (r *RoleV6) SetSubKind(s string) {
r.SubKind = s
}
// GetRevision returns the revision
func (r *RoleV6) GetRevision() string {
return r.Metadata.GetRevision()
}
// SetRevision sets the revision
func (r *RoleV6) SetRevision(rev string) {
r.Metadata.SetRevision(rev)
}
// SetExpiry sets expiry time for the object.
func (r *RoleV6) SetExpiry(expires time.Time) {
r.Metadata.SetExpiry(expires)
}
// Expiry returns the expiry time for the object.
func (r *RoleV6) Expiry() time.Time {
return r.Metadata.Expiry()
}
// SetName sets the role name and is a shortcut for SetMetadata().Name.
func (r *RoleV6) SetName(s string) {
r.Metadata.Name = s
}
// GetName gets the role name and is a shortcut for GetMetadata().Name.
func (r *RoleV6) GetName() string {
return r.Metadata.Name
}
// GetMetadata returns role metadata.
func (r *RoleV6) GetMetadata() Metadata {
return r.Metadata
}
// SetMetadata sets role metadata
func (r *RoleV6) SetMetadata(meta Metadata) {
r.Metadata = meta
}
// GetOptions gets role options.
func (r *RoleV6) GetOptions() RoleOptions {
return r.Spec.Options
}
// SetOptions sets role options.
func (r *RoleV6) SetOptions(options RoleOptions) {
r.Spec.Options = options
}
// GetCreateDatabaseUserMode gets the create database user mode option.
func (r *RoleV6) GetCreateDatabaseUserMode() CreateDatabaseUserMode {
if r.Spec.Options.CreateDatabaseUserMode != CreateDatabaseUserMode_DB_USER_MODE_UNSPECIFIED {
return r.Spec.Options.CreateDatabaseUserMode
}
// To keep backwards compatibility, look at the create database user option.
if r.Spec.Options.CreateDatabaseUser != nil && r.Spec.Options.CreateDatabaseUser.Value {
return CreateDatabaseUserMode_DB_USER_MODE_KEEP
}
return CreateDatabaseUserMode_DB_USER_MODE_OFF
}
// GetLogins gets system logins for allow or deny condition.
func (r *RoleV6) GetLogins(rct RoleConditionType) []string {
if rct == Allow {
return r.Spec.Allow.Logins
}
return r.Spec.Deny.Logins
}
// SetLogins sets system logins for allow or deny condition.
func (r *RoleV6) SetLogins(rct RoleConditionType, logins []string) {
lcopy := slices.Clone(logins)
if rct == Allow {
r.Spec.Allow.Logins = lcopy
} else {
r.Spec.Deny.Logins = lcopy
}
}
// GetKubeGroups returns kubernetes groups
func (r *RoleV6) GetKubeGroups(rct RoleConditionType) []string {
if rct == Allow {
return r.Spec.Allow.KubeGroups
}
return r.Spec.Deny.KubeGroups
}
// SetKubeGroups sets kubernetes groups for allow or deny condition.
func (r *RoleV6) SetKubeGroups(rct RoleConditionType, groups []string) {
lcopy := slices.Clone(groups)
if rct == Allow {
r.Spec.Allow.KubeGroups = lcopy
} else {
r.Spec.Deny.KubeGroups = lcopy
}
}
// GetKubeResources returns the Kubernetes Resources this role grants
// access to.
func (r *RoleV6) GetKubeResources(rct RoleConditionType) []KubernetesResource {
if rct == Allow {
out := r.convertAllowKubernetesResourcesBetweenRoleVersions(r.Spec.Allow.KubernetesResources)
// We need to support `kubectl auth can-i` as we prompt the user to use this when they get an access denied error.
// Inject a selfsubjectaccessreviews resource to allow for it. It can still be explicitly denied by the role if
// set in the `deny` section.
out = append(out, KubernetesResourceSelfSubjectAccessReview)
return out
}
return r.convertKubernetesResourcesBetweenRoleVersions(r.Spec.Deny.KubernetesResources)
}
// convertKubernetesResourcesBetweenRoleVersions converts Kubernetes resources between role versions.
// This is required to keep compatibility between role versions to avoid breaking changes
// when using an older role version.
//
// For roles v8, it returns the list as it is.
//
// For roles <=v7, it maps the legacy teleport Kinds to k8s plurals and sets the APIGroup to wildcard.
//
// Must be in sync with RoleV6.convertRequestKubernetesResourcesBetweenRoleVersions.
func (r *RoleV6) convertKubernetesResourcesBetweenRoleVersions(resources []KubernetesResource) []KubernetesResource {
switch r.Version {
case V8:
return resources
default:
v7resources := slices.Clone(resources)
var extraResources []KubernetesResource
for i, r := range v7resources {
// "namespace" kind used to mean "namespaces" and all resources in the namespace.
// It is now represented by 'namespaces' for the resource itself and wildcard for
// all resources in the namespace.
if r.Kind == KindKubeNamespace {
r.Kind = Wildcard
if r.Name == Wildcard {
r.Namespace = "^.+$"
} else {
r.Namespace = r.Name
}
r.Name = Wildcard
r.APIGroup = Wildcard
v7resources[i] = r
extraResources = append(extraResources, KubernetesResource{
Kind: "namespaces",
Name: r.Namespace,
Verbs: r.Verbs,
})
continue
}
// The namespace field was ignored in v7 for global resources.
if r.Namespace != "" && slices.Contains(KubernetesClusterWideResourceKinds, r.Kind) {
r.Namespace = ""
}
if k, ok := KubernetesResourcesKindsPlurals[r.Kind]; ok { // Can be empty if the kind is a wildcard.
r.APIGroup = KubernetesResourcesV7KindGroups[r.Kind]
r.Kind = k
} else {
r.APIGroup = Wildcard
}
v7resources[i] = r
if r.Kind == Wildcard { // If we have a wildcard, inject the clusterwide resources.
for _, elem := range KubernetesClusterWideResourceKinds {
if elem == KindKubeNamespace { // Namespace is handled separately.
continue
}
extraResources = append(extraResources, KubernetesResource{
Kind: KubernetesResourcesKindsPlurals[elem],
Name: r.Name,
Verbs: r.Verbs,
APIGroup: Wildcard,
})
}
}
}
return append(v7resources, extraResources...)
}
}
// convertAllowKubeResourcesBetweenRoleVersions converts Kubernetes resources between role versions.
// This is required to keep compatibility between role versions to avoid breaking changes
// when using an older role version.
//
// For roles v8, it returns the list as it is.
//
// For roles v7, if we have a Wildcard kind, add the v7 cluster-wide resources to maintain
// the existing behavior as in Teleport <=v17, those resources ignored the namespace value
// of the rbac entry. Earlier roles didn't support wildcard so it is not a concern.
//
// For roles v7, if we have a "namespace" kind, map it to a wildcard + namespaces kind.
//
// For roles <=v7, it sets the APIGroup to wildcard for all resources and maps the legacy
// teleport Kinds to k8s plurals.
//
// For older roles <v7, if the kind is pod and name and namespace are wildcards,
// then return a wildcard resource since RoleV6 and below do not restrict access
// to other resources. This is a simple optimization to reduce the number of resources.
//
// Finally, if the older role version is not a wildcard, then it returns the pod resources as is
// and append the other supported resources - KubernetesResourcesKinds - for Role v8.
func (r *RoleV6) convertAllowKubernetesResourcesBetweenRoleVersions(resources []KubernetesResource) []KubernetesResource {
switch r.Version {
case V7, V8:
// V7 and v8 uses the same logic for allow and deny.
return r.convertKubernetesResourcesBetweenRoleVersions(resources)
// Teleport does not support role versions < v3.
case V6, V5, V4, V3:
switch {
// If role does not have kube labels, return empty list since it won't match
// any kubernetes cluster.
case !r.HasLabelMatchers(Allow, KindKubernetesCluster):
return nil
// If role is not V7 and resources is wildcard, return wildcard for kind as well.
// This is an optimization to avoid appending multiple resources.
// This check ignores the Kind field because `validateKubeResources` ensures
// that for older roles, the Kind field can only be pod.
case len(resources) == 1 && resources[0].Name == Wildcard && resources[0].Namespace == Wildcard:
return []KubernetesResource{{Kind: Wildcard, Name: Wildcard, Namespace: Wildcard, Verbs: []string{Wildcard}, APIGroup: Wildcard}}
default:
v6resources := slices.Clone(resources)
for i, r := range v6resources {
if k, ok := KubernetesResourcesKindsPlurals[r.Kind]; ok {
r.APIGroup = KubernetesResourcesV7KindGroups[r.Kind]
r.Kind = k
} else {
r.APIGroup = Wildcard
}
v6resources[i] = r
}
for _, resource := range KubernetesResourcesKinds { // Iterate over the list to have deterministic order.
group := KubernetesResourcesV7KindGroups[resource]
resource = KubernetesResourcesKindsPlurals[resource]
// Ignore Pod resources for older roles because Pods were already supported
// so we don't need to keep backwards compatibility for them.
// Also ignore Namespace resources because it grants access to all resources
// in the namespace.
if resource == "pods" || resource == "namespaces" {
continue
}
v6resources = append(v6resources, KubernetesResource{Kind: resource, Name: Wildcard, Namespace: Wildcard, Verbs: []string{Wildcard}, APIGroup: group})
}
return v6resources
}
default:
return nil
}
}
// SetKubeResources configures the Kubernetes Resources for the RoleConditionType.
func (r *RoleV6) SetKubeResources(rct RoleConditionType, pods []KubernetesResource) {
if rct == Allow {
r.Spec.Allow.KubernetesResources = pods
} else {
r.Spec.Deny.KubernetesResources = pods
}
}
// GetRequestKubernetesResources returns the upgraded request kubernetes resources.
func (r *RoleV6) GetRequestKubernetesResources(rct RoleConditionType) []RequestKubernetesResource {
if rct == Allow {
if r.Spec.Allow.Request == nil {
return nil
}
return r.convertRequestKubernetesResourcesBetweenRoleVersions(r.Spec.Allow.Request.KubernetesResources)
}
if r.Spec.Deny.Request == nil {
return nil
}
return r.convertRequestKubernetesResourcesBetweenRoleVersions(r.Spec.Deny.Request.KubernetesResources)
}
// SetRequestKubernetesResources sets the request kubernetes resources.
func (r *RoleV6) SetRequestKubernetesResources(rct RoleConditionType, resources []RequestKubernetesResource) {
roleConditions := &r.Spec.Allow
if rct == Deny {
roleConditions = &r.Spec.Deny
}
if roleConditions.Request == nil {
roleConditions.Request = &AccessRequestConditions{}
}
roleConditions.Request.KubernetesResources = resources
}
// GetKubeUsers returns kubernetes users
func (r *RoleV6) GetKubeUsers(rct RoleConditionType) []string {
if rct == Allow {
return r.Spec.Allow.KubeUsers
}
return r.Spec.Deny.KubeUsers
}
// SetKubeUsers sets kubernetes user for allow or deny condition.
func (r *RoleV6) SetKubeUsers(rct RoleConditionType, users []string) {
lcopy := slices.Clone(users)
if rct == Allow {
r.Spec.Allow.KubeUsers = lcopy
} else {
r.Spec.Deny.KubeUsers = lcopy
}
}
// GetAccessRequestConditions gets conditions for access requests.
func (r *RoleV6) GetAccessRequestConditions(rct RoleConditionType) AccessRequestConditions {
cond := r.Spec.Deny.Request
if rct == Allow {
cond = r.Spec.Allow.Request
}
if cond == nil {
return AccessRequestConditions{}
}
return *cond
}
// convertRequestKubernetesResourcesBetweenRoleVersions converts Access Request Kubernetes resources between role versions.
//
// This is required to keep compatibility between role versions to avoid breaking changes
// when using an older role version.
//
// For roles v8, it returns the list as it is.
//
// For roles <=v7, it maps the legacy teleport Kinds to k8s plurals and sets the APIGroup to wildcard.
//
// Must be in sync with RoleV6.convertDenyKubernetesResourcesBetweenRoleVersions.
func (r *RoleV6) convertRequestKubernetesResourcesBetweenRoleVersions(resources []RequestKubernetesResource) []RequestKubernetesResource {
if len(resources) == 0 {
return nil
}
switch r.Version {
case V8:
return resources
default:
v7resources := slices.Clone(resources)
for i, r := range v7resources {
if k, ok := KubernetesResourcesKindsPlurals[r.Kind]; ok { // Can be empty if the kind is a wildcard.
r.APIGroup = KubernetesResourcesV7KindGroups[r.Kind]
r.Kind = k
} else if r.Kind == KindKubeNamespace {
r.Kind = "namespaces"
} else {
r.APIGroup = Wildcard
}
v7resources[i] = r
}
return v7resources
}
}
// SetAccessRequestConditions sets allow/deny conditions for access requests.
func (r *RoleV6) SetAccessRequestConditions(rct RoleConditionType, cond AccessRequestConditions) {
if rct == Allow {
r.Spec.Allow.Request = &cond
} else {
r.Spec.Deny.Request = &cond
}
}
// GetAccessReviewConditions gets conditions for access reviews.
func (r *RoleV6) GetAccessReviewConditions(rct RoleConditionType) AccessReviewConditions {
cond := r.Spec.Deny.ReviewRequests
if rct == Allow {
cond = r.Spec.Allow.ReviewRequests
}
if cond == nil {
return AccessReviewConditions{}
}
return *cond
}
// SetAccessReviewConditions sets allow/deny conditions for access reviews.
func (r *RoleV6) SetAccessReviewConditions(rct RoleConditionType, cond AccessReviewConditions) {
if rct == Allow {
r.Spec.Allow.ReviewRequests = &cond
} else {
r.Spec.Deny.ReviewRequests = &cond
}
}
// GetNamespaces gets a list of namespaces this role is allowed or denied access to.
func (r *RoleV6) GetNamespaces(rct RoleConditionType) []string {
if rct == Allow {
return r.Spec.Allow.Namespaces
}
return r.Spec.Deny.Namespaces
}
// SetNamespaces sets a list of namespaces this role is allowed or denied access to.
func (r *RoleV6) SetNamespaces(rct RoleConditionType, namespaces []string) {
ncopy := slices.Clone(namespaces)
if rct == Allow {
r.Spec.Allow.Namespaces = ncopy
} else {
r.Spec.Deny.Namespaces = ncopy
}
}
// GetNodeLabels gets the map of node labels this role is allowed or denied access to.
func (r *RoleV6) GetNodeLabels(rct RoleConditionType) Labels {
if rct == Allow {
return r.Spec.Allow.NodeLabels
}
return r.Spec.Deny.NodeLabels
}
// SetNodeLabels sets the map of node labels this role is allowed or denied access to.
func (r *RoleV6) SetNodeLabels(rct RoleConditionType, labels Labels) {
if rct == Allow {
r.Spec.Allow.NodeLabels = labels.Clone()
} else {
r.Spec.Deny.NodeLabels = labels.Clone()
}
}
// GetWorkloadIdentityLabels gets the map of WorkloadIdentity labels for
// allow or deny.
func (r *RoleV6) GetWorkloadIdentityLabels(rct RoleConditionType) Labels {
if rct == Allow {
return r.Spec.Allow.WorkloadIdentityLabels
}
return r.Spec.Deny.WorkloadIdentityLabels
}
// SetWorkloadIdentityLabels sets the map of WorkloadIdentity labels this role
// is allowed or denied access to.
func (r *RoleV6) SetWorkloadIdentityLabels(rct RoleConditionType, labels Labels) {
if rct == Allow {
r.Spec.Allow.WorkloadIdentityLabels = labels.Clone()
} else {
r.Spec.Deny.WorkloadIdentityLabels = labels.Clone()
}
}
// GetAppLabels gets the map of app labels this role is allowed or denied access to.
func (r *RoleV6) GetAppLabels(rct RoleConditionType) Labels {
if rct == Allow {
return r.Spec.Allow.AppLabels
}
return r.Spec.Deny.AppLabels
}
// SetAppLabels sets the map of node labels this role is allowed or denied access to.
func (r *RoleV6) SetAppLabels(rct RoleConditionType, labels Labels) {
if rct == Allow {
r.Spec.Allow.AppLabels = labels.Clone()
} else {
r.Spec.Deny.AppLabels = labels.Clone()
}
}
// GetClusterLabels gets the map of cluster labels this role is allowed or denied access to.
func (r *RoleV6) GetClusterLabels(rct RoleConditionType) Labels {
if rct == Allow {
return r.Spec.Allow.ClusterLabels
}
return r.Spec.Deny.ClusterLabels
}
// SetClusterLabels sets the map of cluster labels this role is allowed or denied access to.
func (r *RoleV6) SetClusterLabels(rct RoleConditionType, labels Labels) {
if rct == Allow {
r.Spec.Allow.ClusterLabels = labels.Clone()
} else {
r.Spec.Deny.ClusterLabels = labels.Clone()
}
}
// GetKubernetesLabels gets the map of app labels this role is allowed or denied access to.
func (r *RoleV6) GetKubernetesLabels(rct RoleConditionType) Labels {
if rct == Allow {
return r.Spec.Allow.KubernetesLabels
}
return r.Spec.Deny.KubernetesLabels
}
// SetKubernetesLabels sets the map of node labels this role is allowed or denied access to.
func (r *RoleV6) SetKubernetesLabels(rct RoleConditionType, labels Labels) {
if rct == Allow {
r.Spec.Allow.KubernetesLabels = labels.Clone()
} else {
r.Spec.Deny.KubernetesLabels = labels.Clone()
}
}
// GetDatabaseServiceLabels gets the map of db service labels this role is allowed or denied access to.
func (r *RoleV6) GetDatabaseServiceLabels(rct RoleConditionType) Labels {
if rct == Allow {
return r.Spec.Allow.DatabaseServiceLabels
}
return r.Spec.Deny.DatabaseServiceLabels
}
// SetDatabaseServiceLabels sets the map of db service labels this role is allowed or denied access to.
func (r *RoleV6) SetDatabaseServiceLabels(rct RoleConditionType, labels Labels) {
if rct == Allow {
r.Spec.Allow.DatabaseServiceLabels = labels.Clone()
} else {
r.Spec.Deny.DatabaseServiceLabels = labels.Clone()
}
}
// GetDatabaseLabels gets the map of db labels this role is allowed or denied access to.
func (r *RoleV6) GetDatabaseLabels(rct RoleConditionType) Labels {
if rct == Allow {
return r.Spec.Allow.DatabaseLabels
}
return r.Spec.Deny.DatabaseLabels
}
// SetDatabaseLabels sets the map of db labels this role is allowed or denied access to.
func (r *RoleV6) SetDatabaseLabels(rct RoleConditionType, labels Labels) {
if rct == Allow {
r.Spec.Allow.DatabaseLabels = labels.Clone()
} else {
r.Spec.Deny.DatabaseLabels = labels.Clone()
}
}
// GetDatabaseNames gets a list of database names this role is allowed or denied access to.
func (r *RoleV6) GetDatabaseNames(rct RoleConditionType) []string {
if rct == Allow {
return r.Spec.Allow.DatabaseNames
}
return r.Spec.Deny.DatabaseNames
}
// SetDatabaseNames sets a list of database names this role is allowed or denied access to.
func (r *RoleV6) SetDatabaseNames(rct RoleConditionType, values []string) {
if rct == Allow {
r.Spec.Allow.DatabaseNames = values
} else {
r.Spec.Deny.DatabaseNames = values
}
}
// GetDatabaseUsers gets a list of database users this role is allowed or denied access to.
func (r *RoleV6) GetDatabaseUsers(rct RoleConditionType) []string {
if rct == Allow {
return r.Spec.Allow.DatabaseUsers
}
return r.Spec.Deny.DatabaseUsers
}
// SetDatabaseUsers sets a list of database users this role is allowed or denied access to.
func (r *RoleV6) SetDatabaseUsers(rct RoleConditionType, values []string) {
if rct == Allow {
r.Spec.Allow.DatabaseUsers = values
} else {
r.Spec.Deny.DatabaseUsers = values
}
}
// GetDatabaseRoles gets a list of database roles for auto-provisioned users.
func (r *RoleV6) GetDatabaseRoles(rct RoleConditionType) []string {
if rct == Allow {
return r.Spec.Allow.DatabaseRoles
}
return r.Spec.Deny.DatabaseRoles
}
// SetDatabaseRoles sets a list of database roles for auto-provisioned users.
func (r *RoleV6) SetDatabaseRoles(rct RoleConditionType, values []string) {
if rct == Allow {
r.Spec.Allow.DatabaseRoles = values
} else {
r.Spec.Deny.DatabaseRoles = values
}
}
// GetDatabasePermissions gets a list of database permissions for auto-provisioned users.
func (r *RoleV6) GetDatabasePermissions(rct RoleConditionType) DatabasePermissions {
if rct == Allow {
return r.Spec.Allow.DatabasePermissions
}
return r.Spec.Deny.DatabasePermissions
}
// SetDatabasePermissions sets a list of database permissions for auto-provisioned users.
func (r *RoleV6) SetDatabasePermissions(rct RoleConditionType, values DatabasePermissions) {
if rct == Allow {
r.Spec.Allow.DatabasePermissions = values
} else {
r.Spec.Deny.DatabasePermissions = values
}
}
// GetImpersonateConditions returns conditions this role is allowed or denied to impersonate.
func (r *RoleV6) GetImpersonateConditions(rct RoleConditionType) ImpersonateConditions {
cond := r.Spec.Deny.Impersonate
if rct == Allow {
cond = r.Spec.Allow.Impersonate
}
if cond == nil {
return ImpersonateConditions{}
}
return *cond
}
// SetImpersonateConditions sets conditions this role is allowed or denied to impersonate.
func (r *RoleV6) SetImpersonateConditions(rct RoleConditionType, cond ImpersonateConditions) {
if rct == Allow {
r.Spec.Allow.Impersonate = &cond
} else {
r.Spec.Deny.Impersonate = &cond
}
}
// GetAWSRoleARNs returns a list of AWS role ARNs this role is allowed to impersonate.
func (r *RoleV6) GetAWSRoleARNs(rct RoleConditionType) []string {
if rct == Allow {
return r.Spec.Allow.AWSRoleARNs
}
return r.Spec.Deny.AWSRoleARNs
}
// SetAWSRoleARNs sets a list of AWS role ARNs this role is allowed to impersonate.
func (r *RoleV6) SetAWSRoleARNs(rct RoleConditionType, arns []string) {
if rct == Allow {
r.Spec.Allow.AWSRoleARNs = arns
} else {
r.Spec.Deny.AWSRoleARNs = arns
}
}
// GetAzureIdentities returns a list of Azure identities this role is allowed to assume.
func (r *RoleV6) GetAzureIdentities(rct RoleConditionType) []string {
if rct == Allow {
return r.Spec.Allow.AzureIdentities
}
return r.Spec.Deny.AzureIdentities
}
// SetAzureIdentities sets a list of Azure identities this role is allowed to assume.
func (r *RoleV6) SetAzureIdentities(rct RoleConditionType, identities []string) {
if rct == Allow {
r.Spec.Allow.AzureIdentities = identities
} else {
r.Spec.Deny.AzureIdentities = identities
}
}
// GetGCPServiceAccounts returns a list of GCP service accounts this role is allowed to assume.
func (r *RoleV6) GetGCPServiceAccounts(rct RoleConditionType) []string {
if rct == Allow {
return r.Spec.Allow.GCPServiceAccounts
}
return r.Spec.Deny.GCPServiceAccounts
}
// SetGCPServiceAccounts sets a list of GCP service accounts this role is allowed to assume.
func (r *RoleV6) SetGCPServiceAccounts(rct RoleConditionType, accounts []string) {
if rct == Allow {
r.Spec.Allow.GCPServiceAccounts = accounts
} else {
r.Spec.Deny.GCPServiceAccounts = accounts
}
}
// GetWindowsDesktopLabels gets the desktop labels this role is allowed or denied access to.
func (r *RoleV6) GetWindowsDesktopLabels(rct RoleConditionType) Labels {
if rct == Allow {
return r.Spec.Allow.WindowsDesktopLabels
}
return r.Spec.Deny.WindowsDesktopLabels
}
// SetWindowsDesktopLabels sets the desktop labels this role is allowed or denied access to.
func (r *RoleV6) SetWindowsDesktopLabels(rct RoleConditionType, labels Labels) {
if rct == Allow {
r.Spec.Allow.WindowsDesktopLabels = labels.Clone()
} else {
r.Spec.Deny.WindowsDesktopLabels = labels.Clone()
}
}
// GetWindowsLogins gets Windows desktop logins for the role's allow or deny condition.
func (r *RoleV6) GetWindowsLogins(rct RoleConditionType) []string {
if rct == Allow {
return r.Spec.Allow.WindowsDesktopLogins
}
return r.Spec.Deny.WindowsDesktopLogins
}
// SetWindowsLogins sets Windows desktop logins for the role's allow or deny condition.
func (r *RoleV6) SetWindowsLogins(rct RoleConditionType, logins []string) {
lcopy := slices.Clone(logins)
if rct == Allow {
r.Spec.Allow.WindowsDesktopLogins = lcopy
} else {
r.Spec.Deny.WindowsDesktopLogins = lcopy
}
}
// GetRules gets all allow or deny rules.
func (r *RoleV6) GetRules(rct RoleConditionType) []Rule {
if rct == Allow {
return r.Spec.Allow.Rules
}
return r.Spec.Deny.Rules
}
// SetRules sets an allow or deny rule.
func (r *RoleV6) SetRules(rct RoleConditionType, in []Rule) {
rcopy := CopyRulesSlice(in)
if rct == Allow {
r.Spec.Allow.Rules = rcopy
} else {
r.Spec.Deny.Rules = rcopy
}
}
// GetHostGroups gets all groups for provisioned user
func (r *RoleV6) GetHostGroups(rct RoleConditionType) []string {
if rct == Allow {
return r.Spec.Allow.HostGroups
}
return r.Spec.Deny.HostGroups
}
// SetHostGroups sets all groups for provisioned user
func (r *RoleV6) SetHostGroups(rct RoleConditionType, groups []string) {
ncopy := slices.Clone(groups)
if rct == Allow {
r.Spec.Allow.HostGroups = ncopy
} else {
r.Spec.Deny.HostGroups = ncopy
}
}
// GetDesktopGroups gets all groups for provisioned user
func (r *RoleV6) GetDesktopGroups(rct RoleConditionType) []string {
if rct == Allow {
return r.Spec.Allow.DesktopGroups
}
return r.Spec.Deny.DesktopGroups
}
// SetDesktopGroups sets all groups for provisioned user
func (r *RoleV6) SetDesktopGroups(rct RoleConditionType, groups []string) {
ncopy := slices.Clone(groups)
if rct == Allow {
r.Spec.Allow.DesktopGroups = ncopy
} else {
r.Spec.Deny.DesktopGroups = ncopy
}
}
// GetHostSudoers gets the list of sudoers entries for the role
func (r *RoleV6) GetHostSudoers(rct RoleConditionType) []string {
if rct == Allow {
return r.Spec.Allow.HostSudoers
}
return r.Spec.Deny.HostSudoers
}
// GetHostSudoers sets the list of sudoers entries for the role
func (r *RoleV6) SetHostSudoers(rct RoleConditionType, sudoers []string) {
ncopy := slices.Clone(sudoers)
if rct == Allow {
r.Spec.Allow.HostSudoers = ncopy
} else {
r.Spec.Deny.HostSudoers = ncopy
}
}
// GetSPIFFEConditions returns the allow or deny SPIFFERoleCondition.
func (r *RoleV6) GetSPIFFEConditions(rct RoleConditionType) []*SPIFFERoleCondition {
if rct == Allow {
return r.Spec.Allow.SPIFFE
}
return r.Spec.Deny.SPIFFE
}
// SetSPIFFEConditions sets the allow or deny SPIFFERoleCondition.
func (r *RoleV6) SetSPIFFEConditions(rct RoleConditionType, cond []*SPIFFERoleCondition) {
if rct == Allow {
r.Spec.Allow.SPIFFE = cond
} else {
r.Spec.Deny.SPIFFE = cond
}
}
// GetGitHubPermissions returns the allow or deny GitHubPermission.
func (r *RoleV6) GetGitHubPermissions(rct RoleConditionType) []GitHubPermission {
if rct == Allow {
return r.Spec.Allow.GitHubPermissions
}
return r.Spec.Deny.GitHubPermissions
}
// SetGitHubPermissions sets the allow or deny GitHubPermission.
func (r *RoleV6) SetGitHubPermissions(rct RoleConditionType, perms []GitHubPermission) {
if rct == Allow {
r.Spec.Allow.GitHubPermissions = perms
} else {
r.Spec.Deny.GitHubPermissions = perms
}
}
// GetPrivateKeyPolicy returns the private key policy enforced for this role.
func (r *RoleV6) GetPrivateKeyPolicy() keys.PrivateKeyPolicy {
switch r.Spec.Options.RequireMFAType {
case RequireMFAType_SESSION_AND_HARDWARE_KEY:
return keys.PrivateKeyPolicyHardwareKey
case RequireMFAType_HARDWARE_KEY_TOUCH:
return keys.PrivateKeyPolicyHardwareKeyTouch
case RequireMFAType_HARDWARE_KEY_PIN:
return keys.PrivateKeyPolicyHardwareKeyPIN
case RequireMFAType_HARDWARE_KEY_TOUCH_AND_PIN:
return keys.PrivateKeyPolicyHardwareKeyTouchAndPIN
default:
return keys.PrivateKeyPolicyNone
}
}
// setStaticFields sets static resource header and metadata fields.
func (r *RoleV6) setStaticFields() {
r.Kind = KindRole
if r.Version != V3 && r.Version != V4 && r.Version != V5 && r.Version != V6 && r.Version != V7 {
// When incrementing the role version, make sure to update the
// role version in the asset file used by the UI.
// See: web/packages/teleport/src/Roles/templates/role.yaml
r.Version = V8
}
}
// GetGroupLabels gets the map of group labels this role is allowed or denied access to.
func (r *RoleV6) GetGroupLabels(rct RoleConditionType) Labels {
if rct == Allow {
return r.Spec.Allow.GroupLabels
}
return r.Spec.Deny.GroupLabels
}
// SetGroupLabels sets the map of group labels this role is allowed or denied access to.
func (r *RoleV6) SetGroupLabels(rct RoleConditionType, labels Labels) {
if rct == Allow {
r.Spec.Allow.GroupLabels = labels.Clone()
} else {
r.Spec.Deny.GroupLabels = labels.Clone()
}
}
// CheckAndSetDefaults checks validity of all fields and sets defaults
func (c *SPIFFERoleCondition) CheckAndSetDefaults() error {
if c.Path == "" {
return trace.BadParameter("path: should be non-empty")
}
isRegex := strings.HasPrefix(c.Path, "^") && strings.HasSuffix(c.Path, "$")
if !strings.HasPrefix(c.Path, "/") && !isRegex {
return trace.BadParameter(
"path: should start with / or be a regex expression starting with ^ and ending with $",
)
}
for i, str := range c.IPSANs {
if _, _, err := net.ParseCIDR(str); err != nil {
return trace.BadParameter(
"validating ip_sans[%d]: %s", i, err.Error(),
)
}
}
return nil
}
// CheckAndSetDefaults checks validity of all parameters and sets defaults.
// Must be kept in sync with
// `web/packages/teleport/src/Roles/RoleEditor/withDefaults.ts`.
func (r *RoleV6) CheckAndSetDefaults() error {
r.setStaticFields()
if err := r.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
// Make sure all fields have defaults.
if r.Spec.Options.CertificateFormat == "" {
r.Spec.Options.CertificateFormat = constants.CertificateFormatStandard
}
if r.Spec.Options.MaxSessionTTL.Value() == 0 {
r.Spec.Options.MaxSessionTTL = NewDuration(defaults.MaxCertDuration)
}
if len(r.Spec.Options.BPF) == 0 {
r.Spec.Options.BPF = defaults.EnhancedEvents()
}
if err := checkAndSetRoleConditionNamespaces(&r.Spec.Allow.Namespaces); err != nil {
// Using trace.BadParameter instead of trace.Wrap for a better error message.
return trace.BadParameter("allow: %s", err)
}
if r.Spec.Options.RecordSession == nil {
r.Spec.Options.RecordSession = &RecordSession{
Desktop: NewBoolOption(true),
Default: constants.SessionRecordingModeBestEffort,
}
}
if r.Spec.Options.DesktopClipboard == nil {
r.Spec.Options.DesktopClipboard = NewBoolOption(true)
}
if r.Spec.Options.DesktopDirectorySharing == nil {
r.Spec.Options.DesktopDirectorySharing = NewBoolOption(true)
}
if r.Spec.Options.CreateDesktopUser == nil {
r.Spec.Options.CreateDesktopUser = NewBoolOption(false)
}
if r.Spec.Options.CreateDatabaseUser == nil {
r.Spec.Options.CreateDatabaseUser = NewBoolOption(false)
}
if r.Spec.Options.SSHFileCopy == nil {
r.Spec.Options.SSHFileCopy = NewBoolOption(true)
}
if r.Spec.Options.IDP == nil {
if IsLegacySAMLRBAC(r.GetVersion()) {
// By default, allow users to access the IdP.
r.Spec.Options.IDP = &IdPOptions{
SAML: &IdPSAMLOptions{
Enabled: NewBoolOption(true),
},
}
}
}
if _, ok := CreateHostUserMode_name[int32(r.Spec.Options.CreateHostUserMode)]; !ok {
return trace.BadParameter("invalid host user mode %q, expected one of off, drop or keep", r.Spec.Options.CreateHostUserMode)
}
switch r.Version {
case V3:
if r.Spec.Allow.NodeLabels == nil {
if len(r.Spec.Allow.Logins) == 0 {
// no logins implies no node access
r.Spec.Allow.NodeLabels = Labels{}
} else {
r.Spec.Allow.NodeLabels = Labels{Wildcard: []string{Wildcard}}
}
}
if r.Spec.Allow.AppLabels == nil {
r.Spec.Allow.AppLabels = Labels{Wildcard: []string{Wildcard}}
}
if r.Spec.Allow.KubernetesLabels == nil {
r.Spec.Allow.KubernetesLabels = Labels{Wildcard: []string{Wildcard}}
}
if r.Spec.Allow.DatabaseLabels == nil {
r.Spec.Allow.DatabaseLabels = Labels{Wildcard: []string{Wildcard}}
}
fallthrough
case V4, V5:
// Labels default to nil/empty for v4+ roles
// Allow unrestricted access to all pods.
if len(r.Spec.Allow.KubernetesResources) == 0 && r.HasLabelMatchers(Allow, KindKubernetesCluster) {
r.Spec.Allow.KubernetesResources = []KubernetesResource{
{
Kind: KindKubePod,
Namespace: Wildcard,
Name: Wildcard,
},
}
}
fallthrough
case V6:
setDefaultKubernetesVerbs(&r.Spec)
if err := validateRoleSpecKubeResources(r.Version, r.Spec); err != nil {
return trace.Wrap(err)
}
case V7:
// Kubernetes resources default to {kind:*, name:*, namespace:*, verbs:[*]} for v7 roles.
if len(r.Spec.Allow.KubernetesResources) == 0 && r.HasLabelMatchers(Allow, KindKubernetesCluster) {
r.Spec.Allow.KubernetesResources = []KubernetesResource{
// Full access to everything.
{
Kind: Wildcard,
Namespace: Wildcard,
Name: Wildcard,
Verbs: []string{Wildcard},
},
}
}
if err := validateRoleSpecKubeResources(r.Version, r.Spec); err != nil {
return trace.Wrap(err)
}
case V8:
// Kubernetes resources default to {kind:*, name:*, namespace:*, api_group:*, verbs:[*]} for v8 roles.
if len(r.Spec.Allow.KubernetesResources) == 0 && r.HasLabelMatchers(Allow, KindKubernetesCluster) {
r.Spec.Allow.KubernetesResources = []KubernetesResource{
// Full access to everything.
{
Kind: Wildcard,
Namespace: Wildcard,
Name: Wildcard,
Verbs: []string{Wildcard},
APIGroup: Wildcard,
},
}
}
if err := validateRoleSpecKubeResources(r.Version, r.Spec); err != nil {
return trace.Wrap(err)
}
default:
return trace.BadParameter("unrecognized role version: %v", r.Version)
}
if err := checkAndSetRoleConditionNamespaces(&r.Spec.Deny.Namespaces); err != nil {
// Using trace.BadParameter instead of trace.Wrap for a better error message.
return trace.BadParameter("deny: %s", err)
}
// Validate request.kubernetes_resources fields are all valid.
if r.Spec.Allow.Request != nil {
if err := validateRequestKubeResources(r.Version, r.Spec.Allow.Request.KubernetesResources); err != nil {
return trace.Wrap(err)
}
}
if r.Spec.Deny.Request != nil {
if err := validateRequestKubeResources(r.Version, r.Spec.Deny.Request.KubernetesResources); err != nil {
return trace.Wrap(err)
}
}
// Validate that enhanced recording options are all valid.
for _, opt := range r.Spec.Options.BPF {
if opt == constants.EnhancedRecordingCommand ||
opt == constants.EnhancedRecordingDisk ||
opt == constants.EnhancedRecordingNetwork {
continue
}
return trace.BadParameter("invalid value for role option enhanced_recording: %v", opt)
}
// Validate locking mode.
switch r.Spec.Options.Lock {
case "":
// Missing locking mode implies the cluster-wide default should be used.
case constants.LockingModeBestEffort, constants.LockingModeStrict:
default:
return trace.BadParameter("invalid value for role option lock: %v", r.Spec.Options.Lock)
}
// check and correct the session ttl
if r.Spec.Options.MaxSessionTTL.Value() <= 0 {
r.Spec.Options.MaxSessionTTL = NewDuration(defaults.MaxCertDuration)
}
// restrict wildcards
for _, login := range r.Spec.Allow.Logins {
if login == Wildcard {
return trace.BadParameter("wildcard matcher is not allowed in logins")
}
}
for _, arn := range r.Spec.Allow.AWSRoleARNs {
if arn == Wildcard {
return trace.BadParameter("wildcard matcher is not allowed in aws_role_arns")
}
}
for _, identity := range r.Spec.Allow.AzureIdentities {
if identity == Wildcard {
return trace.BadParameter("wildcard matcher is not allowed in allow.azure_identities")
}
}
for _, identity := range r.Spec.Allow.GCPServiceAccounts {
if identity == Wildcard {
return trace.BadParameter("wildcard matcher is not allowed in allow.gcp_service_accounts")
}
}
for _, role := range r.Spec.Allow.DatabaseRoles {
if role == Wildcard {
return trace.BadParameter("wildcard is not allowed in allow.database_roles")
}
}
checkWildcardSelector := func(labels Labels) error {
for key, val := range labels {
if key == Wildcard && (len(val) != 1 || val[0] != Wildcard) {
return trace.BadParameter("selector *:<val> is not supported")
}
}
return nil
}
for _, labels := range []Labels{
r.Spec.Allow.NodeLabels,
r.Spec.Allow.AppLabels,
r.Spec.Allow.KubernetesLabels,
r.Spec.Allow.DatabaseLabels,
r.Spec.Allow.WindowsDesktopLabels,
r.Spec.Allow.GroupLabels,
r.Spec.Allow.WorkloadIdentityLabels,
} {
if err := checkWildcardSelector(labels); err != nil {
return trace.Wrap(err)
}
}
for i, perm := range r.Spec.Allow.DatabasePermissions {
if err := perm.CheckAndSetDefaults(); err != nil {
return trace.BadParameter("failed to process 'allow' db_permission #%v: %v", i+1, err)
}
// Wildcards permissions are disallowed. Even though this should never pass the db-specific driver,
// it doesn't hurt to check it here. Wildcards *are* allowed on deny side,
// which is why this check is here and not in CheckAndSetDefaults().
for _, permission := range perm.Permissions {
if permission == Wildcard {
return trace.BadParameter("individual database permissions cannot be wildcards strings")
}
}
}
for i, perm := range r.Spec.Deny.DatabasePermissions {
if err := perm.CheckAndSetDefaults(); err != nil {
return trace.BadParameter("failed to process 'deny' db_permission #%v: %v", i+1, err)
}
}
for i := range r.Spec.Allow.SPIFFE {
err := r.Spec.Allow.SPIFFE[i].CheckAndSetDefaults()
if err != nil {
return trace.Wrap(err, "validating spec.allow.spiffe[%d]", i)
}
}
for i := range r.Spec.Deny.SPIFFE {
err := r.Spec.Deny.SPIFFE[i].CheckAndSetDefaults()
if err != nil {
return trace.Wrap(err, "validating spec.deny.spiffe[%d]", i)
}
}
for i := range r.Spec.Allow.Rules {
err := r.Spec.Allow.Rules[i].CheckAndSetDefaults()
if err != nil {
return trace.BadParameter("failed to process 'allow' rule %v: %v", i, err)
}
}
for i := range r.Spec.Deny.Rules {
err := r.Spec.Deny.Rules[i].CheckAndSetDefaults()
if err != nil {
return trace.BadParameter("failed to process 'deny' rule %v: %v", i, err)
}
}
if r.Spec.Allow.Impersonate != nil {
if err := r.Spec.Allow.Impersonate.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
}
if r.Spec.Deny.Impersonate != nil {
if r.Spec.Deny.Impersonate.Where != "" {
return trace.BadParameter("'where' is not supported in deny.impersonate conditions")
}
if err := r.Spec.Deny.Impersonate.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
}
return nil
}
func checkAndSetRoleConditionNamespaces(namespaces *[]string) error {
// If nil use the default.
// This distinguishes between nil and empty (in accordance to legacy code).
if *namespaces == nil {
*namespaces = []string{defaults.Namespace}
return nil
}
for i, ns := range *namespaces {
if ns == Wildcard {
continue // OK, wildcard is accepted.
}
if err := ValidateNamespaceDefault(ns); err != nil {
// Using trace.BadParameter instead of trace.Wrap for a better error message.
return trace.BadParameter("namespaces[%d]: %s", i, err)
}
}
return nil
}
// String returns the human readable representation of a role.
func (r *RoleV6) String() string {
options, _ := json.Marshal(r.Spec.Options)
return fmt.Sprintf("Role(Name=%v,Options=%q,Allow=%+v,Deny=%+v)",
r.GetName(), string(options), r.Spec.Allow, r.Spec.Deny)
}
// IsEmpty returns true if conditions are unspecified
func (i ImpersonateConditions) IsEmpty() bool {
return len(i.Users) == 0 || len(i.Roles) == 0
}
// CheckAndSetDefaults checks and sets default values
func (i ImpersonateConditions) CheckAndSetDefaults() error {
if len(i.Users) != 0 && len(i.Roles) == 0 {
// Role-only impersonation note: the phrasing of this error message
// assumes the user is attempting user (rather than role)
// impersonation, but this seems like a safe assumption when a user has
// already been specified.
return trace.BadParameter("please set both impersonate.users and impersonate.roles for user impersonation")
}
return nil
}
// NewRule creates a rule based on a resource name and a list of verbs
func NewRule(resource string, verbs []string) Rule {
return Rule{
Resources: []string{resource},
Verbs: verbs,
}
}
// CheckAndSetDefaults checks and sets defaults for this rule
func (r *Rule) CheckAndSetDefaults() error {
if len(r.Resources) == 0 {
return trace.BadParameter("missing resources to match")
}
if len(r.Verbs) == 0 {
return trace.BadParameter("missing verbs")
}
return nil
}
// HasResource returns true if the rule has the specified resource.
func (r *Rule) HasResource(resource string) bool {
for _, r := range r.Resources {
if r == resource {
return true
}
}
return false
}
// HasVerb returns true if the rule has the specified verb.
func (r *Rule) HasVerb(verb string) bool {
for _, v := range r.Verbs {
// readnosecrets can be satisfied by having readnosecrets or read
if verb == VerbReadNoSecrets {
if v == VerbReadNoSecrets || v == VerbRead {
return true
}
continue
}
if v == verb {
return true
}
}
return false
}
// CopyRulesSlice copies input slice of Rules and returns the copy
func CopyRulesSlice(in []Rule) []Rule {
out := make([]Rule, len(in))
copy(out, in)
return out
}
// Labels is a wrapper around map
// that can marshal and unmarshal itself
// from scalar and list values
type Labels map[string]utils.Strings
// ToProto returns a protobuf-compatible representation of Labels.
func (l Labels) ToProto() *wrappers.LabelValues {
v := &wrappers.LabelValues{
Values: make(map[string]wrappers.StringValues, len(l)),
}
for key, vals := range l {
stringValues := wrappers.StringValues{
Values: make([]string, len(vals)),
}
copy(stringValues.Values, vals)
v.Values[key] = stringValues
}
return v
}
// Marshal marshals value into protobuf representation
func (l Labels) Marshal() ([]byte, error) {
return proto.Marshal(l.ToProto())
}
// MarshalTo marshals value to the array
func (l Labels) MarshalTo(data []byte) (int, error) {
return l.ToProto().MarshalTo(data)
}
// Unmarshal unmarshals value from protobuf
func (l *Labels) Unmarshal(data []byte) error {
protoValues := &wrappers.LabelValues{}
err := proto.Unmarshal(data, protoValues)
if err != nil {
return err
}
if protoValues.Values == nil {
return nil
}
*l = make(map[string]utils.Strings, len(protoValues.Values))
for key := range protoValues.Values {
(*l)[key] = protoValues.Values[key].Values
}
return nil
}
// Size returns protobuf size
func (l Labels) Size() int {
return l.ToProto().Size()
}
// Clone returns non-shallow copy of the labels set
func (l Labels) Clone() Labels {
if l == nil {
return nil
}
out := make(Labels, len(l))
for key, vals := range l {
cvals := make([]string, len(vals))
copy(cvals, vals)
out[key] = cvals
}
return out
}
// NewBool returns Bool struct based on bool value
func NewBool(b bool) Bool {
return Bool(b)
}
// NewBoolP returns Bool pointer
func NewBoolP(b bool) *Bool {
val := NewBool(b)
return &val
}
// Bool is a wrapper around boolean values
type Bool bool
// Value returns boolean value of the wrapper
func (b Bool) Value() bool {
return bool(b)
}
// MarshalJSON marshals boolean value.
func (b Bool) MarshalJSON() ([]byte, error) {
return json.Marshal(b.Value())
}
// UnmarshalJSON unmarshals JSON from string or bool,
// in case if value is missing or not recognized, defaults to false
func (b *Bool) UnmarshalJSON(data []byte) error {
if len(data) == 0 {
return nil
}
var boolVal bool
// check if it's a bool variable
if err := json.Unmarshal(data, &boolVal); err == nil {
*b = Bool(boolVal)
return nil
}
// also support string variables
var stringVar string
if err := json.Unmarshal(data, &stringVar); err != nil {
return trace.Wrap(err)
}
v, err := utils.ParseBool(stringVar)
if err != nil {
*b = false
return nil
}
*b = Bool(v)
return nil
}
// MarshalYAML marshals bool into yaml value
func (b Bool) MarshalYAML() (interface{}, error) {
return bool(b), nil
}
// UnmarshalYAML unmarshals bool value from yaml
func (b *Bool) UnmarshalYAML(unmarshal func(interface{}) error) error {
var boolVar bool
if err := unmarshal(&boolVar); err == nil {
*b = Bool(boolVar)
return nil
}
var stringVar string
if err := unmarshal(&stringVar); err != nil {
return trace.Wrap(err)
}
v, err := utils.ParseBool(stringVar)
if err != nil {
*b = Bool(v)
return nil
}
*b = Bool(v)
return nil
}
// BoolOption is a wrapper around bool
// that can take multiple values:
// * true, false and non-set (when pointer is nil)
// and can marshal itself to protobuf equivalent BoolValue
type BoolOption struct {
// Value is a value of the option
Value bool
}
// NewBoolOption returns Bool struct based on bool value
func NewBoolOption(b bool) *BoolOption {
v := BoolOption{Value: b}
return &v
}
// BoolDefaultTrue returns true if v is not set (pointer is nil)
// otherwise returns real boolean value
func BoolDefaultTrue(v *BoolOption) bool {
if v == nil {
return true
}
return v.Value
}
func (b *BoolOption) protoType() *BoolValue {
return &BoolValue{
Value: b.Value,
}
}
// MarshalTo marshals value to the slice
func (b BoolOption) MarshalTo(data []byte) (int, error) {
return b.protoType().MarshalTo(data)
}
// MarshalToSizedBuffer marshals value to the slice
func (b BoolOption) MarshalToSizedBuffer(data []byte) (int, error) {
return b.protoType().MarshalToSizedBuffer(data)
}
// Marshal marshals value into protobuf representation
func (b BoolOption) Marshal() ([]byte, error) {
return proto.Marshal(b.protoType())
}
// Unmarshal unmarshals value from protobuf
func (b *BoolOption) Unmarshal(data []byte) error {
protoValue := &BoolValue{}
err := proto.Unmarshal(data, protoValue)
if err != nil {
return err
}
b.Value = protoValue.Value
return nil
}
// Size returns protobuf size
func (b BoolOption) Size() int {
return b.protoType().Size()
}
// MarshalJSON marshals boolean value.
func (b BoolOption) MarshalJSON() ([]byte, error) {
return json.Marshal(b.Value)
}
// UnmarshalJSON unmarshals JSON from string or bool,
// in case if value is missing or not recognized, defaults to false
func (b *BoolOption) UnmarshalJSON(data []byte) error {
var val Bool
if err := val.UnmarshalJSON(data); err != nil {
return err
}
b.Value = val.Value()
return nil
}
// MarshalYAML marshals BoolOption into yaml value
func (b *BoolOption) MarshalYAML() (interface{}, error) {
return b.Value, nil
}
// UnmarshalYAML unmarshals BoolOption to YAML
func (b *BoolOption) UnmarshalYAML(unmarshal func(interface{}) error) error {
var val Bool
if err := val.UnmarshalYAML(unmarshal); err != nil {
return err
}
b.Value = val.Value()
return nil
}
// ProcessNamespace returns the default namespace in case the namespace is empty.
func ProcessNamespace(namespace string) string {
if namespace == "" {
return defaults.Namespace
}
return namespace
}
// WhereExpr is a tree like structure representing a `where` (sub-)expression.
type WhereExpr struct {
Field string
Literal interface{}
And, Or WhereExpr2
Not *WhereExpr
Equals, Contains WhereExpr2
ContainsAny, ContainsAll WhereExpr2
CanView *WhereNoExpr
MapRef *WhereExpr2
}
// WhereNoExpr is an empty `where` expression used by
// functions without arguments like `can_view()`.
type WhereNoExpr struct{}
// WhereExpr2 is a pair of `where` (sub-)expressions.
type WhereExpr2 struct {
L, R *WhereExpr
}
// String returns a human readable representation of WhereExpr.
func (e WhereExpr) String() string {
if e.Field != "" {
return e.Field
}
if e.Literal != nil {
return fmt.Sprintf("%q", e.Literal)
}
if e.And.L != nil && e.And.R != nil {
return fmt.Sprintf("(%s && %s)", e.And.L, e.And.R)
}
if e.Or.L != nil && e.Or.R != nil {
return fmt.Sprintf("(%s || %s)", e.Or.L, e.Or.R)
}
if e.Not != nil {
return fmt.Sprintf("!%s", e.Not)
}
if e.Equals.L != nil && e.Equals.R != nil {
return fmt.Sprintf("equals(%s, %s)", e.Equals.L, e.Equals.R)
}
if e.Contains.L != nil && e.Contains.R != nil {
return fmt.Sprintf("contains(%s, %s)", e.Contains.L, e.Contains.R)
}
if e.ContainsAny.L != nil && e.ContainsAny.R != nil {
return fmt.Sprintf("contains_any(%s, %s)", e.ContainsAny.L, e.ContainsAny.R)
}
if e.ContainsAll.L != nil && e.ContainsAll.R != nil {
return fmt.Sprintf("contains_all(%s, %s)", e.ContainsAll.L, e.ContainsAll.R)
}
if e.CanView != nil {
return "can_view()"
}
if e.MapRef != nil && e.MapRef.L != nil && e.MapRef.R != nil {
return fmt.Sprintf("%s[%q]", e.MapRef.L, e.MapRef.R)
}
return ""
}
// GetSessionRequirePolicies returns the RBAC required policies for a role.
func (r *RoleV6) GetSessionRequirePolicies() []*SessionRequirePolicy {
return r.Spec.Allow.RequireSessionJoin
}
// GetSessionPolicySet returns the RBAC policy set for a session.
func (r *RoleV6) GetSessionPolicySet() SessionTrackerPolicySet {
return SessionTrackerPolicySet{
Name: r.Metadata.Name,
Version: r.Version,
RequireSessionJoin: r.Spec.Allow.RequireSessionJoin,
}
}
// SetSessionRequirePolicies sets the RBAC required policies for a role.
func (r *RoleV6) SetSessionRequirePolicies(policies []*SessionRequirePolicy) {
r.Spec.Allow.RequireSessionJoin = policies
}
// SetSessionJoinPolicies returns the RBAC join policies for a role.
func (r *RoleV6) GetSessionJoinPolicies() []*SessionJoinPolicy {
return r.Spec.Allow.JoinSessions
}
// SetSessionJoinPolicies sets the RBAC join policies for a role.
func (r *RoleV6) SetSessionJoinPolicies(policies []*SessionJoinPolicy) {
r.Spec.Allow.JoinSessions = policies
}
// GetSearchAsRoles returns the list of extra roles which should apply to a
// user while they are searching for resources as part of a Resource Access
// Request, and defines the underlying roles which will be requested as part
// of any Resource Access Request.
func (r *RoleV6) GetSearchAsRoles(rct RoleConditionType) []string {
roleConditions := &r.Spec.Allow
if rct == Deny {
roleConditions = &r.Spec.Deny
}
if roleConditions.Request == nil {
return nil
}
return roleConditions.Request.SearchAsRoles
}
// SetSearchAsRoles sets the list of extra roles which should apply to a
// user while they are searching for resources as part of a Resource Access
// Request, and defines the underlying roles which will be requested as part
// of any Resource Access Request.
func (r *RoleV6) SetSearchAsRoles(rct RoleConditionType, roles []string) {
roleConditions := &r.Spec.Allow
if rct == Deny {
roleConditions = &r.Spec.Deny
}
if roleConditions.Request == nil {
roleConditions.Request = &AccessRequestConditions{}
}
roleConditions.Request.SearchAsRoles = roles
}
// GetPreviewAsRoles returns the list of extra roles which should apply to a
// reviewer while they are viewing a Resource Access Request for the
// purposes of viewing details such as the hostname and labels of requested
// resources.
func (r *RoleV6) GetPreviewAsRoles(rct RoleConditionType) []string {
roleConditions := r.GetRoleConditions(rct)
if roleConditions.ReviewRequests == nil {
return nil
}
return roleConditions.ReviewRequests.PreviewAsRoles
}
// GetRoleConditions returns the role conditions for the role.
func (r *RoleV6) GetRoleConditions(rct RoleConditionType) RoleConditions {
roleConditions := r.Spec.Allow
if rct == Deny {
roleConditions = r.Spec.Deny
}
return roleConditions
}
// GetRequestReasonMode returns the request reason mode for the role.
func (r *RoleV6) GetRequestReasonMode(rct RoleConditionType) RequestReasonMode {
roleConditions := r.GetRoleConditions(rct)
if roleConditions.Request == nil || roleConditions.Request.Reason == nil {
return ""
}
return roleConditions.Request.Reason.Mode
}
// SetPreviewAsRoles sets the list of extra roles which should apply to a
// reviewer while they are viewing a Resource Access Request for the
// purposes of viewing details such as the hostname and labels of requested
// resources.
func (r *RoleV6) SetPreviewAsRoles(rct RoleConditionType, roles []string) {
roleConditions := &r.Spec.Allow
if rct == Deny {
roleConditions = &r.Spec.Deny
}
if roleConditions.ReviewRequests == nil {
roleConditions.ReviewRequests = &AccessReviewConditions{}
}
roleConditions.ReviewRequests.PreviewAsRoles = roles
}
// validateRoleSpecKubeResources validates the Allow/Deny Kubernetes Resources
// entries.
func validateRoleSpecKubeResources(version string, spec RoleSpecV6) error {
if err := validateKubeResources(version, spec.Allow.KubernetesResources); err != nil {
return trace.Wrap(err)
}
if err := validateKubeResources(version, spec.Deny.KubernetesResources); err != nil {
return trace.Wrap(err)
}
return nil
}
// setDefaultKubernetesVerbs sets the default verbs for each KubernetesResource
// entry if none are specified. This is necessary for backwards compatibility
// with older versions of Role: V3, V4, V5, and v6.
func setDefaultKubernetesVerbs(spec *RoleSpecV6) {
for _, kubeResources := range [][]KubernetesResource{spec.Allow.KubernetesResources, spec.Deny.KubernetesResources} {
for i := range kubeResources {
if len(kubeResources[i].Verbs) == 0 {
kubeResources[i].Verbs = []string{Wildcard}
}
}
}
}
// validateKubeResources validates the following rules for each kubeResources entry:
// - Kind belongs to KubernetesResourcesKinds for roles <=v7, is set and doesn't belong to that list for >=v8
// - Name is not empty
// - Namespace is not empty
// - APIGroup is empty for roles <=v7 and not empty for >=v8
func validateKubeResources(roleVersion string, kubeResources []KubernetesResource) error {
for _, kubeResource := range kubeResources {
for _, verb := range kubeResource.Verbs {
if !slices.Contains(KubernetesVerbs, verb) && verb != Wildcard && !strings.Contains(verb, "{{") {
return trace.BadParameter("KubernetesResource verb %q is invalid or unsupported; Supported: %v", verb, KubernetesVerbs)
}
if verb == Wildcard && len(kubeResource.Verbs) > 1 {
return trace.BadParameter("KubernetesResource verb %q cannot be used with other verbs", verb)
}
}
switch roleVersion {
// Teleport does not support role versions < v3.
case V6, V5, V4, V3:
// Only Pod resources are supported in role version <=V6.
// This is mandatory because we must append the other resources to the
// kubernetes resources.
if kubeResource.Kind != KindKubePod {
return trace.BadParameter("KubernetesResource kind %q is not supported in role version %q. Upgrade the role version to %q", kubeResource.Kind, roleVersion, V8)
}
if len(kubeResource.Verbs) != 1 || kubeResource.Verbs[0] != Wildcard {
return trace.BadParameter("Role version %q only supports %q verb. Upgrade the role version to %q", roleVersion, Wildcard, V8)
}
fallthrough
case V7:
if kubeResource.APIGroup != "" {
return trace.BadParameter("API Group %q is not supported in role version %q. Upgrade the role version to %q", kubeResource.APIGroup, roleVersion, V8)
}
if kubeResource.Kind != Wildcard && !slices.Contains(KubernetesResourcesKinds, kubeResource.Kind) {
return trace.BadParameter("KubernetesResource kind %q is invalid or unsupported; Supported: %v", kubeResource.Kind, append([]string{Wildcard}, KubernetesResourcesKinds...))
}
if kubeResource.Namespace == "" && !slices.Contains(KubernetesClusterWideResourceKinds, kubeResource.Kind) {
return trace.BadParameter("KubernetesResource kind %q must include Namespace", kubeResource.Kind)
}
case V8:
if kubeResource.Kind == "" {
return trace.BadParameter("KubernetesResource kind %q is required in role version %q", kubeResource.Kind, roleVersion)
}
// If we have a kind that match a role v7 one, check the api group.
if slices.Contains(KubernetesResourcesKinds, kubeResource.Kind) {
// If the api group is a wildcard or match v7, then it is mostly definitely a mistake, reject the role.
if kubeResource.APIGroup == Wildcard || kubeResource.APIGroup == KubernetesResourcesV7KindGroups[kubeResource.Kind] {
return trace.BadParameter("KubernetesResource kind %q is invalid. Please use plural name for role version %q", kubeResource.Kind, roleVersion)
}
}
// Only allow empty string for known core resources.
if kubeResource.APIGroup == "" {
if _, ok := KubernetesCoreResourceKinds[kubeResource.Kind]; !ok {
return trace.BadParameter("KubernetesResource api_group is required for resource %q in role version %q", kubeResource.Kind, roleVersion)
}
}
// Best effort attempt to validate if the namespace field is needed.
if kubeResource.Namespace == "" {
if apiGroup, ok := kubernetesNamespacedResourceKinds[kubeResource.Kind]; ok && apiGroup == kubeResource.APIGroup {
return trace.BadParameter("KubernetesResource %q must include Namespace", kubeResource.Kind)
}
}
}
if len(kubeResource.Name) == 0 {
return trace.BadParameter("KubernetesResource must include Name")
}
}
return nil
}
// validateRequestKubeResources validates each kubeResources entry for `allow.request.kubernetes_resources` field.
// Currently the only supported field for this particular field are:
// - Kind
// - APIGroup
//
// Mimics types.KubernetesResource data model, but opted to create own type as we don't support other fields yet.
func validateRequestKubeResources(roleVersion string, kubeResources []RequestKubernetesResource) error {
for _, kubeResource := range kubeResources {
switch roleVersion {
case V8:
if kubeResource.Kind == "" {
return trace.BadParameter("request.kubernetes_resource kind is required in role version %q", roleVersion)
}
// If we have a kind that match a role v7 one, check the api group.
if slices.Contains(KubernetesResourcesKinds, kubeResource.Kind) {
// If the api group is a wildcard or match v7, then it is mostly definitely a mistake, reject the role.
if kubeResource.APIGroup == Wildcard || kubeResource.APIGroup == KubernetesResourcesV7KindGroups[kubeResource.Kind] {
return trace.BadParameter("request.kubernetes_resource kind %q is invalid. Please use plural name for role version %q", kubeResource.Kind, roleVersion)
}
}
// Only allow empty string for known core resources.
if kubeResource.APIGroup == "" {
if _, ok := KubernetesCoreResourceKinds[kubeResource.Kind]; !ok {
return trace.BadParameter("request.kubernetes_resource api_group is required for resource %q in role version %q", kubeResource.Kind, roleVersion)
}
}
case V7:
if kubeResource.APIGroup != "" {
return trace.BadParameter("request.kubernetes_resource api_group is not supported in role version %q. Upgrade the role version to %q", roleVersion, V8)
}
if !slices.Contains(KubernetesResourcesKinds, kubeResource.Kind) && kubeResource.Kind != Wildcard {
return trace.BadParameter("request.kubernetes_resource kind %q is invalid or unsupported in role version %q; Supported: %v",
kubeResource.Kind, roleVersion, append([]string{Wildcard}, KubernetesResourcesKinds...))
}
// Teleport does not support role versions < v3.
case V6, V5, V4, V3:
if kubeResource.APIGroup != "" {
return trace.BadParameter("request.kubernetes_resource api_group is not supported in role version %q. Upgrade the role version to %q", roleVersion, V8)
}
// Only Pod resources are supported in role version <=V6.
// This is mandatory because we must append the other resources to the
// kubernetes resources.
if kubeResource.Kind != KindKubePod {
return trace.BadParameter("request.kubernetes_resources kind %q is not supported in role version %q. Upgrade the role version to %q",
kubeResource.Kind, roleVersion, V8)
}
}
}
return nil
}
// ClusterResource returns the resource name in the following format
// <namespace>/<name>.
func (m *KubernetesResource) ClusterResource() string {
return path.Join(m.Namespace, m.Name)
}
// IsEmpty will return true if the condition is empty.
func (a AccessRequestConditions) IsEmpty() bool {
return len(a.Annotations) == 0 &&
len(a.ClaimsToRoles) == 0 &&
len(a.Roles) == 0 &&
len(a.SearchAsRoles) == 0 &&
len(a.SuggestedReviewers) == 0 &&
len(a.Thresholds) == 0
}
// IsEmpty will return true if the condition is empty.
func (a AccessReviewConditions) IsEmpty() bool {
return len(a.ClaimsToRoles) == 0 &&
len(a.PreviewAsRoles) == 0 &&
len(a.Roles) == 0 &&
len(a.Where) == 0
}
// LabelMatchers holds the role label matchers and label expression that are
// used to match resource labels of a specific resource kind and condition
// (allow/deny).
type LabelMatchers struct {
Labels Labels
Expression string
}
// Empty returns true if all elements of the LabelMatchers are empty/unset.
func (l LabelMatchers) Empty() bool {
return len(l.Labels) == 0 && len(l.Expression) == 0
}
// GetLabelMatchers gets the LabelMatchers that match labels of resources of
// type [kind] this role is allowed or denied access to.
func (r *RoleV6) GetLabelMatchers(rct RoleConditionType, kind string) (LabelMatchers, error) {
var cond *RoleConditions
if rct == Allow {
cond = &r.Spec.Allow
} else {
cond = &r.Spec.Deny
}
switch kind {
case KindRemoteCluster:
return LabelMatchers{cond.ClusterLabels, cond.ClusterLabelsExpression}, nil
case KindNode:
return LabelMatchers{cond.NodeLabels, cond.NodeLabelsExpression}, nil
case KindKubernetesCluster:
return LabelMatchers{cond.KubernetesLabels, cond.KubernetesLabelsExpression}, nil
case KindApp, KindSAMLIdPServiceProvider:
// app_labels will be applied to both app and saml_idp_service_provider resources.
// Access to the saml_idp_service_provider can be controlled by the both
// app_labels and verbs targeting saml_idp_service_provider resource.
return LabelMatchers{cond.AppLabels, cond.AppLabelsExpression}, nil
case KindDatabase:
return LabelMatchers{cond.DatabaseLabels, cond.DatabaseLabelsExpression}, nil
case KindDatabaseService:
return LabelMatchers{cond.DatabaseServiceLabels, cond.DatabaseServiceLabelsExpression}, nil
case KindWindowsDesktop:
return LabelMatchers{cond.WindowsDesktopLabels, cond.WindowsDesktopLabelsExpression}, nil
case KindDynamicWindowsDesktop:
return LabelMatchers{cond.WindowsDesktopLabels, cond.WindowsDesktopLabelsExpression}, nil
case KindWindowsDesktopService:
return LabelMatchers{cond.WindowsDesktopLabels, cond.WindowsDesktopLabelsExpression}, nil
case KindUserGroup:
return LabelMatchers{cond.GroupLabels, cond.GroupLabelsExpression}, nil
case KindGitServer:
return r.makeGitServerLabelMatchers(cond), nil
case KindWorkloadIdentity:
return LabelMatchers{cond.WorkloadIdentityLabels, cond.WorkloadIdentityLabelsExpression}, nil
}
return LabelMatchers{}, trace.BadParameter("can't get label matchers for resource kind %q", kind)
}
// SetLabelMatchers sets the LabelMatchers that match labels of resources of
// type [kind] this role is allowed or denied access to.
func (r *RoleV6) SetLabelMatchers(rct RoleConditionType, kind string, labelMatchers LabelMatchers) error {
var cond *RoleConditions
if rct == Allow {
cond = &r.Spec.Allow
} else {
cond = &r.Spec.Deny
}
switch kind {
case KindRemoteCluster:
cond.ClusterLabels = labelMatchers.Labels
cond.ClusterLabelsExpression = labelMatchers.Expression
return nil
case KindNode:
cond.NodeLabels = labelMatchers.Labels
cond.NodeLabelsExpression = labelMatchers.Expression
return nil
case KindKubernetesCluster:
cond.KubernetesLabels = labelMatchers.Labels
cond.KubernetesLabelsExpression = labelMatchers.Expression
return nil
case KindApp, KindSAMLIdPServiceProvider:
// app_labels will be applied to both app and saml_idp_service_provider resources.
// Access to the saml_idp_service_provider can be controlled by the both
// app_labels and verbs targeting saml_idp_service_provider resource.
cond.AppLabels = labelMatchers.Labels
cond.AppLabelsExpression = labelMatchers.Expression
return nil
case KindDatabase:
cond.DatabaseLabels = labelMatchers.Labels
cond.DatabaseLabelsExpression = labelMatchers.Expression
return nil
case KindDatabaseService:
cond.DatabaseServiceLabels = labelMatchers.Labels
cond.DatabaseServiceLabelsExpression = labelMatchers.Expression
return nil
case KindWindowsDesktop:
cond.WindowsDesktopLabels = labelMatchers.Labels
cond.WindowsDesktopLabelsExpression = labelMatchers.Expression
return nil
case KindWindowsDesktopService:
cond.WindowsDesktopLabels = labelMatchers.Labels
cond.WindowsDesktopLabelsExpression = labelMatchers.Expression
return nil
case KindUserGroup:
cond.GroupLabels = labelMatchers.Labels
cond.GroupLabelsExpression = labelMatchers.Expression
return nil
case KindWorkloadIdentity:
cond.WorkloadIdentityLabels = labelMatchers.Labels
cond.WorkloadIdentityLabelsExpression = labelMatchers.Expression
return nil
}
return trace.BadParameter("can't set label matchers for resource kind %q", kind)
}
// HasLabelMatchers returns true if the role has label matchers for the
// specified resource kind and condition (allow/deny).
// If the kind is not supported, false is returned.
func (r *RoleV6) HasLabelMatchers(rct RoleConditionType, kind string) bool {
lm, err := r.GetLabelMatchers(rct, kind)
return err == nil && !lm.Empty()
}
// GetLabel retrieves the label with the provided key.
func (r *RoleV6) GetLabel(key string) (value string, ok bool) {
v, ok := r.Metadata.Labels[key]
return v, ok
}
// GetAllLabels returns all resource's labels.
func (r *RoleV6) GetAllLabels() map[string]string {
return r.Metadata.Labels
}
// GetStaticLabels returns the resource's static labels.
func (r *RoleV6) GetStaticLabels() map[string]string {
return r.Metadata.Labels
}
// SetStaticLabels sets the resource's static labels.
func (r *RoleV6) SetStaticLabels(labels map[string]string) {
r.Metadata.Labels = labels
}
// Origin returns the origin value of the resource.
func (r *RoleV6) Origin() string {
return r.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (r *RoleV6) SetOrigin(origin string) {
r.Metadata.SetOrigin(origin)
}
// MatchSearch goes through select field values of a resource
// and tries to match against the list of search values.
func (r *RoleV6) MatchSearch(values []string) bool {
fieldVals := append(utils.MapToStrings(r.GetAllLabels()), r.GetName())
return MatchSearch(fieldVals, values, nil)
}
func (r *RoleV6) makeGitServerLabelMatchers(cond *RoleConditions) LabelMatchers {
var all []string
for _, perm := range cond.GitHubPermissions {
all = append(all, perm.Organizations...)
}
return LabelMatchers{
Labels: Labels{
GitHubOrgLabel: all,
},
}
}
// GetIdentityCenterAccountAssignments fetches the allow or deny Identity Center
// Account Assignments for the role
func (r *RoleV6) GetIdentityCenterAccountAssignments(rct RoleConditionType) []IdentityCenterAccountAssignment {
if rct == Allow {
return r.Spec.Allow.AccountAssignments
}
return r.Spec.Deny.AccountAssignments
}
// SetIdentityCenterAccountAssignments sets the allow or deny Identity Center
// Account Assignments for the role
func (r *RoleV6) SetIdentityCenterAccountAssignments(rct RoleConditionType, assignments []IdentityCenterAccountAssignment) {
cond := &r.Spec.Deny
if rct == Allow {
cond = &r.Spec.Allow
}
cond.AccountAssignments = assignments
}
// GetMCPPermissions returns the allow or deny MCP permissions.
func (r *RoleV6) GetMCPPermissions(rct RoleConditionType) *MCPPermissions {
if rct == Allow {
return r.Spec.Allow.MCP
}
return r.Spec.Deny.MCP
}
// SetMCPPermissions sets the allow or deny MCP permissions.
func (r *RoleV6) SetMCPPermissions(rct RoleConditionType, perms *MCPPermissions) {
if rct == Allow {
r.Spec.Allow.MCP = perms
} else {
r.Spec.Deny.MCP = perms
}
}
func (r *RoleV6) Clone() Role {
return utils.CloneProtoMsg(r)
}
// LabelMatcherKinds is the complete list of resource kinds that support label
// matchers.
var LabelMatcherKinds = []string{
KindRemoteCluster,
KindNode,
KindKubernetesCluster,
KindApp,
KindDatabase,
KindDatabaseService,
KindWindowsDesktop,
KindWindowsDesktopService,
KindUserGroup,
}
const (
createHostUserModeOffString = "off"
createHostUserModeDropString = "drop"
createHostUserModeKeepString = "keep"
createHostUserModeInsecureDropString = "insecure-drop"
)
func (h CreateHostUserMode) encode() (string, error) {
switch h {
case CreateHostUserMode_HOST_USER_MODE_UNSPECIFIED:
return "", nil
case CreateHostUserMode_HOST_USER_MODE_OFF:
return createHostUserModeOffString, nil
case CreateHostUserMode_HOST_USER_MODE_DROP:
return createHostUserModeDropString, nil
case CreateHostUserMode_HOST_USER_MODE_KEEP:
return createHostUserModeKeepString, nil
case CreateHostUserMode_HOST_USER_MODE_INSECURE_DROP:
return createHostUserModeInsecureDropString, nil
}
return "", trace.BadParameter("invalid host user mode %v", h)
}
func (h *CreateHostUserMode) decode(val any) error {
var valS string
switch val := val.(type) {
case int32:
return trace.Wrap(h.setFromEnum(val))
case int64:
return trace.Wrap(h.setFromEnum(int32(val)))
case int:
return trace.Wrap(h.setFromEnum(int32(val)))
case float64:
return trace.Wrap(h.setFromEnum(int32(val)))
case float32:
return trace.Wrap(h.setFromEnum(int32(val)))
case string:
valS = val
case bool:
if val {
return trace.BadParameter("create_host_user_mode cannot be true, got %v", val)
}
valS = createHostUserModeOffString
default:
return trace.BadParameter("bad value type %T, expected string or int", val)
}
switch valS {
case "":
*h = CreateHostUserMode_HOST_USER_MODE_UNSPECIFIED
case createHostUserModeOffString:
*h = CreateHostUserMode_HOST_USER_MODE_OFF
case createHostUserModeKeepString:
*h = CreateHostUserMode_HOST_USER_MODE_KEEP
case createHostUserModeInsecureDropString, createHostUserModeDropString:
*h = CreateHostUserMode_HOST_USER_MODE_INSECURE_DROP
default:
return trace.BadParameter("invalid host user mode %v", val)
}
return nil
}
// setFromEnum sets the value from enum value as int32.
func (h *CreateHostUserMode) setFromEnum(val int32) error {
// Map drop to insecure-drop
if val == int32(CreateHostUserMode_HOST_USER_MODE_DROP) {
val = int32(CreateHostUserMode_HOST_USER_MODE_INSECURE_DROP)
}
if _, ok := CreateHostUserMode_name[val]; !ok {
return trace.BadParameter("invalid host user mode %v", val)
}
*h = CreateHostUserMode(val)
return nil
}
// UnmarshalYAML supports parsing CreateHostUserMode from string.
func (h *CreateHostUserMode) UnmarshalYAML(unmarshal func(interface{}) error) error {
var val interface{}
err := unmarshal(&val)
if err != nil {
return trace.Wrap(err)
}
err = h.decode(val)
return trace.Wrap(err)
}
// MarshalYAML marshals CreateHostUserMode to yaml.
func (h *CreateHostUserMode) MarshalYAML() (interface{}, error) {
val, err := h.encode()
if err != nil {
return nil, trace.Wrap(err)
}
return val, nil
}
// MarshalJSON marshals CreateHostUserMode to json bytes.
func (h *CreateHostUserMode) MarshalJSON() ([]byte, error) {
val, err := h.encode()
if err != nil {
return nil, trace.Wrap(err)
}
out, err := json.Marshal(val)
return out, trace.Wrap(err)
}
// UnmarshalJSON supports parsing CreateHostUserMode from string.
func (h *CreateHostUserMode) UnmarshalJSON(data []byte) error {
var val interface{}
err := json.Unmarshal(data, &val)
if err != nil {
return trace.Wrap(err)
}
err = h.decode(val)
return trace.Wrap(err)
}
const (
createDatabaseUserModeOffString = "off"
createDatabaseUserModeKeepString = "keep"
createDatabaseUserModeBestEffortDropString = "best_effort_drop"
)
func (h CreateDatabaseUserMode) encode() (string, error) {
switch h {
case CreateDatabaseUserMode_DB_USER_MODE_UNSPECIFIED:
return "", nil
case CreateDatabaseUserMode_DB_USER_MODE_OFF:
return createDatabaseUserModeOffString, nil
case CreateDatabaseUserMode_DB_USER_MODE_KEEP:
return createDatabaseUserModeKeepString, nil
case CreateDatabaseUserMode_DB_USER_MODE_BEST_EFFORT_DROP:
return createDatabaseUserModeBestEffortDropString, nil
}
return "", trace.BadParameter("invalid database user mode %v", h)
}
func (h *CreateDatabaseUserMode) decode(val any) error {
var str string
switch val := val.(type) {
case int32:
return trace.Wrap(h.setFromEnum(val))
case int64:
return trace.Wrap(h.setFromEnum(int32(val)))
case int:
return trace.Wrap(h.setFromEnum(int32(val)))
case float64:
return trace.Wrap(h.setFromEnum(int32(val)))
case float32:
return trace.Wrap(h.setFromEnum(int32(val)))
case string:
str = val
case bool:
if val {
return trace.BadParameter("create_database_user_mode cannot be true, got %v", val)
}
str = createHostUserModeOffString
default:
return trace.BadParameter("bad value type %T, expected string", val)
}
switch str {
case "":
*h = CreateDatabaseUserMode_DB_USER_MODE_UNSPECIFIED
case createDatabaseUserModeOffString:
*h = CreateDatabaseUserMode_DB_USER_MODE_OFF
case createDatabaseUserModeKeepString:
*h = CreateDatabaseUserMode_DB_USER_MODE_KEEP
case createDatabaseUserModeBestEffortDropString:
*h = CreateDatabaseUserMode_DB_USER_MODE_BEST_EFFORT_DROP
default:
return trace.BadParameter("invalid database user mode %v", val)
}
return nil
}
// setFromEnum sets the value from enum value as int32.
func (h *CreateDatabaseUserMode) setFromEnum(val int32) error {
if _, ok := CreateDatabaseUserMode_name[val]; !ok {
return trace.BadParameter("invalid database user creation mode %v", val)
}
*h = CreateDatabaseUserMode(val)
return nil
}
// UnmarshalYAML supports parsing CreateDatabaseUserMode from string.
func (h *CreateDatabaseUserMode) UnmarshalYAML(unmarshal func(interface{}) error) error {
var val interface{}
err := unmarshal(&val)
if err != nil {
return trace.Wrap(err)
}
err = h.decode(val)
return trace.Wrap(err)
}
// MarshalYAML marshals CreateDatabaseUserMode to yaml.
func (h *CreateDatabaseUserMode) MarshalYAML() (interface{}, error) {
val, err := h.encode()
if err != nil {
return nil, trace.Wrap(err)
}
return val, nil
}
// MarshalJSON marshals CreateDatabaseUserMode to json bytes.
func (h *CreateDatabaseUserMode) MarshalJSON() ([]byte, error) {
val, err := h.encode()
if err != nil {
return nil, trace.Wrap(err)
}
out, err := json.Marshal(val)
return out, trace.Wrap(err)
}
// UnmarshalJSON supports parsing CreateDatabaseUserMode from string.
func (h *CreateDatabaseUserMode) UnmarshalJSON(data []byte) error {
var val interface{}
err := json.Unmarshal(data, &val)
if err != nil {
return trace.Wrap(err)
}
err = h.decode(val)
return trace.Wrap(err)
}
// IsEnabled returns true if database automatic user provisioning is enabled.
func (m CreateDatabaseUserMode) IsEnabled() bool {
return m != CreateDatabaseUserMode_DB_USER_MODE_UNSPECIFIED && m != CreateDatabaseUserMode_DB_USER_MODE_OFF
}
// GetAccount fetches the Account ID from a Role Condition Account Assignment
func (a IdentityCenterAccountAssignment) GetAccount() string {
return a.Account
}
// IsLegacySAMLRBAC matches a role version
// v7 and below, considered as the legacy SAML IdP RBAC.
func IsLegacySAMLRBAC(roleVersion string) bool {
return slices.Contains([]string{V7, V6, V5, V4, V3, V2, V1}, roleVersion)
}
/*
Copyright 2020-2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"encoding/json"
"slices"
"strings"
"time"
"github.com/gravitational/trace"
"golang.org/x/crypto/ssh"
"github.com/gravitational/teleport/api/constants"
"github.com/gravitational/teleport/api/defaults"
"github.com/gravitational/teleport/api/utils"
)
// SAMLConnector specifies configuration for SAML 2.0 identity providers
type SAMLConnector interface {
// ResourceWithSecrets provides common methods for objects
ResourceWithSecrets
ResourceWithOrigin
// SetMetadata sets the connector metadata
SetMetadata(Metadata)
// GetDisplay returns display - friendly name for this provider.
GetDisplay() string
// SetDisplay sets friendly name for this provider.
SetDisplay(string)
// GetAttributesToRoles returns attributes to roles mapping
GetAttributesToRoles() []AttributeMapping
// SetAttributesToRoles sets attributes to roles mapping
SetAttributesToRoles(mapping []AttributeMapping)
// GetAttributes returns list of attributes expected by mappings
GetAttributes() []string
// GetTraitMappings converts gets all attribute mappings in the
// generic trait mapping format.
GetTraitMappings() TraitMappingSet
// SetIssuer sets issuer
SetIssuer(issuer string)
// GetIssuer returns issuer
GetIssuer() string
// GetSigningKeyPair returns signing key pair
GetSigningKeyPair() *AsymmetricKeyPair
// GetSigningKeyPair sets signing key pair
SetSigningKeyPair(k *AsymmetricKeyPair)
// GetSSO returns SSO service
GetSSO() string
// SetSSO sets SSO service
SetSSO(string)
// GetEntityDescriptor returns XML entity descriptor of the service
GetEntityDescriptor() string
// SetEntityDescriptor sets entity descriptor of the service
SetEntityDescriptor(v string)
// GetEntityDescriptorURL returns the URL to obtain the entity descriptor.
GetEntityDescriptorURL() string
// SetEntityDescriptorURL sets the entity descriptor url.
SetEntityDescriptorURL(string)
// GetCert returns identity provider checking x509 certificate
GetCert() string
// SetCert sets identity provider checking certificate
SetCert(string)
// GetServiceProviderIssuer returns service provider issuer
GetServiceProviderIssuer() string
// SetServiceProviderIssuer sets service provider issuer
SetServiceProviderIssuer(v string)
// GetAudience returns audience
GetAudience() string
// SetAudience sets audience
SetAudience(v string)
// GetAssertionConsumerService returns assertion consumer service URL
GetAssertionConsumerService() string
// SetAssertionConsumerService sets assertion consumer service URL
SetAssertionConsumerService(v string)
// GetProvider returns the identity provider.
GetProvider() string
// SetProvider sets the identity provider.
SetProvider(string)
// GetEncryptionKeyPair returns the key pair for SAML assertions.
GetEncryptionKeyPair() *AsymmetricKeyPair
// SetEncryptionKeyPair sets the key pair for SAML assertions.
SetEncryptionKeyPair(k *AsymmetricKeyPair)
// GetAllowIDPInitiated returns whether the identity provider can initiate a login or not.
GetAllowIDPInitiated() bool
// SetAllowIDPInitiated sets whether the identity provider can initiate a login or not.
SetAllowIDPInitiated(bool)
// GetClientRedirectSettings returns the client redirect settings.
GetClientRedirectSettings() *SSOClientRedirectSettings
// GetSingleLogoutURL returns the SAML SLO (single logout) URL for the identity provider.
GetSingleLogoutURL() string
// SetSingleLogoutURL sets the SAML SLO (single logout) URL for the identity provider.
SetSingleLogoutURL(string)
// GetMFASettings returns the connector's MFA settings.
GetMFASettings() *SAMLConnectorMFASettings
// SetMFASettings sets the connector's MFA settings.
SetMFASettings(s *SAMLConnectorMFASettings)
// IsMFAEnabled returns whether the connector has MFA enabled.
IsMFAEnabled() bool
// WithMFASettings returns the connector will some settings overwritten set from MFA settings.
WithMFASettings() error
// GetForceAuthn returns ForceAuthn
GetForceAuthn() bool
// GetPreferredRequestBinding returns PreferredRequestBinding.
GetPreferredRequestBinding() string
// GetUserMatchers returns the set of glob patterns to narrow down which username(s) this auth connector should
// match for identifier-first login.
GetUserMatchers() []string
// SetUserMatchers sets the set of glob patterns to narrow down which username(s) this auth connector should match
// for identifier-first login.
SetUserMatchers([]string)
// GetIncludeSubject returns true if the Subject element should be included in the AuthnRequest.
GetIncludeSubject() bool
// SetIncludeSubject sets whether the Subject element should be included.
SetIncludeSubject(bool)
}
// NewSAMLConnector returns a new SAMLConnector based off a name and SAMLConnectorSpecV2.
func NewSAMLConnector(name string, spec SAMLConnectorSpecV2) (SAMLConnector, error) {
o := &SAMLConnectorV2{
Metadata: Metadata{
Name: name,
},
Spec: spec,
}
if err := o.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return o, nil
}
// GetVersion returns resource version
func (o *SAMLConnectorV2) GetVersion() string {
return o.Version
}
// GetKind returns resource kind
func (o *SAMLConnectorV2) GetKind() string {
return o.Kind
}
// GetSubKind returns resource sub kind
func (o *SAMLConnectorV2) GetSubKind() string {
return o.SubKind
}
// SetSubKind sets resource subkind
func (o *SAMLConnectorV2) SetSubKind(sk string) {
o.SubKind = sk
}
// GetRevision returns the revision
func (o *SAMLConnectorV2) GetRevision() string {
return o.Metadata.GetRevision()
}
// SetRevision sets the revision
func (o *SAMLConnectorV2) SetRevision(rev string) {
o.Metadata.SetRevision(rev)
}
// WithoutSecrets returns an instance of resource without secrets.
func (o *SAMLConnectorV2) WithoutSecrets() Resource {
k1 := o.GetSigningKeyPair()
k2 := o.GetEncryptionKeyPair()
o2 := *o
if k1 != nil {
q1 := *k1
q1.PrivateKey = ""
o2.SetSigningKeyPair(&q1)
}
if k2 != nil {
q2 := *k2
q2.PrivateKey = ""
o2.SetEncryptionKeyPair(&q2)
}
return &o2
}
// GetServiceProviderIssuer returns service provider issuer
func (o *SAMLConnectorV2) GetServiceProviderIssuer() string {
return o.Spec.ServiceProviderIssuer
}
// SetServiceProviderIssuer sets service provider issuer
func (o *SAMLConnectorV2) SetServiceProviderIssuer(v string) {
o.Spec.ServiceProviderIssuer = v
}
// GetAudience returns audience
func (o *SAMLConnectorV2) GetAudience() string {
return o.Spec.Audience
}
// SetAudience sets audience
func (o *SAMLConnectorV2) SetAudience(v string) {
o.Spec.Audience = v
}
// GetCert returns identity provider checking x509 certificate
func (o *SAMLConnectorV2) GetCert() string {
return o.Spec.Cert
}
// SetCert sets identity provider checking certificate
func (o *SAMLConnectorV2) SetCert(cert string) {
o.Spec.Cert = cert
}
// GetSSO returns SSO service
func (o *SAMLConnectorV2) GetSSO() string {
return o.Spec.SSO
}
// SetSSO sets SSO service
func (o *SAMLConnectorV2) SetSSO(sso string) {
o.Spec.SSO = sso
}
// GetEntityDescriptor returns XML entity descriptor of the service
func (o *SAMLConnectorV2) GetEntityDescriptor() string {
return o.Spec.EntityDescriptor
}
// SetEntityDescriptor sets entity descriptor of the service
func (o *SAMLConnectorV2) SetEntityDescriptor(v string) {
o.Spec.EntityDescriptor = v
}
// GetEntityDescriptorURL returns the URL to obtain the entity descriptor.
func (o *SAMLConnectorV2) GetEntityDescriptorURL() string {
return o.Spec.EntityDescriptorURL
}
// SetEntityDescriptorURL sets the entity descriptor url.
func (o *SAMLConnectorV2) SetEntityDescriptorURL(v string) {
o.Spec.EntityDescriptorURL = v
}
// GetAssertionConsumerService returns assertion consumer service URL
func (o *SAMLConnectorV2) GetAssertionConsumerService() string {
return o.Spec.AssertionConsumerService
}
// SetAssertionConsumerService sets assertion consumer service URL
func (o *SAMLConnectorV2) SetAssertionConsumerService(v string) {
o.Spec.AssertionConsumerService = v
}
// SetDisplay sets friendly name for this provider.
func (o *SAMLConnectorV2) SetDisplay(display string) {
o.Spec.Display = display
}
// GetMetadata returns object metadata
func (o *SAMLConnectorV2) GetMetadata() Metadata {
return o.Metadata
}
// SetMetadata sets object metadata
func (o *SAMLConnectorV2) SetMetadata(m Metadata) {
o.Metadata = m
}
// Origin returns the origin value of the resource.
func (o *SAMLConnectorV2) Origin() string {
return o.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (o *SAMLConnectorV2) SetOrigin(origin string) {
o.Metadata.SetOrigin(origin)
}
// SetExpiry sets expiry time for the object
func (o *SAMLConnectorV2) SetExpiry(expires time.Time) {
o.Metadata.SetExpiry(expires)
}
// Expiry returns object expiry setting
func (o *SAMLConnectorV2) Expiry() time.Time {
return o.Metadata.Expiry()
}
// GetName returns the name of the connector
func (o *SAMLConnectorV2) GetName() string {
return o.Metadata.GetName()
}
// SetName sets client secret to some value
func (o *SAMLConnectorV2) SetName(name string) {
o.Metadata.SetName(name)
}
// SetIssuer sets issuer
func (o *SAMLConnectorV2) SetIssuer(issuer string) {
o.Spec.Issuer = issuer
}
// GetIssuer returns issuer
func (o *SAMLConnectorV2) GetIssuer() string {
return o.Spec.Issuer
}
// GetDisplay returns the friendly name for this provider.
func (o *SAMLConnectorV2) GetDisplay() string {
if o.Spec.Display != "" {
return o.Spec.Display
}
return o.GetName()
}
// GetAttributesToRoles returns attributes to roles mapping
func (o *SAMLConnectorV2) GetAttributesToRoles() []AttributeMapping {
return o.Spec.AttributesToRoles
}
// SetAttributesToRoles sets attributes to roles mapping
func (o *SAMLConnectorV2) SetAttributesToRoles(mapping []AttributeMapping) {
o.Spec.AttributesToRoles = mapping
}
// SetProvider sets the identity provider.
func (o *SAMLConnectorV2) SetProvider(identityProvider string) {
o.Spec.Provider = identityProvider
}
// GetProvider returns the identity provider.
func (o *SAMLConnectorV2) GetProvider() string {
return o.Spec.Provider
}
// GetAttributes returns list of attributes expected by mappings
func (o *SAMLConnectorV2) GetAttributes() []string {
var out []string
for _, mapping := range o.Spec.AttributesToRoles {
out = append(out, mapping.Name)
}
return utils.Deduplicate(out)
}
// GetTraitMappings returns the SAMLConnector's TraitMappingSet
func (o *SAMLConnectorV2) GetTraitMappings() TraitMappingSet {
tms := make([]TraitMapping, 0, len(o.Spec.AttributesToRoles))
for _, mapping := range o.Spec.AttributesToRoles {
tms = append(tms, TraitMapping{
Trait: mapping.Name,
Value: mapping.Value,
Roles: mapping.Roles,
})
}
return TraitMappingSet(tms)
}
// GetSigningKeyPair returns signing key pair
func (o *SAMLConnectorV2) GetSigningKeyPair() *AsymmetricKeyPair {
return o.Spec.SigningKeyPair
}
// SetSigningKeyPair sets signing key pair
func (o *SAMLConnectorV2) SetSigningKeyPair(k *AsymmetricKeyPair) {
o.Spec.SigningKeyPair = k
}
// GetEncryptionKeyPair returns the key pair for SAML assertions.
func (o *SAMLConnectorV2) GetEncryptionKeyPair() *AsymmetricKeyPair {
return o.Spec.EncryptionKeyPair
}
// SetEncryptionKeyPair sets the key pair for SAML assertions.
func (o *SAMLConnectorV2) SetEncryptionKeyPair(k *AsymmetricKeyPair) {
o.Spec.EncryptionKeyPair = k
}
// GetAllowIDPInitiated returns whether the identity provider can initiate a login or not.
func (o *SAMLConnectorV2) GetAllowIDPInitiated() bool {
return o.Spec.AllowIDPInitiated
}
// SetAllowIDPInitiated sets whether the identity provider can initiate a login or not.
func (o *SAMLConnectorV2) SetAllowIDPInitiated(allow bool) {
o.Spec.AllowIDPInitiated = allow
}
// GetClientRedirectSettings returns the client redirect settings.
func (o *SAMLConnectorV2) GetClientRedirectSettings() *SSOClientRedirectSettings {
if o == nil {
return nil
}
return o.Spec.ClientRedirectSettings
}
// GetSingleLogoutURL returns the SAML SLO (single logout) URL for the identity provider.
func (o *SAMLConnectorV2) GetSingleLogoutURL() string {
return o.Spec.SingleLogoutURL
}
// SetSingleLogoutURL sets the SAML SLO (single logout) URL for the identity provider.
func (o *SAMLConnectorV2) SetSingleLogoutURL(url string) {
o.Spec.SingleLogoutURL = url
}
// GetMFASettings returns the connector's MFA settings.
func (o *SAMLConnectorV2) GetMFASettings() *SAMLConnectorMFASettings {
return o.Spec.MFASettings
}
// SetMFASettings sets the connector's MFA settings.
func (o *SAMLConnectorV2) SetMFASettings(s *SAMLConnectorMFASettings) {
o.Spec.MFASettings = s
}
// IsMFAEnabled returns whether the connector has MFA enabled.
func (o *SAMLConnectorV2) IsMFAEnabled() bool {
mfa := o.GetMFASettings()
return mfa != nil && mfa.Enabled
}
// WithMFASettings returns the connector will some settings overwritten set from MFA settings.
func (o *SAMLConnectorV2) WithMFASettings() error {
if !o.IsMFAEnabled() {
return trace.BadParameter("this connector does not have MFA enabled")
}
o.Spec.EntityDescriptor = o.Spec.MFASettings.EntityDescriptor
o.Spec.EntityDescriptorURL = o.Spec.MFASettings.EntityDescriptorUrl
o.Spec.Issuer = o.Spec.MFASettings.Issuer
o.Spec.SSO = o.Spec.MFASettings.Sso
o.Spec.Cert = o.Spec.MFASettings.Cert
switch o.Spec.MFASettings.ForceAuthn {
case SAMLForceAuthn_FORCE_AUTHN_UNSPECIFIED:
// Default to YES.
o.Spec.ForceAuthn = SAMLForceAuthn_FORCE_AUTHN_YES
default:
o.Spec.ForceAuthn = o.Spec.MFASettings.ForceAuthn
}
return nil
}
// GetForceAuthn returns ForceAuthn
func (o *SAMLConnectorV2) GetForceAuthn() bool {
return o.Spec.ForceAuthn == SAMLForceAuthn_FORCE_AUTHN_YES
}
// GetUserMatchers returns the set of glob patterns to narrow down which username(s) this auth connector should
// match for identifier-first login.
func (r *SAMLConnectorV2) GetUserMatchers() []string {
if r.Spec.UserMatchers == nil {
return nil
}
return r.Spec.UserMatchers
}
// SetUserMatchers sets the set of glob patterns to narrow down which username(s) this auth connector should match
// for identifier-first login.
func (r *SAMLConnectorV2) SetUserMatchers(userMatchers []string) {
r.Spec.UserMatchers = userMatchers
}
func (r *SAMLConnectorV2) GetIncludeSubject() bool {
return r.Spec.IncludeSubject
}
func (r *SAMLConnectorV2) SetIncludeSubject(includeSubject bool) {
r.Spec.IncludeSubject = includeSubject
}
const (
// SAMLRequestHTTPRedirectBinding is the SAML http-redirect binding request name.
SAMLRequestHTTPRedirectBinding = "http-redirect"
// SAMLRequestHTTPPostBinding is the SAML http-post binding request name.
SAMLRequestHTTPPostBinding = "http-post"
)
// SAMLRequestBindingValues includes supported SAML request binding values.
var SAMLRequestBindingValues = []string{SAMLRequestHTTPRedirectBinding, SAMLRequestHTTPPostBinding}
// GetPreferredRequestBinding returns PreferredRequestBinding.
func (o *SAMLConnectorV2) GetPreferredRequestBinding() string {
return o.Spec.PreferredRequestBinding
}
// setStaticFields sets static resource header and metadata fields.
func (o *SAMLConnectorV2) setStaticFields() {
o.Kind = KindSAMLConnector
o.Version = V2
}
// CheckAndSetDefaults checks and sets default values
func (o *SAMLConnectorV2) CheckAndSetDefaults() error {
o.setStaticFields()
if err := o.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if name := o.Metadata.Name; slices.Contains(constants.SystemConnectors, name) {
return trace.BadParameter("ID: invalid connector name, %v is a reserved name", name)
}
if o.Spec.AssertionConsumerService == "" {
return trace.BadParameter("missing acs - assertion consumer service parameter, set service URL that will receive POST requests from SAML")
}
if o.Spec.AllowIDPInitiated && !strings.HasSuffix(o.Spec.AssertionConsumerService, "/"+o.Metadata.Name) {
return trace.BadParameter("acs - assertion consumer service parameter must end with /%v when allow_idp_initiated is set to true, eg https://cluster.domain/webapi/v1/saml/acs/%v. Ensure this URI matches the one configured at the identity provider.", o.Metadata.Name, o.Metadata.Name)
}
if o.Spec.ServiceProviderIssuer == "" {
o.Spec.ServiceProviderIssuer = o.Spec.AssertionConsumerService
}
if o.Spec.Audience == "" {
o.Spec.Audience = o.Spec.AssertionConsumerService
}
// Issuer and SSO can be automatically set later if EntityDescriptor is provided
if o.Spec.EntityDescriptorURL == "" && o.Spec.EntityDescriptor == "" && (o.Spec.Issuer == "" || o.Spec.SSO == "") {
return trace.BadParameter("no entity_descriptor set, either provide entity_descriptor or entity_descriptor_url in spec")
}
if o.IsMFAEnabled() && o.Spec.MFASettings.EntityDescriptorUrl == "" && o.Spec.MFASettings.EntityDescriptor == "" && (o.Spec.MFASettings.Issuer == "" || o.Spec.MFASettings.Sso == "") {
return trace.BadParameter("no entity_descriptor set for mfa settings, either provide entity_descriptor or entity_descriptor_url in spec")
}
// make sure claim mappings have either roles or a role template
for _, v := range o.Spec.AttributesToRoles {
if len(v.Roles) == 0 {
return trace.BadParameter("need roles field in attributes_to_roles")
}
}
return nil
}
// Check returns nil if all parameters are great, err otherwise
func (r *SAMLAuthRequest) Check() error {
switch {
case r.ConnectorID == "":
return trace.BadParameter("ConnectorID: missing value")
// we could collapse these two checks into one, but the error message would become ambiguous.
case r.SSOTestFlow && r.ConnectorSpec == nil:
return trace.BadParameter("ConnectorSpec cannot be nil when SSOTestFlow is true")
case !r.SSOTestFlow && r.ConnectorSpec != nil:
return trace.BadParameter("ConnectorSpec must be nil when SSOTestFlow is false")
}
if len(r.SshPublicKey) > 0 {
_, _, _, _, err := ssh.ParseAuthorizedKey(r.SshPublicKey)
if err != nil {
return trace.BadParameter("bad SSH public key: %v", err)
}
}
if (len(r.SshPublicKey) != 0 || len(r.TlsPublicKey) != 0) &&
(r.CertTTL > defaults.MaxCertDuration || r.CertTTL < defaults.MinCertDuration) {
return trace.BadParameter("wrong CertTTL")
}
return nil
}
// MarshalJSON marshals SAMLForceAuthn to string.
func (s SAMLForceAuthn) MarshalYAML() (interface{}, error) {
val, err := s.encode()
if err != nil {
return nil, trace.Wrap(err)
}
return val, nil
}
// UnmarshalYAML supports parsing SAMLForceAuthn from string.
func (s *SAMLForceAuthn) UnmarshalYAML(unmarshal func(interface{}) error) error {
var val any
if err := unmarshal(&val); err != nil {
return trace.Wrap(err)
}
return trace.Wrap(s.decode(val))
}
// MarshalJSON marshals SAMLForceAuthn to string.
func (s SAMLForceAuthn) MarshalJSON() ([]byte, error) {
val, err := s.encode()
if err != nil {
return nil, trace.Wrap(err)
}
out, err := json.Marshal(val)
return out, trace.Wrap(err)
}
// UnmarshalJSON supports parsing SAMLForceAuthn from string.
func (s *SAMLForceAuthn) UnmarshalJSON(data []byte) error {
var val any
if err := json.Unmarshal(data, &val); err != nil {
return trace.Wrap(err)
}
return trace.Wrap(s.decode(val))
}
func (s *SAMLForceAuthn) encode() (string, error) {
switch *s {
case SAMLForceAuthn_FORCE_AUTHN_UNSPECIFIED:
return "", nil
case SAMLForceAuthn_FORCE_AUTHN_NO:
return "no", nil
case SAMLForceAuthn_FORCE_AUTHN_YES:
return "yes", nil
default:
return "", trace.BadParameter("SAMLForceAuthn invalid value %v", *s)
}
}
func (s *SAMLForceAuthn) decode(val any) error {
switch v := val.(type) {
case string:
// try parsing as a boolean
switch strings.ToLower(v) {
case "":
*s = SAMLForceAuthn_FORCE_AUTHN_UNSPECIFIED
case "yes", "yeah", "y", "true", "1", "on":
*s = SAMLForceAuthn_FORCE_AUTHN_YES
case "no", "nope", "n", "false", "0", "off":
*s = SAMLForceAuthn_FORCE_AUTHN_NO
default:
return trace.BadParameter("SAMLForceAuthn invalid value %v", val)
}
case bool:
if v {
*s = SAMLForceAuthn_FORCE_AUTHN_YES
} else {
*s = SAMLForceAuthn_FORCE_AUTHN_NO
}
case int32:
return trace.Wrap(s.setFromEnum(v))
case int64:
return trace.Wrap(s.setFromEnum(int32(v)))
case int:
return trace.Wrap(s.setFromEnum(int32(v)))
case float64:
return trace.Wrap(s.setFromEnum(int32(v)))
case float32:
return trace.Wrap(s.setFromEnum(int32(v)))
default:
return trace.BadParameter("SAMLForceAuthn invalid type %T", val)
}
return nil
}
// setFromEnum sets the value from enum value as int32.
func (s *SAMLForceAuthn) setFromEnum(val int32) error {
if _, ok := SAMLForceAuthn_name[val]; !ok {
return trace.BadParameter("invalid SAMLForceAuthn enum %v", val)
}
*s = SAMLForceAuthn(val)
return nil
}
// SAMLConnectorValidationOptions are options for SAML connector validation.
type SAMLConnectorValidationOptions struct {
// NoFollowURLs disables following of URLs to populate SAML connector
// metadata. Useful when full metadata is not necessary, especially for
// endpoints like /webapi/ping which must not hang or fail.
NoFollowURLs bool
}
// SAMLConnectorValidationOption is an option for validation of SAML connectors.
type SAMLConnectorValidationOption func(*SAMLConnectorValidationOptions)
// SAMLConnectorValidationFollowURLs returns a SAMLConnectorValidationOptions
// that sets whether URLs should be followed while validating the connector.
func SAMLConnectorValidationFollowURLs(follow bool) SAMLConnectorValidationOption {
return func(opts *SAMLConnectorValidationOptions) {
opts.NoFollowURLs = !follow
}
}
/*
Copyright 2023 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"encoding/xml"
"fmt"
"net/url"
"sort"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/types/samlsp"
"github.com/gravitational/teleport/api/utils"
)
// The following name formats are defined in the SAML 2.0 Core OS Standard -
// https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
const (
// SAMLURINameFormat is an attribute name format that follows the convention for URI references [RFC 2396].
SAMLURINameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
// SAMLBasicNameFormat is an attribute name format that specifies a simple string value.
SAMLBasicNameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:basic"
// SAMLUnspecifiedNameFormat is an attribute name format for names that does not fall into Basic or URI category.
SAMLUnspecifiedNameFormat = "urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"
// SAMLStringType is a string value type.
SAMLStringType = "xs:string"
)
// SAML Name ID formats.
// https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf.
const (
// SAMLUnspecifiedNameIDFormat is a Name ID format of unknown type and it is upto the
// service provider to interpret the format of the value. [Saml Core v2, 8.3.1]
SAMLUnspecifiedNameIDFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
// SAMLEmailAddressNameIDFormat is a Name ID format of email address type as specified
// in IETF RFC 2822 [RFC 2822] Section 3.4.1. [Saml Core v2, 8.3.2]
SAMLEmailAddressNameIDFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
// SAMLX509SubjectNameNameIDFormat is a Name ID format of the X.509 certificate
// subject name which is used in XML Signature Recommendation (XMLSig). [Saml Core v2, 8.3.3].
SAMLX509SubjectNameNameIDFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"
// SAMLWindowsDomainQualifiedNameNameIDFormat is a Name ID format of Windows Domain Qualified
// Name whose syntax "DomainName\UserName". [Saml Core v2, 8.3.4].
SAMLWindowsDomainQualifiedNameNameIDFormat = "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName"
// SAMLKerberosPrincipalNameNameNameIDFormat is a Name ID format of Kerberos Principal Name
// whose syntax is "name[/instance]@REALM". IETF RFC 1510 [RFC 1510]. [Saml Core v2, 8.3.5].
SAMLKerberosPrincipalNameNameNameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos"
// SAMLEntityNameIDFormat is a Name ID format for SAML IdP Entity ID value. [Saml Core v2, 8.3.6].
SAMLEntityNameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"
// SAMLPersistentNameIDFormat is a Name ID format whose value is to be treated as a persistent
// user identitifer by the service provider. [Saml Core v2, 8.3.7]
SAMLPersistentNameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
// SAMLTransientNameIDFormat is a Name ID format whose value is to be treated as a temporary value by the
// service provider. [Saml Core v2, 8.3.8]
SAMLTransientNameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
)
const (
// SAMLAuthnContextPublicKeyX509ClassRef is a Public Key X.509 reference authentication standard.
// Defined in SAML 2.0 Authentication Context Standard -
// https://docs.oasis-open.org/security/saml/v2.0/saml-authn-context-2.0-os.pdf
SAMLAuthnContextPublicKeyX509ClassRef = "urn:oasis:names:tc:SAML:2.0:ac:classes:X509"
// SAMLBearerMethod is a subject confirmation method, which tells the service provider
// that the user in the context of authentication (the bearer of SAML assertion) lay claim to the SAML
// assertion value. Defined in the SAML 2.0 Technical Overview -
// http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0-cd-02.pdf
SAMLBearerMethod = "urn:oasis:names:tc:SAML:2.0:cm:bearer"
// SAMLSubjectIDName is a general purpose subject identifier as defined in SAML Subject Indentifier Attribuets -
// http://docs.oasis-open.org/security/saml-subject-id-attr/v1.0/csprd03/saml-subject-id-attr-v1.0-csprd03.pdf
SAMLSubjectIDName = "urn:oasis:names:tc:SAML:attribute:subject-id"
)
const (
// SAMLUIDFriendlyName is a user friendly name with a userid format as defiend in OID-info db -
// http://www.oid-info.com/cgi-bin/display?oid=urn%3Aoid%3A0.9.2342.19200300.100.1.1&a=display
SAMLUIDFriendlyName = "uid"
// SAMLUIDName is a URN value of UIDFriendlyName.
SAMLUIDName = "urn:oid:0.9.2342.19200300.100.1.1"
// SAMLEduPersonAffiliationFriendlyName is used to reference groups associated with a user as
// defiend in OID-info db - http://www.oid-info.com/cgi-bin/display?oid=urn%3Aoid%3A1.3.6.1.4.1.5923.1.1.1.1&a=display
SAMLEduPersonAffiliationFriendlyName = "eduPersonAffiliation"
// SAMLEduPersonAffiliationName is a URN value of EduPersonAffiliationFriendlyName.
SAMLEduPersonAffiliationName = "urn:oid:1.3.6.1.4.1.5923.1.1.1.1"
)
var (
// ErrMissingEntityDescriptorAndEntityID is returned when both entity descriptor and entity ID is empty.
ErrEmptyEntityDescriptorAndEntityID = &trace.BadParameterError{Message: "either entity_descriptor or entity_id must be provided"}
// ErrMissingEntityDescriptorAndACSURL is returned when both entity descriptor and ACS URL is empty.
ErrEmptyEntityDescriptorAndACSURL = &trace.BadParameterError{Message: "either entity_descriptor or acs_url must be provided"}
// ErrDuplicateAttributeName is returned when attribute mapping declares two or more
// attributes with the same name.
ErrDuplicateAttributeName = &trace.BadParameterError{Message: "duplicate attribute name not allowed"}
ErrUnsupportedPresetName = &trace.BadParameterError{Message: "unsupported preset name"}
)
// SAMLIdPServiceProvider specifies configuration for service providers for Teleport's built in SAML IdP.
//
// Note: The EntityID is the entity ID for the entity descriptor. This ID is checked that it
// matches the entity ID in the entity descriptor at upsert time to avoid having to parse the
// XML blob in the entity descriptor every time we need to use this resource.
type SAMLIdPServiceProvider interface {
ResourceWithLabels
// GetEntityDescriptor returns the entity descriptor of the service provider.
GetEntityDescriptor() string
// SetEntityDescriptor sets the entity descriptor of the service provider.
SetEntityDescriptor(string)
// GetEntityID returns the entity ID.
GetEntityID() string
// SetEntityID sets the entity ID.
SetEntityID(string)
// GetACSURL returns the ACS URL.
GetACSURL() string
// SetACSURL sets the ACS URL.
SetACSURL(string)
// GetPreset returns the Preset.
GetPreset() string
// GetAttributeMapping returns Attribute Mapping.
GetAttributeMapping() []*SAMLAttributeMapping
// SetAttributeMapping sets Attribute Mapping.
SetAttributeMapping([]*SAMLAttributeMapping)
// GetRelayState returns Relay State.
GetRelayState() string
// SetRelayState sets Relay State.
SetRelayState(string)
// GetLaunchURLs returns launch URLs
GetLaunchURLs() []string
// SetLaunchURLs sets launch URLs
SetLaunchURLs([]string)
// Copy returns a copy of this saml idp service provider object.
Copy() SAMLIdPServiceProvider
// CloneResource returns a copy of the SAMLIdPServiceProvider as a ResourceWithLabels
// This is helpful when interfacing with multiple types at the same time in unified resources
CloneResource() ResourceWithLabels
}
// NewSAMLIdPServiceProvider returns a new SAMLIdPServiceProvider based off a metadata object and SAMLIdPServiceProviderSpecV1.
func NewSAMLIdPServiceProvider(metadata Metadata, spec SAMLIdPServiceProviderSpecV1) (SAMLIdPServiceProvider, error) {
s := &SAMLIdPServiceProviderV1{
ResourceHeader: ResourceHeader{
Metadata: metadata,
},
Spec: spec,
}
if err := s.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return s, nil
}
// GetEntityDescriptor returns the entity descriptor.
func (s *SAMLIdPServiceProviderV1) GetEntityDescriptor() string {
return s.Spec.EntityDescriptor
}
// SetEntityDescriptor sets the entity descriptor.
func (s *SAMLIdPServiceProviderV1) SetEntityDescriptor(entityDescriptor string) {
s.Spec.EntityDescriptor = entityDescriptor
}
// GetEntityID returns the entity ID.
func (s *SAMLIdPServiceProviderV1) GetEntityID() string {
return s.Spec.EntityID
}
// SetEntityID sets the entity ID.
func (s *SAMLIdPServiceProviderV1) SetEntityID(entityID string) {
s.Spec.EntityID = entityID
}
// GetACSURL returns the ACS URL.
func (s *SAMLIdPServiceProviderV1) GetACSURL() string {
return s.Spec.ACSURL
}
// SetACSURL sets the ACS URL.
func (s *SAMLIdPServiceProviderV1) SetACSURL(acsURL string) {
s.Spec.ACSURL = acsURL
}
// GetAttributeMapping returns the Attribute Mapping.
func (s *SAMLIdPServiceProviderV1) GetAttributeMapping() []*SAMLAttributeMapping {
return s.Spec.AttributeMapping
}
// SetAttributeMapping sets Attribute Mapping.
func (s *SAMLIdPServiceProviderV1) SetAttributeMapping(attrMaps []*SAMLAttributeMapping) {
s.Spec.AttributeMapping = attrMaps
}
// GetPreset returns the Preset.
func (s *SAMLIdPServiceProviderV1) GetPreset() string {
return s.Spec.Preset
}
// GetRelayState returns Relay State.
func (s *SAMLIdPServiceProviderV1) GetRelayState() string {
return s.Spec.RelayState
}
// SetRelayState sets Relay State.
func (s *SAMLIdPServiceProviderV1) SetRelayState(relayState string) {
s.Spec.RelayState = relayState
}
// GetLaunchURLs returns Launch URLs.
func (s *SAMLIdPServiceProviderV1) GetLaunchURLs() []string {
return s.Spec.LaunchURLs
}
// SetLaunchURLs sets Launch URLs.
func (s *SAMLIdPServiceProviderV1) SetLaunchURLs(launchURLs []string) {
s.Spec.LaunchURLs = launchURLs
}
// String returns the SAML IdP service provider string representation.
func (s *SAMLIdPServiceProviderV1) String() string {
return fmt.Sprintf("SAMLIdPServiceProviderV1(Name=%v)",
s.GetName())
}
func (s *SAMLIdPServiceProviderV1) Copy() SAMLIdPServiceProvider {
return utils.CloneProtoMsg(s)
}
func (s *SAMLIdPServiceProviderV1) CloneResource() ResourceWithLabels {
return s.Copy()
}
const defaultDescription = "SAML Application"
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (s *SAMLIdPServiceProviderV1) MatchSearch(values []string) bool {
fieldVals := append(utils.MapToStrings(s.GetAllLabels()), s.GetEntityID(), s.GetName(), defaultDescription)
return MatchSearch(fieldVals, values, nil)
}
// setStaticFields sets static resource header and metadata fields.
func (s *SAMLIdPServiceProviderV1) setStaticFields() {
s.Kind = KindSAMLIdPServiceProvider
s.Version = V1
}
// CheckAndSetDefaults checks and sets default values
func (s *SAMLIdPServiceProviderV1) CheckAndSetDefaults() error {
s.setStaticFields()
if err := s.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if s.Spec.EntityDescriptor == "" {
if s.Spec.EntityID == "" {
return trace.Wrap(ErrEmptyEntityDescriptorAndEntityID)
}
if s.Spec.ACSURL == "" {
return trace.Wrap(ErrEmptyEntityDescriptorAndACSURL)
}
}
if s.Spec.EntityID == "" {
// Extract just the entityID attribute from the descriptor
ed := &struct {
EntityID string `xml:"entityID,attr"`
}{}
err := xml.Unmarshal([]byte(s.Spec.EntityDescriptor), ed)
if err != nil {
return trace.Wrap(err)
}
s.Spec.EntityID = ed.EntityID
}
attrNames := make(map[string]struct{})
for _, attributeMap := range s.GetAttributeMapping() {
if err := attributeMap.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
// check for duplicate attribute names
if _, ok := attrNames[attributeMap.Name]; ok {
return trace.Wrap(ErrDuplicateAttributeName)
}
attrNames[attributeMap.Name] = struct{}{}
}
for _, launchURL := range s.Spec.LaunchURLs {
endpoint, err := url.Parse(launchURL)
switch {
case err != nil:
return trace.BadParameter("launch URL %q could not be parsed: %v", launchURL, err)
case endpoint.Scheme != "https":
return trace.BadParameter("invalid scheme %q in launch URL %q (must be 'https')", endpoint.Scheme, launchURL)
}
}
if ok := s.checkAndSetPresetDefaults(s.Spec.Preset); !ok {
return trace.Wrap(ErrUnsupportedPresetName)
}
return nil
}
// SAMLIdPServiceProviders is a list of SAML IdP service provider resources.
type SAMLIdPServiceProviders []SAMLIdPServiceProvider
// AsResources returns these service providers as resources with labels.
func (s SAMLIdPServiceProviders) AsResources() ResourcesWithLabels {
resources := make([]ResourceWithLabels, 0, len(s))
for _, sp := range s {
resources = append(resources, sp)
}
return resources
}
// Len returns the slice length.
func (s SAMLIdPServiceProviders) Len() int { return len(s) }
// Less compares service providers by name.
func (s SAMLIdPServiceProviders) Less(i, j int) bool { return s[i].GetName() < s[j].GetName() }
// Swap swaps two service providers.
func (s SAMLIdPServiceProviders) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
// SortByCustom sorts SAMLIdPServiceProviders as per the sortBy value.
// Only ResourceMetadataName field is supported.
func (s SAMLIdPServiceProviders) SortByCustom(sortBy SortBy) error {
if sortBy.Field == "" {
return nil
}
isDesc := sortBy.IsDesc
switch sortBy.Field {
case ResourceMetadataName:
sort.SliceStable(s, func(i, j int) bool {
return stringCompare(s[i].GetName(), s[j].GetName(), isDesc)
})
default:
return trace.NotImplemented("sorting by field %q for resource %q is not supported", sortBy.Field, KindSAMLIdPServiceProvider)
}
return nil
}
// CheckAndSetDefaults check and sets SAMLAttributeMapping default values
func (am *SAMLAttributeMapping) CheckAndSetDefaults() error {
if am.Name == "" {
return trace.BadParameter("attribute name is required")
}
if am.Value == "" {
return trace.BadParameter("attribute value is required")
}
// verify name format is one of the supported
// formats - unspecifiedNameFormat, basicNameFormat or uriNameFormat
// and assign it with the URN value of that format.
switch am.NameFormat {
case "", "unspecified", SAMLUnspecifiedNameFormat:
am.NameFormat = SAMLUnspecifiedNameFormat
case "basic", SAMLBasicNameFormat:
am.NameFormat = SAMLBasicNameFormat
case "uri", SAMLURINameFormat:
am.NameFormat = SAMLURINameFormat
default:
return trace.BadParameter("invalid name format: %s", am.NameFormat)
}
return nil
}
// checkAndSetPresetDefaults checks SAMLIdPServiceProviderV1 preset field
// and applies default values to the preset type.
// preset can be either empty or one of the supported type.
func (s *SAMLIdPServiceProviderV1) checkAndSetPresetDefaults(preset string) bool {
switch preset {
case "", samlsp.Unspecified, samlsp.AWSIdentityCenter, samlsp.MicrosoftEntraID:
return true
case samlsp.GCPWorkforce:
if s.GetRelayState() == "" {
s.SetRelayState(samlsp.DefaultRelayStateGCPWorkforce)
}
return true
default:
return false
}
}
/*
Copyright 2024 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"encoding/json"
"slices"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/constants"
)
// secondFactorsFromLegacySecondFactor returns the list of SecondFactorTypes supported by the given second factor type.
func secondFactorsFromLegacySecondFactor(sf constants.SecondFactorType) []SecondFactorType {
switch sf {
case constants.SecondFactorOff:
return nil
case constants.SecondFactorOptional, constants.SecondFactorOn:
return []SecondFactorType{SecondFactorType_SECOND_FACTOR_TYPE_OTP, SecondFactorType_SECOND_FACTOR_TYPE_WEBAUTHN}
case constants.SecondFactorOTP:
return []SecondFactorType{SecondFactorType_SECOND_FACTOR_TYPE_OTP}
case constants.SecondFactorWebauthn:
return []SecondFactorType{SecondFactorType_SECOND_FACTOR_TYPE_WEBAUTHN}
default:
return nil
}
}
// LegacySecondFactorFromSecondFactors returns a suitable legacy second factor for the given list of second factors.
func LegacySecondFactorFromSecondFactors(secondFactors []SecondFactorType) constants.SecondFactorType {
hasOTP := slices.Contains(secondFactors, SecondFactorType_SECOND_FACTOR_TYPE_OTP)
hasWebAuthn := slices.Contains(secondFactors, SecondFactorType_SECOND_FACTOR_TYPE_WEBAUTHN)
hasSSO := slices.Contains(secondFactors, SecondFactorType_SECOND_FACTOR_TYPE_SSO)
switch {
case hasOTP && hasWebAuthn:
return constants.SecondFactorOn
case hasWebAuthn:
return constants.SecondFactorWebauthn
case hasOTP:
return constants.SecondFactorOTP
case hasSSO:
// In the WebUI, we can treat exclusive SSO MFA as disabled. In practice this means
// things like the "add MFA device" button is disabled, but SSO MFA prompts will still work.
// TODO(Joerger): Ensure that SSO MFA flows work in the WebUI with this change, once implemented.
return constants.SecondFactorOff
default:
return constants.SecondFactorOff
}
}
// MarshalJSON marshals SecondFactorType to string.
func (s *SecondFactorType) MarshalYAML() (interface{}, error) {
val, err := s.Encode()
if err != nil {
return nil, trace.Wrap(err)
}
return val, nil
}
// UnmarshalYAML supports parsing SecondFactorType from string.
func (s *SecondFactorType) UnmarshalYAML(unmarshal func(interface{}) error) error {
var val interface{}
err := unmarshal(&val)
if err != nil {
return trace.Wrap(err)
}
err = s.decode(val)
return trace.Wrap(err)
}
// MarshalJSON marshals SecondFactorType to string.
func (s *SecondFactorType) MarshalJSON() ([]byte, error) {
val, err := s.Encode()
if err != nil {
return nil, trace.Wrap(err)
}
out, err := json.Marshal(val)
return out, trace.Wrap(err)
}
// UnmarshalJSON supports parsing SecondFactorType from string.
func (s *SecondFactorType) UnmarshalJSON(data []byte) error {
var val interface{}
err := json.Unmarshal(data, &val)
if err != nil {
return trace.Wrap(err)
}
err = s.decode(val)
return trace.Wrap(err)
}
const (
// secondFactorTypeOTPString is the string representation of SecondFactorType_SECOND_FACTOR_TYPE_OTP
secondFactorTypeOTPString = "otp"
// secondFactorTypeWebauthnString is the string representation of SecondFactorType_SECOND_FACTOR_TYPE_WEBAUTHN
secondFactorTypeWebauthnString = "webauthn"
// secondFactorTypeSSOString is the string representation of SecondFactorType_SECOND_FACTOR_TYPE_SSO
secondFactorTypeSSOString = "sso"
)
// Encode encodes the SecondFactorType in string form.
func (s *SecondFactorType) Encode() (string, error) {
switch *s {
case SecondFactorType_SECOND_FACTOR_TYPE_UNSPECIFIED:
return "", nil
case SecondFactorType_SECOND_FACTOR_TYPE_OTP:
return secondFactorTypeOTPString, nil
case SecondFactorType_SECOND_FACTOR_TYPE_WEBAUTHN:
return secondFactorTypeWebauthnString, nil
case SecondFactorType_SECOND_FACTOR_TYPE_SSO:
return secondFactorTypeSSOString, nil
default:
return "", trace.BadParameter("invalid SecondFactorType value %v", *s)
}
}
func (s *SecondFactorType) decode(val any) error {
switch v := val.(type) {
case string:
switch v {
case secondFactorTypeOTPString:
*s = SecondFactorType_SECOND_FACTOR_TYPE_OTP
case secondFactorTypeWebauthnString:
*s = SecondFactorType_SECOND_FACTOR_TYPE_WEBAUTHN
case secondFactorTypeSSOString:
*s = SecondFactorType_SECOND_FACTOR_TYPE_SSO
case "":
*s = SecondFactorType_SECOND_FACTOR_TYPE_UNSPECIFIED
default:
return trace.BadParameter("invalid SecondFactorType value %v", val)
}
case int32:
return trace.Wrap(s.setFromEnum(v))
case int64:
return trace.Wrap(s.setFromEnum(int32(v)))
case int:
return trace.Wrap(s.setFromEnum(int32(v)))
case float64:
return trace.Wrap(s.setFromEnum(int32(v)))
case float32:
return trace.Wrap(s.setFromEnum(int32(v)))
default:
return trace.BadParameter("invalid SecondFactorType type %T", val)
}
return nil
}
// setFromEnum sets the value from enum value as int32.
func (s *SecondFactorType) setFromEnum(val int32) error {
if _, ok := SecondFactorType_name[val]; !ok {
return trace.BadParameter("invalid SecondFactorType enum %v", val)
}
*s = SecondFactorType(val)
return nil
}
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"context"
"fmt"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/constants"
)
// SemaphoreKindConnection is the semaphore kind used by
// the Concurrent Session Control feature to limit concurrent
// connections (corresponds to the `max_connections`
// role option).
const SemaphoreKindConnection = "connection"
// SemaphoreKindKubernetesConnection is the semaphore kind used by
// the Concurrent Session Control feature to limit concurrent
// connections for Kubernetes (corresponds to the `max_kubernetes_connections`
// role option).
const SemaphoreKindKubernetesConnection = "kubernetes_connection"
// SemaphoreKindHostUserModification is the semaphore kind used to limit
// the number of operations that can occur on a unix user to one at a time
const SemaphoreKindHostUserModification = "host_user_modification"
// SemaphoreKindAccessMonitoringLimiter is the semaphore kind used by
// the Access Monitoring feature during handling user queries.
const SemaphoreKindAccessMonitoringLimiter = "access_monitoring_limiter"
// SemaphoreKindUploadCompleter is the semaphore kind used by the
// auth server's upload completer to protect access to the shared
// session recordings backend.
const SemaphoreKindUploadCompleter = "upload_completer"
// SemaphoreKindAccessListReminderLimiter is the semaphore kind used by
// the periodic check which creates access list reminder notifications.
const SemaphoreKindAccessListReminderLimiter = "access_list_reminder_limiter"
// Semaphore represents distributed semaphore concept
type Semaphore interface {
// Resource contains common resource values
Resource
// Contains checks if lease is member of this semaphore.
Contains(lease SemaphoreLease) bool
// Acquire attempts to acquire a lease with this semaphore.
Acquire(leaseID string, params AcquireSemaphoreRequest) (*SemaphoreLease, error)
// KeepAlive attempts to update the expiry of an existent lease.
KeepAlive(lease SemaphoreLease) error
// Cancel attempts to cancel an existent lease.
Cancel(lease SemaphoreLease) error
// LeaseRefs grants access to the underlying list
// of lease references.
LeaseRefs() []SemaphoreLeaseRef
// RemoveExpiredLeases removes expired leases
RemoveExpiredLeases(now time.Time)
}
// ConfigureSemaphore configures an empty semaphore resource matching
// these acquire parameters.
func (s *AcquireSemaphoreRequest) ConfigureSemaphore() (Semaphore, error) {
sem := SemaphoreV3{
SubKind: s.SemaphoreKind,
Metadata: Metadata{
Name: s.SemaphoreName,
},
}
sem.SetExpiry(s.Expires)
if err := sem.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return &sem, nil
}
// Check verifies that all required parameters have been supplied.
func (s *AcquireSemaphoreRequest) Check() error {
if s.SemaphoreKind == "" {
return trace.BadParameter("missing parameter SemaphoreKind")
}
if s.SemaphoreName == "" {
return trace.BadParameter("missing parameter SemaphoreName")
}
if s.MaxLeases == 0 {
return trace.BadParameter("missing parameter MaxLeases")
}
if s.Expires.IsZero() {
return trace.BadParameter("missing parameter Expires")
}
return nil
}
// CheckAndSetDefaults checks and sets default values
func (l *SemaphoreLease) CheckAndSetDefaults() error {
if l.SemaphoreKind == "" {
return trace.BadParameter("missing parameter SemaphoreKind")
}
if l.SemaphoreName == "" {
return trace.BadParameter("missing parameter SemaphoreName")
}
if l.LeaseID == "" {
return trace.BadParameter("missing parameter LeaseID")
}
if l.Expires.IsZero() {
return trace.BadParameter("missing lease expiry time")
}
return nil
}
// Contains checks if lease is member of this semaphore.
func (c *SemaphoreV3) Contains(lease SemaphoreLease) bool {
if lease.SemaphoreKind != c.GetSubKind() || lease.SemaphoreName != c.GetName() {
return false
}
for _, ref := range c.Spec.Leases {
if ref.LeaseID == lease.LeaseID {
return true
}
}
return false
}
// Acquire attempts to acquire a lease with this semaphore.
func (c *SemaphoreV3) Acquire(leaseID string, params AcquireSemaphoreRequest) (*SemaphoreLease, error) {
if params.SemaphoreKind != c.GetSubKind() || params.SemaphoreName != c.GetName() {
return nil, trace.BadParameter("cannot acquire, params do not match")
}
if c.leaseCount() >= params.MaxLeases {
return nil, trace.LimitExceeded("cannot acquire semaphore %s/%s (%s)",
c.GetSubKind(),
c.GetName(),
constants.MaxLeases,
)
}
for _, ref := range c.Spec.Leases {
if ref.LeaseID == leaseID {
return nil, trace.AlreadyExists("semaphore lease already exists: %q", leaseID)
}
}
if params.Expires.After(c.Expiry()) {
c.SetExpiry(params.Expires)
}
c.Spec.Leases = append(c.Spec.Leases, SemaphoreLeaseRef{
LeaseID: leaseID,
Expires: params.Expires,
Holder: params.Holder,
})
return &SemaphoreLease{
SemaphoreKind: params.SemaphoreKind,
SemaphoreName: params.SemaphoreName,
LeaseID: leaseID,
Expires: params.Expires,
}, nil
}
// KeepAlive attempts to update the expiry of an existent lease.
func (c *SemaphoreV3) KeepAlive(lease SemaphoreLease) error {
if lease.SemaphoreKind != c.GetSubKind() || lease.SemaphoreName != c.GetName() {
return trace.BadParameter("cannot keepalive, lease does not match")
}
for i := range c.Spec.Leases {
if c.Spec.Leases[i].LeaseID == lease.LeaseID {
c.Spec.Leases[i].Expires = lease.Expires
if lease.Expires.After(c.Expiry()) {
c.SetExpiry(lease.Expires)
}
return nil
}
}
return trace.NotFound("cannot keepalive, lease not found: %q", lease.LeaseID)
}
// Cancel attempts to cancel an existent lease.
func (c *SemaphoreV3) Cancel(lease SemaphoreLease) error {
if lease.SemaphoreKind != c.GetSubKind() || lease.SemaphoreName != c.GetName() {
return trace.BadParameter("cannot cancel, lease does not match")
}
for i, ref := range c.Spec.Leases {
if ref.LeaseID == lease.LeaseID {
c.Spec.Leases = append(c.Spec.Leases[:i], c.Spec.Leases[i+1:]...)
return nil
}
}
return trace.NotFound("cannot cancel, lease not found: %q", lease.LeaseID)
}
// RemoveExpiredLeases removes expired leases
func (c *SemaphoreV3) RemoveExpiredLeases(now time.Time) {
// See https://github.com/golang/go/wiki/SliceTricks#filtering-without-allocating
filtered := c.Spec.Leases[:0]
for _, lease := range c.Spec.Leases {
if lease.Expires.After(now) {
filtered = append(filtered, lease)
}
}
c.Spec.Leases = filtered
}
// leaseCount returns the number of active leases
func (c *SemaphoreV3) leaseCount() int64 {
return int64(len(c.Spec.Leases))
}
// LeaseRefs grants access to the underlying list
// of lease references
func (c *SemaphoreV3) LeaseRefs() []SemaphoreLeaseRef {
return c.Spec.Leases
}
// GetVersion returns resource version
func (c *SemaphoreV3) GetVersion() string {
return c.Version
}
// GetSubKind returns resource subkind
func (c *SemaphoreV3) GetSubKind() string {
return c.SubKind
}
// SetSubKind sets resource subkind
func (c *SemaphoreV3) SetSubKind(sk string) {
c.SubKind = sk
}
// GetKind returns resource kind
func (c *SemaphoreV3) GetKind() string {
return c.Kind
}
// GetRevision returns the revision
func (c *SemaphoreV3) GetRevision() string {
return c.Metadata.GetRevision()
}
// SetRevision sets the revision
func (c *SemaphoreV3) SetRevision(rev string) {
c.Metadata.SetRevision(rev)
}
// GetName returns the name of the cluster.
func (c *SemaphoreV3) GetName() string {
return c.Metadata.Name
}
// SetName sets the name of the cluster.
func (c *SemaphoreV3) SetName(e string) {
c.Metadata.Name = e
}
// Expiry returns object expiry setting
func (c *SemaphoreV3) Expiry() time.Time {
return c.Metadata.Expiry()
}
// SetExpiry sets expiry time for the object
func (c *SemaphoreV3) SetExpiry(expires time.Time) {
c.Metadata.SetExpiry(expires)
}
// GetMetadata returns object metadata
func (c *SemaphoreV3) GetMetadata() Metadata {
return c.Metadata
}
// String represents a human readable version of the semaphore.
func (c *SemaphoreV3) String() string {
return fmt.Sprintf("Semaphore(kind=%v, name=%v, leases=%v)",
c.SubKind, c.Metadata.Name, c.leaseCount())
}
// setStaticFields sets static resource header and metadata fields.
func (c *SemaphoreV3) setStaticFields() {
c.Kind = KindSemaphore
c.Version = V3
}
// CheckAndSetDefaults checks validity of all parameters and sets defaults.
func (c *SemaphoreV3) CheckAndSetDefaults() error {
c.setStaticFields()
if err := c.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
// While theoretically there are scenarios with non-expiring semaphores
// however the flow don't need them right now, and they add a lot of edge
// cases, so the code does not support them.
if c.Expiry().IsZero() {
return trace.BadParameter("set semaphore expiry time")
}
if c.SubKind == "" {
return trace.BadParameter("supply semaphore SubKind parameter")
}
return nil
}
// Semaphores provides ability to control
// how many shared resources of some kind are acquired at the same time,
// used to implement concurrent sessions control in a distributed environment
type Semaphores interface {
// AcquireSemaphore acquires lease with requested resources from semaphore
AcquireSemaphore(ctx context.Context, params AcquireSemaphoreRequest) (*SemaphoreLease, error)
// KeepAliveSemaphoreLease updates semaphore lease
KeepAliveSemaphoreLease(ctx context.Context, lease SemaphoreLease) error
// CancelSemaphoreLease cancels semaphore lease early
CancelSemaphoreLease(ctx context.Context, lease SemaphoreLease) error
// GetSemaphores returns a list of semaphores matching supplied filter.
GetSemaphores(ctx context.Context, filter SemaphoreFilter) ([]Semaphore, error)
// ListSemaphores returns a page of semaphores matching supplied filter.
ListSemaphores(ctx context.Context, limit int, start string, filter *SemaphoreFilter) ([]Semaphore, string, error)
// DeleteSemaphore deletes a semaphore matching supplied filter.
DeleteSemaphore(ctx context.Context, filter SemaphoreFilter) error
}
// Match checks if the supplied semaphore matches this filter.
func (f *SemaphoreFilter) Match(sem Semaphore) bool {
if f.GetSemaphoreKind() != "" && f.GetSemaphoreKind() != sem.GetSubKind() {
return false
}
if f.GetSemaphoreName() != "" && f.GetSemaphoreName() != sem.GetName() {
return false
}
return true
}
// GetSemaphoreKind returns the semaphore kind to filter by if filter is non-nil
func (f *SemaphoreFilter) GetSemaphoreKind() string {
if f == nil {
return ""
}
return f.SemaphoreKind
}
// GetSemaphoreName returns the semaphore name to filter by if filter is non-nil
func (f *SemaphoreFilter) GetSemaphoreName() string {
if f == nil {
return ""
}
return f.SemaphoreName
}
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"fmt"
"net"
"sort"
"strings"
"time"
"github.com/charlievieth/strcase"
"github.com/google/uuid"
"github.com/gravitational/trace"
componentfeaturesv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/componentfeatures/v1"
"github.com/gravitational/teleport/api/utils"
"github.com/gravitational/teleport/api/utils/aws"
)
// Server represents a Node, Proxy or Auth server in a Teleport cluster
type Server interface {
// ResourceWithLabels provides common resource headers
ResourceWithLabels
// GetTeleportVersion returns the teleport version the server is running on
GetTeleportVersion() string
// GetAddr return server address
GetAddr() string
// GetHostname returns server hostname
GetHostname() string
// GetNamespace returns server namespace
GetNamespace() string
// GetLabels returns server's static label key pairs
GetLabels() map[string]string
// GetCmdLabels gets command labels
GetCmdLabels() map[string]CommandLabel
// SetCmdLabels sets command labels.
SetCmdLabels(cmdLabels map[string]CommandLabel)
// GetPublicAddr returns a public address where this server can be reached.
GetPublicAddr() string
// GetPublicAddrs returns a list of public addresses where this server can be reached.
GetPublicAddrs() []string
// GetRotation gets the state of certificate authority rotation.
GetRotation() Rotation
// SetRotation sets the state of certificate authority rotation.
SetRotation(Rotation)
// GetUseTunnel gets if a reverse tunnel should be used to connect to this node.
GetUseTunnel() bool
// SetUseTunnel sets if a reverse tunnel should be used to connect to this node.
SetUseTunnel(bool)
// String returns string representation of the server
String() string
// SetAddr sets server address
SetAddr(addr string)
// SetPublicAddrs sets the public addresses where this server can be reached.
SetPublicAddrs([]string)
// SetNamespace sets server namespace
SetNamespace(namespace string)
// GetPeerAddr returns the peer address of the server.
GetPeerAddr() string
// SetPeerAddr sets the peer address of the server.
SetPeerAddr(string)
// ProxiedService provides common methods for a proxied service.
ProxiedService
// GetRelayGroup returns the name of the Relay group that the server is
// connected to.
GetRelayGroup() string
// GetRelayIDs returns the list of Relay host IDs that the server is
// connected to.
GetRelayIDs() []string
// DeepCopy creates a clone of this server value
DeepCopy() Server
// CloneResource is used to return a clone of the Server and match the CloneAny interface
// This is helpful when interfacing with multiple types at the same time in unified resources
CloneResource() ResourceWithLabels
// GetCloudMetadata gets the cloud metadata for the server.
GetCloudMetadata() *CloudMetadata
// GetAWSInfo returns the AWSInfo for the server.
GetAWSInfo() *AWSInfo
// SetCloudMetadata sets the server's cloud metadata.
SetCloudMetadata(meta *CloudMetadata)
// IsOpenSSHNode returns whether the connection to this Server must use OpenSSH.
// This returns true for SubKindOpenSSHNode and SubKindOpenSSHEICENode.
IsOpenSSHNode() bool
// IsEICE returns whether the Node is an EICE instance.
// Must be `openssh-ec2-ice` subkind and have the AccountID and InstanceID information (AWS Metadata or Labels).
IsEICE() bool
// GetAWSInstanceID returns the AWS Instance ID if this node comes from an EC2 instance.
GetAWSInstanceID() string
// GetAWSAccountID returns the AWS Account ID if this node comes from an EC2 instance.
GetAWSAccountID() string
// GetGitHub returns the GitHub server spec.
GetGitHub() *GitHubServerMetadata
// GetScope returns the scope this server belongs to.
GetScope() string
// GetComponentFeatures returns the supported features for the server.
GetComponentFeatures() *componentfeaturesv1.ComponentFeatures
// SetComponentFeatures sets the supported features for the server.
SetComponentFeatures(*componentfeaturesv1.ComponentFeatures)
}
// NewServer creates an instance of Server.
func NewServer(name, kind string, spec ServerSpecV2) (Server, error) {
return NewServerWithLabels(name, kind, spec, map[string]string{})
}
// NewServerWithLabels is a convenience method to create
// ServerV2 with a specific map of labels.
func NewServerWithLabels(name, kind string, spec ServerSpecV2, labels map[string]string) (Server, error) {
server := &ServerV2{
Kind: kind,
Metadata: Metadata{
Name: name,
Labels: labels,
},
Spec: spec,
}
if err := server.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return server, nil
}
// NewNode is a convenience method to create a Server of Kind Node.
func NewNode(name, subKind string, spec ServerSpecV2, labels map[string]string) (Server, error) {
server := &ServerV2{
Kind: KindNode,
SubKind: subKind,
Metadata: Metadata{
Name: name,
Labels: labels,
},
Spec: spec,
}
if err := server.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return server, nil
}
// NewNode is a convenience method to create an EICE Node.
func NewEICENode(spec ServerSpecV2, labels map[string]string) (Server, error) {
server := &ServerV2{
Kind: KindNode,
SubKind: SubKindOpenSSHEICENode,
Metadata: Metadata{
Labels: labels,
},
Spec: spec,
}
if err := server.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return server, nil
}
// NewGitHubServer creates a new Git server for GitHub.
func NewGitHubServer(githubSpec GitHubServerMetadata) (Server, error) {
return NewGitHubServerWithName(uuid.NewString(), githubSpec)
}
// NewGitHubServerWithName creates a new Git server for GitHub with provided
// name.
func NewGitHubServerWithName(name string, githubSpec GitHubServerMetadata) (Server, error) {
server := &ServerV2{
Kind: KindGitServer,
SubKind: SubKindGitHub,
Metadata: Metadata{
Name: name,
},
Spec: ServerSpecV2{
GitHub: &githubSpec,
},
}
if err := server.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return server, nil
}
// GetComponentFeatures returns the supported features for the server.
func (s *ServerV2) GetComponentFeatures() *componentfeaturesv1.ComponentFeatures {
return s.Spec.ComponentFeatures
}
// SetComponentFeatures sets the supported features for the server.
func (s *ServerV2) SetComponentFeatures(features *componentfeaturesv1.ComponentFeatures) {
s.Spec.ComponentFeatures = features
}
// GetVersion returns resource version
func (s *ServerV2) GetVersion() string {
return s.Version
}
// GetTeleportVersion returns the teleport version the server is running on
func (s *ServerV2) GetTeleportVersion() string {
return s.Spec.Version
}
// GetKind returns resource kind
func (s *ServerV2) GetKind() string {
return s.Kind
}
// GetSubKind returns resource sub kind
func (s *ServerV2) GetSubKind() string {
// if the server is a node subkind isn't set, this is a teleport node.
if s.Kind == KindNode && s.SubKind == "" {
return SubKindTeleportNode
}
return s.SubKind
}
// SetSubKind sets resource subkind
func (s *ServerV2) SetSubKind(sk string) {
s.SubKind = sk
}
// GetRevision returns the revision
func (s *ServerV2) GetRevision() string {
return s.Metadata.GetRevision()
}
// SetRevision sets the revision
func (s *ServerV2) SetRevision(rev string) {
s.Metadata.SetRevision(rev)
}
// GetMetadata returns metadata
func (s *ServerV2) GetMetadata() Metadata {
return s.Metadata
}
// SetNamespace sets server namespace
func (s *ServerV2) SetNamespace(namespace string) {
s.Metadata.Namespace = namespace
}
// SetAddr sets server address
func (s *ServerV2) SetAddr(addr string) {
s.Spec.Addr = addr
}
// SetExpiry sets expiry time for the object
func (s *ServerV2) SetExpiry(expires time.Time) {
s.Metadata.SetExpiry(expires)
}
// Expiry returns object expiry setting
func (s *ServerV2) Expiry() time.Time {
return s.Metadata.Expiry()
}
// SetPublicAddrs sets the public proxy addresses where this server can be reached.
func (s *ServerV2) SetPublicAddrs(addrs []string) {
s.Spec.PublicAddrs = addrs
}
// GetName returns server name
func (s *ServerV2) GetName() string {
return s.Metadata.Name
}
// SetName sets the name of the TrustedCluster.
func (s *ServerV2) SetName(e string) {
s.Metadata.Name = e
}
// GetAddr return server address
func (s *ServerV2) GetAddr() string {
return s.Spec.Addr
}
// GetPublicAddr returns a public address where this server can be reached.
func (s *ServerV2) GetPublicAddr() string {
addrs := s.GetPublicAddrs()
if len(addrs) != 0 {
return addrs[0]
}
return ""
}
// GetPublicAddrs returns a list of public addresses where this server can be reached.
func (s *ServerV2) GetPublicAddrs() []string {
return s.Spec.PublicAddrs
}
// GetRotation gets the state of certificate authority rotation.
func (s *ServerV2) GetRotation() Rotation {
return s.Spec.Rotation
}
// SetRotation sets the state of certificate authority rotation.
func (s *ServerV2) SetRotation(r Rotation) {
s.Spec.Rotation = r
}
// GetUseTunnel gets if a reverse tunnel should be used to connect to this node.
func (s *ServerV2) GetUseTunnel() bool {
return s.Spec.UseTunnel
}
// SetUseTunnel sets if a reverse tunnel should be used to connect to this node.
func (s *ServerV2) SetUseTunnel(useTunnel bool) {
s.Spec.UseTunnel = useTunnel
}
// GetHostname returns server hostname
func (s *ServerV2) GetHostname() string {
return s.Spec.Hostname
}
// GetLabel retrieves the label with the provided key. If not found
// value will be empty and ok will be false.
func (s *ServerV2) GetLabel(key string) (value string, ok bool) {
if cmd, ok := s.Spec.CmdLabels[key]; ok {
return cmd.Result, ok
}
v, ok := s.Metadata.Labels[key]
return v, ok
}
// GetLabels returns server's static label key pairs.
// GetLabels and GetStaticLabels are the same, and that is intentional. GetLabels
// exists to preserve backwards compatibility, while GetStaticLabels exists to
// implement ResourcesWithLabels.
func (s *ServerV2) GetLabels() map[string]string {
return s.Metadata.Labels
}
// GetStaticLabels returns the server static labels.
// GetLabels and GetStaticLabels are the same, and that is intentional. GetLabels
// exists to preserve backwards compatibility, while GetStaticLabels exists to
// implement ResourcesWithLabels.
func (s *ServerV2) GetStaticLabels() map[string]string {
return s.Metadata.Labels
}
// SetStaticLabels sets the server static labels.
func (s *ServerV2) SetStaticLabels(sl map[string]string) {
s.Metadata.Labels = sl
}
// GetCmdLabels returns command labels
func (s *ServerV2) GetCmdLabels() map[string]CommandLabel {
if s.Spec.CmdLabels == nil {
return nil
}
return V2ToLabels(s.Spec.CmdLabels)
}
// Origin returns the origin value of the resource.
func (s *ServerV2) Origin() string {
return s.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (s *ServerV2) SetOrigin(origin string) {
s.Metadata.SetOrigin(origin)
}
// SetCmdLabels sets dynamic labels.
func (s *ServerV2) SetCmdLabels(cmdLabels map[string]CommandLabel) {
s.Spec.CmdLabels = LabelsToV2(cmdLabels)
}
func (s *ServerV2) String() string {
return fmt.Sprintf("Server(name=%v, namespace=%v, addr=%v, labels=%v)", s.Metadata.Name, s.Metadata.Namespace, s.Spec.Addr, s.Metadata.Labels)
}
// GetNamespace returns server namespace
func (s *ServerV2) GetNamespace() string {
return ProcessNamespace(s.Metadata.Namespace)
}
// GetProxyID returns the proxy id this server is connected to.
func (s *ServerV2) GetProxyIDs() []string {
return s.Spec.ProxyIDs
}
// SetProxyID sets the proxy ids this server is connected to.
func (s *ServerV2) SetProxyIDs(proxyIDs []string) {
s.Spec.ProxyIDs = proxyIDs
}
// GetRelayGroup implements [Server].
func (s *ServerV2) GetRelayGroup() string {
if s == nil {
return ""
}
return s.Spec.RelayGroup
}
// GetRelayIDs implements [Server].
func (s *ServerV2) GetRelayIDs() []string {
if s == nil {
return nil
}
return s.Spec.RelayIds
}
// GetAllLabels returns the full key:value map of both static labels and
// "command labels"
func (s *ServerV2) GetAllLabels() map[string]string {
// server labels (static and dynamic)
labels := CombineLabels(s.Metadata.Labels, s.Spec.CmdLabels)
return labels
}
// CombineLabels combines the passed in static and dynamic labels.
func CombineLabels(static map[string]string, dynamic map[string]CommandLabelV2) map[string]string {
if len(dynamic) == 0 {
return static
}
lmap := make(map[string]string, len(static)+len(dynamic))
for key, value := range static {
lmap[key] = value
}
for key, cmd := range dynamic {
lmap[key] = cmd.Result
}
return lmap
}
// GetPeerAddr returns the peer address of the server.
func (s *ServerV2) GetPeerAddr() string {
return s.Spec.PeerAddr
}
// SetPeerAddr sets the peer address of the server.
func (s *ServerV2) SetPeerAddr(addr string) {
s.Spec.PeerAddr = addr
}
// setStaticFields sets static resource header and metadata fields.
func (s *ServerV2) setStaticFields() {
s.Version = V2
}
// IsOpenSSHNode returns whether the connection to this Server must use OpenSSH.
// This returns true for SubKindOpenSSHNode and SubKindOpenSSHEICENode.
func (s *ServerV2) IsOpenSSHNode() bool {
return IsOpenSSHNodeSubKind(s.SubKind)
}
// IsOpenSSHNodeSubKind returns whether the Node SubKind is from a server which accepts connections over the
// OpenSSH daemon (instead of a Teleport Node).
func IsOpenSSHNodeSubKind(subkind string) bool {
return subkind == SubKindOpenSSHNode || subkind == SubKindOpenSSHEICENode
}
// GetAWSAccountID returns the AWS Account ID if this node comes from an EC2 instance.
func (s *ServerV2) GetAWSAccountID() string {
awsAccountID, _ := s.GetLabel(AWSAccountIDLabel)
awsMetadata := s.GetAWSInfo()
if awsMetadata != nil && awsMetadata.AccountID != "" {
awsAccountID = awsMetadata.AccountID
}
return awsAccountID
}
// GetAWSInstanceID returns the AWS Instance ID if this node comes from an EC2 instance.
func (s *ServerV2) GetAWSInstanceID() string {
awsInstanceID, _ := s.GetLabel(AWSInstanceIDLabel)
awsMetadata := s.GetAWSInfo()
if awsMetadata != nil && awsMetadata.InstanceID != "" {
awsInstanceID = awsMetadata.InstanceID
}
return awsInstanceID
}
// IsEICE returns whether the Node is an EICE instance.
// Must be `openssh-ec2-ice` subkind and have the AccountID and InstanceID information (AWS Metadata or Labels).
func (s *ServerV2) IsEICE() bool {
if s.SubKind != SubKindOpenSSHEICENode {
return false
}
return s.GetAWSAccountID() != "" && s.GetAWSInstanceID() != ""
}
// GetGitHub returns the GitHub server spec.
func (s *ServerV2) GetGitHub() *GitHubServerMetadata {
return s.Spec.GitHub
}
// openSSHNodeCheckAndSetDefaults are common validations for OpenSSH nodes.
// They include SubKindOpenSSHNode and SubKindOpenSSHEICENode.
func (s *ServerV2) openSSHNodeCheckAndSetDefaults() error {
if s.Spec.Addr == "" {
return trace.BadParameter("addr must be set when server SubKind is %q", s.GetSubKind())
}
if len(s.GetPublicAddrs()) != 0 {
return trace.BadParameter("publicAddrs must not be set when server SubKind is %q", s.GetSubKind())
}
if s.Spec.Hostname == "" {
return trace.BadParameter("hostname must be set when server SubKind is %q", s.GetSubKind())
}
_, _, err := net.SplitHostPort(s.Spec.Addr)
if err != nil {
return trace.BadParameter("invalid Addr %q: %v", s.Spec.Addr, err)
}
return nil
}
// openSSHEC2InstanceConnectEndpointNodeCheckAndSetDefaults are validations for SubKindOpenSSHEICENode.
func (s *ServerV2) openSSHEC2InstanceConnectEndpointNodeCheckAndSetDefaults() error {
if err := s.openSSHNodeCheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
// AWS fields are required for SubKindOpenSSHEICENode.
switch {
case s.Spec.CloudMetadata == nil || s.Spec.CloudMetadata.AWS == nil:
return trace.BadParameter("missing AWS CloudMetadata (required for %q SubKind)", s.SubKind)
case s.Spec.CloudMetadata.AWS.AccountID == "":
return trace.BadParameter("missing AWS Account ID (required for %q SubKind)", s.SubKind)
case s.Spec.CloudMetadata.AWS.Region == "":
return trace.BadParameter("missing AWS Region (required for %q SubKind)", s.SubKind)
case s.Spec.CloudMetadata.AWS.Integration == "":
return trace.BadParameter("missing AWS OIDC Integration (required for %q SubKind)", s.SubKind)
case s.Spec.CloudMetadata.AWS.InstanceID == "":
return trace.BadParameter("missing AWS InstanceID (required for %q SubKind)", s.SubKind)
case s.Spec.CloudMetadata.AWS.VPCID == "":
return trace.BadParameter("missing AWS VPC ID (required for %q SubKind)", s.SubKind)
case s.Spec.CloudMetadata.AWS.SubnetID == "":
return trace.BadParameter("missing AWS Subnet ID (required for %q SubKind)", s.SubKind)
}
return nil
}
// serverNameForEICE returns the deterministic Server's name for an EICE instance.
// This name must comply with the expected format for EC2 Nodes as defined here: api/utils/aws.IsEC2NodeID
// Returns an error if AccountID or InstanceID is not present.
func serverNameForEICE(s *ServerV2) (string, error) {
awsAccountID := s.GetAWSAccountID()
awsInstanceID := s.GetAWSInstanceID()
if awsAccountID != "" && awsInstanceID != "" {
eiceNodeName := fmt.Sprintf("%s-%s", awsAccountID, awsInstanceID)
if !aws.IsEC2NodeID(eiceNodeName) {
return "", trace.BadParameter("invalid account %q or instance id %q", awsAccountID, awsInstanceID)
}
return eiceNodeName, nil
}
return "", trace.BadParameter("missing account id or instance id in %s node", SubKindOpenSSHEICENode)
}
// CheckAndSetDefaults checks and set default values for any missing fields.
func (s *ServerV2) CheckAndSetDefaults() error {
// TODO(awly): default s.Metadata.Expiry if not set (use
// defaults.ServerAnnounceTTL).
s.setStaticFields()
if s.Metadata.Name == "" {
switch s.SubKind {
case SubKindOpenSSHEICENode:
// For EICE nodes, use a deterministic name.
eiceNodeName, err := serverNameForEICE(s)
if err != nil {
return trace.Wrap(err)
}
s.Metadata.Name = eiceNodeName
case SubKindOpenSSHNode:
// if the server is a registered OpenSSH node, allow the name to be
// randomly generated
s.Metadata.Name = uuid.NewString()
case SubKindGitHub:
s.Metadata.Name = uuid.NewString()
}
}
if err := s.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
switch s.Kind {
case "":
return trace.BadParameter("server Kind is empty")
case KindNode:
if err := s.nodeCheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
case KindGitServer:
if err := s.gitServerCheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
default:
if s.SubKind != "" {
return trace.BadParameter(`server SubKind must only be set when Kind is "node" or "git_server"`)
}
}
for key := range s.Spec.CmdLabels {
if !IsValidLabelKey(key) {
return trace.BadParameter("invalid label key: %q", key)
}
}
return nil
}
func (s *ServerV2) nodeCheckAndSetDefaults() error {
switch s.SubKind {
case "", SubKindTeleportNode:
// allow but do nothing
case SubKindOpenSSHNode:
if err := s.openSSHNodeCheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
case SubKindOpenSSHEICENode:
if err := s.openSSHEC2InstanceConnectEndpointNodeCheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
default:
return trace.BadParameter("invalid SubKind %q of Kind %q", s.SubKind, s.Kind)
}
return nil
}
func (s *ServerV2) gitServerCheckAndSetDefaults() error {
switch s.SubKind {
case SubKindGitHub:
return trace.Wrap(s.githubCheckAndSetDefaults())
default:
return trace.BadParameter("invalid SubKind %q of Kind %q", s.SubKind, s.Kind)
}
}
func (s *ServerV2) githubCheckAndSetDefaults() error {
if s.Spec.GitHub == nil {
return trace.BadParameter("github must be set for Subkind %q", s.SubKind)
}
if s.Spec.GitHub.Integration == "" {
return trace.BadParameter("integration must be set for Subkind %q", s.SubKind)
}
if err := ValidateGitHubOrganizationName(s.Spec.GitHub.Organization); err != nil {
return trace.Wrap(err, "invalid GitHub organization name")
}
// Set SSH host port for connection and "fake" hostname for routing. These
// values are hard-coded and cannot be customized.
s.Spec.Addr = "github.com:22"
s.Spec.Hostname = MakeGitHubOrgServerDomain(s.Spec.GitHub.Organization)
if s.Metadata.Labels == nil {
s.Metadata.Labels = make(map[string]string)
}
s.Metadata.Labels[GitHubOrgLabel] = s.Spec.GitHub.Organization
return nil
}
// MatchSearch goes through select field values and tries to
// match against the list of search values.
func (s *ServerV2) MatchSearch(values []string) bool {
switch s.Kind {
case KindNode, KindGitServer:
default:
return false
}
Outer:
for _, searchV := range values {
for key, value := range s.Metadata.Labels {
if strcase.Contains(key, searchV) || strcase.Contains(value, searchV) {
continue Outer
}
}
for key, cmd := range s.Spec.CmdLabels {
if strcase.Contains(key, searchV) || strcase.Contains(cmd.Result, searchV) {
continue Outer
}
}
if strcase.Contains(s.Metadata.Name, searchV) {
continue
}
if strcase.Contains(s.Spec.Hostname, searchV) {
continue
}
if strcase.Contains(s.Spec.Addr, searchV) {
continue
}
for _, addr := range s.Spec.PublicAddrs {
if strcase.Contains(addr, searchV) {
continue Outer
}
}
if s.GetUseTunnel() && strings.EqualFold(searchV, "tunnel") {
continue
}
// When no fields matched a value, prematurely end if we can.
return false
}
return true
}
// DeepCopy creates a clone of this server value
func (s *ServerV2) DeepCopy() Server {
return utils.CloneProtoMsg(s)
}
// CloneResource creates a clone of this server value
func (s *ServerV2) CloneResource() ResourceWithLabels {
return s.DeepCopy()
}
// GetCloudMetadata gets the cloud metadata for the server.
func (s *ServerV2) GetCloudMetadata() *CloudMetadata {
return s.Spec.CloudMetadata
}
// GetAWSInfo gets the AWS Cloud metadata for the server.
func (s *ServerV2) GetAWSInfo() *AWSInfo {
if s.Spec.CloudMetadata == nil {
return nil
}
return s.Spec.CloudMetadata.AWS
}
// SetCloudMetadata sets the server's cloud metadata.
func (s *ServerV2) SetCloudMetadata(meta *CloudMetadata) {
s.Spec.CloudMetadata = meta
}
// GetScope returns the scope this server belongs to.
func (s *ServerV2) GetScope() string {
return s.Scope
}
// CommandLabel is a label that has a value as a result of the
// output generated by running command, e.g. hostname
type CommandLabel interface {
// GetPeriod returns label period
GetPeriod() time.Duration
// SetPeriod sets label period
SetPeriod(time.Duration)
// GetResult returns label result
GetResult() string
// SetResult sets label result
SetResult(string)
// GetCommand returns to execute and set as a label result
GetCommand() []string
// Clone returns label copy
Clone() CommandLabel
}
// Clone returns non-shallow copy of the label
func (c *CommandLabelV2) Clone() CommandLabel {
command := make([]string, len(c.Command))
copy(command, c.Command)
return &CommandLabelV2{
Command: command,
Period: c.Period,
Result: c.Result,
}
}
// SetResult sets label result
func (c *CommandLabelV2) SetResult(r string) {
c.Result = r
}
// SetPeriod sets label period
func (c *CommandLabelV2) SetPeriod(p time.Duration) {
c.Period = Duration(p)
}
// GetPeriod returns label period
func (c *CommandLabelV2) GetPeriod() time.Duration {
return c.Period.Duration()
}
// GetResult returns label result
func (c *CommandLabelV2) GetResult() string {
return c.Result
}
// GetCommand returns to execute and set as a label result
func (c *CommandLabelV2) GetCommand() []string {
return c.Command
}
// V2ToLabels converts concrete type to command label interface.
func V2ToLabels(l map[string]CommandLabelV2) map[string]CommandLabel {
out := make(map[string]CommandLabel, len(l))
for key := range l {
val := l[key]
out[key] = &val
}
return out
}
// LabelsToV2 converts labels from interface to V2 spec
func LabelsToV2(labels map[string]CommandLabel) map[string]CommandLabelV2 {
out := make(map[string]CommandLabelV2, len(labels))
for key, val := range labels {
out[key] = CommandLabelV2{
Period: NewDuration(val.GetPeriod()),
Result: val.GetResult(),
Command: val.GetCommand(),
}
}
return out
}
// Servers represents a list of servers.
type Servers []Server
// Len returns the slice length.
func (s Servers) Len() int { return len(s) }
// Less compares servers by name.
func (s Servers) Less(i, j int) bool {
return s[i].GetName() < s[j].GetName()
}
// Swap swaps two servers.
func (s Servers) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
// SortByCustom custom sorts by given sort criteria.
func (s Servers) SortByCustom(sortBy SortBy) error {
if sortBy.Field == "" {
return nil
}
isDesc := sortBy.IsDesc
switch sortBy.Field {
case ResourceMetadataName:
sort.SliceStable(s, func(i, j int) bool {
return stringCompare(s[i].GetName(), s[j].GetName(), isDesc)
})
case ResourceSpecHostname:
sort.SliceStable(s, func(i, j int) bool {
return stringCompare(s[i].GetHostname(), s[j].GetHostname(), isDesc)
})
case ResourceSpecAddr:
sort.SliceStable(s, func(i, j int) bool {
return stringCompare(s[i].GetAddr(), s[j].GetAddr(), isDesc)
})
default:
return trace.NotImplemented("sorting by field %q for resource %q is not supported", sortBy.Field, KindNode)
}
return nil
}
// AsResources returns as type resources with labels.
func (s Servers) AsResources() []ResourceWithLabels {
resources := make([]ResourceWithLabels, 0, len(s))
for _, server := range s {
resources = append(resources, ResourceWithLabels(server))
}
return resources
}
// GetFieldVals returns list of select field values.
func (s Servers) GetFieldVals(field string) ([]string, error) {
vals := make([]string, 0, len(s))
switch field {
case ResourceMetadataName:
for _, server := range s {
vals = append(vals, server.GetName())
}
case ResourceSpecHostname:
for _, server := range s {
vals = append(vals, server.GetHostname())
}
case ResourceSpecAddr:
for _, server := range s {
vals = append(vals, server.GetAddr())
}
default:
return nil, trace.NotImplemented("getting field %q for resource %q is not supported", field, KindNode)
}
return vals, nil
}
// MakeGitHubOrgServerDomain creates a special domain name used in server's
// host address to identify the GitHub organization.
func MakeGitHubOrgServerDomain(org string) string {
return fmt.Sprintf("%s.%s", org, GitHubOrgServerDomain)
}
// GetGitHubOrgFromNodeAddr parses the organization from the node address.
func GetGitHubOrgFromNodeAddr(addr string) (string, bool) {
if host, _, err := net.SplitHostPort(addr); err == nil {
addr = host
}
if strings.HasSuffix(addr, "."+GitHubOrgServerDomain) {
return strings.TrimSuffix(addr, "."+GitHubOrgServerDomain), true
}
return "", false
}
// GetOrganizationURL returns the URL to the GitHub organization.
func (m *GitHubServerMetadata) GetOrganizationURL() string {
if m == nil {
return ""
}
// Public github.com for now.
return fmt.Sprintf("%s/%s", GithubURL, m.Organization)
}
/*
Copyright 2023 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"fmt"
"strings"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
// ServerInfo represents info that should be applied to joining Nodes.
type ServerInfo interface {
// ResourceWithLabels provides common resource headers
ResourceWithLabels
// GetNewLabels gets the labels to apply to matched Nodes.
GetNewLabels() map[string]string
// SetNewLabels sets the labels to apply to matched Nodes.
SetNewLabels(map[string]string)
}
// NewServerInfo creates an instance of ServerInfo.
func NewServerInfo(meta Metadata, spec ServerInfoSpecV1) (ServerInfo, error) {
si := &ServerInfoV1{
Metadata: meta,
Spec: spec,
}
if err := si.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return si, nil
}
// GetKind returns resource kind
func (s *ServerInfoV1) GetKind() string {
return s.Kind
}
// GetSubKind returns resource subkind
func (s *ServerInfoV1) GetSubKind() string {
return s.SubKind
}
// SetSubKind sets resource subkind
func (s *ServerInfoV1) SetSubKind(subkind string) {
s.SubKind = subkind
}
// GetVersion returns resource version
func (s *ServerInfoV1) GetVersion() string {
return s.Version
}
// GetName returns the name of the resource
func (s *ServerInfoV1) GetName() string {
return s.Metadata.Name
}
// SetName sets the name of the resource
func (s *ServerInfoV1) SetName(name string) {
s.Metadata.Name = name
}
// Expiry returns object expiry setting
func (s *ServerInfoV1) Expiry() time.Time {
return s.Metadata.Expiry()
}
// SetExpiry sets object expiry
func (s *ServerInfoV1) SetExpiry(expiry time.Time) {
s.Metadata.SetExpiry(expiry)
}
// GetMetadata returns object metadata
func (s *ServerInfoV1) GetMetadata() Metadata {
return s.Metadata
}
// GetRevision returns the revision
func (s *ServerInfoV1) GetRevision() string {
return s.Metadata.GetRevision()
}
// SetRevision sets the revision
func (s *ServerInfoV1) SetRevision(rev string) {
s.Metadata.SetRevision(rev)
}
// Origin returns the origin value of the resource.
func (s *ServerInfoV1) Origin() string {
return s.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (s *ServerInfoV1) SetOrigin(o string) {
s.Metadata.SetOrigin(o)
}
// GetLabel retrieves the label with the provided key.
func (s *ServerInfoV1) GetLabel(key string) (string, bool) {
value, ok := s.Metadata.Labels[key]
return value, ok
}
// GetAllLabels returns all resource's labels.
func (s *ServerInfoV1) GetAllLabels() map[string]string {
return s.Metadata.Labels
}
// GetStaticLabels returns the resource's static labels.
func (s *ServerInfoV1) GetStaticLabels() map[string]string {
return s.Metadata.Labels
}
// SetStaticLabels sets the resource's static labels.
func (s *ServerInfoV1) SetStaticLabels(sl map[string]string) {
s.Metadata.Labels = sl
}
// MatchSearch goes through select field values of a resource
// and tries to match against the list of search values.
func (s *ServerInfoV1) MatchSearch(searchValues []string) bool {
fieldVals := append(
utils.MapToStrings(s.GetAllLabels()),
s.GetName(),
)
return MatchSearch(fieldVals, searchValues, nil)
}
// GetNewLabels gets the labels to apply to matched Nodes.
func (s *ServerInfoV1) GetNewLabels() map[string]string {
return s.Spec.NewLabels
}
// SetNewLabels sets the labels to apply to matched Nodes.
func (s *ServerInfoV1) SetNewLabels(labels map[string]string) {
s.Spec.NewLabels = labels
s.fixLabels()
}
// fixLabels sets the namespace of this ServerInfo's labels to match the
// matching scheme indicated by the name.
func (s *ServerInfoV1) fixLabels() {
// Determine which prefix the labels need, if any.
namePrefix, _, found := strings.Cut(s.GetName(), "-")
if !found {
return
}
var labelPrefix string
switch namePrefix {
case "aws":
labelPrefix = "aws/"
case "si":
labelPrefix = TeleportDynamicLabelPrefix
default:
return
}
// Replace the prefix on existing labels.
for k, v := range s.Spec.NewLabels {
prefix, name, _ := strings.Cut(k, "/")
if name == "" {
name = prefix
}
delete(s.Spec.NewLabels, k)
s.Spec.NewLabels[labelPrefix+name] = v
}
}
func (s *ServerInfoV1) setStaticFields() {
s.Kind = KindServerInfo
s.Version = V1
s.SubKind = SubKindCloudInfo
}
// CheckAndSetDefaults validates the Resource and sets any empty fields to
// default values.
func (s *ServerInfoV1) CheckAndSetDefaults() error {
s.setStaticFields()
s.fixLabels()
return trace.Wrap(s.Metadata.CheckAndSetDefaults())
}
// ServerInfoNameFromAWS gets the name of the ServerInfo that matches the node
// with the given AWS account ID and instance ID.
func ServerInfoNameFromAWS(accountID, instanceID string) string {
return fmt.Sprintf("aws-%v-%v", accountID, instanceID)
}
// ServerInfoNameFromNodeName gets the name of the ServerInfo that matches the
// node with the given name.
func ServerInfoNameFromNodeName(name string) string {
return fmt.Sprintf("si-%v", name)
}
// ServerInfoForServer returns a ServerInfo from a Server
func ServerInfoForServer(server Server) (ServerInfo, error) {
return NewServerInfo(
Metadata{
Name: serverInfoNameFromServer(server),
},
ServerInfoSpecV1{},
)
}
// serverInfoNameFromServer returns the ServerInfo name for this Server.
func serverInfoNameFromServer(s Server) string {
awsAccountID := s.GetAWSAccountID()
awsInstanceID := s.GetAWSInstanceID()
if awsAccountID != "" && awsInstanceID != "" {
return ServerInfoNameFromAWS(awsAccountID, awsInstanceID)
}
return ServerInfoNameFromNodeName(s.GetName())
}
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"context"
"fmt"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
// WebSessionsGetter provides access to web sessions
type WebSessionsGetter interface {
// WebSessions returns the web session manager
WebSessions() WebSessionInterface
}
// WebSessionInterface defines interface to regular web sessions
type WebSessionInterface interface {
// Get returns a web session state for the given request.
Get(ctx context.Context, req GetWebSessionRequest) (WebSession, error)
// List gets all regular web sessions.
List(context.Context) ([]WebSession, error)
// Upsert updates existing or inserts a new web session.
Upsert(ctx context.Context, session WebSession) error
// Delete deletes the web session described by req.
Delete(ctx context.Context, req DeleteWebSessionRequest) error
// DeleteAll removes all web sessions.
DeleteAll(context.Context) error
}
// WebSession stores key and value used to authenticate with SSH
// notes on behalf of user
type WebSession interface {
// Resource represents common properties for all resources.
Resource
// GetShortName returns visible short name used in logging
GetShortName() string
// GetUser returns the user this session is associated with
GetUser() string
// SetUser sets user associated with this session
SetUser(string)
// GetPub is returns public certificate signed by auth server
GetPub() []byte
// GetSSHPriv returns private SSH key used to auth with SSH nodes.
GetSSHPriv() []byte
// SetSSHPriv sets SSH private key.
SetSSHPriv([]byte)
// GetTLSPriv returns private TLS key.
GetTLSPriv() []byte
// SetTLSPriv sets TLS private key.
SetTLSPriv([]byte)
// GetTLSCert returns PEM encoded TLS certificate associated with session
GetTLSCert() []byte
// GetBearerToken is a special bearer token used for additional
// bearer authentication
GetBearerToken() string
// SetExpiryTime sets session expiry time
SetExpiryTime(time.Time)
// GetBearerTokenExpiryTime - absolute time when token expires
GetBearerTokenExpiryTime() time.Time
// GetExpiryTime - absolute time when web session expires
GetExpiryTime() time.Time
// GetLoginTime returns the time this user recently logged in.
GetLoginTime() time.Time
// SetLoginTime sets when this user logged in.
SetLoginTime(time.Time)
// GetIdleTimeout returns the max time a user can be inactive for this session.
GetIdleTimeout() time.Duration
// WithoutSecrets returns copy of the web session but without private keys
WithoutSecrets() WebSession
// String returns string representation of the session.
String() string
// SetConsumedAccessRequestID sets the ID of the access request from which additional roles to assume were obtained.
SetConsumedAccessRequestID(string)
// GetConsumedAccessRequestID returns the ID of the access request from which additional roles to assume were obtained.
GetConsumedAccessRequestID() string
// SetSAMLSession sets the SAML session data. Is considered secret.
SetSAMLSession(*SAMLSessionData)
// GetSAMLSession gets the SAML session data. Is considered secret.
GetSAMLSession() *SAMLSessionData
// SetDeviceWebToken sets the session's DeviceWebToken.
// The token is considered a secret.
SetDeviceWebToken(*DeviceWebToken)
// GetDeviceWebToken returns the session's DeviceWebToken, if any.
// The token is considered a secret.
GetDeviceWebToken() *DeviceWebToken
// GetHasDeviceExtensions returns the HasDeviceExtensions value.
// If true the session's TLS and SSH certificates are augmented with device
// extensions.
GetHasDeviceExtensions() bool
// SetTrustedDeviceRequirement sets the session's trusted device requirement.
// See [TrustedDeviceRequirement].
SetTrustedDeviceRequirement(r TrustedDeviceRequirement)
// GetTrustedDeviceRequirement returns the session's trusted device
// requirement.
// See [TrustedDeviceRequirement].
GetTrustedDeviceRequirement() TrustedDeviceRequirement
// Copy returns a clone of the session resource.
Copy() WebSession
}
// NewWebSession returns new instance of the web session based on the V2 spec
func NewWebSession(name string, subkind string, spec WebSessionSpecV2) (WebSession, error) {
ws := &WebSessionV2{
SubKind: subkind,
Metadata: Metadata{
Name: name,
Expires: &spec.Expires,
},
Spec: spec,
}
if err := ws.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return ws, nil
}
// GetKind gets resource Kind
func (ws *WebSessionV2) GetKind() string {
return ws.Kind
}
// Copy returns a clone of the session resource.
func (ws *WebSessionV2) Copy() WebSession {
return utils.CloneProtoMsg(ws)
}
// GetSubKind gets resource SubKind
func (ws *WebSessionV2) GetSubKind() string {
return ws.SubKind
}
// SetSubKind sets resource SubKind
func (ws *WebSessionV2) SetSubKind(subKind string) {
ws.SubKind = subKind
}
// GetVersion gets resource Version
func (ws *WebSessionV2) GetVersion() string {
return ws.Version
}
// GetName gets resource Name
func (ws *WebSessionV2) GetName() string {
return ws.Metadata.Name
}
// SetName sets resource Name
func (ws *WebSessionV2) SetName(name string) {
ws.Metadata.Name = name
}
// Expiry returns resource Expiry
func (ws *WebSessionV2) Expiry() time.Time {
return ws.Metadata.Expiry()
}
// SetExpiry Sets resource Expiry
func (ws *WebSessionV2) SetExpiry(expiry time.Time) {
ws.Metadata.SetExpiry(expiry)
}
// GetMetadata gets resource Metadata
func (ws *WebSessionV2) GetMetadata() Metadata {
return ws.Metadata
}
// GetRevision returns the revision
func (ws *WebSessionV2) GetRevision() string {
return ws.Metadata.GetRevision()
}
// SetRevision sets the revision
func (ws *WebSessionV2) SetRevision(rev string) {
ws.Metadata.SetRevision(rev)
}
// GetIdleTimeout returns the max idle timeout duration.
func (ws *WebSessionV2) GetIdleTimeout() time.Duration {
return ws.Spec.IdleTimeout.Duration()
}
// WithoutSecrets returns a copy of the WebSession without secrets.
func (ws *WebSessionV2) WithoutSecrets() WebSession {
cp := *ws
cp.Spec.Priv = nil
cp.Spec.TLSPriv = nil
cp.Spec.SAMLSession = nil
cp.Spec.DeviceWebToken = nil
return &cp
}
// SetConsumedAccessRequestID sets the ID of the access request from which additional roles to assume were obtained.
func (ws *WebSessionV2) SetConsumedAccessRequestID(requestID string) {
ws.Spec.ConsumedAccessRequestID = requestID
}
// GetConsumedAccessRequestID returns the ID of the access request from which additional roles to assume were obtained.
func (ws *WebSessionV2) GetConsumedAccessRequestID() string {
return ws.Spec.ConsumedAccessRequestID
}
// SetSAMLSession sets the SAML session data. Is considered secret.
func (ws *WebSessionV2) SetSAMLSession(samlSession *SAMLSessionData) {
ws.Spec.SAMLSession = samlSession
}
// GetSAMLSession gets the SAML session data. Is considered secret.
func (ws *WebSessionV2) GetSAMLSession() *SAMLSessionData {
return ws.Spec.SAMLSession
}
// SetDeviceWebToken sets the session's DeviceWebToken.
// The token is considered a secret.
func (ws *WebSessionV2) SetDeviceWebToken(webToken *DeviceWebToken) {
ws.Spec.DeviceWebToken = webToken
}
// GetDeviceWebToken returns the session's DeviceWebToken, if any.
// The token is considered a secret.
func (ws *WebSessionV2) GetDeviceWebToken() *DeviceWebToken {
return ws.Spec.DeviceWebToken
}
// GetHasDeviceExtensions returns the HasDeviceExtensions value.
// If true the session's TLS and SSH certificates are augmented with device
// extensions.
func (ws *WebSessionV2) GetHasDeviceExtensions() bool {
return ws.Spec.HasDeviceExtensions
}
// SetTrustedDeviceRequirement sets the session's trusted device requirement.
func (ws *WebSessionV2) SetTrustedDeviceRequirement(r TrustedDeviceRequirement) {
ws.Spec.TrustedDeviceRequirement = r
}
// GetTrustedDeviceRequirement returns the session's trusted device
// requirement.
func (ws *WebSessionV2) GetTrustedDeviceRequirement() TrustedDeviceRequirement {
return ws.Spec.TrustedDeviceRequirement
}
// setStaticFields sets static resource header and metadata fields.
func (ws *WebSessionV2) setStaticFields() {
ws.Version = V2
ws.Kind = KindWebSession
}
// CheckAndSetDefaults checks and set default values for any missing fields.
func (ws *WebSessionV2) CheckAndSetDefaults() error {
ws.setStaticFields()
if err := ws.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if ws.Spec.User == "" {
return trace.BadParameter("missing User")
}
return nil
}
// String returns string representation of the session.
func (ws *WebSessionV2) String() string {
return fmt.Sprintf("WebSession(kind=%v/%v,user=%v,id=%v,expires=%v)",
ws.GetKind(), ws.GetSubKind(), ws.GetUser(), ws.GetName(), ws.GetExpiryTime())
}
// SetUser sets user associated with this session
func (ws *WebSessionV2) SetUser(u string) {
ws.Spec.User = u
}
// GetUser returns the user this session is associated with
func (ws *WebSessionV2) GetUser() string {
return ws.Spec.User
}
// GetShortName returns visible short name used in logging
func (ws *WebSessionV2) GetShortName() string {
if len(ws.Metadata.Name) < 4 {
return "<undefined>"
}
return ws.Metadata.Name[:4]
}
// GetTLSCert returns PEM encoded TLS certificate associated with session
func (ws *WebSessionV2) GetTLSCert() []byte {
return ws.Spec.TLSCert
}
// GetPub is returns public certificate signed by auth server
func (ws *WebSessionV2) GetPub() []byte {
return ws.Spec.Pub
}
// GetSSHPriv returns private SSH key.
func (ws *WebSessionV2) GetSSHPriv() []byte {
return ws.Spec.Priv
}
// SetSSHPriv sets private SSH key.
func (ws *WebSessionV2) SetSSHPriv(priv []byte) {
ws.Spec.Priv = priv
}
// GetTLSPriv returns private TLS key.
func (ws *WebSessionV2) GetTLSPriv() []byte {
return ws.Spec.TLSPriv
}
// SetTLSPriv sets private TLS key.
func (ws *WebSessionV2) SetTLSPriv(priv []byte) {
ws.Spec.TLSPriv = priv
}
// GetBearerToken gets a special bearer token used for additional
// bearer authentication
func (ws *WebSessionV2) GetBearerToken() string {
return ws.Spec.BearerToken
}
// SetExpiryTime sets session expiry time
func (ws *WebSessionV2) SetExpiryTime(tm time.Time) {
ws.Spec.Expires = tm
}
// GetBearerTokenExpiryTime - absolute time when token expires
func (ws *WebSessionV2) GetBearerTokenExpiryTime() time.Time {
return ws.Spec.BearerTokenExpires
}
// GetExpiryTime - absolute time when web session expires
func (ws *WebSessionV2) GetExpiryTime() time.Time {
return ws.Spec.Expires
}
// GetLoginTime returns the time this user recently logged in.
func (ws *WebSessionV2) GetLoginTime() time.Time {
return ws.Spec.LoginTime
}
// SetLoginTime sets when this user logged in.
func (ws *WebSessionV2) SetLoginTime(loginTime time.Time) {
ws.Spec.LoginTime = loginTime
}
// GetAppSessionRequest contains the parameters to request an application
// web session.
type GetAppSessionRequest struct {
// SessionID is the session ID of the application session itself.
SessionID string
}
// Check validates the request.
func (r *GetAppSessionRequest) Check() error {
if r.SessionID == "" {
return trace.BadParameter("session ID missing")
}
return nil
}
// GetSnowflakeSessionRequest contains the parameters to request a Snowflake
// web session.
type GetSnowflakeSessionRequest struct {
// SessionID is the session ID of the Snowflake session itself.
SessionID string
}
// Check validates the request.
func (r *GetSnowflakeSessionRequest) Check() error {
if r.SessionID == "" {
return trace.BadParameter("session ID missing")
}
return nil
}
// CreateSnowflakeSessionRequest contains the parameters needed to request
// creating a Snowflake web session.
type CreateSnowflakeSessionRequest struct {
// Username is the identity of the user requesting the session.
Username string
// SessionToken is the Snowflake server session token.
SessionToken string
// TokenTTL is the token validity period.
TokenTTL time.Duration
}
// DeleteAppSessionRequest are the parameters used to request removal of
// an application web session.
type DeleteAppSessionRequest struct {
SessionID string `json:"session_id"`
}
// DeleteSnowflakeSessionRequest are the parameters used to request removal of
// a Snowflake web session.
type DeleteSnowflakeSessionRequest struct {
SessionID string `json:"session_id"`
}
// NewWebToken returns a new web token with the given expiration and spec
func NewWebToken(expires time.Time, spec WebTokenSpecV3) (WebToken, error) {
r := &WebTokenV3{
Metadata: Metadata{
Name: spec.Token,
Expires: &expires,
},
Spec: spec,
}
if err := r.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return r, nil
}
// WebTokensGetter provides access to web tokens
//
// TODO(okraport): DELETE IN v21
//
// Deprecated: Use [Client] methods directly such as
// [Client.GetWebToken], [Client.GetWebTokens], [Client.DeleteWebToken] or
// [Client.DeleteAllWebTokens]
type WebTokensGetter interface {
// WebTokens returns the tokens manager
WebTokens() WebTokenInterface
}
// WebTokenInterface defines interface for managing web tokens
//
// TODO(okraport): DELETE IN v21
//
// Deprecated: Use [Client] methods directly such as
// [Client.GetWebToken], [Client.GetWebTokens], [Client.DeleteWebToken] or
// [Client.DeleteAllWebTokens]
type WebTokenInterface interface {
// Get returns a token specified by the request.
Get(ctx context.Context, req GetWebTokenRequest) (WebToken, error)
// List gets all web tokens.
List(context.Context) ([]WebToken, error)
// Upsert updates existing or inserts a new web token.
Upsert(ctx context.Context, token WebToken) error
// Delete deletes the web token described by req.
Delete(ctx context.Context, req DeleteWebTokenRequest) error
// DeleteAll removes all web tokens.
DeleteAll(context.Context) error
}
// WebToken is a time-limited unique token bound to a user's session
type WebToken interface {
// Resource represents common properties for all resources.
Resource
// GetToken returns the token value
GetToken() string
// SetToken sets the token value
SetToken(token string)
// GetUser returns the user the token is bound to
GetUser() string
// SetUser sets the user the token is bound to
SetUser(user string)
// String returns the text representation of this token
String() string
// Clone returns a copy of the token.
Clone() WebToken
}
var _ WebToken = &WebTokenV3{}
// Clone returns a copy of the token.
// GetMetadata returns the token metadata
func (r *WebTokenV3) Clone() WebToken {
return utils.CloneProtoMsg(r)
}
// GetMetadata returns the token metadata
func (r *WebTokenV3) GetMetadata() Metadata {
return r.Metadata
}
// GetKind returns the token resource kind
func (r *WebTokenV3) GetKind() string {
return r.Kind
}
// GetSubKind returns the token resource subkind
func (r *WebTokenV3) GetSubKind() string {
return r.SubKind
}
// SetSubKind sets the token resource subkind
func (r *WebTokenV3) SetSubKind(subKind string) {
r.SubKind = subKind
}
// GetVersion returns the token resource version
func (r *WebTokenV3) GetVersion() string {
return r.Version
}
// GetName returns the token value
func (r *WebTokenV3) GetName() string {
return r.Metadata.Name
}
// SetName sets the token value
func (r *WebTokenV3) SetName(name string) {
r.Metadata.Name = name
}
// GetRevision returns the revision
func (r *WebTokenV3) GetRevision() string {
return r.Metadata.GetRevision()
}
// SetRevision sets the revision
func (r *WebTokenV3) SetRevision(rev string) {
r.Metadata.SetRevision(rev)
}
// GetToken returns the token value
func (r *WebTokenV3) GetToken() string {
return r.Spec.Token
}
// SetToken sets the token value
func (r *WebTokenV3) SetToken(token string) {
r.Spec.Token = token
}
// GetUser returns the user this token is bound to
func (r *WebTokenV3) GetUser() string {
return r.Spec.User
}
// SetUser sets the user this token is bound to
func (r *WebTokenV3) SetUser(user string) {
r.Spec.User = user
}
// Expiry returns the token absolute expiration time
func (r *WebTokenV3) Expiry() time.Time {
if r.Metadata.Expires == nil {
return time.Time{}
}
return *r.Metadata.Expires
}
// SetExpiry sets the token absolute expiration time
func (r *WebTokenV3) SetExpiry(t time.Time) {
r.Metadata.Expires = &t
}
// setStaticFields sets static resource header and metadata fields.
func (r *WebTokenV3) setStaticFields() {
r.Kind = KindWebToken
r.Version = V3
}
// CheckAndSetDefaults validates this token value and sets defaults
func (r *WebTokenV3) CheckAndSetDefaults() error {
r.setStaticFields()
if err := r.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if r.Spec.User == "" {
return trace.BadParameter("User required")
}
if r.Spec.Token == "" {
return trace.BadParameter("Token required")
}
return nil
}
// String returns string representation of the token.
func (r *WebTokenV3) String() string {
return fmt.Sprintf("WebToken(kind=%v,user=%v,token=%v,expires=%v)",
r.GetKind(), r.GetUser(), r.GetToken(), r.Expiry())
}
// Check validates the request.
func (r *GetWebSessionRequest) Check() error {
if r.User == "" {
return trace.BadParameter("user name missing")
}
if r.SessionID == "" {
return trace.BadParameter("session ID missing")
}
return nil
}
// Check validates the request.
func (r *DeleteWebSessionRequest) Check() error {
if r.SessionID == "" {
return trace.BadParameter("session ID missing")
}
return nil
}
// Check validates the request.
func (r *GetWebTokenRequest) Check() error {
if r.User == "" {
return trace.BadParameter("user name missing")
}
if r.Token == "" {
return trace.BadParameter("token missing")
}
return nil
}
// Check validates the request.
func (r *DeleteWebTokenRequest) Check() error {
if r.Token == "" {
return trace.BadParameter("token missing")
}
return nil
}
// IntoMap makes this filter into a map.
//
// This filter is used with the cache watcher to make sure only sessions
// for a particular user are returned.
func (f *WebSessionFilter) IntoMap() map[string]string {
m := make(map[string]string)
if f.User != "" {
m[keyUser] = f.User
}
return m
}
// FromMap converts provided map into this filter.
//
// This filter is used with the cache watcher to make sure only sessions
// for a particular user are returned.
func (f *WebSessionFilter) FromMap(m map[string]string) error {
for key, val := range m {
switch key {
case keyUser:
f.User = val
default:
return trace.BadParameter("unknown filter key %s", key)
}
}
return nil
}
// Match checks if a given web session matches this filter.
func (f *WebSessionFilter) Match(session WebSession) bool {
if f.User != "" && session.GetUser() != f.User {
return false
}
return true
}
/*
Copyright 2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"slices"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/defaults"
)
// SessionKind is a type of session.
type SessionKind string
// These represent the possible values for the kind field in session trackers.
const (
// SSHSessionKind is the kind used for session tracking with the
// session_tracker resource used in Teleport 9+. Note that it is
// different from the legacy [types.KindSSHSession] value that was
// used prior to the introduction of moderated sessions.
SSHSessionKind SessionKind = "ssh"
KubernetesSessionKind SessionKind = "k8s"
DatabaseSessionKind SessionKind = "db"
AppSessionKind SessionKind = "app"
WindowsDesktopSessionKind SessionKind = "desktop"
GitSessionKind SessionKind = "git"
UnknownSessionKind SessionKind = ""
)
// SessionParticipantMode is the mode that determines what you can do when you join a session.
type SessionParticipantMode string
const (
SessionObserverMode SessionParticipantMode = "observer"
SessionModeratorMode SessionParticipantMode = "moderator"
SessionPeerMode SessionParticipantMode = "peer"
)
// SessionTracker is a resource which tracks an active session.
type SessionTracker interface {
Resource
// GetSessionID returns the ID of the session.
GetSessionID() string
// GetSessionKind returns the kind of the session.
GetSessionKind() SessionKind
// GetState returns the state of the session.
GetState() SessionState
// SetState sets the state of the session.
SetState(SessionState) error
// SetCreated sets the time at which the session was created.
SetCreated(time.Time)
// GetCreated returns the time at which the session was created.
GetCreated() time.Time
// GetExpires return the time at which the session expires.
GetExpires() time.Time
// GetReason returns the reason for the session.
GetReason() string
// GetInvited returns a list of people invited to the session.
GetInvited() []string
// GetHostname returns the hostname of the session target.
GetHostname() string
// GetAddress returns the address of the session target.
GetAddress() string
// GetClusterName returns the name of the Teleport cluster.
GetClusterName() string
// GetLogin returns the target machine username used for this session.
GetLogin() string
// GetParticipants returns the list of participants in the session.
GetParticipants() []Participant
// AddParticipant adds a participant to the session tracker.
AddParticipant(Participant)
// RemoveParticipant removes a participant from the session tracker.
RemoveParticipant(string) error
// UpdatePresence updates presence timestamp of a participant.
UpdatePresence(username string, cluster string, t time.Time) error
// GetKubeCluster returns the name of the kubernetes cluster the session is running in.
GetKubeCluster() string
// GetDesktopName returns the name of the Windows desktop the session is running in.
GetDesktopName() string
// GetAppName returns the name of the app being accessed.
GetAppName() string
// GetDatabaseName returns the name of the database being accessed.
GetDatabaseName() string
// GetHostUser fetches the user marked as the "host" of the session.
// Things like RBAC policies are determined from this user.
GetHostUser() string
// GetHostPolicySets returns a list of policy sets held by the host user at the time of session creation.
// This a subset of a role that contains some versioning and naming information in addition to the require policies
GetHostPolicySets() []*SessionTrackerPolicySet
// GetLastActive returns the time at which the session was last active (i.e used by any participant).
GetLastActive() time.Time
// HostID is the target host id that created the session tracker.
GetHostID() string
// GetTargetSubKind returns the sub kind of the target server.
GetTargetSubKind() string
// GetCommand returns the command that initiated the session.
GetCommand() []string
}
func NewSessionTracker(spec SessionTrackerSpecV1) (SessionTracker, error) {
session := &SessionTrackerV1{
ResourceHeader: ResourceHeader{
Metadata: Metadata{
Name: spec.SessionID,
},
},
Spec: spec,
}
if err := session.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return session, nil
}
// setStaticFields sets static resource header and metadata fields.
func (s *SessionTrackerV1) setStaticFields() {
s.Kind = KindSessionTracker
s.Version = V1
}
// CheckAndSetDefaults sets defaults for the session resource.
func (s *SessionTrackerV1) CheckAndSetDefaults() error {
s.setStaticFields()
if err := s.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if s.GetCreated().IsZero() {
s.SetCreated(time.Now())
}
if s.Expiry().IsZero() {
// By default, resource expiration should match session expiration.
expiry := s.GetExpires()
if expiry.IsZero() {
expiry = s.GetCreated().Add(defaults.SessionTrackerTTL)
}
s.SetExpiry(expiry)
}
return nil
}
// GetSessionID returns the ID of the session.
func (s *SessionTrackerV1) GetSessionID() string {
return s.Spec.SessionID
}
// GetSessionKind returns the kind of the session.
func (s *SessionTrackerV1) GetSessionKind() SessionKind {
return SessionKind(s.Spec.Kind)
}
// GetState returns the state of the session.
func (s *SessionTrackerV1) GetState() SessionState {
return s.Spec.State
}
// SetState sets the state of the session.
func (s *SessionTrackerV1) SetState(state SessionState) error {
switch state {
case SessionState_SessionStateRunning, SessionState_SessionStatePending, SessionState_SessionStateTerminated:
s.Spec.State = state
return nil
default:
return trace.BadParameter("invalid session state: %v", state)
}
}
// GetCreated returns the time at which the session was created.
func (s *SessionTrackerV1) GetCreated() time.Time {
return s.Spec.Created
}
// SetCreated returns the time at which the session was created.
func (s *SessionTrackerV1) SetCreated(created time.Time) {
s.Spec.Created = created
}
// GetExpires return the time at which the session expires.
func (s *SessionTrackerV1) GetExpires() time.Time {
return s.Spec.Expires
}
// GetReason returns the reason for the session.
func (s *SessionTrackerV1) GetReason() string {
return s.Spec.Reason
}
// GetInvited returns a list of people invited to the session.
func (s *SessionTrackerV1) GetInvited() []string {
return s.Spec.Invited
}
// GetHostname returns the hostname of the session target.
func (s *SessionTrackerV1) GetHostname() string {
return s.Spec.Hostname
}
// GetAddress returns the address of the session target.
func (s *SessionTrackerV1) GetAddress() string {
return s.Spec.Address
}
// GetClustername returns the name of the cluster the session is running in.
func (s *SessionTrackerV1) GetClusterName() string {
return s.Spec.ClusterName
}
// GetLogin returns the target machine username used for this session.
func (s *SessionTrackerV1) GetLogin() string {
return s.Spec.Login
}
// GetParticipants returns a list of participants in the session.
func (s *SessionTrackerV1) GetParticipants() []Participant {
return s.Spec.Participants
}
// AddParticipant adds a participant to the session tracker.
func (s *SessionTrackerV1) AddParticipant(participant Participant) {
s.Spec.Participants = append(s.Spec.Participants, participant)
}
// RemoveParticipant removes a participant from the session tracker.
func (s *SessionTrackerV1) RemoveParticipant(id string) error {
for i, participant := range s.Spec.Participants {
if participant.ID == id {
s.Spec.Participants[i], s.Spec.Participants = s.Spec.Participants[len(s.Spec.Participants)-1], s.Spec.Participants[:len(s.Spec.Participants)-1]
return nil
}
}
return trace.NotFound("participant %v not found", id)
}
// GetKubeCluster returns the name of the kubernetes cluster the session is running in.
//
// This is only valid for kubernetes sessions.
func (s *SessionTrackerV1) GetKubeCluster() string {
return s.Spec.KubernetesCluster
}
// HostID is the target host id that created the session tracker.
func (s *SessionTrackerV1) GetHostID() string {
return s.Spec.HostID
}
// GetDesktopName returns the name of the Windows desktop the session is running in.
//
// This is only valid for Windows desktop sessions.
func (s *SessionTrackerV1) GetDesktopName() string {
return s.Spec.DesktopName
}
// GetAppName returns the name of the app being accessed in the session.
//
// This is only valid for app sessions.
func (s *SessionTrackerV1) GetAppName() string {
return s.Spec.AppName
}
// GetDatabaseName returns the name of the database being accessed in the session.
//
// This is only valid for database sessions.
func (s *SessionTrackerV1) GetDatabaseName() string {
return s.Spec.DatabaseName
}
// GetHostUser fetches the user marked as the "host" of the session.
// Things like RBAC policies are determined from this user.
func (s *SessionTrackerV1) GetHostUser() string {
return s.Spec.HostUser
}
// UpdatePresence updates presence timestamp of a participant.
func (s *SessionTrackerV1) UpdatePresence(user, userCluster string, t time.Time) error {
idx := slices.IndexFunc(s.Spec.Participants, func(participant Participant) bool {
// participant.Cluster == "" is a legacy participant that was created
// before cluster field was added, so we allow updating presence for
// such participants as well.
// TODO(tigrato): Remove this in version 20.0.0
// TODO(tigrato): DELETE IN 20.0.0
return participant.User == user && (participant.Cluster == userCluster || participant.Cluster == "")
})
if idx < 0 {
return trace.NotFound("participant %v not found", user)
}
s.Spec.Participants[idx].LastActive = t
return nil
}
// GetHostPolicySets returns a list of policy sets held by the host user at the time of session creation.
// This a subset of a role that contains some versioning and naming information in addition to the require policies
func (s *SessionTrackerV1) GetHostPolicySets() []*SessionTrackerPolicySet {
return s.Spec.HostPolicies
}
// GetLastActive returns the time at which the session was last active (i.e used by any participant).
func (s *SessionTrackerV1) GetLastActive() time.Time {
var last time.Time
for _, participant := range s.Spec.Participants {
if participant.LastActive.After(last) {
last = participant.LastActive
}
}
return last
}
// GetTargetSubKind returns the sub kind of the target server.
func (s *SessionTrackerV1) GetTargetSubKind() string {
return s.Spec.TargetSubKind
}
// GetCommand returns command that intiated the session.
func (s *SessionTrackerV1) GetCommand() []string {
return s.Spec.InitialCommand
}
// Match checks if a given session tracker matches this filter.
func (f *SessionTrackerFilter) Match(s SessionTracker) bool {
if f.Kind != "" && string(s.GetSessionKind()) != f.Kind {
return false
}
if f.State != nil && s.GetState() != f.State.State {
return false
}
if f.DesktopName != "" && s.GetDesktopName() != f.DesktopName {
return false
}
return true
}
/*
Copyright 2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"iter"
"slices"
"strings"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
// SessionRecordingConfig defines session recording configuration. This is
// a configuration resource, never create more than one instance of it.
type SessionRecordingConfig interface {
ResourceWithOrigin
// GetMode gets the session recording mode.
GetMode() string
// SetMode sets the session recording mode.
SetMode(string)
// GetProxyChecksHostKeys gets if the proxy will check host keys.
GetProxyChecksHostKeys() bool
// SetProxyChecksHostKeys sets if the proxy will check host keys.
SetProxyChecksHostKeys(bool)
// GetEncrypted gets if session recordings should be encrypted or not.
GetEncrypted() bool
// GetEncryptionConfig gets the encryption config from the session recording config.
GetEncryptionConfig() *SessionRecordingEncryptionConfig
// GetEncryptionKeys gets the encryption keys for the session recording config.
GetEncryptionKeys() []*AgeEncryptionKey
// SetEncryptionKeys sets the encryption keys for the session recording config.
// It returns true if there was a change applied and false otherwise.
SetEncryptionKeys(iter.Seq[*AgeEncryptionKey]) bool
// Clone returns a copy of the resource.
Clone() SessionRecordingConfig
// CheckAndSetDefaults verifies the constraints for a SessionRecordingConfig
CheckAndSetDefaults() error
}
// NewSessionRecordingConfigFromConfigFile is a convenience method to create
// SessionRecordingConfigV2 labeled as originating from config file.
func NewSessionRecordingConfigFromConfigFile(spec SessionRecordingConfigSpecV2) (SessionRecordingConfig, error) {
return newSessionRecordingConfigWithLabels(spec, map[string]string{
OriginLabel: OriginConfigFile,
})
}
// DefaultSessionRecordingConfig returns the default session recording configuration.
func DefaultSessionRecordingConfig() SessionRecordingConfig {
config, _ := newSessionRecordingConfigWithLabels(SessionRecordingConfigSpecV2{}, map[string]string{
OriginLabel: OriginDefaults,
})
return config
}
// newSessionRecordingConfigWithLabels is a convenience method to create
// SessionRecordingConfigV2 with a specific map of labels.
func newSessionRecordingConfigWithLabels(spec SessionRecordingConfigSpecV2, labels map[string]string) (SessionRecordingConfig, error) {
recConfig := &SessionRecordingConfigV2{
Metadata: Metadata{
Labels: labels,
},
Spec: spec,
}
if err := recConfig.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return recConfig, nil
}
// GetVersion returns resource version.
func (c *SessionRecordingConfigV2) GetVersion() string {
return c.Version
}
// GetName returns the name of the resource.
func (c *SessionRecordingConfigV2) GetName() string {
return c.Metadata.Name
}
// SetName sets the name of the resource.
func (c *SessionRecordingConfigV2) SetName(e string) {
c.Metadata.Name = e
}
// SetExpiry sets expiry time for the object.
func (c *SessionRecordingConfigV2) SetExpiry(expires time.Time) {
c.Metadata.SetExpiry(expires)
}
// Expiry returns object expiry setting.
func (c *SessionRecordingConfigV2) Expiry() time.Time {
return c.Metadata.Expiry()
}
// GetMetadata returns object metadata.
func (c *SessionRecordingConfigV2) GetMetadata() Metadata {
return c.Metadata
}
// GetRevision returns the revision
func (c *SessionRecordingConfigV2) GetRevision() string {
return c.Metadata.GetRevision()
}
// SetRevision sets the revision
func (c *SessionRecordingConfigV2) SetRevision(rev string) {
c.Metadata.SetRevision(rev)
}
// Origin returns the origin value of the resource.
func (c *SessionRecordingConfigV2) Origin() string {
return c.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (c *SessionRecordingConfigV2) SetOrigin(origin string) {
c.Metadata.SetOrigin(origin)
}
// GetKind returns resource kind.
func (c *SessionRecordingConfigV2) GetKind() string {
return c.Kind
}
// GetSubKind returns resource subkind.
func (c *SessionRecordingConfigV2) GetSubKind() string {
return c.SubKind
}
// SetSubKind sets resource subkind.
func (c *SessionRecordingConfigV2) SetSubKind(sk string) {
c.SubKind = sk
}
// GetMode gets the cluster's session recording mode.
func (c *SessionRecordingConfigV2) GetMode() string {
return c.Spec.Mode
}
// SetMode sets the cluster's session recording mode.
func (c *SessionRecordingConfigV2) SetMode(m string) {
c.Spec.Mode = m
}
// GetProxyChecksHostKeys gets if the proxy will check host keys.
func (c *SessionRecordingConfigV2) GetProxyChecksHostKeys() bool {
return c.Spec.ProxyChecksHostKeys.Value
}
// SetProxyChecksHostKeys sets if the proxy will check host keys.
func (c *SessionRecordingConfigV2) SetProxyChecksHostKeys(t bool) {
c.Spec.ProxyChecksHostKeys = NewBoolOption(t)
}
// GetEncrypted gets if session recordings should be encrypted or not.
func (c *SessionRecordingConfigV2) GetEncrypted() bool {
encryption := c.GetEncryptionConfig()
return encryption != nil && encryption.Enabled
}
// GetEncryptionConfig gets the encryption config from the session recording config.
func (c *SessionRecordingConfigV2) GetEncryptionConfig() *SessionRecordingEncryptionConfig {
if c == nil {
return nil
}
return c.Spec.Encryption
}
// GetEncryptionKeys gets the encryption keys for the session recording config.
func (c *SessionRecordingConfigV2) GetEncryptionKeys() []*AgeEncryptionKey {
if c.Status != nil {
return c.Status.EncryptionKeys
}
return nil
}
// SetEncryptionKeys sets the encryption keys for the session recording config.
// It returns true if there was a change applied and false otherwise.
func (c *SessionRecordingConfigV2) SetEncryptionKeys(keys iter.Seq[*AgeEncryptionKey]) bool {
existingKeys := make(map[string]struct{})
for _, key := range c.GetEncryptionKeys() {
existingKeys[string(key.PublicKey)] = struct{}{}
}
var keysChanged bool
var newKeys []*AgeEncryptionKey
addedKeys := make(map[string]struct{})
for key := range keys {
if !keysChanged {
if _, exists := existingKeys[string(key.PublicKey)]; !exists {
keysChanged = true
}
}
if _, added := addedKeys[string(key.PublicKey)]; !added {
addedKeys[string(key.PublicKey)] = struct{}{}
newKeys = append(newKeys, key)
}
}
shouldUpdate := len(addedKeys) > 0 && (keysChanged || len(existingKeys) != len(addedKeys))
if !shouldUpdate {
return false
}
if c.Status == nil {
c.Status = &SessionRecordingConfigStatus{}
}
c.Status.EncryptionKeys = newKeys
return true
}
// Clone returns a copy of the resource.
func (c *SessionRecordingConfigV2) Clone() SessionRecordingConfig {
return utils.CloneProtoMsg(c)
}
// setStaticFields sets static resource header and metadata fields.
func (c *SessionRecordingConfigV2) setStaticFields() {
c.Kind = KindSessionRecordingConfig
c.Version = V2
c.Metadata.Name = MetaNameSessionRecordingConfig
}
// CheckAndSetDefaults verifies the constraints for SessionRecordingConfig.
func (c *SessionRecordingConfigV2) CheckAndSetDefaults() error {
c.setStaticFields()
if err := c.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
// Make sure origin value is always set.
if c.Origin() == "" {
c.SetOrigin(OriginDynamic)
}
if c.Spec.Mode == "" {
c.Spec.Mode = RecordAtNode
}
if c.Spec.ProxyChecksHostKeys == nil {
c.Spec.ProxyChecksHostKeys = NewBoolOption(true)
}
// Check that the session recording mode is set to a valid value.
if !slices.Contains(SessionRecordingModes, c.Spec.Mode) {
return trace.BadParameter("session recording mode must be one of %v; got %q", strings.Join(SessionRecordingModes, ","), c.Spec.Mode)
}
return nil
}
// Copyright 2024 Gravitational, Inc.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package types
import (
"encoding/json"
"github.com/gravitational/trace"
)
// SignatureAlgorithmSuiteToString converts a [SignatureAlgorithmSuite] to a user-friendly string.
func SignatureAlgorithmSuiteToString(s SignatureAlgorithmSuite) string {
switch s {
case SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_LEGACY:
return "legacy"
case SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_BALANCED_V1:
return "balanced-v1"
case SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_FIPS_V1:
return "fips-v1"
case SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_HSM_V1:
return "hsm-v1"
default:
return s.String()
}
}
// SignatureAlgorithmSuiteFromString parses a string to return a [SignatureAlgorithmSuite].
func SignatureAlgorithmSuiteFromString(str string) (SignatureAlgorithmSuite, error) {
var suite SignatureAlgorithmSuite
err := suite.UnmarshalText([]byte(str))
return suite, trace.Wrap(err)
}
// MarshalText marshals a SignatureAlgorithmSuite value to text. This gets used
// by json.Marshal.
func (s SignatureAlgorithmSuite) MarshalText() ([]byte, error) {
return []byte(SignatureAlgorithmSuiteToString(s)), nil
}
// UnmarshalJSON unmarshals a SignatureAlgorithmSuite and supports the custom
// string format or numeric types matching an enum value.
func (s *SignatureAlgorithmSuite) UnmarshalJSON(data []byte) error {
var val any
if err := json.Unmarshal(data, &val); err != nil {
return trace.Wrap(err)
}
switch v := val.(type) {
case string:
return trace.Wrap(s.UnmarshalText([]byte(v)))
case float64:
// json.Unmarshal is documented to unmarshal any JSON number into an
// int64 when unmarshaling into an interface.
return trace.Wrap(s.setFromEnum(int32(v)))
default:
return trace.BadParameter("SignatureAlgorithmSuite invalid type %T", val)
}
}
// UnmarshalText unmarshals a SignatureAlgorithmSuite from text and supports the
// custom string format or the proto enum values. This is used by JSON and YAML
// unmarshallers.
func (s *SignatureAlgorithmSuite) UnmarshalText(text []byte) error {
str := string(text)
switch str {
case "":
*s = SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_UNSPECIFIED
case "legacy":
*s = SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_LEGACY
case "balanced-v1":
*s = SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_BALANCED_V1
case "fips-v1":
*s = SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_FIPS_V1
case "hsm-v1":
*s = SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_HSM_V1
default:
if v, ok := SignatureAlgorithmSuite_value[str]; ok {
*s = SignatureAlgorithmSuite(v)
} else {
return trace.BadParameter("SignatureAlgorithmSuite invalid value: %s", str)
}
}
return nil
}
func (s *SignatureAlgorithmSuite) setFromEnum(val int32) error {
if _, ok := SignatureAlgorithmSuite_name[val]; !ok {
return trace.BadParameter("SignatureAlgorithmSuite invalid value %v", val)
}
*s = SignatureAlgorithmSuite(val)
return nil
}
// Copyright 2022 Gravitational, Inc
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package types
import (
"strings"
)
// GetSortByFromString expects a string in format `<fieldName>:<asc|desc>` where
// index 0 is fieldName and index 1 is direction.
// If a direction is not set, or is not recognized, it defaults to ASC.
func GetSortByFromString(sortStr string) SortBy {
var sortBy SortBy
if sortStr == "" {
return sortBy
}
vals := strings.Split(sortStr, ":")
if vals[0] != "" {
sortBy.Field = vals[0]
if len(vals) > 1 && strings.ToLower(vals[1]) == "desc" {
sortBy.IsDesc = true
}
}
return sortBy
}
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"fmt"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
// StaticTokens define a list of static []ProvisionToken used to provision a
// node. StaticTokens is a configuration resource, never create more than one instance
// of it.
type StaticTokens interface {
// Resource provides common resource properties.
Resource
// SetStaticTokens sets the list of static tokens used to provision nodes.
SetStaticTokens([]ProvisionToken)
// GetStaticTokens gets the list of static tokens used to provision nodes.
GetStaticTokens() []ProvisionToken
// Clone creats a copy of the tokens.
Clone() StaticTokens
}
// NewStaticTokens is a convenience wrapper to create a StaticTokens resource.
func NewStaticTokens(spec StaticTokensSpecV2) (StaticTokens, error) {
st := &StaticTokensV2{Spec: spec}
if err := st.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return st, nil
}
// DefaultStaticTokens is used to get the default static tokens (empty list)
// when nothing is specified in file configuration.
func DefaultStaticTokens() StaticTokens {
token, _ := NewStaticTokens(StaticTokensSpecV2{})
return token
}
// GetVersion returns resource version
func (c *StaticTokensV2) GetVersion() string {
return c.Version
}
// GetKind returns resource kind
func (c *StaticTokensV2) GetKind() string {
return c.Kind
}
// GetSubKind returns resource sub kind
func (c *StaticTokensV2) GetSubKind() string {
return c.SubKind
}
// SetSubKind sets resource subkind
func (c *StaticTokensV2) SetSubKind(sk string) {
c.SubKind = sk
}
// GetRevision returns the revision
func (c *StaticTokensV2) GetRevision() string {
return c.Metadata.GetRevision()
}
// SetRevision sets the revision
func (c *StaticTokensV2) SetRevision(rev string) {
c.Metadata.SetRevision(rev)
}
// GetName returns the name of the StaticTokens resource.
func (c *StaticTokensV2) GetName() string {
return c.Metadata.Name
}
// SetName sets the name of the StaticTokens resource.
func (c *StaticTokensV2) SetName(e string) {
c.Metadata.Name = e
}
// Expiry returns object expiry setting
func (c *StaticTokensV2) Expiry() time.Time {
return c.Metadata.Expiry()
}
// SetExpiry sets expiry time for the object
func (c *StaticTokensV2) SetExpiry(expires time.Time) {
c.Metadata.SetExpiry(expires)
}
// GetMetadata returns object metadata
func (c *StaticTokensV2) GetMetadata() Metadata {
return c.Metadata
}
// SetStaticTokens sets the list of static tokens used to provision nodes.
func (c *StaticTokensV2) SetStaticTokens(s []ProvisionToken) {
c.Spec.StaticTokens = ProvisionTokensToV1(s)
}
// GetStaticTokens gets the list of static tokens used to provision nodes.
func (c *StaticTokensV2) GetStaticTokens() []ProvisionToken {
return ProvisionTokensFromStatic(c.Spec.StaticTokens)
}
// setStaticFields sets static resource header and metadata fields.
func (c *StaticTokensV2) setStaticFields() {
c.Kind = KindStaticTokens
c.Version = V2
c.Metadata.Name = MetaNameStaticTokens
}
// CheckAndSetDefaults checks validity of all parameters and sets defaults.
func (c *StaticTokensV2) CheckAndSetDefaults() error {
c.setStaticFields()
if err := c.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
return nil
}
// String represents a human readable version of static provisioning tokens.
func (c *StaticTokensV2) String() string {
return fmt.Sprintf("StaticTokens(%v)", c.Spec.StaticTokens)
}
func (c *StaticTokensV2) Clone() StaticTokens {
return utils.CloneProtoMsg(c)
}
/*
Copyright 2021 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"strings"
"github.com/gravitational/trace"
)
// SystemRole identifies the role of an SSH connection. Unlike "user roles"
// introduced as part of RBAC in Teleport 1.4+ these are built-in roles used
// for different Teleport components when connecting to each other.
type SystemRole string
// SystemRoles is a TeleportRole list
type SystemRoles []SystemRole
const (
// RoleAuth is for teleport auth server (authority, authentication and authorization)
RoleAuth SystemRole = "Auth"
// RoleNode is a role for SSH node in the cluster
RoleNode SystemRole = "Node"
// RoleProxy is a role for SSH proxy in the cluster
RoleProxy SystemRole = "Proxy"
// RoleAdmin is admin role
RoleAdmin SystemRole = "Admin"
// RoleRelay is the system role for a relay in the cluster.
RoleRelay SystemRole = "Relay"
// RoleProvisionToken is a role for nodes authenticated using provisioning tokens
RoleProvisionToken SystemRole = "ProvisionToken"
// RoleTrustedCluster is a role needed for tokens used to add trusted clusters.
RoleTrustedCluster SystemRole = "Trusted_cluster"
// RoleSignup is for first time signing up users
RoleSignup SystemRole = "Signup"
// RoleNop is used for actions that are already using external authz mechanisms
// e.g. tokens or passwords
RoleNop SystemRole = "Nop"
// RoleRemoteProxy is a role for remote SSH proxy in the cluster
RoleRemoteProxy SystemRole = "RemoteProxy"
// RoleKube is a role for a kubernetes service.
RoleKube SystemRole = "Kube"
// RoleApp is a role for a app proxy in the cluster.
RoleApp SystemRole = "App"
// RoleDatabase is a role for a database proxy in the cluster.
RoleDatabase SystemRole = "Db"
// RoleWindowsDesktop is a role for a Windows desktop service.
RoleWindowsDesktop SystemRole = "WindowsDesktop"
// RoleBot is a role for a bot.
RoleBot SystemRole = "Bot"
// RoleInstance is a role implicitly held by teleport servers (i.e. any teleport
// auth token which grants a server role such as proxy/node/etc also implicitly
// grants the instance role, and any valid cert that proves that the caller holds
// a server role also implies that the caller holds the instance role). This role
// doesn't grant meaningful privileges on its own, but is a useful placeholder in
// contexts such as multi-role certs where there is no particular system role that
// is "primary".
RoleInstance SystemRole = "Instance"
// RoleDiscovery is a role for discovery nodes in the cluster
RoleDiscovery SystemRole = "Discovery"
// RoleOkta is a role for Okta nodes in the cluster
RoleOkta SystemRole = "Okta"
// RoleMDM is the role for MDM services in the cluster.
// An MDM service, like Jamf Service, has the powers to manage the cluster's
// device inventory.
// Device Trust requires Teleport Enteprise.
RoleMDM SystemRole = "MDM"
// RoleAccessGraphPlugin is a role for Access Graph plugins to access
// Teleport's internal API and access graph.
RoleAccessGraphPlugin SystemRole = "AccessGraphPlugin"
)
// roleMappings maps a set of allowed lowercase system role names
// to the proper system role
var roleMappings = map[string]SystemRole{
"auth": RoleAuth,
"node": RoleNode,
"proxy": RoleProxy,
"admin": RoleAdmin,
"relay": RoleRelay,
"provisiontoken": RoleProvisionToken,
"trusted_cluster": RoleTrustedCluster,
"trustedcluster": RoleTrustedCluster,
"signup": RoleSignup,
"nop": RoleNop,
"remoteproxy": RoleRemoteProxy,
"remote_proxy": RoleRemoteProxy,
"kube": RoleKube,
"app": RoleApp,
"db": RoleDatabase,
"windowsdesktop": RoleWindowsDesktop,
"windows_desktop": RoleWindowsDesktop,
"bot": RoleBot,
"instance": RoleInstance,
"discovery": RoleDiscovery,
"okta": RoleOkta,
"mdm": RoleMDM,
"accessgraphplugin": RoleAccessGraphPlugin,
}
func normalizedSystemRole(s string) SystemRole {
if role, ok := roleMappings[strings.ToLower(strings.TrimSpace(s))]; ok {
return role
}
return SystemRole(s)
}
func normalizedSystemRoles(s []string) []SystemRole {
roles := make([]SystemRole, 0, len(s))
for _, role := range s {
roles = append(roles, normalizedSystemRole(role))
}
return roles
}
// localServiceMappings is the subset of role mappings which happen to be true
// teleport services (e.g. db, kube, etc), excluding those which represent remote
// services (i.e. remoteproxy).
var localServiceMappings = map[SystemRole]struct{}{
RoleAuth: {},
RoleNode: {},
RoleProxy: {},
RoleRelay: {},
RoleKube: {},
RoleApp: {},
RoleDatabase: {},
RoleWindowsDesktop: {},
RoleDiscovery: {},
RoleOkta: {},
RoleMDM: {},
RoleAccessGraphPlugin: {},
}
// controlPlaneMapping is the subset of local services which are definitively control plane
// elements.
var controlPlaneMapping = map[SystemRole]struct{}{
RoleAuth: {},
RoleProxy: {},
}
// LocalServiceMappings returns the subset of role mappings which happen
// to be true Teleport services (e.g. db, kube, proxy, etc), excluding
// those which represent remote service (i.e. remoteproxy).
func LocalServiceMappings() SystemRoles {
var sr SystemRoles
for k := range localServiceMappings {
sr = append(sr, k)
}
return sr
}
// NewTeleportRoles return a list of teleport roles from slice of strings
func NewTeleportRoles(in []string) (SystemRoles, error) {
roles := SystemRoles(normalizedSystemRoles(in))
return roles, roles.Check()
}
// ParseTeleportRoles takes a comma-separated list of roles and returns a slice
// of teleport roles, or an error if parsing failed
func ParseTeleportRoles(str string) (SystemRoles, error) {
var roles SystemRoles
for _, s := range strings.Split(str, ",") {
if r := normalizedSystemRole(s); r.Check() == nil {
roles = append(roles, r)
continue
}
return nil, trace.BadParameter("invalid role %q", s)
}
if len(roles) == 0 {
return nil, trace.BadParameter("no valid roles in $%q", str)
}
return roles, roles.Check()
}
// Include returns 'true' if a given list of teleport roles includes a given role
func (roles SystemRoles) Include(role SystemRole) bool {
for _, r := range roles {
if r == role {
return true
}
}
return false
}
// IncludeAny returns 'true' if a given list of teleport roles includes any of
// the given candidate roles.
func (roles SystemRoles) IncludeAny(candidates ...SystemRole) bool {
for _, r := range candidates {
if roles.Include(r) {
return true
}
}
return false
}
// StringSlice returns teleport roles as string slice
func (roles SystemRoles) StringSlice() []string {
s := make([]string, 0, len(roles))
for _, r := range roles {
s = append(s, r.String())
}
return s
}
// asSet returns teleport roles as set (map).
func (roles SystemRoles) asSet() map[SystemRole]struct{} {
s := make(map[SystemRole]struct{}, len(roles))
for _, r := range roles {
s[r] = struct{}{}
}
return s
}
// Equals compares two sets of teleport roles
func (roles SystemRoles) Equals(other SystemRoles) bool {
rs, os := roles.asSet(), other.asSet()
if len(rs) != len(os) {
return false
}
for r := range rs {
if _, ok := os[r]; !ok {
return false
}
}
return true
}
// Check returns an error if the teleport role set is incorrect (contains unknown roles)
func (roles SystemRoles) Check() error {
seen := make(map[SystemRole]struct{})
for _, role := range roles {
if err := role.Check(); err != nil {
return trace.Wrap(err)
}
if _, ok := seen[role]; ok {
return trace.BadParameter("duplicate role %q", role)
}
seen[role] = struct{}{}
}
return nil
}
// String returns comma separated string with teleport roles
func (roles SystemRoles) String() string {
return strings.Join(roles.StringSlice(), ",")
}
// Set sets the value of the teleport role from string, used to integrate with CLI tools
func (r *SystemRole) Set(v string) error {
if len(v) > 0 {
v = strings.ToUpper(v[:1]) + v[1:]
}
val := SystemRole(v)
if err := val.Check(); err != nil {
return trace.Wrap(err)
}
*r = val
return nil
}
// String returns the system role string representation. Returned values must
// match (case-insensitive) the role mappings; otherwise, the validation check
// will fail.
func (r SystemRole) String() string {
switch r {
case RoleTrustedCluster:
return "trusted_cluster"
default:
return string(r)
}
}
// Check checks if this a a valid teleport role value, returns nil
// if it's ok, false otherwise
// Check checks if this a a valid teleport role value, returns nil
// if it's ok, false otherwise
func (r SystemRole) Check() error {
sr, ok := roleMappings[strings.ToLower(string(r))]
if ok && string(r) == string(sr) {
return nil
}
return trace.BadParameter("role %v is not registered", r)
}
// IsLocalService checks if the given system role is a teleport service (e.g. auth),
// as opposed to some non-service role (e.g. admin). Excludes remote services such
// as remoteproxy.
func (r SystemRole) IsLocalService() bool {
_, ok := localServiceMappings[r]
return ok
}
// IsControlPlane checks if the given system role is a control plane element (i.e. auth/proxy).
func (r SystemRole) IsControlPlane() bool {
_, ok := controlPlaneMapping[r]
return ok
}
/*
Copyright 2025 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"iter"
"time"
)
// TargetHealthProtocol is the network protocol for a health checker.
type TargetHealthProtocol string
const (
// TargetHealthProtocolTCP is the TCP target health check protocol.
TargetHealthProtocolTCP TargetHealthProtocol = "tcp"
// TargetHealthProtocolHTTP is the HTTP target health check protocol.
TargetHealthProtocolHTTP TargetHealthProtocol = "http"
)
// TargetHealthStatus is a target resource's health status.
type TargetHealthStatus string
const (
// TargetHealthStatusHealthy indicates that a health check target is healthy.
TargetHealthStatusHealthy TargetHealthStatus = "healthy"
// TargetHealthStatusUnhealthy indicates that a health check target is unhealthy.
TargetHealthStatusUnhealthy TargetHealthStatus = "unhealthy"
// TargetHealthStatusUnknown indicates that an unknown health check target health status.
TargetHealthStatusUnknown TargetHealthStatus = "unknown"
// TargetHealthStatusMixed indicates the resource has a mix of health
// statuses. This can happen when multiple agents proxy the same resource.
TargetHealthStatusMixed TargetHealthStatus = "mixed"
)
// Canonical converts a status into its canonical form.
// An empty or unknown status is converted to [TargetHealthStatusUnknown].
//
// Returns only a healthy, unhealthy, or unknown status.
func (s TargetHealthStatus) Canonical() TargetHealthStatus {
switch s {
case TargetHealthStatusHealthy, TargetHealthStatusUnhealthy:
return s
default:
return TargetHealthStatusUnknown
}
}
// AggregateHealthStatus health statuses into a single status. If there are a
// mix of different statuses then the aggregate status is "mixed".
func AggregateHealthStatus(statuses iter.Seq[TargetHealthStatus]) TargetHealthStatus {
first := true
out := TargetHealthStatusUnknown
for s := range statuses {
if first {
out = s.Canonical()
first = false
} else if out != s.Canonical() {
return TargetHealthStatusMixed
}
}
return out
}
// TargetHealthTransitionReason is the reason for the target health status
// transition.
type TargetHealthTransitionReason string
const (
// TargetHealthTransitionReasonInit means that initial health checks are in
// progress.
TargetHealthTransitionReasonInit TargetHealthTransitionReason = "initialized"
// TargetHealthStatusDisabled indicates that health checks are disabled.
TargetHealthTransitionReasonDisabled TargetHealthTransitionReason = "disabled"
// TargetHealthTransitionReasonThreshold means that the health status
// changed because the healthy or unhealthy threshold was reached.
TargetHealthTransitionReasonThreshold TargetHealthTransitionReason = "threshold_reached"
// TargetHealthTransitionReasonInternalError indicates that health checks
// encountered an internal error (this is a bug).
TargetHealthTransitionReasonInternalError TargetHealthTransitionReason = "internal_error"
)
// GetTransitionTimestamp returns transition timestamp
func (t *TargetHealth) GetTransitionTimestamp() time.Time {
if t.TransitionTimestamp == nil {
return time.Time{}
}
return *t.TransitionTimestamp
}
// TargetHealthStatusGetter is a type that can return [TargetHealthStatus].
type TargetHealthStatusGetter interface {
// GetTargetHealthStatus returns the target health status.
GetTargetHealthStatus() TargetHealthStatus
}
// GroupByTargetHealthStatus groups resources by target health and returns [TargetHealthGroups].
func GroupByTargetHealthStatus[T TargetHealthStatusGetter](resources []T) TargetHealthGroups[T] {
var groups TargetHealthGroups[T]
for _, r := range resources {
switch r.GetTargetHealthStatus() {
case TargetHealthStatusHealthy:
groups.Healthy = append(groups.Healthy, r)
case TargetHealthStatusUnhealthy:
groups.Unhealthy = append(groups.Unhealthy, r)
default:
// all other statuses are equivalent to unknown
groups.Unknown = append(groups.Unknown, r)
}
}
return groups
}
// TargetHealthGroups holds resources grouped by target health status.
type TargetHealthGroups[T TargetHealthStatusGetter] struct {
// Healthy is the resources with [TargetHealthStatusHealthy].
Healthy []T
// Unhealthy is the resources with [TargetHealthStatusUnhealthy].
Unhealthy []T
// Unknown is the resources with any status that isn't healthy or unhealthy.
// Namely [TargetHealthStatusUnknown], [TargetHealthStatusMixed], and the
// empty string are grouped together.
// Agents running with a version prior to health checks will always report
// an empty health status.
// A mixed status should only be set if health status for multiple servers
// are aggregated. An aggregated mixed status is equivalent to "unknown"
// because the underlying statuses that compose the mix are not known,
// although it really doesn't make sense to aggregate the health status
// before grouping it (please don't do that).
Unknown []T
}
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"fmt"
"slices"
"strings"
"time"
"github.com/gravitational/trace"
"github.com/jonboulle/clockwork"
"github.com/gravitational/teleport/api"
"github.com/gravitational/teleport/api/defaults"
)
// CertAuthType specifies certificate authority type. New variants should be
// added to CertAuthTypes and, for one major version, to NewlyAdded().
type CertAuthType string
const (
// HostCA identifies the key as a host certificate authority
HostCA CertAuthType = "host"
// UserCA identifies the key as a user certificate authority
UserCA CertAuthType = "user"
// DatabaseCA is a certificate authority used as a server CA in database
// access.
DatabaseCA CertAuthType = "db"
// DatabaseClientCA is a certificate authority used as a client CA in
// database access.
DatabaseClientCA CertAuthType = "db_client"
// OpenSSHCA is a certificate authority used when connecting to agentless nodes.
OpenSSHCA CertAuthType = "openssh"
// JWTSigner identifies type of certificate authority as JWT signer. In this
// case JWT is not a certificate authority because it does not issue
// certificates but rather is an authority that signs tokens, however it behaves
// much like a CA in terms of rotation and storage.
JWTSigner CertAuthType = "jwt"
// SAMLIDPCA identifies the certificate authority that will be used by the
// SAML identity provider.
SAMLIDPCA CertAuthType = "saml_idp"
// OIDCIdPCA (OpenID Connect Identity Provider Certificate Authority) identifies
// the certificate authority that will be used by the OIDC Identity Provider.
// Similar to JWTSigner, it doesn't issue Certificates but signs JSON Web Tokens.
OIDCIdPCA CertAuthType = "oidc_idp"
// SPIFFECA identifies the certificate authority that will be used by the
// SPIFFE Workload Identity provider functionality.
SPIFFECA CertAuthType = "spiffe"
// OktaCA identifies the certificate authority that will be used by the
// integration with Okta.
OktaCA CertAuthType = "okta"
// AWSRACA identifies the certificate authority that will be used by the
// AWS IAM Roles Anywhere integration functionality.
AWSRACA CertAuthType = "awsra"
// BoundKeypairCA identifies the CA used to sign bound keypair client state
// documents.
BoundKeypairCA CertAuthType = "bound_keypair"
)
// CertAuthTypes lists all certificate authority types.
var CertAuthTypes = []CertAuthType{
HostCA,
UserCA,
DatabaseCA,
DatabaseClientCA,
OpenSSHCA,
JWTSigner,
SAMLIDPCA,
OIDCIdPCA,
SPIFFECA,
OktaCA,
AWSRACA,
BoundKeypairCA,
}
// NewlyAdded should return true for CA types that were added in the current
// major version, so that we can avoid erroring out when a potentially older
// remote server doesn't know about them.
func (c CertAuthType) NewlyAdded() bool {
return c.addedInMajorVer() >= api.VersionMajor
}
// addedInMajorVer returns the major version in which given CA was added.
// The returned version must be the X.0.0 release in which the CA first
// existed.
func (c CertAuthType) addedInMajorVer() int64 {
switch c {
case DatabaseCA:
return 9
case OpenSSHCA, SAMLIDPCA, OIDCIdPCA:
return 12
case DatabaseClientCA:
return 15
case SPIFFECA:
return 15
case OktaCA:
return 17
case AWSRACA, BoundKeypairCA:
return 18
default:
// We don't care about other CAs added before v4.0.0
return 4
}
}
// IsUnsupportedAuthorityErr returns whether an error is due to an unsupported
// CertAuthType.
func IsUnsupportedAuthorityErr(err error) bool {
return err != nil && trace.IsBadParameter(err) &&
strings.Contains(err.Error(), authTypeNotSupported)
}
const authTypeNotSupported string = "authority type is not supported"
// Check checks if certificate authority type value is correct
func (c CertAuthType) Check() error {
if slices.Contains(CertAuthTypes, c) {
return nil
}
return trace.BadParameter("%q %s", c, authTypeNotSupported)
}
// CertAuthID - id of certificate authority (it's type and domain name)
type CertAuthID struct {
Type CertAuthType `json:"type"`
DomainName string `json:"domain_name"`
}
func (c CertAuthID) String() string {
return fmt.Sprintf("CA(type=%q, domain=%q)", c.Type, c.DomainName)
}
// Check returns error if any of the id parameters are bad, nil otherwise
func (c *CertAuthID) Check() error {
if err := c.Type.Check(); err != nil {
return trace.Wrap(err)
}
if strings.TrimSpace(c.DomainName) == "" {
return trace.BadParameter("identity validation error: empty domain name")
}
return nil
}
type RotateRequest struct {
// Type is a certificate authority type, if omitted, both user and host CA
// will be rotated.
Type CertAuthType `json:"type"`
// GracePeriod is used to generate cert rotation schedule that defines
// times at which different rotation phases will be applied by the auth server
// in auto mode. It is not used in manual rotation mode.
// If omitted, default value is set, if 0 is supplied, it is interpreted as
// forcing rotation of all certificate authorities with no grace period,
// all existing users and hosts will have to re-login and re-added
// into the cluster.
GracePeriod *time.Duration `json:"grace_period,omitempty"`
// TargetPhase sets desired rotation phase to move to, if not set
// will be set automatically, it is a required argument
// for manual rotation.
TargetPhase string `json:"target_phase,omitempty"`
// Mode sets manual or auto rotation mode.
Mode string `json:"mode"`
// Schedule is an optional rotation schedule,
// autogenerated based on GracePeriod parameter if not set.
Schedule *RotationSchedule `json:"schedule"`
}
// CheckAndSetDefaults checks and sets default values.
func (r *RotateRequest) CheckAndSetDefaults(clock clockwork.Clock) error {
if r.TargetPhase == "" {
// if phase is not set, imply that the first meaningful phase
// is set as a target phase
r.TargetPhase = RotationPhaseInit
}
// if mode is not set, default to manual (as it's safer)
if r.Mode == "" {
r.Mode = RotationModeManual
}
if err := r.Type.Check(); err != nil {
return trace.Wrap(err)
}
if r.GracePeriod == nil {
period := defaults.MaxCertDuration
r.GracePeriod = &period
}
if r.Schedule == nil {
var err error
r.Schedule, err = GenerateSchedule(clock.Now(), *r.GracePeriod)
if err != nil {
return trace.Wrap(err)
}
} else {
if err := r.Schedule.CheckAndSetDefaults(clock.Now()); err != nil {
return trace.Wrap(err)
}
}
return nil
}
// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: teleport/legacy/types/trusted_device_requirement.proto
package types
import (
fmt "fmt"
_ "github.com/gogo/protobuf/gogoproto"
proto "github.com/gogo/protobuf/proto"
math "math"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
// TrustedDeviceRequirement indicates whether access may be hindered by the lack
// of a trusted device.
type TrustedDeviceRequirement int32
const (
// Device requirement not determined.
// Does not mean that a device is not required, only that the necessary data
// was not considered.
TrustedDeviceRequirement_TRUSTED_DEVICE_REQUIREMENT_UNSPECIFIED TrustedDeviceRequirement = 0
// Trusted device not required.
TrustedDeviceRequirement_TRUSTED_DEVICE_REQUIREMENT_NOT_REQUIRED TrustedDeviceRequirement = 1
// Trusted device required by either cluster mode or user roles.
TrustedDeviceRequirement_TRUSTED_DEVICE_REQUIREMENT_REQUIRED TrustedDeviceRequirement = 2
)
var TrustedDeviceRequirement_name = map[int32]string{
0: "TRUSTED_DEVICE_REQUIREMENT_UNSPECIFIED",
1: "TRUSTED_DEVICE_REQUIREMENT_NOT_REQUIRED",
2: "TRUSTED_DEVICE_REQUIREMENT_REQUIRED",
}
var TrustedDeviceRequirement_value = map[string]int32{
"TRUSTED_DEVICE_REQUIREMENT_UNSPECIFIED": 0,
"TRUSTED_DEVICE_REQUIREMENT_NOT_REQUIRED": 1,
"TRUSTED_DEVICE_REQUIREMENT_REQUIRED": 2,
}
func (x TrustedDeviceRequirement) String() string {
return proto.EnumName(TrustedDeviceRequirement_name, int32(x))
}
func (TrustedDeviceRequirement) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_d827eab04b0c5e83, []int{0}
}
func init() {
proto.RegisterEnum("types.TrustedDeviceRequirement", TrustedDeviceRequirement_name, TrustedDeviceRequirement_value)
}
func init() {
proto.RegisterFile("teleport/legacy/types/trusted_device_requirement.proto", fileDescriptor_d827eab04b0c5e83)
}
var fileDescriptor_d827eab04b0c5e83 = []byte{
// 237 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x32, 0x2b, 0x49, 0xcd, 0x49,
0x2d, 0xc8, 0x2f, 0x2a, 0xd1, 0xcf, 0x49, 0x4d, 0x4f, 0x4c, 0xae, 0xd4, 0x2f, 0xa9, 0x2c, 0x48,
0x2d, 0xd6, 0x2f, 0x29, 0x2a, 0x2d, 0x2e, 0x49, 0x4d, 0x89, 0x4f, 0x49, 0x2d, 0xcb, 0x4c, 0x4e,
0x8d, 0x2f, 0x4a, 0x2d, 0x2c, 0xcd, 0x2c, 0x4a, 0xcd, 0x4d, 0xcd, 0x2b, 0xd1, 0x2b, 0x28, 0xca,
0x2f, 0xc9, 0x17, 0x62, 0x05, 0xab, 0x93, 0x12, 0x49, 0xcf, 0x4f, 0xcf, 0x07, 0x8b, 0xe8, 0x83,
0x58, 0x10, 0x49, 0xad, 0x39, 0x8c, 0x5c, 0x12, 0x21, 0x10, 0x13, 0x5c, 0xc0, 0x06, 0x04, 0x21,
0xf4, 0x0b, 0x69, 0x71, 0xa9, 0x85, 0x04, 0x85, 0x06, 0x87, 0xb8, 0xba, 0xc4, 0xbb, 0xb8, 0x86,
0x79, 0x3a, 0xbb, 0xc6, 0x07, 0xb9, 0x06, 0x86, 0x7a, 0x06, 0xb9, 0xfa, 0xba, 0xfa, 0x85, 0xc4,
0x87, 0xfa, 0x05, 0x07, 0xb8, 0x3a, 0x7b, 0xba, 0x79, 0xba, 0xba, 0x08, 0x30, 0x08, 0x69, 0x73,
0xa9, 0xe3, 0x51, 0xeb, 0xe7, 0x1f, 0x02, 0xe3, 0xbb, 0x08, 0x30, 0x0a, 0xa9, 0x73, 0x29, 0xe3,
0x51, 0x0c, 0x57, 0xc8, 0xe4, 0x64, 0x7b, 0xe2, 0xa1, 0x1c, 0xc3, 0x89, 0x47, 0x72, 0x8c, 0x17,
0x1e, 0xc9, 0x31, 0x3e, 0x78, 0x24, 0xc7, 0x18, 0xa5, 0x9d, 0x9e, 0x59, 0x92, 0x51, 0x9a, 0xa4,
0x97, 0x9c, 0x9f, 0xab, 0x9f, 0x5e, 0x94, 0x58, 0x96, 0x59, 0x92, 0x58, 0x92, 0x99, 0x9f, 0x97,
0x98, 0xa3, 0x0f, 0x0f, 0x9e, 0xc4, 0x82, 0x4c, 0x48, 0xd8, 0x24, 0xb1, 0x81, 0x3d, 0x69, 0x0c,
0x08, 0x00, 0x00, 0xff, 0xff, 0xbd, 0x15, 0x8a, 0x47, 0x3b, 0x01, 0x00, 0x00,
}
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"fmt"
"slices"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
// TrustedCluster holds information needed for a cluster that can not be directly
// accessed (maybe be behind firewall without any open ports) to join a parent cluster.
type TrustedCluster interface {
// ResourceWithOrigin provides common resource properties
ResourceWithOrigin
// SetMetadata sets object metadata
SetMetadata(meta Metadata)
// GetEnabled returns the state of the TrustedCluster.
GetEnabled() bool
// SetEnabled enables (handshake and add ca+reverse tunnel) or disables TrustedCluster.
SetEnabled(bool)
// CombinedMapping is used to specify combined mapping from legacy property Roles
// and new property RoleMap
CombinedMapping() RoleMap
// GetRoleMap returns role map property
GetRoleMap() RoleMap
// SetRoleMap sets role map
SetRoleMap(m RoleMap)
// GetRoles returns the roles for the certificate authority.
GetRoles() []string
// SetRoles sets the roles for the certificate authority.
SetRoles([]string)
// GetToken returns the authorization and authentication token.
GetToken() string
// SetToken sets the authorization and authentication.
SetToken(string)
// GetProxyAddress returns the address of the proxy server.
GetProxyAddress() string
// SetProxyAddress sets the address of the proxy server.
SetProxyAddress(string)
// GetReverseTunnelAddress returns the address of the reverse tunnel.
GetReverseTunnelAddress() string
// SetReverseTunnelAddress sets the address of the reverse tunnel.
SetReverseTunnelAddress(string)
// CanChangeStateTo checks the TrustedCluster can transform into another.
CanChangeStateTo(TrustedCluster) error
// Clone returns a deep copy of the TrustedCluster.
Clone() TrustedCluster
}
// NewTrustedCluster is a convenience way to create a TrustedCluster resource.
func NewTrustedCluster(name string, spec TrustedClusterSpecV2) (TrustedCluster, error) {
c := &TrustedClusterV2{
Metadata: Metadata{
Name: name,
},
Spec: spec,
}
if err := c.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return c, nil
}
// setStaticFields sets static resource header and metadata fields.
func (c *TrustedClusterV2) setStaticFields() {
c.Kind = KindTrustedCluster
c.Version = V2
}
// CheckAndSetDefaults checks validity of all parameters and sets defaults
func (c *TrustedClusterV2) CheckAndSetDefaults() error {
c.setStaticFields()
if err := c.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
// This is to force users to migrate
if len(c.Spec.Roles) != 0 && len(c.Spec.RoleMap) != 0 {
return trace.BadParameter("should set either 'roles' or 'role_map', not both")
}
// Imply that by default proxy listens on the same port for
// web and reverse tunnel connections
if c.Spec.ReverseTunnelAddress == "" {
c.Spec.ReverseTunnelAddress = c.Spec.ProxyAddress
}
return nil
}
// GetVersion returns resource version
func (c *TrustedClusterV2) GetVersion() string {
return c.Version
}
// GetKind returns resource kind
func (c *TrustedClusterV2) GetKind() string {
return c.Kind
}
// GetSubKind returns resource sub kind
func (c *TrustedClusterV2) GetSubKind() string {
return c.SubKind
}
// SetSubKind sets resource subkind
func (c *TrustedClusterV2) SetSubKind(s string) {
c.SubKind = s
}
// GetRevision returns the revision
func (c *TrustedClusterV2) GetRevision() string {
return c.Metadata.GetRevision()
}
// SetRevision sets the revision
func (c *TrustedClusterV2) SetRevision(rev string) {
c.Metadata.SetRevision(rev)
}
// CombinedMapping is used to specify combined mapping from legacy property Roles
// and new property RoleMap
func (c *TrustedClusterV2) CombinedMapping() RoleMap {
if len(c.Spec.Roles) != 0 {
return []RoleMapping{{Remote: Wildcard, Local: c.Spec.Roles}}
}
return c.Spec.RoleMap
}
// GetRoleMap returns role map property
func (c *TrustedClusterV2) GetRoleMap() RoleMap {
return c.Spec.RoleMap
}
// SetRoleMap sets role map
func (c *TrustedClusterV2) SetRoleMap(m RoleMap) {
c.Spec.RoleMap = m
}
// GetMetadata returns object metadata
func (c *TrustedClusterV2) GetMetadata() Metadata {
return c.Metadata
}
// SetMetadata sets object metadata
func (c *TrustedClusterV2) SetMetadata(meta Metadata) {
c.Metadata = meta
}
// SetExpiry sets expiry time for the object
func (c *TrustedClusterV2) SetExpiry(expires time.Time) {
c.Metadata.SetExpiry(expires)
}
// Expiry returns object expiry setting
func (c *TrustedClusterV2) Expiry() time.Time {
return c.Metadata.Expiry()
}
// GetName returns the name of the TrustedCluster.
func (c *TrustedClusterV2) GetName() string {
return c.Metadata.Name
}
// SetName sets the name of the TrustedCluster.
func (c *TrustedClusterV2) SetName(e string) {
c.Metadata.Name = e
}
// Origin returns the origin value of the resource.
func (c *TrustedClusterV2) Origin() string {
return c.Metadata.Origin()
}
// SetOrigin sets the origin value of the resource.
func (c *TrustedClusterV2) SetOrigin(origin string) {
c.Metadata.SetOrigin(origin)
}
// GetEnabled returns the state of the TrustedCluster.
func (c *TrustedClusterV2) GetEnabled() bool {
return c.Spec.Enabled
}
// SetEnabled enables (handshake and add ca+reverse tunnel) or disables TrustedCluster.
func (c *TrustedClusterV2) SetEnabled(e bool) {
c.Spec.Enabled = e
}
// GetRoles returns the roles for the certificate authority.
func (c *TrustedClusterV2) GetRoles() []string {
return c.Spec.Roles
}
// SetRoles sets the roles for the certificate authority.
func (c *TrustedClusterV2) SetRoles(e []string) {
c.Spec.Roles = e
}
// GetToken returns the authorization and authentication token.
func (c *TrustedClusterV2) GetToken() string {
return c.Spec.Token
}
// SetToken sets the authorization and authentication.
func (c *TrustedClusterV2) SetToken(e string) {
c.Spec.Token = e
}
// GetProxyAddress returns the address of the proxy server.
func (c *TrustedClusterV2) GetProxyAddress() string {
return c.Spec.ProxyAddress
}
// SetProxyAddress sets the address of the proxy server.
func (c *TrustedClusterV2) SetProxyAddress(e string) {
c.Spec.ProxyAddress = e
}
// GetReverseTunnelAddress returns the address of the reverse tunnel.
func (c *TrustedClusterV2) GetReverseTunnelAddress() string {
return c.Spec.ReverseTunnelAddress
}
// SetReverseTunnelAddress sets the address of the reverse tunnel.
func (c *TrustedClusterV2) SetReverseTunnelAddress(e string) {
c.Spec.ReverseTunnelAddress = e
}
// CanChangeStateTo checks if the state change is allowed or not. If not, returns
// an error explaining the reason.
func (c *TrustedClusterV2) CanChangeStateTo(t TrustedCluster) error {
immutableFieldErr := func(name string) error {
return trace.BadParameter("can not update %s for existing leaf cluster, delete and re-create this leaf cluster with updated %s", name, name)
}
if c.GetToken() != t.GetToken() {
return immutableFieldErr("token")
}
if c.GetProxyAddress() != t.GetProxyAddress() {
return immutableFieldErr("web_proxy_address")
}
if c.GetReverseTunnelAddress() != t.GetReverseTunnelAddress() {
return immutableFieldErr("tunnel_addr")
}
if !slices.Equal(c.GetRoles(), t.GetRoles()) {
return immutableFieldErr("roles")
}
return nil
}
func (c *TrustedClusterV2) Clone() TrustedCluster {
return utils.CloneProtoMsg(c)
}
// String represents a human readable version of trusted cluster settings.
func (c *TrustedClusterV2) String() string {
return fmt.Sprintf("TrustedCluster(Enabled=%v,Roles=%v,Token=%v,ProxyAddress=%v,ReverseTunnelAddress=%v)",
c.Spec.Enabled, c.Spec.Roles, c.Spec.Token, c.Spec.ProxyAddress, c.Spec.ReverseTunnelAddress)
}
// RoleMap is a list of mappings
type RoleMap []RoleMapping
// IsEqual validates that two roles maps are equivalent.
func (r RoleMap) IsEqual(other RoleMap) bool {
return slices.EqualFunc(r, other, func(a RoleMapping, b RoleMapping) bool {
return a.Remote == b.Remote && slices.Equal(a.Local, b.Local)
})
}
// SortedTrustedCluster sorts clusters by name
type SortedTrustedCluster []TrustedCluster
// Len returns the length of a list.
func (s SortedTrustedCluster) Len() int {
return len(s)
}
// Less compares items by name.
func (s SortedTrustedCluster) Less(i, j int) bool {
return s[i].GetName() < s[j].GetName()
}
// Swap swaps two items in a list.
func (s SortedTrustedCluster) Swap(i, j int) {
s[i], s[j] = s[j], s[i]
}
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"strings"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
// ReverseTunnel is SSH reverse tunnel established between a local Proxy
// and a remote Proxy. It helps to bypass firewall restrictions, so local
// clusters don't need to have the cluster involved
type ReverseTunnel interface {
// Resource provides common methods for resource objects
Resource
// GetClusterName returns name of the cluster
GetClusterName() string
// SetClusterName sets cluster name
SetClusterName(name string)
// GetType gets the type of ReverseTunnel.
GetType() TunnelType
// SetType sets the type of ReverseTunnel.
SetType(TunnelType)
// GetDialAddrs returns list of dial addresses for this cluster
GetDialAddrs() []string
// Clone creates a copy of the ReverseTunnel.
Clone() ReverseTunnel
}
// NewReverseTunnel returns new version of reverse tunnel
func NewReverseTunnel(clusterName string, dialAddrs []string) (ReverseTunnel, error) {
r := &ReverseTunnelV2{
Metadata: Metadata{
Name: clusterName,
},
Spec: ReverseTunnelSpecV2{
ClusterName: clusterName,
DialAddrs: dialAddrs,
},
}
if err := r.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return r, nil
}
// Clone creates a copy of the ReverseTunnel.
func (r *ReverseTunnelV2) Clone() ReverseTunnel {
return utils.CloneProtoMsg(r)
}
// GetVersion returns resource version
func (r *ReverseTunnelV2) GetVersion() string {
return r.Version
}
// GetKind returns resource kind
func (r *ReverseTunnelV2) GetKind() string {
return r.Kind
}
// GetSubKind returns resource sub kind
func (r *ReverseTunnelV2) GetSubKind() string {
return r.SubKind
}
// SetSubKind sets resource subkind
func (r *ReverseTunnelV2) SetSubKind(s string) {
r.SubKind = s
}
// GetRevision returns the revision
func (r *ReverseTunnelV2) GetRevision() string {
return r.Metadata.GetRevision()
}
// SetRevision sets the revision
func (r *ReverseTunnelV2) SetRevision(rev string) {
r.Metadata.SetRevision(rev)
}
// GetMetadata returns object metadata
func (r *ReverseTunnelV2) GetMetadata() Metadata {
return r.Metadata
}
// SetExpiry sets expiry time for the object
func (r *ReverseTunnelV2) SetExpiry(expires time.Time) {
r.Metadata.SetExpiry(expires)
}
// Expiry returns object expiry setting
func (r *ReverseTunnelV2) Expiry() time.Time {
return r.Metadata.Expiry()
}
// GetName returns the name of the User
func (r *ReverseTunnelV2) GetName() string {
return r.Metadata.Name
}
// SetName sets the name of the User
func (r *ReverseTunnelV2) SetName(e string) {
r.Metadata.Name = e
}
// setStaticFields sets static resource header and metadata fields.
func (r *ReverseTunnelV2) setStaticFields() {
r.Kind = KindReverseTunnel
r.Version = V2
}
// CheckAndSetDefaults checks and sets defaults
func (r *ReverseTunnelV2) CheckAndSetDefaults() error {
r.setStaticFields()
if err := r.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if strings.TrimSpace(r.Spec.ClusterName) == "" {
return trace.BadParameter("reverse tunnel validation error: empty cluster name")
}
if len(r.Spec.DialAddrs) == 0 {
return trace.BadParameter("invalid dial address for reverse tunnel '%v'", r.Spec.ClusterName)
}
return nil
}
// SetClusterName sets name of a cluster
func (r *ReverseTunnelV2) SetClusterName(name string) {
r.Spec.ClusterName = name
}
// GetClusterName returns name of the cluster
func (r *ReverseTunnelV2) GetClusterName() string {
return r.Spec.ClusterName
}
// GetType gets the type of ReverseTunnel.
func (r *ReverseTunnelV2) GetType() TunnelType {
if string(r.Spec.Type) == "" {
return ProxyTunnel
}
return r.Spec.Type
}
// SetType sets the type of ReverseTunnel.
func (r *ReverseTunnelV2) SetType(tt TunnelType) {
r.Spec.Type = tt
}
// GetDialAddrs returns list of dial addresses for this cluster
func (r *ReverseTunnelV2) GetDialAddrs() []string {
return r.Spec.DialAddrs
}
/*
Copyright 2022 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"encoding/json"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/utils"
)
const (
tunnelStrategyTypeParam = "type"
defaultAgentConnectionCount = 1
)
// DefaultAgentMeshTunnelStrategy sets default values for a agent mesh
// tunnel strategy.
func DefaultAgentMeshTunnelStrategy() *AgentMeshTunnelStrategy {
return &AgentMeshTunnelStrategy{}
}
// DefaultProxyPeeringTunnelStrategy sets default values for a proxy peering
// tunnel strategy.
func DefaultProxyPeeringTunnelStrategy() *ProxyPeeringTunnelStrategy {
return &ProxyPeeringTunnelStrategy{
AgentConnectionCount: defaultAgentConnectionCount,
}
}
// DefaultTunnelStrategy is the default tunnel strategy used when one is not
// specified.
func DefaultTunnelStrategy() TunnelStrategy {
return &TunnelStrategyV1_AgentMesh{
AgentMesh: DefaultAgentMeshTunnelStrategy(),
}
}
// TunnelStrategy defines methods to be implemented by any TunnelStrategy.
type TunnelStrategy interface {
isTunnelStrategyV1_Strategy
CheckAndSetDefaults() error
}
// tunnelStrategyConfig represents a unparsed tunnel strategy configuration.
type tunnelStrategyConfig struct {
Type TunnelStrategyType `yaml:"type"`
Params map[string]interface{} `yaml:",inline"`
}
// newTunnelStrategyConfig creates a new tunnelStrategyConfig instance.
func newTunnelStrategyConfig() *tunnelStrategyConfig {
return &tunnelStrategyConfig{}
}
// setFromMap sets a TunnelStrategyConfig from a map.
func (c *tunnelStrategyConfig) setFromMap(m map[string]interface{}) error {
rawStrategy, ok := m[tunnelStrategyTypeParam]
if !ok {
return trace.BadParameter("missing type parameter")
}
// The map representation of TunnelStrategyType is expected to be a string.
strategyType, ok := rawStrategy.(string)
if !ok {
return trace.BadParameter("invalid type parameter")
}
c.Type = TunnelStrategyType(strategyType)
c.Params = make(map[string]interface{}, len(m)-1)
for k, v := range m {
if k == tunnelStrategyTypeParam {
continue
}
c.Params[k] = v
}
return nil
}
// getMapCopy returns a TunnelStrategyConfig as a map.
func (c *tunnelStrategyConfig) getMapCopy() map[string]interface{} {
mCopy := make(map[string]interface{}, len(c.Params)+1)
for k, v := range c.Params {
mCopy[k] = v
}
// The map representation of TunnelStrategyType is expected to be a string.
mCopy[tunnelStrategyTypeParam] = string(c.Type)
return mCopy
}
// MarshalYAML converts a TunnelStrategyV1 to yaml.
func (s *TunnelStrategyV1) MarshalYAML() (interface{}, error) {
var config *tunnelStrategyConfig
err := s.marshal(func(c *tunnelStrategyConfig) error {
config = c
return nil
})
if err != nil {
return nil, trace.Wrap(err)
}
return config.getMapCopy(), nil
}
// UnmarshalYAML converts yaml to a TunnelStrategyV1 using a strict policy to
// disallow unknown fields.
func (s *TunnelStrategyV1) UnmarshalYAML(unmarshal func(interface{}) error) error {
err := s.unmarshal(utils.StrictObjectToStruct, func(c *tunnelStrategyConfig) error {
return trace.Wrap(unmarshal(c))
})
return trace.Wrap(err)
}
// MarshalJSON converts a TunnelStrategyV1 to json.
func (s *TunnelStrategyV1) MarshalJSON() ([]byte, error) {
var data []byte
err := s.marshal(func(c *tunnelStrategyConfig) error {
var err error
data, err = json.Marshal(c.getMapCopy())
return trace.Wrap(err)
})
if err != nil {
return nil, trace.Wrap(err)
}
return data, nil
}
// UnmarshalJSON converts json to a TunnelStrategyV1. Unknown fields are allowed
// to prevent rollbacks causing issues decoding this data from the backend.
func (s *TunnelStrategyV1) UnmarshalJSON(data []byte) error {
err := s.unmarshal(utils.ObjectToStruct, func(c *tunnelStrategyConfig) error {
params := make(map[string]interface{})
err := json.Unmarshal(data, ¶ms)
if err != nil {
return trace.Wrap(err)
}
return trace.Wrap(c.setFromMap(params))
})
return trace.Wrap(err)
}
// marshal converts a TunnelStrategyV1 to a TunnelStrategyConfig before calling
// the given marshal function.
func (s *TunnelStrategyV1) marshal(marshal func(*tunnelStrategyConfig) error) error {
config := newTunnelStrategyConfig()
switch strategy := s.Strategy.(type) {
case *TunnelStrategyV1_AgentMesh:
config.Type = AgentMesh
err := utils.ObjectToStruct(strategy.AgentMesh, &config.Params)
if err != nil {
return trace.Wrap(err)
}
case *TunnelStrategyV1_ProxyPeering:
config.Type = ProxyPeering
err := utils.ObjectToStruct(strategy.ProxyPeering, &config.Params)
if err != nil {
return trace.Wrap(err)
}
default:
return trace.BadParameter("unknown tunnel strategy: \"%s\"", config.Type)
}
return trace.Wrap(marshal(config))
}
// objectToStructFunc is a function that converts one struct to another.
type objectToStructFunc func(interface{}, interface{}) error
func (s *TunnelStrategyV1) unmarshal(ots objectToStructFunc, unmarshal func(*tunnelStrategyConfig) error) error {
config := newTunnelStrategyConfig()
err := unmarshal(config)
if err != nil {
return trace.Wrap(err)
}
switch config.Type {
case AgentMesh:
strategy := &TunnelStrategyV1_AgentMesh{
AgentMesh: &AgentMeshTunnelStrategy{},
}
err = ots(&config.Params, strategy.AgentMesh)
if err != nil {
return trace.Wrap(err)
}
s.Strategy = strategy
case ProxyPeering:
strategy := &TunnelStrategyV1_ProxyPeering{
ProxyPeering: &ProxyPeeringTunnelStrategy{},
}
err = ots(&config.Params, strategy.ProxyPeering)
if err != nil {
return trace.Wrap(err)
}
s.Strategy = strategy
default:
return trace.BadParameter("unknown tunnel strategy: \"%s\"", config.Type)
}
return nil
}
// CheckAndSetDefaults validates and sets default values for a tunnel strategy.
func (s *TunnelStrategyV1) CheckAndSetDefaults() error {
if s.Strategy == nil {
s.Strategy = DefaultTunnelStrategy()
}
switch strategy := s.Strategy.(type) {
case TunnelStrategy:
err := strategy.CheckAndSetDefaults()
if err != nil {
return trace.Wrap(err)
}
default:
return trace.BadParameter("unknown tunnel strategy: %T", strategy)
}
return nil
}
// CheckAndSetDefaults validates an agent mesh tunnel strategy.
func (s *TunnelStrategyV1_AgentMesh) CheckAndSetDefaults() error {
if s.AgentMesh == nil {
s.AgentMesh = DefaultAgentMeshTunnelStrategy()
}
return nil
}
// CheckAndSetDefaults validates a proxy peering tunnel strategy.
func (s *TunnelStrategyV1_ProxyPeering) CheckAndSetDefaults() error {
if s.ProxyPeering == nil {
s.ProxyPeering = DefaultProxyPeeringTunnelStrategy()
}
if s.ProxyPeering.AgentConnectionCount == 0 {
s.ProxyPeering.AgentConnectionCount = defaultAgentConnectionCount
}
return nil
}
/*
Copyright 2020 Gravitational, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package types
import (
"fmt"
"strings"
"time"
"github.com/gravitational/trace"
"github.com/gravitational/teleport/api/defaults"
"github.com/gravitational/teleport/api/utils"
)
// TunnelConnection is SSH reverse tunnel connection
// established to reverse tunnel proxy
type TunnelConnection interface {
// Resource provides common methods for resource objects
Resource
// GetClusterName returns name of the cluster this connection is for.
GetClusterName() string
// GetProxyName returns the proxy name this connection is established to
GetProxyName() string
// GetLastHeartbeat returns time of the last heartbeat received from
// the tunnel over the connection
GetLastHeartbeat() time.Time
// SetLastHeartbeat sets last heartbeat time
SetLastHeartbeat(time.Time)
// GetType gets the type of ReverseTunnel.
GetType() TunnelType
// SetType sets the type of ReverseTunnel.
SetType(TunnelType)
// String returns user friendly representation of this connection
String() string
// Clone returns a copy of this tunnel connection
Clone() TunnelConnection
}
// NewTunnelConnection returns new connection from V2 spec
func NewTunnelConnection(name string, spec TunnelConnectionSpecV2) (TunnelConnection, error) {
conn := &TunnelConnectionV2{
SubKind: spec.ClusterName,
Metadata: Metadata{
Name: name,
},
Spec: spec,
}
if err := conn.CheckAndSetDefaults(); err != nil {
return nil, trace.Wrap(err)
}
return conn, nil
}
// GetVersion returns resource version
func (r *TunnelConnectionV2) GetVersion() string {
return r.Version
}
// GetKind returns resource kind
func (r *TunnelConnectionV2) GetKind() string {
return r.Kind
}
// GetSubKind returns resource sub kind
func (r *TunnelConnectionV2) GetSubKind() string {
return r.SubKind
}
// SetSubKind sets resource subkind
func (r *TunnelConnectionV2) SetSubKind(s string) {
r.SubKind = s
}
// GetRevision returns the revision
func (r *TunnelConnectionV2) GetRevision() string {
return r.Metadata.GetRevision()
}
// SetRevision sets the revision
func (r *TunnelConnectionV2) SetRevision(rev string) {
r.Metadata.SetRevision(rev)
}
// Clone returns a copy of this tunnel connection
func (r *TunnelConnectionV2) Clone() TunnelConnection {
return utils.CloneProtoMsg(r)
}
// String returns user-friendly description of this connection
func (r *TunnelConnectionV2) String() string {
return fmt.Sprintf("TunnelConnection(name=%v, type=%v, cluster=%v, proxy=%v)",
r.Metadata.Name, r.Spec.Type, r.Spec.ClusterName, r.Spec.ProxyName)
}
// GetMetadata returns object metadata
func (r *TunnelConnectionV2) GetMetadata() Metadata {
return r.Metadata
}
// SetExpiry sets expiry time for the object
func (r *TunnelConnectionV2) SetExpiry(expires time.Time) {
r.Metadata.SetExpiry(expires)
}
// Expiry returns object expiry setting
func (r *TunnelConnectionV2) Expiry() time.Time {
return r.Metadata.Expiry()
}
// GetName returns the name of the User
func (r *TunnelConnectionV2) GetName() string {
return r.Metadata.Name
}
// SetName sets the name of the User
func (r *TunnelConnectionV2) SetName(e string) {
r.Metadata.Name = e
}
// V2 returns V2 version of the resource
func (r *TunnelConnectionV2) V2() *TunnelConnectionV2 {
return r
}
// setStaticFields sets static resource header and metadata fields.
func (r *TunnelConnectionV2) setStaticFields() {
r.Kind = KindTunnelConnection
r.Version = V2
}
// CheckAndSetDefaults checks and sets default values
func (r *TunnelConnectionV2) CheckAndSetDefaults() error {
r.setStaticFields()
if err := r.Metadata.CheckAndSetDefaults(); err != nil {
return trace.Wrap(err)
}
if r.Expiry().IsZero() {
// calculate an appropriate expiry if one was not provided.
// tunnel connection resources are ephemeral and trigger
// allocations in proxies, so it is important that they expire
// in a timely manner.
from := r.GetLastHeartbeat()
if from.IsZero() {
from = time.Now()
}
r.SetExpiry(from.UTC().Add(defaults.ServerAnnounceTTL))
}
if strings.TrimSpace(r.Spec.ClusterName) == "" {
return trace.BadParameter("empty cluster name")
}
if len(r.Spec.ProxyName) == 0 {
return trace.BadParameter("missing parameter proxy name")
}
return nil
}
// GetClusterName returns name of the cluster
func (r *TunnelConnectionV2) GetClusterName() string {
return r.Spec.ClusterName
}
// GetProxyName returns the name of the proxy
func (r *TunnelConnectionV2) GetProxyName() string {
return r.Spec.ProxyName
}
// GetLastHeartbeat returns last heartbeat
func (r *TunnelConnectionV2) GetLastHeartbeat() time.Time {
return r.Spec.LastHeartbeat
}
// SetLastHeartbeat sets last heartbeat time
func (r *TunnelConnectionV2) SetLastHeartbeat(tm time.Time) {
r.Spec.LastHeartbeat = tm
}
// GetType gets the type of ReverseTunnel.
func (r *TunnelConnectionV2) GetType() TunnelType {
if string(r.Spec.Type) == "" {
return ProxyTunnel
}
return r.Spec.Type
}
// SetType sets the type of ReverseTunnel.
func (r *TunnelConnectionV2) SetType(tt TunnelType) {
r.Spec.Type = tt
}
// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: teleport/legacy/types/types.proto
package types
import (
bytes "bytes"
encoding_binary "encoding/binary"
fmt "fmt"
_ "github.com/gogo/protobuf/gogoproto"
proto "github.com/gogo/protobuf/proto"
_ "github.com/gogo/protobuf/types"
github_com_gogo_protobuf_types "github.com/gogo/protobuf/types"
github_com_gravitational_teleport_api_constants "github.com/gravitational/teleport/api/constants"
v11 "github.com/gravitational/teleport/api/gen/proto/go/attestation/v1"
v1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/componentfeatures/v1"
_ "github.com/gravitational/teleport/api/types/wrappers"
github_com_gravitational_teleport_api_types_wrappers "github.com/gravitational/teleport/api/types/wrappers"
io "io"
math "math"
math_bits "math/bits"
time "time"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
var _ = time.Kitchen
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
// IAMPolicyStatus represents states that describe if an AWS database
// has its IAM policy properly configured or not.
// This enum is set in a Sync.Map during an IAM task that checks for the
// validity of IAM policy, and the database gets updated with the value
// from this map during a heartbeat.
type IAMPolicyStatus int32
const (
// IAM_POLICY_STATUS_UNSPECIFIED represents a zero value where
// nothing has been attempted yet.
IAMPolicyStatus_IAM_POLICY_STATUS_UNSPECIFIED IAMPolicyStatus = 0
// IAM_POLICY_STATUS_PENDING represents a state where iam policy status
// is pending to be checked. This enum value is set at the start of
// registering a database -> IAM setup (before the db heartbeat starts).
//
// This state was required for two reasons:
// 1) To be able to tell apart from an older service that do not update
// the IAMPolicyStatus (in which case the enum value will remain the
// zero value).
// 2) When starting a database, the heartbeat and its IAM task starts,
// and the heartbeat may run first before the IAM task finishes.
IAMPolicyStatus_IAM_POLICY_STATUS_PENDING IAMPolicyStatus = 1
// IAM_POLICY_STATUS_FAILED represents a state where an error occured
// while checking for IAM policy status eg: no AWS credentials provider found
// or the policy was misconfigured.
IAMPolicyStatus_IAM_POLICY_STATUS_FAILED IAMPolicyStatus = 2
// IAM_POLICY_STATUS_SUCCESS represents a state where IAM policy was configured
// correctly.
IAMPolicyStatus_IAM_POLICY_STATUS_SUCCESS IAMPolicyStatus = 3
)
var IAMPolicyStatus_name = map[int32]string{
0: "IAM_POLICY_STATUS_UNSPECIFIED",
1: "IAM_POLICY_STATUS_PENDING",
2: "IAM_POLICY_STATUS_FAILED",
3: "IAM_POLICY_STATUS_SUCCESS",
}
var IAMPolicyStatus_value = map[string]int32{
"IAM_POLICY_STATUS_UNSPECIFIED": 0,
"IAM_POLICY_STATUS_PENDING": 1,
"IAM_POLICY_STATUS_FAILED": 2,
"IAM_POLICY_STATUS_SUCCESS": 3,
}
func (x IAMPolicyStatus) String() string {
return proto.EnumName(IAMPolicyStatus_name, int32(x))
}
func (IAMPolicyStatus) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{0}
}
// DatabaseTLSMode represents the level of TLS verification performed by
// DB agent when connecting to a database.
type DatabaseTLSMode int32
const (
// VERIFY_FULL performs full certificate validation.
DatabaseTLSMode_VERIFY_FULL DatabaseTLSMode = 0
// VERIFY_CA works the same as VERIFY_FULL, but it skips the hostname check.
DatabaseTLSMode_VERIFY_CA DatabaseTLSMode = 1
// INSECURE accepts any certificate provided by server. This is the least secure option.
DatabaseTLSMode_INSECURE DatabaseTLSMode = 2
)
var DatabaseTLSMode_name = map[int32]string{
0: "VERIFY_FULL",
1: "VERIFY_CA",
2: "INSECURE",
}
var DatabaseTLSMode_value = map[string]int32{
"VERIFY_FULL": 0,
"VERIFY_CA": 1,
"INSECURE": 2,
}
func (x DatabaseTLSMode) String() string {
return proto.EnumName(DatabaseTLSMode_name, int32(x))
}
func (DatabaseTLSMode) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{1}
}
type UpdaterStatus int32
const (
// UPDATER_STATUS_UNSPECIFIED is the zero value.
UpdaterStatus_UPDATER_STATUS_UNSPECIFIED UpdaterStatus = 0
// UPDATER_STATUS_OK means that everything looks OK from the agent pov.
UpdaterStatus_UPDATER_STATUS_OK UpdaterStatus = 1
// UPDATER_STATUS_DISABLED means that automatic updates seem disabled or paused.
UpdaterStatus_UPDATER_STATUS_DISABLED UpdaterStatus = 2
// UPDATER_STATUS_PINNED means that a specific version is pinned.
UpdaterStatus_UPDATER_STATUS_PINNED UpdaterStatus = 3
// UPDATER_STATUS_UNREADABLE means that the agent failed to read its update status.
UpdaterStatus_UPDATER_STATUS_UNREADABLE UpdaterStatus = 4
)
var UpdaterStatus_name = map[int32]string{
0: "UPDATER_STATUS_UNSPECIFIED",
1: "UPDATER_STATUS_OK",
2: "UPDATER_STATUS_DISABLED",
3: "UPDATER_STATUS_PINNED",
4: "UPDATER_STATUS_UNREADABLE",
}
var UpdaterStatus_value = map[string]int32{
"UPDATER_STATUS_UNSPECIFIED": 0,
"UPDATER_STATUS_OK": 1,
"UPDATER_STATUS_DISABLED": 2,
"UPDATER_STATUS_PINNED": 3,
"UPDATER_STATUS_UNREADABLE": 4,
}
func (x UpdaterStatus) String() string {
return proto.EnumName(UpdaterStatus_name, int32(x))
}
func (UpdaterStatus) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{2}
}
// PrivateKeyType is the storage type of a private key.
type PrivateKeyType int32
const (
// RAW is a plaintext private key.
PrivateKeyType_RAW PrivateKeyType = 0
// PKCS11 is a private key backed by a PKCS11 device such as HSM.
PrivateKeyType_PKCS11 PrivateKeyType = 1
// GCP_KMS is a private key backed by GCP KMS.
PrivateKeyType_GCP_KMS PrivateKeyType = 2
// AWS_KMS is a private key backed by AWS KMS.
PrivateKeyType_AWS_KMS PrivateKeyType = 3
)
var PrivateKeyType_name = map[int32]string{
0: "RAW",
1: "PKCS11",
2: "GCP_KMS",
3: "AWS_KMS",
}
var PrivateKeyType_value = map[string]int32{
"RAW": 0,
"PKCS11": 1,
"GCP_KMS": 2,
"AWS_KMS": 3,
}
func (x PrivateKeyType) String() string {
return proto.EnumName(PrivateKeyType_name, int32(x))
}
func (PrivateKeyType) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{3}
}
// ProxyListenerMode represents the cluster proxy listener mode.
type ProxyListenerMode int32
const (
// Separate is the proxy listener mode indicating that proxies are running
// in separate listener mode where Teleport Proxy services use different listeners.
ProxyListenerMode_Separate ProxyListenerMode = 0
// Multiplex is the proxy listener mode indicating the proxy should use multiplex mode
// where all proxy services are multiplexed on a single proxy port.
ProxyListenerMode_Multiplex ProxyListenerMode = 1
)
var ProxyListenerMode_name = map[int32]string{
0: "Separate",
1: "Multiplex",
}
var ProxyListenerMode_value = map[string]int32{
"Separate": 0,
"Multiplex": 1,
}
func (x ProxyListenerMode) String() string {
return proto.EnumName(ProxyListenerMode_name, int32(x))
}
func (ProxyListenerMode) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{4}
}
// RoutingStrategy determines the strategy used to route to nodes.
type RoutingStrategy int32
const (
// UnambiguousMatch only routes to distinct nodes.
RoutingStrategy_UNAMBIGUOUS_MATCH RoutingStrategy = 0
// MostRecent routes to the most recently heartbeated node if duplicates are present.
RoutingStrategy_MOST_RECENT RoutingStrategy = 1
)
var RoutingStrategy_name = map[int32]string{
0: "UNAMBIGUOUS_MATCH",
1: "MOST_RECENT",
}
var RoutingStrategy_value = map[string]int32{
"UNAMBIGUOUS_MATCH": 0,
"MOST_RECENT": 1,
}
func (x RoutingStrategy) String() string {
return proto.EnumName(RoutingStrategy_name, int32(x))
}
func (RoutingStrategy) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{5}
}
// SecondFactorType is a type of second factor.
type SecondFactorType int32
const (
SecondFactorType_SECOND_FACTOR_TYPE_UNSPECIFIED SecondFactorType = 0
// SECOND_FACTOR_TYPE_OTP is OTP second factor.
SecondFactorType_SECOND_FACTOR_TYPE_OTP SecondFactorType = 1
// SECOND_FACTOR_TYPE_WEBAUTHN is WebAuthn second factor.
SecondFactorType_SECOND_FACTOR_TYPE_WEBAUTHN SecondFactorType = 2
// SECOND_FACTOR_TYPE_SSO is SSO second factor.
SecondFactorType_SECOND_FACTOR_TYPE_SSO SecondFactorType = 3
)
var SecondFactorType_name = map[int32]string{
0: "SECOND_FACTOR_TYPE_UNSPECIFIED",
1: "SECOND_FACTOR_TYPE_OTP",
2: "SECOND_FACTOR_TYPE_WEBAUTHN",
3: "SECOND_FACTOR_TYPE_SSO",
}
var SecondFactorType_value = map[string]int32{
"SECOND_FACTOR_TYPE_UNSPECIFIED": 0,
"SECOND_FACTOR_TYPE_OTP": 1,
"SECOND_FACTOR_TYPE_WEBAUTHN": 2,
"SECOND_FACTOR_TYPE_SSO": 3,
}
func (x SecondFactorType) String() string {
return proto.EnumName(SecondFactorType_name, int32(x))
}
func (SecondFactorType) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{6}
}
// UserTokenUsage contains additional information about the intended usage of a user token.
type UserTokenUsage int32
const (
// Default value that implies token usage was not set.
UserTokenUsage_USER_TOKEN_USAGE_UNSPECIFIED UserTokenUsage = 0
// USER_TOKEN_RECOVER_PASSWORD is a request to recover password.
UserTokenUsage_USER_TOKEN_RECOVER_PASSWORD UserTokenUsage = 1
// USER_TOKEN_RECOVER_MFA is a request to recover a MFA.
UserTokenUsage_USER_TOKEN_RECOVER_MFA UserTokenUsage = 2
// USER_TOKEN_RENEWAL_BOT is a request to generate certificates
// for a bot user.
UserTokenUsage_USER_TOKEN_RENEWAL_BOT UserTokenUsage = 3
)
var UserTokenUsage_name = map[int32]string{
0: "USER_TOKEN_USAGE_UNSPECIFIED",
1: "USER_TOKEN_RECOVER_PASSWORD",
2: "USER_TOKEN_RECOVER_MFA",
3: "USER_TOKEN_RENEWAL_BOT",
}
var UserTokenUsage_value = map[string]int32{
"USER_TOKEN_USAGE_UNSPECIFIED": 0,
"USER_TOKEN_RECOVER_PASSWORD": 1,
"USER_TOKEN_RECOVER_MFA": 2,
"USER_TOKEN_RENEWAL_BOT": 3,
}
func (x UserTokenUsage) String() string {
return proto.EnumName(UserTokenUsage_name, int32(x))
}
func (UserTokenUsage) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{7}
}
// RequestState represents the state of a request for escalated privilege.
type RequestState int32
const (
// NONE variant exists to allow RequestState to be explicitly omitted
// in certain circumstances (e.g. in an AccessRequestFilter).
RequestState_NONE RequestState = 0
// PENDING variant is the default for newly created requests.
RequestState_PENDING RequestState = 1
// APPROVED variant indicates that a request has been accepted by
// an administrating party.
RequestState_APPROVED RequestState = 2
// DENIED variant indicates that a request has been rejected by
// an administrating party.
RequestState_DENIED RequestState = 3
// PROMOTED variant indicates that a request has been promoted to
// an access list.
RequestState_PROMOTED RequestState = 4
)
var RequestState_name = map[int32]string{
0: "NONE",
1: "PENDING",
2: "APPROVED",
3: "DENIED",
4: "PROMOTED",
}
var RequestState_value = map[string]int32{
"NONE": 0,
"PENDING": 1,
"APPROVED": 2,
"DENIED": 3,
"PROMOTED": 4,
}
func (x RequestState) String() string {
return proto.EnumName(RequestState_name, int32(x))
}
func (RequestState) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{8}
}
// AccessRequestKind represents the kind of Access Request being made (short/long-term).
type AccessRequestKind int32
const (
// UNDEFINED is the default value, and represents an undefined request kind.
AccessRequestKind_UNDEFINED AccessRequestKind = 0
// SHORT_TERM represents a short-term request, either role-based or resource-based.
AccessRequestKind_SHORT_TERM AccessRequestKind = 1
// LONG_TERM represents a long-term resource-based request.
AccessRequestKind_LONG_TERM AccessRequestKind = 2
)
var AccessRequestKind_name = map[int32]string{
0: "UNDEFINED",
1: "SHORT_TERM",
2: "LONG_TERM",
}
var AccessRequestKind_value = map[string]int32{
"UNDEFINED": 0,
"SHORT_TERM": 1,
"LONG_TERM": 2,
}
func (x AccessRequestKind) String() string {
return proto.EnumName(AccessRequestKind_name, int32(x))
}
func (AccessRequestKind) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{9}
}
type AccessRequestScope int32
const (
// DEFAULT allows all requests to be viewed
AccessRequestScope_DEFAULT AccessRequestScope = 0
// MY_REQUESTS will return only requests created by the requester
AccessRequestScope_MY_REQUESTS AccessRequestScope = 1
// NEEDS_REVIEW will return only requests that were not created by
// the requester and do not include a review made by the requester
AccessRequestScope_NEEDS_REVIEW AccessRequestScope = 2
// REVIEWED will return only requests that were not created by
// the requester and have a review submitted by the requester. This
// can include requests that have no yet been completely approved/denied.
AccessRequestScope_REVIEWED AccessRequestScope = 3
)
var AccessRequestScope_name = map[int32]string{
0: "DEFAULT",
1: "MY_REQUESTS",
2: "NEEDS_REVIEW",
3: "REVIEWED",
}
var AccessRequestScope_value = map[string]int32{
"DEFAULT": 0,
"MY_REQUESTS": 1,
"NEEDS_REVIEW": 2,
"REVIEWED": 3,
}
func (x AccessRequestScope) String() string {
return proto.EnumName(AccessRequestScope_name, int32(x))
}
func (AccessRequestScope) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{10}
}
// CreateHostUserMode determines whether host user creation should be
// disabled or if host users should be cleaned up or kept after
// sessions end.
type CreateHostUserMode int32
const (
CreateHostUserMode_HOST_USER_MODE_UNSPECIFIED CreateHostUserMode = 0
// HOST_USER_MODE_OFF disables host user creation.
CreateHostUserMode_HOST_USER_MODE_OFF CreateHostUserMode = 1
// HOST_USER_MODE_DROP enables host user creation and deletes users at session end.
// Deprecated: replaced by HOST_USER_MODE_INSECURE_DROP.
CreateHostUserMode_HOST_USER_MODE_DROP CreateHostUserMode = 2 // Deprecated: Do not use.
// HOST_USER_MODE_KEEP enables host user creation and leaves users behind at session end.
CreateHostUserMode_HOST_USER_MODE_KEEP CreateHostUserMode = 3
// HOST_USER_MODE_INSECURE_DROP enables host user creation without a home directory and deletes
// users at session end.
CreateHostUserMode_HOST_USER_MODE_INSECURE_DROP CreateHostUserMode = 4
)
var CreateHostUserMode_name = map[int32]string{
0: "HOST_USER_MODE_UNSPECIFIED",
1: "HOST_USER_MODE_OFF",
2: "HOST_USER_MODE_DROP",
3: "HOST_USER_MODE_KEEP",
4: "HOST_USER_MODE_INSECURE_DROP",
}
var CreateHostUserMode_value = map[string]int32{
"HOST_USER_MODE_UNSPECIFIED": 0,
"HOST_USER_MODE_OFF": 1,
"HOST_USER_MODE_DROP": 2,
"HOST_USER_MODE_KEEP": 3,
"HOST_USER_MODE_INSECURE_DROP": 4,
}
func (x CreateHostUserMode) String() string {
return proto.EnumName(CreateHostUserMode_name, int32(x))
}
func (CreateHostUserMode) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{11}
}
// CreateDatabaseUserMode determines whether database user creation should be
// disabled or if users should be cleaned up or kept after sessions end.
type CreateDatabaseUserMode int32
const (
CreateDatabaseUserMode_DB_USER_MODE_UNSPECIFIED CreateDatabaseUserMode = 0
// DB_USER_MODE_OFF disables user creation.
CreateDatabaseUserMode_DB_USER_MODE_OFF CreateDatabaseUserMode = 1
// DB_USER_MODE_KEEP allows user creation and disable users at session end.
CreateDatabaseUserMode_DB_USER_MODE_KEEP CreateDatabaseUserMode = 2
// DB_USER_MODE_BEST_EFFORT_DROP allows user creation and tries to drop user
// at session end. If the drop fails, fallback to disabling them.
CreateDatabaseUserMode_DB_USER_MODE_BEST_EFFORT_DROP CreateDatabaseUserMode = 3
)
var CreateDatabaseUserMode_name = map[int32]string{
0: "DB_USER_MODE_UNSPECIFIED",
1: "DB_USER_MODE_OFF",
2: "DB_USER_MODE_KEEP",
3: "DB_USER_MODE_BEST_EFFORT_DROP",
}
var CreateDatabaseUserMode_value = map[string]int32{
"DB_USER_MODE_UNSPECIFIED": 0,
"DB_USER_MODE_OFF": 1,
"DB_USER_MODE_KEEP": 2,
"DB_USER_MODE_BEST_EFFORT_DROP": 3,
}
func (x CreateDatabaseUserMode) String() string {
return proto.EnumName(CreateDatabaseUserMode_name, int32(x))
}
func (CreateDatabaseUserMode) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{12}
}
// CertExtensionMode specifies the type of extension to use in the cert.
type CertExtensionMode int32
const (
// EXTENSION represents a cert extension that may or may not be
// honored by the server.
CertExtensionMode_EXTENSION CertExtensionMode = 0
)
var CertExtensionMode_name = map[int32]string{
0: "EXTENSION",
}
var CertExtensionMode_value = map[string]int32{
"EXTENSION": 0,
}
func (x CertExtensionMode) String() string {
return proto.EnumName(CertExtensionMode_name, int32(x))
}
func (CertExtensionMode) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{13}
}
// CertExtensionType represents the certificate type the extension is for.
// Currently only ssh is supported.
type CertExtensionType int32
const (
// SSH is used when extending an ssh certificate
CertExtensionType_SSH CertExtensionType = 0
)
var CertExtensionType_name = map[int32]string{
0: "SSH",
}
var CertExtensionType_value = map[string]int32{
"SSH": 0,
}
func (x CertExtensionType) String() string {
return proto.EnumName(CertExtensionType_name, int32(x))
}
func (CertExtensionType) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{14}
}
// PasswordState indicates what is known about existence of user's password.
type PasswordState int32
const (
// Unable to tell whether the password has been configured.
PasswordState_PASSWORD_STATE_UNSPECIFIED PasswordState = 0
// Password is known to be not configured.
PasswordState_PASSWORD_STATE_UNSET PasswordState = 1
// Password is known to be configured.
PasswordState_PASSWORD_STATE_SET PasswordState = 2
)
var PasswordState_name = map[int32]string{
0: "PASSWORD_STATE_UNSPECIFIED",
1: "PASSWORD_STATE_UNSET",
2: "PASSWORD_STATE_SET",
}
var PasswordState_value = map[string]int32{
"PASSWORD_STATE_UNSPECIFIED": 0,
"PASSWORD_STATE_UNSET": 1,
"PASSWORD_STATE_SET": 2,
}
func (x PasswordState) String() string {
return proto.EnumName(PasswordState_name, int32(x))
}
func (PasswordState) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{15}
}
// MFADeviceKind indicates what is known about existence of user's MFA device.
type MFADeviceKind int32
const (
// Unable to tell whether the MFA device has been configured.
MFADeviceKind_MFA_DEVICE_KIND_UNSPECIFIED MFADeviceKind = 0
// MFA device is known to be not configured.
MFADeviceKind_MFA_DEVICE_KIND_UNSET MFADeviceKind = 1
// MFA device is known to be configured using TOTP as the weakest form of MFA.
MFADeviceKind_MFA_DEVICE_KIND_TOTP MFADeviceKind = 2
// MFA device is known to be configured using WebAuthn as the weakest form of MFA.
MFADeviceKind_MFA_DEVICE_KIND_WEBAUTHN MFADeviceKind = 3
)
var MFADeviceKind_name = map[int32]string{
0: "MFA_DEVICE_KIND_UNSPECIFIED",
1: "MFA_DEVICE_KIND_UNSET",
2: "MFA_DEVICE_KIND_TOTP",
3: "MFA_DEVICE_KIND_WEBAUTHN",
}
var MFADeviceKind_value = map[string]int32{
"MFA_DEVICE_KIND_UNSPECIFIED": 0,
"MFA_DEVICE_KIND_UNSET": 1,
"MFA_DEVICE_KIND_TOTP": 2,
"MFA_DEVICE_KIND_WEBAUTHN": 3,
}
func (x MFADeviceKind) String() string {
return proto.EnumName(MFADeviceKind_name, int32(x))
}
func (MFADeviceKind) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{16}
}
// SAMLForceAuthn specified whether existing SAML sessions should be accepted or re-authentication
// should be forced.
type SAMLForceAuthn int32
const (
// UNSPECIFIED is treated as the default value for the context; NO for login, YES for MFA checks.
SAMLForceAuthn_FORCE_AUTHN_UNSPECIFIED SAMLForceAuthn = 0
// YES re-authentication should be forced for existing SAML sessions..
SAMLForceAuthn_FORCE_AUTHN_YES SAMLForceAuthn = 1
// NO re-authentication should not be forced for existing SAML sessions.
SAMLForceAuthn_FORCE_AUTHN_NO SAMLForceAuthn = 2
)
var SAMLForceAuthn_name = map[int32]string{
0: "FORCE_AUTHN_UNSPECIFIED",
1: "FORCE_AUTHN_YES",
2: "FORCE_AUTHN_NO",
}
var SAMLForceAuthn_value = map[string]int32{
"FORCE_AUTHN_UNSPECIFIED": 0,
"FORCE_AUTHN_YES": 1,
"FORCE_AUTHN_NO": 2,
}
func (x SAMLForceAuthn) String() string {
return proto.EnumName(SAMLForceAuthn_name, int32(x))
}
func (SAMLForceAuthn) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{17}
}
// SessionState represents the state of a session.
type SessionState int32
const (
// Pending variant represents a session that is waiting on participants to fulfill the criteria
// to start the session.
SessionState_SessionStatePending SessionState = 0
// Running variant represents a session that has had it's criteria for starting
// fulfilled at least once and has transitioned to a RUNNING state.
SessionState_SessionStateRunning SessionState = 1
// Terminated variant represents a session that is no longer running and due for removal.
SessionState_SessionStateTerminated SessionState = 2
)
var SessionState_name = map[int32]string{
0: "SessionStatePending",
1: "SessionStateRunning",
2: "SessionStateTerminated",
}
var SessionState_value = map[string]int32{
"SessionStatePending": 0,
"SessionStateRunning": 1,
"SessionStateTerminated": 2,
}
func (x SessionState) String() string {
return proto.EnumName(SessionState_name, int32(x))
}
func (SessionState) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{18}
}
// AlertSeverity represents how problematic/urgent an alert is, and is used to assist
// in sorting alerts for display.
type AlertSeverity int32
const (
AlertSeverity_LOW AlertSeverity = 0
AlertSeverity_MEDIUM AlertSeverity = 5
AlertSeverity_HIGH AlertSeverity = 10
)
var AlertSeverity_name = map[int32]string{
0: "LOW",
5: "MEDIUM",
10: "HIGH",
}
var AlertSeverity_value = map[string]int32{
"LOW": 0,
"MEDIUM": 5,
"HIGH": 10,
}
func (x AlertSeverity) String() string {
return proto.EnumName(AlertSeverity_name, int32(x))
}
func (AlertSeverity) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{19}
}
// RequireMFAType is a type of MFA requirement enforced outside of login,
// such as per-session MFA or per-request PIV touch.
type RequireMFAType int32
const (
// OFF means additional MFA enforcement is not enabled.
RequireMFAType_OFF RequireMFAType = 0
// SESSION means MFA is required to begin server sessions.
RequireMFAType_SESSION RequireMFAType = 1
// SESSION_AND_HARDWARE_KEY means MFA is required to begin server sessions,
// and login sessions must use a private key backed by a hardware key.
RequireMFAType_SESSION_AND_HARDWARE_KEY RequireMFAType = 2
// HARDWARE_KEY_TOUCH means login sessions must use a hardware private key that
// requires touch to be used.
RequireMFAType_HARDWARE_KEY_TOUCH RequireMFAType = 3
// HARDWARE_KEY_PIN means login sessions must use a hardware private key that
// requires pin to be used.
RequireMFAType_HARDWARE_KEY_PIN RequireMFAType = 4
// HARDWARE_KEY_TOUCH_AND_PIN means login sessions must use a hardware private key that
// requires touch and pin to be used.
RequireMFAType_HARDWARE_KEY_TOUCH_AND_PIN RequireMFAType = 5
)
var RequireMFAType_name = map[int32]string{
0: "OFF",
1: "SESSION",
2: "SESSION_AND_HARDWARE_KEY",
3: "HARDWARE_KEY_TOUCH",
4: "HARDWARE_KEY_PIN",
5: "HARDWARE_KEY_TOUCH_AND_PIN",
}
var RequireMFAType_value = map[string]int32{
"OFF": 0,
"SESSION": 1,
"SESSION_AND_HARDWARE_KEY": 2,
"HARDWARE_KEY_TOUCH": 3,
"HARDWARE_KEY_PIN": 4,
"HARDWARE_KEY_TOUCH_AND_PIN": 5,
}
func (x RequireMFAType) String() string {
return proto.EnumName(RequireMFAType_name, int32(x))
}
func (RequireMFAType) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{20}
}
// SignatureAlgorithmSuite represents the suite of cryptographic signature algorithms used in the cluster.
type SignatureAlgorithmSuite int32
const (
// SIGNATURE_ALGORITHM_SUITE_UNSPECIFIED represents an unspecified signature algorithm suite.
SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_UNSPECIFIED SignatureAlgorithmSuite = 0
// SIGNATURE_ALGORITHM_SUITE_LEGACY is the original algorithm suite used in
// Teleport, it almost exclusively uses 2048-bit RSA.
SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_LEGACY SignatureAlgorithmSuite = 1
// SIGNATURE_ALGORITHM_SUITE_BALANCED_V1 aims to strikes a balance between
// security, compatibility, and performance. It uses Ed25519 for most SSH
// keys, ECDSA on the NIST P256 curve for most TLS keys, and 2048-bit RSA
// where necessary for compatibility with third-party software.
SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_BALANCED_V1 SignatureAlgorithmSuite = 2
// SIGNATURE_ALGORITHM_SUITE_FIPS_V1 is tailored for FIPS compliance. It is
// based on the BALANCED_V1 suite but replaces all instances of Ed25519 with
// ECDSA on the NIST P256 curve.
SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_FIPS_V1 SignatureAlgorithmSuite = 3
// SIGNATURE_ALGORITHM_SUITE_HSM_V1 is tailored for clusters using an HSM or
// KMS service to back CA private material. It is based on the BALANCED suite
// but replaces Ed25519 with ECDSA on the NIST P256 curve for CA keys only,
// not for server or client keys. It is also valid to use the LEGACY for FIPS
// suites if your cluster uses an HSM or KMS.
SignatureAlgorithmSuite_SIGNATURE_ALGORITHM_SUITE_HSM_V1 SignatureAlgorithmSuite = 4
)
var SignatureAlgorithmSuite_name = map[int32]string{
0: "SIGNATURE_ALGORITHM_SUITE_UNSPECIFIED",
1: "SIGNATURE_ALGORITHM_SUITE_LEGACY",
2: "SIGNATURE_ALGORITHM_SUITE_BALANCED_V1",
3: "SIGNATURE_ALGORITHM_SUITE_FIPS_V1",
4: "SIGNATURE_ALGORITHM_SUITE_HSM_V1",
}
var SignatureAlgorithmSuite_value = map[string]int32{
"SIGNATURE_ALGORITHM_SUITE_UNSPECIFIED": 0,
"SIGNATURE_ALGORITHM_SUITE_LEGACY": 1,
"SIGNATURE_ALGORITHM_SUITE_BALANCED_V1": 2,
"SIGNATURE_ALGORITHM_SUITE_FIPS_V1": 3,
"SIGNATURE_ALGORITHM_SUITE_HSM_V1": 4,
}
func (x SignatureAlgorithmSuite) String() string {
return proto.EnumName(SignatureAlgorithmSuite_name, int32(x))
}
func (SignatureAlgorithmSuite) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{21}
}
// EntraIDCredentialsSource defines the credentials source for Entra ID.
type EntraIDCredentialsSource int32
const (
// ENTRAID_CREDENTIALS_SOURCE_UNKNOWN is used when the credentials source is not specified.
// Due to legacy reasons, UNKNOWN is handled as OIDC.
EntraIDCredentialsSource_ENTRAID_CREDENTIALS_SOURCE_UNKNOWN EntraIDCredentialsSource = 0
// ENTRAID_CREDENTIALS_SOURCE_OIDC indicates that the plugin will authenticate with Azure/Entra ID using OIDC.
EntraIDCredentialsSource_ENTRAID_CREDENTIALS_SOURCE_OIDC EntraIDCredentialsSource = 1
// ENTRAID_CREDENTIALS_SOURCE_SYSTEM_CREDENTIALS means the plugin will rely on system-provided credentials
// for authentication with Azure Entra ID, especially for clusters with no internet access.
EntraIDCredentialsSource_ENTRAID_CREDENTIALS_SOURCE_SYSTEM_CREDENTIALS EntraIDCredentialsSource = 2
)
var EntraIDCredentialsSource_name = map[int32]string{
0: "ENTRAID_CREDENTIALS_SOURCE_UNKNOWN",
1: "ENTRAID_CREDENTIALS_SOURCE_OIDC",
2: "ENTRAID_CREDENTIALS_SOURCE_SYSTEM_CREDENTIALS",
}
var EntraIDCredentialsSource_value = map[string]int32{
"ENTRAID_CREDENTIALS_SOURCE_UNKNOWN": 0,
"ENTRAID_CREDENTIALS_SOURCE_OIDC": 1,
"ENTRAID_CREDENTIALS_SOURCE_SYSTEM_CREDENTIALS": 2,
}
func (x EntraIDCredentialsSource) String() string {
return proto.EnumName(EntraIDCredentialsSource_name, int32(x))
}
func (EntraIDCredentialsSource) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{22}
}
// AWSICCredentialsSource indicates where the AWS Identity Center plugin will
// draw its AWS credentials from.
//
// DEPRECATED: Superceded by individual message types.
// TODO(tcsc): Remove in Teleport 19+
type AWSICCredentialsSource int32
const (
// AWSIC_CREDENTIALS_SOURCE_UNKNOWN is used when the credentials source is not
// specified. For backwards compatability, UNKNOWN is handled as OIDC.
AWSICCredentialsSource_AWSIC_CREDENTIALS_SOURCE_UNKNOWN AWSICCredentialsSource = 0
// AWSIC_CREDENTIALS_SOURCE_OIDC indicates that the Identity Center plugin will
// draw its credentials from a configured Teleport OIDC integration and
// authenticate woth OIDC
AWSICCredentialsSource_AWSIC_CREDENTIALS_SOURCE_OIDC AWSICCredentialsSource = 1
// AWSIC_CREDENTIALS_SOURCE_SYSTEM indicates that the Identity Center plugin
// will rely on system-provided credentials
AWSICCredentialsSource_AWSIC_CREDENTIALS_SOURCE_SYSTEM AWSICCredentialsSource = 2
)
var AWSICCredentialsSource_name = map[int32]string{
0: "AWSIC_CREDENTIALS_SOURCE_UNKNOWN",
1: "AWSIC_CREDENTIALS_SOURCE_OIDC",
2: "AWSIC_CREDENTIALS_SOURCE_SYSTEM",
}
var AWSICCredentialsSource_value = map[string]int32{
"AWSIC_CREDENTIALS_SOURCE_UNKNOWN": 0,
"AWSIC_CREDENTIALS_SOURCE_OIDC": 1,
"AWSIC_CREDENTIALS_SOURCE_SYSTEM": 2,
}
func (x AWSICCredentialsSource) String() string {
return proto.EnumName(AWSICCredentialsSource_name, int32(x))
}
func (AWSICCredentialsSource) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{23}
}
// AWSICGroupImportStatus defines Identity Center group and group members
// import status codes.
type AWSICGroupImportStatusCode int32
const (
// UNSPECIFIED denotes that a status is unknown.
AWSICGroupImportStatusCode_UNSPECIFIED AWSICGroupImportStatusCode = 0
// DONE denotes that the group and group members import operation was
// completed.
AWSICGroupImportStatusCode_DONE AWSICGroupImportStatusCode = 1
// FAILED denotes that the group and group members import met with an error.
AWSICGroupImportStatusCode_FAILED AWSICGroupImportStatusCode = 2
// REIMPORT_REQUESTED denotes that the user has requested that the import
// process be re-run.
AWSICGroupImportStatusCode_REIMPORT_REQUESTED AWSICGroupImportStatusCode = 3
)
var AWSICGroupImportStatusCode_name = map[int32]string{
0: "UNSPECIFIED",
1: "DONE",
2: "FAILED",
3: "REIMPORT_REQUESTED",
}
var AWSICGroupImportStatusCode_value = map[string]int32{
"UNSPECIFIED": 0,
"DONE": 1,
"FAILED": 2,
"REIMPORT_REQUESTED": 3,
}
func (x AWSICGroupImportStatusCode) String() string {
return proto.EnumName(AWSICGroupImportStatusCode_name, int32(x))
}
func (AWSICGroupImportStatusCode) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{24}
}
type PluginStatusCode int32
const (
// UNKNOWN is the default value when the plugin has not reported its status yet.
PluginStatusCode_UNKNOWN PluginStatusCode = 0
// RUNNING means the plugin reports running successfully.
PluginStatusCode_RUNNING PluginStatusCode = 1
// OTHER_ERROR indicates that an otherwise-unspecified error has been encountered.
PluginStatusCode_OTHER_ERROR PluginStatusCode = 2
// UNAUTHORIZED indicates that plugin is not able to authenticate to the 3rd party API.
// This could be a result of e.g. the user revoking the authorization on the API provider's side.
PluginStatusCode_UNAUTHORIZED PluginStatusCode = 3
// SLACK_NOT_IN_CHANNEL is a Slack-specific status code that indicates
// that the bot has not been invited to a channel that it is configured to post in.
PluginStatusCode_SLACK_NOT_IN_CHANNEL PluginStatusCode = 10
// OKTA_CONFIG_ERROR is an Okta-specific code that indicates a configuration error with setup or
// permissions within Okta.
PluginStatusCode_OKTA_CONFIG_ERROR PluginStatusCode = 20
)
var PluginStatusCode_name = map[int32]string{
0: "UNKNOWN",
1: "RUNNING",
2: "OTHER_ERROR",
3: "UNAUTHORIZED",
10: "SLACK_NOT_IN_CHANNEL",
20: "OKTA_CONFIG_ERROR",
}
var PluginStatusCode_value = map[string]int32{
"UNKNOWN": 0,
"RUNNING": 1,
"OTHER_ERROR": 2,
"UNAUTHORIZED": 3,
"SLACK_NOT_IN_CHANNEL": 10,
"OKTA_CONFIG_ERROR": 20,
}
func (x PluginStatusCode) String() string {
return proto.EnumName(PluginStatusCode_name, int32(x))
}
func (PluginStatusCode) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{25}
}
// OktaPluginSyncStatusCode indicates the possible states of an Okta
// synchronization service.
type OktaPluginSyncStatusCode int32
const (
// OKTA_PLUGIN_SYNC_STATUS_CODE_UNSPECIFIED is the status code zero value,
// indicating that the service has not yet reported a status code.
OktaPluginSyncStatusCode_OKTA_PLUGIN_SYNC_STATUS_CODE_UNSPECIFIED OktaPluginSyncStatusCode = 0
// OKTA_PLUGIN_SYNC_STATUS_CODE_SUCCESS indicates that the service is running
// without error
OktaPluginSyncStatusCode_OKTA_PLUGIN_SYNC_STATUS_CODE_SUCCESS OktaPluginSyncStatusCode = 1
// OKTA_PLUGIN_SYNC_STATUS_CODE_ERROR indicates that the service is currently
// in an error state.
OktaPluginSyncStatusCode_OKTA_PLUGIN_SYNC_STATUS_CODE_ERROR OktaPluginSyncStatusCode = 2
)
var OktaPluginSyncStatusCode_name = map[int32]string{
0: "OKTA_PLUGIN_SYNC_STATUS_CODE_UNSPECIFIED",
1: "OKTA_PLUGIN_SYNC_STATUS_CODE_SUCCESS",
2: "OKTA_PLUGIN_SYNC_STATUS_CODE_ERROR",
}
var OktaPluginSyncStatusCode_value = map[string]int32{
"OKTA_PLUGIN_SYNC_STATUS_CODE_UNSPECIFIED": 0,
"OKTA_PLUGIN_SYNC_STATUS_CODE_SUCCESS": 1,
"OKTA_PLUGIN_SYNC_STATUS_CODE_ERROR": 2,
}
func (x OktaPluginSyncStatusCode) String() string {
return proto.EnumName(OktaPluginSyncStatusCode_name, int32(x))
}
func (OktaPluginSyncStatusCode) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{26}
}
// HeadlessAuthenticationState is a headless authentication state.
type HeadlessAuthenticationState int32
const (
HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_UNSPECIFIED HeadlessAuthenticationState = 0
// authentication pending.
HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_PENDING HeadlessAuthenticationState = 1
// authentication denied.
HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_DENIED HeadlessAuthenticationState = 2
// authentication approved.
HeadlessAuthenticationState_HEADLESS_AUTHENTICATION_STATE_APPROVED HeadlessAuthenticationState = 3
)
var HeadlessAuthenticationState_name = map[int32]string{
0: "HEADLESS_AUTHENTICATION_STATE_UNSPECIFIED",
1: "HEADLESS_AUTHENTICATION_STATE_PENDING",
2: "HEADLESS_AUTHENTICATION_STATE_DENIED",
3: "HEADLESS_AUTHENTICATION_STATE_APPROVED",
}
var HeadlessAuthenticationState_value = map[string]int32{
"HEADLESS_AUTHENTICATION_STATE_UNSPECIFIED": 0,
"HEADLESS_AUTHENTICATION_STATE_PENDING": 1,
"HEADLESS_AUTHENTICATION_STATE_DENIED": 2,
"HEADLESS_AUTHENTICATION_STATE_APPROVED": 3,
}
func (x HeadlessAuthenticationState) String() string {
return proto.EnumName(HeadlessAuthenticationState_name, int32(x))
}
func (HeadlessAuthenticationState) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{27}
}
// InstallParamEnrollMode is the mode used to enroll the node into the cluster.
type InstallParamEnrollMode int32
const (
// INSTALL_PARAM_ENROLL_MODE_UNSPECIFIED uses the EICE mode for EC2 Matchers with an Integration and SCRIPT mode otherwise.
InstallParamEnrollMode_INSTALL_PARAM_ENROLL_MODE_UNSPECIFIED InstallParamEnrollMode = 0
// INSTALL_PARAM_ENROLL_MODE_SCRIPT runs a script on the target host.
InstallParamEnrollMode_INSTALL_PARAM_ENROLL_MODE_SCRIPT InstallParamEnrollMode = 1
// INSTALL_PARAM_ENROLL_MODE_EICE uses EC2 Instance Connect Endpoint to access the node and DiscoveryService handles the heartbeat.
// Only available for AWS EC2 instances.
//
// DEPRECATED: EICE mode is deprecated. Use script mode.
InstallParamEnrollMode_INSTALL_PARAM_ENROLL_MODE_EICE InstallParamEnrollMode = 2
)
var InstallParamEnrollMode_name = map[int32]string{
0: "INSTALL_PARAM_ENROLL_MODE_UNSPECIFIED",
1: "INSTALL_PARAM_ENROLL_MODE_SCRIPT",
2: "INSTALL_PARAM_ENROLL_MODE_EICE",
}
var InstallParamEnrollMode_value = map[string]int32{
"INSTALL_PARAM_ENROLL_MODE_UNSPECIFIED": 0,
"INSTALL_PARAM_ENROLL_MODE_SCRIPT": 1,
"INSTALL_PARAM_ENROLL_MODE_EICE": 2,
}
func (x InstallParamEnrollMode) String() string {
return proto.EnumName(InstallParamEnrollMode_name, int32(x))
}
func (InstallParamEnrollMode) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{28}
}
// The type of a KeepAlive. When adding a new type, please double-check
// lib/usagereporter/teleport to see if we need any change in the resource
// heartbeat event.
type KeepAlive_KeepAliveType int32
const (
KeepAlive_UNKNOWN KeepAlive_KeepAliveType = 0
// "node", KindNode. For the sake of correct usage reporting, it shouldn't
// be used for OpenSSH nodes.
KeepAlive_NODE KeepAlive_KeepAliveType = 1
// "app_server", KindAppServer
KeepAlive_APP KeepAlive_KeepAliveType = 2
// "db_server", KindDatabaseServer
KeepAlive_DATABASE KeepAlive_KeepAliveType = 3
// "windows_desktop_service", KindWindowsDesktopService
KeepAlive_WINDOWS_DESKTOP KeepAlive_KeepAliveType = 4
// "kube_server", KindKubeServer
KeepAlive_KUBERNETES KeepAlive_KeepAliveType = 5
// "db_service", KindDatabaseService
KeepAlive_DATABASE_SERVICE KeepAlive_KeepAliveType = 6
)
var KeepAlive_KeepAliveType_name = map[int32]string{
0: "UNKNOWN",
1: "NODE",
2: "APP",
3: "DATABASE",
4: "WINDOWS_DESKTOP",
5: "KUBERNETES",
6: "DATABASE_SERVICE",
}
var KeepAlive_KeepAliveType_value = map[string]int32{
"UNKNOWN": 0,
"NODE": 1,
"APP": 2,
"DATABASE": 3,
"WINDOWS_DESKTOP": 4,
"KUBERNETES": 5,
"DATABASE_SERVICE": 6,
}
func (x KeepAlive_KeepAliveType) String() string {
return proto.EnumName(KeepAlive_KeepAliveType_name, int32(x))
}
func (KeepAlive_KeepAliveType) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{0, 0}
}
// SigningAlgType is unused.
//
// Deprecated: SigningAlgType is unused.
type CertAuthoritySpecV2_SigningAlgType int32 // Deprecated: Do not use.
const (
CertAuthoritySpecV2_UNKNOWN CertAuthoritySpecV2_SigningAlgType = 0
CertAuthoritySpecV2_RSA_SHA1 CertAuthoritySpecV2_SigningAlgType = 1
CertAuthoritySpecV2_RSA_SHA2_256 CertAuthoritySpecV2_SigningAlgType = 2
CertAuthoritySpecV2_RSA_SHA2_512 CertAuthoritySpecV2_SigningAlgType = 3
)
var CertAuthoritySpecV2_SigningAlgType_name = map[int32]string{
0: "UNKNOWN",
1: "RSA_SHA1",
2: "RSA_SHA2_256",
3: "RSA_SHA2_512",
}
var CertAuthoritySpecV2_SigningAlgType_value = map[string]int32{
"UNKNOWN": 0,
"RSA_SHA1": 1,
"RSA_SHA2_256": 2,
"RSA_SHA2_512": 3,
}
func (x CertAuthoritySpecV2_SigningAlgType) String() string {
return proto.EnumName(CertAuthoritySpecV2_SigningAlgType_name, int32(x))
}
func (CertAuthoritySpecV2_SigningAlgType) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{64, 0}
}
// FIPSEndpointState represents an AWS FIPS endpoint state.
type ClusterAuditConfigSpecV2_FIPSEndpointState int32
const (
// FIPS_UNSET allows setting FIPS state for AWS S3/Dynamo using configuration files or
// environment variables
ClusterAuditConfigSpecV2_FIPS_UNSET ClusterAuditConfigSpecV2_FIPSEndpointState = 0
// FIPS_ENABLED explicitly enables FIPS support for AWS S3/Dynamo
ClusterAuditConfigSpecV2_FIPS_ENABLED ClusterAuditConfigSpecV2_FIPSEndpointState = 1
// FIPS_DISABLED explicitly disables FIPS support for AWS S3/Dynamo
ClusterAuditConfigSpecV2_FIPS_DISABLED ClusterAuditConfigSpecV2_FIPSEndpointState = 2
)
var ClusterAuditConfigSpecV2_FIPSEndpointState_name = map[int32]string{
0: "FIPS_UNSET",
1: "FIPS_ENABLED",
2: "FIPS_DISABLED",
}
var ClusterAuditConfigSpecV2_FIPSEndpointState_value = map[string]int32{
"FIPS_UNSET": 0,
"FIPS_ENABLED": 1,
"FIPS_DISABLED": 2,
}
func (x ClusterAuditConfigSpecV2_FIPSEndpointState) String() string {
return proto.EnumName(ClusterAuditConfigSpecV2_FIPSEndpointState_name, int32(x))
}
func (ClusterAuditConfigSpecV2_FIPSEndpointState) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{93, 0}
}
// TraceType is an identification of the checkpoint.
type ConnectionDiagnosticTrace_TraceType int32
const (
ConnectionDiagnosticTrace_TRACE_TYPE_UNSPECIFIED ConnectionDiagnosticTrace_TraceType = 0
// UNKNOWN_ERROR is used when we don't know the error.
// It's not always possible to offer guidance based on the received error.
// This trace type should be used when the error is too generic given the context we
// have.
ConnectionDiagnosticTrace_UNKNOWN_ERROR ConnectionDiagnosticTrace_TraceType = 1
// RBAC_NODE is for RBAC checks for the node.
ConnectionDiagnosticTrace_RBAC_NODE ConnectionDiagnosticTrace_TraceType = 2
// CONNECTIVITY is for network connectivity checks.
ConnectionDiagnosticTrace_CONNECTIVITY ConnectionDiagnosticTrace_TraceType = 3
// RBAC_PRINCIPAL is used when checking if the principal is allowed per RBAC rules.
ConnectionDiagnosticTrace_RBAC_PRINCIPAL ConnectionDiagnosticTrace_TraceType = 4
// NODE_PRINCIPAL is used when checking if the Node has the requested principal.
ConnectionDiagnosticTrace_NODE_PRINCIPAL ConnectionDiagnosticTrace_TraceType = 5
// RBAC_KUBE is for RBAC checks to kubernetes the cluster.
ConnectionDiagnosticTrace_RBAC_KUBE ConnectionDiagnosticTrace_TraceType = 6
// KUBE_PRINCIPAL is used when checking if the Kube Cluster has at least one user principals.
ConnectionDiagnosticTrace_KUBE_PRINCIPAL ConnectionDiagnosticTrace_TraceType = 7
// RBAC_DATABASE is for RBAC checks to database access (db_labels).
ConnectionDiagnosticTrace_RBAC_DATABASE ConnectionDiagnosticTrace_TraceType = 8
// RBAC_DATABASE_LOGIN is for RBAC checks to database login (db_name and db_user).
ConnectionDiagnosticTrace_RBAC_DATABASE_LOGIN ConnectionDiagnosticTrace_TraceType = 9
// DATABASE_DB_USER is used when checking whether the Database has the requested Database User.
ConnectionDiagnosticTrace_DATABASE_DB_USER ConnectionDiagnosticTrace_TraceType = 10
// DATABASE_DB_NAME is used when checking whether the Database has the requested Database Name.
ConnectionDiagnosticTrace_DATABASE_DB_NAME ConnectionDiagnosticTrace_TraceType = 11
)
var ConnectionDiagnosticTrace_TraceType_name = map[int32]string{
0: "TRACE_TYPE_UNSPECIFIED",
1: "UNKNOWN_ERROR",
2: "RBAC_NODE",
3: "CONNECTIVITY",
4: "RBAC_PRINCIPAL",
5: "NODE_PRINCIPAL",
6: "RBAC_KUBE",
7: "KUBE_PRINCIPAL",
8: "RBAC_DATABASE",
9: "RBAC_DATABASE_LOGIN",
10: "DATABASE_DB_USER",
11: "DATABASE_DB_NAME",
}
var ConnectionDiagnosticTrace_TraceType_value = map[string]int32{
"TRACE_TYPE_UNSPECIFIED": 0,
"UNKNOWN_ERROR": 1,
"RBAC_NODE": 2,
"CONNECTIVITY": 3,
"RBAC_PRINCIPAL": 4,
"NODE_PRINCIPAL": 5,
"RBAC_KUBE": 6,
"KUBE_PRINCIPAL": 7,
"RBAC_DATABASE": 8,
"RBAC_DATABASE_LOGIN": 9,
"DATABASE_DB_USER": 10,
"DATABASE_DB_NAME": 11,
}
func (x ConnectionDiagnosticTrace_TraceType) String() string {
return proto.EnumName(ConnectionDiagnosticTrace_TraceType_name, int32(x))
}
func (ConnectionDiagnosticTrace_TraceType) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{287, 0}
}
// StatusType describes whether this was a success or a failure.
type ConnectionDiagnosticTrace_StatusType int32
const (
ConnectionDiagnosticTrace_STATUS_UNSPECIFIED ConnectionDiagnosticTrace_StatusType = 0
ConnectionDiagnosticTrace_SUCCESS ConnectionDiagnosticTrace_StatusType = 1
ConnectionDiagnosticTrace_FAILED ConnectionDiagnosticTrace_StatusType = 2
)
var ConnectionDiagnosticTrace_StatusType_name = map[int32]string{
0: "STATUS_UNSPECIFIED",
1: "SUCCESS",
2: "FAILED",
}
var ConnectionDiagnosticTrace_StatusType_value = map[string]int32{
"STATUS_UNSPECIFIED": 0,
"SUCCESS": 1,
"FAILED": 2,
}
func (x ConnectionDiagnosticTrace_StatusType) String() string {
return proto.EnumName(ConnectionDiagnosticTrace_StatusType_name, int32(x))
}
func (ConnectionDiagnosticTrace_StatusType) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{287, 1}
}
// OktaAssignmentStatus represents the status of an Okta assignment.
type OktaAssignmentSpecV1_OktaAssignmentStatus int32
const (
// UNKNOWN indicates the status is not set.
OktaAssignmentSpecV1_UNKNOWN OktaAssignmentSpecV1_OktaAssignmentStatus = 0
// PENDING indicates the action has not yet been applied.
OktaAssignmentSpecV1_PENDING OktaAssignmentSpecV1_OktaAssignmentStatus = 1
// PROCESSSING indicates that the assignment is being applied.
OktaAssignmentSpecV1_PROCESSING OktaAssignmentSpecV1_OktaAssignmentStatus = 2
// SUCCESSFUL indicates the action was applied successfully.
OktaAssignmentSpecV1_SUCCESSFUL OktaAssignmentSpecV1_OktaAssignmentStatus = 3
// FAILED indicates the action was not applied successfully. It will be retried.
OktaAssignmentSpecV1_FAILED OktaAssignmentSpecV1_OktaAssignmentStatus = 4
)
var OktaAssignmentSpecV1_OktaAssignmentStatus_name = map[int32]string{
0: "UNKNOWN",
1: "PENDING",
2: "PROCESSING",
3: "SUCCESSFUL",
4: "FAILED",
}
var OktaAssignmentSpecV1_OktaAssignmentStatus_value = map[string]int32{
"UNKNOWN": 0,
"PENDING": 1,
"PROCESSING": 2,
"SUCCESSFUL": 3,
"FAILED": 4,
}
func (x OktaAssignmentSpecV1_OktaAssignmentStatus) String() string {
return proto.EnumName(OktaAssignmentSpecV1_OktaAssignmentStatus_name, int32(x))
}
func (OktaAssignmentSpecV1_OktaAssignmentStatus) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{380, 0}
}
// OktaAssignmentTargetType is the type of Okta object that an assignment is targeting.
type OktaAssignmentTargetV1_OktaAssignmentTargetType int32
const (
// UNKNOWN indicates the target is unknown.
OktaAssignmentTargetV1_UNKNOWN OktaAssignmentTargetV1_OktaAssignmentTargetType = 0
// APPLICATION indicates the target is an application.
OktaAssignmentTargetV1_APPLICATION OktaAssignmentTargetV1_OktaAssignmentTargetType = 1
// GROUP indicates the target is a group.
OktaAssignmentTargetV1_GROUP OktaAssignmentTargetV1_OktaAssignmentTargetType = 2
)
var OktaAssignmentTargetV1_OktaAssignmentTargetType_name = map[int32]string{
0: "UNKNOWN",
1: "APPLICATION",
2: "GROUP",
}
var OktaAssignmentTargetV1_OktaAssignmentTargetType_value = map[string]int32{
"UNKNOWN": 0,
"APPLICATION": 1,
"GROUP": 2,
}
func (x OktaAssignmentTargetV1_OktaAssignmentTargetType) String() string {
return proto.EnumName(OktaAssignmentTargetV1_OktaAssignmentTargetType_name, int32(x))
}
func (OktaAssignmentTargetV1_OktaAssignmentTargetType) EnumDescriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{381, 0}
}
type KeepAlive struct {
// Name of the resource to keep alive.
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"server_name"`
// Namespace is the namespace of the resource.
Namespace string `protobuf:"bytes,2,opt,name=Namespace,proto3" json:"namespace"`
// Expires is set to update expiry time of the resource.
Expires time.Time `protobuf:"bytes,4,opt,name=Expires,proto3,stdtime" json:"expires"`
// Type is the type (or kind) of the resource that's being kept alive.
Type KeepAlive_KeepAliveType `protobuf:"varint,9,opt,name=Type,proto3,enum=types.KeepAlive_KeepAliveType" json:"type"`
// HostID is an optional UUID of the host the resource belongs to.
HostID string `protobuf:"bytes,10,opt,name=HostID,proto3" json:"host_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KeepAlive) Reset() { *m = KeepAlive{} }
func (m *KeepAlive) String() string { return proto.CompactTextString(m) }
func (*KeepAlive) ProtoMessage() {}
func (*KeepAlive) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{0}
}
func (m *KeepAlive) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KeepAlive) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KeepAlive.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KeepAlive) XXX_Merge(src proto.Message) {
xxx_messageInfo_KeepAlive.Merge(m, src)
}
func (m *KeepAlive) XXX_Size() int {
return m.Size()
}
func (m *KeepAlive) XXX_DiscardUnknown() {
xxx_messageInfo_KeepAlive.DiscardUnknown(m)
}
var xxx_messageInfo_KeepAlive proto.InternalMessageInfo
// Rotation is a status of the rotation of the certificate authority
type Rotation struct {
// State could be one of "init" or "in_progress".
State string `protobuf:"bytes,1,opt,name=State,proto3" json:"state,omitempty"`
// Phase is the current rotation phase.
Phase string `protobuf:"bytes,2,opt,name=Phase,proto3" json:"phase,omitempty"`
// Mode sets manual or automatic rotation mode.
Mode string `protobuf:"bytes,3,opt,name=Mode,proto3" json:"mode,omitempty"`
// CurrentID is the ID of the rotation operation
// to differentiate between rotation attempts.
CurrentID string `protobuf:"bytes,4,opt,name=CurrentID,proto3" json:"current_id"`
// Started is set to the time when rotation has been started
// in case if the state of the rotation is "in_progress".
Started time.Time `protobuf:"bytes,5,opt,name=Started,proto3,stdtime" json:"started,omitempty"`
// GracePeriod is a period during which old and new CA
// are valid for checking purposes, but only new CA is issuing certificates.
GracePeriod Duration `protobuf:"varint,6,opt,name=GracePeriod,proto3,casttype=Duration" json:"grace_period,omitempty"`
// LastRotated specifies the last time of the completed rotation.
LastRotated time.Time `protobuf:"bytes,7,opt,name=LastRotated,proto3,stdtime" json:"last_rotated,omitempty"`
// Schedule is a rotation schedule - used in
// automatic mode to switch between phases.
Schedule RotationSchedule `protobuf:"bytes,8,opt,name=Schedule,proto3" json:"schedule,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Rotation) Reset() { *m = Rotation{} }
func (*Rotation) ProtoMessage() {}
func (*Rotation) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{1}
}
func (m *Rotation) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Rotation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Rotation.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Rotation) XXX_Merge(src proto.Message) {
xxx_messageInfo_Rotation.Merge(m, src)
}
func (m *Rotation) XXX_Size() int {
return m.Size()
}
func (m *Rotation) XXX_DiscardUnknown() {
xxx_messageInfo_Rotation.DiscardUnknown(m)
}
var xxx_messageInfo_Rotation proto.InternalMessageInfo
// RotationSchedule is a rotation schedule setting time switches
// for different phases.
type RotationSchedule struct {
// UpdateClients specifies time to switch to the "Update clients" phase
UpdateClients time.Time `protobuf:"bytes,1,opt,name=UpdateClients,proto3,stdtime" json:"update_clients,omitempty"`
// UpdateServers specifies time to switch to the "Update servers" phase.
UpdateServers time.Time `protobuf:"bytes,2,opt,name=UpdateServers,proto3,stdtime" json:"update_servers,omitempty"`
// Standby specifies time to switch to the "Standby" phase.
Standby time.Time `protobuf:"bytes,3,opt,name=Standby,proto3,stdtime" json:"standby,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RotationSchedule) Reset() { *m = RotationSchedule{} }
func (m *RotationSchedule) String() string { return proto.CompactTextString(m) }
func (*RotationSchedule) ProtoMessage() {}
func (*RotationSchedule) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{2}
}
func (m *RotationSchedule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RotationSchedule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RotationSchedule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RotationSchedule) XXX_Merge(src proto.Message) {
xxx_messageInfo_RotationSchedule.Merge(m, src)
}
func (m *RotationSchedule) XXX_Size() int {
return m.Size()
}
func (m *RotationSchedule) XXX_DiscardUnknown() {
xxx_messageInfo_RotationSchedule.DiscardUnknown(m)
}
var xxx_messageInfo_RotationSchedule proto.InternalMessageInfo
// ResourceHeader is a shared resource header
// used in cases when only type and name is known
type ResourceHeader struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind,omitempty"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the API version used to create the resource. It must be
// specified. Based on this version, Teleport will apply different defaults on
// resource creation or deletion. It must be an integer prefixed by "v".
// For example: `v1`
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version,omitempty"`
// Metadata is resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ResourceHeader) Reset() { *m = ResourceHeader{} }
func (m *ResourceHeader) String() string { return proto.CompactTextString(m) }
func (*ResourceHeader) ProtoMessage() {}
func (*ResourceHeader) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{3}
}
func (m *ResourceHeader) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ResourceHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ResourceHeader.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ResourceHeader) XXX_Merge(src proto.Message) {
xxx_messageInfo_ResourceHeader.Merge(m, src)
}
func (m *ResourceHeader) XXX_Size() int {
return m.Size()
}
func (m *ResourceHeader) XXX_DiscardUnknown() {
xxx_messageInfo_ResourceHeader.DiscardUnknown(m)
}
var xxx_messageInfo_ResourceHeader proto.InternalMessageInfo
// DatabaseServerV3 represents a database access server.
type DatabaseServerV3 struct {
// Kind is the database server resource kind.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource subkind.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is the database server metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is the database server spec.
Spec DatabaseServerSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
// Status is the database server status.
Status DatabaseServerStatusV3 `protobuf:"bytes,6,opt,name=Status,proto3" json:"status"`
// The advertized scope of the server which can not change once assigned.
Scope string `protobuf:"bytes,7,opt,name=scope,proto3" json:"scope,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DatabaseServerV3) Reset() { *m = DatabaseServerV3{} }
func (*DatabaseServerV3) ProtoMessage() {}
func (*DatabaseServerV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{4}
}
func (m *DatabaseServerV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DatabaseServerV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DatabaseServerV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DatabaseServerV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_DatabaseServerV3.Merge(m, src)
}
func (m *DatabaseServerV3) XXX_Size() int {
return m.Size()
}
func (m *DatabaseServerV3) XXX_DiscardUnknown() {
xxx_messageInfo_DatabaseServerV3.DiscardUnknown(m)
}
var xxx_messageInfo_DatabaseServerV3 proto.InternalMessageInfo
// DatabaseServerSpecV3 is the database server spec.
type DatabaseServerSpecV3 struct {
// Version is the Teleport version that the server is running.
Version string `protobuf:"bytes,6,opt,name=Version,proto3" json:"version"`
// Hostname is the database server hostname.
Hostname string `protobuf:"bytes,7,opt,name=Hostname,proto3" json:"hostname"`
// HostID is the ID of the host the database server is running on.
HostID string `protobuf:"bytes,8,opt,name=HostID,proto3" json:"host_id"`
// Rotation contains the server CA rotation information.
Rotation Rotation `protobuf:"bytes,10,opt,name=Rotation,proto3" json:"rotation,omitempty"`
// Database is the database proxied by this database server.
Database *DatabaseV3 `protobuf:"bytes,12,opt,name=Database,proto3" json:"database,omitempty"`
// ProxyIDs is a list of proxy IDs this server is expected to be connected to.
ProxyIDs []string `protobuf:"bytes,13,rep,name=ProxyIDs,proto3" json:"proxy_ids,omitempty"`
// the name of the Relay group that the server is connected to
RelayGroup string `protobuf:"bytes,14,opt,name=relay_group,json=relayGroup,proto3" json:"relay_group,omitempty"`
// the list of Relay host IDs that the server is connected to
RelayIds []string `protobuf:"bytes,15,rep,name=relay_ids,json=relayIds,proto3" json:"relay_ids,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DatabaseServerSpecV3) Reset() { *m = DatabaseServerSpecV3{} }
func (m *DatabaseServerSpecV3) String() string { return proto.CompactTextString(m) }
func (*DatabaseServerSpecV3) ProtoMessage() {}
func (*DatabaseServerSpecV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{5}
}
func (m *DatabaseServerSpecV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DatabaseServerSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DatabaseServerSpecV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DatabaseServerSpecV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_DatabaseServerSpecV3.Merge(m, src)
}
func (m *DatabaseServerSpecV3) XXX_Size() int {
return m.Size()
}
func (m *DatabaseServerSpecV3) XXX_DiscardUnknown() {
xxx_messageInfo_DatabaseServerSpecV3.DiscardUnknown(m)
}
var xxx_messageInfo_DatabaseServerSpecV3 proto.InternalMessageInfo
// DatabaseServerStatusV3 is the database server status.
type DatabaseServerStatusV3 struct {
// TargetHealth is the health status of network connectivity between
// the agent and the database.
TargetHealth *TargetHealth `protobuf:"bytes,14,opt,name=TargetHealth,proto3" json:"target_health,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DatabaseServerStatusV3) Reset() { *m = DatabaseServerStatusV3{} }
func (m *DatabaseServerStatusV3) String() string { return proto.CompactTextString(m) }
func (*DatabaseServerStatusV3) ProtoMessage() {}
func (*DatabaseServerStatusV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{6}
}
func (m *DatabaseServerStatusV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DatabaseServerStatusV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DatabaseServerStatusV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DatabaseServerStatusV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_DatabaseServerStatusV3.Merge(m, src)
}
func (m *DatabaseServerStatusV3) XXX_Size() int {
return m.Size()
}
func (m *DatabaseServerStatusV3) XXX_DiscardUnknown() {
xxx_messageInfo_DatabaseServerStatusV3.DiscardUnknown(m)
}
var xxx_messageInfo_DatabaseServerStatusV3 proto.InternalMessageInfo
// DatabaseV3List represents a list of databases.
type DatabaseV3List struct {
// Databases is a list of database resources.
Databases []*DatabaseV3 `protobuf:"bytes,1,rep,name=Databases,proto3" json:"Databases,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DatabaseV3List) Reset() { *m = DatabaseV3List{} }
func (m *DatabaseV3List) String() string { return proto.CompactTextString(m) }
func (*DatabaseV3List) ProtoMessage() {}
func (*DatabaseV3List) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{7}
}
func (m *DatabaseV3List) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DatabaseV3List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DatabaseV3List.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DatabaseV3List) XXX_Merge(src proto.Message) {
xxx_messageInfo_DatabaseV3List.Merge(m, src)
}
func (m *DatabaseV3List) XXX_Size() int {
return m.Size()
}
func (m *DatabaseV3List) XXX_DiscardUnknown() {
xxx_messageInfo_DatabaseV3List.DiscardUnknown(m)
}
var xxx_messageInfo_DatabaseV3List proto.InternalMessageInfo
// DatabaseV3 represents a single proxied database.
type DatabaseV3 struct {
// Kind is the database resource kind.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource subkind.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version. It must be specified.
// Supported values are: `v3`.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is the database metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is the database spec.
Spec DatabaseSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
// Status is the database runtime information.
Status DatabaseStatusV3 `protobuf:"bytes,6,opt,name=Status,proto3" json:"status"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DatabaseV3) Reset() { *m = DatabaseV3{} }
func (*DatabaseV3) ProtoMessage() {}
func (*DatabaseV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{8}
}
func (m *DatabaseV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DatabaseV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DatabaseV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DatabaseV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_DatabaseV3.Merge(m, src)
}
func (m *DatabaseV3) XXX_Size() int {
return m.Size()
}
func (m *DatabaseV3) XXX_DiscardUnknown() {
xxx_messageInfo_DatabaseV3.DiscardUnknown(m)
}
var xxx_messageInfo_DatabaseV3 proto.InternalMessageInfo
// DatabaseSpecV3 is the database spec.
type DatabaseSpecV3 struct {
// Protocol is the database protocol: postgres, mysql, mongodb, etc.
Protocol string `protobuf:"bytes,1,opt,name=Protocol,proto3" json:"protocol"`
// URI is the database connection endpoint.
URI string `protobuf:"bytes,2,opt,name=URI,proto3" json:"uri"`
// CACert is the PEM-encoded database CA certificate.
//
// DEPRECATED: Moved to TLS.CACert. DELETE IN 10.0.
CACert string `protobuf:"bytes,3,opt,name=CACert,proto3" json:"ca_cert,omitempty"` // Deprecated: Do not use.
// DynamicLabels is the database dynamic labels.
DynamicLabels map[string]CommandLabelV2 `protobuf:"bytes,4,rep,name=DynamicLabels,proto3" json:"dynamic_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// AWS contains AWS specific settings for RDS/Aurora/Redshift databases.
AWS AWS `protobuf:"bytes,5,opt,name=AWS,proto3" json:"aws,omitempty"`
// GCP contains parameters specific to GCP Cloud SQL databases.
GCP GCPCloudSQL `protobuf:"bytes,6,opt,name=GCP,proto3" json:"gcp,omitempty"`
// Azure contains Azure specific database metadata.
Azure Azure `protobuf:"bytes,7,opt,name=Azure,proto3" json:"azure,omitempty"`
// TLS is the TLS configuration used when establishing connection to target database.
// Allows to provide custom CA cert or override server name.
TLS DatabaseTLS `protobuf:"bytes,8,opt,name=TLS,proto3" json:"tls,omitempty"`
// AD is the Active Directory configuration for the database.
AD AD `protobuf:"bytes,9,opt,name=AD,proto3" json:"ad,omitempty"`
// MySQL is an additional section with MySQL database options.
MySQL MySQLOptions `protobuf:"bytes,10,opt,name=MySQL,proto3" json:"mysql,omitempty"`
// AdminUser is the database admin user for automatic user provisioning.
AdminUser *DatabaseAdminUser `protobuf:"bytes,11,opt,name=AdminUser,proto3" json:"admin_user,omitempty"`
// MongoAtlas contains Atlas metadata about the database.
MongoAtlas MongoAtlas `protobuf:"bytes,12,opt,name=MongoAtlas,proto3" json:"mongo_atlas,omitempty"`
// Oracle is an additional Oracle configuration options.
Oracle OracleOptions `protobuf:"bytes,13,opt,name=Oracle,proto3" json:"oracle,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DatabaseSpecV3) Reset() { *m = DatabaseSpecV3{} }
func (m *DatabaseSpecV3) String() string { return proto.CompactTextString(m) }
func (*DatabaseSpecV3) ProtoMessage() {}
func (*DatabaseSpecV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{9}
}
func (m *DatabaseSpecV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DatabaseSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DatabaseSpecV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DatabaseSpecV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_DatabaseSpecV3.Merge(m, src)
}
func (m *DatabaseSpecV3) XXX_Size() int {
return m.Size()
}
func (m *DatabaseSpecV3) XXX_DiscardUnknown() {
xxx_messageInfo_DatabaseSpecV3.DiscardUnknown(m)
}
var xxx_messageInfo_DatabaseSpecV3 proto.InternalMessageInfo
// DatabaseAdminUser contains information about privileged database user used
// for automatic user provisioning.
type DatabaseAdminUser struct {
// Name is the username of the privileged database user.
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
// DefaultDatabase is the database that the privileged database user logs
// into by default.
//
// Depending on the database type, this database may be used to store
// procedures or data for managing database users.
DefaultDatabase string `protobuf:"bytes,2,opt,name=DefaultDatabase,proto3" json:"default_database"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DatabaseAdminUser) Reset() { *m = DatabaseAdminUser{} }
func (m *DatabaseAdminUser) String() string { return proto.CompactTextString(m) }
func (*DatabaseAdminUser) ProtoMessage() {}
func (*DatabaseAdminUser) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{10}
}
func (m *DatabaseAdminUser) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DatabaseAdminUser) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DatabaseAdminUser.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DatabaseAdminUser) XXX_Merge(src proto.Message) {
xxx_messageInfo_DatabaseAdminUser.Merge(m, src)
}
func (m *DatabaseAdminUser) XXX_Size() int {
return m.Size()
}
func (m *DatabaseAdminUser) XXX_DiscardUnknown() {
xxx_messageInfo_DatabaseAdminUser.DiscardUnknown(m)
}
var xxx_messageInfo_DatabaseAdminUser proto.InternalMessageInfo
// OracleOptions contains Oracle-specific configuration options.
type OracleOptions struct {
// AuditUser is the name of the Oracle database user that should be used to access
// the internal audit trail.
AuditUser string `protobuf:"bytes,1,opt,name=AuditUser,proto3" json:"audit_user,omitempty"`
// RetryCount is the maximum number of times to retry connecting to a
// host upon failure. If not specified it defaults to 2, for a total of 3 connection attempts.
RetryCount int32 `protobuf:"varint,2,opt,name=RetryCount,proto3" json:"retry_count,omitempty"`
// ShuffleHostnames, when true, randomizes the order of hosts to connect to from
// the provided list.
ShuffleHostnames bool `protobuf:"varint,3,opt,name=ShuffleHostnames,proto3" json:"shuffle_hostnames,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OracleOptions) Reset() { *m = OracleOptions{} }
func (m *OracleOptions) String() string { return proto.CompactTextString(m) }
func (*OracleOptions) ProtoMessage() {}
func (*OracleOptions) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{11}
}
func (m *OracleOptions) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *OracleOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_OracleOptions.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *OracleOptions) XXX_Merge(src proto.Message) {
xxx_messageInfo_OracleOptions.Merge(m, src)
}
func (m *OracleOptions) XXX_Size() int {
return m.Size()
}
func (m *OracleOptions) XXX_DiscardUnknown() {
xxx_messageInfo_OracleOptions.DiscardUnknown(m)
}
var xxx_messageInfo_OracleOptions proto.InternalMessageInfo
// DatabaseStatusV3 contains runtime information about the database.
type DatabaseStatusV3 struct {
// CACert is the auto-downloaded cloud database CA certificate.
CACert string `protobuf:"bytes,1,opt,name=CACert,proto3" json:"ca_cert,omitempty"`
// AWS is the auto-discovered AWS cloud database metadata.
AWS AWS `protobuf:"bytes,2,opt,name=AWS,proto3" json:"aws"`
// MySQL is an additional section with MySQL runtime database information.
MySQL MySQLOptions `protobuf:"bytes,3,opt,name=MySQL,proto3" json:"mysql,omitempty"`
// ManagedUsers is a list of database users that are managed by Teleport.
ManagedUsers []string `protobuf:"bytes,4,rep,name=ManagedUsers,proto3" json:"managed_users,omitempty"`
// Azure is the auto-discovered Azure cloud database metadata.
Azure Azure `protobuf:"bytes,5,opt,name=Azure,proto3" json:"azure"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DatabaseStatusV3) Reset() { *m = DatabaseStatusV3{} }
func (m *DatabaseStatusV3) String() string { return proto.CompactTextString(m) }
func (*DatabaseStatusV3) ProtoMessage() {}
func (*DatabaseStatusV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{12}
}
func (m *DatabaseStatusV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DatabaseStatusV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DatabaseStatusV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DatabaseStatusV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_DatabaseStatusV3.Merge(m, src)
}
func (m *DatabaseStatusV3) XXX_Size() int {
return m.Size()
}
func (m *DatabaseStatusV3) XXX_DiscardUnknown() {
xxx_messageInfo_DatabaseStatusV3.DiscardUnknown(m)
}
var xxx_messageInfo_DatabaseStatusV3 proto.InternalMessageInfo
// AWS contains AWS metadata about the database.
type AWS struct {
// Region is a AWS cloud region.
Region string `protobuf:"bytes,1,opt,name=Region,proto3" json:"region,omitempty"`
// Redshift contains Redshift specific metadata.
Redshift Redshift `protobuf:"bytes,2,opt,name=Redshift,proto3" json:"redshift,omitempty"`
// RDS contains RDS specific metadata.
RDS RDS `protobuf:"bytes,3,opt,name=RDS,proto3" json:"rds,omitempty"`
// AccountID is the AWS account ID this database belongs to.
AccountID string `protobuf:"bytes,4,opt,name=AccountID,proto3" json:"account_id,omitempty"`
// ElastiCache contains Amazon ElastiCache Redis-specific metadata.
ElastiCache ElastiCache `protobuf:"bytes,5,opt,name=ElastiCache,proto3" json:"elasticache,omitempty"`
// SecretStore contains secret store configurations.
SecretStore SecretStore `protobuf:"bytes,6,opt,name=SecretStore,proto3" json:"secret_store,omitempty"`
// MemoryDB contains AWS MemoryDB specific metadata.
MemoryDB MemoryDB `protobuf:"bytes,7,opt,name=MemoryDB,proto3" json:"memorydb,omitempty"`
// RDSProxy contains AWS Proxy specific metadata.
RDSProxy RDSProxy `protobuf:"bytes,8,opt,name=RDSProxy,proto3" json:"rdsproxy,omitempty"`
// RedshiftServerless contains Amazon Redshift Serverless-specific metadata.
RedshiftServerless RedshiftServerless `protobuf:"bytes,9,opt,name=RedshiftServerless,proto3" json:"redshift_serverless,omitempty"`
// ExternalID is an optional AWS external ID used to enable assuming an AWS role across accounts.
ExternalID string `protobuf:"bytes,10,opt,name=ExternalID,proto3" json:"external_id,omitempty"`
// AssumeRoleARN is an optional AWS role ARN to assume when accessing a database.
// Set this field and ExternalID to enable access across AWS accounts.
AssumeRoleARN string `protobuf:"bytes,11,opt,name=AssumeRoleARN,proto3" json:"assume_role_arn,omitempty"`
// OpenSearch contains AWS OpenSearch specific metadata.
OpenSearch OpenSearch `protobuf:"bytes,12,opt,name=OpenSearch,proto3" json:"opensearch,omitempty"`
// IAMPolicyStatus indicates whether the IAM Policy is configured properly for database access.
// If not, the user must update the AWS profile identity to allow access to the Database.
// Eg for an RDS Database: the underlying AWS profile allows for `rds-db:connect` for the Database.
IAMPolicyStatus IAMPolicyStatus `protobuf:"varint,14,opt,name=IAMPolicyStatus,proto3,enum=types.IAMPolicyStatus" json:"iam_policy_status"`
// SessionTags is a list of AWS STS session tags.
SessionTags map[string]string `protobuf:"bytes,15,rep,name=SessionTags,proto3" json:"session_tags,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// DocumentDB contains Amazon DocumentDB-specific metadata.
DocumentDB DocumentDB `protobuf:"bytes,16,opt,name=DocumentDB,proto3" json:"docdb,omitempty"`
// ElastiCacheServerless contains Amazon ElastiCache Serverless metadata.
ElastiCacheServerless ElastiCacheServerless `protobuf:"bytes,17,opt,name=ElastiCacheServerless,proto3" json:"elasticache_serverless,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWS) Reset() { *m = AWS{} }
func (m *AWS) String() string { return proto.CompactTextString(m) }
func (*AWS) ProtoMessage() {}
func (*AWS) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{13}
}
func (m *AWS) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWS) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWS.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWS) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWS.Merge(m, src)
}
func (m *AWS) XXX_Size() int {
return m.Size()
}
func (m *AWS) XXX_DiscardUnknown() {
xxx_messageInfo_AWS.DiscardUnknown(m)
}
var xxx_messageInfo_AWS proto.InternalMessageInfo
// SecretStore contains secret store configurations.
type SecretStore struct {
// KeyPrefix specifies the secret key prefix.
KeyPrefix string `protobuf:"bytes,1,opt,name=KeyPrefix,proto3" json:"key_prefix,omitempty"`
// KMSKeyID specifies the AWS KMS key for encryption.
KMSKeyID string `protobuf:"bytes,2,opt,name=KMSKeyID,proto3" json:"kms_key_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SecretStore) Reset() { *m = SecretStore{} }
func (m *SecretStore) String() string { return proto.CompactTextString(m) }
func (*SecretStore) ProtoMessage() {}
func (*SecretStore) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{14}
}
func (m *SecretStore) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SecretStore) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SecretStore.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SecretStore) XXX_Merge(src proto.Message) {
xxx_messageInfo_SecretStore.Merge(m, src)
}
func (m *SecretStore) XXX_Size() int {
return m.Size()
}
func (m *SecretStore) XXX_DiscardUnknown() {
xxx_messageInfo_SecretStore.DiscardUnknown(m)
}
var xxx_messageInfo_SecretStore proto.InternalMessageInfo
// Redshift contains AWS Redshift specific database metadata.
type Redshift struct {
// ClusterID is the Redshift cluster identifier.
ClusterID string `protobuf:"bytes,1,opt,name=ClusterID,proto3" json:"cluster_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Redshift) Reset() { *m = Redshift{} }
func (m *Redshift) String() string { return proto.CompactTextString(m) }
func (*Redshift) ProtoMessage() {}
func (*Redshift) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{15}
}
func (m *Redshift) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Redshift) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Redshift.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Redshift) XXX_Merge(src proto.Message) {
xxx_messageInfo_Redshift.Merge(m, src)
}
func (m *Redshift) XXX_Size() int {
return m.Size()
}
func (m *Redshift) XXX_DiscardUnknown() {
xxx_messageInfo_Redshift.DiscardUnknown(m)
}
var xxx_messageInfo_Redshift proto.InternalMessageInfo
// RDS contains AWS RDS specific database metadata.
type RDS struct {
// InstanceID is the RDS instance identifier.
InstanceID string `protobuf:"bytes,1,opt,name=InstanceID,proto3" json:"instance_id,omitempty"`
// ClusterID is the RDS cluster (Aurora) identifier.
ClusterID string `protobuf:"bytes,2,opt,name=ClusterID,proto3" json:"cluster_id,omitempty"`
// ResourceID is the RDS instance resource identifier (db-xxx).
ResourceID string `protobuf:"bytes,3,opt,name=ResourceID,proto3" json:"resource_id,omitempty"`
// IAMAuth indicates whether database IAM authentication is enabled.
IAMAuth bool `protobuf:"varint,4,opt,name=IAMAuth,proto3" json:"iam_auth"`
// Subnets is a list of subnets for the RDS instance.
Subnets []string `protobuf:"bytes,5,rep,name=Subnets,proto3" json:"subnets,omitempty"`
// VPCID is the VPC where the RDS is running.
VPCID string `protobuf:"bytes,6,opt,name=VPCID,proto3" json:"vpc_id,omitempty"`
// SecurityGroups is a list of attached security groups for the RDS instance.
SecurityGroups []string `protobuf:"bytes,7,rep,name=SecurityGroups,proto3" json:"security_groups,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RDS) Reset() { *m = RDS{} }
func (m *RDS) String() string { return proto.CompactTextString(m) }
func (*RDS) ProtoMessage() {}
func (*RDS) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{16}
}
func (m *RDS) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RDS) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RDS.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RDS) XXX_Merge(src proto.Message) {
xxx_messageInfo_RDS.Merge(m, src)
}
func (m *RDS) XXX_Size() int {
return m.Size()
}
func (m *RDS) XXX_DiscardUnknown() {
xxx_messageInfo_RDS.DiscardUnknown(m)
}
var xxx_messageInfo_RDS proto.InternalMessageInfo
// RDSProxy contains AWS RDS Proxy specific database metadata.
type RDSProxy struct {
// Name is the identifier of an RDS Proxy.
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name,omitempty"`
// CustomEndpointName is the identifier of an RDS Proxy custom endpoint.
CustomEndpointName string `protobuf:"bytes,2,opt,name=CustomEndpointName,proto3" json:"custom_endpoint_name,omitempty"`
// ResourceID is the RDS instance resource identifier (prx-xxx).
ResourceID string `protobuf:"bytes,3,opt,name=ResourceID,proto3" json:"resource_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RDSProxy) Reset() { *m = RDSProxy{} }
func (m *RDSProxy) String() string { return proto.CompactTextString(m) }
func (*RDSProxy) ProtoMessage() {}
func (*RDSProxy) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{17}
}
func (m *RDSProxy) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RDSProxy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RDSProxy.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RDSProxy) XXX_Merge(src proto.Message) {
xxx_messageInfo_RDSProxy.Merge(m, src)
}
func (m *RDSProxy) XXX_Size() int {
return m.Size()
}
func (m *RDSProxy) XXX_DiscardUnknown() {
xxx_messageInfo_RDSProxy.DiscardUnknown(m)
}
var xxx_messageInfo_RDSProxy proto.InternalMessageInfo
// ElastiCache contains Amazon ElastiCache Redis-specific metadata.
type ElastiCache struct {
// ReplicationGroupID is the Redis replication group ID.
ReplicationGroupID string `protobuf:"bytes,1,opt,name=ReplicationGroupID,proto3" json:"replication_group_id,omitempty"`
// UserGroupIDs is a list of user group IDs.
UserGroupIDs []string `protobuf:"bytes,2,rep,name=UserGroupIDs,proto3" json:"user_group_ids,omitempty"`
// TransitEncryptionEnabled indicates whether in-transit encryption (TLS) is enabled.
TransitEncryptionEnabled bool `protobuf:"varint,3,opt,name=TransitEncryptionEnabled,proto3" json:"transit_encryption_enabled,omitempty"`
// EndpointType is the type of the endpoint.
EndpointType string `protobuf:"bytes,4,opt,name=EndpointType,proto3" json:"endpoint_type,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ElastiCache) Reset() { *m = ElastiCache{} }
func (m *ElastiCache) String() string { return proto.CompactTextString(m) }
func (*ElastiCache) ProtoMessage() {}
func (*ElastiCache) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{18}
}
func (m *ElastiCache) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ElastiCache) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ElastiCache.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ElastiCache) XXX_Merge(src proto.Message) {
xxx_messageInfo_ElastiCache.Merge(m, src)
}
func (m *ElastiCache) XXX_Size() int {
return m.Size()
}
func (m *ElastiCache) XXX_DiscardUnknown() {
xxx_messageInfo_ElastiCache.DiscardUnknown(m)
}
var xxx_messageInfo_ElastiCache proto.InternalMessageInfo
// ElastiCacheServerless contains Amazon ElastiCache Serverless metadata.
type ElastiCacheServerless struct {
// CacheName is an ElastiCache Serverless cache name.
CacheName string `protobuf:"bytes,1,opt,name=CacheName,proto3" json:"cache_name,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ElastiCacheServerless) Reset() { *m = ElastiCacheServerless{} }
func (m *ElastiCacheServerless) String() string { return proto.CompactTextString(m) }
func (*ElastiCacheServerless) ProtoMessage() {}
func (*ElastiCacheServerless) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{19}
}
func (m *ElastiCacheServerless) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ElastiCacheServerless) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ElastiCacheServerless.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ElastiCacheServerless) XXX_Merge(src proto.Message) {
xxx_messageInfo_ElastiCacheServerless.Merge(m, src)
}
func (m *ElastiCacheServerless) XXX_Size() int {
return m.Size()
}
func (m *ElastiCacheServerless) XXX_DiscardUnknown() {
xxx_messageInfo_ElastiCacheServerless.DiscardUnknown(m)
}
var xxx_messageInfo_ElastiCacheServerless proto.InternalMessageInfo
// MemoryDB contains AWS MemoryDB specific metadata.
type MemoryDB struct {
// ClusterName is the name of the MemoryDB cluster.
ClusterName string `protobuf:"bytes,1,opt,name=ClusterName,proto3" json:"cluster_name,omitempty"`
// ACLName is the name of the ACL associated with the cluster.
ACLName string `protobuf:"bytes,2,opt,name=ACLName,proto3" json:"acl_name,omitempty"`
// TLSEnabled indicates whether in-transit encryption (TLS) is enabled.
TLSEnabled bool `protobuf:"varint,3,opt,name=TLSEnabled,proto3" json:"tls_enabled,omitempty"`
// EndpointType is the type of the endpoint.
EndpointType string `protobuf:"bytes,4,opt,name=EndpointType,proto3" json:"endpoint_type,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MemoryDB) Reset() { *m = MemoryDB{} }
func (m *MemoryDB) String() string { return proto.CompactTextString(m) }
func (*MemoryDB) ProtoMessage() {}
func (*MemoryDB) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{20}
}
func (m *MemoryDB) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *MemoryDB) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_MemoryDB.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *MemoryDB) XXX_Merge(src proto.Message) {
xxx_messageInfo_MemoryDB.Merge(m, src)
}
func (m *MemoryDB) XXX_Size() int {
return m.Size()
}
func (m *MemoryDB) XXX_DiscardUnknown() {
xxx_messageInfo_MemoryDB.DiscardUnknown(m)
}
var xxx_messageInfo_MemoryDB proto.InternalMessageInfo
// RedshiftServerless contains Amazon Redshift Serverless-specific metadata.
type RedshiftServerless struct {
// WorkgroupName is the workgroup name.
WorkgroupName string `protobuf:"bytes,1,opt,name=WorkgroupName,proto3" json:"workgroup_name,omitempty"`
// EndpointName is the VPC endpoint name.
EndpointName string `protobuf:"bytes,2,opt,name=EndpointName,proto3" json:"endpoint_name,omitempty"`
// WorkgroupID is the workgroup ID.
WorkgroupID string `protobuf:"bytes,3,opt,name=WorkgroupID,proto3" json:"workgroup_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RedshiftServerless) Reset() { *m = RedshiftServerless{} }
func (m *RedshiftServerless) String() string { return proto.CompactTextString(m) }
func (*RedshiftServerless) ProtoMessage() {}
func (*RedshiftServerless) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{21}
}
func (m *RedshiftServerless) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RedshiftServerless) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RedshiftServerless.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RedshiftServerless) XXX_Merge(src proto.Message) {
xxx_messageInfo_RedshiftServerless.Merge(m, src)
}
func (m *RedshiftServerless) XXX_Size() int {
return m.Size()
}
func (m *RedshiftServerless) XXX_DiscardUnknown() {
xxx_messageInfo_RedshiftServerless.DiscardUnknown(m)
}
var xxx_messageInfo_RedshiftServerless proto.InternalMessageInfo
// OpenSearch contains AWS OpenSearch specific metadata.
type OpenSearch struct {
// DomainName is the name of the domain.
DomainName string `protobuf:"bytes,1,opt,name=DomainName,proto3" json:"domain_name,omitempty"`
// DomainID is the ID of the domain.
DomainID string `protobuf:"bytes,2,opt,name=DomainID,proto3" json:"domain_id,omitempty"`
// EndpointType is the type of the endpoint.
EndpointType string `protobuf:"bytes,3,opt,name=EndpointType,proto3" json:"endpoint_type,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OpenSearch) Reset() { *m = OpenSearch{} }
func (m *OpenSearch) String() string { return proto.CompactTextString(m) }
func (*OpenSearch) ProtoMessage() {}
func (*OpenSearch) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{22}
}
func (m *OpenSearch) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *OpenSearch) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_OpenSearch.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *OpenSearch) XXX_Merge(src proto.Message) {
xxx_messageInfo_OpenSearch.Merge(m, src)
}
func (m *OpenSearch) XXX_Size() int {
return m.Size()
}
func (m *OpenSearch) XXX_DiscardUnknown() {
xxx_messageInfo_OpenSearch.DiscardUnknown(m)
}
var xxx_messageInfo_OpenSearch proto.InternalMessageInfo
// DocumentDB contains Amazon DocumentDB-specific metadata.
type DocumentDB struct {
// ClusterID is the cluster identifier.
ClusterID string `protobuf:"bytes,1,opt,name=ClusterID,proto3" json:"cluster_id,omitempty"`
// InstanceID is the instance identifier.
InstanceID string `protobuf:"bytes,2,opt,name=InstanceID,proto3" json:"instance_id,omitempty"`
// EndpointType is the type of the endpoint.
EndpointType string `protobuf:"bytes,3,opt,name=EndpointType,proto3" json:"endpoint_type,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DocumentDB) Reset() { *m = DocumentDB{} }
func (m *DocumentDB) String() string { return proto.CompactTextString(m) }
func (*DocumentDB) ProtoMessage() {}
func (*DocumentDB) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{23}
}
func (m *DocumentDB) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DocumentDB) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DocumentDB.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DocumentDB) XXX_Merge(src proto.Message) {
xxx_messageInfo_DocumentDB.Merge(m, src)
}
func (m *DocumentDB) XXX_Size() int {
return m.Size()
}
func (m *DocumentDB) XXX_DiscardUnknown() {
xxx_messageInfo_DocumentDB.DiscardUnknown(m)
}
var xxx_messageInfo_DocumentDB proto.InternalMessageInfo
// GCPCloudSQL contains parameters specific to GCP databases.
// The name "GCPCloudSQL" is a legacy from a time when only GCP Cloud SQL was supported.
type GCPCloudSQL struct {
// ProjectID is the GCP project ID the Cloud SQL instance resides in.
ProjectID string `protobuf:"bytes,1,opt,name=ProjectID,proto3" json:"project_id,omitempty"`
// InstanceID is the Cloud SQL instance ID.
InstanceID string `protobuf:"bytes,2,opt,name=InstanceID,proto3" json:"instance_id,omitempty"`
// AlloyDB contains AlloyDB specific configuration elements.
AlloyDB AlloyDB `protobuf:"bytes,3,opt,name=AlloyDB,proto3" json:"alloydb,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *GCPCloudSQL) Reset() { *m = GCPCloudSQL{} }
func (m *GCPCloudSQL) String() string { return proto.CompactTextString(m) }
func (*GCPCloudSQL) ProtoMessage() {}
func (*GCPCloudSQL) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{24}
}
func (m *GCPCloudSQL) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *GCPCloudSQL) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_GCPCloudSQL.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *GCPCloudSQL) XXX_Merge(src proto.Message) {
xxx_messageInfo_GCPCloudSQL.Merge(m, src)
}
func (m *GCPCloudSQL) XXX_Size() int {
return m.Size()
}
func (m *GCPCloudSQL) XXX_DiscardUnknown() {
xxx_messageInfo_GCPCloudSQL.DiscardUnknown(m)
}
var xxx_messageInfo_GCPCloudSQL proto.InternalMessageInfo
// AlloyDB contains AlloyDB specific configuration elements.
type AlloyDB struct {
// EndpointType is the database endpoint type to use. Should be one of: "private", "public", "psc".
EndpointType string `protobuf:"bytes,1,opt,name=EndpointType,proto3" json:"endpoint_type,omitempty"`
// EndpointOverride is an override of endpoint address to use.
EndpointOverride string `protobuf:"bytes,2,opt,name=EndpointOverride,proto3" json:"endpoint_override,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AlloyDB) Reset() { *m = AlloyDB{} }
func (m *AlloyDB) String() string { return proto.CompactTextString(m) }
func (*AlloyDB) ProtoMessage() {}
func (*AlloyDB) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{25}
}
func (m *AlloyDB) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AlloyDB) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AlloyDB.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AlloyDB) XXX_Merge(src proto.Message) {
xxx_messageInfo_AlloyDB.Merge(m, src)
}
func (m *AlloyDB) XXX_Size() int {
return m.Size()
}
func (m *AlloyDB) XXX_DiscardUnknown() {
xxx_messageInfo_AlloyDB.DiscardUnknown(m)
}
var xxx_messageInfo_AlloyDB proto.InternalMessageInfo
// Azure contains Azure specific database metadata.
type Azure struct {
// Name is the Azure database server name.
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name,omitempty"`
// ResourceID is the Azure fully qualified ID for the resource.
ResourceID string `protobuf:"bytes,2,opt,name=ResourceID,proto3" json:"resource_id,omitempty"`
// Redis contains Azure Cache for Redis specific database metadata.
Redis AzureRedis `protobuf:"bytes,3,opt,name=Redis,proto3" json:"redis,omitempty"`
// IsFlexiServer is true if the database is an Azure Flexible server.
IsFlexiServer bool `protobuf:"varint,4,opt,name=IsFlexiServer,proto3" json:"is_flexi_server,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Azure) Reset() { *m = Azure{} }
func (m *Azure) String() string { return proto.CompactTextString(m) }
func (*Azure) ProtoMessage() {}
func (*Azure) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{26}
}
func (m *Azure) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Azure) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Azure.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Azure) XXX_Merge(src proto.Message) {
xxx_messageInfo_Azure.Merge(m, src)
}
func (m *Azure) XXX_Size() int {
return m.Size()
}
func (m *Azure) XXX_DiscardUnknown() {
xxx_messageInfo_Azure.DiscardUnknown(m)
}
var xxx_messageInfo_Azure proto.InternalMessageInfo
// AzureRedis contains Azure Cache for Redis specific database metadata.
type AzureRedis struct {
// ClusteringPolicy is the clustering policy for Redis Enterprise.
ClusteringPolicy string `protobuf:"bytes,1,opt,name=ClusteringPolicy,proto3" json:"clustering_policy,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AzureRedis) Reset() { *m = AzureRedis{} }
func (m *AzureRedis) String() string { return proto.CompactTextString(m) }
func (*AzureRedis) ProtoMessage() {}
func (*AzureRedis) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{27}
}
func (m *AzureRedis) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AzureRedis) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AzureRedis.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AzureRedis) XXX_Merge(src proto.Message) {
xxx_messageInfo_AzureRedis.Merge(m, src)
}
func (m *AzureRedis) XXX_Size() int {
return m.Size()
}
func (m *AzureRedis) XXX_DiscardUnknown() {
xxx_messageInfo_AzureRedis.DiscardUnknown(m)
}
var xxx_messageInfo_AzureRedis proto.InternalMessageInfo
// AD contains Active Directory specific database configuration.
type AD struct {
// KeytabFile is the path to the Kerberos keytab file.
KeytabFile string `protobuf:"bytes,1,opt,name=KeytabFile,proto3" json:"keytab_file,omitempty"`
// Krb5File is the path to the Kerberos configuration file. Defaults to /etc/krb5.conf.
Krb5File string `protobuf:"bytes,2,opt,name=Krb5File,proto3" json:"krb5_file,omitempty"`
// Domain is the Active Directory domain the database resides in.
Domain string `protobuf:"bytes,3,opt,name=Domain,proto3" json:"domain"`
// SPN is the service principal name for the database.
SPN string `protobuf:"bytes,4,opt,name=SPN,proto3" json:"spn"`
// LDAPCert is a certificate from Windows LDAP/AD, optional; only for x509 Authentication.
LDAPCert string `protobuf:"bytes,5,opt,name=LDAPCert,proto3" json:"ldap_cert,omitempty"`
// KDCHostName is the host name for a KDC for x509 Authentication.
KDCHostName string `protobuf:"bytes,6,opt,name=KDCHostName,proto3" json:"kdc_host_name,omitempty"`
// LDAPServiceAccountName is the name of service account for performing LDAP queries. Required for x509 Auth / PKINIT.
LDAPServiceAccountName string `protobuf:"bytes,7,opt,name=LDAPServiceAccountName,proto3" json:"ldap_service_account_name,omitempty"`
// LDAPServiceAccountSID is the SID of service account for performing LDAP queries. Required for x509 Auth / PKINIT.
LDAPServiceAccountSID string `protobuf:"bytes,8,opt,name=LDAPServiceAccountSID,proto3" json:"ldap_service_account_sid,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AD) Reset() { *m = AD{} }
func (m *AD) String() string { return proto.CompactTextString(m) }
func (*AD) ProtoMessage() {}
func (*AD) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{28}
}
func (m *AD) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AD) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AD.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AD) XXX_Merge(src proto.Message) {
xxx_messageInfo_AD.Merge(m, src)
}
func (m *AD) XXX_Size() int {
return m.Size()
}
func (m *AD) XXX_DiscardUnknown() {
xxx_messageInfo_AD.DiscardUnknown(m)
}
var xxx_messageInfo_AD proto.InternalMessageInfo
// DatabaseTLS contains TLS configuration options.
type DatabaseTLS struct {
// Mode is a TLS connection mode.
// 0 is "verify-full"; 1 is "verify-ca", 2 is "insecure".
Mode DatabaseTLSMode `protobuf:"varint,1,opt,name=Mode,proto3,enum=types.DatabaseTLSMode" json:"mode"`
// CACert is an optional user provided CA certificate used for verifying
// database TLS connection.
CACert string `protobuf:"bytes,2,opt,name=CACert,proto3" json:"ca_cert,omitempty"`
// ServerName allows to provide custom hostname. This value will override the
// servername/hostname on a certificate during validation.
ServerName string `protobuf:"bytes,3,opt,name=ServerName,proto3" json:"server_name,omitempty"`
// TrustSystemCertPool allows Teleport to trust certificate authorities
// available on the host system. If not set (by default), Teleport only
// trusts self-signed databases with TLS certificates signed by Teleport's
// Database Server CA or the ca_cert specified in this TLS setting. For
// cloud-hosted databases, Teleport downloads the corresponding required CAs
// for validation.
TrustSystemCertPool bool `protobuf:"varint,4,opt,name=TrustSystemCertPool,proto3" json:"trust_system_cert_pool,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DatabaseTLS) Reset() { *m = DatabaseTLS{} }
func (m *DatabaseTLS) String() string { return proto.CompactTextString(m) }
func (*DatabaseTLS) ProtoMessage() {}
func (*DatabaseTLS) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{29}
}
func (m *DatabaseTLS) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DatabaseTLS) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DatabaseTLS.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DatabaseTLS) XXX_Merge(src proto.Message) {
xxx_messageInfo_DatabaseTLS.Merge(m, src)
}
func (m *DatabaseTLS) XXX_Size() int {
return m.Size()
}
func (m *DatabaseTLS) XXX_DiscardUnknown() {
xxx_messageInfo_DatabaseTLS.DiscardUnknown(m)
}
var xxx_messageInfo_DatabaseTLS proto.InternalMessageInfo
// MySQLOptions are additional MySQL database options.
type MySQLOptions struct {
// ServerVersion is the server version reported by DB proxy if the runtime information is
// not available.
ServerVersion string `protobuf:"bytes,1,opt,name=ServerVersion,proto3" json:"server_version,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MySQLOptions) Reset() { *m = MySQLOptions{} }
func (m *MySQLOptions) String() string { return proto.CompactTextString(m) }
func (*MySQLOptions) ProtoMessage() {}
func (*MySQLOptions) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{30}
}
func (m *MySQLOptions) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *MySQLOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_MySQLOptions.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *MySQLOptions) XXX_Merge(src proto.Message) {
xxx_messageInfo_MySQLOptions.Merge(m, src)
}
func (m *MySQLOptions) XXX_Size() int {
return m.Size()
}
func (m *MySQLOptions) XXX_DiscardUnknown() {
xxx_messageInfo_MySQLOptions.DiscardUnknown(m)
}
var xxx_messageInfo_MySQLOptions proto.InternalMessageInfo
// MongoAtlas contains Atlas metadata about the database.
type MongoAtlas struct {
// Name is the Atlas database instance name.
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MongoAtlas) Reset() { *m = MongoAtlas{} }
func (m *MongoAtlas) String() string { return proto.CompactTextString(m) }
func (*MongoAtlas) ProtoMessage() {}
func (*MongoAtlas) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{31}
}
func (m *MongoAtlas) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *MongoAtlas) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_MongoAtlas.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *MongoAtlas) XXX_Merge(src proto.Message) {
xxx_messageInfo_MongoAtlas.Merge(m, src)
}
func (m *MongoAtlas) XXX_Size() int {
return m.Size()
}
func (m *MongoAtlas) XXX_DiscardUnknown() {
xxx_messageInfo_MongoAtlas.DiscardUnknown(m)
}
var xxx_messageInfo_MongoAtlas proto.InternalMessageInfo
// InstanceV1 represents the state of a running teleport instance independent
// of the specific services that instance exposes.
type InstanceV1 struct {
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
Spec InstanceSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *InstanceV1) Reset() { *m = InstanceV1{} }
func (m *InstanceV1) String() string { return proto.CompactTextString(m) }
func (*InstanceV1) ProtoMessage() {}
func (*InstanceV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{32}
}
func (m *InstanceV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *InstanceV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_InstanceV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *InstanceV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_InstanceV1.Merge(m, src)
}
func (m *InstanceV1) XXX_Size() int {
return m.Size()
}
func (m *InstanceV1) XXX_DiscardUnknown() {
xxx_messageInfo_InstanceV1.DiscardUnknown(m)
}
var xxx_messageInfo_InstanceV1 proto.InternalMessageInfo
type InstanceSpecV1 struct {
// Version is the version of teleport this instance most recently advertised.
Version string `protobuf:"bytes,1,opt,name=Version,proto3" json:"version,omitempty"`
// Services is the list of active services this instance most recently advertised.
Services []SystemRole `protobuf:"bytes,2,rep,name=Services,proto3,casttype=SystemRole" json:"services,omitempty"`
// Hostname is the hostname this instance most recently advertised.
Hostname string `protobuf:"bytes,3,opt,name=Hostname,proto3" json:"hostname,omitempty"`
// AuthID is the ID of the Auth Service that most recently observed this instance.
AuthID string `protobuf:"bytes,4,opt,name=AuthID,proto3" json:"auth_id,omitempty"`
// LastSeen is the last time an Auth Service server reported observing this instance.
LastSeen time.Time `protobuf:"bytes,5,opt,name=LastSeen,proto3,stdtime" json:"last_seen,omitempty"`
// ControlLog is the log of recent important instance control events related to this instance. See comments
// on the InstanceControlLogEntry type for details.
ControlLog []InstanceControlLogEntry `protobuf:"bytes,6,rep,name=ControlLog,proto3" json:"control_log,omitempty"`
// ExternalUpgrader identifies the external upgrader that the instance is configured to
// export schedules to (e.g. 'kube'). Empty if no upgrader is defined.
ExternalUpgrader string `protobuf:"bytes,7,opt,name=ExternalUpgrader,proto3" json:"ext_upgrader,omitempty"`
// ExternalUpgraderVersion identifies the external upgrader version. Empty if no upgrader is defined.
ExternalUpgraderVersion string `protobuf:"bytes,8,opt,name=ExternalUpgraderVersion,proto3" json:"ext_upgrader_version,omitempty"`
// LastMeasurement stores information about the latest measurement between services.
LastMeasurement *SystemClockMeasurement `protobuf:"bytes,9,opt,name=LastMeasurement,proto3" json:"LastMeasurement,omitempty"`
// UpdaterInfo stores information about how the Teleport updater is doing.
UpdaterInfo *UpdaterV2Info `protobuf:"bytes,10,opt,name=UpdaterInfo,proto3" json:"UpdaterInfo,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *InstanceSpecV1) Reset() { *m = InstanceSpecV1{} }
func (m *InstanceSpecV1) String() string { return proto.CompactTextString(m) }
func (*InstanceSpecV1) ProtoMessage() {}
func (*InstanceSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{33}
}
func (m *InstanceSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *InstanceSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_InstanceSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *InstanceSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_InstanceSpecV1.Merge(m, src)
}
func (m *InstanceSpecV1) XXX_Size() int {
return m.Size()
}
func (m *InstanceSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_InstanceSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_InstanceSpecV1 proto.InternalMessageInfo
// SystemClockMeasurement represents the measurement state of the systems clock difference.
type SystemClockMeasurement struct {
// ControllerSystemClock is the system clock of the inventory controller.
ControllerSystemClock time.Time `protobuf:"bytes,1,opt,name=ControllerSystemClock,proto3,stdtime" json:"controller_system_clock,omitempty"`
// SystemClock is the system clock of the upstream.
SystemClock time.Time `protobuf:"bytes,2,opt,name=SystemClock,proto3,stdtime" json:"system_clock,omitempty"`
// RequestDuration stores information about the request duration between auth and remote service.
RequestDuration time.Duration `protobuf:"bytes,3,opt,name=RequestDuration,proto3,stdduration" json:"request_duration"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SystemClockMeasurement) Reset() { *m = SystemClockMeasurement{} }
func (m *SystemClockMeasurement) String() string { return proto.CompactTextString(m) }
func (*SystemClockMeasurement) ProtoMessage() {}
func (*SystemClockMeasurement) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{34}
}
func (m *SystemClockMeasurement) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SystemClockMeasurement) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SystemClockMeasurement.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SystemClockMeasurement) XXX_Merge(src proto.Message) {
xxx_messageInfo_SystemClockMeasurement.Merge(m, src)
}
func (m *SystemClockMeasurement) XXX_Size() int {
return m.Size()
}
func (m *SystemClockMeasurement) XXX_DiscardUnknown() {
xxx_messageInfo_SystemClockMeasurement.DiscardUnknown(m)
}
var xxx_messageInfo_SystemClockMeasurement proto.InternalMessageInfo
// InstanceControlLogEntry represents an entry in a given instance's control log. The control log of
// an instance is protected by CompareAndSwap semantics, allowing entries to function as a means of
// synchronization as well as recordkeeping. For example, an Auth Service instance intending to trigger an upgrade
// for a given instance can check its control log for 'upgrade-attempt' entries. If no such entry exists,
// it can attempt to write an 'upgrade-attempt' entry of its own. If that entry successfully writes without
// hitting a CompareFailed, the Auth Service instance knows that no other Auth Service instances will make concurrent upgrade
// attempts while that entry persists.
//
// NOTE: Due to resource size and backend throughput limitations, care should be taken to minimize the
// use and size of instance control log entries.
type InstanceControlLogEntry struct {
// Type represents the type of control log entry this is (e.g. 'upgrade-attempt').
Type string `protobuf:"bytes,1,opt,name=Type,proto3" json:"type,omitempty"`
// ID is a random identifier used to assist in uniquely identifying entries. This value may
// be unique, or it may be used to associate a collection of related entries (e.g. an upgrade
// attempt entry may use the same ID as an associated upgrade failure entry if appropriate).
ID uint64 `protobuf:"varint,2,opt,name=ID,proto3" json:"id,omitempty"`
// Time is the time at which the event represented by this entry occurred (used in determining
// ordering and expiry).
Time time.Time `protobuf:"bytes,3,opt,name=Time,proto3,stdtime" json:"time,omitempty"`
// TTL is an optional custom time to live for this control log entry. Some control log entries
// (e.g. an upgrade failure) may require longer than normal TTLs in order to ensure visibility.
// If a log entry's TTL results in it having an intended expiry further in the future than the
// expiry of the enclosing Instance resource, the instance resource's expiry will be bumped
// to accommodate preservation of the log. Because of this fact, custom entry TTLs should be
// used sparingly, as excess usage could result in unexpected backend growth for high churn
// clusters.
TTL time.Duration `protobuf:"varint,4,opt,name=TTL,proto3,casttype=time.Duration" json:"ttl,omitempty"`
// Labels is an arbitrary collection of key-value pairs. The expected labels are determined by the
// type of the entry. Use of labels is preferable to adding new fields in some cases in order to
// preserve fields across auth downgrades (this is mostly relevant for the version-control system).
Labels map[string]string `protobuf:"bytes,5,rep,name=Labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *InstanceControlLogEntry) Reset() { *m = InstanceControlLogEntry{} }
func (m *InstanceControlLogEntry) String() string { return proto.CompactTextString(m) }
func (*InstanceControlLogEntry) ProtoMessage() {}
func (*InstanceControlLogEntry) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{35}
}
func (m *InstanceControlLogEntry) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *InstanceControlLogEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_InstanceControlLogEntry.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *InstanceControlLogEntry) XXX_Merge(src proto.Message) {
xxx_messageInfo_InstanceControlLogEntry.Merge(m, src)
}
func (m *InstanceControlLogEntry) XXX_Size() int {
return m.Size()
}
func (m *InstanceControlLogEntry) XXX_DiscardUnknown() {
xxx_messageInfo_InstanceControlLogEntry.DiscardUnknown(m)
}
var xxx_messageInfo_InstanceControlLogEntry proto.InternalMessageInfo
// UpdaterV2Info is used by Teleport to send information about how the Teleport updater is doing.
type UpdaterV2Info struct {
// UpdateGroup is the update group the agent's updater is part of.
// The autoupdate_agent_rollout resource controls when different groups update.
// Reporting the update group in the Hello allows us to track the update progress per group.
// See RFD 184 for more details.
UpdateGroup string `protobuf:"bytes,1,opt,name=UpdateGroup,proto3" json:"UpdateGroup,omitempty"`
// UpdateUUID is the agent's updater UUID.
// Each updater has a UUID, this can be used in two cases:
// - To update individual agents when doing canary updates
// - To track the lowest non-updated agent to avoid a deadlock when doing a progressive rollout
UpdateUUID []byte `protobuf:"bytes,2,opt,name=UpdateUUID,proto3" json:"UpdateUUID,omitempty"`
// UpdaterStatus represents any updater-related status information that the Teleport cluster
// should be aware of. For example, the fact the updater got disabled, the version pinned,
// or that the updater seems to not be running.
UpdaterStatus UpdaterStatus `protobuf:"varint,3,opt,name=UpdaterStatus,proto3,enum=types.UpdaterStatus" json:"UpdaterStatus,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *UpdaterV2Info) Reset() { *m = UpdaterV2Info{} }
func (m *UpdaterV2Info) String() string { return proto.CompactTextString(m) }
func (*UpdaterV2Info) ProtoMessage() {}
func (*UpdaterV2Info) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{36}
}
func (m *UpdaterV2Info) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *UpdaterV2Info) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_UpdaterV2Info.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *UpdaterV2Info) XXX_Merge(src proto.Message) {
xxx_messageInfo_UpdaterV2Info.Merge(m, src)
}
func (m *UpdaterV2Info) XXX_Size() int {
return m.Size()
}
func (m *UpdaterV2Info) XXX_DiscardUnknown() {
xxx_messageInfo_UpdaterV2Info.DiscardUnknown(m)
}
var xxx_messageInfo_UpdaterV2Info proto.InternalMessageInfo
// InstanceFilter matches instance resources.
type InstanceFilter struct {
// ServerID matches exactly one instance by server ID if specified.
ServerID string `protobuf:"bytes,1,opt,name=ServerID,proto3" json:"ServerID,omitempty"`
// Version matches instance version if specified.
Version string `protobuf:"bytes,2,opt,name=Version,proto3" json:"Version,omitempty"`
// Services matches the instance services if specified. Note that this field matches all instances which
// expose *at least* one of the listed services. This is in contrast to service matching in version
// directives which match instances that expose a *at most* the listed services.
Services []SystemRole `protobuf:"bytes,3,rep,name=Services,proto3,casttype=SystemRole" json:"Services,omitempty"`
// ExternalUpgrader matches instance upgrader if specified.
ExternalUpgrader string `protobuf:"bytes,4,opt,name=ExternalUpgrader,proto3" json:"ExternalUpgrader,omitempty"`
// NoExtUpgrader explicitly matches instances for which no upgrader is defined.
NoExtUpgrader bool `protobuf:"varint,5,opt,name=NoExtUpgrader,proto3" json:"NoExtUpgrader,omitempty"`
// OlderThanVersion is an optional exclusive upper version bound.
OlderThanVersion string `protobuf:"bytes,6,opt,name=OlderThanVersion,proto3" json:"OlderThanVersion,omitempty"`
// NewerThanVersion is an optional exclusive lower version bound.
NewerThanVersion string `protobuf:"bytes,7,opt,name=NewerThanVersion,proto3" json:"NewerThanVersion,omitempty"`
// UpdateGroup matches instance update group if specified.
UpdateGroup string `protobuf:"bytes,8,opt,name=UpdateGroup,proto3" json:"UpdateGroup,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *InstanceFilter) Reset() { *m = InstanceFilter{} }
func (m *InstanceFilter) String() string { return proto.CompactTextString(m) }
func (*InstanceFilter) ProtoMessage() {}
func (*InstanceFilter) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{37}
}
func (m *InstanceFilter) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *InstanceFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_InstanceFilter.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *InstanceFilter) XXX_Merge(src proto.Message) {
xxx_messageInfo_InstanceFilter.Merge(m, src)
}
func (m *InstanceFilter) XXX_Size() int {
return m.Size()
}
func (m *InstanceFilter) XXX_DiscardUnknown() {
xxx_messageInfo_InstanceFilter.DiscardUnknown(m)
}
var xxx_messageInfo_InstanceFilter proto.InternalMessageInfo
// ServerV2 represents a Node, App, Database, Proxy or Auth Service instance in a Teleport cluster.
type ServerV2 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is version
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is a server spec
Spec ServerSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
// The advertized scope of the server which can not change once assigned.
Scope string `protobuf:"bytes,6,opt,name=scope,proto3" json:"scope,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ServerV2) Reset() { *m = ServerV2{} }
func (*ServerV2) ProtoMessage() {}
func (*ServerV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{38}
}
func (m *ServerV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ServerV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ServerV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ServerV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_ServerV2.Merge(m, src)
}
func (m *ServerV2) XXX_Size() int {
return m.Size()
}
func (m *ServerV2) XXX_DiscardUnknown() {
xxx_messageInfo_ServerV2.DiscardUnknown(m)
}
var xxx_messageInfo_ServerV2 proto.InternalMessageInfo
// ServerSpecV2 is a specification for V2 Server
type ServerSpecV2 struct {
// Addr is a host:port address where this server can be reached.
Addr string `protobuf:"bytes,1,opt,name=Addr,proto3" json:"addr"`
// Hostname is server hostname
Hostname string `protobuf:"bytes,3,opt,name=Hostname,proto3" json:"hostname"`
// CmdLabels is server dynamic labels
CmdLabels map[string]CommandLabelV2 `protobuf:"bytes,4,rep,name=CmdLabels,proto3" json:"cmd_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// Rotation specifies server rotation
Rotation Rotation `protobuf:"bytes,5,opt,name=Rotation,proto3" json:"rotation,omitempty"`
// UseTunnel indicates that connections to this server should occur over a
// reverse tunnel.
UseTunnel bool `protobuf:"varint,6,opt,name=UseTunnel,proto3" json:"use_tunnel,omitempty"`
// TeleportVersion is the teleport version that the server is running on
Version string `protobuf:"bytes,7,opt,name=Version,proto3" json:"version"`
// PeerAddr is the address a proxy server is reachable at by its peer proxies.
PeerAddr string `protobuf:"bytes,11,opt,name=PeerAddr,proto3" json:"peer_addr,omitempty"`
// ProxyIDs is a list of proxy IDs this server is expected to be connected to.
ProxyIDs []string `protobuf:"bytes,12,rep,name=ProxyIDs,proto3" json:"proxy_ids,omitempty"`
// PublicAddrs is a list of public addresses where this server can be reached.
PublicAddrs []string `protobuf:"bytes,13,rep,name=public_addrs,json=publicAddrs,proto3" json:"public_addrs,omitempty"`
// CloudMetadata contains info about the cloud instance the server is running
// on, if any.
CloudMetadata *CloudMetadata `protobuf:"bytes,14,opt,name=CloudMetadata,proto3" json:"cloud_metadata,omitempty"`
// GitHub contains info about GitHub proxies where each server represents a
// GitHub organization.
GitHub *GitHubServerMetadata `protobuf:"bytes,15,opt,name=git_hub,json=gitHub,proto3" json:"github,omitempty"`
// the name of the Relay group that the server is connected to
RelayGroup string `protobuf:"bytes,16,opt,name=relay_group,json=relayGroup,proto3" json:"relay_group,omitempty"`
// the list of Relay host IDs that the server is connected to
RelayIds []string `protobuf:"bytes,17,rep,name=relay_ids,json=relayIds,proto3" json:"relay_ids,omitempty"`
// component_features represents features supported by this server
ComponentFeatures *v1.ComponentFeatures `protobuf:"bytes,18,opt,name=component_features,json=componentFeatures,proto3" json:"component_features,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ServerSpecV2) Reset() { *m = ServerSpecV2{} }
func (m *ServerSpecV2) String() string { return proto.CompactTextString(m) }
func (*ServerSpecV2) ProtoMessage() {}
func (*ServerSpecV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{39}
}
func (m *ServerSpecV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ServerSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ServerSpecV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ServerSpecV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_ServerSpecV2.Merge(m, src)
}
func (m *ServerSpecV2) XXX_Size() int {
return m.Size()
}
func (m *ServerSpecV2) XXX_DiscardUnknown() {
xxx_messageInfo_ServerSpecV2.DiscardUnknown(m)
}
var xxx_messageInfo_ServerSpecV2 proto.InternalMessageInfo
// AWSInfo contains attributes to match to an EC2 instance.
type AWSInfo struct {
// AccountID is an AWS account ID.
AccountID string `protobuf:"bytes,1,opt,name=AccountID,proto3" json:"account_id"`
// InstanceID is an EC2 instance ID.
InstanceID string `protobuf:"bytes,2,opt,name=InstanceID,proto3" json:"instance_id"`
// Region is the AWS EC2 Instance Region.
Region string `protobuf:"bytes,3,opt,name=Region,proto3" json:"region,omitempty"`
// VPCID is the AWS VPC ID where the Instance is running.
VPCID string `protobuf:"bytes,4,opt,name=VPCID,proto3" json:"vpc_id,omitempty"`
// Integration is the integration name that added this Node.
// When connecting to it, it will use this integration to issue AWS API calls in order to set up the connection.
// This includes sending an SSH Key and then opening a tunnel (EC2 Instance Connect Endpoint) so Teleport can connect to it.
Integration string `protobuf:"bytes,5,opt,name=Integration,proto3" json:"integration,omitempty"`
// SubnetID is the Subnet ID in use by the instance.
SubnetID string `protobuf:"bytes,6,opt,name=SubnetID,proto3" json:"subnet_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWSInfo) Reset() { *m = AWSInfo{} }
func (m *AWSInfo) String() string { return proto.CompactTextString(m) }
func (*AWSInfo) ProtoMessage() {}
func (*AWSInfo) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{40}
}
func (m *AWSInfo) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWSInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWSInfo.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWSInfo) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWSInfo.Merge(m, src)
}
func (m *AWSInfo) XXX_Size() int {
return m.Size()
}
func (m *AWSInfo) XXX_DiscardUnknown() {
xxx_messageInfo_AWSInfo.DiscardUnknown(m)
}
var xxx_messageInfo_AWSInfo proto.InternalMessageInfo
// CloudMetadata contains info about the cloud instance a server is running
// on, if any.
type CloudMetadata struct {
// AWSInfo contains attributes to match to an EC2 instance.
AWS *AWSInfo `protobuf:"bytes,1,opt,name=AWS,proto3" json:"aws,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *CloudMetadata) Reset() { *m = CloudMetadata{} }
func (m *CloudMetadata) String() string { return proto.CompactTextString(m) }
func (*CloudMetadata) ProtoMessage() {}
func (*CloudMetadata) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{41}
}
func (m *CloudMetadata) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *CloudMetadata) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_CloudMetadata.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *CloudMetadata) XXX_Merge(src proto.Message) {
xxx_messageInfo_CloudMetadata.Merge(m, src)
}
func (m *CloudMetadata) XXX_Size() int {
return m.Size()
}
func (m *CloudMetadata) XXX_DiscardUnknown() {
xxx_messageInfo_CloudMetadata.DiscardUnknown(m)
}
var xxx_messageInfo_CloudMetadata proto.InternalMessageInfo
// GitHubServerMetadata contains info about GitHub proxies where each server
// represents a GitHub organization.
type GitHubServerMetadata struct {
// Organization specifies the name of the organization for the GitHub integration.
Organization string `protobuf:"bytes,1,opt,name=organization,proto3" json:"organization,omitempty"`
// Integration is the integration that is associated with this Server.
Integration string `protobuf:"bytes,2,opt,name=integration,proto3" json:"integration,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *GitHubServerMetadata) Reset() { *m = GitHubServerMetadata{} }
func (m *GitHubServerMetadata) String() string { return proto.CompactTextString(m) }
func (*GitHubServerMetadata) ProtoMessage() {}
func (*GitHubServerMetadata) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{42}
}
func (m *GitHubServerMetadata) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *GitHubServerMetadata) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_GitHubServerMetadata.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *GitHubServerMetadata) XXX_Merge(src proto.Message) {
xxx_messageInfo_GitHubServerMetadata.Merge(m, src)
}
func (m *GitHubServerMetadata) XXX_Size() int {
return m.Size()
}
func (m *GitHubServerMetadata) XXX_DiscardUnknown() {
xxx_messageInfo_GitHubServerMetadata.DiscardUnknown(m)
}
var xxx_messageInfo_GitHubServerMetadata proto.InternalMessageInfo
// AppServerV3 represents a single proxied web app.
type AppServerV3 struct {
// Kind is the app server resource kind. Always "app_server".
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource subkind.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is the app server metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is the app server spec.
Spec AppServerSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
// The advertized scope of the server which can not change once assigned.
Scope string `protobuf:"bytes,6,opt,name=scope,proto3" json:"scope,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AppServerV3) Reset() { *m = AppServerV3{} }
func (*AppServerV3) ProtoMessage() {}
func (*AppServerV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{43}
}
func (m *AppServerV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AppServerV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AppServerV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AppServerV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_AppServerV3.Merge(m, src)
}
func (m *AppServerV3) XXX_Size() int {
return m.Size()
}
func (m *AppServerV3) XXX_DiscardUnknown() {
xxx_messageInfo_AppServerV3.DiscardUnknown(m)
}
var xxx_messageInfo_AppServerV3 proto.InternalMessageInfo
// AppServerSpecV3 is the app access server spec.
type AppServerSpecV3 struct {
// Version is the Teleport version that the server is running.
Version string `protobuf:"bytes,1,opt,name=Version,proto3" json:"version"`
// Hostname is the app server hostname.
Hostname string `protobuf:"bytes,2,opt,name=Hostname,proto3" json:"hostname"`
// HostID is the app server host uuid.
HostID string `protobuf:"bytes,3,opt,name=HostID,proto3" json:"host_id"`
// Rotation contains the app server CA rotation information.
Rotation Rotation `protobuf:"bytes,4,opt,name=Rotation,proto3" json:"rotation,omitempty"`
// App is the app proxied by this app server.
App *AppV3 `protobuf:"bytes,5,opt,name=App,proto3" json:"app"`
// ProxyIDs is a list of proxy IDs this server is expected to be connected to.
ProxyIDs []string `protobuf:"bytes,6,rep,name=ProxyIDs,proto3" json:"proxy_ids,omitempty"`
// the name of the Relay group that the server is connected to
RelayGroup string `protobuf:"bytes,7,opt,name=relay_group,json=relayGroup,proto3" json:"relay_group,omitempty"`
// the list of Relay host IDs that the server is connected to
RelayIds []string `protobuf:"bytes,8,rep,name=relay_ids,json=relayIds,proto3" json:"relay_ids,omitempty"`
// component_features contains features supported by this app server.
ComponentFeatures *v1.ComponentFeatures `protobuf:"bytes,9,opt,name=component_features,json=componentFeatures,proto3" json:"component_features,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AppServerSpecV3) Reset() { *m = AppServerSpecV3{} }
func (m *AppServerSpecV3) String() string { return proto.CompactTextString(m) }
func (*AppServerSpecV3) ProtoMessage() {}
func (*AppServerSpecV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{44}
}
func (m *AppServerSpecV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AppServerSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AppServerSpecV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AppServerSpecV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_AppServerSpecV3.Merge(m, src)
}
func (m *AppServerSpecV3) XXX_Size() int {
return m.Size()
}
func (m *AppServerSpecV3) XXX_DiscardUnknown() {
xxx_messageInfo_AppServerSpecV3.DiscardUnknown(m)
}
var xxx_messageInfo_AppServerSpecV3 proto.InternalMessageInfo
// AppV3List represents a list of app resources.
type AppV3List struct {
// Apps is a list of app resources.
Apps []*AppV3 `protobuf:"bytes,1,rep,name=Apps,proto3" json:"Apps,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AppV3List) Reset() { *m = AppV3List{} }
func (m *AppV3List) String() string { return proto.CompactTextString(m) }
func (*AppV3List) ProtoMessage() {}
func (*AppV3List) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{45}
}
func (m *AppV3List) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AppV3List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AppV3List.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AppV3List) XXX_Merge(src proto.Message) {
xxx_messageInfo_AppV3List.Merge(m, src)
}
func (m *AppV3List) XXX_Size() int {
return m.Size()
}
func (m *AppV3List) XXX_DiscardUnknown() {
xxx_messageInfo_AppV3List.DiscardUnknown(m)
}
var xxx_messageInfo_AppV3List proto.InternalMessageInfo
// AppV3 represents an app resource.
type AppV3 struct {
// Kind is the app resource kind. Always "app".
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource subkind.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version. It must be specified.
// Supported values are:`v3`.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is the app resource metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is the app resource spec.
Spec AppSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AppV3) Reset() { *m = AppV3{} }
func (*AppV3) ProtoMessage() {}
func (*AppV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{46}
}
func (m *AppV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AppV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AppV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AppV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_AppV3.Merge(m, src)
}
func (m *AppV3) XXX_Size() int {
return m.Size()
}
func (m *AppV3) XXX_DiscardUnknown() {
xxx_messageInfo_AppV3.DiscardUnknown(m)
}
var xxx_messageInfo_AppV3 proto.InternalMessageInfo
// CORSPolicy defines the CORS policy for AppSpecV3
type CORSPolicy struct {
// allowed_origins specifies which origins are allowed to access the app.
AllowedOrigins []string `protobuf:"bytes,1,rep,name=allowed_origins,json=allowedOrigins,proto3" json:"allowed_origins,omitempty"`
// allowed_methods specifies which methods are allowed when accessing the app.
AllowedMethods []string `protobuf:"bytes,2,rep,name=allowed_methods,json=allowedMethods,proto3" json:"allowed_methods,omitempty"`
// allowed_headers specifies which headers can be used when accessing the app.
AllowedHeaders []string `protobuf:"bytes,3,rep,name=allowed_headers,json=allowedHeaders,proto3" json:"allowed_headers,omitempty"`
// allow_credentials indicates whether credentials are allowed.
AllowCredentials bool `protobuf:"varint,4,opt,name=allow_credentials,json=allowCredentials,proto3" json:"allow_credentials,omitempty"`
// max_age indicates how long (in seconds) the results of a preflight request can be cached.
MaxAge uint32 `protobuf:"varint,5,opt,name=max_age,json=maxAge,proto3" json:"max_age,omitempty"`
// exposed_headers indicates which headers are made available to scripts via the browser.
ExposedHeaders []string `protobuf:"bytes,6,rep,name=exposed_headers,json=exposedHeaders,proto3" json:"exposed_headers,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *CORSPolicy) Reset() { *m = CORSPolicy{} }
func (m *CORSPolicy) String() string { return proto.CompactTextString(m) }
func (*CORSPolicy) ProtoMessage() {}
func (*CORSPolicy) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{47}
}
func (m *CORSPolicy) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *CORSPolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_CORSPolicy.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *CORSPolicy) XXX_Merge(src proto.Message) {
xxx_messageInfo_CORSPolicy.Merge(m, src)
}
func (m *CORSPolicy) XXX_Size() int {
return m.Size()
}
func (m *CORSPolicy) XXX_DiscardUnknown() {
xxx_messageInfo_CORSPolicy.DiscardUnknown(m)
}
var xxx_messageInfo_CORSPolicy proto.InternalMessageInfo
// IdentityCenterPermissionSet defines a permission set that is available on an
// IdentityCenter account app
type IdentityCenterPermissionSet struct {
// ARN is the fully-formed ARN of the Permission Set.
ARN string `protobuf:"bytes,1,opt,name=ARN,proto3" json:"arn,omitempty"`
// Name is the human-readable name of the Permission Set.
Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"name,omitempty"`
// AssignmentID is the ID of the Teleport Account Assignment resource that
// represents this permission being assigned on the enclosing Account.
AssignmentID string `protobuf:"bytes,3,opt,name=AssignmentID,proto3" json:"assignment_name,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *IdentityCenterPermissionSet) Reset() { *m = IdentityCenterPermissionSet{} }
func (m *IdentityCenterPermissionSet) String() string { return proto.CompactTextString(m) }
func (*IdentityCenterPermissionSet) ProtoMessage() {}
func (*IdentityCenterPermissionSet) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{48}
}
func (m *IdentityCenterPermissionSet) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *IdentityCenterPermissionSet) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_IdentityCenterPermissionSet.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *IdentityCenterPermissionSet) XXX_Merge(src proto.Message) {
xxx_messageInfo_IdentityCenterPermissionSet.Merge(m, src)
}
func (m *IdentityCenterPermissionSet) XXX_Size() int {
return m.Size()
}
func (m *IdentityCenterPermissionSet) XXX_DiscardUnknown() {
xxx_messageInfo_IdentityCenterPermissionSet.DiscardUnknown(m)
}
var xxx_messageInfo_IdentityCenterPermissionSet proto.InternalMessageInfo
// AppIdentityCenter encapsulates information about an AWS Identity Center
// account application.
type AppIdentityCenter struct {
// Account ID is the AWS-assigned ID of the account
AccountID string `protobuf:"bytes,1,opt,name=AccountID,proto3" json:"account_id,omitempty"`
// PermissionSets lists the available permission sets on the given account
PermissionSets []*IdentityCenterPermissionSet `protobuf:"bytes,2,rep,name=PermissionSets,proto3" json:"permission_sets,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AppIdentityCenter) Reset() { *m = AppIdentityCenter{} }
func (m *AppIdentityCenter) String() string { return proto.CompactTextString(m) }
func (*AppIdentityCenter) ProtoMessage() {}
func (*AppIdentityCenter) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{49}
}
func (m *AppIdentityCenter) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AppIdentityCenter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AppIdentityCenter.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AppIdentityCenter) XXX_Merge(src proto.Message) {
xxx_messageInfo_AppIdentityCenter.Merge(m, src)
}
func (m *AppIdentityCenter) XXX_Size() int {
return m.Size()
}
func (m *AppIdentityCenter) XXX_DiscardUnknown() {
xxx_messageInfo_AppIdentityCenter.DiscardUnknown(m)
}
var xxx_messageInfo_AppIdentityCenter proto.InternalMessageInfo
// AppSpecV3 is the AppV3 resource spec.
type AppSpecV3 struct {
// URI is the web app endpoint.
URI string `protobuf:"bytes,1,opt,name=URI,proto3" json:"uri"`
// PublicAddr is the public address the application is accessible at.
PublicAddr string `protobuf:"bytes,2,opt,name=PublicAddr,proto3" json:"public_addr,omitempty"`
// DynamicLabels are the app's command labels.
DynamicLabels map[string]CommandLabelV2 `protobuf:"bytes,3,rep,name=DynamicLabels,proto3" json:"dynamic_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// InsecureSkipVerify disables app's TLS certificate verification.
InsecureSkipVerify bool `protobuf:"varint,4,opt,name=InsecureSkipVerify,proto3" json:"insecure_skip_verify"`
// Rewrite is a list of rewriting rules to apply to requests and responses.
Rewrite *Rewrite `protobuf:"bytes,5,opt,name=Rewrite,proto3" json:"rewrite,omitempty"`
// AWS contains additional options for AWS applications.
AWS *AppAWS `protobuf:"bytes,6,opt,name=AWS,proto3" json:"aws,omitempty"`
// Cloud identifies the cloud instance the app represents.
Cloud string `protobuf:"bytes,7,opt,name=Cloud,proto3" json:"cloud,omitempty"`
// UserGroups are a list of user group IDs that this app is associated with.
UserGroups []string `protobuf:"bytes,8,rep,name=UserGroups,proto3" json:"UserGroups,omitempty"`
// Integration is the integration name that must be used to access this Application.
// Only applicable to AWS App Access.
// If present, the Application must use the Integration's credentials instead of ambient credentials to access Cloud APIs.
Integration string `protobuf:"bytes,9,opt,name=Integration,proto3" json:"integration,omitempty"`
// RequiredAppNames is a list of app names that are required for this app to function. Any app listed here will
// be part of the authentication redirect flow and authenticate alongside this app.
RequiredAppNames []string `protobuf:"bytes,10,rep,name=RequiredAppNames,proto3" json:"required_app_names,omitempty"`
// CORSPolicy defines the Cross-Origin Resource Sharing settings for the app.
CORS *CORSPolicy `protobuf:"bytes,11,opt,name=CORS,proto3" json:"cors,omitempty"`
// IdentityCenter encapsulates information specific to AWS IAM Identity
// Center. Only valid for Identity Center account apps.
IdentityCenter *AppIdentityCenter `protobuf:"bytes,12,opt,name=IdentityCenter,proto3" json:"identity_center,omitempty"`
// TCPPorts is a list of ports and port ranges that an app agent can forward connections to.
// Only applicable to TCP App Access.
// If this field is not empty, URI is expected to contain no port number and start with the tcp
// protocol.
TCPPorts []*PortRange `protobuf:"bytes,13,rep,name=TCPPorts,proto3" json:"tcp_ports,omitempty"`
// UseAnyProxyPublicAddr will rebuild this app's fqdn based on the proxy public addr that the
// request originated from. This should be true if your proxy has multiple proxy public addrs and you
// want the app to be accessible from any of them. If `public_addr` is explicitly set in the app spec,
// setting this value to true will overwrite that public address in the web UI.
UseAnyProxyPublicAddr bool `protobuf:"varint,14,opt,name=UseAnyProxyPublicAddr,proto3" json:"use_any_proxy_public_addr,omitempty"`
// MCP contains MCP server related configurations.
MCP *MCP `protobuf:"bytes,15,opt,name=MCP,proto3" json:"mcp,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AppSpecV3) Reset() { *m = AppSpecV3{} }
func (m *AppSpecV3) String() string { return proto.CompactTextString(m) }
func (*AppSpecV3) ProtoMessage() {}
func (*AppSpecV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{50}
}
func (m *AppSpecV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AppSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AppSpecV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AppSpecV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_AppSpecV3.Merge(m, src)
}
func (m *AppSpecV3) XXX_Size() int {
return m.Size()
}
func (m *AppSpecV3) XXX_DiscardUnknown() {
xxx_messageInfo_AppSpecV3.DiscardUnknown(m)
}
var xxx_messageInfo_AppSpecV3 proto.InternalMessageInfo
// MCP contains MCP server-related configurations.
type MCP struct {
// Command to launch stdio-based MCP servers.
Command string `protobuf:"bytes,1,opt,name=command,proto3" json:"command,omitempty"`
// Args to execute with the command.
Args []string `protobuf:"bytes,2,rep,name=args,proto3" json:"args,omitempty"`
// RunAsHostUser is the host user account under which the command will be
// executed. Required for stdio-based MCP servers.
RunAsHostUser string `protobuf:"bytes,3,opt,name=run_as_host_user,json=runAsHostUser,proto3" json:"run_as_host_user,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MCP) Reset() { *m = MCP{} }
func (m *MCP) String() string { return proto.CompactTextString(m) }
func (*MCP) ProtoMessage() {}
func (*MCP) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{51}
}
func (m *MCP) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *MCP) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_MCP.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *MCP) XXX_Merge(src proto.Message) {
xxx_messageInfo_MCP.Merge(m, src)
}
func (m *MCP) XXX_Size() int {
return m.Size()
}
func (m *MCP) XXX_DiscardUnknown() {
xxx_messageInfo_MCP.DiscardUnknown(m)
}
var xxx_messageInfo_MCP proto.InternalMessageInfo
// Rewrite is a list of rewriting rules to apply to requests and responses.
type Rewrite struct {
// Redirect defines a list of hosts which will be rewritten to the public
// address of the application if they occur in the "Location" header.
Redirect []string `protobuf:"bytes,1,rep,name=Redirect,proto3" json:"redirect,omitempty"`
// Headers is a list of headers to inject when passing the request over
// to the application.
Headers []*Header `protobuf:"bytes,2,rep,name=Headers,proto3" json:"headers,omitempty"`
// JWTClaims configures whether roles/traits are included in the JWT token.
JWTClaims string `protobuf:"bytes,3,opt,name=JWTClaims,proto3" json:"jwt_claims,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Rewrite) Reset() { *m = Rewrite{} }
func (m *Rewrite) String() string { return proto.CompactTextString(m) }
func (*Rewrite) ProtoMessage() {}
func (*Rewrite) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{52}
}
func (m *Rewrite) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Rewrite) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Rewrite.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Rewrite) XXX_Merge(src proto.Message) {
xxx_messageInfo_Rewrite.Merge(m, src)
}
func (m *Rewrite) XXX_Size() int {
return m.Size()
}
func (m *Rewrite) XXX_DiscardUnknown() {
xxx_messageInfo_Rewrite.DiscardUnknown(m)
}
var xxx_messageInfo_Rewrite proto.InternalMessageInfo
// Header represents a single HTTP header passed over to the proxied application.
type Header struct {
// Name is the http header name.
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
// Value is the http header value.
Value string `protobuf:"bytes,2,opt,name=Value,proto3" json:"value"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Header) Reset() { *m = Header{} }
func (m *Header) String() string { return proto.CompactTextString(m) }
func (*Header) ProtoMessage() {}
func (*Header) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{53}
}
func (m *Header) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Header) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Header.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Header) XXX_Merge(src proto.Message) {
xxx_messageInfo_Header.Merge(m, src)
}
func (m *Header) XXX_Size() int {
return m.Size()
}
func (m *Header) XXX_DiscardUnknown() {
xxx_messageInfo_Header.DiscardUnknown(m)
}
var xxx_messageInfo_Header proto.InternalMessageInfo
// PortRange describes a port range for TCP apps. The range starts with Port and ends with EndPort.
// PortRange can be used to describe a single port in which case the Port field is the port and the
// EndPort field is 0.
type PortRange struct {
// Port describes the start of the range. It must be between 1 and 65535.
Port uint32 `protobuf:"varint,1,opt,name=Port,proto3" json:"port"`
// EndPort describes the end of the range, inclusive. If set, it must be between 2 and 65535 and
// be greater than Port when describing a port range. When omitted or set to zero, it signifies
// that the port range defines a single port.
EndPort uint32 `protobuf:"varint,2,opt,name=EndPort,proto3" json:"end_port,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PortRange) Reset() { *m = PortRange{} }
func (*PortRange) ProtoMessage() {}
func (*PortRange) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{54}
}
func (m *PortRange) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PortRange) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PortRange.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PortRange) XXX_Merge(src proto.Message) {
xxx_messageInfo_PortRange.Merge(m, src)
}
func (m *PortRange) XXX_Size() int {
return m.Size()
}
func (m *PortRange) XXX_DiscardUnknown() {
xxx_messageInfo_PortRange.DiscardUnknown(m)
}
var xxx_messageInfo_PortRange proto.InternalMessageInfo
// CommandLabelV2 is a label that has a value as a result of the
// output generated by running command, e.g. hostname
type CommandLabelV2 struct {
// Period is a time between command runs
Period Duration `protobuf:"varint,1,opt,name=Period,proto3,casttype=Duration" json:"period"`
// Command is a command to run
Command []string `protobuf:"bytes,2,rep,name=Command,proto3" json:"command"`
// Result captures standard output
Result string `protobuf:"bytes,3,opt,name=Result,proto3" json:"result"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *CommandLabelV2) Reset() { *m = CommandLabelV2{} }
func (m *CommandLabelV2) String() string { return proto.CompactTextString(m) }
func (*CommandLabelV2) ProtoMessage() {}
func (*CommandLabelV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{55}
}
func (m *CommandLabelV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *CommandLabelV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_CommandLabelV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *CommandLabelV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_CommandLabelV2.Merge(m, src)
}
func (m *CommandLabelV2) XXX_Size() int {
return m.Size()
}
func (m *CommandLabelV2) XXX_DiscardUnknown() {
xxx_messageInfo_CommandLabelV2.DiscardUnknown(m)
}
var xxx_messageInfo_CommandLabelV2 proto.InternalMessageInfo
// AppAWS contains additional options for AWS applications.
type AppAWS struct {
// ExternalID is the AWS External ID used when assuming roles in this app.
ExternalID string `protobuf:"bytes,1,opt,name=ExternalID,proto3" json:"external_id,omitempty"`
// RolesAnywhereProfile contains the IAM Roles Anywhere fields associated with this Application.
// These fields are set when performing the synchronization of AWS IAM Roles Anywhere Profiles into Teleport Apps.
RolesAnywhereProfile *AppAWSRolesAnywhereProfile `protobuf:"bytes,2,opt,name=RolesAnywhereProfile,proto3" json:"roles_anywhere_profile,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AppAWS) Reset() { *m = AppAWS{} }
func (m *AppAWS) String() string { return proto.CompactTextString(m) }
func (*AppAWS) ProtoMessage() {}
func (*AppAWS) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{56}
}
func (m *AppAWS) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AppAWS) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AppAWS.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AppAWS) XXX_Merge(src proto.Message) {
xxx_messageInfo_AppAWS.Merge(m, src)
}
func (m *AppAWS) XXX_Size() int {
return m.Size()
}
func (m *AppAWS) XXX_DiscardUnknown() {
xxx_messageInfo_AppAWS.DiscardUnknown(m)
}
var xxx_messageInfo_AppAWS proto.InternalMessageInfo
// AppAWSRolesAnywhereProfile contains the fields that represent an AWS IAM Roles Anywhere Profile.
type AppAWSRolesAnywhereProfile struct {
// ProfileARN is the AWS IAM Roles Anywhere Profile ARN that originated this Teleport App.
ProfileARN string `protobuf:"bytes,1,opt,name=ProfileARN,proto3" json:"profile_arn,omitempty"`
// Whether this Roles Anywhere Profile accepts a custom role session name.
// When not supported, the AWS Session Name will be the X.509 certificate's serial number.
// When supported, the AWS Session Name will be the identity's username.
// This value comes from:
// https://docs.aws.amazon.com/rolesanywhere/latest/APIReference/API_ProfileDetail.html / acceptRoleSessionName
AcceptRoleSessionName bool `protobuf:"varint,2,opt,name=AcceptRoleSessionName,proto3" json:"accept_role_session_name"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AppAWSRolesAnywhereProfile) Reset() { *m = AppAWSRolesAnywhereProfile{} }
func (m *AppAWSRolesAnywhereProfile) String() string { return proto.CompactTextString(m) }
func (*AppAWSRolesAnywhereProfile) ProtoMessage() {}
func (*AppAWSRolesAnywhereProfile) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{57}
}
func (m *AppAWSRolesAnywhereProfile) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AppAWSRolesAnywhereProfile) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AppAWSRolesAnywhereProfile.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AppAWSRolesAnywhereProfile) XXX_Merge(src proto.Message) {
xxx_messageInfo_AppAWSRolesAnywhereProfile.Merge(m, src)
}
func (m *AppAWSRolesAnywhereProfile) XXX_Size() int {
return m.Size()
}
func (m *AppAWSRolesAnywhereProfile) XXX_DiscardUnknown() {
xxx_messageInfo_AppAWSRolesAnywhereProfile.DiscardUnknown(m)
}
var xxx_messageInfo_AppAWSRolesAnywhereProfile proto.InternalMessageInfo
// SSHKeyPair is an SSH CA key pair.
type SSHKeyPair struct {
// PublicKey is the SSH public key.
PublicKey []byte `protobuf:"bytes,1,opt,name=PublicKey,proto3" json:"public_key,omitempty"`
// PrivateKey is the SSH private key.
PrivateKey []byte `protobuf:"bytes,2,opt,name=PrivateKey,proto3" json:"private_key,omitempty"`
// PrivateKeyType is the type of the PrivateKey.
PrivateKeyType PrivateKeyType `protobuf:"varint,3,opt,name=PrivateKeyType,proto3,enum=types.PrivateKeyType" json:"private_key_type,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SSHKeyPair) Reset() { *m = SSHKeyPair{} }
func (m *SSHKeyPair) String() string { return proto.CompactTextString(m) }
func (*SSHKeyPair) ProtoMessage() {}
func (*SSHKeyPair) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{58}
}
func (m *SSHKeyPair) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SSHKeyPair) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SSHKeyPair.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SSHKeyPair) XXX_Merge(src proto.Message) {
xxx_messageInfo_SSHKeyPair.Merge(m, src)
}
func (m *SSHKeyPair) XXX_Size() int {
return m.Size()
}
func (m *SSHKeyPair) XXX_DiscardUnknown() {
xxx_messageInfo_SSHKeyPair.DiscardUnknown(m)
}
var xxx_messageInfo_SSHKeyPair proto.InternalMessageInfo
// TLSKeyPair is a TLS key pair
type TLSKeyPair struct {
// Cert is a PEM encoded TLS cert
Cert []byte `protobuf:"bytes,1,opt,name=Cert,proto3" json:"cert,omitempty"`
// Key is a PEM encoded TLS key
Key []byte `protobuf:"bytes,2,opt,name=Key,proto3" json:"key,omitempty"`
// KeyType is the type of the Key.
KeyType PrivateKeyType `protobuf:"varint,3,opt,name=KeyType,proto3,enum=types.PrivateKeyType" json:"key_type,omitempty"`
// CRL is an empty DER-encoded revocation list.
CRL []byte `protobuf:"bytes,4,opt,name=CRL,proto3" json:"crl"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *TLSKeyPair) Reset() { *m = TLSKeyPair{} }
func (m *TLSKeyPair) String() string { return proto.CompactTextString(m) }
func (*TLSKeyPair) ProtoMessage() {}
func (*TLSKeyPair) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{59}
}
func (m *TLSKeyPair) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *TLSKeyPair) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_TLSKeyPair.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *TLSKeyPair) XXX_Merge(src proto.Message) {
xxx_messageInfo_TLSKeyPair.Merge(m, src)
}
func (m *TLSKeyPair) XXX_Size() int {
return m.Size()
}
func (m *TLSKeyPair) XXX_DiscardUnknown() {
xxx_messageInfo_TLSKeyPair.DiscardUnknown(m)
}
var xxx_messageInfo_TLSKeyPair proto.InternalMessageInfo
// JWTKeyPair is a PEM encoded keypair used for signing JWT tokens.
type JWTKeyPair struct {
// PublicKey is a PEM encoded public key.
PublicKey []byte `protobuf:"bytes,1,opt,name=PublicKey,proto3" json:"public_key,omitempty"`
// PrivateKey is a PEM encoded private key.
PrivateKey []byte `protobuf:"bytes,2,opt,name=PrivateKey,proto3" json:"private_key,omitempty"`
// PrivateKeyType is the type of the PrivateKey.
PrivateKeyType PrivateKeyType `protobuf:"varint,3,opt,name=PrivateKeyType,proto3,enum=types.PrivateKeyType" json:"private_key_type,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *JWTKeyPair) Reset() { *m = JWTKeyPair{} }
func (m *JWTKeyPair) String() string { return proto.CompactTextString(m) }
func (*JWTKeyPair) ProtoMessage() {}
func (*JWTKeyPair) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{60}
}
func (m *JWTKeyPair) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *JWTKeyPair) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_JWTKeyPair.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *JWTKeyPair) XXX_Merge(src proto.Message) {
xxx_messageInfo_JWTKeyPair.Merge(m, src)
}
func (m *JWTKeyPair) XXX_Size() int {
return m.Size()
}
func (m *JWTKeyPair) XXX_DiscardUnknown() {
xxx_messageInfo_JWTKeyPair.DiscardUnknown(m)
}
var xxx_messageInfo_JWTKeyPair proto.InternalMessageInfo
// EncryptionKeyPair is a PKIX ASN.1 DER encoded keypair used for encrypting and decrypting data.
type EncryptionKeyPair struct {
// PublicKey is a PKIX ASN.1 DER encoded public key.
PublicKey []byte `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
// PrivateKey is a PKCS#8 ASN.1 DER encoded private key.
PrivateKey []byte `protobuf:"bytes,2,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"`
// PrivateKeyType is the type of the PrivateKey.
PrivateKeyType PrivateKeyType `protobuf:"varint,3,opt,name=private_key_type,json=privateKeyType,proto3,enum=types.PrivateKeyType" json:"private_key_type,omitempty"`
// Hash function used during OAEP encryption/decryption. It maps directly to the possible
// values of [crypto.Hash] in the go crypto package.
Hash uint32 `protobuf:"varint,4,opt,name=hash,proto3" json:"hash,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *EncryptionKeyPair) Reset() { *m = EncryptionKeyPair{} }
func (m *EncryptionKeyPair) String() string { return proto.CompactTextString(m) }
func (*EncryptionKeyPair) ProtoMessage() {}
func (*EncryptionKeyPair) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{61}
}
func (m *EncryptionKeyPair) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *EncryptionKeyPair) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_EncryptionKeyPair.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *EncryptionKeyPair) XXX_Merge(src proto.Message) {
xxx_messageInfo_EncryptionKeyPair.Merge(m, src)
}
func (m *EncryptionKeyPair) XXX_Size() int {
return m.Size()
}
func (m *EncryptionKeyPair) XXX_DiscardUnknown() {
xxx_messageInfo_EncryptionKeyPair.DiscardUnknown(m)
}
var xxx_messageInfo_EncryptionKeyPair proto.InternalMessageInfo
// A public key to be used as a recipient during age encryption of session recordings.
type AgeEncryptionKey struct {
// A PKIX ASN.1 DER encoded public key used for key wrapping during age encryption. Expected to be RSA 4096.
PublicKey []byte `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AgeEncryptionKey) Reset() { *m = AgeEncryptionKey{} }
func (m *AgeEncryptionKey) String() string { return proto.CompactTextString(m) }
func (*AgeEncryptionKey) ProtoMessage() {}
func (*AgeEncryptionKey) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{62}
}
func (m *AgeEncryptionKey) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AgeEncryptionKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AgeEncryptionKey.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AgeEncryptionKey) XXX_Merge(src proto.Message) {
xxx_messageInfo_AgeEncryptionKey.Merge(m, src)
}
func (m *AgeEncryptionKey) XXX_Size() int {
return m.Size()
}
func (m *AgeEncryptionKey) XXX_DiscardUnknown() {
xxx_messageInfo_AgeEncryptionKey.DiscardUnknown(m)
}
var xxx_messageInfo_AgeEncryptionKey proto.InternalMessageInfo
// CertAuthorityV2 is version 2 resource spec for Cert Authority
type CertAuthorityV2 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is version
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is connector metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec contains cert authority specification
Spec CertAuthoritySpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *CertAuthorityV2) Reset() { *m = CertAuthorityV2{} }
func (*CertAuthorityV2) ProtoMessage() {}
func (*CertAuthorityV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{63}
}
func (m *CertAuthorityV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *CertAuthorityV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_CertAuthorityV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *CertAuthorityV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_CertAuthorityV2.Merge(m, src)
}
func (m *CertAuthorityV2) XXX_Size() int {
return m.Size()
}
func (m *CertAuthorityV2) XXX_DiscardUnknown() {
xxx_messageInfo_CertAuthorityV2.DiscardUnknown(m)
}
var xxx_messageInfo_CertAuthorityV2 proto.InternalMessageInfo
// CertAuthoritySpecV2 is a host or user certificate authority that
// can check and if it has private key stored as well, sign it too
type CertAuthoritySpecV2 struct {
// Type is either user or host certificate authority
Type CertAuthType `protobuf:"bytes,1,opt,name=Type,proto3,casttype=CertAuthType" json:"type"`
// ClusterName identifies the cluster name this authority serves.
ClusterName string `protobuf:"bytes,2,opt,name=ClusterName,proto3" json:"cluster_name"`
// Roles is a list of roles assumed by users signed by this CA
Roles []string `protobuf:"bytes,5,rep,name=Roles,proto3" json:"roles,omitempty"`
// RoleMap specifies role mappings to remote roles
RoleMap []RoleMapping `protobuf:"bytes,6,rep,name=RoleMap,proto3" json:"role_map,omitempty"`
// Rotation is a status of the certificate authority rotation
Rotation *Rotation `protobuf:"bytes,8,opt,name=Rotation,proto3" json:"rotation,omitempty"`
// SigningAlg is unused.
//
// Deprecated: SigningAlg is unused.
SigningAlg CertAuthoritySpecV2_SigningAlgType `protobuf:"varint,9,opt,name=SigningAlg,proto3,enum=types.CertAuthoritySpecV2_SigningAlgType" json:"signing_alg,omitempty"` // Deprecated: Do not use.
// ActiveKeys are the CA key sets used to sign any new certificates.
ActiveKeys CAKeySet `protobuf:"bytes,11,opt,name=ActiveKeys,proto3" json:"active_keys,omitempty"`
// AdditionalTrustedKeys are additional CA key sets that can be used to
// verify certificates. Certificates should be verified with
// AdditionalTrustedKeys and ActiveKeys combined.
AdditionalTrustedKeys CAKeySet `protobuf:"bytes,12,opt,name=AdditionalTrustedKeys,proto3" json:"additional_trusted_keys,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *CertAuthoritySpecV2) Reset() { *m = CertAuthoritySpecV2{} }
func (m *CertAuthoritySpecV2) String() string { return proto.CompactTextString(m) }
func (*CertAuthoritySpecV2) ProtoMessage() {}
func (*CertAuthoritySpecV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{64}
}
func (m *CertAuthoritySpecV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *CertAuthoritySpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_CertAuthoritySpecV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *CertAuthoritySpecV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_CertAuthoritySpecV2.Merge(m, src)
}
func (m *CertAuthoritySpecV2) XXX_Size() int {
return m.Size()
}
func (m *CertAuthoritySpecV2) XXX_DiscardUnknown() {
xxx_messageInfo_CertAuthoritySpecV2.DiscardUnknown(m)
}
var xxx_messageInfo_CertAuthoritySpecV2 proto.InternalMessageInfo
// CAKeySet is the set of CA keys.
type CAKeySet struct {
// SSH contains SSH CA key pairs.
SSH []*SSHKeyPair `protobuf:"bytes,1,rep,name=SSH,proto3" json:"ssh,omitempty"`
// TLS contains TLS CA key/cert pairs.
TLS []*TLSKeyPair `protobuf:"bytes,2,rep,name=TLS,proto3" json:"tls,omitempty"`
// JWT contains JWT signing key pairs.
JWT []*JWTKeyPair `protobuf:"bytes,3,rep,name=JWT,proto3" json:"jwt,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *CAKeySet) Reset() { *m = CAKeySet{} }
func (m *CAKeySet) String() string { return proto.CompactTextString(m) }
func (*CAKeySet) ProtoMessage() {}
func (*CAKeySet) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{65}
}
func (m *CAKeySet) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *CAKeySet) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_CAKeySet.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *CAKeySet) XXX_Merge(src proto.Message) {
xxx_messageInfo_CAKeySet.Merge(m, src)
}
func (m *CAKeySet) XXX_Size() int {
return m.Size()
}
func (m *CAKeySet) XXX_DiscardUnknown() {
xxx_messageInfo_CAKeySet.DiscardUnknown(m)
}
var xxx_messageInfo_CAKeySet proto.InternalMessageInfo
// RoleMapping provides mapping of remote roles to local roles
// for trusted clusters
type RoleMapping struct {
// Remote specifies remote role name to map from
Remote string `protobuf:"bytes,1,opt,name=Remote,proto3" json:"remote"`
// Local specifies local roles to map to
Local []string `protobuf:"bytes,2,rep,name=Local,proto3" json:"local"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RoleMapping) Reset() { *m = RoleMapping{} }
func (m *RoleMapping) String() string { return proto.CompactTextString(m) }
func (*RoleMapping) ProtoMessage() {}
func (*RoleMapping) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{66}
}
func (m *RoleMapping) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RoleMapping) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RoleMapping.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RoleMapping) XXX_Merge(src proto.Message) {
xxx_messageInfo_RoleMapping.Merge(m, src)
}
func (m *RoleMapping) XXX_Size() int {
return m.Size()
}
func (m *RoleMapping) XXX_DiscardUnknown() {
xxx_messageInfo_RoleMapping.DiscardUnknown(m)
}
var xxx_messageInfo_RoleMapping proto.InternalMessageInfo
// ProvisionTokenV1 is a provisioning token V1
type ProvisionTokenV1 struct {
// Roles is a list of roles associated with the token,
// that will be converted to metadata in the SSH and X509
// certificates issued to the user of the token
Roles []SystemRole `protobuf:"bytes,1,rep,name=Roles,proto3,casttype=SystemRole" json:"roles"`
// Expires is a global expiry time header can be set on any resource in the
// system.
Expires time.Time `protobuf:"bytes,2,opt,name=Expires,proto3,stdtime" json:"expires,omitempty"`
// Token is a token name
Token string `protobuf:"bytes,3,opt,name=Token,proto3" json:"token"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenV1) Reset() { *m = ProvisionTokenV1{} }
func (*ProvisionTokenV1) ProtoMessage() {}
func (*ProvisionTokenV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{67}
}
func (m *ProvisionTokenV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenV1.Merge(m, src)
}
func (m *ProvisionTokenV1) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenV1) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenV1.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenV1 proto.InternalMessageInfo
// ProvisionTokenV2 specifies provisioning token
type ProvisionTokenV2 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version. It must be specified.
// Supported values are:`v2`.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is a provisioning token V2 spec
Spec ProvisionTokenSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
// Status is extended status information, depending on token type. It is not
// user writable.
Status *ProvisionTokenStatusV2 `protobuf:"bytes,6,opt,name=Status,proto3" json:"status,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenV2) Reset() { *m = ProvisionTokenV2{} }
func (*ProvisionTokenV2) ProtoMessage() {}
func (*ProvisionTokenV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{68}
}
func (m *ProvisionTokenV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenV2.Merge(m, src)
}
func (m *ProvisionTokenV2) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenV2) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenV2.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenV2 proto.InternalMessageInfo
// ProvisionTokenV2List is a list of provisioning tokens.
type ProvisionTokenV2List struct {
// ProvisionTokens is a list of provisioning tokens.
ProvisionTokens []*ProvisionTokenV2 `protobuf:"bytes,1,rep,name=ProvisionTokens,proto3" json:"ProvisionTokens,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenV2List) Reset() { *m = ProvisionTokenV2List{} }
func (m *ProvisionTokenV2List) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenV2List) ProtoMessage() {}
func (*ProvisionTokenV2List) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{69}
}
func (m *ProvisionTokenV2List) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenV2List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenV2List.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenV2List) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenV2List.Merge(m, src)
}
func (m *ProvisionTokenV2List) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenV2List) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenV2List.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenV2List proto.InternalMessageInfo
// TokenRule is a rule that a joining node must match in order to use the
// associated token.
type TokenRule struct {
// AWSAccount is the AWS account ID.
AWSAccount string `protobuf:"bytes,1,opt,name=AWSAccount,proto3" json:"aws_account,omitempty"`
// AWSRegions is used for the EC2 join method and is a list of AWS regions a
// node is allowed to join from.
AWSRegions []string `protobuf:"bytes,2,rep,name=AWSRegions,proto3" json:"aws_regions,omitempty"`
// AWSRole is used for the EC2 join method and is the ARN of the AWS
// role that the Auth Service will assume in order to call the ec2 API.
AWSRole string `protobuf:"bytes,3,opt,name=AWSRole,proto3" json:"aws_role,omitempty"`
// AWSARN is used for the IAM join method, the AWS identity of joining nodes
// must match this ARN. Supports wildcards "*" and "?".
AWSARN string `protobuf:"bytes,4,opt,name=AWSARN,proto3" json:"aws_arn,omitempty"`
// AWSOrganizationID is used for the IAM join method, the AWS identity of joining nodes
// must belong to this organization.
AWSOrganizationID string `protobuf:"bytes,5,opt,name=AWSOrganizationID,proto3" json:"aws_organization_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *TokenRule) Reset() { *m = TokenRule{} }
func (m *TokenRule) String() string { return proto.CompactTextString(m) }
func (*TokenRule) ProtoMessage() {}
func (*TokenRule) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{70}
}
func (m *TokenRule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *TokenRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_TokenRule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *TokenRule) XXX_Merge(src proto.Message) {
xxx_messageInfo_TokenRule.Merge(m, src)
}
func (m *TokenRule) XXX_Size() int {
return m.Size()
}
func (m *TokenRule) XXX_DiscardUnknown() {
xxx_messageInfo_TokenRule.DiscardUnknown(m)
}
var xxx_messageInfo_TokenRule proto.InternalMessageInfo
// ProvisionTokenSpecV2 is a specification for V2 token
type ProvisionTokenSpecV2 struct {
// Roles is a list of roles associated with the token,
// that will be converted to metadata in the SSH and X509
// certificates issued to the user of the token
Roles []SystemRole `protobuf:"bytes,1,rep,name=Roles,proto3,casttype=SystemRole" json:"roles"`
// Allow is a list of TokenRules, nodes using this token must match one
// allow rule to use this token.
Allow []*TokenRule `protobuf:"bytes,2,rep,name=Allow,proto3" json:"allow,omitempty"`
// AWSIIDTTL is the TTL to use for AWS EC2 Instance Identity Documents used
// to join the cluster with this token.
AWSIIDTTL Duration `protobuf:"varint,3,opt,name=AWSIIDTTL,proto3,casttype=Duration" json:"aws_iid_ttl,omitempty"`
// JoinMethod is the joining method required in order to use this token.
// Supported joining methods include: azure, circleci, ec2, gcp, github, gitlab, iam, kubernetes, spacelift, token, tpm
JoinMethod JoinMethod `protobuf:"bytes,4,opt,name=JoinMethod,proto3,casttype=JoinMethod" json:"join_method"`
// BotName is the name of the bot this token grants access to, if any
BotName string `protobuf:"bytes,5,opt,name=BotName,proto3" json:"bot_name,omitempty"`
// SuggestedLabels is a set of labels that resources should set when using this token to enroll
// themselves in the cluster.
// Currently, only node-join scripts create a configuration according to the suggestion.
SuggestedLabels Labels `protobuf:"bytes,6,opt,name=SuggestedLabels,proto3,customtype=Labels" json:"suggested_labels,omitempty"`
// GitHub allows the configuration of options specific to the "github" join method.
GitHub *ProvisionTokenSpecV2GitHub `protobuf:"bytes,7,opt,name=GitHub,proto3" json:"github,omitempty"`
// CircleCI allows the configuration of options specific to the "circleci" join method.
CircleCI *ProvisionTokenSpecV2CircleCI `protobuf:"bytes,8,opt,name=CircleCI,proto3" json:"circleci,omitempty"`
// SuggestedAgentMatcherLabels is a set of labels to be used by agents to match on resources.
// When an agent uses this token, the agent should monitor resources that match those labels.
// For databases, this means adding the labels to `db_service.resources.labels`.
// Currently, only node-join scripts create a configuration according to the suggestion.
SuggestedAgentMatcherLabels Labels `protobuf:"bytes,9,opt,name=SuggestedAgentMatcherLabels,proto3,customtype=Labels" json:"suggested_agent_matcher_labels,omitempty"`
// Kubernetes allows the configuration of options specific to the "kubernetes" join method.
Kubernetes *ProvisionTokenSpecV2Kubernetes `protobuf:"bytes,10,opt,name=Kubernetes,proto3" json:"kubernetes,omitempty"`
// Azure allows the configuration of options specific to the "azure" join method.
Azure *ProvisionTokenSpecV2Azure `protobuf:"bytes,11,opt,name=Azure,proto3" json:"azure,omitempty"`
// GitLab allows the configuration of options specific to the "gitlab" join method.
GitLab *ProvisionTokenSpecV2GitLab `protobuf:"bytes,12,opt,name=GitLab,proto3" json:"gitlab,omitempty"`
// GCP allows the configuration of options specific to the "gcp" join method.
GCP *ProvisionTokenSpecV2GCP `protobuf:"bytes,13,opt,name=GCP,proto3" json:"gcp,omitempty"`
// Spacelift allows the configuration of options specific to the "spacelift" join method.
Spacelift *ProvisionTokenSpecV2Spacelift `protobuf:"bytes,14,opt,name=Spacelift,proto3" json:"spacelift,omitempty"`
// TPM allows the configuration of options specific to the "tpm" join method.
TPM *ProvisionTokenSpecV2TPM `protobuf:"bytes,15,opt,name=TPM,proto3" json:"tpm,omitempty"`
// TerraformCloud allows the configuration of options specific to the "terraform_cloud" join method.
TerraformCloud *ProvisionTokenSpecV2TerraformCloud `protobuf:"bytes,16,opt,name=TerraformCloud,proto3" json:"terraform_cloud,omitempty"`
// Bitbucket allows the configuration of options specific to the "bitbucket" join method.
Bitbucket *ProvisionTokenSpecV2Bitbucket `protobuf:"bytes,17,opt,name=Bitbucket,proto3" json:"bitbucket,omitempty"`
// Oracle allows the configuration of options specific to the "oracle" join method.
Oracle *ProvisionTokenSpecV2Oracle `protobuf:"bytes,18,opt,name=Oracle,proto3" json:"oracle,omitempty"`
// BoundKeypair allows the configuration of options specific to the "bound_keypair" join method.
BoundKeypair *ProvisionTokenSpecV2BoundKeypair `protobuf:"bytes,19,opt,name=BoundKeypair,proto3" json:"bound_keypair,omitempty"`
// AzureDevops allows the configuration of options specific to the "azure_devops" join method.
AzureDevops *ProvisionTokenSpecV2AzureDevops `protobuf:"bytes,20,opt,name=AzureDevops,proto3" json:"azure_devops,omitempty"`
// Env0 allows the configuration of options specific to the "env0" join method.
Env0 *ProvisionTokenSpecV2Env0 `protobuf:"bytes,21,opt,name=Env0,proto3" json:"env0,omitempty"`
// Integration name which provides credentials for validating join attempts.
// Currently only in use for validating the AWS Organization ID in the IAM Join method.
Integration string `protobuf:"bytes,22,opt,name=Integration,proto3" json:"integration,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2) Reset() { *m = ProvisionTokenSpecV2{} }
func (m *ProvisionTokenSpecV2) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2) ProtoMessage() {}
func (*ProvisionTokenSpecV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{71}
}
func (m *ProvisionTokenSpecV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2.Merge(m, src)
}
func (m *ProvisionTokenSpecV2) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2 proto.InternalMessageInfo
// ProvisionTokenSpecV2AzureDevops contains the Azure Devops-specific
// configuration.
type ProvisionTokenSpecV2AzureDevops struct {
// Allow is a list of TokenRules, nodes using this token must match one
// allow rule to use this token. At least one allow rule must be specified.
Allow []*ProvisionTokenSpecV2AzureDevops_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
// OrganizationID specifies the UUID of the Azure DevOps organization that
// this join token will grant access to. This is used to identify the correct
// issuer verification of the ID token.
// This is a required field.
OrganizationID string `protobuf:"bytes,2,opt,name=OrganizationID,proto3" json:"organization_id"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2AzureDevops) Reset() { *m = ProvisionTokenSpecV2AzureDevops{} }
func (m *ProvisionTokenSpecV2AzureDevops) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2AzureDevops) ProtoMessage() {}
func (*ProvisionTokenSpecV2AzureDevops) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{72}
}
func (m *ProvisionTokenSpecV2AzureDevops) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2AzureDevops) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2AzureDevops.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2AzureDevops) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2AzureDevops.Merge(m, src)
}
func (m *ProvisionTokenSpecV2AzureDevops) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2AzureDevops) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2AzureDevops.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2AzureDevops proto.InternalMessageInfo
type ProvisionTokenSpecV2AzureDevops_Rule struct {
// Sub also known as Subject is a string that roughly uniquely identifies
// the workload. Example:
// `p://my-organization/my-project/my-pipeline`
// Mapped from the `sub` claim.
Sub string `protobuf:"bytes,1,opt,name=Sub,proto3" json:"sub,omitempty"`
// The name of the AZDO project. Example:
// `my-project`.
// Mapped out of the `sub` claim.
ProjectName string `protobuf:"bytes,2,opt,name=ProjectName,proto3" json:"project_name,omitempty"`
// The name of the AZDO pipeline. Example:
// `my-pipeline`.
// Mapped out of the `sub` claim.
PipelineName string `protobuf:"bytes,3,opt,name=PipelineName,proto3" json:"pipeline_name,omitempty"`
// The ID of the AZDO pipeline. Example:
// `271ef6f7-0000-0000-0000-4b54d9129990`
// Mapped from the `prj_id` claim.
ProjectID string `protobuf:"bytes,4,opt,name=ProjectID,proto3" json:"project_id,omitempty"`
// The ID of the AZDO pipeline definition. Example:
// `1`
// Mapped from the `def_id` claim.
DefinitionID string `protobuf:"bytes,5,opt,name=DefinitionID,proto3" json:"definition_id,omitempty"`
// The URI of the repository the pipeline is using. Example:
// `https://github.com/gravitational/teleport.git`.
// Mapped from the `rpo_uri` claim.
RepositoryURI string `protobuf:"bytes,6,opt,name=RepositoryURI,proto3" json:"repository_uri,omitempty"`
// The individual commit of the repository the pipeline is using. Example:
// `e6b9eb29a288b27a3a82cc19c48b9d94b80aff36`.
// Mapped from the `rpo_ver` claim.
RepositoryVersion string `protobuf:"bytes,7,opt,name=RepositoryVersion,proto3" json:"repository_version,omitempty"`
// The reference of the repository the pipeline is using. Example:
// `refs/heads/main`.
// Mapped from the `rpo_ref` claim.
RepositoryRef string `protobuf:"bytes,8,opt,name=RepositoryRef,proto3" json:"repository_ref,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2AzureDevops_Rule) Reset() { *m = ProvisionTokenSpecV2AzureDevops_Rule{} }
func (m *ProvisionTokenSpecV2AzureDevops_Rule) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2AzureDevops_Rule) ProtoMessage() {}
func (*ProvisionTokenSpecV2AzureDevops_Rule) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{72, 0}
}
func (m *ProvisionTokenSpecV2AzureDevops_Rule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2AzureDevops_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2AzureDevops_Rule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2AzureDevops_Rule) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2AzureDevops_Rule.Merge(m, src)
}
func (m *ProvisionTokenSpecV2AzureDevops_Rule) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2AzureDevops_Rule) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2AzureDevops_Rule.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2AzureDevops_Rule proto.InternalMessageInfo
// ProvisionTokenSpecV2TPM contains the TPM-specific part of the
// ProvisionTokenSpecV2
type ProvisionTokenSpecV2TPM struct {
// Allow is a list of Rules, the presented delegated identity must match one
// allow rule to permit joining.
Allow []*ProvisionTokenSpecV2TPM_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
// EKCertAllowedCAs is a list of CA certificates that will be used to validate
// TPM EKCerts.
// When specified, joining TPMs must present an EKCert signed by one of the
// specified CAs. TPMs that do not present an EKCert will be not permitted to
// join.
// When unspecified, TPMs will be allowed to join with either an EKCert or an
// EKPubHash.
EKCertAllowedCAs []string `protobuf:"bytes,2,rep,name=EKCertAllowedCAs,proto3" json:"ekcert_allowed_cas,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2TPM) Reset() { *m = ProvisionTokenSpecV2TPM{} }
func (m *ProvisionTokenSpecV2TPM) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2TPM) ProtoMessage() {}
func (*ProvisionTokenSpecV2TPM) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{73}
}
func (m *ProvisionTokenSpecV2TPM) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2TPM) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2TPM.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2TPM) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2TPM.Merge(m, src)
}
func (m *ProvisionTokenSpecV2TPM) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2TPM) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2TPM.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2TPM proto.InternalMessageInfo
type ProvisionTokenSpecV2TPM_Rule struct {
// Description is a human-readable description of the rule. It has no
// bearing on whether or not a TPM is allowed to join, but can be used
// to associate a rule with a specific host (e.g the asset tag of the server
// in which the TPM resides).
// Example: "build-server-100"
Description string `protobuf:"bytes,1,opt,name=Description,proto3" json:"description,omitempty"`
// EKPublicHash is the SHA256 hash of the EKPub marshaled in PKIX format
// and encoded in hexadecimal. This value will also be checked when a TPM
// has submitted an EKCert, and the public key in the EKCert will be used
// for this check.
// Example: d4b45864d9d6fabfc568d74f26c35ababde2105337d7af9a6605e1c56c891aa6
EKPublicHash string `protobuf:"bytes,4,opt,name=EKPublicHash,proto3" json:"ek_public_hash,omitempty"`
// EKCertificateSerial is the serial number of the EKCert in hexadecimal
// with colon separated nibbles. This value will not be checked when a TPM
// does not have an EKCert configured.
// Example: 73:df:dc:bd:af:ef:8a:d8:15:2e:96:71:7a:3e:7f:a4
EKCertificateSerial string `protobuf:"bytes,5,opt,name=EKCertificateSerial,proto3" json:"ek_certificate_serial,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2TPM_Rule) Reset() { *m = ProvisionTokenSpecV2TPM_Rule{} }
func (m *ProvisionTokenSpecV2TPM_Rule) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2TPM_Rule) ProtoMessage() {}
func (*ProvisionTokenSpecV2TPM_Rule) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{73, 0}
}
func (m *ProvisionTokenSpecV2TPM_Rule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2TPM_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2TPM_Rule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2TPM_Rule) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2TPM_Rule.Merge(m, src)
}
func (m *ProvisionTokenSpecV2TPM_Rule) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2TPM_Rule) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2TPM_Rule.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2TPM_Rule proto.InternalMessageInfo
// ProvisionTokenSpecV2Github contains the GitHub-specific part of the
// ProvisionTokenSpecV2
type ProvisionTokenSpecV2GitHub struct {
// Allow is a list of TokenRules, nodes using this token must match one
// allow rule to use this token.
Allow []*ProvisionTokenSpecV2GitHub_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
// EnterpriseServerHost allows joining from runners associated with a
// GitHub Enterprise Server instance. When unconfigured, tokens will be
// validated against github.com, but when configured to the host of a GHES
// instance, then the tokens will be validated against host.
//
// This value should be the hostname of the GHES instance, and should not
// include the scheme or a path. The instance must be accessible over HTTPS
// at this hostname and the certificate must be trusted by the Auth Service.
EnterpriseServerHost string `protobuf:"bytes,2,opt,name=EnterpriseServerHost,proto3" json:"enterprise_server_host,omitempty"`
// EnterpriseSlug allows the slug of a GitHub Enterprise organisation to be
// included in the expected issuer of the OIDC tokens. This is for
// compatibility with the `include_enterprise_slug` option in GHE.
//
// This field should be set to the slug of your enterprise if this is enabled. If
// this is not enabled, then this field must be left empty. This field cannot
// be specified if `enterprise_server_host` is specified.
//
// See https://docs.github.com/en/enterprise-cloud@latest/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#customizing-the-issuer-value-for-an-enterprise
// for more information about customized issuer values.
EnterpriseSlug string `protobuf:"bytes,3,opt,name=EnterpriseSlug,proto3" json:"enterprise_slug,omitempty"`
// StaticJWKS disables fetching of the GHES signing keys via the JWKS/OIDC
// endpoints, and allows them to be directly specified. This allows joining
// from GitHub Actions in GHES instances that are not reachable by the
// Teleport Auth Service.
StaticJWKS string `protobuf:"bytes,4,opt,name=StaticJWKS,proto3" json:"static_jwks,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2GitHub) Reset() { *m = ProvisionTokenSpecV2GitHub{} }
func (m *ProvisionTokenSpecV2GitHub) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2GitHub) ProtoMessage() {}
func (*ProvisionTokenSpecV2GitHub) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{74}
}
func (m *ProvisionTokenSpecV2GitHub) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2GitHub) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2GitHub.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2GitHub) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2GitHub.Merge(m, src)
}
func (m *ProvisionTokenSpecV2GitHub) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2GitHub) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2GitHub.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2GitHub proto.InternalMessageInfo
// Rule includes fields mapped from `lib/githubactions.IDToken`
// Not all fields should be included, only ones that we expect to be useful
// when trying to create rules around which workflows should be allowed to
// authenticate against a cluster.
type ProvisionTokenSpecV2GitHub_Rule struct {
// Sub also known as Subject is a string that roughly uniquely identifies
// the workload. The format of this varies depending on the type of
// github action run.
Sub string `protobuf:"bytes,1,opt,name=Sub,proto3" json:"sub,omitempty"`
// The repository from where the workflow is running.
// This includes the name of the owner e.g `gravitational/teleport`
Repository string `protobuf:"bytes,2,opt,name=Repository,proto3" json:"repository,omitempty"`
// The name of the organization in which the repository is stored.
RepositoryOwner string `protobuf:"bytes,3,opt,name=RepositoryOwner,proto3" json:"repository_owner,omitempty"`
// The name of the workflow.
Workflow string `protobuf:"bytes,4,opt,name=Workflow,proto3" json:"workflow,omitempty"`
// The name of the environment used by the job.
Environment string `protobuf:"bytes,5,opt,name=Environment,proto3" json:"environment,omitempty"`
// The personal account that initiated the workflow run.
Actor string `protobuf:"bytes,6,opt,name=Actor,proto3" json:"actor,omitempty"`
// The git ref that triggered the workflow run.
Ref string `protobuf:"bytes,7,opt,name=Ref,proto3" json:"ref,omitempty"`
// The type of ref, for example: "branch".
RefType string `protobuf:"bytes,8,opt,name=RefType,proto3" json:"ref_type,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2GitHub_Rule) Reset() { *m = ProvisionTokenSpecV2GitHub_Rule{} }
func (m *ProvisionTokenSpecV2GitHub_Rule) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2GitHub_Rule) ProtoMessage() {}
func (*ProvisionTokenSpecV2GitHub_Rule) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{74, 0}
}
func (m *ProvisionTokenSpecV2GitHub_Rule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2GitHub_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2GitHub_Rule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2GitHub_Rule) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2GitHub_Rule.Merge(m, src)
}
func (m *ProvisionTokenSpecV2GitHub_Rule) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2GitHub_Rule) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2GitHub_Rule.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2GitHub_Rule proto.InternalMessageInfo
// ProvisionTokenSpecV2GitLab contains the GitLab-specific part of the
// ProvisionTokenSpecV2
type ProvisionTokenSpecV2GitLab struct {
// Allow is a list of TokenRules, nodes using this token must match one
// allow rule to use this token.
Allow []*ProvisionTokenSpecV2GitLab_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
// Domain is the domain of your GitLab instance. This will default to
// `gitlab.com` - but can be set to the domain of your self-hosted GitLab
// e.g `gitlab.example.com`.
Domain string `protobuf:"bytes,2,opt,name=Domain,proto3" json:"domain,omitempty"`
// StaticJWKS disables fetching of the GitLab signing keys via the JWKS/OIDC
// endpoints, and allows them to be directly specified. This allows joining
// from GitLab CI instances that are not reachable by the Teleport Auth
// Service.
StaticJWKS string `protobuf:"bytes,3,opt,name=StaticJWKS,proto3" json:"static_jwks,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2GitLab) Reset() { *m = ProvisionTokenSpecV2GitLab{} }
func (m *ProvisionTokenSpecV2GitLab) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2GitLab) ProtoMessage() {}
func (*ProvisionTokenSpecV2GitLab) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{75}
}
func (m *ProvisionTokenSpecV2GitLab) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2GitLab) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2GitLab.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2GitLab) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2GitLab.Merge(m, src)
}
func (m *ProvisionTokenSpecV2GitLab) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2GitLab) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2GitLab.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2GitLab proto.InternalMessageInfo
type ProvisionTokenSpecV2GitLab_Rule struct {
// Sub roughly uniquely identifies the workload. Example:
// `project_path:mygroup/my-project:ref_type:branch:ref:main`
// project_path:GROUP/PROJECT:ref_type:TYPE:ref:BRANCH_NAME
//
// This field supports "glob-style" matching:
// - Use '*' to match zero or more characters.
// - Use '?' to match any single character.
Sub string `protobuf:"bytes,1,opt,name=Sub,proto3" json:"sub,omitempty"`
// Ref allows access to be limited to jobs triggered by a specific git ref.
// Ensure this is used in combination with ref_type.
//
// This field supports "glob-style" matching:
// - Use '*' to match zero or more characters.
// - Use '?' to match any single character.
Ref string `protobuf:"bytes,2,opt,name=Ref,proto3" json:"ref,omitempty"`
// RefType allows access to be limited to jobs triggered by a specific git
// ref type. Example:
// `branch` or `tag`
RefType string `protobuf:"bytes,3,opt,name=RefType,proto3" json:"ref_type,omitempty"`
// NamespacePath is used to limit access to jobs in a group or user's
// projects.
// Example:
// `mygroup`
//
// This field supports "glob-style" matching:
// - Use '*' to match zero or more characters.
// - Use '?' to match any single character.
NamespacePath string `protobuf:"bytes,4,opt,name=NamespacePath,proto3" json:"namespace_path,omitempty"`
// ProjectPath is used to limit access to jobs belonging to an individual
// project. Example:
// `mygroup/myproject`
//
// This field supports "glob-style" matching:
// - Use '*' to match zero or more characters.
// - Use '?' to match any single character.
ProjectPath string `protobuf:"bytes,5,opt,name=ProjectPath,proto3" json:"project_path,omitempty"`
// PipelineSource limits access by the job pipeline source type.
// https://docs.gitlab.com/ee/ci/jobs/job_control.html#common-if-clauses-for-rules
// Example: `web`
PipelineSource string `protobuf:"bytes,6,opt,name=PipelineSource,proto3" json:"pipeline_source,omitempty"`
// Environment limits access by the environment the job deploys to
// (if one is associated)
Environment string `protobuf:"bytes,7,opt,name=Environment,proto3" json:"environment,omitempty"`
// UserLogin is the username of the user executing the job
UserLogin string `protobuf:"bytes,8,opt,name=UserLogin,proto3" json:"user_login,omitempty"`
// UserID is the ID of the user executing the job
UserID string `protobuf:"bytes,9,opt,name=UserID,proto3" json:"user_id,omitempty"`
// UserEmail is the email of the user executing the job
UserEmail string `protobuf:"bytes,10,opt,name=UserEmail,proto3" json:"user_email,omitempty"`
// RefProtected is true if the Git ref is protected, false otherwise.
RefProtected *BoolOption `protobuf:"bytes,11,opt,name=RefProtected,proto3,customtype=BoolOption" json:"ref_protected,omitempty"`
// EnvironmentProtected is true if the Git ref is protected, false otherwise.
EnvironmentProtected *BoolOption `protobuf:"bytes,12,opt,name=EnvironmentProtected,proto3,customtype=BoolOption" json:"environment_protected,omitempty"`
// CIConfigSHA is the git commit SHA for the ci_config_ref_uri.
CIConfigSHA string `protobuf:"bytes,13,opt,name=CIConfigSHA,proto3" json:"ci_config_sha,omitempty"`
// CIConfigRefURI is the ref path to the top-level pipeline definition, for example,
// gitlab.example.com/my-group/my-project//.gitlab-ci.yml@refs/heads/main.
CIConfigRefURI string `protobuf:"bytes,14,opt,name=CIConfigRefURI,proto3" json:"ci_config_ref_uri,omitempty"`
// DeploymentTier is the deployment tier of the environment the job specifies
DeploymentTier string `protobuf:"bytes,15,opt,name=DeploymentTier,proto3" json:"deployment_tier,omitempty"`
// ProjectVisibility is the visibility of the project where the pipeline is running.
// Can be internal, private, or public.
ProjectVisibility string `protobuf:"bytes,16,opt,name=ProjectVisibility,proto3" json:"project_visibility,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2GitLab_Rule) Reset() { *m = ProvisionTokenSpecV2GitLab_Rule{} }
func (m *ProvisionTokenSpecV2GitLab_Rule) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2GitLab_Rule) ProtoMessage() {}
func (*ProvisionTokenSpecV2GitLab_Rule) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{75, 0}
}
func (m *ProvisionTokenSpecV2GitLab_Rule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2GitLab_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2GitLab_Rule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2GitLab_Rule) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2GitLab_Rule.Merge(m, src)
}
func (m *ProvisionTokenSpecV2GitLab_Rule) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2GitLab_Rule) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2GitLab_Rule.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2GitLab_Rule proto.InternalMessageInfo
// ProvisionTokenSpecV2CircleCI contains the CircleCI-specific part of the
// ProvisionTokenSpecV2
type ProvisionTokenSpecV2CircleCI struct {
// Allow is a list of TokenRules, nodes using this token must match one
// allow rule to use this token.
Allow []*ProvisionTokenSpecV2CircleCI_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
OrganizationID string `protobuf:"bytes,2,opt,name=OrganizationID,proto3" json:"organization_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2CircleCI) Reset() { *m = ProvisionTokenSpecV2CircleCI{} }
func (m *ProvisionTokenSpecV2CircleCI) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2CircleCI) ProtoMessage() {}
func (*ProvisionTokenSpecV2CircleCI) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{76}
}
func (m *ProvisionTokenSpecV2CircleCI) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2CircleCI) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2CircleCI.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2CircleCI) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2CircleCI.Merge(m, src)
}
func (m *ProvisionTokenSpecV2CircleCI) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2CircleCI) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2CircleCI.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2CircleCI proto.InternalMessageInfo
type ProvisionTokenSpecV2CircleCI_Rule struct {
ProjectID string `protobuf:"bytes,1,opt,name=ProjectID,proto3" json:"project_id,omitempty"`
ContextID string `protobuf:"bytes,2,opt,name=ContextID,proto3" json:"context_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2CircleCI_Rule) Reset() { *m = ProvisionTokenSpecV2CircleCI_Rule{} }
func (m *ProvisionTokenSpecV2CircleCI_Rule) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2CircleCI_Rule) ProtoMessage() {}
func (*ProvisionTokenSpecV2CircleCI_Rule) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{76, 0}
}
func (m *ProvisionTokenSpecV2CircleCI_Rule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2CircleCI_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2CircleCI_Rule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2CircleCI_Rule) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2CircleCI_Rule.Merge(m, src)
}
func (m *ProvisionTokenSpecV2CircleCI_Rule) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2CircleCI_Rule) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2CircleCI_Rule.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2CircleCI_Rule proto.InternalMessageInfo
// ProvisionTokenSpecV2Spacelift contains the Spacelift-specific part of the
// ProvisionTokenSpecV2
type ProvisionTokenSpecV2Spacelift struct {
// Allow is a list of Rules, nodes using this token must match one
// allow rule to use this token.
Allow []*ProvisionTokenSpecV2Spacelift_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
// Hostname is the hostname of the Spacelift tenant that tokens
// will originate from. E.g `example.app.spacelift.io`
Hostname string `protobuf:"bytes,2,opt,name=Hostname,proto3" json:"hostname,omitempty"`
// EnableGlobMatching enables glob-style matching for the space_id and
// caller_id fields in the rules.
EnableGlobMatching bool `protobuf:"varint,3,opt,name=EnableGlobMatching,proto3" json:"enable_glob_matching,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2Spacelift) Reset() { *m = ProvisionTokenSpecV2Spacelift{} }
func (m *ProvisionTokenSpecV2Spacelift) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2Spacelift) ProtoMessage() {}
func (*ProvisionTokenSpecV2Spacelift) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{77}
}
func (m *ProvisionTokenSpecV2Spacelift) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2Spacelift) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2Spacelift.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2Spacelift) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2Spacelift.Merge(m, src)
}
func (m *ProvisionTokenSpecV2Spacelift) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2Spacelift) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2Spacelift.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2Spacelift proto.InternalMessageInfo
type ProvisionTokenSpecV2Spacelift_Rule struct {
// SpaceID is the ID of the space in which the run that owns the token was
// executed.
//
// This field supports "glob-style" matching when enable_glob_matching is true:
// - Use '*' to match zero or more characters.
// - Use '?' to match any single character.
SpaceID string `protobuf:"bytes,1,opt,name=SpaceID,proto3" json:"space_id,omitempty"`
// CallerID is the ID of the caller, ie. the stack or module that generated
// the run.
//
// This field supports "glob-style" matching when enable_glob_matching is true:
// - Use '*' to match zero or more characters.
// - Use '?' to match any single character.
CallerID string `protobuf:"bytes,2,opt,name=CallerID,proto3" json:"caller_id,omitempty"`
// CallerType is the type of the caller, ie. the entity that owns the run -
// either `stack` or `module`.
CallerType string `protobuf:"bytes,3,opt,name=CallerType,proto3" json:"caller_type,omitempty"`
// Scope is the scope of the token - either `read` or `write`.
// See https://docs.spacelift.io/integrations/cloud-providers/oidc/#about-scopes
Scope string `protobuf:"bytes,4,opt,name=Scope,proto3" json:"scope,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2Spacelift_Rule) Reset() { *m = ProvisionTokenSpecV2Spacelift_Rule{} }
func (m *ProvisionTokenSpecV2Spacelift_Rule) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2Spacelift_Rule) ProtoMessage() {}
func (*ProvisionTokenSpecV2Spacelift_Rule) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{77, 0}
}
func (m *ProvisionTokenSpecV2Spacelift_Rule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2Spacelift_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2Spacelift_Rule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2Spacelift_Rule) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2Spacelift_Rule.Merge(m, src)
}
func (m *ProvisionTokenSpecV2Spacelift_Rule) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2Spacelift_Rule) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2Spacelift_Rule.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2Spacelift_Rule proto.InternalMessageInfo
// ProvisionTokenSpecV2Kubernetes contains the Kubernetes-specific part of the
// ProvisionTokenSpecV2
type ProvisionTokenSpecV2Kubernetes struct {
// Allow is a list of Rules, nodes using this token must match one
// allow rule to use this token.
Allow []*ProvisionTokenSpecV2Kubernetes_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
// Type controls which behavior should be used for validating the Kubernetes
// Service Account token. Support values:
// - `in_cluster`
// - `static_jwks`
// - `oidc`
// If unset, this defaults to `in_cluster`.
Type KubernetesJoinType `protobuf:"bytes,2,opt,name=Type,proto3,casttype=KubernetesJoinType" json:"type,omitempty"`
// StaticJWKS is the configuration specific to the `static_jwks` type.
StaticJWKS *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig `protobuf:"bytes,3,opt,name=StaticJWKS,proto3" json:"static_jwks,omitempty"`
// OIDCConfig configures the `oidc` type.
OIDC *ProvisionTokenSpecV2Kubernetes_OIDCConfig `protobuf:"bytes,4,opt,name=OIDC,proto3" json:"oidc,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2Kubernetes) Reset() { *m = ProvisionTokenSpecV2Kubernetes{} }
func (m *ProvisionTokenSpecV2Kubernetes) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2Kubernetes) ProtoMessage() {}
func (*ProvisionTokenSpecV2Kubernetes) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{78}
}
func (m *ProvisionTokenSpecV2Kubernetes) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2Kubernetes) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2Kubernetes.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2Kubernetes) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2Kubernetes.Merge(m, src)
}
func (m *ProvisionTokenSpecV2Kubernetes) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2Kubernetes) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2Kubernetes.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2Kubernetes proto.InternalMessageInfo
type ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig struct {
// JWKS should be the JSON Web Key Set formatted public keys of that the
// Kubernetes Cluster uses to sign service account tokens.
// This can be fetched from /openid/v1/jwks on the Kubernetes API Server.
JWKS string `protobuf:"bytes,1,opt,name=JWKS,proto3" json:"jwks,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) Reset() {
*m = ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig{}
}
func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) String() string {
return proto.CompactTextString(m)
}
func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) ProtoMessage() {}
func (*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{78, 0}
}
func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig.Merge(m, src)
}
func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig proto.InternalMessageInfo
type ProvisionTokenSpecV2Kubernetes_OIDCConfig struct {
// Issuer is the URI of the OIDC issuer. It must have an accessible and
// OIDC-compliant `/.well-known/oidc-configuration` endpoint. This should
// be a valid URL and must exactly match the `issuer` field in a service
// account JWT. For example:
// https://oidc.eks.us-west-2.amazonaws.com/id/12345...
Issuer string `protobuf:"bytes,1,opt,name=Issuer,proto3" json:"issuer,omitempty"`
// InsecureAllowHTTPIssuer is a flag that, if set, disables the requirement
// that the issuer must use HTTPS.
InsecureAllowHTTPIssuer bool `protobuf:"varint,2,opt,name=InsecureAllowHTTPIssuer,proto3" json:"insecure_allow_http_issuer"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2Kubernetes_OIDCConfig) Reset() {
*m = ProvisionTokenSpecV2Kubernetes_OIDCConfig{}
}
func (m *ProvisionTokenSpecV2Kubernetes_OIDCConfig) String() string {
return proto.CompactTextString(m)
}
func (*ProvisionTokenSpecV2Kubernetes_OIDCConfig) ProtoMessage() {}
func (*ProvisionTokenSpecV2Kubernetes_OIDCConfig) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{78, 1}
}
func (m *ProvisionTokenSpecV2Kubernetes_OIDCConfig) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2Kubernetes_OIDCConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2Kubernetes_OIDCConfig.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2Kubernetes_OIDCConfig) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2Kubernetes_OIDCConfig.Merge(m, src)
}
func (m *ProvisionTokenSpecV2Kubernetes_OIDCConfig) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2Kubernetes_OIDCConfig) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2Kubernetes_OIDCConfig.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2Kubernetes_OIDCConfig proto.InternalMessageInfo
// Rule is a set of properties the Kubernetes-issued token might have to be
// allowed to use this ProvisionToken
type ProvisionTokenSpecV2Kubernetes_Rule struct {
// ServiceAccount is the namespaced name of the Kubernetes service account.
// Its format is "namespace:service-account".
ServiceAccount string `protobuf:"bytes,1,opt,name=ServiceAccount,proto3" json:"service_account,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2Kubernetes_Rule) Reset() { *m = ProvisionTokenSpecV2Kubernetes_Rule{} }
func (m *ProvisionTokenSpecV2Kubernetes_Rule) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2Kubernetes_Rule) ProtoMessage() {}
func (*ProvisionTokenSpecV2Kubernetes_Rule) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{78, 2}
}
func (m *ProvisionTokenSpecV2Kubernetes_Rule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2Kubernetes_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2Kubernetes_Rule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2Kubernetes_Rule) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2Kubernetes_Rule.Merge(m, src)
}
func (m *ProvisionTokenSpecV2Kubernetes_Rule) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2Kubernetes_Rule) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2Kubernetes_Rule.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2Kubernetes_Rule proto.InternalMessageInfo
// ProvisionTokenSpecV2Azure contains the Azure-specific part of the
// ProvisionTokenSpecV2.
type ProvisionTokenSpecV2Azure struct {
// Allow is a list of Rules, nodes using this token must match one
// allow rule to use this token.
Allow []*ProvisionTokenSpecV2Azure_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2Azure) Reset() { *m = ProvisionTokenSpecV2Azure{} }
func (m *ProvisionTokenSpecV2Azure) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2Azure) ProtoMessage() {}
func (*ProvisionTokenSpecV2Azure) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{79}
}
func (m *ProvisionTokenSpecV2Azure) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2Azure) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2Azure.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2Azure) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2Azure.Merge(m, src)
}
func (m *ProvisionTokenSpecV2Azure) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2Azure) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2Azure.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2Azure proto.InternalMessageInfo
// Rule is a set of properties the Azure-issued token might have to be
// allowed to use this ProvisionToken.
type ProvisionTokenSpecV2Azure_Rule struct {
// Subscription is the Azure subscription.
Subscription string `protobuf:"bytes,1,opt,name=Subscription,proto3" json:"subscription,omitempty"`
// ResourceGroups is a list of Azure resource groups the node is allowed
// to join from.
ResourceGroups []string `protobuf:"bytes,2,rep,name=ResourceGroups,proto3" json:"resource_groups,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2Azure_Rule) Reset() { *m = ProvisionTokenSpecV2Azure_Rule{} }
func (m *ProvisionTokenSpecV2Azure_Rule) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2Azure_Rule) ProtoMessage() {}
func (*ProvisionTokenSpecV2Azure_Rule) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{79, 0}
}
func (m *ProvisionTokenSpecV2Azure_Rule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2Azure_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2Azure_Rule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2Azure_Rule) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2Azure_Rule.Merge(m, src)
}
func (m *ProvisionTokenSpecV2Azure_Rule) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2Azure_Rule) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2Azure_Rule.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2Azure_Rule proto.InternalMessageInfo
// ProvisionTokenSpecV2GCP contains the GCP-specific part of the
// ProvisionTokenSpecV2.
type ProvisionTokenSpecV2GCP struct {
// Allow is a list of Rules, nodes using this token must match one
// allow rule to use this token.
Allow []*ProvisionTokenSpecV2GCP_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2GCP) Reset() { *m = ProvisionTokenSpecV2GCP{} }
func (m *ProvisionTokenSpecV2GCP) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2GCP) ProtoMessage() {}
func (*ProvisionTokenSpecV2GCP) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{80}
}
func (m *ProvisionTokenSpecV2GCP) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2GCP) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2GCP.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2GCP) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2GCP.Merge(m, src)
}
func (m *ProvisionTokenSpecV2GCP) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2GCP) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2GCP.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2GCP proto.InternalMessageInfo
// Rule is a set of properties the GCP-ussued token might have to be allowed
// to use this ProvisionToken.
type ProvisionTokenSpecV2GCP_Rule struct {
// ProjectIDs is a list of project IDs (e.g. `<example-id-123456>`).
ProjectIDs []string `protobuf:"bytes,1,rep,name=ProjectIDs,proto3" json:"project_ids,omitempty"`
// Locations is a list of regions (e.g. "us-west1") and/or zones (e.g.
// "us-west1-b").
Locations []string `protobuf:"bytes,2,rep,name=Locations,proto3" json:"locations,omitempty"`
// ServiceAccounts is a list of service account emails (e.g.
// `<project-number>-compute@developer.gserviceaccount.com`).
ServiceAccounts []string `protobuf:"bytes,3,rep,name=ServiceAccounts,proto3" json:"service_accounts,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2GCP_Rule) Reset() { *m = ProvisionTokenSpecV2GCP_Rule{} }
func (m *ProvisionTokenSpecV2GCP_Rule) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2GCP_Rule) ProtoMessage() {}
func (*ProvisionTokenSpecV2GCP_Rule) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{80, 0}
}
func (m *ProvisionTokenSpecV2GCP_Rule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2GCP_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2GCP_Rule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2GCP_Rule) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2GCP_Rule.Merge(m, src)
}
func (m *ProvisionTokenSpecV2GCP_Rule) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2GCP_Rule) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2GCP_Rule.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2GCP_Rule proto.InternalMessageInfo
// ProvisionTokenSpecV2Terraform contains Terraform-specific parts of the
// ProvisionTokenSpecV2.
type ProvisionTokenSpecV2TerraformCloud struct {
// Allow is a list of Rules, nodes using this token must match one
// allow rule to use this token.
Allow []*ProvisionTokenSpecV2TerraformCloud_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
// Audience is the JWT audience as configured in the
// TFC_WORKLOAD_IDENTITY_AUDIENCE(_$TAG) variable in Terraform Cloud. If
// unset, defaults to the Teleport cluster name.
// For example, if `TFC_WORKLOAD_IDENTITY_AUDIENCE_TELEPORT=foo` is set in
// Terraform Cloud, this value should be `foo`. If the variable is set to
// match the cluster name, it does not need to be set here.
Audience string `protobuf:"bytes,2,opt,name=Audience,proto3" json:"audience,omitempty"`
// Hostname is the hostname of the Terraform Enterprise instance expected to
// issue JWTs allowed by this token. This may be unset for regular Terraform
// Cloud use, in which case it will be assumed to be `app.terraform.io`.
// Otherwise, it must both match the `iss` (issuer) field included in JWTs,
// and provide standard JWKS endpoints.
Hostname string `protobuf:"bytes,3,opt,name=Hostname,proto3" json:"hostname,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2TerraformCloud) Reset() { *m = ProvisionTokenSpecV2TerraformCloud{} }
func (m *ProvisionTokenSpecV2TerraformCloud) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2TerraformCloud) ProtoMessage() {}
func (*ProvisionTokenSpecV2TerraformCloud) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{81}
}
func (m *ProvisionTokenSpecV2TerraformCloud) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2TerraformCloud) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2TerraformCloud.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2TerraformCloud) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2TerraformCloud.Merge(m, src)
}
func (m *ProvisionTokenSpecV2TerraformCloud) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2TerraformCloud) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2TerraformCloud.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2TerraformCloud proto.InternalMessageInfo
// Rule is a set of properties the Terraform-issued token might have to be
// allowed to use this ProvisionToken.
type ProvisionTokenSpecV2TerraformCloud_Rule struct {
// OrganizationID is the ID of the HCP Terraform organization. At least
// one organization value is required, either ID or name.
OrganizationID string `protobuf:"bytes,1,opt,name=OrganizationID,proto3" json:"organization_id,omitempty"`
// OrganizationName is the human-readable name of the HCP Terraform
// organization. At least one organization value is required, either ID or
// name.
OrganizationName string `protobuf:"bytes,2,opt,name=OrganizationName,proto3" json:"organization_name,omitempty"`
// ProjectID is the ID of the HCP Terraform project. At least one project or
// workspace value is required, either ID or name.
ProjectID string `protobuf:"bytes,3,opt,name=ProjectID,proto3" json:"project_id,omitempty"`
// ProjectName is the human-readable name for the HCP Terraform project. At
// least one project or workspace value is required, either ID or name.
ProjectName string `protobuf:"bytes,4,opt,name=ProjectName,proto3" json:"project_name,omitempty"`
// WorkspaceID is the ID of the HCP Terraform workspace. At least one
// project or workspace value is required, either ID or name.
WorkspaceID string `protobuf:"bytes,5,opt,name=WorkspaceID,proto3" json:"workspace_id,omitempty"`
// WorkspaceName is the human-readable name of the HCP Terraform workspace.
// At least one project or workspace value is required, either ID or name.
WorkspaceName string `protobuf:"bytes,6,opt,name=WorkspaceName,proto3" json:"workspace_name,omitempty"`
// RunPhase is the phase of the run the token was issued for, e.g. `plan` or
// `apply`
RunPhase string `protobuf:"bytes,7,opt,name=RunPhase,proto3" json:"run_phase,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2TerraformCloud_Rule) Reset() {
*m = ProvisionTokenSpecV2TerraformCloud_Rule{}
}
func (m *ProvisionTokenSpecV2TerraformCloud_Rule) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2TerraformCloud_Rule) ProtoMessage() {}
func (*ProvisionTokenSpecV2TerraformCloud_Rule) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{81, 0}
}
func (m *ProvisionTokenSpecV2TerraformCloud_Rule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2TerraformCloud_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2TerraformCloud_Rule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2TerraformCloud_Rule) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2TerraformCloud_Rule.Merge(m, src)
}
func (m *ProvisionTokenSpecV2TerraformCloud_Rule) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2TerraformCloud_Rule) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2TerraformCloud_Rule.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2TerraformCloud_Rule proto.InternalMessageInfo
type ProvisionTokenSpecV2Bitbucket struct {
// Allow is a list of Rules, nodes using this token must match one
// allow rule to use this token.
Allow []*ProvisionTokenSpecV2Bitbucket_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
// Audience is a Bitbucket-specified audience value for this token. It is
// unique to each Bitbucket repository, and must be set to the value as
// written in the Pipelines -> OpenID Connect section of the repository
// settings.
Audience string `protobuf:"bytes,2,opt,name=Audience,proto3" json:"audience,omitempty"`
// IdentityProviderURL is a Bitbucket-specified issuer URL for incoming OIDC
// tokens. It is unique to each Bitbucket repository, and must be set to the
// value as written in the Pipelines -> OpenID Connect section of the
// repository settings.
IdentityProviderURL string `protobuf:"bytes,3,opt,name=IdentityProviderURL,proto3" json:"identity_provider_url,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2Bitbucket) Reset() { *m = ProvisionTokenSpecV2Bitbucket{} }
func (m *ProvisionTokenSpecV2Bitbucket) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2Bitbucket) ProtoMessage() {}
func (*ProvisionTokenSpecV2Bitbucket) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{82}
}
func (m *ProvisionTokenSpecV2Bitbucket) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2Bitbucket) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2Bitbucket.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2Bitbucket) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2Bitbucket.Merge(m, src)
}
func (m *ProvisionTokenSpecV2Bitbucket) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2Bitbucket) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2Bitbucket.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2Bitbucket proto.InternalMessageInfo
// Rule is a set of properties the Bitbucket-issued token might have to be
// allowed to use this ProvisionToken.
type ProvisionTokenSpecV2Bitbucket_Rule struct {
// WorkspaceUUID is the UUID of the workspace for which this token was
// issued. Bitbucket UUIDs must begin and end with braces, e.g. `{...}`.
// This value may be found in the Pipelines -> OpenID Connect section of the
// repository settings.
WorkspaceUUID string `protobuf:"bytes,1,opt,name=WorkspaceUUID,proto3" json:"workspace_uuid,omitempty"`
// RepositoryUUID is the UUID of the repository for which this token was
// issued. Bitbucket UUIDs must begin and end with braces, e.g. `{...}`.
// This value may be found in the Pipelines -> OpenID Connect section of the
// repository settings.
RepositoryUUID string `protobuf:"bytes,2,opt,name=RepositoryUUID,proto3" json:"repository_uuid,omitempty"`
// DeploymentEnvironmentUUID is the UUID of the deployment environment
// targeted by this pipelines run, if any. These values may be found in the
// "Pipelines -> OpenID Connect -> Deployment environments" section of the
// repository settings.
DeploymentEnvironmentUUID string `protobuf:"bytes,3,opt,name=DeploymentEnvironmentUUID,proto3" json:"deployment_environment_uuid,omitempty"`
// BranchName is the name of the branch on which this pipeline executed.
BranchName string `protobuf:"bytes,4,opt,name=BranchName,proto3" json:"branch_name,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2Bitbucket_Rule) Reset() { *m = ProvisionTokenSpecV2Bitbucket_Rule{} }
func (m *ProvisionTokenSpecV2Bitbucket_Rule) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2Bitbucket_Rule) ProtoMessage() {}
func (*ProvisionTokenSpecV2Bitbucket_Rule) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{82, 0}
}
func (m *ProvisionTokenSpecV2Bitbucket_Rule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2Bitbucket_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2Bitbucket_Rule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2Bitbucket_Rule) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2Bitbucket_Rule.Merge(m, src)
}
func (m *ProvisionTokenSpecV2Bitbucket_Rule) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2Bitbucket_Rule) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2Bitbucket_Rule.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2Bitbucket_Rule proto.InternalMessageInfo
// ProvisionTokenSpecV2Oracle contains Oracle-specific parts of the
// ProvisionTokenSpecV2.
type ProvisionTokenSpecV2Oracle struct {
// Allow is a list of Rules, nodes using this token must match one
// allow rule to use this token.
Allow []*ProvisionTokenSpecV2Oracle_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2Oracle) Reset() { *m = ProvisionTokenSpecV2Oracle{} }
func (m *ProvisionTokenSpecV2Oracle) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2Oracle) ProtoMessage() {}
func (*ProvisionTokenSpecV2Oracle) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{83}
}
func (m *ProvisionTokenSpecV2Oracle) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2Oracle) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2Oracle.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2Oracle) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2Oracle.Merge(m, src)
}
func (m *ProvisionTokenSpecV2Oracle) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2Oracle) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2Oracle.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2Oracle proto.InternalMessageInfo
// Rule is a set of properties the Oracle instance might have to be allowed
// to use this ProvisionToken.
type ProvisionTokenSpecV2Oracle_Rule struct {
// Tenancy is the OCID of the instance's tenancy. Required.
Tenancy string `protobuf:"bytes,1,opt,name=Tenancy,proto3" json:"tenancy"`
// ParentCompartments is a list of the OCIDs of compartments an instance is
// allowed to join from. Only direct parents are allowed, i.e. no nested
// compartments. If empty, any compartment is allowed.
ParentCompartments []string `protobuf:"bytes,2,rep,name=ParentCompartments,proto3" json:"parent_compartments,omitempty"`
// Regions is a list of regions an instance is allowed to join from. Both
// full region names ("us-phoenix-1") and abbreviations ("phx") are allowed.
// If empty, any region is allowed.
Regions []string `protobuf:"bytes,3,rep,name=Regions,proto3" json:"regions,omitempty"`
// Instances is a list of the OCIDs of specific instances that are allowed
// to join. If empty, any instance matching the other fields in the rule is allowed.
// Limited to 100 instance OCIDs per rule.
Instances []string `protobuf:"bytes,4,rep,name=Instances,proto3" json:"instances,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2Oracle_Rule) Reset() { *m = ProvisionTokenSpecV2Oracle_Rule{} }
func (m *ProvisionTokenSpecV2Oracle_Rule) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2Oracle_Rule) ProtoMessage() {}
func (*ProvisionTokenSpecV2Oracle_Rule) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{83, 0}
}
func (m *ProvisionTokenSpecV2Oracle_Rule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2Oracle_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2Oracle_Rule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2Oracle_Rule) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2Oracle_Rule.Merge(m, src)
}
func (m *ProvisionTokenSpecV2Oracle_Rule) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2Oracle_Rule) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2Oracle_Rule.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2Oracle_Rule proto.InternalMessageInfo
// ProvisionTokenSpecV2Env0 contains env0-specific parts of the
// ProvisionTokenSpecV2.
type ProvisionTokenSpecV2Env0 struct {
// Allow is a list of Rules, jobs using this token must match at least one
// allow rule to use this token.
Allow []*ProvisionTokenSpecV2Env0_Rule `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2Env0) Reset() { *m = ProvisionTokenSpecV2Env0{} }
func (m *ProvisionTokenSpecV2Env0) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2Env0) ProtoMessage() {}
func (*ProvisionTokenSpecV2Env0) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{84}
}
func (m *ProvisionTokenSpecV2Env0) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2Env0) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2Env0.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2Env0) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2Env0.Merge(m, src)
}
func (m *ProvisionTokenSpecV2Env0) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2Env0) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2Env0.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2Env0 proto.InternalMessageInfo
// Rule is a set of properties the env0 environment might have to be allowed
// to use this provision token.
type ProvisionTokenSpecV2Env0_Rule struct {
// OrganizationID is the unique organization identifier, corresponding to
// `organizationId` in an Env0 OIDC token.
OrganizationID string `protobuf:"bytes,1,opt,name=OrganizationID,proto3" json:"organization_id,omitempty"`
// ProjectID is a unique project identifier, corresponding to `projectId` in
// an Env0 OIDC token.
ProjectID string `protobuf:"bytes,2,opt,name=ProjectID,proto3" json:"project_id,omitempty"`
// ProjectName is the name of the project under which the job was run
// corresponding to `projectName` in an Env0 OIDC token.
ProjectName string `protobuf:"bytes,3,opt,name=ProjectName,proto3" json:"project_name,omitempty"`
// TemplateID is the unique identifier of the Env0 template, corresponding
// to `templateId` in an Env0 OIDC token.
TemplateID string `protobuf:"bytes,4,opt,name=TemplateID,proto3" json:"template_id,omitempty"`
// TemplateName is the name of the Env0 template, corresponding to
// `templateName` in an Env0 OIDC token.
TemplateName string `protobuf:"bytes,5,opt,name=TemplateName,proto3" json:"template_name,omitempty"`
// EnvironmentID is the unique identifier of the Env0 environment,
// corresponding to `environmentId` in an Env0 OIDC token.
EnvironmentID string `protobuf:"bytes,6,opt,name=EnvironmentID,proto3" json:"environment_id,omitempty"`
// EnvironmentName is the name of the Env0 environment, corresponding to
// `environmentName` in an Env0 OIDC token.
EnvironmentName string `protobuf:"bytes,7,opt,name=EnvironmentName,proto3" json:"environment_name,omitempty"`
// WorkspaceName is the name of the Env0 workspace, corresponding to
// `workspaceName` in an Env0 OIDC token.
WorkspaceName string `protobuf:"bytes,8,opt,name=WorkspaceName,proto3" json:"workspace_name,omitempty"`
// DeploymentType is the env0 deployment type, such as "deploy", "destroy",
// etc. Corresponds to `deploymentType` in an Env0 OIDC token.
DeploymentType string `protobuf:"bytes,9,opt,name=DeploymentType,proto3" json:"deployment_type,omitempty"`
// DeployerEmail is the email of the person that triggered the deployment,
// corresponding to `deployerEmail` in an Env0 OIDC token.
DeployerEmail string `protobuf:"bytes,10,opt,name=DeployerEmail,proto3" json:"deployer_email,omitempty"`
// Env0Tag is a custom tag value corresponding to `env0Tag` when
// `ENV0_OIDC_TAG` is set.
Env0Tag string `protobuf:"bytes,11,opt,name=Env0Tag,proto3" json:"env0_tag,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2Env0_Rule) Reset() { *m = ProvisionTokenSpecV2Env0_Rule{} }
func (m *ProvisionTokenSpecV2Env0_Rule) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2Env0_Rule) ProtoMessage() {}
func (*ProvisionTokenSpecV2Env0_Rule) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{84, 0}
}
func (m *ProvisionTokenSpecV2Env0_Rule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2Env0_Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2Env0_Rule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2Env0_Rule) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2Env0_Rule.Merge(m, src)
}
func (m *ProvisionTokenSpecV2Env0_Rule) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2Env0_Rule) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2Env0_Rule.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2Env0_Rule proto.InternalMessageInfo
// ProvisionTokenSpecV2BoundKeypair contains configuration for bound_keypair
// type join tokens.
type ProvisionTokenSpecV2BoundKeypair struct {
// Onboarding contains parameters related to initial onboarding and keypair
// registration.
Onboarding *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec `protobuf:"bytes,1,opt,name=Onboarding,proto3" json:"onboarding"`
// Recovery contains parameters related to recovery after identity expiration.
Recovery *ProvisionTokenSpecV2BoundKeypair_RecoverySpec `protobuf:"bytes,2,opt,name=Recovery,proto3" json:"recovery"`
// RotateAfter is an optional timestamp that forces clients to perform a
// keypair rotation on the next join or recovery attempt after the given date.
// If `LastRotatedAt` is unset or before this timestamp, a rotation will be
// requested. It is recommended to set this value to the current timestamp if
// a rotation should be triggered on the next join attempt.
RotateAfter *time.Time `protobuf:"bytes,3,opt,name=RotateAfter,proto3,stdtime" json:"rotate_after,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2BoundKeypair) Reset() { *m = ProvisionTokenSpecV2BoundKeypair{} }
func (m *ProvisionTokenSpecV2BoundKeypair) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenSpecV2BoundKeypair) ProtoMessage() {}
func (*ProvisionTokenSpecV2BoundKeypair) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{85}
}
func (m *ProvisionTokenSpecV2BoundKeypair) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2BoundKeypair) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2BoundKeypair.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2BoundKeypair) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2BoundKeypair.Merge(m, src)
}
func (m *ProvisionTokenSpecV2BoundKeypair) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2BoundKeypair) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2BoundKeypair.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2BoundKeypair proto.InternalMessageInfo
// OnboardingSpec contains parameters for initial joining and keypair
// registration.
type ProvisionTokenSpecV2BoundKeypair_OnboardingSpec struct {
// InitialPublicKey is used to preregister a public key generated by
// `tbot keypair create`. When set, no initial join secret is generated or
// made available for use, and clients must have the associated private key
// available to join. If set, `initial_join_secret` and
// `must_register_before` are ignored. This value is written in SSH
// authorized_keys format.
InitialPublicKey string `protobuf:"bytes,1,opt,name=InitialPublicKey,proto3" json:"initial_public_key,omitempty"`
// RegistrationSecret is a secret joining clients may use to register their
// public key on first join, which may be used instead of preregistering a
// public key with `initial_public_key`. If `initial_public_key` is set,
// this value is ignored. Otherwise, if set, this value will be used to
// populate `.status.bound_keypair.registration_secret`. If unset and no
// `initial_public_key` is provided, a random secure value will be generated
// server-side to populate the status field.
RegistrationSecret string `protobuf:"bytes,2,opt,name=RegistrationSecret,proto3" json:"registration_secret,omitempty"`
// MustRegisterBefore is an optional time before which registration via
// initial join secret must be performed. Attempts to register using an
// initial join secret after this timestamp will not be allowed. This may be
// modified after creation if necessary to allow the initial registration to
// take place. This value is ignored if `initial_public_key` is set.
MustRegisterBefore *time.Time `protobuf:"bytes,3,opt,name=MustRegisterBefore,proto3,stdtime" json:"must_register_before,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) Reset() {
*m = ProvisionTokenSpecV2BoundKeypair_OnboardingSpec{}
}
func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) String() string {
return proto.CompactTextString(m)
}
func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) ProtoMessage() {}
func (*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{85, 0}
}
func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2BoundKeypair_OnboardingSpec.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2BoundKeypair_OnboardingSpec.Merge(m, src)
}
func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2BoundKeypair_OnboardingSpec.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2BoundKeypair_OnboardingSpec proto.InternalMessageInfo
// RecoverySpec contains parameters for recovery after identity expiration.
type ProvisionTokenSpecV2BoundKeypair_RecoverySpec struct {
// Limit is the maximum number of allowed recovery attempts. This value may
// be raised or lowered after creation to allow additional recovery attempts
// should the initial limit be exhausted. If `mode` is set to `standard`,
// recovery attempts will only be allowed if
// `.status.bound_keypair.recovery_count` is less than this limit. This
// limit is not enforced if `mode` is set to `relaxed` or `insecure`. This
// value must be at least 1 to allow for the initial join during onboarding,
// which counts as a recovery.
Limit uint32 `protobuf:"varint,1,opt,name=Limit,proto3" json:"limit"`
// Mode sets the recovery rule enforcement mode. It may be one of these
// values:
// - standard (or unset): all configured rules enforced. The recovery limit
// and client join state are required and verified. This is the most
// secure recovery mode.
// - relaxed: recovery limit is not enforced, but client join state is still
// required. This effectively allows unlimited recovery attempts, but
// client join state still helps mitigate stolen credentials.
// - insecure: neither the recovery limit nor client join state are
// enforced. This allows any client with the private key to join freely.
// This is less secure, but can be useful in certain situations, like in
// otherwise unsupported CI/CD providers. This mode should be used with
// care, and RBAC rules should be configured to heavily restrict which
// resources this identity can access.
Mode string `protobuf:"bytes,2,opt,name=Mode,proto3" json:"mode"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) Reset() {
*m = ProvisionTokenSpecV2BoundKeypair_RecoverySpec{}
}
func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) String() string {
return proto.CompactTextString(m)
}
func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) ProtoMessage() {}
func (*ProvisionTokenSpecV2BoundKeypair_RecoverySpec) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{85, 1}
}
func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenSpecV2BoundKeypair_RecoverySpec.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenSpecV2BoundKeypair_RecoverySpec.Merge(m, src)
}
func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenSpecV2BoundKeypair_RecoverySpec.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenSpecV2BoundKeypair_RecoverySpec proto.InternalMessageInfo
// ProvisionTokenStatusV2 contains status information about a particular
// ProvisionTokenV2. These fields should not be modified by end users.
type ProvisionTokenStatusV2 struct {
// BoundKeypair contains status information related to bound_keypair type
// tokens.
BoundKeypair *ProvisionTokenStatusV2BoundKeypair `protobuf:"bytes,1,opt,name=BoundKeypair,proto3" json:"bound_keypair,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenStatusV2) Reset() { *m = ProvisionTokenStatusV2{} }
func (m *ProvisionTokenStatusV2) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenStatusV2) ProtoMessage() {}
func (*ProvisionTokenStatusV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{86}
}
func (m *ProvisionTokenStatusV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenStatusV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenStatusV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenStatusV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenStatusV2.Merge(m, src)
}
func (m *ProvisionTokenStatusV2) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenStatusV2) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenStatusV2.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenStatusV2 proto.InternalMessageInfo
// ProvisionTokenStatusV2BoundKeypair contains status information specific to
// bound_keypair type tokens.
type ProvisionTokenStatusV2BoundKeypair struct {
// RegistrationSecret contains a secret value that may be used for public key
// registration during the initial join process if no public key is
// preregistered. If `.spec.bound_keypair.onboarding.initial_public_key`
// is set, this field will remain empty. Otherwise, if
// `.spec.bound_keypair.onboarding.registration_secret` is set, that value
// will be copied here. If that field is unset, a value will be randomly
// generated.
RegistrationSecret string `protobuf:"bytes,1,opt,name=RegistrationSecret,proto3" json:"registration_secret"`
// BoundPublicKey contains the currently bound public key. If
// `.spec.bound_keypair.onboarding.initial_public_key` is set, that value will
// be copied here on creation, otherwise it will be populated as part of
// public key registration process. This value will be updated over time if
// keypair rotation takes place, and will always reflect the currently trusted
// public key. This value is written in SSH authorized_keys format.
BoundPublicKey string `protobuf:"bytes,2,opt,name=BoundPublicKey,proto3" json:"bound_public_key"`
// BoundBotInstanceID is the ID of the currently associated bot instance. A
// new bot instance is issued on each join; the new bot instance will
// have a `previous_bot_instance` set to this value, if any.
BoundBotInstanceID string `protobuf:"bytes,3,opt,name=BoundBotInstanceID,proto3" json:"bound_bot_instance_id"`
// RecoveryCount is a count of the total number of recoveries performed using
// this token. It is incremented for every successful join or rejoin. Recovery
// is only allowed if this value is less than
// `.spec.bound_keypair.recovery.limit`, or if the recovery mode is `relaxed`
// or `insecure`.
RecoveryCount uint32 `protobuf:"varint,4,opt,name=RecoveryCount,proto3" json:"recovery_count"`
// LastRecoveredAt contains a timestamp of the last successful recovery
// attempt. Note that normal renewals with valid client certificates do not
// count as a recovery attempt, however the initial join during onboarding
// does. This corresponds with the last time `bound_bot_instance_id` was
// updated.
LastRecoveredAt *time.Time `protobuf:"bytes,5,opt,name=LastRecoveredAt,proto3,stdtime" json:"last_recovered_at,omitempty"`
// LastRotatedAt contains a timestamp of the last time the keypair was
// rotated, if any. This is not set at initial join.
LastRotatedAt *time.Time `protobuf:"bytes,6,opt,name=LastRotatedAt,proto3,stdtime" json:"last_rotated_at,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProvisionTokenStatusV2BoundKeypair) Reset() { *m = ProvisionTokenStatusV2BoundKeypair{} }
func (m *ProvisionTokenStatusV2BoundKeypair) String() string { return proto.CompactTextString(m) }
func (*ProvisionTokenStatusV2BoundKeypair) ProtoMessage() {}
func (*ProvisionTokenStatusV2BoundKeypair) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{87}
}
func (m *ProvisionTokenStatusV2BoundKeypair) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProvisionTokenStatusV2BoundKeypair) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProvisionTokenStatusV2BoundKeypair.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProvisionTokenStatusV2BoundKeypair) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProvisionTokenStatusV2BoundKeypair.Merge(m, src)
}
func (m *ProvisionTokenStatusV2BoundKeypair) XXX_Size() int {
return m.Size()
}
func (m *ProvisionTokenStatusV2BoundKeypair) XXX_DiscardUnknown() {
xxx_messageInfo_ProvisionTokenStatusV2BoundKeypair.DiscardUnknown(m)
}
var xxx_messageInfo_ProvisionTokenStatusV2BoundKeypair proto.InternalMessageInfo
// StaticTokensV2 implements the StaticTokens interface.
type StaticTokensV2 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some csd presources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is version
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is a provisioning token V2 spec
Spec StaticTokensSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *StaticTokensV2) Reset() { *m = StaticTokensV2{} }
func (*StaticTokensV2) ProtoMessage() {}
func (*StaticTokensV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{88}
}
func (m *StaticTokensV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *StaticTokensV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_StaticTokensV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *StaticTokensV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_StaticTokensV2.Merge(m, src)
}
func (m *StaticTokensV2) XXX_Size() int {
return m.Size()
}
func (m *StaticTokensV2) XXX_DiscardUnknown() {
xxx_messageInfo_StaticTokensV2.DiscardUnknown(m)
}
var xxx_messageInfo_StaticTokensV2 proto.InternalMessageInfo
// StaticTokensSpecV2 is the actual data we care about for StaticTokensSpecV2.
type StaticTokensSpecV2 struct {
// StaticTokens is a list of tokens that can be used to add nodes to the
// cluster.
StaticTokens []ProvisionTokenV1 `protobuf:"bytes,1,rep,name=StaticTokens,proto3" json:"static_tokens"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *StaticTokensSpecV2) Reset() { *m = StaticTokensSpecV2{} }
func (m *StaticTokensSpecV2) String() string { return proto.CompactTextString(m) }
func (*StaticTokensSpecV2) ProtoMessage() {}
func (*StaticTokensSpecV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{89}
}
func (m *StaticTokensSpecV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *StaticTokensSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_StaticTokensSpecV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *StaticTokensSpecV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_StaticTokensSpecV2.Merge(m, src)
}
func (m *StaticTokensSpecV2) XXX_Size() int {
return m.Size()
}
func (m *StaticTokensSpecV2) XXX_DiscardUnknown() {
xxx_messageInfo_StaticTokensSpecV2.DiscardUnknown(m)
}
var xxx_messageInfo_StaticTokensSpecV2 proto.InternalMessageInfo
// ClusterNameV2 implements the ClusterName interface.
type ClusterNameV2 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is version
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is a cluster name V2 spec
Spec ClusterNameSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ClusterNameV2) Reset() { *m = ClusterNameV2{} }
func (*ClusterNameV2) ProtoMessage() {}
func (*ClusterNameV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{90}
}
func (m *ClusterNameV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ClusterNameV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ClusterNameV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ClusterNameV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_ClusterNameV2.Merge(m, src)
}
func (m *ClusterNameV2) XXX_Size() int {
return m.Size()
}
func (m *ClusterNameV2) XXX_DiscardUnknown() {
xxx_messageInfo_ClusterNameV2.DiscardUnknown(m)
}
var xxx_messageInfo_ClusterNameV2 proto.InternalMessageInfo
// ClusterNameSpecV2 is the actual data we care about for ClusterName.
type ClusterNameSpecV2 struct {
// ClusterName is the name of the cluster. Changing this value once the
// cluster is setup can and will cause catastrophic problems.
ClusterName string `protobuf:"bytes,1,opt,name=ClusterName,proto3" json:"cluster_name"`
// ClusterID is the unique cluster ID that is set once during the first
// Auth Service startup.
ClusterID string `protobuf:"bytes,2,opt,name=ClusterID,proto3" json:"cluster_id"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ClusterNameSpecV2) Reset() { *m = ClusterNameSpecV2{} }
func (m *ClusterNameSpecV2) String() string { return proto.CompactTextString(m) }
func (*ClusterNameSpecV2) ProtoMessage() {}
func (*ClusterNameSpecV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{91}
}
func (m *ClusterNameSpecV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ClusterNameSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ClusterNameSpecV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ClusterNameSpecV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_ClusterNameSpecV2.Merge(m, src)
}
func (m *ClusterNameSpecV2) XXX_Size() int {
return m.Size()
}
func (m *ClusterNameSpecV2) XXX_DiscardUnknown() {
xxx_messageInfo_ClusterNameSpecV2.DiscardUnknown(m)
}
var xxx_messageInfo_ClusterNameSpecV2 proto.InternalMessageInfo
// ClusterAuditConfigV2 represents audit log settings in the cluster.
type ClusterAuditConfigV2 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is a resource version
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is a ClusterAuditConfig specification
Spec ClusterAuditConfigSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ClusterAuditConfigV2) Reset() { *m = ClusterAuditConfigV2{} }
func (m *ClusterAuditConfigV2) String() string { return proto.CompactTextString(m) }
func (*ClusterAuditConfigV2) ProtoMessage() {}
func (*ClusterAuditConfigV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{92}
}
func (m *ClusterAuditConfigV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ClusterAuditConfigV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ClusterAuditConfigV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ClusterAuditConfigV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_ClusterAuditConfigV2.Merge(m, src)
}
func (m *ClusterAuditConfigV2) XXX_Size() int {
return m.Size()
}
func (m *ClusterAuditConfigV2) XXX_DiscardUnknown() {
xxx_messageInfo_ClusterAuditConfigV2.DiscardUnknown(m)
}
var xxx_messageInfo_ClusterAuditConfigV2 proto.InternalMessageInfo
// ClusterAuditConfigSpecV2 is the actual data we care about
// for ClusterAuditConfig.
type ClusterAuditConfigSpecV2 struct {
// Type is audit backend type
Type string `protobuf:"bytes,1,opt,name=Type,proto3" json:"type,omitempty"`
// Region is a region setting for audit sessions used by cloud providers
Region string `protobuf:"bytes,2,opt,name=Region,proto3" json:"region,omitempty"`
// AuditSessionsURI is a parameter where to upload sessions
AuditSessionsURI string `protobuf:"bytes,3,opt,name=AuditSessionsURI,proto3" json:"audit_sessions_uri,omitempty"`
// AuditEventsURI is a parameter with all supported outputs
// for audit events
AuditEventsURI github_com_gravitational_teleport_api_types_wrappers.Strings `protobuf:"bytes,4,opt,name=AuditEventsURI,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Strings" json:"audit_events_uri,omitempty"`
// EnableContinuousBackups is used to enable (or disable) PITR (Point-In-Time Recovery).
EnableContinuousBackups bool `protobuf:"varint,6,opt,name=EnableContinuousBackups,proto3" json:"continuous_backups,omitempty"`
// EnableAutoScaling is used to enable (or disable) auto scaling policy.
EnableAutoScaling bool `protobuf:"varint,7,opt,name=EnableAutoScaling,proto3" json:"auto_scaling,omitempty"`
// ReadMaxCapacity is the maximum provisioned read capacity.
ReadMaxCapacity int64 `protobuf:"varint,8,opt,name=ReadMaxCapacity,proto3" json:"read_max_capacity,omitempty"`
// ReadMinCapacity is the minimum provisioned read capacity.
ReadMinCapacity int64 `protobuf:"varint,9,opt,name=ReadMinCapacity,proto3" json:"read_min_capacity,omitempty"`
// ReadTargetValue is the ratio of consumed read to provisioned capacity.
ReadTargetValue float64 `protobuf:"fixed64,10,opt,name=ReadTargetValue,proto3" json:"read_target_value,omitempty"`
// WriteMaxCapacity is the maximum provisioned write capacity.
WriteMaxCapacity int64 `protobuf:"varint,11,opt,name=WriteMaxCapacity,proto3" json:"write_max_capacity,omitempty"`
// WriteMinCapacity is the minimum provisioned write capacity.
WriteMinCapacity int64 `protobuf:"varint,12,opt,name=WriteMinCapacity,proto3" json:"write_min_capacity,omitempty"`
// WriteTargetValue is the ratio of consumed write to provisioned capacity.
WriteTargetValue float64 `protobuf:"fixed64,13,opt,name=WriteTargetValue,proto3" json:"write_target_value,omitempty"`
// RetentionPeriod is the retention period for audit events.
RetentionPeriod Duration `protobuf:"varint,14,opt,name=RetentionPeriod,proto3,casttype=Duration" json:"retention_period"`
// UseFIPSEndpoint configures AWS endpoints to use FIPS.
UseFIPSEndpoint ClusterAuditConfigSpecV2_FIPSEndpointState `protobuf:"varint,15,opt,name=UseFIPSEndpoint,proto3,enum=types.ClusterAuditConfigSpecV2_FIPSEndpointState" json:"use_fips_endpoint,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ClusterAuditConfigSpecV2) Reset() { *m = ClusterAuditConfigSpecV2{} }
func (m *ClusterAuditConfigSpecV2) String() string { return proto.CompactTextString(m) }
func (*ClusterAuditConfigSpecV2) ProtoMessage() {}
func (*ClusterAuditConfigSpecV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{93}
}
func (m *ClusterAuditConfigSpecV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ClusterAuditConfigSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ClusterAuditConfigSpecV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ClusterAuditConfigSpecV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_ClusterAuditConfigSpecV2.Merge(m, src)
}
func (m *ClusterAuditConfigSpecV2) XXX_Size() int {
return m.Size()
}
func (m *ClusterAuditConfigSpecV2) XXX_DiscardUnknown() {
xxx_messageInfo_ClusterAuditConfigSpecV2.DiscardUnknown(m)
}
var xxx_messageInfo_ClusterAuditConfigSpecV2 proto.InternalMessageInfo
// ClusterNetworkingConfigV2 contains cluster-wide networking configuration.
type ClusterNetworkingConfigV2 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version. It must be specified.
// Supported values are:`v2`.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is a ClusterNetworkingConfig specification
Spec ClusterNetworkingConfigSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ClusterNetworkingConfigV2) Reset() { *m = ClusterNetworkingConfigV2{} }
func (m *ClusterNetworkingConfigV2) String() string { return proto.CompactTextString(m) }
func (*ClusterNetworkingConfigV2) ProtoMessage() {}
func (*ClusterNetworkingConfigV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{94}
}
func (m *ClusterNetworkingConfigV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ClusterNetworkingConfigV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ClusterNetworkingConfigV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ClusterNetworkingConfigV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_ClusterNetworkingConfigV2.Merge(m, src)
}
func (m *ClusterNetworkingConfigV2) XXX_Size() int {
return m.Size()
}
func (m *ClusterNetworkingConfigV2) XXX_DiscardUnknown() {
xxx_messageInfo_ClusterNetworkingConfigV2.DiscardUnknown(m)
}
var xxx_messageInfo_ClusterNetworkingConfigV2 proto.InternalMessageInfo
// ClusterNetworkingConfigSpecV2 is the actual data we care about
// for ClusterNetworkingConfig.
type ClusterNetworkingConfigSpecV2 struct {
// ClientIdleTimeout sets global cluster default setting for client idle
// timeouts.
ClientIdleTimeout Duration `protobuf:"varint,1,opt,name=ClientIdleTimeout,proto3,casttype=Duration" json:"client_idle_timeout"`
// KeepAliveInterval is the interval at which the server sends keep-alive messages
// to the client.
KeepAliveInterval Duration `protobuf:"varint,2,opt,name=KeepAliveInterval,proto3,casttype=Duration" json:"keep_alive_interval"`
// KeepAliveCountMax is the number of keep-alive messages that can be
// missed before the server disconnects the connection to the client.
KeepAliveCountMax int64 `protobuf:"varint,3,opt,name=KeepAliveCountMax,proto3" json:"keep_alive_count_max"`
// SessionControlTimeout is the session control lease expiry and defines the
// upper limit of how long a node may be out of contact with the Auth Service
// before it begins terminating controlled sessions.
SessionControlTimeout Duration `protobuf:"varint,4,opt,name=SessionControlTimeout,proto3,casttype=Duration" json:"session_control_timeout"`
// ClientIdleTimeoutMessage is the message sent to the user when a connection times out.
ClientIdleTimeoutMessage string `protobuf:"bytes,5,opt,name=ClientIdleTimeoutMessage,proto3" json:"idle_timeout_message"`
// WebIdleTimeout sets global cluster default setting for the web UI idle
// timeouts.
WebIdleTimeout Duration `protobuf:"varint,6,opt,name=WebIdleTimeout,proto3,casttype=Duration" json:"web_idle_timeout"`
// ProxyListenerMode is proxy listener mode used by Teleport Proxies.
// 0 is "separate"; 1 is "multiplex".
ProxyListenerMode ProxyListenerMode `protobuf:"varint,7,opt,name=ProxyListenerMode,proto3,enum=types.ProxyListenerMode" json:"proxy_listener_mode,omitempty"`
// RoutingStrategy determines the strategy used to route to nodes.
// 0 is "unambiguous_match"; 1 is "most_recent".
RoutingStrategy RoutingStrategy `protobuf:"varint,8,opt,name=RoutingStrategy,proto3,enum=types.RoutingStrategy" json:"routing_strategy,omitempty"`
// TunnelStrategyV1 determines the tunnel strategy used in the cluster.
TunnelStrategy *TunnelStrategyV1 `protobuf:"bytes,9,opt,name=TunnelStrategy,proto3" json:"tunnel_strategy,omitempty"`
// ProxyPingInterval defines in which interval the TLS routing ping message
// should be sent. This is applicable only when using ping-wrapped
// connections, regular TLS routing connections are not affected.
ProxyPingInterval Duration `protobuf:"varint,10,opt,name=ProxyPingInterval,proto3,casttype=Duration" json:"proxy_ping_interval,omitempty"`
// AssistCommandExecutionWorkers determines the number of workers that will
// execute arbitrary Assist commands on servers in parallel
AssistCommandExecutionWorkers int32 `protobuf:"varint,11,opt,name=AssistCommandExecutionWorkers,proto3" json:"assist_command_execution_workers,omitempty"`
// CaseInsensitiveRouting causes proxies to use case-insensitive hostname matching.
CaseInsensitiveRouting bool `protobuf:"varint,12,opt,name=CaseInsensitiveRouting,proto3" json:"case_insensitive_routing,omitempty"`
// SSHDialTimeout is a custom dial timeout used when establishing
// SSH connections. If not set, the default timeout of 30s will be used.
SSHDialTimeout Duration `protobuf:"varint,13,opt,name=SSHDialTimeout,proto3,casttype=Duration" json:"ssh_dial_timeout,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ClusterNetworkingConfigSpecV2) Reset() { *m = ClusterNetworkingConfigSpecV2{} }
func (m *ClusterNetworkingConfigSpecV2) String() string { return proto.CompactTextString(m) }
func (*ClusterNetworkingConfigSpecV2) ProtoMessage() {}
func (*ClusterNetworkingConfigSpecV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{95}
}
func (m *ClusterNetworkingConfigSpecV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ClusterNetworkingConfigSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ClusterNetworkingConfigSpecV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ClusterNetworkingConfigSpecV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_ClusterNetworkingConfigSpecV2.Merge(m, src)
}
func (m *ClusterNetworkingConfigSpecV2) XXX_Size() int {
return m.Size()
}
func (m *ClusterNetworkingConfigSpecV2) XXX_DiscardUnknown() {
xxx_messageInfo_ClusterNetworkingConfigSpecV2.DiscardUnknown(m)
}
var xxx_messageInfo_ClusterNetworkingConfigSpecV2 proto.InternalMessageInfo
// TunnelStrategyV1 defines possible tunnel strategy types.
type TunnelStrategyV1 struct {
// Types that are valid to be assigned to Strategy:
// *TunnelStrategyV1_AgentMesh
// *TunnelStrategyV1_ProxyPeering
Strategy isTunnelStrategyV1_Strategy `protobuf_oneof:"Strategy"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *TunnelStrategyV1) Reset() { *m = TunnelStrategyV1{} }
func (m *TunnelStrategyV1) String() string { return proto.CompactTextString(m) }
func (*TunnelStrategyV1) ProtoMessage() {}
func (*TunnelStrategyV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{96}
}
func (m *TunnelStrategyV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *TunnelStrategyV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_TunnelStrategyV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *TunnelStrategyV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_TunnelStrategyV1.Merge(m, src)
}
func (m *TunnelStrategyV1) XXX_Size() int {
return m.Size()
}
func (m *TunnelStrategyV1) XXX_DiscardUnknown() {
xxx_messageInfo_TunnelStrategyV1.DiscardUnknown(m)
}
var xxx_messageInfo_TunnelStrategyV1 proto.InternalMessageInfo
type isTunnelStrategyV1_Strategy interface {
isTunnelStrategyV1_Strategy()
MarshalTo([]byte) (int, error)
Size() int
}
type TunnelStrategyV1_AgentMesh struct {
AgentMesh *AgentMeshTunnelStrategy `protobuf:"bytes,1,opt,name=AgentMesh,proto3,oneof" json:"agent_mesh,omitempty"`
}
type TunnelStrategyV1_ProxyPeering struct {
ProxyPeering *ProxyPeeringTunnelStrategy `protobuf:"bytes,2,opt,name=ProxyPeering,proto3,oneof" json:"proxy_peering,omitempty"`
}
func (*TunnelStrategyV1_AgentMesh) isTunnelStrategyV1_Strategy() {}
func (*TunnelStrategyV1_ProxyPeering) isTunnelStrategyV1_Strategy() {}
func (m *TunnelStrategyV1) GetStrategy() isTunnelStrategyV1_Strategy {
if m != nil {
return m.Strategy
}
return nil
}
func (m *TunnelStrategyV1) GetAgentMesh() *AgentMeshTunnelStrategy {
if x, ok := m.GetStrategy().(*TunnelStrategyV1_AgentMesh); ok {
return x.AgentMesh
}
return nil
}
func (m *TunnelStrategyV1) GetProxyPeering() *ProxyPeeringTunnelStrategy {
if x, ok := m.GetStrategy().(*TunnelStrategyV1_ProxyPeering); ok {
return x.ProxyPeering
}
return nil
}
// XXX_OneofWrappers is for the internal use of the proto package.
func (*TunnelStrategyV1) XXX_OneofWrappers() []interface{} {
return []interface{}{
(*TunnelStrategyV1_AgentMesh)(nil),
(*TunnelStrategyV1_ProxyPeering)(nil),
}
}
// AgentMeshTunnelStrategy requires reverse tunnels to dial every proxy.
type AgentMeshTunnelStrategy struct {
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AgentMeshTunnelStrategy) Reset() { *m = AgentMeshTunnelStrategy{} }
func (m *AgentMeshTunnelStrategy) String() string { return proto.CompactTextString(m) }
func (*AgentMeshTunnelStrategy) ProtoMessage() {}
func (*AgentMeshTunnelStrategy) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{97}
}
func (m *AgentMeshTunnelStrategy) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AgentMeshTunnelStrategy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AgentMeshTunnelStrategy.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AgentMeshTunnelStrategy) XXX_Merge(src proto.Message) {
xxx_messageInfo_AgentMeshTunnelStrategy.Merge(m, src)
}
func (m *AgentMeshTunnelStrategy) XXX_Size() int {
return m.Size()
}
func (m *AgentMeshTunnelStrategy) XXX_DiscardUnknown() {
xxx_messageInfo_AgentMeshTunnelStrategy.DiscardUnknown(m)
}
var xxx_messageInfo_AgentMeshTunnelStrategy proto.InternalMessageInfo
// ProxyPeeringTunnelStrategy requires reverse tunnels to dial a fixed number of proxies.
type ProxyPeeringTunnelStrategy struct {
AgentConnectionCount int64 `protobuf:"varint,1,opt,name=AgentConnectionCount,proto3" json:"agent_connection_count,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ProxyPeeringTunnelStrategy) Reset() { *m = ProxyPeeringTunnelStrategy{} }
func (m *ProxyPeeringTunnelStrategy) String() string { return proto.CompactTextString(m) }
func (*ProxyPeeringTunnelStrategy) ProtoMessage() {}
func (*ProxyPeeringTunnelStrategy) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{98}
}
func (m *ProxyPeeringTunnelStrategy) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ProxyPeeringTunnelStrategy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ProxyPeeringTunnelStrategy.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ProxyPeeringTunnelStrategy) XXX_Merge(src proto.Message) {
xxx_messageInfo_ProxyPeeringTunnelStrategy.Merge(m, src)
}
func (m *ProxyPeeringTunnelStrategy) XXX_Size() int {
return m.Size()
}
func (m *ProxyPeeringTunnelStrategy) XXX_DiscardUnknown() {
xxx_messageInfo_ProxyPeeringTunnelStrategy.DiscardUnknown(m)
}
var xxx_messageInfo_ProxyPeeringTunnelStrategy proto.InternalMessageInfo
// SessionRecordingConfigV2 contains session recording configuration.
type SessionRecordingConfigV2 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version. It must be specified.
// Supported values are:`v2`.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is a SessionRecordingConfig specification
Spec SessionRecordingConfigSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
// Status is the SessionRecordingConfig status containing active encryption keys
Status *SessionRecordingConfigStatus `protobuf:"bytes,6,opt,name=Status,proto3" json:"status,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SessionRecordingConfigV2) Reset() { *m = SessionRecordingConfigV2{} }
func (m *SessionRecordingConfigV2) String() string { return proto.CompactTextString(m) }
func (*SessionRecordingConfigV2) ProtoMessage() {}
func (*SessionRecordingConfigV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{99}
}
func (m *SessionRecordingConfigV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SessionRecordingConfigV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SessionRecordingConfigV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SessionRecordingConfigV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_SessionRecordingConfigV2.Merge(m, src)
}
func (m *SessionRecordingConfigV2) XXX_Size() int {
return m.Size()
}
func (m *SessionRecordingConfigV2) XXX_DiscardUnknown() {
xxx_messageInfo_SessionRecordingConfigV2.DiscardUnknown(m)
}
var xxx_messageInfo_SessionRecordingConfigV2 proto.InternalMessageInfo
// KeyLabel combines a label that can be used to identify one or more keys with a keystore type that
// determines where the keys can be found.
type KeyLabel struct {
// Type represents which keystore should be searched when looking up keys by label.
Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type"`
// Label is a value that can be used with the related keystore in order to find relevant keys.
Label string `protobuf:"bytes,2,opt,name=label,proto3" json:"label"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KeyLabel) Reset() { *m = KeyLabel{} }
func (m *KeyLabel) String() string { return proto.CompactTextString(m) }
func (*KeyLabel) ProtoMessage() {}
func (*KeyLabel) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{100}
}
func (m *KeyLabel) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KeyLabel) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KeyLabel.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KeyLabel) XXX_Merge(src proto.Message) {
xxx_messageInfo_KeyLabel.Merge(m, src)
}
func (m *KeyLabel) XXX_Size() int {
return m.Size()
}
func (m *KeyLabel) XXX_DiscardUnknown() {
xxx_messageInfo_KeyLabel.DiscardUnknown(m)
}
var xxx_messageInfo_KeyLabel proto.InternalMessageInfo
// ManualKeyManagementConfig defines whether or not recording encryption keys should be managed externally
// and how to query those keys.
type ManualKeyManagementConfig struct {
// Enabled controls whether or recording encryption keys should be managed externally.
Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
// ActiveKeys describe which keys should be queried for active recording encryption and replay.
ActiveKeys []*KeyLabel `protobuf:"bytes,2,rep,name=active_keys,json=activeKeys,proto3" json:"active_keys,omitempty"`
// RotatedKeys describe which keys should be queried for historical replay.
RotatedKeys []*KeyLabel `protobuf:"bytes,3,rep,name=rotated_keys,json=rotatedKeys,proto3" json:"rotated_keys,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ManualKeyManagementConfig) Reset() { *m = ManualKeyManagementConfig{} }
func (m *ManualKeyManagementConfig) String() string { return proto.CompactTextString(m) }
func (*ManualKeyManagementConfig) ProtoMessage() {}
func (*ManualKeyManagementConfig) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{101}
}
func (m *ManualKeyManagementConfig) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ManualKeyManagementConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ManualKeyManagementConfig.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ManualKeyManagementConfig) XXX_Merge(src proto.Message) {
xxx_messageInfo_ManualKeyManagementConfig.Merge(m, src)
}
func (m *ManualKeyManagementConfig) XXX_Size() int {
return m.Size()
}
func (m *ManualKeyManagementConfig) XXX_DiscardUnknown() {
xxx_messageInfo_ManualKeyManagementConfig.DiscardUnknown(m)
}
var xxx_messageInfo_ManualKeyManagementConfig proto.InternalMessageInfo
// SessionRecordingEncryptionConfig configures if and how session recordings
// should be encrypted.
type SessionRecordingEncryptionConfig struct {
// Enabled controls whether or not session recordings should be encrypted.
Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
// ManualKeyManagement defines whether or not recording encryption keys should be managed externally
// and how to query those keys.
ManualKeyManagement *ManualKeyManagementConfig `protobuf:"bytes,2,opt,name=manual_key_management,json=manualKeyManagement,proto3" json:"manual_key_management,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SessionRecordingEncryptionConfig) Reset() { *m = SessionRecordingEncryptionConfig{} }
func (m *SessionRecordingEncryptionConfig) String() string { return proto.CompactTextString(m) }
func (*SessionRecordingEncryptionConfig) ProtoMessage() {}
func (*SessionRecordingEncryptionConfig) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{102}
}
func (m *SessionRecordingEncryptionConfig) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SessionRecordingEncryptionConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SessionRecordingEncryptionConfig.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SessionRecordingEncryptionConfig) XXX_Merge(src proto.Message) {
xxx_messageInfo_SessionRecordingEncryptionConfig.Merge(m, src)
}
func (m *SessionRecordingEncryptionConfig) XXX_Size() int {
return m.Size()
}
func (m *SessionRecordingEncryptionConfig) XXX_DiscardUnknown() {
xxx_messageInfo_SessionRecordingEncryptionConfig.DiscardUnknown(m)
}
var xxx_messageInfo_SessionRecordingEncryptionConfig proto.InternalMessageInfo
// SessionRecordingConfigSpecV2 is the actual data we care about
// for SessionRecordingConfig.
type SessionRecordingConfigSpecV2 struct {
// Mode controls where (or if) the session is recorded.
Mode string `protobuf:"bytes,1,opt,name=Mode,proto3" json:"mode"`
// ProxyChecksHostKeys is used to control if the proxy will check host keys
// when in recording mode.
ProxyChecksHostKeys *BoolOption `protobuf:"bytes,2,opt,name=ProxyChecksHostKeys,proto3,customtype=BoolOption" json:"proxy_checks_host_keys"`
// Encryption configures if and how session recordings should be encrypted.
Encryption *SessionRecordingEncryptionConfig `protobuf:"bytes,3,opt,name=encryption,proto3" json:"encryption,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SessionRecordingConfigSpecV2) Reset() { *m = SessionRecordingConfigSpecV2{} }
func (m *SessionRecordingConfigSpecV2) String() string { return proto.CompactTextString(m) }
func (*SessionRecordingConfigSpecV2) ProtoMessage() {}
func (*SessionRecordingConfigSpecV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{103}
}
func (m *SessionRecordingConfigSpecV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SessionRecordingConfigSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SessionRecordingConfigSpecV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SessionRecordingConfigSpecV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_SessionRecordingConfigSpecV2.Merge(m, src)
}
func (m *SessionRecordingConfigSpecV2) XXX_Size() int {
return m.Size()
}
func (m *SessionRecordingConfigSpecV2) XXX_DiscardUnknown() {
xxx_messageInfo_SessionRecordingConfigSpecV2.DiscardUnknown(m)
}
var xxx_messageInfo_SessionRecordingConfigSpecV2 proto.InternalMessageInfo
// SessionRecordingConfigStatus contains the currently active age encryption keys used
// for encrypted session recording.
type SessionRecordingConfigStatus struct {
// EncryptionKeys contain the currently active age encryption keys used for
// encrypted session recording.
EncryptionKeys []*AgeEncryptionKey `protobuf:"bytes,1,rep,name=encryption_keys,json=encryptionKeys,proto3" json:"encryption_keys"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SessionRecordingConfigStatus) Reset() { *m = SessionRecordingConfigStatus{} }
func (m *SessionRecordingConfigStatus) String() string { return proto.CompactTextString(m) }
func (*SessionRecordingConfigStatus) ProtoMessage() {}
func (*SessionRecordingConfigStatus) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{104}
}
func (m *SessionRecordingConfigStatus) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SessionRecordingConfigStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SessionRecordingConfigStatus.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SessionRecordingConfigStatus) XXX_Merge(src proto.Message) {
xxx_messageInfo_SessionRecordingConfigStatus.Merge(m, src)
}
func (m *SessionRecordingConfigStatus) XXX_Size() int {
return m.Size()
}
func (m *SessionRecordingConfigStatus) XXX_DiscardUnknown() {
xxx_messageInfo_SessionRecordingConfigStatus.DiscardUnknown(m)
}
var xxx_messageInfo_SessionRecordingConfigStatus proto.InternalMessageInfo
// AuthPreferenceV2 implements the AuthPreference interface.
type AuthPreferenceV2 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version. It must be specified.
// Supported values are: `v2`.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is an AuthPreference specification
Spec AuthPreferenceSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AuthPreferenceV2) Reset() { *m = AuthPreferenceV2{} }
func (*AuthPreferenceV2) ProtoMessage() {}
func (*AuthPreferenceV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{105}
}
func (m *AuthPreferenceV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AuthPreferenceV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AuthPreferenceV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AuthPreferenceV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_AuthPreferenceV2.Merge(m, src)
}
func (m *AuthPreferenceV2) XXX_Size() int {
return m.Size()
}
func (m *AuthPreferenceV2) XXX_DiscardUnknown() {
xxx_messageInfo_AuthPreferenceV2.DiscardUnknown(m)
}
var xxx_messageInfo_AuthPreferenceV2 proto.InternalMessageInfo
// AuthPreferenceSpecV2 is the actual data we care about for AuthPreference.
type AuthPreferenceSpecV2 struct {
// Type is the type of authentication.
Type string `protobuf:"bytes,1,opt,name=Type,proto3" json:"type"`
// SecondFactor is the type of mult-factor.
// Deprecated: Prefer using SecondFactors instead.
SecondFactor github_com_gravitational_teleport_api_constants.SecondFactorType `protobuf:"bytes,2,opt,name=SecondFactor,proto3,casttype=github.com/gravitational/teleport/api/constants.SecondFactorType" json:"second_factor,omitempty"` // Deprecated: Do not use.
// ConnectorName is the name of the OIDC or SAML connector. If this value is
// not set the first connector in the backend will be used.
ConnectorName string `protobuf:"bytes,3,opt,name=ConnectorName,proto3" json:"connector_name,omitempty"`
// U2F are the settings for the U2F device.
U2F *U2F `protobuf:"bytes,4,opt,name=U2F,proto3" json:"u2f,omitempty"`
// DisconnectExpiredCert provides disconnect expired certificate setting -
// if true, connections with expired client certificates will get disconnected
DisconnectExpiredCert *BoolOption `protobuf:"bytes,6,opt,name=DisconnectExpiredCert,proto3,customtype=BoolOption" json:"disconnect_expired_cert,omitempty"`
// AllowLocalAuth is true if local authentication is enabled.
AllowLocalAuth *BoolOption `protobuf:"bytes,7,opt,name=AllowLocalAuth,proto3,customtype=BoolOption" json:"allow_local_auth,omitempty"`
MessageOfTheDay string `protobuf:"bytes,8,opt,name=MessageOfTheDay,proto3" json:"message_of_the_day,omitempty"`
// LockingMode is the cluster-wide locking mode default.
LockingMode github_com_gravitational_teleport_api_constants.LockingMode `protobuf:"bytes,9,opt,name=LockingMode,proto3,casttype=github.com/gravitational/teleport/api/constants.LockingMode" json:"locking_mode,omitempty"`
// Webauthn are the settings for server-side Web Authentication support.
Webauthn *Webauthn `protobuf:"bytes,10,opt,name=Webauthn,proto3" json:"webauthn,omitempty"`
// AllowPasswordless enables/disables passwordless support.
// Passwordless requires Webauthn to work.
// Defaults to true if the Webauthn is configured, defaults to false
// otherwise.
AllowPasswordless *BoolOption `protobuf:"bytes,11,opt,name=AllowPasswordless,proto3,customtype=BoolOption" json:"allow_passwordless,omitempty"`
// RequireMFAType is the type of MFA requirement enforced for this cluster.
// 0 is "OFF", 1 is "SESSION", 2 is "SESSION_AND_HARDWARE_KEY", 3 is "HARDWARE_KEY_TOUCH",
// 4 is "HARDWARE_KEY_PIN", 5 is "HARDWARE_KEY_TOUCH_AND_PIN".
RequireMFAType RequireMFAType `protobuf:"varint,12,opt,name=RequireMFAType,proto3,enum=types.RequireMFAType" json:"require_session_mfa,omitempty"`
// DeviceTrust holds settings related to trusted device verification.
// Requires Teleport Enterprise.
DeviceTrust *DeviceTrust `protobuf:"bytes,13,opt,name=DeviceTrust,proto3" json:"device_trust,omitempty"`
// IDP is a set of options related to accessing IdPs within Teleport.
// Requires Teleport Enterprise.
IDP *IdPOptions `protobuf:"bytes,14,opt,name=IDP,proto3" json:"idp,omitempty"`
// AllowHeadless enables/disables headless support.
// Headless authentication requires Webauthn to work.
// Defaults to true if the Webauthn is configured, defaults to false
// otherwise.
AllowHeadless *BoolOption `protobuf:"bytes,15,opt,name=AllowHeadless,proto3,customtype=BoolOption" json:"allow_headless,omitempty"`
// DefaultSessionTTL is the TTL to use for user certs when
// an explicit TTL is not requested.
DefaultSessionTTL Duration `protobuf:"varint,16,opt,name=DefaultSessionTTL,proto3,casttype=Duration" json:"default_session_ttl,omitempty"`
// Okta is a set of options related to the Okta service in Teleport.
// Requires Teleport Enterprise.
Okta *OktaOptions `protobuf:"bytes,17,opt,name=Okta,proto3" json:"okta,omitempty"`
// HardwareKey are the settings for hardware key support.
HardwareKey *HardwareKey `protobuf:"bytes,19,opt,name=HardwareKey,proto3" json:"hardware_key,omitempty"`
// SignatureAlgorithmSuite is the configured signature algorithm suite for the cluster.
// If unspecified, the current default value is "legacy".
// 1 is "legacy", 2 is "balanced-v1", 3 is "fips-v1", 4 is "hsm-v1".
SignatureAlgorithmSuite SignatureAlgorithmSuite `protobuf:"varint,20,opt,name=signature_algorithm_suite,json=signatureAlgorithmSuite,proto3,enum=types.SignatureAlgorithmSuite" json:"signature_algorithm_suite,omitempty"`
// SecondFactors is a list of supported multi-factor types.
// 1 is "otp", 2 is "webauthn", 3 is "sso",
// If unspecified, the current default value is [1], or ["otp"].
SecondFactors []SecondFactorType `protobuf:"varint,21,rep,packed,name=SecondFactors,proto3,enum=types.SecondFactorType" json:"second_factors,omitempty"`
// StableUnixUserConfig contains the cluster-wide configuration for stable
// UNIX users.
StableUnixUserConfig *StableUNIXUserConfig `protobuf:"bytes,22,opt,name=stable_unix_user_config,json=stableUnixUserConfig,proto3" json:"stable_unix_user_config,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AuthPreferenceSpecV2) Reset() { *m = AuthPreferenceSpecV2{} }
func (m *AuthPreferenceSpecV2) String() string { return proto.CompactTextString(m) }
func (*AuthPreferenceSpecV2) ProtoMessage() {}
func (*AuthPreferenceSpecV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{106}
}
func (m *AuthPreferenceSpecV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AuthPreferenceSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AuthPreferenceSpecV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AuthPreferenceSpecV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_AuthPreferenceSpecV2.Merge(m, src)
}
func (m *AuthPreferenceSpecV2) XXX_Size() int {
return m.Size()
}
func (m *AuthPreferenceSpecV2) XXX_DiscardUnknown() {
xxx_messageInfo_AuthPreferenceSpecV2.DiscardUnknown(m)
}
var xxx_messageInfo_AuthPreferenceSpecV2 proto.InternalMessageInfo
// StableUNIXUserConfig contains the cluster-wide configuration for stable UNIX
// users.
type StableUNIXUserConfig struct {
// Enabled signifies that (UNIX) Teleport SSH hosts should obtain a UID from
// the control plane if they're about to provision a host user with no other
// configured UID.
Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
// FirstUid is the start of the range of UIDs for autoprovisioned host users.
// The range is inclusive on both ends, so the specified UID can be assigned.
FirstUid int32 `protobuf:"varint,2,opt,name=first_uid,json=firstUid,proto3" json:"first_uid,omitempty"`
// LastUid is the end of the range of UIDs for autoprovisioned host users. The
// range is inclusive on both ends, so the specified UID can be assigned.
LastUid int32 `protobuf:"varint,3,opt,name=last_uid,json=lastUid,proto3" json:"last_uid,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *StableUNIXUserConfig) Reset() { *m = StableUNIXUserConfig{} }
func (m *StableUNIXUserConfig) String() string { return proto.CompactTextString(m) }
func (*StableUNIXUserConfig) ProtoMessage() {}
func (*StableUNIXUserConfig) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{107}
}
func (m *StableUNIXUserConfig) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *StableUNIXUserConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_StableUNIXUserConfig.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *StableUNIXUserConfig) XXX_Merge(src proto.Message) {
xxx_messageInfo_StableUNIXUserConfig.Merge(m, src)
}
func (m *StableUNIXUserConfig) XXX_Size() int {
return m.Size()
}
func (m *StableUNIXUserConfig) XXX_DiscardUnknown() {
xxx_messageInfo_StableUNIXUserConfig.DiscardUnknown(m)
}
var xxx_messageInfo_StableUNIXUserConfig proto.InternalMessageInfo
// U2F defines settings for U2F device.
// Deprecated: U2F is transparently converted to WebAuthn by Teleport. Prefer
// using WebAuthn instead.
type U2F struct {
// AppID returns the application ID for universal mult-factor.
AppID string `protobuf:"bytes,1,opt,name=AppID,proto3" json:"app_id,omitempty"`
// Facets returns the facets for universal mult-factor.
// Deprecated: Kept for backwards compatibility reasons, but Facets have no
// effect since Teleport v10, when Webauthn replaced the U2F implementation.
Facets []string `protobuf:"bytes,2,rep,name=Facets,proto3" json:"facets,omitempty"`
// DeviceAttestationCAs contains the trusted attestation CAs for U2F
// devices.
DeviceAttestationCAs []string `protobuf:"bytes,3,rep,name=DeviceAttestationCAs,proto3" json:"device_attestation_cas,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *U2F) Reset() { *m = U2F{} }
func (m *U2F) String() string { return proto.CompactTextString(m) }
func (*U2F) ProtoMessage() {}
func (*U2F) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{108}
}
func (m *U2F) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *U2F) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_U2F.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *U2F) XXX_Merge(src proto.Message) {
xxx_messageInfo_U2F.Merge(m, src)
}
func (m *U2F) XXX_Size() int {
return m.Size()
}
func (m *U2F) XXX_DiscardUnknown() {
xxx_messageInfo_U2F.DiscardUnknown(m)
}
var xxx_messageInfo_U2F proto.InternalMessageInfo
// Webauthn defines user-visible settings for server-side Web Authentication
// support.
type Webauthn struct {
// RPID is the ID of the Relying Party.
// It should be set to the domain name of the Teleport installation.
//
// IMPORTANT: RPID must never change in the lifetime of the cluster, because
// it's recorded in the registration data on the WebAuthn device. If the
// RPID changes, all existing WebAuthn key registrations will become invalid
// and all users who use WebAuthn as the multi-factor will need to
// re-register.
RPID string `protobuf:"bytes,1,opt,name=RPID,proto3" json:"rp_id,omitempty"`
// Allow list of device attestation CAs in PEM format.
// If present, only devices whose attestation certificates match the
// certificates specified here may be registered (existing registrations are
// unchanged).
// If supplied in conjunction with AttestationDeniedCAs, then both
// conditions need to be true for registration to be allowed (the device
// MUST match an allowed CA and MUST NOT match a denied CA).
// By default all devices are allowed.
AttestationAllowedCAs []string `protobuf:"bytes,2,rep,name=AttestationAllowedCAs,proto3" json:"attestation_allowed_cas,omitempty"`
// Deny list of device attestation CAs in PEM format.
// If present, only devices whose attestation certificates don't match the
// certificates specified here may be registered (existing registrations are
// unchanged).
// If supplied in conjunction with AttestationAllowedCAs, then both
// conditions need to be true for registration to be allowed (the device
// MUST match an allowed CA and MUST NOT match a denied CA).
// By default no devices are denied.
AttestationDeniedCAs []string `protobuf:"bytes,3,rep,name=AttestationDeniedCAs,proto3" json:"attestation_denied_cas,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Webauthn) Reset() { *m = Webauthn{} }
func (m *Webauthn) String() string { return proto.CompactTextString(m) }
func (*Webauthn) ProtoMessage() {}
func (*Webauthn) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{109}
}
func (m *Webauthn) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Webauthn) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Webauthn.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Webauthn) XXX_Merge(src proto.Message) {
xxx_messageInfo_Webauthn.Merge(m, src)
}
func (m *Webauthn) XXX_Size() int {
return m.Size()
}
func (m *Webauthn) XXX_DiscardUnknown() {
xxx_messageInfo_Webauthn.DiscardUnknown(m)
}
var xxx_messageInfo_Webauthn proto.InternalMessageInfo
// DeviceTrust holds settings related to trusted device verification.
// Requires Teleport Enterprise.
type DeviceTrust struct {
// Mode of verification for trusted devices.
//
// The following modes are supported:
//
// - "off": disables both device authentication and authorization.
// - "optional": allows both device authentication and authorization, but
// doesn't enforce the presence of device extensions for sensitive
// endpoints.
// - "required": enforces the presence of device extensions for sensitive
// endpoints.
// - "required-for-humans": enforces the presence of device extensions for
// sensitive endpoints, for human users only (bots are exempt).
//
// Mode is always "off" for OSS.
// Defaults to "optional" for Enterprise.
Mode string `protobuf:"bytes,1,opt,name=Mode,proto3" json:"mode,omitempty"`
// Enable device auto-enroll.
// Auto-enroll lets any user issue a device enrollment token for a known
// device that is not already enrolled.
// `tsh` takes advantage of auto-enroll to automatically enroll devices on
// user login, when appropriate.
// The effective cluster Mode still applies: AutoEnroll=true is meaningless if
// Mode="off".
AutoEnroll bool `protobuf:"varint,2,opt,name=AutoEnroll,proto3" json:"auto_enroll,omitempty"`
// Allow list of EKCert CAs in PEM format.
// If present, only TPM devices that present an EKCert that is signed by a
// CA specified here may be enrolled (existing enrollments are
// unchanged).
//
// If not present, then the CA of TPM EKCerts will not be checked during
// enrollment, this allows any device to enroll.
EKCertAllowedCAs []string `protobuf:"bytes,3,rep,name=EKCertAllowedCAs,proto3" json:"ekcert_allowed_cas,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DeviceTrust) Reset() { *m = DeviceTrust{} }
func (m *DeviceTrust) String() string { return proto.CompactTextString(m) }
func (*DeviceTrust) ProtoMessage() {}
func (*DeviceTrust) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{110}
}
func (m *DeviceTrust) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DeviceTrust) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DeviceTrust.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DeviceTrust) XXX_Merge(src proto.Message) {
xxx_messageInfo_DeviceTrust.Merge(m, src)
}
func (m *DeviceTrust) XXX_Size() int {
return m.Size()
}
func (m *DeviceTrust) XXX_DiscardUnknown() {
xxx_messageInfo_DeviceTrust.DiscardUnknown(m)
}
var xxx_messageInfo_DeviceTrust proto.InternalMessageInfo
// HardwareKey holds settings related to hardware key support.
// Requires Teleport Enterprise.
type HardwareKey struct {
// PIVSlot is a PIV slot that Teleport clients should use instead of the
// default based on private key policy. For example, "9a" or "9e".
PIVSlot string `protobuf:"bytes,1,opt,name=PIVSlot,proto3" json:"piv_slot,omitempty"`
// SerialNumberValidation holds settings for hardware key serial number validation.
// By default, serial number validation is disabled.
SerialNumberValidation *HardwareKeySerialNumberValidation `protobuf:"bytes,2,opt,name=SerialNumberValidation,proto3" json:"serial_number_validation,omitempty"`
// PinCacheTTL is the amount of time in nanoseconds that Teleport clients
// will cache the user's PIV PIN when hardware key PIN policy is enabled.
PinCacheTTL Duration `protobuf:"varint,3,opt,name=PinCacheTTL,proto3,casttype=Duration" json:"pin_cache_ttl,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *HardwareKey) Reset() { *m = HardwareKey{} }
func (m *HardwareKey) String() string { return proto.CompactTextString(m) }
func (*HardwareKey) ProtoMessage() {}
func (*HardwareKey) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{111}
}
func (m *HardwareKey) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *HardwareKey) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_HardwareKey.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *HardwareKey) XXX_Merge(src proto.Message) {
xxx_messageInfo_HardwareKey.Merge(m, src)
}
func (m *HardwareKey) XXX_Size() int {
return m.Size()
}
func (m *HardwareKey) XXX_DiscardUnknown() {
xxx_messageInfo_HardwareKey.DiscardUnknown(m)
}
var xxx_messageInfo_HardwareKey proto.InternalMessageInfo
type HardwareKeySerialNumberValidation struct {
// Enabled indicates whether hardware key serial number validation is enabled.
Enabled bool `protobuf:"varint,1,opt,name=Enabled,proto3" json:"enabled,omitempty"`
// SerialNumberTraitName is an optional custom user trait name for hardware key
// serial numbers to replace the default: "hardware_key_serial_numbers".
//
// Note: Values for this user trait should be a comma-separated list of serial numbers,
// or a list of comm-separated lists. e.g ["123", "345,678"]
SerialNumberTraitName string `protobuf:"bytes,2,opt,name=SerialNumberTraitName,proto3" json:"serial_number_trait_name,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *HardwareKeySerialNumberValidation) Reset() { *m = HardwareKeySerialNumberValidation{} }
func (m *HardwareKeySerialNumberValidation) String() string { return proto.CompactTextString(m) }
func (*HardwareKeySerialNumberValidation) ProtoMessage() {}
func (*HardwareKeySerialNumberValidation) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{112}
}
func (m *HardwareKeySerialNumberValidation) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *HardwareKeySerialNumberValidation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_HardwareKeySerialNumberValidation.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *HardwareKeySerialNumberValidation) XXX_Merge(src proto.Message) {
xxx_messageInfo_HardwareKeySerialNumberValidation.Merge(m, src)
}
func (m *HardwareKeySerialNumberValidation) XXX_Size() int {
return m.Size()
}
func (m *HardwareKeySerialNumberValidation) XXX_DiscardUnknown() {
xxx_messageInfo_HardwareKeySerialNumberValidation.DiscardUnknown(m)
}
var xxx_messageInfo_HardwareKeySerialNumberValidation proto.InternalMessageInfo
// Namespace represents namespace resource specification
type Namespace struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is version
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is a namespace spec
Spec NamespaceSpec `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Namespace) Reset() { *m = Namespace{} }
func (m *Namespace) String() string { return proto.CompactTextString(m) }
func (*Namespace) ProtoMessage() {}
func (*Namespace) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{113}
}
func (m *Namespace) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Namespace) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Namespace.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Namespace) XXX_Merge(src proto.Message) {
xxx_messageInfo_Namespace.Merge(m, src)
}
func (m *Namespace) XXX_Size() int {
return m.Size()
}
func (m *Namespace) XXX_DiscardUnknown() {
xxx_messageInfo_Namespace.DiscardUnknown(m)
}
var xxx_messageInfo_Namespace proto.InternalMessageInfo
// NamespaceSpec is a namespace specification
type NamespaceSpec struct {
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *NamespaceSpec) Reset() { *m = NamespaceSpec{} }
func (m *NamespaceSpec) String() string { return proto.CompactTextString(m) }
func (*NamespaceSpec) ProtoMessage() {}
func (*NamespaceSpec) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{114}
}
func (m *NamespaceSpec) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *NamespaceSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_NamespaceSpec.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *NamespaceSpec) XXX_Merge(src proto.Message) {
xxx_messageInfo_NamespaceSpec.Merge(m, src)
}
func (m *NamespaceSpec) XXX_Size() int {
return m.Size()
}
func (m *NamespaceSpec) XXX_DiscardUnknown() {
xxx_messageInfo_NamespaceSpec.DiscardUnknown(m)
}
var xxx_messageInfo_NamespaceSpec proto.InternalMessageInfo
type UserTokenV3 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is a resource sub kind, used to define the type of user token.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is version
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is an resource specification
Spec UserTokenSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *UserTokenV3) Reset() { *m = UserTokenV3{} }
func (*UserTokenV3) ProtoMessage() {}
func (*UserTokenV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{115}
}
func (m *UserTokenV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *UserTokenV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_UserTokenV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *UserTokenV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_UserTokenV3.Merge(m, src)
}
func (m *UserTokenV3) XXX_Size() int {
return m.Size()
}
func (m *UserTokenV3) XXX_DiscardUnknown() {
xxx_messageInfo_UserTokenV3.DiscardUnknown(m)
}
var xxx_messageInfo_UserTokenV3 proto.InternalMessageInfo
type UserTokenSpecV3 struct {
// User is user name associated with this token
User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
// URL is this token URL
URL string `protobuf:"bytes,2,opt,name=URL,proto3" json:"url"`
// Usage is an optional field that provides more information about how this token will be used.
Usage UserTokenUsage `protobuf:"varint,3,opt,name=Usage,proto3,enum=types.UserTokenUsage" json:"usage,omitempty"`
// Created holds information about when the token was created
Created time.Time `protobuf:"bytes,4,opt,name=Created,proto3,stdtime" json:"created,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *UserTokenSpecV3) Reset() { *m = UserTokenSpecV3{} }
func (m *UserTokenSpecV3) String() string { return proto.CompactTextString(m) }
func (*UserTokenSpecV3) ProtoMessage() {}
func (*UserTokenSpecV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{116}
}
func (m *UserTokenSpecV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *UserTokenSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_UserTokenSpecV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *UserTokenSpecV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_UserTokenSpecV3.Merge(m, src)
}
func (m *UserTokenSpecV3) XXX_Size() int {
return m.Size()
}
func (m *UserTokenSpecV3) XXX_DiscardUnknown() {
xxx_messageInfo_UserTokenSpecV3.DiscardUnknown(m)
}
var xxx_messageInfo_UserTokenSpecV3 proto.InternalMessageInfo
type UserTokenSecretsV3 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is version
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is an resource specification
Spec UserTokenSecretsSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *UserTokenSecretsV3) Reset() { *m = UserTokenSecretsV3{} }
func (*UserTokenSecretsV3) ProtoMessage() {}
func (*UserTokenSecretsV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{117}
}
func (m *UserTokenSecretsV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *UserTokenSecretsV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_UserTokenSecretsV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *UserTokenSecretsV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_UserTokenSecretsV3.Merge(m, src)
}
func (m *UserTokenSecretsV3) XXX_Size() int {
return m.Size()
}
func (m *UserTokenSecretsV3) XXX_DiscardUnknown() {
xxx_messageInfo_UserTokenSecretsV3.DiscardUnknown(m)
}
var xxx_messageInfo_UserTokenSecretsV3 proto.InternalMessageInfo
type UserTokenSecretsSpecV3 struct {
// OTPKey is is a secret value of one time password secret generator
OTPKey string `protobuf:"bytes,1,opt,name=OTPKey,proto3" json:"opt_key"`
// OTPKey is is a secret value of one time password secret generator
QRCode string `protobuf:"bytes,2,opt,name=QRCode,proto3" json:"qr_code,omitempty"`
// Created holds information about when the token was created
Created time.Time `protobuf:"bytes,3,opt,name=Created,proto3,stdtime" json:"created,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *UserTokenSecretsSpecV3) Reset() { *m = UserTokenSecretsSpecV3{} }
func (m *UserTokenSecretsSpecV3) String() string { return proto.CompactTextString(m) }
func (*UserTokenSecretsSpecV3) ProtoMessage() {}
func (*UserTokenSecretsSpecV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{118}
}
func (m *UserTokenSecretsSpecV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *UserTokenSecretsSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_UserTokenSecretsSpecV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *UserTokenSecretsSpecV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_UserTokenSecretsSpecV3.Merge(m, src)
}
func (m *UserTokenSecretsSpecV3) XXX_Size() int {
return m.Size()
}
func (m *UserTokenSecretsSpecV3) XXX_DiscardUnknown() {
xxx_messageInfo_UserTokenSecretsSpecV3.DiscardUnknown(m)
}
var xxx_messageInfo_UserTokenSecretsSpecV3 proto.InternalMessageInfo
// AccessRequest represents an Access Request resource specification
type AccessRequestV3 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is version
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is AccessRequest metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is an AccessRequest specification
Spec AccessRequestSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessRequestV3) Reset() { *m = AccessRequestV3{} }
func (*AccessRequestV3) ProtoMessage() {}
func (*AccessRequestV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{119}
}
func (m *AccessRequestV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessRequestV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessRequestV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessRequestV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessRequestV3.Merge(m, src)
}
func (m *AccessRequestV3) XXX_Size() int {
return m.Size()
}
func (m *AccessRequestV3) XXX_DiscardUnknown() {
xxx_messageInfo_AccessRequestV3.DiscardUnknown(m)
}
var xxx_messageInfo_AccessRequestV3 proto.InternalMessageInfo
// AccessReviewThreshold describes a filter used to match access reviews,
// as well as approval/denial counts which trigger state-transitions. This type
// can be used to describe policies such as "can be approved by 2 admins"
// or "can be denied by any non-contractor".
type AccessReviewThreshold struct {
// Name is the optional human-readable name of the threshold.
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name,omitempty"`
// Filter is an optional predicate used to determine which reviews
// count toward this threshold.
Filter string `protobuf:"bytes,2,opt,name=Filter,proto3" json:"filter,omitempty"`
// Approve is the number of matching approvals needed for state-transition.
Approve uint32 `protobuf:"varint,3,opt,name=Approve,proto3" json:"approve,omitempty"`
// Deny is the number of denials needed for state-transition.
Deny uint32 `protobuf:"varint,4,opt,name=Deny,proto3" json:"deny,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessReviewThreshold) Reset() { *m = AccessReviewThreshold{} }
func (m *AccessReviewThreshold) String() string { return proto.CompactTextString(m) }
func (*AccessReviewThreshold) ProtoMessage() {}
func (*AccessReviewThreshold) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{120}
}
func (m *AccessReviewThreshold) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessReviewThreshold) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessReviewThreshold.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessReviewThreshold) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessReviewThreshold.Merge(m, src)
}
func (m *AccessReviewThreshold) XXX_Size() int {
return m.Size()
}
func (m *AccessReviewThreshold) XXX_DiscardUnknown() {
xxx_messageInfo_AccessReviewThreshold.DiscardUnknown(m)
}
var xxx_messageInfo_AccessReviewThreshold proto.InternalMessageInfo
// PromotedAccessList is a minimal access list representation used for
// promoting Access Requests to access lists.
type PromotedAccessList struct {
// Name is the name of the access list.
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
// Title is the title of the access list.
Title string `protobuf:"bytes,2,opt,name=Title,proto3" json:"title"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PromotedAccessList) Reset() { *m = PromotedAccessList{} }
func (m *PromotedAccessList) String() string { return proto.CompactTextString(m) }
func (*PromotedAccessList) ProtoMessage() {}
func (*PromotedAccessList) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{121}
}
func (m *PromotedAccessList) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PromotedAccessList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PromotedAccessList.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PromotedAccessList) XXX_Merge(src proto.Message) {
xxx_messageInfo_PromotedAccessList.Merge(m, src)
}
func (m *PromotedAccessList) XXX_Size() int {
return m.Size()
}
func (m *PromotedAccessList) XXX_DiscardUnknown() {
xxx_messageInfo_PromotedAccessList.DiscardUnknown(m)
}
var xxx_messageInfo_PromotedAccessList proto.InternalMessageInfo
// AccessRequestDryRunEnrichment contains the extra info added in a response to a dry run request.
type AccessRequestDryRunEnrichment struct {
// ReasonMode specifies the reason mode for this Access Request as defined in
// [AccessRequestConditionsReason].reason.
ReasonMode RequestReasonMode `protobuf:"bytes,1,opt,name=ReasonMode,proto3,casttype=RequestReasonMode" json:"reason_mode,omitempty"`
// ReasonPrompts is a sorted and deduplicated list of reason prompts for this Access Request.
ReasonPrompts []string `protobuf:"bytes,2,rep,name=ReasonPrompts,proto3" json:"reason_prompt,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessRequestDryRunEnrichment) Reset() { *m = AccessRequestDryRunEnrichment{} }
func (m *AccessRequestDryRunEnrichment) String() string { return proto.CompactTextString(m) }
func (*AccessRequestDryRunEnrichment) ProtoMessage() {}
func (*AccessRequestDryRunEnrichment) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{122}
}
func (m *AccessRequestDryRunEnrichment) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessRequestDryRunEnrichment) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessRequestDryRunEnrichment.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessRequestDryRunEnrichment) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessRequestDryRunEnrichment.Merge(m, src)
}
func (m *AccessRequestDryRunEnrichment) XXX_Size() int {
return m.Size()
}
func (m *AccessRequestDryRunEnrichment) XXX_DiscardUnknown() {
xxx_messageInfo_AccessRequestDryRunEnrichment.DiscardUnknown(m)
}
var xxx_messageInfo_AccessRequestDryRunEnrichment proto.InternalMessageInfo
// AccessReview is a review to be applied to an Access Request.
type AccessReview struct {
// Author is the teleport username of the review author.
Author string `protobuf:"bytes,1,opt,name=Author,proto3" json:"author"`
// Roles is a list used for role-subselection (not yet fully supported).
Roles []string `protobuf:"bytes,2,rep,name=Roles,proto3" json:"roles,omitempty"`
// ProposedState is the proposed state (must be APPROVED or DENIED).
ProposedState RequestState `protobuf:"varint,3,opt,name=ProposedState,proto3,enum=types.RequestState" json:"proposed_state,omitempty"`
// Reason is an optional human-readable reason for why the above state
// is being proposed.
Reason string `protobuf:"bytes,4,opt,name=Reason,proto3" json:"reason,omitempty"`
// Created is the time at which the review was created.
Created time.Time `protobuf:"bytes,5,opt,name=Created,proto3,stdtime" json:"created,omitempty"`
// Annotations is the proposed value of the request's resolve_annotations field.
Annotations github_com_gravitational_teleport_api_types_wrappers.Traits `protobuf:"bytes,6,opt,name=Annotations,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Traits" json:"annotations,omitempty"`
// ThresholdIndexes stores the indexes of thresholds which this review matches
// (internal use only).
ThresholdIndexes []uint32 `protobuf:"varint,7,rep,packed,name=ThresholdIndexes,proto3" json:"i,omitempty"`
// AccessList is the access list that this request was promoted to.
// This field is only populated when the request is in the PROMOTED state.
AccessList *PromotedAccessList `protobuf:"bytes,9,opt,name=accessList,proto3" json:"access_list,omitempty"`
// AssumeStartTime is the time the requested roles can be assumed.
AssumeStartTime *time.Time `protobuf:"bytes,10,opt,name=AssumeStartTime,proto3,stdtime" json:"assume_start_time,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessReview) Reset() { *m = AccessReview{} }
func (m *AccessReview) String() string { return proto.CompactTextString(m) }
func (*AccessReview) ProtoMessage() {}
func (*AccessReview) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{123}
}
func (m *AccessReview) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessReview) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessReview.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessReview) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessReview.Merge(m, src)
}
func (m *AccessReview) XXX_Size() int {
return m.Size()
}
func (m *AccessReview) XXX_DiscardUnknown() {
xxx_messageInfo_AccessReview.DiscardUnknown(m)
}
var xxx_messageInfo_AccessReview proto.InternalMessageInfo
// AccessReviewSubmission encodes the necessary parameters for submitting
// a new access review.
type AccessReviewSubmission struct {
// RequestID is the unique ID of the request to be reviewed.
RequestID string `protobuf:"bytes,1,opt,name=RequestID,proto3" json:"id,omitempty"`
// Review is the review to be applied.
Review AccessReview `protobuf:"bytes,2,opt,name=Review,proto3" json:"review,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessReviewSubmission) Reset() { *m = AccessReviewSubmission{} }
func (m *AccessReviewSubmission) String() string { return proto.CompactTextString(m) }
func (*AccessReviewSubmission) ProtoMessage() {}
func (*AccessReviewSubmission) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{124}
}
func (m *AccessReviewSubmission) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessReviewSubmission) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessReviewSubmission.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessReviewSubmission) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessReviewSubmission.Merge(m, src)
}
func (m *AccessReviewSubmission) XXX_Size() int {
return m.Size()
}
func (m *AccessReviewSubmission) XXX_DiscardUnknown() {
xxx_messageInfo_AccessReviewSubmission.DiscardUnknown(m)
}
var xxx_messageInfo_AccessReviewSubmission proto.InternalMessageInfo
// ThresholdIndexSet encodes a list of threshold indexes. One of the listed thresholds
// must pass for the set to be considered to have passed (i.e. this is an `or` operator).
type ThresholdIndexSet struct {
// Indexes are the indexes of thresholds which relate to the role.
Indexes []uint32 `protobuf:"varint,1,rep,packed,name=Indexes,proto3" json:"i,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ThresholdIndexSet) Reset() { *m = ThresholdIndexSet{} }
func (m *ThresholdIndexSet) String() string { return proto.CompactTextString(m) }
func (*ThresholdIndexSet) ProtoMessage() {}
func (*ThresholdIndexSet) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{125}
}
func (m *ThresholdIndexSet) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ThresholdIndexSet) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ThresholdIndexSet.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ThresholdIndexSet) XXX_Merge(src proto.Message) {
xxx_messageInfo_ThresholdIndexSet.Merge(m, src)
}
func (m *ThresholdIndexSet) XXX_Size() int {
return m.Size()
}
func (m *ThresholdIndexSet) XXX_DiscardUnknown() {
xxx_messageInfo_ThresholdIndexSet.DiscardUnknown(m)
}
var xxx_messageInfo_ThresholdIndexSet proto.InternalMessageInfo
// ThresholdIndexSets is a list of threshold index sets. Each of the individual
// sets must pass (i.e. this is an `and` operator).
type ThresholdIndexSets struct {
// Sets are the sets that make up this group.
Sets []ThresholdIndexSet `protobuf:"bytes,1,rep,name=Sets,proto3" json:"s,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ThresholdIndexSets) Reset() { *m = ThresholdIndexSets{} }
func (m *ThresholdIndexSets) String() string { return proto.CompactTextString(m) }
func (*ThresholdIndexSets) ProtoMessage() {}
func (*ThresholdIndexSets) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{126}
}
func (m *ThresholdIndexSets) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ThresholdIndexSets) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ThresholdIndexSets.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ThresholdIndexSets) XXX_Merge(src proto.Message) {
xxx_messageInfo_ThresholdIndexSets.Merge(m, src)
}
func (m *ThresholdIndexSets) XXX_Size() int {
return m.Size()
}
func (m *ThresholdIndexSets) XXX_DiscardUnknown() {
xxx_messageInfo_ThresholdIndexSets.DiscardUnknown(m)
}
var xxx_messageInfo_ThresholdIndexSets proto.InternalMessageInfo
// AccessRequestSpec is the specification for AccessRequest
type AccessRequestSpecV3 struct {
// User is the name of the user to whom the roles will be applied.
User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
// Roles is the name of the roles being requested.
Roles []string `protobuf:"bytes,2,rep,name=Roles,proto3" json:"roles"`
// State is the current state of this Access Request.
State RequestState `protobuf:"varint,3,opt,name=State,proto3,enum=types.RequestState" json:"state,omitempty"`
// Created encodes the time at which the request was registered with the auth
// server.
Created time.Time `protobuf:"bytes,4,opt,name=Created,proto3,stdtime" json:"created,omitempty"`
// Expires constrains the maximum lifetime of any login session for which this
// request is active.
Expires time.Time `protobuf:"bytes,5,opt,name=Expires,proto3,stdtime" json:"expires,omitempty"`
// RequestReason is an optional message explaining the reason for the request.
RequestReason string `protobuf:"bytes,6,opt,name=RequestReason,proto3" json:"request_reason,omitempty"`
// ResolveReason is an optional message explaining the reason for the resolution
// of the request (approval, denial, etc...).
ResolveReason string `protobuf:"bytes,7,opt,name=ResolveReason,proto3" json:"resolve_reason,omitempty"`
// ResolveAnnotations is a set of arbitrary values received from plugins or other
// resolving parties during approval/denial. Importantly, these annotations are
// included in the access_request.update event, allowing plugins to propagate
// arbitrary structured data to the audit log.
ResolveAnnotations github_com_gravitational_teleport_api_types_wrappers.Traits `protobuf:"bytes,8,opt,name=ResolveAnnotations,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Traits" json:"resolve_annotations,omitempty"`
// SystemAnnotations is a set of programmatically generated annotations attached
// to pending Access Requests by teleport. These annotations are generated by
// applying variable interpolation to the RoleConditions.Request.Annotations block
// of a user's role(s). These annotations serve as a mechanism for administrators
// to pass extra information to plugins when they process pending Access Requests.
SystemAnnotations github_com_gravitational_teleport_api_types_wrappers.Traits `protobuf:"bytes,9,opt,name=SystemAnnotations,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Traits" json:"system_annotations,omitempty"`
// Thresholds is a list of review thresholds relevant to this request. Order must be
// preserved, as thresholds are referenced by index (internal use only).
Thresholds []AccessReviewThreshold `protobuf:"bytes,10,rep,name=Thresholds,proto3" json:"thresholds,omitempty"`
// RoleThresholdMapping encodes the relationship between the requested roles and
// the review threshold requirements for the given role (internal use only).
// By storing a representation of which thresholds must pass for each requested role, we
// both eliminate the need to cache the requestor's roles directly, and allow future
// versions of teleport to become smarter about calculating more granular requirements
// in a backwards-compatible manner (i.e. calculation can become smarter in minor releases).
// Storing this relationship on the request is necessary in order to avoid unexpected or
// inconsistent behavior due to review submission timing.
RoleThresholdMapping map[string]ThresholdIndexSets `protobuf:"bytes,11,rep,name=RoleThresholdMapping,proto3" json:"rtm,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// Reviews is a list of reviews applied to this request (internal use only).
Reviews []AccessReview `protobuf:"bytes,12,rep,name=Reviews,proto3" json:"reviews,omitempty"`
// SuggestedReviewers is a list of reviewer suggestions. These can be teleport usernames, but
// that is not a requirement.
SuggestedReviewers []string `protobuf:"bytes,13,rep,name=SuggestedReviewers,proto3" json:"suggested_reviewers,omitempty"`
// RequestedResourceIDs is a set of resources to which access is being requested.
RequestedResourceIDs []ResourceID `protobuf:"bytes,14,rep,name=RequestedResourceIDs,proto3" json:"resource_ids,omitempty"`
// LoginHint is used as a hint for search-based Access Requests to select
// roles based on the login the user is attempting.
LoginHint string `protobuf:"bytes,15,opt,name=LoginHint,proto3" json:"login_hint,omitempty"`
// DryRun indicates that the request should not actually be created, the
// Auth Service should only validate the Access Request.
DryRun bool `protobuf:"varint,16,opt,name=DryRun,proto3" json:"dry_run,omitempty"`
// MaxDuration indicates how long the access should be granted for.
MaxDuration time.Time `protobuf:"bytes,17,opt,name=MaxDuration,proto3,stdtime" json:"max_duration,omitempty"`
// SessionTLL indicated how long a certificate for a session should be valid for.
SessionTTL time.Time `protobuf:"bytes,18,opt,name=SessionTTL,proto3,stdtime" json:"session_ttl,omitempty"`
// PromotedAccessListTitle is the title of the access list that this request
// was promoted to. Used by WebUI to display the title of the access list.
// This field is only populated when the request is in the PROMOTED state.
AccessList *PromotedAccessList `protobuf:"bytes,20,opt,name=accessList,proto3" json:"access_list,omitempty"`
// AssumeStartTime is the time the requested roles can be assumed.
AssumeStartTime *time.Time `protobuf:"bytes,21,opt,name=AssumeStartTime,proto3,stdtime" json:"assume_start_time,omitempty"`
// ResourceExpiry is the time at which the access request resource will expire.
ResourceExpiry *time.Time `protobuf:"bytes,22,opt,name=ResourceExpiry,proto3,stdtime" json:"expiry,omitempty"`
// DryRunEnrichment contains the extra info added in response to a dry run request.
DryRunEnrichment *AccessRequestDryRunEnrichment `protobuf:"bytes,23,opt,name=DryRunEnrichment,proto3" json:"dry_run_enrichment,omitempty"`
// RequestKind indicates the kind (short/long-term) of request.
RequestKind AccessRequestKind `protobuf:"varint,24,opt,name=RequestKind,proto3,enum=types.AccessRequestKind" json:"request_kind,omitempty"`
// LongTermResourceGrouping contains information about how resources can be grouped
// based on Access List promotions for long-term Access Requests.
LongTermGrouping *LongTermResourceGrouping `protobuf:"bytes,25,opt,name=LongTermGrouping,proto3" json:"long_term_grouping,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessRequestSpecV3) Reset() { *m = AccessRequestSpecV3{} }
func (m *AccessRequestSpecV3) String() string { return proto.CompactTextString(m) }
func (*AccessRequestSpecV3) ProtoMessage() {}
func (*AccessRequestSpecV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{127}
}
func (m *AccessRequestSpecV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessRequestSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessRequestSpecV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessRequestSpecV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessRequestSpecV3.Merge(m, src)
}
func (m *AccessRequestSpecV3) XXX_Size() int {
return m.Size()
}
func (m *AccessRequestSpecV3) XXX_DiscardUnknown() {
xxx_messageInfo_AccessRequestSpecV3.DiscardUnknown(m)
}
var xxx_messageInfo_AccessRequestSpecV3 proto.InternalMessageInfo
// AccessRequestFilter encodes filter params for Access Requests.
type AccessRequestFilter struct {
// ID specifies a request ID if set.
ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"id,omitempty"`
// User specifies a username if set.
User string `protobuf:"bytes,2,opt,name=User,proto3" json:"user,omitempty"`
// RequestState filters for requests in a specific state.
State RequestState `protobuf:"varint,3,opt,name=State,proto3,enum=types.RequestState" json:"state,omitempty"`
// SearchKeywords is a list of search keywords to match against resource field values.
// The matcher goes through select field values from a resource
// and tries to match against the list of search values, ignoring case and order.
// Returns true if all search vals were matched (or if nil search vals).
// Returns false if no or partial match (or nil field values).
SearchKeywords []string `protobuf:"bytes,4,rep,name=SearchKeywords,proto3" json:"search,omitempty"`
// Scope is an aditional filter to view requests based on needs review, reviewed, my requests
Scope AccessRequestScope `protobuf:"varint,5,opt,name=Scope,proto3,enum=types.AccessRequestScope" json:"scope,omitempty"`
// Requester is the requester of the api call. This is set by the Auth Service
// Use User for the requester of the request.
Requester string `protobuf:"bytes,6,opt,name=Requester,proto3" json:"requester,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessRequestFilter) Reset() { *m = AccessRequestFilter{} }
func (m *AccessRequestFilter) String() string { return proto.CompactTextString(m) }
func (*AccessRequestFilter) ProtoMessage() {}
func (*AccessRequestFilter) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{128}
}
func (m *AccessRequestFilter) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessRequestFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessRequestFilter.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessRequestFilter) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessRequestFilter.Merge(m, src)
}
func (m *AccessRequestFilter) XXX_Size() int {
return m.Size()
}
func (m *AccessRequestFilter) XXX_DiscardUnknown() {
xxx_messageInfo_AccessRequestFilter.DiscardUnknown(m)
}
var xxx_messageInfo_AccessRequestFilter proto.InternalMessageInfo
// AccessCapabilities is a summary of capabilities that a user
// is granted via their dynamic access privileges which may not be
// calculable by directly examining the user's own static roles.
type AccessCapabilities struct {
// RequestableRoles is a list of existent roles which the user is allowed to request.
RequestableRoles []string `protobuf:"bytes,1,rep,name=RequestableRoles,proto3" json:"requestable_roles,omitempty"`
// SuggestedReviewers is a list of all reviewers which are suggested by the user's roles.
SuggestedReviewers []string `protobuf:"bytes,2,rep,name=SuggestedReviewers,proto3" json:"suggested_reviewers,omitempty"`
// ApplicableRolesForResources is a list of the roles applicable for access to a given set of resources.
ApplicableRolesForResources []string `protobuf:"bytes,3,rep,name=ApplicableRolesForResources,proto3" json:"applicable_roles,omitempty"`
// RequestPrompt is an optional message which tells users what they aught to request.
RequestPrompt string `protobuf:"bytes,4,opt,name=RequestPrompt,proto3" json:"request_prompt,omitempty"`
// RequireReason indicates whether the request strategy is one that requires
// users to always supply reasons with their requests.
RequireReason bool `protobuf:"varint,5,opt,name=RequireReason,proto3" json:"require_reason,omitempty"`
// AutoRequest indicates whether the request strategy indicates that a
// request should be automatically generated on login.
AutoRequest bool `protobuf:"varint,6,opt,name=AutoRequest,proto3" json:"auto_request,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessCapabilities) Reset() { *m = AccessCapabilities{} }
func (m *AccessCapabilities) String() string { return proto.CompactTextString(m) }
func (*AccessCapabilities) ProtoMessage() {}
func (*AccessCapabilities) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{129}
}
func (m *AccessCapabilities) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessCapabilities) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessCapabilities.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessCapabilities) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessCapabilities.Merge(m, src)
}
func (m *AccessCapabilities) XXX_Size() int {
return m.Size()
}
func (m *AccessCapabilities) XXX_DiscardUnknown() {
xxx_messageInfo_AccessCapabilities.DiscardUnknown(m)
}
var xxx_messageInfo_AccessCapabilities proto.InternalMessageInfo
// AccessCapabilitiesRequest encodes parameters for the GetAccessCapabilities method.
type AccessCapabilitiesRequest struct {
// User is the name of the user whose capabilities we are interested in (defaults to
// the caller's own username).
User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user,omitempty"`
// RequestableRoles is a flag indicating that we would like to view the list of roles
// that the user is able to request.
RequestableRoles bool `protobuf:"varint,2,opt,name=RequestableRoles,proto3" json:"requestable_roles,omitempty"`
// SuggestedReviewers is a flag indicating that we would like to view the list of all
// reviewers which are suggested by the user's roles.
SuggestedReviewers bool `protobuf:"varint,3,opt,name=SuggestedReviewers,proto3" json:"suggested_reviewers,omitempty"`
// ResourceIDs is the list of the ResourceIDs of the resources we would like to view
// the necessary roles for.
ResourceIDs []ResourceID `protobuf:"bytes,4,rep,name=ResourceIDs,proto3" json:"resource_ids,omitempty"`
// Login is the host login the user is requesting access for.
Login string `protobuf:"bytes,5,opt,name=Login,proto3" json:"login,omitempty"`
// FilterRequestableRolesByResource is a flag indicating that the returned
// list of roles that the user can request should be filtered to only include
// roles that allow access to the provided ResourceIDs.
FilterRequestableRolesByResource bool `protobuf:"varint,6,opt,name=FilterRequestableRolesByResource,proto3" json:"filter_requestable_roles_by_resource,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessCapabilitiesRequest) Reset() { *m = AccessCapabilitiesRequest{} }
func (m *AccessCapabilitiesRequest) String() string { return proto.CompactTextString(m) }
func (*AccessCapabilitiesRequest) ProtoMessage() {}
func (*AccessCapabilitiesRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{130}
}
func (m *AccessCapabilitiesRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessCapabilitiesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessCapabilitiesRequest.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessCapabilitiesRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessCapabilitiesRequest.Merge(m, src)
}
func (m *AccessCapabilitiesRequest) XXX_Size() int {
return m.Size()
}
func (m *AccessCapabilitiesRequest) XXX_DiscardUnknown() {
xxx_messageInfo_AccessCapabilitiesRequest.DiscardUnknown(m)
}
var xxx_messageInfo_AccessCapabilitiesRequest proto.InternalMessageInfo
// RemoteAccessCapabilities is a summary of the capabilites that a remote cluster
// user is granted in target cluster.
// buf:lint:ignore PAGINATION_REQUIRED
type RemoteAccessCapabilities struct {
// ApplicableRolesForResources is a list of the remote-cluster roles applicable
// for access to a given set of resources. This will always be a subset of the
// SearchAsRoles supplied in the [RemoteAccessCapabilitiesRequest]
ApplicableRolesForResources []string `protobuf:"bytes,1,rep,name=ApplicableRolesForResources,proto3" json:"applicable_roles,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RemoteAccessCapabilities) Reset() { *m = RemoteAccessCapabilities{} }
func (m *RemoteAccessCapabilities) String() string { return proto.CompactTextString(m) }
func (*RemoteAccessCapabilities) ProtoMessage() {}
func (*RemoteAccessCapabilities) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{131}
}
func (m *RemoteAccessCapabilities) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RemoteAccessCapabilities) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RemoteAccessCapabilities.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RemoteAccessCapabilities) XXX_Merge(src proto.Message) {
xxx_messageInfo_RemoteAccessCapabilities.Merge(m, src)
}
func (m *RemoteAccessCapabilities) XXX_Size() int {
return m.Size()
}
func (m *RemoteAccessCapabilities) XXX_DiscardUnknown() {
xxx_messageInfo_RemoteAccessCapabilities.DiscardUnknown(m)
}
var xxx_messageInfo_RemoteAccessCapabilities proto.InternalMessageInfo
// AccessCapabilitiesRequest encodes parameters for the GetRemoteAccessCapabilities method.
// buf:lint:ignore PAGINATION_REQUIRED
type RemoteAccessCapabilitiesRequest struct {
// user is the name of the target user on their home cluster
User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user,omitempty"`
// SearchAsRoles holds the roles the target user may use when searching for
// resources on the user's home cluster
SearchAsRoles []string `protobuf:"bytes,2,rep,name=SearchAsRoles,proto3" json:"remote_search_as_roles,omitempty"`
// ResourceIDs is the list of the ResourceIDs of the resources we would like to view
// the necessary roles for.
ResourceIDs []ResourceID `protobuf:"bytes,3,rep,name=ResourceIDs,proto3" json:"resource_ids,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RemoteAccessCapabilitiesRequest) Reset() { *m = RemoteAccessCapabilitiesRequest{} }
func (m *RemoteAccessCapabilitiesRequest) String() string { return proto.CompactTextString(m) }
func (*RemoteAccessCapabilitiesRequest) ProtoMessage() {}
func (*RemoteAccessCapabilitiesRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{132}
}
func (m *RemoteAccessCapabilitiesRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RemoteAccessCapabilitiesRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RemoteAccessCapabilitiesRequest.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RemoteAccessCapabilitiesRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_RemoteAccessCapabilitiesRequest.Merge(m, src)
}
func (m *RemoteAccessCapabilitiesRequest) XXX_Size() int {
return m.Size()
}
func (m *RemoteAccessCapabilitiesRequest) XXX_DiscardUnknown() {
xxx_messageInfo_RemoteAccessCapabilitiesRequest.DiscardUnknown(m)
}
var xxx_messageInfo_RemoteAccessCapabilitiesRequest proto.InternalMessageInfo
// RequestKubernetesResource is the Kubernetes resource identifier used
// in access request settings.
// Modeled after existing message KubernetesResource.
type RequestKubernetesResource struct {
// kind specifies the Kubernetes Resource type.
Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"`
// APIGroup specifies the Kubernetes Resource API group.
APIGroup string `protobuf:"bytes,2,opt,name=APIGroup,proto3" json:"api_group,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RequestKubernetesResource) Reset() { *m = RequestKubernetesResource{} }
func (m *RequestKubernetesResource) String() string { return proto.CompactTextString(m) }
func (*RequestKubernetesResource) ProtoMessage() {}
func (*RequestKubernetesResource) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{133}
}
func (m *RequestKubernetesResource) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RequestKubernetesResource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RequestKubernetesResource.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RequestKubernetesResource) XXX_Merge(src proto.Message) {
xxx_messageInfo_RequestKubernetesResource.Merge(m, src)
}
func (m *RequestKubernetesResource) XXX_Size() int {
return m.Size()
}
func (m *RequestKubernetesResource) XXX_DiscardUnknown() {
xxx_messageInfo_RequestKubernetesResource.DiscardUnknown(m)
}
var xxx_messageInfo_RequestKubernetesResource proto.InternalMessageInfo
// ResourceID is a unique identifier for a teleport resource.
// Must be kept in sync with teleport.decision.v1alpha1.ResourceId.
type ResourceID struct {
// ClusterName is the name of the cluster the resource is in.
ClusterName string `protobuf:"bytes,1,opt,name=ClusterName,proto3" json:"cluster"`
// Kind is the resource kind.
Kind string `protobuf:"bytes,2,opt,name=Kind,proto3" json:"kind"`
// Name is the name of the specific resource.
Name string `protobuf:"bytes,3,opt,name=Name,proto3" json:"name"`
// SubResourceName is the resource belonging to resource identified by "Name"
// that the user is allowed to access to.
// When granting access to a subresource, access to other resources is limited.
// Currently it just supports resources of Kind=pod and the format is the following
// "<kube_namespace>/<kube_pod>".
SubResourceName string `protobuf:"bytes,4,opt,name=SubResourceName,proto3" json:"sub_resource,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ResourceID) Reset() { *m = ResourceID{} }
func (m *ResourceID) String() string { return proto.CompactTextString(m) }
func (*ResourceID) ProtoMessage() {}
func (*ResourceID) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{134}
}
func (m *ResourceID) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ResourceID) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ResourceID.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ResourceID) XXX_Merge(src proto.Message) {
xxx_messageInfo_ResourceID.Merge(m, src)
}
func (m *ResourceID) XXX_Size() int {
return m.Size()
}
func (m *ResourceID) XXX_DiscardUnknown() {
xxx_messageInfo_ResourceID.DiscardUnknown(m)
}
var xxx_messageInfo_ResourceID proto.InternalMessageInfo
// PluginData stores a collection of values associated with a specific resource.
type PluginDataV3 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is version
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is PluginData metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is a PluginData specification
Spec PluginDataSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginDataV3) Reset() { *m = PluginDataV3{} }
func (*PluginDataV3) ProtoMessage() {}
func (*PluginDataV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{135}
}
func (m *PluginDataV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginDataV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginDataV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginDataV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginDataV3.Merge(m, src)
}
func (m *PluginDataV3) XXX_Size() int {
return m.Size()
}
func (m *PluginDataV3) XXX_DiscardUnknown() {
xxx_messageInfo_PluginDataV3.DiscardUnknown(m)
}
var xxx_messageInfo_PluginDataV3 proto.InternalMessageInfo
// PluginDataEntry wraps a mapping of arbitrary string values used by
// plugins to store per-resource information.
type PluginDataEntry struct {
// Data is a mapping of arbitrary string values.
Data map[string]string `protobuf:"bytes,1,rep,name=Data,proto3" json:"data,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginDataEntry) Reset() { *m = PluginDataEntry{} }
func (m *PluginDataEntry) String() string { return proto.CompactTextString(m) }
func (*PluginDataEntry) ProtoMessage() {}
func (*PluginDataEntry) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{136}
}
func (m *PluginDataEntry) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginDataEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginDataEntry.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginDataEntry) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginDataEntry.Merge(m, src)
}
func (m *PluginDataEntry) XXX_Size() int {
return m.Size()
}
func (m *PluginDataEntry) XXX_DiscardUnknown() {
xxx_messageInfo_PluginDataEntry.DiscardUnknown(m)
}
var xxx_messageInfo_PluginDataEntry proto.InternalMessageInfo
// PluginData stores a collection of values associated with a specific resource.
type PluginDataSpecV3 struct {
// Entries is a collection of PluginData values organized by plugin name.
Entries map[string]*PluginDataEntry `protobuf:"bytes,1,rep,name=Entries,proto3" json:"entries" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginDataSpecV3) Reset() { *m = PluginDataSpecV3{} }
func (m *PluginDataSpecV3) String() string { return proto.CompactTextString(m) }
func (*PluginDataSpecV3) ProtoMessage() {}
func (*PluginDataSpecV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{137}
}
func (m *PluginDataSpecV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginDataSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginDataSpecV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginDataSpecV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginDataSpecV3.Merge(m, src)
}
func (m *PluginDataSpecV3) XXX_Size() int {
return m.Size()
}
func (m *PluginDataSpecV3) XXX_DiscardUnknown() {
xxx_messageInfo_PluginDataSpecV3.DiscardUnknown(m)
}
var xxx_messageInfo_PluginDataSpecV3 proto.InternalMessageInfo
// PluginDataFilter encodes filter params for plugin data.
type PluginDataFilter struct {
// Kind is the kind of resource that the target plugin data
// is associated with.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind,omitempty"`
// Resource matches a specific resource name if set.
Resource string `protobuf:"bytes,2,opt,name=Resource,proto3" json:"resource,omitempty"`
// Plugin matches a specific plugin name if set.
Plugin string `protobuf:"bytes,3,opt,name=Plugin,proto3" json:"plugin,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginDataFilter) Reset() { *m = PluginDataFilter{} }
func (m *PluginDataFilter) String() string { return proto.CompactTextString(m) }
func (*PluginDataFilter) ProtoMessage() {}
func (*PluginDataFilter) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{138}
}
func (m *PluginDataFilter) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginDataFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginDataFilter.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginDataFilter) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginDataFilter.Merge(m, src)
}
func (m *PluginDataFilter) XXX_Size() int {
return m.Size()
}
func (m *PluginDataFilter) XXX_DiscardUnknown() {
xxx_messageInfo_PluginDataFilter.DiscardUnknown(m)
}
var xxx_messageInfo_PluginDataFilter proto.InternalMessageInfo
// PluginDataUpdateParams encodes parameters for updating a PluginData field.
type PluginDataUpdateParams struct {
// Kind is the kind of resource that the target plugin data
// is associated with.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// Resource indicates the name of the target resource.
Resource string `protobuf:"bytes,2,opt,name=Resource,proto3" json:"resource"`
// Plugin is the name of the plugin that owns the data.
Plugin string `protobuf:"bytes,3,opt,name=Plugin,proto3" json:"plugin"`
// Set indicates the fields which should be set by this operation.
Set map[string]string `protobuf:"bytes,4,rep,name=Set,proto3" json:"set,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// Expect optionally indicates the expected state of fields prior to this update.
Expect map[string]string `protobuf:"bytes,5,rep,name=Expect,proto3" json:"expect,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginDataUpdateParams) Reset() { *m = PluginDataUpdateParams{} }
func (m *PluginDataUpdateParams) String() string { return proto.CompactTextString(m) }
func (*PluginDataUpdateParams) ProtoMessage() {}
func (*PluginDataUpdateParams) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{139}
}
func (m *PluginDataUpdateParams) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginDataUpdateParams) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginDataUpdateParams.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginDataUpdateParams) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginDataUpdateParams.Merge(m, src)
}
func (m *PluginDataUpdateParams) XXX_Size() int {
return m.Size()
}
func (m *PluginDataUpdateParams) XXX_DiscardUnknown() {
xxx_messageInfo_PluginDataUpdateParams.DiscardUnknown(m)
}
var xxx_messageInfo_PluginDataUpdateParams proto.InternalMessageInfo
// RoleFilter matches role resources.
type RoleFilter struct {
// SearchKeywords is a list of search keywords to match against resource field values.
SearchKeywords []string `protobuf:"bytes,1,rep,name=SearchKeywords,proto3" json:"search_keywords,omitempty"`
// SkipSystemRoles filters out teleport system roles from the results.
SkipSystemRoles bool `protobuf:"varint,2,opt,name=SkipSystemRoles,proto3" json:"skip_system_roles,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RoleFilter) Reset() { *m = RoleFilter{} }
func (m *RoleFilter) String() string { return proto.CompactTextString(m) }
func (*RoleFilter) ProtoMessage() {}
func (*RoleFilter) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{140}
}
func (m *RoleFilter) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RoleFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RoleFilter.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RoleFilter) XXX_Merge(src proto.Message) {
xxx_messageInfo_RoleFilter.Merge(m, src)
}
func (m *RoleFilter) XXX_Size() int {
return m.Size()
}
func (m *RoleFilter) XXX_DiscardUnknown() {
xxx_messageInfo_RoleFilter.DiscardUnknown(m)
}
var xxx_messageInfo_RoleFilter proto.InternalMessageInfo
// RoleV6 represents role resource specification
type RoleV6 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version. It must be specified.
// Supported values are: `v3`, `v4`, `v5`, `v6`, `v7`, `v8`.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is a role specification
Spec RoleSpecV6 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RoleV6) Reset() { *m = RoleV6{} }
func (*RoleV6) ProtoMessage() {}
func (*RoleV6) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{141}
}
func (m *RoleV6) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RoleV6) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RoleV6.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RoleV6) XXX_Merge(src proto.Message) {
xxx_messageInfo_RoleV6.Merge(m, src)
}
func (m *RoleV6) XXX_Size() int {
return m.Size()
}
func (m *RoleV6) XXX_DiscardUnknown() {
xxx_messageInfo_RoleV6.DiscardUnknown(m)
}
var xxx_messageInfo_RoleV6 proto.InternalMessageInfo
// RoleSpecV6 is role specification for RoleV6.
type RoleSpecV6 struct {
// Options is for OpenSSH options like agent forwarding.
Options RoleOptions `protobuf:"bytes,1,opt,name=Options,proto3" json:"options,omitempty"`
// Allow is the set of conditions evaluated to grant access.
Allow RoleConditions `protobuf:"bytes,2,opt,name=Allow,proto3" json:"allow,omitempty"`
// Deny is the set of conditions evaluated to deny access. Deny takes priority
// over allow.
Deny RoleConditions `protobuf:"bytes,3,opt,name=Deny,proto3" json:"deny,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RoleSpecV6) Reset() { *m = RoleSpecV6{} }
func (m *RoleSpecV6) String() string { return proto.CompactTextString(m) }
func (*RoleSpecV6) ProtoMessage() {}
func (*RoleSpecV6) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{142}
}
func (m *RoleSpecV6) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RoleSpecV6) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RoleSpecV6.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RoleSpecV6) XXX_Merge(src proto.Message) {
xxx_messageInfo_RoleSpecV6.Merge(m, src)
}
func (m *RoleSpecV6) XXX_Size() int {
return m.Size()
}
func (m *RoleSpecV6) XXX_DiscardUnknown() {
xxx_messageInfo_RoleSpecV6.DiscardUnknown(m)
}
var xxx_messageInfo_RoleSpecV6 proto.InternalMessageInfo
// SSHLocalPortForwarding configures access controls for local SSH port forwarding.
type SSHLocalPortForwarding struct {
Enabled *BoolOption `protobuf:"bytes,1,opt,name=Enabled,proto3,customtype=BoolOption" json:"enabled,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SSHLocalPortForwarding) Reset() { *m = SSHLocalPortForwarding{} }
func (m *SSHLocalPortForwarding) String() string { return proto.CompactTextString(m) }
func (*SSHLocalPortForwarding) ProtoMessage() {}
func (*SSHLocalPortForwarding) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{143}
}
func (m *SSHLocalPortForwarding) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SSHLocalPortForwarding) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SSHLocalPortForwarding.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SSHLocalPortForwarding) XXX_Merge(src proto.Message) {
xxx_messageInfo_SSHLocalPortForwarding.Merge(m, src)
}
func (m *SSHLocalPortForwarding) XXX_Size() int {
return m.Size()
}
func (m *SSHLocalPortForwarding) XXX_DiscardUnknown() {
xxx_messageInfo_SSHLocalPortForwarding.DiscardUnknown(m)
}
var xxx_messageInfo_SSHLocalPortForwarding proto.InternalMessageInfo
// SSHRemotePortForwarding configures access controls for remote SSH port forwarding.
type SSHRemotePortForwarding struct {
Enabled *BoolOption `protobuf:"bytes,1,opt,name=Enabled,proto3,customtype=BoolOption" json:"enabled,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SSHRemotePortForwarding) Reset() { *m = SSHRemotePortForwarding{} }
func (m *SSHRemotePortForwarding) String() string { return proto.CompactTextString(m) }
func (*SSHRemotePortForwarding) ProtoMessage() {}
func (*SSHRemotePortForwarding) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{144}
}
func (m *SSHRemotePortForwarding) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SSHRemotePortForwarding) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SSHRemotePortForwarding.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SSHRemotePortForwarding) XXX_Merge(src proto.Message) {
xxx_messageInfo_SSHRemotePortForwarding.Merge(m, src)
}
func (m *SSHRemotePortForwarding) XXX_Size() int {
return m.Size()
}
func (m *SSHRemotePortForwarding) XXX_DiscardUnknown() {
xxx_messageInfo_SSHRemotePortForwarding.DiscardUnknown(m)
}
var xxx_messageInfo_SSHRemotePortForwarding proto.InternalMessageInfo
// SSHPortForwarding configures what types of SSH port forwarding are allowed by a role.
type SSHPortForwarding struct {
// Allow local port forwarding.
Local *SSHLocalPortForwarding `protobuf:"bytes,1,opt,name=Local,proto3" json:"local,omitempty"`
// Allow remote port forwarding.
Remote *SSHRemotePortForwarding `protobuf:"bytes,2,opt,name=Remote,proto3" json:"remote,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SSHPortForwarding) Reset() { *m = SSHPortForwarding{} }
func (m *SSHPortForwarding) String() string { return proto.CompactTextString(m) }
func (*SSHPortForwarding) ProtoMessage() {}
func (*SSHPortForwarding) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{145}
}
func (m *SSHPortForwarding) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SSHPortForwarding) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SSHPortForwarding.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SSHPortForwarding) XXX_Merge(src proto.Message) {
xxx_messageInfo_SSHPortForwarding.Merge(m, src)
}
func (m *SSHPortForwarding) XXX_Size() int {
return m.Size()
}
func (m *SSHPortForwarding) XXX_DiscardUnknown() {
xxx_messageInfo_SSHPortForwarding.DiscardUnknown(m)
}
var xxx_messageInfo_SSHPortForwarding proto.InternalMessageInfo
// RoleOptions is a set of role options
type RoleOptions struct {
// ForwardAgent is SSH agent forwarding.
ForwardAgent Bool `protobuf:"varint,1,opt,name=ForwardAgent,proto3,casttype=Bool" json:"forward_agent"`
// MaxSessionTTL defines how long a SSH session can last for.
MaxSessionTTL Duration `protobuf:"varint,2,opt,name=MaxSessionTTL,proto3,casttype=Duration" json:"max_session_ttl,omitempty"`
// Deprecated: Use SSHPortForwarding instead
PortForwarding *BoolOption `protobuf:"bytes,3,opt,name=PortForwarding,proto3,customtype=BoolOption" json:"port_forwarding,omitempty"` // Deprecated: Do not use.
// CertificateFormat defines the format of the user certificate to allow
// compatibility with older versions of OpenSSH.
CertificateFormat string `protobuf:"bytes,4,opt,name=CertificateFormat,proto3" json:"cert_format"`
// ClientIdleTimeout sets disconnect clients on idle timeout behavior,
// if set to 0 means do not disconnect, otherwise is set to the idle
// duration.
ClientIdleTimeout Duration `protobuf:"varint,5,opt,name=ClientIdleTimeout,proto3,casttype=Duration" json:"client_idle_timeout,omitempty"`
// DisconnectExpiredCert sets disconnect clients on expired certificates.
DisconnectExpiredCert Bool `protobuf:"varint,6,opt,name=DisconnectExpiredCert,proto3,casttype=Bool" json:"disconnect_expired_cert,omitempty"`
// BPF defines what events to record for the BPF-based session recorder.
BPF []string `protobuf:"bytes,7,rep,name=BPF,proto3" json:"enhanced_recording,omitempty"`
// PermitX11Forwarding authorizes use of X11 forwarding.
PermitX11Forwarding Bool `protobuf:"varint,8,opt,name=PermitX11Forwarding,proto3,casttype=Bool" json:"permit_x11_forwarding,omitempty"`
// MaxConnections defines the maximum number of
// concurrent connections a user may hold.
MaxConnections int64 `protobuf:"varint,9,opt,name=MaxConnections,proto3" json:"max_connections,omitempty"`
// MaxSessions defines the maximum number of
// concurrent sessions per connection.
MaxSessions int64 `protobuf:"varint,10,opt,name=MaxSessions,proto3" json:"max_sessions,omitempty"`
// RequestAccess defines the request strategy (optional|reason|always)
// where optional is the default.
RequestAccess RequestStrategy `protobuf:"bytes,11,opt,name=RequestAccess,proto3,casttype=RequestStrategy" json:"request_access,omitempty"`
// RequestPrompt is an optional message which tells users what they aught to request.
RequestPrompt string `protobuf:"bytes,12,opt,name=RequestPrompt,proto3" json:"request_prompt,omitempty"`
// Lock specifies the locking mode (strict|best_effort) to be applied with
// the role.
Lock github_com_gravitational_teleport_api_constants.LockingMode `protobuf:"bytes,14,opt,name=Lock,proto3,casttype=github.com/gravitational/teleport/api/constants.LockingMode" json:"lock,omitempty"`
// RecordDesktopSession indicates whether desktop access sessions should be recorded.
// It defaults to true unless explicitly set to false.
RecordSession *RecordSession `protobuf:"bytes,15,opt,name=RecordSession,proto3" json:"record_session"`
// DesktopClipboard indicates whether clipboard sharing is allowed between the user's
// workstation and the remote desktop. It defaults to true unless explicitly set to
// false.
DesktopClipboard *BoolOption `protobuf:"bytes,16,opt,name=DesktopClipboard,proto3,customtype=BoolOption" json:"desktop_clipboard"`
// CertExtensions specifies the key/values
CertExtensions []*CertExtension `protobuf:"bytes,17,rep,name=CertExtensions,proto3" json:"cert_extensions,omitempty"`
// MaxKubernetesConnections defines the maximum number of concurrent
// Kubernetes sessions a user may hold.
MaxKubernetesConnections int64 `protobuf:"varint,18,opt,name=MaxKubernetesConnections,proto3" json:"max_kubernetes_connections,omitempty"`
// DesktopDirectorySharing indicates whether directory sharing is allowed between the user's
// workstation and the remote desktop. It defaults to false unless explicitly set to
// true.
DesktopDirectorySharing *BoolOption `protobuf:"bytes,19,opt,name=DesktopDirectorySharing,proto3,customtype=BoolOption" json:"desktop_directory_sharing"`
// Deprecated: use CreateHostUserMode instead.
CreateHostUser *BoolOption `protobuf:"bytes,20,opt,name=CreateHostUser,proto3,customtype=BoolOption" json:"create_host_user,omitempty"`
// PinSourceIP forces the same client IP for certificate generation and usage
PinSourceIP Bool `protobuf:"varint,21,opt,name=PinSourceIP,proto3,casttype=Bool" json:"pin_source_ip"`
// SSHFileCopy indicates whether remote file operations via SCP or SFTP are allowed
// over an SSH session. It defaults to true unless explicitly set to false.
SSHFileCopy *BoolOption `protobuf:"bytes,22,opt,name=SSHFileCopy,proto3,customtype=BoolOption" json:"ssh_file_copy"`
// RequireMFAType is the type of MFA requirement enforced for this user.
// 0 is "OFF", 1 is "SESSION", 2 is "SESSION_AND_HARDWARE_KEY", 3 is "HARDWARE_KEY_TOUCH",
// 4 is "HARDWARE_KEY_PIN", 5 is "HARDWARE_KEY_TOUCH_AND_PIN".
RequireMFAType RequireMFAType `protobuf:"varint,23,opt,name=RequireMFAType,proto3,enum=types.RequireMFAType" json:"require_session_mfa,omitempty"`
// DeviceTrustMode is the device authorization mode used for the resources
// associated with the role.
// See DeviceTrust.Mode.
DeviceTrustMode string `protobuf:"bytes,24,opt,name=DeviceTrustMode,proto3" json:"device_trust_mode,omitempty"`
// IDP is a set of options related to accessing IdPs within Teleport.
// Requires Teleport Enterprise.
IDP *IdPOptions `protobuf:"bytes,25,opt,name=IDP,proto3" json:"idp,omitempty"`
// CreateDesktopUser allows users to be automatically created on a Windows desktop
CreateDesktopUser *BoolOption `protobuf:"bytes,26,opt,name=CreateDesktopUser,proto3,customtype=BoolOption" json:"create_desktop_user"`
// CreateDatabaseUser enabled automatic database user creation.
CreateDatabaseUser *BoolOption `protobuf:"bytes,27,opt,name=CreateDatabaseUser,proto3,customtype=BoolOption" json:"create_db_user"`
// CreateHostUserMode allows users to be automatically created on a
// host when not set to off.
// 0 is "unspecified"; 1 is "off"; 2 is "drop" (removed for v15 and above),
// 3 is "keep"; 4 is "insecure-drop".
CreateHostUserMode CreateHostUserMode `protobuf:"varint,28,opt,name=CreateHostUserMode,proto3,enum=types.CreateHostUserMode" json:"create_host_user_mode,omitempty"`
// CreateDatabaseUserMode allows users to be automatically created on a
// database when not set to off.
// 0 is "unspecified", 1 is "off", 2 is "keep", 3 is "best_effort_drop".
CreateDatabaseUserMode CreateDatabaseUserMode `protobuf:"varint,29,opt,name=CreateDatabaseUserMode,proto3,enum=types.CreateDatabaseUserMode" json:"create_db_user_mode,omitempty"`
// MFAVerificationInterval optionally defines the maximum duration that can elapse
// between successive MFA verifications. This variable is used to ensure
// that users are periodically prompted to verify their identity, enhancing
// security by preventing prolonged sessions without re-authentication when using
// tsh proxy * derivatives.
// It's only effective if the session requires MFA.
// If not set, defaults to `max_session_ttl`.
MFAVerificationInterval time.Duration `protobuf:"bytes,30,opt,name=MFAVerificationInterval,proto3,stdduration" json:"mfa_verification_interval,omitempty"`
// CreateHostUserDefaultShell is used to configure the default shell for newly provisioned host users.
CreateHostUserDefaultShell string `protobuf:"bytes,31,opt,name=CreateHostUserDefaultShell,proto3" json:"create_host_user_default_shell,omitempty"`
// SSHPortForwarding configures what types of SSH port forwarding are allowed by a role.
SSHPortForwarding *SSHPortForwarding `protobuf:"bytes,32,opt,name=SSHPortForwarding,proto3" json:"ssh_port_forwarding,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RoleOptions) Reset() { *m = RoleOptions{} }
func (m *RoleOptions) String() string { return proto.CompactTextString(m) }
func (*RoleOptions) ProtoMessage() {}
func (*RoleOptions) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{146}
}
func (m *RoleOptions) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RoleOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RoleOptions.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RoleOptions) XXX_Merge(src proto.Message) {
xxx_messageInfo_RoleOptions.Merge(m, src)
}
func (m *RoleOptions) XXX_Size() int {
return m.Size()
}
func (m *RoleOptions) XXX_DiscardUnknown() {
xxx_messageInfo_RoleOptions.DiscardUnknown(m)
}
var xxx_messageInfo_RoleOptions proto.InternalMessageInfo
type RecordSession struct {
// Desktop indicates whether desktop sessions should be recorded.
// It defaults to true unless explicitly set to false.
Desktop *BoolOption `protobuf:"bytes,1,opt,name=Desktop,proto3,customtype=BoolOption" json:"desktop"`
// Default indicates the default value for the services.
Default github_com_gravitational_teleport_api_constants.SessionRecordingMode `protobuf:"bytes,2,opt,name=Default,proto3,casttype=github.com/gravitational/teleport/api/constants.SessionRecordingMode" json:"default,omitempty"`
// SSH indicates the session mode used on SSH sessions.
SSH github_com_gravitational_teleport_api_constants.SessionRecordingMode `protobuf:"bytes,3,opt,name=SSH,proto3,casttype=github.com/gravitational/teleport/api/constants.SessionRecordingMode" json:"ssh,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RecordSession) Reset() { *m = RecordSession{} }
func (m *RecordSession) String() string { return proto.CompactTextString(m) }
func (*RecordSession) ProtoMessage() {}
func (*RecordSession) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{147}
}
func (m *RecordSession) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RecordSession) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RecordSession.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RecordSession) XXX_Merge(src proto.Message) {
xxx_messageInfo_RecordSession.Merge(m, src)
}
func (m *RecordSession) XXX_Size() int {
return m.Size()
}
func (m *RecordSession) XXX_DiscardUnknown() {
xxx_messageInfo_RecordSession.DiscardUnknown(m)
}
var xxx_messageInfo_RecordSession proto.InternalMessageInfo
// CertExtension represents a key/value for a certificate extension
type CertExtension struct {
// Type represents the certificate type being extended, only ssh
// is supported at this time.
// 0 is "ssh".
Type CertExtensionType `protobuf:"varint,1,opt,name=Type,proto3,enum=types.CertExtensionType" json:"type"`
// Mode is the type of extension to be used -- currently
// critical-option is not supported.
// 0 is "extension".
Mode CertExtensionMode `protobuf:"varint,2,opt,name=Mode,proto3,enum=types.CertExtensionMode" json:"mode"`
// Name specifies the key to be used in the cert extension.
Name string `protobuf:"bytes,3,opt,name=Name,proto3" json:"name"`
// Value specifies the value to be used in the cert extension.
Value string `protobuf:"bytes,4,opt,name=Value,proto3" json:"value"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *CertExtension) Reset() { *m = CertExtension{} }
func (m *CertExtension) String() string { return proto.CompactTextString(m) }
func (*CertExtension) ProtoMessage() {}
func (*CertExtension) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{148}
}
func (m *CertExtension) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *CertExtension) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_CertExtension.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *CertExtension) XXX_Merge(src proto.Message) {
xxx_messageInfo_CertExtension.Merge(m, src)
}
func (m *CertExtension) XXX_Size() int {
return m.Size()
}
func (m *CertExtension) XXX_DiscardUnknown() {
xxx_messageInfo_CertExtension.DiscardUnknown(m)
}
var xxx_messageInfo_CertExtension proto.InternalMessageInfo
// RoleConditions is a set of conditions that must all match to be allowed or
// denied access.
type RoleConditions struct {
// Logins is a list of *nix system logins.
Logins []string `protobuf:"bytes,1,rep,name=Logins,proto3" json:"logins,omitempty"`
// Namespaces is a list of namespaces (used to partition a cluster). The
// field should be called "namespaces" when it returns in Teleport 2.4.
Namespaces []string `protobuf:"bytes,2,rep,name=Namespaces,proto3" json:"-"`
// NodeLabels is a map of node labels (used to dynamically grant access to
// nodes).
NodeLabels Labels `protobuf:"bytes,3,opt,name=NodeLabels,proto3,customtype=Labels" json:"node_labels,omitempty"`
// Rules is a list of rules and their access levels. Rules are a high level
// construct used for access control.
Rules []Rule `protobuf:"bytes,4,rep,name=Rules,proto3" json:"rules,omitempty"`
// KubeGroups is a list of kubernetes groups
KubeGroups []string `protobuf:"bytes,5,rep,name=KubeGroups,proto3" json:"kubernetes_groups,omitempty"`
Request *AccessRequestConditions `protobuf:"bytes,6,opt,name=Request,proto3" json:"request,omitempty"`
// KubeUsers is an optional kubernetes users to impersonate
KubeUsers []string `protobuf:"bytes,7,rep,name=KubeUsers,proto3" json:"kubernetes_users,omitempty"`
// AppLabels is a map of labels used as part of the RBAC system.
AppLabels Labels `protobuf:"bytes,8,opt,name=AppLabels,proto3,customtype=Labels" json:"app_labels,omitempty"`
// ClusterLabels is a map of node labels (used to dynamically grant access to
// clusters).
ClusterLabels Labels `protobuf:"bytes,9,opt,name=ClusterLabels,proto3,customtype=Labels" json:"cluster_labels,omitempty"`
// KubernetesLabels is a map of kubernetes cluster labels used for RBAC.
KubernetesLabels Labels `protobuf:"bytes,10,opt,name=KubernetesLabels,proto3,customtype=Labels" json:"kubernetes_labels,omitempty"`
// DatabaseLabels are used in RBAC system to allow/deny access to databases.
DatabaseLabels Labels `protobuf:"bytes,11,opt,name=DatabaseLabels,proto3,customtype=Labels" json:"db_labels,omitempty"`
// DatabaseNames is a list of database names this role is allowed to connect to.
DatabaseNames []string `protobuf:"bytes,12,rep,name=DatabaseNames,proto3" json:"db_names,omitempty"`
// DatabaseUsers is a list of databases users this role is allowed to connect as.
DatabaseUsers []string `protobuf:"bytes,13,rep,name=DatabaseUsers,proto3" json:"db_users,omitempty"`
// Impersonate specifies what users and roles this role is allowed to impersonate
// by issuing certificates or other possible means.
Impersonate *ImpersonateConditions `protobuf:"bytes,14,opt,name=Impersonate,proto3" json:"impersonate,omitempty"`
// ReviewRequests defines conditions for submitting access reviews.
ReviewRequests *AccessReviewConditions `protobuf:"bytes,15,opt,name=ReviewRequests,proto3" json:"review_requests,omitempty"`
// AWSRoleARNs is a list of AWS role ARNs this role is allowed to assume.
AWSRoleARNs []string `protobuf:"bytes,16,rep,name=AWSRoleARNs,proto3" json:"aws_role_arns,omitempty"`
// WindowsDesktopLogins is a list of desktop login names allowed/denied for Windows desktops.
WindowsDesktopLogins []string `protobuf:"bytes,17,rep,name=WindowsDesktopLogins,proto3" json:"windows_desktop_logins,omitempty"`
// WindowsDesktopLabels are used in the RBAC system to allow/deny access to Windows desktops.
WindowsDesktopLabels Labels `protobuf:"bytes,18,opt,name=WindowsDesktopLabels,proto3,customtype=Labels" json:"windows_desktop_labels,omitempty"`
// RequireSessionJoin specifies policies for required users to start a session.
RequireSessionJoin []*SessionRequirePolicy `protobuf:"bytes,19,rep,name=RequireSessionJoin,proto3" json:"require_session_join,omitempty"`
// JoinSessions specifies policies to allow users to join other sessions.
JoinSessions []*SessionJoinPolicy `protobuf:"bytes,20,rep,name=JoinSessions,proto3" json:"join_sessions,omitempty"`
// HostGroups is a list of groups for created users to be added to
HostGroups []string `protobuf:"bytes,21,rep,name=HostGroups,proto3" json:"host_groups,omitempty"`
// HostSudoers is a list of entries to include in a users sudoer file
HostSudoers []string `protobuf:"bytes,22,rep,name=HostSudoers,proto3" json:"host_sudoers,omitempty"`
// AzureIdentities is a list of Azure identities this role is allowed to assume.
AzureIdentities []string `protobuf:"bytes,23,rep,name=AzureIdentities,proto3" json:"azure_identities,omitempty"`
// KubernetesResources is the Kubernetes Resources this Role grants access to.
KubernetesResources []KubernetesResource `protobuf:"bytes,24,rep,name=KubernetesResources,proto3" json:"kubernetes_resources,omitempty"`
// GCPServiceAccounts is a list of GCP service accounts this role is allowed to assume.
GCPServiceAccounts []string `protobuf:"bytes,25,rep,name=GCPServiceAccounts,proto3" json:"gcp_service_accounts,omitempty"`
// DatabaseServiceLabels are used in RBAC system to allow/deny access to Database Services.
DatabaseServiceLabels Labels `protobuf:"bytes,26,opt,name=DatabaseServiceLabels,proto3,customtype=Labels" json:"db_service_labels,omitempty"`
// GroupLabels is a map of labels used as part of the RBAC system.
GroupLabels Labels `protobuf:"bytes,27,opt,name=GroupLabels,proto3,customtype=Labels" json:"group_labels,omitempty"`
// DesktopGroups is a list of groups for created desktop users to be added to
DesktopGroups []string `protobuf:"bytes,28,rep,name=DesktopGroups,proto3" json:"desktop_groups,omitempty"`
// DatabaseRoles is a list of databases roles for automatic user creation.
DatabaseRoles []string `protobuf:"bytes,29,rep,name=DatabaseRoles,proto3" json:"db_roles,omitempty"`
// NodeLabelsExpression is a predicate expression used to allow/deny access to
// SSH nodes.
NodeLabelsExpression string `protobuf:"bytes,30,opt,name=NodeLabelsExpression,proto3" json:"node_labels_expression,omitempty"`
// AppLabelsExpression is a predicate expression used to allow/deny access to
// Apps.
AppLabelsExpression string `protobuf:"bytes,31,opt,name=AppLabelsExpression,proto3" json:"app_labels_expression,omitempty"`
// ClusterLabelsExpression is a predicate expression used to allow/deny access
// to remote Teleport clusters.
ClusterLabelsExpression string `protobuf:"bytes,32,opt,name=ClusterLabelsExpression,proto3" json:"cluster_labels_expression,omitempty"`
// KubernetesLabelsExpression is a predicate expression used to allow/deny
// access to kubernetes clusters.
KubernetesLabelsExpression string `protobuf:"bytes,33,opt,name=KubernetesLabelsExpression,proto3" json:"kubernetes_labels_expression,omitempty"`
// DatabaseLabelsExpression is a predicate expression used to allow/deny
// access to Databases.
DatabaseLabelsExpression string `protobuf:"bytes,34,opt,name=DatabaseLabelsExpression,proto3" json:"db_labels_expression,omitempty"`
// DatabaseServiceLabelsExpression is a predicate expression used to
// allow/deny access to Database Services.
DatabaseServiceLabelsExpression string `protobuf:"bytes,35,opt,name=DatabaseServiceLabelsExpression,proto3" json:"db_service_labels_expression,omitempty"`
// WindowsDesktopLabelsExpression is a predicate expression used to allow/deny
// access to Windows desktops.
WindowsDesktopLabelsExpression string `protobuf:"bytes,36,opt,name=WindowsDesktopLabelsExpression,proto3" json:"windows_desktop_labels_expression,omitempty"`
// GroupLabelsExpression is a predicate expression used to allow/deny
// access to user groups.
GroupLabelsExpression string `protobuf:"bytes,37,opt,name=GroupLabelsExpression,proto3" json:"group_labels_expression,omitempty"`
// DatabasePermissions specifies a set of permissions that will be granted
// to the database user when using automatic database user provisioning.
DatabasePermissions []DatabasePermission `protobuf:"bytes,38,rep,name=DatabasePermissions,proto3" json:"db_permissions,omitempty"`
// SPIFFE is used to allow or deny access to a role holder to generating a
// SPIFFE SVID.
SPIFFE []*SPIFFERoleCondition `protobuf:"bytes,39,rep,name=SPIFFE,proto3" json:"spiffe,omitempty"`
// AccountAssignments holds the list of account assignments affected by this
// condition.
AccountAssignments []IdentityCenterAccountAssignment `protobuf:"bytes,42,rep,name=AccountAssignments,proto3" json:"account_assignments,omitempty"`
// GitHubPermissions defines GitHub integration related permissions.
GitHubPermissions []GitHubPermission `protobuf:"bytes,43,rep,name=git_hub_permissions,json=gitHubPermissions,proto3" json:"github_permissions,omitempty"`
// WorkloadIdentityLabels controls whether or not specific WorkloadIdentity
// resources can be invoked. Further authorization controls exist on the
// WorkloadIdentity resource itself.
WorkloadIdentityLabels Labels `protobuf:"bytes,44,opt,name=WorkloadIdentityLabels,proto3,customtype=Labels" json:"workload_identity_labels,omitempty"`
// WorkloadIdentityLabelsExpression is a predicate expression used to
// allow/deny access to issuing a WorkloadIdentity.
WorkloadIdentityLabelsExpression string `protobuf:"bytes,45,opt,name=WorkloadIdentityLabelsExpression,proto3" json:"workload_identity_labels_expression,omitempty"`
// MCPPermissions defines MCP servers related permissions.
MCP *MCPPermissions `protobuf:"bytes,46,opt,name=MCP,proto3" json:"mcp,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RoleConditions) Reset() { *m = RoleConditions{} }
func (m *RoleConditions) String() string { return proto.CompactTextString(m) }
func (*RoleConditions) ProtoMessage() {}
func (*RoleConditions) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{149}
}
func (m *RoleConditions) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RoleConditions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RoleConditions.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RoleConditions) XXX_Merge(src proto.Message) {
xxx_messageInfo_RoleConditions.Merge(m, src)
}
func (m *RoleConditions) XXX_Size() int {
return m.Size()
}
func (m *RoleConditions) XXX_DiscardUnknown() {
xxx_messageInfo_RoleConditions.DiscardUnknown(m)
}
var xxx_messageInfo_RoleConditions proto.InternalMessageInfo
// IdentityCenterAccountAssignment captures an AWS Identity Center account
// assignment (acccount + permission set) pair.
type IdentityCenterAccountAssignment struct {
PermissionSet string `protobuf:"bytes,1,opt,name=PermissionSet,proto3" json:"permission_set,omitempty"`
Account string `protobuf:"bytes,2,opt,name=Account,proto3" json:"account,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *IdentityCenterAccountAssignment) Reset() { *m = IdentityCenterAccountAssignment{} }
func (m *IdentityCenterAccountAssignment) String() string { return proto.CompactTextString(m) }
func (*IdentityCenterAccountAssignment) ProtoMessage() {}
func (*IdentityCenterAccountAssignment) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{150}
}
func (m *IdentityCenterAccountAssignment) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *IdentityCenterAccountAssignment) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_IdentityCenterAccountAssignment.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *IdentityCenterAccountAssignment) XXX_Merge(src proto.Message) {
xxx_messageInfo_IdentityCenterAccountAssignment.Merge(m, src)
}
func (m *IdentityCenterAccountAssignment) XXX_Size() int {
return m.Size()
}
func (m *IdentityCenterAccountAssignment) XXX_DiscardUnknown() {
xxx_messageInfo_IdentityCenterAccountAssignment.DiscardUnknown(m)
}
var xxx_messageInfo_IdentityCenterAccountAssignment proto.InternalMessageInfo
// GitHubPermission defines GitHub integration related permissions.
type GitHubPermission struct {
Organizations []string `protobuf:"bytes,1,rep,name=organizations,proto3" json:"orgs,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *GitHubPermission) Reset() { *m = GitHubPermission{} }
func (m *GitHubPermission) String() string { return proto.CompactTextString(m) }
func (*GitHubPermission) ProtoMessage() {}
func (*GitHubPermission) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{151}
}
func (m *GitHubPermission) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *GitHubPermission) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_GitHubPermission.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *GitHubPermission) XXX_Merge(src proto.Message) {
xxx_messageInfo_GitHubPermission.Merge(m, src)
}
func (m *GitHubPermission) XXX_Size() int {
return m.Size()
}
func (m *GitHubPermission) XXX_DiscardUnknown() {
xxx_messageInfo_GitHubPermission.DiscardUnknown(m)
}
var xxx_messageInfo_GitHubPermission proto.InternalMessageInfo
// MCPPermissions defines MCP servers related permissions.
type MCPPermissions struct {
// Tools defines the list of tools allowed or denied for this role. Each entry
// can be a literal string, a glob pattern (e.g. "prefix_*"), or a regular
// expression (must start with '^' and end with '$'). If the list is empty, no
// tools are allowed.
Tools []string `protobuf:"bytes,1,rep,name=tools,proto3" json:"tools,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MCPPermissions) Reset() { *m = MCPPermissions{} }
func (m *MCPPermissions) String() string { return proto.CompactTextString(m) }
func (*MCPPermissions) ProtoMessage() {}
func (*MCPPermissions) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{152}
}
func (m *MCPPermissions) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *MCPPermissions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_MCPPermissions.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *MCPPermissions) XXX_Merge(src proto.Message) {
xxx_messageInfo_MCPPermissions.Merge(m, src)
}
func (m *MCPPermissions) XXX_Size() int {
return m.Size()
}
func (m *MCPPermissions) XXX_DiscardUnknown() {
xxx_messageInfo_MCPPermissions.DiscardUnknown(m)
}
var xxx_messageInfo_MCPPermissions proto.InternalMessageInfo
// SPIFFERoleCondition sets out which SPIFFE identities this role is allowed or
// denied to generate. The Path matcher is required, and is evaluated first. If,
// the Path does not match then the other matcher fields are not evaluated.
type SPIFFERoleCondition struct {
// Path specifies a matcher for the SPIFFE ID path. It should not include the
// trust domain and should start with a leading slash.
//
// The matcher by default allows '*' to be used to indicate zero or more of
// any character. Prepend '^' and append '$' to instead switch to matching
// using the Go regex syntax.
//
// Example:
// - /svc/foo/*/bar would match /svc/foo/baz/bar
// - ^\/svc\/foo\/.*\/bar$ would match /svc/foo/baz/bar
Path string `protobuf:"bytes,1,opt,name=Path,proto3" json:"path,omitempty"`
// DNSSANs specifies matchers for the SPIFFE ID DNS SANs.
//
// Each requested DNS SAN is compared against all matchers configured and if
// any match, the condition is considered to be met.
//
// The matcher by default allows '*' to be used to indicate zero or more of
// any character. Prepend '^' and append '$' to instead switch to matching
// using the Go regex syntax.
//
// Example: *.example.com would match foo.example.com
DNSSANs []string `protobuf:"bytes,2,rep,name=DNSSANs,proto3" json:"dns_sans,omitempty"`
// IPSANs specifies matchers for the SPIFFE ID IP SANs.
//
// Each requested IP SAN is compared against all matchers configured and if
// any match, the condition is considered to be met.
//
// The matchers should be specified using CIDR notation, it supports IPv4 and
// IPv6.
//
// Examples:
// - 10.0.0.0/24 would match 10.0.0.0 to 10.255.255.255
// - 10.0.0.42/32 would match only 10.0.0.42
IPSANs []string `protobuf:"bytes,3,rep,name=IPSANs,proto3" json:"ip_sans,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SPIFFERoleCondition) Reset() { *m = SPIFFERoleCondition{} }
func (m *SPIFFERoleCondition) String() string { return proto.CompactTextString(m) }
func (*SPIFFERoleCondition) ProtoMessage() {}
func (*SPIFFERoleCondition) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{153}
}
func (m *SPIFFERoleCondition) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SPIFFERoleCondition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SPIFFERoleCondition.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SPIFFERoleCondition) XXX_Merge(src proto.Message) {
xxx_messageInfo_SPIFFERoleCondition.Merge(m, src)
}
func (m *SPIFFERoleCondition) XXX_Size() int {
return m.Size()
}
func (m *SPIFFERoleCondition) XXX_DiscardUnknown() {
xxx_messageInfo_SPIFFERoleCondition.DiscardUnknown(m)
}
var xxx_messageInfo_SPIFFERoleCondition proto.InternalMessageInfo
// DatabasePermission specifies the database object permission for the user.
type DatabasePermission struct {
// Permission is the list of string representations of the permission to be given, e.g. SELECT, INSERT, UPDATE, ...
Permissions []string `protobuf:"bytes,1,rep,name=Permissions,proto3" json:"permissions"`
// Match is a list of object labels that must be matched for the permission to be granted.
Match Labels `protobuf:"bytes,2,opt,name=Match,proto3,customtype=Labels" json:"match"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DatabasePermission) Reset() { *m = DatabasePermission{} }
func (m *DatabasePermission) String() string { return proto.CompactTextString(m) }
func (*DatabasePermission) ProtoMessage() {}
func (*DatabasePermission) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{154}
}
func (m *DatabasePermission) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DatabasePermission) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DatabasePermission.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DatabasePermission) XXX_Merge(src proto.Message) {
xxx_messageInfo_DatabasePermission.Merge(m, src)
}
func (m *DatabasePermission) XXX_Size() int {
return m.Size()
}
func (m *DatabasePermission) XXX_DiscardUnknown() {
xxx_messageInfo_DatabasePermission.DiscardUnknown(m)
}
var xxx_messageInfo_DatabasePermission proto.InternalMessageInfo
// KubernetesResource is the Kubernetes resource identifier.
type KubernetesResource struct {
// Kind specifies the Kubernetes Resource type.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind,omitempty"`
// Namespace is the resource namespace.
// It supports wildcards.
Namespace string `protobuf:"bytes,2,opt,name=Namespace,proto3" json:"namespace,omitempty"`
// Name is the resource name.
// It supports wildcards.
Name string `protobuf:"bytes,3,opt,name=Name,proto3" json:"name,omitempty"`
// Verbs are the allowed Kubernetes verbs for the following resource.
Verbs []string `protobuf:"bytes,4,rep,name=Verbs,proto3" json:"verbs,omitempty"`
// APIGroup specifies the Kubernetes API group of the Kubernetes resource.
// It supports wildcards.
APIGroup string `protobuf:"bytes,5,opt,name=APIGroup,proto3" json:"api_group,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KubernetesResource) Reset() { *m = KubernetesResource{} }
func (m *KubernetesResource) String() string { return proto.CompactTextString(m) }
func (*KubernetesResource) ProtoMessage() {}
func (*KubernetesResource) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{155}
}
func (m *KubernetesResource) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KubernetesResource) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KubernetesResource.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KubernetesResource) XXX_Merge(src proto.Message) {
xxx_messageInfo_KubernetesResource.Merge(m, src)
}
func (m *KubernetesResource) XXX_Size() int {
return m.Size()
}
func (m *KubernetesResource) XXX_DiscardUnknown() {
xxx_messageInfo_KubernetesResource.DiscardUnknown(m)
}
var xxx_messageInfo_KubernetesResource proto.InternalMessageInfo
// SessionRequirePolicy a requirement policy that needs to be fulfilled to grant access.
type SessionRequirePolicy struct {
// Name is the name of the policy.
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
// Filter is a predicate that determines what users count towards this policy.
Filter string `protobuf:"bytes,2,opt,name=Filter,proto3" json:"filter"`
// Kinds are the session kinds this policy applies to.
Kinds []string `protobuf:"bytes,3,rep,name=Kinds,proto3" json:"kinds"`
// Count is the amount of people that need to be matched for this policy to be fulfilled.
Count int32 `protobuf:"varint,4,opt,name=Count,proto3" json:"count"`
// Modes is the list of modes that may be used to fulfill this policy.
Modes []string `protobuf:"bytes,5,rep,name=Modes,proto3" json:"modes"`
// OnLeave is the behaviour that's used when the policy is no longer fulfilled
// for a live session.
OnLeave string `protobuf:"bytes,6,opt,name=OnLeave,proto3" json:"on_leave"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SessionRequirePolicy) Reset() { *m = SessionRequirePolicy{} }
func (m *SessionRequirePolicy) String() string { return proto.CompactTextString(m) }
func (*SessionRequirePolicy) ProtoMessage() {}
func (*SessionRequirePolicy) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{156}
}
func (m *SessionRequirePolicy) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SessionRequirePolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SessionRequirePolicy.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SessionRequirePolicy) XXX_Merge(src proto.Message) {
xxx_messageInfo_SessionRequirePolicy.Merge(m, src)
}
func (m *SessionRequirePolicy) XXX_Size() int {
return m.Size()
}
func (m *SessionRequirePolicy) XXX_DiscardUnknown() {
xxx_messageInfo_SessionRequirePolicy.DiscardUnknown(m)
}
var xxx_messageInfo_SessionRequirePolicy proto.InternalMessageInfo
// SessionJoinPolicy defines a policy that allows a user to join sessions.
type SessionJoinPolicy struct {
// Name is the name of the policy.
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
// Roles is a list of roles that you can join the session of.
Roles []string `protobuf:"bytes,2,rep,name=Roles,proto3" json:"roles"`
// Kinds are the session kinds this policy applies to.
Kinds []string `protobuf:"bytes,3,rep,name=Kinds,proto3" json:"kinds"`
// Modes is a list of permitted participant modes for this policy.
Modes []string `protobuf:"bytes,4,rep,name=Modes,proto3" json:"modes"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SessionJoinPolicy) Reset() { *m = SessionJoinPolicy{} }
func (m *SessionJoinPolicy) String() string { return proto.CompactTextString(m) }
func (*SessionJoinPolicy) ProtoMessage() {}
func (*SessionJoinPolicy) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{157}
}
func (m *SessionJoinPolicy) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SessionJoinPolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SessionJoinPolicy.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SessionJoinPolicy) XXX_Merge(src proto.Message) {
xxx_messageInfo_SessionJoinPolicy.Merge(m, src)
}
func (m *SessionJoinPolicy) XXX_Size() int {
return m.Size()
}
func (m *SessionJoinPolicy) XXX_DiscardUnknown() {
xxx_messageInfo_SessionJoinPolicy.DiscardUnknown(m)
}
var xxx_messageInfo_SessionJoinPolicy proto.InternalMessageInfo
// AccessRequestConditions is a matcher for allow/deny restrictions on
// access-requests.
// Please remember to update IsEmpty when updating this message.
type AccessRequestConditions struct {
// Roles is the name of roles which will match the request rule.
Roles []string `protobuf:"bytes,1,rep,name=Roles,proto3" json:"roles,omitempty"`
// ClaimsToRoles specifies a mapping from claims (traits) to teleport roles.
ClaimsToRoles []ClaimMapping `protobuf:"bytes,2,rep,name=ClaimsToRoles,proto3" json:"claims_to_roles,omitempty"`
// Annotations is a collection of annotations to be programmatically
// appended to pending Access Requests at the time of their creation.
// These annotations serve as a mechanism to propagate extra information
// to plugins. Since these annotations support variable interpolation
// syntax, they also offer a mechanism for forwarding claims from an
// external identity provider, to a plugin via `{{external.trait_name}}`
// style substitutions.
Annotations github_com_gravitational_teleport_api_types_wrappers.Traits `protobuf:"bytes,3,opt,name=Annotations,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Traits" json:"annotations,omitempty"`
// Thresholds is a list of thresholds, one of which must be met in order for reviews
// to trigger a state-transition. If no thresholds are provided, a default threshold
// of 1 for approval and denial is used.
Thresholds []AccessReviewThreshold `protobuf:"bytes,4,rep,name=Thresholds,proto3" json:"thresholds,omitempty"`
// SuggestedReviewers is a list of reviewer suggestions. These can be teleport usernames, but
// that is not a requirement.
SuggestedReviewers []string `protobuf:"bytes,5,rep,name=SuggestedReviewers,proto3" json:"suggested_reviewers,omitempty"`
// SearchAsRoles is a list of extra roles which should apply to a user while
// they are searching for resources as part of a Resource Access Request, and
// defines the underlying roles which will be requested as part of any
// Resource Access Request.
SearchAsRoles []string `protobuf:"bytes,6,rep,name=SearchAsRoles,proto3" json:"search_as_roles,omitempty"`
// MaxDuration is the amount of time the access will be granted for.
// If this is zero, the default duration is used.
MaxDuration Duration `protobuf:"varint,7,opt,name=MaxDuration,proto3,casttype=Duration" json:"max_duration,omitempty"`
// kubernetes_resources can optionally enforce a requester to request only certain kinds of kube resources.
// Eg: Users can make request to either a resource kind "kube_cluster" or any of its
// subresources like "namespaces". This field can be defined such that it prevents a user
// from requesting "kube_cluster" and enforce requesting any of its subresources.
KubernetesResources []RequestKubernetesResource `protobuf:"bytes,8,rep,name=kubernetes_resources,json=kubernetesResources,proto3" json:"kubernetes_resources,omitempty"`
// Reason defines settings for the reason for the access provided by the user.
Reason *AccessRequestConditionsReason `protobuf:"bytes,9,opt,name=Reason,proto3" json:"reason,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessRequestConditions) Reset() { *m = AccessRequestConditions{} }
func (m *AccessRequestConditions) String() string { return proto.CompactTextString(m) }
func (*AccessRequestConditions) ProtoMessage() {}
func (*AccessRequestConditions) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{158}
}
func (m *AccessRequestConditions) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessRequestConditions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessRequestConditions.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessRequestConditions) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessRequestConditions.Merge(m, src)
}
func (m *AccessRequestConditions) XXX_Size() int {
return m.Size()
}
func (m *AccessRequestConditions) XXX_DiscardUnknown() {
xxx_messageInfo_AccessRequestConditions.DiscardUnknown(m)
}
var xxx_messageInfo_AccessRequestConditions proto.InternalMessageInfo
// AccessRequestConditionsReason defines settings for the reason for the access provided by the
// user.
type AccessRequestConditionsReason struct {
// Mode can be either "required" or "optional". Empty string is treated as "optional". If a role
// has the request reason mode set to "required", then reason is required for all Access Requests
// requesting roles or resources allowed by this role. It applies only to users who have this
// role assigned.
Mode RequestReasonMode `protobuf:"bytes,1,opt,name=Mode,proto3,casttype=RequestReasonMode" json:"mode,omitempty"`
// Prompt is a custom message prompted to the user for the requested roles or resources searchable
// as other roles. This is only applied to the requested roles and resources specifying the prompt.
Prompt string `protobuf:"bytes,2,opt,name=Prompt,proto3" json:"prompt,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessRequestConditionsReason) Reset() { *m = AccessRequestConditionsReason{} }
func (m *AccessRequestConditionsReason) String() string { return proto.CompactTextString(m) }
func (*AccessRequestConditionsReason) ProtoMessage() {}
func (*AccessRequestConditionsReason) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{159}
}
func (m *AccessRequestConditionsReason) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessRequestConditionsReason) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessRequestConditionsReason.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessRequestConditionsReason) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessRequestConditionsReason.Merge(m, src)
}
func (m *AccessRequestConditionsReason) XXX_Size() int {
return m.Size()
}
func (m *AccessRequestConditionsReason) XXX_DiscardUnknown() {
xxx_messageInfo_AccessRequestConditionsReason.DiscardUnknown(m)
}
var xxx_messageInfo_AccessRequestConditionsReason proto.InternalMessageInfo
// AccessReviewConditions is a matcher for allow/deny restrictions on
// access reviews.
// Please remember to update IsEmpty when updating this message.
type AccessReviewConditions struct {
// Roles is the name of roles which may be reviewed.
Roles []string `protobuf:"bytes,1,rep,name=Roles,proto3" json:"roles,omitempty"`
// ClaimsToRoles specifies a mapping from claims (traits) to teleport roles.
ClaimsToRoles []ClaimMapping `protobuf:"bytes,2,rep,name=ClaimsToRoles,proto3" json:"claims_to_roles,omitempty"`
// Where is an optional predicate which further limits which requests are
// reviewable.
Where string `protobuf:"bytes,3,opt,name=Where,proto3" json:"where,omitempty"`
// PreviewAsRoles is a list of extra roles which should apply to a reviewer
// while they are viewing a Resource Access Request for the purposes of
// viewing details such as the hostname and labels of requested resources.
PreviewAsRoles []string `protobuf:"bytes,4,rep,name=PreviewAsRoles,proto3" json:"preview_as_roles,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessReviewConditions) Reset() { *m = AccessReviewConditions{} }
func (m *AccessReviewConditions) String() string { return proto.CompactTextString(m) }
func (*AccessReviewConditions) ProtoMessage() {}
func (*AccessReviewConditions) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{160}
}
func (m *AccessReviewConditions) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessReviewConditions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessReviewConditions.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessReviewConditions) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessReviewConditions.Merge(m, src)
}
func (m *AccessReviewConditions) XXX_Size() int {
return m.Size()
}
func (m *AccessReviewConditions) XXX_DiscardUnknown() {
xxx_messageInfo_AccessReviewConditions.DiscardUnknown(m)
}
var xxx_messageInfo_AccessReviewConditions proto.InternalMessageInfo
// AccessRequestAllowedPromotion describes an allowed promotion to an Access List.
type AccessRequestAllowedPromotion struct {
// associated access list
AccessListName string `protobuf:"bytes,1,opt,name=accessListName,proto3" json:"accessListName,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessRequestAllowedPromotion) Reset() { *m = AccessRequestAllowedPromotion{} }
func (m *AccessRequestAllowedPromotion) String() string { return proto.CompactTextString(m) }
func (*AccessRequestAllowedPromotion) ProtoMessage() {}
func (*AccessRequestAllowedPromotion) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{161}
}
func (m *AccessRequestAllowedPromotion) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessRequestAllowedPromotion) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessRequestAllowedPromotion.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessRequestAllowedPromotion) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessRequestAllowedPromotion.Merge(m, src)
}
func (m *AccessRequestAllowedPromotion) XXX_Size() int {
return m.Size()
}
func (m *AccessRequestAllowedPromotion) XXX_DiscardUnknown() {
xxx_messageInfo_AccessRequestAllowedPromotion.DiscardUnknown(m)
}
var xxx_messageInfo_AccessRequestAllowedPromotion proto.InternalMessageInfo
// AccessRequestAllowedPromotions describes an valid promotion from an access request
// to an access list.
type AccessRequestAllowedPromotions struct {
// suggestions is a list of allowed access lists promotions.
Promotions []*AccessRequestAllowedPromotion `protobuf:"bytes,1,rep,name=promotions,proto3" json:"promotions,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessRequestAllowedPromotions) Reset() { *m = AccessRequestAllowedPromotions{} }
func (m *AccessRequestAllowedPromotions) String() string { return proto.CompactTextString(m) }
func (*AccessRequestAllowedPromotions) ProtoMessage() {}
func (*AccessRequestAllowedPromotions) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{162}
}
func (m *AccessRequestAllowedPromotions) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessRequestAllowedPromotions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessRequestAllowedPromotions.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessRequestAllowedPromotions) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessRequestAllowedPromotions.Merge(m, src)
}
func (m *AccessRequestAllowedPromotions) XXX_Size() int {
return m.Size()
}
func (m *AccessRequestAllowedPromotions) XXX_DiscardUnknown() {
xxx_messageInfo_AccessRequestAllowedPromotions.DiscardUnknown(m)
}
var xxx_messageInfo_AccessRequestAllowedPromotions proto.InternalMessageInfo
// ResourceIDList represents a list of ResourceID objects.
type ResourceIDList struct {
ResourceIds []ResourceID `protobuf:"bytes,1,rep,name=resource_ids,json=resourceIds,proto3" json:"resource_ids"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ResourceIDList) Reset() { *m = ResourceIDList{} }
func (m *ResourceIDList) String() string { return proto.CompactTextString(m) }
func (*ResourceIDList) ProtoMessage() {}
func (*ResourceIDList) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{163}
}
func (m *ResourceIDList) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ResourceIDList) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ResourceIDList.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ResourceIDList) XXX_Merge(src proto.Message) {
xxx_messageInfo_ResourceIDList.Merge(m, src)
}
func (m *ResourceIDList) XXX_Size() int {
return m.Size()
}
func (m *ResourceIDList) XXX_DiscardUnknown() {
xxx_messageInfo_ResourceIDList.DiscardUnknown(m)
}
var xxx_messageInfo_ResourceIDList proto.InternalMessageInfo
// LongTermResourceGrouping contains information about how resources can be grouped
// based on Access List promotions for long-term Access Requests.
type LongTermResourceGrouping struct {
// AccessListToResources maps applicable Access List names to the resources they can grant,
// including the optimal grouping.
AccessListToResources map[string]ResourceIDList `protobuf:"bytes,1,rep,name=AccessListToResources,proto3" json:"grouped_by_access_list" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// RecommendedAccessList is the name of the Access List that would provide
// access to the most resources. If multiple Access Lists provide the same
// number of resources, the first one found will be used.
RecommendedAccessList string `protobuf:"bytes,2,opt,name=RecommendedAccessList,proto3" json:"recommended_access_list"`
// ValidationMessage is a user-friendly message explaining any grouping error, if CanProceed is false.
ValidationMessage string `protobuf:"bytes,3,opt,name=ValidationMessage,proto3" json:"validation_message,omitempty"`
// CanProceed represents the validity of the long-term grouping. If all requested
// resources cannot be grouped together, this will be false.
CanProceed bool `protobuf:"varint,4,opt,name=CanProceed,proto3" json:"can_proceed"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *LongTermResourceGrouping) Reset() { *m = LongTermResourceGrouping{} }
func (m *LongTermResourceGrouping) String() string { return proto.CompactTextString(m) }
func (*LongTermResourceGrouping) ProtoMessage() {}
func (*LongTermResourceGrouping) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{164}
}
func (m *LongTermResourceGrouping) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *LongTermResourceGrouping) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_LongTermResourceGrouping.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *LongTermResourceGrouping) XXX_Merge(src proto.Message) {
xxx_messageInfo_LongTermResourceGrouping.Merge(m, src)
}
func (m *LongTermResourceGrouping) XXX_Size() int {
return m.Size()
}
func (m *LongTermResourceGrouping) XXX_DiscardUnknown() {
xxx_messageInfo_LongTermResourceGrouping.DiscardUnknown(m)
}
var xxx_messageInfo_LongTermResourceGrouping proto.InternalMessageInfo
// ClaimMapping maps a claim to teleport roles.
type ClaimMapping struct {
// Claim is a claim name.
Claim string `protobuf:"bytes,1,opt,name=Claim,proto3" json:"claim"`
// Value is a claim value to match.
Value string `protobuf:"bytes,2,opt,name=Value,proto3" json:"value"`
// Roles is a list of static teleport roles to match.
Roles []string `protobuf:"bytes,3,rep,name=Roles,proto3" json:"roles,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ClaimMapping) Reset() { *m = ClaimMapping{} }
func (m *ClaimMapping) String() string { return proto.CompactTextString(m) }
func (*ClaimMapping) ProtoMessage() {}
func (*ClaimMapping) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{165}
}
func (m *ClaimMapping) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ClaimMapping) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ClaimMapping.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ClaimMapping) XXX_Merge(src proto.Message) {
xxx_messageInfo_ClaimMapping.Merge(m, src)
}
func (m *ClaimMapping) XXX_Size() int {
return m.Size()
}
func (m *ClaimMapping) XXX_DiscardUnknown() {
xxx_messageInfo_ClaimMapping.DiscardUnknown(m)
}
var xxx_messageInfo_ClaimMapping proto.InternalMessageInfo
// TraitMapping maps a trait to teleport roles.
type TraitMapping struct {
// Trait is a trait name.
Trait string `protobuf:"bytes,1,opt,name=Trait,proto3" json:"trait"`
// Value is a trait value to match.
Value string `protobuf:"bytes,2,opt,name=Value,proto3" json:"value"`
// Roles is a list of static teleport roles to match.
Roles []string `protobuf:"bytes,3,rep,name=Roles,proto3" json:"roles,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *TraitMapping) Reset() { *m = TraitMapping{} }
func (m *TraitMapping) String() string { return proto.CompactTextString(m) }
func (*TraitMapping) ProtoMessage() {}
func (*TraitMapping) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{166}
}
func (m *TraitMapping) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *TraitMapping) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_TraitMapping.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *TraitMapping) XXX_Merge(src proto.Message) {
xxx_messageInfo_TraitMapping.Merge(m, src)
}
func (m *TraitMapping) XXX_Size() int {
return m.Size()
}
func (m *TraitMapping) XXX_DiscardUnknown() {
xxx_messageInfo_TraitMapping.DiscardUnknown(m)
}
var xxx_messageInfo_TraitMapping proto.InternalMessageInfo
// Rule represents allow or deny rule that is executed to check
// if user or service have access to resource
type Rule struct {
// Resources is a list of resources
Resources []string `protobuf:"bytes,1,rep,name=Resources,proto3" json:"resources,omitempty"`
// Verbs is a list of verbs
Verbs []string `protobuf:"bytes,2,rep,name=Verbs,proto3" json:"verbs,omitempty"`
// Where specifies optional advanced matcher
Where string `protobuf:"bytes,3,opt,name=Where,proto3" json:"where,omitempty"`
// Actions specifies optional actions taken when this rule matches
Actions []string `protobuf:"bytes,4,rep,name=Actions,proto3" json:"actions,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Rule) Reset() { *m = Rule{} }
func (m *Rule) String() string { return proto.CompactTextString(m) }
func (*Rule) ProtoMessage() {}
func (*Rule) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{167}
}
func (m *Rule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Rule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Rule) XXX_Merge(src proto.Message) {
xxx_messageInfo_Rule.Merge(m, src)
}
func (m *Rule) XXX_Size() int {
return m.Size()
}
func (m *Rule) XXX_DiscardUnknown() {
xxx_messageInfo_Rule.DiscardUnknown(m)
}
var xxx_messageInfo_Rule proto.InternalMessageInfo
// ImpersonateConditions specifies whether users are allowed
// to issue certificates for other users or groups.
type ImpersonateConditions struct {
// Users is a list of resources this role is allowed to impersonate,
// could be an empty list or a Wildcard pattern
Users []string `protobuf:"bytes,1,rep,name=Users,proto3" json:"users,omitempty"`
// Roles is a list of resources this role is allowed to impersonate
Roles []string `protobuf:"bytes,2,rep,name=Roles,proto3" json:"roles,omitempty"`
// Where specifies optional advanced matcher
Where string `protobuf:"bytes,3,opt,name=Where,proto3" json:"where,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ImpersonateConditions) Reset() { *m = ImpersonateConditions{} }
func (m *ImpersonateConditions) String() string { return proto.CompactTextString(m) }
func (*ImpersonateConditions) ProtoMessage() {}
func (*ImpersonateConditions) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{168}
}
func (m *ImpersonateConditions) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ImpersonateConditions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ImpersonateConditions.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ImpersonateConditions) XXX_Merge(src proto.Message) {
xxx_messageInfo_ImpersonateConditions.Merge(m, src)
}
func (m *ImpersonateConditions) XXX_Size() int {
return m.Size()
}
func (m *ImpersonateConditions) XXX_DiscardUnknown() {
xxx_messageInfo_ImpersonateConditions.DiscardUnknown(m)
}
var xxx_messageInfo_ImpersonateConditions proto.InternalMessageInfo
// BoolValue is a wrapper around bool, used in cases
// whenever bool value can have different default value when missing
type BoolValue struct {
Value bool `protobuf:"varint,1,opt,name=Value,proto3" json:"Value,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *BoolValue) Reset() { *m = BoolValue{} }
func (m *BoolValue) String() string { return proto.CompactTextString(m) }
func (*BoolValue) ProtoMessage() {}
func (*BoolValue) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{169}
}
func (m *BoolValue) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *BoolValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_BoolValue.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *BoolValue) XXX_Merge(src proto.Message) {
xxx_messageInfo_BoolValue.Merge(m, src)
}
func (m *BoolValue) XXX_Size() int {
return m.Size()
}
func (m *BoolValue) XXX_DiscardUnknown() {
xxx_messageInfo_BoolValue.DiscardUnknown(m)
}
var xxx_messageInfo_BoolValue proto.InternalMessageInfo
// UserFilter matches user resources.
type UserFilter struct {
// SearchKeywords is a list of search keywords to match against resource field values.
SearchKeywords []string `protobuf:"bytes,1,rep,name=SearchKeywords,proto3" json:"search_keywords,omitempty"`
// SkipSystemUsers filters out teleport system users from the results.
SkipSystemUsers bool `protobuf:"varint,2,opt,name=SkipSystemUsers,proto3" json:"skip_system_users,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *UserFilter) Reset() { *m = UserFilter{} }
func (m *UserFilter) String() string { return proto.CompactTextString(m) }
func (*UserFilter) ProtoMessage() {}
func (*UserFilter) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{170}
}
func (m *UserFilter) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *UserFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_UserFilter.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *UserFilter) XXX_Merge(src proto.Message) {
xxx_messageInfo_UserFilter.Merge(m, src)
}
func (m *UserFilter) XXX_Size() int {
return m.Size()
}
func (m *UserFilter) XXX_DiscardUnknown() {
xxx_messageInfo_UserFilter.DiscardUnknown(m)
}
var xxx_messageInfo_UserFilter proto.InternalMessageInfo
// UserV2 is version 2 resource spec of the user
type UserV2 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version. It must be specified.
// Supported values are: `v2`.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is a user specification
Spec UserSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
Status UserStatusV2 `protobuf:"bytes,6,opt,name=Status,proto3" json:"status,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *UserV2) Reset() { *m = UserV2{} }
func (*UserV2) ProtoMessage() {}
func (*UserV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{171}
}
func (m *UserV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *UserV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_UserV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *UserV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_UserV2.Merge(m, src)
}
func (m *UserV2) XXX_Size() int {
return m.Size()
}
func (m *UserV2) XXX_DiscardUnknown() {
xxx_messageInfo_UserV2.DiscardUnknown(m)
}
var xxx_messageInfo_UserV2 proto.InternalMessageInfo
// UserStatusV2 is a dynamic state of UserV2.
type UserStatusV2 struct {
// password_state reflects what the system knows about the user's password.
// Note that this is a "best effort" property, in that it can be UNSPECIFIED
// for users who were created before this property was introduced and didn't
// perform any password-related activity since then. See RFD 0159 for
// details. Do NOT use this value for authentication purposes!
PasswordState PasswordState `protobuf:"varint,1,opt,name=password_state,json=passwordState,proto3,enum=types.PasswordState" json:"password_state,omitempty"`
// mfa_weakest_device reflects what the system knows about the user's weakest MFA device.
// Note that this is a "best effort" property, in that it can be UNSPECIFIED.
MfaWeakestDevice MFADeviceKind `protobuf:"varint,2,opt,name=mfa_weakest_device,json=mfaWeakestDevice,proto3,enum=types.MFADeviceKind" json:"mfa_weakest_device,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *UserStatusV2) Reset() { *m = UserStatusV2{} }
func (m *UserStatusV2) String() string { return proto.CompactTextString(m) }
func (*UserStatusV2) ProtoMessage() {}
func (*UserStatusV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{172}
}
func (m *UserStatusV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *UserStatusV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_UserStatusV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *UserStatusV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_UserStatusV2.Merge(m, src)
}
func (m *UserStatusV2) XXX_Size() int {
return m.Size()
}
func (m *UserStatusV2) XXX_DiscardUnknown() {
xxx_messageInfo_UserStatusV2.DiscardUnknown(m)
}
var xxx_messageInfo_UserStatusV2 proto.InternalMessageInfo
// UserSpecV2 is a specification for V2 user
type UserSpecV2 struct {
// OIDCIdentities lists associated OpenID Connect identities
// that let user log in using externally verified identity
OIDCIdentities []ExternalIdentity `protobuf:"bytes,1,rep,name=OIDCIdentities,proto3" json:"oidc_identities,omitempty"`
// SAMLIdentities lists associated SAML identities
// that let user log in using externally verified identity
SAMLIdentities []ExternalIdentity `protobuf:"bytes,2,rep,name=SAMLIdentities,proto3" json:"saml_identities,omitempty"`
// GithubIdentities list associated Github OAuth2 identities
// that let user log in using externally verified identity
GithubIdentities []ExternalIdentity `protobuf:"bytes,3,rep,name=GithubIdentities,proto3" json:"github_identities,omitempty"`
// Roles is a list of roles assigned to user
Roles []string `protobuf:"bytes,4,rep,name=Roles,proto3" json:"roles,omitempty"`
// Traits are key/value pairs received from an identity provider (through
// OIDC claims or SAML assertions) or from a system administrator for local
// accounts. Traits are used to populate role variables.
Traits github_com_gravitational_teleport_api_types_wrappers.Traits `protobuf:"bytes,5,opt,name=Traits,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Traits" json:"traits,omitempty"`
// Status is a login status of the user
Status LoginStatus `protobuf:"bytes,6,opt,name=Status,proto3" json:"status,omitempty"`
// Expires if set sets TTL on the user
Expires time.Time `protobuf:"bytes,7,opt,name=Expires,proto3,stdtime" json:"expires"`
// CreatedBy holds information about agent or person created this user
CreatedBy CreatedBy `protobuf:"bytes,8,opt,name=CreatedBy,proto3" json:"created_by,omitempty"`
// LocalAuth holds sensitive data necessary for performing local
// authentication
LocalAuth *LocalAuthSecrets `protobuf:"bytes,9,opt,name=LocalAuth,proto3" json:"local_auth,omitempty"`
// TrustedDeviceIDs contains the IDs of trusted devices enrolled by the user.
//
// Note that SSO users are transient and thus may contain an empty
// TrustedDeviceIDs field, even though the user->device association exists
// under the Device Trust subsystem. Do not rely on this field to determine
// device associations or ownership, it exists for legacy/informative purposes
// only.
//
// Managed by the Device Trust subsystem, avoid manual edits.
TrustedDeviceIDs []string `protobuf:"bytes,10,rep,name=TrustedDeviceIDs,proto3" json:"trusted_device_ids,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *UserSpecV2) Reset() { *m = UserSpecV2{} }
func (m *UserSpecV2) String() string { return proto.CompactTextString(m) }
func (*UserSpecV2) ProtoMessage() {}
func (*UserSpecV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{173}
}
func (m *UserSpecV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *UserSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_UserSpecV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *UserSpecV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_UserSpecV2.Merge(m, src)
}
func (m *UserSpecV2) XXX_Size() int {
return m.Size()
}
func (m *UserSpecV2) XXX_DiscardUnknown() {
xxx_messageInfo_UserSpecV2.DiscardUnknown(m)
}
var xxx_messageInfo_UserSpecV2 proto.InternalMessageInfo
// ExternalIdentity is OpenID Connect/SAML or Github identity that is linked
// to particular user and connector and lets user to log in using external
// credentials, e.g. google
type ExternalIdentity struct {
// ConnectorID is id of registered OIDC connector, e.g. 'google-example.com'
ConnectorID string `protobuf:"bytes,1,opt,name=ConnectorID,proto3" json:"connector_id,omitempty"`
// Username is username supplied by external identity provider
Username string `protobuf:"bytes,2,opt,name=Username,proto3" json:"username,omitempty"`
// SAMLSingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out), if applicable.
SAMLSingleLogoutURL string `protobuf:"bytes,3,opt,name=SAMLSingleLogoutURL,proto3" json:"samlSingleLogoutUrl,omitempty"`
// UserID is the ID of the identity. Some connectors like GitHub have an
// unique ID apart from the username.
UserID string `protobuf:"bytes,4,opt,name=UserID,proto3" json:"user_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ExternalIdentity) Reset() { *m = ExternalIdentity{} }
func (*ExternalIdentity) ProtoMessage() {}
func (*ExternalIdentity) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{174}
}
func (m *ExternalIdentity) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ExternalIdentity) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ExternalIdentity.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ExternalIdentity) XXX_Merge(src proto.Message) {
xxx_messageInfo_ExternalIdentity.Merge(m, src)
}
func (m *ExternalIdentity) XXX_Size() int {
return m.Size()
}
func (m *ExternalIdentity) XXX_DiscardUnknown() {
xxx_messageInfo_ExternalIdentity.DiscardUnknown(m)
}
var xxx_messageInfo_ExternalIdentity proto.InternalMessageInfo
// LoginStatus is a login status of the user
type LoginStatus struct {
// IsLocked tells us if user is locked
IsLocked bool `protobuf:"varint,1,opt,name=IsLocked,proto3" json:"is_locked"`
// LockedMessage contains the message in case if user is locked
LockedMessage string `protobuf:"bytes,2,opt,name=LockedMessage,proto3" json:"locked_message,omitempty"`
// LockedTime contains time when user was locked
LockedTime time.Time `protobuf:"bytes,3,opt,name=LockedTime,proto3,stdtime" json:"locked_time,omitempty"`
// LockExpires contains time when this lock will expire
LockExpires time.Time `protobuf:"bytes,4,opt,name=LockExpires,proto3,stdtime" json:"lock_expires,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *LoginStatus) Reset() { *m = LoginStatus{} }
func (m *LoginStatus) String() string { return proto.CompactTextString(m) }
func (*LoginStatus) ProtoMessage() {}
func (*LoginStatus) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{175}
}
func (m *LoginStatus) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *LoginStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_LoginStatus.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *LoginStatus) XXX_Merge(src proto.Message) {
xxx_messageInfo_LoginStatus.Merge(m, src)
}
func (m *LoginStatus) XXX_Size() int {
return m.Size()
}
func (m *LoginStatus) XXX_DiscardUnknown() {
xxx_messageInfo_LoginStatus.DiscardUnknown(m)
}
var xxx_messageInfo_LoginStatus proto.InternalMessageInfo
// CreatedBy holds information about the person or agent who created the user
type CreatedBy struct {
// Identity if present means that user was automatically created by identity
Connector *ConnectorRef `protobuf:"bytes,1,opt,name=Connector,proto3" json:"connector,omitempty"`
// Time specifies when user was created
Time time.Time `protobuf:"bytes,2,opt,name=Time,proto3,stdtime" json:"time"`
// User holds information about user
User UserRef `protobuf:"bytes,3,opt,name=User,proto3" json:"user"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *CreatedBy) Reset() { *m = CreatedBy{} }
func (*CreatedBy) ProtoMessage() {}
func (*CreatedBy) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{176}
}
func (m *CreatedBy) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *CreatedBy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_CreatedBy.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *CreatedBy) XXX_Merge(src proto.Message) {
xxx_messageInfo_CreatedBy.Merge(m, src)
}
func (m *CreatedBy) XXX_Size() int {
return m.Size()
}
func (m *CreatedBy) XXX_DiscardUnknown() {
xxx_messageInfo_CreatedBy.DiscardUnknown(m)
}
var xxx_messageInfo_CreatedBy proto.InternalMessageInfo
// LocalAuthSecrets holds sensitive data used to authenticate a local user.
type LocalAuthSecrets struct {
// PasswordHash encodes a combined salt & hash for password verification.
PasswordHash []byte `protobuf:"bytes,1,opt,name=PasswordHash,proto3" json:"password_hash,omitempty"`
// Deprecated 2nd factor fields, use MFA below instead.
TOTPKey string `protobuf:"bytes,2,opt,name=TOTPKey,proto3" json:"totp_key,omitempty"`
MFA []*MFADevice `protobuf:"bytes,5,rep,name=MFA,proto3" json:"mfa,omitempty"`
// Webauthn holds settings necessary for webauthn local auth.
// May be null for legacy users or users that haven't yet used webauthn as
// their multi-factor.
Webauthn *WebauthnLocalAuth `protobuf:"bytes,6,opt,name=Webauthn,proto3" json:"webauthn,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *LocalAuthSecrets) Reset() { *m = LocalAuthSecrets{} }
func (m *LocalAuthSecrets) String() string { return proto.CompactTextString(m) }
func (*LocalAuthSecrets) ProtoMessage() {}
func (*LocalAuthSecrets) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{177}
}
func (m *LocalAuthSecrets) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *LocalAuthSecrets) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_LocalAuthSecrets.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *LocalAuthSecrets) XXX_Merge(src proto.Message) {
xxx_messageInfo_LocalAuthSecrets.Merge(m, src)
}
func (m *LocalAuthSecrets) XXX_Size() int {
return m.Size()
}
func (m *LocalAuthSecrets) XXX_DiscardUnknown() {
xxx_messageInfo_LocalAuthSecrets.DiscardUnknown(m)
}
var xxx_messageInfo_LocalAuthSecrets proto.InternalMessageInfo
// WebauthnLocalAuth holds settings necessary for local webauthn use.
type WebauthnLocalAuth struct {
// UserID is the random user handle generated for the user.
// See https://www.w3.org/TR/webauthn-2/#sctn-user-handle-privacy.
UserID []byte `protobuf:"bytes,1,opt,name=UserID,proto3" json:"user_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *WebauthnLocalAuth) Reset() { *m = WebauthnLocalAuth{} }
func (m *WebauthnLocalAuth) String() string { return proto.CompactTextString(m) }
func (*WebauthnLocalAuth) ProtoMessage() {}
func (*WebauthnLocalAuth) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{178}
}
func (m *WebauthnLocalAuth) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *WebauthnLocalAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_WebauthnLocalAuth.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *WebauthnLocalAuth) XXX_Merge(src proto.Message) {
xxx_messageInfo_WebauthnLocalAuth.Merge(m, src)
}
func (m *WebauthnLocalAuth) XXX_Size() int {
return m.Size()
}
func (m *WebauthnLocalAuth) XXX_DiscardUnknown() {
xxx_messageInfo_WebauthnLocalAuth.DiscardUnknown(m)
}
var xxx_messageInfo_WebauthnLocalAuth proto.InternalMessageInfo
// ConnectorRef holds information about OIDC connector
type ConnectorRef struct {
// Type is connector type
Type string `protobuf:"bytes,1,opt,name=Type,proto3" json:"type"`
// ID is connector ID
ID string `protobuf:"bytes,2,opt,name=ID,proto3" json:"id"`
// Identity is external identity of the user
Identity string `protobuf:"bytes,3,opt,name=Identity,proto3" json:"identity"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ConnectorRef) Reset() { *m = ConnectorRef{} }
func (m *ConnectorRef) String() string { return proto.CompactTextString(m) }
func (*ConnectorRef) ProtoMessage() {}
func (*ConnectorRef) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{179}
}
func (m *ConnectorRef) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ConnectorRef) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ConnectorRef.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ConnectorRef) XXX_Merge(src proto.Message) {
xxx_messageInfo_ConnectorRef.Merge(m, src)
}
func (m *ConnectorRef) XXX_Size() int {
return m.Size()
}
func (m *ConnectorRef) XXX_DiscardUnknown() {
xxx_messageInfo_ConnectorRef.DiscardUnknown(m)
}
var xxx_messageInfo_ConnectorRef proto.InternalMessageInfo
// UserRef holds references to user
type UserRef struct {
// Name is name of the user
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *UserRef) Reset() { *m = UserRef{} }
func (m *UserRef) String() string { return proto.CompactTextString(m) }
func (*UserRef) ProtoMessage() {}
func (*UserRef) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{180}
}
func (m *UserRef) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *UserRef) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_UserRef.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *UserRef) XXX_Merge(src proto.Message) {
xxx_messageInfo_UserRef.Merge(m, src)
}
func (m *UserRef) XXX_Size() int {
return m.Size()
}
func (m *UserRef) XXX_DiscardUnknown() {
xxx_messageInfo_UserRef.DiscardUnknown(m)
}
var xxx_messageInfo_UserRef proto.InternalMessageInfo
// ReverseTunnelV2 is version 2 of the resource spec of the reverse tunnel
type ReverseTunnelV2 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is version
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is a resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is a reverse tunnel specification
Spec ReverseTunnelSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ReverseTunnelV2) Reset() { *m = ReverseTunnelV2{} }
func (m *ReverseTunnelV2) String() string { return proto.CompactTextString(m) }
func (*ReverseTunnelV2) ProtoMessage() {}
func (*ReverseTunnelV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{181}
}
func (m *ReverseTunnelV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ReverseTunnelV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ReverseTunnelV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ReverseTunnelV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_ReverseTunnelV2.Merge(m, src)
}
func (m *ReverseTunnelV2) XXX_Size() int {
return m.Size()
}
func (m *ReverseTunnelV2) XXX_DiscardUnknown() {
xxx_messageInfo_ReverseTunnelV2.DiscardUnknown(m)
}
var xxx_messageInfo_ReverseTunnelV2 proto.InternalMessageInfo
// ReverseTunnelSpecV2 is a specification for V2 reverse tunnel
type ReverseTunnelSpecV2 struct {
// ClusterName is a domain name of remote cluster we are connecting to
ClusterName string `protobuf:"bytes,1,opt,name=ClusterName,proto3" json:"cluster_name"`
// DialAddrs is a list of remote address to establish a connection to
// it's always SSH over TCP
DialAddrs []string `protobuf:"bytes,2,rep,name=DialAddrs,proto3" json:"dial_addrs,omitempty"`
// Type is the type of reverse tunnel, either proxy or node.
Type TunnelType `protobuf:"bytes,3,opt,name=Type,proto3,casttype=TunnelType" json:"type"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ReverseTunnelSpecV2) Reset() { *m = ReverseTunnelSpecV2{} }
func (m *ReverseTunnelSpecV2) String() string { return proto.CompactTextString(m) }
func (*ReverseTunnelSpecV2) ProtoMessage() {}
func (*ReverseTunnelSpecV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{182}
}
func (m *ReverseTunnelSpecV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ReverseTunnelSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ReverseTunnelSpecV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ReverseTunnelSpecV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_ReverseTunnelSpecV2.Merge(m, src)
}
func (m *ReverseTunnelSpecV2) XXX_Size() int {
return m.Size()
}
func (m *ReverseTunnelSpecV2) XXX_DiscardUnknown() {
xxx_messageInfo_ReverseTunnelSpecV2.DiscardUnknown(m)
}
var xxx_messageInfo_ReverseTunnelSpecV2 proto.InternalMessageInfo
// TunnelConnectionV2 is version 2 of the resource spec of the tunnel connection
type TunnelConnectionV2 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is version
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is a resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is a tunnel specification
Spec TunnelConnectionSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *TunnelConnectionV2) Reset() { *m = TunnelConnectionV2{} }
func (*TunnelConnectionV2) ProtoMessage() {}
func (*TunnelConnectionV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{183}
}
func (m *TunnelConnectionV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *TunnelConnectionV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_TunnelConnectionV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *TunnelConnectionV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_TunnelConnectionV2.Merge(m, src)
}
func (m *TunnelConnectionV2) XXX_Size() int {
return m.Size()
}
func (m *TunnelConnectionV2) XXX_DiscardUnknown() {
xxx_messageInfo_TunnelConnectionV2.DiscardUnknown(m)
}
var xxx_messageInfo_TunnelConnectionV2 proto.InternalMessageInfo
// TunnelConnectionSpecV2 is a specification for V2 tunnel connection
type TunnelConnectionSpecV2 struct {
// ClusterName is a name of the cluster
ClusterName string `protobuf:"bytes,1,opt,name=ClusterName,proto3" json:"cluster_name"`
// ProxyName is the name of the proxy server
ProxyName string `protobuf:"bytes,2,opt,name=ProxyName,proto3" json:"proxy_name"`
// LastHeartbeat is a time of the last heartbeat
LastHeartbeat time.Time `protobuf:"bytes,3,opt,name=LastHeartbeat,proto3,stdtime" json:"last_heartbeat,omitempty"`
// Type is the type of reverse tunnel, either proxy or node.
Type TunnelType `protobuf:"bytes,4,opt,name=Type,proto3,casttype=TunnelType" json:"type"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *TunnelConnectionSpecV2) Reset() { *m = TunnelConnectionSpecV2{} }
func (m *TunnelConnectionSpecV2) String() string { return proto.CompactTextString(m) }
func (*TunnelConnectionSpecV2) ProtoMessage() {}
func (*TunnelConnectionSpecV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{184}
}
func (m *TunnelConnectionSpecV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *TunnelConnectionSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_TunnelConnectionSpecV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *TunnelConnectionSpecV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_TunnelConnectionSpecV2.Merge(m, src)
}
func (m *TunnelConnectionSpecV2) XXX_Size() int {
return m.Size()
}
func (m *TunnelConnectionSpecV2) XXX_DiscardUnknown() {
xxx_messageInfo_TunnelConnectionSpecV2.DiscardUnknown(m)
}
var xxx_messageInfo_TunnelConnectionSpecV2 proto.InternalMessageInfo
// SemaphoreFilter encodes semaphore filtering params.
// A semaphore filter matches a semaphore if all nonzero fields
// match the corresponding semaphore fields (e.g. a filter which
// specifies only `kind=foo` would match all semaphores of
// kind `foo`).
type SemaphoreFilter struct {
// SemaphoreKind is the kind of the semaphore.
SemaphoreKind string `protobuf:"bytes,1,opt,name=SemaphoreKind,proto3" json:"kind"`
// SemaphoreName is the name of the semaphore.
SemaphoreName string `protobuf:"bytes,2,opt,name=SemaphoreName,proto3" json:"name"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SemaphoreFilter) Reset() { *m = SemaphoreFilter{} }
func (m *SemaphoreFilter) String() string { return proto.CompactTextString(m) }
func (*SemaphoreFilter) ProtoMessage() {}
func (*SemaphoreFilter) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{185}
}
func (m *SemaphoreFilter) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SemaphoreFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SemaphoreFilter.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SemaphoreFilter) XXX_Merge(src proto.Message) {
xxx_messageInfo_SemaphoreFilter.Merge(m, src)
}
func (m *SemaphoreFilter) XXX_Size() int {
return m.Size()
}
func (m *SemaphoreFilter) XXX_DiscardUnknown() {
xxx_messageInfo_SemaphoreFilter.DiscardUnknown(m)
}
var xxx_messageInfo_SemaphoreFilter proto.InternalMessageInfo
// AcquireSemaphoreRequest holds semaphore lease acquisition parameters.
type AcquireSemaphoreRequest struct {
// SemaphoreKind is the kind of the semaphore.
SemaphoreKind string `protobuf:"bytes,1,opt,name=SemaphoreKind,proto3" json:"kind"`
// SemaphoreName is the name of the semaphore.
SemaphoreName string `protobuf:"bytes,2,opt,name=SemaphoreName,proto3" json:"name"`
// MaxLeases is the maximum number of concurrent leases. If acquisition
// would cause more than MaxLeases to exist, acquisition must fail.
MaxLeases int64 `protobuf:"varint,3,opt,name=MaxLeases,proto3" json:"max_resources"`
// Expires is the time at which this lease expires.
Expires time.Time `protobuf:"bytes,4,opt,name=Expires,proto3,stdtime" json:"expires"`
// Holder identifies the entity holding the lease.
Holder string `protobuf:"bytes,5,opt,name=Holder,proto3" json:"holder"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AcquireSemaphoreRequest) Reset() { *m = AcquireSemaphoreRequest{} }
func (m *AcquireSemaphoreRequest) String() string { return proto.CompactTextString(m) }
func (*AcquireSemaphoreRequest) ProtoMessage() {}
func (*AcquireSemaphoreRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{186}
}
func (m *AcquireSemaphoreRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AcquireSemaphoreRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AcquireSemaphoreRequest.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AcquireSemaphoreRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_AcquireSemaphoreRequest.Merge(m, src)
}
func (m *AcquireSemaphoreRequest) XXX_Size() int {
return m.Size()
}
func (m *AcquireSemaphoreRequest) XXX_DiscardUnknown() {
xxx_messageInfo_AcquireSemaphoreRequest.DiscardUnknown(m)
}
var xxx_messageInfo_AcquireSemaphoreRequest proto.InternalMessageInfo
// SemaphoreLease represents lease acquired for semaphore
type SemaphoreLease struct {
// SemaphoreKind is the kind of the semaphore.
SemaphoreKind string `protobuf:"bytes,1,opt,name=SemaphoreKind,proto3" json:"kind"`
// SemaphoreName is the name of the semaphore.
SemaphoreName string `protobuf:"bytes,2,opt,name=SemaphoreName,proto3" json:"name"`
// LeaseID uniquely identifies this lease.
LeaseID string `protobuf:"bytes,3,opt,name=LeaseID,proto3" json:"lease_id"`
// Expires is the time at which this lease expires.
Expires time.Time `protobuf:"bytes,5,opt,name=Expires,proto3,stdtime" json:"expires"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SemaphoreLease) Reset() { *m = SemaphoreLease{} }
func (m *SemaphoreLease) String() string { return proto.CompactTextString(m) }
func (*SemaphoreLease) ProtoMessage() {}
func (*SemaphoreLease) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{187}
}
func (m *SemaphoreLease) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SemaphoreLease) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SemaphoreLease.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SemaphoreLease) XXX_Merge(src proto.Message) {
xxx_messageInfo_SemaphoreLease.Merge(m, src)
}
func (m *SemaphoreLease) XXX_Size() int {
return m.Size()
}
func (m *SemaphoreLease) XXX_DiscardUnknown() {
xxx_messageInfo_SemaphoreLease.DiscardUnknown(m)
}
var xxx_messageInfo_SemaphoreLease proto.InternalMessageInfo
// SemaphoreLeaseRef identifies an existent lease.
type SemaphoreLeaseRef struct {
// LeaseID is the unique ID of the lease.
LeaseID string `protobuf:"bytes,1,opt,name=LeaseID,proto3" json:"lease_id"`
// Expires is the time at which the lease expires.
Expires time.Time `protobuf:"bytes,2,opt,name=Expires,proto3,stdtime" json:"expires"`
// Holder identifies the lease holder.
Holder string `protobuf:"bytes,3,opt,name=Holder,proto3" json:"holder"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SemaphoreLeaseRef) Reset() { *m = SemaphoreLeaseRef{} }
func (m *SemaphoreLeaseRef) String() string { return proto.CompactTextString(m) }
func (*SemaphoreLeaseRef) ProtoMessage() {}
func (*SemaphoreLeaseRef) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{188}
}
func (m *SemaphoreLeaseRef) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SemaphoreLeaseRef) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SemaphoreLeaseRef.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SemaphoreLeaseRef) XXX_Merge(src proto.Message) {
xxx_messageInfo_SemaphoreLeaseRef.Merge(m, src)
}
func (m *SemaphoreLeaseRef) XXX_Size() int {
return m.Size()
}
func (m *SemaphoreLeaseRef) XXX_DiscardUnknown() {
xxx_messageInfo_SemaphoreLeaseRef.DiscardUnknown(m)
}
var xxx_messageInfo_SemaphoreLeaseRef proto.InternalMessageInfo
// SemaphoreV3 implements Semaphore interface
type SemaphoreV3 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is version
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is Semaphore metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is a lease V3 spec
Spec SemaphoreSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SemaphoreV3) Reset() { *m = SemaphoreV3{} }
func (*SemaphoreV3) ProtoMessage() {}
func (*SemaphoreV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{189}
}
func (m *SemaphoreV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SemaphoreV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SemaphoreV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SemaphoreV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_SemaphoreV3.Merge(m, src)
}
func (m *SemaphoreV3) XXX_Size() int {
return m.Size()
}
func (m *SemaphoreV3) XXX_DiscardUnknown() {
xxx_messageInfo_SemaphoreV3.DiscardUnknown(m)
}
var xxx_messageInfo_SemaphoreV3 proto.InternalMessageInfo
// SemaphoreSpecV3 contains the data about lease
type SemaphoreSpecV3 struct {
// Leases is a list of all currently acquired leases.
Leases []SemaphoreLeaseRef `protobuf:"bytes,1,rep,name=Leases,proto3" json:"leases"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SemaphoreSpecV3) Reset() { *m = SemaphoreSpecV3{} }
func (m *SemaphoreSpecV3) String() string { return proto.CompactTextString(m) }
func (*SemaphoreSpecV3) ProtoMessage() {}
func (*SemaphoreSpecV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{190}
}
func (m *SemaphoreSpecV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SemaphoreSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SemaphoreSpecV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SemaphoreSpecV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_SemaphoreSpecV3.Merge(m, src)
}
func (m *SemaphoreSpecV3) XXX_Size() int {
return m.Size()
}
func (m *SemaphoreSpecV3) XXX_DiscardUnknown() {
xxx_messageInfo_SemaphoreSpecV3.DiscardUnknown(m)
}
var xxx_messageInfo_SemaphoreSpecV3 proto.InternalMessageInfo
// WebSessionV2 represents an application or UI web session.
type WebSessionV2 struct {
// Kind is a resource kind.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is version.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is a resource metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is a tunnel specification.
Spec WebSessionSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *WebSessionV2) Reset() { *m = WebSessionV2{} }
func (*WebSessionV2) ProtoMessage() {}
func (*WebSessionV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{191}
}
func (m *WebSessionV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *WebSessionV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_WebSessionV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *WebSessionV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_WebSessionV2.Merge(m, src)
}
func (m *WebSessionV2) XXX_Size() int {
return m.Size()
}
func (m *WebSessionV2) XXX_DiscardUnknown() {
xxx_messageInfo_WebSessionV2.DiscardUnknown(m)
}
var xxx_messageInfo_WebSessionV2 proto.InternalMessageInfo
// WebSessionSpecV2 is a specification for web session.
type WebSessionSpecV2 struct {
// User is the identity of the user to which the web session belongs.
User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
// Pub is the SSH certificate for the user, marshaled in the authorized key
// format.
Pub []byte `protobuf:"bytes,2,opt,name=Pub,proto3" json:"pub"`
// Priv is the SSH private key for the user, in PEM-encoded PKCS#1 or PKCS#8
// format. If TLSPriv is unset, this is also the TLS private key.
Priv []byte `protobuf:"bytes,3,opt,name=Priv,proto3" json:"priv,omitempty"`
// TLSCert is the X.509 certificate for the user (PEM-encoded).
TLSCert []byte `protobuf:"bytes,4,opt,name=TLSCert,proto3" json:"tls_cert,omitempty"`
// BearerToken is a token that is paired with the session cookie for
// authentication. It is periodically rotated so a stolen cookie itself
// is not enough to steal a session. In addition it is used for CSRF
// mitigation.
BearerToken string `protobuf:"bytes,5,opt,name=BearerToken,proto3" json:"bearer_token"`
// BearerTokenExpires is the absolute time when the token expires.
BearerTokenExpires time.Time `protobuf:"bytes,6,opt,name=BearerTokenExpires,proto3,stdtime" json:"bearer_token_expires"`
// Expires is the absolute time when the session expires.
Expires time.Time `protobuf:"bytes,7,opt,name=Expires,proto3,stdtime" json:"expires"`
// LoginTime is the time this user recently logged in.
LoginTime time.Time `protobuf:"bytes,8,opt,name=LoginTime,proto3,stdtime" json:"login_time"`
// IdleTimeout is the max time a user can be inactive in a session.
IdleTimeout Duration `protobuf:"varint,9,opt,name=IdleTimeout,proto3,casttype=Duration" json:"idle_timeout"`
// ConsumedAccessRequestID is the ID of the access request from which additional roles to assume
// were obtained.
ConsumedAccessRequestID string `protobuf:"bytes,10,opt,name=ConsumedAccessRequestID,proto3" json:"consumed_access_request_id,omitempty"`
// SAMLSession is data associated with a SAML IdP session.
SAMLSession *SAMLSessionData `protobuf:"bytes,11,opt,name=SAMLSession,proto3" json:"saml_session,omitempty"`
// Device trust web authentication token.
// May be exchanged for a single on-behalf-of device authentication attempt
// (typically performed by Connect).
// Only present if on-behalf-of device authentication is possible.
DeviceWebToken *DeviceWebToken `protobuf:"bytes,12,opt,name=DeviceWebToken,proto3" json:"device_web_token,omitempty"`
// HasDeviceExtensions is true if the session's TLS and SSH certificates are
// augmented with device extensions.
HasDeviceExtensions bool `protobuf:"varint,13,opt,name=HasDeviceExtensions,proto3" json:"has_device_extensions,omitempty"`
// TrustedDeviceRequirement indicates whether access may be hindered by the
// lack of a trusted device.
//
// If during login a device is required and DeviceWebToken is nil, then it's
// likely the user needs to enroll their device to avoid impacting access.
TrustedDeviceRequirement TrustedDeviceRequirement `protobuf:"varint,14,opt,name=TrustedDeviceRequirement,proto3,enum=types.TrustedDeviceRequirement" json:"trusted_device_requirement,omitempty"`
// TLSPriv is the TLS private key for the user, in PEM-encoded PKCS#1 or PKCS#8
// format. If unset, then Priv is used as both the SSH and TLS private key.
TLSPriv []byte `protobuf:"bytes,15,opt,name=TLSPriv,proto3" json:"tls_priv,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *WebSessionSpecV2) Reset() { *m = WebSessionSpecV2{} }
func (m *WebSessionSpecV2) String() string { return proto.CompactTextString(m) }
func (*WebSessionSpecV2) ProtoMessage() {}
func (*WebSessionSpecV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{192}
}
func (m *WebSessionSpecV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *WebSessionSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_WebSessionSpecV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *WebSessionSpecV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_WebSessionSpecV2.Merge(m, src)
}
func (m *WebSessionSpecV2) XXX_Size() int {
return m.Size()
}
func (m *WebSessionSpecV2) XXX_DiscardUnknown() {
xxx_messageInfo_WebSessionSpecV2.DiscardUnknown(m)
}
var xxx_messageInfo_WebSessionSpecV2 proto.InternalMessageInfo
// Web-focused view of teleport.devicetrust.v1.DeviceWebToken.
type DeviceWebToken struct {
// Opaque token identifier.
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
// Opaque device web token, in plaintext, encoded in base64.RawURLEncoding
// (so it is inherently safe for URl use).
Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DeviceWebToken) Reset() { *m = DeviceWebToken{} }
func (m *DeviceWebToken) String() string { return proto.CompactTextString(m) }
func (*DeviceWebToken) ProtoMessage() {}
func (*DeviceWebToken) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{193}
}
func (m *DeviceWebToken) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DeviceWebToken) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DeviceWebToken.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DeviceWebToken) XXX_Merge(src proto.Message) {
xxx_messageInfo_DeviceWebToken.Merge(m, src)
}
func (m *DeviceWebToken) XXX_Size() int {
return m.Size()
}
func (m *DeviceWebToken) XXX_DiscardUnknown() {
xxx_messageInfo_DeviceWebToken.DiscardUnknown(m)
}
var xxx_messageInfo_DeviceWebToken proto.InternalMessageInfo
// WebSessionFilter encodes cache watch parameters for filtering web sessions.
type WebSessionFilter struct {
// User is the username to filter web sessions for.
User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *WebSessionFilter) Reset() { *m = WebSessionFilter{} }
func (m *WebSessionFilter) String() string { return proto.CompactTextString(m) }
func (*WebSessionFilter) ProtoMessage() {}
func (*WebSessionFilter) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{194}
}
func (m *WebSessionFilter) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *WebSessionFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_WebSessionFilter.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *WebSessionFilter) XXX_Merge(src proto.Message) {
xxx_messageInfo_WebSessionFilter.Merge(m, src)
}
func (m *WebSessionFilter) XXX_Size() int {
return m.Size()
}
func (m *WebSessionFilter) XXX_DiscardUnknown() {
xxx_messageInfo_WebSessionFilter.DiscardUnknown(m)
}
var xxx_messageInfo_WebSessionFilter proto.InternalMessageInfo
// SAMLSessionData contains data for a SAML session.
// Based on crewjam/saml's session object: https://github.com/crewjam/saml/blob/main/identity_provider.go
type SAMLSessionData struct {
// ID is the identifier for the SAML session.
ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"id"`
// CreateTime is the time that the session was created.
CreateTime time.Time `protobuf:"bytes,2,opt,name=CreateTime,proto3,stdtime" json:"create_time"`
// ExpireTime is the time that the session will expire.
ExpireTime time.Time `protobuf:"bytes,3,opt,name=ExpireTime,proto3,stdtime" json:"expire_time"`
// Index is the session index that allows the IdP to uniquely identify a session.
Index string `protobuf:"bytes,4,opt,name=Index,proto3" json:"index"`
// NameID an identifier for the session.
NameID string `protobuf:"bytes,5,opt,name=NameID,proto3" json:"name_id"`
// NameIDFormat is the format of the Name ID.
NameIDFormat string `protobuf:"bytes,6,opt,name=NameIDFormat,proto3" json:"name_id_format"`
// SubjectID is the identifier for the subject of the session.
SubjectID string `protobuf:"bytes,7,opt,name=SubjectID,proto3" json:"subject_id"`
// Groups is a list of groups that the user has access to.
Groups []string `protobuf:"bytes,8,rep,name=Groups,proto3" json:"groups"`
// UserName is the user's name.
UserName string `protobuf:"bytes,9,opt,name=UserName,proto3" json:"user_name"`
// UserEmail is the user's e-mail.
UserEmail string `protobuf:"bytes,10,opt,name=UserEmail,proto3" json:"user_email"`
// UserCommonName is the user's common name.
UserCommonName string `protobuf:"bytes,11,opt,name=UserCommonName,proto3" json:"user_common_name"`
// UserSurname is the user's surname.
UserSurname string `protobuf:"bytes,12,opt,name=UserSurname,proto3" json:"user_surname"`
// UserGivenName is the user's given name.
UserGivenName string `protobuf:"bytes,13,opt,name=UserGivenName,proto3" json:"user_given_name"`
// UserScopedAffiliation is the user's scoped affiliation.
UserScopedAffiliation string `protobuf:"bytes,14,opt,name=UserScopedAffiliation,proto3" json:"user_scoped_affiliation"`
// CustomAttributes are any custom attributes associated with the request.
CustomAttributes []*SAMLAttribute `protobuf:"bytes,15,rep,name=CustomAttributes,proto3" json:"custom_attributes"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SAMLSessionData) Reset() { *m = SAMLSessionData{} }
func (m *SAMLSessionData) String() string { return proto.CompactTextString(m) }
func (*SAMLSessionData) ProtoMessage() {}
func (*SAMLSessionData) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{195}
}
func (m *SAMLSessionData) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SAMLSessionData) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SAMLSessionData.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SAMLSessionData) XXX_Merge(src proto.Message) {
xxx_messageInfo_SAMLSessionData.Merge(m, src)
}
func (m *SAMLSessionData) XXX_Size() int {
return m.Size()
}
func (m *SAMLSessionData) XXX_DiscardUnknown() {
xxx_messageInfo_SAMLSessionData.DiscardUnknown(m)
}
var xxx_messageInfo_SAMLSessionData proto.InternalMessageInfo
// SAMLAttribute contains an attribute name and associated values.
// Defined in http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf.
type SAMLAttribute struct {
// FriendlyName is a user readable name for the attribute.
FriendlyName string `protobuf:"bytes,1,opt,name=FriendlyName,proto3" json:"friendly_name"`
// Name is a full name for the attribute, typically an OID value.
Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"name"`
// NameFormat is the format of the name.
NameFormat string `protobuf:"bytes,3,opt,name=NameFormat,proto3" json:"name_format"`
// Values is a list of attribute values.
Values []*SAMLAttributeValue `protobuf:"bytes,4,rep,name=Values,proto3" json:"values"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SAMLAttribute) Reset() { *m = SAMLAttribute{} }
func (m *SAMLAttribute) String() string { return proto.CompactTextString(m) }
func (*SAMLAttribute) ProtoMessage() {}
func (*SAMLAttribute) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{196}
}
func (m *SAMLAttribute) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SAMLAttribute) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SAMLAttribute.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SAMLAttribute) XXX_Merge(src proto.Message) {
xxx_messageInfo_SAMLAttribute.Merge(m, src)
}
func (m *SAMLAttribute) XXX_Size() int {
return m.Size()
}
func (m *SAMLAttribute) XXX_DiscardUnknown() {
xxx_messageInfo_SAMLAttribute.DiscardUnknown(m)
}
var xxx_messageInfo_SAMLAttribute proto.InternalMessageInfo
// SAMLAttributeValues contains a type, value, and an associated name ID block.
// Defined in http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf.
type SAMLAttributeValue struct {
// Type is the type of value this attribute represents.
Type string `protobuf:"bytes,1,opt,name=Type,proto3" json:"type"`
// Value is the value of the attribute.
Value string `protobuf:"bytes,2,opt,name=Value,proto3" json:"value"`
// NameID is a more restrictive identifier for the attribute value.
NameID *SAMLNameID `protobuf:"bytes,3,opt,name=NameID,proto3" json:"name_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SAMLAttributeValue) Reset() { *m = SAMLAttributeValue{} }
func (m *SAMLAttributeValue) String() string { return proto.CompactTextString(m) }
func (*SAMLAttributeValue) ProtoMessage() {}
func (*SAMLAttributeValue) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{197}
}
func (m *SAMLAttributeValue) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SAMLAttributeValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SAMLAttributeValue.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SAMLAttributeValue) XXX_Merge(src proto.Message) {
xxx_messageInfo_SAMLAttributeValue.Merge(m, src)
}
func (m *SAMLAttributeValue) XXX_Size() int {
return m.Size()
}
func (m *SAMLAttributeValue) XXX_DiscardUnknown() {
xxx_messageInfo_SAMLAttributeValue.DiscardUnknown(m)
}
var xxx_messageInfo_SAMLAttributeValue proto.InternalMessageInfo
// SAMLNameID is a more restrictive identifier for an object in SAML.
// Defined in http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf.
type SAMLNameID struct {
// NameQualifier is the domain that qualifies the identifier.
NameQualifier string `protobuf:"bytes,1,opt,name=NameQualifier,proto3" json:"name_qualifier"`
// SPNameQualifier qualifies the identifier with the name of the service provider.
SPNameQualifier string `protobuf:"bytes,2,opt,name=SPNameQualifier,proto3" json:"sp_name_qualifier"`
// Format is the format of the identifier.
Format string `protobuf:"bytes,3,opt,name=Format,proto3" json:"format"`
// SPProvidedID is an identifier established by the service provider.
SPProvidedID string `protobuf:"bytes,4,opt,name=SPProvidedID,proto3" json:"sp_provider_id"`
// Value is the value of the name ID.
Value string `protobuf:"bytes,5,opt,name=Value,proto3" json:"value"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SAMLNameID) Reset() { *m = SAMLNameID{} }
func (m *SAMLNameID) String() string { return proto.CompactTextString(m) }
func (*SAMLNameID) ProtoMessage() {}
func (*SAMLNameID) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{198}
}
func (m *SAMLNameID) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SAMLNameID) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SAMLNameID.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SAMLNameID) XXX_Merge(src proto.Message) {
xxx_messageInfo_SAMLNameID.Merge(m, src)
}
func (m *SAMLNameID) XXX_Size() int {
return m.Size()
}
func (m *SAMLNameID) XXX_DiscardUnknown() {
xxx_messageInfo_SAMLNameID.DiscardUnknown(m)
}
var xxx_messageInfo_SAMLNameID proto.InternalMessageInfo
// RemoteClusterV3 represents remote cluster resource specification
type RemoteClusterV3 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is resource API version
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Status is a remote cluster status
Status RemoteClusterStatusV3 `protobuf:"bytes,5,opt,name=Status,proto3" json:"status"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RemoteClusterV3) Reset() { *m = RemoteClusterV3{} }
func (*RemoteClusterV3) ProtoMessage() {}
func (*RemoteClusterV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{199}
}
func (m *RemoteClusterV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RemoteClusterV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RemoteClusterV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RemoteClusterV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_RemoteClusterV3.Merge(m, src)
}
func (m *RemoteClusterV3) XXX_Size() int {
return m.Size()
}
func (m *RemoteClusterV3) XXX_DiscardUnknown() {
xxx_messageInfo_RemoteClusterV3.DiscardUnknown(m)
}
var xxx_messageInfo_RemoteClusterV3 proto.InternalMessageInfo
// RemoteClusterStatusV3 represents status of the remote cluster
type RemoteClusterStatusV3 struct {
// Connection represents connection status, online or offline
Connection string `protobuf:"bytes,1,opt,name=Connection,proto3" json:"connection"`
// LastHeartbeat records last heartbeat of the cluster
LastHeartbeat time.Time `protobuf:"bytes,2,opt,name=LastHeartbeat,proto3,stdtime" json:"last_heartbeat"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RemoteClusterStatusV3) Reset() { *m = RemoteClusterStatusV3{} }
func (m *RemoteClusterStatusV3) String() string { return proto.CompactTextString(m) }
func (*RemoteClusterStatusV3) ProtoMessage() {}
func (*RemoteClusterStatusV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{200}
}
func (m *RemoteClusterStatusV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RemoteClusterStatusV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RemoteClusterStatusV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RemoteClusterStatusV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_RemoteClusterStatusV3.Merge(m, src)
}
func (m *RemoteClusterStatusV3) XXX_Size() int {
return m.Size()
}
func (m *RemoteClusterStatusV3) XXX_DiscardUnknown() {
xxx_messageInfo_RemoteClusterStatusV3.DiscardUnknown(m)
}
var xxx_messageInfo_RemoteClusterStatusV3 proto.InternalMessageInfo
// KubernetesCluster is a named kubernetes API endpoint handled by a Server.
//
// TODO: deprecate and convert all usage to KubernetesClusterV3
type KubernetesCluster struct {
// Name is the name of this kubernetes cluster.
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
// StaticLabels is map of static labels associated with this cluster.
// Used for RBAC.
StaticLabels map[string]string `protobuf:"bytes,2,rep,name=StaticLabels,proto3" json:"static_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// DynamicLabels is map of dynamic labels associated with this cluster.
// Used for RBAC.
DynamicLabels map[string]CommandLabelV2 `protobuf:"bytes,3,rep,name=DynamicLabels,proto3" json:"dynamic_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KubernetesCluster) Reset() { *m = KubernetesCluster{} }
func (m *KubernetesCluster) String() string { return proto.CompactTextString(m) }
func (*KubernetesCluster) ProtoMessage() {}
func (*KubernetesCluster) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{201}
}
func (m *KubernetesCluster) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KubernetesCluster) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KubernetesCluster.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KubernetesCluster) XXX_Merge(src proto.Message) {
xxx_messageInfo_KubernetesCluster.Merge(m, src)
}
func (m *KubernetesCluster) XXX_Size() int {
return m.Size()
}
func (m *KubernetesCluster) XXX_DiscardUnknown() {
xxx_messageInfo_KubernetesCluster.DiscardUnknown(m)
}
var xxx_messageInfo_KubernetesCluster proto.InternalMessageInfo
// KubernetesClusterV3 represents a named kubernetes API endpoint.
type KubernetesClusterV3 struct {
// Kind is the cluster resource kind.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource subkind.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is the resource metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is the resource spec.
Spec KubernetesClusterSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
// Status is the resource status.
Status *KubernetesClusterStatus `protobuf:"bytes,6,opt,name=status,proto3" json:"status,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KubernetesClusterV3) Reset() { *m = KubernetesClusterV3{} }
func (*KubernetesClusterV3) ProtoMessage() {}
func (*KubernetesClusterV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{202}
}
func (m *KubernetesClusterV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KubernetesClusterV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KubernetesClusterV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KubernetesClusterV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_KubernetesClusterV3.Merge(m, src)
}
func (m *KubernetesClusterV3) XXX_Size() int {
return m.Size()
}
func (m *KubernetesClusterV3) XXX_DiscardUnknown() {
xxx_messageInfo_KubernetesClusterV3.DiscardUnknown(m)
}
var xxx_messageInfo_KubernetesClusterV3 proto.InternalMessageInfo
// KubernetesClusterSpecV3 is a specification for a Kubernetes cluster.
type KubernetesClusterSpecV3 struct {
// DynamicLabels are the cluster's dynamic labels.
DynamicLabels map[string]CommandLabelV2 `protobuf:"bytes,1,rep,name=DynamicLabels,proto3" json:"dynamic_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// Kubeconfig is the kubeconfig file payload that grants access to the cluster.
// If multiple contexts are specified, the first will be selected.
Kubeconfig []byte `protobuf:"bytes,2,opt,name=Kubeconfig,proto3" json:"kubeconfig,omitempty"`
// Azure holds the required Azure information for Teleport to access the cluster.
Azure KubeAzure `protobuf:"bytes,3,opt,name=Azure,proto3" json:"azure,omitempty"`
// AWS holds the required AWS information for Teleport to access the cluster.
AWS KubeAWS `protobuf:"bytes,4,opt,name=AWS,proto3" json:"aws,omitempty"`
// GCP holds the required GCP information for Teleport to access the cluster.
GCP KubeGCP `protobuf:"bytes,5,opt,name=GCP,proto3" json:"gcp,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KubernetesClusterSpecV3) Reset() { *m = KubernetesClusterSpecV3{} }
func (m *KubernetesClusterSpecV3) String() string { return proto.CompactTextString(m) }
func (*KubernetesClusterSpecV3) ProtoMessage() {}
func (*KubernetesClusterSpecV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{203}
}
func (m *KubernetesClusterSpecV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KubernetesClusterSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KubernetesClusterSpecV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KubernetesClusterSpecV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_KubernetesClusterSpecV3.Merge(m, src)
}
func (m *KubernetesClusterSpecV3) XXX_Size() int {
return m.Size()
}
func (m *KubernetesClusterSpecV3) XXX_DiscardUnknown() {
xxx_messageInfo_KubernetesClusterSpecV3.DiscardUnknown(m)
}
var xxx_messageInfo_KubernetesClusterSpecV3 proto.InternalMessageInfo
// KubeAzure contains the Azure information about the cluster.
type KubeAzure struct {
// ResourceName is the AKS cluster name.
ResourceName string `protobuf:"bytes,1,opt,name=ResourceName,proto3" json:"resource_name,omitempty"`
// ResourceGroup is the Azure resource group name.
ResourceGroup string `protobuf:"bytes,2,opt,name=ResourceGroup,proto3" json:"resource_group,omitempty"`
// TenantID is the AKS cluster Tenant ID.
TenantID string `protobuf:"bytes,3,opt,name=TenantID,proto3" json:"tenant_id,omitempty"`
// SubscriptionID is the AKS cluster SubscriptionID.
SubscriptionID string `protobuf:"bytes,4,opt,name=SubscriptionID,proto3" json:"subscription_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KubeAzure) Reset() { *m = KubeAzure{} }
func (m *KubeAzure) String() string { return proto.CompactTextString(m) }
func (*KubeAzure) ProtoMessage() {}
func (*KubeAzure) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{204}
}
func (m *KubeAzure) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KubeAzure) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KubeAzure.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KubeAzure) XXX_Merge(src proto.Message) {
xxx_messageInfo_KubeAzure.Merge(m, src)
}
func (m *KubeAzure) XXX_Size() int {
return m.Size()
}
func (m *KubeAzure) XXX_DiscardUnknown() {
xxx_messageInfo_KubeAzure.DiscardUnknown(m)
}
var xxx_messageInfo_KubeAzure proto.InternalMessageInfo
// KubeAWS contains the AWS information about the cluster.
type KubeAWS struct {
// Region is a AWS cloud region.
Region string `protobuf:"bytes,1,opt,name=Region,proto3" json:"region,omitempty"`
// AccountID is a AWS Account ID.
AccountID string `protobuf:"bytes,2,opt,name=AccountID,proto3" json:"account_id,omitempty"`
// Name is a AWS EKS cluster name.
Name string `protobuf:"bytes,3,opt,name=Name,proto3" json:"name,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KubeAWS) Reset() { *m = KubeAWS{} }
func (m *KubeAWS) String() string { return proto.CompactTextString(m) }
func (*KubeAWS) ProtoMessage() {}
func (*KubeAWS) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{205}
}
func (m *KubeAWS) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KubeAWS) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KubeAWS.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KubeAWS) XXX_Merge(src proto.Message) {
xxx_messageInfo_KubeAWS.Merge(m, src)
}
func (m *KubeAWS) XXX_Size() int {
return m.Size()
}
func (m *KubeAWS) XXX_DiscardUnknown() {
xxx_messageInfo_KubeAWS.DiscardUnknown(m)
}
var xxx_messageInfo_KubeAWS proto.InternalMessageInfo
// KubeGCP contains the GCP information about the cluster.
type KubeGCP struct {
// Location is a GKE cluster location.
Location string `protobuf:"bytes,1,opt,name=Location,proto3" json:"location,omitempty"`
// ProjectID is the GKE Project ID.
ProjectID string `protobuf:"bytes,2,opt,name=ProjectID,proto3" json:"project_id,omitempty"`
// Name is a GCP GKE cluster name.
Name string `protobuf:"bytes,3,opt,name=Name,proto3" json:"name,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KubeGCP) Reset() { *m = KubeGCP{} }
func (m *KubeGCP) String() string { return proto.CompactTextString(m) }
func (*KubeGCP) ProtoMessage() {}
func (*KubeGCP) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{206}
}
func (m *KubeGCP) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KubeGCP) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KubeGCP.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KubeGCP) XXX_Merge(src proto.Message) {
xxx_messageInfo_KubeGCP.Merge(m, src)
}
func (m *KubeGCP) XXX_Size() int {
return m.Size()
}
func (m *KubeGCP) XXX_DiscardUnknown() {
xxx_messageInfo_KubeGCP.DiscardUnknown(m)
}
var xxx_messageInfo_KubeGCP proto.InternalMessageInfo
// KubernetesClusterStatus contains information about the Kubernetes Cluster.
type KubernetesClusterStatus struct {
Discovery *KubernetesClusterDiscoveryStatus `protobuf:"bytes,1,opt,name=discovery,proto3" json:"discovery,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KubernetesClusterStatus) Reset() { *m = KubernetesClusterStatus{} }
func (m *KubernetesClusterStatus) String() string { return proto.CompactTextString(m) }
func (*KubernetesClusterStatus) ProtoMessage() {}
func (*KubernetesClusterStatus) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{207}
}
func (m *KubernetesClusterStatus) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KubernetesClusterStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KubernetesClusterStatus.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KubernetesClusterStatus) XXX_Merge(src proto.Message) {
xxx_messageInfo_KubernetesClusterStatus.Merge(m, src)
}
func (m *KubernetesClusterStatus) XXX_Size() int {
return m.Size()
}
func (m *KubernetesClusterStatus) XXX_DiscardUnknown() {
xxx_messageInfo_KubernetesClusterStatus.DiscardUnknown(m)
}
var xxx_messageInfo_KubernetesClusterStatus proto.InternalMessageInfo
// KubernetesClusterDiscoveryStatus contains cloud provider-specific discovery
// information for Kubernetes clusters.
type KubernetesClusterDiscoveryStatus struct {
// AWS holds AWS-specific information about the Kubernetes cluster, including
// configuration for automatic discovery and access setup.
Aws *KubernetesClusterAWSStatus `protobuf:"bytes,1,opt,name=aws,proto3" json:"aws,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KubernetesClusterDiscoveryStatus) Reset() { *m = KubernetesClusterDiscoveryStatus{} }
func (m *KubernetesClusterDiscoveryStatus) String() string { return proto.CompactTextString(m) }
func (*KubernetesClusterDiscoveryStatus) ProtoMessage() {}
func (*KubernetesClusterDiscoveryStatus) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{208}
}
func (m *KubernetesClusterDiscoveryStatus) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KubernetesClusterDiscoveryStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KubernetesClusterDiscoveryStatus.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KubernetesClusterDiscoveryStatus) XXX_Merge(src proto.Message) {
xxx_messageInfo_KubernetesClusterDiscoveryStatus.Merge(m, src)
}
func (m *KubernetesClusterDiscoveryStatus) XXX_Size() int {
return m.Size()
}
func (m *KubernetesClusterDiscoveryStatus) XXX_DiscardUnknown() {
xxx_messageInfo_KubernetesClusterDiscoveryStatus.DiscardUnknown(m)
}
var xxx_messageInfo_KubernetesClusterDiscoveryStatus proto.InternalMessageInfo
// KubernetesClusterAWSStatus contains AWS-specific configuration and state
// information for Kubernetes clusters discovered or managed through AWS integrations.
type KubernetesClusterAWSStatus struct {
// The ARN of the AWS IAM role or user for which Teleport should configure access
// to this Kubernetes cluster. This is typically used during automatic discovery to
// grant the specified principal access to the cluster.
SetupAccessForArn string `protobuf:"bytes,1,opt,name=setup_access_for_arn,json=setupAccessForArn,proto3" json:"setup_access_for_arn,omitempty"`
// The name of the AWS integration resource used to discover or manage this
// Kubernetes cluster. This references the Teleport integration that provides
// credentials and permissions for AWS API operations.
Integration string `protobuf:"bytes,2,opt,name=integration,proto3" json:"integration,omitempty"`
// The ARN of the AWS IAM role that Teleport's discovery service assumed
// when discovering this Kubernetes cluster. This role is used to access AWS
// APIs for cluster information and configuration.
DiscoveryAssumedRole *AssumeRole `protobuf:"bytes,3,opt,name=discovery_assumed_role,json=discoveryAssumedRole,proto3" json:"discovery_assumed_role,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KubernetesClusterAWSStatus) Reset() { *m = KubernetesClusterAWSStatus{} }
func (m *KubernetesClusterAWSStatus) String() string { return proto.CompactTextString(m) }
func (*KubernetesClusterAWSStatus) ProtoMessage() {}
func (*KubernetesClusterAWSStatus) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{209}
}
func (m *KubernetesClusterAWSStatus) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KubernetesClusterAWSStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KubernetesClusterAWSStatus.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KubernetesClusterAWSStatus) XXX_Merge(src proto.Message) {
xxx_messageInfo_KubernetesClusterAWSStatus.Merge(m, src)
}
func (m *KubernetesClusterAWSStatus) XXX_Size() int {
return m.Size()
}
func (m *KubernetesClusterAWSStatus) XXX_DiscardUnknown() {
xxx_messageInfo_KubernetesClusterAWSStatus.DiscardUnknown(m)
}
var xxx_messageInfo_KubernetesClusterAWSStatus proto.InternalMessageInfo
// KubernetesClusterV3List represents a list of kubernetes clusters.
type KubernetesClusterV3List struct {
// KubernetesClusters is a list of kubernetes clusters resources.
KubernetesClusters []*KubernetesClusterV3 `protobuf:"bytes,1,rep,name=KubernetesClusters,proto3" json:"KubernetesClusters,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KubernetesClusterV3List) Reset() { *m = KubernetesClusterV3List{} }
func (m *KubernetesClusterV3List) String() string { return proto.CompactTextString(m) }
func (*KubernetesClusterV3List) ProtoMessage() {}
func (*KubernetesClusterV3List) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{210}
}
func (m *KubernetesClusterV3List) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KubernetesClusterV3List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KubernetesClusterV3List.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KubernetesClusterV3List) XXX_Merge(src proto.Message) {
xxx_messageInfo_KubernetesClusterV3List.Merge(m, src)
}
func (m *KubernetesClusterV3List) XXX_Size() int {
return m.Size()
}
func (m *KubernetesClusterV3List) XXX_DiscardUnknown() {
xxx_messageInfo_KubernetesClusterV3List.DiscardUnknown(m)
}
var xxx_messageInfo_KubernetesClusterV3List proto.InternalMessageInfo
// KubernetesServerV3 represents a Kubernetes server.
type KubernetesServerV3 struct {
// Kind is the Kubernetes server resource kind. Always "kube_server".
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource subkind.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is the Kubernetes server metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is the Kubernetes server spec.
Spec KubernetesServerSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
// Status is the Kubernetes server status.
Status *KubernetesServerStatusV3 `protobuf:"bytes,6,opt,name=status,proto3" json:"status,omitempty"`
// The advertized scope of the server which can not change once assigned.
Scope string `protobuf:"bytes,7,opt,name=scope,proto3" json:"scope,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KubernetesServerV3) Reset() { *m = KubernetesServerV3{} }
func (*KubernetesServerV3) ProtoMessage() {}
func (*KubernetesServerV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{211}
}
func (m *KubernetesServerV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KubernetesServerV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KubernetesServerV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KubernetesServerV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_KubernetesServerV3.Merge(m, src)
}
func (m *KubernetesServerV3) XXX_Size() int {
return m.Size()
}
func (m *KubernetesServerV3) XXX_DiscardUnknown() {
xxx_messageInfo_KubernetesServerV3.DiscardUnknown(m)
}
var xxx_messageInfo_KubernetesServerV3 proto.InternalMessageInfo
// KubernetesServerSpecV3 is the Kubernetes server spec.
type KubernetesServerSpecV3 struct {
// Version is the Teleport version that the server is running.
Version string `protobuf:"bytes,1,opt,name=Version,proto3" json:"version"`
// Hostname is the Kubernetes server hostname.
Hostname string `protobuf:"bytes,2,opt,name=Hostname,proto3" json:"hostname"`
// HostID is the Kubernetes server host uuid.
HostID string `protobuf:"bytes,3,opt,name=HostID,proto3" json:"host_id"`
// Rotation contains the Kubernetes server CA rotation information.
Rotation Rotation `protobuf:"bytes,4,opt,name=Rotation,proto3" json:"rotation,omitempty"`
// Cluster is a Kubernetes Cluster proxied by this Kubernetes server.
Cluster *KubernetesClusterV3 `protobuf:"bytes,5,opt,name=Cluster,proto3" json:"cluster"`
// ProxyIDs is a list of proxy IDs this server is expected to be connected to.
ProxyIDs []string `protobuf:"bytes,6,rep,name=ProxyIDs,proto3" json:"proxy_ids,omitempty"`
// the name of the Relay group that the server is connected to
RelayGroup string `protobuf:"bytes,7,opt,name=relay_group,json=relayGroup,proto3" json:"relay_group,omitempty"`
// the list of Relay host IDs that the server is connected to
RelayIds []string `protobuf:"bytes,8,rep,name=relay_ids,json=relayIds,proto3" json:"relay_ids,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KubernetesServerSpecV3) Reset() { *m = KubernetesServerSpecV3{} }
func (m *KubernetesServerSpecV3) String() string { return proto.CompactTextString(m) }
func (*KubernetesServerSpecV3) ProtoMessage() {}
func (*KubernetesServerSpecV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{212}
}
func (m *KubernetesServerSpecV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KubernetesServerSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KubernetesServerSpecV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KubernetesServerSpecV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_KubernetesServerSpecV3.Merge(m, src)
}
func (m *KubernetesServerSpecV3) XXX_Size() int {
return m.Size()
}
func (m *KubernetesServerSpecV3) XXX_DiscardUnknown() {
xxx_messageInfo_KubernetesServerSpecV3.DiscardUnknown(m)
}
var xxx_messageInfo_KubernetesServerSpecV3 proto.InternalMessageInfo
// KubernetesServerStatusV3 is the Kubernetes cluster status.
type KubernetesServerStatusV3 struct {
// TargetHealth is the health status of between the Teleport agent
// and Kubernetes cluster.
TargetHealth *TargetHealth `protobuf:"bytes,1,opt,name=target_health,json=targetHealth,proto3" json:"target_health,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KubernetesServerStatusV3) Reset() { *m = KubernetesServerStatusV3{} }
func (m *KubernetesServerStatusV3) String() string { return proto.CompactTextString(m) }
func (*KubernetesServerStatusV3) ProtoMessage() {}
func (*KubernetesServerStatusV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{213}
}
func (m *KubernetesServerStatusV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KubernetesServerStatusV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KubernetesServerStatusV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KubernetesServerStatusV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_KubernetesServerStatusV3.Merge(m, src)
}
func (m *KubernetesServerStatusV3) XXX_Size() int {
return m.Size()
}
func (m *KubernetesServerStatusV3) XXX_DiscardUnknown() {
xxx_messageInfo_KubernetesServerStatusV3.DiscardUnknown(m)
}
var xxx_messageInfo_KubernetesServerStatusV3 proto.InternalMessageInfo
// WebTokenV3 describes a web token. Web tokens are used as a transport to relay bearer tokens
// to the client.
// Initially bound to a web session, these have been factored out into a separate resource to
// enable separate lifecycle management.
type WebTokenV3 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is resource metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec defines the web token
Spec WebTokenSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *WebTokenV3) Reset() { *m = WebTokenV3{} }
func (*WebTokenV3) ProtoMessage() {}
func (*WebTokenV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{214}
}
func (m *WebTokenV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *WebTokenV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_WebTokenV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *WebTokenV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_WebTokenV3.Merge(m, src)
}
func (m *WebTokenV3) XXX_Size() int {
return m.Size()
}
func (m *WebTokenV3) XXX_DiscardUnknown() {
xxx_messageInfo_WebTokenV3.DiscardUnknown(m)
}
var xxx_messageInfo_WebTokenV3 proto.InternalMessageInfo
// WebTokenSpecV3 is a unique time-limited token bound to a user's web session
type WebTokenSpecV3 struct {
// User specifies the user the token is bound to.
User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
// Token specifies the token's value.
Token string `protobuf:"bytes,2,opt,name=Token,proto3" json:"token"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *WebTokenSpecV3) Reset() { *m = WebTokenSpecV3{} }
func (m *WebTokenSpecV3) String() string { return proto.CompactTextString(m) }
func (*WebTokenSpecV3) ProtoMessage() {}
func (*WebTokenSpecV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{215}
}
func (m *WebTokenSpecV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *WebTokenSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_WebTokenSpecV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *WebTokenSpecV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_WebTokenSpecV3.Merge(m, src)
}
func (m *WebTokenSpecV3) XXX_Size() int {
return m.Size()
}
func (m *WebTokenSpecV3) XXX_DiscardUnknown() {
xxx_messageInfo_WebTokenSpecV3.DiscardUnknown(m)
}
var xxx_messageInfo_WebTokenSpecV3 proto.InternalMessageInfo
// GetWebSessionRequest describes a request to query a web session
type GetWebSessionRequest struct {
// User specifies the user the web session is for.
User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
// SessionID specifies the web session ID.
SessionID string `protobuf:"bytes,2,opt,name=SessionID,proto3" json:"session_id"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *GetWebSessionRequest) Reset() { *m = GetWebSessionRequest{} }
func (m *GetWebSessionRequest) String() string { return proto.CompactTextString(m) }
func (*GetWebSessionRequest) ProtoMessage() {}
func (*GetWebSessionRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{216}
}
func (m *GetWebSessionRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *GetWebSessionRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_GetWebSessionRequest.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *GetWebSessionRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_GetWebSessionRequest.Merge(m, src)
}
func (m *GetWebSessionRequest) XXX_Size() int {
return m.Size()
}
func (m *GetWebSessionRequest) XXX_DiscardUnknown() {
xxx_messageInfo_GetWebSessionRequest.DiscardUnknown(m)
}
var xxx_messageInfo_GetWebSessionRequest proto.InternalMessageInfo
// DeleteWebSessionRequest describes a request to delete a web session
type DeleteWebSessionRequest struct {
// User specifies the user the session is bound to
User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
// SessionID specifies the web session ID to delete.
SessionID string `protobuf:"bytes,2,opt,name=SessionID,proto3" json:"session_id"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DeleteWebSessionRequest) Reset() { *m = DeleteWebSessionRequest{} }
func (m *DeleteWebSessionRequest) String() string { return proto.CompactTextString(m) }
func (*DeleteWebSessionRequest) ProtoMessage() {}
func (*DeleteWebSessionRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{217}
}
func (m *DeleteWebSessionRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DeleteWebSessionRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DeleteWebSessionRequest.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DeleteWebSessionRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_DeleteWebSessionRequest.Merge(m, src)
}
func (m *DeleteWebSessionRequest) XXX_Size() int {
return m.Size()
}
func (m *DeleteWebSessionRequest) XXX_DiscardUnknown() {
xxx_messageInfo_DeleteWebSessionRequest.DiscardUnknown(m)
}
var xxx_messageInfo_DeleteWebSessionRequest proto.InternalMessageInfo
// GetWebTokenRequest describes a request to query a web token
type GetWebTokenRequest struct {
// User specifies the user the token is for.
User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
// Token specifies the token to get.
Token string `protobuf:"bytes,2,opt,name=Token,proto3" json:"token"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *GetWebTokenRequest) Reset() { *m = GetWebTokenRequest{} }
func (m *GetWebTokenRequest) String() string { return proto.CompactTextString(m) }
func (*GetWebTokenRequest) ProtoMessage() {}
func (*GetWebTokenRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{218}
}
func (m *GetWebTokenRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *GetWebTokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_GetWebTokenRequest.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *GetWebTokenRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_GetWebTokenRequest.Merge(m, src)
}
func (m *GetWebTokenRequest) XXX_Size() int {
return m.Size()
}
func (m *GetWebTokenRequest) XXX_DiscardUnknown() {
xxx_messageInfo_GetWebTokenRequest.DiscardUnknown(m)
}
var xxx_messageInfo_GetWebTokenRequest proto.InternalMessageInfo
// DeleteWebTokenRequest describes a request to delete a web token
type DeleteWebTokenRequest struct {
// User specifies the user the token is for.
User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
// Token specifies the token to delete.
Token string `protobuf:"bytes,2,opt,name=Token,proto3" json:"token"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DeleteWebTokenRequest) Reset() { *m = DeleteWebTokenRequest{} }
func (m *DeleteWebTokenRequest) String() string { return proto.CompactTextString(m) }
func (*DeleteWebTokenRequest) ProtoMessage() {}
func (*DeleteWebTokenRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{219}
}
func (m *DeleteWebTokenRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DeleteWebTokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DeleteWebTokenRequest.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DeleteWebTokenRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_DeleteWebTokenRequest.Merge(m, src)
}
func (m *DeleteWebTokenRequest) XXX_Size() int {
return m.Size()
}
func (m *DeleteWebTokenRequest) XXX_DiscardUnknown() {
xxx_messageInfo_DeleteWebTokenRequest.DiscardUnknown(m)
}
var xxx_messageInfo_DeleteWebTokenRequest proto.InternalMessageInfo
// ResourceRequest is a request relating to a named resource.
type ResourceRequest struct {
// Name is the name of the resource.
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ResourceRequest) Reset() { *m = ResourceRequest{} }
func (m *ResourceRequest) String() string { return proto.CompactTextString(m) }
func (*ResourceRequest) ProtoMessage() {}
func (*ResourceRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{220}
}
func (m *ResourceRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ResourceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ResourceRequest.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ResourceRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_ResourceRequest.Merge(m, src)
}
func (m *ResourceRequest) XXX_Size() int {
return m.Size()
}
func (m *ResourceRequest) XXX_DiscardUnknown() {
xxx_messageInfo_ResourceRequest.DiscardUnknown(m)
}
var xxx_messageInfo_ResourceRequest proto.InternalMessageInfo
// ResourceWithSecretsRequest is a request relating to a named resource with secrets.
type ResourceWithSecretsRequest struct {
// Name is the name of the resource.
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
// WithSecrets specifies whether to load associated secrets.
WithSecrets bool `protobuf:"varint,2,opt,name=WithSecrets,proto3" json:"with_secrets,omitempty"`
// SAMLValidationNoFollowURLs specifies whether to skip following URLs when
// validating SAML connector resources.
// ResourceWithSecretsRequest is not a great place for this field but it's
// necessary for backward compatibility.
SAMLValidationNoFollowURLs bool `protobuf:"varint,3,opt,name=SAMLValidationNoFollowURLs,proto3" json:"saml_validation_no_follow_urls"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ResourceWithSecretsRequest) Reset() { *m = ResourceWithSecretsRequest{} }
func (m *ResourceWithSecretsRequest) String() string { return proto.CompactTextString(m) }
func (*ResourceWithSecretsRequest) ProtoMessage() {}
func (*ResourceWithSecretsRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{221}
}
func (m *ResourceWithSecretsRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ResourceWithSecretsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ResourceWithSecretsRequest.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ResourceWithSecretsRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_ResourceWithSecretsRequest.Merge(m, src)
}
func (m *ResourceWithSecretsRequest) XXX_Size() int {
return m.Size()
}
func (m *ResourceWithSecretsRequest) XXX_DiscardUnknown() {
xxx_messageInfo_ResourceWithSecretsRequest.DiscardUnknown(m)
}
var xxx_messageInfo_ResourceWithSecretsRequest proto.InternalMessageInfo
// ResourcesWithSecretsRequest is a request relating to resources with secrets.
type ResourcesWithSecretsRequest struct {
// WithSecrets specifies whether to load associated secrets.
WithSecrets bool `protobuf:"varint,1,opt,name=WithSecrets,proto3" json:"with_secrets,omitempty"`
// SAMLValidationNoFollowURLs specifies whether to skip following URLs when
// validating SAML connector resources.
// ResourceWithSecretsRequest is not a great place for this field but it's
// necessary for backward compatibility.
SAMLValidationNoFollowURLs bool `protobuf:"varint,2,opt,name=SAMLValidationNoFollowURLs,proto3" json:"saml_validation_no_follow_urls"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ResourcesWithSecretsRequest) Reset() { *m = ResourcesWithSecretsRequest{} }
func (m *ResourcesWithSecretsRequest) String() string { return proto.CompactTextString(m) }
func (*ResourcesWithSecretsRequest) ProtoMessage() {}
func (*ResourcesWithSecretsRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{222}
}
func (m *ResourcesWithSecretsRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ResourcesWithSecretsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ResourcesWithSecretsRequest.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ResourcesWithSecretsRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_ResourcesWithSecretsRequest.Merge(m, src)
}
func (m *ResourcesWithSecretsRequest) XXX_Size() int {
return m.Size()
}
func (m *ResourcesWithSecretsRequest) XXX_DiscardUnknown() {
xxx_messageInfo_ResourcesWithSecretsRequest.DiscardUnknown(m)
}
var xxx_messageInfo_ResourcesWithSecretsRequest proto.InternalMessageInfo
// ResourcesInNamespaceRequest is a request relating to a named resource in the given namespace.
type ResourceInNamespaceRequest struct {
// Name is the name of the resource.
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"Name,omitempty"`
// Namespace is the namespace of resources.
Namespace string `protobuf:"bytes,2,opt,name=Namespace,proto3" json:"Namespace,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ResourceInNamespaceRequest) Reset() { *m = ResourceInNamespaceRequest{} }
func (m *ResourceInNamespaceRequest) String() string { return proto.CompactTextString(m) }
func (*ResourceInNamespaceRequest) ProtoMessage() {}
func (*ResourceInNamespaceRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{223}
}
func (m *ResourceInNamespaceRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ResourceInNamespaceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ResourceInNamespaceRequest.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ResourceInNamespaceRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_ResourceInNamespaceRequest.Merge(m, src)
}
func (m *ResourceInNamespaceRequest) XXX_Size() int {
return m.Size()
}
func (m *ResourceInNamespaceRequest) XXX_DiscardUnknown() {
xxx_messageInfo_ResourceInNamespaceRequest.DiscardUnknown(m)
}
var xxx_messageInfo_ResourceInNamespaceRequest proto.InternalMessageInfo
// ResourcesInNamespaceRequest is a request relating to resources in the given namespace.
type ResourcesInNamespaceRequest struct {
// Namespace is the namespace of resources.
Namespace string `protobuf:"bytes,1,opt,name=Namespace,proto3" json:"Namespace,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ResourcesInNamespaceRequest) Reset() { *m = ResourcesInNamespaceRequest{} }
func (m *ResourcesInNamespaceRequest) String() string { return proto.CompactTextString(m) }
func (*ResourcesInNamespaceRequest) ProtoMessage() {}
func (*ResourcesInNamespaceRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{224}
}
func (m *ResourcesInNamespaceRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ResourcesInNamespaceRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ResourcesInNamespaceRequest.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ResourcesInNamespaceRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_ResourcesInNamespaceRequest.Merge(m, src)
}
func (m *ResourcesInNamespaceRequest) XXX_Size() int {
return m.Size()
}
func (m *ResourcesInNamespaceRequest) XXX_DiscardUnknown() {
xxx_messageInfo_ResourcesInNamespaceRequest.DiscardUnknown(m)
}
var xxx_messageInfo_ResourcesInNamespaceRequest proto.InternalMessageInfo
// OIDCConnectorV3 represents an OIDC connector.
type OIDCConnectorV3 struct {
// Kind is a resource kind.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version. It must be specified.
// Supported values are: `v3`.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata holds resource metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is an OIDC connector specification.
Spec OIDCConnectorSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OIDCConnectorV3) Reset() { *m = OIDCConnectorV3{} }
func (m *OIDCConnectorV3) String() string { return proto.CompactTextString(m) }
func (*OIDCConnectorV3) ProtoMessage() {}
func (*OIDCConnectorV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{225}
}
func (m *OIDCConnectorV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *OIDCConnectorV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_OIDCConnectorV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *OIDCConnectorV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_OIDCConnectorV3.Merge(m, src)
}
func (m *OIDCConnectorV3) XXX_Size() int {
return m.Size()
}
func (m *OIDCConnectorV3) XXX_DiscardUnknown() {
xxx_messageInfo_OIDCConnectorV3.DiscardUnknown(m)
}
var xxx_messageInfo_OIDCConnectorV3 proto.InternalMessageInfo
// OIDCConnectorV3List is a list of OIDC connectors.
type OIDCConnectorV3List struct {
// OIDCConnectors is a list of OIDC connectors.
OIDCConnectors []*OIDCConnectorV3 `protobuf:"bytes,1,rep,name=OIDCConnectors,proto3" json:"OIDCConnectors,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OIDCConnectorV3List) Reset() { *m = OIDCConnectorV3List{} }
func (m *OIDCConnectorV3List) String() string { return proto.CompactTextString(m) }
func (*OIDCConnectorV3List) ProtoMessage() {}
func (*OIDCConnectorV3List) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{226}
}
func (m *OIDCConnectorV3List) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *OIDCConnectorV3List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_OIDCConnectorV3List.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *OIDCConnectorV3List) XXX_Merge(src proto.Message) {
xxx_messageInfo_OIDCConnectorV3List.Merge(m, src)
}
func (m *OIDCConnectorV3List) XXX_Size() int {
return m.Size()
}
func (m *OIDCConnectorV3List) XXX_DiscardUnknown() {
xxx_messageInfo_OIDCConnectorV3List.DiscardUnknown(m)
}
var xxx_messageInfo_OIDCConnectorV3List proto.InternalMessageInfo
// OIDCConnectorSpecV3 is an OIDC connector specification.
//
// It specifies configuration for Open ID Connect compatible external
// identity provider: https://openid.net/specs/openid-connect-core-1_0.html
type OIDCConnectorSpecV3 struct {
// IssuerURL is the endpoint of the provider, e.g. https://accounts.google.com.
IssuerURL string `protobuf:"bytes,1,opt,name=IssuerURL,proto3" json:"issuer_url"`
// ClientID is the id of the authentication client (Teleport Auth Service).
ClientID string `protobuf:"bytes,2,opt,name=ClientID,proto3" json:"client_id"`
// ClientSecret is used to authenticate the client.
ClientSecret string `protobuf:"bytes,3,opt,name=ClientSecret,proto3" json:"client_secret"`
// ACR is an Authentication Context Class Reference value. The meaning of the ACR
// value is context-specific and varies for identity providers.
ACR string `protobuf:"bytes,5,opt,name=ACR,proto3" json:"acr_values,omitempty"`
// Provider is the external identity provider.
Provider string `protobuf:"bytes,6,opt,name=Provider,proto3" json:"provider,omitempty"`
// Display is the friendly name for this provider.
Display string `protobuf:"bytes,7,opt,name=Display,proto3" json:"display,omitempty"`
// Scope specifies additional scopes set by provider.
Scope []string `protobuf:"bytes,8,rep,name=Scope,proto3" json:"scope,omitempty"`
// Prompt is an optional OIDC prompt. An empty string omits prompt.
// If not specified, it defaults to select_account for backwards compatibility.
Prompt string `protobuf:"bytes,9,opt,name=Prompt,proto3" json:"prompt,omitempty"`
// ClaimsToRoles specifies a dynamic mapping from claims to roles.
ClaimsToRoles []ClaimMapping `protobuf:"bytes,10,rep,name=ClaimsToRoles,proto3" json:"claims_to_roles,omitempty"`
// GoogleServiceAccountURI is a path to a google service account uri.
GoogleServiceAccountURI string `protobuf:"bytes,11,opt,name=GoogleServiceAccountURI,proto3" json:"google_service_account_uri,omitempty"`
// GoogleServiceAccount is a string containing google service account credentials.
GoogleServiceAccount string `protobuf:"bytes,12,opt,name=GoogleServiceAccount,proto3" json:"google_service_account,omitempty"`
// GoogleAdminEmail is the email of a google admin to impersonate.
GoogleAdminEmail string `protobuf:"bytes,13,opt,name=GoogleAdminEmail,proto3" json:"google_admin_email,omitempty"`
// RedirectURLs is a list of callback URLs which the identity provider can use
// to redirect the client back to the Teleport Proxy to complete authentication.
// This list should match the URLs on the provider's side. The URL used for a
// given auth request will be chosen to match the requesting Proxy's public
// address. If there is no match, the first url in the list will be used.
RedirectURLs github_com_gravitational_teleport_api_types_wrappers.Strings `protobuf:"bytes,14,opt,name=RedirectURLs,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Strings" json:"redirect_url"`
// AllowUnverifiedEmail tells the connector to accept OIDC users with unverified emails.
AllowUnverifiedEmail bool `protobuf:"varint,15,opt,name=AllowUnverifiedEmail,proto3" json:"allow_unverified_email,omitempty"`
// UsernameClaim specifies the name of the claim from the OIDC connector to be used as the user's username.
UsernameClaim string `protobuf:"bytes,16,opt,name=UsernameClaim,proto3" json:"username_claim,omitempty"`
// MaxAge is the amount of time that user logins are
// valid for. If a user logs in, but then does not login again
// within this time period, they will be forced to re-authenticate.
*MaxAge `protobuf:"bytes,17,opt,name=MaxAge,proto3,embedded=MaxAge" json:""`
// ClientRedirectSettings defines which client redirect URLs are allowed for
// non-browser SSO logins other than the standard localhost ones.
ClientRedirectSettings *SSOClientRedirectSettings `protobuf:"bytes,18,opt,name=ClientRedirectSettings,proto3" json:"client_redirect_settings,omitempty"`
// MFASettings contains settings to enable SSO MFA checks through this auth connector.
MFASettings *OIDCConnectorMFASettings `protobuf:"bytes,19,opt,name=MFASettings,proto3" json:"mfa,omitempty"`
// PKCEMode represents the configuration state for PKCE (Proof Key for Code Exchange). It can be "enabled" or "disabled"
PKCEMode string `protobuf:"bytes,20,opt,name=PKCEMode,proto3" json:"pkce_mode,omitempty"`
// UserMatchers is a set of glob patterns to narrow down which username(s) this auth connector should
// match for identifier-first login.
UserMatchers []string `protobuf:"bytes,21,rep,name=UserMatchers,proto3" json:"user_matchers,omitempty"`
// RequestObjectMode determines how JWT-Secured Authorization Requests will be used for authorization
// requests. JARs, or request objects, can provide integrity protection, source authentication, and confidentiality
// for authorization request parameters.
RequestObjectMode string `protobuf:"bytes,22,opt,name=RequestObjectMode,proto3" json:"request_object_mode,omitempty"`
// EntraIDGroupsProvider configures out-of-band user groups provider.
// It works by following through the groups claim source, which is sent for the "groups"
// claim when the user's group membership exceeds 200 max item limit.
EntraIdGroupsProvider *EntraIDGroupsProvider `protobuf:"bytes,23,opt,name=entra_id_groups_provider,json=entraIdGroupsProvider,proto3" json:"entra_id_groups_provider,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OIDCConnectorSpecV3) Reset() { *m = OIDCConnectorSpecV3{} }
func (m *OIDCConnectorSpecV3) String() string { return proto.CompactTextString(m) }
func (*OIDCConnectorSpecV3) ProtoMessage() {}
func (*OIDCConnectorSpecV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{227}
}
func (m *OIDCConnectorSpecV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *OIDCConnectorSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_OIDCConnectorSpecV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *OIDCConnectorSpecV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_OIDCConnectorSpecV3.Merge(m, src)
}
func (m *OIDCConnectorSpecV3) XXX_Size() int {
return m.Size()
}
func (m *OIDCConnectorSpecV3) XXX_DiscardUnknown() {
xxx_messageInfo_OIDCConnectorSpecV3.DiscardUnknown(m)
}
var xxx_messageInfo_OIDCConnectorSpecV3 proto.InternalMessageInfo
// EntraIDGroupsProvider configures out-of-band user groups provider.
// It works by following through the groups claim source, which is sent for
// "groups" claim when the user's group membership exceeds 200 max item limit.
type EntraIDGroupsProvider struct {
// Disabled specifies that the groups provider should be disabled
// even when Entra ID responds with a groups claim source.
// User may choose to disable it if they are using
// integrations such as SCIM or similar groups importer as
// connector based role mapping may be not needed in such a scenario.
Disabled bool `protobuf:"varint,1,opt,name=disabled,proto3" json:"disabled,omitempty"`
// GroupType is a user group type filter. Defaults to "security-groups".
// Value can be "security-groups", "directory-roles", "all-groups".
GroupType string `protobuf:"bytes,2,opt,name=group_type,json=groupType,proto3" json:"group_type,omitempty"`
// GraphEndpoint is a Microsoft Graph API endpoint.
// The groups claim source endpoint provided by Entra ID points to the
// now-retired Azure AD Graph endpoint ("https://graph.windows.net").
// To convert it to the newer Microsoft Graph API endpoint,
// Teleport defaults to the Microsoft Graph global service endpoint ("https://graph.microsoft.com").
// Update GraphEndpoint to point to a different Microsoft Graph national
// cloud deployment endpoint.
GraphEndpoint string `protobuf:"bytes,3,opt,name=graph_endpoint,json=graphEndpoint,proto3" json:"graph_endpoint,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *EntraIDGroupsProvider) Reset() { *m = EntraIDGroupsProvider{} }
func (m *EntraIDGroupsProvider) String() string { return proto.CompactTextString(m) }
func (*EntraIDGroupsProvider) ProtoMessage() {}
func (*EntraIDGroupsProvider) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{228}
}
func (m *EntraIDGroupsProvider) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *EntraIDGroupsProvider) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_EntraIDGroupsProvider.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *EntraIDGroupsProvider) XXX_Merge(src proto.Message) {
xxx_messageInfo_EntraIDGroupsProvider.Merge(m, src)
}
func (m *EntraIDGroupsProvider) XXX_Size() int {
return m.Size()
}
func (m *EntraIDGroupsProvider) XXX_DiscardUnknown() {
xxx_messageInfo_EntraIDGroupsProvider.DiscardUnknown(m)
}
var xxx_messageInfo_EntraIDGroupsProvider proto.InternalMessageInfo
// MaxAge allows the max_age parameter to be nullable to preserve backwards
// compatibility. The duration is stored as nanoseconds.
type MaxAge struct {
Value Duration `protobuf:"varint,1,opt,name=Value,proto3,casttype=Duration" json:"max_age"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MaxAge) Reset() { *m = MaxAge{} }
func (m *MaxAge) String() string { return proto.CompactTextString(m) }
func (*MaxAge) ProtoMessage() {}
func (*MaxAge) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{229}
}
func (m *MaxAge) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *MaxAge) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_MaxAge.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *MaxAge) XXX_Merge(src proto.Message) {
xxx_messageInfo_MaxAge.Merge(m, src)
}
func (m *MaxAge) XXX_Size() int {
return m.Size()
}
func (m *MaxAge) XXX_DiscardUnknown() {
xxx_messageInfo_MaxAge.DiscardUnknown(m)
}
var xxx_messageInfo_MaxAge proto.InternalMessageInfo
// SSOClientRedirectSettings contains settings to define which additional client
// redirect URLs should be allowed for non-browser SSO logins.
type SSOClientRedirectSettings struct {
// a list of hostnames allowed for https client redirect URLs
AllowedHttpsHostnames []string `protobuf:"bytes,1,rep,name=allowed_https_hostnames,json=allowedHttpsHostnames,proto3" json:"allowed_https_hostnames,omitempty"`
// a list of CIDRs allowed for HTTP or HTTPS client redirect URLs
InsecureAllowedCidrRanges []string `protobuf:"bytes,2,rep,name=insecure_allowed_cidr_ranges,json=insecureAllowedCidrRanges,proto3" json:"insecure_allowed_cidr_ranges,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SSOClientRedirectSettings) Reset() { *m = SSOClientRedirectSettings{} }
func (m *SSOClientRedirectSettings) String() string { return proto.CompactTextString(m) }
func (*SSOClientRedirectSettings) ProtoMessage() {}
func (*SSOClientRedirectSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{230}
}
func (m *SSOClientRedirectSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SSOClientRedirectSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SSOClientRedirectSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SSOClientRedirectSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_SSOClientRedirectSettings.Merge(m, src)
}
func (m *SSOClientRedirectSettings) XXX_Size() int {
return m.Size()
}
func (m *SSOClientRedirectSettings) XXX_DiscardUnknown() {
xxx_messageInfo_SSOClientRedirectSettings.DiscardUnknown(m)
}
var xxx_messageInfo_SSOClientRedirectSettings proto.InternalMessageInfo
// OIDCConnectorMFASettings contains OIDC MFA settings.
type OIDCConnectorMFASettings struct {
// Enabled specified whether this OIDC connector supports MFA checks. Defaults to false.
Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
// ClientID is the OIDC OAuth app client ID.
ClientId string `protobuf:"bytes,2,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
// ClientSecret is the OIDC OAuth app client secret.
ClientSecret string `protobuf:"bytes,3,opt,name=client_secret,json=clientSecret,proto3" json:"client_secret,omitempty"`
// AcrValues are Authentication Context Class Reference values. The meaning of the ACR
// value is context-specific and varies for identity providers. Some identity providers
// support MFA specific contexts, such Okta with its "phr" (phishing-resistant) ACR.
AcrValues string `protobuf:"bytes,4,opt,name=acr_values,json=acrValues,proto3" json:"acr_values,omitempty"`
// Prompt is an optional OIDC prompt. An empty string omits prompt.
// If not specified, it defaults to select_account for backwards compatibility.
Prompt string `protobuf:"bytes,5,opt,name=prompt,proto3" json:"prompt,omitempty"`
// MaxAge is the amount of time in nanoseconds that an IdP session is valid for. Defaults to
// 0 to always force re-authentication for MFA checks. This should only be set to a non-zero
// value if the IdP is setup to perform MFA checks on top of active user sessions.
MaxAge Duration `protobuf:"varint,6,opt,name=max_age,json=maxAge,proto3,casttype=Duration" json:"max_age,omitempty"`
// RequestObjectMode determines how JWT-Secured Authorization Requests will be used for authorization
// requests. JARs, or request objects, can provide integrity protection, source authentication, and confidentiality
// for authorization request parameters. If omitted, MFA flows will default to the `RequestObjectMode` behavior
// specified in the base OIDC connector. Set this property to 'none' to explicitly disable request objects for
// the MFA client.
RequestObjectMode string `protobuf:"bytes,7,opt,name=RequestObjectMode,proto3" json:"request_object_mode,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OIDCConnectorMFASettings) Reset() { *m = OIDCConnectorMFASettings{} }
func (m *OIDCConnectorMFASettings) String() string { return proto.CompactTextString(m) }
func (*OIDCConnectorMFASettings) ProtoMessage() {}
func (*OIDCConnectorMFASettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{231}
}
func (m *OIDCConnectorMFASettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *OIDCConnectorMFASettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_OIDCConnectorMFASettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *OIDCConnectorMFASettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_OIDCConnectorMFASettings.Merge(m, src)
}
func (m *OIDCConnectorMFASettings) XXX_Size() int {
return m.Size()
}
func (m *OIDCConnectorMFASettings) XXX_DiscardUnknown() {
xxx_messageInfo_OIDCConnectorMFASettings.DiscardUnknown(m)
}
var xxx_messageInfo_OIDCConnectorMFASettings proto.InternalMessageInfo
// OIDCAuthRequest is a request to authenticate with OIDC
// provider, the state about request is managed by Auth Service
type OIDCAuthRequest struct {
// ConnectorID is ID of OIDC connector this request uses
ConnectorID string `protobuf:"bytes,1,opt,name=ConnectorID,proto3" json:"connector_id"`
// Type is opaque string that helps callbacks identify the request type
Type string `protobuf:"bytes,2,opt,name=Type,proto3" json:"type"`
// CheckUser tells validator if it should expect and check user
CheckUser bool `protobuf:"varint,3,opt,name=CheckUser,proto3" json:"check_user"`
// StateToken is generated by service and is used to validate
// request coming from
StateToken string `protobuf:"bytes,4,opt,name=StateToken,proto3" json:"state_token"`
// CSRFToken is associated with user web session token
CSRFToken string `protobuf:"bytes,5,opt,name=CSRFToken,proto3" json:"csrf_token"`
// RedirectURL will be used to route the user back to a
// Teleport Proxy after the oidc login attempt in the browser.
RedirectURL string `protobuf:"bytes,6,opt,name=RedirectURL,proto3" json:"redirect_url"`
// CertTTL is the TTL of the certificate user wants to get
CertTTL time.Duration `protobuf:"varint,8,opt,name=CertTTL,proto3,casttype=time.Duration" json:"cert_ttl"`
// CreateWebSession indicates if user wants to generate a web
// session after successful authentication
CreateWebSession bool `protobuf:"varint,9,opt,name=CreateWebSession,proto3" json:"create_web_session"`
// ClientRedirectURL is a URL client wants to be redirected
// after successful authentication
ClientRedirectURL string `protobuf:"bytes,10,opt,name=ClientRedirectURL,proto3" json:"client_redirect_url"`
// Compatibility specifies OpenSSH compatibility flags.
Compatibility string `protobuf:"bytes,11,opt,name=Compatibility,proto3" json:"compatibility,omitempty"`
// RouteToCluster is the name of Teleport cluster to issue credentials for.
RouteToCluster string `protobuf:"bytes,12,opt,name=RouteToCluster,proto3" json:"route_to_cluster,omitempty"`
// KubernetesCluster is the name of Kubernetes cluster to issue credentials for.
KubernetesCluster string `protobuf:"bytes,13,opt,name=KubernetesCluster,proto3" json:"kubernetes_cluster,omitempty"`
// SSOTestFlow indicates if the request is part of the test flow.
SSOTestFlow bool `protobuf:"varint,14,opt,name=SSOTestFlow,proto3" json:"sso_test_flow"`
// ConnectorSpec is embedded connector spec for use in test flow.
ConnectorSpec *OIDCConnectorSpecV3 `protobuf:"bytes,15,opt,name=ConnectorSpec,proto3" json:"connector_spec,omitempty"`
// ProxyAddress is an optional address which can be used to
// find a redirect url from the OIDC connector which matches
// the address. If there is no match, the default redirect
// url will be used.
ProxyAddress string `protobuf:"bytes,16,opt,name=ProxyAddress,proto3" json:"proxy_address,omitempty"`
// ClientLoginIP specifies IP address of the client for login, it will be written to the user's certificates.
ClientLoginIP string `protobuf:"bytes,18,opt,name=ClientLoginIP,proto3" json:"client_login_ip,omitempty"`
// ClientUserAgent is the user agent of the Web browser, used for issuing a
// DeviceWebToken.
ClientUserAgent string `protobuf:"bytes,19,opt,name=ClientUserAgent,proto3" json:"client_user_agent,omitempty"`
// SshPublicKey is an optional public key to use as the subject of an issued
// SSH cert in case of successful auth.
SshPublicKey []byte `protobuf:"bytes,20,opt,name=ssh_public_key,json=sshPublicKey,proto3" json:"ssh_pub_key,omitempty"`
// TlsPublicKey is an optional public key to use as the subject of an issued
// TLS cert in case of successful auth.
TlsPublicKey []byte `protobuf:"bytes,21,opt,name=tls_public_key,json=tlsPublicKey,proto3" json:"tls_pub_key,omitempty"`
// SshAttestationStatement is an attestation statement for the given SSH public key.
SshAttestationStatement *v11.AttestationStatement `protobuf:"bytes,22,opt,name=ssh_attestation_statement,json=sshAttestationStatement,proto3" json:"ssh_attestation_statement,omitempty"`
// TlsAttestationStatement is an attestation statement for the given TLS public key.
TlsAttestationStatement *v11.AttestationStatement `protobuf:"bytes,23,opt,name=tls_attestation_statement,json=tlsAttestationStatement,proto3" json:"tls_attestation_statement,omitempty"`
// pkce_verifier is used to verified a generated code challenge.
PkceVerifier string `protobuf:"bytes,24,opt,name=pkce_verifier,json=pkceVerifier,proto3" json:"pkce_verifier"`
// LoginHint is an optional username/email provided by the client that will be passed
// to the IdP via the 'login_hint' query parameter.
LoginHint string `protobuf:"bytes,25,opt,name=login_hint,json=loginHint,proto3" json:"login_hint,omitempty"`
// Scope, if non-empty, makes the authentication scoped. Scoping does not change core authentication
// behavior, but results in a more limited (scoped) set of credentials being issued upon successful
// authentication and some differences in locking behavior.
Scope string `protobuf:"bytes,26,opt,name=scope,proto3" json:"scope,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OIDCAuthRequest) Reset() { *m = OIDCAuthRequest{} }
func (m *OIDCAuthRequest) String() string { return proto.CompactTextString(m) }
func (*OIDCAuthRequest) ProtoMessage() {}
func (*OIDCAuthRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{232}
}
func (m *OIDCAuthRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *OIDCAuthRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_OIDCAuthRequest.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *OIDCAuthRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_OIDCAuthRequest.Merge(m, src)
}
func (m *OIDCAuthRequest) XXX_Size() int {
return m.Size()
}
func (m *OIDCAuthRequest) XXX_DiscardUnknown() {
xxx_messageInfo_OIDCAuthRequest.DiscardUnknown(m)
}
var xxx_messageInfo_OIDCAuthRequest proto.InternalMessageInfo
// SAMLConnectorV2 represents a SAML connector.
type SAMLConnectorV2 struct {
// Kind is a resource kind.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version. It must be specified.
// Supported values are: `v2`.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata holds resource metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is an SAML connector specification.
Spec SAMLConnectorSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SAMLConnectorV2) Reset() { *m = SAMLConnectorV2{} }
func (m *SAMLConnectorV2) String() string { return proto.CompactTextString(m) }
func (*SAMLConnectorV2) ProtoMessage() {}
func (*SAMLConnectorV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{233}
}
func (m *SAMLConnectorV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SAMLConnectorV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SAMLConnectorV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SAMLConnectorV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_SAMLConnectorV2.Merge(m, src)
}
func (m *SAMLConnectorV2) XXX_Size() int {
return m.Size()
}
func (m *SAMLConnectorV2) XXX_DiscardUnknown() {
xxx_messageInfo_SAMLConnectorV2.DiscardUnknown(m)
}
var xxx_messageInfo_SAMLConnectorV2 proto.InternalMessageInfo
// SAMLConnectorV2List is a list of SAML connectors.
type SAMLConnectorV2List struct {
// SAMLConnectors is a list of SAML connectors.
SAMLConnectors []*SAMLConnectorV2 `protobuf:"bytes,1,rep,name=SAMLConnectors,proto3" json:"SAMLConnectors,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SAMLConnectorV2List) Reset() { *m = SAMLConnectorV2List{} }
func (m *SAMLConnectorV2List) String() string { return proto.CompactTextString(m) }
func (*SAMLConnectorV2List) ProtoMessage() {}
func (*SAMLConnectorV2List) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{234}
}
func (m *SAMLConnectorV2List) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SAMLConnectorV2List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SAMLConnectorV2List.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SAMLConnectorV2List) XXX_Merge(src proto.Message) {
xxx_messageInfo_SAMLConnectorV2List.Merge(m, src)
}
func (m *SAMLConnectorV2List) XXX_Size() int {
return m.Size()
}
func (m *SAMLConnectorV2List) XXX_DiscardUnknown() {
xxx_messageInfo_SAMLConnectorV2List.DiscardUnknown(m)
}
var xxx_messageInfo_SAMLConnectorV2List proto.InternalMessageInfo
// SAMLConnectorSpecV2 is a SAML connector specification.
type SAMLConnectorSpecV2 struct {
// Issuer is the identity provider issuer.
Issuer string `protobuf:"bytes,1,opt,name=Issuer,proto3" json:"issuer"`
// SSO is the URL of the identity provider's SSO service.
SSO string `protobuf:"bytes,2,opt,name=SSO,proto3" json:"sso"`
// Cert is the identity provider certificate PEM.
// IDP signs `<Response>` responses using this certificate.
Cert string `protobuf:"bytes,3,opt,name=Cert,proto3" json:"cert"`
// Display controls how this connector is displayed.
Display string `protobuf:"bytes,4,opt,name=Display,proto3" json:"display"`
// AssertionConsumerService is a URL for assertion consumer service
// on the service provider (Teleport's side).
AssertionConsumerService string `protobuf:"bytes,5,opt,name=AssertionConsumerService,proto3" json:"acs"`
// Audience uniquely identifies our service provider.
Audience string `protobuf:"bytes,6,opt,name=Audience,proto3" json:"audience"`
// ServiceProviderIssuer is the issuer of the service provider (Teleport).
ServiceProviderIssuer string `protobuf:"bytes,7,opt,name=ServiceProviderIssuer,proto3" json:"service_provider_issuer"`
// EntityDescriptor is XML with descriptor. It can be used to supply configuration
// parameters in one XML file rather than supplying them in the individual elements.
EntityDescriptor string `protobuf:"bytes,8,opt,name=EntityDescriptor,proto3" json:"entity_descriptor"`
// EntityDescriptorURL is a URL that supplies a configuration XML.
EntityDescriptorURL string `protobuf:"bytes,9,opt,name=EntityDescriptorURL,proto3" json:"entity_descriptor_url"`
// AttributesToRoles is a list of mappings of attribute statements to roles.
AttributesToRoles []AttributeMapping `protobuf:"bytes,10,rep,name=AttributesToRoles,proto3" json:"attributes_to_roles"`
// SigningKeyPair is an x509 key pair used to sign AuthnRequest.
SigningKeyPair *AsymmetricKeyPair `protobuf:"bytes,11,opt,name=SigningKeyPair,proto3" json:"signing_key_pair,omitempty"`
// Provider is the external identity provider.
Provider string `protobuf:"bytes,12,opt,name=Provider,proto3" json:"provider,omitempty"`
// EncryptionKeyPair is a key pair used for decrypting SAML assertions.
EncryptionKeyPair *AsymmetricKeyPair `protobuf:"bytes,13,opt,name=EncryptionKeyPair,proto3" json:"assertion_key_pair,omitempty"`
// AllowIDPInitiated is a flag that indicates if the connector can be used for IdP-initiated
// logins.
AllowIDPInitiated bool `protobuf:"varint,14,opt,name=AllowIDPInitiated,proto3" json:"allow_idp_initiated,omitempty"`
// ClientRedirectSettings defines which client redirect URLs are allowed for
// non-browser SSO logins other than the standard localhost ones.
ClientRedirectSettings *SSOClientRedirectSettings `protobuf:"bytes,15,opt,name=ClientRedirectSettings,proto3" json:"client_redirect_settings,omitempty"`
// SingleLogoutURL is the SAML Single log-out URL to initiate SAML SLO (single log-out). If this is not provided, SLO is disabled.
SingleLogoutURL string `protobuf:"bytes,16,opt,name=SingleLogoutURL,proto3" json:"single_logout_url,omitempty"`
// MFASettings contains settings to enable SSO MFA checks through this auth connector.
MFASettings *SAMLConnectorMFASettings `protobuf:"bytes,17,opt,name=MFASettings,proto3" json:"mfa,omitempty"`
// ForceAuthn specified whether re-authentication should be forced on login. UNSPECIFIED
// is treated as NO.
ForceAuthn SAMLForceAuthn `protobuf:"varint,18,opt,name=ForceAuthn,proto3,enum=types.SAMLForceAuthn" json:"force_authn,omitempty"`
// PreferredRequestBinding is a preferred SAML request binding method.
// Value must be either "http-post" or "http-redirect".
// In general, the SAML identity provider lists request binding methods it supports.
// And the SAML service provider uses one of the IdP supported request binding method that it prefers.
// But we never honored request binding value provided by the IdP and always used http-redirect
// binding as a default. Setting up PreferredRequestBinding value lets us preserve existing
// auth connector behavior and only use http-post binding if it is explicitly configured.
PreferredRequestBinding string `protobuf:"bytes,19,opt,name=PreferredRequestBinding,proto3" json:"preferred_request_binding,omitempty"`
// UserMatchers is a set of glob patterns to narrow down which username(s) this auth connector should
// match for identifier-first login.
UserMatchers []string `protobuf:"bytes,20,rep,name=UserMatchers,proto3" json:"user_matchers,omitempty"`
// IncludeSubject is a flag that indicates whether the Subject element is included in the SAML
// authentication request. Defaults to false.
// Note: Some IdPs will reject requests that contain a Subject.
IncludeSubject bool `protobuf:"varint,21,opt,name=IncludeSubject,proto3" json:"include_subject,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SAMLConnectorSpecV2) Reset() { *m = SAMLConnectorSpecV2{} }
func (m *SAMLConnectorSpecV2) String() string { return proto.CompactTextString(m) }
func (*SAMLConnectorSpecV2) ProtoMessage() {}
func (*SAMLConnectorSpecV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{235}
}
func (m *SAMLConnectorSpecV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SAMLConnectorSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SAMLConnectorSpecV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SAMLConnectorSpecV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_SAMLConnectorSpecV2.Merge(m, src)
}
func (m *SAMLConnectorSpecV2) XXX_Size() int {
return m.Size()
}
func (m *SAMLConnectorSpecV2) XXX_DiscardUnknown() {
xxx_messageInfo_SAMLConnectorSpecV2.DiscardUnknown(m)
}
var xxx_messageInfo_SAMLConnectorSpecV2 proto.InternalMessageInfo
// SAMLConnectorMFASettings contains SAML MFA settings.
type SAMLConnectorMFASettings struct {
// Enabled specified whether this SAML connector supports MFA checks. Defaults to false.
Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
// EntityDescriptor is XML with descriptor. It can be used to supply configuration
// parameters in one XML file rather than supplying them in the individual elements.
// Usually set from EntityDescriptorUrl.
EntityDescriptor string `protobuf:"bytes,2,opt,name=entity_descriptor,json=entityDescriptor,proto3" json:"entity_descriptor,omitempty"`
// EntityDescriptorUrl is a URL that supplies a configuration XML.
EntityDescriptorUrl string `protobuf:"bytes,3,opt,name=entity_descriptor_url,json=entityDescriptorUrl,proto3" json:"entity_descriptor_url,omitempty"`
// ForceAuthn specified whether re-authentication should be forced for MFA checks. UNSPECIFIED is
// treated as YES to always re-authentication for MFA checks. This should only be set to NO if the
// IdP is setup to perform MFA checks on top of active user sessions.
ForceAuthn SAMLForceAuthn `protobuf:"varint,4,opt,name=force_authn,json=forceAuthn,proto3,enum=types.SAMLForceAuthn" json:"force_authn,omitempty"`
// Issuer is the identity provider issuer. Usually set from EntityDescriptor.
Issuer string `protobuf:"bytes,5,opt,name=issuer,proto3" json:"issuer,omitempty"`
// SSO is the URL of the identity provider's SSO service. Usually set from EntityDescriptor.
Sso string `protobuf:"bytes,6,opt,name=sso,proto3" json:"sso,omitempty"`
// Cert is the identity provider certificate PEM.
// IDP signs `<Response>` responses using this certificate.
Cert string `protobuf:"bytes,7,opt,name=cert,proto3" json:"cert,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SAMLConnectorMFASettings) Reset() { *m = SAMLConnectorMFASettings{} }
func (m *SAMLConnectorMFASettings) String() string { return proto.CompactTextString(m) }
func (*SAMLConnectorMFASettings) ProtoMessage() {}
func (*SAMLConnectorMFASettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{236}
}
func (m *SAMLConnectorMFASettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SAMLConnectorMFASettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SAMLConnectorMFASettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SAMLConnectorMFASettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_SAMLConnectorMFASettings.Merge(m, src)
}
func (m *SAMLConnectorMFASettings) XXX_Size() int {
return m.Size()
}
func (m *SAMLConnectorMFASettings) XXX_DiscardUnknown() {
xxx_messageInfo_SAMLConnectorMFASettings.DiscardUnknown(m)
}
var xxx_messageInfo_SAMLConnectorMFASettings proto.InternalMessageInfo
// SAMLAuthRequest is a request to authenticate with SAML
// provider, the state about request is managed by the Auth Service
type SAMLAuthRequest struct {
// ID is a unique request ID.
ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"id"`
// ConnectorID is ID of OIDC connector this request uses.
ConnectorID string `protobuf:"bytes,2,opt,name=ConnectorID,proto3" json:"connector_id"`
// Type is opaque string that helps callbacks identify the request type.
Type string `protobuf:"bytes,3,opt,name=Type,proto3" json:"type"`
// CheckUser tells validator if it should expect and check user.
CheckUser bool `protobuf:"varint,4,opt,name=CheckUser,proto3" json:"check_user"`
// RedirectURL will be used by browser.
// Value only set if the PreferredRequestBinding "http-redirect".
RedirectURL string `protobuf:"bytes,5,opt,name=RedirectURL,proto3" json:"redirect_url"`
// CertTTL is the TTL of the certificate user wants to get.
CertTTL time.Duration `protobuf:"varint,7,opt,name=CertTTL,proto3,casttype=time.Duration" json:"cert_ttl"`
// CSRFToken is associated with user web session token.
CSRFToken string `protobuf:"bytes,8,opt,name=CSRFToken,proto3" json:"csrf_token"`
// CreateWebSession indicates if user wants to generate a web
// session after successful authentication.
CreateWebSession bool `protobuf:"varint,9,opt,name=CreateWebSession,proto3" json:"create_web_session"`
// ClientRedirectURL is a URL client wants to be redirected
// after successful authentication.
ClientRedirectURL string `protobuf:"bytes,10,opt,name=ClientRedirectURL,proto3" json:"client_redirect_url"`
// Compatibility specifies OpenSSH compatibility flags.
Compatibility string `protobuf:"bytes,11,opt,name=Compatibility,proto3" json:"compatibility,omitempty"`
// RouteToCluster is the name of Teleport cluster to issue credentials for.
RouteToCluster string `protobuf:"bytes,12,opt,name=RouteToCluster,proto3" json:"route_to_cluster,omitempty"`
// KubernetesCluster is the name of Kubernetes cluster to issue credentials for.
KubernetesCluster string `protobuf:"bytes,13,opt,name=KubernetesCluster,proto3" json:"kubernetes_cluster,omitempty"`
// SSOTestFlow indicates if the request is part of the test flow.
SSOTestFlow bool `protobuf:"varint,14,opt,name=SSOTestFlow,proto3" json:"sso_test_flow"`
// ConnectorSpec is embedded connector spec for use in test flow.
ConnectorSpec *SAMLConnectorSpecV2 `protobuf:"bytes,15,opt,name=ConnectorSpec,proto3" json:"connector_spec,omitempty"`
// ClientLoginIP specifies IP address of the client for login, it will be written to the user's certificates.
ClientLoginIP string `protobuf:"bytes,17,opt,name=ClientLoginIP,proto3" json:"client_login_ip,omitempty"`
// ClientUserAgent is the user agent of the Web browser, used for issuing a
// DeviceWebToken.
ClientUserAgent string `protobuf:"bytes,18,opt,name=ClientUserAgent,proto3" json:"client_user_agent,omitempty"`
// SshPublicKey is an optional public key to use as the subject of an issued
// SSH cert in case of successful auth.
SshPublicKey []byte `protobuf:"bytes,19,opt,name=ssh_public_key,json=sshPublicKey,proto3" json:"ssh_pub_key,omitempty"`
// TlsPublicKey is an optional public key to use as the subject of an issued
// TLS cert in case of successful auth.
TlsPublicKey []byte `protobuf:"bytes,20,opt,name=tls_public_key,json=tlsPublicKey,proto3" json:"tls_pub_key,omitempty"`
// SshAttestationStatement is an attestation statement for the given SSH public key.
SshAttestationStatement *v11.AttestationStatement `protobuf:"bytes,21,opt,name=ssh_attestation_statement,json=sshAttestationStatement,proto3" json:"ssh_attestation_statement,omitempty"`
// TlsAttestationStatement is an attestation statement for the given TLS public key.
TlsAttestationStatement *v11.AttestationStatement `protobuf:"bytes,22,opt,name=tls_attestation_statement,json=tlsAttestationStatement,proto3" json:"tls_attestation_statement,omitempty"`
// PostForm is the HTML form value that contains the SAML authentication request data.
// Value is only set if the PreferredRequestBinding in the SAMLConnectorSpecV2
// is "http-post". In any other case, RedirectURL field will be populated.
PostForm []byte `protobuf:"bytes,23,opt,name=PostForm,proto3" json:"post_form,omitempty"`
// ClientVersion is the version of tsh or Proxy that is sending the SAMLAuthRequest request.
ClientVersion string `protobuf:"bytes,24,opt,name=ClientVersion,proto3" json:"client_version,omitempty"`
// SubjectIdentifier is an optional username/email provided by the client that will be
// passed to prepopulate the IdP's login form
SubjectIdentifier string `protobuf:"bytes,25,opt,name=SubjectIdentifier,proto3" json:"subject_identifier,omitempty"`
// Scope, if non-empty, makes the authentication scoped. Scoping does not change core authentication
// behavior, but results in a more limited (scoped) set of credentials being issued upon successful
// authentication and some differences in locking behavior.
Scope string `protobuf:"bytes,26,opt,name=scope,proto3" json:"scope,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SAMLAuthRequest) Reset() { *m = SAMLAuthRequest{} }
func (m *SAMLAuthRequest) String() string { return proto.CompactTextString(m) }
func (*SAMLAuthRequest) ProtoMessage() {}
func (*SAMLAuthRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{237}
}
func (m *SAMLAuthRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SAMLAuthRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SAMLAuthRequest.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SAMLAuthRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_SAMLAuthRequest.Merge(m, src)
}
func (m *SAMLAuthRequest) XXX_Size() int {
return m.Size()
}
func (m *SAMLAuthRequest) XXX_DiscardUnknown() {
xxx_messageInfo_SAMLAuthRequest.DiscardUnknown(m)
}
var xxx_messageInfo_SAMLAuthRequest proto.InternalMessageInfo
// AttributeMapping maps a SAML attribute statement to teleport roles.
type AttributeMapping struct {
// Name is an attribute statement name.
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name"`
// Value is an attribute statement value to match.
Value string `protobuf:"bytes,2,opt,name=Value,proto3" json:"value"`
// Roles is a list of static teleport roles to map to.
Roles []string `protobuf:"bytes,3,rep,name=Roles,proto3" json:"roles,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AttributeMapping) Reset() { *m = AttributeMapping{} }
func (m *AttributeMapping) String() string { return proto.CompactTextString(m) }
func (*AttributeMapping) ProtoMessage() {}
func (*AttributeMapping) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{238}
}
func (m *AttributeMapping) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AttributeMapping) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AttributeMapping.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AttributeMapping) XXX_Merge(src proto.Message) {
xxx_messageInfo_AttributeMapping.Merge(m, src)
}
func (m *AttributeMapping) XXX_Size() int {
return m.Size()
}
func (m *AttributeMapping) XXX_DiscardUnknown() {
xxx_messageInfo_AttributeMapping.DiscardUnknown(m)
}
var xxx_messageInfo_AttributeMapping proto.InternalMessageInfo
// AsymmetricKeyPair is a combination of a public certificate and
// private key that can be used for encryption and signing.
type AsymmetricKeyPair struct {
// PrivateKey is a PEM encoded x509 private key.
PrivateKey string `protobuf:"bytes,1,opt,name=PrivateKey,proto3" json:"private_key"`
// Cert is a PEM-encoded x509 certificate.
Cert string `protobuf:"bytes,2,opt,name=Cert,proto3" json:"cert"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AsymmetricKeyPair) Reset() { *m = AsymmetricKeyPair{} }
func (m *AsymmetricKeyPair) String() string { return proto.CompactTextString(m) }
func (*AsymmetricKeyPair) ProtoMessage() {}
func (*AsymmetricKeyPair) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{239}
}
func (m *AsymmetricKeyPair) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AsymmetricKeyPair) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AsymmetricKeyPair.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AsymmetricKeyPair) XXX_Merge(src proto.Message) {
xxx_messageInfo_AsymmetricKeyPair.Merge(m, src)
}
func (m *AsymmetricKeyPair) XXX_Size() int {
return m.Size()
}
func (m *AsymmetricKeyPair) XXX_DiscardUnknown() {
xxx_messageInfo_AsymmetricKeyPair.DiscardUnknown(m)
}
var xxx_messageInfo_AsymmetricKeyPair proto.InternalMessageInfo
// GithubConnectorV3 represents a Github connector.
type GithubConnectorV3 struct {
// Kind is a resource kind.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version. It must be specified.
// Supported values are: `v3`.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata holds resource metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is an Github connector specification.
Spec GithubConnectorSpecV3 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *GithubConnectorV3) Reset() { *m = GithubConnectorV3{} }
func (m *GithubConnectorV3) String() string { return proto.CompactTextString(m) }
func (*GithubConnectorV3) ProtoMessage() {}
func (*GithubConnectorV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{240}
}
func (m *GithubConnectorV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *GithubConnectorV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_GithubConnectorV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *GithubConnectorV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_GithubConnectorV3.Merge(m, src)
}
func (m *GithubConnectorV3) XXX_Size() int {
return m.Size()
}
func (m *GithubConnectorV3) XXX_DiscardUnknown() {
xxx_messageInfo_GithubConnectorV3.DiscardUnknown(m)
}
var xxx_messageInfo_GithubConnectorV3 proto.InternalMessageInfo
// GithubConnectorV3List is a list of Github connectors.
type GithubConnectorV3List struct {
// GithubConnectors is a list of Github connectors.
GithubConnectors []*GithubConnectorV3 `protobuf:"bytes,1,rep,name=GithubConnectors,proto3" json:"GithubConnectors,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *GithubConnectorV3List) Reset() { *m = GithubConnectorV3List{} }
func (m *GithubConnectorV3List) String() string { return proto.CompactTextString(m) }
func (*GithubConnectorV3List) ProtoMessage() {}
func (*GithubConnectorV3List) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{241}
}
func (m *GithubConnectorV3List) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *GithubConnectorV3List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_GithubConnectorV3List.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *GithubConnectorV3List) XXX_Merge(src proto.Message) {
xxx_messageInfo_GithubConnectorV3List.Merge(m, src)
}
func (m *GithubConnectorV3List) XXX_Size() int {
return m.Size()
}
func (m *GithubConnectorV3List) XXX_DiscardUnknown() {
xxx_messageInfo_GithubConnectorV3List.DiscardUnknown(m)
}
var xxx_messageInfo_GithubConnectorV3List proto.InternalMessageInfo
// GithubConnectorSpecV3 is a Github connector specification.
type GithubConnectorSpecV3 struct {
// ClientID is the Github OAuth app client ID.
ClientID string `protobuf:"bytes,1,opt,name=ClientID,proto3" json:"client_id"`
// ClientSecret is the Github OAuth app client secret.
ClientSecret string `protobuf:"bytes,2,opt,name=ClientSecret,proto3" json:"client_secret"`
// RedirectURL is the authorization callback URL.
RedirectURL string `protobuf:"bytes,3,opt,name=RedirectURL,proto3" json:"redirect_url"`
// TeamsToLogins maps Github team memberships onto allowed logins/roles.
//
// DELETE IN 11.0.0
// Deprecated: use GithubTeamsToRoles instead.
TeamsToLogins []TeamMapping `protobuf:"bytes,4,rep,name=TeamsToLogins,proto3" json:"teams_to_logins"`
// Display is the connector display name.
Display string `protobuf:"bytes,5,opt,name=Display,proto3" json:"display"`
// TeamsToRoles maps Github team memberships onto allowed roles.
TeamsToRoles []TeamRolesMapping `protobuf:"bytes,6,rep,name=TeamsToRoles,proto3" json:"teams_to_roles"`
// EndpointURL is the URL of the GitHub instance this connector is for.
EndpointURL string `protobuf:"bytes,7,opt,name=EndpointURL,proto3" json:"endpoint_url"`
// APIEndpointURL is the URL of the API endpoint of the Github instance
// this connector is for.
APIEndpointURL string `protobuf:"bytes,8,opt,name=APIEndpointURL,proto3" json:"api_endpoint_url"`
// ClientRedirectSettings defines which client redirect URLs are allowed for
// non-browser SSO logins other than the standard localhost ones.
ClientRedirectSettings *SSOClientRedirectSettings `protobuf:"bytes,9,opt,name=ClientRedirectSettings,proto3" json:"client_redirect_settings,omitempty"`
// UserMatchers is a set of glob patterns to narrow down which username(s) this auth connector should
// match for identifier-first login.
UserMatchers []string `protobuf:"bytes,10,rep,name=UserMatchers,proto3" json:"user_matchers,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *GithubConnectorSpecV3) Reset() { *m = GithubConnectorSpecV3{} }
func (m *GithubConnectorSpecV3) String() string { return proto.CompactTextString(m) }
func (*GithubConnectorSpecV3) ProtoMessage() {}
func (*GithubConnectorSpecV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{242}
}
func (m *GithubConnectorSpecV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *GithubConnectorSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_GithubConnectorSpecV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *GithubConnectorSpecV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_GithubConnectorSpecV3.Merge(m, src)
}
func (m *GithubConnectorSpecV3) XXX_Size() int {
return m.Size()
}
func (m *GithubConnectorSpecV3) XXX_DiscardUnknown() {
xxx_messageInfo_GithubConnectorSpecV3.DiscardUnknown(m)
}
var xxx_messageInfo_GithubConnectorSpecV3 proto.InternalMessageInfo
// GithubAuthRequest is the request to start Github OAuth2 flow.
type GithubAuthRequest struct {
// ConnectorID is the name of the connector to use.
ConnectorID string `protobuf:"bytes,1,opt,name=ConnectorID,proto3" json:"connector_id"`
// Type is opaque string that helps callbacks identify the request type.
Type string `protobuf:"bytes,2,opt,name=Type,proto3" json:"type"`
// StateToken is used to validate the request.
StateToken string `protobuf:"bytes,3,opt,name=StateToken,proto3" json:"state_token"`
// CSRFToken is used to protect against CSRF attacks.
CSRFToken string `protobuf:"bytes,4,opt,name=CSRFToken,proto3" json:"csrf_token"`
// CertTTL is TTL of the cert that's generated in case of successful auth.
CertTTL time.Duration `protobuf:"varint,6,opt,name=CertTTL,proto3,casttype=time.Duration" json:"cert_ttl"`
// CreateWebSession indicates that a user wants to generate a web session
// after successful authentication.
CreateWebSession bool `protobuf:"varint,7,opt,name=CreateWebSession,proto3" json:"create_web_session"`
// RedirectURL will be used by browser.
RedirectURL string `protobuf:"bytes,8,opt,name=RedirectURL,proto3" json:"redirect_url"`
// ClientRedirectURL is the URL where client will be redirected after
// successful auth.
ClientRedirectURL string `protobuf:"bytes,9,opt,name=ClientRedirectURL,proto3" json:"client_redirect_url"`
// Compatibility specifies OpenSSH compatibility flags.
Compatibility string `protobuf:"bytes,10,opt,name=Compatibility,proto3" json:"compatibility,omitempty"`
// Expires is a global expiry time header can be set on any resource in the system.
Expires *time.Time `protobuf:"bytes,11,opt,name=Expires,proto3,stdtime" json:"expires,omitempty"`
// RouteToCluster is the name of Teleport cluster to issue credentials for.
RouteToCluster string `protobuf:"bytes,12,opt,name=RouteToCluster,proto3" json:"route_to_cluster,omitempty"`
// KubernetesCluster is the name of Kubernetes cluster to issue credentials for.
KubernetesCluster string `protobuf:"bytes,13,opt,name=KubernetesCluster,proto3" json:"kubernetes_cluster,omitempty"`
// SSOTestFlow indicates if the request is part of the test flow.
SSOTestFlow bool `protobuf:"varint,14,opt,name=SSOTestFlow,proto3" json:"sso_test_flow"`
// ConnectorSpec is embedded connector spec for use in test flow or authenticated user flow.
ConnectorSpec *GithubConnectorSpecV3 `protobuf:"bytes,15,opt,name=ConnectorSpec,proto3" json:"connector_spec,omitempty"`
// ClientLoginIP specifies IP address of the client for login, it will be written to the user's certificates.
ClientLoginIP string `protobuf:"bytes,17,opt,name=ClientLoginIP,proto3" json:"client_login_ip,omitempty"`
// ClientUserAgent is the user agent of the Web browser, used for issuing
// a DeviceWebToken.
ClientUserAgent string `protobuf:"bytes,18,opt,name=ClientUserAgent,proto3" json:"client_user_agent,omitempty"`
// SshPublicKey is an optional public key to use as the subject of an issued
// SSH cert in case of successful auth.
SshPublicKey []byte `protobuf:"bytes,19,opt,name=ssh_public_key,json=sshPublicKey,proto3" json:"ssh_pub_key,omitempty"`
// TlsPublicKey is an optional public key to use as the subject of an issued
// TLS cert in case of successful auth.
TlsPublicKey []byte `protobuf:"bytes,20,opt,name=tls_public_key,json=tlsPublicKey,proto3" json:"tls_pub_key,omitempty"`
// SshAttestationStatement is an attestation statement for the given SSH public key.
SshAttestationStatement *v11.AttestationStatement `protobuf:"bytes,21,opt,name=ssh_attestation_statement,json=sshAttestationStatement,proto3" json:"ssh_attestation_statement,omitempty"`
// TlsAttestationStatement is an attestation statement for the given TLS public key.
TlsAttestationStatement *v11.AttestationStatement `protobuf:"bytes,22,opt,name=tls_attestation_statement,json=tlsAttestationStatement,proto3" json:"tls_attestation_statement,omitempty"`
// AuthenticatedUser is the username of an authenticated Teleport user. This
// OAuth flow is used to retrieve GitHub identity info which will be added to
// the existing user.
AuthenticatedUser string `protobuf:"bytes,23,opt,name=authenticated_user,json=authenticatedUser,proto3" json:"authenticated_user,omitempty"`
// Scope, if non-empty, makes the authentication scoped. Scoping does not change core authentication
// behavior, but results in a more limited (scoped) set of credentials being issued upon successful
// authentication and some differences in locking behavior.
Scope string `protobuf:"bytes,24,opt,name=scope,proto3" json:"scope,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *GithubAuthRequest) Reset() { *m = GithubAuthRequest{} }
func (m *GithubAuthRequest) String() string { return proto.CompactTextString(m) }
func (*GithubAuthRequest) ProtoMessage() {}
func (*GithubAuthRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{243}
}
func (m *GithubAuthRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *GithubAuthRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_GithubAuthRequest.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *GithubAuthRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_GithubAuthRequest.Merge(m, src)
}
func (m *GithubAuthRequest) XXX_Size() int {
return m.Size()
}
func (m *GithubAuthRequest) XXX_DiscardUnknown() {
xxx_messageInfo_GithubAuthRequest.DiscardUnknown(m)
}
var xxx_messageInfo_GithubAuthRequest proto.InternalMessageInfo
// SSOWarnings conveys a user-facing main message along with auxiliary warnings.
type SSOWarnings struct {
// Message is main user-facing message to be shown.
Message string `protobuf:"bytes,1,opt,name=Message,proto3" json:"message,omitempty"`
// Warnings is a set of distinct warnings to be reported.
Warnings []string `protobuf:"bytes,2,rep,name=Warnings,proto3" json:"warnings,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SSOWarnings) Reset() { *m = SSOWarnings{} }
func (m *SSOWarnings) String() string { return proto.CompactTextString(m) }
func (*SSOWarnings) ProtoMessage() {}
func (*SSOWarnings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{244}
}
func (m *SSOWarnings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SSOWarnings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SSOWarnings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SSOWarnings) XXX_Merge(src proto.Message) {
xxx_messageInfo_SSOWarnings.Merge(m, src)
}
func (m *SSOWarnings) XXX_Size() int {
return m.Size()
}
func (m *SSOWarnings) XXX_DiscardUnknown() {
xxx_messageInfo_SSOWarnings.DiscardUnknown(m)
}
var xxx_messageInfo_SSOWarnings proto.InternalMessageInfo
// CreateUserParams represents the user creation parameters as called during SSO login flow.
type CreateUserParams struct {
// ConnectorName is the name of the connector used for SSO login flow.
ConnectorName string `protobuf:"bytes,1,opt,name=ConnectorName,proto3" json:"connector_name,omitempty"`
// Username is the name of the user to be created.
Username string `protobuf:"bytes,2,opt,name=Username,proto3" json:"username,omitempty"`
// Logins is a list of available unix logins.
Logins []string `protobuf:"bytes,3,rep,name=Logins,proto3" json:"logins,omitempty"`
// KubeGroups is a list of assigned kube groups.
KubeGroups []string `protobuf:"bytes,4,rep,name=KubeGroups,proto3" json:"kube_groups,omitempty"`
// KubeUsers is a list of available kube users.
KubeUsers []string `protobuf:"bytes,5,rep,name=KubeUsers,proto3" json:"kube_users,omitempty"`
// Roles is a list of assigned roles.
Roles []string `protobuf:"bytes,6,rep,name=Roles,proto3" json:"roles,omitempty"`
// Traits is the set of traits the user is assigned.
Traits github_com_gravitational_teleport_api_types_wrappers.Traits `protobuf:"bytes,7,opt,name=Traits,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Traits" json:"traits,omitempty"`
// SessionTTL determines the TTL.
SessionTTL Duration `protobuf:"varint,8,opt,name=SessionTTL,proto3,casttype=Duration" json:"session_ttl,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *CreateUserParams) Reset() { *m = CreateUserParams{} }
func (m *CreateUserParams) String() string { return proto.CompactTextString(m) }
func (*CreateUserParams) ProtoMessage() {}
func (*CreateUserParams) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{245}
}
func (m *CreateUserParams) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *CreateUserParams) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_CreateUserParams.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *CreateUserParams) XXX_Merge(src proto.Message) {
xxx_messageInfo_CreateUserParams.Merge(m, src)
}
func (m *CreateUserParams) XXX_Size() int {
return m.Size()
}
func (m *CreateUserParams) XXX_DiscardUnknown() {
xxx_messageInfo_CreateUserParams.DiscardUnknown(m)
}
var xxx_messageInfo_CreateUserParams proto.InternalMessageInfo
// SSODiagnosticInfo is a single SSO diagnostic info entry.
type SSODiagnosticInfo struct {
// TestFlow indicates the SSO flow was a test one.
TestFlow bool `protobuf:"varint,1,opt,name=TestFlow,proto3" json:"test_flow"`
// Error stores user-friendly error message.
Error string `protobuf:"bytes,2,opt,name=Error,proto3" json:"error"`
// Success if present, marks the flow as finished with success.
Success bool `protobuf:"varint,3,opt,name=Success,proto3" json:"success"`
// CreateUserParams represents the user creation parameters as called during SSO login flow.
CreateUserParams *CreateUserParams `protobuf:"bytes,4,opt,name=CreateUserParams,proto3" json:"create_user_params,omitempty"`
// SAMLAttributesToRoles represents mapping from attributes to roles, as used during SAML SSO
// login flow.
SAMLAttributesToRoles []AttributeMapping `protobuf:"bytes,10,rep,name=SAMLAttributesToRoles,proto3" json:"saml_attributes_to_roles,omitempty"`
// SAMLAttributesToRolesWarnings contains warnings produced during the process of mapping the
// SAML attributes to roles.
SAMLAttributesToRolesWarnings *SSOWarnings `protobuf:"bytes,11,opt,name=SAMLAttributesToRolesWarnings,proto3" json:"saml_attributes_to_roles_warnings,omitempty"`
// SAMLAttributeStatements represents SAML attribute statements.
SAMLAttributeStatements github_com_gravitational_teleport_api_types_wrappers.Traits `protobuf:"bytes,12,opt,name=SAMLAttributeStatements,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Traits" json:"saml_attribute_statements,omitempty"`
// SAMLAssertionInfo represents raw SAML assertion info as returned by IdP during SAML flow.
SAMLAssertionInfo *AssertionInfo `protobuf:"bytes,13,opt,name=SAMLAssertionInfo,proto3,customtype=AssertionInfo" json:"saml_assertion_info,omitempty"`
// SAMLTraitsFromAssertions represents traits translated from SAML assertions.
SAMLTraitsFromAssertions github_com_gravitational_teleport_api_types_wrappers.Traits `protobuf:"bytes,14,opt,name=SAMLTraitsFromAssertions,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Traits" json:"saml_traits_from_assertions,omitempty"`
// SAMLConnectorTraitMapping represents connector-specific trait mapping.
SAMLConnectorTraitMapping []TraitMapping `protobuf:"bytes,15,rep,name=SAMLConnectorTraitMapping,proto3" json:"saml_connector_trait_mapping,omitempty"`
// OIDCClaimsToRoles specifies a mapping from claims (traits) to teleport roles.
OIDCClaimsToRoles []ClaimMapping `protobuf:"bytes,20,rep,name=OIDCClaimsToRoles,proto3" json:"oidc_claims_to_roles,omitempty"`
// OIDCClaimsToRolesWarnings contains warnings produced during the process of mapping the
// OIDC claims to roles.
OIDCClaimsToRolesWarnings *SSOWarnings `protobuf:"bytes,21,opt,name=OIDCClaimsToRolesWarnings,proto3" json:"oidc_claims_to_roles_warnings,omitempty"`
// OIDCClaims represents OIDC claims.
OIDCClaims OIDCClaims `protobuf:"bytes,22,opt,name=OIDCClaims,proto3,customtype=OIDCClaims" json:"oidc_claims,omitempty"`
// OIDCIdentity represents mapped OIDC Identity.
OIDCIdentity *OIDCIdentity `protobuf:"bytes,23,opt,name=OIDCIdentity,proto3,customtype=OIDCIdentity" json:"oidc_identity,omitempty"`
// OIDCTraitsFromClaims represents traits translated from OIDC claims.
OIDCTraitsFromClaims github_com_gravitational_teleport_api_types_wrappers.Traits `protobuf:"bytes,24,opt,name=OIDCTraitsFromClaims,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Traits" json:"oidc_traits_from_claims,omitempty"`
// OIDCConnectorTraitMapping represents connector-specific trait mapping.
OIDCConnectorTraitMapping []TraitMapping `protobuf:"bytes,25,rep,name=OIDCConnectorTraitMapping,proto3" json:"oidc_connector_trait_mapping,omitempty"`
// GithubClaims represents Github user information obtained during OAuth2 flow.
GithubClaims *GithubClaims `protobuf:"bytes,30,opt,name=GithubClaims,proto3" json:"github_claims,omitempty"`
// GithubTeamsToLogins is TeamsToLogins mapping from Github connector used in the SSO flow.
GithubTeamsToLogins []TeamMapping `protobuf:"bytes,31,rep,name=GithubTeamsToLogins,proto3" json:"github_teams_to_logins,omitempty"`
// GithubTeamsToRoles is TeamRolesMapping mapping from Github connector used in the SSO flow.
GithubTeamsToRoles []TeamRolesMapping `protobuf:"bytes,32,rep,name=GithubTeamsToRoles,proto3" json:"github_teams_to_roles,omitempty"`
// GithubTokenInfo stores diagnostic info about Github OAuth2 token obtained during SSO flow.
GithubTokenInfo *GithubTokenInfo `protobuf:"bytes,33,opt,name=GithubTokenInfo,proto3" json:"github_token_info,omitempty"`
// AppliedLoginRules stores the name of each login rule that was applied.
AppliedLoginRules []string `protobuf:"bytes,34,rep,name=AppliedLoginRules,proto3" json:"applied_login_rules,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SSODiagnosticInfo) Reset() { *m = SSODiagnosticInfo{} }
func (m *SSODiagnosticInfo) String() string { return proto.CompactTextString(m) }
func (*SSODiagnosticInfo) ProtoMessage() {}
func (*SSODiagnosticInfo) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{246}
}
func (m *SSODiagnosticInfo) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SSODiagnosticInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SSODiagnosticInfo.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SSODiagnosticInfo) XXX_Merge(src proto.Message) {
xxx_messageInfo_SSODiagnosticInfo.Merge(m, src)
}
func (m *SSODiagnosticInfo) XXX_Size() int {
return m.Size()
}
func (m *SSODiagnosticInfo) XXX_DiscardUnknown() {
xxx_messageInfo_SSODiagnosticInfo.DiscardUnknown(m)
}
var xxx_messageInfo_SSODiagnosticInfo proto.InternalMessageInfo
// GithubTokenInfo stores diagnostic info about Github OAuth2 token obtained during SSO flow.
// The token itself is secret and therefore not included.
type GithubTokenInfo struct {
TokenType string `protobuf:"bytes,1,opt,name=TokenType,proto3" json:"token_type"`
Expires int64 `protobuf:"varint,2,opt,name=Expires,proto3" json:"expires"`
Scope string `protobuf:"bytes,3,opt,name=Scope,proto3" json:"scope"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *GithubTokenInfo) Reset() { *m = GithubTokenInfo{} }
func (m *GithubTokenInfo) String() string { return proto.CompactTextString(m) }
func (*GithubTokenInfo) ProtoMessage() {}
func (*GithubTokenInfo) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{247}
}
func (m *GithubTokenInfo) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *GithubTokenInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_GithubTokenInfo.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *GithubTokenInfo) XXX_Merge(src proto.Message) {
xxx_messageInfo_GithubTokenInfo.Merge(m, src)
}
func (m *GithubTokenInfo) XXX_Size() int {
return m.Size()
}
func (m *GithubTokenInfo) XXX_DiscardUnknown() {
xxx_messageInfo_GithubTokenInfo.DiscardUnknown(m)
}
var xxx_messageInfo_GithubTokenInfo proto.InternalMessageInfo
// GithubClaims represents Github user information obtained during OAuth2 flow
type GithubClaims struct {
// Username is the user's username
Username string `protobuf:"bytes,1,opt,name=Username,proto3" json:"username"`
// OrganizationToTeams is the user's organization and team membership
OrganizationToTeams github_com_gravitational_teleport_api_types_wrappers.Traits `protobuf:"bytes,2,opt,name=OrganizationToTeams,proto3,customtype=github.com/gravitational/teleport/api/types/wrappers.Traits" json:"organization_to_teams"`
// Teams is the users team membership
Teams []string `protobuf:"bytes,3,rep,name=Teams,proto3" json:"teams"`
// UserID is a global unique integer that is assigned to each GitHub user. The
// user ID is immutable (unlike the GitHub username) and can be found in APIs
// like get user.
// https://docs.github.com/en/rest/users/users
UserID string `protobuf:"bytes,4,opt,name=UserID,proto3" json:"user_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *GithubClaims) Reset() { *m = GithubClaims{} }
func (m *GithubClaims) String() string { return proto.CompactTextString(m) }
func (*GithubClaims) ProtoMessage() {}
func (*GithubClaims) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{248}
}
func (m *GithubClaims) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *GithubClaims) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_GithubClaims.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *GithubClaims) XXX_Merge(src proto.Message) {
xxx_messageInfo_GithubClaims.Merge(m, src)
}
func (m *GithubClaims) XXX_Size() int {
return m.Size()
}
func (m *GithubClaims) XXX_DiscardUnknown() {
xxx_messageInfo_GithubClaims.DiscardUnknown(m)
}
var xxx_messageInfo_GithubClaims proto.InternalMessageInfo
// TeamMapping represents a single team membership mapping.
//
// DELETE IN 11.0.0
type TeamMapping struct {
// Organization is a Github organization a user belongs to.
Organization string `protobuf:"bytes,1,opt,name=Organization,proto3" json:"organization"`
// Team is a team within the organization a user belongs to.
Team string `protobuf:"bytes,2,opt,name=Team,proto3" json:"team"`
// Logins is a list of allowed logins for this org/team.
Logins []string `protobuf:"bytes,3,rep,name=Logins,proto3" json:"logins,omitempty"`
// KubeGroups is a list of allowed kubernetes groups for this org/team.
KubeGroups []string `protobuf:"bytes,4,rep,name=KubeGroups,proto3" json:"kubernetes_groups,omitempty"`
// KubeUsers is a list of allowed kubernetes users to impersonate for this org/team.
KubeUsers []string `protobuf:"bytes,5,rep,name=KubeUsers,proto3" json:"kubernetes_users,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *TeamMapping) Reset() { *m = TeamMapping{} }
func (m *TeamMapping) String() string { return proto.CompactTextString(m) }
func (*TeamMapping) ProtoMessage() {}
func (*TeamMapping) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{249}
}
func (m *TeamMapping) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *TeamMapping) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_TeamMapping.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *TeamMapping) XXX_Merge(src proto.Message) {
xxx_messageInfo_TeamMapping.Merge(m, src)
}
func (m *TeamMapping) XXX_Size() int {
return m.Size()
}
func (m *TeamMapping) XXX_DiscardUnknown() {
xxx_messageInfo_TeamMapping.DiscardUnknown(m)
}
var xxx_messageInfo_TeamMapping proto.InternalMessageInfo
// TeamRolesMapping represents a single team membership mapping.
type TeamRolesMapping struct {
// Organization is a Github organization a user belongs to.
Organization string `protobuf:"bytes,1,opt,name=Organization,proto3" json:"organization"`
// Team is a team within the organization a user belongs to.
Team string `protobuf:"bytes,2,opt,name=Team,proto3" json:"team"`
// Roles is a list of allowed logins for this org/team.
Roles []string `protobuf:"bytes,3,rep,name=Roles,proto3" json:"roles,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *TeamRolesMapping) Reset() { *m = TeamRolesMapping{} }
func (m *TeamRolesMapping) String() string { return proto.CompactTextString(m) }
func (*TeamRolesMapping) ProtoMessage() {}
func (*TeamRolesMapping) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{250}
}
func (m *TeamRolesMapping) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *TeamRolesMapping) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_TeamRolesMapping.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *TeamRolesMapping) XXX_Merge(src proto.Message) {
xxx_messageInfo_TeamRolesMapping.Merge(m, src)
}
func (m *TeamRolesMapping) XXX_Size() int {
return m.Size()
}
func (m *TeamRolesMapping) XXX_DiscardUnknown() {
xxx_messageInfo_TeamRolesMapping.DiscardUnknown(m)
}
var xxx_messageInfo_TeamRolesMapping proto.InternalMessageInfo
// TrustedClusterV2 represents a Trusted Cluster.
type TrustedClusterV2 struct {
// Kind is a resource kind.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version. It must be specified.
// Supported values are: `v2`.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata holds resource metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is a Trusted Cluster specification.
Spec TrustedClusterSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *TrustedClusterV2) Reset() { *m = TrustedClusterV2{} }
func (*TrustedClusterV2) ProtoMessage() {}
func (*TrustedClusterV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{251}
}
func (m *TrustedClusterV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *TrustedClusterV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_TrustedClusterV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *TrustedClusterV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_TrustedClusterV2.Merge(m, src)
}
func (m *TrustedClusterV2) XXX_Size() int {
return m.Size()
}
func (m *TrustedClusterV2) XXX_DiscardUnknown() {
xxx_messageInfo_TrustedClusterV2.DiscardUnknown(m)
}
var xxx_messageInfo_TrustedClusterV2 proto.InternalMessageInfo
// TrustedClusterV2List is a list of trusted cluster.
type TrustedClusterV2List struct {
// TrustedClusters is a list of trusted cluster.
TrustedClusters []*TrustedClusterV2 `protobuf:"bytes,1,rep,name=TrustedClusters,proto3" json:"TrustedClusters,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *TrustedClusterV2List) Reset() { *m = TrustedClusterV2List{} }
func (m *TrustedClusterV2List) String() string { return proto.CompactTextString(m) }
func (*TrustedClusterV2List) ProtoMessage() {}
func (*TrustedClusterV2List) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{252}
}
func (m *TrustedClusterV2List) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *TrustedClusterV2List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_TrustedClusterV2List.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *TrustedClusterV2List) XXX_Merge(src proto.Message) {
xxx_messageInfo_TrustedClusterV2List.Merge(m, src)
}
func (m *TrustedClusterV2List) XXX_Size() int {
return m.Size()
}
func (m *TrustedClusterV2List) XXX_DiscardUnknown() {
xxx_messageInfo_TrustedClusterV2List.DiscardUnknown(m)
}
var xxx_messageInfo_TrustedClusterV2List proto.InternalMessageInfo
// TrustedClusterSpecV2 is a Trusted Cluster specification.
type TrustedClusterSpecV2 struct {
// Enabled is a bool that indicates if the TrustedCluster is enabled or disabled.
// Setting Enabled to false has a side effect of deleting the user and host certificate
// authority (CA).
Enabled bool `protobuf:"varint,1,opt,name=Enabled,proto3" json:"enabled"`
// Roles is a list of roles that users will be assuming when connecting to this cluster.
Roles []string `protobuf:"bytes,2,rep,name=Roles,proto3" json:"roles,omitempty"`
// Token is the authorization token provided by another cluster needed by this cluster to join.
Token string `protobuf:"bytes,3,opt,name=Token,proto3" json:"token"`
// ProxyAddress is the address of the web proxy server of the cluster to join. If not set,
// it is derived from `<metadata.name>:<default web proxy server port>`.
ProxyAddress string `protobuf:"bytes,4,opt,name=ProxyAddress,proto3" json:"web_proxy_addr"`
// ReverseTunnelAddress is the address of the SSH proxy server of the cluster to join. If
// not set, it is derived from `<metadata.name>:<default reverse tunnel port>`.
ReverseTunnelAddress string `protobuf:"bytes,5,opt,name=ReverseTunnelAddress,proto3" json:"tunnel_addr"`
// RoleMap specifies role mappings to remote roles.
RoleMap []RoleMapping `protobuf:"bytes,6,rep,name=RoleMap,proto3" json:"role_map,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *TrustedClusterSpecV2) Reset() { *m = TrustedClusterSpecV2{} }
func (m *TrustedClusterSpecV2) String() string { return proto.CompactTextString(m) }
func (*TrustedClusterSpecV2) ProtoMessage() {}
func (*TrustedClusterSpecV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{253}
}
func (m *TrustedClusterSpecV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *TrustedClusterSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_TrustedClusterSpecV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *TrustedClusterSpecV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_TrustedClusterSpecV2.Merge(m, src)
}
func (m *TrustedClusterSpecV2) XXX_Size() int {
return m.Size()
}
func (m *TrustedClusterSpecV2) XXX_DiscardUnknown() {
xxx_messageInfo_TrustedClusterSpecV2.DiscardUnknown(m)
}
var xxx_messageInfo_TrustedClusterSpecV2 proto.InternalMessageInfo
// LockV2 represents a lock.
// Locks are used to restrict access to a Teleport environment by disabling
// interactions involving a user, an RBAC role, a node, etc.
// See rfd/0009-locking.md for more details.
type LockV2 struct {
// Kind is a resource kind.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version. It must be specified.
// Supported values are: `v2`.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata holds resource metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is a Lock specification.
Spec LockSpecV2 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *LockV2) Reset() { *m = LockV2{} }
func (m *LockV2) String() string { return proto.CompactTextString(m) }
func (*LockV2) ProtoMessage() {}
func (*LockV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{254}
}
func (m *LockV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *LockV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_LockV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *LockV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_LockV2.Merge(m, src)
}
func (m *LockV2) XXX_Size() int {
return m.Size()
}
func (m *LockV2) XXX_DiscardUnknown() {
xxx_messageInfo_LockV2.DiscardUnknown(m)
}
var xxx_messageInfo_LockV2 proto.InternalMessageInfo
// LockSpecV2 is a Lock specification.
type LockSpecV2 struct {
// Target describes the set of interactions that the lock applies to.
Target LockTarget `protobuf:"bytes,1,opt,name=Target,proto3" json:"target"`
// Message is the message displayed to locked-out users.
Message string `protobuf:"bytes,2,opt,name=Message,proto3" json:"message,omitempty"`
// Expires if set specifies when the lock ceases to be in force.
Expires *time.Time `protobuf:"bytes,3,opt,name=Expires,proto3,stdtime" json:"expires,omitempty"`
// CreatedAt is the date time that the lock was created.
CreatedAt time.Time `protobuf:"bytes,4,opt,name=CreatedAt,proto3,stdtime" json:"created_at,omitempty"`
// CreatedBy is the username of the author of the lock.
CreatedBy string `protobuf:"bytes,5,opt,name=CreatedBy,proto3" json:"created_by,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *LockSpecV2) Reset() { *m = LockSpecV2{} }
func (m *LockSpecV2) String() string { return proto.CompactTextString(m) }
func (*LockSpecV2) ProtoMessage() {}
func (*LockSpecV2) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{255}
}
func (m *LockSpecV2) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *LockSpecV2) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_LockSpecV2.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *LockSpecV2) XXX_Merge(src proto.Message) {
xxx_messageInfo_LockSpecV2.Merge(m, src)
}
func (m *LockSpecV2) XXX_Size() int {
return m.Size()
}
func (m *LockSpecV2) XXX_DiscardUnknown() {
xxx_messageInfo_LockSpecV2.DiscardUnknown(m)
}
var xxx_messageInfo_LockSpecV2 proto.InternalMessageInfo
// LockTarget lists the attributes of interactions to be disabled.
type LockTarget struct {
// User specifies the name of a Teleport user.
User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user,omitempty"`
// Role specifies the name of an RBAC role known to the root cluster.
// In remote clusters, this constraint is evaluated before translating to local roles.
Role string `protobuf:"bytes,2,opt,name=Role,proto3" json:"role,omitempty"`
// Login specifies the name of a local UNIX user.
Login string `protobuf:"bytes,3,opt,name=Login,proto3" json:"login,omitempty"`
// MFADevice specifies the UUID of a user MFA device.
MFADevice string `protobuf:"bytes,5,opt,name=MFADevice,proto3" json:"mfa_device,omitempty"`
// WindowsDesktop specifies the name of a Windows desktop.
WindowsDesktop string `protobuf:"bytes,6,opt,name=WindowsDesktop,proto3" json:"windows_desktop,omitempty"`
// AccessRequest specifies the UUID of an access request.
AccessRequest string `protobuf:"bytes,7,opt,name=AccessRequest,proto3" json:"access_request,omitempty"`
// Device is the device ID of a trusted device.
// Requires Teleport Enterprise.
Device string `protobuf:"bytes,8,opt,name=Device,proto3" json:"device,omitempty"`
// ServerID is the host id of the Teleport instance.
ServerID string `protobuf:"bytes,9,opt,name=ServerID,proto3" json:"server_id,omitempty"`
// BotInstanceID is the bot instance ID if this is a bot identity and is
// ignored otherwise.
BotInstanceID string `protobuf:"bytes,10,opt,name=BotInstanceID,proto3" json:"bot_instance_id,omitempty"`
// JoinToken is the name of the join token used when this identity originally
// joined. This is only valid for bot identities, and cannot be used to target
// `token`-joined bots.
JoinToken string `protobuf:"bytes,11,opt,name=JoinToken,proto3" json:"join_token,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *LockTarget) Reset() { *m = LockTarget{} }
func (*LockTarget) ProtoMessage() {}
func (*LockTarget) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{256}
}
func (m *LockTarget) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *LockTarget) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_LockTarget.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *LockTarget) XXX_Merge(src proto.Message) {
xxx_messageInfo_LockTarget.Merge(m, src)
}
func (m *LockTarget) XXX_Size() int {
return m.Size()
}
func (m *LockTarget) XXX_DiscardUnknown() {
xxx_messageInfo_LockTarget.DiscardUnknown(m)
}
var xxx_messageInfo_LockTarget proto.InternalMessageInfo
// LockFilter encodes optional filters to apply when listing Lock resources
type LockFilter struct {
// Targets is a list of targets. Every returned lock must match at least
// one of the targets.
Targets []*LockTarget `protobuf:"bytes,1,rep,name=targets,proto3" json:"targets,omitempty"`
// InForceOnly specifies whether to return active locks only.
InForceOnly bool `protobuf:"varint,2,opt,name=in_force_only,json=inForceOnly,proto3" json:"in_force_only,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *LockFilter) Reset() { *m = LockFilter{} }
func (m *LockFilter) String() string { return proto.CompactTextString(m) }
func (*LockFilter) ProtoMessage() {}
func (*LockFilter) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{257}
}
func (m *LockFilter) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *LockFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_LockFilter.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *LockFilter) XXX_Merge(src proto.Message) {
xxx_messageInfo_LockFilter.Merge(m, src)
}
func (m *LockFilter) XXX_Size() int {
return m.Size()
}
func (m *LockFilter) XXX_DiscardUnknown() {
xxx_messageInfo_LockFilter.DiscardUnknown(m)
}
var xxx_messageInfo_LockFilter proto.InternalMessageInfo
// AddressCondition represents a set of addresses. Presently the addresses are specified
// exclusively in terms of IPv4/IPv6 ranges.
type AddressCondition struct {
// CIDR is IPv4 or IPv6 address. Valid value are either CIDR ranges (e.g. "10.0.1.0/24",
// "fe::/8") or a single IP address (e.g "10.1.2.3")
CIDR string `protobuf:"bytes,1,opt,name=CIDR,proto3" json:"cidr"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AddressCondition) Reset() { *m = AddressCondition{} }
func (m *AddressCondition) String() string { return proto.CompactTextString(m) }
func (*AddressCondition) ProtoMessage() {}
func (*AddressCondition) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{258}
}
func (m *AddressCondition) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AddressCondition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AddressCondition.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AddressCondition) XXX_Merge(src proto.Message) {
xxx_messageInfo_AddressCondition.Merge(m, src)
}
func (m *AddressCondition) XXX_Size() int {
return m.Size()
}
func (m *AddressCondition) XXX_DiscardUnknown() {
xxx_messageInfo_AddressCondition.DiscardUnknown(m)
}
var xxx_messageInfo_AddressCondition proto.InternalMessageInfo
type NetworkRestrictionsSpecV4 struct {
// Allow lists the addresses that should be allowed.
Allow []AddressCondition `protobuf:"bytes,1,rep,name=Allow,proto3" json:"allow"`
// Deny lists the addresses that should be denied even if they're allowed by Allow condition.
Deny []AddressCondition `protobuf:"bytes,2,rep,name=Deny,proto3" json:"deny"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *NetworkRestrictionsSpecV4) Reset() { *m = NetworkRestrictionsSpecV4{} }
func (m *NetworkRestrictionsSpecV4) String() string { return proto.CompactTextString(m) }
func (*NetworkRestrictionsSpecV4) ProtoMessage() {}
func (*NetworkRestrictionsSpecV4) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{259}
}
func (m *NetworkRestrictionsSpecV4) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *NetworkRestrictionsSpecV4) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_NetworkRestrictionsSpecV4.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *NetworkRestrictionsSpecV4) XXX_Merge(src proto.Message) {
xxx_messageInfo_NetworkRestrictionsSpecV4.Merge(m, src)
}
func (m *NetworkRestrictionsSpecV4) XXX_Size() int {
return m.Size()
}
func (m *NetworkRestrictionsSpecV4) XXX_DiscardUnknown() {
xxx_messageInfo_NetworkRestrictionsSpecV4.DiscardUnknown(m)
}
var xxx_messageInfo_NetworkRestrictionsSpecV4 proto.InternalMessageInfo
// NetworkRestrictions specifies a list of addresses to restrict (block). The deny
// list is checked first and the allow lists overrides it. Thus an empty allow
// list does not mean that no addresses will be allowed, that will only be the
// case if the deny list covers the whole address range.
type NetworkRestrictionsV4 struct {
// Kind is the network restrictions resource kind.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource subkind.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is the network restrictions metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec contains the network restrictions data
Spec NetworkRestrictionsSpecV4 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *NetworkRestrictionsV4) Reset() { *m = NetworkRestrictionsV4{} }
func (m *NetworkRestrictionsV4) String() string { return proto.CompactTextString(m) }
func (*NetworkRestrictionsV4) ProtoMessage() {}
func (*NetworkRestrictionsV4) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{260}
}
func (m *NetworkRestrictionsV4) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *NetworkRestrictionsV4) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_NetworkRestrictionsV4.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *NetworkRestrictionsV4) XXX_Merge(src proto.Message) {
xxx_messageInfo_NetworkRestrictionsV4.Merge(m, src)
}
func (m *NetworkRestrictionsV4) XXX_Size() int {
return m.Size()
}
func (m *NetworkRestrictionsV4) XXX_DiscardUnknown() {
xxx_messageInfo_NetworkRestrictionsV4.DiscardUnknown(m)
}
var xxx_messageInfo_NetworkRestrictionsV4 proto.InternalMessageInfo
// WindowsDesktopServiceV3 represents a windows desktop access service.
type WindowsDesktopServiceV3 struct {
// Header is the common resource header.
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
// Spec is the windows desktop service spec.
Spec WindowsDesktopServiceSpecV3 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *WindowsDesktopServiceV3) Reset() { *m = WindowsDesktopServiceV3{} }
func (m *WindowsDesktopServiceV3) String() string { return proto.CompactTextString(m) }
func (*WindowsDesktopServiceV3) ProtoMessage() {}
func (*WindowsDesktopServiceV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{261}
}
func (m *WindowsDesktopServiceV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *WindowsDesktopServiceV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_WindowsDesktopServiceV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *WindowsDesktopServiceV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_WindowsDesktopServiceV3.Merge(m, src)
}
func (m *WindowsDesktopServiceV3) XXX_Size() int {
return m.Size()
}
func (m *WindowsDesktopServiceV3) XXX_DiscardUnknown() {
xxx_messageInfo_WindowsDesktopServiceV3.DiscardUnknown(m)
}
var xxx_messageInfo_WindowsDesktopServiceV3 proto.InternalMessageInfo
// WindowsDesktopServiceSpecV3 is the windows desktop service spec.
type WindowsDesktopServiceSpecV3 struct {
// Addr is the address that this service can be reached at.
Addr string `protobuf:"bytes,1,opt,name=Addr,proto3" json:"addr"`
// TeleportVersion is teleport binary version running this service.
TeleportVersion string `protobuf:"bytes,2,opt,name=TeleportVersion,proto3" json:"teleport_version"`
// Hostname is the desktop service hostname.
Hostname string `protobuf:"bytes,3,opt,name=Hostname,proto3" json:"hostname"`
// ProxyIDs is a list of proxy IDs this server is expected to be connected to.
ProxyIDs []string `protobuf:"bytes,4,rep,name=ProxyIDs,proto3" json:"proxy_ids,omitempty"`
// the name of the Relay group that the server is connected to
RelayGroup string `protobuf:"bytes,5,opt,name=relay_group,json=relayGroup,proto3" json:"relay_group,omitempty"`
// the list of Relay host IDs that the server is connected to
RelayIds []string `protobuf:"bytes,6,rep,name=relay_ids,json=relayIds,proto3" json:"relay_ids,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *WindowsDesktopServiceSpecV3) Reset() { *m = WindowsDesktopServiceSpecV3{} }
func (m *WindowsDesktopServiceSpecV3) String() string { return proto.CompactTextString(m) }
func (*WindowsDesktopServiceSpecV3) ProtoMessage() {}
func (*WindowsDesktopServiceSpecV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{262}
}
func (m *WindowsDesktopServiceSpecV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *WindowsDesktopServiceSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_WindowsDesktopServiceSpecV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *WindowsDesktopServiceSpecV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_WindowsDesktopServiceSpecV3.Merge(m, src)
}
func (m *WindowsDesktopServiceSpecV3) XXX_Size() int {
return m.Size()
}
func (m *WindowsDesktopServiceSpecV3) XXX_DiscardUnknown() {
xxx_messageInfo_WindowsDesktopServiceSpecV3.DiscardUnknown(m)
}
var xxx_messageInfo_WindowsDesktopServiceSpecV3 proto.InternalMessageInfo
// WindowsDesktopFilter are filters to apply when searching for windows desktops.
type WindowsDesktopFilter struct {
// HostID is the ID of the host the Windows Desktop Service proxying the desktop.
HostID string `protobuf:"bytes,1,opt,name=HostID,proto3" json:"host_id"`
// Name is the name of the desktop.
Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"name"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *WindowsDesktopFilter) Reset() { *m = WindowsDesktopFilter{} }
func (m *WindowsDesktopFilter) String() string { return proto.CompactTextString(m) }
func (*WindowsDesktopFilter) ProtoMessage() {}
func (*WindowsDesktopFilter) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{263}
}
func (m *WindowsDesktopFilter) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *WindowsDesktopFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_WindowsDesktopFilter.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *WindowsDesktopFilter) XXX_Merge(src proto.Message) {
xxx_messageInfo_WindowsDesktopFilter.Merge(m, src)
}
func (m *WindowsDesktopFilter) XXX_Size() int {
return m.Size()
}
func (m *WindowsDesktopFilter) XXX_DiscardUnknown() {
xxx_messageInfo_WindowsDesktopFilter.DiscardUnknown(m)
}
var xxx_messageInfo_WindowsDesktopFilter proto.InternalMessageInfo
// WindowsDesktopV3 represents a Windows host for desktop access.
type WindowsDesktopV3 struct {
// Header is the common resource header.
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
// Spec is the Windows host spec.
Spec WindowsDesktopSpecV3 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *WindowsDesktopV3) Reset() { *m = WindowsDesktopV3{} }
func (m *WindowsDesktopV3) String() string { return proto.CompactTextString(m) }
func (*WindowsDesktopV3) ProtoMessage() {}
func (*WindowsDesktopV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{264}
}
func (m *WindowsDesktopV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *WindowsDesktopV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_WindowsDesktopV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *WindowsDesktopV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_WindowsDesktopV3.Merge(m, src)
}
func (m *WindowsDesktopV3) XXX_Size() int {
return m.Size()
}
func (m *WindowsDesktopV3) XXX_DiscardUnknown() {
xxx_messageInfo_WindowsDesktopV3.DiscardUnknown(m)
}
var xxx_messageInfo_WindowsDesktopV3 proto.InternalMessageInfo
// WindowsDesktopSpecV3 is the Windows host spec.
type WindowsDesktopSpecV3 struct {
// Addr is the address that this host can be reached at.
Addr string `protobuf:"bytes,1,opt,name=Addr,proto3" json:"addr"`
// Domain is the ActiveDirectory domain that this host belongs to.
Domain string `protobuf:"bytes,2,opt,name=Domain,proto3" json:"domain"`
// HostID is the ID of the host the Windows Desktop Service proxying the desktop.
HostID string `protobuf:"bytes,3,opt,name=HostID,proto3" json:"host_id"`
// NonAD marks this desktop as a standalone host that is
// not joined to an Active Directory domain.
NonAD bool `protobuf:"varint,4,opt,name=NonAD,proto3" json:"non_ad"`
// ScreenSize specifies the size of the screen to use for sessions
// on this host. In most cases this should be unspecified, in which
// case Teleport will fill the browser window.
ScreenSize *Resolution `protobuf:"bytes,5,opt,name=ScreenSize,proto3" json:"screen_size,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *WindowsDesktopSpecV3) Reset() { *m = WindowsDesktopSpecV3{} }
func (m *WindowsDesktopSpecV3) String() string { return proto.CompactTextString(m) }
func (*WindowsDesktopSpecV3) ProtoMessage() {}
func (*WindowsDesktopSpecV3) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{265}
}
func (m *WindowsDesktopSpecV3) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *WindowsDesktopSpecV3) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_WindowsDesktopSpecV3.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *WindowsDesktopSpecV3) XXX_Merge(src proto.Message) {
xxx_messageInfo_WindowsDesktopSpecV3.Merge(m, src)
}
func (m *WindowsDesktopSpecV3) XXX_Size() int {
return m.Size()
}
func (m *WindowsDesktopSpecV3) XXX_DiscardUnknown() {
xxx_messageInfo_WindowsDesktopSpecV3.DiscardUnknown(m)
}
var xxx_messageInfo_WindowsDesktopSpecV3 proto.InternalMessageInfo
// DynamicWindowsDesktopV1 represents a dynamic windows host for desktop access.
type DynamicWindowsDesktopV1 struct {
// Header is the common resource header.
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
// Spec is the DynamicWindows host spec.
Spec DynamicWindowsDesktopSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DynamicWindowsDesktopV1) Reset() { *m = DynamicWindowsDesktopV1{} }
func (m *DynamicWindowsDesktopV1) String() string { return proto.CompactTextString(m) }
func (*DynamicWindowsDesktopV1) ProtoMessage() {}
func (*DynamicWindowsDesktopV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{266}
}
func (m *DynamicWindowsDesktopV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DynamicWindowsDesktopV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DynamicWindowsDesktopV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DynamicWindowsDesktopV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_DynamicWindowsDesktopV1.Merge(m, src)
}
func (m *DynamicWindowsDesktopV1) XXX_Size() int {
return m.Size()
}
func (m *DynamicWindowsDesktopV1) XXX_DiscardUnknown() {
xxx_messageInfo_DynamicWindowsDesktopV1.DiscardUnknown(m)
}
var xxx_messageInfo_DynamicWindowsDesktopV1 proto.InternalMessageInfo
// DynamicWindowsDesktopSpecV1 is the dynamic windows host spec.
type DynamicWindowsDesktopSpecV1 struct {
// Addr is the address that this host can be reached at.
Addr string `protobuf:"bytes,1,opt,name=Addr,proto3" json:"addr"`
// Domain is the ActiveDirectory domain that this host belongs to.
Domain string `protobuf:"bytes,2,opt,name=Domain,proto3" json:"domain"`
// NonAD marks this desktop as a standalone host that is
// not joined to an Active Directory domain.
NonAD bool `protobuf:"varint,4,opt,name=NonAD,proto3" json:"non_ad"`
// ScreenSize specifies the size of the screen to use for sessions
// on this host. In most cases this should be unspecified, in which
// case Teleport will fill the browser window.
ScreenSize *Resolution `protobuf:"bytes,5,opt,name=ScreenSize,proto3" json:"screen_size,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DynamicWindowsDesktopSpecV1) Reset() { *m = DynamicWindowsDesktopSpecV1{} }
func (m *DynamicWindowsDesktopSpecV1) String() string { return proto.CompactTextString(m) }
func (*DynamicWindowsDesktopSpecV1) ProtoMessage() {}
func (*DynamicWindowsDesktopSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{267}
}
func (m *DynamicWindowsDesktopSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DynamicWindowsDesktopSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DynamicWindowsDesktopSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DynamicWindowsDesktopSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_DynamicWindowsDesktopSpecV1.Merge(m, src)
}
func (m *DynamicWindowsDesktopSpecV1) XXX_Size() int {
return m.Size()
}
func (m *DynamicWindowsDesktopSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_DynamicWindowsDesktopSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_DynamicWindowsDesktopSpecV1 proto.InternalMessageInfo
type Resolution struct {
Width uint32 `protobuf:"varint,1,opt,name=Width,proto3" json:"width,omitempty"`
Height uint32 `protobuf:"varint,2,opt,name=Height,proto3" json:"height,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Resolution) Reset() { *m = Resolution{} }
func (m *Resolution) String() string { return proto.CompactTextString(m) }
func (*Resolution) ProtoMessage() {}
func (*Resolution) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{268}
}
func (m *Resolution) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Resolution) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Resolution.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Resolution) XXX_Merge(src proto.Message) {
xxx_messageInfo_Resolution.Merge(m, src)
}
func (m *Resolution) XXX_Size() int {
return m.Size()
}
func (m *Resolution) XXX_DiscardUnknown() {
xxx_messageInfo_Resolution.DiscardUnknown(m)
}
var xxx_messageInfo_Resolution proto.InternalMessageInfo
// RegisterUsingTokenRequest is a request to register with the Auth Service using
// an authentication token
type RegisterUsingTokenRequest struct {
// HostID is a unique host ID, usually a UUID
HostID string `protobuf:"bytes,1,opt,name=HostID,proto3" json:"hostID"`
// NodeName is a node name
NodeName string `protobuf:"bytes,2,opt,name=NodeName,proto3" json:"node_name"`
// Role is a system role, e.g. Proxy
Role SystemRole `protobuf:"bytes,3,opt,name=Role,proto3,casttype=SystemRole" json:"role"`
// Token is the name of an authentication token
Token string `protobuf:"bytes,4,opt,name=Token,proto3" json:"token"`
// AdditionalPrincipals is a list of additional principals
AdditionalPrincipals []string `protobuf:"bytes,5,rep,name=AdditionalPrincipals,proto3" json:"additional_principals"`
// DNSNames is a list of DNS names to include in the x509 client certificate
DNSNames []string `protobuf:"bytes,6,rep,name=DNSNames,proto3" json:"dns_names"`
// PublicTLSKey is a PEM encoded public key
// used for TLS setup
PublicTLSKey []byte `protobuf:"bytes,7,opt,name=PublicTLSKey,proto3" json:"public_tls_key"`
// PublicSSHKey is a SSH encoded public key,
// if present will be signed as a return value
// otherwise, new public/private key pair will be generated
PublicSSHKey []byte `protobuf:"bytes,8,opt,name=PublicSSHKey,proto3" json:"public_ssh_key"`
// RemoteAddr is the remote address of the host requesting a host certificate.
// It is used to replace 0.0.0.0 in the list of additional principals.
RemoteAddr string `protobuf:"bytes,9,opt,name=RemoteAddr,proto3" json:"remote_addr"`
// EC2IdentityDocument is used for the EC2 join method to prove the identity
// of a joining EC2 instance.
EC2IdentityDocument []byte `protobuf:"bytes,10,opt,name=EC2IdentityDocument,proto3" json:"ec2_id"`
// IDToken is a token provided by a workload identity provider as part of
// OIDC join types such as GitHub.
IDToken string `protobuf:"bytes,11,opt,name=IDToken,proto3" json:"id_token"`
// Expires is a desired time of the expiry of user certificates returned by
// registration. This only applies to bot joining, and will be ignored by
// node joining.
Expires *time.Time `protobuf:"bytes,12,opt,name=Expires,proto3,stdtime" json:"expires,omitempty"`
// BotInstanceID is a trusted instance identifier for a Machine ID bot,
// provided when rejoining. This parameter may only be provided by the join
// service and is ignored otherwise; bots should otherwise rejoin with their
// existing client certificate to prove their instance identity.
BotInstanceID string `protobuf:"bytes,13,opt,name=BotInstanceID,proto3" json:"bot_instance_id"`
// BotGeneration is a trusted generation counter value for Machine ID bots,
// provided to Auth by the Join Service when bots rejoin via a streamed/gRPC
// join method. Rejoining bots supply this value via a client certificate
// extension; it is ignored from other sources.
BotGeneration int32 `protobuf:"varint,14,opt,name=BotGeneration,proto3" json:"bot_generation"`
// PreviousBotInstanceID is a trusted previous instance identifier for a
// Machine ID bot. This parameter may only be set internally during certain
// join processes and is ignored otherwise.
PreviousBotInstanceID string `protobuf:"bytes,15,opt,name=PreviousBotInstanceID,proto3" json:"previous_bot_instance_id"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RegisterUsingTokenRequest) Reset() { *m = RegisterUsingTokenRequest{} }
func (m *RegisterUsingTokenRequest) String() string { return proto.CompactTextString(m) }
func (*RegisterUsingTokenRequest) ProtoMessage() {}
func (*RegisterUsingTokenRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{269}
}
func (m *RegisterUsingTokenRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RegisterUsingTokenRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RegisterUsingTokenRequest.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RegisterUsingTokenRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_RegisterUsingTokenRequest.Merge(m, src)
}
func (m *RegisterUsingTokenRequest) XXX_Size() int {
return m.Size()
}
func (m *RegisterUsingTokenRequest) XXX_DiscardUnknown() {
xxx_messageInfo_RegisterUsingTokenRequest.DiscardUnknown(m)
}
var xxx_messageInfo_RegisterUsingTokenRequest proto.InternalMessageInfo
// RecoveryCodes holds a user's recovery code information. Recovery codes allows users to regain
// access to their account by restoring their lost password or multi-factor. Once a recovery code
// is successfully verified, the code is mark used (which invalidates it), and lets the user begin
// the recovery flow. When a user successfully finishes the recovery flow, users will get a new set
// of codes that will replace all the previous ones.
type RecoveryCodesV1 struct {
// Kind is the resource kind.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource subkind. Currently unused for this resource.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is the resource metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is the resource spec.
Spec RecoveryCodesSpecV1 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RecoveryCodesV1) Reset() { *m = RecoveryCodesV1{} }
func (m *RecoveryCodesV1) String() string { return proto.CompactTextString(m) }
func (*RecoveryCodesV1) ProtoMessage() {}
func (*RecoveryCodesV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{270}
}
func (m *RecoveryCodesV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RecoveryCodesV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RecoveryCodesV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RecoveryCodesV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_RecoveryCodesV1.Merge(m, src)
}
func (m *RecoveryCodesV1) XXX_Size() int {
return m.Size()
}
func (m *RecoveryCodesV1) XXX_DiscardUnknown() {
xxx_messageInfo_RecoveryCodesV1.DiscardUnknown(m)
}
var xxx_messageInfo_RecoveryCodesV1 proto.InternalMessageInfo
// RecoveryCodesSpecV1 is the recovery codes spec.
type RecoveryCodesSpecV1 struct {
// Codes hold a list of numOfRecoveryCodes.
Codes []RecoveryCode `protobuf:"bytes,1,rep,name=Codes,proto3" json:"codes"`
// Created is when the set of recovery codes were generated. Updated when a new set of recovery
// codes are inserted.
Created time.Time `protobuf:"bytes,2,opt,name=Created,proto3,stdtime" json:"created"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RecoveryCodesSpecV1) Reset() { *m = RecoveryCodesSpecV1{} }
func (m *RecoveryCodesSpecV1) String() string { return proto.CompactTextString(m) }
func (*RecoveryCodesSpecV1) ProtoMessage() {}
func (*RecoveryCodesSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{271}
}
func (m *RecoveryCodesSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RecoveryCodesSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RecoveryCodesSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RecoveryCodesSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_RecoveryCodesSpecV1.Merge(m, src)
}
func (m *RecoveryCodesSpecV1) XXX_Size() int {
return m.Size()
}
func (m *RecoveryCodesSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_RecoveryCodesSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_RecoveryCodesSpecV1 proto.InternalMessageInfo
// RecoveryCode describes a recovery code.
type RecoveryCode struct {
// HashedCode is a bcrypt hash of this recovery code.
HashedCode []byte `protobuf:"bytes,1,opt,name=HashedCode,proto3" json:"hashed_code"`
// IsUsed determines if this recovery code was used.
IsUsed bool `protobuf:"varint,2,opt,name=IsUsed,proto3" json:"is_used"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *RecoveryCode) Reset() { *m = RecoveryCode{} }
func (m *RecoveryCode) String() string { return proto.CompactTextString(m) }
func (*RecoveryCode) ProtoMessage() {}
func (*RecoveryCode) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{272}
}
func (m *RecoveryCode) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *RecoveryCode) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_RecoveryCode.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *RecoveryCode) XXX_Merge(src proto.Message) {
xxx_messageInfo_RecoveryCode.Merge(m, src)
}
func (m *RecoveryCode) XXX_Size() int {
return m.Size()
}
func (m *RecoveryCode) XXX_DiscardUnknown() {
xxx_messageInfo_RecoveryCode.DiscardUnknown(m)
}
var xxx_messageInfo_RecoveryCode proto.InternalMessageInfo
type NullableSessionState struct {
State SessionState `protobuf:"varint,1,opt,name=State,proto3,enum=types.SessionState" json:"state,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *NullableSessionState) Reset() { *m = NullableSessionState{} }
func (m *NullableSessionState) String() string { return proto.CompactTextString(m) }
func (*NullableSessionState) ProtoMessage() {}
func (*NullableSessionState) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{273}
}
func (m *NullableSessionState) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *NullableSessionState) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_NullableSessionState.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *NullableSessionState) XXX_Merge(src proto.Message) {
xxx_messageInfo_NullableSessionState.Merge(m, src)
}
func (m *NullableSessionState) XXX_Size() int {
return m.Size()
}
func (m *NullableSessionState) XXX_DiscardUnknown() {
xxx_messageInfo_NullableSessionState.DiscardUnknown(m)
}
var xxx_messageInfo_NullableSessionState proto.InternalMessageInfo
// SessionTrackerFilter are filters to apply when searching for session trackers.
type SessionTrackerFilter struct {
// Kind describes what kind of session this is.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind,omitempty"`
// State is the current state of this session.
State *NullableSessionState `protobuf:"bytes,2,opt,name=State,proto3" json:"state,omitempty"`
// DesktopName is the windows desktop server this session belongs to.
DesktopName string `protobuf:"bytes,3,opt,name=DesktopName,proto3" json:"desktop_name,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SessionTrackerFilter) Reset() { *m = SessionTrackerFilter{} }
func (m *SessionTrackerFilter) String() string { return proto.CompactTextString(m) }
func (*SessionTrackerFilter) ProtoMessage() {}
func (*SessionTrackerFilter) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{274}
}
func (m *SessionTrackerFilter) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SessionTrackerFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SessionTrackerFilter.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SessionTrackerFilter) XXX_Merge(src proto.Message) {
xxx_messageInfo_SessionTrackerFilter.Merge(m, src)
}
func (m *SessionTrackerFilter) XXX_Size() int {
return m.Size()
}
func (m *SessionTrackerFilter) XXX_DiscardUnknown() {
xxx_messageInfo_SessionTrackerFilter.DiscardUnknown(m)
}
var xxx_messageInfo_SessionTrackerFilter proto.InternalMessageInfo
// SessionTrackerV1 represents a live session resource.
type SessionTrackerV1 struct {
// Header is the common resource header.
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
// Spec is a session specification.
Spec SessionTrackerSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SessionTrackerV1) Reset() { *m = SessionTrackerV1{} }
func (m *SessionTrackerV1) String() string { return proto.CompactTextString(m) }
func (*SessionTrackerV1) ProtoMessage() {}
func (*SessionTrackerV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{275}
}
func (m *SessionTrackerV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SessionTrackerV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SessionTrackerV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SessionTrackerV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_SessionTrackerV1.Merge(m, src)
}
func (m *SessionTrackerV1) XXX_Size() int {
return m.Size()
}
func (m *SessionTrackerV1) XXX_DiscardUnknown() {
xxx_messageInfo_SessionTrackerV1.DiscardUnknown(m)
}
var xxx_messageInfo_SessionTrackerV1 proto.InternalMessageInfo
// SessionTrackerSpecV1 is the specification for a live session.
type SessionTrackerSpecV1 struct {
// SessionID is unique identifier of this session.
SessionID string `protobuf:"bytes,1,opt,name=SessionID,proto3" json:"session_id,omitempty"`
// Kind describes what kind of session this is.
Kind string `protobuf:"bytes,2,opt,name=Kind,proto3" json:"kind,omitempty"`
// State is the current state of this session.
State SessionState `protobuf:"varint,3,opt,name=State,proto3,enum=types.SessionState" json:"state,omitempty"`
// Created encodes the time at which the session was registered with the auth
// server.
//
// This should match the timestamp in the corresponding `session.create` event.
// It's thus up to the tracker creator to set the correct timestamp.
Created time.Time `protobuf:"bytes,4,opt,name=Created,proto3,stdtime" json:"created,omitempty"`
// Expires encodes the time at which this session expires and becomes invalid.
Expires time.Time `protobuf:"bytes,5,opt,name=Expires,proto3,stdtime" json:"expires,omitempty"`
// AttachedData is arbitrary attached JSON serialized metadata.
AttachedData string `protobuf:"bytes,6,opt,name=AttachedData,proto3" json:"attached,omitempty"`
// Reason is an arbitrary string that may be used to describe the session and/or it's
// purpose.
Reason string `protobuf:"bytes,7,opt,name=Reason,proto3" json:"reason,omitempty"`
// Invited is a list of invited users, this field can be used by
// clients to deliver notifications to invited users.
Invited []string `protobuf:"bytes,8,rep,name=Invited,proto3" json:"invited,omitempty"`
// Hostname identifies the target this session is connected to.
Hostname string `protobuf:"bytes,9,opt,name=Hostname,proto3" json:"target_hostname,omitempty"`
// Address is the address of the target this session is connected to.
Address string `protobuf:"bytes,10,opt,name=Address,proto3" json:"target_address,omitempty"`
// ClusterName is the name of the Teleport cluster that this session belongs to.
ClusterName string `protobuf:"bytes,11,opt,name=ClusterName,proto3" json:"cluster_name,omitempty"`
// Login is the local login/user on the target used by the session.
Login string `protobuf:"bytes,12,opt,name=Login,proto3" json:"login,omitempty"`
// Participants is a list of session participants.
Participants []Participant `protobuf:"bytes,13,rep,name=Participants,proto3" json:"participants,omitempty"`
// The Kubernetes cluster this session belongs to.
KubernetesCluster string `protobuf:"bytes,14,opt,name=KubernetesCluster,proto3" json:"kubernetes_cluster,omitempty"`
// HostUser is the user regarded as the owner of this session, RBAC checks are performed
// against the require policies of this user.
//
// This refers to the Teleport user but may not be the same as the sessions initiator.
HostUser string `protobuf:"bytes,15,opt,name=HostUser,proto3" json:"host_user,omitempty"`
// HostPolicies is a list of RBAC policy sets held by the host user at the time of session
// creation.
HostPolicies []*SessionTrackerPolicySet `protobuf:"bytes,16,rep,name=HostPolicies,proto3" json:"host_roles,omitempty"`
// DatabaseName is the database server this session belongs to.
DatabaseName string `protobuf:"bytes,17,opt,name=DatabaseName,proto3" json:"database_name,omitempty"`
// AppName is the app server this session belongs to.
AppName string `protobuf:"bytes,18,opt,name=AppName,proto3" json:"app_name,omitempty"`
// AppSessionID is the unique ID of the app access certificate used to start this app session.
AppSessionID string `protobuf:"bytes,19,opt,name=AppSessionID,proto3" json:"app_session_id,omitempty"`
// DesktopName is the windows desktop server this session belongs to.
DesktopName string `protobuf:"bytes,20,opt,name=DesktopName,proto3" json:"desktop_name,omitempty"`
// HostID is the target host id that created the session tracker.
// It's useful for Kubernetes moderated sessions when running in high availabilty
// otherwise kube proxy is not able to know which agent runs the session.
HostID string `protobuf:"bytes,21,opt,name=HostID,proto3" json:"host_id,omitempty"`
// TargetSubKind is the sub kind of the target server.
TargetSubKind string `protobuf:"bytes,22,opt,name=TargetSubKind,proto3" json:"target_sub_kind,omitempty"`
// InitialCommand is the command that was executed to start this session.
InitialCommand []string `protobuf:"bytes,23,rep,name=InitialCommand,proto3" json:"initial_command,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SessionTrackerSpecV1) Reset() { *m = SessionTrackerSpecV1{} }
func (m *SessionTrackerSpecV1) String() string { return proto.CompactTextString(m) }
func (*SessionTrackerSpecV1) ProtoMessage() {}
func (*SessionTrackerSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{276}
}
func (m *SessionTrackerSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SessionTrackerSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SessionTrackerSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SessionTrackerSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_SessionTrackerSpecV1.Merge(m, src)
}
func (m *SessionTrackerSpecV1) XXX_Size() int {
return m.Size()
}
func (m *SessionTrackerSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_SessionTrackerSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_SessionTrackerSpecV1 proto.InternalMessageInfo
// SessionTrackerPolicySet is a set of RBAC policies held by the session tracker
// that contain additional metadata from the originating role.
type SessionTrackerPolicySet struct {
// Name is name of the role this policy set originates from.
Name string `protobuf:"bytes,1,opt,name=Name,proto3" json:"name,omitempty"`
// Version is version of the role this policy set originates from.
Version string `protobuf:"bytes,2,opt,name=Version,proto3" json:"version,omitempty"`
// RequireSessionJoin specifies policies for required users to start a session.
RequireSessionJoin []*SessionRequirePolicy `protobuf:"bytes,3,rep,name=RequireSessionJoin,proto3" json:"require_session_join,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SessionTrackerPolicySet) Reset() { *m = SessionTrackerPolicySet{} }
func (m *SessionTrackerPolicySet) String() string { return proto.CompactTextString(m) }
func (*SessionTrackerPolicySet) ProtoMessage() {}
func (*SessionTrackerPolicySet) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{277}
}
func (m *SessionTrackerPolicySet) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SessionTrackerPolicySet) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SessionTrackerPolicySet.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SessionTrackerPolicySet) XXX_Merge(src proto.Message) {
xxx_messageInfo_SessionTrackerPolicySet.Merge(m, src)
}
func (m *SessionTrackerPolicySet) XXX_Size() int {
return m.Size()
}
func (m *SessionTrackerPolicySet) XXX_DiscardUnknown() {
xxx_messageInfo_SessionTrackerPolicySet.DiscardUnknown(m)
}
var xxx_messageInfo_SessionTrackerPolicySet proto.InternalMessageInfo
// Participant stores information about a participant in the session.
type Participant struct {
// ID is a unique UUID of this participant for a given session.
ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"id,omitempty"`
// User is the canonical name of the Teleport user controlling this participant.
User string `protobuf:"bytes,2,opt,name=User,proto3" json:"user,omitempty"`
// Mode is the participant mode.
Mode string `protobuf:"bytes,3,opt,name=Mode,proto3" json:"mode,omitempty"`
// LastActive is the last time this party was active in the session.
LastActive time.Time `protobuf:"bytes,4,opt,name=LastActive,proto3,stdtime" json:"last_active,omitempty"`
// Cluster is the cluster name the user is authenticated against.
Cluster string `protobuf:"bytes,5,opt,name=Cluster,proto3" json:"cluster,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Participant) Reset() { *m = Participant{} }
func (m *Participant) String() string { return proto.CompactTextString(m) }
func (*Participant) ProtoMessage() {}
func (*Participant) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{278}
}
func (m *Participant) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Participant) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Participant.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Participant) XXX_Merge(src proto.Message) {
xxx_messageInfo_Participant.Merge(m, src)
}
func (m *Participant) XXX_Size() int {
return m.Size()
}
func (m *Participant) XXX_DiscardUnknown() {
xxx_messageInfo_Participant.DiscardUnknown(m)
}
var xxx_messageInfo_Participant proto.InternalMessageInfo
// UIConfigV1 represents the configuration for the web UI served by the proxy service
type UIConfigV1 struct {
// Header is the resource header for the UI configuration.
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
// Spec is the resource spec.
Spec UIConfigSpecV1 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *UIConfigV1) Reset() { *m = UIConfigV1{} }
func (m *UIConfigV1) String() string { return proto.CompactTextString(m) }
func (*UIConfigV1) ProtoMessage() {}
func (*UIConfigV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{279}
}
func (m *UIConfigV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *UIConfigV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_UIConfigV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *UIConfigV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_UIConfigV1.Merge(m, src)
}
func (m *UIConfigV1) XXX_Size() int {
return m.Size()
}
func (m *UIConfigV1) XXX_DiscardUnknown() {
xxx_messageInfo_UIConfigV1.DiscardUnknown(m)
}
var xxx_messageInfo_UIConfigV1 proto.InternalMessageInfo
// UIConfigSpecV1 is the specification for a UIConfig
type UIConfigSpecV1 struct {
// ScrollbackLines is the max number of lines the UI terminal can display in its history.
ScrollbackLines int32 `protobuf:"varint,1,opt,name=ScrollbackLines,proto3" json:"scrollback_lines"`
// ShowResources determines which resources are shown in the web UI. Default if unset is "requestable"
// which means resources the user has access to and resources they can request will be shown in the
// resources UI. If set to `accessible_only`, only resources the user already has access to will be shown.
ShowResources github_com_gravitational_teleport_api_constants.ShowResources `protobuf:"bytes,2,opt,name=ShowResources,proto3,casttype=github.com/gravitational/teleport/api/constants.ShowResources" json:"show_resources,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *UIConfigSpecV1) Reset() { *m = UIConfigSpecV1{} }
func (m *UIConfigSpecV1) String() string { return proto.CompactTextString(m) }
func (*UIConfigSpecV1) ProtoMessage() {}
func (*UIConfigSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{280}
}
func (m *UIConfigSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *UIConfigSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_UIConfigSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *UIConfigSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_UIConfigSpecV1.Merge(m, src)
}
func (m *UIConfigSpecV1) XXX_Size() int {
return m.Size()
}
func (m *UIConfigSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_UIConfigSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_UIConfigSpecV1 proto.InternalMessageInfo
// InstallerV1 represents an installer script resource. Used to
// provide a script to install teleport on discovered nodes.
type InstallerV1 struct {
// Kind is the resource kind.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource subkind. Currently unused for this resource.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is the resource metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is the resource spec.
Spec InstallerSpecV1 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *InstallerV1) Reset() { *m = InstallerV1{} }
func (m *InstallerV1) String() string { return proto.CompactTextString(m) }
func (*InstallerV1) ProtoMessage() {}
func (*InstallerV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{281}
}
func (m *InstallerV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *InstallerV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_InstallerV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *InstallerV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_InstallerV1.Merge(m, src)
}
func (m *InstallerV1) XXX_Size() int {
return m.Size()
}
func (m *InstallerV1) XXX_DiscardUnknown() {
xxx_messageInfo_InstallerV1.DiscardUnknown(m)
}
var xxx_messageInfo_InstallerV1 proto.InternalMessageInfo
// InstallerSpecV1 is the specification for an Installer
type InstallerSpecV1 struct {
// Script represents the contents of a installer shell script
Script string `protobuf:"bytes,1,opt,name=Script,proto3" json:"script"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *InstallerSpecV1) Reset() { *m = InstallerSpecV1{} }
func (m *InstallerSpecV1) String() string { return proto.CompactTextString(m) }
func (*InstallerSpecV1) ProtoMessage() {}
func (*InstallerSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{282}
}
func (m *InstallerSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *InstallerSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_InstallerSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *InstallerSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_InstallerSpecV1.Merge(m, src)
}
func (m *InstallerSpecV1) XXX_Size() int {
return m.Size()
}
func (m *InstallerSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_InstallerSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_InstallerSpecV1 proto.InternalMessageInfo
// InstallerV1List represents a list of installer resources.
type InstallerV1List struct {
// Installers is a list of installer resources.
Installers []*InstallerV1 `protobuf:"bytes,1,rep,name=installers,proto3" json:"installers,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *InstallerV1List) Reset() { *m = InstallerV1List{} }
func (m *InstallerV1List) String() string { return proto.CompactTextString(m) }
func (*InstallerV1List) ProtoMessage() {}
func (*InstallerV1List) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{283}
}
func (m *InstallerV1List) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *InstallerV1List) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_InstallerV1List.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *InstallerV1List) XXX_Merge(src proto.Message) {
xxx_messageInfo_InstallerV1List.Merge(m, src)
}
func (m *InstallerV1List) XXX_Size() int {
return m.Size()
}
func (m *InstallerV1List) XXX_DiscardUnknown() {
xxx_messageInfo_InstallerV1List.DiscardUnknown(m)
}
var xxx_messageInfo_InstallerV1List proto.InternalMessageInfo
// SortBy defines a sort criteria.
type SortBy struct {
// IsDesc is a sort direction flag where if true the direction is descending, else ascending.
IsDesc bool `protobuf:"varint,1,opt,name=IsDesc,proto3" json:"is_desc"`
// Field is the name of an objects field to sort by.
Field string `protobuf:"bytes,2,opt,name=Field,proto3" json:"field"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SortBy) Reset() { *m = SortBy{} }
func (m *SortBy) String() string { return proto.CompactTextString(m) }
func (*SortBy) ProtoMessage() {}
func (*SortBy) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{284}
}
func (m *SortBy) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SortBy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SortBy.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SortBy) XXX_Merge(src proto.Message) {
xxx_messageInfo_SortBy.Merge(m, src)
}
func (m *SortBy) XXX_Size() int {
return m.Size()
}
func (m *SortBy) XXX_DiscardUnknown() {
xxx_messageInfo_SortBy.DiscardUnknown(m)
}
var xxx_messageInfo_SortBy proto.InternalMessageInfo
// ConnectionDiagnosticV1 is the result of testing a connection.
// When setting up a new resource in Teleport, it's useful to know if we can connect to it.
// This can be done using the test connection feature.
// The user can then receive the result as feedback using the UI
type ConnectionDiagnosticV1 struct {
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
// Spec is the resource spec.
Spec ConnectionDiagnosticSpecV1 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ConnectionDiagnosticV1) Reset() { *m = ConnectionDiagnosticV1{} }
func (m *ConnectionDiagnosticV1) String() string { return proto.CompactTextString(m) }
func (*ConnectionDiagnosticV1) ProtoMessage() {}
func (*ConnectionDiagnosticV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{285}
}
func (m *ConnectionDiagnosticV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ConnectionDiagnosticV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ConnectionDiagnosticV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ConnectionDiagnosticV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_ConnectionDiagnosticV1.Merge(m, src)
}
func (m *ConnectionDiagnosticV1) XXX_Size() int {
return m.Size()
}
func (m *ConnectionDiagnosticV1) XXX_DiscardUnknown() {
xxx_messageInfo_ConnectionDiagnosticV1.DiscardUnknown(m)
}
var xxx_messageInfo_ConnectionDiagnosticV1 proto.InternalMessageInfo
// ConnectionDiagnosticSpecV1 is the ConnectionDiagnostic Spec.
// It contains the result of testing a connection.
// It has the overall result of the connection and then a list of traces.
// Each trace contains checkpoints of the connection attempt and its result.
type ConnectionDiagnosticSpecV1 struct {
// Success describes whether the connection was a success or a failure.
Success bool `protobuf:"varint,1,opt,name=Success,proto3" json:"success"`
// Message may contain some user friendly message to let the user know whether it was
// successful or a failure.
Message string `protobuf:"bytes,2,opt,name=Message,proto3" json:"message"`
// Traces contain a list of checkpoints defined by
Traces []*ConnectionDiagnosticTrace `protobuf:"bytes,3,rep,name=Traces,proto3" json:"traces"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ConnectionDiagnosticSpecV1) Reset() { *m = ConnectionDiagnosticSpecV1{} }
func (m *ConnectionDiagnosticSpecV1) String() string { return proto.CompactTextString(m) }
func (*ConnectionDiagnosticSpecV1) ProtoMessage() {}
func (*ConnectionDiagnosticSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{286}
}
func (m *ConnectionDiagnosticSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ConnectionDiagnosticSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ConnectionDiagnosticSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ConnectionDiagnosticSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_ConnectionDiagnosticSpecV1.Merge(m, src)
}
func (m *ConnectionDiagnosticSpecV1) XXX_Size() int {
return m.Size()
}
func (m *ConnectionDiagnosticSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_ConnectionDiagnosticSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_ConnectionDiagnosticSpecV1 proto.InternalMessageInfo
// ConnectionDiagnosticTrace describes a trace of a connection diagnostic
type ConnectionDiagnosticTrace struct {
Type ConnectionDiagnosticTrace_TraceType `protobuf:"varint,1,opt,name=Type,proto3,enum=types.ConnectionDiagnosticTrace_TraceType" json:"type"`
Status ConnectionDiagnosticTrace_StatusType `protobuf:"varint,2,opt,name=Status,proto3,enum=types.ConnectionDiagnosticTrace_StatusType" json:"status"`
// Details contains a User friendly message of the check's result.
Details string `protobuf:"bytes,3,opt,name=Details,proto3" json:"details"`
// Error contains the low level error message in case of a failure.
Error string `protobuf:"bytes,4,opt,name=Error,proto3" json:"error"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ConnectionDiagnosticTrace) Reset() { *m = ConnectionDiagnosticTrace{} }
func (m *ConnectionDiagnosticTrace) String() string { return proto.CompactTextString(m) }
func (*ConnectionDiagnosticTrace) ProtoMessage() {}
func (*ConnectionDiagnosticTrace) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{287}
}
func (m *ConnectionDiagnosticTrace) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ConnectionDiagnosticTrace) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ConnectionDiagnosticTrace.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ConnectionDiagnosticTrace) XXX_Merge(src proto.Message) {
xxx_messageInfo_ConnectionDiagnosticTrace.Merge(m, src)
}
func (m *ConnectionDiagnosticTrace) XXX_Size() int {
return m.Size()
}
func (m *ConnectionDiagnosticTrace) XXX_DiscardUnknown() {
xxx_messageInfo_ConnectionDiagnosticTrace.DiscardUnknown(m)
}
var xxx_messageInfo_ConnectionDiagnosticTrace proto.InternalMessageInfo
// DatabaseServiceV1 is the representation of a DatabaseService (agent) process.
type DatabaseServiceV1 struct {
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
// Spec is the resource spec.
Spec DatabaseServiceSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DatabaseServiceV1) Reset() { *m = DatabaseServiceV1{} }
func (m *DatabaseServiceV1) String() string { return proto.CompactTextString(m) }
func (*DatabaseServiceV1) ProtoMessage() {}
func (*DatabaseServiceV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{288}
}
func (m *DatabaseServiceV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DatabaseServiceV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DatabaseServiceV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DatabaseServiceV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_DatabaseServiceV1.Merge(m, src)
}
func (m *DatabaseServiceV1) XXX_Size() int {
return m.Size()
}
func (m *DatabaseServiceV1) XXX_DiscardUnknown() {
xxx_messageInfo_DatabaseServiceV1.DiscardUnknown(m)
}
var xxx_messageInfo_DatabaseServiceV1 proto.InternalMessageInfo
// DatabaseServiceSpecV1 is the DatabaseService Spec.
type DatabaseServiceSpecV1 struct {
// ResourceMatchers is the configured match for Database resources.
ResourceMatchers []*DatabaseResourceMatcher `protobuf:"bytes,1,rep,name=ResourceMatchers,proto3" json:"resources"`
// Hostname is the hostname where this service is running.
Hostname string `protobuf:"bytes,2,opt,name=Hostname,proto3" json:"hostname"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DatabaseServiceSpecV1) Reset() { *m = DatabaseServiceSpecV1{} }
func (m *DatabaseServiceSpecV1) String() string { return proto.CompactTextString(m) }
func (*DatabaseServiceSpecV1) ProtoMessage() {}
func (*DatabaseServiceSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{289}
}
func (m *DatabaseServiceSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DatabaseServiceSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DatabaseServiceSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DatabaseServiceSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_DatabaseServiceSpecV1.Merge(m, src)
}
func (m *DatabaseServiceSpecV1) XXX_Size() int {
return m.Size()
}
func (m *DatabaseServiceSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_DatabaseServiceSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_DatabaseServiceSpecV1 proto.InternalMessageInfo
// DatabaseResourceMatcher is a set of properties that is used to match on resources.
type DatabaseResourceMatcher struct {
Labels *Labels `protobuf:"bytes,1,opt,name=Labels,proto3,customtype=Labels" json:"labels"`
AWS ResourceMatcherAWS `protobuf:"bytes,2,opt,name=AWS,proto3" json:"aws"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DatabaseResourceMatcher) Reset() { *m = DatabaseResourceMatcher{} }
func (m *DatabaseResourceMatcher) String() string { return proto.CompactTextString(m) }
func (*DatabaseResourceMatcher) ProtoMessage() {}
func (*DatabaseResourceMatcher) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{290}
}
func (m *DatabaseResourceMatcher) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DatabaseResourceMatcher) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DatabaseResourceMatcher.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DatabaseResourceMatcher) XXX_Merge(src proto.Message) {
xxx_messageInfo_DatabaseResourceMatcher.Merge(m, src)
}
func (m *DatabaseResourceMatcher) XXX_Size() int {
return m.Size()
}
func (m *DatabaseResourceMatcher) XXX_DiscardUnknown() {
xxx_messageInfo_DatabaseResourceMatcher.DiscardUnknown(m)
}
var xxx_messageInfo_DatabaseResourceMatcher proto.InternalMessageInfo
// ResourceMatcherAWS contains AWS specific settings for resource matcher.
type ResourceMatcherAWS struct {
// AssumeRoleARN is an optional AWS role ARN to assume when accessing a database.
AssumeRoleARN string `protobuf:"bytes,1,opt,name=AssumeRoleARN,proto3" json:"assume_role_arn,omitempty"`
// ExternalID is an optional AWS external ID used to enable assuming an AWS role across accounts.
ExternalID string `protobuf:"bytes,2,opt,name=ExternalID,proto3" json:"external_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ResourceMatcherAWS) Reset() { *m = ResourceMatcherAWS{} }
func (m *ResourceMatcherAWS) String() string { return proto.CompactTextString(m) }
func (*ResourceMatcherAWS) ProtoMessage() {}
func (*ResourceMatcherAWS) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{291}
}
func (m *ResourceMatcherAWS) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ResourceMatcherAWS) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ResourceMatcherAWS.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ResourceMatcherAWS) XXX_Merge(src proto.Message) {
xxx_messageInfo_ResourceMatcherAWS.Merge(m, src)
}
func (m *ResourceMatcherAWS) XXX_Size() int {
return m.Size()
}
func (m *ResourceMatcherAWS) XXX_DiscardUnknown() {
xxx_messageInfo_ResourceMatcherAWS.DiscardUnknown(m)
}
var xxx_messageInfo_ResourceMatcherAWS proto.InternalMessageInfo
// ClusterAlert is a cluster-level alert message.
type ClusterAlert struct {
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
Spec ClusterAlertSpec `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ClusterAlert) Reset() { *m = ClusterAlert{} }
func (m *ClusterAlert) String() string { return proto.CompactTextString(m) }
func (*ClusterAlert) ProtoMessage() {}
func (*ClusterAlert) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{292}
}
func (m *ClusterAlert) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ClusterAlert) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ClusterAlert.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ClusterAlert) XXX_Merge(src proto.Message) {
xxx_messageInfo_ClusterAlert.Merge(m, src)
}
func (m *ClusterAlert) XXX_Size() int {
return m.Size()
}
func (m *ClusterAlert) XXX_DiscardUnknown() {
xxx_messageInfo_ClusterAlert.DiscardUnknown(m)
}
var xxx_messageInfo_ClusterAlert proto.InternalMessageInfo
// ClusterAlertSpec is a cluster alert specification.
type ClusterAlertSpec struct {
// Severity represents how problematic/urgent the alert is.
Severity AlertSeverity `protobuf:"varint,1,opt,name=Severity,proto3,enum=types.AlertSeverity" json:"severity"`
// Message is the user-facing message associated with the alert.
Message string `protobuf:"bytes,2,opt,name=Message,proto3" json:"message"`
// Created is the time at which the alert was generated.
Created time.Time `protobuf:"bytes,3,opt,name=Created,proto3,stdtime" json:"created,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ClusterAlertSpec) Reset() { *m = ClusterAlertSpec{} }
func (m *ClusterAlertSpec) String() string { return proto.CompactTextString(m) }
func (*ClusterAlertSpec) ProtoMessage() {}
func (*ClusterAlertSpec) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{293}
}
func (m *ClusterAlertSpec) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ClusterAlertSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ClusterAlertSpec.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ClusterAlertSpec) XXX_Merge(src proto.Message) {
xxx_messageInfo_ClusterAlertSpec.Merge(m, src)
}
func (m *ClusterAlertSpec) XXX_Size() int {
return m.Size()
}
func (m *ClusterAlertSpec) XXX_DiscardUnknown() {
xxx_messageInfo_ClusterAlertSpec.DiscardUnknown(m)
}
var xxx_messageInfo_ClusterAlertSpec proto.InternalMessageInfo
// GetClusterAlertsRequest matches cluster alerts.
type GetClusterAlertsRequest struct {
// Severity is an optional minimum severity.
Severity AlertSeverity `protobuf:"varint,1,opt,name=Severity,proto3,enum=types.AlertSeverity" json:"Severity,omitempty"`
// AlertID optionally specifies the ID of the alert being requested.
AlertID string `protobuf:"bytes,2,opt,name=AlertID,proto3" json:"AlertID,omitempty"`
// Labels is an optional label selector.
Labels map[string]string `protobuf:"bytes,3,rep,name=Labels,proto3" json:"Labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// WithSuperseded includes superseded alerts in the output of the request.
WithSuperseded bool `protobuf:"varint,4,opt,name=WithSuperseded,proto3" json:"WithSuperseded,omitempty"`
// WithAcknowledged includes acknowledged alerts in the output of the request.
WithAcknowledged bool `protobuf:"varint,5,opt,name=WithAcknowledged,proto3" json:"WithAcknowledged,omitempty"`
// WithUntargeted requests that alerts be included even if they are not specifically
// targeted toward the caller. This has no effect unless the caller has `cluster_alert:list`.
WithUntargeted bool `protobuf:"varint,6,opt,name=WithUntargeted,proto3" json:"WithUntargeted,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *GetClusterAlertsRequest) Reset() { *m = GetClusterAlertsRequest{} }
func (m *GetClusterAlertsRequest) String() string { return proto.CompactTextString(m) }
func (*GetClusterAlertsRequest) ProtoMessage() {}
func (*GetClusterAlertsRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{294}
}
func (m *GetClusterAlertsRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *GetClusterAlertsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_GetClusterAlertsRequest.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *GetClusterAlertsRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_GetClusterAlertsRequest.Merge(m, src)
}
func (m *GetClusterAlertsRequest) XXX_Size() int {
return m.Size()
}
func (m *GetClusterAlertsRequest) XXX_DiscardUnknown() {
xxx_messageInfo_GetClusterAlertsRequest.DiscardUnknown(m)
}
var xxx_messageInfo_GetClusterAlertsRequest proto.InternalMessageInfo
// AlertAcknowledgement marks a cluster alert as having been "acknowledged".
// This causes the alert to no longer be displayed in 'tsh login', UI banners,
// etc. Acknowledgements must have an expiry and a message describing why the
// alert can be considered acknowledged.
type AlertAcknowledgement struct {
// AlertID is the ID of the alert being acknowledged.
AlertID string `protobuf:"bytes,1,opt,name=AlertID,proto3" json:"alert_id,omitempty"`
// Reason describes the reason why the alert can be considered
// acknowledged (e.g. 'alice will fix next week').
Reason string `protobuf:"bytes,2,opt,name=Reason,proto3" json:"reason,omitempty"`
// Expires is the time after which the acknowledgement expires.
Expires time.Time `protobuf:"bytes,4,opt,name=Expires,proto3,stdtime" json:"expires,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AlertAcknowledgement) Reset() { *m = AlertAcknowledgement{} }
func (m *AlertAcknowledgement) String() string { return proto.CompactTextString(m) }
func (*AlertAcknowledgement) ProtoMessage() {}
func (*AlertAcknowledgement) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{295}
}
func (m *AlertAcknowledgement) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AlertAcknowledgement) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AlertAcknowledgement.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AlertAcknowledgement) XXX_Merge(src proto.Message) {
xxx_messageInfo_AlertAcknowledgement.Merge(m, src)
}
func (m *AlertAcknowledgement) XXX_Size() int {
return m.Size()
}
func (m *AlertAcknowledgement) XXX_DiscardUnknown() {
xxx_messageInfo_AlertAcknowledgement.DiscardUnknown(m)
}
var xxx_messageInfo_AlertAcknowledgement proto.InternalMessageInfo
// Release correspond to a Teleport Enterprise releases
type Release struct {
// NotesMD is the notes of the release in markdown
NotesMD string `protobuf:"bytes,1,opt,name=NotesMD,proto3" json:"notes_md"`
// Product is the release product, teleport or teleport-ent
Product string `protobuf:"bytes,2,opt,name=Product,proto3" json:"product"`
// ReleaseID is the ID of the product
ReleaseID string `protobuf:"bytes,3,opt,name=ReleaseID,proto3" json:"release_id"`
// Status is the status of the release
Status string `protobuf:"bytes,4,opt,name=Status,proto3" json:"status"`
// Version is the version of the release
Version string `protobuf:"bytes,5,opt,name=Version,proto3" json:"version"`
// Assets is a list of assets related to the release
Assets []*Asset `protobuf:"bytes,6,rep,name=Assets,proto3" json:"assets"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Release) Reset() { *m = Release{} }
func (m *Release) String() string { return proto.CompactTextString(m) }
func (*Release) ProtoMessage() {}
func (*Release) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{296}
}
func (m *Release) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Release) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Release.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Release) XXX_Merge(src proto.Message) {
xxx_messageInfo_Release.Merge(m, src)
}
func (m *Release) XXX_Size() int {
return m.Size()
}
func (m *Release) XXX_DiscardUnknown() {
xxx_messageInfo_Release.DiscardUnknown(m)
}
var xxx_messageInfo_Release proto.InternalMessageInfo
// Asset represents a release asset
type Asset struct {
// Arch is the architecture of the asset
Arch string `protobuf:"bytes,1,opt,name=Arch,proto3" json:"arch"`
// Description is the description of the asset
Description string `protobuf:"bytes,2,opt,name=Description,proto3" json:"description"`
// Name is the name of the asset
Name string `protobuf:"bytes,3,opt,name=Name,proto3" json:"name"`
// OS is which OS the asset is built for
OS string `protobuf:"bytes,4,opt,name=OS,proto3" json:"os"`
// SHA256 is the sha256 of the asset
SHA256 string `protobuf:"bytes,5,opt,name=SHA256,proto3" json:"sha256"`
// Size is the size of the release in bytes
AssetSize int64 `protobuf:"varint,6,opt,name=AssetSize,proto3" json:"asset_size"`
// DisplaySize is the human-readable size of the asset
DisplaySize string `protobuf:"bytes,7,opt,name=DisplaySize,proto3" json:"display_size"`
// ReleaseIDs is a list of releases that have the asset included
ReleaseIDs []string `protobuf:"bytes,8,rep,name=ReleaseIDs,proto3" json:"release_ids"`
// PublicURL is the public URL used to download the asset
PublicURL string `protobuf:"bytes,9,opt,name=PublicURL,proto3" json:"public_url"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Asset) Reset() { *m = Asset{} }
func (m *Asset) String() string { return proto.CompactTextString(m) }
func (*Asset) ProtoMessage() {}
func (*Asset) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{297}
}
func (m *Asset) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Asset) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Asset.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Asset) XXX_Merge(src proto.Message) {
xxx_messageInfo_Asset.Merge(m, src)
}
func (m *Asset) XXX_Size() int {
return m.Size()
}
func (m *Asset) XXX_DiscardUnknown() {
xxx_messageInfo_Asset.DiscardUnknown(m)
}
var xxx_messageInfo_Asset proto.InternalMessageInfo
// Plugin describes a single instance of a Teleport Plugin
type PluginV1 struct {
// kind is the plugin resource kind.
Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"`
// sub_kind is an optional resource subkind.
SubKind string `protobuf:"bytes,2,opt,name=sub_kind,json=subKind,proto3" json:"sub_kind,omitempty"`
// version is the resource version.
Version string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
// metadata is the resource metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=metadata,proto3" json:"metadata"`
Spec PluginSpecV1 `protobuf:"bytes,5,opt,name=spec,proto3" json:"spec"`
Status PluginStatusV1 `protobuf:"bytes,6,opt,name=status,proto3" json:"status"`
// credentials are "live" credentials to the 3rd party API.
// These are considered secrets.
Credentials *PluginCredentialsV1 `protobuf:"bytes,7,opt,name=credentials,proto3" json:"credentials,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginV1) Reset() { *m = PluginV1{} }
func (m *PluginV1) String() string { return proto.CompactTextString(m) }
func (*PluginV1) ProtoMessage() {}
func (*PluginV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{298}
}
func (m *PluginV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginV1.Merge(m, src)
}
func (m *PluginV1) XXX_Size() int {
return m.Size()
}
func (m *PluginV1) XXX_DiscardUnknown() {
xxx_messageInfo_PluginV1.DiscardUnknown(m)
}
var xxx_messageInfo_PluginV1 proto.InternalMessageInfo
type PluginSpecV1 struct {
// settings contain provider-specific plugin options.
//
// Types that are valid to be assigned to Settings:
// *PluginSpecV1_SlackAccessPlugin
// *PluginSpecV1_Opsgenie
// *PluginSpecV1_Openai
// *PluginSpecV1_Okta
// *PluginSpecV1_Jamf
// *PluginSpecV1_PagerDuty
// *PluginSpecV1_Mattermost
// *PluginSpecV1_Jira
// *PluginSpecV1_Discord
// *PluginSpecV1_ServiceNow
// *PluginSpecV1_Gitlab
// *PluginSpecV1_EntraId
// *PluginSpecV1_Scim
// *PluginSpecV1_Datadog
// *PluginSpecV1_AwsIc
// *PluginSpecV1_Email
// *PluginSpecV1_Msteams
// *PluginSpecV1_NetIq
// *PluginSpecV1_Github
// *PluginSpecV1_Intune
Settings isPluginSpecV1_Settings `protobuf_oneof:"settings"`
// generation contains a unique ID that should:
// - Be created by the backend on plugin creation.
// - Be updated by the backend if the plugin is updated in any way.
//
// For older plugins, it's possible for this to be empty.
Generation string `protobuf:"bytes,11,opt,name=generation,proto3" json:"generation,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginSpecV1) Reset() { *m = PluginSpecV1{} }
func (m *PluginSpecV1) String() string { return proto.CompactTextString(m) }
func (*PluginSpecV1) ProtoMessage() {}
func (*PluginSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{299}
}
func (m *PluginSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginSpecV1.Merge(m, src)
}
func (m *PluginSpecV1) XXX_Size() int {
return m.Size()
}
func (m *PluginSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_PluginSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_PluginSpecV1 proto.InternalMessageInfo
type isPluginSpecV1_Settings interface {
isPluginSpecV1_Settings()
Equal(interface{}) bool
MarshalTo([]byte) (int, error)
Size() int
}
type PluginSpecV1_SlackAccessPlugin struct {
SlackAccessPlugin *PluginSlackAccessSettings `protobuf:"bytes,1,opt,name=slack_access_plugin,json=slackAccessPlugin,proto3,oneof" json:"slack_access_plugin,omitempty"`
}
type PluginSpecV1_Opsgenie struct {
Opsgenie *PluginOpsgenieAccessSettings `protobuf:"bytes,2,opt,name=opsgenie,proto3,oneof" json:"opsgenie,omitempty"`
}
type PluginSpecV1_Openai struct {
Openai *PluginOpenAISettings `protobuf:"bytes,3,opt,name=openai,proto3,oneof" json:"openai,omitempty"`
}
type PluginSpecV1_Okta struct {
Okta *PluginOktaSettings `protobuf:"bytes,4,opt,name=okta,proto3,oneof" json:"okta,omitempty"`
}
type PluginSpecV1_Jamf struct {
Jamf *PluginJamfSettings `protobuf:"bytes,5,opt,name=jamf,proto3,oneof" json:"jamf,omitempty"`
}
type PluginSpecV1_PagerDuty struct {
PagerDuty *PluginPagerDutySettings `protobuf:"bytes,6,opt,name=pager_duty,json=pagerDuty,proto3,oneof" json:"pager_duty,omitempty"`
}
type PluginSpecV1_Mattermost struct {
Mattermost *PluginMattermostSettings `protobuf:"bytes,7,opt,name=mattermost,proto3,oneof" json:"mattermost,omitempty"`
}
type PluginSpecV1_Jira struct {
Jira *PluginJiraSettings `protobuf:"bytes,8,opt,name=jira,proto3,oneof" json:"jira,omitempty"`
}
type PluginSpecV1_Discord struct {
Discord *PluginDiscordSettings `protobuf:"bytes,9,opt,name=discord,proto3,oneof" json:"discord,omitempty"`
}
type PluginSpecV1_ServiceNow struct {
ServiceNow *PluginServiceNowSettings `protobuf:"bytes,10,opt,name=serviceNow,proto3,oneof" json:"serviceNow,omitempty"`
}
type PluginSpecV1_Gitlab struct {
Gitlab *PluginGitlabSettings `protobuf:"bytes,12,opt,name=gitlab,proto3,oneof" json:"gitlab,omitempty"`
}
type PluginSpecV1_EntraId struct {
EntraId *PluginEntraIDSettings `protobuf:"bytes,13,opt,name=entra_id,json=entraId,proto3,oneof" json:"entra_id,omitempty"`
}
type PluginSpecV1_Scim struct {
Scim *PluginSCIMSettings `protobuf:"bytes,14,opt,name=scim,proto3,oneof" json:"scim,omitempty"`
}
type PluginSpecV1_Datadog struct {
Datadog *PluginDatadogAccessSettings `protobuf:"bytes,15,opt,name=datadog,proto3,oneof" json:"datadog,omitempty"`
}
type PluginSpecV1_AwsIc struct {
AwsIc *PluginAWSICSettings `protobuf:"bytes,16,opt,name=aws_ic,json=awsIc,proto3,oneof" json:"aws_ic,omitempty"`
}
type PluginSpecV1_Email struct {
Email *PluginEmailSettings `protobuf:"bytes,17,opt,name=email,proto3,oneof" json:"email,omitempty"`
}
type PluginSpecV1_Msteams struct {
Msteams *PluginMSTeamsSettings `protobuf:"bytes,18,opt,name=msteams,proto3,oneof" json:"msteams,omitempty"`
}
type PluginSpecV1_NetIq struct {
NetIq *PluginNetIQSettings `protobuf:"bytes,19,opt,name=net_iq,json=netIq,proto3,oneof" json:"net_iq,omitempty"`
}
type PluginSpecV1_Github struct {
Github *PluginGithubSettings `protobuf:"bytes,20,opt,name=github,proto3,oneof" json:"github,omitempty"`
}
type PluginSpecV1_Intune struct {
Intune *PluginIntuneSettings `protobuf:"bytes,21,opt,name=intune,proto3,oneof" json:"intune,omitempty"`
}
func (*PluginSpecV1_SlackAccessPlugin) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_Opsgenie) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_Openai) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_Okta) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_Jamf) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_PagerDuty) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_Mattermost) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_Jira) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_Discord) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_ServiceNow) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_Gitlab) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_EntraId) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_Scim) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_Datadog) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_AwsIc) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_Email) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_Msteams) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_NetIq) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_Github) isPluginSpecV1_Settings() {}
func (*PluginSpecV1_Intune) isPluginSpecV1_Settings() {}
func (m *PluginSpecV1) GetSettings() isPluginSpecV1_Settings {
if m != nil {
return m.Settings
}
return nil
}
func (m *PluginSpecV1) GetSlackAccessPlugin() *PluginSlackAccessSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_SlackAccessPlugin); ok {
return x.SlackAccessPlugin
}
return nil
}
func (m *PluginSpecV1) GetOpsgenie() *PluginOpsgenieAccessSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_Opsgenie); ok {
return x.Opsgenie
}
return nil
}
func (m *PluginSpecV1) GetOpenai() *PluginOpenAISettings {
if x, ok := m.GetSettings().(*PluginSpecV1_Openai); ok {
return x.Openai
}
return nil
}
func (m *PluginSpecV1) GetOkta() *PluginOktaSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_Okta); ok {
return x.Okta
}
return nil
}
func (m *PluginSpecV1) GetJamf() *PluginJamfSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_Jamf); ok {
return x.Jamf
}
return nil
}
func (m *PluginSpecV1) GetPagerDuty() *PluginPagerDutySettings {
if x, ok := m.GetSettings().(*PluginSpecV1_PagerDuty); ok {
return x.PagerDuty
}
return nil
}
func (m *PluginSpecV1) GetMattermost() *PluginMattermostSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_Mattermost); ok {
return x.Mattermost
}
return nil
}
func (m *PluginSpecV1) GetJira() *PluginJiraSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_Jira); ok {
return x.Jira
}
return nil
}
func (m *PluginSpecV1) GetDiscord() *PluginDiscordSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_Discord); ok {
return x.Discord
}
return nil
}
func (m *PluginSpecV1) GetServiceNow() *PluginServiceNowSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_ServiceNow); ok {
return x.ServiceNow
}
return nil
}
func (m *PluginSpecV1) GetGitlab() *PluginGitlabSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_Gitlab); ok {
return x.Gitlab
}
return nil
}
func (m *PluginSpecV1) GetEntraId() *PluginEntraIDSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_EntraId); ok {
return x.EntraId
}
return nil
}
func (m *PluginSpecV1) GetScim() *PluginSCIMSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_Scim); ok {
return x.Scim
}
return nil
}
func (m *PluginSpecV1) GetDatadog() *PluginDatadogAccessSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_Datadog); ok {
return x.Datadog
}
return nil
}
func (m *PluginSpecV1) GetAwsIc() *PluginAWSICSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_AwsIc); ok {
return x.AwsIc
}
return nil
}
func (m *PluginSpecV1) GetEmail() *PluginEmailSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_Email); ok {
return x.Email
}
return nil
}
func (m *PluginSpecV1) GetMsteams() *PluginMSTeamsSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_Msteams); ok {
return x.Msteams
}
return nil
}
func (m *PluginSpecV1) GetNetIq() *PluginNetIQSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_NetIq); ok {
return x.NetIq
}
return nil
}
func (m *PluginSpecV1) GetGithub() *PluginGithubSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_Github); ok {
return x.Github
}
return nil
}
func (m *PluginSpecV1) GetIntune() *PluginIntuneSettings {
if x, ok := m.GetSettings().(*PluginSpecV1_Intune); ok {
return x.Intune
}
return nil
}
// XXX_OneofWrappers is for the internal use of the proto package.
func (*PluginSpecV1) XXX_OneofWrappers() []interface{} {
return []interface{}{
(*PluginSpecV1_SlackAccessPlugin)(nil),
(*PluginSpecV1_Opsgenie)(nil),
(*PluginSpecV1_Openai)(nil),
(*PluginSpecV1_Okta)(nil),
(*PluginSpecV1_Jamf)(nil),
(*PluginSpecV1_PagerDuty)(nil),
(*PluginSpecV1_Mattermost)(nil),
(*PluginSpecV1_Jira)(nil),
(*PluginSpecV1_Discord)(nil),
(*PluginSpecV1_ServiceNow)(nil),
(*PluginSpecV1_Gitlab)(nil),
(*PluginSpecV1_EntraId)(nil),
(*PluginSpecV1_Scim)(nil),
(*PluginSpecV1_Datadog)(nil),
(*PluginSpecV1_AwsIc)(nil),
(*PluginSpecV1_Email)(nil),
(*PluginSpecV1_Msteams)(nil),
(*PluginSpecV1_NetIq)(nil),
(*PluginSpecV1_Github)(nil),
(*PluginSpecV1_Intune)(nil),
}
}
// PluginGithubSettings defines the configuration parameters required for a plugin
// to connect to and interact with a specific GitHub organization's API.
type PluginGithubSettings struct {
// Base URL for the GitHub API endpoint.
// For GitHub Enterprise, set to your instance URL (ex.: "https://github.mycompany.com/api/v3/").
// If empty, defaults to the public GitHub API ("https://api.github.com/").
ApiEndpoint string `protobuf:"bytes,1,opt,name=api_endpoint,json=apiEndpoint,proto3" json:"api_endpoint,omitempty"`
// The Client ID of the OAuth application registered with GitHub, used for API authentication.
// ex.: "Iv1.123abc456def7890".
ClientId string `protobuf:"bytes,2,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
// The name of the GitHub organization that this plugin configuration targets.
// ex.: "octo-org".
OrganizationName string `protobuf:"bytes,3,opt,name=organization_name,json=organizationName,proto3" json:"organization_name,omitempty"`
// The date from which the plugin should start fetching data (ex.: audit logs, events)
// from GitHub for the specified organization. This field is effectively required.
StartDate time.Time `protobuf:"bytes,4,opt,name=start_date,json=startDate,proto3,stdtime" json:"start_date"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginGithubSettings) Reset() { *m = PluginGithubSettings{} }
func (m *PluginGithubSettings) String() string { return proto.CompactTextString(m) }
func (*PluginGithubSettings) ProtoMessage() {}
func (*PluginGithubSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{300}
}
func (m *PluginGithubSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginGithubSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginGithubSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginGithubSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginGithubSettings.Merge(m, src)
}
func (m *PluginGithubSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginGithubSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginGithubSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginGithubSettings proto.InternalMessageInfo
type PluginSlackAccessSettings struct {
FallbackChannel string `protobuf:"bytes,1,opt,name=fallback_channel,json=fallbackChannel,proto3" json:"fallback_channel,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginSlackAccessSettings) Reset() { *m = PluginSlackAccessSettings{} }
func (m *PluginSlackAccessSettings) String() string { return proto.CompactTextString(m) }
func (*PluginSlackAccessSettings) ProtoMessage() {}
func (*PluginSlackAccessSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{301}
}
func (m *PluginSlackAccessSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginSlackAccessSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginSlackAccessSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginSlackAccessSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginSlackAccessSettings.Merge(m, src)
}
func (m *PluginSlackAccessSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginSlackAccessSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginSlackAccessSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginSlackAccessSettings proto.InternalMessageInfo
type PluginGitlabSettings struct {
// APIEndpoint is the address of Gitlab API.
ApiEndpoint string `protobuf:"bytes,1,opt,name=api_endpoint,json=apiEndpoint,proto3" json:"api_endpoint,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginGitlabSettings) Reset() { *m = PluginGitlabSettings{} }
func (m *PluginGitlabSettings) String() string { return proto.CompactTextString(m) }
func (*PluginGitlabSettings) ProtoMessage() {}
func (*PluginGitlabSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{302}
}
func (m *PluginGitlabSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginGitlabSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginGitlabSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginGitlabSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginGitlabSettings.Merge(m, src)
}
func (m *PluginGitlabSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginGitlabSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginGitlabSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginGitlabSettings proto.InternalMessageInfo
type PluginOpsgenieAccessSettings struct {
// Priority to create Opsgenie alerts with
Priority string `protobuf:"bytes,2,opt,name=priority,proto3" json:"priority,omitempty"`
// List of tags to be added to alerts created in Opsgenie
AlertTags []string `protobuf:"bytes,3,rep,name=alert_tags,json=alertTags,proto3" json:"alert_tags,omitempty"`
// Default on-call schedules to check if none are provided in the access request annotations
DefaultSchedules []string `protobuf:"bytes,4,rep,name=default_schedules,json=defaultSchedules,proto3" json:"default_schedules,omitempty"`
// APIEndpoint is the address of Opsgenie API.
ApiEndpoint string `protobuf:"bytes,5,opt,name=api_endpoint,json=apiEndpoint,proto3" json:"api_endpoint,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginOpsgenieAccessSettings) Reset() { *m = PluginOpsgenieAccessSettings{} }
func (m *PluginOpsgenieAccessSettings) String() string { return proto.CompactTextString(m) }
func (*PluginOpsgenieAccessSettings) ProtoMessage() {}
func (*PluginOpsgenieAccessSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{303}
}
func (m *PluginOpsgenieAccessSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginOpsgenieAccessSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginOpsgenieAccessSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginOpsgenieAccessSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginOpsgenieAccessSettings.Merge(m, src)
}
func (m *PluginOpsgenieAccessSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginOpsgenieAccessSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginOpsgenieAccessSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginOpsgenieAccessSettings proto.InternalMessageInfo
// PluginServiceNowSettings are the settings for the serviceNow plugin
type PluginServiceNowSettings struct {
// ApiEndpoint is the ServiceNow API endpoint.
ApiEndpoint string `protobuf:"bytes,1,opt,name=api_endpoint,json=apiEndpoint,proto3" json:"api_endpoint,omitempty"`
// Username is the ServiceNow API username.
Username string `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`
// Password is the ServiceNow API password.
Password string `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty"`
// CloseCode is the close code that ServiceNow incidents will use.
CloseCode string `protobuf:"bytes,4,opt,name=close_code,json=closeCode,proto3" json:"close_code,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginServiceNowSettings) Reset() { *m = PluginServiceNowSettings{} }
func (m *PluginServiceNowSettings) String() string { return proto.CompactTextString(m) }
func (*PluginServiceNowSettings) ProtoMessage() {}
func (*PluginServiceNowSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{304}
}
func (m *PluginServiceNowSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginServiceNowSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginServiceNowSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginServiceNowSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginServiceNowSettings.Merge(m, src)
}
func (m *PluginServiceNowSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginServiceNowSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginServiceNowSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginServiceNowSettings proto.InternalMessageInfo
type PluginPagerDutySettings struct {
// UserEmail is the email address of the PagerDuty user that will be
// listed as the reporter source of incidents, comments, etc
// within PagerDuty. Should usually be the same user the API key
// represents.
UserEmail string `protobuf:"bytes,1,opt,name=user_email,json=userEmail,proto3" json:"user_email,omitempty"`
// APIEndpoint is the address of PagerDuty API.
ApiEndpoint string `protobuf:"bytes,2,opt,name=api_endpoint,json=apiEndpoint,proto3" json:"api_endpoint,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginPagerDutySettings) Reset() { *m = PluginPagerDutySettings{} }
func (m *PluginPagerDutySettings) String() string { return proto.CompactTextString(m) }
func (*PluginPagerDutySettings) ProtoMessage() {}
func (*PluginPagerDutySettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{305}
}
func (m *PluginPagerDutySettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginPagerDutySettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginPagerDutySettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginPagerDutySettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginPagerDutySettings.Merge(m, src)
}
func (m *PluginPagerDutySettings) XXX_Size() int {
return m.Size()
}
func (m *PluginPagerDutySettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginPagerDutySettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginPagerDutySettings proto.InternalMessageInfo
type PluginJiraSettings struct {
// ServerURL is the address of the target JIRA Server instance.
ServerUrl string `protobuf:"bytes,1,opt,name=server_url,json=serverUrl,proto3" json:"server_url,omitempty"`
// ProjectKey is the key of the Jira project that will receive
// notifications and issues from the plugin.
ProjectKey string `protobuf:"bytes,2,opt,name=project_key,json=projectKey,proto3" json:"project_key,omitempty"`
// IssueType is the type of Jira Issue that the plugin will create
IssueType string `protobuf:"bytes,3,opt,name=issue_type,json=issueType,proto3" json:"issue_type,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginJiraSettings) Reset() { *m = PluginJiraSettings{} }
func (m *PluginJiraSettings) String() string { return proto.CompactTextString(m) }
func (*PluginJiraSettings) ProtoMessage() {}
func (*PluginJiraSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{306}
}
func (m *PluginJiraSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginJiraSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginJiraSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginJiraSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginJiraSettings.Merge(m, src)
}
func (m *PluginJiraSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginJiraSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginJiraSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginJiraSettings proto.InternalMessageInfo
// Defines settings for the OpenAI plugin. Currently there are no settings.
type PluginOpenAISettings struct {
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginOpenAISettings) Reset() { *m = PluginOpenAISettings{} }
func (m *PluginOpenAISettings) String() string { return proto.CompactTextString(m) }
func (*PluginOpenAISettings) ProtoMessage() {}
func (*PluginOpenAISettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{307}
}
func (m *PluginOpenAISettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginOpenAISettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginOpenAISettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginOpenAISettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginOpenAISettings.Merge(m, src)
}
func (m *PluginOpenAISettings) XXX_Size() int {
return m.Size()
}
func (m *PluginOpenAISettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginOpenAISettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginOpenAISettings proto.InternalMessageInfo
// Defines settings for the Mattermost plugin.
type PluginMattermostSettings struct {
// serverURL is the URL to access Mattermost.
ServerUrl string `protobuf:"bytes,1,opt,name=server_url,json=serverUrl,proto3" json:"server_url,omitempty"`
// team is the Mattermost workspace.
Team string `protobuf:"bytes,2,opt,name=team,proto3" json:"team,omitempty"`
// channel is the Mattermost channel in the workspace
// (team) to send notifications to.
Channel string `protobuf:"bytes,3,opt,name=channel,proto3" json:"channel,omitempty"`
// report_to_email is an optional email address of a Mattermost user
// to notify via a direct message when the plugin receives an
// Access Request event.
ReportToEmail string `protobuf:"bytes,4,opt,name=report_to_email,json=reportToEmail,proto3" json:"report_to_email,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginMattermostSettings) Reset() { *m = PluginMattermostSettings{} }
func (m *PluginMattermostSettings) String() string { return proto.CompactTextString(m) }
func (*PluginMattermostSettings) ProtoMessage() {}
func (*PluginMattermostSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{308}
}
func (m *PluginMattermostSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginMattermostSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginMattermostSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginMattermostSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginMattermostSettings.Merge(m, src)
}
func (m *PluginMattermostSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginMattermostSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginMattermostSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginMattermostSettings proto.InternalMessageInfo
// Defines settings for Jamf plugin.
type PluginJamfSettings struct {
// Jamf service spec
JamfSpec *JamfSpecV1 `protobuf:"bytes,1,opt,name=jamf_spec,json=jamfSpec,proto3" json:"jamf_spec,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginJamfSettings) Reset() { *m = PluginJamfSettings{} }
func (m *PluginJamfSettings) String() string { return proto.CompactTextString(m) }
func (*PluginJamfSettings) ProtoMessage() {}
func (*PluginJamfSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{309}
}
func (m *PluginJamfSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginJamfSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginJamfSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginJamfSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginJamfSettings.Merge(m, src)
}
func (m *PluginJamfSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginJamfSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginJamfSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginJamfSettings proto.InternalMessageInfo
// Defines settings for Intune plugin.
type PluginIntuneSettings struct {
// Tenant is the primary domain name (e.g. contoso.onmicrosoft.com) or the tenant ID (e.g.
// 38d49456-54d4-455d-a8d6-c383c71e0a6d) of an organization within Microsoft Entra ID.
//
// https://learn.microsoft.com/en-us/partner-center/account-settings/find-ids-and-domain-names#find-the-microsoft-entra-tenant-id-and-primary-domain-name
Tenant string `protobuf:"bytes,1,opt,name=tenant,proto3" json:"tenant,omitempty"`
// login_endpoint points to one of the national deployments of Microsoft Entra ID.
// Optional, defaults to "https://login.microsoftonline.com".
//
// https://learn.microsoft.com/en-us/graph/deployments
LoginEndpoint string `protobuf:"bytes,2,opt,name=login_endpoint,json=loginEndpoint,proto3" json:"login_endpoint,omitempty"`
// graph_endpoint points to one of the national deployments of Microsoft Graph.
// Optional, defaults to "https://graph.microsoft.com".
//
// https://learn.microsoft.com/en-us/graph/deployments
GraphEndpoint string `protobuf:"bytes,3,opt,name=graph_endpoint,json=graphEndpoint,proto3" json:"graph_endpoint,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginIntuneSettings) Reset() { *m = PluginIntuneSettings{} }
func (m *PluginIntuneSettings) String() string { return proto.CompactTextString(m) }
func (*PluginIntuneSettings) ProtoMessage() {}
func (*PluginIntuneSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{310}
}
func (m *PluginIntuneSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginIntuneSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginIntuneSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginIntuneSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginIntuneSettings.Merge(m, src)
}
func (m *PluginIntuneSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginIntuneSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginIntuneSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginIntuneSettings proto.InternalMessageInfo
// Defines settings for the Okta plugin.
type PluginOktaSettings struct {
// OrgUrl is the Okta organization URL to use for API communication.
OrgUrl string `protobuf:"bytes,1,opt,name=org_url,json=orgUrl,proto3" json:"org_url,omitempty"`
// EnableUserSync controls the user sync in the Okta integration service. Deprecated.
// TODO(mdwn): Remove once e changes have been made.
EnableUserSync bool `protobuf:"varint,2,opt,name=enable_user_sync,json=enableUserSync,proto3" json:"enable_user_sync,omitempty"`
// SSOConnectorID (deprecated)
// TODO(mdwn): Remove once e changes have been made.
SsoConnectorId string `protobuf:"bytes,3,opt,name=sso_connector_id,json=ssoConnectorId,proto3" json:"sso_connector_id,omitempty"`
// Sync settings controls the user and access list sync settings for Okta.
SyncSettings *PluginOktaSyncSettings `protobuf:"bytes,4,opt,name=sync_settings,json=syncSettings,proto3" json:"sync_settings,omitempty"`
// CredentialsInfo contains information about the Okta credentials.
CredentialsInfo *PluginOktaCredentialsInfo `protobuf:"bytes,5,opt,name=credentials_info,json=credentialsInfo,proto3" json:"credentials_info,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginOktaSettings) Reset() { *m = PluginOktaSettings{} }
func (m *PluginOktaSettings) String() string { return proto.CompactTextString(m) }
func (*PluginOktaSettings) ProtoMessage() {}
func (*PluginOktaSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{311}
}
func (m *PluginOktaSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginOktaSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginOktaSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginOktaSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginOktaSettings.Merge(m, src)
}
func (m *PluginOktaSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginOktaSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginOktaSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginOktaSettings proto.InternalMessageInfo
// PluginOktaCredentialsInfo contains information about the Okta credentials.
// This is used to determine if the plugin has configured the necessary credentials.
type PluginOktaCredentialsInfo struct {
// HasSSMSToken is true if the plugin has configured SSMSToken.
HasSsmToken bool `protobuf:"varint,1,opt,name=has_ssm_token,json=hasSsmToken,proto3" json:"has_ssm_token,omitempty"`
// HasOauthCredentials is true if the plugin has configured OauthCredentials.
HasOauthCredentials bool `protobuf:"varint,2,opt,name=has_oauth_credentials,json=hasOauthCredentials,proto3" json:"has_oauth_credentials,omitempty"`
// HasSCIMToken is true if the plugin has configured SCIMToken.
HasScimToken bool `protobuf:"varint,3,opt,name=has_scim_token,json=hasScimToken,proto3" json:"has_scim_token,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginOktaCredentialsInfo) Reset() { *m = PluginOktaCredentialsInfo{} }
func (m *PluginOktaCredentialsInfo) String() string { return proto.CompactTextString(m) }
func (*PluginOktaCredentialsInfo) ProtoMessage() {}
func (*PluginOktaCredentialsInfo) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{312}
}
func (m *PluginOktaCredentialsInfo) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginOktaCredentialsInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginOktaCredentialsInfo.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginOktaCredentialsInfo) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginOktaCredentialsInfo.Merge(m, src)
}
func (m *PluginOktaCredentialsInfo) XXX_Size() int {
return m.Size()
}
func (m *PluginOktaCredentialsInfo) XXX_DiscardUnknown() {
xxx_messageInfo_PluginOktaCredentialsInfo.DiscardUnknown(m)
}
var xxx_messageInfo_PluginOktaCredentialsInfo proto.InternalMessageInfo
// Defines settings for syncing users and access lists from Okta.
type PluginOktaSyncSettings struct {
// SyncUsers controls the user sync in the Okta integration service. The source of truth for the
// users is defined by UserSyncSource.
SyncUsers bool `protobuf:"varint,1,opt,name=sync_users,json=syncUsers,proto3" json:"sync_users,omitempty"`
// SSOConnectorID is the name of the Teleport SSO connector created and used by the Okta plugin
SsoConnectorId string `protobuf:"bytes,2,opt,name=sso_connector_id,json=ssoConnectorId,proto3" json:"sso_connector_id,omitempty"`
// SyncAccessLists controls the access list sync in the Okta integration service.
SyncAccessLists bool `protobuf:"varint,3,opt,name=sync_access_lists,json=syncAccessLists,proto3" json:"sync_access_lists,omitempty"`
// DefaultOwners are the default owners for all imported access lists.
DefaultOwners []string `protobuf:"bytes,4,rep,name=default_owners,json=defaultOwners,proto3" json:"default_owners,omitempty"`
// AppID is the Okta-assigned ID of the Okta App that Teleport uses as a
// gateway to interact with Okta for SAML login, SCIM provisioning and user
// sync. When set, user sync will pull users from the assignment list for this
// app.
AppId string `protobuf:"bytes,5,opt,name=app_id,json=appId,proto3" json:"app_id,omitempty"`
// GroupFilters are filters for which Okta groups to synchronize as access lists.
// Filters can be globs, for example:
// group*
// *service*
// Or regexes if they're prefixed and suffixed with ^ and $, for example:
// ^group.*$
// ^.*service.*$
GroupFilters []string `protobuf:"bytes,6,rep,name=group_filters,json=groupFilters,proto3" json:"group_filters,omitempty"`
// AppFilters are filters for which Okta applications to synchronize as access lists.
// Filters can be globs, for example:
// app*
// *service*
// Or regexes if they're prefixed and suffixed with ^ and $, for example:
// ^app.*$
// ^.*service.*$
AppFilters []string `protobuf:"bytes,7,rep,name=app_filters,json=appFilters,proto3" json:"app_filters,omitempty"`
// AppName is the Okta-assigned unique name of the Okta App that Teleport uses
// as a gateway to interact with Okta for SAML login, SCIM provisioning and user
// sync.
AppName string `protobuf:"bytes,8,opt,name=app_name,json=appName,proto3" json:"app_name,omitempty"`
// DisableSyncAppGroups disables syncing of app groups from Okta.
// This is useful when the app groups are not needed in Teleport.
// and integration with Okta is only used for user sync.
DisableSyncAppGroups bool `protobuf:"varint,9,opt,name=disable_sync_app_groups,json=disableSyncAppGroups,proto3" json:"disable_sync_app_groups,omitempty"`
// DisableBidirectionalSync prevents syncing anything from Teleport to Okta. I.e. prevents
// creating Okta assignments.
DisableBidirectionalSync bool `protobuf:"varint,10,opt,name=disable_bidirectional_sync,json=disableBidirectionalSync,proto3" json:"disable_bidirectional_sync,omitempty"`
// UserSyncSource defines the source of truth for Okta users. It can be one of "" (empty string),
// "saml_app" or "org". "saml_app" is set for all newly created plugins and indicates that source
// of truth for the sync are users assigned to the connector Okta SAML application. "org" is the
// legacy setting indicating that the source of truth for users are all the users from the Okta
// organization. If it's an empty string and UserSync is true, that means it's a legacy plugin
// that has not been yet updated and during the next update the value will be set to "org" if
// AppID is empty or "saml_app" if not.
UserSyncSource string `protobuf:"bytes,11,opt,name=user_sync_source,json=userSyncSource,proto3" json:"user_sync_source,omitempty"`
// EnableSystemLogExport enables the Teleport Identity Security SIEM integration for Okta.
EnableSystemLogExport bool `protobuf:"varint,12,opt,name=enable_system_log_export,json=enableSystemLogExport,proto3" json:"enable_system_log_export,omitempty"`
// DisableAssignDefaultRoles prevents the builtin okta-requester role from being assigned to all
// synchronized users. This is allows for a more advanced RBAC setup where not all
// Okta-originated users are allowed request all Okta-originated resources.
DisableAssignDefaultRoles bool `protobuf:"varint,13,opt,name=disable_assign_default_roles,json=disableAssignDefaultRoles,proto3" json:"disable_assign_default_roles,omitempty"`
// TimeBetweenImports controls the time between Okta syncs. I.e. importing Okta users, apps and
// groups to teleport. This doesn't affect how quickly Teleport changes are propagated to Okta if
// bidirectional sync is enabled. The default value is 30m.
TimeBetweenImports string `protobuf:"bytes,14,opt,name=time_between_imports,json=timeBetweenImports,proto3" json:"time_between_imports,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginOktaSyncSettings) Reset() { *m = PluginOktaSyncSettings{} }
func (m *PluginOktaSyncSettings) String() string { return proto.CompactTextString(m) }
func (*PluginOktaSyncSettings) ProtoMessage() {}
func (*PluginOktaSyncSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{313}
}
func (m *PluginOktaSyncSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginOktaSyncSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginOktaSyncSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginOktaSyncSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginOktaSyncSettings.Merge(m, src)
}
func (m *PluginOktaSyncSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginOktaSyncSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginOktaSyncSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginOktaSyncSettings proto.InternalMessageInfo
// Defines a set of discord channel IDs
type DiscordChannels struct {
ChannelIds []string `protobuf:"bytes,1,rep,name=channel_ids,json=channelIds,proto3" json:"channel_ids,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *DiscordChannels) Reset() { *m = DiscordChannels{} }
func (m *DiscordChannels) String() string { return proto.CompactTextString(m) }
func (*DiscordChannels) ProtoMessage() {}
func (*DiscordChannels) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{314}
}
func (m *DiscordChannels) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *DiscordChannels) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_DiscordChannels.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *DiscordChannels) XXX_Merge(src proto.Message) {
xxx_messageInfo_DiscordChannels.Merge(m, src)
}
func (m *DiscordChannels) XXX_Size() int {
return m.Size()
}
func (m *DiscordChannels) XXX_DiscardUnknown() {
xxx_messageInfo_DiscordChannels.DiscardUnknown(m)
}
var xxx_messageInfo_DiscordChannels proto.InternalMessageInfo
// Defines settings for the discord plugin
type PluginDiscordSettings struct {
// RoleToRecipients maps Teleport roles (by name) to the set of Discord
// channel IDs that will receive notifications and requests regarding that
// that Role.
RoleToRecipients map[string]*DiscordChannels `protobuf:"bytes,1,rep,name=role_to_recipients,json=roleToRecipients,proto3" json:"role_to_recipients,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginDiscordSettings) Reset() { *m = PluginDiscordSettings{} }
func (m *PluginDiscordSettings) String() string { return proto.CompactTextString(m) }
func (*PluginDiscordSettings) ProtoMessage() {}
func (*PluginDiscordSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{315}
}
func (m *PluginDiscordSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginDiscordSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginDiscordSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginDiscordSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginDiscordSettings.Merge(m, src)
}
func (m *PluginDiscordSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginDiscordSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginDiscordSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginDiscordSettings proto.InternalMessageInfo
// PluginEntraIDSettings defines settings for the Entra ID sync plugin
type PluginEntraIDSettings struct {
// SyncSettings controls the user and access list sync settings for EntraID.
SyncSettings *PluginEntraIDSyncSettings `protobuf:"bytes,1,opt,name=sync_settings,json=syncSettings,proto3" json:"sync_settings,omitempty"`
// AccessGraphSettings controls settings for syncing access graph specific data.
// When this is null, Entra ID integration with Access Graph is disabled.
AccessGraphSettings *PluginEntraIDAccessGraphSettings `protobuf:"bytes,2,opt,name=access_graph_settings,json=accessGraphSettings,proto3" json:"access_graph_settings,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginEntraIDSettings) Reset() { *m = PluginEntraIDSettings{} }
func (m *PluginEntraIDSettings) String() string { return proto.CompactTextString(m) }
func (*PluginEntraIDSettings) ProtoMessage() {}
func (*PluginEntraIDSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{316}
}
func (m *PluginEntraIDSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginEntraIDSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginEntraIDSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginEntraIDSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginEntraIDSettings.Merge(m, src)
}
func (m *PluginEntraIDSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginEntraIDSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginEntraIDSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginEntraIDSettings proto.InternalMessageInfo
// Defines settings for syncing users and access lists from Entra ID.
type PluginEntraIDSyncSettings struct {
// DefaultOwners are the default owners for all imported access lists.
DefaultOwners []string `protobuf:"bytes,1,rep,name=default_owners,json=defaultOwners,proto3" json:"default_owners,omitempty"`
// SSOConnectorID is the name of the Teleport SSO connector created and used by the Entra ID plugin.
SsoConnectorId string `protobuf:"bytes,2,opt,name=sso_connector_id,json=ssoConnectorId,proto3" json:"sso_connector_id,omitempty"`
// credentials_source specifies the source of the credentials used for authentication with Azure.
CredentialsSource EntraIDCredentialsSource `protobuf:"varint,3,opt,name=credentials_source,json=credentialsSource,proto3,enum=types.EntraIDCredentialsSource" json:"credentials_source,omitempty"`
// tenant_id refers to the Azure Directory that this plugin synchronizes with.
// This field is populated on a best-effort basis for legacy plugins but mandatory for plugins created after its introduction.
// For existing plugins, it is filled in using the Entra integration when utilized.
TenantId string `protobuf:"bytes,4,opt,name=tenant_id,json=tenantId,proto3" json:"tenant_id,omitempty"`
// entra_app_id refers to the Entra Application ID that supports the SSO for "sso_connector_id".
// This field is populated on a best-effort basis for legacy plugins but mandatory for plugins created after its introduction.
// For existing plugins, it is filled in using the entity descriptor url when utilized.
EntraAppId string `protobuf:"bytes,5,opt,name=entra_app_id,json=entraAppId,proto3" json:"entra_app_id,omitempty"`
// GroupFilters configures which groups should be included or exlcuded.
GroupFilters []*PluginSyncFilter `protobuf:"bytes,6,rep,name=group_filters,json=groupFilters,proto3" json:"group_filters,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginEntraIDSyncSettings) Reset() { *m = PluginEntraIDSyncSettings{} }
func (m *PluginEntraIDSyncSettings) String() string { return proto.CompactTextString(m) }
func (*PluginEntraIDSyncSettings) ProtoMessage() {}
func (*PluginEntraIDSyncSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{317}
}
func (m *PluginEntraIDSyncSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginEntraIDSyncSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginEntraIDSyncSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginEntraIDSyncSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginEntraIDSyncSettings.Merge(m, src)
}
func (m *PluginEntraIDSyncSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginEntraIDSyncSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginEntraIDSyncSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginEntraIDSyncSettings proto.InternalMessageInfo
// PluginSyncFilter can specify inclusion or exclusion of a resource.
type PluginSyncFilter struct {
// Include describes that the resource should be explicitly included.
//
// Types that are valid to be assigned to Include:
// *PluginSyncFilter_Id
// *PluginSyncFilter_NameRegex
Include isPluginSyncFilter_Include `protobuf_oneof:"include"`
// Exclude specifies which AWS resources should be explicitly excluded.
//
// Types that are valid to be assigned to Exclude:
// *PluginSyncFilter_ExcludeId
// *PluginSyncFilter_ExcludeNameRegex
Exclude isPluginSyncFilter_Exclude `protobuf_oneof:"exclude"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginSyncFilter) Reset() { *m = PluginSyncFilter{} }
func (m *PluginSyncFilter) String() string { return proto.CompactTextString(m) }
func (*PluginSyncFilter) ProtoMessage() {}
func (*PluginSyncFilter) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{318}
}
func (m *PluginSyncFilter) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginSyncFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginSyncFilter.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginSyncFilter) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginSyncFilter.Merge(m, src)
}
func (m *PluginSyncFilter) XXX_Size() int {
return m.Size()
}
func (m *PluginSyncFilter) XXX_DiscardUnknown() {
xxx_messageInfo_PluginSyncFilter.DiscardUnknown(m)
}
var xxx_messageInfo_PluginSyncFilter proto.InternalMessageInfo
type isPluginSyncFilter_Include interface {
isPluginSyncFilter_Include()
Equal(interface{}) bool
MarshalTo([]byte) (int, error)
Size() int
}
type isPluginSyncFilter_Exclude interface {
isPluginSyncFilter_Exclude()
Equal(interface{}) bool
MarshalTo([]byte) (int, error)
Size() int
}
type PluginSyncFilter_Id struct {
Id string `protobuf:"bytes,1,opt,name=id,proto3,oneof" json:"id,omitempty"`
}
type PluginSyncFilter_NameRegex struct {
NameRegex string `protobuf:"bytes,2,opt,name=name_regex,json=nameRegex,proto3,oneof" json:"name_regex,omitempty"`
}
type PluginSyncFilter_ExcludeId struct {
ExcludeId string `protobuf:"bytes,3,opt,name=exclude_id,json=excludeId,proto3,oneof" json:"id,omitempty"`
}
type PluginSyncFilter_ExcludeNameRegex struct {
ExcludeNameRegex string `protobuf:"bytes,4,opt,name=exclude_name_regex,json=excludeNameRegex,proto3,oneof" json:"name_regex,omitempty"`
}
func (*PluginSyncFilter_Id) isPluginSyncFilter_Include() {}
func (*PluginSyncFilter_NameRegex) isPluginSyncFilter_Include() {}
func (*PluginSyncFilter_ExcludeId) isPluginSyncFilter_Exclude() {}
func (*PluginSyncFilter_ExcludeNameRegex) isPluginSyncFilter_Exclude() {}
func (m *PluginSyncFilter) GetInclude() isPluginSyncFilter_Include {
if m != nil {
return m.Include
}
return nil
}
func (m *PluginSyncFilter) GetExclude() isPluginSyncFilter_Exclude {
if m != nil {
return m.Exclude
}
return nil
}
func (m *PluginSyncFilter) GetId() string {
if x, ok := m.GetInclude().(*PluginSyncFilter_Id); ok {
return x.Id
}
return ""
}
func (m *PluginSyncFilter) GetNameRegex() string {
if x, ok := m.GetInclude().(*PluginSyncFilter_NameRegex); ok {
return x.NameRegex
}
return ""
}
func (m *PluginSyncFilter) GetExcludeId() string {
if x, ok := m.GetExclude().(*PluginSyncFilter_ExcludeId); ok {
return x.ExcludeId
}
return ""
}
func (m *PluginSyncFilter) GetExcludeNameRegex() string {
if x, ok := m.GetExclude().(*PluginSyncFilter_ExcludeNameRegex); ok {
return x.ExcludeNameRegex
}
return ""
}
// XXX_OneofWrappers is for the internal use of the proto package.
func (*PluginSyncFilter) XXX_OneofWrappers() []interface{} {
return []interface{}{
(*PluginSyncFilter_Id)(nil),
(*PluginSyncFilter_NameRegex)(nil),
(*PluginSyncFilter_ExcludeId)(nil),
(*PluginSyncFilter_ExcludeNameRegex)(nil),
}
}
// AccessGraphSettings controls settings for syncing access graph specific data.
type PluginEntraIDAccessGraphSettings struct {
// AppSsoSettingsCache is an array of single sign-on settings for Entra enterprise applications.
//
// This data is stored here because it is not available through traditional methods (MS Graph API).
// Instead, it is fetched once during the plugin's set up using the user's credentials to connect to Azure's private API.
AppSsoSettingsCache []*PluginEntraIDAppSSOSettings `protobuf:"bytes,1,rep,name=app_sso_settings_cache,json=appSsoSettingsCache,proto3" json:"app_sso_settings_cache,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginEntraIDAccessGraphSettings) Reset() { *m = PluginEntraIDAccessGraphSettings{} }
func (m *PluginEntraIDAccessGraphSettings) String() string { return proto.CompactTextString(m) }
func (*PluginEntraIDAccessGraphSettings) ProtoMessage() {}
func (*PluginEntraIDAccessGraphSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{319}
}
func (m *PluginEntraIDAccessGraphSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginEntraIDAccessGraphSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginEntraIDAccessGraphSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginEntraIDAccessGraphSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginEntraIDAccessGraphSettings.Merge(m, src)
}
func (m *PluginEntraIDAccessGraphSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginEntraIDAccessGraphSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginEntraIDAccessGraphSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginEntraIDAccessGraphSettings proto.InternalMessageInfo
// PluginEntraIDAppSSOSettings is a container for a single Entra ID enterprise application's
// cached SSO settings.
// As this data is only parsed by TAG, each value is stored as an opaque JSON blob.
type PluginEntraIDAppSSOSettings struct {
// AppID is the `AppID` property of Entra application.
AppId string `protobuf:"bytes,1,opt,name=app_id,json=appId,proto3" json:"app_id,omitempty"`
// FederatedSSOV2 contains the cached, gzip-compressed payload from the /ApplicationSso/{servicePrincipalId}/FederatedSSOV2 endpoint.
FederatedSsoV2 []byte `protobuf:"bytes,2,opt,name=federated_sso_v2,json=federatedSsoV2,proto3" json:"federated_sso_v2,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginEntraIDAppSSOSettings) Reset() { *m = PluginEntraIDAppSSOSettings{} }
func (m *PluginEntraIDAppSSOSettings) String() string { return proto.CompactTextString(m) }
func (*PluginEntraIDAppSSOSettings) ProtoMessage() {}
func (*PluginEntraIDAppSSOSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{320}
}
func (m *PluginEntraIDAppSSOSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginEntraIDAppSSOSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginEntraIDAppSSOSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginEntraIDAppSSOSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginEntraIDAppSSOSettings.Merge(m, src)
}
func (m *PluginEntraIDAppSSOSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginEntraIDAppSSOSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginEntraIDAppSSOSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginEntraIDAppSSOSettings proto.InternalMessageInfo
// PluginSCIMSettings defines the settings for a SCIM integration plugin
type PluginSCIMSettings struct {
// SamlConnectorName is the name of the SAML Connector that users provisioned
// by this SCIM plugin will use to log in to Teleport.
// DEPRECATED: Use ConnectorInfo instead.
// This is old field added when the Okta SCIM plugin was created
// and was limited usage to SAML connectors only.
SamlConnectorName string `protobuf:"bytes,1,opt,name=saml_connector_name,json=samlConnectorName,proto3" json:"saml_connector_name,omitempty"` // Deprecated: Do not use.
// DefaultRole is the default role assigned to users provisioned by this
// plugin.
DefaultRole string `protobuf:"bytes,2,opt,name=default_role,json=defaultRole,proto3" json:"default_role,omitempty"` // Deprecated: Do not use.
// ConnectorInfo contains information about the user's origin as provided
// by the SCIM plugin. It enables matching a SAML/OIDC external user
// with a SCIM-persisted user, allowing the ephemeral user entry to be updated to SCIM user.
ConnectorInfo *PluginSCIMSettings_ConnectorInfo `protobuf:"bytes,3,opt,name=connector_info,json=connectorInfo,proto3" json:"connector_info"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginSCIMSettings) Reset() { *m = PluginSCIMSettings{} }
func (m *PluginSCIMSettings) String() string { return proto.CompactTextString(m) }
func (*PluginSCIMSettings) ProtoMessage() {}
func (*PluginSCIMSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{321}
}
func (m *PluginSCIMSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginSCIMSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginSCIMSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginSCIMSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginSCIMSettings.Merge(m, src)
}
func (m *PluginSCIMSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginSCIMSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginSCIMSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginSCIMSettings proto.InternalMessageInfo
type PluginSCIMSettings_ConnectorInfo struct {
// Name is the name of the connector.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name"`
// Type is the type of the connector: types.KindSAML, types.KindOIDC, etc.
// Note: The name of the connect is not unique across types.
Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginSCIMSettings_ConnectorInfo) Reset() { *m = PluginSCIMSettings_ConnectorInfo{} }
func (m *PluginSCIMSettings_ConnectorInfo) String() string { return proto.CompactTextString(m) }
func (*PluginSCIMSettings_ConnectorInfo) ProtoMessage() {}
func (*PluginSCIMSettings_ConnectorInfo) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{321, 0}
}
func (m *PluginSCIMSettings_ConnectorInfo) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginSCIMSettings_ConnectorInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginSCIMSettings_ConnectorInfo.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginSCIMSettings_ConnectorInfo) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginSCIMSettings_ConnectorInfo.Merge(m, src)
}
func (m *PluginSCIMSettings_ConnectorInfo) XXX_Size() int {
return m.Size()
}
func (m *PluginSCIMSettings_ConnectorInfo) XXX_DiscardUnknown() {
xxx_messageInfo_PluginSCIMSettings_ConnectorInfo.DiscardUnknown(m)
}
var xxx_messageInfo_PluginSCIMSettings_ConnectorInfo proto.InternalMessageInfo
// PluginDatadogAccessSettings defines the settings for a Datadog Incident Management plugin
type PluginDatadogAccessSettings struct {
// ApiEndpoint is the Datadog API endpoint.
ApiEndpoint string `protobuf:"bytes,1,opt,name=api_endpoint,json=apiEndpoint,proto3" json:"api_endpoint,omitempty"`
// FallbackRecipient specifies the default recipient.
FallbackRecipient string `protobuf:"bytes,2,opt,name=fallback_recipient,json=fallbackRecipient,proto3" json:"fallback_recipient,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginDatadogAccessSettings) Reset() { *m = PluginDatadogAccessSettings{} }
func (m *PluginDatadogAccessSettings) String() string { return proto.CompactTextString(m) }
func (*PluginDatadogAccessSettings) ProtoMessage() {}
func (*PluginDatadogAccessSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{322}
}
func (m *PluginDatadogAccessSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginDatadogAccessSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginDatadogAccessSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginDatadogAccessSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginDatadogAccessSettings.Merge(m, src)
}
func (m *PluginDatadogAccessSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginDatadogAccessSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginDatadogAccessSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginDatadogAccessSettings proto.InternalMessageInfo
// PluginAWSICSettings holds the settings for an AWS Identity Center integration.
type PluginAWSICSettings struct {
// IntegrationName is the Teleport OIDC integration used to gain access to the
// AWS account. May be empty if [CredentialsSource] is `SYSTEM`.
// DEPRECATED: Use [Credentials] instead. DELETE in Teleport 19+
IntegrationName string `protobuf:"bytes,1,opt,name=integration_name,json=integrationName,proto3" json:"integration_name,omitempty"` // Deprecated: Do not use.
// Region is the AWS region the target Identity Center instance is configured in
Region string `protobuf:"bytes,2,opt,name=region,proto3" json:"region,omitempty"`
// InstanceARN is the arn of the Identity Center instance to manage
Arn string `protobuf:"bytes,3,opt,name=arn,proto3" json:"arn,omitempty"`
// Provisioning holds settings for provisioning users and groups into AWS
ProvisioningSpec *AWSICProvisioningSpec `protobuf:"bytes,4,opt,name=provisioning_spec,json=provisioningSpec,proto3" json:"provisioning_spec,omitempty"`
// AccessListDefaultOwners is a list of default owners for Access List created for
// user groups imported from AWS Idenity Center.
AccessListDefaultOwners []string `protobuf:"bytes,5,rep,name=access_list_default_owners,json=accessListDefaultOwners,proto3" json:"access_list_default_owners,omitempty"`
// SAMLIdPServiceProviderName is the name of a SAML service provider created
// for the Identity Center.
SamlIdpServiceProviderName string `protobuf:"bytes,6,opt,name=saml_idp_service_provider_name,json=samlIdpServiceProviderName,proto3" json:"saml_idp_service_provider_name,omitempty"`
// CredentialsSource indicates how the Identity Center plugin should source
// its AWS login credentials.
// DEPRECATED: Use [Credentials] instead. DELETE in Teleport 19+
CredentialsSource AWSICCredentialsSource `protobuf:"varint,7,opt,name=credentials_source,json=credentialsSource,proto3,enum=types.AWSICCredentialsSource" json:"credentials_source,omitempty"` // Deprecated: Do not use.
// UserSyncLabelsFilter specifies a map of key-value pairs used to filter users
// based on their metadata labels. These filtered users will be provisioned
// from Teleport to AWS IC via SCIM provisioning.
// If multiple user_sync_filters are provided the match is combined with OR operator.
//
// Example:
// If Okta is used as the Identity Source and only users originating from Okta
// should be synced, set the filter to:
//
// [{
// "okta/org": "https://trial-123456.okta.com",
// "teleport.dev/origin": "okta"
// }]
//
// If AWS IC uses Teleport as the Identity Provider, the filter should remain empty.
//
// NOTE: System users are always filtered out by default and will not be provisioned to AWS IC.
UserSyncFilters []*AWSICUserSyncFilter `protobuf:"bytes,8,rep,name=user_sync_filters,json=userSyncFilters,proto3" json:"user_sync_filters,omitempty"`
// AwsAccountFilters is an optional allow-list of AWS accounts to import and
// manage. An empty list implies that all accounts managed by the Identity Center
// instance will be imported and managed.
AwsAccountsFilters []*AWSICResourceFilter `protobuf:"bytes,9,rep,name=aws_accounts_filters,json=awsAccountsFilters,proto3" json:"aws_accounts_filters,omitempty"`
// GroupSyncLabelsFilter is used to specify filters that determine which AWS groups
// should be included during synchronization.
GroupSyncFilters []*AWSICResourceFilter `protobuf:"bytes,10,rep,name=group_sync_filters,json=groupSyncFilters,proto3" json:"group_sync_filters,omitempty"`
// Credentials represents the AWS credentials used by the Identity Center
// integration
Credentials *AWSICCredentials `protobuf:"bytes,11,opt,name=credentials,proto3" json:"credentials,omitempty"`
// RolesSyncMode indicates how the Identity Center integration will create and
// manage roles representing potential Identity Center Account Assignments.
//
// Possible values are ALL or NONE:
//
// ALL: indicates that the AWS Identity Center integration should
// create and maintain roles for all possible Account Assignments.
// NONE: indicates that the AWS Identity Center integration should
// not create any roles representing potential account Account
// Assignments.
//
// For backwards compatibility, an empty value is treated as equivalent to
// to ALL
RolesSyncMode string `protobuf:"bytes,12,opt,name=roles_sync_mode,json=rolesSyncMode,proto3" json:"roles_sync_mode,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginAWSICSettings) Reset() { *m = PluginAWSICSettings{} }
func (m *PluginAWSICSettings) String() string { return proto.CompactTextString(m) }
func (*PluginAWSICSettings) ProtoMessage() {}
func (*PluginAWSICSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{323}
}
func (m *PluginAWSICSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginAWSICSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginAWSICSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginAWSICSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginAWSICSettings.Merge(m, src)
}
func (m *PluginAWSICSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginAWSICSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginAWSICSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginAWSICSettings proto.InternalMessageInfo
// AWSICCredentials holds the credentials for authenticating with AWS
type AWSICCredentials struct {
// Types that are valid to be assigned to Source:
//
// *AWSICCredentials_System
// *AWSICCredentials_Oidc
Source isAWSICCredentials_Source `protobuf_oneof:"source"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWSICCredentials) Reset() { *m = AWSICCredentials{} }
func (m *AWSICCredentials) String() string { return proto.CompactTextString(m) }
func (*AWSICCredentials) ProtoMessage() {}
func (*AWSICCredentials) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{324}
}
func (m *AWSICCredentials) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWSICCredentials) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWSICCredentials.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWSICCredentials) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWSICCredentials.Merge(m, src)
}
func (m *AWSICCredentials) XXX_Size() int {
return m.Size()
}
func (m *AWSICCredentials) XXX_DiscardUnknown() {
xxx_messageInfo_AWSICCredentials.DiscardUnknown(m)
}
var xxx_messageInfo_AWSICCredentials proto.InternalMessageInfo
type isAWSICCredentials_Source interface {
isAWSICCredentials_Source()
Equal(interface{}) bool
MarshalTo([]byte) (int, error)
Size() int
}
type AWSICCredentials_System struct {
System *AWSICCredentialSourceSystem `protobuf:"bytes,1,opt,name=system,proto3,oneof" json:"system,omitempty"`
}
type AWSICCredentials_Oidc struct {
Oidc *AWSICCredentialSourceOIDC `protobuf:"bytes,2,opt,name=oidc,proto3,oneof" json:"oidc,omitempty"`
}
func (*AWSICCredentials_System) isAWSICCredentials_Source() {}
func (*AWSICCredentials_Oidc) isAWSICCredentials_Source() {}
func (m *AWSICCredentials) GetSource() isAWSICCredentials_Source {
if m != nil {
return m.Source
}
return nil
}
func (m *AWSICCredentials) GetSystem() *AWSICCredentialSourceSystem {
if x, ok := m.GetSource().(*AWSICCredentials_System); ok {
return x.System
}
return nil
}
func (m *AWSICCredentials) GetOidc() *AWSICCredentialSourceOIDC {
if x, ok := m.GetSource().(*AWSICCredentials_Oidc); ok {
return x.Oidc
}
return nil
}
// XXX_OneofWrappers is for the internal use of the proto package.
func (*AWSICCredentials) XXX_OneofWrappers() []interface{} {
return []interface{}{
(*AWSICCredentials_System)(nil),
(*AWSICCredentials_Oidc)(nil),
}
}
// AWSICCredentialSourceSystem holds AWSIC credentials drawn from the ambient
// system configuration
type AWSICCredentialSourceSystem struct {
// AwsRoleArn is an optional AWS role for the IC client to assume, overriding
// any roles
AssumeRoleArn string `protobuf:"bytes,1,opt,name=assume_role_arn,json=assumeRoleArn,proto3" json:"assume_role_arn,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWSICCredentialSourceSystem) Reset() { *m = AWSICCredentialSourceSystem{} }
func (m *AWSICCredentialSourceSystem) String() string { return proto.CompactTextString(m) }
func (*AWSICCredentialSourceSystem) ProtoMessage() {}
func (*AWSICCredentialSourceSystem) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{325}
}
func (m *AWSICCredentialSourceSystem) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWSICCredentialSourceSystem) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWSICCredentialSourceSystem.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWSICCredentialSourceSystem) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWSICCredentialSourceSystem.Merge(m, src)
}
func (m *AWSICCredentialSourceSystem) XXX_Size() int {
return m.Size()
}
func (m *AWSICCredentialSourceSystem) XXX_DiscardUnknown() {
xxx_messageInfo_AWSICCredentialSourceSystem.DiscardUnknown(m)
}
var xxx_messageInfo_AWSICCredentialSourceSystem proto.InternalMessageInfo
// AWSICCredentialSourceSystem holds AWSIC credentials drawn from a Teleport
// OIDC integration
type AWSICCredentialSourceOIDC struct {
// IntegrationName is the name of the Teleport OIDC integration used by the
// Identity Center integration to authenticate with AWS.
IntegrationName string `protobuf:"bytes,1,opt,name=integration_name,json=integrationName,proto3" json:"integration_name,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWSICCredentialSourceOIDC) Reset() { *m = AWSICCredentialSourceOIDC{} }
func (m *AWSICCredentialSourceOIDC) String() string { return proto.CompactTextString(m) }
func (*AWSICCredentialSourceOIDC) ProtoMessage() {}
func (*AWSICCredentialSourceOIDC) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{326}
}
func (m *AWSICCredentialSourceOIDC) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWSICCredentialSourceOIDC) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWSICCredentialSourceOIDC.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWSICCredentialSourceOIDC) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWSICCredentialSourceOIDC.Merge(m, src)
}
func (m *AWSICCredentialSourceOIDC) XXX_Size() int {
return m.Size()
}
func (m *AWSICCredentialSourceOIDC) XXX_DiscardUnknown() {
xxx_messageInfo_AWSICCredentialSourceOIDC.DiscardUnknown(m)
}
var xxx_messageInfo_AWSICCredentialSourceOIDC proto.InternalMessageInfo
// AWSICResourceFilter is an entry in the AWS IC plugin settings' allow-list of
// resources to import. The filter can specify inclusion either by account ID or
// regex on the resource name.
type AWSICResourceFilter struct {
// Include describes the AWS Resource filter to apply
//
// Types that are valid to be assigned to Include:
//
// *AWSICResourceFilter_Id
// *AWSICResourceFilter_NameRegex
Include isAWSICResourceFilter_Include `protobuf_oneof:"include"`
// Exclude specifies which AWS resources should be explicitly excluded.
//
// Types that are valid to be assigned to Exclude:
//
// *AWSICResourceFilter_ExcludeId
// *AWSICResourceFilter_ExcludeNameRegex
Exclude isAWSICResourceFilter_Exclude `protobuf_oneof:"exclude"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWSICResourceFilter) Reset() { *m = AWSICResourceFilter{} }
func (m *AWSICResourceFilter) String() string { return proto.CompactTextString(m) }
func (*AWSICResourceFilter) ProtoMessage() {}
func (*AWSICResourceFilter) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{327}
}
func (m *AWSICResourceFilter) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWSICResourceFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWSICResourceFilter.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWSICResourceFilter) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWSICResourceFilter.Merge(m, src)
}
func (m *AWSICResourceFilter) XXX_Size() int {
return m.Size()
}
func (m *AWSICResourceFilter) XXX_DiscardUnknown() {
xxx_messageInfo_AWSICResourceFilter.DiscardUnknown(m)
}
var xxx_messageInfo_AWSICResourceFilter proto.InternalMessageInfo
type isAWSICResourceFilter_Include interface {
isAWSICResourceFilter_Include()
Equal(interface{}) bool
MarshalTo([]byte) (int, error)
Size() int
}
type isAWSICResourceFilter_Exclude interface {
isAWSICResourceFilter_Exclude()
Equal(interface{}) bool
MarshalTo([]byte) (int, error)
Size() int
}
type AWSICResourceFilter_Id struct {
Id string `protobuf:"bytes,1,opt,name=id,proto3,oneof" json:"id,omitempty"`
}
type AWSICResourceFilter_NameRegex struct {
NameRegex string `protobuf:"bytes,2,opt,name=name_regex,json=nameRegex,proto3,oneof" json:"name_regex,omitempty"`
}
type AWSICResourceFilter_ExcludeId struct {
ExcludeId string `protobuf:"bytes,3,opt,name=exclude_id,json=excludeId,proto3,oneof" json:"id,omitempty"`
}
type AWSICResourceFilter_ExcludeNameRegex struct {
ExcludeNameRegex string `protobuf:"bytes,4,opt,name=exclude_name_regex,json=excludeNameRegex,proto3,oneof" json:"name_regex,omitempty"`
}
func (*AWSICResourceFilter_Id) isAWSICResourceFilter_Include() {}
func (*AWSICResourceFilter_NameRegex) isAWSICResourceFilter_Include() {}
func (*AWSICResourceFilter_ExcludeId) isAWSICResourceFilter_Exclude() {}
func (*AWSICResourceFilter_ExcludeNameRegex) isAWSICResourceFilter_Exclude() {}
func (m *AWSICResourceFilter) GetInclude() isAWSICResourceFilter_Include {
if m != nil {
return m.Include
}
return nil
}
func (m *AWSICResourceFilter) GetExclude() isAWSICResourceFilter_Exclude {
if m != nil {
return m.Exclude
}
return nil
}
func (m *AWSICResourceFilter) GetId() string {
if x, ok := m.GetInclude().(*AWSICResourceFilter_Id); ok {
return x.Id
}
return ""
}
func (m *AWSICResourceFilter) GetNameRegex() string {
if x, ok := m.GetInclude().(*AWSICResourceFilter_NameRegex); ok {
return x.NameRegex
}
return ""
}
func (m *AWSICResourceFilter) GetExcludeId() string {
if x, ok := m.GetExclude().(*AWSICResourceFilter_ExcludeId); ok {
return x.ExcludeId
}
return ""
}
func (m *AWSICResourceFilter) GetExcludeNameRegex() string {
if x, ok := m.GetExclude().(*AWSICResourceFilter_ExcludeNameRegex); ok {
return x.ExcludeNameRegex
}
return ""
}
// XXX_OneofWrappers is for the internal use of the proto package.
func (*AWSICResourceFilter) XXX_OneofWrappers() []interface{} {
return []interface{}{
(*AWSICResourceFilter_Id)(nil),
(*AWSICResourceFilter_NameRegex)(nil),
(*AWSICResourceFilter_ExcludeId)(nil),
(*AWSICResourceFilter_ExcludeNameRegex)(nil),
}
}
// UserSyncFilter is a map of key-value pairs used to filter users based on their metadata labels.
type AWSICUserSyncFilter struct {
Labels map[string]string `protobuf:"bytes,8,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWSICUserSyncFilter) Reset() { *m = AWSICUserSyncFilter{} }
func (m *AWSICUserSyncFilter) String() string { return proto.CompactTextString(m) }
func (*AWSICUserSyncFilter) ProtoMessage() {}
func (*AWSICUserSyncFilter) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{328}
}
func (m *AWSICUserSyncFilter) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWSICUserSyncFilter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWSICUserSyncFilter.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWSICUserSyncFilter) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWSICUserSyncFilter.Merge(m, src)
}
func (m *AWSICUserSyncFilter) XXX_Size() int {
return m.Size()
}
func (m *AWSICUserSyncFilter) XXX_DiscardUnknown() {
xxx_messageInfo_AWSICUserSyncFilter.DiscardUnknown(m)
}
var xxx_messageInfo_AWSICUserSyncFilter proto.InternalMessageInfo
// AWSICProvisioningSpec holds provisioning-specific Identity Center settings
type AWSICProvisioningSpec struct {
// BaseURL is the SCIM base URL
BaseUrl string `protobuf:"bytes,1,opt,name=base_url,json=baseUrl,proto3" json:"base_url,omitempty"`
// BearerToken is used to authenticate with AWS when provisioning users and
// groups via SCIM. This is expected to be empty in serialized records, as the
// actual credential is stored separetely ain a PluginStaticCredentials
// service, and populated at runtime as necessary.
BearerToken string `protobuf:"bytes,2,opt,name=bearer_token,json=bearerToken,proto3" json:"bearer_token,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWSICProvisioningSpec) Reset() { *m = AWSICProvisioningSpec{} }
func (m *AWSICProvisioningSpec) String() string { return proto.CompactTextString(m) }
func (*AWSICProvisioningSpec) ProtoMessage() {}
func (*AWSICProvisioningSpec) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{329}
}
func (m *AWSICProvisioningSpec) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWSICProvisioningSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWSICProvisioningSpec.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWSICProvisioningSpec) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWSICProvisioningSpec.Merge(m, src)
}
func (m *AWSICProvisioningSpec) XXX_Size() int {
return m.Size()
}
func (m *AWSICProvisioningSpec) XXX_DiscardUnknown() {
xxx_messageInfo_AWSICProvisioningSpec.DiscardUnknown(m)
}
var xxx_messageInfo_AWSICProvisioningSpec proto.InternalMessageInfo
// PluginAWSICStatusV1 defines AWS Identity Center plugin sub-process status.
type PluginAWSICStatusV1 struct {
// GroupImportStatus is a status of Identity Center group and group members import.
GroupImportStatus *AWSICGroupImportStatus `protobuf:"bytes,1,opt,name=group_import_status,json=groupImportStatus,proto3" json:"group_import_status,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginAWSICStatusV1) Reset() { *m = PluginAWSICStatusV1{} }
func (m *PluginAWSICStatusV1) String() string { return proto.CompactTextString(m) }
func (*PluginAWSICStatusV1) ProtoMessage() {}
func (*PluginAWSICStatusV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{330}
}
func (m *PluginAWSICStatusV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginAWSICStatusV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginAWSICStatusV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginAWSICStatusV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginAWSICStatusV1.Merge(m, src)
}
func (m *PluginAWSICStatusV1) XXX_Size() int {
return m.Size()
}
func (m *PluginAWSICStatusV1) XXX_DiscardUnknown() {
xxx_messageInfo_PluginAWSICStatusV1.DiscardUnknown(m)
}
var xxx_messageInfo_PluginAWSICStatusV1 proto.InternalMessageInfo
// AWSICGroupImportStatus defines Identity Center group and group members import status.
type AWSICGroupImportStatus struct {
// StatusCode is a status code of group and group members import operation.
StatusCode AWSICGroupImportStatusCode `protobuf:"varint,1,opt,name=status_code,json=statusCode,proto3,enum=types.AWSICGroupImportStatusCode" json:"status_code,omitempty"`
// ErrorMessage contains error message for a group and group members import attempt
// that met with an error.
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWSICGroupImportStatus) Reset() { *m = AWSICGroupImportStatus{} }
func (m *AWSICGroupImportStatus) String() string { return proto.CompactTextString(m) }
func (*AWSICGroupImportStatus) ProtoMessage() {}
func (*AWSICGroupImportStatus) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{331}
}
func (m *AWSICGroupImportStatus) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWSICGroupImportStatus) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWSICGroupImportStatus.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWSICGroupImportStatus) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWSICGroupImportStatus.Merge(m, src)
}
func (m *AWSICGroupImportStatus) XXX_Size() int {
return m.Size()
}
func (m *AWSICGroupImportStatus) XXX_DiscardUnknown() {
xxx_messageInfo_AWSICGroupImportStatus.DiscardUnknown(m)
}
var xxx_messageInfo_AWSICGroupImportStatus proto.InternalMessageInfo
// PluginEmailSettings holds the settings for an Email Access Request plugin.
type PluginEmailSettings struct {
// Sender specifies the email sender.
Sender string `protobuf:"bytes,1,opt,name=sender,proto3" json:"sender,omitempty"`
// FallbackRecipient specifies the default recipient.
FallbackRecipient string `protobuf:"bytes,2,opt,name=fallback_recipient,json=fallbackRecipient,proto3" json:"fallback_recipient,omitempty"`
// Spec configures the mail service settings.
//
// Types that are valid to be assigned to Spec:
//
// *PluginEmailSettings_MailgunSpec
// *PluginEmailSettings_SmtpSpec
Spec isPluginEmailSettings_Spec `protobuf_oneof:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginEmailSettings) Reset() { *m = PluginEmailSettings{} }
func (m *PluginEmailSettings) String() string { return proto.CompactTextString(m) }
func (*PluginEmailSettings) ProtoMessage() {}
func (*PluginEmailSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{332}
}
func (m *PluginEmailSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginEmailSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginEmailSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginEmailSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginEmailSettings.Merge(m, src)
}
func (m *PluginEmailSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginEmailSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginEmailSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginEmailSettings proto.InternalMessageInfo
type isPluginEmailSettings_Spec interface {
isPluginEmailSettings_Spec()
Equal(interface{}) bool
MarshalTo([]byte) (int, error)
Size() int
}
type PluginEmailSettings_MailgunSpec struct {
MailgunSpec *MailgunSpec `protobuf:"bytes,3,opt,name=mailgun_spec,json=mailgunSpec,proto3,oneof" json:"mailgun_spec,omitempty"`
}
type PluginEmailSettings_SmtpSpec struct {
SmtpSpec *SMTPSpec `protobuf:"bytes,4,opt,name=smtp_spec,json=smtpSpec,proto3,oneof" json:"smtp_spec,omitempty"`
}
func (*PluginEmailSettings_MailgunSpec) isPluginEmailSettings_Spec() {}
func (*PluginEmailSettings_SmtpSpec) isPluginEmailSettings_Spec() {}
func (m *PluginEmailSettings) GetSpec() isPluginEmailSettings_Spec {
if m != nil {
return m.Spec
}
return nil
}
func (m *PluginEmailSettings) GetMailgunSpec() *MailgunSpec {
if x, ok := m.GetSpec().(*PluginEmailSettings_MailgunSpec); ok {
return x.MailgunSpec
}
return nil
}
func (m *PluginEmailSettings) GetSmtpSpec() *SMTPSpec {
if x, ok := m.GetSpec().(*PluginEmailSettings_SmtpSpec); ok {
return x.SmtpSpec
}
return nil
}
// XXX_OneofWrappers is for the internal use of the proto package.
func (*PluginEmailSettings) XXX_OneofWrappers() []interface{} {
return []interface{}{
(*PluginEmailSettings_MailgunSpec)(nil),
(*PluginEmailSettings_SmtpSpec)(nil),
}
}
// MailgunSpec holds Mailgun-specific settings.
type MailgunSpec struct {
// Domain specifies the Mailgun sending domain.
Domain string `protobuf:"bytes,1,opt,name=domain,proto3" json:"domain,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MailgunSpec) Reset() { *m = MailgunSpec{} }
func (m *MailgunSpec) String() string { return proto.CompactTextString(m) }
func (*MailgunSpec) ProtoMessage() {}
func (*MailgunSpec) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{333}
}
func (m *MailgunSpec) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *MailgunSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_MailgunSpec.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *MailgunSpec) XXX_Merge(src proto.Message) {
xxx_messageInfo_MailgunSpec.Merge(m, src)
}
func (m *MailgunSpec) XXX_Size() int {
return m.Size()
}
func (m *MailgunSpec) XXX_DiscardUnknown() {
xxx_messageInfo_MailgunSpec.DiscardUnknown(m)
}
var xxx_messageInfo_MailgunSpec proto.InternalMessageInfo
// SMTPSpec holds a generic SMTP service specific settings.
type SMTPSpec struct {
// Host specifies the SMTP service host name.
Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"`
// Port specifies the SMTP service port number.
Port int32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"`
// StartTLSPolicy specifies the SMTP start TLS policy used to send emails over
// SMTP.
StartTlsPolicy string `protobuf:"bytes,3,opt,name=start_tls_policy,json=startTlsPolicy,proto3" json:"start_tls_policy,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SMTPSpec) Reset() { *m = SMTPSpec{} }
func (m *SMTPSpec) String() string { return proto.CompactTextString(m) }
func (*SMTPSpec) ProtoMessage() {}
func (*SMTPSpec) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{334}
}
func (m *SMTPSpec) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SMTPSpec) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SMTPSpec.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SMTPSpec) XXX_Merge(src proto.Message) {
xxx_messageInfo_SMTPSpec.Merge(m, src)
}
func (m *SMTPSpec) XXX_Size() int {
return m.Size()
}
func (m *SMTPSpec) XXX_DiscardUnknown() {
xxx_messageInfo_SMTPSpec.DiscardUnknown(m)
}
var xxx_messageInfo_SMTPSpec proto.InternalMessageInfo
// PluginMSTeamsSettings defines the settings for a Microsoft Teams integration plugin
type PluginMSTeamsSettings struct {
// AppId is the Microsoft application ID (uuid, for Azure bots must be underlying app id, not bot's id).
AppId string `protobuf:"bytes,1,opt,name=app_id,json=appId,proto3" json:"app_id,omitempty"`
// TenantId is the Microsoft tenant ID.
TenantId string `protobuf:"bytes,2,opt,name=tenant_id,json=tenantId,proto3" json:"tenant_id,omitempty"`
// TeamsAppId is the Microsoft teams application ID.
TeamsAppId string `protobuf:"bytes,3,opt,name=teams_app_id,json=teamsAppId,proto3" json:"teams_app_id,omitempty"`
// Region to be used by the Microsoft Graph API client.
Region string `protobuf:"bytes,4,opt,name=region,proto3" json:"region,omitempty"`
// DefaultRecipient is the default recipient to use if no access monitoring rules are specified.
DefaultRecipient string `protobuf:"bytes,5,opt,name=default_recipient,json=defaultRecipient,proto3" json:"default_recipient,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginMSTeamsSettings) Reset() { *m = PluginMSTeamsSettings{} }
func (m *PluginMSTeamsSettings) String() string { return proto.CompactTextString(m) }
func (*PluginMSTeamsSettings) ProtoMessage() {}
func (*PluginMSTeamsSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{335}
}
func (m *PluginMSTeamsSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginMSTeamsSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginMSTeamsSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginMSTeamsSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginMSTeamsSettings.Merge(m, src)
}
func (m *PluginMSTeamsSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginMSTeamsSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginMSTeamsSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginMSTeamsSettings proto.InternalMessageInfo
// PluginNetIQSettings defines the settings for a NetIQ integration plugin
type PluginNetIQSettings struct {
// oauth_issuer_endpoint is the NetIQ Oauth Issuer endpoint.
// Usually, it's equal to https://osp.domain.ext/a/idm/auth/oauth2
OauthIssuerEndpoint string `protobuf:"bytes,1,opt,name=oauth_issuer_endpoint,json=oauthIssuerEndpoint,proto3" json:"oauth_issuer_endpoint,omitempty"`
// api_endpoint is the IDM PROV Rest API location.
ApiEndpoint string `protobuf:"bytes,2,opt,name=api_endpoint,json=apiEndpoint,proto3" json:"api_endpoint,omitempty"`
// insecure_skip_verify controls whether the NetIQ certificate validation should be skipped.
InsecureSkipVerify bool `protobuf:"varint,3,opt,name=insecure_skip_verify,json=insecureSkipVerify,proto3" json:"insecure_skip_verify,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginNetIQSettings) Reset() { *m = PluginNetIQSettings{} }
func (m *PluginNetIQSettings) String() string { return proto.CompactTextString(m) }
func (*PluginNetIQSettings) ProtoMessage() {}
func (*PluginNetIQSettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{336}
}
func (m *PluginNetIQSettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginNetIQSettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginNetIQSettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginNetIQSettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginNetIQSettings.Merge(m, src)
}
func (m *PluginNetIQSettings) XXX_Size() int {
return m.Size()
}
func (m *PluginNetIQSettings) XXX_DiscardUnknown() {
xxx_messageInfo_PluginNetIQSettings.DiscardUnknown(m)
}
var xxx_messageInfo_PluginNetIQSettings proto.InternalMessageInfo
type PluginBootstrapCredentialsV1 struct {
// Types that are valid to be assigned to Credentials:
//
// *PluginBootstrapCredentialsV1_Oauth2AuthorizationCode
// *PluginBootstrapCredentialsV1_BearerToken
// *PluginBootstrapCredentialsV1_IdSecret
Credentials isPluginBootstrapCredentialsV1_Credentials `protobuf_oneof:"credentials"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginBootstrapCredentialsV1) Reset() { *m = PluginBootstrapCredentialsV1{} }
func (m *PluginBootstrapCredentialsV1) String() string { return proto.CompactTextString(m) }
func (*PluginBootstrapCredentialsV1) ProtoMessage() {}
func (*PluginBootstrapCredentialsV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{337}
}
func (m *PluginBootstrapCredentialsV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginBootstrapCredentialsV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginBootstrapCredentialsV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginBootstrapCredentialsV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginBootstrapCredentialsV1.Merge(m, src)
}
func (m *PluginBootstrapCredentialsV1) XXX_Size() int {
return m.Size()
}
func (m *PluginBootstrapCredentialsV1) XXX_DiscardUnknown() {
xxx_messageInfo_PluginBootstrapCredentialsV1.DiscardUnknown(m)
}
var xxx_messageInfo_PluginBootstrapCredentialsV1 proto.InternalMessageInfo
type isPluginBootstrapCredentialsV1_Credentials interface {
isPluginBootstrapCredentialsV1_Credentials()
MarshalTo([]byte) (int, error)
Size() int
}
type PluginBootstrapCredentialsV1_Oauth2AuthorizationCode struct {
Oauth2AuthorizationCode *PluginOAuth2AuthorizationCodeCredentials `protobuf:"bytes,1,opt,name=oauth2_authorization_code,json=oauth2AuthorizationCode,proto3,oneof" json:"oauth2_authorization_code,omitempty"`
}
type PluginBootstrapCredentialsV1_BearerToken struct {
BearerToken *PluginBearerTokenCredentials `protobuf:"bytes,2,opt,name=bearer_token,json=bearerToken,proto3,oneof" json:"bearer_token,omitempty"`
}
type PluginBootstrapCredentialsV1_IdSecret struct {
IdSecret *PluginIdSecretCredential `protobuf:"bytes,3,opt,name=id_secret,json=idSecret,proto3,oneof" json:"id_secret,omitempty"`
}
func (*PluginBootstrapCredentialsV1_Oauth2AuthorizationCode) isPluginBootstrapCredentialsV1_Credentials() {
}
func (*PluginBootstrapCredentialsV1_BearerToken) isPluginBootstrapCredentialsV1_Credentials() {}
func (*PluginBootstrapCredentialsV1_IdSecret) isPluginBootstrapCredentialsV1_Credentials() {}
func (m *PluginBootstrapCredentialsV1) GetCredentials() isPluginBootstrapCredentialsV1_Credentials {
if m != nil {
return m.Credentials
}
return nil
}
func (m *PluginBootstrapCredentialsV1) GetOauth2AuthorizationCode() *PluginOAuth2AuthorizationCodeCredentials {
if x, ok := m.GetCredentials().(*PluginBootstrapCredentialsV1_Oauth2AuthorizationCode); ok {
return x.Oauth2AuthorizationCode
}
return nil
}
func (m *PluginBootstrapCredentialsV1) GetBearerToken() *PluginBearerTokenCredentials {
if x, ok := m.GetCredentials().(*PluginBootstrapCredentialsV1_BearerToken); ok {
return x.BearerToken
}
return nil
}
func (m *PluginBootstrapCredentialsV1) GetIdSecret() *PluginIdSecretCredential {
if x, ok := m.GetCredentials().(*PluginBootstrapCredentialsV1_IdSecret); ok {
return x.IdSecret
}
return nil
}
// XXX_OneofWrappers is for the internal use of the proto package.
func (*PluginBootstrapCredentialsV1) XXX_OneofWrappers() []interface{} {
return []interface{}{
(*PluginBootstrapCredentialsV1_Oauth2AuthorizationCode)(nil),
(*PluginBootstrapCredentialsV1_BearerToken)(nil),
(*PluginBootstrapCredentialsV1_IdSecret)(nil),
}
}
// PluginIdSecretCredential can be OAuth2-like client_id and client_secret or username and password.
type PluginIdSecretCredential struct {
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Secret string `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginIdSecretCredential) Reset() { *m = PluginIdSecretCredential{} }
func (m *PluginIdSecretCredential) String() string { return proto.CompactTextString(m) }
func (*PluginIdSecretCredential) ProtoMessage() {}
func (*PluginIdSecretCredential) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{338}
}
func (m *PluginIdSecretCredential) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginIdSecretCredential) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginIdSecretCredential.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginIdSecretCredential) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginIdSecretCredential.Merge(m, src)
}
func (m *PluginIdSecretCredential) XXX_Size() int {
return m.Size()
}
func (m *PluginIdSecretCredential) XXX_DiscardUnknown() {
xxx_messageInfo_PluginIdSecretCredential.DiscardUnknown(m)
}
var xxx_messageInfo_PluginIdSecretCredential proto.InternalMessageInfo
type PluginOAuth2AuthorizationCodeCredentials struct {
AuthorizationCode string `protobuf:"bytes,1,opt,name=authorization_code,json=authorizationCode,proto3" json:"authorization_code,omitempty"`
RedirectUri string `protobuf:"bytes,2,opt,name=redirect_uri,json=redirectUri,proto3" json:"redirect_uri,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginOAuth2AuthorizationCodeCredentials) Reset() {
*m = PluginOAuth2AuthorizationCodeCredentials{}
}
func (m *PluginOAuth2AuthorizationCodeCredentials) String() string { return proto.CompactTextString(m) }
func (*PluginOAuth2AuthorizationCodeCredentials) ProtoMessage() {}
func (*PluginOAuth2AuthorizationCodeCredentials) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{339}
}
func (m *PluginOAuth2AuthorizationCodeCredentials) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginOAuth2AuthorizationCodeCredentials) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginOAuth2AuthorizationCodeCredentials.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginOAuth2AuthorizationCodeCredentials) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginOAuth2AuthorizationCodeCredentials.Merge(m, src)
}
func (m *PluginOAuth2AuthorizationCodeCredentials) XXX_Size() int {
return m.Size()
}
func (m *PluginOAuth2AuthorizationCodeCredentials) XXX_DiscardUnknown() {
xxx_messageInfo_PluginOAuth2AuthorizationCodeCredentials.DiscardUnknown(m)
}
var xxx_messageInfo_PluginOAuth2AuthorizationCodeCredentials proto.InternalMessageInfo
// PluginStatus is the user-facing status for the plugin instance.
type PluginStatusV1 struct {
Code PluginStatusCode `protobuf:"varint,1,opt,name=code,proto3,enum=types.PluginStatusCode" json:"code,omitempty"`
// error_message is a human-readable error message that can be displayed to the user.
ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"`
// last_sync_time is the last time the plugin was run.
LastSyncTime time.Time `protobuf:"bytes,3,opt,name=last_sync_time,json=lastSyncTime,proto3,stdtime" json:"last_sync_time"`
// details contains provider-specific plugin status details.
//
// Types that are valid to be assigned to Details:
//
// *PluginStatusV1_Gitlab
// *PluginStatusV1_EntraId
// *PluginStatusV1_Okta
// *PluginStatusV1_AwsIc
// *PluginStatusV1_NetIq
Details isPluginStatusV1_Details `protobuf_oneof:"details"`
// last_raw_error variable stores the most recent raw error message received from an API or service.
// It is intended to capture the original error message without any modifications or formatting.
// This can be useful for debugging purposes, providing detailed information about what went wrong
// in the interaction with the external service.
LastRawError string `protobuf:"bytes,6,opt,name=last_raw_error,json=lastRawError,proto3" json:"last_raw_error,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginStatusV1) Reset() { *m = PluginStatusV1{} }
func (m *PluginStatusV1) String() string { return proto.CompactTextString(m) }
func (*PluginStatusV1) ProtoMessage() {}
func (*PluginStatusV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{340}
}
func (m *PluginStatusV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginStatusV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginStatusV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginStatusV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginStatusV1.Merge(m, src)
}
func (m *PluginStatusV1) XXX_Size() int {
return m.Size()
}
func (m *PluginStatusV1) XXX_DiscardUnknown() {
xxx_messageInfo_PluginStatusV1.DiscardUnknown(m)
}
var xxx_messageInfo_PluginStatusV1 proto.InternalMessageInfo
type isPluginStatusV1_Details interface {
isPluginStatusV1_Details()
MarshalTo([]byte) (int, error)
Size() int
}
type PluginStatusV1_Gitlab struct {
Gitlab *PluginGitlabStatusV1 `protobuf:"bytes,4,opt,name=gitlab,proto3,oneof" json:"gitlab,omitempty"`
}
type PluginStatusV1_EntraId struct {
EntraId *PluginEntraIDStatusV1 `protobuf:"bytes,5,opt,name=entra_id,json=entraId,proto3,oneof" json:"entra_id,omitempty"`
}
type PluginStatusV1_Okta struct {
Okta *PluginOktaStatusV1 `protobuf:"bytes,7,opt,name=okta,proto3,oneof" json:"okta,omitempty"`
}
type PluginStatusV1_AwsIc struct {
AwsIc *PluginAWSICStatusV1 `protobuf:"bytes,8,opt,name=aws_ic,json=awsIc,proto3,oneof" json:"aws_ic,omitempty"`
}
type PluginStatusV1_NetIq struct {
NetIq *PluginNetIQStatusV1 `protobuf:"bytes,9,opt,name=net_iq,json=netIq,proto3,oneof" json:"net_iq,omitempty"`
}
func (*PluginStatusV1_Gitlab) isPluginStatusV1_Details() {}
func (*PluginStatusV1_EntraId) isPluginStatusV1_Details() {}
func (*PluginStatusV1_Okta) isPluginStatusV1_Details() {}
func (*PluginStatusV1_AwsIc) isPluginStatusV1_Details() {}
func (*PluginStatusV1_NetIq) isPluginStatusV1_Details() {}
func (m *PluginStatusV1) GetDetails() isPluginStatusV1_Details {
if m != nil {
return m.Details
}
return nil
}
func (m *PluginStatusV1) GetGitlab() *PluginGitlabStatusV1 {
if x, ok := m.GetDetails().(*PluginStatusV1_Gitlab); ok {
return x.Gitlab
}
return nil
}
func (m *PluginStatusV1) GetEntraId() *PluginEntraIDStatusV1 {
if x, ok := m.GetDetails().(*PluginStatusV1_EntraId); ok {
return x.EntraId
}
return nil
}
func (m *PluginStatusV1) GetOkta() *PluginOktaStatusV1 {
if x, ok := m.GetDetails().(*PluginStatusV1_Okta); ok {
return x.Okta
}
return nil
}
func (m *PluginStatusV1) GetAwsIc() *PluginAWSICStatusV1 {
if x, ok := m.GetDetails().(*PluginStatusV1_AwsIc); ok {
return x.AwsIc
}
return nil
}
func (m *PluginStatusV1) GetNetIq() *PluginNetIQStatusV1 {
if x, ok := m.GetDetails().(*PluginStatusV1_NetIq); ok {
return x.NetIq
}
return nil
}
// XXX_OneofWrappers is for the internal use of the proto package.
func (*PluginStatusV1) XXX_OneofWrappers() []interface{} {
return []interface{}{
(*PluginStatusV1_Gitlab)(nil),
(*PluginStatusV1_EntraId)(nil),
(*PluginStatusV1_Okta)(nil),
(*PluginStatusV1_AwsIc)(nil),
(*PluginStatusV1_NetIq)(nil),
}
}
// PluginNetIQStatusV1 is the status details for the NetIQ plugin.
type PluginNetIQStatusV1 struct {
// imported_users is the number of users imported from NetIQ eDirectory.
ImportedUsers uint32 `protobuf:"varint,1,opt,name=imported_users,json=importedUsers,proto3" json:"imported_users,omitempty"`
// imported_groups is the number of groups imported from NetIQ eDirectory.
ImportedGroups uint32 `protobuf:"varint,2,opt,name=imported_groups,json=importedGroups,proto3" json:"imported_groups,omitempty"`
// imported_roles is the number of roles imported from NetIQ eDirectory.
ImportedRoles uint32 `protobuf:"varint,3,opt,name=imported_roles,json=importedRoles,proto3" json:"imported_roles,omitempty"`
// imported_resources is the number of resources imported from NetIQ eDirectory.
ImportedResources uint32 `protobuf:"varint,4,opt,name=imported_resources,json=importedResources,proto3" json:"imported_resources,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginNetIQStatusV1) Reset() { *m = PluginNetIQStatusV1{} }
func (m *PluginNetIQStatusV1) String() string { return proto.CompactTextString(m) }
func (*PluginNetIQStatusV1) ProtoMessage() {}
func (*PluginNetIQStatusV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{341}
}
func (m *PluginNetIQStatusV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginNetIQStatusV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginNetIQStatusV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginNetIQStatusV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginNetIQStatusV1.Merge(m, src)
}
func (m *PluginNetIQStatusV1) XXX_Size() int {
return m.Size()
}
func (m *PluginNetIQStatusV1) XXX_DiscardUnknown() {
xxx_messageInfo_PluginNetIQStatusV1.DiscardUnknown(m)
}
var xxx_messageInfo_PluginNetIQStatusV1 proto.InternalMessageInfo
// PluginGitlabStatusV1 is the status details for the Gitlab plugin.
type PluginGitlabStatusV1 struct {
// imported_users is the number of users imported from Gitlab.
ImportedUsers uint32 `protobuf:"varint,1,opt,name=imported_users,json=importedUsers,proto3" json:"imported_users,omitempty"`
// imported_groups is the number of groups imported from Gitlab.
ImportedGroups uint32 `protobuf:"varint,2,opt,name=imported_groups,json=importedGroups,proto3" json:"imported_groups,omitempty"`
// imported_projects is the number of projects imported from Gitlab.
ImportedProjects uint32 `protobuf:"varint,3,opt,name=imported_projects,json=importedProjects,proto3" json:"imported_projects,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginGitlabStatusV1) Reset() { *m = PluginGitlabStatusV1{} }
func (m *PluginGitlabStatusV1) String() string { return proto.CompactTextString(m) }
func (*PluginGitlabStatusV1) ProtoMessage() {}
func (*PluginGitlabStatusV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{342}
}
func (m *PluginGitlabStatusV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginGitlabStatusV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginGitlabStatusV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginGitlabStatusV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginGitlabStatusV1.Merge(m, src)
}
func (m *PluginGitlabStatusV1) XXX_Size() int {
return m.Size()
}
func (m *PluginGitlabStatusV1) XXX_DiscardUnknown() {
xxx_messageInfo_PluginGitlabStatusV1.DiscardUnknown(m)
}
var xxx_messageInfo_PluginGitlabStatusV1 proto.InternalMessageInfo
// PluginEntraIDStatusV1 is the status details for the Entra ID plugin.
type PluginEntraIDStatusV1 struct {
// imported_users is the number of users imported from Entra ID.
ImportedUsers uint32 `protobuf:"varint,1,opt,name=imported_users,json=importedUsers,proto3" json:"imported_users,omitempty"`
// imported_groups is the number of groups imported from Entra ID.
ImportedGroups uint32 `protobuf:"varint,2,opt,name=imported_groups,json=importedGroups,proto3" json:"imported_groups,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginEntraIDStatusV1) Reset() { *m = PluginEntraIDStatusV1{} }
func (m *PluginEntraIDStatusV1) String() string { return proto.CompactTextString(m) }
func (*PluginEntraIDStatusV1) ProtoMessage() {}
func (*PluginEntraIDStatusV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{343}
}
func (m *PluginEntraIDStatusV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginEntraIDStatusV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginEntraIDStatusV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginEntraIDStatusV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginEntraIDStatusV1.Merge(m, src)
}
func (m *PluginEntraIDStatusV1) XXX_Size() int {
return m.Size()
}
func (m *PluginEntraIDStatusV1) XXX_DiscardUnknown() {
xxx_messageInfo_PluginEntraIDStatusV1.DiscardUnknown(m)
}
var xxx_messageInfo_PluginEntraIDStatusV1 proto.InternalMessageInfo
// PluginOktaStatusV1 contains the details for the running Okta plugin.
type PluginOktaStatusV1 struct {
// SSODetails are status details relating to SSO.
SsoDetails *PluginOktaStatusDetailsSSO `protobuf:"bytes,1,opt,name=sso_details,json=ssoDetails,proto3" json:"sso_details,omitempty"`
// AppGroupSyncDetails are status details relating to synchronizing apps and
// groups from Okta.
AppGroupSyncDetails *PluginOktaStatusDetailsAppGroupSync `protobuf:"bytes,2,opt,name=app_group_sync_details,json=appGroupSyncDetails,proto3" json:"app_group_sync_details,omitempty"`
// UsersSyncDetails are status details relating to synchronizing users from
// Okta.
UsersSyncDetails *PluginOktaStatusDetailsUsersSync `protobuf:"bytes,3,opt,name=users_sync_details,json=usersSyncDetails,proto3" json:"users_sync_details,omitempty"`
// ScimDetails are status details relating to SCIM integration with
// Okta.
ScimDetails *PluginOktaStatusDetailsSCIM `protobuf:"bytes,4,opt,name=scim_details,json=scimDetails,proto3" json:"scim_details,omitempty"`
// AccessListSyncDetails are status details relating to synchronizing access
// lists from Okta.
AccessListsSyncDetails *PluginOktaStatusDetailsAccessListsSync `protobuf:"bytes,5,opt,name=access_lists_sync_details,json=accessListsSyncDetails,proto3" json:"access_lists_sync_details,omitempty"`
// SystemLogExportDetails are the status defaults related to the System Logs
// exporter.
SystemLogExportDetails *PluginOktaStatusSystemLogExporter `protobuf:"bytes,6,opt,name=system_log_export_details,json=systemLogExportDetails,proto3" json:"system_log_export_details,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginOktaStatusV1) Reset() { *m = PluginOktaStatusV1{} }
func (m *PluginOktaStatusV1) String() string { return proto.CompactTextString(m) }
func (*PluginOktaStatusV1) ProtoMessage() {}
func (*PluginOktaStatusV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{344}
}
func (m *PluginOktaStatusV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginOktaStatusV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginOktaStatusV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginOktaStatusV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginOktaStatusV1.Merge(m, src)
}
func (m *PluginOktaStatusV1) XXX_Size() int {
return m.Size()
}
func (m *PluginOktaStatusV1) XXX_DiscardUnknown() {
xxx_messageInfo_PluginOktaStatusV1.DiscardUnknown(m)
}
var xxx_messageInfo_PluginOktaStatusV1 proto.InternalMessageInfo
// PluginOktaStatusDetailsSSO are details related to the
// current status of the Okta integration w/r/t SSO.
type PluginOktaStatusDetailsSSO struct {
// Enabled indicates whether SSO login is enabled.
Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
// AppId is the unique Okta application ID of the Okta Applicaion used for
// SSO login.
AppId string `protobuf:"bytes,2,opt,name=app_id,json=appId,proto3" json:"app_id,omitempty"`
// AppName is the Okta-assigned unique name of the Okta App that Teleport uses
// as a gateway to interact with Okta for SAML login, SCIM provisioning and user
// sync.
AppName string `protobuf:"bytes,3,opt,name=app_name,json=appName,proto3" json:"app_name,omitempty"`
// OktaGroupEveryoneMappedRoles are the role(s) that will be granted to Okta users
// through SSO or synchronization.
OktaGroupEveryoneMappedRoles []string `protobuf:"bytes,4,rep,name=okta_group_everyone_mapped_roles,json=oktaGroupEveryoneMappedRoles,proto3" json:"okta_group_everyone_mapped_roles,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginOktaStatusDetailsSSO) Reset() { *m = PluginOktaStatusDetailsSSO{} }
func (m *PluginOktaStatusDetailsSSO) String() string { return proto.CompactTextString(m) }
func (*PluginOktaStatusDetailsSSO) ProtoMessage() {}
func (*PluginOktaStatusDetailsSSO) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{345}
}
func (m *PluginOktaStatusDetailsSSO) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginOktaStatusDetailsSSO) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginOktaStatusDetailsSSO.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginOktaStatusDetailsSSO) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginOktaStatusDetailsSSO.Merge(m, src)
}
func (m *PluginOktaStatusDetailsSSO) XXX_Size() int {
return m.Size()
}
func (m *PluginOktaStatusDetailsSSO) XXX_DiscardUnknown() {
xxx_messageInfo_PluginOktaStatusDetailsSSO.DiscardUnknown(m)
}
var xxx_messageInfo_PluginOktaStatusDetailsSSO proto.InternalMessageInfo
// PluginOktaStatusDetailsAppGroupSync are details related to the
// current status of the Okta integration w/r/t application and group
// sync.
type PluginOktaStatusDetailsAppGroupSync struct {
// Enabled is whether the users sync is enabled.
Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
// StatusCode indicates the current state of the App & Group sync service
StatusCode OktaPluginSyncStatusCode `protobuf:"varint,2,opt,name=status_code,json=statusCode,proto3,enum=types.OktaPluginSyncStatusCode" json:"status_code,omitempty"`
// LastSuccessful is the date of the last successful run.
LastSuccessful *time.Time `protobuf:"bytes,3,opt,name=last_successful,json=lastSuccessful,proto3,stdtime" json:"last_successful"`
// LastFailed is the date of the last failed run.
LastFailed *time.Time `protobuf:"bytes,4,opt,name=last_failed,json=lastFailed,proto3,stdtime" json:"last_failed"`
// NumAppsSynced is the total number of apps synchronized.
NumAppsSynced int32 `protobuf:"varint,5,opt,name=num_apps_synced,json=numAppsSynced,proto3" json:"num_apps_synced,omitempty"`
// NumAppsSynced is the total number of groups synchronized.
NumGroupsSynced int32 `protobuf:"varint,6,opt,name=num_groups_synced,json=numGroupsSynced,proto3" json:"num_groups_synced,omitempty"`
// Error contains a textual description of the reason the last synchronization
// failed. Only valid when StatusCode is OKTA_PLUGIN_SYNC_STATUS_CODE_ERROR.
Error string `protobuf:"bytes,7,opt,name=error,proto3" json:"error,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginOktaStatusDetailsAppGroupSync) Reset() { *m = PluginOktaStatusDetailsAppGroupSync{} }
func (m *PluginOktaStatusDetailsAppGroupSync) String() string { return proto.CompactTextString(m) }
func (*PluginOktaStatusDetailsAppGroupSync) ProtoMessage() {}
func (*PluginOktaStatusDetailsAppGroupSync) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{346}
}
func (m *PluginOktaStatusDetailsAppGroupSync) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginOktaStatusDetailsAppGroupSync) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginOktaStatusDetailsAppGroupSync.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginOktaStatusDetailsAppGroupSync) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginOktaStatusDetailsAppGroupSync.Merge(m, src)
}
func (m *PluginOktaStatusDetailsAppGroupSync) XXX_Size() int {
return m.Size()
}
func (m *PluginOktaStatusDetailsAppGroupSync) XXX_DiscardUnknown() {
xxx_messageInfo_PluginOktaStatusDetailsAppGroupSync.DiscardUnknown(m)
}
var xxx_messageInfo_PluginOktaStatusDetailsAppGroupSync proto.InternalMessageInfo
// PluginOktaStatusDetailsUsersSync are details related to the
// current status of the Okta integration w/r/t users sync.
type PluginOktaStatusDetailsUsersSync struct {
// Enabled is whether the users sync is enabled.
Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
// StatusCode indicates the current state of the User sync service
StatusCode OktaPluginSyncStatusCode `protobuf:"varint,2,opt,name=status_code,json=statusCode,proto3,enum=types.OktaPluginSyncStatusCode" json:"status_code,omitempty"`
// LastSuccessful is the date of the last successful run.
LastSuccessful *time.Time `protobuf:"bytes,3,opt,name=last_successful,json=lastSuccessful,proto3,stdtime" json:"last_successful"`
// LastFailed is the date of the last failed run.
LastFailed *time.Time `protobuf:"bytes,4,opt,name=last_failed,json=lastFailed,proto3,stdtime" json:"last_failed"`
// NumUsersSynced is the total number of users synchronized.
NumUsersSynced int32 `protobuf:"varint,5,opt,name=num_users_synced,json=numUsersSynced,proto3" json:"num_users_synced,omitempty"`
// Error contains a textual description of the reason the last synchronization
// failed. Only valid when StatusCode is OKTA_PLUGIN_SYNC_STATUS_CODE_ERROR.
Error string `protobuf:"bytes,6,opt,name=error,proto3" json:"error,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginOktaStatusDetailsUsersSync) Reset() { *m = PluginOktaStatusDetailsUsersSync{} }
func (m *PluginOktaStatusDetailsUsersSync) String() string { return proto.CompactTextString(m) }
func (*PluginOktaStatusDetailsUsersSync) ProtoMessage() {}
func (*PluginOktaStatusDetailsUsersSync) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{347}
}
func (m *PluginOktaStatusDetailsUsersSync) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginOktaStatusDetailsUsersSync) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginOktaStatusDetailsUsersSync.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginOktaStatusDetailsUsersSync) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginOktaStatusDetailsUsersSync.Merge(m, src)
}
func (m *PluginOktaStatusDetailsUsersSync) XXX_Size() int {
return m.Size()
}
func (m *PluginOktaStatusDetailsUsersSync) XXX_DiscardUnknown() {
xxx_messageInfo_PluginOktaStatusDetailsUsersSync.DiscardUnknown(m)
}
var xxx_messageInfo_PluginOktaStatusDetailsUsersSync proto.InternalMessageInfo
// PluginOktaStatusDetailsSCIM are details related to the
// current status of the Okta integration w/r/t SCIM.
type PluginOktaStatusDetailsSCIM struct {
// Enabled is whether SCIM is enabled.
Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginOktaStatusDetailsSCIM) Reset() { *m = PluginOktaStatusDetailsSCIM{} }
func (m *PluginOktaStatusDetailsSCIM) String() string { return proto.CompactTextString(m) }
func (*PluginOktaStatusDetailsSCIM) ProtoMessage() {}
func (*PluginOktaStatusDetailsSCIM) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{348}
}
func (m *PluginOktaStatusDetailsSCIM) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginOktaStatusDetailsSCIM) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginOktaStatusDetailsSCIM.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginOktaStatusDetailsSCIM) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginOktaStatusDetailsSCIM.Merge(m, src)
}
func (m *PluginOktaStatusDetailsSCIM) XXX_Size() int {
return m.Size()
}
func (m *PluginOktaStatusDetailsSCIM) XXX_DiscardUnknown() {
xxx_messageInfo_PluginOktaStatusDetailsSCIM.DiscardUnknown(m)
}
var xxx_messageInfo_PluginOktaStatusDetailsSCIM proto.InternalMessageInfo
// PluginOktaStatusDetailsAccessListsSync are details related to the
// current status of the Okta integration w/r/t access list sync.
type PluginOktaStatusDetailsAccessListsSync struct {
// Enabled is whether access lists sync is enabled.
Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
// StatusCode indicates the current state of the AccessList sync service
StatusCode OktaPluginSyncStatusCode `protobuf:"varint,2,opt,name=status_code,json=statusCode,proto3,enum=types.OktaPluginSyncStatusCode" json:"status_code,omitempty"`
// LastSuccessful is the date of the last successful run.
LastSuccessful *time.Time `protobuf:"bytes,3,opt,name=last_successful,json=lastSuccessful,proto3,stdtime" json:"last_successful"`
// LastFailed is the date of the last failed run.
LastFailed *time.Time `protobuf:"bytes,4,opt,name=last_failed,json=lastFailed,proto3,stdtime" json:"last_failed"`
// AppFilters are the app filters used for the access list sync.
AppFilters []string `protobuf:"bytes,5,rep,name=app_filters,json=appFilters,proto3" json:"app_filters,omitempty"`
// NumAppsSynced are the number of applications synchronized as access lists.
NumAppsSynced int32 `protobuf:"varint,6,opt,name=num_apps_synced,json=numAppsSynced,proto3" json:"num_apps_synced,omitempty"`
// GroupFilters are the group filters used for the access list sync.
GroupFilters []string `protobuf:"bytes,7,rep,name=group_filters,json=groupFilters,proto3" json:"group_filters,omitempty"`
// NumGroupsSynced are the number of groups synchronized as access lists.
NumGroupsSynced int32 `protobuf:"varint,8,opt,name=num_groups_synced,json=numGroupsSynced,proto3" json:"num_groups_synced,omitempty"`
// Error contains a textual description of the reason the last synchronization
// failed. Only valid when StatusCode is OKTA_PLUGIN_SYNC_STATUS_CODE_ERROR.
Error string `protobuf:"bytes,9,opt,name=error,proto3" json:"error,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginOktaStatusDetailsAccessListsSync) Reset() {
*m = PluginOktaStatusDetailsAccessListsSync{}
}
func (m *PluginOktaStatusDetailsAccessListsSync) String() string { return proto.CompactTextString(m) }
func (*PluginOktaStatusDetailsAccessListsSync) ProtoMessage() {}
func (*PluginOktaStatusDetailsAccessListsSync) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{349}
}
func (m *PluginOktaStatusDetailsAccessListsSync) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginOktaStatusDetailsAccessListsSync) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginOktaStatusDetailsAccessListsSync.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginOktaStatusDetailsAccessListsSync) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginOktaStatusDetailsAccessListsSync.Merge(m, src)
}
func (m *PluginOktaStatusDetailsAccessListsSync) XXX_Size() int {
return m.Size()
}
func (m *PluginOktaStatusDetailsAccessListsSync) XXX_DiscardUnknown() {
xxx_messageInfo_PluginOktaStatusDetailsAccessListsSync.DiscardUnknown(m)
}
var xxx_messageInfo_PluginOktaStatusDetailsAccessListsSync proto.InternalMessageInfo
// PluginOktaStatusSystemLogExporter are details related to the
// current status of the Okta integration w/r/t system logs sync.
type PluginOktaStatusSystemLogExporter struct {
// Enabled is whether Okta System Log exporter is enabled.
Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
// StatusCode indicates the current state of the service
StatusCode OktaPluginSyncStatusCode `protobuf:"varint,2,opt,name=status_code,json=statusCode,proto3,enum=types.OktaPluginSyncStatusCode" json:"status_code,omitempty"`
// LastSuccessful is the date of the last successful run.
LastSuccessful *time.Time `protobuf:"bytes,3,opt,name=last_successful,json=lastSuccessful,proto3,stdtime" json:"last_successful"`
// LastFailed is the date of the last failed run.
LastFailed *time.Time `protobuf:"bytes,4,opt,name=last_failed,json=lastFailed,proto3,stdtime" json:"last_failed"`
// Error contains a textual description of the reason the last synchronization
// failed. Only valid when StatusCode is OKTA_PLUGIN_SYNC_STATUS_CODE_ERROR.
Error string `protobuf:"bytes,9,opt,name=error,proto3" json:"error,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginOktaStatusSystemLogExporter) Reset() { *m = PluginOktaStatusSystemLogExporter{} }
func (m *PluginOktaStatusSystemLogExporter) String() string { return proto.CompactTextString(m) }
func (*PluginOktaStatusSystemLogExporter) ProtoMessage() {}
func (*PluginOktaStatusSystemLogExporter) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{350}
}
func (m *PluginOktaStatusSystemLogExporter) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginOktaStatusSystemLogExporter) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginOktaStatusSystemLogExporter.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginOktaStatusSystemLogExporter) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginOktaStatusSystemLogExporter.Merge(m, src)
}
func (m *PluginOktaStatusSystemLogExporter) XXX_Size() int {
return m.Size()
}
func (m *PluginOktaStatusSystemLogExporter) XXX_DiscardUnknown() {
xxx_messageInfo_PluginOktaStatusSystemLogExporter.DiscardUnknown(m)
}
var xxx_messageInfo_PluginOktaStatusSystemLogExporter proto.InternalMessageInfo
// PluginCredentialsV1 represents "live" credentials
// that are used by the plugin to authenticate to the 3rd party API.
type PluginCredentialsV1 struct {
// Types that are valid to be assigned to Credentials:
//
// *PluginCredentialsV1_Oauth2AccessToken
// *PluginCredentialsV1_BearerToken
// *PluginCredentialsV1_IdSecret
// *PluginCredentialsV1_StaticCredentialsRef
Credentials isPluginCredentialsV1_Credentials `protobuf_oneof:"credentials"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginCredentialsV1) Reset() { *m = PluginCredentialsV1{} }
func (m *PluginCredentialsV1) String() string { return proto.CompactTextString(m) }
func (*PluginCredentialsV1) ProtoMessage() {}
func (*PluginCredentialsV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{351}
}
func (m *PluginCredentialsV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginCredentialsV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginCredentialsV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginCredentialsV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginCredentialsV1.Merge(m, src)
}
func (m *PluginCredentialsV1) XXX_Size() int {
return m.Size()
}
func (m *PluginCredentialsV1) XXX_DiscardUnknown() {
xxx_messageInfo_PluginCredentialsV1.DiscardUnknown(m)
}
var xxx_messageInfo_PluginCredentialsV1 proto.InternalMessageInfo
type isPluginCredentialsV1_Credentials interface {
isPluginCredentialsV1_Credentials()
Equal(interface{}) bool
MarshalTo([]byte) (int, error)
Size() int
}
type PluginCredentialsV1_Oauth2AccessToken struct {
Oauth2AccessToken *PluginOAuth2AccessTokenCredentials `protobuf:"bytes,1,opt,name=oauth2_access_token,json=oauth2AccessToken,proto3,oneof" json:"oauth2_access_token,omitempty"`
}
type PluginCredentialsV1_BearerToken struct {
BearerToken *PluginBearerTokenCredentials `protobuf:"bytes,2,opt,name=bearer_token,json=bearerToken,proto3,oneof" json:"bearer_token,omitempty"`
}
type PluginCredentialsV1_IdSecret struct {
IdSecret *PluginIdSecretCredential `protobuf:"bytes,3,opt,name=id_secret,json=idSecret,proto3,oneof" json:"id_secret,omitempty"`
}
type PluginCredentialsV1_StaticCredentialsRef struct {
StaticCredentialsRef *PluginStaticCredentialsRef `protobuf:"bytes,4,opt,name=static_credentials_ref,json=staticCredentialsRef,proto3,oneof" json:"static_credentials_ref,omitempty"`
}
func (*PluginCredentialsV1_Oauth2AccessToken) isPluginCredentialsV1_Credentials() {}
func (*PluginCredentialsV1_BearerToken) isPluginCredentialsV1_Credentials() {}
func (*PluginCredentialsV1_IdSecret) isPluginCredentialsV1_Credentials() {}
func (*PluginCredentialsV1_StaticCredentialsRef) isPluginCredentialsV1_Credentials() {}
func (m *PluginCredentialsV1) GetCredentials() isPluginCredentialsV1_Credentials {
if m != nil {
return m.Credentials
}
return nil
}
func (m *PluginCredentialsV1) GetOauth2AccessToken() *PluginOAuth2AccessTokenCredentials {
if x, ok := m.GetCredentials().(*PluginCredentialsV1_Oauth2AccessToken); ok {
return x.Oauth2AccessToken
}
return nil
}
func (m *PluginCredentialsV1) GetBearerToken() *PluginBearerTokenCredentials {
if x, ok := m.GetCredentials().(*PluginCredentialsV1_BearerToken); ok {
return x.BearerToken
}
return nil
}
func (m *PluginCredentialsV1) GetIdSecret() *PluginIdSecretCredential {
if x, ok := m.GetCredentials().(*PluginCredentialsV1_IdSecret); ok {
return x.IdSecret
}
return nil
}
func (m *PluginCredentialsV1) GetStaticCredentialsRef() *PluginStaticCredentialsRef {
if x, ok := m.GetCredentials().(*PluginCredentialsV1_StaticCredentialsRef); ok {
return x.StaticCredentialsRef
}
return nil
}
// XXX_OneofWrappers is for the internal use of the proto package.
func (*PluginCredentialsV1) XXX_OneofWrappers() []interface{} {
return []interface{}{
(*PluginCredentialsV1_Oauth2AccessToken)(nil),
(*PluginCredentialsV1_BearerToken)(nil),
(*PluginCredentialsV1_IdSecret)(nil),
(*PluginCredentialsV1_StaticCredentialsRef)(nil),
}
}
type PluginOAuth2AccessTokenCredentials struct {
AccessToken string `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
RefreshToken string `protobuf:"bytes,2,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"`
Expires time.Time `protobuf:"bytes,3,opt,name=expires,proto3,stdtime" json:"expires"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginOAuth2AccessTokenCredentials) Reset() { *m = PluginOAuth2AccessTokenCredentials{} }
func (m *PluginOAuth2AccessTokenCredentials) String() string { return proto.CompactTextString(m) }
func (*PluginOAuth2AccessTokenCredentials) ProtoMessage() {}
func (*PluginOAuth2AccessTokenCredentials) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{352}
}
func (m *PluginOAuth2AccessTokenCredentials) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginOAuth2AccessTokenCredentials) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginOAuth2AccessTokenCredentials.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginOAuth2AccessTokenCredentials) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginOAuth2AccessTokenCredentials.Merge(m, src)
}
func (m *PluginOAuth2AccessTokenCredentials) XXX_Size() int {
return m.Size()
}
func (m *PluginOAuth2AccessTokenCredentials) XXX_DiscardUnknown() {
xxx_messageInfo_PluginOAuth2AccessTokenCredentials.DiscardUnknown(m)
}
var xxx_messageInfo_PluginOAuth2AccessTokenCredentials proto.InternalMessageInfo
type PluginBearerTokenCredentials struct {
// Token is the literal bearer token to be submitted to the 3rd-party API provider.
Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginBearerTokenCredentials) Reset() { *m = PluginBearerTokenCredentials{} }
func (m *PluginBearerTokenCredentials) String() string { return proto.CompactTextString(m) }
func (*PluginBearerTokenCredentials) ProtoMessage() {}
func (*PluginBearerTokenCredentials) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{353}
}
func (m *PluginBearerTokenCredentials) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginBearerTokenCredentials) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginBearerTokenCredentials.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginBearerTokenCredentials) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginBearerTokenCredentials.Merge(m, src)
}
func (m *PluginBearerTokenCredentials) XXX_Size() int {
return m.Size()
}
func (m *PluginBearerTokenCredentials) XXX_DiscardUnknown() {
xxx_messageInfo_PluginBearerTokenCredentials.DiscardUnknown(m)
}
var xxx_messageInfo_PluginBearerTokenCredentials proto.InternalMessageInfo
// PluginStaticCredentialsRef is a reference to plugin static credentials by labels.
type PluginStaticCredentialsRef struct {
// Labels is the set of labels to use to match against a set of static credentials.
Labels map[string]string `protobuf:"bytes,1,rep,name=Labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginStaticCredentialsRef) Reset() { *m = PluginStaticCredentialsRef{} }
func (m *PluginStaticCredentialsRef) String() string { return proto.CompactTextString(m) }
func (*PluginStaticCredentialsRef) ProtoMessage() {}
func (*PluginStaticCredentialsRef) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{354}
}
func (m *PluginStaticCredentialsRef) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginStaticCredentialsRef) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginStaticCredentialsRef.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginStaticCredentialsRef) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginStaticCredentialsRef.Merge(m, src)
}
func (m *PluginStaticCredentialsRef) XXX_Size() int {
return m.Size()
}
func (m *PluginStaticCredentialsRef) XXX_DiscardUnknown() {
xxx_messageInfo_PluginStaticCredentialsRef.DiscardUnknown(m)
}
var xxx_messageInfo_PluginStaticCredentialsRef proto.InternalMessageInfo
// PluginList represents a list of plugin resources
type PluginListV1 struct {
// Plugins is a list of plugin resources.
Plugins []*PluginV1 `protobuf:"bytes,1,rep,name=plugins,proto3" json:"plugins,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginListV1) Reset() { *m = PluginListV1{} }
func (m *PluginListV1) String() string { return proto.CompactTextString(m) }
func (*PluginListV1) ProtoMessage() {}
func (*PluginListV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{355}
}
func (m *PluginListV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginListV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginListV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginListV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginListV1.Merge(m, src)
}
func (m *PluginListV1) XXX_Size() int {
return m.Size()
}
func (m *PluginListV1) XXX_DiscardUnknown() {
xxx_messageInfo_PluginListV1.DiscardUnknown(m)
}
var xxx_messageInfo_PluginListV1 proto.InternalMessageInfo
// PluginStaticCredentialsV1 is a representation of static credentials for plugins.
type PluginStaticCredentialsV1 struct {
// Header is the resource header for the plugin static credentials object.
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:"Header"`
// Spec contains the actual credentials for the object.
Spec *PluginStaticCredentialsSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"Spec,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginStaticCredentialsV1) Reset() { *m = PluginStaticCredentialsV1{} }
func (*PluginStaticCredentialsV1) ProtoMessage() {}
func (*PluginStaticCredentialsV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{356}
}
func (m *PluginStaticCredentialsV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginStaticCredentialsV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginStaticCredentialsV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginStaticCredentialsV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginStaticCredentialsV1.Merge(m, src)
}
func (m *PluginStaticCredentialsV1) XXX_Size() int {
return m.Size()
}
func (m *PluginStaticCredentialsV1) XXX_DiscardUnknown() {
xxx_messageInfo_PluginStaticCredentialsV1.DiscardUnknown(m)
}
var xxx_messageInfo_PluginStaticCredentialsV1 proto.InternalMessageInfo
// PluginStaticCredentialsSpecV1 is the specification for the static credentials object.
type PluginStaticCredentialsSpecV1 struct {
// Types that are valid to be assigned to Credentials:
//
// *PluginStaticCredentialsSpecV1_APIToken
// *PluginStaticCredentialsSpecV1_BasicAuth
// *PluginStaticCredentialsSpecV1_OAuthClientSecret
// *PluginStaticCredentialsSpecV1_SSHCertAuthorities
// *PluginStaticCredentialsSpecV1_PrivateKey
Credentials isPluginStaticCredentialsSpecV1_Credentials `protobuf_oneof:"credentials"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginStaticCredentialsSpecV1) Reset() { *m = PluginStaticCredentialsSpecV1{} }
func (m *PluginStaticCredentialsSpecV1) String() string { return proto.CompactTextString(m) }
func (*PluginStaticCredentialsSpecV1) ProtoMessage() {}
func (*PluginStaticCredentialsSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{357}
}
func (m *PluginStaticCredentialsSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginStaticCredentialsSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginStaticCredentialsSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginStaticCredentialsSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginStaticCredentialsSpecV1.Merge(m, src)
}
func (m *PluginStaticCredentialsSpecV1) XXX_Size() int {
return m.Size()
}
func (m *PluginStaticCredentialsSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_PluginStaticCredentialsSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_PluginStaticCredentialsSpecV1 proto.InternalMessageInfo
type isPluginStaticCredentialsSpecV1_Credentials interface {
isPluginStaticCredentialsSpecV1_Credentials()
Equal(interface{}) bool
MarshalTo([]byte) (int, error)
Size() int
}
type PluginStaticCredentialsSpecV1_APIToken struct {
APIToken string `protobuf:"bytes,1,opt,name=APIToken,proto3,oneof" json:"APIToken,omitempty"`
}
type PluginStaticCredentialsSpecV1_BasicAuth struct {
BasicAuth *PluginStaticCredentialsBasicAuth `protobuf:"bytes,2,opt,name=BasicAuth,proto3,oneof" json:"BasicAuth,omitempty"`
}
type PluginStaticCredentialsSpecV1_OAuthClientSecret struct {
OAuthClientSecret *PluginStaticCredentialsOAuthClientSecret `protobuf:"bytes,3,opt,name=OAuthClientSecret,proto3,oneof" json:"OAuthClientSecret,omitempty"`
}
type PluginStaticCredentialsSpecV1_SSHCertAuthorities struct {
SSHCertAuthorities *PluginStaticCredentialsSSHCertAuthorities `protobuf:"bytes,4,opt,name=SSHCertAuthorities,proto3,oneof" json:"SSHCertAuthorities,omitempty"`
}
type PluginStaticCredentialsSpecV1_PrivateKey struct {
PrivateKey []byte `protobuf:"bytes,5,opt,name=private_key,json=privateKey,proto3,oneof" json:"private_key,omitempty"`
}
func (*PluginStaticCredentialsSpecV1_APIToken) isPluginStaticCredentialsSpecV1_Credentials() {}
func (*PluginStaticCredentialsSpecV1_BasicAuth) isPluginStaticCredentialsSpecV1_Credentials() {}
func (*PluginStaticCredentialsSpecV1_OAuthClientSecret) isPluginStaticCredentialsSpecV1_Credentials() {
}
func (*PluginStaticCredentialsSpecV1_SSHCertAuthorities) isPluginStaticCredentialsSpecV1_Credentials() {
}
func (*PluginStaticCredentialsSpecV1_PrivateKey) isPluginStaticCredentialsSpecV1_Credentials() {}
func (m *PluginStaticCredentialsSpecV1) GetCredentials() isPluginStaticCredentialsSpecV1_Credentials {
if m != nil {
return m.Credentials
}
return nil
}
func (m *PluginStaticCredentialsSpecV1) GetAPIToken() string {
if x, ok := m.GetCredentials().(*PluginStaticCredentialsSpecV1_APIToken); ok {
return x.APIToken
}
return ""
}
func (m *PluginStaticCredentialsSpecV1) GetBasicAuth() *PluginStaticCredentialsBasicAuth {
if x, ok := m.GetCredentials().(*PluginStaticCredentialsSpecV1_BasicAuth); ok {
return x.BasicAuth
}
return nil
}
func (m *PluginStaticCredentialsSpecV1) GetOAuthClientSecret() *PluginStaticCredentialsOAuthClientSecret {
if x, ok := m.GetCredentials().(*PluginStaticCredentialsSpecV1_OAuthClientSecret); ok {
return x.OAuthClientSecret
}
return nil
}
func (m *PluginStaticCredentialsSpecV1) GetSSHCertAuthorities() *PluginStaticCredentialsSSHCertAuthorities {
if x, ok := m.GetCredentials().(*PluginStaticCredentialsSpecV1_SSHCertAuthorities); ok {
return x.SSHCertAuthorities
}
return nil
}
func (m *PluginStaticCredentialsSpecV1) GetPrivateKey() []byte {
if x, ok := m.GetCredentials().(*PluginStaticCredentialsSpecV1_PrivateKey); ok {
return x.PrivateKey
}
return nil
}
// XXX_OneofWrappers is for the internal use of the proto package.
func (*PluginStaticCredentialsSpecV1) XXX_OneofWrappers() []interface{} {
return []interface{}{
(*PluginStaticCredentialsSpecV1_APIToken)(nil),
(*PluginStaticCredentialsSpecV1_BasicAuth)(nil),
(*PluginStaticCredentialsSpecV1_OAuthClientSecret)(nil),
(*PluginStaticCredentialsSpecV1_SSHCertAuthorities)(nil),
(*PluginStaticCredentialsSpecV1_PrivateKey)(nil),
}
}
// PluginStaticCredentialsBasicAuth represents username and password credentials for a plugin.
type PluginStaticCredentialsBasicAuth struct {
// Username is the username to use for basic auth.
Username string `protobuf:"bytes,1,opt,name=Username,proto3" json:"username"`
// Password is the password to use for basic auth.
Password string `protobuf:"bytes,2,opt,name=Password,proto3" json:"password"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginStaticCredentialsBasicAuth) Reset() { *m = PluginStaticCredentialsBasicAuth{} }
func (m *PluginStaticCredentialsBasicAuth) String() string { return proto.CompactTextString(m) }
func (*PluginStaticCredentialsBasicAuth) ProtoMessage() {}
func (*PluginStaticCredentialsBasicAuth) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{358}
}
func (m *PluginStaticCredentialsBasicAuth) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginStaticCredentialsBasicAuth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginStaticCredentialsBasicAuth.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginStaticCredentialsBasicAuth) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginStaticCredentialsBasicAuth.Merge(m, src)
}
func (m *PluginStaticCredentialsBasicAuth) XXX_Size() int {
return m.Size()
}
func (m *PluginStaticCredentialsBasicAuth) XXX_DiscardUnknown() {
xxx_messageInfo_PluginStaticCredentialsBasicAuth.DiscardUnknown(m)
}
var xxx_messageInfo_PluginStaticCredentialsBasicAuth proto.InternalMessageInfo
// PluginStaticCredentialsOAuthClientSecret represents an oauth client id and secret.
type PluginStaticCredentialsOAuthClientSecret struct {
// ClientId is the client ID to use for OAuth client secret.
ClientId string `protobuf:"bytes,1,opt,name=ClientId,proto3" json:"client_id"`
// ClientSecret is the client secret to use.
ClientSecret string `protobuf:"bytes,2,opt,name=ClientSecret,proto3" json:"client_secret"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginStaticCredentialsOAuthClientSecret) Reset() {
*m = PluginStaticCredentialsOAuthClientSecret{}
}
func (m *PluginStaticCredentialsOAuthClientSecret) String() string { return proto.CompactTextString(m) }
func (*PluginStaticCredentialsOAuthClientSecret) ProtoMessage() {}
func (*PluginStaticCredentialsOAuthClientSecret) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{359}
}
func (m *PluginStaticCredentialsOAuthClientSecret) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginStaticCredentialsOAuthClientSecret) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginStaticCredentialsOAuthClientSecret.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginStaticCredentialsOAuthClientSecret) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginStaticCredentialsOAuthClientSecret.Merge(m, src)
}
func (m *PluginStaticCredentialsOAuthClientSecret) XXX_Size() int {
return m.Size()
}
func (m *PluginStaticCredentialsOAuthClientSecret) XXX_DiscardUnknown() {
xxx_messageInfo_PluginStaticCredentialsOAuthClientSecret.DiscardUnknown(m)
}
var xxx_messageInfo_PluginStaticCredentialsOAuthClientSecret proto.InternalMessageInfo
// PluginStaticCredentialsSSHCertAuthorities contains the active SSH CAs used
// for the integration or plugin.
type PluginStaticCredentialsSSHCertAuthorities struct {
// CertAuthorities contains the active SSH CAs used for the integration or
// plugin.
CertAuthorities []*SSHKeyPair `protobuf:"bytes,1,rep,name=cert_authorities,json=certAuthorities,proto3" json:"cert_authorities,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *PluginStaticCredentialsSSHCertAuthorities) Reset() {
*m = PluginStaticCredentialsSSHCertAuthorities{}
}
func (m *PluginStaticCredentialsSSHCertAuthorities) String() string {
return proto.CompactTextString(m)
}
func (*PluginStaticCredentialsSSHCertAuthorities) ProtoMessage() {}
func (*PluginStaticCredentialsSSHCertAuthorities) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{360}
}
func (m *PluginStaticCredentialsSSHCertAuthorities) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *PluginStaticCredentialsSSHCertAuthorities) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_PluginStaticCredentialsSSHCertAuthorities.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *PluginStaticCredentialsSSHCertAuthorities) XXX_Merge(src proto.Message) {
xxx_messageInfo_PluginStaticCredentialsSSHCertAuthorities.Merge(m, src)
}
func (m *PluginStaticCredentialsSSHCertAuthorities) XXX_Size() int {
return m.Size()
}
func (m *PluginStaticCredentialsSSHCertAuthorities) XXX_DiscardUnknown() {
xxx_messageInfo_PluginStaticCredentialsSSHCertAuthorities.DiscardUnknown(m)
}
var xxx_messageInfo_PluginStaticCredentialsSSHCertAuthorities proto.InternalMessageInfo
// SAMLIdPServiceProviderV1 is the representation of a SAML IdP service provider.
type SAMLIdPServiceProviderV1 struct {
// Header is the resource header for the SAML IdP service provider.
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
// Spec is the SAML IdP service provider spec.
Spec SAMLIdPServiceProviderSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SAMLIdPServiceProviderV1) Reset() { *m = SAMLIdPServiceProviderV1{} }
func (*SAMLIdPServiceProviderV1) ProtoMessage() {}
func (*SAMLIdPServiceProviderV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{361}
}
func (m *SAMLIdPServiceProviderV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SAMLIdPServiceProviderV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SAMLIdPServiceProviderV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SAMLIdPServiceProviderV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_SAMLIdPServiceProviderV1.Merge(m, src)
}
func (m *SAMLIdPServiceProviderV1) XXX_Size() int {
return m.Size()
}
func (m *SAMLIdPServiceProviderV1) XXX_DiscardUnknown() {
xxx_messageInfo_SAMLIdPServiceProviderV1.DiscardUnknown(m)
}
var xxx_messageInfo_SAMLIdPServiceProviderV1 proto.InternalMessageInfo
// SAMLIdPServiceProviderSpecV1 is the SAMLIdPServiceProviderV1 resource spec.
type SAMLIdPServiceProviderSpecV1 struct {
// EntityDescriptor is the entity descriptor for the service provider
EntityDescriptor string `protobuf:"bytes,1,opt,name=EntityDescriptor,proto3" json:"entity_descriptor"`
// EntityID is the entity ID for the entity descriptor. If entity descriptor is provided,
// this value is checked that it matches the entity ID in the entity descriptor
// at upsert time to avoid having to parse the XML blob in the entity descriptor
// every time we need to use this resource.
EntityID string `protobuf:"bytes,2,opt,name=EntityID,proto3" json:"entity_id"`
// ACSURL is the endpoint where SAML authentication response will be redirected.
ACSURL string `protobuf:"bytes,3,opt,name=ACSURL,proto3" json:"acs_url"`
// AttributeMapping is used to map service provider requested attributes to
// username, role and traits in Teleport.
AttributeMapping []*SAMLAttributeMapping `protobuf:"bytes,4,rep,name=AttributeMapping,proto3" json:"attribute_mapping"`
// Preset is used to define service provider profile that will have a custom behavior
// processed by Teleport.
Preset string `protobuf:"bytes,5,opt,name=Preset,proto3" json:"preset"`
// RelayState is used to add custom value in the SAML response as a relay_state HTTP parameter.
// The value can contain service provider specific redirect URL, static state token etc.
// The value is only applied in the IdP initiated SSO flow.
RelayState string `protobuf:"bytes,6,opt,name=RelayState,proto3" json:"relay_state"`
// LaunchURLs is used to configure custom landing URLs for service provider. It is useful in
// the following scenarios:
// 1. If a service provider does not support IdP initiated authentication, launch url can be
// configured to launch users directly into the service provider authentication endpoint.
// 2. If a service provider does support IdP initiated authentication, it can be useful if
// that service provider acts as a master authentication service provider for internal services.
// In such case, Teleport administrator can configure launch URL, that lets user pick a specific
// internal service URL from the Log In tile in the UI, which would take them to that particular
// service for authentication instead of directly launching to the master service provider.
//
// Each launch URL value must be an HTTPs endpoint.
LaunchURLs []string `protobuf:"bytes,7,rep,name=LaunchURLs,proto3" json:"launch_urls"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SAMLIdPServiceProviderSpecV1) Reset() { *m = SAMLIdPServiceProviderSpecV1{} }
func (m *SAMLIdPServiceProviderSpecV1) String() string { return proto.CompactTextString(m) }
func (*SAMLIdPServiceProviderSpecV1) ProtoMessage() {}
func (*SAMLIdPServiceProviderSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{362}
}
func (m *SAMLIdPServiceProviderSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SAMLIdPServiceProviderSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SAMLIdPServiceProviderSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SAMLIdPServiceProviderSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_SAMLIdPServiceProviderSpecV1.Merge(m, src)
}
func (m *SAMLIdPServiceProviderSpecV1) XXX_Size() int {
return m.Size()
}
func (m *SAMLIdPServiceProviderSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_SAMLIdPServiceProviderSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_SAMLIdPServiceProviderSpecV1 proto.InternalMessageInfo
// SAMLAttributeMapping represents SAML service provider requested attribute
// name, format and its values.
type SAMLAttributeMapping struct {
// name is an attribute name.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name"`
// name_format is an attribute name format.
NameFormat string `protobuf:"bytes,2,opt,name=name_format,json=nameFormat,proto3" json:"name_format"`
// value is an attribute value definable with predicate expression.
Value string `protobuf:"bytes,3,opt,name=value,proto3" json:"value"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *SAMLAttributeMapping) Reset() { *m = SAMLAttributeMapping{} }
func (m *SAMLAttributeMapping) String() string { return proto.CompactTextString(m) }
func (*SAMLAttributeMapping) ProtoMessage() {}
func (*SAMLAttributeMapping) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{363}
}
func (m *SAMLAttributeMapping) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *SAMLAttributeMapping) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_SAMLAttributeMapping.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *SAMLAttributeMapping) XXX_Merge(src proto.Message) {
xxx_messageInfo_SAMLAttributeMapping.Merge(m, src)
}
func (m *SAMLAttributeMapping) XXX_Size() int {
return m.Size()
}
func (m *SAMLAttributeMapping) XXX_DiscardUnknown() {
xxx_messageInfo_SAMLAttributeMapping.DiscardUnknown(m)
}
var xxx_messageInfo_SAMLAttributeMapping proto.InternalMessageInfo
// IdPOptions specify options related to access Teleport IdPs.
type IdPOptions struct {
// SAML are options related to the Teleport SAML IdP.
SAML *IdPSAMLOptions `protobuf:"bytes,1,opt,name=SAML,proto3" json:"saml"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *IdPOptions) Reset() { *m = IdPOptions{} }
func (m *IdPOptions) String() string { return proto.CompactTextString(m) }
func (*IdPOptions) ProtoMessage() {}
func (*IdPOptions) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{364}
}
func (m *IdPOptions) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *IdPOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_IdPOptions.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *IdPOptions) XXX_Merge(src proto.Message) {
xxx_messageInfo_IdPOptions.Merge(m, src)
}
func (m *IdPOptions) XXX_Size() int {
return m.Size()
}
func (m *IdPOptions) XXX_DiscardUnknown() {
xxx_messageInfo_IdPOptions.DiscardUnknown(m)
}
var xxx_messageInfo_IdPOptions proto.InternalMessageInfo
// IdPSAMLOptions specifies options related to accessing the Teleport SAML IdP.
type IdPSAMLOptions struct {
// Enabled is set to true if this option allows access to the Teleport SAML IdP.
Enabled *BoolOption `protobuf:"bytes,1,opt,name=Enabled,proto3,customtype=BoolOption" json:"enabled"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *IdPSAMLOptions) Reset() { *m = IdPSAMLOptions{} }
func (m *IdPSAMLOptions) String() string { return proto.CompactTextString(m) }
func (*IdPSAMLOptions) ProtoMessage() {}
func (*IdPSAMLOptions) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{365}
}
func (m *IdPSAMLOptions) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *IdPSAMLOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_IdPSAMLOptions.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *IdPSAMLOptions) XXX_Merge(src proto.Message) {
xxx_messageInfo_IdPSAMLOptions.Merge(m, src)
}
func (m *IdPSAMLOptions) XXX_Size() int {
return m.Size()
}
func (m *IdPSAMLOptions) XXX_DiscardUnknown() {
xxx_messageInfo_IdPSAMLOptions.DiscardUnknown(m)
}
var xxx_messageInfo_IdPSAMLOptions proto.InternalMessageInfo
// KubernetesResourceV1 represents a Kubernetes resource.
type KubernetesResourceV1 struct {
// Kind is a resource kind
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource sub kind, used in some resources
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is version
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is KubernetesResourceV1 metadata
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec contains the Kubernetes resource data.
Spec KubernetesResourceSpecV1 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KubernetesResourceV1) Reset() { *m = KubernetesResourceV1{} }
func (m *KubernetesResourceV1) String() string { return proto.CompactTextString(m) }
func (*KubernetesResourceV1) ProtoMessage() {}
func (*KubernetesResourceV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{366}
}
func (m *KubernetesResourceV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KubernetesResourceV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KubernetesResourceV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KubernetesResourceV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_KubernetesResourceV1.Merge(m, src)
}
func (m *KubernetesResourceV1) XXX_Size() int {
return m.Size()
}
func (m *KubernetesResourceV1) XXX_DiscardUnknown() {
xxx_messageInfo_KubernetesResourceV1.DiscardUnknown(m)
}
var xxx_messageInfo_KubernetesResourceV1 proto.InternalMessageInfo
// KubernetesResourceSpecV1 is the Kubernetes resource spec.
type KubernetesResourceSpecV1 struct {
// Namespace is the resource namespace.
Namespace string `protobuf:"bytes,1,opt,name=Namespace,proto3" json:"namespace"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KubernetesResourceSpecV1) Reset() { *m = KubernetesResourceSpecV1{} }
func (m *KubernetesResourceSpecV1) String() string { return proto.CompactTextString(m) }
func (*KubernetesResourceSpecV1) ProtoMessage() {}
func (*KubernetesResourceSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{367}
}
func (m *KubernetesResourceSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KubernetesResourceSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KubernetesResourceSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KubernetesResourceSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_KubernetesResourceSpecV1.Merge(m, src)
}
func (m *KubernetesResourceSpecV1) XXX_Size() int {
return m.Size()
}
func (m *KubernetesResourceSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_KubernetesResourceSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_KubernetesResourceSpecV1 proto.InternalMessageInfo
// ClusterMaintenanceConfigV1 is a config singleton used to configure infrequent
// cluster maintenance operations.
type ClusterMaintenanceConfigV1 struct {
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
Spec ClusterMaintenanceConfigSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
// Nonce is used to protect against concurrent modification of the maintenance
// window. Clients should treat nonces as opaque.
Nonce uint64 `protobuf:"varint,3,opt,name=Nonce,proto3" json:"nonce,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ClusterMaintenanceConfigV1) Reset() { *m = ClusterMaintenanceConfigV1{} }
func (m *ClusterMaintenanceConfigV1) String() string { return proto.CompactTextString(m) }
func (*ClusterMaintenanceConfigV1) ProtoMessage() {}
func (*ClusterMaintenanceConfigV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{368}
}
func (m *ClusterMaintenanceConfigV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ClusterMaintenanceConfigV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ClusterMaintenanceConfigV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ClusterMaintenanceConfigV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_ClusterMaintenanceConfigV1.Merge(m, src)
}
func (m *ClusterMaintenanceConfigV1) XXX_Size() int {
return m.Size()
}
func (m *ClusterMaintenanceConfigV1) XXX_DiscardUnknown() {
xxx_messageInfo_ClusterMaintenanceConfigV1.DiscardUnknown(m)
}
var xxx_messageInfo_ClusterMaintenanceConfigV1 proto.InternalMessageInfo
// ClusterMaintenanceConfigSpecV1 encodes the parameters of the upgrade window config object.
type ClusterMaintenanceConfigSpecV1 struct {
// AgentUpgrades encodes the agent upgrade window.
AgentUpgrades *AgentUpgradeWindow `protobuf:"bytes,1,opt,name=AgentUpgrades,proto3" json:"agent_upgrades,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ClusterMaintenanceConfigSpecV1) Reset() { *m = ClusterMaintenanceConfigSpecV1{} }
func (m *ClusterMaintenanceConfigSpecV1) String() string { return proto.CompactTextString(m) }
func (*ClusterMaintenanceConfigSpecV1) ProtoMessage() {}
func (*ClusterMaintenanceConfigSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{369}
}
func (m *ClusterMaintenanceConfigSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ClusterMaintenanceConfigSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ClusterMaintenanceConfigSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ClusterMaintenanceConfigSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_ClusterMaintenanceConfigSpecV1.Merge(m, src)
}
func (m *ClusterMaintenanceConfigSpecV1) XXX_Size() int {
return m.Size()
}
func (m *ClusterMaintenanceConfigSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_ClusterMaintenanceConfigSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_ClusterMaintenanceConfigSpecV1 proto.InternalMessageInfo
// AgentUpgradeWindow is the config object used to determine upcoming agent
// upgrade windows.
type AgentUpgradeWindow struct {
// UTCStartHour is the start hour of the maintenance window in UTC.
UTCStartHour uint32 `protobuf:"varint,1,opt,name=UTCStartHour,proto3" json:"utc_start_hour"`
// Weekdays is an optional list of weekdays. If not specified, an agent upgrade window
// occurs every day.
Weekdays []string `protobuf:"bytes,2,rep,name=Weekdays,proto3" json:"weekdays,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AgentUpgradeWindow) Reset() { *m = AgentUpgradeWindow{} }
func (m *AgentUpgradeWindow) String() string { return proto.CompactTextString(m) }
func (*AgentUpgradeWindow) ProtoMessage() {}
func (*AgentUpgradeWindow) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{370}
}
func (m *AgentUpgradeWindow) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AgentUpgradeWindow) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AgentUpgradeWindow.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AgentUpgradeWindow) XXX_Merge(src proto.Message) {
xxx_messageInfo_AgentUpgradeWindow.Merge(m, src)
}
func (m *AgentUpgradeWindow) XXX_Size() int {
return m.Size()
}
func (m *AgentUpgradeWindow) XXX_DiscardUnknown() {
xxx_messageInfo_AgentUpgradeWindow.DiscardUnknown(m)
}
var xxx_messageInfo_AgentUpgradeWindow proto.InternalMessageInfo
// ScheduledAgentUpgradeWindow is a derived value representing a single
// upgrade window. Upgraders deal with discrete start/end times, so we use the
// agent upgrade window configuration object to generate a sequence of specific
// scheduled windows.
type ScheduledAgentUpgradeWindow struct {
// Start is the start time of the upgrade window.
Start time.Time `protobuf:"bytes,1,opt,name=Start,proto3,stdtime" json:"start"`
// Stop is the stop time of the upgrade window.
Stop time.Time `protobuf:"bytes,2,opt,name=Stop,proto3,stdtime" json:"stop"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ScheduledAgentUpgradeWindow) Reset() { *m = ScheduledAgentUpgradeWindow{} }
func (m *ScheduledAgentUpgradeWindow) String() string { return proto.CompactTextString(m) }
func (*ScheduledAgentUpgradeWindow) ProtoMessage() {}
func (*ScheduledAgentUpgradeWindow) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{371}
}
func (m *ScheduledAgentUpgradeWindow) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ScheduledAgentUpgradeWindow) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ScheduledAgentUpgradeWindow.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ScheduledAgentUpgradeWindow) XXX_Merge(src proto.Message) {
xxx_messageInfo_ScheduledAgentUpgradeWindow.Merge(m, src)
}
func (m *ScheduledAgentUpgradeWindow) XXX_Size() int {
return m.Size()
}
func (m *ScheduledAgentUpgradeWindow) XXX_DiscardUnknown() {
xxx_messageInfo_ScheduledAgentUpgradeWindow.DiscardUnknown(m)
}
var xxx_messageInfo_ScheduledAgentUpgradeWindow proto.InternalMessageInfo
// AgentUpgradeSchedule is the canonical representation of upcoming
// agent upgrade windows as generated by the AgentUpgradeWindow config object.
type AgentUpgradeSchedule struct {
// Windows is the list of upcoming windows.
Windows []ScheduledAgentUpgradeWindow `protobuf:"bytes,1,rep,name=Windows,proto3" json:"windows"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AgentUpgradeSchedule) Reset() { *m = AgentUpgradeSchedule{} }
func (m *AgentUpgradeSchedule) String() string { return proto.CompactTextString(m) }
func (*AgentUpgradeSchedule) ProtoMessage() {}
func (*AgentUpgradeSchedule) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{372}
}
func (m *AgentUpgradeSchedule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AgentUpgradeSchedule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AgentUpgradeSchedule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AgentUpgradeSchedule) XXX_Merge(src proto.Message) {
xxx_messageInfo_AgentUpgradeSchedule.Merge(m, src)
}
func (m *AgentUpgradeSchedule) XXX_Size() int {
return m.Size()
}
func (m *AgentUpgradeSchedule) XXX_DiscardUnknown() {
xxx_messageInfo_AgentUpgradeSchedule.DiscardUnknown(m)
}
var xxx_messageInfo_AgentUpgradeSchedule proto.InternalMessageInfo
// UserGroupV1 is a representation of an externally sourced user group.
type UserGroupV1 struct {
// Header is the resource header for the user group.
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
// Spec is the user group resource spec.
Spec UserGroupSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *UserGroupV1) Reset() { *m = UserGroupV1{} }
func (*UserGroupV1) ProtoMessage() {}
func (*UserGroupV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{373}
}
func (m *UserGroupV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *UserGroupV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_UserGroupV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *UserGroupV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_UserGroupV1.Merge(m, src)
}
func (m *UserGroupV1) XXX_Size() int {
return m.Size()
}
func (m *UserGroupV1) XXX_DiscardUnknown() {
xxx_messageInfo_UserGroupV1.DiscardUnknown(m)
}
var xxx_messageInfo_UserGroupV1 proto.InternalMessageInfo
// UserGroupSpecV1 is the specification of a user group.
type UserGroupSpecV1 struct {
// Applications are a list of application IDs belonging to this user group.
Applications []string `protobuf:"bytes,1,rep,name=Applications,proto3" json:"Applications,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *UserGroupSpecV1) Reset() { *m = UserGroupSpecV1{} }
func (m *UserGroupSpecV1) String() string { return proto.CompactTextString(m) }
func (*UserGroupSpecV1) ProtoMessage() {}
func (*UserGroupSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{374}
}
func (m *UserGroupSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *UserGroupSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_UserGroupSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *UserGroupSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_UserGroupSpecV1.Merge(m, src)
}
func (m *UserGroupSpecV1) XXX_Size() int {
return m.Size()
}
func (m *UserGroupSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_UserGroupSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_UserGroupSpecV1 proto.InternalMessageInfo
// OktaImportRuleSpecV1 is a Okta import rule specification.
type OktaImportRuleSpecV1 struct {
// Priority represents the priority of the rule application. Lower numbered rules will be applied first.
Priority int32 `protobuf:"varint,1,opt,name=Priority,proto3" json:"priority"`
// Mappings is a list of matches that will map match conditions to labels.
Mappings []*OktaImportRuleMappingV1 `protobuf:"bytes,2,rep,name=Mappings,proto3" json:"mappings"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OktaImportRuleSpecV1) Reset() { *m = OktaImportRuleSpecV1{} }
func (m *OktaImportRuleSpecV1) String() string { return proto.CompactTextString(m) }
func (*OktaImportRuleSpecV1) ProtoMessage() {}
func (*OktaImportRuleSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{375}
}
func (m *OktaImportRuleSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *OktaImportRuleSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_OktaImportRuleSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *OktaImportRuleSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_OktaImportRuleSpecV1.Merge(m, src)
}
func (m *OktaImportRuleSpecV1) XXX_Size() int {
return m.Size()
}
func (m *OktaImportRuleSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_OktaImportRuleSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_OktaImportRuleSpecV1 proto.InternalMessageInfo
// OktaImportRuleMappingV1 is a list of matches that map match rules to labels.
type OktaImportRuleMappingV1 struct {
// Match is a set of matching rules for this mapping. If any of these match, then the mapping will be applied.
Match []*OktaImportRuleMatchV1 `protobuf:"bytes,1,rep,name=Match,proto3" json:"match"`
// AddLabels specifies which labels to add if any of the previous matches match.
AddLabels map[string]string `protobuf:"bytes,2,rep,name=AddLabels,proto3" json:"add_labels" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OktaImportRuleMappingV1) Reset() { *m = OktaImportRuleMappingV1{} }
func (m *OktaImportRuleMappingV1) String() string { return proto.CompactTextString(m) }
func (*OktaImportRuleMappingV1) ProtoMessage() {}
func (*OktaImportRuleMappingV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{376}
}
func (m *OktaImportRuleMappingV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *OktaImportRuleMappingV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_OktaImportRuleMappingV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *OktaImportRuleMappingV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_OktaImportRuleMappingV1.Merge(m, src)
}
func (m *OktaImportRuleMappingV1) XXX_Size() int {
return m.Size()
}
func (m *OktaImportRuleMappingV1) XXX_DiscardUnknown() {
xxx_messageInfo_OktaImportRuleMappingV1.DiscardUnknown(m)
}
var xxx_messageInfo_OktaImportRuleMappingV1 proto.InternalMessageInfo
// OktaImportRuleV1 is a representation of labeling rules for importing of Okta objects.
type OktaImportRuleV1 struct {
// Header is the resource header for the SAML IdP service provider.
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
// Spec is the specification for the Okta import rule.
Spec OktaImportRuleSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OktaImportRuleV1) Reset() { *m = OktaImportRuleV1{} }
func (*OktaImportRuleV1) ProtoMessage() {}
func (*OktaImportRuleV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{377}
}
func (m *OktaImportRuleV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *OktaImportRuleV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_OktaImportRuleV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *OktaImportRuleV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_OktaImportRuleV1.Merge(m, src)
}
func (m *OktaImportRuleV1) XXX_Size() int {
return m.Size()
}
func (m *OktaImportRuleV1) XXX_DiscardUnknown() {
xxx_messageInfo_OktaImportRuleV1.DiscardUnknown(m)
}
var xxx_messageInfo_OktaImportRuleV1 proto.InternalMessageInfo
// OktaImportRuleMatchV1 is a match rule for a mapping.
type OktaImportRuleMatchV1 struct {
// AppIDs is a list of app IDs to match against.
AppIDs []string `protobuf:"bytes,1,rep,name=AppIDs,proto3" json:"app_ids,omitempty"`
// GroupIDs is a list of group IDs to match against.
GroupIDs []string `protobuf:"bytes,2,rep,name=GroupIDs,proto3" json:"group_ids,omitempty"`
// AppNameRegexes is a list of regexes to match against app names.
AppNameRegexes []string `protobuf:"bytes,3,rep,name=AppNameRegexes,proto3" json:"app_name_regexes,omitempty"`
// GroupNameRegexes is a list of regexes to match against group names.
GroupNameRegexes []string `protobuf:"bytes,4,rep,name=GroupNameRegexes,proto3" json:"group_name_regexes,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OktaImportRuleMatchV1) Reset() { *m = OktaImportRuleMatchV1{} }
func (m *OktaImportRuleMatchV1) String() string { return proto.CompactTextString(m) }
func (*OktaImportRuleMatchV1) ProtoMessage() {}
func (*OktaImportRuleMatchV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{378}
}
func (m *OktaImportRuleMatchV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *OktaImportRuleMatchV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_OktaImportRuleMatchV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *OktaImportRuleMatchV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_OktaImportRuleMatchV1.Merge(m, src)
}
func (m *OktaImportRuleMatchV1) XXX_Size() int {
return m.Size()
}
func (m *OktaImportRuleMatchV1) XXX_DiscardUnknown() {
xxx_messageInfo_OktaImportRuleMatchV1.DiscardUnknown(m)
}
var xxx_messageInfo_OktaImportRuleMatchV1 proto.InternalMessageInfo
// OktaAssignmentV1 is a representation of an action or set of actions taken by Teleport to assign Okta users to applications or groups.
type OktaAssignmentV1 struct {
// Header is the resource header for the Okta assignment.
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
// Spec is the specification for the Okta assignment.
Spec OktaAssignmentSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OktaAssignmentV1) Reset() { *m = OktaAssignmentV1{} }
func (*OktaAssignmentV1) ProtoMessage() {}
func (*OktaAssignmentV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{379}
}
func (m *OktaAssignmentV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *OktaAssignmentV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_OktaAssignmentV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *OktaAssignmentV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_OktaAssignmentV1.Merge(m, src)
}
func (m *OktaAssignmentV1) XXX_Size() int {
return m.Size()
}
func (m *OktaAssignmentV1) XXX_DiscardUnknown() {
xxx_messageInfo_OktaAssignmentV1.DiscardUnknown(m)
}
var xxx_messageInfo_OktaAssignmentV1 proto.InternalMessageInfo
// OktaAssignmentSpecV1 is a Okta assignment specification.
type OktaAssignmentSpecV1 struct {
// User is the user that these actions will be applied to.
User string `protobuf:"bytes,1,opt,name=User,proto3" json:"user"`
// Targets is a list of Okta targets to take on a user.
Targets []*OktaAssignmentTargetV1 `protobuf:"bytes,2,rep,name=Targets,proto3" json:"targets"`
// CleanupTime is an optional field that notes when the assignment should be cleaned up.
// If absent, the assignment will never be cleaned up.
CleanupTime time.Time `protobuf:"bytes,3,opt,name=CleanupTime,proto3,stdtime" json:"cleanup_time"`
// Status is the status of the assignment.
Status OktaAssignmentSpecV1_OktaAssignmentStatus `protobuf:"varint,4,opt,name=status,proto3,enum=types.OktaAssignmentSpecV1_OktaAssignmentStatus" json:"status"`
// LastTransition is an optional field that notes when the last state transition
// occurred for this action. If absent, this object has never transitioned.
LastTransition time.Time `protobuf:"bytes,5,opt,name=LastTransition,proto3,stdtime" json:"last_transition"`
// Finalized is set when the assignment has been properly cleaned up.
Finalized bool `protobuf:"varint,6,opt,name=Finalized,proto3" json:"finalized"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OktaAssignmentSpecV1) Reset() { *m = OktaAssignmentSpecV1{} }
func (m *OktaAssignmentSpecV1) String() string { return proto.CompactTextString(m) }
func (*OktaAssignmentSpecV1) ProtoMessage() {}
func (*OktaAssignmentSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{380}
}
func (m *OktaAssignmentSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *OktaAssignmentSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_OktaAssignmentSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *OktaAssignmentSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_OktaAssignmentSpecV1.Merge(m, src)
}
func (m *OktaAssignmentSpecV1) XXX_Size() int {
return m.Size()
}
func (m *OktaAssignmentSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_OktaAssignmentSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_OktaAssignmentSpecV1 proto.InternalMessageInfo
// OktaAssignmentTargetV1 is a target of an Okta assignment.
type OktaAssignmentTargetV1 struct {
// Type is the type of Okta resource this assignment is targeting.
Type OktaAssignmentTargetV1_OktaAssignmentTargetType `protobuf:"varint,1,opt,name=type,proto3,enum=types.OktaAssignmentTargetV1_OktaAssignmentTargetType" json:"type"`
// ID is the ID of the Okta resource that's being targeted.
Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OktaAssignmentTargetV1) Reset() { *m = OktaAssignmentTargetV1{} }
func (m *OktaAssignmentTargetV1) String() string { return proto.CompactTextString(m) }
func (*OktaAssignmentTargetV1) ProtoMessage() {}
func (*OktaAssignmentTargetV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{381}
}
func (m *OktaAssignmentTargetV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *OktaAssignmentTargetV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_OktaAssignmentTargetV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *OktaAssignmentTargetV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_OktaAssignmentTargetV1.Merge(m, src)
}
func (m *OktaAssignmentTargetV1) XXX_Size() int {
return m.Size()
}
func (m *OktaAssignmentTargetV1) XXX_DiscardUnknown() {
xxx_messageInfo_OktaAssignmentTargetV1.DiscardUnknown(m)
}
var xxx_messageInfo_OktaAssignmentTargetV1 proto.InternalMessageInfo
// IntegrationV1 represents a connection between Teleport and some other 3rd party system.
// This connection allows API access to that service from Teleport.
// Each Integration instance must have a SubKind defined which identifies the external system.
type IntegrationV1 struct {
// Header is the resource header.
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
// Spec is an Integration specification.
Spec IntegrationSpecV1 `protobuf:"bytes,2,opt,name=Spec,proto3" json:"spec"`
// Status is an Integration specification.
Status IntegrationStatusV1 `protobuf:"bytes,3,opt,name=Status,proto3" json:"status"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *IntegrationV1) Reset() { *m = IntegrationV1{} }
func (*IntegrationV1) ProtoMessage() {}
func (*IntegrationV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{382}
}
func (m *IntegrationV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *IntegrationV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_IntegrationV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *IntegrationV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_IntegrationV1.Merge(m, src)
}
func (m *IntegrationV1) XXX_Size() int {
return m.Size()
}
func (m *IntegrationV1) XXX_DiscardUnknown() {
xxx_messageInfo_IntegrationV1.DiscardUnknown(m)
}
var xxx_messageInfo_IntegrationV1 proto.InternalMessageInfo
// IntegrationSpecV1 contains properties of all the supported integrations.
type IntegrationSpecV1 struct {
// Types that are valid to be assigned to SubKindSpec:
//
// *IntegrationSpecV1_AWSOIDC
// *IntegrationSpecV1_AzureOIDC
// *IntegrationSpecV1_GitHub
// *IntegrationSpecV1_AWSRA
SubKindSpec isIntegrationSpecV1_SubKindSpec `protobuf_oneof:"SubKindSpec"`
// Credentials contains credentials for the integration.
Credentials *PluginCredentialsV1 `protobuf:"bytes,4,opt,name=credentials,proto3" json:"credentials,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *IntegrationSpecV1) Reset() { *m = IntegrationSpecV1{} }
func (m *IntegrationSpecV1) String() string { return proto.CompactTextString(m) }
func (*IntegrationSpecV1) ProtoMessage() {}
func (*IntegrationSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{383}
}
func (m *IntegrationSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *IntegrationSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_IntegrationSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *IntegrationSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_IntegrationSpecV1.Merge(m, src)
}
func (m *IntegrationSpecV1) XXX_Size() int {
return m.Size()
}
func (m *IntegrationSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_IntegrationSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_IntegrationSpecV1 proto.InternalMessageInfo
type isIntegrationSpecV1_SubKindSpec interface {
isIntegrationSpecV1_SubKindSpec()
MarshalTo([]byte) (int, error)
Size() int
}
type IntegrationSpecV1_AWSOIDC struct {
AWSOIDC *AWSOIDCIntegrationSpecV1 `protobuf:"bytes,1,opt,name=AWSOIDC,proto3,oneof" json:"aws_oidc,omitempty"`
}
type IntegrationSpecV1_AzureOIDC struct {
AzureOIDC *AzureOIDCIntegrationSpecV1 `protobuf:"bytes,2,opt,name=AzureOIDC,proto3,oneof" json:"azure_oidc,omitempty"`
}
type IntegrationSpecV1_GitHub struct {
GitHub *GitHubIntegrationSpecV1 `protobuf:"bytes,3,opt,name=GitHub,proto3,oneof" json:"github,omitempty"`
}
type IntegrationSpecV1_AWSRA struct {
AWSRA *AWSRAIntegrationSpecV1 `protobuf:"bytes,5,opt,name=AWSRA,proto3,oneof" json:"aws_ra,omitempty"`
}
func (*IntegrationSpecV1_AWSOIDC) isIntegrationSpecV1_SubKindSpec() {}
func (*IntegrationSpecV1_AzureOIDC) isIntegrationSpecV1_SubKindSpec() {}
func (*IntegrationSpecV1_GitHub) isIntegrationSpecV1_SubKindSpec() {}
func (*IntegrationSpecV1_AWSRA) isIntegrationSpecV1_SubKindSpec() {}
func (m *IntegrationSpecV1) GetSubKindSpec() isIntegrationSpecV1_SubKindSpec {
if m != nil {
return m.SubKindSpec
}
return nil
}
func (m *IntegrationSpecV1) GetAWSOIDC() *AWSOIDCIntegrationSpecV1 {
if x, ok := m.GetSubKindSpec().(*IntegrationSpecV1_AWSOIDC); ok {
return x.AWSOIDC
}
return nil
}
func (m *IntegrationSpecV1) GetAzureOIDC() *AzureOIDCIntegrationSpecV1 {
if x, ok := m.GetSubKindSpec().(*IntegrationSpecV1_AzureOIDC); ok {
return x.AzureOIDC
}
return nil
}
func (m *IntegrationSpecV1) GetGitHub() *GitHubIntegrationSpecV1 {
if x, ok := m.GetSubKindSpec().(*IntegrationSpecV1_GitHub); ok {
return x.GitHub
}
return nil
}
func (m *IntegrationSpecV1) GetAWSRA() *AWSRAIntegrationSpecV1 {
if x, ok := m.GetSubKindSpec().(*IntegrationSpecV1_AWSRA); ok {
return x.AWSRA
}
return nil
}
// XXX_OneofWrappers is for the internal use of the proto package.
func (*IntegrationSpecV1) XXX_OneofWrappers() []interface{} {
return []interface{}{
(*IntegrationSpecV1_AWSOIDC)(nil),
(*IntegrationSpecV1_AzureOIDC)(nil),
(*IntegrationSpecV1_GitHub)(nil),
(*IntegrationSpecV1_AWSRA)(nil),
}
}
// IntegrationStatusV1 contains the status of the integration.
type IntegrationStatusV1 struct {
// AWSRolesAnywhere contains the specific status fields to related to the AWS Roles Anywhere Integration subkind.
AWSRolesAnywhere *AWSRAIntegrationStatusV1 `protobuf:"bytes,1,opt,name=AWSRolesAnywhere,proto3" json:"aws_ra,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *IntegrationStatusV1) Reset() { *m = IntegrationStatusV1{} }
func (m *IntegrationStatusV1) String() string { return proto.CompactTextString(m) }
func (*IntegrationStatusV1) ProtoMessage() {}
func (*IntegrationStatusV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{384}
}
func (m *IntegrationStatusV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *IntegrationStatusV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_IntegrationStatusV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *IntegrationStatusV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_IntegrationStatusV1.Merge(m, src)
}
func (m *IntegrationStatusV1) XXX_Size() int {
return m.Size()
}
func (m *IntegrationStatusV1) XXX_DiscardUnknown() {
xxx_messageInfo_IntegrationStatusV1.DiscardUnknown(m)
}
var xxx_messageInfo_IntegrationStatusV1 proto.InternalMessageInfo
// AWSOIDCIntegrationSpecV1 contains the spec properties for the AWS OIDC SubKind Integration.
type AWSOIDCIntegrationSpecV1 struct {
// RoleARN contains the Role ARN used to set up the Integration.
// This is the AWS Role that Teleport will use to issue tokens for API Calls.
RoleARN string `protobuf:"bytes,1,opt,name=RoleARN,proto3" json:"role_arn,omitempty"`
// IssuerS3URI is the Identity Provider that was configured in AWS.
// This bucket/prefix/* files must be publicly accessible and contain the following:
// > .well-known/openid-configuration
// > .well-known/jwks
// Format: `s3://<bucket>/<prefix>`
// Optional. The proxy's endpoint is used if it is not specified.
//
// DEPRECATED: Thumbprint validation requires the issuer to update the IdP in AWS everytime the issuer changes the certificate.
// Amazon had some whitelisted providers where the thumbprint was ignored. S3 hosted providers was in that list.
// Amazon is now trusting all the root certificate authorities, and this workaround is no longer needed.
// DELETE IN 18.0.
IssuerS3URI string `protobuf:"bytes,2,opt,name=IssuerS3URI,proto3" json:"issuer_s3_uri,omitempty"` // Deprecated: Do not use.
// Audience is used to record a name of a plugin or a discover service in
// Teleport that depends on this integration.
// Audience value can either be empty or "aws-identity-center".
// Preset audience may impose specific behavior on the integration CRUD API,
// such as preventing integration from update or deletion. Empty audience value
// should be treated as a default and backward-compatible behavior of the integration.
Audience string `protobuf:"bytes,3,opt,name=audience,proto3" json:"audience,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWSOIDCIntegrationSpecV1) Reset() { *m = AWSOIDCIntegrationSpecV1{} }
func (m *AWSOIDCIntegrationSpecV1) String() string { return proto.CompactTextString(m) }
func (*AWSOIDCIntegrationSpecV1) ProtoMessage() {}
func (*AWSOIDCIntegrationSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{385}
}
func (m *AWSOIDCIntegrationSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWSOIDCIntegrationSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWSOIDCIntegrationSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWSOIDCIntegrationSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWSOIDCIntegrationSpecV1.Merge(m, src)
}
func (m *AWSOIDCIntegrationSpecV1) XXX_Size() int {
return m.Size()
}
func (m *AWSOIDCIntegrationSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_AWSOIDCIntegrationSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_AWSOIDCIntegrationSpecV1 proto.InternalMessageInfo
// AzureOIDCIntegrationSpecV1 contains the spec properties for the Azure OIDC SubKind Integration.
type AzureOIDCIntegrationSpecV1 struct {
// TenantID specifies the ID of Entra Tenant (Directory)
// that this plugin integrates with.
TenantID string `protobuf:"bytes,1,opt,name=TenantID,proto3" json:"tenant_id,omitempty"`
// ClientID specifies the ID of Azure enterprise application (client)
// that corresponds to this plugin.
ClientID string `protobuf:"bytes,2,opt,name=ClientID,proto3" json:"client_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AzureOIDCIntegrationSpecV1) Reset() { *m = AzureOIDCIntegrationSpecV1{} }
func (m *AzureOIDCIntegrationSpecV1) String() string { return proto.CompactTextString(m) }
func (*AzureOIDCIntegrationSpecV1) ProtoMessage() {}
func (*AzureOIDCIntegrationSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{386}
}
func (m *AzureOIDCIntegrationSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AzureOIDCIntegrationSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AzureOIDCIntegrationSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AzureOIDCIntegrationSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_AzureOIDCIntegrationSpecV1.Merge(m, src)
}
func (m *AzureOIDCIntegrationSpecV1) XXX_Size() int {
return m.Size()
}
func (m *AzureOIDCIntegrationSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_AzureOIDCIntegrationSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_AzureOIDCIntegrationSpecV1 proto.InternalMessageInfo
// GitHubIntegrationSpecV1 contains the specific fields to handle the GitHub integration subkind.
type GitHubIntegrationSpecV1 struct {
// Organization specifies the name of the organization for the GitHub integration.
Organization string `protobuf:"bytes,1,opt,name=Organization,proto3" json:"organization,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *GitHubIntegrationSpecV1) Reset() { *m = GitHubIntegrationSpecV1{} }
func (m *GitHubIntegrationSpecV1) String() string { return proto.CompactTextString(m) }
func (*GitHubIntegrationSpecV1) ProtoMessage() {}
func (*GitHubIntegrationSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{387}
}
func (m *GitHubIntegrationSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *GitHubIntegrationSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_GitHubIntegrationSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *GitHubIntegrationSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_GitHubIntegrationSpecV1.Merge(m, src)
}
func (m *GitHubIntegrationSpecV1) XXX_Size() int {
return m.Size()
}
func (m *GitHubIntegrationSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_GitHubIntegrationSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_GitHubIntegrationSpecV1 proto.InternalMessageInfo
// AWSRAIntegrationSpecV1 contains the spec properties for the AWS IAM Roles Anywhere SubKind Integration.
type AWSRAIntegrationSpecV1 struct {
// TrustAnchorARN contains the AWS IAM Roles Anywhere Trust Anchor ARN used to set up the Integration.
TrustAnchorARN string `protobuf:"bytes,1,opt,name=TrustAnchorARN,proto3" json:"trust_anchor_arn,omitempty"`
// ProfileSyncConfig contains the configuration for the AWS Roles Anywhere Profile sync.
// This is used to create AWS Roles Anywhere profiles as application servers.
ProfileSyncConfig *AWSRolesAnywhereProfileSyncConfig `protobuf:"bytes,2,opt,name=ProfileSyncConfig,proto3" json:"profile_sync_config"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWSRAIntegrationSpecV1) Reset() { *m = AWSRAIntegrationSpecV1{} }
func (m *AWSRAIntegrationSpecV1) String() string { return proto.CompactTextString(m) }
func (*AWSRAIntegrationSpecV1) ProtoMessage() {}
func (*AWSRAIntegrationSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{388}
}
func (m *AWSRAIntegrationSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWSRAIntegrationSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWSRAIntegrationSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWSRAIntegrationSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWSRAIntegrationSpecV1.Merge(m, src)
}
func (m *AWSRAIntegrationSpecV1) XXX_Size() int {
return m.Size()
}
func (m *AWSRAIntegrationSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_AWSRAIntegrationSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_AWSRAIntegrationSpecV1 proto.InternalMessageInfo
// AWSRolesAnywhereProfileSyncConfig contains the configuration for the AWS Roles Anywhere Profile sync.
// This is used to sync AWS Roles Anywhere profiles as application servers.
type AWSRolesAnywhereProfileSyncConfig struct {
// Enabled is set to true if this integration should sync profiles as application servers.
Enabled bool `protobuf:"varint,1,opt,name=Enabled,proto3" json:"enabled"`
// ProfileARN is the ARN of the Roles Anywhere Profile used to generate credentials to access the AWS APIs.
ProfileARN string `protobuf:"bytes,2,opt,name=ProfileARN,proto3" json:"profile_arn"`
// ProfileAcceptsRoleSessionName indicates whether the profile accepts a custom Role Session name.
ProfileAcceptsRoleSessionName bool `protobuf:"varint,3,opt,name=ProfileAcceptsRoleSessionName,proto3" json:"profile_accepts_role_session_name"`
// RoleARN is the ARN of the IAM Role to assume when accessing the AWS APIs.
RoleARN string `protobuf:"bytes,4,opt,name=RoleARN,proto3" json:"role_arn"`
// ProfileNameFilters is a list of filters applied to the profile name.
// Only matching profiles will be synchronized as application servers.
// If empty, no filtering is applied.
//
// Filters can be globs, for example:
//
// profile*
// *name*
//
// Or regexes if they're prefixed and suffixed with ^ and $, for example:
//
// ^profile.*$
// ^.*name.*$
ProfileNameFilters []string `protobuf:"bytes,5,rep,name=ProfileNameFilters,proto3" json:"profile_name_filters"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWSRolesAnywhereProfileSyncConfig) Reset() { *m = AWSRolesAnywhereProfileSyncConfig{} }
func (m *AWSRolesAnywhereProfileSyncConfig) String() string { return proto.CompactTextString(m) }
func (*AWSRolesAnywhereProfileSyncConfig) ProtoMessage() {}
func (*AWSRolesAnywhereProfileSyncConfig) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{389}
}
func (m *AWSRolesAnywhereProfileSyncConfig) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWSRolesAnywhereProfileSyncConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWSRolesAnywhereProfileSyncConfig.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWSRolesAnywhereProfileSyncConfig) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWSRolesAnywhereProfileSyncConfig.Merge(m, src)
}
func (m *AWSRolesAnywhereProfileSyncConfig) XXX_Size() int {
return m.Size()
}
func (m *AWSRolesAnywhereProfileSyncConfig) XXX_DiscardUnknown() {
xxx_messageInfo_AWSRolesAnywhereProfileSyncConfig.DiscardUnknown(m)
}
var xxx_messageInfo_AWSRolesAnywhereProfileSyncConfig proto.InternalMessageInfo
// AWSRAIntegrationStatusV1 contains the status properties for the AWS IAM Roles Anywhere SubKind Integration.
type AWSRAIntegrationStatusV1 struct {
// LastProfileSync is the summary of the last profile sync iteration.
LastProfileSync *AWSRolesAnywhereProfileSyncIterationSummary `protobuf:"bytes,1,opt,name=LastProfileSync,proto3" json:"last_profile_sync"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWSRAIntegrationStatusV1) Reset() { *m = AWSRAIntegrationStatusV1{} }
func (m *AWSRAIntegrationStatusV1) String() string { return proto.CompactTextString(m) }
func (*AWSRAIntegrationStatusV1) ProtoMessage() {}
func (*AWSRAIntegrationStatusV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{390}
}
func (m *AWSRAIntegrationStatusV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWSRAIntegrationStatusV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWSRAIntegrationStatusV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWSRAIntegrationStatusV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWSRAIntegrationStatusV1.Merge(m, src)
}
func (m *AWSRAIntegrationStatusV1) XXX_Size() int {
return m.Size()
}
func (m *AWSRAIntegrationStatusV1) XXX_DiscardUnknown() {
xxx_messageInfo_AWSRAIntegrationStatusV1.DiscardUnknown(m)
}
var xxx_messageInfo_AWSRAIntegrationStatusV1 proto.InternalMessageInfo
// AWSRolesAnywhereProfileSyncIterationSummary contains the summary of a single profile sync iteration.
type AWSRolesAnywhereProfileSyncIterationSummary struct {
// StartTime is the time when the sync iteration started.
StartTime time.Time `protobuf:"bytes,1,opt,name=StartTime,proto3,stdtime" json:"start_time"`
// EndTime is the time when the sync iteration ended.
EndTime time.Time `protobuf:"bytes,2,opt,name=EndTime,proto3,stdtime" json:"end_time"`
// Status is the result of the sync iteration: SUCCESS or ERROR.
Status string `protobuf:"bytes,3,opt,name=Status,proto3" json:"status"`
// ErrorMessage holds the error message when status is ERROR.
ErrorMessage string `protobuf:"bytes,4,opt,name=ErrorMessage,proto3" json:"error_message"`
// SyncedProfiles is the number of profiles synchronized as application servers.
SyncedProfiles int32 `protobuf:"varint,5,opt,name=SyncedProfiles,proto3" json:"synced_profiles"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWSRolesAnywhereProfileSyncIterationSummary) Reset() {
*m = AWSRolesAnywhereProfileSyncIterationSummary{}
}
func (m *AWSRolesAnywhereProfileSyncIterationSummary) String() string {
return proto.CompactTextString(m)
}
func (*AWSRolesAnywhereProfileSyncIterationSummary) ProtoMessage() {}
func (*AWSRolesAnywhereProfileSyncIterationSummary) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{391}
}
func (m *AWSRolesAnywhereProfileSyncIterationSummary) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWSRolesAnywhereProfileSyncIterationSummary) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWSRolesAnywhereProfileSyncIterationSummary.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWSRolesAnywhereProfileSyncIterationSummary) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWSRolesAnywhereProfileSyncIterationSummary.Merge(m, src)
}
func (m *AWSRolesAnywhereProfileSyncIterationSummary) XXX_Size() int {
return m.Size()
}
func (m *AWSRolesAnywhereProfileSyncIterationSummary) XXX_DiscardUnknown() {
xxx_messageInfo_AWSRolesAnywhereProfileSyncIterationSummary.DiscardUnknown(m)
}
var xxx_messageInfo_AWSRolesAnywhereProfileSyncIterationSummary proto.InternalMessageInfo
// HeadlessAuthentication holds data for an ongoing headless authentication attempt.
type HeadlessAuthentication struct {
// Header is the resource header.
ResourceHeader `protobuf:"bytes,1,opt,name=header,proto3,embedded=header" json:"header"`
// User is a teleport user name.
User string `protobuf:"bytes,2,opt,name=user,proto3" json:"user,omitempty"`
// State is the headless authentication request state.
State HeadlessAuthenticationState `protobuf:"varint,4,opt,name=state,proto3,enum=types.HeadlessAuthenticationState" json:"state,omitempty"`
// MFADevice is the mfa device used to approve the request in case of successful auth.
MfaDevice *MFADevice `protobuf:"bytes,5,opt,name=mfa_device,json=mfaDevice,proto3" json:"mfa_device,omitempty"`
// ClientIPAddress is the IP address of the client being authenticated.
ClientIpAddress string `protobuf:"bytes,6,opt,name=client_ip_address,json=clientIpAddress,proto3" json:"client_ip_address,omitempty"`
// SshPublicKey is a public key that will be used as the subject of the issued
// SSH certificate in case of successful auth. It must be in SSH authorized_keys format.
SshPublicKey []byte `protobuf:"bytes,7,opt,name=ssh_public_key,json=sshPublicKey,proto3" json:"ssh_public_key,omitempty"`
// TlsPublicKey is a public key that will be used as the subject of the issued
// TLS certificate in case of successful auth. It must be in PEM-encoded
// PKCS#1 or PKIX format.
TlsPublicKey []byte `protobuf:"bytes,8,opt,name=tls_public_key,json=tlsPublicKey,proto3" json:"tls_public_key,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *HeadlessAuthentication) Reset() { *m = HeadlessAuthentication{} }
func (m *HeadlessAuthentication) String() string { return proto.CompactTextString(m) }
func (*HeadlessAuthentication) ProtoMessage() {}
func (*HeadlessAuthentication) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{392}
}
func (m *HeadlessAuthentication) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *HeadlessAuthentication) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_HeadlessAuthentication.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *HeadlessAuthentication) XXX_Merge(src proto.Message) {
xxx_messageInfo_HeadlessAuthentication.Merge(m, src)
}
func (m *HeadlessAuthentication) XXX_Size() int {
return m.Size()
}
func (m *HeadlessAuthentication) XXX_DiscardUnknown() {
xxx_messageInfo_HeadlessAuthentication.DiscardUnknown(m)
}
var xxx_messageInfo_HeadlessAuthentication proto.InternalMessageInfo
// WatchKind specifies resource kind to watch
// When adding fields to this struct, make sure to review/update WatchKind.Contains method.
type WatchKind struct {
// Kind is a resource kind to watch
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// LoadSecrets specifies whether to load secrets
LoadSecrets bool `protobuf:"varint,2,opt,name=LoadSecrets,proto3" json:"load_secrets"`
// Name is an optional specific resource type to watch,
// if specified only the events with a specific resource
// name will be sent
Name string `protobuf:"bytes,3,opt,name=Name,proto3" json:"name"`
// Filter is an optional mapping of custom filter parameters.
// Valid values vary by resource kind.
Filter map[string]string `protobuf:"bytes,4,rep,name=Filter,proto3" json:"filter,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
// SubKind is a resource subkind to watch
SubKind string `protobuf:"bytes,5,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version optionally specifies the resource version to watch.
// Currently this field is ignored.
Version string `protobuf:"bytes,6,opt,name=Version,proto3" json:"version,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *WatchKind) Reset() { *m = WatchKind{} }
func (m *WatchKind) String() string { return proto.CompactTextString(m) }
func (*WatchKind) ProtoMessage() {}
func (*WatchKind) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{393}
}
func (m *WatchKind) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *WatchKind) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_WatchKind.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *WatchKind) XXX_Merge(src proto.Message) {
xxx_messageInfo_WatchKind.Merge(m, src)
}
func (m *WatchKind) XXX_Size() int {
return m.Size()
}
func (m *WatchKind) XXX_DiscardUnknown() {
xxx_messageInfo_WatchKind.DiscardUnknown(m)
}
var xxx_messageInfo_WatchKind proto.InternalMessageInfo
// WatchStatusV1 is intended to be attached to OpInit events and contain information about a successful WatchEvents call.
type WatchStatusV1 struct {
// Kind is the resource kind.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource subkind. Currently unused for this resource.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind,omitempty"`
// Version is the resource version.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is the resource metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is the resource spec.
Spec WatchStatusSpecV1 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *WatchStatusV1) Reset() { *m = WatchStatusV1{} }
func (m *WatchStatusV1) String() string { return proto.CompactTextString(m) }
func (*WatchStatusV1) ProtoMessage() {}
func (*WatchStatusV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{394}
}
func (m *WatchStatusV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *WatchStatusV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_WatchStatusV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *WatchStatusV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_WatchStatusV1.Merge(m, src)
}
func (m *WatchStatusV1) XXX_Size() int {
return m.Size()
}
func (m *WatchStatusV1) XXX_DiscardUnknown() {
xxx_messageInfo_WatchStatusV1.DiscardUnknown(m)
}
var xxx_messageInfo_WatchStatusV1 proto.InternalMessageInfo
// WatchStatusSpecV1 contains resource kinds confirmed by WatchEvents to be included in the event stream.
type WatchStatusSpecV1 struct {
Kinds []WatchKind `protobuf:"bytes,1,rep,name=Kinds,proto3" json:"kinds"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *WatchStatusSpecV1) Reset() { *m = WatchStatusSpecV1{} }
func (m *WatchStatusSpecV1) String() string { return proto.CompactTextString(m) }
func (*WatchStatusSpecV1) ProtoMessage() {}
func (*WatchStatusSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{395}
}
func (m *WatchStatusSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *WatchStatusSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_WatchStatusSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *WatchStatusSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_WatchStatusSpecV1.Merge(m, src)
}
func (m *WatchStatusSpecV1) XXX_Size() int {
return m.Size()
}
func (m *WatchStatusSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_WatchStatusSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_WatchStatusSpecV1 proto.InternalMessageInfo
// ServerInfoV1 contains info that should be applied to joining Nodes.
type ServerInfoV1 struct {
// Kind is the resource kind.
Kind string `protobuf:"bytes,1,opt,name=Kind,proto3" json:"kind"`
// SubKind is an optional resource subkind.
SubKind string `protobuf:"bytes,2,opt,name=SubKind,proto3" json:"sub_kind"`
// Version is the resource version.
Version string `protobuf:"bytes,3,opt,name=Version,proto3" json:"version"`
// Metadata is the resource metadata.
Metadata Metadata `protobuf:"bytes,4,opt,name=Metadata,proto3" json:"metadata"`
// Spec is the resource spec.
Spec ServerInfoSpecV1 `protobuf:"bytes,5,opt,name=Spec,proto3" json:"spec"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ServerInfoV1) Reset() { *m = ServerInfoV1{} }
func (m *ServerInfoV1) String() string { return proto.CompactTextString(m) }
func (*ServerInfoV1) ProtoMessage() {}
func (*ServerInfoV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{396}
}
func (m *ServerInfoV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ServerInfoV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ServerInfoV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ServerInfoV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_ServerInfoV1.Merge(m, src)
}
func (m *ServerInfoV1) XXX_Size() int {
return m.Size()
}
func (m *ServerInfoV1) XXX_DiscardUnknown() {
xxx_messageInfo_ServerInfoV1.DiscardUnknown(m)
}
var xxx_messageInfo_ServerInfoV1 proto.InternalMessageInfo
// ServerInfoSpecV1 contains fields used to match Nodes to this ServerInfo.
type ServerInfoSpecV1 struct {
// NewLabels is the set of labels to add to nodes matching this ServerInfo.
NewLabels map[string]string `protobuf:"bytes,2,rep,name=NewLabels,proto3" json:"new_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *ServerInfoSpecV1) Reset() { *m = ServerInfoSpecV1{} }
func (m *ServerInfoSpecV1) String() string { return proto.CompactTextString(m) }
func (*ServerInfoSpecV1) ProtoMessage() {}
func (*ServerInfoSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{397}
}
func (m *ServerInfoSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *ServerInfoSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_ServerInfoSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *ServerInfoSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_ServerInfoSpecV1.Merge(m, src)
}
func (m *ServerInfoSpecV1) XXX_Size() int {
return m.Size()
}
func (m *ServerInfoSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_ServerInfoSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_ServerInfoSpecV1 proto.InternalMessageInfo
// JamfSpecV1 is the base configuration for the Jamf MDM service.
type JamfSpecV1 struct {
// Enabled toggles the service on or off.
Enabled bool `protobuf:"varint,1,opt,name=enabled,proto3" json:"enabled,omitempty"`
// Name of the service device source.
// See the teleport.devicetrust.v1.DeviceSource proto.
// Defaults to "jamf".
Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
// Initial sync delay for the service.
// Set to negative to perform syncs immediately on startup.
// Defaults to a random delay (a few minutes max).
SyncDelay Duration `protobuf:"varint,3,opt,name=sync_delay,json=syncDelay,proto3,casttype=Duration" json:"sync_delay,omitempty"`
// Jamf Pro API endpoint.
// Example: "https://yourtenant.jamfcloud.com/api".
// Required.
ApiEndpoint string `protobuf:"bytes,4,opt,name=api_endpoint,json=apiEndpoint,proto3" json:"api_endpoint,omitempty"`
// Inventory sync entries.
// If empty a default sync configuration is used.
Inventory []*JamfInventoryEntry `protobuf:"bytes,7,rep,name=inventory,proto3" json:"inventory,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *JamfSpecV1) Reset() { *m = JamfSpecV1{} }
func (m *JamfSpecV1) String() string { return proto.CompactTextString(m) }
func (*JamfSpecV1) ProtoMessage() {}
func (*JamfSpecV1) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{398}
}
func (m *JamfSpecV1) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *JamfSpecV1) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_JamfSpecV1.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *JamfSpecV1) XXX_Merge(src proto.Message) {
xxx_messageInfo_JamfSpecV1.Merge(m, src)
}
func (m *JamfSpecV1) XXX_Size() int {
return m.Size()
}
func (m *JamfSpecV1) XXX_DiscardUnknown() {
xxx_messageInfo_JamfSpecV1.DiscardUnknown(m)
}
var xxx_messageInfo_JamfSpecV1 proto.InternalMessageInfo
// JamfInventoryEntry is an inventory sync entry for [JamfSpecV1].
type JamfInventoryEntry struct {
// Jamf Pro API RSQL filter, used when querying endpoints like
// "/api/v1/computers-inventory".
// See https://developer.jamf.com/jamf-pro/reference/get_v1-computers-inventory.
FilterRsql string `protobuf:"bytes,1,opt,name=filter_rsql,json=filterRsql,proto3" json:"filter_rsql,omitempty"`
// Sync period for PARTIAL syncs.
// PARTIAL syncs are scheduled in the time window between FULL syncs, so
// sync_period_partial must always be smaller than sync_period_full, otherwise
// it would never trigger.
// Set to zero or negative to disable PARTIAL syncs.
SyncPeriodPartial Duration `protobuf:"varint,2,opt,name=sync_period_partial,json=syncPeriodPartial,proto3,casttype=Duration" json:"sync_period_partial,omitempty"`
// Sync period for FULL syncs.
// Ideally sync_period_full is a multiple of sync_period_partial, so schedules
// line up perfectly.
// Set to zero or negative to disable FULL syncs.
SyncPeriodFull Duration `protobuf:"varint,3,opt,name=sync_period_full,json=syncPeriodFull,proto3,casttype=Duration" json:"sync_period_full,omitempty"`
// on_missing is the trigger used on devices missing from the MDM view in a
// FULL sync.
// Only runs on successful FULL syncs.
// Corresponds to [teleport.devicetrust.v1.SyncInventoryDeviceAction].
// Must be either "NOOP" or "DELETE".
// Defaults to "NOOP".
OnMissing string `protobuf:"bytes,4,opt,name=on_missing,json=onMissing,proto3" json:"on_missing,omitempty"`
// Custom page size for inventory queries.
// A server default is used if zeroed or negative.
PageSize int32 `protobuf:"varint,5,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *JamfInventoryEntry) Reset() { *m = JamfInventoryEntry{} }
func (m *JamfInventoryEntry) String() string { return proto.CompactTextString(m) }
func (*JamfInventoryEntry) ProtoMessage() {}
func (*JamfInventoryEntry) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{399}
}
func (m *JamfInventoryEntry) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *JamfInventoryEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_JamfInventoryEntry.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *JamfInventoryEntry) XXX_Merge(src proto.Message) {
xxx_messageInfo_JamfInventoryEntry.Merge(m, src)
}
func (m *JamfInventoryEntry) XXX_Size() int {
return m.Size()
}
func (m *JamfInventoryEntry) XXX_DiscardUnknown() {
xxx_messageInfo_JamfInventoryEntry.DiscardUnknown(m)
}
var xxx_messageInfo_JamfInventoryEntry proto.InternalMessageInfo
// MessageWithHeader is a message with a resource header. This is used primarily
// for parsing of resource headers and isn't expected to be used directly by any
// resources.
//
// When using a oneof in a protobuf messages, the existing utils.FastMarshal
// utility does not work, so using something like protojson or jsonpb is required.
// However, these do not respect gogoproto's extensions. When using a ResourceHeader,
// protojson will not recognize that the ResourceHeader is intended to be embedded and
// the resulting JSON will have the header as a separate field. This means that using
// utils.FastUnmarshal will not work for extracting a ResourceHeader from the
// JSON, and we explicitly extract this header to do things like version checking in
// lib/services.
//
// This can be avoided by explicitly embedding the members of the ResourceHeader in
// a message. However, if we would like to avoid this, we can use this MessageWitHheader
// to extract the resource header and its elements, which can later be used for the
// aforementioned processing in lib/services.
type MessageWithHeader struct {
// Header is the resource header for a resource.
ResourceHeader `protobuf:"bytes,1,opt,name=Header,proto3,embedded=Header" json:""`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *MessageWithHeader) Reset() { *m = MessageWithHeader{} }
func (*MessageWithHeader) ProtoMessage() {}
func (*MessageWithHeader) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{400}
}
func (m *MessageWithHeader) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *MessageWithHeader) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_MessageWithHeader.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *MessageWithHeader) XXX_Merge(src proto.Message) {
xxx_messageInfo_MessageWithHeader.Merge(m, src)
}
func (m *MessageWithHeader) XXX_Size() int {
return m.Size()
}
func (m *MessageWithHeader) XXX_DiscardUnknown() {
xxx_messageInfo_MessageWithHeader.DiscardUnknown(m)
}
var xxx_messageInfo_MessageWithHeader proto.InternalMessageInfo
// AWSMatcher matches AWS EC2 instances and AWS Databases
type AWSMatcher struct {
// Types are AWS database types to match, "ec2", "rds", "redshift", "elasticache",
// or "memorydb".
Types []string `protobuf:"bytes,1,rep,name=Types,proto3" json:"types,omitempty"`
// Regions are AWS regions to query for databases.
Regions []string `protobuf:"bytes,2,rep,name=Regions,proto3" json:"regions,omitempty"`
// AssumeRoleARN is the AWS role to assume for database discovery.
AssumeRole *AssumeRole `protobuf:"bytes,3,opt,name=AssumeRole,proto3" json:"assume_role,omitempty"`
// Tags are AWS resource Tags to match.
Tags Labels `protobuf:"bytes,4,opt,name=Tags,proto3,customtype=Labels" json:"tags,omitempty"`
// Params sets the join method when installing on discovered EC2 nodes
Params *InstallerParams `protobuf:"bytes,5,opt,name=Params,proto3" json:"install,omitempty"`
// SSM provides options to use when sending a document command to
// an EC2 node
SSM *AWSSSM `protobuf:"bytes,6,opt,name=SSM,proto3" json:"ssm,omitempty"`
// Integration is the integration name used to generate credentials to interact with AWS APIs.
// Environment credentials will not be used when this value is set.
Integration string `protobuf:"bytes,7,opt,name=Integration,proto3" json:"integration,omitempty"`
// KubeAppDiscovery controls whether Kubernetes App Discovery will be enabled for agents running on
// discovered clusters, currently only affects AWS EKS discovery in integration mode.
KubeAppDiscovery bool `protobuf:"varint,8,opt,name=KubeAppDiscovery,proto3" json:"kube_app_discovery,omitempty"`
// SetupAccessForARN is the role that the Discovery Service should create EKS Access Entries for.
// This value should match the IAM identity that Teleport Kubernetes Service uses.
// If this value is empty, the Discovery Service will attempt to set up access for its own identity (self).
SetupAccessForARN string `protobuf:"bytes,9,opt,name=SetupAccessForARN,proto3" json:"setup_access_for_arn,omitempty"`
// Organization is an AWS Organization matcher for discovering resources accross multiple accounts under an Organization.
Organization *AWSOrganizationMatcher `protobuf:"bytes,10,opt,name=Organization,proto3" json:"organization,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWSMatcher) Reset() { *m = AWSMatcher{} }
func (m *AWSMatcher) String() string { return proto.CompactTextString(m) }
func (*AWSMatcher) ProtoMessage() {}
func (*AWSMatcher) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{401}
}
func (m *AWSMatcher) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWSMatcher) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWSMatcher.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWSMatcher) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWSMatcher.Merge(m, src)
}
func (m *AWSMatcher) XXX_Size() int {
return m.Size()
}
func (m *AWSMatcher) XXX_DiscardUnknown() {
xxx_messageInfo_AWSMatcher.DiscardUnknown(m)
}
var xxx_messageInfo_AWSMatcher proto.InternalMessageInfo
// AWSOrganizationMatcher specifies an Organization and rules for discovering accounts under that organization.
type AWSOrganizationMatcher struct {
// OrganizationID is the AWS Organization ID to match against.
// Required.
OrganizationID string `protobuf:"bytes,1,opt,name=OrganizationID,proto3" json:"organization_id,omitempty"`
// OrganizationalUnits contains rules for matchings AWS accounts based on their Organizational Units.
OrganizationalUnits *AWSOrganizationUnitsMatcher `protobuf:"bytes,2,opt,name=OrganizationalUnits,proto3" json:"organizational_units,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWSOrganizationMatcher) Reset() { *m = AWSOrganizationMatcher{} }
func (m *AWSOrganizationMatcher) String() string { return proto.CompactTextString(m) }
func (*AWSOrganizationMatcher) ProtoMessage() {}
func (*AWSOrganizationMatcher) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{402}
}
func (m *AWSOrganizationMatcher) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWSOrganizationMatcher) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWSOrganizationMatcher.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWSOrganizationMatcher) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWSOrganizationMatcher.Merge(m, src)
}
func (m *AWSOrganizationMatcher) XXX_Size() int {
return m.Size()
}
func (m *AWSOrganizationMatcher) XXX_DiscardUnknown() {
xxx_messageInfo_AWSOrganizationMatcher.DiscardUnknown(m)
}
var xxx_messageInfo_AWSOrganizationMatcher proto.InternalMessageInfo
// AWSOrganizationUnitsMatcher contains rules for matching accounts under an Organization.
// Accounts that belong to an excluded Organizational Unit, and its children, will be excluded even if they were included.
type AWSOrganizationUnitsMatcher struct {
// Include is a list of AWS Organizational Unit IDs and children OUs to include.
// Accounts that belong to these OUs, and their children, will be included.
// Only exact matches or wildcard (*) are supported.
// Required.
Include []string `protobuf:"bytes,1,rep,name=Include,proto3" json:"include,omitempty"`
// Exclude is a list of AWS Organizational Unit IDs and children OUs to exclude.
// Accounts that belong to these OUs, and their children, will be excluded, even if they were included.
// Only exact matches are supported.
// Optional. If empty, no OUs are excluded.
Exclude []string `protobuf:"bytes,2,rep,name=Exclude,proto3" json:"exclude,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWSOrganizationUnitsMatcher) Reset() { *m = AWSOrganizationUnitsMatcher{} }
func (m *AWSOrganizationUnitsMatcher) String() string { return proto.CompactTextString(m) }
func (*AWSOrganizationUnitsMatcher) ProtoMessage() {}
func (*AWSOrganizationUnitsMatcher) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{403}
}
func (m *AWSOrganizationUnitsMatcher) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWSOrganizationUnitsMatcher) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWSOrganizationUnitsMatcher.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWSOrganizationUnitsMatcher) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWSOrganizationUnitsMatcher.Merge(m, src)
}
func (m *AWSOrganizationUnitsMatcher) XXX_Size() int {
return m.Size()
}
func (m *AWSOrganizationUnitsMatcher) XXX_DiscardUnknown() {
xxx_messageInfo_AWSOrganizationUnitsMatcher.DiscardUnknown(m)
}
var xxx_messageInfo_AWSOrganizationUnitsMatcher proto.InternalMessageInfo
// AssumeRole provides a role ARN and ExternalID to assume an AWS role
// when interacting with AWS resources.
type AssumeRole struct {
// RoleARN is the fully specified AWS IAM role ARN.
RoleARN string `protobuf:"bytes,1,opt,name=RoleARN,proto3" json:"role_arn"`
// ExternalID is the external ID used to assume a role in another account.
ExternalID string `protobuf:"bytes,2,opt,name=ExternalID,proto3" json:"external_id"`
// RoleName is the AWS IAM Role name to assume.
// This is used in place of Role ARN when iterating over multiple accounts in an AWS Organization.
RoleName string `protobuf:"bytes,3,opt,name=RoleName,proto3" json:"role_name"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AssumeRole) Reset() { *m = AssumeRole{} }
func (m *AssumeRole) String() string { return proto.CompactTextString(m) }
func (*AssumeRole) ProtoMessage() {}
func (*AssumeRole) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{404}
}
func (m *AssumeRole) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AssumeRole) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AssumeRole.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AssumeRole) XXX_Merge(src proto.Message) {
xxx_messageInfo_AssumeRole.Merge(m, src)
}
func (m *AssumeRole) XXX_Size() int {
return m.Size()
}
func (m *AssumeRole) XXX_DiscardUnknown() {
xxx_messageInfo_AssumeRole.DiscardUnknown(m)
}
var xxx_messageInfo_AssumeRole proto.InternalMessageInfo
// InstallParams sets join method to use on discovered nodes
type InstallerParams struct {
// JoinMethod is the method to use when joining the cluster
JoinMethod JoinMethod `protobuf:"bytes,1,opt,name=JoinMethod,proto3,casttype=JoinMethod" json:"join_method"`
// JoinToken is the token to use when joining the cluster
JoinToken string `protobuf:"bytes,2,opt,name=JoinToken,proto3" json:"join_token"`
// ScriptName is the name of the teleport installer script
// resource for the cloud instance to execute
ScriptName string `protobuf:"bytes,3,opt,name=ScriptName,proto3" json:"script_name,omitempty"`
// InstallTeleport disables agentless discovery
InstallTeleport bool `protobuf:"varint,4,opt,name=InstallTeleport,proto3" json:"install_teleport,omitempty"`
// SSHDConfig provides the path to write sshd configuration changes
SSHDConfig string `protobuf:"bytes,5,opt,name=SSHDConfig,proto3" json:"sshd_config,omitempty"`
// PublicProxyAddr is the address of the proxy the discovered node should use
// to connect to the cluster.
PublicProxyAddr string `protobuf:"bytes,6,opt,name=PublicProxyAddr,proto3" json:"proxy_addr,omitempty"`
// Azure is the set of Azure-specific installation parameters.
Azure *AzureInstallerParams `protobuf:"bytes,7,opt,name=Azure,proto3" json:"azure,omitempty"`
// EnrollMode indicates the enrollment mode to be used when adding a node.
// Valid values:
// 0: uses eice for EC2 matchers which use an integration and script for all the other methods
// 1: uses script mode
// 2: uses eice mode (deprecated)
EnrollMode InstallParamEnrollMode `protobuf:"varint,8,opt,name=EnrollMode,proto3,enum=types.InstallParamEnrollMode" json:"enroll_mode,omitempty"` // Deprecated: Do not use.
// Suffix indicates the installation suffix for the teleport installation.
// Set this value if you want multiple installations of Teleport.
// See --install-suffix flag in teleport-update program.
// Note: only supported for Amazon EC2.
// Suffix name can only contain alphanumeric characters and hyphens.
Suffix string `protobuf:"bytes,9,opt,name=Suffix,proto3" json:"suffix,omitempty"`
// UpdateGroup indicates the update group for the teleport installation.
// This value is used to group installations in order to update them in batches.
// See --group flag in teleport-update program.
// Note: only supported for Amazon EC2.
// Group name can only contain alphanumeric characters and hyphens.
UpdateGroup string `protobuf:"bytes,10,opt,name=UpdateGroup,proto3" json:"update_group,omitempty"`
// HTTPProxySettings defines HTTP proxy settings for making HTTP requests.
// When set, this will set the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY environment variables before running the installation.
HTTPProxySettings *HTTPProxySettings `protobuf:"bytes,11,opt,name=HTTPProxySettings,proto3" json:"http_proxy_settings,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *InstallerParams) Reset() { *m = InstallerParams{} }
func (m *InstallerParams) String() string { return proto.CompactTextString(m) }
func (*InstallerParams) ProtoMessage() {}
func (*InstallerParams) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{405}
}
func (m *InstallerParams) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *InstallerParams) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_InstallerParams.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *InstallerParams) XXX_Merge(src proto.Message) {
xxx_messageInfo_InstallerParams.Merge(m, src)
}
func (m *InstallerParams) XXX_Size() int {
return m.Size()
}
func (m *InstallerParams) XXX_DiscardUnknown() {
xxx_messageInfo_InstallerParams.DiscardUnknown(m)
}
var xxx_messageInfo_InstallerParams proto.InternalMessageInfo
// HTTPProxySettings defines HTTP proxy settings for making HTTP and HTTPS requests.
type HTTPProxySettings struct {
// HTTPProxy is the URL for the HTTP proxy to use when making requests.
// When applied, this will set the HTTP_PROXY environment variable.
HTTPProxy string `protobuf:"bytes,1,opt,name=HTTPProxy,proto3" json:"http_proxy,omitempty"`
// HTTPSProxy is the URL for the HTTPS Proxy to use when making requests.
// When applied, this will set the HTTPS_PROXY environment variable.
HTTPSProxy string `protobuf:"bytes,2,opt,name=HTTPSProxy,proto3" json:"https_proxy,omitempty"`
// NoProxy is a comma separated list of URLs that will be excluded from proxying.
// When applied, this will set the NO_PROXY environment variable.
NoProxy string `protobuf:"bytes,3,opt,name=NoProxy,proto3" json:"no_proxy,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *HTTPProxySettings) Reset() { *m = HTTPProxySettings{} }
func (m *HTTPProxySettings) String() string { return proto.CompactTextString(m) }
func (*HTTPProxySettings) ProtoMessage() {}
func (*HTTPProxySettings) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{406}
}
func (m *HTTPProxySettings) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *HTTPProxySettings) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_HTTPProxySettings.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *HTTPProxySettings) XXX_Merge(src proto.Message) {
xxx_messageInfo_HTTPProxySettings.Merge(m, src)
}
func (m *HTTPProxySettings) XXX_Size() int {
return m.Size()
}
func (m *HTTPProxySettings) XXX_DiscardUnknown() {
xxx_messageInfo_HTTPProxySettings.DiscardUnknown(m)
}
var xxx_messageInfo_HTTPProxySettings proto.InternalMessageInfo
// AWSSSM provides options to use when executing SSM documents
type AWSSSM struct {
// DocumentName is the name of the document to use when executing an
// SSM command
DocumentName string `protobuf:"bytes,1,opt,name=DocumentName,proto3" json:"document_name,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AWSSSM) Reset() { *m = AWSSSM{} }
func (m *AWSSSM) String() string { return proto.CompactTextString(m) }
func (*AWSSSM) ProtoMessage() {}
func (*AWSSSM) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{407}
}
func (m *AWSSSM) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AWSSSM) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AWSSSM.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AWSSSM) XXX_Merge(src proto.Message) {
xxx_messageInfo_AWSSSM.Merge(m, src)
}
func (m *AWSSSM) XXX_Size() int {
return m.Size()
}
func (m *AWSSSM) XXX_DiscardUnknown() {
xxx_messageInfo_AWSSSM.DiscardUnknown(m)
}
var xxx_messageInfo_AWSSSM proto.InternalMessageInfo
// AzureInstallerParams is the set of Azure-specific installation parameters.
type AzureInstallerParams struct {
// ClientID is the client ID of the managed identity discovered nodes
// should use to join the cluster.
ClientID string `protobuf:"bytes,1,opt,name=ClientID,proto3" json:"client_id,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AzureInstallerParams) Reset() { *m = AzureInstallerParams{} }
func (m *AzureInstallerParams) String() string { return proto.CompactTextString(m) }
func (*AzureInstallerParams) ProtoMessage() {}
func (*AzureInstallerParams) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{408}
}
func (m *AzureInstallerParams) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AzureInstallerParams) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AzureInstallerParams.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AzureInstallerParams) XXX_Merge(src proto.Message) {
xxx_messageInfo_AzureInstallerParams.Merge(m, src)
}
func (m *AzureInstallerParams) XXX_Size() int {
return m.Size()
}
func (m *AzureInstallerParams) XXX_DiscardUnknown() {
xxx_messageInfo_AzureInstallerParams.DiscardUnknown(m)
}
var xxx_messageInfo_AzureInstallerParams proto.InternalMessageInfo
// AzureMatcher matches Azure resources.
// It defines which resource types, filters and some configuration params.
type AzureMatcher struct {
// Subscriptions are Azure subscriptions to query for resources.
Subscriptions []string `protobuf:"bytes,1,rep,name=Subscriptions,proto3" json:"subscriptions,omitempty"`
// ResourceGroups are Azure resource groups to query for resources.
ResourceGroups []string `protobuf:"bytes,2,rep,name=ResourceGroups,proto3" json:"resource_groups,omitempty"`
// Types are Azure types to match: "mysql", "postgres", "aks", "vm"
Types []string `protobuf:"bytes,3,rep,name=Types,proto3" json:"types,omitempty"`
// Regions are Azure locations to match for databases.
Regions []string `protobuf:"bytes,4,rep,name=Regions,proto3" json:"regions,omitempty"`
// ResourceTags are Azure tags on resources to match.
ResourceTags Labels `protobuf:"bytes,5,opt,name=ResourceTags,proto3,customtype=Labels" json:"tags,omitempty"`
// Params sets the join method when installing on
// discovered Azure nodes.
Params *InstallerParams `protobuf:"bytes,6,opt,name=Params,proto3" json:"install_params,omitempty"`
// Integration is the integration name used to generate credentials to interact with Azure APIs.
// Environment credentials will not be used when this value is set.
Integration string `protobuf:"bytes,7,opt,name=Integration,proto3" json:"integration,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AzureMatcher) Reset() { *m = AzureMatcher{} }
func (m *AzureMatcher) String() string { return proto.CompactTextString(m) }
func (*AzureMatcher) ProtoMessage() {}
func (*AzureMatcher) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{409}
}
func (m *AzureMatcher) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AzureMatcher) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AzureMatcher.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AzureMatcher) XXX_Merge(src proto.Message) {
xxx_messageInfo_AzureMatcher.Merge(m, src)
}
func (m *AzureMatcher) XXX_Size() int {
return m.Size()
}
func (m *AzureMatcher) XXX_DiscardUnknown() {
xxx_messageInfo_AzureMatcher.DiscardUnknown(m)
}
var xxx_messageInfo_AzureMatcher proto.InternalMessageInfo
// GCPMatcher matches GCP resources.
type GCPMatcher struct {
// Types are GKE resource types to match: "gke", "vm".
Types []string `protobuf:"bytes,1,rep,name=Types,proto3" json:"types,omitempty"`
// Locations are GKE locations to search resources for.
Locations []string `protobuf:"bytes,2,rep,name=Locations,proto3" json:"locations,omitempty"`
// Tags is obsolete and only exists for backwards compatibility. Use Labels instead.
Tags Labels `protobuf:"bytes,3,opt,name=Tags,proto3,customtype=Labels" json:"tags,omitempty"`
// ProjectIDs are the GCP project ID where the resources are deployed.
ProjectIDs []string `protobuf:"bytes,4,rep,name=ProjectIDs,proto3" json:"project_ids,omitempty"`
// ServiceAccounts are the emails of service accounts attached to VMs.
ServiceAccounts []string `protobuf:"bytes,5,rep,name=ServiceAccounts,proto3" json:"service_accounts,omitempty"`
// Params sets the join method when installing on
// discovered GCP nodes.
Params *InstallerParams `protobuf:"bytes,6,opt,name=Params,proto3" json:"install_params,omitempty"`
// Labels are GCP labels to match.
Labels Labels `protobuf:"bytes,7,opt,name=Labels,proto3,customtype=Labels" json:"labels,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *GCPMatcher) Reset() { *m = GCPMatcher{} }
func (m *GCPMatcher) String() string { return proto.CompactTextString(m) }
func (*GCPMatcher) ProtoMessage() {}
func (*GCPMatcher) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{410}
}
func (m *GCPMatcher) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *GCPMatcher) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_GCPMatcher.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *GCPMatcher) XXX_Merge(src proto.Message) {
xxx_messageInfo_GCPMatcher.Merge(m, src)
}
func (m *GCPMatcher) XXX_Size() int {
return m.Size()
}
func (m *GCPMatcher) XXX_DiscardUnknown() {
xxx_messageInfo_GCPMatcher.DiscardUnknown(m)
}
var xxx_messageInfo_GCPMatcher proto.InternalMessageInfo
// KubernetesMatcher matches Kubernetes services.
type KubernetesMatcher struct {
// Types are Kubernetes services types to match. Currently only 'app' is supported.
Types []string `protobuf:"bytes,1,rep,name=Types,proto3" json:"types,omitempty"`
// Namespaces are Kubernetes namespaces in which to discover services
Namespaces []string `protobuf:"bytes,2,rep,name=Namespaces,proto3" json:"namespaces,omitempty"`
// Labels are Kubernetes services labels to match.
Labels Labels `protobuf:"bytes,3,opt,name=Labels,proto3,customtype=Labels" json:"labels,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *KubernetesMatcher) Reset() { *m = KubernetesMatcher{} }
func (m *KubernetesMatcher) String() string { return proto.CompactTextString(m) }
func (*KubernetesMatcher) ProtoMessage() {}
func (*KubernetesMatcher) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{411}
}
func (m *KubernetesMatcher) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *KubernetesMatcher) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_KubernetesMatcher.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *KubernetesMatcher) XXX_Merge(src proto.Message) {
xxx_messageInfo_KubernetesMatcher.Merge(m, src)
}
func (m *KubernetesMatcher) XXX_Size() int {
return m.Size()
}
func (m *KubernetesMatcher) XXX_DiscardUnknown() {
xxx_messageInfo_KubernetesMatcher.DiscardUnknown(m)
}
var xxx_messageInfo_KubernetesMatcher proto.InternalMessageInfo
// OktaOptions specify options related to the Okta service.
type OktaOptions struct {
// SyncPeriod is the duration between synchronization calls in nanoseconds.
SyncPeriod Duration `protobuf:"varint,1,opt,name=SyncPeriod,proto3,casttype=Duration" json:"sync_period,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *OktaOptions) Reset() { *m = OktaOptions{} }
func (m *OktaOptions) String() string { return proto.CompactTextString(m) }
func (*OktaOptions) ProtoMessage() {}
func (*OktaOptions) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{412}
}
func (m *OktaOptions) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *OktaOptions) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_OktaOptions.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *OktaOptions) XXX_Merge(src proto.Message) {
xxx_messageInfo_OktaOptions.Merge(m, src)
}
func (m *OktaOptions) XXX_Size() int {
return m.Size()
}
func (m *OktaOptions) XXX_DiscardUnknown() {
xxx_messageInfo_OktaOptions.DiscardUnknown(m)
}
var xxx_messageInfo_OktaOptions proto.InternalMessageInfo
// AccessGraphSync is a configuration for Access Graph service.
type AccessGraphSync struct {
// AWS is a configuration for AWS Access Graph service poll service.
AWS []*AccessGraphAWSSync `protobuf:"bytes,1,rep,name=AWS,proto3" json:"aws,omitempty"`
// PollInterval is the frequency at which to poll for resources
PollInterval time.Duration `protobuf:"bytes,2,opt,name=PollInterval,proto3,stdduration" json:"poll_interval,omitempty"`
// Azure is a configuration for Azure Access Graph service poll service.
Azure []*AccessGraphAzureSync `protobuf:"bytes,3,rep,name=Azure,proto3" json:"azure,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessGraphSync) Reset() { *m = AccessGraphSync{} }
func (m *AccessGraphSync) String() string { return proto.CompactTextString(m) }
func (*AccessGraphSync) ProtoMessage() {}
func (*AccessGraphSync) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{413}
}
func (m *AccessGraphSync) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessGraphSync) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessGraphSync.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessGraphSync) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessGraphSync.Merge(m, src)
}
func (m *AccessGraphSync) XXX_Size() int {
return m.Size()
}
func (m *AccessGraphSync) XXX_DiscardUnknown() {
xxx_messageInfo_AccessGraphSync.DiscardUnknown(m)
}
var xxx_messageInfo_AccessGraphSync proto.InternalMessageInfo
// AccessGraphAWSSyncCloudTrailLogs defines settings for ingesting AWS CloudTrail logs
// by polling an SQS queue that receives notifications about new log files.
type AccessGraphAWSSyncCloudTrailLogs struct {
// The AWS region of the SQS queue for CloudTrail notifications, ex.: "us-east-2".
Region string `protobuf:"bytes,1,opt,name=Region,proto3" json:"region,omitempty"`
// The name or URL for CloudTrail log events, ex.: "demo-cloudtrail-queue".
SQSQueue string `protobuf:"bytes,2,opt,name=SQSQueue,proto3" json:"sqs_queue,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessGraphAWSSyncCloudTrailLogs) Reset() { *m = AccessGraphAWSSyncCloudTrailLogs{} }
func (m *AccessGraphAWSSyncCloudTrailLogs) String() string { return proto.CompactTextString(m) }
func (*AccessGraphAWSSyncCloudTrailLogs) ProtoMessage() {}
func (*AccessGraphAWSSyncCloudTrailLogs) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{414}
}
func (m *AccessGraphAWSSyncCloudTrailLogs) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessGraphAWSSyncCloudTrailLogs) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessGraphAWSSyncCloudTrailLogs.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessGraphAWSSyncCloudTrailLogs) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessGraphAWSSyncCloudTrailLogs.Merge(m, src)
}
func (m *AccessGraphAWSSyncCloudTrailLogs) XXX_Size() int {
return m.Size()
}
func (m *AccessGraphAWSSyncCloudTrailLogs) XXX_DiscardUnknown() {
xxx_messageInfo_AccessGraphAWSSyncCloudTrailLogs.DiscardUnknown(m)
}
var xxx_messageInfo_AccessGraphAWSSyncCloudTrailLogs proto.InternalMessageInfo
// AccessGraphAWSSyncEKSAuditLogs defines the settings for ingesting Kubernetes apiserver
// audit logs from EKS clusters.
type AccessGraphAWSSyncEKSAuditLogs struct {
// The tags of EKS clusters for which apiserver audit logs should be fetched.
Tags Labels `protobuf:"bytes,1,opt,name=Tags,proto3,customtype=Labels" json:"tags,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessGraphAWSSyncEKSAuditLogs) Reset() { *m = AccessGraphAWSSyncEKSAuditLogs{} }
func (m *AccessGraphAWSSyncEKSAuditLogs) String() string { return proto.CompactTextString(m) }
func (*AccessGraphAWSSyncEKSAuditLogs) ProtoMessage() {}
func (*AccessGraphAWSSyncEKSAuditLogs) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{415}
}
func (m *AccessGraphAWSSyncEKSAuditLogs) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessGraphAWSSyncEKSAuditLogs) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessGraphAWSSyncEKSAuditLogs.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessGraphAWSSyncEKSAuditLogs) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessGraphAWSSyncEKSAuditLogs.Merge(m, src)
}
func (m *AccessGraphAWSSyncEKSAuditLogs) XXX_Size() int {
return m.Size()
}
func (m *AccessGraphAWSSyncEKSAuditLogs) XXX_DiscardUnknown() {
xxx_messageInfo_AccessGraphAWSSyncEKSAuditLogs.DiscardUnknown(m)
}
var xxx_messageInfo_AccessGraphAWSSyncEKSAuditLogs proto.InternalMessageInfo
// AccessGraphAWSSync is a configuration for AWS Access Graph service poll service.
type AccessGraphAWSSync struct {
// Regions are AWS regions to import resources from.
Regions []string `protobuf:"bytes,1,rep,name=Regions,proto3" json:"regions,omitempty"`
// AssumeRoleARN is the AWS role to assume for database discovery.
AssumeRole *AssumeRole `protobuf:"bytes,3,opt,name=AssumeRole,proto3" json:"assume_role,omitempty"`
// Integration is the integration name used to generate credentials to interact with AWS APIs.
Integration string `protobuf:"bytes,4,opt,name=Integration,proto3" json:"integration,omitempty"`
// Configuration settings for collecting AWS CloudTrail logs via an SQS queue.
CloudTrailLogs *AccessGraphAWSSyncCloudTrailLogs `protobuf:"bytes,5,opt,name=cloud_trail_logs,json=cloudTrailLogs,proto3" json:"cloud_trail_logs,omitempty"`
EksAuditLogs *AccessGraphAWSSyncEKSAuditLogs `protobuf:"bytes,6,opt,name=eks_audit_logs,json=eksAuditLogs,proto3" json:"eks_audit_logs,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessGraphAWSSync) Reset() { *m = AccessGraphAWSSync{} }
func (m *AccessGraphAWSSync) String() string { return proto.CompactTextString(m) }
func (*AccessGraphAWSSync) ProtoMessage() {}
func (*AccessGraphAWSSync) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{416}
}
func (m *AccessGraphAWSSync) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessGraphAWSSync) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessGraphAWSSync.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessGraphAWSSync) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessGraphAWSSync.Merge(m, src)
}
func (m *AccessGraphAWSSync) XXX_Size() int {
return m.Size()
}
func (m *AccessGraphAWSSync) XXX_DiscardUnknown() {
xxx_messageInfo_AccessGraphAWSSync.DiscardUnknown(m)
}
var xxx_messageInfo_AccessGraphAWSSync proto.InternalMessageInfo
// AccessGraphAzureSync is a configuration for Azure Access Graph service poll service.
type AccessGraphAzureSync struct {
// SubscriptionID Is the ID of the Azure subscription to sync resources from
SubscriptionID string `protobuf:"bytes,1,opt,name=SubscriptionID,proto3" json:"subscription_id,omitempty"`
// Integration is the integration name used to generate credentials to interact with AWS APIs.
Integration string `protobuf:"bytes,2,opt,name=Integration,proto3" json:"integration,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AccessGraphAzureSync) Reset() { *m = AccessGraphAzureSync{} }
func (m *AccessGraphAzureSync) String() string { return proto.CompactTextString(m) }
func (*AccessGraphAzureSync) ProtoMessage() {}
func (*AccessGraphAzureSync) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{417}
}
func (m *AccessGraphAzureSync) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AccessGraphAzureSync) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AccessGraphAzureSync.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AccessGraphAzureSync) XXX_Merge(src proto.Message) {
xxx_messageInfo_AccessGraphAzureSync.Merge(m, src)
}
func (m *AccessGraphAzureSync) XXX_Size() int {
return m.Size()
}
func (m *AccessGraphAzureSync) XXX_DiscardUnknown() {
xxx_messageInfo_AccessGraphAzureSync.DiscardUnknown(m)
}
var xxx_messageInfo_AccessGraphAzureSync proto.InternalMessageInfo
// TargetHealth describes the health status of network connectivity between
// an agent and a resource.
type TargetHealth struct {
// Address is the resource address.
Address string `protobuf:"bytes,1,opt,name=Address,proto3" json:"address,omitempty"`
// Protocol is the health check protocol such as "tcp".
Protocol string `protobuf:"bytes,2,opt,name=Protocol,proto3" json:"protocol,omitempty"`
// Status is the health status, one of "", "unknown", "healthy", "unhealthy".
Status string `protobuf:"bytes,3,opt,name=Status,proto3" json:"status,omitempty"`
// TransitionTimestamp is the time that the last status transition occurred.
TransitionTimestamp *time.Time `protobuf:"bytes,4,opt,name=TransitionTimestamp,proto3,stdtime" json:"transition_timestamp,omitempty"`
// TransitionReason is a unique single word reason why the last transition occurred.
TransitionReason string `protobuf:"bytes,5,opt,name=TransitionReason,proto3" json:"transition_reason,omitempty"`
// TransitionError shows the health check error observed when the transition
// happened. Empty when transitioning to "healthy".
TransitionError string `protobuf:"bytes,6,opt,name=TransitionError,proto3" json:"transition_error,omitempty"`
// Message is additional information meant for a user.
Message string `protobuf:"bytes,7,opt,name=Message,proto3" json:"message,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *TargetHealth) Reset() { *m = TargetHealth{} }
func (m *TargetHealth) String() string { return proto.CompactTextString(m) }
func (*TargetHealth) ProtoMessage() {}
func (*TargetHealth) Descriptor() ([]byte, []int) {
return fileDescriptor_9198ee693835762e, []int{418}
}
func (m *TargetHealth) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *TargetHealth) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_TargetHealth.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *TargetHealth) XXX_Merge(src proto.Message) {
xxx_messageInfo_TargetHealth.Merge(m, src)
}
func (m *TargetHealth) XXX_Size() int {
return m.Size()
}
func (m *TargetHealth) XXX_DiscardUnknown() {
xxx_messageInfo_TargetHealth.DiscardUnknown(m)
}
var xxx_messageInfo_TargetHealth proto.InternalMessageInfo
func init() {
proto.RegisterEnum("types.IAMPolicyStatus", IAMPolicyStatus_name, IAMPolicyStatus_value)
proto.RegisterEnum("types.DatabaseTLSMode", DatabaseTLSMode_name, DatabaseTLSMode_value)
proto.RegisterEnum("types.UpdaterStatus", UpdaterStatus_name, UpdaterStatus_value)
proto.RegisterEnum("types.PrivateKeyType", PrivateKeyType_name, PrivateKeyType_value)
proto.RegisterEnum("types.ProxyListenerMode", ProxyListenerMode_name, ProxyListenerMode_value)
proto.RegisterEnum("types.RoutingStrategy", RoutingStrategy_name, RoutingStrategy_value)
proto.RegisterEnum("types.SecondFactorType", SecondFactorType_name, SecondFactorType_value)
proto.RegisterEnum("types.UserTokenUsage", UserTokenUsage_name, UserTokenUsage_value)
proto.RegisterEnum("types.RequestState", RequestState_name, RequestState_value)
proto.RegisterEnum("types.AccessRequestKind", AccessRequestKind_name, AccessRequestKind_value)
proto.RegisterEnum("types.AccessRequestScope", AccessRequestScope_name, AccessRequestScope_value)
proto.RegisterEnum("types.CreateHostUserMode", CreateHostUserMode_name, CreateHostUserMode_value)
proto.RegisterEnum("types.CreateDatabaseUserMode", CreateDatabaseUserMode_name, CreateDatabaseUserMode_value)
proto.RegisterEnum("types.CertExtensionMode", CertExtensionMode_name, CertExtensionMode_value)
proto.RegisterEnum("types.CertExtensionType", CertExtensionType_name, CertExtensionType_value)
proto.RegisterEnum("types.PasswordState", PasswordState_name, PasswordState_value)
proto.RegisterEnum("types.MFADeviceKind", MFADeviceKind_name, MFADeviceKind_value)
proto.RegisterEnum("types.SAMLForceAuthn", SAMLForceAuthn_name, SAMLForceAuthn_value)
proto.RegisterEnum("types.SessionState", SessionState_name, SessionState_value)
proto.RegisterEnum("types.AlertSeverity", AlertSeverity_name, AlertSeverity_value)
proto.RegisterEnum("types.RequireMFAType", RequireMFAType_name, RequireMFAType_value)
proto.RegisterEnum("types.SignatureAlgorithmSuite", SignatureAlgorithmSuite_name, SignatureAlgorithmSuite_value)
proto.RegisterEnum("types.EntraIDCredentialsSource", EntraIDCredentialsSource_name, EntraIDCredentialsSource_value)
proto.RegisterEnum("types.AWSICCredentialsSource", AWSICCredentialsSource_name, AWSICCredentialsSource_value)
proto.RegisterEnum("types.AWSICGroupImportStatusCode", AWSICGroupImportStatusCode_name, AWSICGroupImportStatusCode_value)
proto.RegisterEnum("types.PluginStatusCode", PluginStatusCode_name, PluginStatusCode_value)
proto.RegisterEnum("types.OktaPluginSyncStatusCode", OktaPluginSyncStatusCode_name, OktaPluginSyncStatusCode_value)
proto.RegisterEnum("types.HeadlessAuthenticationState", HeadlessAuthenticationState_name, HeadlessAuthenticationState_value)
proto.RegisterEnum("types.InstallParamEnrollMode", InstallParamEnrollMode_name, InstallParamEnrollMode_value)
proto.RegisterEnum("types.KeepAlive_KeepAliveType", KeepAlive_KeepAliveType_name, KeepAlive_KeepAliveType_value)
proto.RegisterEnum("types.CertAuthoritySpecV2_SigningAlgType", CertAuthoritySpecV2_SigningAlgType_name, CertAuthoritySpecV2_SigningAlgType_value)
proto.RegisterEnum("types.ClusterAuditConfigSpecV2_FIPSEndpointState", ClusterAuditConfigSpecV2_FIPSEndpointState_name, ClusterAuditConfigSpecV2_FIPSEndpointState_value)
proto.RegisterEnum("types.ConnectionDiagnosticTrace_TraceType", ConnectionDiagnosticTrace_TraceType_name, ConnectionDiagnosticTrace_TraceType_value)
proto.RegisterEnum("types.ConnectionDiagnosticTrace_StatusType", ConnectionDiagnosticTrace_StatusType_name, ConnectionDiagnosticTrace_StatusType_value)
proto.RegisterEnum("types.OktaAssignmentSpecV1_OktaAssignmentStatus", OktaAssignmentSpecV1_OktaAssignmentStatus_name, OktaAssignmentSpecV1_OktaAssignmentStatus_value)
proto.RegisterEnum("types.OktaAssignmentTargetV1_OktaAssignmentTargetType", OktaAssignmentTargetV1_OktaAssignmentTargetType_name, OktaAssignmentTargetV1_OktaAssignmentTargetType_value)
proto.RegisterType((*KeepAlive)(nil), "types.KeepAlive")
proto.RegisterType((*Rotation)(nil), "types.Rotation")
proto.RegisterType((*RotationSchedule)(nil), "types.RotationSchedule")
proto.RegisterType((*ResourceHeader)(nil), "types.ResourceHeader")
proto.RegisterType((*DatabaseServerV3)(nil), "types.DatabaseServerV3")
proto.RegisterType((*DatabaseServerSpecV3)(nil), "types.DatabaseServerSpecV3")
proto.RegisterType((*DatabaseServerStatusV3)(nil), "types.DatabaseServerStatusV3")
proto.RegisterType((*DatabaseV3List)(nil), "types.DatabaseV3List")
proto.RegisterType((*DatabaseV3)(nil), "types.DatabaseV3")
proto.RegisterType((*DatabaseSpecV3)(nil), "types.DatabaseSpecV3")
proto.RegisterMapType((map[string]CommandLabelV2)(nil), "types.DatabaseSpecV3.DynamicLabelsEntry")
proto.RegisterType((*DatabaseAdminUser)(nil), "types.DatabaseAdminUser")
proto.RegisterType((*OracleOptions)(nil), "types.OracleOptions")
proto.RegisterType((*DatabaseStatusV3)(nil), "types.DatabaseStatusV3")
proto.RegisterType((*AWS)(nil), "types.AWS")
proto.RegisterMapType((map[string]string)(nil), "types.AWS.SessionTagsEntry")
proto.RegisterType((*SecretStore)(nil), "types.SecretStore")
proto.RegisterType((*Redshift)(nil), "types.Redshift")
proto.RegisterType((*RDS)(nil), "types.RDS")
proto.RegisterType((*RDSProxy)(nil), "types.RDSProxy")
proto.RegisterType((*ElastiCache)(nil), "types.ElastiCache")
proto.RegisterType((*ElastiCacheServerless)(nil), "types.ElastiCacheServerless")
proto.RegisterType((*MemoryDB)(nil), "types.MemoryDB")
proto.RegisterType((*RedshiftServerless)(nil), "types.RedshiftServerless")
proto.RegisterType((*OpenSearch)(nil), "types.OpenSearch")
proto.RegisterType((*DocumentDB)(nil), "types.DocumentDB")
proto.RegisterType((*GCPCloudSQL)(nil), "types.GCPCloudSQL")
proto.RegisterType((*AlloyDB)(nil), "types.AlloyDB")
proto.RegisterType((*Azure)(nil), "types.Azure")
proto.RegisterType((*AzureRedis)(nil), "types.AzureRedis")
proto.RegisterType((*AD)(nil), "types.AD")
proto.RegisterType((*DatabaseTLS)(nil), "types.DatabaseTLS")
proto.RegisterType((*MySQLOptions)(nil), "types.MySQLOptions")
proto.RegisterType((*MongoAtlas)(nil), "types.MongoAtlas")
proto.RegisterType((*InstanceV1)(nil), "types.InstanceV1")
proto.RegisterType((*InstanceSpecV1)(nil), "types.InstanceSpecV1")
proto.RegisterType((*SystemClockMeasurement)(nil), "types.SystemClockMeasurement")
proto.RegisterType((*InstanceControlLogEntry)(nil), "types.InstanceControlLogEntry")
proto.RegisterMapType((map[string]string)(nil), "types.InstanceControlLogEntry.LabelsEntry")
proto.RegisterType((*UpdaterV2Info)(nil), "types.UpdaterV2Info")
proto.RegisterType((*InstanceFilter)(nil), "types.InstanceFilter")
proto.RegisterType((*ServerV2)(nil), "types.ServerV2")
proto.RegisterType((*ServerSpecV2)(nil), "types.ServerSpecV2")
proto.RegisterMapType((map[string]CommandLabelV2)(nil), "types.ServerSpecV2.CmdLabelsEntry")
proto.RegisterType((*AWSInfo)(nil), "types.AWSInfo")
proto.RegisterType((*CloudMetadata)(nil), "types.CloudMetadata")
proto.RegisterType((*GitHubServerMetadata)(nil), "types.GitHubServerMetadata")
proto.RegisterType((*AppServerV3)(nil), "types.AppServerV3")
proto.RegisterType((*AppServerSpecV3)(nil), "types.AppServerSpecV3")
proto.RegisterType((*AppV3List)(nil), "types.AppV3List")
proto.RegisterType((*AppV3)(nil), "types.AppV3")
proto.RegisterType((*CORSPolicy)(nil), "types.CORSPolicy")
proto.RegisterType((*IdentityCenterPermissionSet)(nil), "types.IdentityCenterPermissionSet")
proto.RegisterType((*AppIdentityCenter)(nil), "types.AppIdentityCenter")
proto.RegisterType((*AppSpecV3)(nil), "types.AppSpecV3")
proto.RegisterMapType((map[string]CommandLabelV2)(nil), "types.AppSpecV3.DynamicLabelsEntry")
proto.RegisterType((*MCP)(nil), "types.MCP")
proto.RegisterType((*Rewrite)(nil), "types.Rewrite")
proto.RegisterType((*Header)(nil), "types.Header")
proto.RegisterType((*PortRange)(nil), "types.PortRange")
proto.RegisterType((*CommandLabelV2)(nil), "types.CommandLabelV2")
proto.RegisterType((*AppAWS)(nil), "types.AppAWS")
proto.RegisterType((*AppAWSRolesAnywhereProfile)(nil), "types.AppAWSRolesAnywhereProfile")
proto.RegisterType((*SSHKeyPair)(nil), "types.SSHKeyPair")
proto.RegisterType((*TLSKeyPair)(nil), "types.TLSKeyPair")
proto.RegisterType((*JWTKeyPair)(nil), "types.JWTKeyPair")
proto.RegisterType((*EncryptionKeyPair)(nil), "types.EncryptionKeyPair")
proto.RegisterType((*AgeEncryptionKey)(nil), "types.AgeEncryptionKey")
proto.RegisterType((*CertAuthorityV2)(nil), "types.CertAuthorityV2")
proto.RegisterType((*CertAuthoritySpecV2)(nil), "types.CertAuthoritySpecV2")
proto.RegisterType((*CAKeySet)(nil), "types.CAKeySet")
proto.RegisterType((*RoleMapping)(nil), "types.RoleMapping")
proto.RegisterType((*ProvisionTokenV1)(nil), "types.ProvisionTokenV1")
proto.RegisterType((*ProvisionTokenV2)(nil), "types.ProvisionTokenV2")
proto.RegisterType((*ProvisionTokenV2List)(nil), "types.ProvisionTokenV2List")
proto.RegisterType((*TokenRule)(nil), "types.TokenRule")
proto.RegisterType((*ProvisionTokenSpecV2)(nil), "types.ProvisionTokenSpecV2")
proto.RegisterType((*ProvisionTokenSpecV2AzureDevops)(nil), "types.ProvisionTokenSpecV2AzureDevops")
proto.RegisterType((*ProvisionTokenSpecV2AzureDevops_Rule)(nil), "types.ProvisionTokenSpecV2AzureDevops.Rule")
proto.RegisterType((*ProvisionTokenSpecV2TPM)(nil), "types.ProvisionTokenSpecV2TPM")
proto.RegisterType((*ProvisionTokenSpecV2TPM_Rule)(nil), "types.ProvisionTokenSpecV2TPM.Rule")
proto.RegisterType((*ProvisionTokenSpecV2GitHub)(nil), "types.ProvisionTokenSpecV2GitHub")
proto.RegisterType((*ProvisionTokenSpecV2GitHub_Rule)(nil), "types.ProvisionTokenSpecV2GitHub.Rule")
proto.RegisterType((*ProvisionTokenSpecV2GitLab)(nil), "types.ProvisionTokenSpecV2GitLab")
proto.RegisterType((*ProvisionTokenSpecV2GitLab_Rule)(nil), "types.ProvisionTokenSpecV2GitLab.Rule")
proto.RegisterType((*ProvisionTokenSpecV2CircleCI)(nil), "types.ProvisionTokenSpecV2CircleCI")
proto.RegisterType((*ProvisionTokenSpecV2CircleCI_Rule)(nil), "types.ProvisionTokenSpecV2CircleCI.Rule")
proto.RegisterType((*ProvisionTokenSpecV2Spacelift)(nil), "types.ProvisionTokenSpecV2Spacelift")
proto.RegisterType((*ProvisionTokenSpecV2Spacelift_Rule)(nil), "types.ProvisionTokenSpecV2Spacelift.Rule")
proto.RegisterType((*ProvisionTokenSpecV2Kubernetes)(nil), "types.ProvisionTokenSpecV2Kubernetes")
proto.RegisterType((*ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig)(nil), "types.ProvisionTokenSpecV2Kubernetes.StaticJWKSConfig")
proto.RegisterType((*ProvisionTokenSpecV2Kubernetes_OIDCConfig)(nil), "types.ProvisionTokenSpecV2Kubernetes.OIDCConfig")
proto.RegisterType((*ProvisionTokenSpecV2Kubernetes_Rule)(nil), "types.ProvisionTokenSpecV2Kubernetes.Rule")
proto.RegisterType((*ProvisionTokenSpecV2Azure)(nil), "types.ProvisionTokenSpecV2Azure")
proto.RegisterType((*ProvisionTokenSpecV2Azure_Rule)(nil), "types.ProvisionTokenSpecV2Azure.Rule")
proto.RegisterType((*ProvisionTokenSpecV2GCP)(nil), "types.ProvisionTokenSpecV2GCP")
proto.RegisterType((*ProvisionTokenSpecV2GCP_Rule)(nil), "types.ProvisionTokenSpecV2GCP.Rule")
proto.RegisterType((*ProvisionTokenSpecV2TerraformCloud)(nil), "types.ProvisionTokenSpecV2TerraformCloud")
proto.RegisterType((*ProvisionTokenSpecV2TerraformCloud_Rule)(nil), "types.ProvisionTokenSpecV2TerraformCloud.Rule")
proto.RegisterType((*ProvisionTokenSpecV2Bitbucket)(nil), "types.ProvisionTokenSpecV2Bitbucket")
proto.RegisterType((*ProvisionTokenSpecV2Bitbucket_Rule)(nil), "types.ProvisionTokenSpecV2Bitbucket.Rule")
proto.RegisterType((*ProvisionTokenSpecV2Oracle)(nil), "types.ProvisionTokenSpecV2Oracle")
proto.RegisterType((*ProvisionTokenSpecV2Oracle_Rule)(nil), "types.ProvisionTokenSpecV2Oracle.Rule")
proto.RegisterType((*ProvisionTokenSpecV2Env0)(nil), "types.ProvisionTokenSpecV2Env0")
proto.RegisterType((*ProvisionTokenSpecV2Env0_Rule)(nil), "types.ProvisionTokenSpecV2Env0.Rule")
proto.RegisterType((*ProvisionTokenSpecV2BoundKeypair)(nil), "types.ProvisionTokenSpecV2BoundKeypair")
proto.RegisterType((*ProvisionTokenSpecV2BoundKeypair_OnboardingSpec)(nil), "types.ProvisionTokenSpecV2BoundKeypair.OnboardingSpec")
proto.RegisterType((*ProvisionTokenSpecV2BoundKeypair_RecoverySpec)(nil), "types.ProvisionTokenSpecV2BoundKeypair.RecoverySpec")
proto.RegisterType((*ProvisionTokenStatusV2)(nil), "types.ProvisionTokenStatusV2")
proto.RegisterType((*ProvisionTokenStatusV2BoundKeypair)(nil), "types.ProvisionTokenStatusV2BoundKeypair")
proto.RegisterType((*StaticTokensV2)(nil), "types.StaticTokensV2")
proto.RegisterType((*StaticTokensSpecV2)(nil), "types.StaticTokensSpecV2")
proto.RegisterType((*ClusterNameV2)(nil), "types.ClusterNameV2")
proto.RegisterType((*ClusterNameSpecV2)(nil), "types.ClusterNameSpecV2")
proto.RegisterType((*ClusterAuditConfigV2)(nil), "types.ClusterAuditConfigV2")
proto.RegisterType((*ClusterAuditConfigSpecV2)(nil), "types.ClusterAuditConfigSpecV2")
proto.RegisterType((*ClusterNetworkingConfigV2)(nil), "types.ClusterNetworkingConfigV2")
proto.RegisterType((*ClusterNetworkingConfigSpecV2)(nil), "types.ClusterNetworkingConfigSpecV2")
proto.RegisterType((*TunnelStrategyV1)(nil), "types.TunnelStrategyV1")
proto.RegisterType((*AgentMeshTunnelStrategy)(nil), "types.AgentMeshTunnelStrategy")
proto.RegisterType((*ProxyPeeringTunnelStrategy)(nil), "types.ProxyPeeringTunnelStrategy")
proto.RegisterType((*SessionRecordingConfigV2)(nil), "types.SessionRecordingConfigV2")
proto.RegisterType((*KeyLabel)(nil), "types.KeyLabel")
proto.RegisterType((*ManualKeyManagementConfig)(nil), "types.ManualKeyManagementConfig")
proto.RegisterType((*SessionRecordingEncryptionConfig)(nil), "types.SessionRecordingEncryptionConfig")
proto.RegisterType((*SessionRecordingConfigSpecV2)(nil), "types.SessionRecordingConfigSpecV2")
proto.RegisterType((*SessionRecordingConfigStatus)(nil), "types.SessionRecordingConfigStatus")
proto.RegisterType((*AuthPreferenceV2)(nil), "types.AuthPreferenceV2")
proto.RegisterType((*AuthPreferenceSpecV2)(nil), "types.AuthPreferenceSpecV2")
proto.RegisterType((*StableUNIXUserConfig)(nil), "types.StableUNIXUserConfig")
proto.RegisterType((*U2F)(nil), "types.U2F")
proto.RegisterType((*Webauthn)(nil), "types.Webauthn")
proto.RegisterType((*DeviceTrust)(nil), "types.DeviceTrust")
proto.RegisterType((*HardwareKey)(nil), "types.HardwareKey")
proto.RegisterType((*HardwareKeySerialNumberValidation)(nil), "types.HardwareKeySerialNumberValidation")
proto.RegisterType((*Namespace)(nil), "types.Namespace")
proto.RegisterType((*NamespaceSpec)(nil), "types.NamespaceSpec")
proto.RegisterType((*UserTokenV3)(nil), "types.UserTokenV3")
proto.RegisterType((*UserTokenSpecV3)(nil), "types.UserTokenSpecV3")
proto.RegisterType((*UserTokenSecretsV3)(nil), "types.UserTokenSecretsV3")
proto.RegisterType((*UserTokenSecretsSpecV3)(nil), "types.UserTokenSecretsSpecV3")
proto.RegisterType((*AccessRequestV3)(nil), "types.AccessRequestV3")
proto.RegisterType((*AccessReviewThreshold)(nil), "types.AccessReviewThreshold")
proto.RegisterType((*PromotedAccessList)(nil), "types.PromotedAccessList")
proto.RegisterType((*AccessRequestDryRunEnrichment)(nil), "types.AccessRequestDryRunEnrichment")
proto.RegisterType((*AccessReview)(nil), "types.AccessReview")
proto.RegisterType((*AccessReviewSubmission)(nil), "types.AccessReviewSubmission")
proto.RegisterType((*ThresholdIndexSet)(nil), "types.ThresholdIndexSet")
proto.RegisterType((*ThresholdIndexSets)(nil), "types.ThresholdIndexSets")
proto.RegisterType((*AccessRequestSpecV3)(nil), "types.AccessRequestSpecV3")
proto.RegisterMapType((map[string]ThresholdIndexSets)(nil), "types.AccessRequestSpecV3.RoleThresholdMappingEntry")
proto.RegisterType((*AccessRequestFilter)(nil), "types.AccessRequestFilter")
proto.RegisterType((*AccessCapabilities)(nil), "types.AccessCapabilities")
proto.RegisterType((*AccessCapabilitiesRequest)(nil), "types.AccessCapabilitiesRequest")
proto.RegisterType((*RemoteAccessCapabilities)(nil), "types.RemoteAccessCapabilities")
proto.RegisterType((*RemoteAccessCapabilitiesRequest)(nil), "types.RemoteAccessCapabilitiesRequest")
proto.RegisterType((*RequestKubernetesResource)(nil), "types.RequestKubernetesResource")
proto.RegisterType((*ResourceID)(nil), "types.ResourceID")
proto.RegisterType((*PluginDataV3)(nil), "types.PluginDataV3")
proto.RegisterType((*PluginDataEntry)(nil), "types.PluginDataEntry")
proto.RegisterMapType((map[string]string)(nil), "types.PluginDataEntry.DataEntry")
proto.RegisterType((*PluginDataSpecV3)(nil), "types.PluginDataSpecV3")
proto.RegisterMapType((map[string]*PluginDataEntry)(nil), "types.PluginDataSpecV3.EntriesEntry")
proto.RegisterType((*PluginDataFilter)(nil), "types.PluginDataFilter")
proto.RegisterType((*PluginDataUpdateParams)(nil), "types.PluginDataUpdateParams")
proto.RegisterMapType((map[string]string)(nil), "types.PluginDataUpdateParams.ExpectEntry")
proto.RegisterMapType((map[string]string)(nil), "types.PluginDataUpdateParams.SetEntry")
proto.RegisterType((*RoleFilter)(nil), "types.RoleFilter")
proto.RegisterType((*RoleV6)(nil), "types.RoleV6")
proto.RegisterType((*RoleSpecV6)(nil), "types.RoleSpecV6")
proto.RegisterType((*SSHLocalPortForwarding)(nil), "types.SSHLocalPortForwarding")
proto.RegisterType((*SSHRemotePortForwarding)(nil), "types.SSHRemotePortForwarding")
proto.RegisterType((*SSHPortForwarding)(nil), "types.SSHPortForwarding")
proto.RegisterType((*RoleOptions)(nil), "types.RoleOptions")
proto.RegisterType((*RecordSession)(nil), "types.RecordSession")
proto.RegisterType((*CertExtension)(nil), "types.CertExtension")
proto.RegisterType((*RoleConditions)(nil), "types.RoleConditions")
proto.RegisterType((*IdentityCenterAccountAssignment)(nil), "types.IdentityCenterAccountAssignment")
proto.RegisterType((*GitHubPermission)(nil), "types.GitHubPermission")
proto.RegisterType((*MCPPermissions)(nil), "types.MCPPermissions")
proto.RegisterType((*SPIFFERoleCondition)(nil), "types.SPIFFERoleCondition")
proto.RegisterType((*DatabasePermission)(nil), "types.DatabasePermission")
proto.RegisterType((*KubernetesResource)(nil), "types.KubernetesResource")
proto.RegisterType((*SessionRequirePolicy)(nil), "types.SessionRequirePolicy")
proto.RegisterType((*SessionJoinPolicy)(nil), "types.SessionJoinPolicy")
proto.RegisterType((*AccessRequestConditions)(nil), "types.AccessRequestConditions")
proto.RegisterType((*AccessRequestConditionsReason)(nil), "types.AccessRequestConditionsReason")
proto.RegisterType((*AccessReviewConditions)(nil), "types.AccessReviewConditions")
proto.RegisterType((*AccessRequestAllowedPromotion)(nil), "types.AccessRequestAllowedPromotion")
proto.RegisterType((*AccessRequestAllowedPromotions)(nil), "types.AccessRequestAllowedPromotions")
proto.RegisterType((*ResourceIDList)(nil), "types.ResourceIDList")
proto.RegisterType((*LongTermResourceGrouping)(nil), "types.LongTermResourceGrouping")
proto.RegisterMapType((map[string]ResourceIDList)(nil), "types.LongTermResourceGrouping.AccessListToResourcesEntry")
proto.RegisterType((*ClaimMapping)(nil), "types.ClaimMapping")
proto.RegisterType((*TraitMapping)(nil), "types.TraitMapping")
proto.RegisterType((*Rule)(nil), "types.Rule")
proto.RegisterType((*ImpersonateConditions)(nil), "types.ImpersonateConditions")
proto.RegisterType((*BoolValue)(nil), "types.BoolValue")
proto.RegisterType((*UserFilter)(nil), "types.UserFilter")
proto.RegisterType((*UserV2)(nil), "types.UserV2")
proto.RegisterType((*UserStatusV2)(nil), "types.UserStatusV2")
proto.RegisterType((*UserSpecV2)(nil), "types.UserSpecV2")
proto.RegisterType((*ExternalIdentity)(nil), "types.ExternalIdentity")
proto.RegisterType((*LoginStatus)(nil), "types.LoginStatus")
proto.RegisterType((*CreatedBy)(nil), "types.CreatedBy")
proto.RegisterType((*LocalAuthSecrets)(nil), "types.LocalAuthSecrets")
proto.RegisterType((*WebauthnLocalAuth)(nil), "types.WebauthnLocalAuth")
proto.RegisterType((*ConnectorRef)(nil), "types.ConnectorRef")
proto.RegisterType((*UserRef)(nil), "types.UserRef")
proto.RegisterType((*ReverseTunnelV2)(nil), "types.ReverseTunnelV2")
proto.RegisterType((*ReverseTunnelSpecV2)(nil), "types.ReverseTunnelSpecV2")
proto.RegisterType((*TunnelConnectionV2)(nil), "types.TunnelConnectionV2")
proto.RegisterType((*TunnelConnectionSpecV2)(nil), "types.TunnelConnectionSpecV2")
proto.RegisterType((*SemaphoreFilter)(nil), "types.SemaphoreFilter")
proto.RegisterType((*AcquireSemaphoreRequest)(nil), "types.AcquireSemaphoreRequest")
proto.RegisterType((*SemaphoreLease)(nil), "types.SemaphoreLease")
proto.RegisterType((*SemaphoreLeaseRef)(nil), "types.SemaphoreLeaseRef")
proto.RegisterType((*SemaphoreV3)(nil), "types.SemaphoreV3")
proto.RegisterType((*SemaphoreSpecV3)(nil), "types.SemaphoreSpecV3")
proto.RegisterType((*WebSessionV2)(nil), "types.WebSessionV2")
proto.RegisterType((*WebSessionSpecV2)(nil), "types.WebSessionSpecV2")
proto.RegisterType((*DeviceWebToken)(nil), "types.DeviceWebToken")
proto.RegisterType((*WebSessionFilter)(nil), "types.WebSessionFilter")
proto.RegisterType((*SAMLSessionData)(nil), "types.SAMLSessionData")
proto.RegisterType((*SAMLAttribute)(nil), "types.SAMLAttribute")
proto.RegisterType((*SAMLAttributeValue)(nil), "types.SAMLAttributeValue")
proto.RegisterType((*SAMLNameID)(nil), "types.SAMLNameID")
proto.RegisterType((*RemoteClusterV3)(nil), "types.RemoteClusterV3")
proto.RegisterType((*RemoteClusterStatusV3)(nil), "types.RemoteClusterStatusV3")
proto.RegisterType((*KubernetesCluster)(nil), "types.KubernetesCluster")
proto.RegisterMapType((map[string]CommandLabelV2)(nil), "types.KubernetesCluster.DynamicLabelsEntry")
proto.RegisterMapType((map[string]string)(nil), "types.KubernetesCluster.StaticLabelsEntry")
proto.RegisterType((*KubernetesClusterV3)(nil), "types.KubernetesClusterV3")
proto.RegisterType((*KubernetesClusterSpecV3)(nil), "types.KubernetesClusterSpecV3")
proto.RegisterMapType((map[string]CommandLabelV2)(nil), "types.KubernetesClusterSpecV3.DynamicLabelsEntry")
proto.RegisterType((*KubeAzure)(nil), "types.KubeAzure")
proto.RegisterType((*KubeAWS)(nil), "types.KubeAWS")
proto.RegisterType((*KubeGCP)(nil), "types.KubeGCP")
proto.RegisterType((*KubernetesClusterStatus)(nil), "types.KubernetesClusterStatus")
proto.RegisterType((*KubernetesClusterDiscoveryStatus)(nil), "types.KubernetesClusterDiscoveryStatus")
proto.RegisterType((*KubernetesClusterAWSStatus)(nil), "types.KubernetesClusterAWSStatus")
proto.RegisterType((*KubernetesClusterV3List)(nil), "types.KubernetesClusterV3List")
proto.RegisterType((*KubernetesServerV3)(nil), "types.KubernetesServerV3")
proto.RegisterType((*KubernetesServerSpecV3)(nil), "types.KubernetesServerSpecV3")
proto.RegisterType((*KubernetesServerStatusV3)(nil), "types.KubernetesServerStatusV3")
proto.RegisterType((*WebTokenV3)(nil), "types.WebTokenV3")
proto.RegisterType((*WebTokenSpecV3)(nil), "types.WebTokenSpecV3")
proto.RegisterType((*GetWebSessionRequest)(nil), "types.GetWebSessionRequest")
proto.RegisterType((*DeleteWebSessionRequest)(nil), "types.DeleteWebSessionRequest")
proto.RegisterType((*GetWebTokenRequest)(nil), "types.GetWebTokenRequest")
proto.RegisterType((*DeleteWebTokenRequest)(nil), "types.DeleteWebTokenRequest")
proto.RegisterType((*ResourceRequest)(nil), "types.ResourceRequest")
proto.RegisterType((*ResourceWithSecretsRequest)(nil), "types.ResourceWithSecretsRequest")
proto.RegisterType((*ResourcesWithSecretsRequest)(nil), "types.ResourcesWithSecretsRequest")
proto.RegisterType((*ResourceInNamespaceRequest)(nil), "types.ResourceInNamespaceRequest")
proto.RegisterType((*ResourcesInNamespaceRequest)(nil), "types.ResourcesInNamespaceRequest")
proto.RegisterType((*OIDCConnectorV3)(nil), "types.OIDCConnectorV3")
proto.RegisterType((*OIDCConnectorV3List)(nil), "types.OIDCConnectorV3List")
proto.RegisterType((*OIDCConnectorSpecV3)(nil), "types.OIDCConnectorSpecV3")
proto.RegisterType((*EntraIDGroupsProvider)(nil), "types.EntraIDGroupsProvider")
proto.RegisterType((*MaxAge)(nil), "types.MaxAge")
proto.RegisterType((*SSOClientRedirectSettings)(nil), "types.SSOClientRedirectSettings")
proto.RegisterType((*OIDCConnectorMFASettings)(nil), "types.OIDCConnectorMFASettings")
proto.RegisterType((*OIDCAuthRequest)(nil), "types.OIDCAuthRequest")
proto.RegisterType((*SAMLConnectorV2)(nil), "types.SAMLConnectorV2")
proto.RegisterType((*SAMLConnectorV2List)(nil), "types.SAMLConnectorV2List")
proto.RegisterType((*SAMLConnectorSpecV2)(nil), "types.SAMLConnectorSpecV2")
proto.RegisterType((*SAMLConnectorMFASettings)(nil), "types.SAMLConnectorMFASettings")
proto.RegisterType((*SAMLAuthRequest)(nil), "types.SAMLAuthRequest")
proto.RegisterType((*AttributeMapping)(nil), "types.AttributeMapping")
proto.RegisterType((*AsymmetricKeyPair)(nil), "types.AsymmetricKeyPair")
proto.RegisterType((*GithubConnectorV3)(nil), "types.GithubConnectorV3")
proto.RegisterType((*GithubConnectorV3List)(nil), "types.GithubConnectorV3List")
proto.RegisterType((*GithubConnectorSpecV3)(nil), "types.GithubConnectorSpecV3")
proto.RegisterType((*GithubAuthRequest)(nil), "types.GithubAuthRequest")
proto.RegisterType((*SSOWarnings)(nil), "types.SSOWarnings")
proto.RegisterType((*CreateUserParams)(nil), "types.CreateUserParams")
proto.RegisterType((*SSODiagnosticInfo)(nil), "types.SSODiagnosticInfo")
proto.RegisterType((*GithubTokenInfo)(nil), "types.GithubTokenInfo")
proto.RegisterType((*GithubClaims)(nil), "types.GithubClaims")
proto.RegisterType((*TeamMapping)(nil), "types.TeamMapping")
proto.RegisterType((*TeamRolesMapping)(nil), "types.TeamRolesMapping")
proto.RegisterType((*TrustedClusterV2)(nil), "types.TrustedClusterV2")
proto.RegisterType((*TrustedClusterV2List)(nil), "types.TrustedClusterV2List")
proto.RegisterType((*TrustedClusterSpecV2)(nil), "types.TrustedClusterSpecV2")
proto.RegisterType((*LockV2)(nil), "types.LockV2")
proto.RegisterType((*LockSpecV2)(nil), "types.LockSpecV2")
proto.RegisterType((*LockTarget)(nil), "types.LockTarget")
proto.RegisterType((*LockFilter)(nil), "types.LockFilter")
proto.RegisterType((*AddressCondition)(nil), "types.AddressCondition")
proto.RegisterType((*NetworkRestrictionsSpecV4)(nil), "types.NetworkRestrictionsSpecV4")
proto.RegisterType((*NetworkRestrictionsV4)(nil), "types.NetworkRestrictionsV4")
proto.RegisterType((*WindowsDesktopServiceV3)(nil), "types.WindowsDesktopServiceV3")
proto.RegisterType((*WindowsDesktopServiceSpecV3)(nil), "types.WindowsDesktopServiceSpecV3")
proto.RegisterType((*WindowsDesktopFilter)(nil), "types.WindowsDesktopFilter")
proto.RegisterType((*WindowsDesktopV3)(nil), "types.WindowsDesktopV3")
proto.RegisterType((*WindowsDesktopSpecV3)(nil), "types.WindowsDesktopSpecV3")
proto.RegisterType((*DynamicWindowsDesktopV1)(nil), "types.DynamicWindowsDesktopV1")
proto.RegisterType((*DynamicWindowsDesktopSpecV1)(nil), "types.DynamicWindowsDesktopSpecV1")
proto.RegisterType((*Resolution)(nil), "types.Resolution")
proto.RegisterType((*RegisterUsingTokenRequest)(nil), "types.RegisterUsingTokenRequest")
proto.RegisterType((*RecoveryCodesV1)(nil), "types.RecoveryCodesV1")
proto.RegisterType((*RecoveryCodesSpecV1)(nil), "types.RecoveryCodesSpecV1")
proto.RegisterType((*RecoveryCode)(nil), "types.RecoveryCode")
proto.RegisterType((*NullableSessionState)(nil), "types.NullableSessionState")
proto.RegisterType((*SessionTrackerFilter)(nil), "types.SessionTrackerFilter")
proto.RegisterType((*SessionTrackerV1)(nil), "types.SessionTrackerV1")
proto.RegisterType((*SessionTrackerSpecV1)(nil), "types.SessionTrackerSpecV1")
proto.RegisterType((*SessionTrackerPolicySet)(nil), "types.SessionTrackerPolicySet")
proto.RegisterType((*Participant)(nil), "types.Participant")
proto.RegisterType((*UIConfigV1)(nil), "types.UIConfigV1")
proto.RegisterType((*UIConfigSpecV1)(nil), "types.UIConfigSpecV1")
proto.RegisterType((*InstallerV1)(nil), "types.InstallerV1")
proto.RegisterType((*InstallerSpecV1)(nil), "types.InstallerSpecV1")
proto.RegisterType((*InstallerV1List)(nil), "types.InstallerV1List")
proto.RegisterType((*SortBy)(nil), "types.SortBy")
proto.RegisterType((*ConnectionDiagnosticV1)(nil), "types.ConnectionDiagnosticV1")
proto.RegisterType((*ConnectionDiagnosticSpecV1)(nil), "types.ConnectionDiagnosticSpecV1")
proto.RegisterType((*ConnectionDiagnosticTrace)(nil), "types.ConnectionDiagnosticTrace")
proto.RegisterType((*DatabaseServiceV1)(nil), "types.DatabaseServiceV1")
proto.RegisterType((*DatabaseServiceSpecV1)(nil), "types.DatabaseServiceSpecV1")
proto.RegisterType((*DatabaseResourceMatcher)(nil), "types.DatabaseResourceMatcher")
proto.RegisterType((*ResourceMatcherAWS)(nil), "types.ResourceMatcherAWS")
proto.RegisterType((*ClusterAlert)(nil), "types.ClusterAlert")
proto.RegisterType((*ClusterAlertSpec)(nil), "types.ClusterAlertSpec")
proto.RegisterType((*GetClusterAlertsRequest)(nil), "types.GetClusterAlertsRequest")
proto.RegisterMapType((map[string]string)(nil), "types.GetClusterAlertsRequest.LabelsEntry")
proto.RegisterType((*AlertAcknowledgement)(nil), "types.AlertAcknowledgement")
proto.RegisterType((*Release)(nil), "types.Release")
proto.RegisterType((*Asset)(nil), "types.Asset")
proto.RegisterType((*PluginV1)(nil), "types.PluginV1")
proto.RegisterType((*PluginSpecV1)(nil), "types.PluginSpecV1")
proto.RegisterType((*PluginGithubSettings)(nil), "types.PluginGithubSettings")
proto.RegisterType((*PluginSlackAccessSettings)(nil), "types.PluginSlackAccessSettings")
proto.RegisterType((*PluginGitlabSettings)(nil), "types.PluginGitlabSettings")
proto.RegisterType((*PluginOpsgenieAccessSettings)(nil), "types.PluginOpsgenieAccessSettings")
proto.RegisterType((*PluginServiceNowSettings)(nil), "types.PluginServiceNowSettings")
proto.RegisterType((*PluginPagerDutySettings)(nil), "types.PluginPagerDutySettings")
proto.RegisterType((*PluginJiraSettings)(nil), "types.PluginJiraSettings")
proto.RegisterType((*PluginOpenAISettings)(nil), "types.PluginOpenAISettings")
proto.RegisterType((*PluginMattermostSettings)(nil), "types.PluginMattermostSettings")
proto.RegisterType((*PluginJamfSettings)(nil), "types.PluginJamfSettings")
proto.RegisterType((*PluginIntuneSettings)(nil), "types.PluginIntuneSettings")
proto.RegisterType((*PluginOktaSettings)(nil), "types.PluginOktaSettings")
proto.RegisterType((*PluginOktaCredentialsInfo)(nil), "types.PluginOktaCredentialsInfo")
proto.RegisterType((*PluginOktaSyncSettings)(nil), "types.PluginOktaSyncSettings")
proto.RegisterType((*DiscordChannels)(nil), "types.DiscordChannels")
proto.RegisterType((*PluginDiscordSettings)(nil), "types.PluginDiscordSettings")
proto.RegisterMapType((map[string]*DiscordChannels)(nil), "types.PluginDiscordSettings.RoleToRecipientsEntry")
proto.RegisterType((*PluginEntraIDSettings)(nil), "types.PluginEntraIDSettings")
proto.RegisterType((*PluginEntraIDSyncSettings)(nil), "types.PluginEntraIDSyncSettings")
proto.RegisterType((*PluginSyncFilter)(nil), "types.PluginSyncFilter")
proto.RegisterType((*PluginEntraIDAccessGraphSettings)(nil), "types.PluginEntraIDAccessGraphSettings")
proto.RegisterType((*PluginEntraIDAppSSOSettings)(nil), "types.PluginEntraIDAppSSOSettings")
proto.RegisterType((*PluginSCIMSettings)(nil), "types.PluginSCIMSettings")
proto.RegisterType((*PluginSCIMSettings_ConnectorInfo)(nil), "types.PluginSCIMSettings.ConnectorInfo")
proto.RegisterType((*PluginDatadogAccessSettings)(nil), "types.PluginDatadogAccessSettings")
proto.RegisterType((*PluginAWSICSettings)(nil), "types.PluginAWSICSettings")
proto.RegisterType((*AWSICCredentials)(nil), "types.AWSICCredentials")
proto.RegisterType((*AWSICCredentialSourceSystem)(nil), "types.AWSICCredentialSourceSystem")
proto.RegisterType((*AWSICCredentialSourceOIDC)(nil), "types.AWSICCredentialSourceOIDC")
proto.RegisterType((*AWSICResourceFilter)(nil), "types.AWSICResourceFilter")
proto.RegisterType((*AWSICUserSyncFilter)(nil), "types.AWSICUserSyncFilter")
proto.RegisterMapType((map[string]string)(nil), "types.AWSICUserSyncFilter.LabelsEntry")
proto.RegisterType((*AWSICProvisioningSpec)(nil), "types.AWSICProvisioningSpec")
proto.RegisterType((*PluginAWSICStatusV1)(nil), "types.PluginAWSICStatusV1")
proto.RegisterType((*AWSICGroupImportStatus)(nil), "types.AWSICGroupImportStatus")
proto.RegisterType((*PluginEmailSettings)(nil), "types.PluginEmailSettings")
proto.RegisterType((*MailgunSpec)(nil), "types.MailgunSpec")
proto.RegisterType((*SMTPSpec)(nil), "types.SMTPSpec")
proto.RegisterType((*PluginMSTeamsSettings)(nil), "types.PluginMSTeamsSettings")
proto.RegisterType((*PluginNetIQSettings)(nil), "types.PluginNetIQSettings")
proto.RegisterType((*PluginBootstrapCredentialsV1)(nil), "types.PluginBootstrapCredentialsV1")
proto.RegisterType((*PluginIdSecretCredential)(nil), "types.PluginIdSecretCredential")
proto.RegisterType((*PluginOAuth2AuthorizationCodeCredentials)(nil), "types.PluginOAuth2AuthorizationCodeCredentials")
proto.RegisterType((*PluginStatusV1)(nil), "types.PluginStatusV1")
proto.RegisterType((*PluginNetIQStatusV1)(nil), "types.PluginNetIQStatusV1")
proto.RegisterType((*PluginGitlabStatusV1)(nil), "types.PluginGitlabStatusV1")
proto.RegisterType((*PluginEntraIDStatusV1)(nil), "types.PluginEntraIDStatusV1")
proto.RegisterType((*PluginOktaStatusV1)(nil), "types.PluginOktaStatusV1")
proto.RegisterType((*PluginOktaStatusDetailsSSO)(nil), "types.PluginOktaStatusDetailsSSO")
proto.RegisterType((*PluginOktaStatusDetailsAppGroupSync)(nil), "types.PluginOktaStatusDetailsAppGroupSync")
proto.RegisterType((*PluginOktaStatusDetailsUsersSync)(nil), "types.PluginOktaStatusDetailsUsersSync")
proto.RegisterType((*PluginOktaStatusDetailsSCIM)(nil), "types.PluginOktaStatusDetailsSCIM")
proto.RegisterType((*PluginOktaStatusDetailsAccessListsSync)(nil), "types.PluginOktaStatusDetailsAccessListsSync")
proto.RegisterType((*PluginOktaStatusSystemLogExporter)(nil), "types.PluginOktaStatusSystemLogExporter")
proto.RegisterType((*PluginCredentialsV1)(nil), "types.PluginCredentialsV1")
proto.RegisterType((*PluginOAuth2AccessTokenCredentials)(nil), "types.PluginOAuth2AccessTokenCredentials")
proto.RegisterType((*PluginBearerTokenCredentials)(nil), "types.PluginBearerTokenCredentials")
proto.RegisterType((*PluginStaticCredentialsRef)(nil), "types.PluginStaticCredentialsRef")
proto.RegisterMapType((map[string]string)(nil), "types.PluginStaticCredentialsRef.LabelsEntry")
proto.RegisterType((*PluginListV1)(nil), "types.PluginListV1")
proto.RegisterType((*PluginStaticCredentialsV1)(nil), "types.PluginStaticCredentialsV1")
proto.RegisterType((*PluginStaticCredentialsSpecV1)(nil), "types.PluginStaticCredentialsSpecV1")
proto.RegisterType((*PluginStaticCredentialsBasicAuth)(nil), "types.PluginStaticCredentialsBasicAuth")
proto.RegisterType((*PluginStaticCredentialsOAuthClientSecret)(nil), "types.PluginStaticCredentialsOAuthClientSecret")
proto.RegisterType((*PluginStaticCredentialsSSHCertAuthorities)(nil), "types.PluginStaticCredentialsSSHCertAuthorities")
proto.RegisterType((*SAMLIdPServiceProviderV1)(nil), "types.SAMLIdPServiceProviderV1")
proto.RegisterType((*SAMLIdPServiceProviderSpecV1)(nil), "types.SAMLIdPServiceProviderSpecV1")
proto.RegisterType((*SAMLAttributeMapping)(nil), "types.SAMLAttributeMapping")
proto.RegisterType((*IdPOptions)(nil), "types.IdPOptions")
proto.RegisterType((*IdPSAMLOptions)(nil), "types.IdPSAMLOptions")
proto.RegisterType((*KubernetesResourceV1)(nil), "types.KubernetesResourceV1")
proto.RegisterType((*KubernetesResourceSpecV1)(nil), "types.KubernetesResourceSpecV1")
proto.RegisterType((*ClusterMaintenanceConfigV1)(nil), "types.ClusterMaintenanceConfigV1")
proto.RegisterType((*ClusterMaintenanceConfigSpecV1)(nil), "types.ClusterMaintenanceConfigSpecV1")
proto.RegisterType((*AgentUpgradeWindow)(nil), "types.AgentUpgradeWindow")
proto.RegisterType((*ScheduledAgentUpgradeWindow)(nil), "types.ScheduledAgentUpgradeWindow")
proto.RegisterType((*AgentUpgradeSchedule)(nil), "types.AgentUpgradeSchedule")
proto.RegisterType((*UserGroupV1)(nil), "types.UserGroupV1")
proto.RegisterType((*UserGroupSpecV1)(nil), "types.UserGroupSpecV1")
proto.RegisterType((*OktaImportRuleSpecV1)(nil), "types.OktaImportRuleSpecV1")
proto.RegisterType((*OktaImportRuleMappingV1)(nil), "types.OktaImportRuleMappingV1")
proto.RegisterMapType((map[string]string)(nil), "types.OktaImportRuleMappingV1.AddLabelsEntry")
proto.RegisterType((*OktaImportRuleV1)(nil), "types.OktaImportRuleV1")
proto.RegisterType((*OktaImportRuleMatchV1)(nil), "types.OktaImportRuleMatchV1")
proto.RegisterType((*OktaAssignmentV1)(nil), "types.OktaAssignmentV1")
proto.RegisterType((*OktaAssignmentSpecV1)(nil), "types.OktaAssignmentSpecV1")
proto.RegisterType((*OktaAssignmentTargetV1)(nil), "types.OktaAssignmentTargetV1")
proto.RegisterType((*IntegrationV1)(nil), "types.IntegrationV1")
proto.RegisterType((*IntegrationSpecV1)(nil), "types.IntegrationSpecV1")
proto.RegisterType((*IntegrationStatusV1)(nil), "types.IntegrationStatusV1")
proto.RegisterType((*AWSOIDCIntegrationSpecV1)(nil), "types.AWSOIDCIntegrationSpecV1")
proto.RegisterType((*AzureOIDCIntegrationSpecV1)(nil), "types.AzureOIDCIntegrationSpecV1")
proto.RegisterType((*GitHubIntegrationSpecV1)(nil), "types.GitHubIntegrationSpecV1")
proto.RegisterType((*AWSRAIntegrationSpecV1)(nil), "types.AWSRAIntegrationSpecV1")
proto.RegisterType((*AWSRolesAnywhereProfileSyncConfig)(nil), "types.AWSRolesAnywhereProfileSyncConfig")
proto.RegisterType((*AWSRAIntegrationStatusV1)(nil), "types.AWSRAIntegrationStatusV1")
proto.RegisterType((*AWSRolesAnywhereProfileSyncIterationSummary)(nil), "types.AWSRolesAnywhereProfileSyncIterationSummary")
proto.RegisterType((*HeadlessAuthentication)(nil), "types.HeadlessAuthentication")
proto.RegisterType((*WatchKind)(nil), "types.WatchKind")
proto.RegisterMapType((map[string]string)(nil), "types.WatchKind.FilterEntry")
proto.RegisterType((*WatchStatusV1)(nil), "types.WatchStatusV1")
proto.RegisterType((*WatchStatusSpecV1)(nil), "types.WatchStatusSpecV1")
proto.RegisterType((*ServerInfoV1)(nil), "types.ServerInfoV1")
proto.RegisterType((*ServerInfoSpecV1)(nil), "types.ServerInfoSpecV1")
proto.RegisterMapType((map[string]string)(nil), "types.ServerInfoSpecV1.NewLabelsEntry")
proto.RegisterType((*JamfSpecV1)(nil), "types.JamfSpecV1")
proto.RegisterType((*JamfInventoryEntry)(nil), "types.JamfInventoryEntry")
proto.RegisterType((*MessageWithHeader)(nil), "types.MessageWithHeader")
proto.RegisterType((*AWSMatcher)(nil), "types.AWSMatcher")
proto.RegisterType((*AWSOrganizationMatcher)(nil), "types.AWSOrganizationMatcher")
proto.RegisterType((*AWSOrganizationUnitsMatcher)(nil), "types.AWSOrganizationUnitsMatcher")
proto.RegisterType((*AssumeRole)(nil), "types.AssumeRole")
proto.RegisterType((*InstallerParams)(nil), "types.InstallerParams")
proto.RegisterType((*HTTPProxySettings)(nil), "types.HTTPProxySettings")
proto.RegisterType((*AWSSSM)(nil), "types.AWSSSM")
proto.RegisterType((*AzureInstallerParams)(nil), "types.AzureInstallerParams")
proto.RegisterType((*AzureMatcher)(nil), "types.AzureMatcher")
proto.RegisterType((*GCPMatcher)(nil), "types.GCPMatcher")
proto.RegisterType((*KubernetesMatcher)(nil), "types.KubernetesMatcher")
proto.RegisterType((*OktaOptions)(nil), "types.OktaOptions")
proto.RegisterType((*AccessGraphSync)(nil), "types.AccessGraphSync")
proto.RegisterType((*AccessGraphAWSSyncCloudTrailLogs)(nil), "types.AccessGraphAWSSyncCloudTrailLogs")
proto.RegisterType((*AccessGraphAWSSyncEKSAuditLogs)(nil), "types.AccessGraphAWSSyncEKSAuditLogs")
proto.RegisterType((*AccessGraphAWSSync)(nil), "types.AccessGraphAWSSync")
proto.RegisterType((*AccessGraphAzureSync)(nil), "types.AccessGraphAzureSync")
proto.RegisterType((*TargetHealth)(nil), "types.TargetHealth")
}
func init() { proto.RegisterFile("teleport/legacy/types/types.proto", fileDescriptor_9198ee693835762e) }
var fileDescriptor_9198ee693835762e = []byte{
// 35141 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xfd, 0x7b, 0x90, 0x1c, 0x49,
0x7a, 0x18, 0x86, 0x5f, 0x77, 0xcf, 0xa3, 0xe7, 0x9b, 0x57, 0x4f, 0xce, 0x00, 0x18, 0x0c, 0x16,
0xdb, 0xd8, 0xda, 0x5d, 0x2c, 0xb0, 0x0f, 0x60, 0x01, 0xdc, 0xe2, 0x6e, 0xdf, 0xd7, 0xf3, 0x00,
0x66, 0x80, 0x19, 0xa0, 0xb7, 0x7a, 0x06, 0xb3, 0xcb, 0x7b, 0xd4, 0xd5, 0x74, 0xe7, 0xf4, 0xd4,
0x4e, 0x77, 0x55, 0x5f, 0x55, 0xf5, 0x00, 0xc3, 0x23, 0x7f, 0x92, 0x7e, 0xe2, 0x59, 0xa4, 0xe8,
0xe3, 0x4b, 0xa4, 0x78, 0x8a, 0x10, 0x19, 0x0c, 0x85, 0xe8, 0x90, 0xa5, 0xa0, 0x1f, 0xa4, 0x64,
0xcb, 0x21, 0x9b, 0x22, 0x2d, 0x51, 0xb2, 0x15, 0x36, 0xc9, 0xb0, 0xe4, 0xb0, 0x7d, 0xc1, 0x18,
0x86, 0x4c, 0x86, 0x43, 0x46, 0x84, 0x15, 0xb4, 0x1d, 0xa1, 0x08, 0x1f, 0x43, 0x61, 0x47, 0x7e,
0x99, 0x59, 0x95, 0x59, 0x55, 0xdd, 0xd3, 0xb3, 0x8b, 0xa5, 0x88, 0x0b, 0xfe, 0x03, 0x4c, 0x7f,
0xf9, 0x7d, 0x5f, 0x3e, 0x2a, 0x1f, 0x5f, 0x7e, 0xf9, 0x3d, 0xe0, 0xb9, 0x90, 0xb6, 0x68, 0xc7,
0xf3, 0xc3, 0xab, 0x2d, 0xda, 0xb4, 0xeb, 0x87, 0x57, 0xc3, 0xc3, 0x0e, 0x0d, 0xf8, 0xbf, 0x57,
0x3a, 0xbe, 0x17, 0x7a, 0x64, 0x18, 0x7f, 0x2c, 0xcc, 0x35, 0xbd, 0xa6, 0x87, 0x90, 0xab, 0xec,
0x2f, 0x5e, 0xb8, 0xf0, 0x6c, 0xd3, 0xf3, 0x9a, 0x2d, 0x7a, 0x15, 0x7f, 0xed, 0x74, 0x77, 0xaf,
0x36, 0xba, 0xbe, 0x1d, 0x3a, 0x9e, 0x2b, 0xca, 0xcb, 0xc9, 0xf2, 0xd0, 0x69, 0xd3, 0x20, 0xb4,
0xdb, 0x1d, 0x81, 0x70, 0x39, 0x6a, 0x80, 0x1d, 0x86, 0xac, 0x84, 0x11, 0x5f, 0x3d, 0xb8, 0xa6,
0xfe, 0x14, 0xa8, 0x37, 0x23, 0xd4, 0xba, 0xd7, 0xee, 0x78, 0x2e, 0x75, 0xc3, 0x5d, 0x6a, 0x87,
0x5d, 0x9f, 0x06, 0x8c, 0x20, 0x02, 0x5a, 0x12, 0x2a, 0xe8, 0x5e, 0xc8, 0xee, 0x63, 0x9b, 0x86,
0x76, 0xc3, 0x0e, 0x6d, 0x81, 0x75, 0xb1, 0x07, 0xd6, 0xae, 0x6d, 0x35, 0xe8, 0x81, 0x53, 0xa7,
0xa9, 0x56, 0xe8, 0x23, 0xe6, 0x77, 0x83, 0x90, 0x36, 0x04, 0xae, 0xe5, 0xd3, 0x6f, 0x74, 0x1d,
0x9f, 0xb6, 0xa9, 0x1b, 0x0a, 0xba, 0xd7, 0xb2, 0xe9, 0x1e, 0xfa, 0x76, 0xa7, 0x43, 0xfd, 0xf8,
0x0f, 0x8e, 0x6e, 0xfc, 0x62, 0x01, 0xc6, 0xee, 0x52, 0xda, 0xa9, 0xb4, 0x9c, 0x03, 0x4a, 0x9e,
0x87, 0xa1, 0x7b, 0x76, 0x9b, 0xce, 0xe7, 0x2e, 0xe4, 0x2e, 0x8d, 0x2d, 0x4e, 0x3f, 0x3e, 0x2a,
0x8f, 0x07, 0xd4, 0x3f, 0xa0, 0xbe, 0xe5, 0xda, 0x6d, 0x6a, 0x62, 0x21, 0x79, 0x05, 0xc6, 0xd8,
0xff, 0x41, 0xc7, 0xae, 0xd3, 0xf9, 0x3c, 0x62, 0x4e, 0x3e, 0x3e, 0x2a, 0x8f, 0xb9, 0x12, 0x68,
0xc6, 0xe5, 0x64, 0x0d, 0x46, 0x57, 0x1e, 0x75, 0x1c, 0x9f, 0x06, 0xf3, 0x43, 0x17, 0x72, 0x97,
0xc6, 0xaf, 0x2f, 0x5c, 0xe1, 0x9f, 0xea, 0x8a, 0xfc, 0x54, 0x57, 0x36, 0xe5, 0xa7, 0x5a, 0x9c,
0xfd, 0x6f, 0x8e, 0xca, 0x9f, 0x7b, 0x7c, 0x54, 0x1e, 0xa5, 0x9c, 0xe4, 0xa7, 0x7e, 0xbf, 0x9c,
0x33, 0x25, 0x3d, 0x79, 0x07, 0x86, 0x36, 0x0f, 0x3b, 0x74, 0x7e, 0xec, 0x42, 0xee, 0xd2, 0xd4,
0xf5, 0x67, 0xaf, 0xf0, 0xc9, 0x13, 0x35, 0x3e, 0xfe, 0x8b, 0x61, 0x2d, 0x16, 0x1f, 0x1f, 0x95,
0x87, 0x18, 0x8a, 0x89, 0x54, 0xe4, 0x35, 0x18, 0x59, 0xf5, 0x82, 0x70, 0x6d, 0x79, 0x1e, 0xb0,
0xc9, 0xa7, 0x1e, 0x1f, 0x95, 0x67, 0xf6, 0xbc, 0x20, 0xb4, 0x9c, 0xc6, 0xab, 0x5e, 0xdb, 0x09,
0x69, 0xbb, 0x13, 0x1e, 0x9a, 0x02, 0xc9, 0x78, 0x04, 0x93, 0x1a, 0x3f, 0x32, 0x0e, 0xa3, 0x5b,
0xf7, 0xee, 0xde, 0xbb, 0xbf, 0x7d, 0xaf, 0xf4, 0x39, 0x52, 0x84, 0xa1, 0x7b, 0xf7, 0x97, 0x57,
0x4a, 0x39, 0x32, 0x0a, 0x85, 0x4a, 0xb5, 0x5a, 0xca, 0x93, 0x09, 0x28, 0x2e, 0x57, 0x36, 0x2b,
0x8b, 0x95, 0xda, 0x4a, 0xa9, 0x40, 0x66, 0x61, 0x7a, 0x7b, 0xed, 0xde, 0xf2, 0xfd, 0xed, 0x9a,
0xb5, 0xbc, 0x52, 0xbb, 0xbb, 0x79, 0xbf, 0x5a, 0x1a, 0x22, 0x53, 0x00, 0x77, 0xb7, 0x16, 0x57,
0xcc, 0x7b, 0x2b, 0x9b, 0x2b, 0xb5, 0xd2, 0x30, 0x99, 0x83, 0x92, 0x24, 0xb1, 0x6a, 0x2b, 0xe6,
0x83, 0xb5, 0xa5, 0x95, 0xd2, 0xc8, 0x9d, 0xa1, 0x62, 0xa1, 0x34, 0x64, 0x8e, 0xae, 0x53, 0x3b,
0xa0, 0x6b, 0xcb, 0xc6, 0xcf, 0x0c, 0x41, 0xd1, 0xf4, 0xf8, 0x04, 0x25, 0x97, 0x61, 0xb8, 0x16,
0xda, 0xa1, 0xfc, 0x40, 0xb3, 0x8f, 0x8f, 0xca, 0xd3, 0x6c, 0xf2, 0x52, 0xa5, 0x07, 0x1c, 0x83,
0xa1, 0x56, 0xf7, 0xec, 0x40, 0x7e, 0x21, 0x44, 0xed, 0x30, 0x80, 0x8a, 0x8a, 0x18, 0xe4, 0x22,
0x0c, 0x6d, 0x78, 0x0d, 0x3a, 0x5f, 0x40, 0x4c, 0xf2, 0xf8, 0xa8, 0x3c, 0xd5, 0xf6, 0x1a, 0x2a,
0x22, 0x96, 0x93, 0x57, 0x61, 0x6c, 0xa9, 0xeb, 0xfb, 0xd4, 0x65, 0xa3, 0x38, 0x84, 0xc8, 0x53,
0x8f, 0x8f, 0xca, 0x50, 0xe7, 0x40, 0xcb, 0x69, 0x98, 0x31, 0x02, 0xa9, 0xc1, 0x68, 0x2d, 0xb4,
0xfd, 0x90, 0x36, 0xe6, 0x87, 0x8f, 0xfd, 0xf2, 0xe7, 0xc5, 0x97, 0x9f, 0x09, 0x38, 0x49, 0x5c,
0x37, 0x9f, 0x03, 0x82, 0x13, 0x59, 0x85, 0xf1, 0xdb, 0xbe, 0x5d, 0xa7, 0x55, 0xea, 0x3b, 0x5e,
0x63, 0x7e, 0xe4, 0x42, 0xee, 0x52, 0x61, 0xf1, 0xe2, 0xe3, 0xa3, 0xf2, 0xe9, 0x26, 0x03, 0x5b,
0x1d, 0x84, 0xc7, 0xd4, 0xdf, 0x3b, 0x2a, 0x17, 0x97, 0xc5, 0x56, 0x61, 0xaa, 0xa4, 0xe4, 0xeb,
0x30, 0xbe, 0x6e, 0x07, 0x21, 0x0e, 0x2d, 0x6d, 0xcc, 0x8f, 0x1e, 0xdb, 0x44, 0x43, 0x34, 0xf1,
0x74, 0xcb, 0x0e, 0x42, 0xcb, 0xe7, 0x74, 0x89, 0x76, 0xaa, 0x2c, 0xc9, 0x7d, 0x28, 0xd6, 0xea,
0x7b, 0xb4, 0xd1, 0x6d, 0xd1, 0xf9, 0x22, 0xb2, 0x3f, 0x23, 0xe6, 0xac, 0xfc, 0x9e, 0xb2, 0x78,
0x71, 0x41, 0xf0, 0x26, 0x81, 0x80, 0x28, 0x63, 0x1f, 0x31, 0x79, 0xab, 0xf8, 0x9d, 0x5f, 0x2a,
0x7f, 0xee, 0xcf, 0xff, 0xde, 0x85, 0xcf, 0x19, 0xff, 0x79, 0x1e, 0x4a, 0x49, 0x26, 0x64, 0x17,
0x26, 0xb7, 0x3a, 0x0d, 0x3b, 0xa4, 0x4b, 0x2d, 0x87, 0xba, 0x61, 0x80, 0x93, 0xa4, 0x7f, 0x9f,
0x5e, 0x10, 0xf5, 0xce, 0x77, 0x91, 0xd0, 0xaa, 0x73, 0xca, 0x44, 0xaf, 0x74, 0xb6, 0x71, 0x3d,
0x35, 0xdc, 0x1a, 0x02, 0x9c, 0x61, 0x27, 0xab, 0x87, 0x6f, 0x2a, 0x3d, 0xea, 0x11, 0x6c, 0xc5,
0x04, 0x72, 0x1b, 0x3b, 0x87, 0x38, 0x33, 0x07, 0x9f, 0x40, 0x8c, 0x24, 0x63, 0x02, 0x31, 0xb0,
0xf1, 0x87, 0x39, 0x98, 0x32, 0x69, 0xe0, 0x75, 0xfd, 0x3a, 0x5d, 0xa5, 0x76, 0x83, 0xfa, 0x6c,
0xfa, 0xdf, 0x75, 0xdc, 0x86, 0x58, 0x53, 0x38, 0xfd, 0xf7, 0x1d, 0x57, 0xdd, 0x14, 0xb0, 0x9c,
0xbc, 0x0e, 0xa3, 0xb5, 0xee, 0x0e, 0xa2, 0xf2, 0x35, 0x75, 0x1a, 0xbf, 0x58, 0x77, 0xc7, 0x4a,
0xa0, 0x4b, 0x34, 0x72, 0x15, 0x46, 0x1f, 0x50, 0x3f, 0x70, 0x3c, 0x57, 0xac, 0x2d, 0xdc, 0x74,
0x0e, 0x38, 0x48, 0x25, 0x10, 0x58, 0xe4, 0x36, 0x14, 0x37, 0xc4, 0x71, 0x21, 0xb6, 0xcb, 0x69,
0x31, 0x65, 0x24, 0x38, 0x9e, 0x2a, 0xf2, 0x5c, 0x51, 0xa7, 0x8a, 0xc4, 0x32, 0xfe, 0x75, 0x1e,
0x4a, 0xcb, 0x76, 0x68, 0xef, 0xd8, 0x81, 0x18, 0xcf, 0x07, 0x37, 0xc8, 0x33, 0x5a, 0x47, 0x71,
0x83, 0x64, 0x2d, 0xff, 0xc4, 0xdd, 0x7b, 0x31, 0xd9, 0xbd, 0x71, 0xb6, 0x77, 0x8b, 0xee, 0xc5,
0x9d, 0x7a, 0xf7, 0xf8, 0x4e, 0x95, 0x44, 0xa7, 0x8a, 0xb2, 0x53, 0x71, 0x57, 0xc8, 0xbb, 0x30,
0x54, 0xeb, 0xd0, 0xba, 0xd8, 0x44, 0xce, 0x09, 0x52, 0xbd, 0x73, 0x0c, 0xe1, 0xc1, 0x8d, 0xc5,
0x09, 0xc1, 0x66, 0x28, 0xe8, 0xd0, 0xba, 0x89, 0x64, 0x64, 0x05, 0x46, 0xd8, 0x86, 0xd8, 0x0d,
0x70, 0xb3, 0x18, 0xbf, 0x7e, 0x3e, 0x9b, 0x01, 0xa2, 0x3c, 0xb8, 0xb1, 0x38, 0x25, 0x58, 0x8c,
0x04, 0x08, 0x31, 0x05, 0x31, 0x99, 0x83, 0xe1, 0xa0, 0xee, 0x75, 0x28, 0x6e, 0x14, 0x63, 0x26,
0xff, 0xa1, 0xac, 0xc8, 0x7f, 0x53, 0x80, 0xb9, 0xac, 0x36, 0xa9, 0x83, 0x34, 0xd2, 0x67, 0x90,
0x2e, 0x41, 0x91, 0x9d, 0x3c, 0xec, 0x0c, 0xe5, 0x55, 0x2c, 0x4e, 0xb0, 0xf1, 0xd8, 0x13, 0x30,
0x33, 0x2a, 0x25, 0xcf, 0x47, 0x07, 0x59, 0x31, 0xe6, 0x27, 0x0e, 0x32, 0x79, 0x7c, 0xb1, 0x89,
0x24, 0xf7, 0x07, 0x3c, 0xef, 0xe2, 0x31, 0x97, 0xe0, 0x78, 0x22, 0xf9, 0x02, 0xa2, 0x4e, 0xa4,
0xe8, 0xc4, 0x59, 0x81, 0xa2, 0xec, 0xd6, 0xfc, 0x04, 0x32, 0x9a, 0x49, 0x0c, 0xe0, 0x83, 0x1b,
0x7c, 0xa6, 0x34, 0xc4, 0x6f, 0x95, 0x8d, 0xc4, 0x21, 0x37, 0xa0, 0x58, 0xf5, 0xbd, 0x47, 0x87,
0x6b, 0xcb, 0xc1, 0xfc, 0xe4, 0x85, 0xc2, 0xa5, 0xb1, 0xc5, 0x33, 0x8f, 0x8f, 0xca, 0xb3, 0x1d,
0x06, 0xb3, 0x9c, 0x46, 0xa0, 0x12, 0x49, 0x44, 0x52, 0x86, 0x71, 0x9f, 0xb6, 0xec, 0x43, 0xab,
0xe9, 0x7b, 0xdd, 0xce, 0xfc, 0x14, 0x8e, 0x3c, 0x20, 0xe8, 0x36, 0x83, 0x90, 0x73, 0x30, 0xc6,
0x11, 0x9c, 0x46, 0x30, 0x3f, 0xcd, 0xd8, 0x9a, 0x45, 0x04, 0xac, 0x35, 0x82, 0x3b, 0x43, 0xc5,
0x5c, 0x29, 0x7f, 0x67, 0xa8, 0x98, 0x2f, 0x15, 0xf8, 0x99, 0x7a, 0x67, 0xa8, 0x38, 0x54, 0x1a,
0xbe, 0x33, 0x54, 0x1c, 0xc6, 0x53, 0x76, 0xac, 0x04, 0x77, 0x86, 0x8a, 0xe3, 0xa5, 0x09, 0x73,
0x7c, 0x99, 0x06, 0x75, 0xdf, 0xe9, 0xe0, 0x21, 0xc1, 0xaa, 0x0f, 0xbd, 0xba, 0xd7, 0x32, 0x0b,
0x5b, 0xe6, 0x9a, 0x39, 0xb2, 0x54, 0x59, 0xa2, 0x7e, 0x68, 0x16, 0x2a, 0xdb, 0x35, 0x73, 0x72,
0xf9, 0xd0, 0xb5, 0xdb, 0x4e, 0x7d, 0xdd, 0xde, 0xa1, 0xad, 0xc0, 0x2c, 0xdc, 0x5e, 0xaa, 0x1a,
0x2e, 0x9c, 0xce, 0x9e, 0x4a, 0x64, 0x13, 0x26, 0x36, 0x6d, 0xbf, 0x49, 0xc3, 0x55, 0x6a, 0xb7,
0xc2, 0x3d, 0x6c, 0xff, 0xf8, 0xf5, 0x59, 0x31, 0x7c, 0x6a, 0xd1, 0xe2, 0xb9, 0xc7, 0x47, 0xe5,
0x33, 0x21, 0x42, 0xac, 0x3d, 0x04, 0x29, 0x03, 0xa2, 0x71, 0x31, 0x2a, 0x30, 0x15, 0x8f, 0xfc,
0xba, 0x13, 0x84, 0xe4, 0x2a, 0x8c, 0x49, 0x08, 0xdb, 0xf3, 0x0b, 0x99, 0xdf, 0xc8, 0x8c, 0x71,
0x8c, 0x7f, 0x92, 0x07, 0x88, 0x4b, 0x9e, 0xd2, 0x6d, 0xe1, 0x0b, 0xda, 0xb6, 0x70, 0x2a, 0xb9,
0xaa, 0x7b, 0x6f, 0x08, 0xef, 0x27, 0x36, 0x84, 0x33, 0x49, 0xd2, 0x63, 0xb6, 0x02, 0x65, 0xd1,
0xff, 0xe2, 0x68, 0xfc, 0x31, 0xc4, 0x72, 0xbf, 0x04, 0xd1, 0x04, 0x12, 0x03, 0x8a, 0xeb, 0xb8,
0x23, 0x27, 0x55, 0x54, 0x4a, 0xce, 0x02, 0x9b, 0x60, 0x62, 0x50, 0x47, 0x1f, 0x1f, 0x95, 0x0b,
0x5d, 0xdf, 0xc1, 0x49, 0x47, 0xae, 0x82, 0x98, 0x76, 0x62, 0x00, 0xd9, 0x5a, 0x99, 0xa9, 0xdb,
0x56, 0x9d, 0xfa, 0x61, 0x3c, 0xe2, 0xf3, 0x39, 0x39, 0x3b, 0x49, 0x07, 0xf4, 0xa9, 0x39, 0x3f,
0x84, 0xd3, 0xe0, 0x52, 0xe6, 0xa8, 0x5c, 0xd1, 0x50, 0x57, 0xdc, 0xd0, 0x3f, 0x5c, 0xbc, 0x20,
0x0f, 0xe8, 0x06, 0x2f, 0xb3, 0x5a, 0x58, 0xa8, 0x7c, 0x5e, 0xbd, 0x02, 0x72, 0x03, 0xd8, 0x8a,
0x10, 0xa3, 0x0f, 0xa2, 0x9e, 0xca, 0x76, 0x6d, 0xf1, 0x94, 0xe0, 0x34, 0x69, 0x3f, 0x54, 0xc9,
0x19, 0x36, 0x79, 0x1b, 0xd8, 0x92, 0x11, 0xe3, 0x4e, 0x04, 0xd1, 0xed, 0xa5, 0xea, 0x52, 0xcb,
0xeb, 0x36, 0x6a, 0x1f, 0xac, 0xc7, 0xc4, 0xcd, 0x7a, 0x47, 0x25, 0xbe, 0xbd, 0x54, 0x25, 0x6f,
0xc3, 0x70, 0xe5, 0x07, 0xbb, 0x3e, 0x15, 0xa2, 0xda, 0x84, 0xac, 0x93, 0xc1, 0x16, 0xcf, 0x08,
0xc2, 0x69, 0x9b, 0xfd, 0x54, 0x45, 0x5c, 0x2c, 0x67, 0x35, 0x6f, 0xae, 0xd7, 0x84, 0x18, 0x46,
0x12, 0xc3, 0xb2, 0xb9, 0xae, 0x34, 0x3b, 0xd4, 0x7a, 0xcd, 0xa8, 0xc8, 0x55, 0xc8, 0x57, 0x96,
0xf1, 0xda, 0x31, 0x7e, 0x7d, 0x4c, 0x56, 0xbb, 0xbc, 0x38, 0x27, 0x48, 0x26, 0x6c, 0x75, 0x19,
0xe4, 0x2b, 0xcb, 0x64, 0x11, 0x86, 0x37, 0x0e, 0x6b, 0x1f, 0xac, 0x8b, 0xad, 0x57, 0x2e, 0x79,
0x84, 0xdd, 0xc7, 0x6d, 0x26, 0x88, 0x5b, 0xdc, 0x3e, 0x0c, 0xbe, 0xd1, 0x52, 0x5b, 0x8c, 0x68,
0xa4, 0x0a, 0x63, 0x95, 0x46, 0xdb, 0x71, 0xb7, 0x02, 0xea, 0xcf, 0x8f, 0x23, 0x9f, 0xf9, 0x44,
0xbb, 0xa3, 0xf2, 0xc5, 0xf9, 0xc7, 0x47, 0xe5, 0x39, 0x9b, 0xfd, 0xb4, 0xba, 0x01, 0xf5, 0x15,
0x6e, 0x31, 0x13, 0x52, 0x05, 0xd8, 0xf0, 0xdc, 0xa6, 0x57, 0x09, 0x5b, 0x76, 0x90, 0xd8, 0xcc,
0xe3, 0x82, 0x48, 0x92, 0x3a, 0xd5, 0x66, 0x30, 0xcb, 0x66, 0x40, 0x85, 0xa1, 0xc2, 0x83, 0xdc,
0x82, 0x91, 0xfb, 0xbe, 0x5d, 0x6f, 0xd1, 0xf9, 0x49, 0xe4, 0x36, 0x27, 0xb8, 0x71, 0xa0, 0xec,
0xe9, 0xbc, 0x60, 0x58, 0xf2, 0x10, 0xac, 0x5e, 0xb6, 0x38, 0xe2, 0xc2, 0x36, 0x90, 0xf4, 0x9c,
0x24, 0x25, 0x28, 0xec, 0xd3, 0x43, 0xbe, 0x8a, 0x4c, 0xf6, 0x27, 0x79, 0x05, 0x86, 0x0f, 0xec,
0x56, 0x97, 0x0a, 0x89, 0x53, 0x2e, 0xfa, 0x25, 0xaf, 0xdd, 0xb6, 0xdd, 0x06, 0xd2, 0x3e, 0xb8,
0x6e, 0x72, 0x9c, 0xb7, 0xf2, 0x5f, 0xcc, 0x19, 0xdf, 0x80, 0x99, 0xd4, 0x60, 0xb1, 0xfd, 0x4e,
0xb9, 0xe4, 0xe2, 0x7e, 0xa7, 0xdc, 0x6e, 0xdf, 0x83, 0xe9, 0x65, 0xba, 0x6b, 0x77, 0x5b, 0x61,
0x74, 0xee, 0xf1, 0x25, 0x3a, 0xc7, 0xba, 0xd0, 0xe0, 0x45, 0x96, 0x3c, 0xec, 0xcc, 0x24, 0xb2,
0xf1, 0x3b, 0x39, 0x98, 0xd4, 0xfa, 0x4f, 0x6e, 0xc2, 0x58, 0xa5, 0xdb, 0x70, 0x42, 0xfc, 0x92,
0xbc, 0x52, 0xfe, 0xbd, 0x18, 0x30, 0xfd, 0xbd, 0x24, 0x2a, 0x79, 0x13, 0xc0, 0xa4, 0xa1, 0x7f,
0xb8, 0xe4, 0x75, 0xdd, 0x10, 0x1b, 0x31, 0xbc, 0x78, 0x96, 0x7d, 0x18, 0x9f, 0x41, 0xad, 0x3a,
0x03, 0xab, 0x1f, 0x26, 0x46, 0x26, 0x77, 0xa1, 0x54, 0xdb, 0xeb, 0xee, 0xee, 0xb6, 0xa8, 0x14,
0x1b, 0x02, 0xdc, 0x4a, 0x8a, 0x8b, 0xe5, 0xc7, 0x47, 0xe5, 0x73, 0x01, 0x2f, 0xb3, 0xa4, 0x74,
0xa1, 0x7e, 0xdf, 0x14, 0xa1, 0xf1, 0x37, 0x55, 0x59, 0x52, 0x1e, 0x6e, 0xaf, 0x45, 0x5b, 0x54,
0x2e, 0x96, 0x6c, 0x53, 0x5b, 0x54, 0xb4, 0x41, 0x5d, 0xe6, 0xdb, 0x45, 0x3e, 0xb5, 0x5d, 0x8c,
0x8b, 0xc9, 0x51, 0xb0, 0x1f, 0x06, 0x7c, 0x93, 0x88, 0x16, 0x4f, 0xe1, 0x93, 0x2f, 0x9e, 0xf7,
0x61, 0x62, 0xc3, 0x76, 0xed, 0x26, 0x6d, 0xb0, 0x91, 0xe4, 0xdb, 0xe1, 0x18, 0x3f, 0x65, 0xdb,
0x1c, 0x8e, 0xe3, 0xae, 0xf6, 0x5b, 0x23, 0x20, 0xd7, 0xe4, 0x66, 0x33, 0x9c, 0xb1, 0xd9, 0x4c,
0x8a, 0xda, 0x87, 0x71, 0xb3, 0x11, 0x5b, 0x8c, 0xf1, 0xeb, 0x80, 0x7d, 0x24, 0xaf, 0xc2, 0x88,
0x49, 0x9b, 0xec, 0xf4, 0xcb, 0xc5, 0xf3, 0xc6, 0x47, 0x88, 0x3a, 0x30, 0x1c, 0x07, 0x05, 0x35,
0xda, 0x08, 0xf6, 0x9c, 0xdd, 0x50, 0x8c, 0x4e, 0x24, 0xa8, 0x09, 0xb0, 0x22, 0xa8, 0x09, 0x88,
0x26, 0xa8, 0x09, 0x18, 0xdb, 0x90, 0xcd, 0xe5, 0x9a, 0x18, 0x34, 0x39, 0xc2, 0xe6, 0xb2, 0xb2,
0xb3, 0xf9, 0x9a, 0x98, 0xc5, 0xb0, 0x71, 0x6a, 0xd6, 0x71, 0x22, 0x45, 0x37, 0x7a, 0x3e, 0x35,
0x39, 0x50, 0x57, 0x8d, 0xc4, 0xa8, 0xa4, 0x06, 0xe3, 0x2b, 0xec, 0x1a, 0xec, 0x2c, 0xd9, 0xf5,
0x3d, 0x39, 0x48, 0x72, 0x5b, 0x55, 0x4a, 0xe2, 0xcd, 0x84, 0x22, 0xb0, 0xce, 0x80, 0x0a, 0x4b,
0x95, 0x0b, 0xd9, 0x84, 0xf1, 0x1a, 0xad, 0xfb, 0x34, 0xac, 0x85, 0x9e, 0x4f, 0x13, 0xa7, 0x84,
0x52, 0xb2, 0xf8, 0xac, 0xbc, 0x89, 0x07, 0x08, 0xb4, 0x02, 0x06, 0x55, 0xb9, 0x2a, 0xc8, 0xfc,
0x4a, 0xd5, 0xf6, 0xfc, 0xc3, 0xe5, 0x45, 0x71, 0x72, 0xc4, 0x62, 0x06, 0x07, 0xab, 0x57, 0x2a,
0x06, 0x69, 0xec, 0xe8, 0x57, 0x2a, 0x8e, 0x85, 0x5f, 0x6a, 0xb9, 0x86, 0xc2, 0xa9, 0x38, 0x47,
0xa6, 0xe3, 0x51, 0x46, 0xb0, 0xf2, 0xa5, 0x1a, 0x01, 0x8a, 0xb6, 0xda, 0x97, 0x12, 0x58, 0xa4,
0x03, 0x44, 0x7e, 0x35, 0x2e, 0x31, 0xb6, 0x68, 0x10, 0x88, 0xe3, 0xe5, 0x6c, 0xe2, 0xe3, 0xc7,
0x08, 0x8b, 0x2f, 0x0a, 0xe6, 0xe7, 0xe5, 0x34, 0x10, 0xb7, 0x68, 0x56, 0xa8, 0xd4, 0x93, 0xc1,
0x9b, 0xed, 0x24, 0x2b, 0x8f, 0x42, 0xea, 0xbb, 0x76, 0x2b, 0xd2, 0x7f, 0xe1, 0x4e, 0x42, 0x05,
0x54, 0xff, 0xd0, 0x0a, 0x32, 0x59, 0x82, 0xc9, 0x4a, 0x10, 0x74, 0xdb, 0xd4, 0xf4, 0x5a, 0xb4,
0x62, 0xde, 0xc3, 0xa3, 0x68, 0x6c, 0xf1, 0xfc, 0xe3, 0xa3, 0xf2, 0x59, 0x1b, 0x0b, 0x2c, 0xdf,
0x6b, 0x51, 0xcb, 0xf6, 0xd5, 0xd9, 0xad, 0xd3, 0x90, 0xfb, 0x00, 0xf7, 0x3b, 0xd4, 0xad, 0x51,
0xdb, 0xaf, 0xef, 0x25, 0x4e, 0x9e, 0xb8, 0x60, 0xf1, 0x19, 0xd1, 0xc3, 0x39, 0xaf, 0x43, 0xdd,
0x00, 0x61, 0x6a, 0xab, 0x62, 0x4c, 0xb2, 0x0d, 0xd3, 0x6b, 0x95, 0x8d, 0xaa, 0xd7, 0x72, 0xea,
0x87, 0x42, 0x98, 0x9b, 0x42, 0xad, 0xe0, 0x69, 0xc1, 0x35, 0x51, 0xca, 0xb7, 0x27, 0xc7, 0x6e,
0x5b, 0x1d, 0x84, 0x5a, 0x42, 0xa4, 0x4b, 0x72, 0x21, 0x1f, 0xb1, 0x39, 0x18, 0x30, 0xf9, 0x74,
0xd3, 0x6e, 0xf2, 0x3b, 0x45, 0x7c, 0xe7, 0xac, 0x6c, 0xd7, 0xae, 0x28, 0xa5, 0x5c, 0x72, 0x5a,
0xe0, 0x13, 0x11, 0xa1, 0x56, 0x68, 0x37, 0x03, 0x7d, 0x22, 0x46, 0xd8, 0xe4, 0x0e, 0xc0, 0xb2,
0x57, 0xef, 0xb6, 0xa9, 0x1b, 0x2e, 0x2f, 0xce, 0x97, 0xf4, 0xbb, 0x54, 0x54, 0x10, 0x6f, 0x6d,
0x0d, 0xaf, 0xae, 0xcd, 0x44, 0x85, 0x9a, 0xfc, 0x10, 0x9c, 0x52, 0x56, 0x8e, 0x32, 0x8b, 0x66,
0x90, 0xed, 0x33, 0xe9, 0x95, 0xa8, 0x4c, 0xa4, 0x4b, 0xa2, 0x86, 0x0b, 0xca, 0x9a, 0xcc, 0x9e,
0x4b, 0xd9, 0x95, 0x2c, 0xbc, 0x07, 0xa5, 0xe4, 0x30, 0x64, 0x1c, 0xd6, 0x73, 0xea, 0x61, 0x3d,
0xa6, 0x9c, 0xca, 0x77, 0x86, 0x8a, 0x93, 0xa5, 0x29, 0x65, 0xec, 0x57, 0x1e, 0x39, 0x41, 0x18,
0x18, 0xdf, 0xd4, 0xd6, 0x3f, 0xdb, 0x9b, 0xee, 0xd2, 0xc3, 0xaa, 0x4f, 0x77, 0x9d, 0x47, 0xea,
0xb1, 0xb9, 0x4f, 0x0f, 0xad, 0x0e, 0x42, 0xd5, 0xbd, 0x29, 0x42, 0x25, 0x9f, 0x87, 0xe2, 0xdd,
0x8d, 0xda, 0x5d, 0x7a, 0xb8, 0xb6, 0x2c, 0x4e, 0x6e, 0x4e, 0xd6, 0x0e, 0x2c, 0x46, 0xaa, 0xcd,
0xf4, 0x08, 0xd3, 0x58, 0x8c, 0xf7, 0x61, 0x56, 0xf3, 0x52, 0xab, 0x1b, 0x84, 0xd4, 0x5f, 0x5b,
0x56, 0x6b, 0xae, 0x73, 0x60, 0x62, 0x57, 0x8c, 0x50, 0x8d, 0xff, 0x37, 0x8f, 0x7b, 0x30, 0x5b,
0x6e, 0x6b, 0x6e, 0x10, 0xda, 0x6e, 0x9d, 0x46, 0x0c, 0x70, 0xb9, 0x39, 0x02, 0x9a, 0x58, 0x6e,
0x31, 0xb2, 0x5e, 0x75, 0x7e, 0xe0, 0xaa, 0xb9, 0xac, 0xc0, 0xb5, 0x5a, 0x6b, 0xcb, 0xe2, 0xd6,
0x20, 0x64, 0x05, 0x0e, 0x4d, 0x54, 0x19, 0x23, 0x93, 0x8b, 0x30, 0xba, 0x56, 0xd9, 0xa8, 0x74,
0xc3, 0x3d, 0x3c, 0x01, 0x8a, 0xfc, 0xc2, 0xc2, 0xd6, 0x8a, 0xdd, 0x0d, 0xf7, 0x4c, 0x59, 0x48,
0xae, 0xe2, 0x45, 0xd0, 0xa5, 0x61, 0x30, 0x3f, 0x8c, 0xc7, 0x29, 0xae, 0xa9, 0x80, 0x83, 0x12,
0xf7, 0x40, 0x06, 0x22, 0x2f, 0xc3, 0xf0, 0x83, 0xea, 0xd2, 0xda, 0xb2, 0xd0, 0x7b, 0xe0, 0x39,
0x78, 0xd0, 0xa9, 0xeb, 0x2d, 0xe1, 0x28, 0x64, 0x05, 0xa6, 0x6a, 0xb4, 0xde, 0xf5, 0x9d, 0x90,
0x5f, 0xed, 0x83, 0xf9, 0x51, 0xac, 0x03, 0xf7, 0x99, 0x40, 0x94, 0x70, 0x3d, 0x80, 0x5a, 0x57,
0x82, 0xc8, 0xf8, 0xcd, 0x5c, 0xbc, 0x49, 0x93, 0x8b, 0x9a, 0x9c, 0x87, 0x7a, 0x3d, 0x26, 0xd0,
0xa8, 0x7a, 0x3d, 0x94, 0xf8, 0x4c, 0x20, 0x4b, 0xdd, 0x20, 0xf4, 0xda, 0x2b, 0x6e, 0xa3, 0xe3,
0x39, 0x6e, 0x88, 0x54, 0x7c, 0xf0, 0x8d, 0xc7, 0x47, 0xe5, 0x67, 0xeb, 0x58, 0x6a, 0x51, 0x51,
0x6c, 0x25, 0xb8, 0x64, 0x50, 0x7f, 0x8a, 0xef, 0x61, 0xfc, 0xb3, 0xbc, 0x76, 0xb8, 0xb2, 0xe6,
0x99, 0xb4, 0xd3, 0x72, 0xea, 0xa8, 0x90, 0xc1, 0x8e, 0x46, 0xb3, 0x0a, 0x9b, 0xe7, 0xc7, 0xa5,
0x7c, 0x84, 0x74, 0xde, 0x19, 0xd4, 0xe4, 0x4b, 0x30, 0xc1, 0xe4, 0x1c, 0xf1, 0x33, 0x98, 0xcf,
0xe3, 0x60, 0x3f, 0x83, 0x1a, 0xda, 0x80, 0xfa, 0x11, 0x1b, 0x4d, 0x40, 0x52, 0x29, 0x48, 0x03,
0xe6, 0x37, 0x7d, 0xdb, 0x0d, 0x9c, 0x70, 0xc5, 0xad, 0xfb, 0x87, 0x28, 0x97, 0xad, 0xb8, 0xf6,
0x4e, 0x8b, 0x36, 0x84, 0xa4, 0x79, 0xe9, 0xf1, 0x51, 0xf9, 0x85, 0x90, 0xe3, 0x58, 0x34, 0x42,
0xb2, 0x28, 0xc7, 0x52, 0x38, 0xf7, 0xe4, 0xc4, 0xe4, 0x38, 0x39, 0xac, 0xf8, 0xf4, 0xc3, 0x45,
0x14, 0x94, 0xe3, 0xa2, 0xaf, 0xc1, 0xb6, 0x3a, 0xb5, 0x99, 0x2a, 0x81, 0x71, 0xbf, 0xc7, 0x46,
0x89, 0x0b, 0x8d, 0x81, 0x94, 0x19, 0xc2, 0x17, 0x1a, 0xee, 0x86, 0x89, 0x2f, 0x1c, 0xa3, 0x1a,
0xff, 0x26, 0x17, 0xcb, 0x13, 0xe4, 0x1d, 0x18, 0x17, 0x4b, 0x50, 0x61, 0x83, 0x07, 0x82, 0x5c,
0xaf, 0x09, 0x46, 0x2a, 0x3a, 0x79, 0x1d, 0x46, 0x2b, 0x4b, 0xeb, 0xca, 0x64, 0x43, 0xcd, 0x8a,
0x5d, 0x6f, 0x25, 0xa9, 0x24, 0x1a, 0x9b, 0x55, 0x9b, 0xeb, 0x35, 0x7d, 0x98, 0x71, 0x56, 0x85,
0xad, 0x20, 0x63, 0x5c, 0x15, 0xe4, 0x4f, 0x3f, 0x92, 0xff, 0x53, 0x2e, 0x4b, 0x6c, 0x21, 0x8b,
0x30, 0xb9, 0xed, 0xf9, 0xfb, 0x38, 0x61, 0x94, 0x41, 0xc0, 0xa9, 0xf4, 0x50, 0x16, 0x24, 0x3b,
0xa4, 0x93, 0xa8, 0x6d, 0x53, 0x46, 0x43, 0x6f, 0x5b, 0x82, 0x83, 0x46, 0xc0, 0xbe, 0x43, 0xc4,
0x31, 0x5a, 0x6e, 0xf8, 0x1d, 0xe2, 0x26, 0x68, 0x6b, 0x42, 0x45, 0x37, 0xfe, 0xab, 0x9c, 0x2a,
0x9e, 0xb0, 0x41, 0x5e, 0xf6, 0xda, 0xb6, 0xe3, 0x2a, 0xdd, 0xc1, 0x41, 0x6e, 0x20, 0x34, 0xd9,
0x12, 0x05, 0x99, 0xdc, 0x80, 0x22, 0xff, 0x15, 0x6d, 0xde, 0xa8, 0xe5, 0x14, 0x84, 0xfa, 0xc9,
0x23, 0x11, 0x53, 0x5f, 0xa6, 0x70, 0xd2, 0x2f, 0xf3, 0x1b, 0x39, 0x55, 0xb2, 0xf8, 0xa4, 0xa7,
0x57, 0xe2, 0xd4, 0xca, 0x9f, 0xe4, 0xd4, 0xfa, 0xd4, 0x5d, 0xf8, 0xad, 0x1c, 0x8c, 0x2b, 0x7a,
0x20, 0xd6, 0x87, 0xaa, 0xef, 0x7d, 0x4c, 0xeb, 0xa1, 0xde, 0x87, 0x0e, 0x07, 0x26, 0xfa, 0x10,
0xa1, 0x7e, 0x9a, 0x3e, 0x2c, 0xc1, 0x68, 0xa5, 0xd5, 0xf2, 0xd8, 0x35, 0x81, 0xdf, 0xa1, 0xa6,
0xa4, 0xd4, 0xc7, 0xa1, 0x8b, 0x67, 0xe5, 0x0b, 0x93, 0xcd, 0x00, 0x9a, 0x68, 0x26, 0x29, 0x8d,
0x9f, 0xcf, 0x45, 0x5c, 0x52, 0x83, 0x92, 0x3b, 0xe1, 0xa0, 0xb0, 0x4b, 0xbc, 0xfc, 0x7d, 0xff,
0x80, 0xfa, 0xbe, 0xd3, 0x90, 0x4b, 0x03, 0x2f, 0xf1, 0x11, 0x13, 0x4f, 0x14, 0xaa, 0x97, 0xf8,
0x24, 0xa1, 0xf1, 0x7f, 0xe6, 0xc4, 0x8d, 0x76, 0xe0, 0x63, 0x51, 0x3f, 0xc2, 0xf2, 0x27, 0x11,
0x29, 0xbe, 0x04, 0xc3, 0x26, 0x6d, 0x38, 0x81, 0x18, 0xc9, 0x19, 0xf5, 0xf6, 0x8c, 0x05, 0xb1,
0x94, 0xeb, 0xb3, 0x9f, 0xaa, 0x3c, 0x80, 0xe5, 0xec, 0xda, 0xb1, 0x16, 0xdc, 0x6a, 0xd1, 0x47,
0x0e, 0xdf, 0x6b, 0x84, 0x68, 0x82, 0xe2, 0x80, 0x13, 0x58, 0xbb, 0xac, 0x44, 0xc8, 0xac, 0xea,
0xbe, 0xa2, 0xd1, 0x18, 0x1f, 0x01, 0xc4, 0x55, 0xb2, 0xe1, 0x14, 0x93, 0xdd, 0x71, 0x9b, 0x5c,
0xf0, 0x14, 0x63, 0x80, 0xc3, 0x59, 0x8f, 0xca, 0xc4, 0x1d, 0x41, 0x1d, 0xce, 0x24, 0xa1, 0xf1,
0xbf, 0x15, 0x20, 0x5f, 0xc1, 0xf9, 0x76, 0x97, 0x1e, 0x86, 0xf6, 0xce, 0x2d, 0xa7, 0xa5, 0xed,
0x15, 0xfb, 0x08, 0xb5, 0x76, 0x1d, 0x4d, 0xdf, 0xa5, 0x20, 0xb3, 0xbd, 0xe2, 0xae, 0xbf, 0xf3,
0x06, 0x12, 0x2a, 0x7b, 0xc5, 0xbe, 0xbf, 0xf3, 0x46, 0x92, 0x2c, 0x42, 0x24, 0x06, 0x8c, 0xf0,
0x7d, 0x43, 0x2c, 0x31, 0x78, 0x7c, 0x54, 0x1e, 0xe1, 0xdb, 0x8b, 0x29, 0x4a, 0xc8, 0x59, 0x28,
0xd4, 0xaa, 0xf7, 0xc4, 0x06, 0x8f, 0x7a, 0xe5, 0xa0, 0xe3, 0x9a, 0x0c, 0xc6, 0xea, 0x5c, 0x5f,
0xae, 0x54, 0x51, 0x6d, 0x33, 0x1c, 0xd7, 0xd9, 0x6a, 0xd8, 0x9d, 0xa4, 0xe2, 0x26, 0x42, 0x24,
0xef, 0xc2, 0xf8, 0xdd, 0xe5, 0xa5, 0x55, 0x2f, 0xe0, 0x9b, 0xf3, 0x48, 0x3c, 0x8d, 0xf7, 0x1b,
0x75, 0x54, 0x21, 0xa5, 0x4e, 0x39, 0x05, 0x9f, 0x58, 0x70, 0x9a, 0xb1, 0x62, 0x9f, 0xc4, 0xa9,
0x53, 0xa1, 0x42, 0xb8, 0x17, 0x3f, 0x73, 0xbd, 0xf4, 0xf8, 0xa8, 0xfc, 0x3c, 0xb6, 0x20, 0xe0,
0x28, 0x96, 0x54, 0x3e, 0x24, 0xb8, 0xf6, 0x60, 0x43, 0xbe, 0x02, 0xa7, 0xd2, 0x25, 0xb5, 0xe8,
0x79, 0xec, 0xe2, 0xe3, 0xa3, 0xb2, 0x91, 0xc9, 0x3f, 0xd0, 0xe6, 0x6f, 0x36, 0x13, 0xe3, 0x5b,
0x79, 0x18, 0x57, 0xf4, 0xc4, 0xe4, 0xf3, 0xc2, 0x56, 0x22, 0xa7, 0x5d, 0x37, 0x15, 0x0c, 0x56,
0xca, 0x95, 0x8a, 0x6d, 0xaf, 0x41, 0x85, 0xe5, 0x44, 0xac, 0x2d, 0xcb, 0x0f, 0xa2, 0x2d, 0x7b,
0x13, 0x80, 0x4f, 0x61, 0x1c, 0x27, 0x45, 0x7a, 0x54, 0x8c, 0x71, 0xd4, 0x69, 0x15, 0x23, 0x93,
0x07, 0x30, 0xbb, 0xe9, 0x77, 0x83, 0xb0, 0x76, 0x18, 0x84, 0xb4, 0xcd, 0xb8, 0x55, 0x3d, 0xaf,
0x25, 0x96, 0xcf, 0x0b, 0xec, 0xd6, 0x87, 0x16, 0x44, 0x56, 0x80, 0xe5, 0xd8, 0x00, 0xab, 0xe3,
0x79, 0xaa, 0x0e, 0x2d, 0x8b, 0x81, 0x61, 0xc2, 0x84, 0xaa, 0x81, 0x63, 0xe7, 0xbe, 0x78, 0x57,
0x16, 0x4f, 0x3d, 0xca, 0xb9, 0x2f, 0x5a, 0x99, 0x7e, 0xe7, 0xd6, 0x49, 0x8c, 0xcf, 0xab, 0x0a,
0xe9, 0x41, 0xf7, 0x25, 0xe3, 0xff, 0x9f, 0x8b, 0x37, 0xf9, 0x07, 0xd7, 0xc8, 0xdb, 0x30, 0xc2,
0xdf, 0xf1, 0x85, 0xb9, 0xc3, 0xa9, 0x48, 0x83, 0xa2, 0x3e, 0xf2, 0xf3, 0x97, 0xa0, 0xdf, 0x3d,
0x2a, 0xe7, 0x1e, 0x1f, 0x95, 0x3f, 0x67, 0x0a, 0x92, 0xe8, 0x11, 0x49, 0xd7, 0x27, 0x4b, 0xee,
0xf8, 0x5c, 0x72, 0x2d, 0xeb, 0x11, 0xc9, 0xf8, 0xad, 0x61, 0x98, 0xd2, 0xd1, 0xd4, 0xc7, 0xfe,
0xdc, 0x40, 0x8f, 0xfd, 0x5f, 0x82, 0xa2, 0x98, 0x6f, 0x52, 0x00, 0x7f, 0x01, 0x9f, 0xd6, 0x04,
0x4c, 0x33, 0x62, 0x01, 0xfe, 0x39, 0x4c, 0xaf, 0x45, 0xcd, 0x88, 0x8a, 0x5c, 0x57, 0x1e, 0x8d,
0x0b, 0xb1, 0x08, 0x29, 0xd5, 0xba, 0xea, 0x72, 0x8e, 0x9e, 0x8f, 0x5f, 0x83, 0x11, 0x76, 0x9d,
0x8b, 0xf4, 0x7d, 0xd8, 0x4a, 0x76, 0xd3, 0x4b, 0xd8, 0x41, 0x71, 0x24, 0xb2, 0x0d, 0xc5, 0x75,
0x3b, 0x08, 0x6b, 0x94, 0xba, 0x03, 0x98, 0xf1, 0x94, 0xc5, 0x50, 0xcd, 0xa2, 0x8d, 0x4c, 0x40,
0xa9, 0x9b, 0xb0, 0xc3, 0x88, 0x98, 0x91, 0xaf, 0x02, 0x2c, 0x79, 0x6e, 0xe8, 0x7b, 0xad, 0x75,
0xaf, 0x39, 0x3f, 0x82, 0x8a, 0x96, 0x67, 0x13, 0x1f, 0x20, 0x46, 0xe0, 0xba, 0x96, 0x48, 0x9b,
0x58, 0xe7, 0x05, 0x56, 0xcb, 0x6b, 0xaa, 0xeb, 0x20, 0xc6, 0x27, 0xb7, 0xa0, 0x24, 0xb5, 0x58,
0x5b, 0x9d, 0xa6, 0x8f, 0x13, 0x64, 0x34, 0x96, 0x0b, 0xe9, 0xa3, 0xd0, 0xea, 0x0a, 0xb8, 0x76,
0x6e, 0x26, 0x68, 0xc8, 0x57, 0xe0, 0x4c, 0x12, 0x26, 0xbf, 0x72, 0x31, 0xbe, 0x82, 0xa9, 0xec,
0x32, 0xe6, 0x7d, 0x2f, 0x16, 0xe4, 0x36, 0x4c, 0xb3, 0x01, 0xd9, 0xa0, 0x76, 0xd0, 0xe5, 0x56,
0x7c, 0x42, 0x0f, 0x28, 0xad, 0x14, 0xc4, 0x2a, 0x6c, 0x79, 0xf5, 0x7d, 0x05, 0xc9, 0x4c, 0x52,
0x91, 0x9b, 0x30, 0xce, 0x8d, 0x67, 0xfc, 0x35, 0x77, 0xd7, 0x13, 0xef, 0x4e, 0xf2, 0x39, 0x46,
0x94, 0x3c, 0xb8, 0xce, 0xca, 0x4c, 0x15, 0xd1, 0x38, 0xca, 0xc3, 0xe9, 0xec, 0x3a, 0xc8, 0x9f,
0x83, 0x53, 0x62, 0x3c, 0x5b, 0xd4, 0x57, 0x70, 0x06, 0x30, 0x2b, 0x7a, 0x4d, 0x7c, 0xa7, 0xe7,
0xea, 0x11, 0x83, 0x68, 0xc3, 0x61, 0x2c, 0x12, 0x93, 0x22, 0xbb, 0x1e, 0xf2, 0x75, 0x18, 0x57,
0xab, 0xcd, 0x0f, 0x6e, 0xa1, 0xd5, 0xa7, 0x2e, 0x95, 0x25, 0xb1, 0x61, 0xda, 0xa4, 0xdf, 0xe8,
0xd2, 0x20, 0x94, 0x36, 0x62, 0x42, 0x62, 0x39, 0x9b, 0xaa, 0x45, 0x22, 0x44, 0x4a, 0xca, 0x92,
0xcf, 0x29, 0x2d, 0x69, 0x89, 0xfa, 0x1d, 0xc6, 0x3e, 0xc9, 0xcf, 0xf8, 0x5e, 0x1e, 0xce, 0xf4,
0x98, 0xce, 0x6c, 0xc7, 0x53, 0x24, 0x43, 0xdc, 0xf1, 0x12, 0x02, 0x21, 0x37, 0x5d, 0xbc, 0x00,
0x79, 0x21, 0x81, 0x0d, 0x2d, 0x96, 0x1e, 0x1f, 0x95, 0x27, 0xb4, 0x95, 0x9a, 0x5f, 0x5b, 0x26,
0x77, 0x60, 0x88, 0x0d, 0xc3, 0x00, 0x76, 0x52, 0x52, 0x45, 0x3d, 0x15, 0x3a, 0xea, 0x06, 0x81,
0x63, 0x83, 0x3c, 0xc8, 0xe7, 0xa1, 0xb0, 0xb9, 0xb9, 0x8e, 0xbb, 0x43, 0x01, 0x67, 0xf7, 0x64,
0x18, 0xb6, 0xb4, 0xcd, 0x68, 0x92, 0xd1, 0x46, 0x23, 0x62, 0x32, 0x74, 0xf2, 0x21, 0x8c, 0x88,
0xa7, 0xe7, 0x61, 0x5c, 0xca, 0x2f, 0xf7, 0x5f, 0xca, 0x57, 0xd4, 0xc7, 0x67, 0xd4, 0x0c, 0xa5,
0x1e, 0x9c, 0x05, 0xbf, 0x85, 0x37, 0x61, 0xbc, 0xff, 0xab, 0x60, 0x4f, 0x45, 0xa3, 0xf1, 0xed,
0x9c, 0x34, 0x55, 0x13, 0x93, 0x9f, 0x5c, 0x90, 0xeb, 0x04, 0x15, 0x19, 0x82, 0x8b, 0x0a, 0x22,
0xcf, 0x02, 0xf0, 0x9f, 0x5b, 0x5b, 0x62, 0xd0, 0x27, 0x4c, 0x05, 0x42, 0xde, 0x8a, 0x58, 0x0a,
0xc5, 0x73, 0x01, 0x25, 0x81, 0xc4, 0x5a, 0xe3, 0x65, 0xa6, 0x8e, 0x6a, 0xfc, 0x7a, 0x3e, 0x3e,
0x35, 0x6e, 0x39, 0xad, 0x90, 0xfa, 0x64, 0x81, 0x1f, 0x02, 0xf1, 0x65, 0xcd, 0x8c, 0x7e, 0x93,
0xf9, 0xf8, 0x44, 0xe1, 0x5d, 0x8b, 0x8e, 0x8e, 0x97, 0x95, 0xa3, 0xa3, 0x80, 0x47, 0xc7, 0x54,
0xcf, 0x43, 0xe2, 0xe5, 0x8c, 0x9d, 0x10, 0xb7, 0xfe, 0x8c, 0xdd, 0xee, 0x05, 0x98, 0xbc, 0xe7,
0xad, 0x3c, 0x0a, 0x23, 0x44, 0xb6, 0xe5, 0x17, 0x4d, 0x1d, 0xc8, 0x38, 0xde, 0x6f, 0x35, 0xa8,
0xbf, 0xb9, 0x67, 0xbb, 0x9a, 0x6d, 0x93, 0x99, 0x82, 0x33, 0xdc, 0x7b, 0xf4, 0xa1, 0x8e, 0xcb,
0x4d, 0xa8, 0x52, 0xf0, 0xe4, 0xc7, 0x29, 0xa6, 0x3e, 0x8e, 0xf1, 0xf3, 0x79, 0x39, 0x5c, 0x0f,
0xae, 0x3f, 0xa5, 0x76, 0x2b, 0x6f, 0x68, 0x76, 0x2b, 0xb3, 0xd1, 0xf3, 0x56, 0x64, 0x32, 0x76,
0x3d, 0xd3, 0x6a, 0x25, 0xb2, 0x3f, 0x1b, 0xc9, 0xb6, 0x3f, 0xfb, 0x47, 0xa3, 0x30, 0xa1, 0x32,
0x61, 0xa3, 0x53, 0x69, 0x34, 0x7c, 0x75, 0x74, 0xec, 0x46, 0xc3, 0x37, 0x11, 0xaa, 0x99, 0x9b,
0x15, 0xfa, 0x9a, 0x9b, 0x7d, 0x0d, 0xc6, 0x96, 0xda, 0x0d, 0xcd, 0xac, 0xc4, 0xc8, 0x68, 0xf4,
0x95, 0x08, 0x89, 0xaf, 0xe9, 0xe8, 0x2d, 0xa7, 0xde, 0x6e, 0xa4, 0x8d, 0x49, 0x62, 0x96, 0x9a,
0xa5, 0xda, 0xf0, 0xa7, 0xb1, 0x54, 0xbb, 0x09, 0x63, 0x5b, 0x01, 0xdd, 0xec, 0xba, 0x2e, 0x6d,
0xe1, 0x28, 0x15, 0xb9, 0xce, 0xa0, 0x1b, 0x50, 0x2b, 0x44, 0xa8, 0xda, 0x80, 0x08, 0x55, 0xfd,
0xec, 0xa3, 0x7d, 0x3e, 0xfb, 0x0d, 0x28, 0x56, 0x29, 0xf5, 0x71, 0x4c, 0xc7, 0xe3, 0xbb, 0x53,
0x87, 0x52, 0xdf, 0x62, 0x03, 0xab, 0x59, 0xb0, 0x09, 0x44, 0xcd, 0xec, 0x6d, 0x62, 0x50, 0xb3,
0xb7, 0xe7, 0x60, 0xa2, 0xd3, 0xdd, 0x69, 0x39, 0x75, 0xe4, 0x2b, 0xec, 0xe5, 0xcc, 0x71, 0x0e,
0x63, 0x6c, 0x03, 0xf2, 0x21, 0x4c, 0xa2, 0xae, 0x24, 0x9a, 0x88, 0x53, 0xda, 0x81, 0xaf, 0x95,
0x71, 0x99, 0xbc, 0xce, 0x40, 0x56, 0x86, 0xcd, 0xa8, 0xce, 0x88, 0xdc, 0x81, 0xd1, 0xa6, 0x13,
0x5a, 0x7b, 0xdd, 0x9d, 0xf9, 0x69, 0xcd, 0xe0, 0xf2, 0xb6, 0x13, 0xae, 0x76, 0x77, 0xf8, 0x27,
0x8f, 0x58, 0xe3, 0xce, 0xdd, 0x74, 0xc2, 0xbd, 0xae, 0xaa, 0x0e, 0x19, 0x69, 0x22, 0x6e, 0xd2,
0x7e, 0xaf, 0xd4, 0xdf, 0x7e, 0x6f, 0x46, 0xb7, 0xdf, 0x23, 0x16, 0x90, 0xb4, 0xab, 0xc5, 0x3c,
0xc1, 0x46, 0xbd, 0x7e, 0x45, 0x7a, 0x39, 0x5c, 0x49, 0xf9, 0x68, 0x5c, 0x39, 0xb8, 0x76, 0x65,
0x49, 0x02, 0x6f, 0x09, 0xa0, 0x39, 0x53, 0x4f, 0x82, 0x16, 0x6a, 0x30, 0xa5, 0x4f, 0xda, 0x27,
0x60, 0x71, 0x12, 0xd9, 0x1b, 0x16, 0x4b, 0x63, 0x77, 0x86, 0x8a, 0x50, 0x1a, 0xe7, 0x96, 0x86,
0x26, 0x54, 0xa3, 0xcf, 0x67, 0x92, 0xbb, 0xdd, 0x1d, 0xea, 0xbb, 0x34, 0xa4, 0x81, 0x50, 0x2c,
0x04, 0xe6, 0x50, 0xa5, 0xd3, 0x09, 0x8c, 0xbf, 0x9b, 0x87, 0xd1, 0xca, 0x76, 0x0d, 0x8f, 0xaa,
0x57, 0xd5, 0xb7, 0xf9, 0x5c, 0x6c, 0x6d, 0x1f, 0xbf, 0xcd, 0xab, 0x2f, 0xf2, 0x57, 0x33, 0x34,
0x5f, 0xe8, 0xbf, 0xa1, 0x68, 0xbe, 0x34, 0x7d, 0x57, 0x6c, 0xa6, 0x50, 0x18, 0xc0, 0x4c, 0x21,
0x7a, 0xcb, 0x19, 0x3a, 0xfe, 0x2d, 0xe7, 0x6d, 0x18, 0x5f, 0x73, 0x43, 0xda, 0xf4, 0xe3, 0x45,
0x1d, 0x69, 0xe1, 0x22, 0xb0, 0xaa, 0x2e, 0x50, 0xb0, 0xd9, 0x8a, 0xe1, 0xef, 0x47, 0xd1, 0xbb,
0x11, 0xae, 0x18, 0xfe, 0xcc, 0x94, 0x50, 0xa1, 0x4a, 0x44, 0x63, 0x39, 0xb1, 0x1c, 0xa4, 0x75,
0x5a, 0x4e, 0x57, 0xe4, 0xf1, 0x81, 0x5d, 0x9c, 0xc9, 0xb6, 0x4e, 0x33, 0xfe, 0x4a, 0x0e, 0xe6,
0xb2, 0x66, 0x39, 0x79, 0x0f, 0x26, 0x3c, 0xbf, 0x69, 0xbb, 0xce, 0x0f, 0xf2, 0x1e, 0x29, 0x7a,
0x7e, 0x15, 0xae, 0x2a, 0xf2, 0x54, 0x38, 0x1b, 0x10, 0xa5, 0xe7, 0xba, 0x5a, 0x32, 0x73, 0x40,
0x14, 0xb0, 0xf1, 0x0b, 0x79, 0x18, 0xaf, 0x74, 0x3a, 0x4f, 0xb9, 0x11, 0xf7, 0x17, 0xb5, 0x53,
0x4f, 0xaa, 0x4d, 0xa2, 0x7e, 0xf5, 0x31, 0xd7, 0x3c, 0xee, 0xe0, 0xfb, 0xef, 0x0b, 0x30, 0x9d,
0xe0, 0xa3, 0xf6, 0x29, 0x37, 0xa0, 0xcd, 0x75, 0x7e, 0x40, 0x9b, 0xeb, 0xc2, 0x60, 0x36, 0xd7,
0x43, 0x9f, 0xe6, 0x24, 0x7b, 0x09, 0x0a, 0x95, 0x4e, 0x27, 0x69, 0x7a, 0xd4, 0xe9, 0x3c, 0xb8,
0xc1, 0xf5, 0x79, 0x76, 0xa7, 0x63, 0x32, 0x0c, 0xed, 0x78, 0x19, 0xf9, 0x84, 0x56, 0xd5, 0xa3,
0xfd, 0x77, 0xe5, 0xe2, 0x40, 0xbb, 0xf2, 0xd8, 0x13, 0xdb, 0x95, 0x8d, 0xd7, 0x60, 0x0c, 0xbb,
0x8a, 0xa6, 0xcd, 0x17, 0x00, 0xf7, 0x45, 0x61, 0xd5, 0xac, 0x0d, 0x85, 0xd8, 0x31, 0xff, 0x38,
0x07, 0xc3, 0xf8, 0xfb, 0x29, 0x5d, 0x18, 0xd7, 0xb5, 0x85, 0x51, 0x52, 0x16, 0x46, 0xcf, 0x25,
0xa1, 0x4c, 0xfe, 0xbf, 0x5d, 0x00, 0x58, 0xba, 0x6f, 0xd6, 0xb8, 0x56, 0x9a, 0xdc, 0x82, 0x69,
0xbb, 0xd5, 0xf2, 0x1e, 0xd2, 0x86, 0xe5, 0xf9, 0x4e, 0xd3, 0x71, 0xf9, 0xc8, 0x49, 0x73, 0x1d,
0xbd, 0x48, 0x7d, 0x46, 0x17, 0x45, 0xf7, 0x79, 0x89, 0xca, 0xa7, 0x4d, 0xc3, 0x3d, 0xaf, 0x21,
0x15, 0x54, 0x1a, 0x1f, 0x51, 0x94, 0xc1, 0x67, 0x83, 0x97, 0xa8, 0x7c, 0xf6, 0x50, 0xe1, 0x26,
0x6f, 0x2b, 0x1a, 0x1f, 0x51, 0x94, 0xc1, 0x87, 0x6b, 0xe9, 0x02, 0xb2, 0x0e, 0xf8, 0xe8, 0xf2,
0xd0, 0xaa, 0xfb, 0xb4, 0x41, 0xdd, 0xd0, 0xb1, 0x5b, 0x81, 0x50, 0x69, 0xa2, 0xee, 0x3e, 0x55,
0xa8, 0xaa, 0x74, 0xb0, 0x70, 0x29, 0x2e, 0x23, 0x57, 0x60, 0xb4, 0x6d, 0x3f, 0xb2, 0xec, 0x26,
0x37, 0x5c, 0x9b, 0xe4, 0x2a, 0x30, 0x01, 0x52, 0xcf, 0xbe, 0xb6, 0xfd, 0xa8, 0xd2, 0xa4, 0xac,
0x17, 0xf4, 0x51, 0xc7, 0x0b, 0x94, 0x5e, 0x8c, 0xc4, 0xbd, 0x48, 0x14, 0xa9, 0xbd, 0x10, 0x45,
0xa2, 0x17, 0xc6, 0xaf, 0xe4, 0xe0, 0xdc, 0x1a, 0xb6, 0x22, 0x3c, 0x5c, 0xa2, 0x6e, 0x48, 0xfd,
0x2a, 0xf5, 0xdb, 0x0e, 0x1a, 0xd2, 0xd4, 0x68, 0x48, 0x9e, 0x87, 0x42, 0xc5, 0xbc, 0x27, 0xe6,
0x2f, 0x3f, 0xa4, 0x34, 0xa3, 0x2a, 0x56, 0x1a, 0x69, 0x49, 0xf3, 0xc7, 0xbc, 0xde, 0x54, 0x60,
0xa2, 0x12, 0x04, 0x4e, 0xd3, 0x6d, 0x73, 0x77, 0xbd, 0x82, 0x66, 0xb6, 0x25, 0xe0, 0xa9, 0x57,
0x55, 0x95, 0xc4, 0xf8, 0xcf, 0x72, 0x30, 0x53, 0xe9, 0x74, 0xf4, 0x26, 0xeb, 0x26, 0x83, 0xb9,
0xc1, 0x4d, 0x06, 0x1d, 0x98, 0xd2, 0xba, 0xcb, 0xa7, 0x54, 0x7c, 0x99, 0xe8, 0x33, 0x32, 0xbc,
0xd9, 0x9d, 0x08, 0x64, 0x05, 0xba, 0xc5, 0x49, 0x82, 0xb1, 0xf1, 0x1f, 0x17, 0x71, 0x0f, 0x11,
0x87, 0x81, 0xb0, 0xb3, 0xcf, 0x65, 0xd8, 0xd9, 0xbf, 0x09, 0x8a, 0x58, 0xa6, 0x9e, 0xcb, 0x8a,
0xfc, 0xad, 0xea, 0x17, 0x63, 0x64, 0xb2, 0x9f, 0xb4, 0xb8, 0x2f, 0x60, 0x6f, 0x9e, 0x4f, 0x2e,
0xe0, 0x27, 0x62, 0x6c, 0xbf, 0x0a, 0x64, 0xcd, 0x45, 0x2b, 0x18, 0x5a, 0xdb, 0x77, 0x3a, 0x0f,
0xa8, 0xef, 0xec, 0x1e, 0x8a, 0x05, 0x80, 0x83, 0xef, 0x88, 0x52, 0x2b, 0xd8, 0x77, 0x3a, 0xd6,
0x01, 0x96, 0x9b, 0x19, 0x34, 0xe4, 0x7d, 0x18, 0x35, 0xe9, 0x43, 0xdf, 0x09, 0xa5, 0xd1, 0xe6,
0x54, 0xa4, 0x2e, 0x47, 0x28, 0x5f, 0x0b, 0x3e, 0xff, 0xa1, 0xee, 0x8a, 0xa2, 0x9c, 0x5c, 0xe7,
0x92, 0x15, 0x37, 0xce, 0x9c, 0x8c, 0x7b, 0x5b, 0xd9, 0xae, 0xf5, 0x12, 0xac, 0xc8, 0x65, 0x18,
0x46, 0xf1, 0x4c, 0xdc, 0xaf, 0xd0, 0x15, 0x15, 0xef, 0x23, 0xaa, 0xec, 0x88, 0x18, 0xa8, 0x7d,
0x91, 0x66, 0x26, 0xf2, 0xf0, 0x51, 0x20, 0x49, 0xd9, 0x72, 0xec, 0x44, 0xb2, 0xe5, 0x3a, 0x94,
0x4c, 0xee, 0x2f, 0xdd, 0xa8, 0x74, 0xd0, 0xf4, 0x20, 0x98, 0x07, 0x5c, 0xc9, 0x17, 0x1e, 0x1f,
0x95, 0x9f, 0x11, 0xbe, 0xd4, 0x0d, 0xcb, 0xee, 0x70, 0x8b, 0x05, 0x6d, 0x1b, 0x49, 0x52, 0x92,
0x37, 0x61, 0x88, 0x6d, 0xbd, 0xc2, 0x36, 0x5f, 0xbe, 0x71, 0xc6, 0xbb, 0x31, 0x5f, 0x9c, 0x75,
0x4f, 0xdb, 0x13, 0x90, 0x84, 0x58, 0x30, 0xa5, 0x4f, 0x77, 0x61, 0x13, 0x39, 0x1f, 0x8f, 0xa7,
0x5e, 0x2e, 0x1e, 0x3e, 0x05, 0xcc, 0xaa, 0x23, 0x50, 0x5d, 0x01, 0x89, 0x45, 0xba, 0x02, 0xc5,
0xcd, 0xa5, 0x6a, 0xd5, 0xf3, 0x43, 0x7e, 0x7d, 0x8c, 0x4f, 0x16, 0x06, 0x33, 0x6d, 0xb7, 0x49,
0xb9, 0xa8, 0x10, 0xd6, 0x3b, 0x16, 0x3b, 0xb0, 0x35, 0x51, 0x41, 0x92, 0x92, 0xaf, 0xc2, 0xa9,
0xad, 0x80, 0x56, 0xdc, 0x43, 0x14, 0x1e, 0x94, 0xa5, 0x32, 0x85, 0x53, 0x0f, 0x9f, 0xee, 0xd8,
0xf5, 0xda, 0x76, 0x0f, 0x2d, 0x2e, 0x74, 0x64, 0x2f, 0x9c, 0x6c, 0x2e, 0xe4, 0x2a, 0x14, 0x36,
0x96, 0xaa, 0xe2, 0x9e, 0x29, 0x4d, 0x96, 0x37, 0x96, 0xaa, 0x7c, 0x22, 0xb5, 0x75, 0x17, 0x90,
0x8d, 0xa5, 0xea, 0x67, 0xe7, 0x27, 0xf0, 0x15, 0x6c, 0x09, 0x99, 0x87, 0xd1, 0x3a, 0xc7, 0x11,
0xdc, 0xe4, 0x4f, 0x42, 0x60, 0xc8, 0xf6, 0x9b, 0xe2, 0x18, 0x34, 0xf1, 0x6f, 0xf2, 0x12, 0x94,
0xfc, 0xae, 0x6b, 0xd9, 0x01, 0x7f, 0x04, 0xed, 0x06, 0xd4, 0xe7, 0xdb, 0xac, 0x39, 0xe9, 0x77,
0xdd, 0x4a, 0xc0, 0xc4, 0x42, 0x36, 0x75, 0x8d, 0xbf, 0x97, 0x03, 0x65, 0xfd, 0x14, 0x4d, 0xda,
0x70, 0x7c, 0x5a, 0x0f, 0xc5, 0xd9, 0x7c, 0x5a, 0x98, 0x76, 0x23, 0x2c, 0x61, 0xda, 0x8d, 0x30,
0xf2, 0x1e, 0x8c, 0x8a, 0x33, 0x44, 0xec, 0x99, 0x72, 0xdd, 0x89, 0xb7, 0x2d, 0xee, 0xca, 0x9e,
0x3a, 0x7f, 0x24, 0x11, 0xdb, 0xb2, 0xef, 0x6c, 0x6f, 0x2e, 0xb5, 0x6c, 0xa7, 0x1d, 0x88, 0x83,
0x00, 0x77, 0x8d, 0x8f, 0x1f, 0x86, 0x56, 0x1d, 0xa1, 0xea, 0x96, 0x1d, 0xa1, 0x1a, 0xb7, 0xe5,
0xd3, 0xda, 0x31, 0x2e, 0x13, 0x65, 0x18, 0x7e, 0x10, 0x2b, 0x60, 0x17, 0xc7, 0x1e, 0x1f, 0x95,
0xf9, 0xd8, 0x9a, 0x1c, 0x6e, 0x50, 0x18, 0x8b, 0xe6, 0x1d, 0xe3, 0xc5, 0x7e, 0x20, 0xaf, 0x49,
0xce, 0x8b, 0xcd, 0x40, 0x13, 0xa1, 0x4c, 0x4e, 0x5b, 0x71, 0x1b, 0x88, 0x90, 0x47, 0x04, 0x1c,
0x1e, 0xea, 0x36, 0x70, 0x9a, 0xaa, 0xbd, 0x13, 0x68, 0x8a, 0x34, 0xf4, 0xe3, 0x39, 0x98, 0xd2,
0xbf, 0x31, 0xb9, 0x02, 0x23, 0xc2, 0x55, 0x3c, 0x87, 0xfa, 0x6c, 0xc6, 0x6d, 0x84, 0x3b, 0x89,
0x6b, 0xae, 0xe1, 0x02, 0x8b, 0x09, 0x7d, 0x82, 0x83, 0x90, 0x78, 0x50, 0xe8, 0x13, 0xb3, 0xc0,
0x94, 0x65, 0xc4, 0x60, 0x97, 0xe7, 0xa0, 0xdb, 0x0a, 0xd5, 0x77, 0x78, 0x1f, 0x21, 0xa6, 0x28,
0x31, 0x7e, 0x23, 0x07, 0x23, 0x7c, 0x63, 0x4c, 0xd8, 0x5f, 0xe7, 0x4e, 0x62, 0x7f, 0xfd, 0x4d,
0x98, 0x33, 0xbd, 0x16, 0x0d, 0x2a, 0xee, 0xe1, 0xc3, 0x3d, 0xea, 0xd3, 0xaa, 0xef, 0xed, 0x4a,
0x93, 0x81, 0xf1, 0xeb, 0xcf, 0x69, 0x1b, 0x70, 0x16, 0x22, 0x7f, 0xf3, 0xf5, 0x59, 0x09, 0x5b,
0xa6, 0x58, 0xc4, 0xd6, 0x6a, 0xc2, 0xc4, 0x20, 0xb3, 0x12, 0xe3, 0xef, 0xe4, 0x60, 0xa1, 0x37,
0x6b, 0x3c, 0x3e, 0xf9, 0x9f, 0xb1, 0xdc, 0xc2, 0x8f, 0x4f, 0x0e, 0x4d, 0x18, 0x85, 0x2b, 0xc8,
0xc4, 0x84, 0x53, 0x95, 0x7a, 0x9d, 0x76, 0x42, 0xc6, 0x58, 0x18, 0x13, 0x47, 0x72, 0x4d, 0x91,
0xab, 0xac, 0x6c, 0x44, 0xe0, 0xe6, 0xe5, 0xd2, 0xc0, 0x1a, 0x67, 0x5d, 0x36, 0xa9, 0xf1, 0x87,
0x39, 0x80, 0x5a, 0x6d, 0xf5, 0x2e, 0x3d, 0xac, 0xda, 0x0e, 0x0a, 0x2a, 0x7c, 0xaf, 0xb9, 0x2b,
0x36, 0x87, 0x09, 0x61, 0x43, 0xc4, 0xb7, 0xa8, 0x7d, 0x7a, 0xa8, 0xd9, 0x10, 0x49, 0x54, 0xde,
0x2b, 0xe7, 0xc0, 0x0e, 0x29, 0x23, 0xc4, 0x07, 0x00, 0xd9, 0x2b, 0x84, 0x26, 0x28, 0x15, 0x64,
0xf2, 0x55, 0x98, 0x8a, 0x7f, 0x45, 0x96, 0x50, 0x53, 0xd1, 0x06, 0xa4, 0x17, 0x2e, 0x3e, 0xfb,
0xf8, 0xa8, 0xbc, 0xa0, 0x70, 0x4d, 0x9a, 0x03, 0x25, 0x98, 0xbd, 0x35, 0xf4, 0xaf, 0x7e, 0xa9,
0x9c, 0x43, 0x73, 0xb5, 0xcd, 0xf5, 0x9a, 0xec, 0xe6, 0x45, 0x18, 0x8a, 0xdc, 0x70, 0x26, 0xc4,
0x99, 0xa3, 0x5b, 0x15, 0x60, 0x39, 0x93, 0x2e, 0xe3, 0xfe, 0xe0, 0x06, 0xab, 0xf7, 0x83, 0x95,
0x92, 0xdb, 0x30, 0x3a, 0x50, 0xcb, 0x71, 0x51, 0x66, 0xb4, 0x58, 0x52, 0x33, 0xa1, 0x6b, 0xc9,
0xe4, 0x8f, 0x48, 0x13, 0x5c, 0xe8, 0xaa, 0xfb, 0x2d, 0x93, 0xc1, 0x8c, 0xa3, 0x1c, 0xc0, 0x9d,
0xed, 0xcd, 0xef, 0xdb, 0xcf, 0x64, 0xfc, 0x74, 0x1e, 0x66, 0x62, 0x53, 0x56, 0xd9, 0xcf, 0x2f,
0x00, 0xc4, 0x5d, 0x3a, 0xbe, 0xa3, 0x9d, 0xa8, 0xa3, 0x6f, 0xc1, 0xb8, 0x52, 0xf9, 0x00, 0x3d,
0xed, 0xc4, 0x3d, 0xb5, 0xa0, 0x94, 0x6c, 0xf8, 0xa7, 0xec, 0x6b, 0x47, 0xc3, 0x67, 0xb3, 0x6f,
0xcf, 0x0e, 0xb8, 0xe5, 0xf8, 0x24, 0x9f, 0x7d, 0xec, 0xb7, 0x3a, 0xfb, 0xd8, 0x6f, 0xa3, 0x02,
0xa5, 0x4a, 0x93, 0x6a, 0xa3, 0x42, 0x5e, 0xcb, 0x18, 0x11, 0xd4, 0x70, 0xc6, 0x50, 0x65, 0x1c,
0x8c, 0x9f, 0xcc, 0xc3, 0x34, 0x9b, 0xc9, 0x95, 0x6e, 0xb8, 0xe7, 0xf9, 0x4e, 0x78, 0xf8, 0xd4,
0x3e, 0x01, 0xbd, 0xa3, 0xdd, 0xf9, 0x17, 0xa4, 0x74, 0xa2, 0xf6, 0xad, 0xf7, 0x4b, 0x90, 0x72,
0xde, 0xfd, 0x77, 0xc3, 0x30, 0x9b, 0x41, 0x45, 0x5e, 0xd5, 0xde, 0x95, 0xe7, 0x65, 0x20, 0x9c,
0xef, 0x1d, 0x95, 0x27, 0x24, 0xfa, 0x66, 0x1c, 0x18, 0xe7, 0xba, 0x6e, 0xc4, 0xcc, 0x47, 0x0a,
0x9f, 0x99, 0x55, 0x23, 0x66, 0xdd, 0x74, 0xf9, 0x32, 0x0c, 0xe3, 0x89, 0x20, 0x3c, 0x01, 0x50,
0xa2, 0xc7, 0x33, 0x46, 0xb3, 0xe4, 0x63, 0x00, 0xb2, 0x0a, 0xa3, 0xec, 0x8f, 0x0d, 0xbb, 0x23,
0x8c, 0x3c, 0x48, 0xa4, 0x14, 0x43, 0x68, 0xc7, 0x71, 0x9b, 0xaa, 0x5e, 0xac, 0x45, 0xad, 0xb6,
0xdd, 0xd1, 0xae, 0x1e, 0x1c, 0x51, 0xd3, 0xaf, 0x15, 0x7b, 0xeb, 0xd7, 0x72, 0xc7, 0xea, 0xd7,
0x76, 0x01, 0x6a, 0x4e, 0xd3, 0x75, 0xdc, 0x66, 0xa5, 0xd5, 0x14, 0xe1, 0x84, 0x2e, 0xf7, 0xfe,
0x0a, 0x57, 0x62, 0x64, 0x5c, 0x23, 0xe7, 0xd0, 0x12, 0x8b, 0xc3, 0x2c, 0xbb, 0xd5, 0xd4, 0x3c,
0xb2, 0x15, 0xce, 0xe4, 0x1e, 0x40, 0xa5, 0x1e, 0x3a, 0x07, 0x6c, 0xb5, 0x04, 0xe2, 0x9e, 0x20,
0x9b, 0xbc, 0x54, 0xb9, 0x4b, 0x0f, 0xf1, 0x6e, 0x2b, 0x6d, 0x5a, 0x6c, 0x44, 0x65, 0xb3, 0x5e,
0x73, 0xb7, 0x8d, 0x39, 0x90, 0x0e, 0x9c, 0xaa, 0x34, 0x1a, 0x0e, 0xeb, 0x83, 0xdd, 0xda, 0xe4,
0x81, 0xa0, 0x90, 0xf5, 0x44, 0x36, 0xeb, 0xcb, 0xd2, 0x0c, 0xc3, 0x8e, 0xa8, 0x2c, 0x19, 0x3f,
0x2a, 0x51, 0x4d, 0x36, 0x63, 0xa3, 0x06, 0x53, 0x7a, 0xe7, 0xf5, 0x30, 0x48, 0x13, 0x50, 0x34,
0x6b, 0x15, 0xab, 0xb6, 0x5a, 0xb9, 0x56, 0xca, 0x91, 0x12, 0x4c, 0x88, 0x5f, 0xd7, 0xad, 0xeb,
0x6f, 0xdc, 0x2c, 0xe5, 0x35, 0xc8, 0x1b, 0xd7, 0xae, 0x97, 0x0a, 0x0b, 0xf9, 0xf9, 0x5c, 0x22,
0x18, 0xc3, 0x68, 0xa9, 0xc8, 0x1f, 0x4a, 0x8c, 0x5f, 0xcd, 0x41, 0x51, 0xb6, 0x9d, 0xdc, 0x84,
0x42, 0xad, 0xb6, 0x9a, 0x08, 0x67, 0x10, 0x9f, 0xee, 0xfc, 0x04, 0x0b, 0xb4, 0x9d, 0x86, 0x11,
0x30, 0xba, 0xcd, 0xf5, 0x9a, 0x90, 0x93, 0x25, 0x5d, 0x7c, 0x5c, 0x72, 0xba, 0x0c, 0x1f, 0xef,
0x9b, 0x50, 0xb8, 0xb3, 0xbd, 0x29, 0x6e, 0xf1, 0x92, 0x2e, 0x3e, 0xa6, 0x38, 0xdd, 0xc7, 0x0f,
0xd5, 0x73, 0x95, 0x11, 0x18, 0x26, 0x8c, 0x2b, 0x13, 0x99, 0x0b, 0x86, 0x6d, 0x2f, 0x8a, 0xd0,
0x24, 0x04, 0x43, 0x06, 0x31, 0x45, 0x09, 0x13, 0x97, 0xd7, 0xbd, 0xba, 0xdd, 0x12, 0x12, 0x26,
0x8a, 0xcb, 0x2d, 0x06, 0x30, 0x39, 0xdc, 0xf8, 0xcd, 0x1c, 0x94, 0xaa, 0xbe, 0x77, 0xe0, 0xa0,
0x8b, 0x95, 0xb7, 0x4f, 0xdd, 0x07, 0xd7, 0xc8, 0x6b, 0x72, 0xc9, 0xe5, 0x22, 0x45, 0xef, 0x30,
0x2e, 0xb9, 0xc4, 0xc3, 0xbf, 0x58, 0x76, 0xb5, 0x38, 0xee, 0x56, 0x7e, 0xf0, 0xe0, 0x39, 0x22,
0xee, 0x56, 0x32, 0x78, 0x8e, 0x8c, 0xc0, 0x55, 0x86, 0x61, 0x6c, 0x8e, 0xd8, 0x1c, 0xb1, 0xe5,
0x21, 0x03, 0x98, 0x1c, 0xae, 0xec, 0x4d, 0x47, 0xf9, 0x54, 0x1f, 0xae, 0x7f, 0x5f, 0x05, 0xa0,
0xd1, 0x3b, 0xd7, 0xe7, 0xe5, 0xfe, 0x6e, 0x8f, 0x00, 0x34, 0x09, 0x06, 0xdc, 0xb1, 0xfa, 0x3a,
0x7f, 0x5a, 0xe3, 0xee, 0x89, 0xaa, 0x2e, 0x32, 0x15, 0x7b, 0xe2, 0x23, 0x98, 0x4b, 0x8e, 0x2f,
0xaa, 0xcc, 0x2b, 0x30, 0xad, 0xc3, 0xa5, 0xf6, 0xfc, 0x4c, 0x66, 0xbd, 0x0f, 0xae, 0x9b, 0x49,
0x7c, 0xe3, 0xd7, 0xf2, 0x30, 0x86, 0x7f, 0x9a, 0x5d, 0x2e, 0xe5, 0x57, 0xb6, 0x6b, 0x42, 0x91,
0xa7, 0x4a, 0xf9, 0xf6, 0xc3, 0x40, 0xda, 0xd2, 0x6a, 0x1b, 0x56, 0x84, 0x2c, 0x48, 0xf9, 0x13,
0xa2, 0x54, 0x21, 0x47, 0xa4, 0xfc, 0xad, 0x31, 0x48, 0x90, 0x0a, 0x64, 0x74, 0x8e, 0xe1, 0xd7,
0x0e, 0xd5, 0xb2, 0x11, 0xe9, 0xbc, 0x96, 0xee, 0x1c, 0xc3, 0xd1, 0xd0, 0xb0, 0x71, 0xbb, 0xc6,
0x6e, 0x22, 0xaa, 0x61, 0x23, 0x6b, 0xa3, 0x76, 0x0b, 0x11, 0x48, 0xe4, 0x3e, 0xcc, 0x54, 0xb6,
0x6b, 0xf7, 0x95, 0x77, 0xba, 0xb5, 0x65, 0xf1, 0x56, 0xf9, 0xdc, 0xe3, 0xa3, 0xf2, 0x79, 0x46,
0xa9, 0xbe, 0xe2, 0xe9, 0x57, 0xb4, 0x34, 0xad, 0xf1, 0x8f, 0xa6, 0x92, 0x5f, 0x44, 0x1c, 0xc7,
0x27, 0x5c, 0xb9, 0x6f, 0xc3, 0x70, 0xa5, 0xd5, 0xf2, 0x1e, 0x8a, 0x3d, 0x4c, 0x2a, 0x6e, 0xa2,
0x0f, 0xc2, 0x4f, 0x5b, 0xd4, 0x6a, 0x6b, 0x71, 0x2e, 0x18, 0x80, 0x2c, 0xc1, 0x58, 0x65, 0xbb,
0xb6, 0xb6, 0xb6, 0xbc, 0xb9, 0xc9, 0x1d, 0xe8, 0x0b, 0x8b, 0x2f, 0xca, 0x01, 0x77, 0x9c, 0x86,
0x95, 0x34, 0xe5, 0x8a, 0x6f, 0xc0, 0x31, 0x1d, 0x79, 0x17, 0xe0, 0x8e, 0xe7, 0xb8, 0x5c, 0x8b,
0x2f, 0x46, 0xf3, 0xfc, 0xe3, 0xa3, 0xf2, 0xf8, 0xc7, 0x9e, 0xe3, 0x0a, 0xb5, 0x3f, 0x6b, 0x7b,
0x8c, 0x64, 0x2a, 0x7f, 0xb3, 0x4f, 0xb7, 0xe8, 0x71, 0x13, 0xef, 0xe1, 0xf8, 0xd3, 0xed, 0x78,
0x29, 0x75, 0xb3, 0x44, 0x23, 0x6d, 0x98, 0xae, 0x75, 0x9b, 0x4d, 0xca, 0xce, 0x1d, 0xa1, 0x4e,
0x1d, 0x11, 0x9a, 0x9b, 0x28, 0x5c, 0x21, 0xbf, 0xd1, 0xdb, 0xad, 0x2e, 0x0d, 0x16, 0x5f, 0x65,
0xcb, 0xec, 0xbb, 0x47, 0x65, 0x61, 0x22, 0xc6, 0x64, 0xd6, 0x40, 0xd2, 0xa7, 0x95, 0xa9, 0x49,
0xde, 0xe4, 0x3e, 0x8c, 0xf0, 0x77, 0x5e, 0xe1, 0x10, 0xfe, 0x5c, 0x9f, 0x25, 0xcd, 0x11, 0x7b,
0x19, 0x3a, 0xf0, 0x52, 0xb2, 0x0d, 0xc5, 0x25, 0xc7, 0xaf, 0xb7, 0xe8, 0xd2, 0x9a, 0x90, 0x4c,
0x9e, 0xef, 0xc3, 0x52, 0xa2, 0xf2, 0x71, 0xa9, 0xe3, 0xaf, 0xba, 0xa3, 0x4a, 0x2a, 0x12, 0x83,
0xfc, 0x95, 0x1c, 0x9c, 0x8b, 0x5a, 0x5f, 0x69, 0x52, 0x37, 0xdc, 0xb0, 0xc3, 0xfa, 0x1e, 0xf5,
0xc5, 0x28, 0x8d, 0xf5, 0x1b, 0xa5, 0xb7, 0x52, 0xa3, 0x74, 0x29, 0x1e, 0x25, 0x9b, 0x31, 0xb3,
0xda, 0x9c, 0x5b, 0x7a, 0xcc, 0xfa, 0xd5, 0x4a, 0x2c, 0x80, 0xd8, 0x82, 0x41, 0xd8, 0x9a, 0xbe,
0xd8, 0xa7, 0xc3, 0x31, 0xb2, 0x70, 0xc5, 0x8d, 0x7e, 0x6b, 0xbe, 0x11, 0x11, 0x94, 0xdc, 0x95,
0xd1, 0x17, 0xb8, 0xcc, 0x74, 0xa1, 0x0f, 0x6f, 0x1e, 0x91, 0x61, 0xb6, 0x4f, 0xe8, 0x17, 0xfe,
0xb5, 0xd7, 0xed, 0x1d, 0x21, 0x26, 0x1d, 0xf3, 0xb5, 0xd7, 0xed, 0xf8, 0x6b, 0xb7, 0xec, 0xe4,
0xd7, 0x5e, 0xb7, 0x77, 0xc8, 0x12, 0x8f, 0x62, 0xc3, 0x43, 0x9e, 0x3c, 0xdb, 0x8f, 0x9b, 0x54,
0x65, 0x66, 0x44, 0xb3, 0xf9, 0x32, 0x8c, 0xd5, 0x3a, 0x76, 0x9d, 0xb6, 0x9c, 0xdd, 0x50, 0x58,
0xef, 0xbc, 0xd0, 0x87, 0x55, 0x84, 0x2b, 0xcc, 0x21, 0xe4, 0x4f, 0xf5, 0xca, 0x18, 0xe1, 0xb0,
0x16, 0x6e, 0x56, 0x37, 0x84, 0x62, 0xb5, 0x5f, 0x0b, 0x37, 0xab, 0x1b, 0x42, 0x22, 0xea, 0xb4,
0x35, 0x89, 0xa8, 0xba, 0x41, 0x3a, 0x30, 0xb5, 0x49, 0x7d, 0xdf, 0xde, 0xf5, 0xfc, 0x36, 0x57,
0xdf, 0x73, 0x9f, 0xf5, 0xcb, 0xfd, 0xf8, 0x69, 0x04, 0x5c, 0x6b, 0x1d, 0x4a, 0x98, 0x95, 0xd4,
0xf9, 0x27, 0xf8, 0xb3, 0x31, 0x59, 0x74, 0xc2, 0x9d, 0x6e, 0x7d, 0x9f, 0x86, 0xc2, 0x93, 0xbd,
0xdf, 0x98, 0x44, 0xb8, 0x7c, 0x4c, 0x76, 0xe4, 0x4f, 0x75, 0x4c, 0x22, 0x1c, 0x36, 0x0d, 0x44,
0xac, 0x1a, 0x72, 0xec, 0x34, 0xe0, 0x88, 0x7c, 0x1a, 0xf4, 0x0a, 0x5a, 0x43, 0xf6, 0x60, 0x62,
0xd1, 0xeb, 0xba, 0x4c, 0x50, 0xee, 0xd8, 0x8e, 0x3f, 0x3f, 0x8b, 0x6c, 0x5f, 0xea, 0xd7, 0x60,
0x05, 0x9d, 0x7b, 0xd0, 0xec, 0x30, 0x08, 0x93, 0xc5, 0x19, 0x48, 0x7d, 0x88, 0x53, 0x51, 0x49,
0x03, 0xc6, 0x71, 0x2a, 0x2f, 0xd3, 0x03, 0xaf, 0x13, 0xcc, 0xcf, 0x61, 0x45, 0x17, 0x8f, 0x5b,
0x14, 0x1c, 0x9b, 0x9b, 0xa9, 0xe0, 0xd2, 0xb0, 0x1a, 0x08, 0x51, 0x5f, 0x47, 0x14, 0x44, 0x72,
0x1b, 0x86, 0x56, 0xdc, 0x83, 0xd7, 0xe7, 0x4f, 0x21, 0xfb, 0x72, 0x1f, 0xf6, 0x0c, 0x8d, 0xdf,
0xf5, 0xa9, 0x7b, 0xf0, 0xba, 0x7a, 0xd7, 0x67, 0x25, 0xc9, 0x37, 0x9a, 0xd3, 0x27, 0x79, 0xa3,
0x31, 0xfe, 0xee, 0x30, 0x94, 0x8f, 0xe9, 0x12, 0x79, 0x20, 0x4f, 0x48, 0x2e, 0xd8, 0xbc, 0x32,
0xd8, 0x48, 0x5c, 0x39, 0xf6, 0xf0, 0x7c, 0x1b, 0xa6, 0x12, 0xf2, 0x80, 0x12, 0x3b, 0x35, 0x21,
0x0b, 0x98, 0x09, 0xd4, 0x85, 0x3f, 0x2e, 0xc0, 0x10, 0xca, 0x4b, 0xcf, 0x43, 0xa1, 0xd6, 0xdd,
0x51, 0x9f, 0x71, 0x03, 0xed, 0xd0, 0x60, 0xa5, 0xe4, 0x1d, 0x18, 0x17, 0x5e, 0x8b, 0xca, 0xa5,
0x1b, 0x3f, 0x95, 0x74, 0x71, 0x4c, 0xfa, 0x54, 0x29, 0xe8, 0xe4, 0x7d, 0x98, 0xa8, 0x3a, 0x1d,
0xda, 0x72, 0x5c, 0xaa, 0x78, 0x08, 0xe1, 0x8c, 0xea, 0x08, 0x78, 0xea, 0x69, 0x57, 0x25, 0xd0,
0xfd, 0x2b, 0x87, 0x06, 0xf7, 0xaf, 0x7c, 0x1f, 0x26, 0x96, 0xe9, 0xae, 0xe3, 0x3a, 0x9a, 0xbc,
0x84, 0x15, 0x37, 0x22, 0xb8, 0x4e, 0xad, 0x11, 0x90, 0x45, 0x98, 0x34, 0x69, 0xc7, 0x0b, 0x9c,
0xd0, 0xf3, 0x0f, 0xb7, 0xcc, 0x35, 0x61, 0xe3, 0x85, 0xfa, 0x5e, 0x3f, 0x2a, 0xb0, 0xba, 0xbe,
0x7a, 0x1e, 0xea, 0x24, 0xe4, 0x1e, 0xcc, 0xc4, 0x00, 0xdd, 0x74, 0x53, 0xbc, 0xe3, 0x45, 0x7c,
0xd2, 0xae, 0x18, 0x69, 0x52, 0xbd, 0x4d, 0x26, 0xdd, 0x15, 0x8e, 0x1d, 0xc9, 0x36, 0xf9, 0x74,
0x37, 0xbb, 0x4d, 0x26, 0xdd, 0x35, 0xfe, 0x41, 0x01, 0xce, 0xf4, 0xd8, 0x60, 0xc9, 0x3d, 0x7d,
0xba, 0x3e, 0xdf, 0x7f, 0x3f, 0x3e, 0x7e, 0x9a, 0xae, 0x43, 0x69, 0xe5, 0x2e, 0xea, 0x29, 0xb8,
0x95, 0xc4, 0x52, 0x45, 0xca, 0xd6, 0xd8, 0x7d, 0xba, 0x8f, 0x4e, 0x5d, 0xd2, 0xba, 0xa2, 0xae,
0x45, 0xef, 0x4a, 0x51, 0x2e, 0xfc, 0x85, 0xbc, 0x98, 0xb7, 0x6f, 0x83, 0x1a, 0x07, 0x51, 0x73,
0x7c, 0x8e, 0xc1, 0xea, 0x8c, 0x54, 0xb0, 0xc9, 0x97, 0x60, 0x62, 0xe5, 0x2e, 0x57, 0xce, 0xae,
0x4a, 0x7d, 0xa0, 0x18, 0x42, 0xba, 0x2f, 0x5f, 0x05, 0x13, 0x9a, 0x41, 0x8d, 0x82, 0x6c, 0xc1,
0x2c, 0x6f, 0x9b, 0xb3, 0xeb, 0xd4, 0x79, 0x14, 0x58, 0xc7, 0x6e, 0x89, 0x19, 0xf6, 0xfc, 0xe3,
0xa3, 0x72, 0x99, 0xee, 0xa3, 0xbb, 0x9a, 0x28, 0xb7, 0x02, 0x44, 0x50, 0xfd, 0xd6, 0x32, 0xe8,
0xd5, 0xf8, 0x8f, 0xe6, 0x18, 0x56, 0xc8, 0x6a, 0x63, 0x75, 0x33, 0x5c, 0x8e, 0x64, 0xfc, 0xd1,
0x30, 0x2c, 0xf4, 0x16, 0xfe, 0xc8, 0x07, 0xfa, 0x07, 0xbc, 0x78, 0xac, 0xb8, 0x78, 0xfc, 0x37,
0xfc, 0x10, 0xe6, 0x56, 0xdc, 0x90, 0xfa, 0x1d, 0xdf, 0x91, 0x71, 0x23, 0x57, 0xbd, 0x40, 0xba,
0x07, 0xe2, 0x9b, 0x0d, 0x8d, 0xca, 0x85, 0xa3, 0x2b, 0x3e, 0x33, 0xaa, 0x6f, 0x36, 0x59, 0x1c,
0xc8, 0x0a, 0x4c, 0x29, 0xf0, 0x56, 0xb7, 0xa9, 0x9a, 0x7e, 0xa8, 0x3c, 0x5b, 0x5d, 0xd5, 0x77,
0x2a, 0x41, 0x84, 0x2e, 0x88, 0xa1, 0x1d, 0x3a, 0xf5, 0x3b, 0xdb, 0x77, 0x6b, 0xe2, 0x73, 0x72,
0x17, 0x44, 0x84, 0x5a, 0x1f, 0x3f, 0xdc, 0xd7, 0xa4, 0xb7, 0x18, 0x79, 0xe1, 0x6f, 0x9c, 0x68,
0x27, 0xfc, 0x22, 0x40, 0xbc, 0x94, 0xd4, 0x90, 0x27, 0xf1, 0xd2, 0xd3, 0xbd, 0x8c, 0x25, 0x94,
0xac, 0xc2, 0x74, 0xfc, 0xeb, 0xfe, 0x43, 0x57, 0x3e, 0xbf, 0x72, 0x25, 0xb6, 0xb2, 0x72, 0x3d,
0x56, 0xa6, 0x5e, 0x08, 0x12, 0x64, 0xe4, 0x3a, 0x14, 0xb7, 0x3d, 0x7f, 0x7f, 0x97, 0x7d, 0xe3,
0xa1, 0xf8, 0xca, 0xf2, 0x50, 0xc0, 0x54, 0xd1, 0x5c, 0xe2, 0xb1, 0xe5, 0xb2, 0xe2, 0x1e, 0x38,
0xbe, 0x87, 0xe6, 0x32, 0xaa, 0x95, 0x2b, 0x8d, 0xc1, 0x5a, 0xa8, 0xab, 0x18, 0x4c, 0x2e, 0xc3,
0x70, 0xa5, 0x1e, 0x7a, 0xbe, 0xd8, 0xfe, 0xf8, 0x4c, 0x61, 0x00, 0x6d, 0xa6, 0x30, 0x00, 0x1b,
0x44, 0xb6, 0x27, 0x8d, 0xc6, 0x83, 0xa8, 0x6f, 0x44, 0xac, 0x94, 0x5d, 0xb9, 0x4c, 0xba, 0x8b,
0x4a, 0xdf, 0x62, 0xdc, 0x7e, 0x9f, 0xee, 0xa6, 0x1e, 0x68, 0x04, 0x9a, 0xf1, 0x17, 0xa1, 0xe7,
0x94, 0x67, 0x32, 0xee, 0xc9, 0xa6, 0xfc, 0xba, 0x3d, 0xc0, 0x94, 0x7f, 0x35, 0xf2, 0x5d, 0x56,
0xe3, 0xe9, 0x21, 0x44, 0x95, 0xae, 0x84, 0x17, 0xb3, 0x3e, 0xff, 0x0a, 0x27, 0x99, 0x7f, 0x7f,
0xab, 0x78, 0x92, 0xf9, 0x27, 0xc6, 0x37, 0x3f, 0xe8, 0xf8, 0x16, 0x06, 0x1a, 0x5f, 0x76, 0xa8,
0x44, 0x41, 0xf0, 0xab, 0x76, 0xa8, 0xed, 0x88, 0x51, 0xa0, 0x7c, 0xab, 0x63, 0x6b, 0x91, 0x5e,
0x75, 0x12, 0x45, 0x48, 0x40, 0x0e, 0xc3, 0x69, 0x21, 0x21, 0x41, 0xaf, 0xa2, 0xb3, 0x8d, 0x40,
0x9e, 0xf9, 0x35, 0xf4, 0x84, 0x15, 0x93, 0x8d, 0x1b, 0x53, 0x49, 0x31, 0x81, 0x3b, 0xc9, 0x6a,
0xaf, 0x59, 0x1a, 0x51, 0x72, 0x9e, 0x8f, 0x9e, 0x68, 0x9e, 0x73, 0x9f, 0x0c, 0x7f, 0xdd, 0x6b,
0x3a, 0xd2, 0x5f, 0x52, 0xfa, 0x64, 0xf8, 0x56, 0x8b, 0x41, 0x13, 0x3e, 0x19, 0x1c, 0x95, 0xbc,
0x06, 0x23, 0xec, 0xc7, 0xda, 0xb2, 0xb0, 0xf0, 0x41, 0x5d, 0x0e, 0x12, 0xe9, 0x4e, 0xaa, 0x1c,
0x49, 0x56, 0xb3, 0xd2, 0xb6, 0x9d, 0x96, 0x08, 0x6f, 0x16, 0x57, 0x43, 0x19, 0x34, 0x59, 0x0d,
0xa2, 0x92, 0x3a, 0x4c, 0x98, 0x74, 0xb7, 0xea, 0x7b, 0x21, 0xad, 0x87, 0xb4, 0x21, 0xae, 0x9b,
0x52, 0xe3, 0xb2, 0xe8, 0x79, 0xfc, 0x2a, 0x8d, 0xfe, 0x8c, 0xb9, 0xef, 0x1e, 0x95, 0x81, 0x81,
0xb8, 0x07, 0x34, 0x13, 0x79, 0xd8, 0xf7, 0xef, 0x48, 0x62, 0xf5, 0x60, 0x53, 0x99, 0x92, 0x6f,
0xb2, 0xad, 0x3e, 0x1a, 0x92, 0xb8, 0xb2, 0x89, 0x1e, 0x95, 0xbd, 0x91, 0x59, 0x59, 0x59, 0x19,
0xed, 0xcc, 0x4a, 0x33, 0x2b, 0x21, 0xef, 0xc2, 0xf8, 0xd2, 0xda, 0x92, 0xe7, 0xee, 0x3a, 0xcd,
0xda, 0x6a, 0x05, 0xef, 0xac, 0x42, 0x5e, 0xab, 0x3b, 0x56, 0x1d, 0xe1, 0x56, 0xb0, 0x67, 0x6b,
0x21, 0x6a, 0x62, 0x7c, 0x72, 0x1b, 0xa6, 0xe4, 0x4f, 0x93, 0xee, 0x32, 0x79, 0x6d, 0x4a, 0x89,
0x98, 0x10, 0x71, 0x60, 0x03, 0xa1, 0x8b, 0x6c, 0x09, 0x32, 0x36, 0x19, 0x97, 0x69, 0xa7, 0xe5,
0x1d, 0xb2, 0xe6, 0x6d, 0x3a, 0xd4, 0xc7, 0xcb, 0xa9, 0x98, 0x8c, 0x8d, 0xa8, 0xc4, 0x0a, 0x1d,
0xdd, 0xae, 0x49, 0x27, 0x62, 0xa2, 0x9f, 0x98, 0xe2, 0x0f, 0x9c, 0xc0, 0xd9, 0x71, 0x5a, 0x4e,
0x78, 0xc8, 0xfd, 0x4a, 0xb8, 0xec, 0x23, 0xd7, 0xc5, 0x41, 0x54, 0xaa, 0x8a, 0x7e, 0x29, 0x52,
0xe3, 0x57, 0xf3, 0xf0, 0x4c, 0x3f, 0x15, 0x0d, 0xa9, 0xe9, 0xfb, 0xe0, 0xa5, 0x01, 0xd4, 0x3a,
0xc7, 0xef, 0x84, 0x2b, 0x3d, 0xee, 0x19, 0x38, 0x18, 0xbd, 0x75, 0x8e, 0xc9, 0x1b, 0xc7, 0x81,
0xd8, 0xe6, 0x3e, 0x69, 0xb0, 0x94, 0x9b, 0x30, 0xb6, 0xe4, 0xb9, 0x21, 0x7d, 0x14, 0x26, 0x62,
0x8d, 0x71, 0x60, 0x32, 0x50, 0x8c, 0x44, 0x35, 0xfe, 0x79, 0x01, 0xce, 0xf7, 0xd5, 0x51, 0x90,
0x4d, 0x7d, 0xd4, 0x2e, 0x0f, 0xa2, 0xd8, 0x38, 0x7e, 0xd8, 0xae, 0xa7, 0xcc, 0xf5, 0x8f, 0xf7,
0x76, 0x37, 0x81, 0xf0, 0x08, 0x48, 0xb7, 0x5b, 0xde, 0x0e, 0x6a, 0xb1, 0x1c, 0xb7, 0x29, 0x22,
0x27, 0x71, 0xcf, 0x6d, 0x2c, 0xb5, 0x9a, 0x2d, 0x6f, 0x87, 0x6b, 0xc3, 0x1c, 0x57, 0x15, 0x8b,
0x32, 0xa8, 0x17, 0xfe, 0x79, 0x4e, 0x0c, 0xfc, 0xeb, 0x30, 0x8a, 0xcd, 0x8f, 0x86, 0x9d, 0x3f,
0x58, 0xe0, 0xce, 0xee, 0xe8, 0x0f, 0x16, 0x1c, 0x8d, 0xdc, 0x80, 0xe2, 0x92, 0xdd, 0x6a, 0x29,
0xd1, 0xdd, 0x50, 0x75, 0x51, 0x47, 0x58, 0xc2, 0xbb, 0x45, 0x22, 0xb2, 0xa3, 0x90, 0xff, 0xad,
0x9c, 0x3f, 0xb8, 0x01, 0x0b, 0xb2, 0xc4, 0x11, 0xa4, 0x20, 0x63, 0xbe, 0x10, 0x74, 0x9e, 0x18,
0x52, 0xf2, 0x85, 0x30, 0x80, 0x96, 0x2f, 0x84, 0x01, 0x8c, 0xbf, 0x39, 0x0c, 0xcf, 0xf6, 0x57,
0xde, 0x91, 0x2d, 0xfd, 0xb3, 0xbe, 0x3c, 0x90, 0xca, 0xef, 0xf8, 0xef, 0x2a, 0xf3, 0xba, 0xf0,
0x01, 0xb9, 0x94, 0x76, 0x83, 0xfe, 0xde, 0x51, 0x59, 0x71, 0x99, 0xba, 0xe3, 0x39, 0xae, 0xf2,
0x7c, 0xfd, 0x8d, 0x94, 0xa0, 0x30, 0x7e, 0xfd, 0xe6, 0x60, 0x2d, 0x8b, 0xe9, 0xf8, 0x5e, 0x35,
0xa0, 0x80, 0x41, 0x3e, 0x84, 0xa1, 0xfb, 0x6b, 0xcb, 0x4b, 0xe2, 0x2d, 0xe9, 0xf5, 0xc1, 0x2a,
0x63, 0x14, 0xa2, 0x1a, 0x54, 0x9d, 0x78, 0x4e, 0xa3, 0xae, 0xaa, 0x4e, 0x58, 0xf9, 0xc2, 0x5b,
0x50, 0x4a, 0x36, 0x8a, 0x5c, 0x84, 0x21, 0xec, 0x9a, 0xe2, 0x25, 0x9e, 0x68, 0x1b, 0x96, 0x2f,
0xfc, 0x6c, 0x0e, 0x20, 0xae, 0x84, 0x89, 0x5b, 0x6b, 0x41, 0xd0, 0x8d, 0x42, 0x0e, 0xa3, 0xb8,
0xe5, 0x20, 0x44, 0x3d, 0x41, 0x39, 0x0e, 0xf9, 0x10, 0xbd, 0xd4, 0xd1, 0x5a, 0x18, 0x3f, 0xca,
0xea, 0xe6, 0x66, 0x55, 0x90, 0x73, 0x8b, 0x2c, 0x94, 0xa9, 0x23, 0x33, 0x63, 0x6e, 0x70, 0xbf,
0x17, 0x86, 0x1d, 0x8b, 0xb3, 0x34, 0x7b, 0x91, 0x2f, 0x6c, 0x88, 0xc5, 0x82, 0x11, 0xfe, 0xd4,
0xe8, 0x2a, 0xa2, 0x5d, 0x22, 0xc2, 0x9f, 0x16, 0x9a, 0x45, 0x8f, 0xf0, 0xa7, 0x12, 0x19, 0xff,
0x36, 0x07, 0x67, 0x7b, 0x2a, 0x7a, 0x48, 0x55, 0x9f, 0xa1, 0x2f, 0x1e, 0xa7, 0x19, 0x3a, 0x76,
0x72, 0x2e, 0x7c, 0x5b, 0x2e, 0xf6, 0xf7, 0x60, 0xa2, 0xd6, 0xdd, 0x49, 0xde, 0x8f, 0x79, 0xf4,
0x4f, 0x05, 0xae, 0x8a, 0x01, 0x2a, 0x3e, 0xeb, 0xbf, 0x0c, 0x49, 0x22, 0xac, 0x9b, 0x15, 0x97,
0x8a, 0x28, 0xa4, 0x52, 0x3a, 0xc2, 0xa1, 0x4e, 0x64, 0xfc, 0x47, 0xf9, 0x6c, 0x45, 0xc3, 0xed,
0xa5, 0xea, 0x49, 0x14, 0x0d, 0xb7, 0x97, 0xaa, 0xc7, 0xf7, 0xfd, 0xbf, 0x96, 0x7d, 0xe7, 0x86,
0x7e, 0xfc, 0xd8, 0x90, 0xcf, 0x58, 0xd2, 0xd0, 0x4f, 0x1c, 0x31, 0x41, 0xc2, 0xd0, 0x4f, 0x20,
0x93, 0x37, 0x60, 0x6c, 0xdd, 0xe3, 0xc1, 0x07, 0x65, 0x8f, 0x79, 0xcc, 0x21, 0x09, 0x54, 0xcf,
0x98, 0x08, 0x93, 0xdd, 0xed, 0xf4, 0x0f, 0x2f, 0x3d, 0x47, 0x70, 0x1e, 0x26, 0xa6, 0x8b, 0xfe,
0xd8, 0xa3, 0x93, 0x19, 0xff, 0xe9, 0x30, 0x18, 0xc7, 0xab, 0xaa, 0xc9, 0x47, 0xfa, 0xd8, 0x5d,
0x19, 0x58, 0xc9, 0x3d, 0xd0, 0xb9, 0x55, 0xe9, 0x36, 0x1c, 0xea, 0xd6, 0xf5, 0x40, 0x7f, 0x02,
0xa6, 0xee, 0xf9, 0x12, 0xef, 0x93, 0x44, 0x76, 0x59, 0xf8, 0xa7, 0x85, 0x78, 0xa9, 0x25, 0xe4,
0x8b, 0xdc, 0x27, 0x90, 0x2f, 0xc8, 0x5d, 0x28, 0xa9, 0x10, 0x45, 0x51, 0x89, 0xe2, 0x9f, 0xc6,
0x28, 0xd1, 0xa8, 0x14, 0xa1, 0x2e, 0xa4, 0x14, 0x06, 0x17, 0x52, 0x12, 0x8a, 0xd2, 0xa1, 0x93,
0x29, 0x4a, 0x45, 0x60, 0xc0, 0x40, 0x9c, 0xd2, 0xc3, 0x7a, 0x60, 0xc0, 0x8c, 0x93, 0x5a, 0x45,
0x97, 0xb1, 0x0d, 0xf1, 0xa7, 0x12, 0xfb, 0x2a, 0x8a, 0x6d, 0xc8, 0xe9, 0xb3, 0x62, 0x1b, 0x46,
0x24, 0xec, 0xc4, 0x37, 0xbb, 0x2e, 0xcf, 0xc4, 0x35, 0x1a, 0x9f, 0xf8, 0x7e, 0xd7, 0xb5, 0x92,
0xd9, 0xb8, 0x22, 0x44, 0xe3, 0xef, 0x0f, 0x65, 0x4b, 0x58, 0xf1, 0x6b, 0xc6, 0x09, 0x24, 0xac,
0x88, 0xe8, 0xb3, 0x99, 0xa9, 0x5b, 0x30, 0x2b, 0x9d, 0x0f, 0xb0, 0xf6, 0x06, 0xf5, 0xb7, 0xcc,
0x75, 0xf1, 0x89, 0x51, 0x6f, 0x17, 0xb9, 0x2d, 0x74, 0x44, 0xb9, 0xd5, 0xf5, 0x35, 0xbd, 0x5d,
0x06, 0xfd, 0xc2, 0xdf, 0x93, 0x6a, 0x49, 0xf5, 0x23, 0x60, 0x48, 0x8e, 0x5c, 0xd6, 0x47, 0xe8,
0x76, 0xb5, 0xcf, 0xa8, 0x93, 0xf0, 0xbd, 0x37, 0x52, 0x21, 0x6f, 0xe9, 0x02, 0xb7, 0xaa, 0x76,
0xd6, 0xb9, 0x24, 0x88, 0x48, 0x13, 0xce, 0xc6, 0xf7, 0x11, 0xe5, 0xba, 0x85, 0x1c, 0x79, 0x87,
0x2f, 0x3f, 0x3e, 0x2a, 0xbf, 0xa8, 0xdc, 0x67, 0xd4, 0x5b, 0x5b, 0x82, 0x7b, 0x6f, 0x5e, 0x6c,
0xbf, 0x5d, 0xf4, 0x6d, 0xb7, 0xbe, 0xa7, 0xcc, 0x79, 0xdc, 0x6f, 0x77, 0x10, 0x9a, 0x8a, 0xff,
0x15, 0x23, 0x1b, 0xdf, 0xcd, 0x67, 0xeb, 0x75, 0xc4, 0xa3, 0xd5, 0x09, 0xf4, 0x3a, 0x9c, 0xe2,
0xf8, 0x53, 0xe2, 0x5f, 0xc9, 0x53, 0xe2, 0x45, 0x18, 0xdd, 0xa4, 0xae, 0xed, 0x46, 0x71, 0xf5,
0xd0, 0x1a, 0x27, 0xe4, 0x20, 0x53, 0x96, 0x91, 0x0f, 0x80, 0x54, 0x6d, 0x9f, 0xba, 0xe1, 0x92,
0xd7, 0xee, 0xd8, 0x7e, 0xd8, 0xc6, 0x5c, 0x65, 0xfc, 0x68, 0x40, 0xcb, 0x8b, 0x0e, 0x96, 0x5a,
0x75, 0xa5, 0x58, 0x95, 0xc8, 0xd3, 0xc4, 0xe4, 0x2a, 0x8c, 0x4a, 0x23, 0x93, 0x42, 0x1c, 0x9a,
0x38, 0x6d, 0x60, 0x22, 0xb1, 0xd8, 0xa9, 0x24, 0x5d, 0xe1, 0x65, 0x72, 0x00, 0x5c, 0x96, 0xd2,
0x59, 0x5e, 0x3b, 0x95, 0x22, 0x4c, 0xe3, 0xbf, 0x1c, 0x81, 0xf9, 0x5e, 0x0f, 0x62, 0xe4, 0xbe,
0x3e, 0xb4, 0x2f, 0x1c, 0xf3, 0x80, 0x76, 0xfc, 0xc0, 0xfe, 0xf6, 0xf0, 0x93, 0xdd, 0xcf, 0xb5,
0x2d, 0x38, 0xff, 0x89, 0xb7, 0xe0, 0xc2, 0xc9, 0xb6, 0xe0, 0x37, 0x01, 0x36, 0x69, 0xbb, 0xd3,
0xb2, 0x43, 0x1a, 0xbd, 0x35, 0xf1, 0x98, 0xb5, 0x02, 0x9a, 0xf0, 0x7d, 0x88, 0x91, 0xc9, 0xfb,
0x30, 0x21, 0x7f, 0x29, 0xd6, 0x24, 0x3c, 0x57, 0x92, 0x24, 0x4e, 0x3e, 0x73, 0xa9, 0x04, 0x6c,
0xef, 0x50, 0x96, 0x56, 0x14, 0x51, 0x80, 0x3f, 0x4b, 0x28, 0x2b, 0x53, 0xdf, 0x3b, 0x34, 0x12,
0x26, 0x89, 0x28, 0x00, 0x25, 0x70, 0x21, 0x4a, 0x22, 0x2a, 0x97, 0x44, 0x53, 0x92, 0x64, 0xe9,
0xe3, 0xa4, 0x78, 0xf2, 0xe3, 0x44, 0xd7, 0xa3, 0xc8, 0x6c, 0x98, 0x19, 0x7a, 0x94, 0x84, 0xd9,
0xb6, 0x4e, 0xc4, 0x9a, 0xc2, 0x21, 0xba, 0xd2, 0x0c, 0x9b, 0xd2, 0x10, 0x05, 0x29, 0xc5, 0x99,
0x4e, 0xc2, 0x3d, 0x75, 0x0e, 0x5e, 0xdf, 0xb4, 0x9b, 0x22, 0x1e, 0x8a, 0xf0, 0xd4, 0x39, 0x78,
0xdd, 0x0a, 0xed, 0xa6, 0xee, 0xa9, 0x83, 0x68, 0xc6, 0x3f, 0x1d, 0x86, 0x0b, 0xc7, 0xbd, 0x8b,
0x93, 0x5d, 0x80, 0xfb, 0xee, 0x8e, 0x67, 0xfb, 0x0d, 0x76, 0x53, 0xcf, 0x1d, 0x7b, 0x9f, 0x53,
0x89, 0xaf, 0xc4, 0x94, 0xac, 0x90, 0x5b, 0x93, 0x7b, 0x11, 0xcc, 0x54, 0x38, 0x93, 0xaf, 0x41,
0xd1, 0xa4, 0x75, 0xef, 0x80, 0x8a, 0x57, 0x87, 0xf1, 0xeb, 0x9f, 0x1f, 0xb4, 0x16, 0x49, 0x87,
0x75, 0x60, 0xc8, 0x00, 0x5f, 0x40, 0xcc, 0x88, 0x27, 0xf9, 0x3a, 0x8c, 0xf3, 0x44, 0x90, 0x95,
0xdd, 0x50, 0xbc, 0x4c, 0x1c, 0x1f, 0xbd, 0x2c, 0xc7, 0x56, 0x15, 0x4f, 0x2d, 0x69, 0xd9, 0xbb,
0x9a, 0x8f, 0x1f, 0x8f, 0x5e, 0xa6, 0xb0, 0x5c, 0xf8, 0x0f, 0xf3, 0x30, 0xa5, 0x77, 0x98, 0xac,
0x43, 0x69, 0xcd, 0x75, 0x42, 0xc7, 0x6e, 0xe9, 0x3e, 0x15, 0x42, 0x3d, 0xe6, 0xf0, 0x32, 0x2b,
0xd3, 0xe5, 0x20, 0x45, 0xc9, 0x76, 0x6a, 0xb6, 0x61, 0x06, 0x21, 0x7f, 0x9b, 0xe7, 0xc1, 0xf9,
0xc5, 0xce, 0xf1, 0x1c, 0xcf, 0x44, 0x11, 0x97, 0x5a, 0x3c, 0x19, 0x87, 0x1e, 0x78, 0x3c, 0x49,
0x4c, 0x0e, 0x80, 0x6c, 0x74, 0x83, 0x90, 0x97, 0x50, 0x7f, 0x91, 0xee, 0x7a, 0xfe, 0x20, 0x61,
0xcb, 0x5e, 0x16, 0x83, 0xf3, 0x6c, 0xbb, 0x1b, 0x84, 0x96, 0x2f, 0xc8, 0xad, 0x1d, 0xa4, 0x4f,
0x0c, 0x52, 0x46, 0x0d, 0x0b, 0x1b, 0x30, 0xa1, 0x7e, 0x35, 0xb4, 0xc1, 0x75, 0xda, 0x8e, 0xf4,
0x42, 0xe3, 0x36, 0xb8, 0x0c, 0x60, 0x72, 0x38, 0x79, 0x46, 0xc4, 0xf9, 0xcc, 0xc7, 0xa6, 0xaa,
0x71, 0x3c, 0x4f, 0xe3, 0x47, 0x72, 0x70, 0x3a, 0xdb, 0x7e, 0x93, 0x7c, 0x9c, 0x30, 0x0b, 0xc9,
0xf5, 0x33, 0x9a, 0x91, 0x46, 0x9f, 0x9f, 0xcc, 0x30, 0xc4, 0xf8, 0xd1, 0xa1, 0xd4, 0xdd, 0x26,
0x83, 0x23, 0xb9, 0x9d, 0xf9, 0x1d, 0x73, 0x8a, 0x34, 0x9a, 0xfe, 0x8e, 0x99, 0x5f, 0xef, 0x1d,
0x98, 0x42, 0xc6, 0xf1, 0xe4, 0x52, 0x9e, 0x72, 0x78, 0x93, 0x15, 0xdf, 0x8d, 0x04, 0x2e, 0x59,
0x03, 0x82, 0x90, 0x45, 0x2f, 0x54, 0x42, 0xd5, 0x28, 0xfa, 0x2c, 0xce, 0x61, 0xc7, 0x0b, 0x2d,
0x35, 0x68, 0x4d, 0x06, 0x11, 0xf9, 0x22, 0x4c, 0xca, 0xcf, 0xc9, 0xb3, 0x23, 0x29, 0xfe, 0x27,
0x72, 0x2d, 0xf2, 0x04, 0x49, 0xa6, 0x8e, 0x48, 0xda, 0x3c, 0xe2, 0xa2, 0x00, 0xd2, 0x46, 0x25,
0x1c, 0x20, 0xac, 0xe5, 0x4b, 0x62, 0xf6, 0x9d, 0xe3, 0xa9, 0x5f, 0x25, 0xad, 0x65, 0x87, 0x89,
0xa9, 0x97, 0xe4, 0x4d, 0x9a, 0x30, 0xa9, 0xa4, 0x84, 0xad, 0x84, 0xc2, 0xae, 0xb1, 0x5f, 0x65,
0x2f, 0x8a, 0xca, 0xce, 0xaa, 0x79, 0x66, 0xd3, 0x55, 0xe9, 0x7c, 0x8d, 0x6f, 0xe7, 0x61, 0x8a,
0xab, 0x8e, 0xb8, 0x11, 0xef, 0x53, 0x6b, 0x6d, 0xfd, 0xb6, 0x66, 0x6d, 0x2d, 0xf3, 0xe1, 0xa8,
0x5d, 0x1b, 0xc8, 0x37, 0x66, 0x0f, 0x48, 0x9a, 0x86, 0x98, 0x30, 0xa1, 0x42, 0xfb, 0x5b, 0x46,
0x5f, 0x8b, 0x53, 0x27, 0x09, 0x9d, 0x20, 0xda, 0xba, 0x07, 0xa6, 0xc6, 0xc3, 0xf8, 0xf1, 0x3c,
0x4c, 0x2a, 0xbe, 0x31, 0x4f, 0xed, 0xc0, 0xbf, 0xa5, 0x0d, 0xfc, 0x7c, 0x14, 0x4a, 0x2c, 0xea,
0xd9, 0x40, 0xe3, 0xde, 0x85, 0x99, 0x14, 0x49, 0xd2, 0xc5, 0x28, 0x37, 0x88, 0x8b, 0xd1, 0xab,
0xe9, 0x4c, 0x28, 0x3c, 0xd9, 0x74, 0x14, 0xc6, 0x5e, 0x4d, 0xbd, 0xf2, 0x93, 0x79, 0x98, 0x13,
0xbf, 0x30, 0x81, 0x1a, 0x57, 0x82, 0x3e, 0xb5, 0xdf, 0xa2, 0xa2, 0x7d, 0x8b, 0xb2, 0xfe, 0x2d,
0x94, 0x0e, 0xf6, 0xfe, 0x24, 0xc6, 0x8f, 0x00, 0xcc, 0xf7, 0x22, 0x18, 0x38, 0xf2, 0x68, 0x1c,
0x24, 0x2c, 0x3f, 0x40, 0x90, 0xb0, 0x75, 0x28, 0x61, 0x55, 0xc2, 0x29, 0x37, 0xd8, 0x32, 0xd7,
0xc4, 0x20, 0xa1, 0xf4, 0xc1, 0xf3, 0xdd, 0x09, 0x4f, 0xde, 0x20, 0xf1, 0x60, 0x98, 0xa2, 0x24,
0x7f, 0x23, 0x07, 0x53, 0x08, 0x5c, 0x39, 0x60, 0x97, 0x3c, 0xc6, 0x6c, 0x48, 0x44, 0x8f, 0x8a,
0xcc, 0x9d, 0x6b, 0xa1, 0xef, 0xb8, 0x4d, 0x61, 0xef, 0xbc, 0x23, 0xec, 0x9d, 0xdf, 0xe1, 0x76,
0xda, 0x57, 0xea, 0x5e, 0xfb, 0x6a, 0xd3, 0xb7, 0x0f, 0x1c, 0xee, 0xf6, 0x65, 0xb7, 0xae, 0x46,
0xa9, 0xf1, 0xed, 0x8e, 0x93, 0xc8, 0x8b, 0x2f, 0x58, 0xa1, 0x2d, 0x39, 0x6f, 0x28, 0xc5, 0x6a,
0x93, 0xef, 0x9a, 0x7a, 0x8b, 0xc8, 0x0f, 0xc0, 0x19, 0xfe, 0x42, 0xb4, 0xe4, 0xb9, 0xa1, 0xe3,
0x76, 0xbd, 0x6e, 0xb0, 0x68, 0xd7, 0xf7, 0xbb, 0x9d, 0x40, 0x84, 0x20, 0xc4, 0x9e, 0xd7, 0xa3,
0x42, 0x6b, 0x87, 0x97, 0x6a, 0xc1, 0x81, 0xb3, 0x19, 0x90, 0x55, 0x98, 0xe1, 0x45, 0x95, 0x6e,
0xe8, 0xd5, 0xea, 0x76, 0x8b, 0x09, 0xc4, 0xa3, 0xc8, 0x95, 0x1b, 0x75, 0x76, 0x43, 0xcf, 0x0a,
0x38, 0x5c, 0x7d, 0xe6, 0x4c, 0x11, 0x91, 0x35, 0x98, 0x36, 0xa9, 0xdd, 0xd8, 0xb0, 0x1f, 0x2d,
0xd9, 0x1d, 0xbb, 0xee, 0x84, 0x3c, 0x83, 0x59, 0x81, 0x2b, 0xf2, 0x7c, 0x6a, 0x37, 0xac, 0xb6,
0xfd, 0xc8, 0xaa, 0x8b, 0x42, 0xdd, 0x54, 0x46, 0xa3, 0x8b, 0x58, 0x39, 0x6e, 0xc4, 0x6a, 0x2c,
0xc9, 0xca, 0x71, 0x7b, 0xb3, 0x8a, 0xe9, 0x24, 0x2b, 0x9e, 0xdd, 0x96, 0x07, 0x10, 0x60, 0xd7,
0x90, 0x9c, 0xc2, 0x4a, 0xa4, 0xc4, 0xc5, 0x60, 0x02, 0x49, 0x56, 0x0a, 0x1d, 0x9b, 0x79, 0xdb,
0xbe, 0x13, 0x52, 0xb5, 0x87, 0xe3, 0xd8, 0x2c, 0x1c, 0x7f, 0x0c, 0xbd, 0xd0, 0xab, 0x8b, 0x29,
0xca, 0x98, 0x9b, 0xd2, 0xc9, 0x89, 0x14, 0xb7, 0xec, 0x5e, 0xa6, 0x28, 0x23, 0x6e, 0x6a, 0x3f,
0x27, 0xb1, 0x9f, 0x0a, 0xb7, 0x1e, 0x1d, 0x4d, 0x51, 0x92, 0x7b, 0x6c, 0xd0, 0x42, 0xea, 0xb2,
0x19, 0x2d, 0x22, 0x1b, 0x4c, 0x61, 0xd3, 0x5e, 0x10, 0x62, 0x43, 0xc9, 0x97, 0xc5, 0x56, 0x46,
0x9c, 0x83, 0x24, 0x31, 0xf9, 0x21, 0x98, 0xde, 0x0a, 0xe8, 0xad, 0xb5, 0x6a, 0x4d, 0xa6, 0x8c,
0xc0, 0x97, 0xf9, 0xa9, 0xeb, 0xd7, 0x8e, 0xd9, 0x74, 0xae, 0xa8, 0x34, 0xec, 0x40, 0xa4, 0xfc,
0xbb, 0x75, 0x03, 0x6a, 0xed, 0x3a, 0x9d, 0x20, 0x4a, 0x97, 0xa4, 0x7e, 0xb7, 0x44, 0x55, 0xc6,
0x2a, 0xcc, 0xa4, 0xd8, 0x90, 0x29, 0x00, 0x06, 0xb4, 0xb6, 0xee, 0xd5, 0x56, 0x36, 0x4b, 0x9f,
0x23, 0x25, 0x98, 0xc0, 0xdf, 0x2b, 0xf7, 0x2a, 0x8b, 0xeb, 0x2b, 0xcb, 0xa5, 0x1c, 0x99, 0x81,
0x49, 0x84, 0x2c, 0xaf, 0xd5, 0x38, 0x28, 0xcf, 0xb3, 0x3a, 0x9b, 0x25, 0xbe, 0x74, 0x43, 0x7c,
0xd3, 0x65, 0x67, 0x8a, 0xf1, 0xd7, 0xf2, 0x70, 0x56, 0x1e, 0x2b, 0x34, 0x64, 0xd7, 0x6c, 0xc7,
0x6d, 0x3e, 0xe5, 0xa7, 0xc3, 0x2d, 0xed, 0x74, 0x78, 0x21, 0x71, 0x52, 0x27, 0x7a, 0xd9, 0xe7,
0x88, 0xf8, 0x8d, 0x31, 0x38, 0xdf, 0x97, 0x8a, 0x7c, 0xc0, 0x4e, 0x73, 0x87, 0xba, 0xe1, 0x5a,
0xa3, 0x45, 0x99, 0x88, 0xea, 0x75, 0x43, 0x11, 0x49, 0xe3, 0x79, 0x7c, 0xb8, 0xc6, 0x42, 0xcb,
0x69, 0xb4, 0xa8, 0x15, 0xf2, 0x62, 0x6d, 0xba, 0xa5, 0xa9, 0x19, 0xcb, 0xbb, 0x94, 0x76, 0x2a,
0x2d, 0xe7, 0x80, 0xae, 0xb9, 0x21, 0xf5, 0x0f, 0xd0, 0x13, 0x32, 0x62, 0xb9, 0x4f, 0x69, 0xc7,
0xb2, 0x59, 0xa9, 0xe5, 0x88, 0x62, 0x9d, 0x65, 0x8a, 0x9a, 0xdc, 0x52, 0x58, 0xa2, 0x94, 0xbf,
0x61, 0x3f, 0x12, 0xce, 0x4f, 0x22, 0x63, 0x5c, 0xc4, 0x92, 0xc7, 0xa8, 0x6a, 0xdb, 0x8f, 0xcc,
0x34, 0x09, 0xf9, 0x2a, 0x9c, 0x12, 0x07, 0x90, 0x88, 0x56, 0x2d, 0x7b, 0xcc, 0x63, 0x61, 0xbf,
0xc4, 0x2e, 0x66, 0x32, 0x10, 0x85, 0x8c, 0x40, 0x9f, 0xd5, 0xeb, 0x6c, 0x2e, 0x64, 0x93, 0x1d,
0xc8, 0x89, 0xe1, 0xd8, 0xa0, 0x41, 0x20, 0x03, 0x91, 0x09, 0x75, 0x9c, 0x3a, 0x98, 0x56, 0x9b,
0x97, 0x9b, 0x3d, 0x29, 0xc9, 0x2a, 0x4c, 0x6d, 0xd3, 0x1d, 0xf5, 0xfb, 0x8c, 0x44, 0x5b, 0x55,
0xe9, 0x21, 0xdd, 0xe9, 0xfd, 0x71, 0x12, 0x74, 0xc4, 0x41, 0xe3, 0x9a, 0x47, 0x87, 0xeb, 0xec,
0xe2, 0xec, 0x52, 0x1f, 0xef, 0xbf, 0xa3, 0xb8, 0x19, 0xcc, 0xc7, 0x12, 0xb2, 0x5e, 0x2e, 0x34,
0xb6, 0x18, 0xfb, 0xa7, 0x25, 0xe0, 0x16, 0xbb, 0x28, 0x27, 0xec, 0x6e, 0x74, 0x2a, 0xf2, 0x75,
0x98, 0x36, 0xbd, 0x6e, 0xe8, 0xb8, 0xcd, 0x1a, 0xbb, 0x61, 0xd2, 0x26, 0x3f, 0x90, 0xe2, 0x84,
0x1a, 0x89, 0x52, 0x61, 0xd2, 0xc9, 0x81, 0x56, 0x20, 0xa0, 0xda, 0x89, 0xa0, 0x13, 0x90, 0xaf,
0xc1, 0x14, 0x8f, 0xef, 0x1b, 0x55, 0x30, 0xa6, 0x65, 0xfb, 0xd6, 0x0b, 0x1f, 0x5c, 0x13, 0xbe,
0x2a, 0x08, 0xcd, 0xaa, 0x20, 0xc1, 0x8d, 0x7c, 0x59, 0x0c, 0x56, 0xd5, 0x71, 0x9b, 0xd1, 0x34,
0x06, 0x1c, 0xf9, 0xd7, 0xe2, 0x21, 0xe9, 0xb0, 0xe6, 0xca, 0x69, 0xdc, 0xc3, 0xf1, 0x2e, 0xcd,
0x87, 0x84, 0x70, 0xbe, 0x12, 0x04, 0x4e, 0x10, 0x8a, 0x78, 0x33, 0x2b, 0x8f, 0x68, 0xbd, 0xcb,
0x90, 0xb7, 0x3d, 0x7f, 0x9f, 0xfa, 0xdc, 0x97, 0x7c, 0x78, 0xf1, 0xca, 0xe3, 0xa3, 0xf2, 0xcb,
0x36, 0x22, 0x5a, 0x22, 0x44, 0x8d, 0x45, 0x25, 0xaa, 0xf5, 0x90, 0xe3, 0x2a, 0x7d, 0xe8, 0xcf,
0x94, 0x7c, 0x0d, 0x4e, 0x2f, 0xd9, 0x01, 0x5d, 0x73, 0x03, 0xea, 0x06, 0x4e, 0xe8, 0x1c, 0x50,
0x31, 0xa8, 0x78, 0xf8, 0x15, 0x79, 0x26, 0x95, 0xba, 0x1d, 0xb0, 0x85, 0x19, 0xa1, 0x58, 0xe2,
0xa3, 0xa8, 0x89, 0x5a, 0xb2, 0xb9, 0x10, 0x13, 0xa6, 0x6a, 0xb5, 0xd5, 0x65, 0xc7, 0x8e, 0xd6,
0xd5, 0x24, 0x8e, 0xd7, 0xcb, 0xf8, 0xa4, 0x1b, 0xec, 0x59, 0x0d, 0xc7, 0x8e, 0x16, 0x54, 0x8f,
0xc1, 0x4a, 0x70, 0x30, 0x8e, 0x72, 0x50, 0x4a, 0x7e, 0x4a, 0xf2, 0x21, 0x8c, 0x71, 0xaf, 0x35,
0x1a, 0xec, 0x09, 0xfd, 0x8b, 0x74, 0x82, 0x8a, 0xe0, 0x3a, 0x91, 0x08, 0x61, 0xc7, 0x7d, 0xe2,
0xa8, 0x6a, 0xa5, 0xbe, 0xfa, 0x39, 0x33, 0x66, 0x46, 0x1a, 0x30, 0xc1, 0xbf, 0x16, 0xc5, 0x64,
0x40, 0x89, 0x28, 0x3c, 0x6a, 0x51, 0x82, 0x3f, 0xf7, 0xcd, 0xe0, 0x73, 0x82, 0x23, 0x68, 0x55,
0x68, 0x5c, 0x17, 0x01, 0x8a, 0x92, 0xd0, 0x38, 0x0b, 0x67, 0x7a, 0xb4, 0xd9, 0x38, 0xc0, 0x97,
0x9e, 0x1e, 0x35, 0x92, 0x0f, 0x61, 0x0e, 0x09, 0x97, 0x3c, 0xd7, 0xa5, 0xf5, 0x10, 0xb7, 0x23,
0x69, 0x75, 0x51, 0xe0, 0x16, 0xe6, 0xbc, 0xbf, 0xf5, 0x08, 0x21, 0x95, 0x52, 0x3a, 0x93, 0x83,
0xf1, 0xaf, 0xf3, 0x30, 0x2f, 0x76, 0x38, 0x93, 0xd6, 0x3d, 0xd4, 0x3e, 0x3e, 0xe5, 0x27, 0xea,
0x8a, 0x76, 0xa2, 0x3e, 0x1f, 0xc5, 0x37, 0xcf, 0xea, 0x64, 0x1f, 0x57, 0xef, 0xad, 0x84, 0xab,
0xf7, 0x31, 0x8c, 0x78, 0x6a, 0xda, 0x79, 0x29, 0xb8, 0xf5, 0x72, 0xfa, 0x36, 0xd6, 0xa0, 0x78,
0x97, 0x1e, 0xa2, 0xf3, 0x25, 0x1b, 0xdf, 0x30, 0xbe, 0xb9, 0x15, 0x65, 0x6c, 0x0f, 0x13, 0xff,
0x25, 0x65, 0x18, 0x46, 0x57, 0x4e, 0x35, 0x12, 0x17, 0x02, 0x4c, 0xfe, 0x9f, 0xf1, 0xbf, 0xe7,
0xe0, 0xec, 0x86, 0xed, 0x76, 0xed, 0xd6, 0x5d, 0x7a, 0xc8, 0x33, 0x5e, 0xb7, 0xf9, 0x27, 0xde,
0x75, 0x9a, 0xe4, 0x2a, 0x8c, 0x8a, 0x2c, 0x82, 0xc8, 0xbf, 0xc8, 0xdf, 0xd1, 0xd2, 0x89, 0x05,
0x25, 0x16, 0xb9, 0x0b, 0xe3, 0x4a, 0xd8, 0x0a, 0xe1, 0xb1, 0x2c, 0x47, 0x5e, 0xb6, 0x59, 0xb8,
0x7c, 0x67, 0x87, 0xb7, 0xb0, 0xe3, 0xf0, 0x16, 0xf7, 0x60, 0x42, 0x6a, 0xbb, 0x90, 0x5b, 0x21,
0x9b, 0xdb, 0x42, 0xac, 0x23, 0x4f, 0x85, 0xb1, 0x18, 0x17, 0x70, 0x0c, 0x5e, 0xf1, 0xdb, 0x39,
0xb8, 0x90, 0x1c, 0xf9, 0x38, 0x02, 0xcd, 0x27, 0xed, 0xf2, 0x21, 0x9c, 0x6a, 0xe3, 0x00, 0x62,
0x78, 0x9c, 0x76, 0x34, 0x84, 0x62, 0x2f, 0x90, 0xbe, 0xaa, 0x3d, 0x07, 0x99, 0xbf, 0x89, 0x67,
0xb2, 0x50, 0xdf, 0xc4, 0xdb, 0x69, 0x7a, 0xe3, 0xe7, 0xf2, 0xf0, 0x4c, 0xbf, 0x39, 0x19, 0x29,
0xad, 0x73, 0x59, 0x4a, 0x6b, 0xd2, 0x81, 0x59, 0xdc, 0x2f, 0x96, 0xf6, 0x68, 0x7d, 0x1f, 0xa3,
0xd3, 0xdd, 0xe5, 0x1f, 0x2d, 0xdb, 0x0e, 0xf9, 0xd5, 0x4c, 0x3b, 0xe4, 0xd3, 0x7c, 0x13, 0xab,
0x23, 0x0f, 0x1e, 0xf8, 0x8e, 0x7d, 0x03, 0x33, 0x8b, 0x35, 0xa1, 0x00, 0x71, 0xe2, 0x4f, 0xa1,
0xe5, 0x7f, 0xa9, 0xc7, 0x9a, 0x48, 0x7e, 0x19, 0xcc, 0x20, 0xc0, 0xd6, 0xc5, 0x5c, 0xcc, 0x42,
0x9d, 0x38, 0x31, 0xd4, 0xe8, 0xf6, 0x1c, 0x16, 0x9e, 0xd4, 0x79, 0x0b, 0xa6, 0x95, 0xfc, 0xa3,
0x38, 0xb7, 0x74, 0xc5, 0x5f, 0x32, 0x34, 0x11, 0x7f, 0x96, 0x4d, 0xd0, 0x98, 0x53, 0x54, 0xc5,
0x09, 0x8c, 0x9f, 0xce, 0x43, 0xa9, 0xd2, 0x0d, 0xf7, 0xaa, 0x3e, 0xdd, 0xa5, 0x3e, 0x75, 0xeb,
0xf4, 0xfb, 0x2c, 0xc4, 0x85, 0xde, 0xb9, 0x81, 0xd4, 0x7f, 0xdf, 0x99, 0x82, 0xb9, 0x2c, 0x32,
0x36, 0x2e, 0x9b, 0x99, 0xfb, 0x16, 0xea, 0x99, 0xbe, 0x95, 0x83, 0x89, 0x1a, 0xad, 0x7b, 0x6e,
0xe3, 0x16, 0xba, 0xc1, 0x88, 0xd1, 0xb1, 0xb9, 0xc4, 0xcd, 0xe0, 0xd6, 0x6e, 0xc2, 0x3f, 0xe6,
0x7b, 0x47, 0xe5, 0x2f, 0x0d, 0xa6, 0xe8, 0xa9, 0x7b, 0xf8, 0x70, 0x10, 0x62, 0x12, 0xf9, 0xa8,
0x0a, 0xde, 0x1a, 0x53, 0xab, 0x96, 0x2c, 0xc2, 0xa4, 0x38, 0xed, 0x3c, 0x35, 0xf7, 0x1a, 0xcf,
0xa0, 0x20, 0x0b, 0x52, 0x4f, 0xb4, 0x1a, 0x09, 0xb9, 0x01, 0x85, 0xad, 0xeb, 0xb7, 0xc4, 0x57,
0x90, 0x51, 0x2d, 0xb7, 0xae, 0xdf, 0x42, 0x6d, 0x32, 0x9b, 0xd0, 0x93, 0xdd, 0xeb, 0x9a, 0x83,
0xc9, 0xd6, 0xf5, 0x5b, 0xe4, 0xcf, 0xc1, 0xa9, 0x65, 0x27, 0x10, 0x55, 0xf0, 0x70, 0x2b, 0x0d,
0x0c, 0xeb, 0x36, 0xd2, 0x63, 0x75, 0x7e, 0x21, 0x73, 0x75, 0x3e, 0xd7, 0x88, 0x98, 0x58, 0x3c,
0x96, 0x4b, 0x23, 0x99, 0x63, 0x2e, 0xbb, 0x1e, 0xf2, 0x31, 0x4c, 0xa1, 0xd5, 0x01, 0x46, 0xa0,
0xc1, 0x64, 0xd0, 0xa3, 0x3d, 0x6a, 0x7e, 0x3d, 0xb3, 0xe6, 0x05, 0x6e, 0x12, 0x8a, 0x71, 0x6c,
0x30, 0x71, 0xb4, 0xa6, 0x34, 0xd3, 0x38, 0x93, 0x3b, 0x30, 0x2d, 0x6e, 0x2f, 0xf7, 0x77, 0x37,
0xf7, 0xe8, 0xb2, 0x7d, 0x28, 0x9e, 0xc2, 0x51, 0x21, 0x22, 0xae, 0x3c, 0x96, 0xb7, 0x6b, 0x85,
0x7b, 0xd4, 0x6a, 0xd8, 0x9a, 0x9c, 0x9f, 0x20, 0x24, 0xdf, 0x84, 0xf1, 0x75, 0xaf, 0xce, 0x2e,
0xae, 0xb8, 0xf3, 0xf1, 0xd7, 0xf0, 0x8f, 0xd8, 0x46, 0xd5, 0xe2, 0xe0, 0xc4, 0x6d, 0xe4, 0x7b,
0x47, 0xe5, 0xb7, 0x4f, 0x3a, 0x6d, 0x94, 0x0a, 0x4c, 0xb5, 0x36, 0xb2, 0x04, 0xc5, 0x6d, 0xba,
0xc3, 0x7a, 0xeb, 0x8a, 0x30, 0x08, 0x72, 0xd5, 0x49, 0xb0, 0x70, 0x24, 0x13, 0xbf, 0x34, 0x47,
0x32, 0x01, 0x23, 0x3e, 0xcc, 0xe0, 0xf8, 0x54, 0xed, 0x20, 0x78, 0xe8, 0xf9, 0x0d, 0xcc, 0xe3,
0xde, 0xcb, 0x13, 0xe5, 0x7a, 0xe6, 0xe0, 0x3f, 0xc3, 0x07, 0xbf, 0xa3, 0x70, 0xd0, 0x62, 0x95,
0x24, 0xd9, 0x93, 0xaf, 0xc3, 0x94, 0x88, 0x67, 0xbb, 0x71, 0xab, 0x82, 0x2b, 0x61, 0x42, 0x8b,
0x0a, 0xa7, 0x17, 0xca, 0xc7, 0x5e, 0x84, 0x45, 0xa1, 0x18, 0xdb, 0xbb, 0xb6, 0x6e, 0x2b, 0xa5,
0x92, 0x90, 0x2a, 0x8c, 0x2f, 0xd3, 0x03, 0xa7, 0x4e, 0x31, 0x9c, 0x94, 0x08, 0x96, 0x20, 0x43,
0x7f, 0x29, 0x25, 0xfc, 0x38, 0x6f, 0x20, 0x80, 0x07, 0xa7, 0xd2, 0x5d, 0x4c, 0x23, 0x44, 0x72,
0x13, 0x0a, 0x6b, 0xcb, 0x55, 0x11, 0x2b, 0x61, 0x26, 0x8a, 0x1a, 0x5d, 0x15, 0x19, 0x09, 0xb9,
0xef, 0x96, 0xd3, 0xd0, 0x22, 0x2d, 0xac, 0x2d, 0x57, 0xc9, 0x2e, 0x4c, 0x72, 0x9b, 0x64, 0x6a,
0xf3, 0xb1, 0x9d, 0xee, 0x31, 0xb6, 0x57, 0x32, 0xc7, 0x76, 0x5e, 0xd8, 0x3a, 0x0b, 0x6a, 0x75,
0xdd, 0x6b, 0x6c, 0xd9, 0x8d, 0x70, 0x99, 0xee, 0xda, 0xdd, 0x96, 0xd4, 0x62, 0x6f, 0x6e, 0xae,
0xa3, 0x6f, 0x8a, 0xb8, 0x11, 0x36, 0x78, 0x61, 0x34, 0x7e, 0xbd, 0x43, 0xb1, 0xa4, 0xf9, 0x90,
0xb7, 0x60, 0xe8, 0xfe, 0x7e, 0x68, 0x8b, 0xa8, 0x08, 0x72, 0x1c, 0x19, 0x48, 0x76, 0x9f, 0x1b,
0x95, 0xef, 0x6b, 0xb9, 0x5d, 0x90, 0x86, 0x7d, 0x8a, 0x55, 0xdb, 0x6f, 0x3c, 0xb4, 0x7d, 0x0c,
0x95, 0x38, 0xab, 0xb1, 0x50, 0x4a, 0xf8, 0xa7, 0xd8, 0x13, 0x80, 0x84, 0x75, 0x80, 0xca, 0x82,
0xfc, 0x00, 0x9c, 0x0d, 0x9c, 0xa6, 0x8b, 0x11, 0xfb, 0x2d, 0xbb, 0xd5, 0xf4, 0x7c, 0x27, 0xdc,
0x6b, 0x5b, 0x41, 0xd7, 0x09, 0x29, 0x86, 0x27, 0x98, 0x8a, 0x2e, 0x5c, 0x35, 0x89, 0x57, 0x91,
0x68, 0x35, 0x86, 0x65, 0x9e, 0x09, 0xb2, 0x0b, 0xc8, 0x97, 0x61, 0x52, 0xdd, 0x92, 0x83, 0xf9,
0x53, 0x17, 0x0a, 0x97, 0xa6, 0xa2, 0xa3, 0x3a, 0xb9, 0x85, 0xcb, 0x8c, 0x93, 0xca, 0x19, 0x11,
0xe8, 0x19, 0x27, 0x15, 0x5e, 0xc4, 0x84, 0x33, 0x01, 0x57, 0x0e, 0x76, 0x5d, 0xe7, 0x11, 0x86,
0xec, 0x15, 0x3e, 0x4c, 0x18, 0xa6, 0x20, 0x3e, 0xfa, 0x6a, 0x88, 0xb5, 0x75, 0x6f, 0xed, 0xc3,
0xad, 0x80, 0xfa, 0xc2, 0x95, 0x69, 0x8e, 0xd3, 0x6e, 0xb9, 0xce, 0xa3, 0x18, 0xca, 0x35, 0x8f,
0x77, 0x86, 0x8a, 0xa4, 0x34, 0x6b, 0xce, 0x88, 0x55, 0x20, 0xbe, 0xdc, 0xc6, 0xad, 0x8a, 0x39,
0x5a, 0x5d, 0x7b, 0x50, 0x6b, 0x79, 0xa1, 0xb1, 0x07, 0x73, 0x59, 0x5c, 0xc9, 0x7c, 0x42, 0x02,
0x8d, 0x45, 0xcd, 0x73, 0x30, 0xb6, 0xeb, 0xf8, 0x41, 0x68, 0x75, 0x1d, 0x2e, 0x2f, 0x0c, 0x9b,
0x45, 0x04, 0x6c, 0x39, 0x0d, 0x72, 0x16, 0x8a, 0xf8, 0x40, 0xcc, 0xca, 0x0a, 0x58, 0x36, 0xca,
0x7e, 0x6f, 0x39, 0x0d, 0xe3, 0xbf, 0xc8, 0xe1, 0x11, 0x44, 0x5e, 0xc6, 0xd4, 0x08, 0x91, 0xb9,
0x18, 0x3e, 0xde, 0xd8, 0x9d, 0x44, 0x2a, 0x6c, 0x8e, 0x42, 0x5e, 0x85, 0x91, 0x5b, 0x76, 0x9d,
0x46, 0x96, 0x78, 0x88, 0xbc, 0x8b, 0x10, 0xf5, 0x46, 0xc2, 0x71, 0xd8, 0xe5, 0x92, 0x2f, 0xcd,
0x4a, 0x18, 0xd2, 0x80, 0xef, 0x9f, 0x4b, 0x15, 0x69, 0x7d, 0x87, 0x97, 0x4b, 0xb1, 0xa4, 0xed,
0x18, 0x21, 0xe1, 0x8a, 0x9e, 0xc9, 0xc1, 0xf8, 0xa3, 0x5c, 0xbc, 0xa7, 0x92, 0x97, 0x60, 0xc8,
0xac, 0x46, 0xed, 0xe7, 0x51, 0x06, 0x13, 0xcd, 0x47, 0x04, 0xf2, 0x65, 0x38, 0xa5, 0xf0, 0x49,
0xf9, 0xc5, 0xbf, 0x88, 0x41, 0xf0, 0x94, 0x96, 0x64, 0x3b, 0xc7, 0x67, 0xf3, 0xc0, 0x9b, 0x74,
0x5c, 0xb0, 0x4c, 0x5d, 0x87, 0xf3, 0x56, 0x3a, 0xab, 0xf2, 0x6e, 0x20, 0x42, 0xb2, 0xb3, 0x59,
0x1c, 0x78, 0x0c, 0x3c, 0xe3, 0xd7, 0x73, 0xda, 0x5e, 0x49, 0x2e, 0x6a, 0x52, 0x3c, 0xae, 0xeb,
0x84, 0x46, 0x8d, 0xcb, 0xf3, 0x6f, 0x02, 0x54, 0xba, 0xa1, 0xb7, 0xe2, 0xfa, 0x5e, 0xab, 0x25,
0xdc, 0x34, 0xf8, 0x55, 0xab, 0x1b, 0x7a, 0x16, 0x45, 0xb0, 0x16, 0x5d, 0x2b, 0x42, 0xce, 0x0c,
0x21, 0x50, 0xf8, 0xa4, 0x21, 0x04, 0xd8, 0xbd, 0x44, 0xdb, 0x1e, 0x5e, 0x07, 0x39, 0xe9, 0x55,
0xbf, 0xa8, 0x8e, 0x73, 0x60, 0x05, 0x2d, 0x4f, 0x8b, 0xe1, 0x2c, 0xd0, 0xc8, 0x8f, 0xe6, 0xe0,
0x34, 0xf7, 0xc5, 0xbf, 0xd7, 0x6d, 0xef, 0x50, 0xff, 0x81, 0xdd, 0x72, 0x1a, 0x71, 0xb6, 0x9c,
0xd8, 0xf1, 0x4e, 0xa9, 0x26, 0x1b, 0x9f, 0x6b, 0xa9, 0x78, 0x6c, 0x00, 0xcb, 0xc5, 0x42, 0xeb,
0x20, 0x2a, 0x55, 0xb5, 0x54, 0xd9, 0xf4, 0x64, 0x0d, 0xc6, 0xab, 0x8e, 0x8b, 0x09, 0xff, 0xe3,
0x18, 0x5a, 0x2f, 0xf1, 0xd0, 0x1a, 0x6c, 0x0a, 0xd7, 0xf7, 0x68, 0x9f, 0xad, 0x5b, 0xa5, 0x35,
0x7e, 0x35, 0x07, 0xcf, 0x1d, 0xdb, 0x60, 0x76, 0x03, 0x5d, 0x19, 0xe8, 0x06, 0x2a, 0x53, 0xf9,
0x7f, 0x05, 0x4e, 0xa9, 0xac, 0x36, 0x7d, 0xdb, 0x51, 0xa3, 0x88, 0x64, 0x0c, 0x40, 0xc8, 0x50,
0x92, 0x62, 0x6b, 0x36, 0x13, 0xe3, 0xff, 0xc9, 0xc1, 0x58, 0xe4, 0x86, 0xfc, 0x94, 0x5e, 0x67,
0x6e, 0x6a, 0xd7, 0x19, 0x99, 0x15, 0x2d, 0xea, 0x15, 0xb7, 0xdb, 0xcb, 0x78, 0x10, 0x99, 0x56,
0x9c, 0xb6, 0x11, 0xf0, 0x97, 0xf2, 0x30, 0xce, 0xb6, 0x6a, 0x6e, 0x10, 0xf2, 0xfd, 0x95, 0x7c,
0x29, 0xea, 0xd7, 0x40, 0x99, 0x66, 0xfe, 0x65, 0x0e, 0x1f, 0x0a, 0x55, 0x0a, 0x36, 0x1a, 0x0c,
0xa4, 0x8e, 0x06, 0x3b, 0x51, 0x4d, 0x84, 0xf2, 0xbc, 0x1b, 0xeb, 0x62, 0x24, 0x44, 0xde, 0x8d,
0x96, 0xc9, 0x60, 0xe4, 0x4b, 0x30, 0xbc, 0x85, 0xcf, 0x1e, 0x7a, 0x2c, 0xe2, 0x88, 0x3f, 0x16,
0xf2, 0xfd, 0xbe, 0x1b, 0xe8, 0x49, 0x59, 0x38, 0x21, 0xa9, 0xc1, 0xe8, 0x92, 0x4f, 0xed, 0x90,
0x36, 0xc4, 0x80, 0x0c, 0x14, 0xde, 0xb2, 0xce, 0x49, 0x92, 0xe1, 0x2d, 0x05, 0x27, 0xb6, 0x8f,
0x91, 0xb8, 0x8f, 0x68, 0xf2, 0x16, 0x3c, 0xb5, 0x1f, 0xfd, 0x7d, 0xed, 0xa3, 0x9f, 0x4f, 0x7d,
0x74, 0xde, 0xbd, 0x81, 0xbe, 0xfd, 0x6f, 0xe6, 0xe0, 0x74, 0x36, 0x21, 0x79, 0x1e, 0x46, 0xee,
0x6f, 0x56, 0x63, 0x33, 0x53, 0xec, 0x8a, 0xd7, 0x41, 0xa5, 0x90, 0x29, 0x8a, 0xc8, 0x6b, 0x30,
0xf2, 0x81, 0xb9, 0x14, 0x5b, 0x53, 0xe2, 0x06, 0xf7, 0x0d, 0x26, 0x79, 0x69, 0xa7, 0x9a, 0x40,
0x52, 0xbf, 0x6d, 0xe1, 0x89, 0x7d, 0xdb, 0x9f, 0xcc, 0xc3, 0x74, 0xa5, 0x5e, 0xa7, 0x41, 0x20,
0x32, 0xf4, 0x3e, 0xb5, 0x1f, 0x36, 0x3b, 0x7a, 0xb4, 0xd6, 0xb7, 0x81, 0xbe, 0xea, 0x3f, 0xc9,
0xf1, 0x18, 0xfc, 0x8c, 0xea, 0xc0, 0xa1, 0x0f, 0x37, 0xf7, 0x7c, 0x1a, 0xec, 0x79, 0xad, 0xc6,
0xa0, 0x99, 0xd8, 0x51, 0x66, 0xc4, 0x2c, 0xb6, 0xaa, 0x75, 0xd0, 0x2e, 0x42, 0x34, 0x99, 0x91,
0x67, 0xba, 0xbd, 0x0a, 0xa3, 0x95, 0x4e, 0xc7, 0xf7, 0x0e, 0xf8, 0xb2, 0x17, 0x69, 0x97, 0x6c,
0x0e, 0xd2, 0x02, 0x7a, 0x72, 0x10, 0x6b, 0xc6, 0x32, 0x75, 0x0f, 0x55, 0xdb, 0xce, 0x06, 0x75,
0xd5, 0x4b, 0x09, 0x96, 0x1b, 0x35, 0x20, 0x55, 0xdf, 0x6b, 0x7b, 0x21, 0x6d, 0xf0, 0xfe, 0x60,
0x1c, 0xd4, 0x63, 0x53, 0x56, 0x6c, 0x3a, 0x61, 0x4b, 0x4b, 0x59, 0x11, 0x32, 0x80, 0xc9, 0xe1,
0xec, 0xec, 0x3e, 0xaf, 0x8d, 0xe9, 0xb2, 0x7f, 0x68, 0x76, 0xdd, 0x15, 0xd7, 0x77, 0xea, 0x7b,
0x18, 0xdb, 0xe2, 0x1e, 0x80, 0x49, 0xed, 0xc0, 0x73, 0x15, 0x61, 0xed, 0x0a, 0x13, 0xbf, 0x7c,
0x84, 0xa6, 0xf5, 0x0e, 0x33, 0x82, 0x53, 0x4c, 0x65, 0x2a, 0x1c, 0x48, 0x05, 0x26, 0xf9, 0x2f,
0xd6, 0x99, 0x4e, 0x24, 0x88, 0x9f, 0xe3, 0x91, 0x26, 0x90, 0x65, 0x07, 0x4b, 0xf4, 0x28, 0x54,
0x0a, 0x85, 0xf1, 0x7f, 0x0d, 0xc3, 0x84, 0xfa, 0x49, 0x89, 0xc1, 0x93, 0xbd, 0x7b, 0xbe, 0x1a,
0x8e, 0xd8, 0x46, 0x88, 0x29, 0x4a, 0xe2, 0x58, 0xde, 0xf9, 0x63, 0x63, 0x79, 0x6f, 0xc3, 0x64,
0xd5, 0xf7, 0x30, 0xa9, 0x15, 0x9a, 0x6a, 0x88, 0xfd, 0x7b, 0x56, 0xd1, 0x1a, 0xb0, 0xd9, 0x87,
0xc6, 0x20, 0x78, 0x2f, 0xeb, 0x08, 0x6c, 0x8b, 0x89, 0xbe, 0x9a, 0xce, 0x4c, 0xe3, 0xc3, 0xed,
0xcc, 0x58, 0x4f, 0xd4, 0xfc, 0x92, 0xbc, 0xd3, 0xba, 0x9d, 0x19, 0x83, 0xa8, 0x1b, 0xc4, 0xf0,
0x93, 0xda, 0x20, 0xc8, 0xcf, 0xe5, 0x60, 0xbc, 0xe2, 0xba, 0x22, 0x46, 0xf8, 0x31, 0x01, 0x48,
0xbf, 0x22, 0x4c, 0xcd, 0xde, 0xfe, 0x44, 0xa6, 0x66, 0x28, 0x6c, 0x05, 0x28, 0xa9, 0xc7, 0x15,
0x6a, 0x61, 0xf9, 0x62, 0x30, 0x79, 0x1b, 0x4a, 0xd1, 0xca, 0x5c, 0x73, 0x1b, 0xf4, 0x11, 0x0d,
0xe6, 0x47, 0x2f, 0x14, 0x2e, 0x4d, 0x8a, 0xf4, 0x9e, 0xaa, 0x64, 0x9e, 0x44, 0x24, 0x9b, 0x00,
0x76, 0xb4, 0x24, 0xc4, 0x0b, 0xf8, 0xd9, 0xf8, 0xb5, 0x32, 0xb1, 0x66, 0xe4, 0x43, 0x0d, 0xfb,
0x8d, 0xaf, 0xf9, 0xfa, 0x43, 0x4d, 0xb4, 0xb4, 0xda, 0x30, 0x5d, 0x09, 0x82, 0x6e, 0x9b, 0xd6,
0x42, 0xdb, 0x0f, 0x31, 0xf1, 0x38, 0x0c, 0x6e, 0x43, 0x6d, 0x23, 0x29, 0x9b, 0x11, 0x7e, 0x68,
0x65, 0x64, 0x21, 0x4f, 0xf2, 0xe6, 0xc9, 0x54, 0xcd, 0x33, 0xe9, 0xf6, 0xf2, 0x95, 0xfa, 0x93,
0x39, 0x38, 0xad, 0x4e, 0xfa, 0x5a, 0x77, 0x47, 0x24, 0x03, 0x23, 0x57, 0x60, 0x4c, 0xcc, 0xc9,
0xe8, 0x12, 0x99, 0xce, 0x9f, 0x1e, 0xa3, 0x90, 0x15, 0x36, 0x0d, 0x19, 0x0f, 0x71, 0xeb, 0x98,
0x4d, 0x6c, 0xae, 0xac, 0x08, 0xdf, 0xeb, 0x44, 0x02, 0x78, 0xf6, 0x5b, 0x9f, 0x9f, 0x0c, 0x62,
0xbc, 0x07, 0x33, 0xfa, 0x97, 0xa8, 0xd1, 0x90, 0x5c, 0x86, 0x51, 0xf9, 0xf9, 0x72, 0xd9, 0x9f,
0x4f, 0x96, 0x1b, 0xdb, 0x40, 0x52, 0xf4, 0x01, 0xda, 0x84, 0xb2, 0xfb, 0x39, 0x7f, 0xba, 0x90,
0x16, 0x19, 0x29, 0xc4, 0xc5, 0x59, 0xd1, 0xbe, 0x71, 0x2d, 0x44, 0x00, 0x26, 0x46, 0xfb, 0x36,
0x81, 0xd9, 0x8c, 0x83, 0xe2, 0x18, 0x41, 0xae, 0xac, 0x6f, 0x10, 0x63, 0x51, 0xfc, 0x62, 0xb9,
0x2d, 0xbc, 0x07, 0xc3, 0xc7, 0x6e, 0x07, 0x3c, 0xf4, 0x44, 0x62, 0x17, 0xe0, 0x64, 0x9f, 0x89,
0x30, 0xa7, 0x06, 0x40, 0x1f, 0x7e, 0x62, 0x01, 0xd0, 0x31, 0x54, 0xa0, 0xb2, 0x89, 0xeb, 0xe1,
0x0b, 0xb1, 0xc0, 0x4a, 0x6d, 0x5b, 0x3a, 0x09, 0xe7, 0x11, 0x78, 0xad, 0x03, 0x2a, 0x78, 0x8c,
0xaa, 0x3c, 0xb0, 0x20, 0x93, 0x87, 0x42, 0x42, 0xfe, 0x4e, 0x0e, 0x88, 0x80, 0xa8, 0x7b, 0x56,
0xb1, 0xdf, 0x9e, 0xd5, 0x78, 0x32, 0x7b, 0xd6, 0x79, 0xd9, 0xc6, 0xec, 0xbd, 0x2b, 0xa3, 0x59,
0xe4, 0x6f, 0xe5, 0x60, 0x86, 0xc7, 0xb9, 0x56, 0x1b, 0xdb, 0x37, 0x76, 0x71, 0xfd, 0xc9, 0x34,
0xf6, 0x99, 0x00, 0xab, 0xed, 0xd1, 0xd6, 0x74, 0xa3, 0xc8, 0x0f, 0x00, 0x44, 0x2b, 0x8a, 0x27,
0x87, 0x1b, 0xbf, 0xfe, 0x4c, 0xc6, 0x2e, 0x10, 0x21, 0xc5, 0x89, 0xce, 0xc3, 0x88, 0x4e, 0x73,
0x67, 0x8c, 0xa0, 0xe4, 0xcf, 0xf1, 0x54, 0x4e, 0x11, 0x44, 0xe4, 0x0c, 0x98, 0x1f, 0xc7, 0x5a,
0x3e, 0xdf, 0x5b, 0x90, 0xbb, 0x92, 0x45, 0xc6, 0x53, 0x09, 0x46, 0x1e, 0x0a, 0x7e, 0xd8, 0x4e,
0xa6, 0x73, 0x4a, 0x52, 0x60, 0x2a, 0x0e, 0x6c, 0x3d, 0x4f, 0x46, 0xde, 0x63, 0x7f, 0x3b, 0x2b,
0xd7, 0x02, 0xdf, 0xdf, 0x12, 0xfe, 0xb3, 0x08, 0x22, 0x1f, 0x00, 0x89, 0x02, 0x44, 0x73, 0x18,
0x95, 0x89, 0xca, 0xf9, 0x63, 0x41, 0x1c, 0x68, 0xda, 0x97, 0xc5, 0xea, 0x24, 0x49, 0x13, 0x13,
0x0a, 0x73, 0xa2, 0xd3, 0x0c, 0xca, 0x63, 0x5e, 0xac, 0x2d, 0x07, 0xf3, 0x53, 0x5a, 0x46, 0x86,
0xb8, 0x64, 0xf1, 0x59, 0xd1, 0xce, 0xd3, 0x51, 0xf0, 0x0c, 0x3d, 0x0a, 0x45, 0x26, 0x3b, 0x72,
0x13, 0xc6, 0x30, 0xc4, 0xd8, 0xaa, 0xb4, 0x74, 0x15, 0x56, 0x77, 0x18, 0x8c, 0xcc, 0xda, 0xd3,
0xed, 0x55, 0x63, 0x54, 0x76, 0x87, 0xe1, 0x12, 0x20, 0xaa, 0xf4, 0x85, 0x92, 0xa6, 0xe1, 0x1f,
0x5a, 0x7e, 0x57, 0x0f, 0x5f, 0x87, 0x48, 0xe4, 0xeb, 0x30, 0xbe, 0x61, 0x3f, 0x92, 0x6a, 0x21,
0xa1, 0xb6, 0x3f, 0xce, 0xfb, 0x0f, 0x7b, 0xd3, 0xb6, 0x1f, 0x59, 0x8d, 0x6e, 0x32, 0x48, 0x2e,
0xf7, 0xfe, 0x53, 0x58, 0x92, 0xaf, 0x02, 0x28, 0xef, 0x0c, 0xe4, 0xd8, 0x0a, 0x9e, 0x93, 0x79,
0x46, 0x32, 0xdf, 0x1f, 0x90, 0xbf, 0xc2, 0x30, 0x21, 0x39, 0xcc, 0x7d, 0x76, 0x92, 0xc3, 0xa9,
0xcf, 0x4e, 0x72, 0xe0, 0xcf, 0x5c, 0xfc, 0xdb, 0xe3, 0x0e, 0x7e, 0x28, 0xb4, 0xfc, 0xfd, 0x6a,
0x93, 0x66, 0x07, 0x25, 0x3c, 0x0a, 0x0e, 0x13, 0x55, 0x24, 0xf8, 0x11, 0x1f, 0x4a, 0xc9, 0x8b,
0xc1, 0xfc, 0x19, 0xcd, 0x2c, 0xb7, 0xef, 0x25, 0x82, 0xab, 0x5b, 0xc5, 0x34, 0xb2, 0x68, 0x04,
0x57, 0x85, 0xba, 0xd4, 0xc5, 0xe3, 0x01, 0x8c, 0x0b, 0x76, 0x78, 0x39, 0x9d, 0xd7, 0x2c, 0x34,
0xb5, 0xea, 0x58, 0xb9, 0xb0, 0x97, 0x11, 0x87, 0x53, 0xe2, 0xea, 0xaa, 0x32, 0x22, 0x6d, 0x28,
0xad, 0x7b, 0x6e, 0x73, 0x93, 0xfa, 0x6d, 0x0c, 0x36, 0xc3, 0xf6, 0xa6, 0xb3, 0x9a, 0x03, 0x8a,
0x2c, 0xd6, 0x62, 0xd2, 0x38, 0x6e, 0x93, 0x77, 0xa3, 0xe5, 0xb9, 0x4d, 0x2b, 0xa4, 0x7e, 0x9b,
0x47, 0xb1, 0xd1, 0x8d, 0x02, 0x53, 0xac, 0x17, 0x76, 0xe0, 0x6c, 0xcf, 0x7d, 0x2d, 0x23, 0xa7,
0xe3, 0x55, 0x3d, 0xa7, 0xe3, 0xd9, 0x5e, 0xf2, 0x4f, 0xa0, 0x67, 0xe3, 0x9f, 0x2d, 0xcd, 0xf5,
0x16, 0x1d, 0xbf, 0x9b, 0x4f, 0xc8, 0x43, 0xe2, 0xaa, 0x7a, 0x01, 0xf2, 0x7d, 0x04, 0xc6, 0xfc,
0xda, 0x32, 0xbb, 0x9b, 0xa2, 0xc4, 0xa4, 0xa4, 0xe1, 0x65, 0x12, 0x93, 0x2a, 0x71, 0xa1, 0xec,
0xf4, 0x69, 0x45, 0xa3, 0x77, 0x60, 0xaa, 0x46, 0x6d, 0xbf, 0xbe, 0x77, 0x97, 0x1e, 0x3e, 0xf4,
0xfc, 0x86, 0x8c, 0x56, 0xc0, 0xb3, 0x84, 0x60, 0x89, 0x1e, 0x2c, 0x49, 0xc5, 0x25, 0xcb, 0x32,
0xfc, 0xd7, 0x30, 0xd6, 0x7e, 0x36, 0xf3, 0x88, 0x61, 0x08, 0xfd, 0x22, 0x83, 0x91, 0x37, 0x22,
0x29, 0x9a, 0xfa, 0x6a, 0x4e, 0x7e, 0x5f, 0x02, 0x33, 0x84, 0x69, 0xea, 0x1b, 0xbf, 0x57, 0x00,
0xc2, 0x6b, 0x5a, 0xb2, 0x3b, 0x36, 0x06, 0xdc, 0x73, 0x30, 0xb6, 0x7f, 0x49, 0xe0, 0xd8, 0x3b,
0x2d, 0xaa, 0x26, 0xc6, 0x10, 0x6e, 0x1f, 0x51, 0x99, 0x95, 0xbc, 0x85, 0xa6, 0x08, 0x7b, 0x9c,
0x43, 0xf9, 0x4f, 0x73, 0x0e, 0x7d, 0x1d, 0xce, 0x55, 0x3a, 0x9d, 0x96, 0x53, 0x8f, 0x6a, 0xb9,
0xe5, 0xf9, 0x72, 0xc2, 0x6b, 0x51, 0x88, 0xec, 0x08, 0x2d, 0xd5, 0xd2, 0x7e, 0x2c, 0x14, 0x21,
0x92, 0xdf, 0xdb, 0xd5, 0xd0, 0xa0, 0x72, 0x9d, 0x66, 0xdd, 0xf4, 0x15, 0x12, 0xc9, 0xc3, 0xf1,
0xa5, 0x10, 0x39, 0x1c, 0xe7, 0x4d, 0x94, 0x0f, 0xf5, 0xd9, 0x82, 0x68, 0x44, 0x42, 0xde, 0x81,
0xf1, 0x4a, 0x37, 0xf4, 0x04, 0x63, 0xe1, 0xaf, 0x14, 0x7b, 0x16, 0x89, 0xa6, 0x68, 0xf7, 0xd2,
0x18, 0xdd, 0xf8, 0x83, 0x02, 0x9c, 0x4d, 0x7f, 0x5e, 0x51, 0x1a, 0xad, 0x8f, 0xdc, 0x31, 0xeb,
0x23, 0x6b, 0x36, 0xe4, 0xe3, 0xc4, 0xde, 0x4f, 0x62, 0x36, 0xf0, 0x60, 0x7f, 0x9f, 0x70, 0x36,
0xd4, 0xd8, 0x5e, 0x1b, 0x0b, 0x23, 0x43, 0x9f, 0x54, 0x18, 0x51, 0xb9, 0x90, 0xcb, 0x30, 0xcc,
0x23, 0xa2, 0x0e, 0xc7, 0xef, 0x9a, 0xc9, 0x60, 0xa8, 0x1c, 0x83, 0xfc, 0xff, 0xe0, 0x02, 0xdf,
0x93, 0x92, 0x9d, 0x5d, 0x3c, 0x94, 0x1c, 0xc5, 0x87, 0xbb, 0xfe, 0xf8, 0xa8, 0x7c, 0x85, 0x2b,
0xdf, 0xac, 0xd4, 0xb0, 0x59, 0x3b, 0x87, 0x96, 0x6c, 0x99, 0x52, 0xc9, 0xb1, 0xbc, 0x8d, 0x1f,
0x82, 0x79, 0x9e, 0xb5, 0x2a, 0x63, 0x25, 0x1f, 0xb3, 0x52, 0x72, 0x9f, 0x7a, 0xa5, 0x18, 0x8f,
0x73, 0x50, 0xee, 0x55, 0xfd, 0x49, 0x67, 0xda, 0x1d, 0x98, 0xe4, 0xbb, 0x63, 0x25, 0x50, 0x6f,
0xb3, 0x3c, 0x3d, 0x2a, 0xd6, 0x61, 0xf1, 0xfd, 0xd4, 0xb2, 0x83, 0x54, 0x2b, 0x75, 0xd2, 0xe4,
0xac, 0x28, 0x3c, 0x89, 0x59, 0x61, 0x3c, 0x82, 0xb3, 0xf2, 0x34, 0x8e, 0xa2, 0x06, 0xca, 0x72,
0xd6, 0xcb, 0xfd, 0x58, 0x55, 0x8d, 0xbd, 0x4c, 0x1c, 0xe5, 0x58, 0x4e, 0x6e, 0x40, 0xb1, 0x52,
0x5d, 0xc3, 0x33, 0x56, 0x0d, 0x30, 0x69, 0x77, 0x1c, 0x7e, 0x28, 0x6b, 0x21, 0x9c, 0x04, 0x22,
0x66, 0x14, 0x8d, 0x5b, 0x42, 0x5e, 0xcb, 0xf2, 0xd6, 0xe5, 0x79, 0x70, 0x39, 0x58, 0x77, 0xd4,
0x95, 0x5a, 0xf4, 0x7c, 0xa6, 0x16, 0x5d, 0xaa, 0x61, 0x0b, 0x99, 0x6a, 0xd8, 0x65, 0x98, 0xae,
0x75, 0x77, 0x64, 0xdd, 0xc9, 0x08, 0x5f, 0x41, 0x77, 0x27, 0x6b, 0xd6, 0x26, 0x49, 0x8c, 0x1f,
0xcb, 0xc3, 0x44, 0xb5, 0xd5, 0x6d, 0x3a, 0xee, 0xb2, 0x1d, 0xda, 0x4f, 0xad, 0x62, 0xff, 0x4d,
0x4d, 0xb1, 0x1f, 0x39, 0xa5, 0x47, 0x1d, 0x1b, 0x48, 0xab, 0xff, 0xb3, 0x39, 0x98, 0x8e, 0x49,
0xb8, 0x30, 0xb5, 0x0a, 0x43, 0xec, 0x87, 0xd0, 0x1c, 0x5d, 0x48, 0x31, 0x46, 0xac, 0x2b, 0xd1,
0x5f, 0x42, 0xd5, 0x6e, 0xeb, 0xa6, 0x44, 0xac, 0x78, 0xe1, 0x0b, 0x30, 0x16, 0xb3, 0x4d, 0xcb,
0x68, 0x73, 0xaa, 0x8c, 0x36, 0xa6, 0x26, 0xd8, 0xfe, 0xb5, 0x1c, 0x94, 0x92, 0x3d, 0x21, 0x77,
0x61, 0x94, 0x71, 0x72, 0x68, 0x90, 0x8c, 0x99, 0x94, 0xc0, 0xbc, 0x22, 0xd0, 0x78, 0xf3, 0x70,
0xf0, 0x29, 0x87, 0x98, 0x92, 0xc3, 0x82, 0x09, 0x13, 0x2a, 0x56, 0x46, 0xeb, 0x5e, 0xd5, 0x25,
0xc8, 0xd3, 0xd9, 0xe3, 0xa0, 0xb6, 0xfa, 0xaf, 0x6b, 0xad, 0x16, 0xc2, 0xe1, 0x45, 0x6d, 0x72,
0x65, 0x2e, 0x45, 0x9c, 0x34, 0x98, 0xe9, 0x5b, 0x6c, 0xd1, 0x79, 0x35, 0x68, 0x78, 0x6a, 0x42,
0x47, 0x78, 0xe4, 0x55, 0x18, 0xe1, 0xf5, 0x89, 0x79, 0x86, 0x62, 0x5e, 0x07, 0x21, 0xea, 0x25,
0x93, 0xe3, 0x18, 0xbf, 0x50, 0x80, 0xd3, 0x71, 0xf3, 0xb6, 0x3a, 0x0d, 0x3b, 0xa4, 0x55, 0xdb,
0xb7, 0xdb, 0xc1, 0x31, 0x2b, 0xe0, 0x52, 0xaa, 0x69, 0x22, 0x8a, 0x0d, 0x87, 0x29, 0x0d, 0x32,
0x12, 0x0d, 0xc2, 0x07, 0x04, 0xde, 0x20, 0xd9, 0x0c, 0x72, 0x17, 0x0a, 0x35, 0x1a, 0x8a, 0xb3,
0xf1, 0x62, 0x6a, 0x54, 0xd5, 0x76, 0x5d, 0xa9, 0xd1, 0x90, 0x7f, 0x44, 0x1e, 0x8e, 0x5d, 0x8b,
0x17, 0xc3, 0xb8, 0x90, 0x6d, 0x18, 0x59, 0x79, 0xd4, 0xa1, 0xf5, 0x10, 0x53, 0x8b, 0x2a, 0x81,
0x53, 0xb2, 0xf9, 0x71, 0x5c, 0xce, 0x72, 0x4e, 0xdc, 0xda, 0xf4, 0x34, 0xea, 0x82, 0xdd, 0xc2,
0x4d, 0x28, 0xca, 0xca, 0x4f, 0x32, 0x73, 0x17, 0xde, 0x84, 0x71, 0xa5, 0x92, 0x13, 0x4d, 0xfa,
0x5f, 0x64, 0xfb, 0xaa, 0xd7, 0xa2, 0x62, 0xe2, 0xac, 0xa4, 0x64, 0xf9, 0x5c, 0x1c, 0x01, 0x54,
0x9c, 0x3d, 0xfb, 0xa2, 0xa8, 0x8f, 0x50, 0xbf, 0x06, 0xd3, 0xb5, 0x7d, 0xa7, 0x13, 0x27, 0x8e,
0xd3, 0x24, 0xa6, 0x60, 0xdf, 0xe9, 0x58, 0x42, 0xeb, 0x95, 0x3c, 0xc5, 0x92, 0x74, 0xc6, 0xbf,
0xcd, 0xc1, 0x08, 0xfb, 0xeb, 0xc1, 0xcd, 0xa7, 0x74, 0xcb, 0xbc, 0xa1, 0x6d, 0x99, 0x33, 0x4a,
0x66, 0x59, 0xdc, 0x38, 0x6e, 0x1e, 0xb3, 0x59, 0x1e, 0x89, 0x0f, 0xc4, 0x91, 0xc9, 0x6d, 0x18,
0x15, 0xd6, 0x94, 0xc2, 0x6b, 0x4c, 0x4d, 0x55, 0x2b, 0xed, 0x2c, 0x23, 0xf5, 0x98, 0xd7, 0x49,
0xea, 0x13, 0x25, 0x35, 0xbb, 0x77, 0xc9, 0x14, 0x7e, 0x5c, 0xc7, 0x19, 0xb3, 0x59, 0xf2, 0x5c,
0x9e, 0x68, 0x35, 0x58, 0x3c, 0x23, 0x38, 0xf5, 0x8a, 0xc6, 0x58, 0x11, 0xef, 0x9f, 0x85, 0x7e,
0x4c, 0x4e, 0x0b, 0x26, 0xd9, 0x4f, 0xa3, 0x6d, 0x38, 0x5d, 0xab, 0xad, 0xa2, 0xe5, 0x75, 0xd5,
0xf3, 0xc3, 0x5b, 0x9e, 0xff, 0x50, 0x84, 0xbf, 0xaa, 0xe9, 0x56, 0x47, 0x59, 0xf6, 0xb0, 0x2f,
0x65, 0xda, 0xc3, 0xf6, 0xb1, 0x4c, 0x32, 0x5c, 0x38, 0x53, 0xab, 0xad, 0x72, 0x89, 0xed, 0x4f,
0xa2, 0xbe, 0x5f, 0xcb, 0xc1, 0x4c, 0xad, 0xb6, 0x9a, 0xa8, 0x6a, 0x5d, 0xe6, 0x57, 0xcd, 0x69,
0xa6, 0x0f, 0xd9, 0x03, 0x81, 0x5f, 0x21, 0xc7, 0x25, 0xf0, 0xba, 0x96, 0x4e, 0x86, 0x33, 0x21,
0xd5, 0x28, 0xa3, 0x6b, 0x5e, 0xf3, 0x24, 0xec, 0xd1, 0xd1, 0xd8, 0x9d, 0x8b, 0x0b, 0x95, 0xfa,
0xf3, 0x10, 0x83, 0x18, 0xbf, 0x75, 0x9a, 0xe7, 0x8c, 0x95, 0xb3, 0xe5, 0x5d, 0x98, 0x10, 0xf4,
0xe8, 0x6e, 0x27, 0xac, 0xc0, 0xce, 0xb2, 0x0d, 0x72, 0x97, 0xc3, 0x79, 0xb6, 0xbe, 0xef, 0x1d,
0x95, 0x87, 0xd8, 0xd0, 0x98, 0x1a, 0x3a, 0xb9, 0x0f, 0x93, 0x1b, 0xf6, 0x23, 0x45, 0x17, 0xc8,
0x9d, 0xa9, 0x2f, 0xb3, 0x5d, 0xa5, 0x6d, 0x3f, 0x1a, 0xc0, 0xde, 0x58, 0xa7, 0x27, 0xfb, 0x30,
0xa5, 0xf7, 0x49, 0xcc, 0xc0, 0xf4, 0x17, 0xbb, 0x96, 0xf9, 0xc5, 0xce, 0x76, 0x3c, 0x3f, 0xb4,
0x76, 0x23, 0x72, 0x2d, 0x3f, 0x72, 0x82, 0x35, 0x79, 0x17, 0x66, 0x94, 0xa4, 0x3d, 0xb7, 0x3c,
0xbf, 0x6d, 0xcb, 0x0b, 0x31, 0x3e, 0x90, 0xa1, 0x21, 0xe2, 0x2e, 0x82, 0xcd, 0x34, 0x26, 0xf9,
0x72, 0x96, 0x83, 0xfa, 0x70, 0x6c, 0x74, 0x9d, 0xe1, 0xa0, 0xde, 0xcb, 0xe8, 0x3a, 0xed, 0xaa,
0xde, 0xec, 0xe7, 0x94, 0x51, 0xe4, 0xbd, 0x1f, 0xc8, 0xe9, 0x22, 0xfa, 0x72, 0x3d, 0x9c, 0x2f,
0xae, 0x43, 0x61, 0xb1, 0x7a, 0x0b, 0x9f, 0x75, 0xa5, 0x05, 0xa6, 0xbb, 0x67, 0xbb, 0x75, 0xbc,
0xa8, 0x0a, 0x8f, 0x26, 0xf5, 0xa0, 0x5c, 0xac, 0xde, 0x22, 0x36, 0xcc, 0x56, 0xa9, 0xdf, 0x76,
0xc2, 0x0f, 0xaf, 0x5d, 0x53, 0x3e, 0x55, 0x11, 0x9b, 0x76, 0x55, 0x34, 0xad, 0xdc, 0x41, 0x14,
0xeb, 0xd1, 0xb5, 0x6b, 0x99, 0x1f, 0x24, 0x6a, 0x58, 0x16, 0x2f, 0x76, 0x60, 0x6d, 0xd8, 0x8f,
0x62, 0xf7, 0xcf, 0x40, 0x84, 0xfa, 0x38, 0x2f, 0xa7, 0x56, 0xec, 0x3a, 0xaa, 0x1d, 0x58, 0x3a,
0x11, 0x79, 0x07, 0x75, 0xe1, 0x32, 0xb4, 0x8b, 0x70, 0x92, 0x5e, 0x90, 0xba, 0x6e, 0x19, 0x0f,
0x46, 0xbd, 0x16, 0x29, 0xe8, 0x64, 0x2b, 0xd2, 0x96, 0xf0, 0x3b, 0xa0, 0x08, 0x36, 0x78, 0x55,
0xd5, 0x96, 0x70, 0x0d, 0xb3, 0xd6, 0xad, 0xe9, 0x48, 0xc5, 0xc6, 0xfd, 0x61, 0x4d, 0x9d, 0x4b,
0x5a, 0x09, 0x33, 0x71, 0x72, 0x25, 0x0c, 0x85, 0xa1, 0x75, 0xaf, 0xbe, 0x2f, 0x72, 0x62, 0x7c,
0xc0, 0x76, 0xe1, 0x96, 0x57, 0xdf, 0x7f, 0x72, 0xce, 0x26, 0xc8, 0x9e, 0xdc, 0xe3, 0xc1, 0xce,
0xfc, 0x86, 0x18, 0x13, 0xe1, 0xc0, 0x30, 0x17, 0xdd, 0x37, 0x95, 0xb2, 0x38, 0x04, 0x9a, 0xdf,
0x90, 0x43, 0x6b, 0xea, 0xe4, 0x84, 0x42, 0x69, 0x99, 0x06, 0xfb, 0xa1, 0xd7, 0x59, 0x6a, 0x39,
0x1d, 0x8c, 0x1f, 0x28, 0x52, 0x3b, 0x0e, 0xbc, 0x27, 0x37, 0x38, 0xbd, 0x55, 0x97, 0x0c, 0xcc,
0x14, 0x4b, 0xf2, 0x65, 0x98, 0x62, 0x93, 0x7b, 0xe5, 0x51, 0x48, 0x5d, 0xfe, 0xe5, 0x67, 0x50,
0xa2, 0x9b, 0x53, 0x32, 0xad, 0x47, 0x85, 0x7c, 0x4e, 0xe1, 0x62, 0xa7, 0x11, 0x81, 0x96, 0x4f,
0x44, 0x63, 0x45, 0x1a, 0x30, 0xbf, 0x61, 0x3f, 0x8a, 0x2f, 0xca, 0xea, 0x24, 0x25, 0x38, 0xc1,
0x2e, 0x3d, 0x3e, 0x2a, 0xbf, 0xc0, 0x26, 0x58, 0x9c, 0x6d, 0xb4, 0xc7, 0x7c, 0xed, 0xc9, 0x89,
0x7c, 0x13, 0xce, 0x88, 0x6e, 0x2d, 0x3b, 0x3e, 0x7a, 0x78, 0x1d, 0xd6, 0xf6, 0x6c, 0xf4, 0xfc,
0x9e, 0xed, 0x31, 0x60, 0x57, 0xb3, 0xb7, 0x44, 0x39, 0x60, 0x0d, 0xc9, 0xc7, 0x0a, 0x38, 0x23,
0xb3, 0x57, 0x0d, 0xe4, 0x63, 0x98, 0xe2, 0x6f, 0xd9, 0xab, 0x5e, 0x10, 0xa2, 0x8a, 0x63, 0xee,
0x64, 0x1e, 0x59, 0xfc, 0x81, 0x9c, 0xfb, 0x68, 0x26, 0x54, 0x22, 0x09, 0xce, 0xe4, 0x6d, 0x34,
0x7a, 0xe6, 0x19, 0x7f, 0xd6, 0xaa, 0xf8, 0x26, 0x23, 0x4e, 0xa0, 0x8e, 0xe3, 0x5a, 0x52, 0x77,
0xd1, 0x89, 0xb6, 0x0b, 0x15, 0x9b, 0x6c, 0xc3, 0x78, 0xad, 0xb6, 0x7a, 0xcb, 0x61, 0x72, 0x49,
0x47, 0x3e, 0xb1, 0xa4, 0x5b, 0xf9, 0x7c, 0x66, 0x2b, 0x27, 0x83, 0x60, 0xcf, 0xda, 0x75, 0x5a,
0xd4, 0xaa, 0x7b, 0x9d, 0x43, 0x53, 0xe5, 0x94, 0xe1, 0xa5, 0x74, 0xe6, 0x09, 0x7b, 0x29, 0xad,
0xc1, 0xb4, 0x62, 0x79, 0x8f, 0x86, 0x5c, 0xf3, 0x71, 0x84, 0x73, 0xd5, 0x2b, 0x29, 0x19, 0xd4,
0x22, 0x49, 0x27, 0xdd, 0x93, 0xce, 0x9e, 0xd4, 0x3d, 0xc9, 0x81, 0x19, 0xfe, 0x31, 0xc4, 0x3c,
0xc0, 0x2f, 0xbd, 0xd0, 0x63, 0x0c, 0x2f, 0x67, 0x8e, 0xe1, 0xac, 0xf8, 0xd2, 0x72, 0x92, 0xa1,
0xed, 0x46, 0x9a, 0x2b, 0xd9, 0x05, 0x22, 0x80, 0x76, 0x68, 0xef, 0xd8, 0x01, 0xc5, 0xba, 0xce,
0xf5, 0xa8, 0xeb, 0x85, 0xcc, 0xba, 0xa6, 0x64, 0x5d, 0x3b, 0xbc, 0x9a, 0x0c, 0x8e, 0xc4, 0x95,
0xf5, 0xc8, 0xf9, 0x85, 0x03, 0xfb, 0x8c, 0xf6, 0x06, 0x91, 0x46, 0xe0, 0x8e, 0xd1, 0xc9, 0x49,
0x9b, 0x1c, 0xf7, 0x0c, 0xce, 0xe4, 0x11, 0x9c, 0x4e, 0xb7, 0x02, 0xeb, 0x3c, 0x8f, 0x75, 0x9e,
0xd7, 0xea, 0x4c, 0x22, 0xf1, 0x79, 0xa3, 0x77, 0x2b, 0x59, 0x6b, 0x0f, 0xfe, 0xe4, 0x47, 0x72,
0x70, 0x66, 0xe3, 0x56, 0xe5, 0x01, 0xf5, 0xb9, 0x58, 0xe2, 0x78, 0x6e, 0x14, 0x0c, 0xe4, 0x59,
0xf1, 0x4e, 0x95, 0x7c, 0x6a, 0x94, 0x12, 0x07, 0x6e, 0x15, 0x4c, 0x74, 0x7f, 0xbe, 0xbd, 0x6b,
0x5b, 0x07, 0x0a, 0x8b, 0x8c, 0x88, 0x21, 0xdf, 0xf9, 0xfd, 0x72, 0xce, 0xec, 0x55, 0x15, 0x69,
0xc1, 0x82, 0x3e, 0x2c, 0xd2, 0x81, 0x6c, 0x8f, 0xb6, 0x5a, 0xf3, 0x65, 0x9c, 0xd1, 0xaf, 0x3e,
0x3e, 0x2a, 0x5f, 0x4a, 0x8d, 0x6e, 0xe4, 0x94, 0xc6, 0x30, 0x95, 0x0e, 0xf7, 0xe1, 0x47, 0xda,
0x19, 0x42, 0xf7, 0xfc, 0x05, 0x2d, 0x6a, 0x60, 0xaa, 0x3c, 0x8a, 0x6a, 0x79, 0x9e, 0xad, 0xf7,
0x9e, 0x02, 0xa2, 0x99, 0xe6, 0x7c, 0x67, 0xa8, 0x38, 0x59, 0x9a, 0xca, 0xf0, 0xac, 0x32, 0x7e,
0x23, 0x9f, 0x38, 0x18, 0xc9, 0x1a, 0x8c, 0x8a, 0xf9, 0xde, 0xf3, 0x92, 0x71, 0x3e, 0x73, 0x56,
0x8f, 0x8a, 0xa5, 0x63, 0x4a, 0x7a, 0xf2, 0x90, 0xb1, 0xc2, 0x4e, 0x8b, 0x1b, 0xef, 0x57, 0xf9,
0xb9, 0x87, 0x20, 0xed, 0x84, 0x5f, 0x3e, 0xb9, 0x17, 0xb2, 0xee, 0xab, 0x8e, 0x47, 0xbd, 0xac,
0x8d, 0xec, 0x43, 0xa1, 0x56, 0x5b, 0x15, 0x97, 0xe6, 0x8f, 0xc4, 0x0e, 0xf9, 0x19, 0x54, 0xc8,
0x6a, 0x31, 0x7e, 0x3d, 0x07, 0x93, 0xda, 0xc9, 0x4a, 0x6e, 0x2a, 0x7e, 0xda, 0xf1, 0xab, 0xb2,
0x86, 0x83, 0x9b, 0x6d, 0xd2, 0x83, 0xfb, 0xa6, 0x12, 0x2f, 0xb7, 0x07, 0x1d, 0x2e, 0xb6, 0x64,
0x50, 0x82, 0xfe, 0xfa, 0xe1, 0x32, 0x0c, 0xf3, 0x80, 0x69, 0x43, 0xb1, 0x99, 0x2e, 0xea, 0x57,
0x4c, 0x0e, 0x37, 0xfe, 0xa0, 0x0c, 0x53, 0xfa, 0x8d, 0x98, 0xbc, 0x0a, 0x23, 0xf8, 0x76, 0x22,
0xd5, 0x2b, 0xa8, 0x16, 0xc2, 0xe7, 0x15, 0xcd, 0x93, 0x8d, 0xe3, 0x90, 0x17, 0x01, 0x22, 0x97,
0x0f, 0xf9, 0x26, 0x30, 0xfc, 0xf8, 0xa8, 0x9c, 0x7b, 0xcd, 0x54, 0x0a, 0xc8, 0xd7, 0x00, 0xee,
0x79, 0x0d, 0x2a, 0xd2, 0xae, 0x17, 0xfa, 0x99, 0x2e, 0xbd, 0x94, 0x4a, 0xbb, 0x7e, 0xca, 0xf5,
0x1a, 0x34, 0x9d, 0x63, 0x5d, 0xe1, 0x48, 0xde, 0x82, 0x61, 0xb3, 0xdb, 0xa2, 0xf2, 0x85, 0x69,
0x5c, 0x9e, 0x70, 0xdd, 0x16, 0x8d, 0xf5, 0x04, 0x7e, 0x37, 0x69, 0x95, 0xcb, 0x00, 0xe4, 0x7d,
0x9e, 0x8e, 0x5d, 0x64, 0x95, 0x19, 0x8e, 0xdf, 0x52, 0x15, 0xc9, 0x27, 0x95, 0x57, 0x46, 0x21,
0x21, 0xf7, 0x61, 0x54, 0x7d, 0x04, 0x54, 0xa2, 0xe5, 0xa8, 0x0f, 0xc5, 0x8a, 0xd2, 0x41, 0x84,
0xd7, 0x4f, 0xbe, 0x0f, 0x4a, 0x2e, 0xe4, 0x1d, 0x18, 0x63, 0xec, 0xd9, 0xce, 0x11, 0x88, 0x5b,
0x0d, 0xbe, 0x03, 0x29, 0x0d, 0x62, 0xbb, 0x8f, 0x16, 0x65, 0x3f, 0x22, 0x20, 0x5f, 0x86, 0xb1,
0x4a, 0xa7, 0x23, 0x86, 0xba, 0xaf, 0x49, 0xdb, 0xc5, 0xd4, 0x50, 0xcf, 0xd9, 0x9d, 0x4e, 0x7a,
0xa4, 0x63, 0x7e, 0xa4, 0x19, 0x05, 0x6b, 0x1d, 0x24, 0x85, 0xfe, 0xcb, 0xa9, 0x0a, 0xe6, 0x65,
0xfc, 0xd1, 0x54, 0x25, 0x3a, 0x5f, 0xd2, 0x81, 0x52, 0x2c, 0x54, 0x8a, 0xba, 0xa0, 0x5f, 0x5d,
0xaf, 0xa5, 0xea, 0x52, 0x3f, 0x60, 0xaa, 0xba, 0x14, 0x77, 0xd2, 0x80, 0x29, 0x79, 0x40, 0x89,
0xfa, 0xc6, 0xfb, 0xd5, 0xf7, 0x62, 0xaa, 0xbe, 0xd9, 0xc6, 0x4e, 0xba, 0x9e, 0x04, 0x4f, 0xf2,
0x0e, 0x4c, 0x4a, 0x08, 0xae, 0x0f, 0x34, 0x25, 0x13, 0x0a, 0xc1, 0xc6, 0x0e, 0x3a, 0x99, 0x69,
0xa3, 0xa2, 0x21, 0xab, 0xd4, 0x7c, 0x76, 0x4c, 0x6a, 0xd4, 0xc9, 0x59, 0xa1, 0x23, 0x93, 0x8f,
0x60, 0x7c, 0xad, 0xcd, 0x3a, 0xe2, 0xb9, 0x76, 0x48, 0x85, 0x2b, 0xb8, 0x34, 0xcf, 0x53, 0x4a,
0x94, 0xa9, 0xca, 0xf3, 0x8e, 0xc7, 0x45, 0x5a, 0xde, 0xf1, 0x18, 0xcc, 0x06, 0x8f, 0xbf, 0xfa,
0x8a, 0x39, 0x2c, 0xdd, 0xc4, 0xcf, 0x67, 0x98, 0xc8, 0x29, 0xec, 0x45, 0x06, 0x11, 0x06, 0x95,
0xaf, 0xae, 0x89, 0xec, 0x4d, 0x2a, 0x4f, 0xf2, 0x2e, 0x8c, 0x57, 0xb6, 0x6b, 0x6c, 0xc3, 0xaa,
0x98, 0xf7, 0x82, 0xf9, 0x52, 0x6c, 0xe1, 0x6f, 0x3f, 0xe4, 0xaf, 0x8e, 0x96, 0xed, 0x27, 0x6c,
0xc1, 0x63, 0x7c, 0xf2, 0x21, 0xcc, 0x6d, 0x3b, 0x6e, 0xc3, 0x7b, 0x18, 0x88, 0x63, 0x4a, 0x6c,
0x74, 0x33, 0xf1, 0x53, 0xe6, 0x43, 0x5e, 0x1e, 0xc9, 0x82, 0xa9, 0x8d, 0x2f, 0x93, 0x03, 0xf9,
0xe1, 0x14, 0x67, 0x3e, 0x83, 0x48, 0xbf, 0x19, 0x74, 0x3d, 0x35, 0x83, 0xd2, 0xd5, 0x27, 0xa7,
0x53, 0x66, 0x35, 0xc4, 0x03, 0xa2, 0x9f, 0xef, 0x77, 0x3c, 0xc7, 0x9d, 0x9f, 0xc5, 0xbd, 0xf0,
0x5c, 0x32, 0x60, 0x0c, 0xe2, 0x55, 0xbd, 0x96, 0x53, 0x3f, 0xe4, 0x39, 0xfc, 0x92, 0x32, 0xff,
0xc7, 0x9e, 0xf6, 0x5c, 0x92, 0xc1, 0x9a, 0x7c, 0x04, 0x13, 0xec, 0xff, 0x48, 0x29, 0x31, 0xa7,
0x19, 0x55, 0x2b, 0x98, 0xa2, 0x1e, 0xfc, 0x46, 0x8c, 0x6f, 0x96, 0xbe, 0x42, 0x63, 0x45, 0xde,
0x04, 0x60, 0x62, 0x93, 0xd8, 0x8e, 0x4f, 0xc5, 0xc9, 0xb2, 0x50, 0xea, 0x4a, 0x6f, 0xc4, 0x31,
0x32, 0x79, 0x07, 0xc6, 0xd9, 0xaf, 0x5a, 0xb7, 0xe1, 0xb1, 0xb5, 0x71, 0x1a, 0x69, 0xb9, 0x57,
0x3e, 0xa3, 0x0d, 0x38, 0x5c, 0xf3, 0xca, 0x8f, 0xd1, 0xc9, 0x2a, 0x4c, 0x63, 0x52, 0x33, 0x91,
0x4e, 0xc7, 0xa1, 0xc1, 0xfc, 0x19, 0xe5, 0x0d, 0x9e, 0x15, 0x59, 0x4e, 0x54, 0xa6, 0xde, 0x65,
0x12, 0x64, 0x24, 0x80, 0xd9, 0xf4, 0x1b, 0x74, 0x30, 0x3f, 0x8f, 0x83, 0x24, 0x25, 0xf8, 0x34,
0x06, 0xdf, 0x8f, 0xd9, 0x17, 0x51, 0x36, 0x2e, 0xf9, 0xa8, 0xa4, 0x56, 0x98, 0xc5, 0x9d, 0x98,
0x40, 0x6e, 0x2f, 0x55, 0x93, 0x59, 0xbf, 0xce, 0x62, 0x0f, 0xf0, 0x33, 0x37, 0xeb, 0x1d, 0xab,
0x4f, 0xe6, 0xaf, 0x0c, 0x6a, 0xf2, 0x83, 0x70, 0x4a, 0xee, 0x20, 0xa2, 0x48, 0xcc, 0xeb, 0x85,
0x13, 0xee, 0xc4, 0x8d, 0x9d, 0xa8, 0xea, 0xd4, 0x94, 0xce, 0xae, 0x82, 0xd8, 0x30, 0x8e, 0x9f,
0x55, 0xd4, 0x78, 0xae, 0x5f, 0x8d, 0x97, 0x52, 0x35, 0x9e, 0xc6, 0x89, 0x92, 0xae, 0x4c, 0xe5,
0xc9, 0xd3, 0x78, 0xe0, 0x3a, 0x12, 0xb3, 0xed, 0x19, 0x1c, 0x2d, 0x91, 0xc6, 0x83, 0xaf, 0xc0,
0xd4, 0x84, 0xd3, 0x49, 0xd4, 0x1d, 0x99, 0x3f, 0x26, 0x9d, 0xd7, 0x76, 0xe4, 0x94, 0x25, 0x84,
0x86, 0xcc, 0x76, 0xa4, 0x58, 0x8a, 0x59, 0x79, 0xd4, 0xf1, 0x85, 0x8a, 0xea, 0xd9, 0x38, 0x8f,
0xb9, 0x22, 0xfc, 0x58, 0x34, 0xc2, 0x50, 0xb7, 0x84, 0x2c, 0x0e, 0x64, 0x0b, 0x66, 0xa3, 0x53,
0x5b, 0x61, 0x5c, 0x8e, 0xf3, 0x4a, 0xc5, 0x47, 0x7d, 0x36, 0xdf, 0x2c, 0x7a, 0x62, 0xc3, 0x19,
0xed, 0x9c, 0x56, 0x58, 0x5f, 0x40, 0xd6, 0x2f, 0xb1, 0x1b, 0x99, 0x7e, 0xc8, 0x67, 0xb3, 0xef,
0xc5, 0x87, 0x7c, 0x0c, 0x0b, 0xc9, 0xb3, 0x59, 0xa9, 0xe5, 0x39, 0xac, 0xe5, 0xe5, 0xc7, 0x47,
0xe5, 0x8b, 0xa9, 0xe3, 0x3d, 0xbb, 0xa2, 0x3e, 0xdc, 0xc8, 0xd7, 0x60, 0x5e, 0x3f, 0x9f, 0x95,
0x9a, 0x0c, 0xac, 0x09, 0x97, 0x4e, 0x74, 0xb0, 0x67, 0xd7, 0xd0, 0x93, 0x07, 0x09, 0xa1, 0x9c,
0x39, 0xbb, 0x95, 0x6a, 0x9e, 0x8f, 0x3b, 0x94, 0x5a, 0x25, 0xd9, 0xd5, 0x1d, 0xc7, 0x92, 0x3c,
0x84, 0x67, 0xb3, 0x8e, 0x09, 0xa5, 0xd2, 0x17, 0x22, 0x25, 0xf0, 0x2b, 0xd9, 0x47, 0x4e, 0x76,
0xcd, 0xc7, 0xb0, 0x25, 0x5f, 0x86, 0x53, 0xca, 0xfa, 0x52, 0xea, 0x7b, 0x11, 0xeb, 0xc3, 0x38,
0x12, 0xea, 0xc2, 0xcc, 0xae, 0x25, 0x9b, 0x07, 0x69, 0xc3, 0xac, 0xec, 0x38, 0x6a, 0xdb, 0xc5,
0xd1, 0x73, 0x51, 0xdb, 0x55, 0xd3, 0x18, 0x8b, 0x17, 0xc4, 0xae, 0x3a, 0xdf, 0xd8, 0xb1, 0x3a,
0x31, 0xa1, 0x3a, 0xd3, 0x33, 0xf8, 0x92, 0x55, 0x18, 0xa9, 0x55, 0xd7, 0x6e, 0xdd, 0x5a, 0x99,
0x7f, 0x09, 0x6b, 0x90, 0x9e, 0xa2, 0x1c, 0xa8, 0x5d, 0x9a, 0x84, 0x39, 0x69, 0xc7, 0xd9, 0xdd,
0xd5, 0x1e, 0xac, 0x38, 0x2a, 0xf9, 0x61, 0x34, 0xe4, 0x64, 0x3b, 0x6a, 0x25, 0x08, 0x9c, 0xa6,
0xcb, 0x33, 0x76, 0xbd, 0xac, 0xbd, 0xf7, 0xcb, 0x1c, 0x6e, 0x4b, 0xd4, 0x0d, 0xa9, 0x9f, 0x42,
0xe7, 0xd2, 0x26, 0xbb, 0xff, 0x8b, 0x9d, 0xdb, 0xb2, 0x63, 0x56, 0xea, 0x26, 0x9e, 0xae, 0x88,
0x8d, 0x5b, 0xd3, 0x09, 0xad, 0xbd, 0xae, 0xd6, 0xfd, 0xf9, 0x57, 0xb4, 0x10, 0x6e, 0xb7, 0x9d,
0x70, 0xb5, 0xbb, 0xa3, 0x8c, 0xda, 0x0b, 0xa2, 0xc2, 0x67, 0xf8, 0x6d, 0xb9, 0xc7, 0xc8, 0xcd,
0x34, 0x13, 0x74, 0x01, 0xf9, 0x8b, 0x39, 0x38, 0xbd, 0xed, 0xf9, 0xfb, 0x2d, 0xcf, 0x6e, 0xc8,
0x5e, 0x89, 0x3d, 0xfc, 0xd5, 0x7e, 0x7b, 0xf8, 0xe7, 0x53, 0x7b, 0xb8, 0xf1, 0x50, 0xb0, 0xb1,
0xa2, 0x14, 0x78, 0xa9, 0xfd, 0xbc, 0x47, 0x55, 0xe4, 0x87, 0xe1, 0x42, 0x76, 0x89, 0x32, 0x29,
0x5f, 0xc3, 0x49, 0x79, 0xed, 0xf1, 0x51, 0xf9, 0xb5, 0x5e, 0x35, 0x65, 0x4f, 0xd0, 0x63, 0x59,
0x93, 0xb7, 0xa0, 0xb0, 0xb1, 0x54, 0x9d, 0xbf, 0xa2, 0x3d, 0x3d, 0x6f, 0x2c, 0x55, 0x95, 0x81,
0xe2, 0x1a, 0xcd, 0x76, 0x5d, 0xd3, 0x68, 0x6e, 0x2c, 0x55, 0xef, 0x0c, 0x15, 0x2f, 0x95, 0x2e,
0xdf, 0x19, 0x2a, 0x5e, 0x2e, 0xbd, 0x6c, 0x3e, 0x53, 0xab, 0x6c, 0xac, 0xaf, 0x35, 0xe4, 0xc1,
0x2c, 0x33, 0xfc, 0xf1, 0xfa, 0xcc, 0x8b, 0xfd, 0x4a, 0xe3, 0xd6, 0x18, 0x7f, 0x35, 0x07, 0xe5,
0x63, 0x26, 0x18, 0x3b, 0x0b, 0xe3, 0xc6, 0xd5, 0xa2, 0xfc, 0x36, 0xdc, 0x0d, 0x35, 0x2a, 0xb0,
0x74, 0x93, 0x13, 0x9d, 0x04, 0x5d, 0x94, 0x45, 0x72, 0x5a, 0xc5, 0x53, 0x3d, 0x9d, 0x94, 0x56,
0x62, 0x19, 0xeb, 0x50, 0x4a, 0x4e, 0x3c, 0xf2, 0x45, 0x98, 0x54, 0x73, 0xb2, 0x49, 0x35, 0x04,
0x8f, 0xcf, 0xe4, 0x37, 0xb5, 0xc3, 0x54, 0x43, 0x34, 0x2e, 0xc2, 0x94, 0x3e, 0xc4, 0x64, 0x0e,
0x86, 0x43, 0xcf, 0x6b, 0x09, 0x1e, 0x26, 0xff, 0x61, 0xfc, 0x62, 0x0e, 0x66, 0x33, 0x56, 0x31,
0xb9, 0x08, 0x43, 0x55, 0x3b, 0xdc, 0x53, 0x2d, 0x93, 0x3a, 0xb6, 0x16, 0x89, 0x0d, 0xcb, 0xc9,
0xeb, 0x30, 0xba, 0x7c, 0xaf, 0x56, 0xab, 0xdc, 0x93, 0x0a, 0x0f, 0x7e, 0xd8, 0xbb, 0x81, 0x15,
0xd8, 0xba, 0x41, 0x83, 0x40, 0x23, 0xaf, 0xc1, 0xc8, 0x5a, 0x15, 0x09, 0x94, 0xfc, 0x7a, 0x4e,
0x27, 0x89, 0x2f, 0x90, 0x8c, 0x6f, 0xe7, 0x80, 0xa4, 0xb7, 0x24, 0x72, 0x0d, 0xc6, 0xd5, 0x8d,
0x8f, 0x8f, 0x0b, 0xbe, 0xf2, 0x2a, 0x8b, 0xd3, 0x54, 0x71, 0xc8, 0x32, 0x0c, 0x63, 0xde, 0xed,
0xc8, 0x92, 0x22, 0x73, 0xe9, 0x9d, 0x49, 0x2d, 0xbd, 0x61, 0xcc, 0xe5, 0x6d, 0x72, 0x62, 0xe3,
0x8f, 0x73, 0x40, 0xb2, 0x8d, 0x2a, 0x07, 0xb2, 0xe4, 0x7a, 0x43, 0x89, 0x88, 0xa2, 0x5a, 0x55,
0xba, 0x12, 0xa8, 0xaa, 0x1a, 0xe2, 0xd8, 0x29, 0x17, 0x35, 0xd5, 0x56, 0x6f, 0x37, 0xfa, 0xcb,
0x30, 0xfc, 0x80, 0xfa, 0x3b, 0xd2, 0xb4, 0x1f, 0xcd, 0x81, 0x0f, 0x18, 0x40, 0x55, 0xf5, 0x20,
0x86, 0x66, 0xde, 0x39, 0x3c, 0xa8, 0x79, 0xe7, 0x1f, 0xe4, 0x60, 0x2e, 0xeb, 0xf2, 0x74, 0x8c,
0x8b, 0xbc, 0x91, 0xf0, 0xee, 0x47, 0xd3, 0x2f, 0x6e, 0x60, 0x1c, 0xf9, 0xf4, 0x97, 0x61, 0x98,
0x8d, 0x90, 0x9c, 0x16, 0xa8, 0x9f, 0x63, 0x43, 0x18, 0x98, 0x1c, 0xce, 0x10, 0xe2, 0x04, 0x4d,
0xc3, 0x1c, 0x81, 0xe7, 0x65, 0xe2, 0x70, 0x86, 0xb0, 0xe1, 0x35, 0xa8, 0xd4, 0x5b, 0x21, 0x42,
0x9b, 0x01, 0x4c, 0x0e, 0x27, 0x17, 0x61, 0xf4, 0xbe, 0xbb, 0x4e, 0xed, 0x03, 0x99, 0x7e, 0x15,
0x4d, 0xd5, 0x3c, 0xd7, 0x6a, 0x31, 0x98, 0x29, 0x0b, 0x8d, 0x9f, 0xcd, 0xc1, 0x4c, 0xea, 0xde,
0x76, 0x7c, 0x14, 0x80, 0xfe, 0x9e, 0xad, 0x83, 0xf4, 0x8f, 0x37, 0x7f, 0x28, 0xbb, 0xf9, 0xc6,
0x7f, 0x3b, 0x02, 0x67, 0x7a, 0xa8, 0xd1, 0x62, 0xcf, 0xfb, 0xdc, 0xb1, 0x9e, 0xf7, 0x5f, 0x81,
0xc9, 0xa5, 0x96, 0xed, 0xb4, 0x83, 0x4d, 0x2f, 0x6e, 0x71, 0xec, 0xc0, 0x87, 0x65, 0xc2, 0x81,
0x26, 0xf2, 0xf4, 0x3a, 0x5b, 0x47, 0x0a, 0x2b, 0xf4, 0xd2, 0x52, 0xbc, 0xc6, 0x2c, 0xe5, 0xfb,
0x5e, 0xf8, 0x53, 0xe2, 0xfb, 0xae, 0x7b, 0x63, 0x0e, 0x3d, 0x51, 0x6f, 0xcc, 0x6c, 0x67, 0x81,
0xe1, 0x4f, 0xe3, 0x3a, 0xb2, 0x94, 0x34, 0x31, 0x1f, 0x49, 0xd9, 0xf7, 0x1d, 0x6f, 0x5b, 0xbe,
0xaa, 0x7b, 0x0e, 0x8e, 0xe2, 0x63, 0xf6, 0xc5, 0xde, 0x9e, 0x81, 0x7a, 0xf8, 0x29, 0xd5, 0x43,
0xf0, 0x9b, 0x30, 0x97, 0x75, 0x0f, 0x9f, 0x2f, 0x6a, 0x66, 0xc0, 0x3d, 0x6d, 0xce, 0x07, 0xbf,
0xcd, 0xef, 0x67, 0xde, 0xe6, 0x65, 0x44, 0x87, 0xb1, 0xde, 0xee, 0x70, 0xf1, 0x5a, 0xe0, 0xb8,
0xfd, 0xe3, 0x3e, 0x18, 0x7f, 0x39, 0x19, 0x93, 0x23, 0x49, 0x4f, 0xde, 0xd6, 0x42, 0xa7, 0xbd,
0x94, 0x0e, 0x9d, 0x96, 0x1d, 0x86, 0x83, 0x3f, 0x45, 0xbc, 0x0a, 0x23, 0xc2, 0x16, 0x44, 0x09,
0x67, 0x92, 0xb2, 0x01, 0x11, 0x38, 0xc6, 0xcf, 0xe6, 0xf5, 0xb0, 0x03, 0x7f, 0x1a, 0xd7, 0xf5,
0x65, 0x18, 0xde, 0xde, 0xa3, 0xbe, 0x3c, 0x82, 0xb0, 0x21, 0x0f, 0x19, 0x40, 0x6d, 0x08, 0x62,
0x90, 0x5b, 0x30, 0x55, 0xe5, 0xf3, 0x5c, 0x4e, 0xde, 0xa1, 0x58, 0x77, 0xd4, 0x11, 0x1a, 0xce,
0x8c, 0xd9, 0x9b, 0xa0, 0x32, 0x6e, 0x27, 0x3e, 0x91, 0x08, 0x13, 0xc7, 0x3d, 0xf0, 0xb8, 0x90,
0x32, 0x15, 0x3b, 0x84, 0xc6, 0x7b, 0xb3, 0x99, 0x80, 0x1a, 0xbb, 0xf0, 0x6c, 0x5f, 0x46, 0x4c,
0x36, 0x80, 0x4e, 0xf4, 0x2b, 0x61, 0x41, 0xde, 0x97, 0xd4, 0x54, 0xe8, 0x8c, 0xf5, 0xd8, 0x47,
0x74, 0x6d, 0x19, 0x9d, 0x54, 0xdf, 0x82, 0x09, 0xd5, 0x5f, 0x43, 0x70, 0xce, 0x70, 0xef, 0x18,
0x62, 0x1f, 0xc4, 0x1c, 0x97, 0xc8, 0x6b, 0x8d, 0xc0, 0xf8, 0x5f, 0x0b, 0x30, 0xdf, 0xcb, 0x4b,
0x92, 0xfc, 0x54, 0x14, 0x71, 0x07, 0x5d, 0x10, 0x3d, 0xdd, 0x57, 0x66, 0xfc, 0xfa, 0x5b, 0xc7,
0xb8, 0x59, 0x5e, 0xc9, 0x24, 0xe6, 0xc6, 0xcf, 0x91, 0xab, 0x09, 0xca, 0x01, 0xb4, 0x61, 0xed,
0x1c, 0x5a, 0x8a, 0x3f, 0xae, 0x99, 0x5d, 0x31, 0xf9, 0x00, 0x4e, 0x99, 0xb4, 0xee, 0xb5, 0xdb,
0xd4, 0x6d, 0xa8, 0xfe, 0x91, 0x62, 0x09, 0x88, 0xe0, 0x33, 0x11, 0x82, 0xce, 0x32, 0x93, 0x92,
0xdc, 0x83, 0x99, 0x38, 0xba, 0x9d, 0xcc, 0x6f, 0xa2, 0xa4, 0x01, 0x8b, 0xa3, 0xf1, 0xc9, 0xec,
0x26, 0xea, 0x7d, 0x2c, 0x45, 0x4a, 0xae, 0x02, 0x2c, 0xd9, 0x6e, 0xd5, 0xf7, 0xea, 0x54, 0x04,
0x88, 0x28, 0x0a, 0xd3, 0x40, 0x1b, 0x23, 0xe2, 0x30, 0xb0, 0xa9, 0xa0, 0x2c, 0x58, 0xb0, 0xd0,
0x7b, 0xa0, 0x32, 0x0c, 0xb8, 0x5f, 0xd1, 0xfd, 0x02, 0x4e, 0xa5, 0x3e, 0x34, 0xe3, 0xa3, 0xda,
0x75, 0x7f, 0x13, 0x26, 0xd4, 0x85, 0x89, 0x42, 0x0e, 0xfb, 0x2d, 0xb6, 0x1d, 0x2e, 0xe4, 0x30,
0x80, 0xc9, 0xe1, 0xf1, 0x33, 0x66, 0x3e, 0xfb, 0x19, 0x33, 0xde, 0x31, 0x0a, 0xc7, 0xed, 0x18,
0xac, 0x72, 0x3c, 0x43, 0x95, 0xca, 0xf1, 0xb7, 0x5a, 0x39, 0xc6, 0xfb, 0x33, 0x39, 0xfc, 0x89,
0x56, 0xfe, 0x8f, 0x65, 0xae, 0x6f, 0xf4, 0x09, 0xd5, 0x3d, 0xbd, 0x84, 0x4f, 0x68, 0xfa, 0x7c,
0x88, 0x31, 0x63, 0x51, 0x37, 0x7f, 0xac, 0xa8, 0x7b, 0x82, 0xbd, 0x0b, 0xaf, 0x6d, 0x7c, 0x17,
0x18, 0x8a, 0xaf, 0x27, 0x76, 0xca, 0xd0, 0x4b, 0x62, 0x19, 0xdf, 0xc9, 0xc1, 0xa9, 0xcc, 0xe7,
0x22, 0x56, 0x2b, 0x7f, 0x97, 0x52, 0xb6, 0xee, 0xe4, 0xa3, 0x14, 0xc7, 0x38, 0x49, 0xdc, 0xa4,
0xc1, 0xfb, 0x62, 0x3c, 0x07, 0x63, 0x91, 0xb1, 0x02, 0xbb, 0xfe, 0xf1, 0x4f, 0xc7, 0x03, 0xc3,
0x8a, 0x37, 0xef, 0x5f, 0xcc, 0x01, 0xb0, 0x26, 0x7c, 0x86, 0x6e, 0x05, 0x7c, 0x0c, 0x7a, 0xb8,
0x15, 0x24, 0xc7, 0x23, 0x49, 0x67, 0xfc, 0xe3, 0x3c, 0x8c, 0xb0, 0xbf, 0x9e, 0xda, 0x70, 0xf8,
0xd9, 0x6e, 0x05, 0xac, 0x4b, 0x7d, 0x92, 0x7f, 0xac, 0x24, 0x92, 0x7f, 0xcc, 0xaa, 0x64, 0x32,
0x2d, 0x6f, 0x14, 0x3c, 0xa8, 0x57, 0xb2, 0x0f, 0xc5, 0x3b, 0xe1, 0x77, 0x72, 0x30, 0xa1, 0x12,
0x93, 0x8f, 0x60, 0x4a, 0x86, 0xf8, 0xe6, 0x01, 0xb5, 0x84, 0x95, 0x86, 0xb4, 0xa8, 0x94, 0x21,
0xbe, 0xd5, 0x00, 0x5c, 0x1a, 0xbe, 0x2a, 0x29, 0x74, 0x54, 0x64, 0xd2, 0x00, 0xd2, 0xde, 0xb5,
0xad, 0x87, 0xd4, 0xde, 0xa7, 0x41, 0x68, 0x71, 0xcb, 0x37, 0x61, 0xcc, 0x21, 0xd9, 0x6f, 0xdc,
0xaa, 0x70, 0xa3, 0x37, 0x0c, 0x2b, 0xc0, 0x63, 0xb5, 0xa7, 0x68, 0xd4, 0x17, 0xea, 0xf6, 0xae,
0xbd, 0xcd, 0x0b, 0x39, 0x9d, 0xf1, 0x47, 0x23, 0x7c, 0xe6, 0x8a, 0x9c, 0x00, 0x3b, 0x30, 0x75,
0x7f, 0x6d, 0x79, 0x49, 0x79, 0xaf, 0xd2, 0xd3, 0x32, 0xac, 0x3c, 0x0a, 0xa9, 0xef, 0xda, 0x2d,
0xa9, 0xfa, 0x89, 0x25, 0x20, 0xcf, 0x69, 0xd4, 0xb3, 0xdf, 0xb2, 0x12, 0x1c, 0x59, 0x1d, 0x5c,
0xc9, 0x14, 0xd5, 0x91, 0x1f, 0xb0, 0x8e, 0xc0, 0x6e, 0xb7, 0x7a, 0xd4, 0xa1, 0x73, 0x24, 0x7b,
0xa8, 0x05, 0xda, 0xeb, 0xee, 0x28, 0xb5, 0x14, 0xfa, 0xd7, 0xf2, 0xbc, 0xa8, 0xe5, 0x9c, 0xd0,
0x4e, 0x66, 0xd6, 0x93, 0xe2, 0x1a, 0xef, 0x39, 0x43, 0xc7, 0xee, 0x39, 0xff, 0x5e, 0x0e, 0x46,
0xf8, 0x65, 0x4b, 0x4c, 0xe3, 0x1e, 0xd7, 0xb9, 0xed, 0x27, 0x73, 0x9d, 0x2b, 0xe1, 0x99, 0xa3,
0x4d, 0x68, 0x5e, 0x46, 0x96, 0x13, 0xeb, 0x82, 0x44, 0x52, 0x4e, 0xd3, 0x71, 0x95, 0x1c, 0x38,
0x7d, 0x97, 0x05, 0x59, 0x8b, 0xc3, 0x39, 0x8d, 0x1e, 0x1b, 0xc3, 0x43, 0x86, 0xc0, 0x1a, 0x15,
0xe1, 0x9c, 0xf4, 0x20, 0x4e, 0xeb, 0x30, 0x26, 0x82, 0x44, 0x2d, 0x1e, 0x0a, 0xfb, 0x92, 0x92,
0x66, 0x21, 0xd8, 0x58, 0x3c, 0x8c, 0x2f, 0x92, 0x22, 0xcc, 0x94, 0xb5, 0xa3, 0x7a, 0xd7, 0xc4,
0x0c, 0xc8, 0x7d, 0x18, 0x8b, 0x73, 0x26, 0xe8, 0x39, 0xc6, 0x22, 0xb8, 0x88, 0x99, 0x29, 0x23,
0xcd, 0x64, 0xa4, 0x48, 0x88, 0x79, 0x90, 0x75, 0x28, 0xa1, 0x55, 0x29, 0x6d, 0xf0, 0x55, 0xb3,
0xb6, 0xcc, 0x03, 0x11, 0x09, 0xf1, 0x29, 0xe4, 0x65, 0x62, 0xb9, 0x25, 0x1c, 0x8a, 0x53, 0x94,
0xc6, 0xcf, 0xe4, 0xa1, 0x94, 0x9c, 0x7d, 0xe4, 0x1d, 0x18, 0x8f, 0x72, 0x56, 0x44, 0x81, 0x2e,
0xf0, 0x9d, 0x39, 0x4e, 0x72, 0xa1, 0x85, 0xbc, 0x50, 0xd1, 0xc9, 0x75, 0x28, 0xb2, 0x45, 0xec,
0xc6, 0x21, 0x87, 0x71, 0xdb, 0xee, 0x0a, 0x98, 0xaa, 0x83, 0x92, 0x78, 0xa4, 0x06, 0xb3, 0x6c,
0xd1, 0xd4, 0x1c, 0xb7, 0xd9, 0xa2, 0xeb, 0x5e, 0xd3, 0xeb, 0x86, 0x5b, 0xe6, 0xba, 0xd8, 0xc3,
0xf9, 0x75, 0xdb, 0x6e, 0xb7, 0xb4, 0x62, 0x5f, 0xb5, 0x47, 0xcc, 0xa2, 0x26, 0xaf, 0xf1, 0x63,
0x66, 0x6d, 0x59, 0x98, 0x87, 0xe1, 0xb1, 0x8f, 0x66, 0x8d, 0x5a, 0xe3, 0x05, 0x92, 0xb2, 0xb3,
0xfe, 0x7e, 0x1e, 0xc6, 0x95, 0xe9, 0x47, 0x2e, 0x43, 0x71, 0x2d, 0x58, 0xf7, 0xea, 0xfb, 0x51,
0x0c, 0xe6, 0xc9, 0xc7, 0x47, 0xe5, 0x31, 0x27, 0xb0, 0x5a, 0x08, 0x34, 0xa3, 0x62, 0xb2, 0x08,
0x93, 0xfc, 0x2f, 0x29, 0xd9, 0xe6, 0x63, 0x35, 0x33, 0x47, 0xce, 0x90, 0x6a, 0x75, 0x12, 0xf2,
0x55, 0x00, 0x0e, 0xc0, 0x00, 0x38, 0x85, 0xc1, 0x43, 0xf7, 0x88, 0x0a, 0x32, 0x42, 0xdf, 0x28,
0x0c, 0xc9, 0xd7, 0x79, 0x4a, 0x0c, 0xb9, 0x5c, 0x86, 0x06, 0x8f, 0x3d, 0xc4, 0xf8, 0x5b, 0xd9,
0x21, 0xd0, 0x54, 0x96, 0x22, 0xd9, 0xe6, 0x82, 0xcc, 0xac, 0x5e, 0x09, 0x11, 0x51, 0xc1, 0x30,
0xfe, 0x97, 0x9c, 0xb2, 0xc8, 0xc8, 0x3d, 0x18, 0x8b, 0x26, 0x90, 0xb0, 0xcc, 0x8c, 0x6e, 0xb8,
0x12, 0x6e, 0xd2, 0xdd, 0xc5, 0x73, 0xc2, 0x48, 0x74, 0x36, 0x9a, 0x86, 0xda, 0x9a, 0x93, 0x40,
0xf2, 0x25, 0x18, 0xc2, 0xa1, 0xcb, 0x1f, 0xdb, 0x35, 0x79, 0xca, 0x0f, 0xb1, 0x31, 0xc3, 0x8e,
0x20, 0x25, 0x79, 0x5d, 0x44, 0x0d, 0xe0, 0x83, 0x3f, 0xa5, 0x1c, 0xd5, 0xac, 0x1d, 0xd1, 0xf1,
0x1e, 0x47, 0xc1, 0x53, 0x66, 0xcf, 0x5f, 0xcd, 0x43, 0x29, 0xb9, 0xb4, 0xc9, 0xfb, 0x30, 0x21,
0x8f, 0xdf, 0x55, 0x5b, 0xa4, 0x9d, 0x9b, 0x10, 0x69, 0xdf, 0xe4, 0x19, 0xbc, 0x67, 0xab, 0x96,
0x9c, 0xa6, 0x46, 0xc0, 0x64, 0xa1, 0x4d, 0x11, 0x4a, 0x57, 0x59, 0x54, 0xa1, 0x17, 0x76, 0x12,
0x99, 0x18, 0x24, 0x1a, 0x79, 0x03, 0x0a, 0x1b, 0xb7, 0x2a, 0xc2, 0x4f, 0xb6, 0x94, 0x3c, 0xa4,
0xc5, 0xf3, 0x8c, 0x66, 0xfe, 0xce, 0xf0, 0xc9, 0xba, 0x92, 0xb4, 0x64, 0x44, 0xb3, 0xda, 0x95,
0xe0, 0xa8, 0x73, 0xc7, 0x67, 0x2f, 0xb9, 0x33, 0x54, 0x2c, 0x94, 0x86, 0x44, 0x20, 0xfb, 0x45,
0x98, 0x49, 0xb1, 0x50, 0x16, 0x29, 0x1f, 0x92, 0xfe, 0x8b, 0xd4, 0x70, 0x61, 0x42, 0x9d, 0x12,
0xc7, 0xe4, 0x0d, 0x3a, 0x8d, 0x81, 0x7a, 0xf8, 0x78, 0x8d, 0x3c, 0x3e, 0x2a, 0xe7, 0x9d, 0x06,
0x86, 0xe7, 0xb9, 0x04, 0x45, 0xb9, 0xd9, 0x89, 0x3d, 0x06, 0xb5, 0xc6, 0xf2, 0x71, 0xcc, 0x8c,
0x4a, 0x8d, 0x97, 0x60, 0x54, 0x7c, 0xf5, 0xfe, 0xba, 0x62, 0xe3, 0x5b, 0x79, 0x98, 0x36, 0x29,
0x93, 0x34, 0x29, 0xcf, 0xb4, 0xf7, 0xd4, 0x4a, 0xb7, 0xd9, 0x01, 0x84, 0xb5, 0xbe, 0xf5, 0x49,
0x1a, 0xfb, 0x2b, 0x39, 0x98, 0xcd, 0xc0, 0xfd, 0x44, 0x39, 0xde, 0x6f, 0xc2, 0xd8, 0xb2, 0x63,
0xb7, 0x2a, 0x8d, 0x46, 0x14, 0xb5, 0x07, 0x8f, 0x48, 0x4c, 0x04, 0x69, 0x33, 0xa8, 0xba, 0xfe,
0x23, 0x54, 0xf2, 0xb2, 0x98, 0x14, 0x85, 0x68, 0x58, 0x71, 0x52, 0x7c, 0xef, 0xa8, 0x0c, 0xbc,
0x4d, 0x9b, 0xd1, 0x14, 0xc1, 0xa0, 0xde, 0x1c, 0x18, 0x7b, 0xf6, 0x3c, 0xb5, 0x9f, 0x2e, 0x3b,
0xa8, 0x77, 0xb2, 0x7b, 0x03, 0x65, 0xea, 0xfa, 0x89, 0x3c, 0x9c, 0xce, 0x26, 0xfc, 0xa4, 0xe9,
0xfa, 0x31, 0x03, 0x9c, 0x92, 0x88, 0x00, 0xd3, 0xf5, 0xf3, 0x74, 0x71, 0x88, 0x1f, 0x23, 0x90,
0x5d, 0x98, 0x5c, 0xb7, 0x83, 0x70, 0x95, 0xda, 0x7e, 0xb8, 0x43, 0xed, 0x70, 0x80, 0x43, 0x50,
0xbe, 0xe7, 0xcf, 0x63, 0xd6, 0x93, 0x3d, 0x49, 0x99, 0x38, 0xa6, 0x74, 0xb6, 0xd1, 0x44, 0x19,
0x1a, 0x60, 0xa2, 0x7c, 0x03, 0xa6, 0x6b, 0xb4, 0x6d, 0x77, 0xf6, 0x3c, 0x5f, 0x7a, 0xec, 0x5f,
0x81, 0xc9, 0x08, 0x94, 0x39, 0x5b, 0xf4, 0x62, 0x0d, 0x5f, 0x19, 0x88, 0x78, 0x2b, 0xd1, 0x8b,
0x8d, 0xbf, 0x96, 0x87, 0x33, 0x95, 0xba, 0x30, 0x4e, 0x14, 0x05, 0xd2, 0x86, 0xfa, 0x33, 0xae,
0x9b, 0x5c, 0x85, 0xb1, 0x0d, 0xfb, 0xd1, 0x3a, 0xb5, 0x03, 0x1a, 0x88, 0x2c, 0x17, 0xfc, 0xc4,
0xb0, 0x1f, 0xc5, 0x5a, 0x7e, 0x33, 0xc6, 0x51, 0x25, 0xf0, 0xa1, 0x4f, 0x29, 0x81, 0x1b, 0x30,
0xb2, 0xea, 0xb5, 0x1a, 0xd4, 0x17, 0x8f, 0x98, 0xf8, 0xb4, 0xb8, 0x87, 0x10, 0x53, 0x94, 0x18,
0x7f, 0x90, 0x83, 0xa9, 0xa8, 0xc5, 0xd8, 0x84, 0xcf, 0x7c, 0x48, 0x2e, 0xc2, 0x28, 0x56, 0xb4,
0xb6, 0xac, 0x1e, 0x1a, 0x2d, 0x8a, 0x29, 0x6f, 0x1b, 0xa6, 0x2c, 0x54, 0x47, 0x62, 0xf8, 0xd3,
0x8d, 0x84, 0xf1, 0xb7, 0xf1, 0xd5, 0x52, 0xed, 0x25, 0x3b, 0x89, 0x94, 0x86, 0xe4, 0x06, 0x6c,
0x48, 0xfe, 0x89, 0x7d, 0x92, 0x42, 0xcf, 0x4f, 0xf2, 0x97, 0xf2, 0x30, 0x1e, 0x35, 0xf6, 0xfb,
0x2c, 0x1b, 0x46, 0xd4, 0xaf, 0x81, 0xa2, 0xec, 0xd4, 0x94, 0xbd, 0x42, 0x04, 0xb3, 0xf9, 0x12,
0x8c, 0x88, 0xc5, 0x94, 0x4b, 0xd8, 0x12, 0x27, 0xbe, 0xee, 0xe2, 0x94, 0x60, 0x3d, 0x82, 0x1f,
0x34, 0x30, 0x05, 0x1d, 0x86, 0x31, 0xda, 0xa6, 0x3b, 0xe2, 0x11, 0xfb, 0xa9, 0x3d, 0xa3, 0xb2,
0xc3, 0x18, 0xc5, 0x1d, 0x1b, 0xe8, 0x74, 0xfa, 0xed, 0x22, 0x94, 0x92, 0x24, 0xc7, 0xe7, 0x1b,
0xa9, 0x76, 0x77, 0x70, 0x2c, 0x26, 0x78, 0xbe, 0x91, 0x4e, 0x77, 0xc7, 0x64, 0x30, 0x34, 0x8c,
0xf1, 0x9d, 0x03, 0xec, 0xf5, 0x84, 0x30, 0x8c, 0xf1, 0x9d, 0x03, 0xcd, 0x30, 0xc6, 0x77, 0x0e,
0x50, 0x06, 0x5f, 0xaf, 0xa1, 0x8b, 0xff, 0x10, 0xa2, 0x72, 0x19, 0xbc, 0x15, 0x24, 0x93, 0x28,
0x4a, 0x34, 0x76, 0x54, 0x2e, 0x52, 0xdb, 0x17, 0xb9, 0x31, 0xc4, 0x76, 0x86, 0x47, 0xe5, 0x0e,
0x82, 0xad, 0x90, 0xc1, 0x4d, 0x15, 0x89, 0xb4, 0x80, 0x28, 0x3f, 0xe5, 0x02, 0x1e, 0x39, 0x76,
0x01, 0x4b, 0x3b, 0xc0, 0x39, 0x95, 0xb5, 0xa5, 0xae, 0xe6, 0x0c, 0xbe, 0x4f, 0x52, 0x71, 0x52,
0x15, 0xb1, 0x73, 0xf1, 0xee, 0x55, 0x3c, 0x96, 0x99, 0x0c, 0x4d, 0x02, 0x3c, 0xb6, 0x6e, 0x74,
0x03, 0x8b, 0x99, 0x90, 0xf7, 0x60, 0x5c, 0x0d, 0xdc, 0xc0, 0xc3, 0x0b, 0x3c, 0xc3, 0x23, 0x6e,
0xf6, 0xc8, 0x5a, 0xaf, 0x12, 0x90, 0x1d, 0x38, 0xb3, 0xe4, 0xb9, 0x41, 0xb7, 0x2d, 0x5f, 0xa0,
0xe2, 0x70, 0xef, 0x80, 0x9f, 0x02, 0xbd, 0xc0, 0xeb, 0x02, 0x45, 0xbe, 0x5e, 0x49, 0xff, 0x7e,
0xed, 0x02, 0xd2, 0x8b, 0x11, 0xd9, 0x84, 0x71, 0x54, 0x3e, 0x08, 0xa3, 0xbb, 0x71, 0x7d, 0xdb,
0x88, 0x4b, 0x96, 0xd9, 0xc2, 0xe0, 0x71, 0xcb, 0xec, 0x76, 0x4b, 0xfa, 0x09, 0xa8, 0x4a, 0x14,
0x05, 0x99, 0x7c, 0x15, 0xa6, 0xf8, 0x3d, 0x6d, 0x9b, 0xee, 0xf0, 0xb9, 0x33, 0xa1, 0xbd, 0x3e,
0xe9, 0x85, 0xfc, 0x19, 0x56, 0xa8, 0x7c, 0x1e, 0xd2, 0x1d, 0xfe, 0xed, 0x35, 0x2f, 0x1d, 0x0d,
0x9f, 0x6c, 0xc1, 0xec, 0xaa, 0x1d, 0x70, 0xa0, 0xe2, 0x81, 0x3f, 0x89, 0xca, 0x0d, 0xb4, 0x9e,
0xde, 0xb3, 0x03, 0xa9, 0x43, 0xca, 0xf4, 0xb8, 0xcf, 0xa2, 0x27, 0xdf, 0xca, 0xc1, 0xbc, 0xa6,
0x62, 0x12, 0x06, 0x45, 0x18, 0xf7, 0x76, 0x0a, 0xb5, 0xc5, 0x32, 0x56, 0x6c, 0x2f, 0x34, 0xfe,
0x49, 0x12, 0x5a, 0x2c, 0x3f, 0x2e, 0x57, 0xcd, 0x92, 0x7b, 0xf1, 0x10, 0x0b, 0x15, 0xd7, 0xf4,
0xb4, 0xbe, 0x50, 0x13, 0xeb, 0x5a, 0xa2, 0x19, 0x37, 0x93, 0xe3, 0x4d, 0xa6, 0x20, 0xef, 0x88,
0xbd, 0xd5, 0xcc, 0x3b, 0x0d, 0x6e, 0x6b, 0xc7, 0x3e, 0x84, 0x88, 0xe3, 0x84, 0x3f, 0x8c, 0xd7,
0xd5, 0x7d, 0x48, 0x88, 0x85, 0x7d, 0xf7, 0x21, 0xe3, 0x7f, 0x1c, 0x81, 0xe9, 0xc4, 0xb4, 0x10,
0xf7, 0xd4, 0x5c, 0xea, 0x9e, 0x5a, 0x03, 0xe0, 0x5a, 0x92, 0x01, 0xd5, 0x19, 0xd2, 0x15, 0x70,
0x5c, 0x38, 0xf2, 0x46, 0x6b, 0x4a, 0x61, 0xc3, 0x98, 0xf2, 0x15, 0x3b, 0xa0, 0x7a, 0x29, 0x62,
0xca, 0x17, 0xbd, 0xc2, 0x34, 0x66, 0x43, 0xca, 0x30, 0x8c, 0x11, 0x76, 0x55, 0x4f, 0x4c, 0x87,
0x01, 0x4c, 0x0e, 0x27, 0xcf, 0xc3, 0x08, 0x13, 0xa2, 0xd6, 0x96, 0xc5, 0x26, 0x88, 0x67, 0x0b,
0x93, 0xb2, 0x98, 0xc4, 0x22, 0x8a, 0xc8, 0x4d, 0x98, 0xe0, 0x7f, 0x89, 0x40, 0x2f, 0x23, 0xba,
0x69, 0x9c, 0xe5, 0x34, 0x64, 0xac, 0x17, 0x0d, 0x8f, 0xdd, 0x2e, 0x6a, 0xdd, 0x9d, 0x8f, 0x69,
0x9d, 0xad, 0xec, 0xd1, 0xf8, 0x76, 0x11, 0x70, 0x20, 0xab, 0x22, 0x46, 0x60, 0xb2, 0x8c, 0xf0,
0x87, 0x28, 0xe2, 0x9d, 0x12, 0x65, 0x19, 0xee, 0x07, 0x61, 0x8a, 0x12, 0x72, 0x99, 0x2b, 0x31,
0x51, 0x2c, 0xe4, 0x49, 0x63, 0x51, 0xe5, 0x87, 0x8a, 0x09, 0x94, 0x0d, 0xa3, 0x62, 0x56, 0x39,
0xfb, 0x7b, 0xa5, 0x6d, 0x3b, 0x2d, 0xb1, 0xad, 0x60, 0xe5, 0x88, 0x4b, 0x19, 0xd4, 0x8c, 0x11,
0xc8, 0x3b, 0x30, 0xc5, 0x93, 0x3b, 0xb6, 0xdb, 0x9e, 0x8b, 0xec, 0xc7, 0x63, 0x6b, 0x12, 0x91,
0x70, 0x92, 0x15, 0xf1, 0x5a, 0x12, 0xb8, 0xec, 0x3c, 0xc1, 0x07, 0x92, 0x2e, 0x57, 0xaf, 0x4e,
0xc4, 0xe7, 0x09, 0x92, 0x06, 0x1c, 0x6e, 0xaa, 0x48, 0xe4, 0x4d, 0x98, 0x64, 0x3f, 0x6f, 0x3b,
0x07, 0x94, 0x57, 0x38, 0x19, 0xbf, 0x32, 0x22, 0x55, 0x93, 0x95, 0xf0, 0xfa, 0x74, 0x4c, 0xf2,
0x01, 0x9c, 0x42, 0x4e, 0x75, 0xaf, 0x43, 0x1b, 0x95, 0xdd, 0x5d, 0xa7, 0xe5, 0x70, 0xb3, 0xa3,
0xa9, 0xf8, 0xf9, 0x9f, 0x57, 0x8c, 0x18, 0x96, 0x1d, 0xa3, 0x98, 0xd9, 0x94, 0x64, 0x1b, 0x4a,
0x4b, 0xdd, 0x20, 0xf4, 0xda, 0x95, 0x30, 0xf4, 0x9d, 0x9d, 0x6e, 0x48, 0x83, 0xf9, 0x69, 0x2d,
0xf0, 0x07, 0x5b, 0x1c, 0x51, 0x21, 0xd7, 0x07, 0xd5, 0x91, 0xc2, 0xb2, 0x23, 0x12, 0x33, 0xc5,
0xc4, 0xf8, 0x17, 0x39, 0x98, 0xd4, 0x48, 0xc9, 0x1b, 0x30, 0x71, 0xcb, 0x77, 0xa8, 0xdb, 0x68,
0x1d, 0x2a, 0x17, 0x55, 0xbc, 0xc5, 0xec, 0x0a, 0x38, 0xef, 0xb5, 0x86, 0x16, 0xe9, 0x79, 0xf2,
0x99, 0x36, 0x81, 0x57, 0xb9, 0x43, 0xb0, 0x98, 0xa0, 0x85, 0x38, 0x12, 0x11, 0x4e, 0x50, 0x31,
0x3b, 0x15, 0x14, 0xf2, 0x2e, 0x8c, 0xf0, 0xa7, 0x14, 0x61, 0xa0, 0x76, 0x36, 0xab, 0x9b, 0xdc,
0xf9, 0x1c, 0x27, 0x22, 0xbe, 0xbd, 0x07, 0xa6, 0x20, 0x32, 0x7e, 0x2e, 0x07, 0x24, 0x8d, 0x7a,
0x8c, 0xde, 0xeb, 0xd8, 0x37, 0xfd, 0x2f, 0x45, 0xab, 0xb1, 0xa0, 0xbd, 0x61, 0xb2, 0x9a, 0x78,
0x01, 0x1f, 0x78, 0xb1, 0xea, 0x54, 0x45, 0x1c, 0x2f, 0x36, 0x7e, 0x24, 0x0f, 0x10, 0x63, 0x93,
0x2f, 0xf2, 0xd4, 0x78, 0x1f, 0x74, 0xed, 0x96, 0xb3, 0xeb, 0xe8, 0xf1, 0x56, 0x91, 0xc9, 0x37,
0x64, 0x89, 0xa9, 0x23, 0x92, 0xf7, 0x61, 0xba, 0x56, 0xd5, 0x69, 0x15, 0xe3, 0xea, 0xa0, 0x63,
0x25, 0xc8, 0x93, 0xd8, 0x68, 0x88, 0xaa, 0x7e, 0x0d, 0x6e, 0x88, 0xca, 0x3f, 0x84, 0x28, 0x61,
0x1b, 0x4b, 0xad, 0x2a, 0xec, 0xc7, 0x1b, 0xd1, 0x83, 0x00, 0xb6, 0x2e, 0xe8, 0x58, 0x1d, 0x61,
0x58, 0xce, 0xf6, 0x09, 0x0d, 0x2f, 0x1e, 0xc8, 0xe1, 0x1e, 0x0e, 0xe6, 0x3f, 0x8f, 0x6a, 0xbf,
0xb6, 0x17, 0x52, 0xa1, 0xed, 0x78, 0x6a, 0xef, 0x3d, 0xf1, 0x3b, 0xdc, 0xb0, 0xe6, 0x37, 0xab,
0xf5, 0x4e, 0xbc, 0x35, 0xdf, 0x88, 0x2f, 0x29, 0xfc, 0x45, 0x2e, 0xe3, 0x79, 0xfa, 0x97, 0x73,
0x70, 0x2a, 0x93, 0x96, 0x5c, 0x01, 0x88, 0x75, 0x4a, 0x62, 0x94, 0x70, 0xc7, 0x8c, 0xe3, 0xef,
0x98, 0x0a, 0x06, 0xf9, 0x4a, 0x52, 0x1b, 0x74, 0xfc, 0x41, 0xb8, 0x20, 0xc3, 0xde, 0xe9, 0xda,
0xa0, 0x0c, 0x1d, 0x90, 0xf1, 0x2b, 0x05, 0x98, 0x51, 0xc2, 0xfb, 0xf0, 0xb6, 0x1e, 0x63, 0x18,
0xbc, 0x0f, 0x13, 0xac, 0x37, 0x4e, 0x5d, 0x38, 0x7e, 0xf0, 0x37, 0xe3, 0x97, 0x53, 0x9e, 0x8f,
0x82, 0xdb, 0x15, 0x15, 0x99, 0xdb, 0x63, 0xe1, 0xd6, 0x89, 0x09, 0x5f, 0xeb, 0x69, 0xa7, 0x0f,
0x8d, 0x39, 0x09, 0x60, 0x72, 0xf9, 0xd0, 0xb5, 0xdb, 0x51, 0x6d, 0xfc, 0xed, 0xf8, 0x95, 0x9e,
0xb5, 0x69, 0xd8, 0xbc, 0xba, 0xd8, 0x47, 0x88, 0x97, 0x65, 0xb8, 0xa7, 0x6b, 0x54, 0x0b, 0xef,
0xc3, 0x4c, 0xaa, 0xd1, 0x27, 0x8a, 0x8b, 0xb9, 0x0d, 0x24, 0xdd, 0x8e, 0xc1, 0xad, 0xab, 0xd8,
0x99, 0x67, 0xbb, 0x0d, 0xfe, 0x12, 0x7d, 0x5d, 0xb5, 0xae, 0xfa, 0x9d, 0xbc, 0xea, 0x7d, 0xfa,
0xb4, 0xaf, 0xba, 0x2f, 0x69, 0xb7, 0xe1, 0x67, 0x7b, 0x7d, 0xd3, 0xde, 0x5a, 0x07, 0x72, 0x13,
0xc4, 0x1a, 0x4c, 0x04, 0x67, 0x48, 0xf3, 0x10, 0x2b, 0x35, 0x48, 0xae, 0xd4, 0xef, 0x16, 0xe0,
0x4c, 0x8f, 0x1a, 0xc9, 0x61, 0x72, 0xf2, 0x71, 0xed, 0xc5, 0xb5, 0xfe, 0x0d, 0x7d, 0x12, 0x53,
0x90, 0x7c, 0x91, 0xc7, 0xad, 0x10, 0xf9, 0xb7, 0xf9, 0xbd, 0x1d, 0xd5, 0xff, 0xfb, 0x11, 0x34,
0x19, 0xb0, 0x82, 0x43, 0xc9, 0xfb, 0x30, 0x8c, 0x2e, 0xcb, 0x89, 0xc0, 0x84, 0x0c, 0x03, 0xe1,
0x4a, 0x68, 0x4d, 0xf6, 0x53, 0x0b, 0xad, 0xc9, 0x00, 0xe4, 0x0b, 0x50, 0xa8, 0x6c, 0xd7, 0xc4,
0xf7, 0x9c, 0x52, 0xc9, 0xb7, 0x6b, 0x71, 0x4e, 0x1d, 0x5b, 0x4b, 0x7e, 0xc3, 0x28, 0x18, 0xe1,
0xed, 0xa5, 0xaa, 0xf8, 0x9a, 0x2a, 0xe1, 0xed, 0xa5, 0x6a, 0x4c, 0xd8, 0xd4, 0x9d, 0xa2, 0x6e,
0x2f, 0x55, 0x3f, 0xbb, 0xe5, 0xf2, 0xef, 0xe7, 0x79, 0xb0, 0x0d, 0xde, 0xb1, 0xf7, 0x61, 0x42,
0x8b, 0xa6, 0x9d, 0x53, 0xcd, 0x38, 0x85, 0x4d, 0x6b, 0xe2, 0x91, 0x5e, 0x23, 0x90, 0xd9, 0xa9,
0x22, 0xb3, 0x53, 0xf5, 0x7d, 0x3b, 0xe2, 0x90, 0xf4, 0x35, 0xd1, 0x49, 0xc8, 0x0d, 0x28, 0x6e,
0x52, 0xd7, 0x76, 0xc3, 0x48, 0x91, 0x8a, 0xb6, 0x81, 0x21, 0xc2, 0x74, 0x69, 0x23, 0x42, 0x44,
0x33, 0xb6, 0xee, 0x4e, 0x50, 0xf7, 0x1d, 0x0c, 0xca, 0x13, 0x9d, 0xe1, 0xdc, 0x8c, 0x4d, 0x29,
0xd1, 0x19, 0x24, 0x88, 0x8c, 0x9f, 0xcf, 0xc1, 0xa8, 0xf8, 0x90, 0x3c, 0xab, 0x60, 0x33, 0x3e,
0x83, 0x84, 0x75, 0x79, 0xd3, 0x49, 0x5a, 0x97, 0x37, 0x79, 0xe4, 0x9b, 0x31, 0xe1, 0xd6, 0x15,
0x3d, 0x29, 0xe2, 0x6c, 0x94, 0x0e, 0x8b, 0x7a, 0xd2, 0xb8, 0x08, 0x75, 0x50, 0x37, 0x1f, 0xe3,
0x17, 0x44, 0xcb, 0x6e, 0x2f, 0x55, 0xc9, 0x75, 0x28, 0xae, 0x7b, 0x3c, 0x88, 0x93, 0x9a, 0x22,
0xbb, 0x25, 0x60, 0xea, 0x00, 0x49, 0x3c, 0xd6, 0xbe, 0xaa, 0xef, 0x89, 0x3b, 0x90, 0xd2, 0xbe,
0x0e, 0x07, 0x26, 0xda, 0x17, 0xa1, 0x0e, 0xdc, 0xbe, 0xaf, 0x67, 0x6d, 0x12, 0xdc, 0x3e, 0x62,
0x05, 0xc6, 0x30, 0xc6, 0xe5, 0x01, 0xf5, 0x0f, 0xc5, 0xfb, 0xfd, 0x4b, 0xbd, 0x36, 0x88, 0x65,
0x89, 0x28, 0xb6, 0xa3, 0x98, 0xd2, 0xd8, 0x86, 0x0b, 0xc7, 0xa1, 0x93, 0x1b, 0x50, 0xb0, 0x1f,
0xca, 0xf8, 0xbb, 0xcf, 0xf5, 0xaa, 0xa4, 0xb2, 0x5d, 0x13, 0xec, 0x19, 0xb6, 0xf1, 0xf7, 0x73,
0xaa, 0xcb, 0x75, 0x12, 0x87, 0x5c, 0x85, 0xb9, 0x80, 0x86, 0xdd, 0x8e, 0xd4, 0xff, 0xec, 0x7a,
0xbe, 0x65, 0xfb, 0x62, 0xe4, 0xcd, 0x19, 0x2c, 0xe3, 0x5a, 0x9f, 0x5b, 0x9e, 0x5f, 0xf1, 0x5d,
0x72, 0x01, 0xc6, 0x1d, 0x37, 0xa4, 0x4d, 0x3f, 0x4e, 0x41, 0x3e, 0x66, 0xaa, 0x20, 0x72, 0x1b,
0x4e, 0x47, 0xfd, 0xb2, 0x78, 0x5e, 0xa2, 0x06, 0xda, 0xc6, 0x27, 0xe4, 0x6d, 0x9e, 0x91, 0xc8,
0xf4, 0x5a, 0xd4, 0x9c, 0x8b, 0x08, 0x38, 0xb0, 0xc1, 0xa0, 0x06, 0xcd, 0x18, 0xf5, 0x07, 0x37,
0xd0, 0x90, 0xfa, 0x8e, 0xea, 0xb4, 0x26, 0x8a, 0xe4, 0xfe, 0xbc, 0xd0, 0x6b, 0x64, 0x1e, 0xdc,
0x30, 0x33, 0xa8, 0x8c, 0x3f, 0xcc, 0xab, 0xcc, 0x6a, 0xd4, 0x3f, 0x78, 0x8a, 0xcf, 0xd4, 0xec,
0x57, 0xd0, 0x64, 0xf7, 0xfa, 0x1c, 0xa9, 0x5f, 0x48, 0x1c, 0xa9, 0xe5, 0x5e, 0x2c, 0x84, 0x44,
0x2b, 0xcf, 0x54, 0x26, 0x0e, 0xe1, 0x4d, 0x98, 0xeb, 0x20, 0x4c, 0xfe, 0x43, 0x39, 0x69, 0xbf,
0x5d, 0x80, 0xd3, 0xd9, 0xed, 0x50, 0x87, 0x26, 0xd7, 0x67, 0x68, 0x2e, 0x41, 0x71, 0xd5, 0x0b,
0x42, 0xc5, 0xb8, 0x0a, 0xdf, 0x7e, 0xf6, 0x04, 0xcc, 0x8c, 0x4a, 0xc9, 0xf3, 0x30, 0xc2, 0xfe,
0x8e, 0xf6, 0x58, 0xe4, 0x87, 0x71, 0x42, 0x9c, 0x86, 0x29, 0x8a, 0xc8, 0x6d, 0x28, 0x9a, 0xc2,
0x9d, 0x2a, 0x31, 0xd2, 0x12, 0x1c, 0x89, 0xd2, 0xc4, 0x17, 0x10, 0x2d, 0x32, 0xbd, 0x80, 0x91,
0x0a, 0x8c, 0x8a, 0xc9, 0x94, 0xb0, 0x1b, 0xc8, 0x98, 0x81, 0x7a, 0xb2, 0x08, 0x49, 0xc7, 0x8e,
0x05, 0x7c, 0x01, 0x5e, 0x5b, 0x96, 0x9e, 0x51, 0x78, 0x2c, 0xf0, 0x17, 0x62, 0xdd, 0x8e, 0x2d,
0x42, 0x24, 0x65, 0x18, 0xf7, 0x69, 0xcb, 0x3e, 0xe4, 0x67, 0x8e, 0x18, 0x77, 0x40, 0x10, 0x3f,
0x6c, 0xce, 0xc1, 0x18, 0x47, 0x70, 0x1a, 0x42, 0xdf, 0x63, 0x16, 0x11, 0xb0, 0xd6, 0x08, 0x8c,
0x4d, 0x98, 0xef, 0xf5, 0x4d, 0xd9, 0x8d, 0x36, 0xb4, 0xfd, 0x26, 0xc5, 0xeb, 0x43, 0x4b, 0xb8,
0xcd, 0xc6, 0x86, 0x49, 0x9b, 0x58, 0xb6, 0x8a, 0x45, 0xe6, 0x44, 0xa8, 0xfc, 0x32, 0xbe, 0x95,
0x07, 0x90, 0x6a, 0xc4, 0xa7, 0x76, 0x11, 0x7d, 0x41, 0x5b, 0x44, 0xa7, 0xe2, 0x67, 0x9a, 0xc1,
0x73, 0xc2, 0xdf, 0x87, 0x29, 0x1d, 0xff, 0xf8, 0x44, 0xa2, 0x9b, 0xb1, 0x86, 0x55, 0xb8, 0x2a,
0xe0, 0xfb, 0x08, 0x87, 0x1b, 0x3b, 0x30, 0x77, 0x9b, 0x86, 0xb1, 0xbe, 0x55, 0xbe, 0x85, 0xf7,
0x67, 0xfb, 0x2a, 0x8c, 0x09, 0xfc, 0xe8, 0x60, 0xe4, 0xca, 0x41, 0x11, 0x0e, 0x08, 0x95, 0x83,
0x12, 0x81, 0x6d, 0xb8, 0xcb, 0xb4, 0x45, 0x43, 0xfa, 0xd9, 0x56, 0x53, 0x03, 0xc2, 0xbb, 0x82,
0x3d, 0x1b, 0xac, 0x86, 0x63, 0xc7, 0xe7, 0x01, 0x9c, 0x8a, 0xda, 0xfe, 0x24, 0xf9, 0x5e, 0x85,
0x69, 0x29, 0xc1, 0x29, 0x1c, 0xfb, 0x18, 0x43, 0xfd, 0x5e, 0x0e, 0x16, 0x24, 0xc5, 0xb6, 0x13,
0x59, 0xc1, 0x0d, 0x44, 0x4c, 0xde, 0x81, 0x71, 0x85, 0x46, 0x78, 0x19, 0xe0, 0xc3, 0xc9, 0x43,
0x27, 0xdc, 0xb3, 0x02, 0x0e, 0x57, 0x1f, 0x4e, 0x14, 0x74, 0xb2, 0x03, 0x0b, 0xb5, 0xca, 0xc6,
0x7a, 0xec, 0x27, 0x74, 0xcf, 0xbb, 0xe5, 0xb5, 0x5a, 0xde, 0xc3, 0x2d, 0x73, 0x5d, 0x26, 0x7b,
0xc2, 0x98, 0x27, 0xf8, 0x0a, 0xa3, 0x38, 0x1b, 0xb9, 0x9e, 0xb5, 0x8b, 0x88, 0x56, 0xd7, 0x6f,
0x05, 0x66, 0x1f, 0x2e, 0xc6, 0x3f, 0xcc, 0xc1, 0xb9, 0xc8, 0x69, 0x25, 0xa3, 0x7f, 0x89, 0x1e,
0xe4, 0x9e, 0x64, 0x0f, 0xf2, 0x4f, 0xa4, 0x07, 0xf7, 0xe2, 0xef, 0xb3, 0xe6, 0x46, 0x2e, 0xe9,
0xb2, 0xfd, 0x44, 0xfd, 0x3e, 0xe2, 0xab, 0x3c, 0x93, 0x72, 0x72, 0x57, 0x7c, 0xd9, 0x8d, 0xb7,
0x95, 0x01, 0xc9, 0x60, 0xa8, 0x11, 0xe7, 0x92, 0xc4, 0xdf, 0xca, 0xc3, 0xf4, 0xfd, 0xb5, 0xe5,
0xa5, 0xc8, 0xb0, 0xef, 0xfb, 0x2c, 0xf7, 0xbe, 0xd6, 0xb7, 0xde, 0x3b, 0xa7, 0xb1, 0x05, 0xb3,
0x89, 0x61, 0x40, 0x39, 0xef, 0x3d, 0xee, 0x06, 0x11, 0x81, 0xa5, 0x8c, 0x77, 0x3a, 0x8b, 0xfd,
0x83, 0x1b, 0x66, 0x02, 0xdb, 0xf8, 0x9f, 0x27, 0x12, 0x7c, 0xc5, 0x66, 0xfc, 0x2a, 0x8c, 0xad,
0x05, 0x41, 0x97, 0xfa, 0x5b, 0xe6, 0xba, 0xaa, 0x85, 0x73, 0x10, 0xc8, 0xe6, 0x90, 0x19, 0x23,
0x90, 0xcb, 0x50, 0x14, 0x11, 0xf0, 0xe5, 0xee, 0x86, 0x0f, 0x22, 0x51, 0x00, 0x7d, 0x33, 0x2a,
0x26, 0x6f, 0xc0, 0x04, 0xff, 0x9b, 0xcf, 0x68, 0x31, 0xe0, 0xa8, 0x77, 0x17, 0xe8, 0x7c, 0x05,
0x98, 0x1a, 0x1a, 0x79, 0x19, 0x0a, 0x95, 0x25, 0x53, 0x68, 0x5a, 0xc5, 0xd5, 0xca, 0xb7, 0xb8,
0x3a, 0x5c, 0xbb, 0x67, 0x2f, 0x99, 0xec, 0x82, 0x24, 0xa3, 0x81, 0x88, 0x47, 0x22, 0x9c, 0x01,
0x52, 0x91, 0x9b, 0x10, 0x15, 0x10, 0x46, 0xae, 0xc2, 0xe8, 0xb2, 0x13, 0x74, 0x5a, 0xf6, 0xa1,
0x78, 0x22, 0xe2, 0x39, 0x5a, 0x39, 0x48, 0x8b, 0x6a, 0xc1, 0x41, 0xe4, 0xb2, 0x4c, 0x8f, 0x58,
0x8c, 0xbd, 0x29, 0x7a, 0xe4, 0x40, 0x8c, 0x7d, 0x83, 0xc7, 0x8e, 0xf7, 0x0d, 0x4e, 0x7b, 0xf5,
0xc2, 0x93, 0xf4, 0xea, 0xdd, 0x81, 0x33, 0xb7, 0x51, 0x31, 0xaa, 0x47, 0x3b, 0xdb, 0x32, 0xd7,
0xc4, 0x53, 0x13, 0xbe, 0xb0, 0x72, 0xdd, 0x69, 0x32, 0x60, 0x9a, 0xd5, 0xf5, 0xd5, 0x94, 0xe3,
0xbd, 0x18, 0x91, 0x0f, 0x61, 0x2e, 0xab, 0x48, 0x3c, 0x48, 0x61, 0x5c, 0xaf, 0xec, 0x0a, 0xd4,
0xb8, 0x5e, 0x59, 0x1c, 0xc8, 0x3a, 0x94, 0x38, 0xbc, 0xd2, 0x68, 0x3b, 0x2e, 0x7f, 0x54, 0x9b,
0x8c, 0xbd, 0x43, 0x05, 0x57, 0x9b, 0x15, 0xf2, 0xc7, 0x35, 0xcd, 0x21, 0x26, 0x41, 0x49, 0x7e,
0x2a, 0x07, 0x13, 0x26, 0xe5, 0x51, 0xd5, 0x71, 0xfb, 0x9c, 0x12, 0xcf, 0xf3, 0x91, 0x87, 0x4a,
0x2d, 0xf4, 0x1d, 0xb7, 0x29, 0x9c, 0x5d, 0x36, 0x85, 0xb3, 0xcb, 0x3b, 0x9f, 0xc8, 0xd9, 0x85,
0xb3, 0x0a, 0x1e, 0x1f, 0x95, 0x27, 0x7c, 0x51, 0x27, 0xae, 0x22, 0xad, 0x05, 0x6c, 0xe8, 0xd0,
0xe1, 0x78, 0xcb, 0xe5, 0x31, 0x9d, 0x69, 0x83, 0x77, 0x72, 0x1a, 0x37, 0x76, 0x1c, 0x3a, 0x9b,
0x6f, 0xe2, 0x11, 0x42, 0xaa, 0xa3, 0x99, 0x1c, 0xc8, 0x22, 0x7f, 0xe8, 0x63, 0x47, 0x29, 0xf7,
0x37, 0x2d, 0xc5, 0xba, 0x19, 0xe9, 0x7d, 0x61, 0xe1, 0x34, 0x52, 0x27, 0x8f, 0x46, 0x42, 0xae,
0xc2, 0xc8, 0x86, 0xfd, 0xa8, 0xd2, 0xa4, 0x22, 0x27, 0xf1, 0xa4, 0xdc, 0xfe, 0x10, 0xb8, 0x58,
0xfc, 0x5d, 0x6e, 0x81, 0xff, 0x39, 0x53, 0xa0, 0x91, 0x3f, 0x9f, 0x83, 0xd3, 0x7c, 0x19, 0xcb,
0x5e, 0xd6, 0x68, 0x18, 0xb2, 0x71, 0x10, 0xc1, 0x21, 0x2f, 0x44, 0x31, 0x9f, 0xef, 0x67, 0xe3,
0x61, 0xf4, 0x02, 0x43, 0xec, 0x0c, 0xd1, 0xc0, 0x05, 0xa2, 0x54, 0x8b, 0xb2, 0x9d, 0x49, 0x4f,
0x36, 0x61, 0x7c, 0xe3, 0x56, 0x25, 0xaa, 0x76, 0x56, 0xbb, 0xb3, 0x69, 0x3b, 0x9f, 0x82, 0x96,
0x65, 0xff, 0xae, 0xb2, 0xc1, 0xeb, 0xc8, 0xdd, 0xa5, 0x15, 0x8c, 0x17, 0x30, 0x17, 0x6b, 0xa9,
0x3a, 0xfb, 0x75, 0x9a, 0x0c, 0xff, 0x1d, 0x21, 0x92, 0xf7, 0xb9, 0x4b, 0x1e, 0x86, 0x95, 0x61,
0xb7, 0xf1, 0x53, 0x71, 0x04, 0x4f, 0x1e, 0x37, 0x5c, 0x14, 0xa8, 0xfa, 0x35, 0x95, 0x80, 0xdc,
0x07, 0x19, 0x7f, 0xe0, 0x3e, 0x3e, 0x57, 0x63, 0xf5, 0xa7, 0x63, 0x37, 0x18, 0x69, 0x9b, 0xe2,
0xf1, 0x87, 0xed, 0x44, 0x43, 0xd2, 0xb4, 0x64, 0x0b, 0xe6, 0xa9, 0x1b, 0xfa, 0xb6, 0xe5, 0x34,
0x44, 0xac, 0xbf, 0xe8, 0xb9, 0x4b, 0x64, 0x22, 0x96, 0x0f, 0x3d, 0x2b, 0x0c, 0x6d, 0x6d, 0x99,
0x3f, 0x80, 0xcb, 0x5d, 0xd3, 0x3c, 0x85, 0xd4, 0x6b, 0x0d, 0x1d, 0x2c, 0x2c, 0xfa, 0x0f, 0xe1,
0x54, 0x26, 0x15, 0x59, 0x80, 0x62, 0xc3, 0x09, 0xe2, 0x7c, 0x3e, 0x45, 0x33, 0xfa, 0x4d, 0xce,
0x03, 0xf0, 0x18, 0x69, 0xac, 0x5a, 0x29, 0x4a, 0x20, 0x04, 0xdf, 0x2e, 0x5f, 0x84, 0xa9, 0xa6,
0x6f, 0x77, 0xf6, 0x2c, 0xea, 0x36, 0x3a, 0x9e, 0xe3, 0x8a, 0xf3, 0xc3, 0x9c, 0x44, 0xe8, 0x8a,
0x00, 0x1a, 0x5f, 0x90, 0x13, 0x95, 0xbc, 0xa6, 0x7a, 0xc1, 0x16, 0xf0, 0x2b, 0x8d, 0xb6, 0xed,
0x47, 0x96, 0xdd, 0xa4, 0x9a, 0x65, 0x90, 0x78, 0xb1, 0xfb, 0xd9, 0x1c, 0x9c, 0xed, 0x39, 0x17,
0xc9, 0x4d, 0x38, 0x63, 0xf3, 0x70, 0x00, 0xd6, 0x5e, 0x18, 0x76, 0x02, 0x4b, 0xde, 0xac, 0x65,
0x8c, 0xa5, 0x53, 0xa2, 0x78, 0x95, 0x95, 0xca, 0xcb, 0x76, 0x40, 0xde, 0x87, 0x67, 0x1c, 0x37,
0xa0, 0xf5, 0xae, 0x4f, 0x2d, 0xc9, 0xa0, 0xee, 0x34, 0x7c, 0xcb, 0xb7, 0xdd, 0xa6, 0x74, 0x02,
0x36, 0xcf, 0x4a, 0x1c, 0x11, 0x72, 0x60, 0xc9, 0x69, 0xf8, 0x26, 0x22, 0x18, 0xbf, 0x9c, 0x87,
0xf9, 0x5e, 0x73, 0x95, 0xcc, 0xc3, 0x28, 0x75, 0xd5, 0xd1, 0x94, 0x3f, 0xd9, 0xf5, 0x36, 0x3a,
0x82, 0xc5, 0x58, 0x16, 0xeb, 0x22, 0x53, 0x0d, 0x79, 0x1e, 0xf4, 0x03, 0x57, 0x8c, 0xe4, 0x44,
0x5d, 0x3d, 0x76, 0xcf, 0x03, 0xc4, 0xe7, 0x2c, 0x57, 0xaa, 0x9a, 0x63, 0x76, 0xdd, 0xe7, 0x5b,
0x22, 0x39, 0x0d, 0x23, 0xfc, 0x1c, 0xe3, 0x07, 0xb3, 0x29, 0x7e, 0x31, 0x81, 0x4a, 0x0c, 0x32,
0x1e, 0xc0, 0x85, 0xc5, 0x09, 0x6d, 0xb0, 0x47, 0xda, 0xfc, 0xe3, 0x64, 0xce, 0xe7, 0xd1, 0x4f,
0x3e, 0x9f, 0x8d, 0xbf, 0x3c, 0xc9, 0x85, 0xc5, 0x4a, 0x37, 0xdc, 0x93, 0xe2, 0xe5, 0xf5, 0x2c,
0x7f, 0x35, 0x6e, 0x90, 0xae, 0xf8, 0xab, 0xe9, 0x5e, 0x6a, 0xf2, 0x01, 0x3d, 0x9f, 0xf9, 0x80,
0xfe, 0x2a, 0x8c, 0x2d, 0xed, 0xd1, 0xfa, 0x7e, 0xe4, 0x04, 0x54, 0x14, 0x2f, 0x94, 0x0c, 0xc8,
0x33, 0x1b, 0xc4, 0x08, 0xe4, 0x2a, 0x00, 0xba, 0xc9, 0xf2, 0x5b, 0x94, 0x92, 0x9d, 0x08, 0xbd,
0x6a, 0x85, 0x8d, 0x9f, 0x82, 0x82, 0xec, 0x6b, 0xe6, 0x2d, 0xd5, 0x28, 0x90, 0xb3, 0x0f, 0xfc,
0x5d, 0x81, 0x1e, 0x23, 0xb0, 0xee, 0x29, 0x27, 0x88, 0x90, 0x77, 0x4a, 0xa9, 0x63, 0x46, 0x45,
0x22, 0x5f, 0x80, 0xd1, 0x25, 0xea, 0x87, 0x9b, 0x9b, 0xeb, 0x68, 0x89, 0xc7, 0x93, 0xf2, 0x14,
0x31, 0x81, 0x4a, 0x18, 0xb6, 0xbe, 0x77, 0x54, 0x9e, 0x0c, 0x9d, 0x36, 0x8d, 0x92, 0x0d, 0x98,
0x12, 0x9b, 0x2c, 0x42, 0x89, 0xdb, 0x0a, 0xc5, 0xf7, 0x5f, 0x94, 0x69, 0x8a, 0x5c, 0xc2, 0x12,
0x86, 0x45, 0x0f, 0xe9, 0x4e, 0x94, 0x3e, 0x26, 0x85, 0x4f, 0x56, 0x64, 0xd6, 0x25, 0xb5, 0xd9,
0x10, 0xef, 0xa1, 0xc9, 0xbd, 0x9e, 0xb5, 0x3e, 0x4d, 0x41, 0x2a, 0x30, 0xb9, 0xe4, 0xb5, 0x3b,
0x76, 0xe8, 0x60, 0x52, 0xd7, 0x43, 0x21, 0xbe, 0xe0, 0x6e, 0x5a, 0x57, 0x0b, 0x34, 0x59, 0x48,
0x2d, 0x20, 0xb7, 0x60, 0xca, 0xf4, 0xba, 0x6c, 0xd8, 0xa5, 0x76, 0x8a, 0x4b, 0x28, 0x68, 0x2f,
0xe7, 0xb3, 0x12, 0x26, 0x50, 0x09, 0x55, 0x94, 0x16, 0x98, 0x59, 0xa3, 0x22, 0xf7, 0x32, 0xde,
0x88, 0x55, 0xb1, 0x44, 0x4d, 0x22, 0x93, 0x62, 0x96, 0xf1, 0xbc, 0x7c, 0x03, 0xc6, 0x6b, 0xb5,
0xfb, 0x9b, 0x34, 0x08, 0x6f, 0xb5, 0xbc, 0x87, 0x28, 0x95, 0x14, 0x45, 0xce, 0xc3, 0xc0, 0xb3,
0x42, 0xb6, 0x22, 0x76, 0x5b, 0xde, 0x43, 0x53, 0xc5, 0x22, 0x5f, 0x63, 0xe3, 0xa1, 0xc8, 0xf0,
0x22, 0x04, 0x75, 0xbf, 0x6b, 0x06, 0x9e, 0xfd, 0xf1, 0x22, 0x60, 0x97, 0x0d, 0x7d, 0xb0, 0x14,
0x74, 0xf4, 0x51, 0xf3, 0xbd, 0x47, 0x87, 0x95, 0x46, 0xc3, 0xa7, 0x41, 0x20, 0xc4, 0x07, 0xee,
0xa3, 0x86, 0x4a, 0x38, 0x9b, 0x17, 0x68, 0x3e, 0x6a, 0x0a, 0x01, 0x59, 0x62, 0x72, 0x2d, 0xfb,
0x8a, 0x68, 0xc1, 0xb9, 0x56, 0x45, 0x09, 0x40, 0x3c, 0xd1, 0x88, 0x6f, 0xce, 0x6d, 0x3d, 0x9d,
0x8e, 0x2e, 0xbe, 0x2a, 0x34, 0x64, 0x0d, 0xa6, 0x39, 0x80, 0x2d, 0x2d, 0x9e, 0xf1, 0x6c, 0x36,
0xce, 0xb9, 0x22, 0xd8, 0xe0, 0x61, 0x8a, 0x59, 0xcf, 0xd4, 0x40, 0x03, 0x09, 0x3a, 0xf2, 0x3e,
0x4c, 0x61, 0x3a, 0x89, 0xee, 0x4e, 0xcb, 0xa9, 0x5b, 0xfb, 0xf4, 0x10, 0x0f, 0xf2, 0x09, 0x1e,
0x6e, 0x59, 0x94, 0x24, 0xbc, 0xe7, 0x26, 0x82, 0x60, 0xaf, 0x8a, 0xf8, 0x77, 0xe9, 0x21, 0x63,
0x80, 0x46, 0x83, 0x31, 0x83, 0x53, 0x31, 0x03, 0x51, 0x92, 0x64, 0x10, 0xb6, 0x82, 0x98, 0xc1,
0xcf, 0xe4, 0xe0, 0x2c, 0xab, 0xc8, 0x0e, 0xd9, 0x37, 0xe5, 0xd7, 0x74, 0xdc, 0x14, 0xd0, 0x22,
0x92, 0xa7, 0xc2, 0x79, 0xed, 0x8a, 0x14, 0x2a, 0xaf, 0x28, 0x68, 0x57, 0x0e, 0xae, 0x5d, 0xa9,
0xc4, 0x3f, 0x6b, 0x92, 0x88, 0x07, 0xa0, 0xed, 0xc9, 0x53, 0x15, 0xde, 0x83, 0x60, 0x2f, 0x8b,
0x03, 0x36, 0x8a, 0x35, 0x3e, 0xbb, 0x51, 0x67, 0x3e, 0x71, 0xa3, 0x7a, 0xf2, 0x54, 0x1b, 0x15,
0xb6, 0x82, 0xcc, 0x46, 0xdd, 0x84, 0x49, 0x14, 0xad, 0x84, 0x48, 0xeb, 0x8b, 0x44, 0x3b, 0xb8,
0x26, 0xb4, 0x02, 0x73, 0x82, 0xfd, 0x7c, 0x20, 0x7e, 0x91, 0x2f, 0x80, 0xb0, 0x1f, 0xde, 0x63,
0xa2, 0xc2, 0xd9, 0xf8, 0xf2, 0x18, 0x43, 0xd5, 0x77, 0x2f, 0x84, 0xae, 0x3a, 0x6e, 0x18, 0xeb,
0xea, 0x17, 0x14, 0x5d, 0xfd, 0x9d, 0xa1, 0xe2, 0x68, 0xa9, 0x78, 0x67, 0xa8, 0x38, 0x53, 0x22,
0xe6, 0x58, 0xf4, 0x1d, 0xcd, 0x53, 0x99, 0xfd, 0x42, 0xcd, 0x45, 0xad, 0xb2, 0xb1, 0x1e, 0x5f,
0xbf, 0xbf, 0xbf, 0x9c, 0xfe, 0xb4, 0xbe, 0xf5, 0x71, 0xfa, 0xdb, 0xe2, 0xee, 0xdb, 0xca, 0x30,
0x48, 0xcd, 0x85, 0x06, 0x4e, 0x6a, 0x2e, 0x12, 0x34, 0x66, 0x02, 0xdb, 0xf8, 0xf6, 0x44, 0x82,
0xaf, 0x30, 0xf4, 0x37, 0x60, 0x84, 0x2b, 0x26, 0xc4, 0x20, 0xa3, 0xc5, 0x17, 0x57, 0x5b, 0x98,
0xa2, 0x84, 0x9c, 0x85, 0x42, 0xad, 0x76, 0x5f, 0x0c, 0x32, 0x9a, 0xfb, 0x07, 0x81, 0x67, 0x32,
0x18, 0xfb, 0x42, 0x68, 0xc3, 0xaf, 0xe4, 0x14, 0x61, 0x07, 0xa3, 0x89, 0x50, 0x36, 0xde, 0x52,
0x4d, 0x30, 0x14, 0x8f, 0xb7, 0x50, 0x13, 0xc4, 0xca, 0x81, 0x25, 0x98, 0xaf, 0x04, 0x01, 0xf5,
0xd9, 0x8c, 0x10, 0xa6, 0xe1, 0xbe, 0xb8, 0xca, 0x8a, 0x13, 0x1d, 0x2b, 0xb5, 0xeb, 0x81, 0xd9,
0x13, 0x91, 0x5c, 0x82, 0x62, 0xa5, 0xdb, 0x70, 0xa8, 0x5b, 0xd7, 0xa2, 0x17, 0xda, 0x02, 0x66,
0x46, 0xa5, 0xe4, 0x03, 0x38, 0x95, 0x88, 0x82, 0x2a, 0x46, 0x60, 0x34, 0xde, 0xa4, 0xe5, 0x55,
0x3b, 0x36, 0x67, 0xe3, 0x43, 0x92, 0x4d, 0x49, 0x2a, 0x50, 0x5a, 0x41, 0x27, 0xd7, 0x65, 0xca,
0x5f, 0xc8, 0x3d, 0x1f, 0x65, 0x05, 0xa1, 0x18, 0x11, 0x71, 0x62, 0x1b, 0x51, 0xa1, 0x99, 0x42,
0x27, 0x77, 0x61, 0x36, 0x09, 0x63, 0x47, 0x3d, 0xd7, 0x81, 0xe0, 0x26, 0x99, 0xe2, 0x82, 0x87,
0x7d, 0x16, 0x15, 0xd9, 0x81, 0x99, 0xd8, 0x9c, 0x53, 0xd7, 0x8c, 0x48, 0x2f, 0x91, 0xa8, 0x5c,
0x6a, 0x47, 0xce, 0x89, 0xc9, 0x38, 0x1b, 0x9b, 0x86, 0x46, 0x1a, 0x12, 0x33, 0xcd, 0x8e, 0x34,
0x60, 0xaa, 0xe6, 0x34, 0x5d, 0xc7, 0x6d, 0xde, 0xa5, 0x87, 0x55, 0xdb, 0xf1, 0x85, 0xbd, 0xfe,
0x7c, 0xf4, 0x1e, 0x7b, 0xd8, 0x6e, 0xd3, 0xd0, 0xc7, 0x55, 0xcf, 0xca, 0xd1, 0xf9, 0x9d, 0xdd,
0x78, 0x17, 0x02, 0x4e, 0xc7, 0xb6, 0x7b, 0xab, 0x63, 0x3b, 0x9a, 0xb4, 0xa0, 0xf3, 0xd4, 0xb4,
0x53, 0x13, 0x03, 0x6a, 0xa7, 0x5a, 0x30, 0xb3, 0xe2, 0xd6, 0xfd, 0x43, 0x34, 0x54, 0x90, 0x8d,
0x9b, 0x3c, 0xa6, 0x71, 0x2f, 0x88, 0xc6, 0x3d, 0x63, 0xcb, 0x19, 0x96, 0xd5, 0xbc, 0x34, 0x63,
0x52, 0x83, 0x19, 0xbc, 0x82, 0xac, 0x2d, 0x57, 0xd7, 0x5c, 0x27, 0x74, 0xec, 0x90, 0x36, 0x84,
0x14, 0x12, 0x65, 0x62, 0xe2, 0x5a, 0x08, 0xa7, 0xd1, 0xb1, 0x1c, 0x89, 0xa2, 0x32, 0x4d, 0xd1,
0xf7, 0x53, 0x05, 0x4c, 0xff, 0x09, 0xa9, 0x02, 0xd6, 0x60, 0x3a, 0x19, 0x43, 0xa2, 0x14, 0x0b,
0x0f, 0x01, 0x16, 0x31, 0x19, 0xc4, 0xeb, 0xa2, 0xd4, 0xa9, 0x45, 0x29, 0x4a, 0x44, 0x8f, 0x48,
0x68, 0x15, 0x66, 0x34, 0xad, 0x82, 0xb6, 0x2b, 0x9d, 0x44, 0xab, 0x50, 0x05, 0xb8, 0xe5, 0xf9,
0x75, 0x5a, 0x41, 0xff, 0x7a, 0xa2, 0xe5, 0xab, 0x63, 0x4c, 0xe3, 0x42, 0xbe, 0x7e, 0x76, 0xd9,
0x6f, 0x2b, 0xe9, 0x5f, 0xaf, 0xf0, 0x20, 0x36, 0x9c, 0xa9, 0xfa, 0x74, 0x97, 0xfa, 0x3e, 0x6d,
0x88, 0x0b, 0xd1, 0xa2, 0xe3, 0x36, 0x64, 0x12, 0x42, 0x11, 0xb1, 0xbe, 0x23, 0x51, 0x22, 0xef,
0x96, 0x1d, 0x8e, 0xa4, 0x9e, 0xcd, 0x3d, 0xf8, 0xa4, 0xb4, 0x1a, 0x73, 0x27, 0xd5, 0x6a, 0xac,
0xc0, 0xd4, 0x9a, 0x5b, 0x6f, 0x75, 0x1b, 0x54, 0x58, 0xe1, 0x8b, 0x14, 0x82, 0x28, 0x19, 0x3a,
0xbc, 0xc4, 0x12, 0xc6, 0xfa, 0xea, 0xba, 0xd2, 0x89, 0x8c, 0x1f, 0xcf, 0xc3, 0x7c, 0xaf, 0x91,
0xef, 0x73, 0x47, 0x7e, 0x05, 0xd2, 0x9b, 0x99, 0xb8, 0x2b, 0x97, 0x68, 0x72, 0x4b, 0xbb, 0x0e,
0xd9, 0x7b, 0x96, 0xb8, 0x3b, 0xcf, 0x26, 0x09, 0xb6, 0xfc, 0x16, 0xb9, 0x09, 0xe3, 0xca, 0x77,
0xc2, 0x63, 0xa3, 0xd7, 0x57, 0x35, 0x61, 0x37, 0xfe, 0x74, 0xa7, 0x41, 0x9c, 0x5a, 0xf2, 0x6e,
0xcd, 0x7f, 0x91, 0x12, 0xb0, 0xc3, 0x8a, 0x9f, 0x08, 0x26, 0xfb, 0x93, 0x10, 0xc0, 0x23, 0x4a,
0xbc, 0x6f, 0xe3, 0xdf, 0xc6, 0x8f, 0x4e, 0x72, 0xe1, 0x43, 0xbd, 0x09, 0xf7, 0x72, 0x24, 0x49,
0xdc, 0x90, 0xf3, 0x27, 0xb9, 0x21, 0x17, 0x8e, 0xbf, 0x21, 0x0f, 0x1d, 0x77, 0x43, 0x4e, 0x5c,
0x61, 0x87, 0x4f, 0x78, 0x85, 0x1d, 0x3d, 0xd1, 0x15, 0x56, 0xbb, 0x5d, 0x17, 0x8f, 0xbb, 0x5d,
0xff, 0xd9, 0x85, 0xf7, 0x69, 0xbd, 0xf0, 0x66, 0x49, 0xa7, 0x27, 0xba, 0xf0, 0xa6, 0xee, 0xab,
0x33, 0x4f, 0xe6, 0xbe, 0x4a, 0x9e, 0xd8, 0x7d, 0x75, 0xf6, 0xd3, 0xde, 0x57, 0xe7, 0x9e, 0xe4,
0x7d, 0xf5, 0xd4, 0x9f, 0xc6, 0xfb, 0xea, 0xe9, 0x7f, 0x37, 0xf7, 0xd5, 0x1b, 0x50, 0xac, 0x7a,
0x41, 0x78, 0xcb, 0xf3, 0xdb, 0x78, 0x65, 0x9e, 0x10, 0xcf, 0x03, 0x5e, 0xc0, 0xf3, 0x91, 0x6b,
0x42, 0x9e, 0x40, 0x24, 0x8b, 0x72, 0xc2, 0xc9, 0x1b, 0xdd, 0x7c, 0xfc, 0x42, 0x23, 0x66, 0x8a,
0xb8, 0xd8, 0xa5, 0xe7, 0x9b, 0xbc, 0xe8, 0xdd, 0x83, 0x19, 0xe9, 0xca, 0x86, 0x41, 0x6a, 0xf0,
0xb2, 0x7c, 0x36, 0x5e, 0x99, 0xb1, 0xcf, 0x9b, 0x2c, 0xd5, 0xf2, 0x67, 0x26, 0x49, 0x7b, 0xde,
0x83, 0x47, 0x4a, 0xa3, 0x77, 0x86, 0x8a, 0xa5, 0xd2, 0xcc, 0x00, 0xf7, 0xe0, 0x1f, 0x82, 0x52,
0x52, 0x34, 0x3f, 0x3e, 0xb4, 0xfa, 0x13, 0x8b, 0x3a, 0xca, 0x2e, 0x0e, 0x49, 0xd1, 0x98, 0x5c,
0x05, 0xa8, 0xfa, 0xce, 0x81, 0x1d, 0xd2, 0xbb, 0xd2, 0x82, 0x5a, 0xe4, 0x12, 0xe0, 0x50, 0xb6,
0x0c, 0x4c, 0x05, 0x25, 0xba, 0x15, 0xe6, 0xb3, 0x6e, 0x85, 0xc6, 0x8f, 0xe5, 0x61, 0x86, 0x87,
0xdb, 0x7b, 0xfa, 0xad, 0x14, 0xde, 0xd3, 0xee, 0xfa, 0xcf, 0xc4, 0x19, 0x52, 0xd4, 0xde, 0xf5,
0xb1, 0x53, 0xf8, 0x2a, 0x9c, 0x4a, 0x0d, 0x05, 0xde, 0xf7, 0x97, 0x65, 0xa0, 0xc3, 0xd4, 0x8d,
0x7f, 0x3e, 0xbb, 0x92, 0x07, 0x37, 0xcc, 0x14, 0x85, 0xf1, 0xab, 0xc3, 0x29, 0xfe, 0xc2, 0x62,
0x41, 0xb5, 0x41, 0xc8, 0x9d, 0xcc, 0x06, 0x21, 0x3f, 0x98, 0x0d, 0x42, 0x42, 0x4e, 0x29, 0x0c,
0x22, 0xa7, 0x7c, 0x00, 0x93, 0x9b, 0xd4, 0x6e, 0x07, 0x9b, 0x9e, 0x48, 0xb7, 0xc7, 0xfd, 0xfc,
0x64, 0x1c, 0x43, 0x56, 0x26, 0xaf, 0xab, 0x91, 0xdf, 0x41, 0xc8, 0x08, 0xd8, 0x49, 0xcc, 0xf3,
0xef, 0x99, 0x3a, 0x07, 0x55, 0x07, 0x31, 0xdc, 0x47, 0x07, 0x51, 0x83, 0x09, 0x41, 0x17, 0xc7,
0x93, 0x8f, 0x2f, 0xcb, 0xac, 0x08, 0xe1, 0xb2, 0x76, 0xe9, 0x70, 0x3f, 0x15, 0xd5, 0xce, 0xef,
0xc9, 0x1a, 0x13, 0x36, 0x04, 0xf2, 0x91, 0x8d, 0x0d, 0xc1, 0x68, 0x3c, 0x04, 0xf2, 0x41, 0x8e,
0x0f, 0x81, 0x82, 0x44, 0xde, 0x81, 0xa9, 0x4a, 0x75, 0x4d, 0x25, 0x2b, 0xc6, 0x66, 0x10, 0x76,
0xc7, 0xb1, 0x34, 0xd2, 0x04, 0x6e, 0xbf, 0x7b, 0xe3, 0xd8, 0x9f, 0xd0, 0xbd, 0x31, 0x79, 0xc3,
0x81, 0x13, 0xde, 0x70, 0x8c, 0x7f, 0x31, 0x21, 0xf7, 0x87, 0xcf, 0xf6, 0x61, 0x4a, 0x7f, 0x6a,
0x2a, 0x9c, 0xf0, 0xa9, 0x69, 0xe8, 0x38, 0x61, 0x58, 0x91, 0xb9, 0x47, 0x3e, 0xf5, 0xb3, 0xd1,
0xe8, 0x09, 0xa5, 0xe8, 0xc4, 0xe2, 0x2b, 0x0e, 0xb2, 0xf8, 0x32, 0x25, 0xef, 0xb1, 0x4f, 0x2f,
0x79, 0xc3, 0x89, 0x25, 0xef, 0x5a, 0x1c, 0x48, 0x63, 0xfc, 0x58, 0xff, 0xc4, 0xf3, 0x42, 0xc9,
0x32, 0x93, 0x1d, 0x4d, 0x31, 0x0a, 0xa9, 0xf1, 0x7d, 0x25, 0xce, 0x7f, 0x3d, 0x5b, 0x9c, 0xef,
0x7f, 0x00, 0xfd, 0x99, 0x40, 0xff, 0x67, 0x02, 0xfd, 0x9f, 0x88, 0x40, 0x7f, 0x1f, 0x88, 0xdd,
0x0d, 0xf7, 0x98, 0x5c, 0x5c, 0xc7, 0x88, 0xbe, 0xec, 0x13, 0xa3, 0x68, 0x2f, 0xd6, 0x48, 0xba,
0x54, 0x5d, 0x23, 0x5a, 0x29, 0xea, 0x3c, 0x22, 0xc1, 0x7a, 0x5e, 0x17, 0xac, 0x87, 0x4b, 0x23,
0x03, 0x0b, 0xd6, 0x3e, 0xae, 0xb3, 0x6d, 0xdb, 0x77, 0xf1, 0x98, 0xba, 0x0a, 0xa3, 0x32, 0xae,
0x6c, 0x2e, 0xd6, 0xd4, 0xa7, 0x03, 0xca, 0x4a, 0x2c, 0x72, 0x1d, 0x8a, 0x92, 0x58, 0xcd, 0xe5,
0xf5, 0x50, 0xc0, 0xb4, 0x90, 0x9d, 0x02, 0x66, 0xfc, 0x07, 0x43, 0x72, 0x2f, 0x67, 0xdd, 0xa8,
0xda, 0xbe, 0xdd, 0xc6, 0x54, 0xa2, 0xd1, 0x52, 0x53, 0xc4, 0xfa, 0xc4, 0xea, 0x4c, 0x38, 0x8e,
0xe9, 0x24, 0x9f, 0x28, 0x30, 0x70, 0x9c, 0xad, 0xbd, 0x30, 0x40, 0xb6, 0xf6, 0x37, 0xb5, 0x54,
0xe7, 0x43, 0x71, 0x6e, 0x5d, 0xb6, 0xbf, 0xf5, 0x4f, 0x72, 0x7e, 0x53, 0xcd, 0x49, 0x3e, 0x1c,
0xc7, 0x9a, 0x44, 0xca, 0x3e, 0xd9, 0xc8, 0xa3, 0x7b, 0xca, 0xc8, 0x49, 0x42, 0x6e, 0x8f, 0xfe,
0x3b, 0x0d, 0xb9, 0xbd, 0x02, 0x20, 0xce, 0xdc, 0xd8, 0x3e, 0xe4, 0x45, 0xdc, 0x92, 0x84, 0xaf,
0x42, 0x18, 0xb6, 0x7a, 0x64, 0x10, 0x52, 0x08, 0x8d, 0x7f, 0x46, 0x60, 0xa6, 0x56, 0xbb, 0xbf,
0xec, 0xd8, 0x4d, 0xd7, 0x0b, 0x42, 0xa7, 0xbe, 0xe6, 0xee, 0x7a, 0x4c, 0x48, 0x8f, 0xce, 0x05,
0x25, 0x58, 0x72, 0x7c, 0x26, 0x44, 0xc5, 0xec, 0x12, 0xb8, 0xe2, 0xfb, 0x52, 0x19, 0xcb, 0x2f,
0x81, 0x94, 0x01, 0x4c, 0x0e, 0x67, 0x72, 0x70, 0xad, 0x8b, 0x9e, 0x77, 0xc2, 0x08, 0x07, 0xe5,
0xe0, 0x80, 0x83, 0x4c, 0x59, 0x46, 0x68, 0x7a, 0xc2, 0x8a, 0x7b, 0xd1, 0x19, 0x2d, 0x70, 0x77,
0x5c, 0xcc, 0x57, 0xb4, 0x90, 0x4a, 0x70, 0x2f, 0xef, 0x20, 0x5c, 0x35, 0x26, 0x4d, 0xad, 0x81,
0x43, 0x38, 0xa5, 0x45, 0xe2, 0x18, 0xf4, 0x91, 0xea, 0x65, 0x21, 0x77, 0x1b, 0x68, 0xb0, 0x9f,
0xf1, 0x52, 0xa5, 0xe6, 0x06, 0xcd, 0xac, 0x81, 0xfc, 0x58, 0x0e, 0xce, 0x67, 0x96, 0x44, 0xab,
0x7b, 0x5c, 0x0b, 0x9e, 0xae, 0x6c, 0x1a, 0x3c, 0x0b, 0x6a, 0xaf, 0xaa, 0xad, 0x8c, 0xad, 0xa0,
0x7f, 0x4d, 0xe4, 0x1f, 0xe4, 0xe0, 0x8c, 0x86, 0x11, 0xed, 0xa1, 0x41, 0x14, 0xa4, 0x2a, 0x73,
0x5e, 0x7f, 0xfc, 0x64, 0xe6, 0xf5, 0xf3, 0x7a, 0x5f, 0xe2, 0xdd, 0x52, 0xed, 0x43, 0xaf, 0x16,
0x92, 0x03, 0x98, 0xc1, 0x22, 0xf9, 0x60, 0xc6, 0xe6, 0xac, 0x78, 0x67, 0x9b, 0x8b, 0x9b, 0xcd,
0xa3, 0xcb, 0x30, 0x89, 0x7b, 0xf1, 0xfa, 0x77, 0x8f, 0xca, 0x93, 0x1a, 0xba, 0x0c, 0x47, 0x6e,
0xc5, 0xaf, 0x6e, 0x8e, 0xbb, 0xeb, 0x69, 0x6a, 0x96, 0x64, 0x15, 0xe4, 0x1f, 0xe6, 0xf8, 0xdb,
0x05, 0xef, 0xc6, 0x2d, 0xdf, 0x6b, 0x47, 0xe5, 0xd2, 0x2a, 0xb9, 0xc7, 0xb0, 0xb5, 0x9e, 0xcc,
0xb0, 0xbd, 0x88, 0x4d, 0xe6, 0x7b, 0x82, 0xb5, 0xeb, 0x7b, 0xed, 0xb8, 0xf9, 0xea, 0xc0, 0xf5,
0x6c, 0x24, 0xf9, 0x0b, 0x39, 0x38, 0xab, 0xa9, 0x5c, 0xd5, 0x3c, 0x33, 0x22, 0x86, 0x4f, 0xe4,
0x1d, 0xa7, 0x14, 0x2d, 0x5e, 0x11, 0xf3, 0xff, 0x22, 0xb6, 0x20, 0x3e, 0x2d, 0xb0, 0x2d, 0x56,
0x9b, 0x63, 0x29, 0x4d, 0xe8, 0x5d, 0x0b, 0x71, 0x60, 0x06, 0xcd, 0x9c, 0x34, 0xeb, 0xf9, 0xb9,
0xde, 0xd6, 0xf3, 0x51, 0x8e, 0x32, 0xcc, 0x08, 0xd1, 0xdb, 0x84, 0x3e, 0xcd, 0x95, 0xfc, 0x30,
0x9c, 0x4d, 0x01, 0xa3, 0xd5, 0x76, 0xaa, 0xe7, 0x6a, 0x7b, 0xe5, 0xf1, 0x51, 0xf9, 0xa5, 0xac,
0xda, 0xb2, 0x56, 0x5a, 0xef, 0x1a, 0x88, 0x0d, 0x10, 0x17, 0x0a, 0x99, 0x28, 0x7b, 0x82, 0xbe,
0x22, 0xe6, 0x87, 0x82, 0xcf, 0xf6, 0x72, 0xa5, 0x0d, 0xea, 0x91, 0x17, 0x23, 0x11, 0x0a, 0x13,
0x4a, 0x36, 0x8c, 0x43, 0x61, 0xf9, 0xd3, 0xa3, 0x92, 0xef, 0x1e, 0x95, 0x35, 0x6c, 0x76, 0x33,
0x52, 0xd3, 0x6c, 0x68, 0x22, 0xa8, 0x8a, 0x48, 0x7e, 0x2d, 0x07, 0x73, 0x0c, 0x10, 0x4f, 0x2a,
0xd1, 0xa9, 0xf9, 0x7e, 0xb3, 0x7e, 0xef, 0xc9, 0xcc, 0xfa, 0xe7, 0xb0, 0x8d, 0xea, 0xac, 0x4f,
0x0d, 0x49, 0x66, 0xe3, 0x70, 0xb6, 0x6b, 0x16, 0x75, 0xda, 0x6c, 0x3f, 0x3b, 0xc0, 0x6c, 0xe7,
0x1f, 0xe0, 0xf8, 0xd9, 0xde, 0xb3, 0x16, 0xb2, 0x09, 0x13, 0xe2, 0x52, 0xc4, 0x07, 0xec, 0x59,
0xcd, 0x03, 0x55, 0x2d, 0xe2, 0x37, 0x55, 0x91, 0x2c, 0x24, 0xd5, 0x43, 0x8d, 0x0b, 0x71, 0x61,
0x96, 0xff, 0xd6, 0xb5, 0x56, 0xe5, 0x9e, 0x5a, 0xab, 0x4b, 0xa2, 0x47, 0x17, 0x04, 0xff, 0x84,
0xf2, 0x4a, 0x0d, 0x0a, 0x98, 0xc1, 0x98, 0x74, 0x80, 0x68, 0x60, 0xbe, 0x68, 0x2f, 0xf4, 0xd7,
0x55, 0xbd, 0x24, 0xea, 0x2c, 0x27, 0xeb, 0x4c, 0xae, 0xdc, 0x0c, 0xde, 0xc4, 0x86, 0x69, 0x01,
0xf5, 0xf6, 0x29, 0xdf, 0xe1, 0x9f, 0xd3, 0xc2, 0x32, 0x26, 0x4a, 0xf9, 0xcd, 0x4e, 0xd6, 0x84,
0x61, 0x33, 0x13, 0x1b, 0x7a, 0x92, 0x1f, 0xb9, 0x0f, 0x33, 0x95, 0x4e, 0xa7, 0xe5, 0xd0, 0x06,
0xf6, 0xd2, 0xec, 0xb2, 0x3e, 0x19, 0x71, 0x76, 0x48, 0x9b, 0x17, 0x8a, 0xeb, 0xa6, 0xdf, 0x4d,
0x6c, 0x37, 0x29, 0x5a, 0xe3, 0x2f, 0xe5, 0x52, 0x8d, 0x26, 0xaf, 0xc2, 0x18, 0xfe, 0x50, 0x22,
0x7d, 0xa1, 0xee, 0x86, 0x37, 0x11, 0xb5, 0x42, 0x31, 0x02, 0x13, 0x96, 0xd4, 0x68, 0xbf, 0x05,
0x2e, 0x2c, 0x09, 0x05, 0x43, 0xac, 0x52, 0x28, 0x4b, 0xaf, 0xa6, 0x42, 0x2c, 0x74, 0xe1, 0xd5,
0x44, 0xf8, 0x32, 0x19, 0xff, 0x49, 0x5e, 0x9f, 0x76, 0xe4, 0x92, 0x22, 0xb7, 0x2b, 0xf1, 0x86,
0xa5, 0xdc, 0xae, 0x48, 0xeb, 0xbf, 0x9c, 0x83, 0xd9, 0xfb, 0x4a, 0xce, 0xe2, 0x4d, 0x0f, 0xbf,
0x4b, 0xff, 0xec, 0xbc, 0x4f, 0x2a, 0x61, 0xa8, 0x9a, 0x2c, 0x99, 0xcd, 0x14, 0x9c, 0x32, 0x66,
0x56, 0x7b, 0xd0, 0xe3, 0x15, 0x1b, 0xa6, 0xe4, 0x6d, 0xe5, 0xe8, 0x1c, 0x7e, 0xc2, 0xd4, 0x21,
0xc6, 0x4f, 0xe4, 0x61, 0x5c, 0x59, 0x31, 0xe4, 0xf3, 0x30, 0xa1, 0x56, 0xab, 0x2a, 0xfe, 0xd4,
0x56, 0x9a, 0x1a, 0x16, 0x6a, 0xfe, 0xa8, 0xdd, 0xd6, 0x34, 0x7f, 0x6c, 0x5d, 0x20, 0xf4, 0x84,
0x37, 0xa1, 0xf7, 0x33, 0x6e, 0x42, 0x38, 0xcb, 0x15, 0x4d, 0x4f, 0xdf, 0xfb, 0xd0, 0x3b, 0xe9,
0xfb, 0x10, 0x2a, 0x9d, 0x14, 0xfa, 0xde, 0xb7, 0x22, 0xe3, 0xa7, 0x73, 0x50, 0x4a, 0xae, 0xe9,
0xcf, 0x64, 0x54, 0x4e, 0xf0, 0x4c, 0xf4, 0xed, 0x7c, 0x94, 0x39, 0x47, 0x86, 0x22, 0x78, 0x5a,
0xad, 0x35, 0xdf, 0xd5, 0x5e, 0x70, 0xce, 0xe9, 0x21, 0x55, 0xd5, 0x48, 0x4c, 0xd9, 0x71, 0x94,
0x87, 0xbe, 0xf3, 0x4b, 0xe5, 0xcf, 0x19, 0x1f, 0xc1, 0x5c, 0x72, 0x38, 0xf0, 0x15, 0xa7, 0x02,
0xd3, 0x3a, 0x3c, 0x99, 0x77, 0x2b, 0x49, 0x65, 0x26, 0xf1, 0x8d, 0xdf, 0xcd, 0x27, 0x79, 0x0b,
0xcb, 0x4d, 0xb6, 0x47, 0xa9, 0x46, 0x3a, 0x62, 0x8f, 0xe2, 0x20, 0x53, 0x96, 0x9d, 0x24, 0x77,
0x5e, 0xe4, 0xbc, 0x5e, 0xc8, 0x76, 0x5e, 0x27, 0x37, 0x13, 0x56, 0xed, 0x4a, 0xe8, 0xbf, 0x87,
0x74, 0xc7, 0x8a, 0x2d, 0xdb, 0x53, 0xc6, 0xec, 0x73, 0x5a, 0x1e, 0x0b, 0x49, 0x3f, 0x1c, 0xeb,
0xdc, 0x43, 0x2c, 0xe0, 0xc4, 0x99, 0xc8, 0x64, 0x15, 0x46, 0x59, 0x33, 0x37, 0xec, 0x8e, 0x78,
0x9c, 0x21, 0x51, 0x78, 0x8d, 0x56, 0x74, 0x3f, 0x54, 0x22, 0x6c, 0xb4, 0x28, 0x93, 0x10, 0xd4,
0x89, 0x25, 0x10, 0x8d, 0xff, 0x3b, 0xc7, 0xd6, 0x7f, 0x7d, 0xff, 0xfb, 0x2c, 0x69, 0x1e, 0xeb,
0x52, 0x1f, 0xc3, 0xe2, 0x7f, 0x99, 0xe7, 0xb9, 0x90, 0xc4, 0xf4, 0x79, 0x13, 0x46, 0x78, 0xdc,
0x0d, 0x11, 0x8c, 0x43, 0xe5, 0xc2, 0x0b, 0xe2, 0xc0, 0x84, 0x3c, 0x24, 0x87, 0x29, 0x08, 0x54,
0xd5, 0x59, 0x7e, 0x20, 0xd5, 0x99, 0xa2, 0xcf, 0x2f, 0x3c, 0x31, 0x7d, 0xfe, 0x0f, 0x44, 0x69,
0x8f, 0x2a, 0xe1, 0x00, 0x69, 0x12, 0x2e, 0x24, 0xb3, 0x8c, 0xa5, 0x12, 0x5a, 0xc4, 0xec, 0xc8,
0x4d, 0x35, 0x6f, 0x99, 0xe2, 0x45, 0x7d, 0x4c, 0x86, 0x32, 0xe3, 0x37, 0x86, 0xf8, 0x18, 0x8b,
0x81, 0xba, 0xa8, 0xc5, 0x8a, 0xc0, 0x75, 0x92, 0xd0, 0x75, 0xf2, 0xa8, 0x11, 0x17, 0x61, 0x88,
0xcd, 0x4d, 0x31, 0x9a, 0x88, 0xc7, 0xe6, 0xaf, 0x8a, 0xc7, 0xca, 0xd9, 0x5a, 0xc6, 0x33, 0x49,
0x4d, 0x6e, 0x89, 0xc7, 0x96, 0xba, 0x96, 0x11, 0x83, 0xf5, 0x20, 0xca, 0x4f, 0xa4, 0xf6, 0xa0,
0xbd, 0x6b, 0xa7, 0xd3, 0x07, 0xc6, 0xa8, 0x64, 0x05, 0xa6, 0xb6, 0x1d, 0xb7, 0xe1, 0x3d, 0x0c,
0x96, 0x69, 0xb0, 0x1f, 0x7a, 0x1d, 0x61, 0x4c, 0x8d, 0x7a, 0xff, 0x87, 0xbc, 0xc4, 0x6a, 0xf0,
0x22, 0xf5, 0x91, 0x44, 0x27, 0x22, 0x8b, 0x30, 0xa9, 0x05, 0xf7, 0x16, 0x6f, 0x9f, 0xa8, 0xe3,
0xd4, 0x43, 0x83, 0xab, 0x3a, 0x4e, 0x8d, 0x84, 0x9d, 0xd2, 0xa2, 0xfd, 0xca, 0x0b, 0x68, 0xaa,
0xed, 0x02, 0x87, 0xdc, 0x80, 0x22, 0x8f, 0x3a, 0xb3, 0xb6, 0xac, 0x3e, 0x5a, 0x05, 0x08, 0x4b,
0x44, 0x42, 0x93, 0x88, 0x64, 0x09, 0x26, 0x17, 0xbd, 0x70, 0xcd, 0x0d, 0x42, 0xdb, 0xad, 0xd3,
0x28, 0x94, 0x39, 0x76, 0x76, 0xc7, 0x0b, 0x2d, 0x47, 0x94, 0xe8, 0xf4, 0x3a, 0x0d, 0x1b, 0xea,
0x3b, 0x9e, 0xe3, 0xf2, 0xad, 0x73, 0x3c, 0x1e, 0xea, 0x8f, 0x3d, 0xc7, 0x4d, 0x45, 0x0f, 0x8f,
0x51, 0xe3, 0xe8, 0x2e, 0xdc, 0x03, 0xd4, 0x1c, 0xba, 0xe7, 0x35, 0xa8, 0x21, 0x32, 0x96, 0x89,
0xf8, 0xd7, 0xaf, 0xc0, 0x28, 0x5f, 0x7c, 0xc9, 0xdc, 0xc8, 0xf1, 0x2c, 0x33, 0x25, 0x06, 0x31,
0x60, 0xd2, 0x71, 0x2d, 0x6e, 0x3e, 0xe9, 0xb9, 0x2d, 0x9e, 0xdd, 0xaa, 0x68, 0x8e, 0x3b, 0x2e,
0x1a, 0x4d, 0xde, 0x77, 0x5b, 0x87, 0xc6, 0xeb, 0x50, 0x12, 0x1b, 0x6a, 0x94, 0x8a, 0x15, 0xcd,
0x35, 0xd6, 0x96, 0x4d, 0x75, 0x13, 0xac, 0x3b, 0x0d, 0xdf, 0x44, 0x28, 0x3a, 0x79, 0xde, 0xa3,
0xe1, 0x43, 0xcf, 0xdf, 0x37, 0x69, 0x10, 0xfa, 0x0e, 0xcf, 0xec, 0x8a, 0xdb, 0xc8, 0xe7, 0xc9,
0x3b, 0x30, 0x8c, 0xd6, 0xcb, 0x89, 0x73, 0x2d, 0x59, 0xc7, 0xe2, 0xa4, 0x58, 0x7e, 0xc3, 0x68,
0x0a, 0x6d, 0x72, 0x22, 0xf2, 0x26, 0x0c, 0x2d, 0x53, 0xf7, 0x30, 0x91, 0x28, 0x32, 0x45, 0x1c,
0x6d, 0x67, 0x0d, 0xea, 0x1e, 0x9a, 0x48, 0x62, 0xfc, 0x74, 0x1e, 0x4e, 0x65, 0x34, 0xeb, 0xc1,
0xe7, 0x9f, 0xd2, 0x3d, 0x7d, 0x51, 0xdb, 0xd3, 0xe5, 0x33, 0x7d, 0xcf, 0x81, 0xcf, 0xdc, 0xe2,
0xff, 0x7a, 0x0e, 0xce, 0xe8, 0x0b, 0x51, 0xb8, 0x2b, 0x3c, 0xb8, 0x41, 0xde, 0x86, 0x91, 0x55,
0x6a, 0x37, 0xa8, 0xcc, 0x0a, 0x97, 0xcc, 0xbd, 0xcc, 0x0b, 0x39, 0xdb, 0xd8, 0x33, 0x9d, 0x43,
0xc9, 0xb2, 0x68, 0x1c, 0xbf, 0x7c, 0x18, 0x32, 0x82, 0x51, 0x56, 0x55, 0x7d, 0x8c, 0x5d, 0xbe,
0x93, 0x87, 0x73, 0x7d, 0x68, 0xd8, 0x87, 0x63, 0x9f, 0x5e, 0xfd, 0x70, 0x28, 0x0f, 0x20, 0x94,
0xbc, 0x07, 0xd3, 0x9b, 0xe2, 0xf2, 0x22, 0x3f, 0x87, 0x92, 0x3c, 0x5e, 0xde, 0x6b, 0xa4, 0xd1,
0x97, 0x99, 0x44, 0xd6, 0xc2, 0x7d, 0x15, 0xfa, 0x86, 0xfb, 0x52, 0xa3, 0x67, 0x0d, 0x7d, 0xc2,
0xe8, 0x59, 0xc3, 0xfd, 0xa3, 0x67, 0x8d, 0x24, 0xa2, 0x67, 0x7d, 0x04, 0x73, 0xfa, 0xc8, 0x88,
0xf5, 0x1f, 0x47, 0x1e, 0xcb, 0xf5, 0x8e, 0x3c, 0xd6, 0x37, 0xca, 0xb6, 0xf1, 0x13, 0x39, 0x28,
0xe9, 0xbc, 0x3f, 0xed, 0x6c, 0x78, 0x57, 0x9b, 0x0d, 0xe7, 0xb2, 0x67, 0x43, 0xef, 0x69, 0xf0,
0x7f, 0xe4, 0x92, 0x9d, 0x1d, 0xe8, 0xfb, 0x1b, 0x30, 0xb2, 0xec, 0xb5, 0x6d, 0x47, 0x7e, 0x76,
0xf4, 0x54, 0x6a, 0x20, 0xc4, 0x14, 0x25, 0x83, 0x05, 0x6a, 0xbb, 0x00, 0xc3, 0xf7, 0x3c, 0xb7,
0xb2, 0x2c, 0x4c, 0xad, 0x91, 0x8f, 0xeb, 0xb9, 0x96, 0xdd, 0x30, 0x79, 0x01, 0x59, 0x07, 0xa8,
0xd5, 0x7d, 0x4a, 0xdd, 0x9a, 0xf3, 0x83, 0x34, 0x21, 0x65, 0xb1, 0x11, 0x6a, 0x75, 0x71, 0x5b,
0xe2, 0x4f, 0xcf, 0x88, 0x68, 0x05, 0xce, 0x0f, 0xaa, 0xa7, 0x92, 0x42, 0x8f, 0xab, 0x52, 0x04,
0x24, 0x4d, 0x7c, 0x87, 0x6b, 0x9f, 0xc5, 0xaa, 0xcc, 0xac, 0x0a, 0x47, 0xf8, 0x5a, 0xe6, 0xe7,
0xf8, 0x9d, 0x1c, 0x9c, 0xeb, 0x43, 0xf3, 0x04, 0xbe, 0xca, 0x9f, 0xf4, 0x80, 0x53, 0x80, 0x98,
0x08, 0x33, 0x82, 0x3b, 0x0d, 0x11, 0x74, 0x6e, 0x52, 0x64, 0x04, 0x67, 0x00, 0x2d, 0x23, 0x38,
0x03, 0x30, 0x89, 0x63, 0x95, 0x3a, 0xcd, 0x3d, 0x6e, 0xe3, 0x36, 0xc9, 0x77, 0x96, 0x3d, 0x84,
0xa8, 0x12, 0x07, 0xc7, 0x31, 0xfe, 0x87, 0x11, 0x38, 0x6b, 0xd2, 0xa6, 0xc3, 0xee, 0x64, 0x5b,
0x81, 0xe3, 0x36, 0xb5, 0x38, 0x61, 0x46, 0x62, 0xe5, 0x8a, 0x2c, 0x4f, 0x0c, 0x12, 0xcd, 0xc4,
0xcb, 0x50, 0x64, 0x67, 0xbe, 0xb2, 0x78, 0xf1, 0x7d, 0xcf, 0xf5, 0x1a, 0x54, 0x64, 0x46, 0x90,
0xc5, 0xe4, 0x65, 0x21, 0x22, 0x2a, 0x79, 0xf8, 0x98, 0x88, 0xf8, 0xbd, 0xa3, 0x32, 0xf0, 0x7c,
0xe0, 0x18, 0xf8, 0x92, 0x8b, 0x89, 0xd1, 0x3d, 0x6e, 0xa8, 0xc7, 0x3d, 0x6e, 0x03, 0xe6, 0x2a,
0x0d, 0x7e, 0xb6, 0xda, 0xad, 0xaa, 0xef, 0xb8, 0x75, 0xa7, 0x63, 0xb7, 0xa4, 0x6e, 0x02, 0x47,
0xd9, 0x8e, 0xca, 0xad, 0x4e, 0x84, 0x60, 0x66, 0x92, 0xb1, 0x6e, 0x2c, 0xdf, 0xfb, 0xff, 0xd8,
0xfb, 0xda, 0x18, 0x39, 0x92, 0xeb, 0x30, 0xf6, 0xcc, 0xec, 0xee, 0xec, 0xdb, 0xaf, 0xde, 0xe2,
0x92, 0x5c, 0x2e, 0x79, 0xfc, 0xe8, 0xbb, 0xa3, 0xee, 0xf6, 0x74, 0xbc, 0x23, 0x2f, 0xf7, 0x41,
0xe9, 0x3e, 0xd4, 0x3b, 0xd3, 0xbb, 0x3b, 0xe4, 0xec, 0xcc, 0x5c, 0xf7, 0x2c, 0x19, 0xea, 0x24,
0xb7, 0x9b, 0x33, 0xbd, 0xbb, 0x7d, 0x9c, 0x9d, 0x9e, 0xeb, 0xee, 0x39, 0x72, 0x05, 0x03, 0x96,
0x2d, 0x44, 0x06, 0x1c, 0x38, 0x52, 0x6c, 0x07, 0x11, 0x84, 0x04, 0x09, 0x10, 0xc1, 0xf0, 0x0f,
0x23, 0x09, 0x92, 0x3f, 0x86, 0x05, 0x24, 0xf1, 0x3f, 0x01, 0x82, 0x82, 0x04, 0x01, 0x0c, 0x44,
0x31, 0x0e, 0xb6, 0x84, 0x00, 0x81, 0xe0, 0x7f, 0x46, 0xf2, 0xc3, 0x80, 0x82, 0xa0, 0x5e, 0x55,
0x75, 0x57, 0xf7, 0xf4, 0xcc, 0x2e, 0xc5, 0x53, 0x12, 0xdb, 0xfa, 0xb3, 0xd8, 0x79, 0xf5, 0xde,
0xeb, 0xfa, 0x7c, 0xf5, 0xea, 0xd5, 0xab, 0xf7, 0x2c, 0x0c, 0x42, 0xc5, 0xaf, 0x6e, 0xb1, 0x19,
0xdd, 0x7e, 0x88, 0xad, 0x08, 0xcd, 0xb8, 0x18, 0x4f, 0x90, 0x78, 0x51, 0xdf, 0xae, 0x5b, 0x77,
0x5c, 0x16, 0x3d, 0x48, 0xa4, 0x09, 0x62, 0x8e, 0x19, 0x51, 0x2f, 0x44, 0x7f, 0xd2, 0x14, 0x5e,
0x42, 0x67, 0x59, 0xdb, 0x94, 0xae, 0x3c, 0x42, 0x17, 0x86, 0x07, 0x32, 0x1d, 0xc3, 0x23, 0xaf,
0xd0, 0xa9, 0x70, 0xe8, 0x47, 0x2e, 0x4e, 0xe1, 0xd9, 0xe4, 0xbc, 0x19, 0x20, 0x94, 0x9d, 0x37,
0x25, 0x14, 0xf2, 0x36, 0x9c, 0x36, 0x2a, 0x37, 0x85, 0xc1, 0xbd, 0xea, 0x77, 0x86, 0xe8, 0x48,
0x01, 0xf8, 0x3d, 0x1c, 0x43, 0xb7, 0x73, 0x93, 0x4a, 0x93, 0x3c, 0x34, 0x72, 0x0d, 0x66, 0x6a,
0x55, 0x59, 0x11, 0xe4, 0xb9, 0x30, 0xb9, 0x77, 0x98, 0x28, 0x24, 0xcd, 0xe4, 0x40, 0x34, 0x7f,
0xec, 0xc9, 0xe5, 0xfc, 0x09, 0x0e, 0x43, 0xb7, 0xb2, 0x8a, 0xac, 0x94, 0x98, 0x22, 0xa3, 0xc8,
0x66, 0xd5, 0xd7, 0xb7, 0x90, 0x74, 0xcb, 0xed, 0xbb, 0x41, 0x92, 0x90, 0x62, 0x8a, 0xf5, 0x2d,
0x25, 0xdd, 0x8f, 0x4b, 0xcc, 0x34, 0x22, 0x31, 0xe1, 0x4c, 0x2b, 0x70, 0x3f, 0xf6, 0xfc, 0x61,
0x98, 0xfe, 0xf8, 0x52, 0xa2, 0xec, 0x0f, 0x38, 0x82, 0x9d, 0xad, 0x45, 0x3e, 0x29, 0xcf, 0xfd,
0xc9, 0x82, 0xb7, 0x56, 0xfc, 0xae, 0x1b, 0x32, 0x09, 0xf4, 0x37, 0x28, 0xf7, 0xa7, 0xd4, 0xb6,
0x09, 0x52, 0xf9, 0xdb, 0x98, 0xfb, 0x73, 0x04, 0x97, 0xbc, 0x05, 0x53, 0xf8, 0x93, 0xeb, 0xdb,
0xa7, 0x73, 0xd8, 0x26, 0xba, 0x76, 0x87, 0x62, 0x9a, 0x8c, 0x80, 0xd4, 0x60, 0x86, 0x1f, 0x54,
0x9f, 0x24, 0x83, 0x1d, 0x3f, 0xf1, 0xb2, 0xd9, 0xc6, 0xe9, 0xb5, 0x2e, 0xcc, 0xcb, 0x1f, 0xa4,
0xab, 0x6c, 0xdb, 0x09, 0x0f, 0xdc, 0x2e, 0xfd, 0xc5, 0x93, 0xcf, 0xe2, 0x2a, 0x3b, 0x40, 0xa8,
0x4d, 0xeb, 0x61, 0x4a, 0x28, 0x74, 0x9f, 0xae, 0x85, 0xbb, 0x21, 0xaf, 0x0a, 0x37, 0x5d, 0x79,
0x68, 0x06, 0xed, 0x9a, 0xbc, 0x48, 0xfb, 0x22, 0xac, 0x34, 0x86, 0xbd, 0x9e, 0xf3, 0xa0, 0xe7,
0x8a, 0xe4, 0x64, 0x98, 0x40, 0x7f, 0x03, 0xa6, 0x2c, 0x29, 0x25, 0xff, 0xe9, 0x38, 0xfb, 0x5b,
0x82, 0x83, 0xde, 0xc1, 0x0a, 0x06, 0x19, 0xcb, 0x24, 0xe3, 0x67, 0xa4, 0xda, 0xf7, 0x14, 0x58,
0x11, 0xee, 0x17, 0x81, 0xd3, 0x79, 0xe8, 0x06, 0x5c, 0xe1, 0xba, 0x96, 0x9a, 0x6b, 0xb8, 0x08,
0x32, 0xd3, 0x88, 0xcd, 0xba, 0xdb, 0xa2, 0x12, 0x69, 0x25, 0x28, 0xaf, 0xc2, 0xc7, 0x55, 0x86,
0xbc, 0x0d, 0x73, 0x7c, 0xcb, 0x95, 0xa2, 0x47, 0x63, 0x8c, 0x43, 0x7e, 0xd0, 0xce, 0x3a, 0x03,
0xc9, 0xe8, 0xa8, 0xdf, 0xa5, 0x9b, 0xf2, 0xb4, 0x7a, 0x45, 0xbe, 0x7e, 0x97, 0xfe, 0xc6, 0x84,
0xa9, 0xfb, 0x1f, 0xe6, 0xb2, 0x7d, 0xcb, 0xe7, 0xee, 0x1b, 0x72, 0x58, 0x4f, 0x25, 0x39, 0x28,
0x27, 0x61, 0x3d, 0xe5, 0x83, 0x72, 0x8c, 0x1a, 0x8f, 0x49, 0xe1, 0x98, 0x31, 0x79, 0x57, 0x8c,
0x49, 0x71, 0xfc, 0xc4, 0x38, 0x3d, 0x61, 0x1c, 0xac, 0x64, 0x85, 0x94, 0x4e, 0x64, 0xa6, 0x3a,
0x85, 0x09, 0x75, 0x18, 0x49, 0x56, 0x32, 0x73, 0x4e, 0xb2, 0xed, 0x6b, 0xea, 0xe4, 0x4c, 0x8f,
0x11, 0xf7, 0x9f, 0x83, 0x79, 0x3d, 0x8a, 0x9c, 0xce, 0x81, 0xdb, 0xad, 0x52, 0xf1, 0x24, 0xc5,
0xed, 0x73, 0x38, 0x5c, 0xbe, 0xb3, 0x94, 0x71, 0x59, 0xa8, 0x76, 0x27, 0xe4, 0x4e, 0xc5, 0x71,
0xa8, 0x76, 0x0a, 0x49, 0x87, 0x6a, 0xa7, 0x10, 0xf2, 0x0a, 0xcc, 0xd4, 0xfa, 0x1f, 0x7b, 0xb4,
0x4f, 0x58, 0xe8, 0x3e, 0xb4, 0xf5, 0x79, 0x0c, 0x24, 0x0b, 0x57, 0x8e, 0x45, 0x6e, 0x49, 0xc7,
0xac, 0xd9, 0xc4, 0x9a, 0x22, 0xe2, 0xff, 0xf2, 0x22, 0xf9, 0x08, 0x15, 0x9f, 0xbb, 0xde, 0x80,
0x19, 0x61, 0x19, 0x86, 0x64, 0x07, 0xe1, 0x94, 0xa3, 0x01, 0x53, 0x04, 0x32, 0xe6, 0xd8, 0x97,
0x92, 0xe8, 0xce, 0x49, 0x39, 0xf6, 0xa5, 0x24, 0xba, 0xa9, 0x1c, 0xfb, 0x52, 0x3a, 0xdd, 0xd8,
0xa8, 0x36, 0x7f, 0xac, 0x51, 0xed, 0x2e, 0xcc, 0xb7, 0x9c, 0x20, 0xf2, 0xa8, 0xde, 0xd3, 0x8f,
0xc2, 0xd5, 0x85, 0x94, 0x1d, 0x5a, 0x2a, 0xda, 0xb8, 0x24, 0xf2, 0xbc, 0x0f, 0x24, 0xfc, 0x74,
0x42, 0xf2, 0x04, 0x9e, 0xef, 0x52, 0xbc, 0xf8, 0x34, 0x2e, 0xc5, 0xd8, 0xa9, 0x68, 0x7b, 0x5c,
0x4a, 0x6c, 0x61, 0x78, 0x10, 0xca, 0x18, 0x20, 0x63, 0x44, 0xf2, 0x25, 0x98, 0xa7, 0xff, 0xb7,
0xfc, 0x9e, 0xd7, 0xf1, 0xdc, 0x70, 0x55, 0xc5, 0xc6, 0x5d, 0xca, 0x5d, 0xfd, 0x88, 0x74, 0x64,
0xb9, 0x11, 0x5b, 0xc0, 0xc8, 0x38, 0x7b, 0xa9, 0x90, 0xe2, 0x46, 0xde, 0x83, 0x79, 0x3a, 0xfb,
0x1e, 0x38, 0x21, 0x53, 0x77, 0x97, 0x13, 0xa7, 0xf0, 0x2e, 0x87, 0x8f, 0x64, 0x4b, 0x90, 0x09,
0xe8, 0x36, 0xaf, 0x0f, 0x98, 0x80, 0x24, 0xd2, 0x6c, 0x1f, 0x8c, 0x08, 0x47, 0x81, 0x46, 0xbe,
0x00, 0xf3, 0xfa, 0x60, 0x90, 0x48, 0x9c, 0xd3, 0x92, 0x09, 0x72, 0x30, 0xb0, 0x73, 0xa5, 0x4e,
0x8a, 0x22, 0x2b, 0x98, 0x57, 0x9e, 0x48, 0x30, 0x93, 0x97, 0xe3, 0x13, 0xc0, 0x99, 0xc4, 0x4a,
0xce, 0x0f, 0xa3, 0xa9, 0xe3, 0x04, 0x3b, 0x0c, 0x54, 0x60, 0x81, 0x19, 0xf4, 0x84, 0x36, 0x73,
0x76, 0x64, 0xf5, 0xe4, 0x28, 0x35, 0x69, 0x1a, 0xf6, 0x3a, 0xdc, 0x8b, 0x3c, 0xa7, 0xc7, 0xd3,
0x58, 0xac, 0x9e, 0xc3, 0x55, 0xcb, 0x5f, 0x87, 0x63, 0x09, 0x66, 0x45, 0x73, 0x52, 0x5c, 0x32,
0x44, 0xda, 0x8f, 0x15, 0x38, 0x37, 0x66, 0xc4, 0xe3, 0x24, 0x07, 0xca, 0xe4, 0x24, 0x07, 0x54,
0x72, 0xa4, 0xed, 0x34, 0xd8, 0xfe, 0xd1, 0x37, 0x79, 0xb1, 0xbe, 0xe5, 0x03, 0xe1, 0x89, 0x07,
0xf9, 0xa7, 0x6f, 0xfb, 0x68, 0xea, 0x2e, 0x8e, 0x6e, 0x42, 0x1c, 0x8f, 0x55, 0x8a, 0x45, 0xf0,
0xe5, 0x79, 0x0d, 0xe3, 0x61, 0xfd, 0xd0, 0x4f, 0xad, 0xe0, 0x1c, 0xd6, 0xda, 0x37, 0x0a, 0x30,
0x27, 0xad, 0x43, 0x72, 0x45, 0x7a, 0xf1, 0xad, 0xb2, 0xcc, 0x98, 0x12, 0x87, 0x02, 0xdb, 0x89,
0x70, 0x51, 0x15, 0x8e, 0x37, 0xe8, 0x63, 0x74, 0x36, 0x29, 0x11, 0x44, 0x26, 0x1c, 0x1b, 0x96,
0x93, 0x2f, 0x03, 0xd4, 0x9d, 0x30, 0xd2, 0x3b, 0x91, 0xf7, 0xb1, 0x7b, 0x82, 0x4d, 0x47, 0x44,
0x30, 0x3d, 0x83, 0xb9, 0x98, 0x1c, 0x24, 0xcb, 0xec, 0x11, 0x12, 0x43, 0x3a, 0x04, 0x72, 0x24,
0x79, 0x3e, 0x04, 0xa3, 0x22, 0x44, 0x60, 0x69, 0xbf, 0xae, 0x00, 0xec, 0xd6, 0x2a, 0x98, 0xfa,
0xe5, 0x69, 0xb5, 0x88, 0xfc, 0xa8, 0xe7, 0x82, 0xfb, 0x04, 0xfd, 0xe1, 0x4f, 0x14, 0x58, 0x4c,
0xa3, 0x91, 0x77, 0x61, 0xc9, 0xea, 0x04, 0x7e, 0xaf, 0xf7, 0xc0, 0xe9, 0x3c, 0xac, 0x7b, 0x7d,
0x97, 0x45, 0x82, 0x9e, 0x62, 0x9b, 0x57, 0x18, 0x17, 0xd9, 0x3d, 0x5a, 0x66, 0x66, 0x91, 0xc9,
0xd7, 0x14, 0x58, 0xb0, 0x0e, 0xfc, 0x47, 0x71, 0x60, 0x65, 0x3e, 0x82, 0x5f, 0xa6, 0xc2, 0x20,
0x3c, 0xf0, 0x1f, 0x25, 0x79, 0xb8, 0x53, 0xce, 0xba, 0xef, 0x9c, 0xcc, 0x8f, 0xa2, 0xe3, 0xe3,
0x01, 0x26, 0x0a, 0xaf, 0xa7, 0x3e, 0x62, 0xa6, 0xbf, 0xa9, 0xfd, 0x54, 0x81, 0x39, 0x3c, 0xea,
0xf4, 0x7a, 0xa8, 0xa4, 0xfd, 0x4d, 0x4a, 0xea, 0x1c, 0xb7, 0x6b, 0xc2, 0xc0, 0xbe, 0x0e, 0x4b,
0x19, 0x34, 0xa2, 0xc1, 0xb4, 0x85, 0xd1, 0x1f, 0x64, 0x2b, 0x09, 0x8b, 0x07, 0x61, 0xf2, 0x12,
0xcd, 0x90, 0xc8, 0xee, 0xde, 0xc0, 0x7b, 0xf5, 0x9b, 0x00, 0x9e, 0x00, 0x89, 0xa3, 0x10, 0xc9,
0xd6, 0xe4, 0xee, 0x0d, 0x53, 0xc2, 0xd2, 0x1a, 0x30, 0x6d, 0xf9, 0x41, 0xb4, 0x71, 0xc4, 0x4e,
0x1f, 0x55, 0x37, 0xec, 0xc8, 0x17, 0xe7, 0x1e, 0x5e, 0x6b, 0x75, 0x4c, 0x5e, 0x44, 0x2e, 0xc3,
0xd4, 0xa6, 0xe7, 0xf6, 0xba, 0xb2, 0x43, 0xf5, 0x1e, 0x05, 0x98, 0x0c, 0x4e, 0x4f, 0x68, 0x67,
0x93, 0xcc, 0x6a, 0x89, 0xe7, 0xf6, 0xd3, 0xae, 0x9b, 0x4a, 0xaa, 0x7f, 0xaf, 0xc6, 0x59, 0x89,
0x46, 0xbf, 0x34, 0xa1, 0xab, 0xff, 0xb5, 0x02, 0x6b, 0xe3, 0x49, 0x64, 0x67, 0x70, 0x65, 0x82,
0x33, 0xf8, 0xf3, 0xd9, 0x8b, 0x5e, 0x44, 0xe3, 0x17, 0xbd, 0xc9, 0xf5, 0x6e, 0x15, 0x7d, 0xf1,
0x3b, 0xae, 0x48, 0xa7, 0x76, 0x65, 0x42, 0x9d, 0x11, 0x91, 0x0d, 0x73, 0x84, 0x34, 0x26, 0xa7,
0xd5, 0xfe, 0x5d, 0x09, 0xce, 0x8f, 0xa5, 0x20, 0xdb, 0x52, 0x92, 0xc6, 0xc5, 0x38, 0x3d, 0xdc,
0x58, 0xfc, 0xeb, 0xf8, 0x17, 0xdd, 0x2d, 0xb3, 0xcf, 0xfe, 0x9a, 0x71, 0x72, 0xbe, 0x02, 0xf2,
0x7a, 0xe9, 0x58, 0x5e, 0x0c, 0x1d, 0x99, 0xc1, 0x68, 0x9e, 0x3e, 0x7c, 0x61, 0xea, 0x46, 0x8e,
0xd7, 0x0b, 0xe5, 0x65, 0xd7, 0x65, 0x20, 0x53, 0x94, 0x25, 0x1e, 0xfa, 0xa5, 0x7c, 0x0f, 0x7d,
0xed, 0x7f, 0x2b, 0x30, 0x1b, 0x57, 0x9b, 0xac, 0xc1, 0xd9, 0xb6, 0xa9, 0x57, 0x0c, 0xbb, 0x7d,
0xbf, 0x65, 0xd8, 0xbb, 0x0d, 0xab, 0x65, 0x54, 0x6a, 0x9b, 0x35, 0xa3, 0xaa, 0x9e, 0x22, 0xcb,
0xb0, 0xb0, 0xdb, 0xb8, 0xd3, 0x68, 0xde, 0x6b, 0xd8, 0x86, 0x69, 0x36, 0x4d, 0x55, 0x21, 0x0b,
0x30, 0x6b, 0x6e, 0xe8, 0x15, 0xbb, 0xd1, 0xac, 0x1a, 0x6a, 0x81, 0xa8, 0x30, 0x5f, 0x69, 0x36,
0x1a, 0x46, 0xa5, 0x5d, 0xbb, 0x5b, 0x6b, 0xdf, 0x57, 0x8b, 0x84, 0xc0, 0x22, 0x22, 0xb4, 0xcc,
0x5a, 0xa3, 0x52, 0x6b, 0xe9, 0x75, 0xb5, 0x44, 0x61, 0x14, 0x5f, 0x82, 0x4d, 0xc5, 0x8c, 0xee,
0xec, 0x6e, 0x18, 0xea, 0x34, 0x45, 0xa1, 0xff, 0x49, 0x28, 0x33, 0xf4, 0xf3, 0x88, 0x52, 0xd5,
0xdb, 0xfa, 0x86, 0x6e, 0x19, 0x6a, 0x99, 0x9c, 0x83, 0xd3, 0x29, 0x90, 0x5d, 0x6f, 0x6e, 0xd5,
0x1a, 0xea, 0x2c, 0x59, 0x01, 0x35, 0x86, 0x55, 0x37, 0xec, 0x5d, 0xcb, 0x30, 0x55, 0xc8, 0x42,
0x1b, 0xfa, 0x8e, 0xa1, 0xce, 0x69, 0xef, 0xb0, 0x07, 0x99, 0xac, 0xab, 0xc9, 0x59, 0x20, 0x56,
0x5b, 0x6f, 0xef, 0x5a, 0x99, 0xc6, 0xcf, 0xc1, 0x8c, 0xb5, 0x5b, 0xa9, 0x18, 0x96, 0xa5, 0x2a,
0x04, 0x60, 0x7a, 0x53, 0xaf, 0xd5, 0x8d, 0xaa, 0x5a, 0xd0, 0xbe, 0xa9, 0xc0, 0xb2, 0x50, 0x19,
0xc5, 0xbd, 0xd7, 0x53, 0xae, 0xc5, 0x77, 0x53, 0x27, 0x61, 0xf1, 0xba, 0x2e, 0xf3, 0x91, 0x09,
0xcb, 0xf0, 0x9f, 0x28, 0x70, 0x26, 0x17, 0x9b, 0xdc, 0x07, 0x55, 0xd4, 0x20, 0x7e, 0x29, 0xab,
0xa4, 0x34, 0x6e, 0x41, 0x97, 0x41, 0x63, 0xb6, 0xd5, 0x78, 0xbb, 0x32, 0x47, 0xd8, 0x9c, 0x3c,
0xaf, 0x8d, 0xf6, 0x2d, 0x05, 0xce, 0x8d, 0xf9, 0x0c, 0xa9, 0xc0, 0x74, 0x9c, 0xa6, 0x6e, 0x82,
0xc7, 0xe1, 0xca, 0x0f, 0x3f, 0xb9, 0xcc, 0x11, 0x31, 0xcf, 0x3e, 0xfe, 0x67, 0x4e, 0xc7, 0x79,
0xe7, 0x30, 0xf9, 0x1b, 0xeb, 0xbe, 0xf3, 0x99, 0x9e, 0xe7, 0x5f, 0xd2, 0xef, 0x59, 0x1b, 0x73,
0xbc, 0xef, 0x8a, 0xce, 0xa3, 0x10, 0xb3, 0xbf, 0x69, 0xbf, 0xab, 0x50, 0x6d, 0x30, 0x8b, 0x48,
0x95, 0xe4, 0x24, 0xcf, 0x93, 0x6e, 0x36, 0xf8, 0xb6, 0x81, 0xea, 0x2d, 0xcb, 0x0d, 0x85, 0xe7,
0x10, 0xdb, 0x09, 0x52, 0x61, 0x1f, 0x52, 0x34, 0xe4, 0x16, 0x80, 0xf1, 0x38, 0x72, 0x83, 0xbe,
0xd3, 0x8b, 0x03, 0xf8, 0xb0, 0x08, 0x6b, 0x1c, 0x9a, 0x56, 0xd0, 0x25, 0x64, 0xed, 0xeb, 0x0a,
0xcc, 0x8b, 0xa4, 0x57, 0x3d, 0x37, 0x88, 0x9e, 0x6e, 0x7a, 0xdd, 0x4a, 0x4d, 0xaf, 0xf8, 0x81,
0x8d, 0xc4, 0x9f, 0x16, 0xe7, 0xce, 0xac, 0xff, 0xa8, 0x80, 0x9a, 0x45, 0x24, 0xef, 0x42, 0xd9,
0x72, 0x3f, 0x76, 0x03, 0x2f, 0x3a, 0xe2, 0x82, 0x52, 0x24, 0x02, 0x66, 0x38, 0xbc, 0x8c, 0xcd,
0x87, 0x90, 0xff, 0x32, 0x63, 0x9a, 0x93, 0xca, 0x7b, 0xc9, 0x4e, 0x52, 0xfc, 0xb4, 0xec, 0x24,
0xda, 0x9f, 0x15, 0xe0, 0xdc, 0x96, 0x1b, 0xc9, 0x6d, 0x8a, 0x3d, 0x41, 0x5e, 0x3d, 0x59, 0xbb,
0xa4, 0x96, 0xac, 0xc2, 0x0c, 0x16, 0x89, 0xf1, 0x35, 0xc5, 0x4f, 0xb2, 0x11, 0xcf, 0xeb, 0x62,
0x2a, 0xd3, 0xe8, 0x98, 0x6f, 0x5f, 0x97, 0x72, 0x08, 0xc6, 0xd3, 0xfa, 0x1a, 0x2c, 0x62, 0x96,
0x91, 0x21, 0x5d, 0x0e, 0x6e, 0x97, 0xdb, 0x8b, 0xca, 0x66, 0x06, 0x4a, 0xd6, 0x41, 0xa5, 0x10,
0xbd, 0xf3, 0xb0, 0xef, 0x3f, 0xea, 0xb9, 0xdd, 0x7d, 0xb7, 0x8b, 0xdb, 0x7a, 0xd9, 0x1c, 0x81,
0x0b, 0x9e, 0xbb, 0x7d, 0x76, 0xd6, 0x73, 0xbb, 0x68, 0xd4, 0xe1, 0x3c, 0x13, 0xe8, 0xda, 0x2d,
0x98, 0xfb, 0x19, 0xf3, 0x88, 0x6a, 0xff, 0x4d, 0x81, 0x15, 0x6c, 0x9c, 0xf4, 0x61, 0x91, 0xe3,
0x5d, 0xf4, 0x96, 0x94, 0x22, 0xcf, 0xa1, 0xa0, 0xf4, 0x52, 0x88, 0x7b, 0x31, 0x31, 0x22, 0x15,
0x4e, 0x60, 0x44, 0x92, 0x6c, 0x60, 0xa5, 0x4f, 0xcb, 0x06, 0x76, 0xbb, 0x54, 0x2e, 0xaa, 0xa5,
0x64, 0xc8, 0xb5, 0xaf, 0x15, 0x60, 0xc6, 0x74, 0x7b, 0xae, 0x13, 0xba, 0xe4, 0x1a, 0xcc, 0x34,
0xfc, 0xc8, 0x0d, 0x77, 0xaa, 0xb2, 0x97, 0x75, 0x9f, 0x82, 0xec, 0xc3, 0xae, 0x29, 0x0a, 0xe9,
0x84, 0x6f, 0x05, 0x7e, 0x77, 0xd8, 0x89, 0xe4, 0x09, 0x3f, 0x60, 0x20, 0x53, 0x94, 0x91, 0xcf,
0xc2, 0x2c, 0xe7, 0x1c, 0xdf, 0x2c, 0xa3, 0xf3, 0x78, 0xc0, 0x80, 0x98, 0x8f, 0x28, 0x46, 0x40,
0x9d, 0x96, 0x29, 0x18, 0x25, 0x49, 0xa7, 0x1d, 0xd1, 0x19, 0x84, 0xaa, 0x3e, 0x35, 0x41, 0x55,
0x7f, 0x15, 0xa6, 0xf5, 0x30, 0x74, 0x23, 0x11, 0x8f, 0x62, 0x3e, 0xc9, 0x75, 0xe7, 0x46, 0x8c,
0xb1, 0x83, 0xe5, 0x26, 0xc7, 0xd3, 0xfe, 0xb2, 0x00, 0x53, 0xf8, 0x2f, 0xde, 0xdb, 0x06, 0x9d,
0x83, 0xd4, 0xbd, 0x6d, 0xd0, 0x39, 0x30, 0x11, 0x4a, 0x6e, 0xa0, 0x69, 0x43, 0x64, 0x73, 0xe4,
0xad, 0x47, 0x9b, 0x7d, 0x37, 0x01, 0x9b, 0x32, 0x4e, 0xec, 0x66, 0x50, 0xcc, 0x8d, 0x42, 0x73,
0x16, 0x0a, 0x4d, 0x8b, 0xb7, 0x18, 0xc3, 0xa5, 0xf9, 0xa1, 0x59, 0x68, 0x5a, 0xd8, 0x1b, 0xdb,
0xfa, 0xcd, 0xd7, 0xdf, 0xe0, 0x0d, 0x65, 0xbd, 0x71, 0xe0, 0xdc, 0x7c, 0xfd, 0x0d, 0x93, 0x97,
0xd0, 0xfe, 0xc5, 0x3a, 0xe3, 0xed, 0x2f, 0x0b, 0x96, 0x80, 0xfd, 0x8b, 0x6d, 0xc3, 0x9b, 0x5e,
0x33, 0x41, 0x20, 0x37, 0x61, 0x8e, 0x47, 0xed, 0x40, 0x7c, 0x29, 0xaa, 0x06, 0x8f, 0xea, 0xc1,
0x28, 0x64, 0x24, 0x76, 0x0f, 0xc8, 0x07, 0x48, 0xe4, 0xaa, 0xe7, 0xf7, 0x80, 0x62, 0x08, 0x43,
0x53, 0x42, 0xa1, 0x55, 0x62, 0x17, 0x89, 0x49, 0x10, 0x04, 0xac, 0x12, 0xbf, 0x6d, 0xc4, 0x8c,
0x2e, 0x31, 0x82, 0xf6, 0xfb, 0x05, 0x28, 0xb7, 0x7a, 0xc3, 0x7d, 0xaf, 0x7f, 0xf7, 0x06, 0x21,
0x80, 0xc7, 0x38, 0x91, 0xf2, 0x87, 0xfe, 0x4f, 0xce, 0x43, 0x59, 0x9c, 0xdc, 0x84, 0x40, 0x0a,
0xf9, 0xa9, 0x6d, 0x15, 0xc4, 0xb8, 0xf3, 0xb8, 0x78, 0xe2, 0x27, 0xb9, 0x01, 0xf1, 0xf9, 0x6b,
0xdc, 0x41, 0xad, 0x44, 0x17, 0x8b, 0x19, 0xa3, 0x91, 0x97, 0x01, 0x37, 0x09, 0x7e, 0x78, 0x10,
0x16, 0x70, 0x56, 0x35, 0xae, 0xa7, 0x30, 0x12, 0x44, 0x23, 0xaf, 0x65, 0xb2, 0xf3, 0x9d, 0x49,
0x13, 0xb0, 0xfc, 0x6d, 0x82, 0x44, 0x64, 0xe6, 0x7b, 0x1b, 0xe6, 0x3a, 0x81, 0x8b, 0x57, 0x9f,
0x4e, 0x4f, 0xbc, 0xbf, 0x5d, 0x4b, 0x51, 0x56, 0x92, 0xf2, 0xbb, 0x37, 0x4c, 0x19, 0x5d, 0xfb,
0xfe, 0x2c, 0xcc, 0xcb, 0xf5, 0x21, 0x26, 0x9c, 0x0e, 0x7b, 0xf4, 0xec, 0xce, 0xfd, 0x02, 0x07,
0x58, 0xc8, 0xb7, 0xd3, 0x2b, 0xe9, 0x0a, 0x51, 0x3c, 0xe6, 0x24, 0x28, 0xc2, 0x8d, 0x6c, 0x9f,
0x32, 0x97, 0xc3, 0x04, 0xcc, 0xf0, 0x88, 0x0e, 0x65, 0x7f, 0x10, 0xee, 0xbb, 0x7d, 0x4f, 0x5c,
0xd0, 0x3c, 0x9b, 0x62, 0xd4, 0xe4, 0x85, 0x23, 0xbc, 0x62, 0x32, 0xf2, 0x3a, 0x4c, 0xfb, 0x03,
0xb7, 0xef, 0x78, 0x7c, 0x8f, 0xbb, 0x90, 0x61, 0xe0, 0xf6, 0xf5, 0x9a, 0x44, 0xc8, 0x91, 0xc9,
0x2b, 0x50, 0xf2, 0x1f, 0xc6, 0xe3, 0x75, 0x3e, 0x4d, 0xf4, 0x30, 0x72, 0x24, 0x12, 0x44, 0xa4,
0x04, 0x1f, 0x3a, 0x87, 0x7b, 0x7c, 0xc4, 0xd2, 0x04, 0xb7, 0x9d, 0xc3, 0x3d, 0x99, 0x80, 0x22,
0x92, 0xf7, 0x00, 0x06, 0xce, 0xbe, 0x1b, 0xd8, 0xdd, 0x61, 0x74, 0x94, 0x49, 0x54, 0xcc, 0xc8,
0x5a, 0xb4, 0xb8, 0x3a, 0x8c, 0x8e, 0x24, 0xda, 0xd9, 0x81, 0x00, 0x12, 0x1d, 0xe0, 0xd0, 0x89,
0x22, 0x37, 0x38, 0xf4, 0xb9, 0x63, 0x66, 0x12, 0x8c, 0x93, 0x31, 0xd8, 0x89, 0x8b, 0x25, 0x0e,
0x12, 0x11, 0x56, 0xda, 0x0b, 0x1c, 0xbc, 0x86, 0x1f, 0xa9, 0xb4, 0x17, 0xa4, 0x5a, 0x49, 0x11,
0xc9, 0x5b, 0x30, 0x83, 0x39, 0x39, 0x83, 0x2e, 0x8f, 0x43, 0x73, 0x31, 0x45, 0x53, 0x65, 0x65,
0x12, 0x99, 0x40, 0xa7, 0xb5, 0xe5, 0xc1, 0x78, 0x1b, 0xfe, 0x23, 0xbc, 0x17, 0xc8, 0xd6, 0xd6,
0x8a, 0x8b, 0xe5, 0xda, 0x26, 0x44, 0x74, 0x28, 0xf7, 0xbd, 0xa8, 0xe7, 0x3c, 0xe0, 0x97, 0xed,
0xe9, 0xa1, 0xdc, 0xc2, 0x22, 0x79, 0x28, 0x19, 0x32, 0xb9, 0x05, 0x65, 0x91, 0xee, 0x83, 0xbf,
0x6a, 0x4d, 0x57, 0x9a, 0xa7, 0xeb, 0x90, 0x2b, 0xcd, 0x13, 0x7c, 0xd0, 0xfe, 0x09, 0x3b, 0xde,
0x21, 0x7f, 0x8c, 0x9a, 0xee, 0x1f, 0xab, 0x52, 0xdb, 0x91, 0xfb, 0x87, 0x22, 0x92, 0x77, 0x61,
0x86, 0xae, 0xdf, 0xae, 0xbf, 0xcf, 0x23, 0x79, 0x68, 0xe9, 0xfe, 0x61, 0x65, 0x23, 0xd3, 0x55,
0x10, 0xd1, 0x85, 0xec, 0x3c, 0x0a, 0x6d, 0xaf, 0x83, 0x31, 0x5a, 0xb3, 0xcb, 0x51, 0xbf, 0x67,
0xd5, 0x2a, 0x12, 0xd9, 0x94, 0xf3, 0x28, 0xac, 0x75, 0xc8, 0x4d, 0x98, 0xc2, 0x6c, 0x38, 0x3c,
0x20, 0x6b, 0x9a, 0x06, 0xf3, 0xe0, 0xc8, 0x34, 0x88, 0x4a, 0x07, 0xf2, 0x30, 0xc4, 0xf7, 0x3d,
0x3c, 0x27, 0x4d, 0xba, 0x4f, 0x76, 0x2c, 0x7c, 0xf4, 0x23, 0x57, 0x91, 0xa3, 0xd3, 0x2a, 0xf6,
0xdd, 0xc8, 0xf6, 0x3e, 0xe2, 0x59, 0x65, 0xd2, 0x9f, 0x6b, 0xb8, 0x51, 0xed, 0x7d, 0xf9, 0x73,
0x7d, 0x37, 0xaa, 0x7d, 0xc4, 0x87, 0xee, 0x60, 0xf8, 0x00, 0x8d, 0xef, 0x39, 0x43, 0x77, 0x30,
0xcc, 0x0e, 0xdd, 0xc1, 0xf0, 0x01, 0x25, 0xf3, 0xfa, 0xd1, 0xb0, 0xef, 0xf2, 0xd7, 0xa5, 0x69,
0xb2, 0x1a, 0x16, 0xc9, 0x64, 0x0c, 0x99, 0x5c, 0x02, 0x48, 0xbc, 0x1d, 0xd8, 0x3d, 0x92, 0x29,
0x41, 0x3e, 0x57, 0xfa, 0x1f, 0xff, 0xfc, 0xb2, 0xb2, 0x01, 0x50, 0x16, 0xe1, 0x90, 0xa8, 0x1a,
0xbe, 0x92, 0x57, 0x17, 0x72, 0x15, 0xe6, 0xe5, 0x60, 0x4d, 0x7c, 0x33, 0x98, 0x73, 0x06, 0x9e,
0x08, 0xd7, 0x34, 0x39, 0xdf, 0xc8, 0x4b, 0xb0, 0x9c, 0x7a, 0x84, 0x95, 0xb8, 0x2d, 0x9a, 0xaa,
0x5c, 0x80, 0x7b, 0x6f, 0x05, 0x20, 0x8c, 0x9c, 0x20, 0xb2, 0xbb, 0x4e, 0x74, 0x12, 0x33, 0x72,
0x99, 0xca, 0x73, 0xe6, 0xf3, 0x8e, 0x74, 0x55, 0x27, 0x72, 0x59, 0xe3, 0xb4, 0x3a, 0x9c, 0x1f,
0x2b, 0x6b, 0xc9, 0x8b, 0xa0, 0xee, 0x39, 0xdc, 0xd2, 0xda, 0x39, 0x70, 0xfa, 0x7d, 0xb7, 0xc7,
0x1b, 0xb6, 0x24, 0xe0, 0x15, 0x06, 0xe6, 0xdc, 0xde, 0x93, 0x7a, 0x47, 0x5a, 0x64, 0x27, 0xe8,
0x1d, 0xce, 0xe0, 0xbb, 0x0a, 0x5c, 0x9c, 0x24, 0xb2, 0xc9, 0x1a, 0x94, 0x07, 0x81, 0xe7, 0xe3,
0xd1, 0x80, 0xf7, 0xa1, 0xf8, 0x8d, 0xe9, 0x58, 0x50, 0x87, 0x8d, 0x9c, 0x7d, 0xfe, 0xaa, 0xc9,
0x9c, 0x45, 0x48, 0xdb, 0xd9, 0x0f, 0x69, 0x17, 0x77, 0xdd, 0x3d, 0x67, 0xd8, 0x8b, 0xec, 0xb0,
0x73, 0xe0, 0x76, 0xf1, 0xdd, 0x21, 0xfa, 0x7b, 0x9a, 0x2a, 0x2f, 0xb0, 0x04, 0x7c, 0xa4, 0xc6,
0x53, 0x63, 0x6a, 0x7c, 0xbb, 0x54, 0x56, 0xd4, 0x82, 0x89, 0x2e, 0x72, 0xda, 0x57, 0x0b, 0xb0,
0x3a, 0x4e, 0x46, 0x91, 0x77, 0xf2, 0xfa, 0x80, 0xdd, 0x2e, 0xc9, 0x70, 0xf9, 0x76, 0x49, 0x9e,
0x3d, 0x37, 0x21, 0x7e, 0x35, 0x78, 0x5c, 0x04, 0x10, 0x01, 0xa3, 0x34, 0x03, 0x27, 0x0c, 0x1f,
0x51, 0x31, 0x5c, 0x94, 0x82, 0x69, 0x73, 0x98, 0x4c, 0x23, 0x60, 0xe4, 0x4d, 0x80, 0x4e, 0xcf,
0x0f, 0x5d, 0x74, 0xe2, 0xe0, 0xfa, 0x1d, 0x7b, 0x0b, 0x11, 0x43, 0xe5, 0x5b, 0x7b, 0x84, 0x56,
0xfc, 0xae, 0x98, 0x4f, 0x0e, 0x9c, 0x1b, 0xb3, 0x29, 0xd1, 0xe1, 0xc1, 0x67, 0x80, 0x4c, 0x06,
0xf1, 0x54, 0x86, 0x14, 0xc2, 0x52, 0x70, 0x65, 0x7b, 0xbc, 0x30, 0x6e, 0x8e, 0x1c, 0x01, 0x19,
0xdd, 0x79, 0x28, 0x77, 0xee, 0xfb, 0x3f, 0x0c, 0x62, 0xee, 0x0c, 0xb2, 0x1b, 0xf4, 0xc8, 0x65,
0x98, 0x13, 0xd9, 0xbc, 0xe9, 0xf9, 0x89, 0x31, 0x07, 0x0e, 0xba, 0xe3, 0xe2, 0xe4, 0xc1, 0x10,
0xc2, 0x2c, 0xb5, 0x12, 0x5b, 0x79, 0xb3, 0x08, 0x69, 0x1f, 0x0d, 0x44, 0xeb, 0x2e, 0x8a, 0xf9,
0x9d, 0xd6, 0x07, 0x78, 0xe9, 0x3f, 0x52, 0xc4, 0xf0, 0x8f, 0x6e, 0xa8, 0xc7, 0xd5, 0x8f, 0x00,
0x3e, 0xcd, 0xe3, 0x15, 0xc3, 0xff, 0xa9, 0xa6, 0x28, 0x56, 0x1d, 0xd7, 0x14, 0xf9, 0x4f, 0x72,
0x0d, 0x96, 0x02, 0xe6, 0xfe, 0x1c, 0xf9, 0xbc, 0x3f, 0x59, 0xf6, 0xa1, 0x05, 0x06, 0x6e, 0xfb,
0xd8, 0xa7, 0xbc, 0x5e, 0xb7, 0xe3, 0x0e, 0x93, 0xf4, 0x0b, 0x72, 0x1d, 0x66, 0xa9, 0x7e, 0x81,
0x61, 0xa1, 0x32, 0x6f, 0x82, 0x10, 0x0f, 0xb5, 0x35, 0xb3, 0xfc, 0x21, 0xff, 0x9f, 0xf3, 0xfa,
0xf5, 0x58, 0x00, 0xa6, 0xa5, 0x2a, 0x39, 0x0b, 0xd3, 0x2c, 0x0b, 0x3d, 0x6f, 0x1b, 0xff, 0x45,
0x9e, 0x87, 0x45, 0xf6, 0x90, 0x37, 0x33, 0xb0, 0x0b, 0x08, 0x8d, 0xa7, 0xf7, 0xc9, 0x52, 0x57,
0xf1, 0x4a, 0xfc, 0x61, 0x41, 0xb4, 0x48, 0x56, 0xb1, 0xc8, 0x39, 0x98, 0xf1, 0x83, 0x7d, 0xa9,
0x7f, 0xa7, 0xfd, 0x60, 0x9f, 0x76, 0xee, 0x0b, 0xa0, 0xb2, 0x77, 0x72, 0x2c, 0x5e, 0x49, 0x78,
0xd4, 0xef, 0xf0, 0xb7, 0x12, 0x8b, 0x0c, 0xbe, 0x1b, 0xba, 0x81, 0x75, 0xd4, 0xef, 0x50, 0xcc,
0x30, 0xf4, 0x6d, 0x39, 0xc4, 0x1c, 0xaf, 0xc8, 0x62, 0x18, 0xfa, 0x49, 0xac, 0xb9, 0x2e, 0xd9,
0x80, 0x05, 0xca, 0x27, 0x8e, 0x94, 0xc7, 0xc5, 0xf0, 0x33, 0xa3, 0x1a, 0xe0, 0x51, 0xbf, 0x23,
0xaa, 0x68, 0xce, 0x87, 0xd2, 0x2f, 0x72, 0x07, 0x54, 0x49, 0x55, 0xc6, 0x87, 0xd3, 0x99, 0xf7,
0x00, 0x09, 0x1b, 0x49, 0xc5, 0xae, 0xf5, 0xf7, 0x7c, 0x73, 0xa9, 0x93, 0x06, 0xc4, 0xe2, 0x68,
0x5a, 0x9d, 0x31, 0x57, 0x79, 0x73, 0x43, 0x74, 0x15, 0xb5, 0x7b, 0xfe, 0xbe, 0xed, 0x3e, 0xa6,
0x13, 0x43, 0xfb, 0x67, 0x8a, 0x10, 0xf8, 0x39, 0x4c, 0x89, 0x06, 0x0b, 0x07, 0x4e, 0x68, 0x87,
0xe1, 0x21, 0xf3, 0x60, 0xe4, 0xe1, 0xc0, 0xe7, 0x0e, 0x9c, 0xd0, 0x0a, 0x0f, 0x45, 0x4a, 0xa5,
0x33, 0x14, 0xc7, 0x77, 0x86, 0xd1, 0x81, 0x2d, 0x1f, 0x0c, 0x58, 0x8f, 0x9e, 0x3e, 0x70, 0xc2,
0x26, 0x2d, 0x93, 0x78, 0x93, 0xe7, 0x60, 0x11, 0xf9, 0x76, 0x3c, 0xc1, 0x18, 0x63, 0xd2, 0x98,
0xf3, 0x94, 0x71, 0xc7, 0x63, 0x9c, 0xf9, 0xe0, 0xfe, 0xb4, 0x04, 0x67, 0xf3, 0x7b, 0x0f, 0xd7,
0x10, 0xed, 0x73, 0x7c, 0x3d, 0xcb, 0xeb, 0x36, 0x4b, 0x21, 0x2c, 0x9e, 0x50, 0xde, 0xe0, 0x15,
0x72, 0x07, 0x6f, 0x1d, 0x96, 0x91, 0x11, 0x3f, 0x82, 0xf4, 0xbc, 0x30, 0xe2, 0x61, 0x72, 0xcc,
0x25, 0x5a, 0xc0, 0x36, 0x9d, 0x3a, 0x05, 0xd3, 0x99, 0x29, 0xb6, 0x0d, 0xff, 0x51, 0x9f, 0x7e,
0x98, 0xed, 0x19, 0x0b, 0x1c, 0xda, 0x44, 0x20, 0x39, 0x03, 0xd3, 0xce, 0x60, 0x40, 0x3f, 0xc9,
0xb6, 0x8a, 0x29, 0x67, 0x30, 0x60, 0x79, 0xc4, 0x58, 0xc6, 0xb6, 0x3d, 0xf4, 0x37, 0x13, 0x2f,
0x01, 0xe6, 0x11, 0xc8, 0x7c, 0xd0, 0xf0, 0x2d, 0x01, 0xa5, 0x15, 0x28, 0x33, 0x88, 0x02, 0xce,
0x20, 0x46, 0x38, 0x0f, 0x65, 0xe1, 0xf9, 0xc0, 0x1e, 0x47, 0x99, 0x33, 0x0e, 0xf7, 0x7a, 0x78,
0x1d, 0xce, 0xf1, 0xf4, 0x70, 0x36, 0x6b, 0xd2, 0x60, 0xc0, 0x5f, 0x27, 0xb3, 0x50, 0xdc, 0x98,
0x1c, 0x1f, 0x5d, 0xd4, 0x68, 0xbb, 0x06, 0x83, 0xf8, 0x8d, 0xf2, 0x9a, 0x20, 0x7b, 0xe0, 0xb1,
0x60, 0x7e, 0xcc, 0xfb, 0x17, 0x17, 0x07, 0x20, 0xe5, 0x2a, 0xc7, 0xd8, 0x90, 0x11, 0xc4, 0x32,
0x89, 0x57, 0x92, 0xcd, 0x0c, 0x9f, 0x5c, 0x7d, 0xc2, 0xfb, 0x71, 0x1c, 0x34, 0x84, 0x92, 0x37,
0x61, 0xec, 0x5c, 0x44, 0xed, 0xbc, 0x6c, 0x9e, 0x61, 0xe5, 0xcc, 0xab, 0xb9, 0xee, 0xef, 0x1b,
0x58, 0x48, 0xde, 0x83, 0x8b, 0xa2, 0x82, 0x4e, 0x18, 0x7a, 0xfb, 0x7d, 0x5b, 0x8c, 0x02, 0x3a,
0x9e, 0xa0, 0x86, 0x5e, 0x36, 0xcf, 0x73, 0x1c, 0x1d, 0x51, 0xaa, 0x0c, 0x83, 0xbd, 0x6e, 0x7d,
0x15, 0x56, 0x22, 0xef, 0xd0, 0xb5, 0x1f, 0xb8, 0xd1, 0x23, 0xd7, 0xed, 0xdb, 0xde, 0x21, 0xe5,
0xcb, 0x02, 0xc6, 0xcc, 0x9a, 0x84, 0x96, 0x6d, 0xb0, 0xa2, 0x1a, 0x2b, 0xe1, 0xf3, 0xef, 0x2d,
0x58, 0xe2, 0xc7, 0x13, 0xae, 0xdb, 0xe0, 0xf8, 0x70, 0xc9, 0x8b, 0x8f, 0x39, 0x58, 0x36, 0x3b,
0xe0, 0xa0, 0x5a, 0x57, 0x50, 0xfe, 0xa9, 0x02, 0x67, 0x72, 0xcf, 0x37, 0xe4, 0x97, 0x81, 0x3d,
0x50, 0x8d, 0x7c, 0x3b, 0x70, 0x3b, 0xde, 0xc0, 0xc3, 0x88, 0x3f, 0xcc, 0xfe, 0x7f, 0x73, 0xd2,
0xc9, 0x08, 0x1f, 0xbb, 0xb6, 0x7d, 0x33, 0x26, 0x62, 0x86, 0x49, 0x35, 0xc8, 0x80, 0xd7, 0x3e,
0x80, 0x33, 0xb9, 0xa8, 0x39, 0x06, 0xc3, 0xcf, 0xca, 0x06, 0xc3, 0xe4, 0x46, 0x37, 0xd3, 0x68,
0xc9, 0x90, 0xc8, 0x9b, 0xf7, 0xc7, 0x71, 0xf3, 0x32, 0x27, 0x21, 0x62, 0x64, 0x65, 0x61, 0xde,
0x61, 0x5e, 0x10, 0x8d, 0x17, 0x87, 0x1f, 0xc0, 0x19, 0xbe, 0x20, 0xd9, 0x56, 0x10, 0xb3, 0x63,
0x15, 0xfd, 0x4c, 0x1e, 0x3b, 0xb6, 0x52, 0xb7, 0x28, 0x7e, 0xcc, 0xf5, 0xb4, 0x33, 0x0a, 0xe4,
0x6d, 0xf8, 0xf7, 0x05, 0x21, 0xfe, 0x72, 0xaa, 0x93, 0xb3, 0xd4, 0x95, 0xbc, 0xa5, 0x7e, 0x72,
0x39, 0xd3, 0x00, 0x22, 0x0b, 0x78, 0xbe, 0x52, 0x98, 0xbb, 0xe2, 0xe5, 0x74, 0xee, 0x48, 0x49,
0x5c, 0xb2, 0xa5, 0x63, 0x2e, 0x77, 0xb2, 0x20, 0x7a, 0x84, 0x60, 0xdb, 0x2a, 0xfd, 0x24, 0xdb,
0xf1, 0xcb, 0x0c, 0x50, 0xeb, 0x92, 0x2b, 0x30, 0xcf, 0xce, 0xaf, 0x29, 0x39, 0x04, 0x08, 0xd3,
0x51, 0x18, 0xbd, 0x9d, 0x27, 0x8c, 0x92, 0x8b, 0x08, 0xae, 0xba, 0x1e, 0xf5, 0x3b, 0x4c, 0xee,
0xa4, 0xa5, 0x14, 0xef, 0xc1, 0xdf, 0x2c, 0x80, 0x9a, 0x45, 0x24, 0x1a, 0x14, 0xbc, 0xee, 0x38,
0x4f, 0x9a, 0xed, 0x53, 0x66, 0xc1, 0xeb, 0x92, 0x5b, 0x00, 0x98, 0x45, 0x35, 0x70, 0xf7, 0xdd,
0xc7, 0x5c, 0x85, 0x45, 0xc5, 0x32, 0x81, 0xa6, 0x68, 0x66, 0xd1, 0xd8, 0x48, 0xc1, 0xe4, 0x06,
0x80, 0xfb, 0x98, 0x65, 0xba, 0x10, 0xfb, 0x71, 0xce, 0x67, 0x14, 0x73, 0x96, 0x63, 0xd5, 0xba,
0x64, 0x1b, 0x88, 0x20, 0x91, 0xbe, 0x5a, 0x3a, 0xe6, 0xab, 0x8a, 0xa9, 0x72, 0xaa, 0x86, 0xf8,
0x38, 0x3f, 0x04, 0xce, 0xc2, 0x0c, 0x4f, 0xb6, 0x41, 0xff, 0xe5, 0x48, 0xda, 0xaf, 0x29, 0x70,
0xe5, 0xb8, 0xe9, 0x48, 0xee, 0xc1, 0x59, 0xf4, 0x3f, 0x0b, 0xfd, 0x78, 0x46, 0xdb, 0x1d, 0xa7,
0x73, 0xe0, 0x72, 0x01, 0xa0, 0xe5, 0xce, 0xeb, 0xc1, 0xc0, 0xb2, 0x9a, 0xd2, 0x94, 0x1e, 0x0c,
0xac, 0xd0, 0x17, 0xbf, 0x2b, 0x94, 0x9c, 0x0f, 0x48, 0x17, 0x2e, 0x4c, 0xa0, 0x94, 0xf6, 0x25,
0x45, 0xde, 0x97, 0x5e, 0x00, 0x75, 0xcf, 0xed, 0xd2, 0x83, 0xae, 0xdb, 0xc5, 0xaa, 0x7d, 0x7c,
0x13, 0xc7, 0x64, 0xde, 0x5c, 0x8c, 0xe1, 0x56, 0xe8, 0xdf, 0xbd, 0xc9, 0xbf, 0xf2, 0x07, 0xb1,
0xca, 0x25, 0xdb, 0x33, 0xc8, 0x4d, 0x38, 0x9d, 0x89, 0x4c, 0x25, 0x85, 0x3a, 0x29, 0xac, 0x2a,
0xe6, 0x32, 0x2d, 0x4e, 0xc7, 0x32, 0x7c, 0x1e, 0xe6, 0x65, 0x51, 0xce, 0xa7, 0x02, 0x45, 0x9e,
0xeb, 0x26, 0x02, 0x9c, 0x3c, 0x80, 0x45, 0x69, 0x85, 0x51, 0xd5, 0xa8, 0x98, 0x23, 0x06, 0xe4,
0xda, 0x5c, 0x4f, 0x96, 0x5e, 0x7f, 0xcf, 0x67, 0x6e, 0x58, 0x69, 0x16, 0xe6, 0x42, 0x47, 0x46,
0x59, 0x7b, 0x5f, 0x0a, 0xcd, 0x88, 0x0a, 0xd0, 0x45, 0x28, 0xf5, 0x73, 0x23, 0xaf, 0xf7, 0x59,
0x22, 0xf7, 0x52, 0x94, 0x1b, 0x5f, 0x38, 0x8a, 0x8f, 0x08, 0xbc, 0xbb, 0x86, 0x62, 0x50, 0x72,
0x2d, 0x39, 0x27, 0xb1, 0x16, 0xbc, 0x0c, 0x24, 0x3e, 0x7b, 0xc7, 0x7b, 0x06, 0x17, 0x33, 0xcb,
0xa2, 0x24, 0x16, 0xf6, 0xfc, 0xb3, 0xff, 0x76, 0x1a, 0x4e, 0xe7, 0x98, 0x80, 0xc8, 0xcb, 0xa0,
0x7a, 0xfd, 0xc8, 0xdd, 0x0f, 0x24, 0xe3, 0x42, 0x32, 0x46, 0x4b, 0x52, 0x19, 0xb7, 0xed, 0x4f,
0x07, 0xee, 0x7e, 0x7c, 0x4f, 0x60, 0xf2, 0x5f, 0x74, 0x2f, 0x71, 0x02, 0x61, 0xb6, 0xa6, 0xff,
0x92, 0x1a, 0x2c, 0x63, 0x6a, 0xa6, 0xd0, 0xf3, 0x31, 0xc3, 0x13, 0x1e, 0x26, 0x4a, 0x29, 0x43,
0x11, 0xd6, 0xa4, 0x25, 0x21, 0xd1, 0xd3, 0x84, 0xa9, 0x0e, 0x32, 0x10, 0xf2, 0x79, 0x58, 0x93,
0xd4, 0x31, 0x3b, 0x23, 0x88, 0xf1, 0xa9, 0x92, 0x79, 0xce, 0x89, 0x15, 0xb3, 0x6a, 0x4a, 0x24,
0x6f, 0x00, 0x4b, 0xe9, 0xef, 0x75, 0x07, 0xf6, 0x48, 0x2e, 0x2f, 0x6c, 0x2e, 0xcb, 0x08, 0xb3,
0x46, 0xb1, 0x6a, 0xdd, 0x41, 0x26, 0xad, 0x17, 0xb6, 0xba, 0x95, 0x2b, 0xac, 0x67, 0x50, 0x58,
0x3f, 0x23, 0x37, 0x66, 0x44, 0x54, 0xb3, 0x99, 0x3e, 0x2a, 0xae, 0xf7, 0x61, 0x39, 0x51, 0x93,
0x84, 0xcc, 0x2d, 0xe3, 0xa2, 0x5f, 0x93, 0x19, 0x8a, 0xe3, 0x07, 0x93, 0xa6, 0x2c, 0xd8, 0xcc,
0x08, 0xa1, 0x1c, 0x52, 0x69, 0x98, 0x22, 0x08, 0x49, 0x1d, 0x56, 0x9c, 0x47, 0xa1, 0x48, 0x14,
0x1e, 0xc6, 0xdf, 0x9a, 0x1d, 0xfd, 0x96, 0xb8, 0xa8, 0xe6, 0x22, 0x9e, 0x38, 0x8f, 0x42, 0x9e,
0x3f, 0x3c, 0x14, 0xdc, 0x3e, 0x04, 0xc2, 0xb6, 0x89, 0x54, 0xbd, 0xe1, 0x38, 0x5e, 0x3c, 0xcb,
0xf8, 0x08, 0xa5, 0x1c, 0x18, 0x12, 0x4b, 0xe5, 0x9a, 0xb7, 0xd3, 0x97, 0x0b, 0x73, 0xa9, 0x9b,
0xf1, 0x6c, 0x6f, 0xb3, 0x5b, 0x7b, 0x09, 0x5f, 0x36, 0x96, 0x48, 0x60, 0x3c, 0x1f, 0x63, 0xe0,
0x38, 0xac, 0xc7, 0xa1, 0xdf, 0x75, 0x99, 0xb7, 0xb7, 0xb9, 0x80, 0x60, 0x5a, 0x81, 0x9d, 0xc4,
0x66, 0xf1, 0x2d, 0x05, 0xd4, 0xec, 0xa7, 0xc8, 0xdb, 0x30, 0xcd, 0x34, 0x56, 0xae, 0xcc, 0x68,
0xf9, 0x75, 0x62, 0x23, 0xcd, 0x94, 0xd7, 0xed, 0x53, 0x26, 0xa7, 0x21, 0x6f, 0x40, 0xc9, 0xf7,
0xba, 0xe2, 0xa6, 0xff, 0xca, 0x24, 0xda, 0x66, 0xad, 0x5a, 0xc1, 0xdb, 0x01, 0xaf, 0xcb, 0x0f,
0xd9, 0x1b, 0x65, 0x98, 0x66, 0x1d, 0xab, 0x7d, 0x08, 0x17, 0x26, 0x7c, 0x90, 0x18, 0xb0, 0x94,
0xf1, 0x82, 0x38, 0xa1, 0x83, 0x84, 0x93, 0x38, 0x48, 0x04, 0xe2, 0xe0, 0xd5, 0x83, 0xf3, 0x63,
0x2b, 0x48, 0x6a, 0x63, 0x25, 0x08, 0x86, 0x36, 0xca, 0x96, 0xc9, 0x93, 0x35, 0x23, 0x5d, 0xf8,
0xd7, 0x7e, 0xab, 0x00, 0xa7, 0x73, 0x26, 0xd1, 0xdf, 0x5a, 0x55, 0xe2, 0x0f, 0x14, 0xde, 0x1f,
0x69, 0x61, 0x40, 0xda, 0xc0, 0x9d, 0x6c, 0xb8, 0xe0, 0xb8, 0x36, 0x5e, 0x70, 0xc8, 0xbe, 0x0b,
0x3c, 0xc6, 0x15, 0x02, 0xe4, 0x1b, 0x7a, 0x06, 0x79, 0x0a, 0xaf, 0x02, 0x3e, 0x7c, 0x1f, 0xc0,
0x99, 0x5c, 0xc1, 0x4e, 0x8f, 0xaa, 0xe8, 0xdc, 0x9f, 0x58, 0x61, 0x66, 0xe8, 0xef, 0xdd, 0x00,
0x2d, 0x7c, 0x0f, 0x5c, 0x27, 0x70, 0x03, 0x6e, 0x03, 0xe0, 0x16, 0x3e, 0x06, 0x93, 0x4d, 0x00,
0xdd, 0xf4, 0x2e, 0xc6, 0xaf, 0x25, 0xc9, 0x0e, 0x9c, 0x66, 0xd2, 0x85, 0x1d, 0xe5, 0x6c, 0x7e,
0x95, 0xa9, 0xa4, 0x0c, 0x2f, 0x48, 0x82, 0x87, 0x5c, 0x76, 0xac, 0x63, 0xd4, 0xe6, 0xf2, 0x7e,
0x16, 0x44, 0x95, 0xb7, 0xb3, 0xf9, 0xd8, 0x64, 0x03, 0xe6, 0x18, 0x73, 0x66, 0x05, 0x65, 0x3e,
0x28, 0x57, 0x27, 0x7e, 0xa1, 0x82, 0x6f, 0xde, 0xc2, 0xf8, 0x7f, 0x7a, 0xf2, 0x47, 0x77, 0x3f,
0xfb, 0x50, 0x76, 0xb1, 0x31, 0xe7, 0x11, 0xc8, 0x5d, 0x6b, 0xb4, 0xff, 0xa2, 0x88, 0xa6, 0xa6,
0xee, 0x5f, 0xe8, 0x0e, 0x1c, 0xba, 0x7d, 0xe1, 0x66, 0x34, 0x6b, 0xf2, 0x5f, 0x4f, 0xa8, 0x15,
0x90, 0x37, 0x61, 0x9e, 0xb2, 0xdd, 0x1f, 0xf6, 0xd9, 0xce, 0x5c, 0x4c, 0xc5, 0xde, 0xdc, 0x61,
0x45, 0x74, 0xd8, 0xb6, 0x4f, 0x99, 0x73, 0x87, 0xc9, 0x4f, 0x72, 0x1d, 0x66, 0xc3, 0xc3, 0x68,
0x20, 0xef, 0xe7, 0xe2, 0x2e, 0xda, 0xda, 0x69, 0xb7, 0x38, 0x49, 0x99, 0xe2, 0x24, 0xc6, 0xc1,
0x8d, 0x69, 0x76, 0x1b, 0xad, 0xbd, 0x04, 0x73, 0x12, 0x6f, 0xda, 0x18, 0xf6, 0x42, 0x5c, 0x34,
0x86, 0xfd, 0xe2, 0x83, 0xfd, 0x00, 0xca, 0x82, 0x25, 0x21, 0x50, 0x3a, 0xf0, 0x43, 0xa1, 0x0f,
0xe1, 0xff, 0x14, 0x86, 0xd6, 0x02, 0xda, 0xc8, 0x29, 0x13, 0xff, 0xc7, 0x13, 0x18, 0x5e, 0x80,
0x60, 0x1c, 0x77, 0x7c, 0x15, 0x10, 0x9b, 0xe9, 0x28, 0xbc, 0xdd, 0x0b, 0xd9, 0x5b, 0x01, 0x61,
0x30, 0x8c, 0x8f, 0xae, 0x99, 0x0b, 0xab, 0x71, 0xea, 0x71, 0xea, 0xa0, 0x55, 0x18, 0x3d, 0x68,
0xb1, 0x98, 0x8a, 0x9c, 0x92, 0x7d, 0x19, 0x10, 0xc6, 0x0e, 0x5a, 0x89, 0x02, 0x55, 0x4a, 0x29,
0x50, 0xd2, 0x15, 0x44, 0x32, 0x7a, 0xec, 0x9c, 0x26, 0xae, 0x20, 0xb2, 0x2a, 0xdd, 0x77, 0xe2,
0x19, 0x92, 0xba, 0x32, 0x23, 0x37, 0xe1, 0x0c, 0x33, 0xc1, 0xb1, 0xc4, 0x77, 0x59, 0x5d, 0xf2,
0x34, 0x16, 0xb2, 0x74, 0xa5, 0xb1, 0x4e, 0x79, 0xbc, 0x89, 0x9d, 0xbc, 0x0a, 0x2b, 0x71, 0x32,
0xfe, 0xf0, 0xa1, 0x37, 0x60, 0xb9, 0x83, 0x8f, 0xb8, 0x71, 0x8c, 0x88, 0x32, 0xeb, 0xa1, 0x37,
0xc0, 0x3c, 0xc2, 0xa2, 0x87, 0x7f, 0xaf, 0x20, 0x2e, 0x6e, 0x36, 0x7c, 0x3f, 0x0a, 0xa3, 0xc0,
0x19, 0xa4, 0x9c, 0x02, 0xc8, 0x21, 0x9c, 0xc7, 0x2a, 0xdd, 0xc4, 0x4c, 0x7f, 0x7e, 0x20, 0x2e,
0xba, 0xe2, 0x05, 0x36, 0x77, 0xf3, 0x95, 0xb4, 0xd1, 0x53, 0xa7, 0xd8, 0xba, 0x8c, 0x4c, 0xd7,
0x95, 0xc4, 0x75, 0xfb, 0x94, 0x79, 0x8e, 0xf1, 0x1c, 0xc1, 0x22, 0xdb, 0x39, 0xb2, 0x26, 0xeb,
0x15, 0xb0, 0x91, 0x08, 0x9e, 0x34, 0x57, 0x59, 0x24, 0x91, 0x77, 0x61, 0xd6, 0xeb, 0xf2, 0x94,
0x37, 0x7c, 0x01, 0xa5, 0xef, 0xa3, 0x6b, 0x5d, 0x96, 0x01, 0x27, 0xe1, 0x41, 0x97, 0x86, 0xc7,
0xa1, 0x1b, 0x0b, 0x29, 0x0d, 0x47, 0xdb, 0x16, 0x77, 0x04, 0xa3, 0x64, 0x64, 0x31, 0xd9, 0xfb,
0x70, 0x9f, 0x43, 0x29, 0x90, 0xe4, 0xe0, 0x31, 0xf9, 0x2f, 0xde, 0xe5, 0xbf, 0x02, 0x2f, 0x9c,
0xb4, 0xa7, 0xa8, 0xdc, 0x18, 0xd3, 0xed, 0xb3, 0x2c, 0xfe, 0x7e, 0xba, 0xf7, 0xae, 0x82, 0x9c,
0x37, 0xc4, 0x13, 0x13, 0x45, 0xc0, 0x76, 0x03, 0x4f, 0xfb, 0x8b, 0x22, 0x2c, 0xa6, 0xdd, 0x46,
0xc8, 0x4b, 0x50, 0x92, 0xc4, 0xe5, 0xb9, 0x1c, 0xdf, 0x12, 0x14, 0x92, 0x88, 0x74, 0x22, 0xf1,
0x48, 0x6e, 0xc3, 0x22, 0xbe, 0x7c, 0x41, 0x35, 0x2e, 0xf2, 0xf8, 0x95, 0xe8, 0x49, 0x2f, 0x3b,
0xe7, 0x29, 0x2d, 0xdd, 0x1e, 0x69, 0xa1, 0xe4, 0x15, 0x50, 0x1a, 0xef, 0x15, 0xc0, 0x9b, 0x32,
0xc6, 0x2b, 0x60, 0x6a, 0x82, 0x57, 0x40, 0x42, 0x29, 0x7b, 0x05, 0xa0, 0x6f, 0xc8, 0xcc, 0x38,
0xdf, 0x90, 0x84, 0x86, 0xf9, 0x86, 0x24, 0xb7, 0xfa, 0xe5, 0xb1, 0xb7, 0xfa, 0x09, 0x0d, 0xbf,
0xd5, 0x4f, 0xee, 0xd9, 0x67, 0xc7, 0xde, 0xb3, 0x4b, 0x44, 0xec, 0x9e, 0xfd, 0x39, 0xde, 0xb1,
0x81, 0xf3, 0xc8, 0xc6, 0x1e, 0xe7, 0xe7, 0x23, 0xec, 0x32, 0xd3, 0x79, 0x84, 0x1e, 0xea, 0x54,
0x3d, 0xe1, 0x6e, 0xed, 0xda, 0x77, 0x33, 0x62, 0x48, 0x8c, 0xf9, 0xf3, 0xb0, 0xc8, 0x76, 0x63,
0x9e, 0xd7, 0x81, 0x6d, 0xc7, 0x0b, 0xe6, 0x82, 0x80, 0x32, 0xd3, 0xfc, 0x67, 0x60, 0x29, 0x46,
0xe3, 0xd6, 0x69, 0x0c, 0xb9, 0x61, 0xc6, 0xd4, 0xdc, 0x2e, 0x2d, 0xf3, 0x0b, 0x78, 0x74, 0xca,
0x14, 0x3f, 0x66, 0xdc, 0x7d, 0x19, 0x48, 0x82, 0x16, 0x3f, 0xf2, 0x29, 0x21, 0xea, 0x72, 0x8c,
0x1a, 0xbf, 0xc4, 0xf9, 0x1d, 0x25, 0x73, 0x31, 0xfd, 0xf3, 0xaa, 0xfe, 0x4b, 0x10, 0x7f, 0xdd,
0xe6, 0x97, 0x8b, 0xa2, 0x05, 0xaa, 0x28, 0x68, 0x71, 0xb8, 0xb6, 0x9f, 0xb5, 0xa7, 0xfe, 0x9c,
0x6a, 0xa5, 0xfd, 0x5e, 0x29, 0x75, 0x5f, 0x26, 0x3e, 0x43, 0xb5, 0x9c, 0xd0, 0xb7, 0xf9, 0x10,
0x73, 0x21, 0x7c, 0x75, 0xcc, 0x34, 0xe5, 0xcf, 0x1a, 0x2c, 0xab, 0x69, 0x42, 0x18, 0xfa, 0xe2,
0x95, 0x83, 0xcd, 0x8c, 0x5b, 0xd2, 0xa9, 0x4f, 0xb0, 0x63, 0x12, 0x77, 0x7d, 0x32, 0x3b, 0x71,
0x21, 0x41, 0x57, 0x29, 0x1a, 0xb9, 0xe2, 0x5f, 0xe2, 0x03, 0xbb, 0x80, 0x77, 0xdc, 0x61, 0x9a,
0x79, 0x9e, 0x29, 0x68, 0x84, 0x39, 0xf6, 0x12, 0x72, 0xc6, 0xdb, 0x8a, 0x50, 0x66, 0x6b, 0xc0,
0x3c, 0xde, 0x46, 0x09, 0x86, 0xa5, 0x1c, 0x2f, 0x9c, 0xd1, 0xc6, 0x57, 0x6a, 0x3b, 0xe6, 0x1c,
0xa5, 0x13, 0x6c, 0x0e, 0xe0, 0xbc, 0x7c, 0x87, 0x94, 0xae, 0xe4, 0x94, 0xc8, 0xc6, 0x32, 0xb1,
0x07, 0x92, 0xab, 0x26, 0xac, 0xea, 0x59, 0x27, 0x0d, 0x10, 0x5f, 0xea, 0xc0, 0xf9, 0x91, 0x1b,
0x94, 0xf8, 0x4b, 0xcc, 0x2b, 0xec, 0x85, 0x31, 0x5f, 0xca, 0x5c, 0xad, 0xb8, 0x81, 0x79, 0x36,
0x4c, 0x83, 0xf8, 0x47, 0xf0, 0x19, 0xd1, 0xf8, 0x81, 0x9f, 0x90, 0x27, 0x38, 0x51, 0xa3, 0x0a,
0xb2, 0x1a, 0x25, 0xdf, 0x5b, 0x15, 0xd3, 0xf7, 0x56, 0x9b, 0x70, 0x85, 0xca, 0x3c, 0x3e, 0x73,
0xdc, 0x8f, 0xdd, 0xe0, 0xc8, 0xef, 0x63, 0x08, 0xcf, 0x41, 0xbc, 0xf4, 0xd9, 0x45, 0xdb, 0x45,
0x8a, 0x87, 0xf3, 0xc2, 0xe0, 0x58, 0x3b, 0x88, 0xc4, 0x42, 0xd3, 0xfe, 0x8b, 0x22, 0x3c, 0x7b,
0x82, 0xc9, 0x35, 0xa1, 0xee, 0x5f, 0x48, 0x2b, 0xfb, 0x85, 0x94, 0x75, 0x9e, 0x32, 0x4d, 0xcc,
0xdd, 0x63, 0x54, 0xfd, 0x5f, 0x86, 0x25, 0xb6, 0x4d, 0xb1, 0x77, 0x54, 0x7b, 0xc3, 0xde, 0x09,
0xf6, 0xa9, 0x0b, 0x22, 0x4a, 0x44, 0x86, 0x14, 0xb7, 0x2e, 0x94, 0xce, 0x56, 0x0c, 0x23, 0x6d,
0x98, 0x43, 0xb4, 0x3d, 0xc7, 0xeb, 0x9d, 0x28, 0x5c, 0x81, 0x88, 0x41, 0x21, 0x93, 0xb1, 0xf7,
0xa2, 0x14, 0xb0, 0x89, 0xbf, 0xc9, 0x35, 0x58, 0xea, 0x0f, 0x0f, 0xa9, 0x1a, 0xcb, 0x66, 0x2e,
0x77, 0x57, 0x9f, 0x32, 0x17, 0xfa, 0xc3, 0x43, 0x7d, 0x30, 0xc0, 0x09, 0x88, 0x7e, 0xed, 0xcb,
0x14, 0x8f, 0xc9, 0x18, 0x81, 0x39, 0x8d, 0x98, 0x94, 0x01, 0x93, 0x32, 0x1c, 0x77, 0x05, 0xd8,
0x2b, 0x27, 0x9e, 0x6f, 0x99, 0xfd, 0xd0, 0xfe, 0x57, 0x41, 0x18, 0xca, 0xc7, 0xaf, 0xd2, 0x5f,
0x0c, 0x51, 0xce, 0x10, 0xbd, 0x00, 0x2a, 0xed, 0xfa, 0x44, 0x04, 0xc6, 0x63, 0xb4, 0xd8, 0x1f,
0x1e, 0xc6, 0x7d, 0x27, 0x77, 0xfc, 0xb4, 0xdc, 0xf1, 0x6f, 0x0a, 0x43, 0x74, 0xae, 0x30, 0x1b,
0xdf, 0xe5, 0x54, 0xbf, 0xbb, 0x76, 0x32, 0x91, 0xf5, 0x8b, 0x71, 0xcb, 0x19, 0xb7, 0xcc, 0x95,
0xfe, 0xd4, 0xc8, 0x95, 0x7e, 0xce, 0xda, 0x9b, 0xce, 0x5b, 0x7b, 0x23, 0x0e, 0x04, 0x33, 0x39,
0x0e, 0x04, 0xb9, 0x0b, 0xb4, 0x7c, 0xcc, 0x02, 0x9d, 0x95, 0xe7, 0xc9, 0x0f, 0x0a, 0x70, 0xf5,
0xd8, 0x7d, 0xe3, 0x17, 0x23, 0x9d, 0x33, 0xd2, 0xf9, 0xfd, 0xf9, 0x17, 0x05, 0xa1, 0x2f, 0xa7,
0x8f, 0xc1, 0x1f, 0xc0, 0x69, 0x71, 0x0c, 0x66, 0x7a, 0x43, 0xe2, 0x67, 0x33, 0x77, 0xf3, 0xc5,
0xbc, 0x03, 0x30, 0xa2, 0xe5, 0x1c, 0x52, 0x97, 0xf9, 0xd1, 0x37, 0x29, 0xff, 0xff, 0xe7, 0xd0,
0x4b, 0xee, 0xc3, 0x59, 0xcc, 0xc8, 0xd6, 0x91, 0x3d, 0x84, 0xec, 0xc0, 0xdd, 0xe3, 0xbd, 0x7e,
0x75, 0xe4, 0x70, 0xe8, 0x75, 0xa4, 0xea, 0x98, 0xee, 0xde, 0xf6, 0x29, 0x73, 0x25, 0xcc, 0x81,
0x73, 0x53, 0x53, 0xe6, 0x54, 0xfd, 0x6f, 0x14, 0xd0, 0x8e, 0xef, 0x35, 0x34, 0x80, 0x64, 0xbb,
0x7d, 0xd6, 0x9c, 0x73, 0xa4, 0x3e, 0x7c, 0x16, 0x16, 0x02, 0x77, 0x2f, 0x70, 0xc3, 0x83, 0x94,
0x95, 0x72, 0x9e, 0x03, 0x45, 0xf7, 0x88, 0xe4, 0x10, 0x4f, 0x74, 0x20, 0x15, 0x44, 0xb1, 0xef,
0xed, 0xc5, 0x49, 0x63, 0x42, 0x67, 0x96, 0x5c, 0x4d, 0xf6, 0x23, 0xf6, 0xf3, 0x2a, 0xa8, 0x45,
0x93, 0xa7, 0xb3, 0xd8, 0xf3, 0x7a, 0xae, 0xf6, 0x47, 0xb1, 0xee, 0x96, 0xd7, 0x9d, 0xe4, 0x03,
0xe9, 0x7d, 0x67, 0x71, 0x44, 0x2d, 0xcd, 0x23, 0x39, 0x89, 0x39, 0xb9, 0xfe, 0x29, 0x99, 0x93,
0x6f, 0x89, 0x47, 0x22, 0x74, 0x57, 0xb9, 0x7b, 0x83, 0xbc, 0x08, 0x33, 0xec, 0x5d, 0x88, 0xa8,
0xee, 0x52, 0xaa, 0xba, 0x77, 0x6f, 0x98, 0xa2, 0x5c, 0xfb, 0x56, 0xec, 0xd1, 0x36, 0xd2, 0x88,
0xbb, 0x37, 0xc8, 0x9b, 0x27, 0x7b, 0xaf, 0x59, 0x16, 0xef, 0x35, 0xe3, 0xb7, 0x9a, 0x6f, 0xa5,
0xde, 0x6a, 0x3e, 0x37, 0xb9, 0xb7, 0xb8, 0xb3, 0x24, 0x4b, 0x11, 0x10, 0xc7, 0x79, 0xd6, 0xbe,
0x56, 0x84, 0x67, 0x26, 0x52, 0x90, 0x8b, 0x50, 0xd6, 0x5b, 0xb5, 0x76, 0x32, 0xca, 0x74, 0x15,
0x09, 0x08, 0xd9, 0x82, 0xd9, 0x0d, 0x27, 0xf4, 0x3a, 0x74, 0x4a, 0xe7, 0x3a, 0xc1, 0x8c, 0xb0,
0x8d, 0xd1, 0xb7, 0x4f, 0x99, 0x09, 0x2d, 0xb1, 0x61, 0x19, 0xd7, 0x45, 0x2a, 0xaf, 0x73, 0x31,
0xc7, 0xe8, 0x36, 0xc2, 0x70, 0x84, 0x8c, 0x4a, 0x9e, 0x11, 0x20, 0x79, 0x00, 0xc4, 0xb2, 0xb6,
0x2b, 0x6e, 0x10, 0x71, 0x33, 0x54, 0xe4, 0xc5, 0x8f, 0xff, 0x5e, 0x3d, 0xa6, 0xef, 0x46, 0xe8,
0xb6, 0x4f, 0x99, 0x39, 0xdc, 0xc8, 0x55, 0x90, 0x13, 0x90, 0xa3, 0x16, 0x34, 0xbf, 0x7d, 0xca,
0x84, 0x41, 0x9c, 0x88, 0x3c, 0x5f, 0x36, 0xfc, 0x8a, 0x50, 0x3d, 0xc7, 0xf7, 0xd6, 0x13, 0xe4,
0x69, 0x79, 0x01, 0xca, 0x2d, 0xe1, 0x53, 0x2d, 0xbd, 0xb6, 0x16, 0xfe, 0xd3, 0x66, 0x5c, 0xca,
0x67, 0xf6, 0x6f, 0x2b, 0xc2, 0x4c, 0x77, 0x7c, 0xdf, 0x4a, 0x59, 0xba, 0xbb, 0x93, 0xb3, 0x74,
0x77, 0x7f, 0xc6, 0x2c, 0xdd, 0xbc, 0x52, 0x3e, 0xbc, 0x78, 0xe2, 0xd1, 0x20, 0x6f, 0x83, 0x8a,
0x59, 0x8c, 0x1d, 0x69, 0x64, 0xd3, 0xc1, 0xc9, 0x59, 0xf0, 0xcd, 0x96, 0xe3, 0x05, 0xe6, 0x52,
0x27, 0x4d, 0xcd, 0x3f, 0xf8, 0xfb, 0x3c, 0x85, 0x5b, 0xad, 0xdb, 0xca, 0x5c, 0xbd, 0x3f, 0xed,
0x93, 0x7d, 0x23, 0xb5, 0x4e, 0xc5, 0x5e, 0x97, 0xff, 0xad, 0xf1, 0x2f, 0xf7, 0xa5, 0x45, 0xfb,
0x8f, 0x8b, 0x70, 0x71, 0x12, 0x39, 0xd1, 0x41, 0x35, 0x58, 0x18, 0x50, 0xfe, 0x58, 0xd2, 0x0f,
0xe4, 0x94, 0xa2, 0x2c, 0x44, 0xa8, 0xdd, 0x8d, 0x0b, 0xcd, 0x11, 0x74, 0x3a, 0xce, 0x0c, 0x16,
0xbf, 0x47, 0xc7, 0x71, 0xe6, 0xa4, 0x74, 0x9c, 0x45, 0x31, 0x79, 0x16, 0xa6, 0xf5, 0x8a, 0x95,
0x64, 0x54, 0xc7, 0x87, 0xa3, 0x4e, 0x27, 0xc4, 0x27, 0x89, 0xbc, 0x88, 0xfc, 0x12, 0xa8, 0xd9,
0xd4, 0x89, 0x3c, 0x95, 0xfa, 0x05, 0xa9, 0x43, 0x46, 0xb2, 0x2b, 0x62, 0x7d, 0x93, 0x6c, 0x80,
0x3c, 0xc1, 0x96, 0x39, 0xc2, 0x8b, 0x68, 0x30, 0xdd, 0x0a, 0xdc, 0xd0, 0x8d, 0xe4, 0x47, 0x9d,
0x03, 0x84, 0x98, 0xbc, 0x84, 0x3f, 0xb9, 0x74, 0x8e, 0x58, 0x48, 0xbe, 0x69, 0x39, 0xf4, 0x2a,
0xbe, 0xd1, 0xa4, 0x60, 0x53, 0x42, 0xa1, 0x04, 0x75, 0x67, 0xd8, 0xef, 0x1c, 0xec, 0x9a, 0x75,
0xae, 0xd6, 0x32, 0x82, 0x1e, 0x42, 0x69, 0x03, 0x43, 0x53, 0x42, 0xd1, 0x7e, 0x43, 0x81, 0x95,
0xbc, 0x76, 0x1c, 0xe3, 0xb5, 0xf3, 0x2a, 0xcc, 0xe1, 0x0d, 0xed, 0x9e, 0x1f, 0x1c, 0x3a, 0x91,
0xfc, 0xf4, 0x55, 0x02, 0x9b, 0x78, 0xa3, 0xbc, 0x89, 0xff, 0x93, 0xcb, 0x62, 0xb7, 0x92, 0x12,
0xa3, 0x20, 0x80, 0x6f, 0x5c, 0x9a, 0x0e, 0x50, 0xeb, 0xb6, 0x9a, 0x03, 0x96, 0xdd, 0xef, 0x35,
0x28, 0xd1, 0x6a, 0x65, 0x66, 0x2f, 0x9d, 0x3f, 0xfa, 0x4e, 0x9d, 0x23, 0xb1, 0x5a, 0x85, 0xce,
0x61, 0xcf, 0x44, 0x64, 0xed, 0x1e, 0x2c, 0xa6, 0x31, 0x88, 0x91, 0x4e, 0xf0, 0x32, 0x77, 0x53,
0xe5, 0x9c, 0x36, 0x7c, 0x9f, 0x85, 0x5f, 0xd8, 0x38, 0xff, 0xc3, 0x4f, 0x2e, 0x03, 0xfd, 0xc9,
0x68, 0xf2, 0x12, 0xc0, 0x68, 0xdf, 0x28, 0xc0, 0x4a, 0x12, 0x22, 0x4e, 0xac, 0xa1, 0xbf, 0xb6,
0xe1, 0x87, 0xf4, 0x54, 0x78, 0x1c, 0xa1, 0x84, 0x8e, 0x36, 0x70, 0x42, 0x54, 0x8e, 0x2d, 0x58,
0x1d, 0x87, 0x4f, 0x5e, 0x82, 0x59, 0x8c, 0x54, 0x3c, 0x70, 0x3a, 0xae, 0x2c, 0x72, 0xfb, 0x02,
0x68, 0x26, 0xe5, 0xda, 0x0f, 0x14, 0x58, 0xe3, 0x41, 0x03, 0x76, 0x1c, 0xaf, 0x8f, 0x17, 0x82,
0x1d, 0xf7, 0xd3, 0x09, 0x9f, 0xb5, 0x95, 0x92, 0x63, 0xcf, 0xa7, 0x63, 0x43, 0x8c, 0x7c, 0x6d,
0x7c, 0x6b, 0xc9, 0x8b, 0x18, 0x7d, 0x9b, 0xbb, 0x99, 0x96, 0x58, 0x7c, 0xc3, 0x3e, 0x05, 0xc8,
0xf1, 0x0d, 0x11, 0x43, 0xfb, 0x55, 0xb8, 0x34, 0xf9, 0x03, 0xe4, 0xcb, 0xb0, 0x80, 0xe9, 0xb8,
0x77, 0x07, 0xfb, 0x81, 0xd3, 0x75, 0x85, 0x91, 0x58, 0xdc, 0x65, 0xc8, 0x65, 0x2c, 0x98, 0x38,
0x8f, 0xb7, 0xb7, 0x8f, 0x89, 0xbe, 0x39, 0x51, 0x2a, 0x32, 0x87, 0xcc, 0x4d, 0xfb, 0xaa, 0x02,
0x64, 0x94, 0x07, 0x79, 0x03, 0xe6, 0x77, 0xdb, 0x15, 0x2b, 0x72, 0x82, 0x68, 0xdb, 0x1f, 0x06,
0x3c, 0x92, 0x37, 0x0b, 0xbf, 0x16, 0x75, 0x6c, 0x76, 0xf5, 0x7b, 0xe0, 0x0f, 0x03, 0x33, 0x85,
0x87, 0x29, 0x9b, 0x5d, 0xf7, 0x61, 0xd7, 0x39, 0x4a, 0xa7, 0x6c, 0xe6, 0xb0, 0x54, 0xca, 0x66,
0x0e, 0xd3, 0xbe, 0xa3, 0xc0, 0x05, 0xf1, 0xec, 0xab, 0x9b, 0x53, 0x97, 0x0a, 0x06, 0x19, 0x0d,
0x44, 0xda, 0x9c, 0x49, 0x8a, 0xfe, 0xb2, 0x88, 0xc3, 0x8b, 0x15, 0x44, 0x8d, 0x9f, 0xd1, 0x92,
0x2f, 0x40, 0xc9, 0x8a, 0xfc, 0xc1, 0x09, 0x02, 0xf1, 0xaa, 0xf1, 0x88, 0x46, 0xfe, 0x00, 0x59,
0x20, 0xa5, 0xe6, 0xc2, 0x8a, 0x5c, 0x39, 0x51, 0x63, 0xb2, 0x03, 0x33, 0x3c, 0x8a, 0x7b, 0xc6,
0x9b, 0x74, 0x42, 0x9b, 0x36, 0x96, 0x44, 0xb4, 0x5f, 0x9e, 0xe0, 0xc5, 0x14, 0x3c, 0xb4, 0x7f,
0xa0, 0xc0, 0x1c, 0x55, 0x75, 0xd0, 0x62, 0xf0, 0xb4, 0x53, 0x3a, 0xad, 0x42, 0x0b, 0x3f, 0xf3,
0x98, 0xfd, 0x89, 0x76, 0xe3, 0xd7, 0x61, 0x29, 0x43, 0x40, 0x34, 0x8c, 0xf3, 0xd8, 0xf3, 0x3a,
0x0e, 0xcb, 0x00, 0xcb, 0x7c, 0xb4, 0x53, 0x30, 0xed, 0x37, 0x15, 0x58, 0x69, 0x3e, 0x8c, 0x1c,
0xe6, 0xa1, 0x61, 0x0e, 0x7b, 0x62, 0xbd, 0x53, 0xf5, 0x4d, 0xbc, 0x1f, 0x64, 0x21, 0xe5, 0x98,
0xfa, 0xc6, 0x61, 0x66, 0x5c, 0x4a, 0xb6, 0xa1, 0xcc, 0xf7, 0x97, 0x90, 0xe7, 0x2b, 0xb9, 0x24,
0x99, 0x33, 0x12, 0xc6, 0x1c, 0x89, 0xb6, 0x04, 0x45, 0x18, 0xa7, 0x31, 0x63, 0x6a, 0xed, 0x2f,
0x15, 0x38, 0x37, 0x86, 0x86, 0xbc, 0x03, 0x53, 0x18, 0xee, 0x86, 0x8f, 0xde, 0xc5, 0x31, 0x9f,
0x88, 0x3a, 0x07, 0x77, 0x6f, 0xb0, 0x8d, 0xe8, 0x90, 0xfe, 0x30, 0x19, 0x15, 0xf9, 0x00, 0x66,
0xf5, 0x6e, 0x97, 0x1f, 0xec, 0x0a, 0xa9, 0x83, 0xdd, 0x98, 0x2f, 0x5e, 0x8f, 0xf1, 0xd9, 0xc1,
0x8e, 0x05, 0x5e, 0xe8, 0x76, 0x6d, 0x1e, 0xca, 0x27, 0xe1, 0xb7, 0xf6, 0x36, 0x2c, 0xa6, 0x91,
0x9f, 0x28, 0xfa, 0xc8, 0xb7, 0x14, 0x50, 0xd3, 0x75, 0xf8, 0xf9, 0xc4, 0x29, 0xce, 0x1b, 0xe6,
0x63, 0x26, 0xd5, 0x3f, 0x2c, 0xc0, 0x99, 0xdc, 0x1e, 0x26, 0x2f, 0xc3, 0xb4, 0x3e, 0x18, 0xd4,
0xaa, 0x7c, 0x56, 0x71, 0x0d, 0x09, 0x6f, 0x36, 0x52, 0xe7, 0x5e, 0x86, 0x44, 0x5e, 0x83, 0x32,
0x73, 0x04, 0xaa, 0x0a, 0x81, 0x83, 0x81, 0x57, 0xb9, 0x97, 0x52, 0x3a, 0x73, 0x88, 0x40, 0x24,
0x9b, 0xb0, 0xc8, 0x43, 0x96, 0xa2, 0x57, 0x58, 0x9c, 0x80, 0x0f, 0x1d, 0xe9, 0xc4, 0x75, 0x09,
0xf3, 0x27, 0x4b, 0xc9, 0xce, 0x0c, 0x15, 0xa9, 0x83, 0x8a, 0x3c, 0x65, 0x4e, 0x2c, 0x7d, 0x89,
0xe4, 0x88, 0x39, 0x86, 0xd7, 0x08, 0x65, 0x3c, 0x5c, 0xec, 0x25, 0xcd, 0xa1, 0xdb, 0x8f, 0x7e,
0x7e, 0xc3, 0x95, 0x7c, 0xe3, 0x44, 0xc3, 0xf5, 0xbb, 0x25, 0xb6, 0x98, 0xb3, 0x64, 0x54, 0xa3,
0x91, 0xf2, 0x6d, 0xa1, 0x46, 0x43, 0x4f, 0x6c, 0x3c, 0x28, 0x67, 0x15, 0x66, 0xda, 0x3c, 0x97,
0x12, 0x5b, 0x19, 0xcf, 0xe4, 0x56, 0x81, 0xe1, 0xdc, 0xbd, 0xc1, 0xd4, 0x17, 0x9e, 0x5b, 0xc9,
0x14, 0xa4, 0xe4, 0x2e, 0xcc, 0x55, 0x7a, 0xae, 0xd3, 0x1f, 0x0e, 0xda, 0x27, 0xf3, 0x3f, 0x58,
0xe5, 0x6d, 0x99, 0xef, 0x30, 0x32, 0xf4, 0x5b, 0x40, 0x49, 0x2e, 0x33, 0x22, 0xed, 0x38, 0x14,
0x47, 0x09, 0x6d, 0xa5, 0xaf, 0x4e, 0xe8, 0x9f, 0x2c, 0x10, 0xe9, 0xd2, 0x71, 0x66, 0x78, 0xac,
0x0e, 0x1b, 0x16, 0xeb, 0x4e, 0x18, 0xb5, 0x03, 0xa7, 0x1f, 0x62, 0xe2, 0x86, 0x13, 0x04, 0xa1,
0xbe, 0xc0, 0x2b, 0xcc, 0x6c, 0xa8, 0x51, 0x4c, 0xca, 0x6c, 0xa8, 0x69, 0x76, 0x54, 0x5f, 0xda,
0xf4, 0xfa, 0x4e, 0xcf, 0xfb, 0x8a, 0x88, 0x58, 0xc4, 0xf4, 0xa5, 0x3d, 0x01, 0x34, 0x93, 0x72,
0xed, 0x4b, 0x23, 0xe3, 0xc6, 0x6a, 0x39, 0x07, 0x33, 0x3c, 0x9e, 0x1d, 0x8b, 0xef, 0xd6, 0x32,
0x1a, 0xd5, 0x5a, 0x63, 0x4b, 0x55, 0xc8, 0x22, 0x40, 0xcb, 0x6c, 0x56, 0x0c, 0xcb, 0xa2, 0xbf,
0x0b, 0xf4, 0x37, 0x0f, 0xfe, 0xb6, 0xb9, 0x5b, 0x57, 0x8b, 0x52, 0xfc, 0xb7, 0x92, 0xf6, 0x7d,
0x05, 0xce, 0xe6, 0x0f, 0x25, 0x69, 0x73, 0x47, 0x7d, 0xe6, 0x89, 0xf2, 0xc6, 0xc4, 0x71, 0xcf,
0x05, 0x67, 0x23, 0x09, 0x46, 0x2c, 0x42, 0x5d, 0x41, 0x5c, 0x70, 0xb2, 0x90, 0x37, 0x5e, 0xd7,
0x2c, 0x78, 0x5d, 0xad, 0x02, 0xab, 0xe3, 0x78, 0xa4, 0x9b, 0xba, 0x04, 0x73, 0x7a, 0xab, 0x55,
0xaf, 0x55, 0xf4, 0x76, 0xad, 0xd9, 0x50, 0x15, 0x32, 0x0b, 0x53, 0x5b, 0x66, 0x73, 0xb7, 0xa5,
0x16, 0xb4, 0x3f, 0x51, 0x60, 0xa1, 0x96, 0x78, 0xca, 0x3e, 0xed, 0xe2, 0xfb, 0x5c, 0x6a, 0xf1,
0xad, 0xc6, 0xb1, 0x32, 0xe3, 0x0f, 0x4c, 0xd0, 0x20, 0x37, 0xe2, 0x80, 0x46, 0xc5, 0x94, 0x47,
0x89, 0x4c, 0x2d, 0x42, 0xc5, 0xc4, 0x39, 0x03, 0xd3, 0x01, 0x8f, 0xa4, 0xd5, 0xfb, 0xaf, 0x8a,
0xb0, 0x3c, 0xf2, 0x5d, 0x62, 0xc1, 0x8c, 0x7e, 0xcf, 0x6a, 0xd6, 0xaa, 0x15, 0xde, 0xba, 0xcb,
0x89, 0x77, 0x25, 0xa6, 0xc0, 0x1e, 0xa9, 0x29, 0x8b, 0x51, 0xf5, 0x28, 0xb4, 0x7d, 0xaf, 0xdb,
0x49, 0xb9, 0xf7, 0x0a, 0x4e, 0xb8, 0x1b, 0x7e, 0x65, 0x18, 0xa0, 0xc7, 0x32, 0x6f, 0x79, 0xec,
0xb4, 0x29, 0xe0, 0xa3, 0x8c, 0xd1, 0x87, 0xd7, 0xa1, 0xe5, 0xa3, 0xac, 0x13, 0x7e, 0xa4, 0x01,
0xd3, 0x5b, 0x5e, 0xb4, 0x3d, 0x7c, 0xc0, 0x7b, 0xe5, 0x52, 0x92, 0x10, 0x79, 0x7b, 0xf8, 0x60,
0x94, 0x2d, 0x5a, 0x4c, 0x59, 0x7c, 0x8a, 0x14, 0x4b, 0xce, 0x85, 0xdc, 0x81, 0x29, 0xfd, 0x9e,
0x65, 0xea, 0x7c, 0x85, 0x4a, 0xfe, 0xab, 0xa6, 0x3e, 0x86, 0x1b, 0x6d, 0x7d, 0xe0, 0xa4, 0xb8,
0x31, 0x1e, 0xd9, 0x18, 0x3d, 0xa5, 0x27, 0x8a, 0xd1, 0xb3, 0xb1, 0x00, 0x73, 0xfc, 0x50, 0x87,
0xe7, 0xa5, 0xc7, 0x70, 0x3a, 0x67, 0xa8, 0x89, 0x83, 0x5e, 0xf2, 0x78, 0xeb, 0xae, 0xf7, 0x8f,
0x1e, 0x1d, 0xb8, 0x81, 0x3b, 0x3a, 0x76, 0xe9, 0xba, 0x8b, 0x59, 0x92, 0x5b, 0x7b, 0x73, 0x84,
0x9d, 0xf6, 0xc7, 0x0a, 0xac, 0x8e, 0x9b, 0x00, 0xf4, 0x84, 0x9a, 0x8e, 0x02, 0x78, 0x36, 0x4e,
0xfc, 0x99, 0xf6, 0x6e, 0x17, 0x68, 0xe4, 0x3d, 0x98, 0x63, 0x1e, 0x90, 0xd6, 0x6b, 0xbb, 0x66,
0x8d, 0xaf, 0xdc, 0x67, 0x7e, 0xf2, 0xc9, 0xe5, 0x73, 0xdc, 0x69, 0x32, 0x7c, 0xcd, 0x1e, 0x06,
0x5e, 0x42, 0xba, 0xaa, 0x98, 0x32, 0x05, 0x3d, 0x50, 0x38, 0xc3, 0xae, 0xe7, 0x8a, 0xe3, 0x94,
0x88, 0x94, 0xc6, 0x61, 0xf2, 0xf6, 0x2e, 0x60, 0xda, 0xd7, 0x15, 0x58, 0x1b, 0x3f, 0xdb, 0xa8,
0xca, 0xd0, 0x66, 0x8e, 0xa4, 0x22, 0x56, 0x19, 0xaa, 0x0c, 0xb1, 0xb7, 0xa9, 0xcc, 0x53, 0x20,
0x52, 0x22, 0x6e, 0xf8, 0x13, 0xf6, 0x22, 0x24, 0x8a, 0xed, 0x82, 0x32, 0x91, 0x40, 0xd4, 0xee,
0xc3, 0xb9, 0x31, 0x73, 0x93, 0xbc, 0x9b, 0x9b, 0x4e, 0x18, 0x63, 0x51, 0xc8, 0xc1, 0x46, 0x52,
0x79, 0xe9, 0x25, 0xb8, 0xf6, 0x9f, 0x99, 0xeb, 0x74, 0xce, 0x44, 0xa5, 0xda, 0x0d, 0xa6, 0xaf,
0xd5, 0xfb, 0x9d, 0x03, 0x3f, 0x48, 0x06, 0x0b, 0xb5, 0x9b, 0x88, 0x96, 0xd8, 0x0e, 0x16, 0x65,
0x06, 0x2d, 0x43, 0x45, 0x7c, 0x58, 0x6e, 0x05, 0xfe, 0x9e, 0xc7, 0x1e, 0x2e, 0xb3, 0x43, 0x29,
0x5f, 0xd3, 0x2f, 0x48, 0xd3, 0x4d, 0x9e, 0x3e, 0x23, 0xf8, 0x71, 0x1e, 0x37, 0x0a, 0x66, 0xbe,
0x39, 0x1d, 0x2c, 0x30, 0x47, 0x79, 0x6b, 0x3f, 0x2c, 0xc0, 0xd5, 0x63, 0x39, 0x9e, 0x34, 0x0b,
0xef, 0x2b, 0x00, 0x9c, 0x96, 0xf6, 0x80, 0x64, 0x72, 0x12, 0x95, 0x71, 0x82, 0xbe, 0x29, 0xa1,
0x90, 0x87, 0xf0, 0x8c, 0xf8, 0xd5, 0xe9, 0xb8, 0x83, 0x28, 0xa4, 0xf5, 0xe0, 0xc1, 0xcb, 0xe3,
0x28, 0x6c, 0xe5, 0x8d, 0xe7, 0x7f, 0xf2, 0xc9, 0xe5, 0xab, 0x31, 0x0f, 0x86, 0xc9, 0x1e, 0x78,
0x88, 0x38, 0xe8, 0x68, 0xf8, 0x9a, 0xcc, 0x8b, 0x5c, 0x4b, 0x56, 0x52, 0x29, 0x31, 0x61, 0x8b,
0x95, 0x94, 0xac, 0x9f, 0x6d, 0x20, 0x9c, 0x11, 0x25, 0xdb, 0x94, 0xef, 0xb2, 0x99, 0xd4, 0x14,
0x35, 0x61, 0x86, 0x34, 0x56, 0x6e, 0xe6, 0xd0, 0x68, 0xbf, 0xc3, 0x16, 0x76, 0xae, 0x74, 0x20,
0x8f, 0x60, 0x89, 0x6a, 0x19, 0x52, 0x67, 0x73, 0xb9, 0x72, 0xf3, 0xf8, 0x81, 0xae, 0x45, 0x3c,
0x58, 0x8f, 0x35, 0x3c, 0x3c, 0x74, 0x82, 0xa3, 0x8d, 0xf3, 0x22, 0x9d, 0x2c, 0x6a, 0x33, 0xf2,
0xd8, 0x9b, 0xd9, 0xaf, 0x68, 0x3f, 0x2e, 0xc0, 0x4b, 0x4f, 0xc0, 0x9b, 0xb4, 0x60, 0x16, 0xcf,
0xf3, 0xa8, 0x09, 0x1e, 0x6f, 0x0f, 0x38, 0xcb, 0xf7, 0x46, 0x1e, 0xac, 0x27, 0xd6, 0x03, 0x13,
0x26, 0xe4, 0x36, 0x9d, 0x4e, 0x5d, 0xe4, 0x77, 0xbc, 0x6d, 0x60, 0x45, 0x98, 0xc9, 0xdc, 0x7e,
0x37, 0xe1, 0x26, 0x18, 0x48, 0x71, 0x08, 0x8b, 0x63, 0xe3, 0x10, 0xbe, 0x0e, 0xf3, 0x86, 0xe4,
0x60, 0xcb, 0x87, 0x1f, 0x6f, 0x0d, 0x52, 0xde, 0xb8, 0x66, 0x0a, 0x8d, 0x7c, 0x1e, 0x16, 0x99,
0xf7, 0x00, 0xef, 0x1d, 0xe6, 0xdb, 0x36, 0xc5, 0xb3, 0xab, 0x60, 0x89, 0xe8, 0xea, 0xd0, 0xcc,
0xa0, 0xd2, 0x85, 0x75, 0x96, 0x6a, 0x25, 0x3d, 0x37, 0x0c, 0xf5, 0x61, 0x74, 0x40, 0x77, 0x1d,
0x76, 0x4e, 0x27, 0x6f, 0xc2, 0xf4, 0xc1, 0x93, 0xdd, 0xce, 0x31, 0x74, 0x42, 0x00, 0x35, 0x7d,
0x11, 0x2e, 0x85, 0xfe, 0x4f, 0xde, 0x82, 0x29, 0x34, 0x32, 0x73, 0x85, 0x5a, 0x18, 0x42, 0xf2,
0x3f, 0x8d, 0x26, 0x68, 0x93, 0x11, 0xd0, 0xd5, 0x9a, 0xe4, 0xc9, 0xe5, 0xfb, 0xb1, 0x30, 0xbe,
0xc6, 0xa9, 0x72, 0xcd, 0xd9, 0xc3, 0x3d, 0x87, 0x27, 0x9f, 0x5d, 0x87, 0x65, 0x21, 0x7b, 0x07,
0x22, 0x53, 0x09, 0xf7, 0xbb, 0x59, 0xe2, 0x21, 0x9d, 0x06, 0x22, 0x5b, 0xc9, 0x73, 0xb0, 0x18,
0x86, 0x07, 0x36, 0x0f, 0x24, 0xf8, 0x50, 0x24, 0x41, 0x33, 0xe7, 0xc3, 0xf0, 0x80, 0x45, 0x14,
0xbc, 0xe3, 0x1e, 0x51, 0x2c, 0x7c, 0xcb, 0x90, 0x60, 0x95, 0x19, 0x56, 0xd4, 0x0b, 0x63, 0x2c,
0x1e, 0x03, 0x13, 0x12, 0x2c, 0xed, 0xbf, 0x17, 0x60, 0xf6, 0x1e, 0x3d, 0xbc, 0xa2, 0x49, 0x76,
0xb2, 0x89, 0xf7, 0x26, 0xcc, 0xd5, 0x7d, 0x87, 0x5f, 0xd1, 0xf3, 0x78, 0x1d, 0xec, 0xf1, 0x53,
0xcf, 0x77, 0xc4, 0x6d, 0x7f, 0x68, 0xca, 0x48, 0xc7, 0x04, 0x81, 0xbc, 0x0d, 0xd3, 0x6c, 0x85,
0xf3, 0xdb, 0x06, 0x61, 0xbe, 0x88, 0x6b, 0x74, 0x9d, 0x15, 0x4b, 0x77, 0xc8, 0x4c, 0x4a, 0xc8,
0x67, 0x69, 0xfe, 0xd0, 0x49, 0x32, 0x40, 0x4f, 0x9d, 0xcc, 0x00, 0x2d, 0x65, 0x9c, 0x98, 0x3e,
0x49, 0xc6, 0x89, 0xb5, 0x5b, 0x30, 0x27, 0xd5, 0xe7, 0x89, 0xac, 0x19, 0xbf, 0x56, 0x80, 0x05,
0x6c, 0x55, 0x2c, 0xb5, 0xfe, 0x7a, 0x9a, 0xd3, 0x3f, 0x97, 0x32, 0xa7, 0xaf, 0xca, 0xe3, 0xc5,
0x9d, 0x7e, 0xc6, 0xdb, 0xd1, 0x6f, 0xc3, 0xf2, 0x08, 0x22, 0x79, 0x1d, 0xa6, 0x68, 0xf5, 0x85,
0xf9, 0x51, 0xcd, 0xce, 0x80, 0x24, 0x3b, 0x19, 0x6d, 0x78, 0x68, 0x32, 0x6c, 0xed, 0x7f, 0x2a,
0x30, 0xcf, 0xd3, 0x32, 0xf7, 0xf7, 0xfc, 0x63, 0xbb, 0xf3, 0x5a, 0xb6, 0x3b, 0x59, 0x48, 0x63,
0xde, 0x9d, 0xff, 0xb7, 0x3b, 0xf1, 0x56, 0xaa, 0x13, 0xcf, 0xc5, 0xb9, 0x4a, 0x44, 0x73, 0x26,
0xf4, 0xe1, 0x77, 0x31, 0x7b, 0x57, 0x1a, 0x91, 0xfc, 0x12, 0xcc, 0x36, 0xdc, 0x47, 0x29, 0x2b,
0xde, 0xb5, 0x31, 0x4c, 0xaf, 0xc7, 0x88, 0x6c, 0x4d, 0xb1, 0x07, 0x88, 0xee, 0x23, 0x7b, 0xc4,
0x37, 0x23, 0x61, 0xb9, 0xf6, 0x36, 0x2c, 0xa6, 0xc9, 0x9e, 0x64, 0xea, 0xf3, 0x08, 0x67, 0x18,
0xa5, 0xfb, 0x37, 0x8a, 0x00, 0x49, 0x70, 0x28, 0xba, 0x00, 0x53, 0xee, 0x60, 0xe2, 0x02, 0x14,
0x41, 0xf2, 0x1c, 0x17, 0x5e, 0x62, 0xd7, 0xf8, 0x45, 0x5d, 0x61, 0x7c, 0x2e, 0x99, 0xbe, 0x08,
0x70, 0xc7, 0x3c, 0xa9, 0x7b, 0x0e, 0x7b, 0x7b, 0x54, 0xdc, 0x78, 0x0e, 0x53, 0x87, 0xc5, 0xd0,
0x54, 0xde, 0x8e, 0x72, 0x75, 0xc8, 0x53, 0x16, 0x62, 0x38, 0xa0, 0x2a, 0x45, 0x18, 0x09, 0xb8,
0x56, 0x7a, 0xb2, 0x80, 0x6b, 0x2d, 0x98, 0xf5, 0xfa, 0x1f, 0xbb, 0xfd, 0xc8, 0x0f, 0x8e, 0xf0,
0x76, 0x32, 0xb9, 0xf6, 0xa0, 0x5d, 0x50, 0x13, 0x65, 0x6c, 0x1c, 0x50, 0xd3, 0x8c, 0xf1, 0xe5,
0x61, 0x88, 0x81, 0xb1, 0xe7, 0xce, 0x94, 0x3a, 0xcd, 0xe2, 0x34, 0xdd, 0x2e, 0x95, 0xcb, 0xea,
0xec, 0xed, 0x52, 0x79, 0x56, 0x05, 0x53, 0x72, 0x36, 0x88, 0x9d, 0x09, 0xa4, 0x9b, 0xff, 0xf4,
0xad, 0xbe, 0xf6, 0x57, 0x05, 0x20, 0xa3, 0xd5, 0x20, 0x9f, 0x83, 0x39, 0x26, 0x60, 0xed, 0x20,
0xfc, 0x88, 0x3f, 0xc0, 0x64, 0xaf, 0xa6, 0x25, 0xb0, 0x1c, 0xeb, 0x9c, 0x81, 0xcd, 0xf0, 0xa3,
0x1e, 0xf9, 0x32, 0x9c, 0xc6, 0xee, 0x1d, 0xb8, 0x81, 0xe7, 0x77, 0x6d, 0xcc, 0x64, 0xe5, 0xf4,
0x70, 0xac, 0x8a, 0x1b, 0x2f, 0xff, 0xe4, 0x93, 0xcb, 0xcf, 0xe4, 0x14, 0x8f, 0x19, 0x06, 0x0c,
0xaf, 0xd4, 0x42, 0xcc, 0x16, 0x43, 0x24, 0x6d, 0x50, 0x65, 0xfa, 0xbd, 0x61, 0xaf, 0xc7, 0x47,
0x76, 0x9d, 0x1e, 0x0d, 0xb2, 0x65, 0x63, 0x18, 0x2f, 0x26, 0x8c, 0x37, 0x87, 0xbd, 0x1e, 0x79,
0x13, 0xc0, 0xef, 0xdb, 0x87, 0x5e, 0x18, 0xb2, 0x3b, 0xef, 0xf8, 0x51, 0x6e, 0x02, 0x95, 0x07,
0xc3, 0xef, 0xef, 0x30, 0x20, 0xf9, 0x3b, 0x80, 0x21, 0x52, 0x31, 0x76, 0x30, 0xd7, 0x66, 0xd8,
0x69, 0x41, 0x00, 0xd3, 0xd1, 0xf1, 0xf6, 0x5d, 0xcb, 0xfb, 0x8a, 0x78, 0xbb, 0xfc, 0x45, 0x58,
0xe6, 0x9a, 0xd1, 0x3d, 0x2f, 0x3a, 0xe0, 0x16, 0x97, 0xa7, 0x31, 0xd7, 0x48, 0xe6, 0x92, 0x3f,
0x9a, 0x02, 0xd0, 0xef, 0x59, 0x22, 0x2c, 0xff, 0x8b, 0x30, 0xd5, 0xa6, 0x6c, 0xb8, 0x3d, 0x1a,
0x15, 0x2e, 0xe4, 0x2b, 0xdf, 0xe6, 0x21, 0x06, 0x5d, 0x8d, 0x26, 0x3e, 0x33, 0x14, 0xb6, 0x68,
0x5c, 0x8d, 0xec, 0xe5, 0x61, 0x2a, 0x8f, 0x1a, 0xc7, 0x22, 0x75, 0x80, 0x24, 0x50, 0x3e, 0xb7,
0x6a, 0x2c, 0x27, 0x11, 0xa7, 0x79, 0x01, 0xcf, 0x0f, 0x9b, 0xbc, 0x25, 0x97, 0xa7, 0x4f, 0x82,
0x46, 0xee, 0x40, 0xa9, 0xed, 0xc4, 0x71, 0xd0, 0xc6, 0xa4, 0x0f, 0xb8, 0x42, 0x5b, 0x9f, 0x4a,
0x21, 0xb0, 0x18, 0x39, 0xfb, 0x72, 0xed, 0x90, 0x09, 0x31, 0x60, 0xba, 0xe5, 0x04, 0xce, 0x61,
0x38, 0x2e, 0xed, 0x0c, 0x2b, 0x15, 0xd9, 0xe9, 0x10, 0x28, 0xeb, 0x14, 0xac, 0x98, 0xdc, 0x84,
0xa2, 0x65, 0xed, 0xf0, 0xe7, 0x11, 0x0b, 0xc9, 0x69, 0xc2, 0xb2, 0x76, 0x98, 0xd2, 0x1b, 0x86,
0x87, 0x12, 0x19, 0x45, 0x26, 0x9f, 0x87, 0x39, 0xe9, 0x90, 0xc2, 0xc3, 0x4d, 0x63, 0x1f, 0x48,
0x0f, 0xd9, 0x65, 0xa1, 0x21, 0x61, 0x93, 0x3a, 0xa8, 0x77, 0x86, 0x0f, 0x5c, 0x7d, 0x30, 0xc0,
0x70, 0x4a, 0x1f, 0xbb, 0x01, 0x53, 0xe4, 0xca, 0x49, 0x62, 0x37, 0x7c, 0x35, 0xda, 0x15, 0xa5,
0xb2, 0x39, 0x24, 0x4b, 0x49, 0x5a, 0xb0, 0x6c, 0xb9, 0xd1, 0x70, 0xc0, 0xbc, 0x19, 0x37, 0xd9,
0x71, 0x9a, 0x05, 0xa7, 0xc6, 0x1c, 0x58, 0x21, 0x2d, 0x14, 0x8e, 0xa4, 0x7b, 0x23, 0x47, 0xea,
0x51, 0x62, 0xf2, 0xe5, 0xcc, 0xc1, 0x1f, 0xb2, 0xb6, 0x27, 0xb9, 0x54, 0x64, 0xa0, 0x38, 0xb9,
0x5d, 0xe0, 0xbf, 0x32, 0xbb, 0x40, 0x0e, 0x13, 0x62, 0xc0, 0xa2, 0x0c, 0x8e, 0xad, 0x1f, 0x18,
0xa9, 0x20, 0x15, 0xfa, 0x34, 0x65, 0xce, 0xc8, 0x10, 0x91, 0xc7, 0x70, 0x5a, 0x86, 0x38, 0xbd,
0xdd, 0xbe, 0x17, 0x85, 0x99, 0x94, 0xd8, 0x99, 0x2a, 0x20, 0x8a, 0x68, 0x0c, 0x76, 0x9c, 0x9f,
0x62, 0x61, 0x0f, 0x29, 0x82, 0xf4, 0xd1, 0xbc, 0x4f, 0x68, 0xbf, 0x8a, 0xa1, 0x18, 0xc6, 0xf1,
0x65, 0x89, 0x13, 0xf1, 0x29, 0xbf, 0x7c, 0x75, 0xc4, 0x1f, 0xfa, 0xa7, 0x13, 0x27, 0x22, 0x88,
0x12, 0x18, 0xec, 0xed, 0xbf, 0xbc, 0x5c, 0x79, 0x38, 0x00, 0x99, 0x80, 0x63, 0x69, 0xdf, 0x54,
0xe4, 0xf5, 0x2a, 0x1f, 0xe2, 0x95, 0x49, 0x87, 0xf8, 0x57, 0x72, 0xb2, 0x5f, 0xa0, 0x29, 0x42,
0xca, 0x7e, 0x21, 0xe7, 0xbc, 0x20, 0x2f, 0x42, 0x99, 0xd2, 0x4a, 0x6a, 0x3f, 0x4b, 0x41, 0xe2,
0xf7, 0x44, 0x96, 0x6a, 0x51, 0xac, 0xfd, 0x74, 0x4a, 0xca, 0xd5, 0xc4, 0xd7, 0xdc, 0x3b, 0x00,
0xb7, 0x7d, 0xaf, 0xbf, 0xe3, 0x46, 0x07, 0x7e, 0x57, 0x1a, 0xe4, 0xb9, 0x0f, 0x7d, 0xaf, 0x6f,
0x1f, 0x22, 0xf8, 0xaf, 0x3e, 0xb9, 0x2c, 0x21, 0x99, 0xd2, 0xff, 0xe4, 0xb3, 0x30, 0x4b, 0x7f,
0xb5, 0x13, 0xdf, 0x5b, 0x76, 0x45, 0x89, 0xd4, 0x2c, 0xad, 0x72, 0x82, 0x40, 0x6e, 0x61, 0x22,
0x71, 0x6f, 0x10, 0x49, 0xb5, 0x15, 0x59, 0xc3, 0xbd, 0x41, 0x94, 0x8d, 0x45, 0x21, 0x21, 0x93,
0xed, 0xb8, 0xea, 0x6d, 0x9e, 0xdb, 0x8b, 0xe7, 0x2b, 0xe7, 0x01, 0x2d, 0xb0, 0xc8, 0x16, 0x79,
0xbf, 0xe4, 0x80, 0x16, 0x19, 0x32, 0xac, 0x84, 0xb5, 0x5d, 0xe5, 0x36, 0xaa, 0x29, 0xa9, 0x12,
0xe1, 0x41, 0x97, 0x5b, 0x9c, 0x52, 0x95, 0x88, 0x91, 0xc9, 0x06, 0x2c, 0xb1, 0xd3, 0x5d, 0x2b,
0xf0, 0x1f, 0x1f, 0x61, 0xd2, 0xea, 0xe9, 0x64, 0x0f, 0x1b, 0x50, 0x20, 0x9e, 0x2f, 0xe5, 0xcf,
0x67, 0x08, 0xc8, 0x26, 0x4c, 0xa1, 0xbd, 0x91, 0xbf, 0x33, 0xbd, 0x20, 0x5b, 0xbc, 0xb3, 0xf2,
0x12, 0xf7, 0x0f, 0xb4, 0x75, 0xcb, 0xfb, 0x07, 0xa2, 0x92, 0x2f, 0x02, 0x18, 0xfd, 0xc0, 0xef,
0xf5, 0x30, 0x95, 0x5d, 0x39, 0x15, 0xf7, 0x86, 0xf3, 0x41, 0x2e, 0x09, 0x12, 0xe6, 0x73, 0x3c,
0xe3, 0xe2, 0x6f, 0x3b, 0x9d, 0xf0, 0x6e, 0x55, 0x31, 0x25, 0x6e, 0xe4, 0xb3, 0x30, 0x6d, 0x0d,
0xf7, 0xf6, 0xbc, 0xc7, 0x5c, 0x7c, 0xb1, 0x3c, 0x6e, 0x08, 0x91, 0xc5, 0x36, 0xc3, 0x21, 0x6f,
0xc3, 0xdc, 0xee, 0xa0, 0xeb, 0x44, 0x2e, 0xde, 0x52, 0xf2, 0xe4, 0xa0, 0x28, 0x85, 0x86, 0x08,
0x66, 0x0f, 0x1d, 0x64, 0x19, 0x2c, 0xa1, 0x13, 0x0f, 0x96, 0xb7, 0xdb, 0xed, 0x16, 0x76, 0x90,
0x78, 0x2e, 0xcf, 0x03, 0xcb, 0x88, 0xf3, 0xce, 0x48, 0xf9, 0xc6, 0x55, 0xaa, 0xdf, 0x1c, 0x44,
0xd1, 0xc0, 0x66, 0x9d, 0x2e, 0x22, 0x75, 0xc9, 0xe2, 0x74, 0x84, 0x4a, 0xfb, 0x43, 0x25, 0xe7,
0x5b, 0xe4, 0x0d, 0x98, 0x8d, 0x81, 0x72, 0xde, 0xdb, 0x84, 0xbd, 0xac, 0x92, 0xc4, 0xa8, 0x74,
0x1e, 0xd1, 0x1f, 0x16, 0x23, 0x94, 0xf2, 0xd4, 0x50, 0xc2, 0x70, 0x84, 0x52, 0x42, 0xa6, 0xc7,
0xcd, 0x86, 0xcf, 0xe8, 0x24, 0x3b, 0x75, 0xdf, 0x1f, 0x21, 0x12, 0x68, 0x5a, 0x0d, 0xa6, 0xd9,
0x46, 0x88, 0xa9, 0x3a, 0x79, 0x42, 0x73, 0x29, 0xd1, 0x23, 0x4b, 0xd5, 0xc9, 0xe1, 0xa3, 0xa9,
0x3a, 0x25, 0x02, 0xed, 0x0e, 0xac, 0xe4, 0x4d, 0xb6, 0x94, 0xd5, 0x5a, 0x39, 0xa9, 0xd5, 0xfa,
0x4f, 0x8b, 0x30, 0x8f, 0xdc, 0x84, 0x60, 0xd5, 0x61, 0xc1, 0x1a, 0x3e, 0x88, 0xd3, 0x52, 0x08,
0x4d, 0x08, 0xeb, 0x17, 0xca, 0x05, 0xb2, 0x9b, 0x51, 0x8a, 0x82, 0xee, 0x3d, 0x42, 0x0b, 0xdb,
0x12, 0xef, 0x64, 0xe3, 0x2c, 0x99, 0xe2, 0xf9, 0x30, 0x7f, 0x3d, 0x23, 0xef, 0x3d, 0x69, 0xa2,
0x44, 0x17, 0x2b, 0x3e, 0x89, 0x2e, 0x56, 0x3a, 0x91, 0x2e, 0xf6, 0x01, 0xcc, 0x8b, 0xaf, 0xa1,
0x16, 0x35, 0xf5, 0x74, 0x5a, 0x54, 0x8a, 0x19, 0xa9, 0xc7, 0xda, 0xd4, 0xf4, 0x44, 0x6d, 0x0a,
0x7d, 0xb7, 0x84, 0xe4, 0x1b, 0x20, 0x2c, 0x47, 0xa9, 0x7a, 0x1a, 0x05, 0x49, 0xfb, 0xf3, 0x22,
0xc0, 0x56, 0xa5, 0xf5, 0x33, 0xa8, 0xb7, 0xaf, 0xc3, 0x6c, 0xdd, 0x17, 0x3e, 0x3f, 0x92, 0xb3,
0x45, 0x4f, 0x00, 0xe5, 0x45, 0x15, 0x63, 0xc6, 0x6a, 0x69, 0xf1, 0xd3, 0x50, 0x4b, 0x6f, 0xa1,
0x59, 0xff, 0x43, 0xb7, 0x13, 0xd5, 0xaa, 0x62, 0x64, 0xb1, 0xe5, 0x22, 0xb6, 0x74, 0xda, 0xe7,
0x43, 0x42, 0xa6, 0xdb, 0x0d, 0x77, 0x27, 0x16, 0xe1, 0xb6, 0xb8, 0x21, 0x1d, 0xb7, 0x1b, 0x11,
0xb3, 0x4c, 0x44, 0xf0, 0x92, 0xe5, 0x7d, 0x86, 0xec, 0x53, 0x1e, 0xcd, 0xf7, 0xe3, 0x77, 0x21,
0x33, 0x93, 0x7a, 0x48, 0x1b, 0xe9, 0xa1, 0xb1, 0xaf, 0x41, 0xb4, 0xef, 0x2b, 0x72, 0x7e, 0xe3,
0x9f, 0x61, 0xa8, 0xdf, 0x02, 0x88, 0x9d, 0x2e, 0xc5, 0x58, 0xc7, 0x91, 0x96, 0x18, 0x54, 0xee,
0xe5, 0x04, 0x57, 0x6a, 0x4d, 0xf1, 0xd3, 0x6a, 0x4d, 0x1b, 0xe6, 0x9a, 0x0f, 0x23, 0x27, 0xf1,
0xd2, 0x05, 0x2b, 0x3e, 0x82, 0xa2, 0x58, 0x2b, 0xe2, 0xad, 0xcc, 0x19, 0xe9, 0x00, 0x3b, 0xe6,
0xec, 0x2a, 0x11, 0x6a, 0x3f, 0x55, 0x60, 0x49, 0x0e, 0x16, 0x79, 0xd4, 0xef, 0x90, 0x77, 0x59,
0xf6, 0x34, 0x25, 0x65, 0x6b, 0x90, 0x90, 0xa8, 0xbc, 0x3e, 0xea, 0x77, 0xd8, 0xc9, 0xc5, 0x79,
0x24, 0x57, 0x96, 0x12, 0x92, 0x07, 0x30, 0xdf, 0xf2, 0x7b, 0x3d, 0xba, 0xdc, 0x82, 0x8f, 0xf9,
0xc9, 0x9d, 0x32, 0xca, 0xde, 0x28, 0x88, 0x0a, 0x6d, 0x3c, 0xcb, 0x0d, 0x54, 0xe7, 0x06, 0x74,
0x03, 0xf7, 0x38, 0x5d, 0xc2, 0xf6, 0x5b, 0x18, 0x45, 0x43, 0xe6, 0x99, 0x28, 0x1b, 0xe9, 0x3c,
0xbd, 0x72, 0x2d, 0x69, 0x31, 0xd6, 0x73, 0x82, 0xb2, 0xa1, 0xfd, 0x3d, 0x05, 0xae, 0x8c, 0x36,
0xad, 0xd2, 0xf3, 0x87, 0xdd, 0x76, 0xe0, 0x78, 0xbd, 0xba, 0xbf, 0x1f, 0xb2, 0xac, 0x53, 0xfb,
0xc9, 0x05, 0x25, 0xcf, 0x3a, 0xb5, 0xef, 0x65, 0xb3, 0x4e, 0x61, 0x70, 0x9d, 0xd7, 0xa0, 0x6c,
0xbd, 0x6f, 0xbd, 0x3f, 0x74, 0x85, 0x11, 0x8b, 0xc9, 0x87, 0xf0, 0xa3, 0xd0, 0xfe, 0x88, 0x02,
0xe5, 0xed, 0x46, 0x20, 0x6a, 0x87, 0x70, 0x69, 0xb4, 0x1a, 0xc6, 0x1d, 0x4b, 0x1f, 0x76, 0xbd,
0x08, 0x2b, 0x21, 0x04, 0x88, 0xf2, 0x29, 0x08, 0x10, 0xed, 0x5f, 0x16, 0x81, 0x8c, 0x7e, 0x4f,
0xde, 0x2e, 0x94, 0xff, 0x07, 0x47, 0xf7, 0x8c, 0x44, 0x2f, 0x3d, 0xd1, 0x91, 0xf7, 0x23, 0x50,
0x3b, 0x74, 0xd8, 0xec, 0x88, 0x8e, 0x9b, 0xdd, 0xf3, 0xe3, 0xdd, 0xeb, 0x33, 0x63, 0xa7, 0x70,
0x7a, 0x9c, 0x99, 0x08, 0xcc, 0x32, 0x91, 0x37, 0xe2, 0x4e, 0x7a, 0x5e, 0x78, 0xb0, 0xe8, 0x3e,
0x0c, 0x6d, 0x87, 0x8e, 0x11, 0xfb, 0xe0, 0x74, 0xca, 0x6b, 0x7a, 0xf2, 0x88, 0x32, 0xc1, 0x98,
0x66, 0x20, 0x6f, 0x9d, 0xee, 0xc3, 0x30, 0xc6, 0xd5, 0xbe, 0xad, 0xc0, 0x4a, 0xde, 0xe4, 0xa6,
0x3a, 0x85, 0xac, 0x64, 0xa4, 0xcf, 0xb3, 0xb2, 0x5e, 0x92, 0x39, 0xcf, 0xa6, 0x89, 0xb2, 0x5d,
0x5f, 0x78, 0xa2, 0xcd, 0xf4, 0xc7, 0x45, 0x98, 0x67, 0xbe, 0x46, 0xdb, 0xae, 0xd3, 0x8b, 0x0e,
0xe8, 0x3c, 0x12, 0x19, 0xf5, 0xa5, 0x17, 0x29, 0x13, 0x52, 0xe9, 0xdf, 0x84, 0x72, 0x8b, 0x8a,
0x85, 0x8e, 0xdf, 0x93, 0xef, 0x29, 0x06, 0x1c, 0x26, 0x2f, 0x19, 0x81, 0x87, 0xba, 0xbc, 0x7c,
0xcf, 0xc8, 0x74, 0x79, 0x84, 0xa4, 0x74, 0x79, 0x76, 0xe3, 0xf8, 0x18, 0x4e, 0x27, 0xee, 0x63,
0xf1, 0x5d, 0xe6, 0x09, 0x1e, 0xdf, 0xae, 0xf3, 0x8b, 0xdc, 0x4b, 0x89, 0x47, 0x1a, 0x5e, 0x7a,
0x62, 0x69, 0x26, 0x49, 0x5c, 0xde, 0x27, 0xc8, 0x1d, 0x50, 0x13, 0x30, 0xcf, 0x5e, 0xc7, 0x0e,
0x67, 0x18, 0x60, 0x53, 0x62, 0x3b, 0x92, 0xc8, 0x6e, 0x84, 0x90, 0x6e, 0xdf, 0x09, 0xcc, 0x48,
0xde, 0xd9, 0x0b, 0xbf, 0x86, 0x98, 0x17, 0x5e, 0xa3, 0xca, 0xdb, 0x77, 0x86, 0x8c, 0x8e, 0x91,
0xb8, 0x7d, 0x9d, 0x49, 0xc6, 0x88, 0xdf, 0xbb, 0xca, 0x63, 0xc4, 0xb1, 0xd6, 0xbf, 0xa9, 0xc0,
0x52, 0x4d, 0xdf, 0xe1, 0x19, 0xd9, 0x59, 0xaf, 0x5e, 0x85, 0x67, 0x6a, 0xfa, 0x8e, 0xdd, 0x6a,
0xd6, 0x6b, 0x95, 0xfb, 0x76, 0x6e, 0xde, 0xd4, 0x67, 0xe0, 0xfc, 0x28, 0x4a, 0xe2, 0x69, 0x77,
0x11, 0x56, 0x47, 0x8b, 0x45, 0x6e, 0xd5, 0x7c, 0x62, 0x91, 0x86, 0xb5, 0xb8, 0xfe, 0x1e, 0x2c,
0x89, 0x3c, 0xa2, 0xed, 0xba, 0x85, 0x27, 0xbc, 0x25, 0x98, 0xbb, 0x6b, 0x98, 0xb5, 0xcd, 0xfb,
0xf6, 0xe6, 0x6e, 0xbd, 0xae, 0x9e, 0x22, 0x0b, 0x30, 0xcb, 0x01, 0x15, 0x5d, 0x55, 0xc8, 0x3c,
0x94, 0x6b, 0x0d, 0xcb, 0xa8, 0xec, 0x9a, 0x86, 0x5a, 0x58, 0xff, 0xa7, 0x0a, 0x2c, 0xb0, 0x33,
0x5b, 0xc0, 0x5b, 0x74, 0x09, 0xd6, 0x76, 0x5b, 0x55, 0xbd, 0x6d, 0x98, 0xf9, 0xcd, 0x39, 0x03,
0xcb, 0x99, 0xf2, 0xe6, 0x1d, 0x55, 0x21, 0x17, 0xe0, 0x5c, 0x06, 0x5c, 0xad, 0x59, 0xfa, 0x06,
0x6b, 0xc5, 0x79, 0x38, 0x93, 0x29, 0x6c, 0xd5, 0x1a, 0x0d, 0xa3, 0xaa, 0x16, 0x69, 0x03, 0x47,
0x3e, 0x67, 0x1a, 0x7a, 0x95, 0x92, 0xaa, 0xa5, 0xf5, 0xf7, 0x60, 0xb1, 0x15, 0x3f, 0x2b, 0x44,
0x47, 0xbe, 0x19, 0x28, 0x9a, 0xfa, 0x3d, 0xf5, 0x14, 0x01, 0x98, 0x6e, 0xdd, 0xa9, 0x58, 0x37,
0x6e, 0xa8, 0x0a, 0x99, 0x83, 0x99, 0xad, 0x4a, 0xcb, 0xbe, 0xb3, 0x63, 0xa9, 0x05, 0xfa, 0x43,
0xbf, 0x67, 0xe1, 0x8f, 0xe2, 0xfa, 0xab, 0xe8, 0xbe, 0xf2, 0xf8, 0xa8, 0xee, 0x85, 0x91, 0xdb,
0x77, 0x03, 0xec, 0xa3, 0x79, 0x28, 0x5b, 0x2e, 0xd5, 0xc4, 0x22, 0x97, 0x75, 0xd0, 0xce, 0xb0,
0x17, 0x79, 0x83, 0x9e, 0xfb, 0x58, 0x55, 0xd6, 0x6f, 0xc1, 0x92, 0xe9, 0x0f, 0xe9, 0x09, 0xd2,
0x8a, 0x28, 0xc6, 0xfe, 0x11, 0xb6, 0xb9, 0xa1, 0xef, 0x6c, 0xd4, 0xb6, 0x76, 0x9b, 0xbb, 0x96,
0xbd, 0xa3, 0xb7, 0x2b, 0xdb, 0xcc, 0x8d, 0x70, 0xa7, 0x69, 0xb5, 0x6d, 0xd3, 0xa8, 0x18, 0x8d,
0xb6, 0xaa, 0xac, 0x7f, 0x03, 0x2f, 0x95, 0x3a, 0x7e, 0xbf, 0xbb, 0xe9, 0x74, 0x22, 0x3f, 0xc0,
0x0a, 0x6b, 0x70, 0xc9, 0x32, 0x2a, 0xcd, 0x46, 0xd5, 0xde, 0xd4, 0x2b, 0xed, 0xa6, 0x99, 0x97,
0x58, 0x78, 0x0d, 0xce, 0xe6, 0xe0, 0x34, 0xdb, 0x2d, 0x55, 0x21, 0x97, 0xe1, 0x42, 0x4e, 0xd9,
0x3d, 0x63, 0x43, 0xdf, 0x6d, 0x6f, 0x37, 0xd4, 0xc2, 0x18, 0x62, 0xcb, 0x6a, 0xaa, 0xc5, 0xf5,
0xbf, 0xaf, 0xc0, 0xe2, 0x6e, 0xc8, 0xdf, 0x34, 0xef, 0xa2, 0x0f, 0xc1, 0x15, 0xb8, 0xb8, 0x6b,
0x19, 0xa6, 0xdd, 0x6e, 0xde, 0x31, 0x1a, 0xf6, 0xae, 0xa5, 0x6f, 0x65, 0x6b, 0x73, 0x19, 0x2e,
0x48, 0x18, 0xa6, 0x51, 0x69, 0xde, 0x35, 0x4c, 0xbb, 0xa5, 0x5b, 0xd6, 0xbd, 0xa6, 0x59, 0x55,
0x15, 0xfa, 0xc5, 0x1c, 0x84, 0x9d, 0x4d, 0x9d, 0xd5, 0x26, 0x55, 0xd6, 0x30, 0xee, 0xe9, 0x75,
0x7b, 0xa3, 0xd9, 0x56, 0x8b, 0xeb, 0x3b, 0xf4, 0x70, 0x85, 0xe9, 0x3d, 0xd9, 0xcb, 0xb3, 0x32,
0x94, 0x1a, 0xcd, 0x86, 0x91, 0x75, 0x3e, 0x9d, 0x87, 0xb2, 0xde, 0x6a, 0x99, 0xcd, 0xbb, 0x38,
0x79, 0x00, 0xa6, 0xab, 0x46, 0xa3, 0x86, 0xb3, 0x65, 0x1e, 0xca, 0x2d, 0xb3, 0xb9, 0xd3, 0x6c,
0x1b, 0x55, 0xb5, 0xb4, 0xae, 0xc3, 0x32, 0xdb, 0x12, 0x38, 0x53, 0xbc, 0x79, 0x5c, 0x80, 0xd9,
0xdd, 0x46, 0xd5, 0xd8, 0xac, 0x35, 0xb0, 0x2d, 0x8b, 0x00, 0xd6, 0x76, 0xd3, 0x6c, 0xdb, 0x6d,
0xc3, 0xdc, 0x61, 0xf9, 0x9a, 0xeb, 0xcd, 0xc6, 0x16, 0xfb, 0x59, 0x58, 0x37, 0x85, 0x1a, 0x20,
0xea, 0xd5, 0xf1, 0x99, 0xb3, 0x68, 0xd5, 0xd8, 0xd4, 0x77, 0xeb, 0x6d, 0x3e, 0xca, 0xf7, 0x6d,
0xd3, 0x78, 0x7f, 0xd7, 0xb0, 0xda, 0x96, 0xaa, 0x10, 0x15, 0xe6, 0x1b, 0x86, 0x51, 0xb5, 0x6c,
0xd3, 0xb8, 0x5b, 0x33, 0xee, 0xa9, 0x05, 0x5a, 0x2d, 0xf6, 0x3f, 0xad, 0xe4, 0xfa, 0x77, 0x14,
0x20, 0x2c, 0xbb, 0xea, 0xb6, 0x1f, 0x46, 0xb4, 0xf7, 0x71, 0xd2, 0x5d, 0x82, 0xb5, 0x6d, 0x3a,
0x5b, 0xb0, 0x77, 0x76, 0x9a, 0xd5, 0x6c, 0xaf, 0x9f, 0x05, 0x92, 0x29, 0x6f, 0x6e, 0x6e, 0xe2,
0xca, 0x3a, 0x9d, 0x81, 0x57, 0xcd, 0x66, 0x4b, 0x2d, 0xac, 0x15, 0xca, 0x0a, 0x39, 0x37, 0x52,
0x78, 0xc7, 0x30, 0x5a, 0x6a, 0x91, 0x8e, 0x72, 0xa6, 0x40, 0xac, 0x7a, 0x46, 0x5e, 0x5a, 0xff,
0xba, 0x02, 0x67, 0x59, 0x35, 0x85, 0x08, 0x89, 0xab, 0x7a, 0x11, 0x56, 0x79, 0xce, 0xe8, 0xbc,
0x8a, 0xae, 0x80, 0x9a, 0x2a, 0x65, 0xd5, 0x3c, 0x03, 0xcb, 0x29, 0x28, 0xd6, 0xa3, 0x40, 0x05,
0x64, 0x0a, 0xbc, 0x61, 0x58, 0x6d, 0xdb, 0xd8, 0xdc, 0xa4, 0x43, 0x82, 0x15, 0x29, 0xae, 0x6b,
0xb0, 0x5c, 0x71, 0x83, 0xc8, 0x78, 0x1c, 0xb9, 0xfd, 0xd0, 0xf3, 0xfb, 0x58, 0x85, 0x05, 0x98,
0x35, 0xfe, 0x6e, 0xdb, 0x68, 0x58, 0xb5, 0x66, 0x43, 0x3d, 0xb5, 0x7e, 0x31, 0x83, 0x23, 0x44,
0x81, 0x65, 0x6d, 0xab, 0xa7, 0xd6, 0x1d, 0x58, 0x10, 0xaf, 0x7d, 0xd9, 0xc4, 0xba, 0x04, 0x6b,
0x62, 0xba, 0xa2, 0x58, 0xc9, 0x36, 0x61, 0x15, 0x56, 0x46, 0xcb, 0x8d, 0xb6, 0xaa, 0xd0, 0x51,
0xc8, 0x94, 0x50, 0x78, 0x61, 0xfd, 0x6b, 0x0a, 0x2c, 0xc4, 0x2e, 0x28, 0x38, 0xd1, 0x2e, 0xc3,
0x85, 0x9d, 0x4d, 0xdd, 0xae, 0x1a, 0x77, 0x6b, 0x15, 0xc3, 0xbe, 0x53, 0x6b, 0x54, 0x33, 0x1f,
0x39, 0x0f, 0x67, 0x72, 0x10, 0xf0, 0x2b, 0xab, 0xb0, 0x92, 0x2d, 0x6a, 0xd3, 0xd5, 0x5e, 0xa0,
0x5d, 0x9f, 0x2d, 0x89, 0x97, 0x7a, 0x71, 0xfd, 0x2e, 0x2c, 0x5a, 0xfa, 0x4e, 0x7d, 0xd3, 0x0f,
0x3a, 0xae, 0x3e, 0x8c, 0x0e, 0xfa, 0x54, 0xee, 0x6e, 0x36, 0xcd, 0x8a, 0x61, 0x23, 0x4a, 0xa6,
0x06, 0xa7, 0x61, 0x49, 0x2e, 0xbc, 0x6f, 0xd0, 0xe9, 0x4b, 0x60, 0x51, 0x06, 0x36, 0x9a, 0x6a,
0x61, 0xfd, 0x4b, 0x30, 0xcf, 0xfd, 0xd2, 0x58, 0xff, 0x9d, 0x83, 0xd3, 0xf2, 0xef, 0x96, 0xdb,
0xef, 0x7a, 0xfd, 0x7d, 0xf5, 0x54, 0xb6, 0xc0, 0x1c, 0xf6, 0xfb, 0xb4, 0x00, 0x45, 0x82, 0x5c,
0xd0, 0x76, 0x83, 0x43, 0xaf, 0xef, 0x44, 0x6e, 0x57, 0x2d, 0xac, 0x5f, 0x87, 0x85, 0x54, 0xbe,
0x60, 0x3a, 0x70, 0xf5, 0x26, 0x97, 0xe1, 0x3b, 0x46, 0xb5, 0xb6, 0xbb, 0xa3, 0x4e, 0x51, 0x61,
0xb0, 0x5d, 0xdb, 0xda, 0x56, 0x61, 0xfd, 0xb7, 0x15, 0x58, 0xa4, 0xeb, 0xd1, 0x0b, 0xdc, 0x9d,
0x4d, 0x5d, 0x0c, 0x35, 0x9d, 0x66, 0x2c, 0x0b, 0xb9, 0x61, 0x59, 0xcc, 0x6d, 0xfb, 0x22, 0xac,
0xf2, 0x1f, 0xb6, 0xde, 0xa8, 0xda, 0xdb, 0xba, 0x59, 0xbd, 0xa7, 0x9b, 0x74, 0xee, 0xdd, 0x57,
0x0b, 0xb8, 0xa0, 0x24, 0x88, 0xdd, 0x6e, 0xee, 0x56, 0xb6, 0xd5, 0x22, 0x9d, 0xbf, 0x29, 0x78,
0xab, 0xd6, 0x50, 0x4b, 0xb8, 0x3c, 0x47, 0xb0, 0x91, 0x2d, 0x2d, 0x9f, 0x5a, 0xff, 0x91, 0x02,
0xe7, 0x2c, 0x6f, 0xbf, 0xef, 0x44, 0xc3, 0xc0, 0xd5, 0x7b, 0xfb, 0x7e, 0xe0, 0x45, 0x07, 0x87,
0xd6, 0xd0, 0x8b, 0x5c, 0xf2, 0x22, 0x3c, 0x6f, 0xd5, 0xb6, 0x1a, 0x7a, 0x9b, 0x2e, 0x2f, 0xbd,
0xbe, 0xd5, 0x34, 0x6b, 0xed, 0xed, 0x1d, 0xdb, 0xda, 0xad, 0x8d, 0xcc, 0xbc, 0xe7, 0xe0, 0xca,
0x78, 0xd4, 0xba, 0xb1, 0xa5, 0x57, 0xee, 0xab, 0xca, 0x64, 0x86, 0x1b, 0x7a, 0x5d, 0x6f, 0x54,
0x8c, 0xaa, 0x7d, 0xf7, 0x86, 0x5a, 0x20, 0xcf, 0xc3, 0xd5, 0xf1, 0xa8, 0x9b, 0xb5, 0x96, 0x45,
0xd1, 0x8a, 0x93, 0xbf, 0xbb, 0x6d, 0xed, 0x50, 0xac, 0xd2, 0xfa, 0xb7, 0x15, 0x58, 0x1d, 0x97,
0x07, 0x83, 0x5c, 0x03, 0xcd, 0x68, 0xb4, 0x4d, 0xbd, 0x56, 0xb5, 0x2b, 0xa6, 0x51, 0x35, 0x1a,
0xed, 0x9a, 0x5e, 0xb7, 0x6c, 0xab, 0xb9, 0x4b, 0x67, 0x53, 0xe2, 0x5d, 0xff, 0x2c, 0x5c, 0x9e,
0x80, 0xd7, 0xac, 0x55, 0x2b, 0xaa, 0x42, 0x6e, 0xc0, 0xcb, 0x13, 0x90, 0xac, 0xfb, 0x56, 0xdb,
0xd8, 0x91, 0x4b, 0xd4, 0x02, 0x0a, 0xac, 0xfc, 0xb8, 0xef, 0xb4, 0x75, 0x58, 0x32, 0xb9, 0x62,
0x57, 0xe1, 0x99, 0xb1, 0x58, 0xbc, 0x5a, 0xcf, 0xc2, 0xe5, 0xb1, 0x28, 0xac, 0x52, 0x6a, 0x61,
0xfd, 0x03, 0x58, 0x1b, 0x1f, 0x7b, 0x98, 0xee, 0x17, 0xe9, 0x21, 0x2f, 0x43, 0xa9, 0x4a, 0x77,
0xb9, 0x54, 0xd6, 0x7c, 0x3a, 0x3b, 0x4d, 0xa3, 0xb6, 0xd3, 0xa2, 0x82, 0x90, 0x6f, 0x2e, 0xb8,
0x7b, 0x7c, 0x55, 0x89, 0xf3, 0x7a, 0x24, 0x3c, 0xb3, 0x0f, 0x35, 0xcc, 0xdd, 0x46, 0x83, 0xed,
0x95, 0x4b, 0x30, 0xd7, 0x6c, 0x6f, 0x1b, 0xa6, 0x6d, 0x98, 0x66, 0xd3, 0x54, 0x0b, 0x74, 0x77,
0xda, 0x6d, 0xd0, 0xa5, 0xdd, 0x34, 0x6b, 0x5f, 0xc4, 0x4d, 0x73, 0x15, 0x56, 0xac, 0xba, 0x5e,
0xb9, 0x63, 0x37, 0x9a, 0x6d, 0xbb, 0xd6, 0xb0, 0x2b, 0xdb, 0x7a, 0xa3, 0x61, 0xd4, 0x55, 0xa0,
0x32, 0xbb, 0x79, 0xa7, 0xad, 0xdb, 0x95, 0x66, 0x63, 0xb3, 0xb6, 0xc5, 0x59, 0xac, 0xe0, 0x2c,
0x18, 0x17, 0x2a, 0x88, 0x7c, 0x16, 0x5e, 0x40, 0x9a, 0x56, 0x7d, 0x77, 0xab, 0xd6, 0xb0, 0xad,
0xfb, 0x8d, 0x8a, 0xd0, 0xdc, 0x2a, 0xa3, 0x7b, 0xc5, 0x0b, 0xf0, 0xdc, 0x44, 0x6c, 0xa1, 0xca,
0x2a, 0x74, 0x76, 0x4d, 0xc4, 0xe4, 0xed, 0x5b, 0xff, 0x81, 0x02, 0x17, 0x26, 0xb8, 0x12, 0x92,
0x97, 0xe1, 0xc5, 0x6d, 0x43, 0xaf, 0xd6, 0x0d, 0xcb, 0x42, 0x09, 0x47, 0x07, 0x91, 0xbd, 0xf3,
0xc8, 0xdd, 0x09, 0x5e, 0x84, 0xe7, 0x27, 0xa3, 0x27, 0x6a, 0xc9, 0x0b, 0xf0, 0xdc, 0x64, 0x54,
0xae, 0xa6, 0x14, 0xc8, 0x3a, 0x5c, 0x9b, 0x8c, 0x19, 0xab, 0x37, 0xc5, 0xf5, 0xdf, 0x52, 0xe0,
0x6c, 0xfe, 0xad, 0x0e, 0xad, 0x5b, 0xad, 0x61, 0xb5, 0xf5, 0x7a, 0xdd, 0x6e, 0xe9, 0xa6, 0xbe,
0x63, 0x1b, 0x0d, 0xb3, 0x59, 0xaf, 0xe7, 0xed, 0xc9, 0xcf, 0xc1, 0x95, 0xf1, 0xa8, 0x56, 0xc5,
0xac, 0xb5, 0xe8, 0xb6, 0xa3, 0xc1, 0xa5, 0xf1, 0x58, 0x46, 0xad, 0x62, 0xa8, 0x85, 0x8d, 0x77,
0xbe, 0xf7, 0xe7, 0x97, 0x4e, 0x7d, 0xef, 0x47, 0x97, 0x94, 0xff, 0xf4, 0xa3, 0x4b, 0xca, 0x9f,
0xfd, 0xe8, 0x92, 0xf2, 0xc5, 0x97, 0xd8, 0xe3, 0x89, 0xeb, 0x1d, 0xff, 0xf0, 0x95, 0xfd, 0xc0,
0xf9, 0xd8, 0x8b, 0xf8, 0x7d, 0xec, 0x2b, 0xe2, 0x52, 0xee, 0x15, 0x67, 0xe0, 0xbd, 0x82, 0x47,
0xfe, 0x07, 0xd3, 0x78, 0x82, 0x7c, 0xed, 0xff, 0x04, 0x00, 0x00, 0xff, 0xff, 0xde, 0x34, 0x74,
0xc0, 0x0e, 0x03, 0x02, 0x00,
}
func (this *SSHKeyPair) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*SSHKeyPair)
if !ok {
that2, ok := that.(SSHKeyPair)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !bytes.Equal(this.PublicKey, that1.PublicKey) {
return false
}
if !bytes.Equal(this.PrivateKey, that1.PrivateKey) {
return false
}
if this.PrivateKeyType != that1.PrivateKeyType {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginSpecV1) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1)
if !ok {
that2, ok := that.(PluginSpecV1)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if that1.Settings == nil {
if this.Settings != nil {
return false
}
} else if this.Settings == nil {
return false
} else if !this.Settings.Equal(that1.Settings) {
return false
}
if this.Generation != that1.Generation {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginSpecV1_SlackAccessPlugin) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_SlackAccessPlugin)
if !ok {
that2, ok := that.(PluginSpecV1_SlackAccessPlugin)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.SlackAccessPlugin.Equal(that1.SlackAccessPlugin) {
return false
}
return true
}
func (this *PluginSpecV1_Opsgenie) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_Opsgenie)
if !ok {
that2, ok := that.(PluginSpecV1_Opsgenie)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.Opsgenie.Equal(that1.Opsgenie) {
return false
}
return true
}
func (this *PluginSpecV1_Openai) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_Openai)
if !ok {
that2, ok := that.(PluginSpecV1_Openai)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.Openai.Equal(that1.Openai) {
return false
}
return true
}
func (this *PluginSpecV1_Okta) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_Okta)
if !ok {
that2, ok := that.(PluginSpecV1_Okta)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.Okta.Equal(that1.Okta) {
return false
}
return true
}
func (this *PluginSpecV1_Jamf) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_Jamf)
if !ok {
that2, ok := that.(PluginSpecV1_Jamf)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.Jamf.Equal(that1.Jamf) {
return false
}
return true
}
func (this *PluginSpecV1_PagerDuty) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_PagerDuty)
if !ok {
that2, ok := that.(PluginSpecV1_PagerDuty)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.PagerDuty.Equal(that1.PagerDuty) {
return false
}
return true
}
func (this *PluginSpecV1_Mattermost) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_Mattermost)
if !ok {
that2, ok := that.(PluginSpecV1_Mattermost)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.Mattermost.Equal(that1.Mattermost) {
return false
}
return true
}
func (this *PluginSpecV1_Jira) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_Jira)
if !ok {
that2, ok := that.(PluginSpecV1_Jira)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.Jira.Equal(that1.Jira) {
return false
}
return true
}
func (this *PluginSpecV1_Discord) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_Discord)
if !ok {
that2, ok := that.(PluginSpecV1_Discord)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.Discord.Equal(that1.Discord) {
return false
}
return true
}
func (this *PluginSpecV1_ServiceNow) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_ServiceNow)
if !ok {
that2, ok := that.(PluginSpecV1_ServiceNow)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.ServiceNow.Equal(that1.ServiceNow) {
return false
}
return true
}
func (this *PluginSpecV1_Gitlab) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_Gitlab)
if !ok {
that2, ok := that.(PluginSpecV1_Gitlab)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.Gitlab.Equal(that1.Gitlab) {
return false
}
return true
}
func (this *PluginSpecV1_EntraId) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_EntraId)
if !ok {
that2, ok := that.(PluginSpecV1_EntraId)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.EntraId.Equal(that1.EntraId) {
return false
}
return true
}
func (this *PluginSpecV1_Scim) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_Scim)
if !ok {
that2, ok := that.(PluginSpecV1_Scim)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.Scim.Equal(that1.Scim) {
return false
}
return true
}
func (this *PluginSpecV1_Datadog) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_Datadog)
if !ok {
that2, ok := that.(PluginSpecV1_Datadog)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.Datadog.Equal(that1.Datadog) {
return false
}
return true
}
func (this *PluginSpecV1_AwsIc) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_AwsIc)
if !ok {
that2, ok := that.(PluginSpecV1_AwsIc)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.AwsIc.Equal(that1.AwsIc) {
return false
}
return true
}
func (this *PluginSpecV1_Email) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_Email)
if !ok {
that2, ok := that.(PluginSpecV1_Email)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.Email.Equal(that1.Email) {
return false
}
return true
}
func (this *PluginSpecV1_Msteams) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_Msteams)
if !ok {
that2, ok := that.(PluginSpecV1_Msteams)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.Msteams.Equal(that1.Msteams) {
return false
}
return true
}
func (this *PluginSpecV1_NetIq) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_NetIq)
if !ok {
that2, ok := that.(PluginSpecV1_NetIq)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.NetIq.Equal(that1.NetIq) {
return false
}
return true
}
func (this *PluginSpecV1_Github) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_Github)
if !ok {
that2, ok := that.(PluginSpecV1_Github)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.Github.Equal(that1.Github) {
return false
}
return true
}
func (this *PluginSpecV1_Intune) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSpecV1_Intune)
if !ok {
that2, ok := that.(PluginSpecV1_Intune)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.Intune.Equal(that1.Intune) {
return false
}
return true
}
func (this *PluginGithubSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginGithubSettings)
if !ok {
that2, ok := that.(PluginGithubSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.ApiEndpoint != that1.ApiEndpoint {
return false
}
if this.ClientId != that1.ClientId {
return false
}
if this.OrganizationName != that1.OrganizationName {
return false
}
if !this.StartDate.Equal(that1.StartDate) {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginSlackAccessSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSlackAccessSettings)
if !ok {
that2, ok := that.(PluginSlackAccessSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.FallbackChannel != that1.FallbackChannel {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginGitlabSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginGitlabSettings)
if !ok {
that2, ok := that.(PluginGitlabSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.ApiEndpoint != that1.ApiEndpoint {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginOpsgenieAccessSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginOpsgenieAccessSettings)
if !ok {
that2, ok := that.(PluginOpsgenieAccessSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.Priority != that1.Priority {
return false
}
if len(this.AlertTags) != len(that1.AlertTags) {
return false
}
for i := range this.AlertTags {
if this.AlertTags[i] != that1.AlertTags[i] {
return false
}
}
if len(this.DefaultSchedules) != len(that1.DefaultSchedules) {
return false
}
for i := range this.DefaultSchedules {
if this.DefaultSchedules[i] != that1.DefaultSchedules[i] {
return false
}
}
if this.ApiEndpoint != that1.ApiEndpoint {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginServiceNowSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginServiceNowSettings)
if !ok {
that2, ok := that.(PluginServiceNowSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.ApiEndpoint != that1.ApiEndpoint {
return false
}
if this.Username != that1.Username {
return false
}
if this.Password != that1.Password {
return false
}
if this.CloseCode != that1.CloseCode {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginPagerDutySettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginPagerDutySettings)
if !ok {
that2, ok := that.(PluginPagerDutySettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.UserEmail != that1.UserEmail {
return false
}
if this.ApiEndpoint != that1.ApiEndpoint {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginJiraSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginJiraSettings)
if !ok {
that2, ok := that.(PluginJiraSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.ServerUrl != that1.ServerUrl {
return false
}
if this.ProjectKey != that1.ProjectKey {
return false
}
if this.IssueType != that1.IssueType {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginOpenAISettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginOpenAISettings)
if !ok {
that2, ok := that.(PluginOpenAISettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginMattermostSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginMattermostSettings)
if !ok {
that2, ok := that.(PluginMattermostSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.ServerUrl != that1.ServerUrl {
return false
}
if this.Team != that1.Team {
return false
}
if this.Channel != that1.Channel {
return false
}
if this.ReportToEmail != that1.ReportToEmail {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginJamfSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginJamfSettings)
if !ok {
that2, ok := that.(PluginJamfSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.JamfSpec.Equal(that1.JamfSpec) {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginIntuneSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginIntuneSettings)
if !ok {
that2, ok := that.(PluginIntuneSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.Tenant != that1.Tenant {
return false
}
if this.LoginEndpoint != that1.LoginEndpoint {
return false
}
if this.GraphEndpoint != that1.GraphEndpoint {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginOktaSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginOktaSettings)
if !ok {
that2, ok := that.(PluginOktaSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.OrgUrl != that1.OrgUrl {
return false
}
if this.EnableUserSync != that1.EnableUserSync {
return false
}
if this.SsoConnectorId != that1.SsoConnectorId {
return false
}
if !this.SyncSettings.Equal(that1.SyncSettings) {
return false
}
if !this.CredentialsInfo.Equal(that1.CredentialsInfo) {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginOktaCredentialsInfo) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginOktaCredentialsInfo)
if !ok {
that2, ok := that.(PluginOktaCredentialsInfo)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.HasSsmToken != that1.HasSsmToken {
return false
}
if this.HasOauthCredentials != that1.HasOauthCredentials {
return false
}
if this.HasScimToken != that1.HasScimToken {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginOktaSyncSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginOktaSyncSettings)
if !ok {
that2, ok := that.(PluginOktaSyncSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.SyncUsers != that1.SyncUsers {
return false
}
if this.SsoConnectorId != that1.SsoConnectorId {
return false
}
if this.SyncAccessLists != that1.SyncAccessLists {
return false
}
if len(this.DefaultOwners) != len(that1.DefaultOwners) {
return false
}
for i := range this.DefaultOwners {
if this.DefaultOwners[i] != that1.DefaultOwners[i] {
return false
}
}
if this.AppId != that1.AppId {
return false
}
if len(this.GroupFilters) != len(that1.GroupFilters) {
return false
}
for i := range this.GroupFilters {
if this.GroupFilters[i] != that1.GroupFilters[i] {
return false
}
}
if len(this.AppFilters) != len(that1.AppFilters) {
return false
}
for i := range this.AppFilters {
if this.AppFilters[i] != that1.AppFilters[i] {
return false
}
}
if this.AppName != that1.AppName {
return false
}
if this.DisableSyncAppGroups != that1.DisableSyncAppGroups {
return false
}
if this.DisableBidirectionalSync != that1.DisableBidirectionalSync {
return false
}
if this.UserSyncSource != that1.UserSyncSource {
return false
}
if this.EnableSystemLogExport != that1.EnableSystemLogExport {
return false
}
if this.DisableAssignDefaultRoles != that1.DisableAssignDefaultRoles {
return false
}
if this.TimeBetweenImports != that1.TimeBetweenImports {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *DiscordChannels) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*DiscordChannels)
if !ok {
that2, ok := that.(DiscordChannels)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if len(this.ChannelIds) != len(that1.ChannelIds) {
return false
}
for i := range this.ChannelIds {
if this.ChannelIds[i] != that1.ChannelIds[i] {
return false
}
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginDiscordSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginDiscordSettings)
if !ok {
that2, ok := that.(PluginDiscordSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if len(this.RoleToRecipients) != len(that1.RoleToRecipients) {
return false
}
for i := range this.RoleToRecipients {
if !this.RoleToRecipients[i].Equal(that1.RoleToRecipients[i]) {
return false
}
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginEntraIDSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginEntraIDSettings)
if !ok {
that2, ok := that.(PluginEntraIDSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.SyncSettings.Equal(that1.SyncSettings) {
return false
}
if !this.AccessGraphSettings.Equal(that1.AccessGraphSettings) {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginEntraIDSyncSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginEntraIDSyncSettings)
if !ok {
that2, ok := that.(PluginEntraIDSyncSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if len(this.DefaultOwners) != len(that1.DefaultOwners) {
return false
}
for i := range this.DefaultOwners {
if this.DefaultOwners[i] != that1.DefaultOwners[i] {
return false
}
}
if this.SsoConnectorId != that1.SsoConnectorId {
return false
}
if this.CredentialsSource != that1.CredentialsSource {
return false
}
if this.TenantId != that1.TenantId {
return false
}
if this.EntraAppId != that1.EntraAppId {
return false
}
if len(this.GroupFilters) != len(that1.GroupFilters) {
return false
}
for i := range this.GroupFilters {
if !this.GroupFilters[i].Equal(that1.GroupFilters[i]) {
return false
}
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginSyncFilter) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSyncFilter)
if !ok {
that2, ok := that.(PluginSyncFilter)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if that1.Include == nil {
if this.Include != nil {
return false
}
} else if this.Include == nil {
return false
} else if !this.Include.Equal(that1.Include) {
return false
}
if that1.Exclude == nil {
if this.Exclude != nil {
return false
}
} else if this.Exclude == nil {
return false
} else if !this.Exclude.Equal(that1.Exclude) {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginSyncFilter_Id) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSyncFilter_Id)
if !ok {
that2, ok := that.(PluginSyncFilter_Id)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.Id != that1.Id {
return false
}
return true
}
func (this *PluginSyncFilter_NameRegex) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSyncFilter_NameRegex)
if !ok {
that2, ok := that.(PluginSyncFilter_NameRegex)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.NameRegex != that1.NameRegex {
return false
}
return true
}
func (this *PluginSyncFilter_ExcludeId) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSyncFilter_ExcludeId)
if !ok {
that2, ok := that.(PluginSyncFilter_ExcludeId)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.ExcludeId != that1.ExcludeId {
return false
}
return true
}
func (this *PluginSyncFilter_ExcludeNameRegex) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSyncFilter_ExcludeNameRegex)
if !ok {
that2, ok := that.(PluginSyncFilter_ExcludeNameRegex)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.ExcludeNameRegex != that1.ExcludeNameRegex {
return false
}
return true
}
func (this *PluginEntraIDAccessGraphSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginEntraIDAccessGraphSettings)
if !ok {
that2, ok := that.(PluginEntraIDAccessGraphSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if len(this.AppSsoSettingsCache) != len(that1.AppSsoSettingsCache) {
return false
}
for i := range this.AppSsoSettingsCache {
if !this.AppSsoSettingsCache[i].Equal(that1.AppSsoSettingsCache[i]) {
return false
}
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginEntraIDAppSSOSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginEntraIDAppSSOSettings)
if !ok {
that2, ok := that.(PluginEntraIDAppSSOSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.AppId != that1.AppId {
return false
}
if !bytes.Equal(this.FederatedSsoV2, that1.FederatedSsoV2) {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginSCIMSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSCIMSettings)
if !ok {
that2, ok := that.(PluginSCIMSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.SamlConnectorName != that1.SamlConnectorName {
return false
}
if this.DefaultRole != that1.DefaultRole {
return false
}
if !this.ConnectorInfo.Equal(that1.ConnectorInfo) {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginSCIMSettings_ConnectorInfo) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginSCIMSettings_ConnectorInfo)
if !ok {
that2, ok := that.(PluginSCIMSettings_ConnectorInfo)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.Name != that1.Name {
return false
}
if this.Type != that1.Type {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginDatadogAccessSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginDatadogAccessSettings)
if !ok {
that2, ok := that.(PluginDatadogAccessSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.ApiEndpoint != that1.ApiEndpoint {
return false
}
if this.FallbackRecipient != that1.FallbackRecipient {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginAWSICSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginAWSICSettings)
if !ok {
that2, ok := that.(PluginAWSICSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.IntegrationName != that1.IntegrationName {
return false
}
if this.Region != that1.Region {
return false
}
if this.Arn != that1.Arn {
return false
}
if !this.ProvisioningSpec.Equal(that1.ProvisioningSpec) {
return false
}
if len(this.AccessListDefaultOwners) != len(that1.AccessListDefaultOwners) {
return false
}
for i := range this.AccessListDefaultOwners {
if this.AccessListDefaultOwners[i] != that1.AccessListDefaultOwners[i] {
return false
}
}
if this.SamlIdpServiceProviderName != that1.SamlIdpServiceProviderName {
return false
}
if this.CredentialsSource != that1.CredentialsSource {
return false
}
if len(this.UserSyncFilters) != len(that1.UserSyncFilters) {
return false
}
for i := range this.UserSyncFilters {
if !this.UserSyncFilters[i].Equal(that1.UserSyncFilters[i]) {
return false
}
}
if len(this.AwsAccountsFilters) != len(that1.AwsAccountsFilters) {
return false
}
for i := range this.AwsAccountsFilters {
if !this.AwsAccountsFilters[i].Equal(that1.AwsAccountsFilters[i]) {
return false
}
}
if len(this.GroupSyncFilters) != len(that1.GroupSyncFilters) {
return false
}
for i := range this.GroupSyncFilters {
if !this.GroupSyncFilters[i].Equal(that1.GroupSyncFilters[i]) {
return false
}
}
if !this.Credentials.Equal(that1.Credentials) {
return false
}
if this.RolesSyncMode != that1.RolesSyncMode {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *AWSICCredentials) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*AWSICCredentials)
if !ok {
that2, ok := that.(AWSICCredentials)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if that1.Source == nil {
if this.Source != nil {
return false
}
} else if this.Source == nil {
return false
} else if !this.Source.Equal(that1.Source) {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *AWSICCredentials_System) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*AWSICCredentials_System)
if !ok {
that2, ok := that.(AWSICCredentials_System)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.System.Equal(that1.System) {
return false
}
return true
}
func (this *AWSICCredentials_Oidc) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*AWSICCredentials_Oidc)
if !ok {
that2, ok := that.(AWSICCredentials_Oidc)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.Oidc.Equal(that1.Oidc) {
return false
}
return true
}
func (this *AWSICCredentialSourceSystem) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*AWSICCredentialSourceSystem)
if !ok {
that2, ok := that.(AWSICCredentialSourceSystem)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.AssumeRoleArn != that1.AssumeRoleArn {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *AWSICCredentialSourceOIDC) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*AWSICCredentialSourceOIDC)
if !ok {
that2, ok := that.(AWSICCredentialSourceOIDC)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.IntegrationName != that1.IntegrationName {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *AWSICResourceFilter) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*AWSICResourceFilter)
if !ok {
that2, ok := that.(AWSICResourceFilter)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if that1.Include == nil {
if this.Include != nil {
return false
}
} else if this.Include == nil {
return false
} else if !this.Include.Equal(that1.Include) {
return false
}
if that1.Exclude == nil {
if this.Exclude != nil {
return false
}
} else if this.Exclude == nil {
return false
} else if !this.Exclude.Equal(that1.Exclude) {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *AWSICResourceFilter_Id) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*AWSICResourceFilter_Id)
if !ok {
that2, ok := that.(AWSICResourceFilter_Id)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.Id != that1.Id {
return false
}
return true
}
func (this *AWSICResourceFilter_NameRegex) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*AWSICResourceFilter_NameRegex)
if !ok {
that2, ok := that.(AWSICResourceFilter_NameRegex)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.NameRegex != that1.NameRegex {
return false
}
return true
}
func (this *AWSICResourceFilter_ExcludeId) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*AWSICResourceFilter_ExcludeId)
if !ok {
that2, ok := that.(AWSICResourceFilter_ExcludeId)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.ExcludeId != that1.ExcludeId {
return false
}
return true
}
func (this *AWSICResourceFilter_ExcludeNameRegex) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*AWSICResourceFilter_ExcludeNameRegex)
if !ok {
that2, ok := that.(AWSICResourceFilter_ExcludeNameRegex)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.ExcludeNameRegex != that1.ExcludeNameRegex {
return false
}
return true
}
func (this *AWSICUserSyncFilter) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*AWSICUserSyncFilter)
if !ok {
that2, ok := that.(AWSICUserSyncFilter)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if len(this.Labels) != len(that1.Labels) {
return false
}
for i := range this.Labels {
if this.Labels[i] != that1.Labels[i] {
return false
}
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *AWSICProvisioningSpec) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*AWSICProvisioningSpec)
if !ok {
that2, ok := that.(AWSICProvisioningSpec)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.BaseUrl != that1.BaseUrl {
return false
}
if this.BearerToken != that1.BearerToken {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginEmailSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginEmailSettings)
if !ok {
that2, ok := that.(PluginEmailSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.Sender != that1.Sender {
return false
}
if this.FallbackRecipient != that1.FallbackRecipient {
return false
}
if that1.Spec == nil {
if this.Spec != nil {
return false
}
} else if this.Spec == nil {
return false
} else if !this.Spec.Equal(that1.Spec) {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginEmailSettings_MailgunSpec) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginEmailSettings_MailgunSpec)
if !ok {
that2, ok := that.(PluginEmailSettings_MailgunSpec)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.MailgunSpec.Equal(that1.MailgunSpec) {
return false
}
return true
}
func (this *PluginEmailSettings_SmtpSpec) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginEmailSettings_SmtpSpec)
if !ok {
that2, ok := that.(PluginEmailSettings_SmtpSpec)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.SmtpSpec.Equal(that1.SmtpSpec) {
return false
}
return true
}
func (this *MailgunSpec) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*MailgunSpec)
if !ok {
that2, ok := that.(MailgunSpec)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.Domain != that1.Domain {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *SMTPSpec) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*SMTPSpec)
if !ok {
that2, ok := that.(SMTPSpec)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.Host != that1.Host {
return false
}
if this.Port != that1.Port {
return false
}
if this.StartTlsPolicy != that1.StartTlsPolicy {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginMSTeamsSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginMSTeamsSettings)
if !ok {
that2, ok := that.(PluginMSTeamsSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.AppId != that1.AppId {
return false
}
if this.TenantId != that1.TenantId {
return false
}
if this.TeamsAppId != that1.TeamsAppId {
return false
}
if this.Region != that1.Region {
return false
}
if this.DefaultRecipient != that1.DefaultRecipient {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginNetIQSettings) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginNetIQSettings)
if !ok {
that2, ok := that.(PluginNetIQSettings)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.OauthIssuerEndpoint != that1.OauthIssuerEndpoint {
return false
}
if this.ApiEndpoint != that1.ApiEndpoint {
return false
}
if this.InsecureSkipVerify != that1.InsecureSkipVerify {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginIdSecretCredential) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginIdSecretCredential)
if !ok {
that2, ok := that.(PluginIdSecretCredential)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.Id != that1.Id {
return false
}
if this.Secret != that1.Secret {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginCredentialsV1) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginCredentialsV1)
if !ok {
that2, ok := that.(PluginCredentialsV1)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if that1.Credentials == nil {
if this.Credentials != nil {
return false
}
} else if this.Credentials == nil {
return false
} else if !this.Credentials.Equal(that1.Credentials) {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginCredentialsV1_Oauth2AccessToken) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginCredentialsV1_Oauth2AccessToken)
if !ok {
that2, ok := that.(PluginCredentialsV1_Oauth2AccessToken)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.Oauth2AccessToken.Equal(that1.Oauth2AccessToken) {
return false
}
return true
}
func (this *PluginCredentialsV1_BearerToken) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginCredentialsV1_BearerToken)
if !ok {
that2, ok := that.(PluginCredentialsV1_BearerToken)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.BearerToken.Equal(that1.BearerToken) {
return false
}
return true
}
func (this *PluginCredentialsV1_IdSecret) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginCredentialsV1_IdSecret)
if !ok {
that2, ok := that.(PluginCredentialsV1_IdSecret)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.IdSecret.Equal(that1.IdSecret) {
return false
}
return true
}
func (this *PluginCredentialsV1_StaticCredentialsRef) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginCredentialsV1_StaticCredentialsRef)
if !ok {
that2, ok := that.(PluginCredentialsV1_StaticCredentialsRef)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.StaticCredentialsRef.Equal(that1.StaticCredentialsRef) {
return false
}
return true
}
func (this *PluginOAuth2AccessTokenCredentials) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginOAuth2AccessTokenCredentials)
if !ok {
that2, ok := that.(PluginOAuth2AccessTokenCredentials)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.AccessToken != that1.AccessToken {
return false
}
if this.RefreshToken != that1.RefreshToken {
return false
}
if !this.Expires.Equal(that1.Expires) {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginBearerTokenCredentials) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginBearerTokenCredentials)
if !ok {
that2, ok := that.(PluginBearerTokenCredentials)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.Token != that1.Token {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginStaticCredentialsRef) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginStaticCredentialsRef)
if !ok {
that2, ok := that.(PluginStaticCredentialsRef)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if len(this.Labels) != len(that1.Labels) {
return false
}
for i := range this.Labels {
if this.Labels[i] != that1.Labels[i] {
return false
}
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginStaticCredentialsSpecV1) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginStaticCredentialsSpecV1)
if !ok {
that2, ok := that.(PluginStaticCredentialsSpecV1)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if that1.Credentials == nil {
if this.Credentials != nil {
return false
}
} else if this.Credentials == nil {
return false
} else if !this.Credentials.Equal(that1.Credentials) {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginStaticCredentialsSpecV1_APIToken) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginStaticCredentialsSpecV1_APIToken)
if !ok {
that2, ok := that.(PluginStaticCredentialsSpecV1_APIToken)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.APIToken != that1.APIToken {
return false
}
return true
}
func (this *PluginStaticCredentialsSpecV1_BasicAuth) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginStaticCredentialsSpecV1_BasicAuth)
if !ok {
that2, ok := that.(PluginStaticCredentialsSpecV1_BasicAuth)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.BasicAuth.Equal(that1.BasicAuth) {
return false
}
return true
}
func (this *PluginStaticCredentialsSpecV1_OAuthClientSecret) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginStaticCredentialsSpecV1_OAuthClientSecret)
if !ok {
that2, ok := that.(PluginStaticCredentialsSpecV1_OAuthClientSecret)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.OAuthClientSecret.Equal(that1.OAuthClientSecret) {
return false
}
return true
}
func (this *PluginStaticCredentialsSpecV1_SSHCertAuthorities) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginStaticCredentialsSpecV1_SSHCertAuthorities)
if !ok {
that2, ok := that.(PluginStaticCredentialsSpecV1_SSHCertAuthorities)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !this.SSHCertAuthorities.Equal(that1.SSHCertAuthorities) {
return false
}
return true
}
func (this *PluginStaticCredentialsSpecV1_PrivateKey) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginStaticCredentialsSpecV1_PrivateKey)
if !ok {
that2, ok := that.(PluginStaticCredentialsSpecV1_PrivateKey)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if !bytes.Equal(this.PrivateKey, that1.PrivateKey) {
return false
}
return true
}
func (this *PluginStaticCredentialsBasicAuth) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginStaticCredentialsBasicAuth)
if !ok {
that2, ok := that.(PluginStaticCredentialsBasicAuth)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.Username != that1.Username {
return false
}
if this.Password != that1.Password {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginStaticCredentialsOAuthClientSecret) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginStaticCredentialsOAuthClientSecret)
if !ok {
that2, ok := that.(PluginStaticCredentialsOAuthClientSecret)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.ClientId != that1.ClientId {
return false
}
if this.ClientSecret != that1.ClientSecret {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *PluginStaticCredentialsSSHCertAuthorities) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*PluginStaticCredentialsSSHCertAuthorities)
if !ok {
that2, ok := that.(PluginStaticCredentialsSSHCertAuthorities)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if len(this.CertAuthorities) != len(that1.CertAuthorities) {
return false
}
for i := range this.CertAuthorities {
if !this.CertAuthorities[i].Equal(that1.CertAuthorities[i]) {
return false
}
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *JamfSpecV1) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*JamfSpecV1)
if !ok {
that2, ok := that.(JamfSpecV1)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.Enabled != that1.Enabled {
return false
}
if this.Name != that1.Name {
return false
}
if this.SyncDelay != that1.SyncDelay {
return false
}
if this.ApiEndpoint != that1.ApiEndpoint {
return false
}
if len(this.Inventory) != len(that1.Inventory) {
return false
}
for i := range this.Inventory {
if !this.Inventory[i].Equal(that1.Inventory[i]) {
return false
}
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (this *JamfInventoryEntry) Equal(that interface{}) bool {
if that == nil {
return this == nil
}
that1, ok := that.(*JamfInventoryEntry)
if !ok {
that2, ok := that.(JamfInventoryEntry)
if ok {
that1 = &that2
} else {
return false
}
}
if that1 == nil {
return this == nil
} else if this == nil {
return false
}
if this.FilterRsql != that1.FilterRsql {
return false
}
if this.SyncPeriodPartial != that1.SyncPeriodPartial {
return false
}
if this.SyncPeriodFull != that1.SyncPeriodFull {
return false
}
if this.OnMissing != that1.OnMissing {
return false
}
if this.PageSize != that1.PageSize {
return false
}
if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
return false
}
return true
}
func (m *KeepAlive) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KeepAlive) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KeepAlive) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.HostID) > 0 {
i -= len(m.HostID)
copy(dAtA[i:], m.HostID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.HostID)))
i--
dAtA[i] = 0x52
}
if m.Type != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Type))
i--
dAtA[i] = 0x48
}
n1, err1 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):])
if err1 != nil {
return 0, err1
}
i -= n1
i = encodeVarintTypes(dAtA, i, uint64(n1))
i--
dAtA[i] = 0x22
if len(m.Namespace) > 0 {
i -= len(m.Namespace)
copy(dAtA[i:], m.Namespace)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Namespace)))
i--
dAtA[i] = 0x12
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *Rotation) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Rotation) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Rotation) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Schedule.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x42
n3, err3 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastRotated, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastRotated):])
if err3 != nil {
return 0, err3
}
i -= n3
i = encodeVarintTypes(dAtA, i, uint64(n3))
i--
dAtA[i] = 0x3a
if m.GracePeriod != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.GracePeriod))
i--
dAtA[i] = 0x30
}
n4, err4 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Started, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Started):])
if err4 != nil {
return 0, err4
}
i -= n4
i = encodeVarintTypes(dAtA, i, uint64(n4))
i--
dAtA[i] = 0x2a
if len(m.CurrentID) > 0 {
i -= len(m.CurrentID)
copy(dAtA[i:], m.CurrentID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CurrentID)))
i--
dAtA[i] = 0x22
}
if len(m.Mode) > 0 {
i -= len(m.Mode)
copy(dAtA[i:], m.Mode)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Mode)))
i--
dAtA[i] = 0x1a
}
if len(m.Phase) > 0 {
i -= len(m.Phase)
copy(dAtA[i:], m.Phase)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Phase)))
i--
dAtA[i] = 0x12
}
if len(m.State) > 0 {
i -= len(m.State)
copy(dAtA[i:], m.State)
i = encodeVarintTypes(dAtA, i, uint64(len(m.State)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *RotationSchedule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RotationSchedule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RotationSchedule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
n5, err5 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Standby, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Standby):])
if err5 != nil {
return 0, err5
}
i -= n5
i = encodeVarintTypes(dAtA, i, uint64(n5))
i--
dAtA[i] = 0x1a
n6, err6 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.UpdateServers, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.UpdateServers):])
if err6 != nil {
return 0, err6
}
i -= n6
i = encodeVarintTypes(dAtA, i, uint64(n6))
i--
dAtA[i] = 0x12
n7, err7 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.UpdateClients, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.UpdateClients):])
if err7 != nil {
return 0, err7
}
i -= n7
i = encodeVarintTypes(dAtA, i, uint64(n7))
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *ResourceHeader) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ResourceHeader) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ResourceHeader) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *DatabaseServerV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DatabaseServerV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DatabaseServerV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Scope) > 0 {
i -= len(m.Scope)
copy(dAtA[i:], m.Scope)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Scope)))
i--
dAtA[i] = 0x3a
}
{
size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *DatabaseServerSpecV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DatabaseServerSpecV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DatabaseServerSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.RelayIds) > 0 {
for iNdEx := len(m.RelayIds) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.RelayIds[iNdEx])
copy(dAtA[i:], m.RelayIds[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.RelayIds[iNdEx])))
i--
dAtA[i] = 0x7a
}
}
if len(m.RelayGroup) > 0 {
i -= len(m.RelayGroup)
copy(dAtA[i:], m.RelayGroup)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RelayGroup)))
i--
dAtA[i] = 0x72
}
if len(m.ProxyIDs) > 0 {
for iNdEx := len(m.ProxyIDs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ProxyIDs[iNdEx])
copy(dAtA[i:], m.ProxyIDs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProxyIDs[iNdEx])))
i--
dAtA[i] = 0x6a
}
}
if m.Database != nil {
{
size, err := m.Database.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x62
}
{
size, err := m.Rotation.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x52
if len(m.HostID) > 0 {
i -= len(m.HostID)
copy(dAtA[i:], m.HostID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.HostID)))
i--
dAtA[i] = 0x42
}
if len(m.Hostname) > 0 {
i -= len(m.Hostname)
copy(dAtA[i:], m.Hostname)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Hostname)))
i--
dAtA[i] = 0x3a
}
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x32
}
return len(dAtA) - i, nil
}
func (m *DatabaseServerStatusV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DatabaseServerStatusV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DatabaseServerStatusV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.TargetHealth != nil {
{
size, err := m.TargetHealth.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x72
}
return len(dAtA) - i, nil
}
func (m *DatabaseV3List) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DatabaseV3List) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DatabaseV3List) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Databases) > 0 {
for iNdEx := len(m.Databases) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Databases[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *DatabaseV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DatabaseV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DatabaseV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *DatabaseSpecV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DatabaseSpecV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DatabaseSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Oracle.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x6a
{
size, err := m.MongoAtlas.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x62
if m.AdminUser != nil {
{
size, err := m.AdminUser.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x5a
}
{
size, err := m.MySQL.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x52
{
size, err := m.AD.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
{
size, err := m.TLS.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x42
{
size, err := m.Azure.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x3a
{
size, err := m.GCP.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
{
size, err := m.AWS.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
if len(m.DynamicLabels) > 0 {
for k := range m.DynamicLabels {
v := m.DynamicLabels[k]
baseI := i
{
size, err := (&v).MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0x22
}
}
if len(m.CACert) > 0 {
i -= len(m.CACert)
copy(dAtA[i:], m.CACert)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CACert)))
i--
dAtA[i] = 0x1a
}
if len(m.URI) > 0 {
i -= len(m.URI)
copy(dAtA[i:], m.URI)
i = encodeVarintTypes(dAtA, i, uint64(len(m.URI)))
i--
dAtA[i] = 0x12
}
if len(m.Protocol) > 0 {
i -= len(m.Protocol)
copy(dAtA[i:], m.Protocol)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Protocol)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *DatabaseAdminUser) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DatabaseAdminUser) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DatabaseAdminUser) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.DefaultDatabase) > 0 {
i -= len(m.DefaultDatabase)
copy(dAtA[i:], m.DefaultDatabase)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DefaultDatabase)))
i--
dAtA[i] = 0x12
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *OracleOptions) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *OracleOptions) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *OracleOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.ShuffleHostnames {
i--
if m.ShuffleHostnames {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x18
}
if m.RetryCount != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.RetryCount))
i--
dAtA[i] = 0x10
}
if len(m.AuditUser) > 0 {
i -= len(m.AuditUser)
copy(dAtA[i:], m.AuditUser)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AuditUser)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *DatabaseStatusV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DatabaseStatusV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DatabaseStatusV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Azure.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
if len(m.ManagedUsers) > 0 {
for iNdEx := len(m.ManagedUsers) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ManagedUsers[iNdEx])
copy(dAtA[i:], m.ManagedUsers[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ManagedUsers[iNdEx])))
i--
dAtA[i] = 0x22
}
}
{
size, err := m.MySQL.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
{
size, err := m.AWS.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
if len(m.CACert) > 0 {
i -= len(m.CACert)
copy(dAtA[i:], m.CACert)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CACert)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AWS) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWS) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWS) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.ElastiCacheServerless.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x8a
{
size, err := m.DocumentDB.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x82
if len(m.SessionTags) > 0 {
for k := range m.SessionTags {
v := m.SessionTags[k]
baseI := i
i -= len(v)
copy(dAtA[i:], v)
i = encodeVarintTypes(dAtA, i, uint64(len(v)))
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0x7a
}
}
if m.IAMPolicyStatus != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.IAMPolicyStatus))
i--
dAtA[i] = 0x70
}
{
size, err := m.OpenSearch.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x62
if len(m.AssumeRoleARN) > 0 {
i -= len(m.AssumeRoleARN)
copy(dAtA[i:], m.AssumeRoleARN)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AssumeRoleARN)))
i--
dAtA[i] = 0x5a
}
if len(m.ExternalID) > 0 {
i -= len(m.ExternalID)
copy(dAtA[i:], m.ExternalID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ExternalID)))
i--
dAtA[i] = 0x52
}
{
size, err := m.RedshiftServerless.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
{
size, err := m.RDSProxy.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x42
{
size, err := m.MemoryDB.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x3a
{
size, err := m.SecretStore.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
{
size, err := m.ElastiCache.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
if len(m.AccountID) > 0 {
i -= len(m.AccountID)
copy(dAtA[i:], m.AccountID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AccountID)))
i--
dAtA[i] = 0x22
}
{
size, err := m.RDS.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
{
size, err := m.Redshift.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
if len(m.Region) > 0 {
i -= len(m.Region)
copy(dAtA[i:], m.Region)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Region)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SecretStore) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SecretStore) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SecretStore) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.KMSKeyID) > 0 {
i -= len(m.KMSKeyID)
copy(dAtA[i:], m.KMSKeyID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.KMSKeyID)))
i--
dAtA[i] = 0x12
}
if len(m.KeyPrefix) > 0 {
i -= len(m.KeyPrefix)
copy(dAtA[i:], m.KeyPrefix)
i = encodeVarintTypes(dAtA, i, uint64(len(m.KeyPrefix)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *Redshift) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Redshift) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Redshift) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ClusterID) > 0 {
i -= len(m.ClusterID)
copy(dAtA[i:], m.ClusterID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClusterID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *RDS) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RDS) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RDS) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.SecurityGroups) > 0 {
for iNdEx := len(m.SecurityGroups) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.SecurityGroups[iNdEx])
copy(dAtA[i:], m.SecurityGroups[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.SecurityGroups[iNdEx])))
i--
dAtA[i] = 0x3a
}
}
if len(m.VPCID) > 0 {
i -= len(m.VPCID)
copy(dAtA[i:], m.VPCID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.VPCID)))
i--
dAtA[i] = 0x32
}
if len(m.Subnets) > 0 {
for iNdEx := len(m.Subnets) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Subnets[iNdEx])
copy(dAtA[i:], m.Subnets[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Subnets[iNdEx])))
i--
dAtA[i] = 0x2a
}
}
if m.IAMAuth {
i--
if m.IAMAuth {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x20
}
if len(m.ResourceID) > 0 {
i -= len(m.ResourceID)
copy(dAtA[i:], m.ResourceID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ResourceID)))
i--
dAtA[i] = 0x1a
}
if len(m.ClusterID) > 0 {
i -= len(m.ClusterID)
copy(dAtA[i:], m.ClusterID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClusterID)))
i--
dAtA[i] = 0x12
}
if len(m.InstanceID) > 0 {
i -= len(m.InstanceID)
copy(dAtA[i:], m.InstanceID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.InstanceID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *RDSProxy) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RDSProxy) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RDSProxy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ResourceID) > 0 {
i -= len(m.ResourceID)
copy(dAtA[i:], m.ResourceID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ResourceID)))
i--
dAtA[i] = 0x1a
}
if len(m.CustomEndpointName) > 0 {
i -= len(m.CustomEndpointName)
copy(dAtA[i:], m.CustomEndpointName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CustomEndpointName)))
i--
dAtA[i] = 0x12
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ElastiCache) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ElastiCache) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ElastiCache) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.EndpointType) > 0 {
i -= len(m.EndpointType)
copy(dAtA[i:], m.EndpointType)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EndpointType)))
i--
dAtA[i] = 0x22
}
if m.TransitEncryptionEnabled {
i--
if m.TransitEncryptionEnabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x18
}
if len(m.UserGroupIDs) > 0 {
for iNdEx := len(m.UserGroupIDs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.UserGroupIDs[iNdEx])
copy(dAtA[i:], m.UserGroupIDs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserGroupIDs[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.ReplicationGroupID) > 0 {
i -= len(m.ReplicationGroupID)
copy(dAtA[i:], m.ReplicationGroupID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ReplicationGroupID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ElastiCacheServerless) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ElastiCacheServerless) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ElastiCacheServerless) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.CacheName) > 0 {
i -= len(m.CacheName)
copy(dAtA[i:], m.CacheName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CacheName)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *MemoryDB) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *MemoryDB) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *MemoryDB) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.EndpointType) > 0 {
i -= len(m.EndpointType)
copy(dAtA[i:], m.EndpointType)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EndpointType)))
i--
dAtA[i] = 0x22
}
if m.TLSEnabled {
i--
if m.TLSEnabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x18
}
if len(m.ACLName) > 0 {
i -= len(m.ACLName)
copy(dAtA[i:], m.ACLName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ACLName)))
i--
dAtA[i] = 0x12
}
if len(m.ClusterName) > 0 {
i -= len(m.ClusterName)
copy(dAtA[i:], m.ClusterName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClusterName)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *RedshiftServerless) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RedshiftServerless) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RedshiftServerless) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.WorkgroupID) > 0 {
i -= len(m.WorkgroupID)
copy(dAtA[i:], m.WorkgroupID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.WorkgroupID)))
i--
dAtA[i] = 0x1a
}
if len(m.EndpointName) > 0 {
i -= len(m.EndpointName)
copy(dAtA[i:], m.EndpointName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EndpointName)))
i--
dAtA[i] = 0x12
}
if len(m.WorkgroupName) > 0 {
i -= len(m.WorkgroupName)
copy(dAtA[i:], m.WorkgroupName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.WorkgroupName)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *OpenSearch) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *OpenSearch) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *OpenSearch) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.EndpointType) > 0 {
i -= len(m.EndpointType)
copy(dAtA[i:], m.EndpointType)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EndpointType)))
i--
dAtA[i] = 0x1a
}
if len(m.DomainID) > 0 {
i -= len(m.DomainID)
copy(dAtA[i:], m.DomainID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DomainID)))
i--
dAtA[i] = 0x12
}
if len(m.DomainName) > 0 {
i -= len(m.DomainName)
copy(dAtA[i:], m.DomainName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DomainName)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *DocumentDB) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DocumentDB) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DocumentDB) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.EndpointType) > 0 {
i -= len(m.EndpointType)
copy(dAtA[i:], m.EndpointType)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EndpointType)))
i--
dAtA[i] = 0x1a
}
if len(m.InstanceID) > 0 {
i -= len(m.InstanceID)
copy(dAtA[i:], m.InstanceID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.InstanceID)))
i--
dAtA[i] = 0x12
}
if len(m.ClusterID) > 0 {
i -= len(m.ClusterID)
copy(dAtA[i:], m.ClusterID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClusterID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *GCPCloudSQL) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *GCPCloudSQL) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *GCPCloudSQL) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.AlloyDB.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
if len(m.InstanceID) > 0 {
i -= len(m.InstanceID)
copy(dAtA[i:], m.InstanceID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.InstanceID)))
i--
dAtA[i] = 0x12
}
if len(m.ProjectID) > 0 {
i -= len(m.ProjectID)
copy(dAtA[i:], m.ProjectID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProjectID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AlloyDB) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AlloyDB) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AlloyDB) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.EndpointOverride) > 0 {
i -= len(m.EndpointOverride)
copy(dAtA[i:], m.EndpointOverride)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EndpointOverride)))
i--
dAtA[i] = 0x12
}
if len(m.EndpointType) > 0 {
i -= len(m.EndpointType)
copy(dAtA[i:], m.EndpointType)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EndpointType)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *Azure) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Azure) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Azure) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.IsFlexiServer {
i--
if m.IsFlexiServer {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x20
}
{
size, err := m.Redis.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
if len(m.ResourceID) > 0 {
i -= len(m.ResourceID)
copy(dAtA[i:], m.ResourceID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ResourceID)))
i--
dAtA[i] = 0x12
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AzureRedis) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AzureRedis) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AzureRedis) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ClusteringPolicy) > 0 {
i -= len(m.ClusteringPolicy)
copy(dAtA[i:], m.ClusteringPolicy)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClusteringPolicy)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AD) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AD) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AD) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.LDAPServiceAccountSID) > 0 {
i -= len(m.LDAPServiceAccountSID)
copy(dAtA[i:], m.LDAPServiceAccountSID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.LDAPServiceAccountSID)))
i--
dAtA[i] = 0x42
}
if len(m.LDAPServiceAccountName) > 0 {
i -= len(m.LDAPServiceAccountName)
copy(dAtA[i:], m.LDAPServiceAccountName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.LDAPServiceAccountName)))
i--
dAtA[i] = 0x3a
}
if len(m.KDCHostName) > 0 {
i -= len(m.KDCHostName)
copy(dAtA[i:], m.KDCHostName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.KDCHostName)))
i--
dAtA[i] = 0x32
}
if len(m.LDAPCert) > 0 {
i -= len(m.LDAPCert)
copy(dAtA[i:], m.LDAPCert)
i = encodeVarintTypes(dAtA, i, uint64(len(m.LDAPCert)))
i--
dAtA[i] = 0x2a
}
if len(m.SPN) > 0 {
i -= len(m.SPN)
copy(dAtA[i:], m.SPN)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SPN)))
i--
dAtA[i] = 0x22
}
if len(m.Domain) > 0 {
i -= len(m.Domain)
copy(dAtA[i:], m.Domain)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Domain)))
i--
dAtA[i] = 0x1a
}
if len(m.Krb5File) > 0 {
i -= len(m.Krb5File)
copy(dAtA[i:], m.Krb5File)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Krb5File)))
i--
dAtA[i] = 0x12
}
if len(m.KeytabFile) > 0 {
i -= len(m.KeytabFile)
copy(dAtA[i:], m.KeytabFile)
i = encodeVarintTypes(dAtA, i, uint64(len(m.KeytabFile)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *DatabaseTLS) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DatabaseTLS) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DatabaseTLS) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.TrustSystemCertPool {
i--
if m.TrustSystemCertPool {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x20
}
if len(m.ServerName) > 0 {
i -= len(m.ServerName)
copy(dAtA[i:], m.ServerName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ServerName)))
i--
dAtA[i] = 0x1a
}
if len(m.CACert) > 0 {
i -= len(m.CACert)
copy(dAtA[i:], m.CACert)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CACert)))
i--
dAtA[i] = 0x12
}
if m.Mode != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Mode))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *MySQLOptions) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *MySQLOptions) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *MySQLOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ServerVersion) > 0 {
i -= len(m.ServerVersion)
copy(dAtA[i:], m.ServerVersion)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ServerVersion)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *MongoAtlas) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *MongoAtlas) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *MongoAtlas) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *InstanceV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *InstanceV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *InstanceV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *InstanceSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *InstanceSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *InstanceSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.UpdaterInfo != nil {
{
size, err := m.UpdaterInfo.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x52
}
if m.LastMeasurement != nil {
{
size, err := m.LastMeasurement.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
}
if len(m.ExternalUpgraderVersion) > 0 {
i -= len(m.ExternalUpgraderVersion)
copy(dAtA[i:], m.ExternalUpgraderVersion)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ExternalUpgraderVersion)))
i--
dAtA[i] = 0x42
}
if len(m.ExternalUpgrader) > 0 {
i -= len(m.ExternalUpgrader)
copy(dAtA[i:], m.ExternalUpgrader)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ExternalUpgrader)))
i--
dAtA[i] = 0x3a
}
if len(m.ControlLog) > 0 {
for iNdEx := len(m.ControlLog) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.ControlLog[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
}
n47, err47 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastSeen, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastSeen):])
if err47 != nil {
return 0, err47
}
i -= n47
i = encodeVarintTypes(dAtA, i, uint64(n47))
i--
dAtA[i] = 0x2a
if len(m.AuthID) > 0 {
i -= len(m.AuthID)
copy(dAtA[i:], m.AuthID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AuthID)))
i--
dAtA[i] = 0x22
}
if len(m.Hostname) > 0 {
i -= len(m.Hostname)
copy(dAtA[i:], m.Hostname)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Hostname)))
i--
dAtA[i] = 0x1a
}
if len(m.Services) > 0 {
for iNdEx := len(m.Services) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Services[iNdEx])
copy(dAtA[i:], m.Services[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Services[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SystemClockMeasurement) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SystemClockMeasurement) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SystemClockMeasurement) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
n48, err48 := github_com_gogo_protobuf_types.StdDurationMarshalTo(m.RequestDuration, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdDuration(m.RequestDuration):])
if err48 != nil {
return 0, err48
}
i -= n48
i = encodeVarintTypes(dAtA, i, uint64(n48))
i--
dAtA[i] = 0x1a
n49, err49 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.SystemClock, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.SystemClock):])
if err49 != nil {
return 0, err49
}
i -= n49
i = encodeVarintTypes(dAtA, i, uint64(n49))
i--
dAtA[i] = 0x12
n50, err50 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.ControllerSystemClock, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.ControllerSystemClock):])
if err50 != nil {
return 0, err50
}
i -= n50
i = encodeVarintTypes(dAtA, i, uint64(n50))
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *InstanceControlLogEntry) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *InstanceControlLogEntry) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *InstanceControlLogEntry) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Labels) > 0 {
for k := range m.Labels {
v := m.Labels[k]
baseI := i
i -= len(v)
copy(dAtA[i:], v)
i = encodeVarintTypes(dAtA, i, uint64(len(v)))
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0x2a
}
}
if m.TTL != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.TTL))
i--
dAtA[i] = 0x20
}
n51, err51 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Time, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Time):])
if err51 != nil {
return 0, err51
}
i -= n51
i = encodeVarintTypes(dAtA, i, uint64(n51))
i--
dAtA[i] = 0x1a
if m.ID != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ID))
i--
dAtA[i] = 0x10
}
if len(m.Type) > 0 {
i -= len(m.Type)
copy(dAtA[i:], m.Type)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *UpdaterV2Info) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *UpdaterV2Info) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *UpdaterV2Info) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.UpdaterStatus != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.UpdaterStatus))
i--
dAtA[i] = 0x18
}
if len(m.UpdateUUID) > 0 {
i -= len(m.UpdateUUID)
copy(dAtA[i:], m.UpdateUUID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UpdateUUID)))
i--
dAtA[i] = 0x12
}
if len(m.UpdateGroup) > 0 {
i -= len(m.UpdateGroup)
copy(dAtA[i:], m.UpdateGroup)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UpdateGroup)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *InstanceFilter) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *InstanceFilter) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *InstanceFilter) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.UpdateGroup) > 0 {
i -= len(m.UpdateGroup)
copy(dAtA[i:], m.UpdateGroup)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UpdateGroup)))
i--
dAtA[i] = 0x42
}
if len(m.NewerThanVersion) > 0 {
i -= len(m.NewerThanVersion)
copy(dAtA[i:], m.NewerThanVersion)
i = encodeVarintTypes(dAtA, i, uint64(len(m.NewerThanVersion)))
i--
dAtA[i] = 0x3a
}
if len(m.OlderThanVersion) > 0 {
i -= len(m.OlderThanVersion)
copy(dAtA[i:], m.OlderThanVersion)
i = encodeVarintTypes(dAtA, i, uint64(len(m.OlderThanVersion)))
i--
dAtA[i] = 0x32
}
if m.NoExtUpgrader {
i--
if m.NoExtUpgrader {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x28
}
if len(m.ExternalUpgrader) > 0 {
i -= len(m.ExternalUpgrader)
copy(dAtA[i:], m.ExternalUpgrader)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ExternalUpgrader)))
i--
dAtA[i] = 0x22
}
if len(m.Services) > 0 {
for iNdEx := len(m.Services) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Services[iNdEx])
copy(dAtA[i:], m.Services[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Services[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x12
}
if len(m.ServerID) > 0 {
i -= len(m.ServerID)
copy(dAtA[i:], m.ServerID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ServerID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ServerV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ServerV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ServerV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Scope) > 0 {
i -= len(m.Scope)
copy(dAtA[i:], m.Scope)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Scope)))
i--
dAtA[i] = 0x32
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ServerSpecV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ServerSpecV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ServerSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.ComponentFeatures != nil {
{
size, err := m.ComponentFeatures.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x92
}
if len(m.RelayIds) > 0 {
for iNdEx := len(m.RelayIds) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.RelayIds[iNdEx])
copy(dAtA[i:], m.RelayIds[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.RelayIds[iNdEx])))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x8a
}
}
if len(m.RelayGroup) > 0 {
i -= len(m.RelayGroup)
copy(dAtA[i:], m.RelayGroup)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RelayGroup)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x82
}
if m.GitHub != nil {
{
size, err := m.GitHub.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x7a
}
if m.CloudMetadata != nil {
{
size, err := m.CloudMetadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x72
}
if len(m.PublicAddrs) > 0 {
for iNdEx := len(m.PublicAddrs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.PublicAddrs[iNdEx])
copy(dAtA[i:], m.PublicAddrs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.PublicAddrs[iNdEx])))
i--
dAtA[i] = 0x6a
}
}
if len(m.ProxyIDs) > 0 {
for iNdEx := len(m.ProxyIDs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ProxyIDs[iNdEx])
copy(dAtA[i:], m.ProxyIDs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProxyIDs[iNdEx])))
i--
dAtA[i] = 0x62
}
}
if len(m.PeerAddr) > 0 {
i -= len(m.PeerAddr)
copy(dAtA[i:], m.PeerAddr)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PeerAddr)))
i--
dAtA[i] = 0x5a
}
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x3a
}
if m.UseTunnel {
i--
if m.UseTunnel {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x30
}
{
size, err := m.Rotation.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
if len(m.CmdLabels) > 0 {
for k := range m.CmdLabels {
v := m.CmdLabels[k]
baseI := i
{
size, err := (&v).MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0x22
}
}
if len(m.Hostname) > 0 {
i -= len(m.Hostname)
copy(dAtA[i:], m.Hostname)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Hostname)))
i--
dAtA[i] = 0x1a
}
if len(m.Addr) > 0 {
i -= len(m.Addr)
copy(dAtA[i:], m.Addr)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Addr)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AWSInfo) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWSInfo) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSInfo) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.SubnetID) > 0 {
i -= len(m.SubnetID)
copy(dAtA[i:], m.SubnetID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubnetID)))
i--
dAtA[i] = 0x32
}
if len(m.Integration) > 0 {
i -= len(m.Integration)
copy(dAtA[i:], m.Integration)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Integration)))
i--
dAtA[i] = 0x2a
}
if len(m.VPCID) > 0 {
i -= len(m.VPCID)
copy(dAtA[i:], m.VPCID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.VPCID)))
i--
dAtA[i] = 0x22
}
if len(m.Region) > 0 {
i -= len(m.Region)
copy(dAtA[i:], m.Region)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Region)))
i--
dAtA[i] = 0x1a
}
if len(m.InstanceID) > 0 {
i -= len(m.InstanceID)
copy(dAtA[i:], m.InstanceID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.InstanceID)))
i--
dAtA[i] = 0x12
}
if len(m.AccountID) > 0 {
i -= len(m.AccountID)
copy(dAtA[i:], m.AccountID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AccountID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *CloudMetadata) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *CloudMetadata) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *CloudMetadata) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.AWS != nil {
{
size, err := m.AWS.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *GitHubServerMetadata) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *GitHubServerMetadata) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *GitHubServerMetadata) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Integration) > 0 {
i -= len(m.Integration)
copy(dAtA[i:], m.Integration)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Integration)))
i--
dAtA[i] = 0x12
}
if len(m.Organization) > 0 {
i -= len(m.Organization)
copy(dAtA[i:], m.Organization)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Organization)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AppServerV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AppServerV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AppServerV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Scope) > 0 {
i -= len(m.Scope)
copy(dAtA[i:], m.Scope)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Scope)))
i--
dAtA[i] = 0x32
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AppServerSpecV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AppServerSpecV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AppServerSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.ComponentFeatures != nil {
{
size, err := m.ComponentFeatures.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
}
if len(m.RelayIds) > 0 {
for iNdEx := len(m.RelayIds) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.RelayIds[iNdEx])
copy(dAtA[i:], m.RelayIds[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.RelayIds[iNdEx])))
i--
dAtA[i] = 0x42
}
}
if len(m.RelayGroup) > 0 {
i -= len(m.RelayGroup)
copy(dAtA[i:], m.RelayGroup)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RelayGroup)))
i--
dAtA[i] = 0x3a
}
if len(m.ProxyIDs) > 0 {
for iNdEx := len(m.ProxyIDs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ProxyIDs[iNdEx])
copy(dAtA[i:], m.ProxyIDs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProxyIDs[iNdEx])))
i--
dAtA[i] = 0x32
}
}
if m.App != nil {
{
size, err := m.App.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
}
{
size, err := m.Rotation.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.HostID) > 0 {
i -= len(m.HostID)
copy(dAtA[i:], m.HostID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.HostID)))
i--
dAtA[i] = 0x1a
}
if len(m.Hostname) > 0 {
i -= len(m.Hostname)
copy(dAtA[i:], m.Hostname)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Hostname)))
i--
dAtA[i] = 0x12
}
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AppV3List) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AppV3List) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AppV3List) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Apps) > 0 {
for iNdEx := len(m.Apps) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Apps[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *AppV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AppV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AppV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *CORSPolicy) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *CORSPolicy) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *CORSPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ExposedHeaders) > 0 {
for iNdEx := len(m.ExposedHeaders) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ExposedHeaders[iNdEx])
copy(dAtA[i:], m.ExposedHeaders[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ExposedHeaders[iNdEx])))
i--
dAtA[i] = 0x32
}
}
if m.MaxAge != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.MaxAge))
i--
dAtA[i] = 0x28
}
if m.AllowCredentials {
i--
if m.AllowCredentials {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x20
}
if len(m.AllowedHeaders) > 0 {
for iNdEx := len(m.AllowedHeaders) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.AllowedHeaders[iNdEx])
copy(dAtA[i:], m.AllowedHeaders[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.AllowedHeaders[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.AllowedMethods) > 0 {
for iNdEx := len(m.AllowedMethods) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.AllowedMethods[iNdEx])
copy(dAtA[i:], m.AllowedMethods[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.AllowedMethods[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.AllowedOrigins) > 0 {
for iNdEx := len(m.AllowedOrigins) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.AllowedOrigins[iNdEx])
copy(dAtA[i:], m.AllowedOrigins[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.AllowedOrigins[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *IdentityCenterPermissionSet) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *IdentityCenterPermissionSet) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *IdentityCenterPermissionSet) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.AssignmentID) > 0 {
i -= len(m.AssignmentID)
copy(dAtA[i:], m.AssignmentID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AssignmentID)))
i--
dAtA[i] = 0x1a
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0x12
}
if len(m.ARN) > 0 {
i -= len(m.ARN)
copy(dAtA[i:], m.ARN)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ARN)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AppIdentityCenter) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AppIdentityCenter) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AppIdentityCenter) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.PermissionSets) > 0 {
for iNdEx := len(m.PermissionSets) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.PermissionSets[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
}
if len(m.AccountID) > 0 {
i -= len(m.AccountID)
copy(dAtA[i:], m.AccountID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AccountID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AppSpecV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AppSpecV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AppSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.MCP != nil {
{
size, err := m.MCP.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x7a
}
if m.UseAnyProxyPublicAddr {
i--
if m.UseAnyProxyPublicAddr {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x70
}
if len(m.TCPPorts) > 0 {
for iNdEx := len(m.TCPPorts) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.TCPPorts[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x6a
}
}
if m.IdentityCenter != nil {
{
size, err := m.IdentityCenter.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x62
}
if m.CORS != nil {
{
size, err := m.CORS.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x5a
}
if len(m.RequiredAppNames) > 0 {
for iNdEx := len(m.RequiredAppNames) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.RequiredAppNames[iNdEx])
copy(dAtA[i:], m.RequiredAppNames[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.RequiredAppNames[iNdEx])))
i--
dAtA[i] = 0x52
}
}
if len(m.Integration) > 0 {
i -= len(m.Integration)
copy(dAtA[i:], m.Integration)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Integration)))
i--
dAtA[i] = 0x4a
}
if len(m.UserGroups) > 0 {
for iNdEx := len(m.UserGroups) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.UserGroups[iNdEx])
copy(dAtA[i:], m.UserGroups[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserGroups[iNdEx])))
i--
dAtA[i] = 0x42
}
}
if len(m.Cloud) > 0 {
i -= len(m.Cloud)
copy(dAtA[i:], m.Cloud)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Cloud)))
i--
dAtA[i] = 0x3a
}
if m.AWS != nil {
{
size, err := m.AWS.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
if m.Rewrite != nil {
{
size, err := m.Rewrite.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
}
if m.InsecureSkipVerify {
i--
if m.InsecureSkipVerify {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x20
}
if len(m.DynamicLabels) > 0 {
for k := range m.DynamicLabels {
v := m.DynamicLabels[k]
baseI := i
{
size, err := (&v).MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0x1a
}
}
if len(m.PublicAddr) > 0 {
i -= len(m.PublicAddr)
copy(dAtA[i:], m.PublicAddr)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PublicAddr)))
i--
dAtA[i] = 0x12
}
if len(m.URI) > 0 {
i -= len(m.URI)
copy(dAtA[i:], m.URI)
i = encodeVarintTypes(dAtA, i, uint64(len(m.URI)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *MCP) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *MCP) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *MCP) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.RunAsHostUser) > 0 {
i -= len(m.RunAsHostUser)
copy(dAtA[i:], m.RunAsHostUser)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RunAsHostUser)))
i--
dAtA[i] = 0x1a
}
if len(m.Args) > 0 {
for iNdEx := len(m.Args) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Args[iNdEx])
copy(dAtA[i:], m.Args[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Args[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Command) > 0 {
i -= len(m.Command)
copy(dAtA[i:], m.Command)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Command)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *Rewrite) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Rewrite) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Rewrite) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.JWTClaims) > 0 {
i -= len(m.JWTClaims)
copy(dAtA[i:], m.JWTClaims)
i = encodeVarintTypes(dAtA, i, uint64(len(m.JWTClaims)))
i--
dAtA[i] = 0x1a
}
if len(m.Headers) > 0 {
for iNdEx := len(m.Headers) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Headers[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
}
if len(m.Redirect) > 0 {
for iNdEx := len(m.Redirect) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Redirect[iNdEx])
copy(dAtA[i:], m.Redirect[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Redirect[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *Header) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Header) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Header) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Value) > 0 {
i -= len(m.Value)
copy(dAtA[i:], m.Value)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Value)))
i--
dAtA[i] = 0x12
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PortRange) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PortRange) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PortRange) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.EndPort != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.EndPort))
i--
dAtA[i] = 0x10
}
if m.Port != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Port))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *CommandLabelV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *CommandLabelV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *CommandLabelV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Result) > 0 {
i -= len(m.Result)
copy(dAtA[i:], m.Result)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Result)))
i--
dAtA[i] = 0x1a
}
if len(m.Command) > 0 {
for iNdEx := len(m.Command) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Command[iNdEx])
copy(dAtA[i:], m.Command[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Command[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if m.Period != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Period))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *AppAWS) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AppAWS) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AppAWS) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.RolesAnywhereProfile != nil {
{
size, err := m.RolesAnywhereProfile.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
if len(m.ExternalID) > 0 {
i -= len(m.ExternalID)
copy(dAtA[i:], m.ExternalID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ExternalID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AppAWSRolesAnywhereProfile) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AppAWSRolesAnywhereProfile) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AppAWSRolesAnywhereProfile) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.AcceptRoleSessionName {
i--
if m.AcceptRoleSessionName {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x10
}
if len(m.ProfileARN) > 0 {
i -= len(m.ProfileARN)
copy(dAtA[i:], m.ProfileARN)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProfileARN)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SSHKeyPair) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SSHKeyPair) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SSHKeyPair) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.PrivateKeyType != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.PrivateKeyType))
i--
dAtA[i] = 0x18
}
if len(m.PrivateKey) > 0 {
i -= len(m.PrivateKey)
copy(dAtA[i:], m.PrivateKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PrivateKey)))
i--
dAtA[i] = 0x12
}
if len(m.PublicKey) > 0 {
i -= len(m.PublicKey)
copy(dAtA[i:], m.PublicKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PublicKey)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *TLSKeyPair) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *TLSKeyPair) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TLSKeyPair) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.CRL) > 0 {
i -= len(m.CRL)
copy(dAtA[i:], m.CRL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CRL)))
i--
dAtA[i] = 0x22
}
if m.KeyType != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.KeyType))
i--
dAtA[i] = 0x18
}
if len(m.Key) > 0 {
i -= len(m.Key)
copy(dAtA[i:], m.Key)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Key)))
i--
dAtA[i] = 0x12
}
if len(m.Cert) > 0 {
i -= len(m.Cert)
copy(dAtA[i:], m.Cert)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Cert)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *JWTKeyPair) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *JWTKeyPair) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *JWTKeyPair) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.PrivateKeyType != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.PrivateKeyType))
i--
dAtA[i] = 0x18
}
if len(m.PrivateKey) > 0 {
i -= len(m.PrivateKey)
copy(dAtA[i:], m.PrivateKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PrivateKey)))
i--
dAtA[i] = 0x12
}
if len(m.PublicKey) > 0 {
i -= len(m.PublicKey)
copy(dAtA[i:], m.PublicKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PublicKey)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *EncryptionKeyPair) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *EncryptionKeyPair) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *EncryptionKeyPair) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Hash != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Hash))
i--
dAtA[i] = 0x20
}
if m.PrivateKeyType != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.PrivateKeyType))
i--
dAtA[i] = 0x18
}
if len(m.PrivateKey) > 0 {
i -= len(m.PrivateKey)
copy(dAtA[i:], m.PrivateKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PrivateKey)))
i--
dAtA[i] = 0x12
}
if len(m.PublicKey) > 0 {
i -= len(m.PublicKey)
copy(dAtA[i:], m.PublicKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PublicKey)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AgeEncryptionKey) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AgeEncryptionKey) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AgeEncryptionKey) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.PublicKey) > 0 {
i -= len(m.PublicKey)
copy(dAtA[i:], m.PublicKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PublicKey)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *CertAuthorityV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *CertAuthorityV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *CertAuthorityV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *CertAuthoritySpecV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *CertAuthoritySpecV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *CertAuthoritySpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.AdditionalTrustedKeys.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x62
{
size, err := m.ActiveKeys.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x5a
if m.SigningAlg != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.SigningAlg))
i--
dAtA[i] = 0x48
}
if m.Rotation != nil {
{
size, err := m.Rotation.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x42
}
if len(m.RoleMap) > 0 {
for iNdEx := len(m.RoleMap) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.RoleMap[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
}
if len(m.Roles) > 0 {
for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Roles[iNdEx])
copy(dAtA[i:], m.Roles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Roles[iNdEx])))
i--
dAtA[i] = 0x2a
}
}
if len(m.ClusterName) > 0 {
i -= len(m.ClusterName)
copy(dAtA[i:], m.ClusterName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClusterName)))
i--
dAtA[i] = 0x12
}
if len(m.Type) > 0 {
i -= len(m.Type)
copy(dAtA[i:], m.Type)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *CAKeySet) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *CAKeySet) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *CAKeySet) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.JWT) > 0 {
for iNdEx := len(m.JWT) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.JWT[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
}
if len(m.TLS) > 0 {
for iNdEx := len(m.TLS) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.TLS[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
}
if len(m.SSH) > 0 {
for iNdEx := len(m.SSH) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.SSH[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *RoleMapping) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RoleMapping) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RoleMapping) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Local) > 0 {
for iNdEx := len(m.Local) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Local[iNdEx])
copy(dAtA[i:], m.Local[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Local[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Remote) > 0 {
i -= len(m.Remote)
copy(dAtA[i:], m.Remote)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Remote)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Token) > 0 {
i -= len(m.Token)
copy(dAtA[i:], m.Token)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Token)))
i--
dAtA[i] = 0x1a
}
n79, err79 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):])
if err79 != nil {
return 0, err79
}
i -= n79
i = encodeVarintTypes(dAtA, i, uint64(n79))
i--
dAtA[i] = 0x12
if len(m.Roles) > 0 {
for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Roles[iNdEx])
copy(dAtA[i:], m.Roles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Roles[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Status != nil {
{
size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenV2List) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenV2List) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenV2List) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ProvisionTokens) > 0 {
for iNdEx := len(m.ProvisionTokens) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.ProvisionTokens[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *TokenRule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *TokenRule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TokenRule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.AWSOrganizationID) > 0 {
i -= len(m.AWSOrganizationID)
copy(dAtA[i:], m.AWSOrganizationID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AWSOrganizationID)))
i--
dAtA[i] = 0x2a
}
if len(m.AWSARN) > 0 {
i -= len(m.AWSARN)
copy(dAtA[i:], m.AWSARN)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AWSARN)))
i--
dAtA[i] = 0x22
}
if len(m.AWSRole) > 0 {
i -= len(m.AWSRole)
copy(dAtA[i:], m.AWSRole)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AWSRole)))
i--
dAtA[i] = 0x1a
}
if len(m.AWSRegions) > 0 {
for iNdEx := len(m.AWSRegions) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.AWSRegions[iNdEx])
copy(dAtA[i:], m.AWSRegions[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.AWSRegions[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.AWSAccount) > 0 {
i -= len(m.AWSAccount)
copy(dAtA[i:], m.AWSAccount)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AWSAccount)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Integration) > 0 {
i -= len(m.Integration)
copy(dAtA[i:], m.Integration)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Integration)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xb2
}
if m.Env0 != nil {
{
size, err := m.Env0.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xaa
}
if m.AzureDevops != nil {
{
size, err := m.AzureDevops.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xa2
}
if m.BoundKeypair != nil {
{
size, err := m.BoundKeypair.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x9a
}
if m.Oracle != nil {
{
size, err := m.Oracle.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x92
}
if m.Bitbucket != nil {
{
size, err := m.Bitbucket.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x8a
}
if m.TerraformCloud != nil {
{
size, err := m.TerraformCloud.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x82
}
if m.TPM != nil {
{
size, err := m.TPM.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x7a
}
if m.Spacelift != nil {
{
size, err := m.Spacelift.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x72
}
if m.GCP != nil {
{
size, err := m.GCP.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x6a
}
if m.GitLab != nil {
{
size, err := m.GitLab.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x62
}
if m.Azure != nil {
{
size, err := m.Azure.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x5a
}
if m.Kubernetes != nil {
{
size, err := m.Kubernetes.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x52
}
{
size := m.SuggestedAgentMatcherLabels.Size()
i -= size
if _, err := m.SuggestedAgentMatcherLabels.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
if m.CircleCI != nil {
{
size, err := m.CircleCI.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x42
}
if m.GitHub != nil {
{
size, err := m.GitHub.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x3a
}
{
size := m.SuggestedLabels.Size()
i -= size
if _, err := m.SuggestedLabels.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
if len(m.BotName) > 0 {
i -= len(m.BotName)
copy(dAtA[i:], m.BotName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.BotName)))
i--
dAtA[i] = 0x2a
}
if len(m.JoinMethod) > 0 {
i -= len(m.JoinMethod)
copy(dAtA[i:], m.JoinMethod)
i = encodeVarintTypes(dAtA, i, uint64(len(m.JoinMethod)))
i--
dAtA[i] = 0x22
}
if m.AWSIIDTTL != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.AWSIIDTTL))
i--
dAtA[i] = 0x18
}
if len(m.Allow) > 0 {
for iNdEx := len(m.Allow) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Allow[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
}
if len(m.Roles) > 0 {
for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Roles[iNdEx])
copy(dAtA[i:], m.Roles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Roles[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2AzureDevops) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2AzureDevops) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2AzureDevops) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.OrganizationID) > 0 {
i -= len(m.OrganizationID)
copy(dAtA[i:], m.OrganizationID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.OrganizationID)))
i--
dAtA[i] = 0x12
}
if len(m.Allow) > 0 {
for iNdEx := len(m.Allow) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Allow[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2AzureDevops_Rule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2AzureDevops_Rule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2AzureDevops_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.RepositoryRef) > 0 {
i -= len(m.RepositoryRef)
copy(dAtA[i:], m.RepositoryRef)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RepositoryRef)))
i--
dAtA[i] = 0x42
}
if len(m.RepositoryVersion) > 0 {
i -= len(m.RepositoryVersion)
copy(dAtA[i:], m.RepositoryVersion)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RepositoryVersion)))
i--
dAtA[i] = 0x3a
}
if len(m.RepositoryURI) > 0 {
i -= len(m.RepositoryURI)
copy(dAtA[i:], m.RepositoryURI)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RepositoryURI)))
i--
dAtA[i] = 0x32
}
if len(m.DefinitionID) > 0 {
i -= len(m.DefinitionID)
copy(dAtA[i:], m.DefinitionID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DefinitionID)))
i--
dAtA[i] = 0x2a
}
if len(m.ProjectID) > 0 {
i -= len(m.ProjectID)
copy(dAtA[i:], m.ProjectID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProjectID)))
i--
dAtA[i] = 0x22
}
if len(m.PipelineName) > 0 {
i -= len(m.PipelineName)
copy(dAtA[i:], m.PipelineName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PipelineName)))
i--
dAtA[i] = 0x1a
}
if len(m.ProjectName) > 0 {
i -= len(m.ProjectName)
copy(dAtA[i:], m.ProjectName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProjectName)))
i--
dAtA[i] = 0x12
}
if len(m.Sub) > 0 {
i -= len(m.Sub)
copy(dAtA[i:], m.Sub)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Sub)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2TPM) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2TPM) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2TPM) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.EKCertAllowedCAs) > 0 {
for iNdEx := len(m.EKCertAllowedCAs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.EKCertAllowedCAs[iNdEx])
copy(dAtA[i:], m.EKCertAllowedCAs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.EKCertAllowedCAs[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Allow) > 0 {
for iNdEx := len(m.Allow) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Allow[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2TPM_Rule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2TPM_Rule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2TPM_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.EKCertificateSerial) > 0 {
i -= len(m.EKCertificateSerial)
copy(dAtA[i:], m.EKCertificateSerial)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EKCertificateSerial)))
i--
dAtA[i] = 0x2a
}
if len(m.EKPublicHash) > 0 {
i -= len(m.EKPublicHash)
copy(dAtA[i:], m.EKPublicHash)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EKPublicHash)))
i--
dAtA[i] = 0x22
}
if len(m.Description) > 0 {
i -= len(m.Description)
copy(dAtA[i:], m.Description)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Description)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2GitHub) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2GitHub) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2GitHub) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.StaticJWKS) > 0 {
i -= len(m.StaticJWKS)
copy(dAtA[i:], m.StaticJWKS)
i = encodeVarintTypes(dAtA, i, uint64(len(m.StaticJWKS)))
i--
dAtA[i] = 0x22
}
if len(m.EnterpriseSlug) > 0 {
i -= len(m.EnterpriseSlug)
copy(dAtA[i:], m.EnterpriseSlug)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EnterpriseSlug)))
i--
dAtA[i] = 0x1a
}
if len(m.EnterpriseServerHost) > 0 {
i -= len(m.EnterpriseServerHost)
copy(dAtA[i:], m.EnterpriseServerHost)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EnterpriseServerHost)))
i--
dAtA[i] = 0x12
}
if len(m.Allow) > 0 {
for iNdEx := len(m.Allow) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Allow[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2GitHub_Rule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2GitHub_Rule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2GitHub_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.RefType) > 0 {
i -= len(m.RefType)
copy(dAtA[i:], m.RefType)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RefType)))
i--
dAtA[i] = 0x42
}
if len(m.Ref) > 0 {
i -= len(m.Ref)
copy(dAtA[i:], m.Ref)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Ref)))
i--
dAtA[i] = 0x3a
}
if len(m.Actor) > 0 {
i -= len(m.Actor)
copy(dAtA[i:], m.Actor)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Actor)))
i--
dAtA[i] = 0x32
}
if len(m.Environment) > 0 {
i -= len(m.Environment)
copy(dAtA[i:], m.Environment)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Environment)))
i--
dAtA[i] = 0x2a
}
if len(m.Workflow) > 0 {
i -= len(m.Workflow)
copy(dAtA[i:], m.Workflow)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Workflow)))
i--
dAtA[i] = 0x22
}
if len(m.RepositoryOwner) > 0 {
i -= len(m.RepositoryOwner)
copy(dAtA[i:], m.RepositoryOwner)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RepositoryOwner)))
i--
dAtA[i] = 0x1a
}
if len(m.Repository) > 0 {
i -= len(m.Repository)
copy(dAtA[i:], m.Repository)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Repository)))
i--
dAtA[i] = 0x12
}
if len(m.Sub) > 0 {
i -= len(m.Sub)
copy(dAtA[i:], m.Sub)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Sub)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2GitLab) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2GitLab) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2GitLab) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.StaticJWKS) > 0 {
i -= len(m.StaticJWKS)
copy(dAtA[i:], m.StaticJWKS)
i = encodeVarintTypes(dAtA, i, uint64(len(m.StaticJWKS)))
i--
dAtA[i] = 0x1a
}
if len(m.Domain) > 0 {
i -= len(m.Domain)
copy(dAtA[i:], m.Domain)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Domain)))
i--
dAtA[i] = 0x12
}
if len(m.Allow) > 0 {
for iNdEx := len(m.Allow) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Allow[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2GitLab_Rule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2GitLab_Rule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2GitLab_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ProjectVisibility) > 0 {
i -= len(m.ProjectVisibility)
copy(dAtA[i:], m.ProjectVisibility)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProjectVisibility)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x82
}
if len(m.DeploymentTier) > 0 {
i -= len(m.DeploymentTier)
copy(dAtA[i:], m.DeploymentTier)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DeploymentTier)))
i--
dAtA[i] = 0x7a
}
if len(m.CIConfigRefURI) > 0 {
i -= len(m.CIConfigRefURI)
copy(dAtA[i:], m.CIConfigRefURI)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CIConfigRefURI)))
i--
dAtA[i] = 0x72
}
if len(m.CIConfigSHA) > 0 {
i -= len(m.CIConfigSHA)
copy(dAtA[i:], m.CIConfigSHA)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CIConfigSHA)))
i--
dAtA[i] = 0x6a
}
if m.EnvironmentProtected != nil {
{
size := m.EnvironmentProtected.Size()
i -= size
if _, err := m.EnvironmentProtected.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x62
}
if m.RefProtected != nil {
{
size := m.RefProtected.Size()
i -= size
if _, err := m.RefProtected.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x5a
}
if len(m.UserEmail) > 0 {
i -= len(m.UserEmail)
copy(dAtA[i:], m.UserEmail)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserEmail)))
i--
dAtA[i] = 0x52
}
if len(m.UserID) > 0 {
i -= len(m.UserID)
copy(dAtA[i:], m.UserID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserID)))
i--
dAtA[i] = 0x4a
}
if len(m.UserLogin) > 0 {
i -= len(m.UserLogin)
copy(dAtA[i:], m.UserLogin)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserLogin)))
i--
dAtA[i] = 0x42
}
if len(m.Environment) > 0 {
i -= len(m.Environment)
copy(dAtA[i:], m.Environment)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Environment)))
i--
dAtA[i] = 0x3a
}
if len(m.PipelineSource) > 0 {
i -= len(m.PipelineSource)
copy(dAtA[i:], m.PipelineSource)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PipelineSource)))
i--
dAtA[i] = 0x32
}
if len(m.ProjectPath) > 0 {
i -= len(m.ProjectPath)
copy(dAtA[i:], m.ProjectPath)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProjectPath)))
i--
dAtA[i] = 0x2a
}
if len(m.NamespacePath) > 0 {
i -= len(m.NamespacePath)
copy(dAtA[i:], m.NamespacePath)
i = encodeVarintTypes(dAtA, i, uint64(len(m.NamespacePath)))
i--
dAtA[i] = 0x22
}
if len(m.RefType) > 0 {
i -= len(m.RefType)
copy(dAtA[i:], m.RefType)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RefType)))
i--
dAtA[i] = 0x1a
}
if len(m.Ref) > 0 {
i -= len(m.Ref)
copy(dAtA[i:], m.Ref)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Ref)))
i--
dAtA[i] = 0x12
}
if len(m.Sub) > 0 {
i -= len(m.Sub)
copy(dAtA[i:], m.Sub)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Sub)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2CircleCI) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2CircleCI) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2CircleCI) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.OrganizationID) > 0 {
i -= len(m.OrganizationID)
copy(dAtA[i:], m.OrganizationID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.OrganizationID)))
i--
dAtA[i] = 0x12
}
if len(m.Allow) > 0 {
for iNdEx := len(m.Allow) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Allow[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2CircleCI_Rule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2CircleCI_Rule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2CircleCI_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ContextID) > 0 {
i -= len(m.ContextID)
copy(dAtA[i:], m.ContextID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ContextID)))
i--
dAtA[i] = 0x12
}
if len(m.ProjectID) > 0 {
i -= len(m.ProjectID)
copy(dAtA[i:], m.ProjectID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProjectID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2Spacelift) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2Spacelift) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2Spacelift) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.EnableGlobMatching {
i--
if m.EnableGlobMatching {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x18
}
if len(m.Hostname) > 0 {
i -= len(m.Hostname)
copy(dAtA[i:], m.Hostname)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Hostname)))
i--
dAtA[i] = 0x12
}
if len(m.Allow) > 0 {
for iNdEx := len(m.Allow) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Allow[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2Spacelift_Rule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2Spacelift_Rule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2Spacelift_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Scope) > 0 {
i -= len(m.Scope)
copy(dAtA[i:], m.Scope)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Scope)))
i--
dAtA[i] = 0x22
}
if len(m.CallerType) > 0 {
i -= len(m.CallerType)
copy(dAtA[i:], m.CallerType)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CallerType)))
i--
dAtA[i] = 0x1a
}
if len(m.CallerID) > 0 {
i -= len(m.CallerID)
copy(dAtA[i:], m.CallerID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CallerID)))
i--
dAtA[i] = 0x12
}
if len(m.SpaceID) > 0 {
i -= len(m.SpaceID)
copy(dAtA[i:], m.SpaceID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SpaceID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2Kubernetes) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2Kubernetes) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2Kubernetes) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.OIDC != nil {
{
size, err := m.OIDC.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
if m.StaticJWKS != nil {
{
size, err := m.StaticJWKS.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
if len(m.Type) > 0 {
i -= len(m.Type)
copy(dAtA[i:], m.Type)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
i--
dAtA[i] = 0x12
}
if len(m.Allow) > 0 {
for iNdEx := len(m.Allow) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Allow[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.JWKS) > 0 {
i -= len(m.JWKS)
copy(dAtA[i:], m.JWKS)
i = encodeVarintTypes(dAtA, i, uint64(len(m.JWKS)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2Kubernetes_OIDCConfig) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2Kubernetes_OIDCConfig) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2Kubernetes_OIDCConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.InsecureAllowHTTPIssuer {
i--
if m.InsecureAllowHTTPIssuer {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x10
}
if len(m.Issuer) > 0 {
i -= len(m.Issuer)
copy(dAtA[i:], m.Issuer)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Issuer)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2Kubernetes_Rule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2Kubernetes_Rule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2Kubernetes_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ServiceAccount) > 0 {
i -= len(m.ServiceAccount)
copy(dAtA[i:], m.ServiceAccount)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ServiceAccount)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2Azure) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2Azure) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2Azure) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Allow) > 0 {
for iNdEx := len(m.Allow) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Allow[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2Azure_Rule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2Azure_Rule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2Azure_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ResourceGroups) > 0 {
for iNdEx := len(m.ResourceGroups) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ResourceGroups[iNdEx])
copy(dAtA[i:], m.ResourceGroups[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ResourceGroups[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Subscription) > 0 {
i -= len(m.Subscription)
copy(dAtA[i:], m.Subscription)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Subscription)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2GCP) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2GCP) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2GCP) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Allow) > 0 {
for iNdEx := len(m.Allow) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Allow[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2GCP_Rule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2GCP_Rule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2GCP_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ServiceAccounts) > 0 {
for iNdEx := len(m.ServiceAccounts) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ServiceAccounts[iNdEx])
copy(dAtA[i:], m.ServiceAccounts[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ServiceAccounts[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.Locations) > 0 {
for iNdEx := len(m.Locations) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Locations[iNdEx])
copy(dAtA[i:], m.Locations[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Locations[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.ProjectIDs) > 0 {
for iNdEx := len(m.ProjectIDs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ProjectIDs[iNdEx])
copy(dAtA[i:], m.ProjectIDs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProjectIDs[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2TerraformCloud) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2TerraformCloud) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2TerraformCloud) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Hostname) > 0 {
i -= len(m.Hostname)
copy(dAtA[i:], m.Hostname)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Hostname)))
i--
dAtA[i] = 0x1a
}
if len(m.Audience) > 0 {
i -= len(m.Audience)
copy(dAtA[i:], m.Audience)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Audience)))
i--
dAtA[i] = 0x12
}
if len(m.Allow) > 0 {
for iNdEx := len(m.Allow) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Allow[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2TerraformCloud_Rule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2TerraformCloud_Rule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2TerraformCloud_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.RunPhase) > 0 {
i -= len(m.RunPhase)
copy(dAtA[i:], m.RunPhase)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RunPhase)))
i--
dAtA[i] = 0x3a
}
if len(m.WorkspaceName) > 0 {
i -= len(m.WorkspaceName)
copy(dAtA[i:], m.WorkspaceName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.WorkspaceName)))
i--
dAtA[i] = 0x32
}
if len(m.WorkspaceID) > 0 {
i -= len(m.WorkspaceID)
copy(dAtA[i:], m.WorkspaceID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.WorkspaceID)))
i--
dAtA[i] = 0x2a
}
if len(m.ProjectName) > 0 {
i -= len(m.ProjectName)
copy(dAtA[i:], m.ProjectName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProjectName)))
i--
dAtA[i] = 0x22
}
if len(m.ProjectID) > 0 {
i -= len(m.ProjectID)
copy(dAtA[i:], m.ProjectID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProjectID)))
i--
dAtA[i] = 0x1a
}
if len(m.OrganizationName) > 0 {
i -= len(m.OrganizationName)
copy(dAtA[i:], m.OrganizationName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.OrganizationName)))
i--
dAtA[i] = 0x12
}
if len(m.OrganizationID) > 0 {
i -= len(m.OrganizationID)
copy(dAtA[i:], m.OrganizationID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.OrganizationID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2Bitbucket) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2Bitbucket) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2Bitbucket) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.IdentityProviderURL) > 0 {
i -= len(m.IdentityProviderURL)
copy(dAtA[i:], m.IdentityProviderURL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.IdentityProviderURL)))
i--
dAtA[i] = 0x1a
}
if len(m.Audience) > 0 {
i -= len(m.Audience)
copy(dAtA[i:], m.Audience)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Audience)))
i--
dAtA[i] = 0x12
}
if len(m.Allow) > 0 {
for iNdEx := len(m.Allow) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Allow[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2Bitbucket_Rule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2Bitbucket_Rule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2Bitbucket_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.BranchName) > 0 {
i -= len(m.BranchName)
copy(dAtA[i:], m.BranchName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.BranchName)))
i--
dAtA[i] = 0x22
}
if len(m.DeploymentEnvironmentUUID) > 0 {
i -= len(m.DeploymentEnvironmentUUID)
copy(dAtA[i:], m.DeploymentEnvironmentUUID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DeploymentEnvironmentUUID)))
i--
dAtA[i] = 0x1a
}
if len(m.RepositoryUUID) > 0 {
i -= len(m.RepositoryUUID)
copy(dAtA[i:], m.RepositoryUUID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RepositoryUUID)))
i--
dAtA[i] = 0x12
}
if len(m.WorkspaceUUID) > 0 {
i -= len(m.WorkspaceUUID)
copy(dAtA[i:], m.WorkspaceUUID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.WorkspaceUUID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2Oracle) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2Oracle) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2Oracle) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Allow) > 0 {
for iNdEx := len(m.Allow) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Allow[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2Oracle_Rule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2Oracle_Rule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2Oracle_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Instances) > 0 {
for iNdEx := len(m.Instances) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Instances[iNdEx])
copy(dAtA[i:], m.Instances[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Instances[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if len(m.Regions) > 0 {
for iNdEx := len(m.Regions) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Regions[iNdEx])
copy(dAtA[i:], m.Regions[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Regions[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.ParentCompartments) > 0 {
for iNdEx := len(m.ParentCompartments) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ParentCompartments[iNdEx])
copy(dAtA[i:], m.ParentCompartments[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ParentCompartments[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Tenancy) > 0 {
i -= len(m.Tenancy)
copy(dAtA[i:], m.Tenancy)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Tenancy)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2Env0) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2Env0) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2Env0) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Allow) > 0 {
for iNdEx := len(m.Allow) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Allow[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2Env0_Rule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2Env0_Rule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2Env0_Rule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Env0Tag) > 0 {
i -= len(m.Env0Tag)
copy(dAtA[i:], m.Env0Tag)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Env0Tag)))
i--
dAtA[i] = 0x5a
}
if len(m.DeployerEmail) > 0 {
i -= len(m.DeployerEmail)
copy(dAtA[i:], m.DeployerEmail)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DeployerEmail)))
i--
dAtA[i] = 0x52
}
if len(m.DeploymentType) > 0 {
i -= len(m.DeploymentType)
copy(dAtA[i:], m.DeploymentType)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DeploymentType)))
i--
dAtA[i] = 0x4a
}
if len(m.WorkspaceName) > 0 {
i -= len(m.WorkspaceName)
copy(dAtA[i:], m.WorkspaceName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.WorkspaceName)))
i--
dAtA[i] = 0x42
}
if len(m.EnvironmentName) > 0 {
i -= len(m.EnvironmentName)
copy(dAtA[i:], m.EnvironmentName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EnvironmentName)))
i--
dAtA[i] = 0x3a
}
if len(m.EnvironmentID) > 0 {
i -= len(m.EnvironmentID)
copy(dAtA[i:], m.EnvironmentID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EnvironmentID)))
i--
dAtA[i] = 0x32
}
if len(m.TemplateName) > 0 {
i -= len(m.TemplateName)
copy(dAtA[i:], m.TemplateName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TemplateName)))
i--
dAtA[i] = 0x2a
}
if len(m.TemplateID) > 0 {
i -= len(m.TemplateID)
copy(dAtA[i:], m.TemplateID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TemplateID)))
i--
dAtA[i] = 0x22
}
if len(m.ProjectName) > 0 {
i -= len(m.ProjectName)
copy(dAtA[i:], m.ProjectName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProjectName)))
i--
dAtA[i] = 0x1a
}
if len(m.ProjectID) > 0 {
i -= len(m.ProjectID)
copy(dAtA[i:], m.ProjectID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProjectID)))
i--
dAtA[i] = 0x12
}
if len(m.OrganizationID) > 0 {
i -= len(m.OrganizationID)
copy(dAtA[i:], m.OrganizationID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.OrganizationID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2BoundKeypair) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2BoundKeypair) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2BoundKeypair) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.RotateAfter != nil {
n103, err103 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.RotateAfter, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.RotateAfter):])
if err103 != nil {
return 0, err103
}
i -= n103
i = encodeVarintTypes(dAtA, i, uint64(n103))
i--
dAtA[i] = 0x1a
}
if m.Recovery != nil {
{
size, err := m.Recovery.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
if m.Onboarding != nil {
{
size, err := m.Onboarding.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.MustRegisterBefore != nil {
n106, err106 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.MustRegisterBefore, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.MustRegisterBefore):])
if err106 != nil {
return 0, err106
}
i -= n106
i = encodeVarintTypes(dAtA, i, uint64(n106))
i--
dAtA[i] = 0x1a
}
if len(m.RegistrationSecret) > 0 {
i -= len(m.RegistrationSecret)
copy(dAtA[i:], m.RegistrationSecret)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RegistrationSecret)))
i--
dAtA[i] = 0x12
}
if len(m.InitialPublicKey) > 0 {
i -= len(m.InitialPublicKey)
copy(dAtA[i:], m.InitialPublicKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.InitialPublicKey)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Mode) > 0 {
i -= len(m.Mode)
copy(dAtA[i:], m.Mode)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Mode)))
i--
dAtA[i] = 0x12
}
if m.Limit != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Limit))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenStatusV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenStatusV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenStatusV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.BoundKeypair != nil {
{
size, err := m.BoundKeypair.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ProvisionTokenStatusV2BoundKeypair) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProvisionTokenStatusV2BoundKeypair) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProvisionTokenStatusV2BoundKeypair) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.LastRotatedAt != nil {
n108, err108 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.LastRotatedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.LastRotatedAt):])
if err108 != nil {
return 0, err108
}
i -= n108
i = encodeVarintTypes(dAtA, i, uint64(n108))
i--
dAtA[i] = 0x32
}
if m.LastRecoveredAt != nil {
n109, err109 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.LastRecoveredAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.LastRecoveredAt):])
if err109 != nil {
return 0, err109
}
i -= n109
i = encodeVarintTypes(dAtA, i, uint64(n109))
i--
dAtA[i] = 0x2a
}
if m.RecoveryCount != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.RecoveryCount))
i--
dAtA[i] = 0x20
}
if len(m.BoundBotInstanceID) > 0 {
i -= len(m.BoundBotInstanceID)
copy(dAtA[i:], m.BoundBotInstanceID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.BoundBotInstanceID)))
i--
dAtA[i] = 0x1a
}
if len(m.BoundPublicKey) > 0 {
i -= len(m.BoundPublicKey)
copy(dAtA[i:], m.BoundPublicKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.BoundPublicKey)))
i--
dAtA[i] = 0x12
}
if len(m.RegistrationSecret) > 0 {
i -= len(m.RegistrationSecret)
copy(dAtA[i:], m.RegistrationSecret)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RegistrationSecret)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *StaticTokensV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *StaticTokensV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *StaticTokensV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *StaticTokensSpecV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *StaticTokensSpecV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *StaticTokensSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.StaticTokens) > 0 {
for iNdEx := len(m.StaticTokens) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.StaticTokens[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ClusterNameV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ClusterNameV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ClusterNameV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ClusterNameSpecV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ClusterNameSpecV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ClusterNameSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ClusterID) > 0 {
i -= len(m.ClusterID)
copy(dAtA[i:], m.ClusterID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClusterID)))
i--
dAtA[i] = 0x12
}
if len(m.ClusterName) > 0 {
i -= len(m.ClusterName)
copy(dAtA[i:], m.ClusterName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClusterName)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ClusterAuditConfigV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ClusterAuditConfigV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ClusterAuditConfigV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ClusterAuditConfigSpecV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ClusterAuditConfigSpecV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ClusterAuditConfigSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.UseFIPSEndpoint != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.UseFIPSEndpoint))
i--
dAtA[i] = 0x78
}
if m.RetentionPeriod != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.RetentionPeriod))
i--
dAtA[i] = 0x70
}
if m.WriteTargetValue != 0 {
i -= 8
encoding_binary.LittleEndian.PutUint64(dAtA[i:], uint64(math.Float64bits(float64(m.WriteTargetValue))))
i--
dAtA[i] = 0x69
}
if m.WriteMinCapacity != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.WriteMinCapacity))
i--
dAtA[i] = 0x60
}
if m.WriteMaxCapacity != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.WriteMaxCapacity))
i--
dAtA[i] = 0x58
}
if m.ReadTargetValue != 0 {
i -= 8
encoding_binary.LittleEndian.PutUint64(dAtA[i:], uint64(math.Float64bits(float64(m.ReadTargetValue))))
i--
dAtA[i] = 0x51
}
if m.ReadMinCapacity != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ReadMinCapacity))
i--
dAtA[i] = 0x48
}
if m.ReadMaxCapacity != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ReadMaxCapacity))
i--
dAtA[i] = 0x40
}
if m.EnableAutoScaling {
i--
if m.EnableAutoScaling {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x38
}
if m.EnableContinuousBackups {
i--
if m.EnableContinuousBackups {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x30
}
{
size := m.AuditEventsURI.Size()
i -= size
if _, err := m.AuditEventsURI.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.AuditSessionsURI) > 0 {
i -= len(m.AuditSessionsURI)
copy(dAtA[i:], m.AuditSessionsURI)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AuditSessionsURI)))
i--
dAtA[i] = 0x1a
}
if len(m.Region) > 0 {
i -= len(m.Region)
copy(dAtA[i:], m.Region)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Region)))
i--
dAtA[i] = 0x12
}
if len(m.Type) > 0 {
i -= len(m.Type)
copy(dAtA[i:], m.Type)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ClusterNetworkingConfigV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ClusterNetworkingConfigV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ClusterNetworkingConfigV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ClusterNetworkingConfigSpecV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ClusterNetworkingConfigSpecV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ClusterNetworkingConfigSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.SSHDialTimeout != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.SSHDialTimeout))
i--
dAtA[i] = 0x68
}
if m.CaseInsensitiveRouting {
i--
if m.CaseInsensitiveRouting {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x60
}
if m.AssistCommandExecutionWorkers != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.AssistCommandExecutionWorkers))
i--
dAtA[i] = 0x58
}
if m.ProxyPingInterval != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ProxyPingInterval))
i--
dAtA[i] = 0x50
}
if m.TunnelStrategy != nil {
{
size, err := m.TunnelStrategy.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
}
if m.RoutingStrategy != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.RoutingStrategy))
i--
dAtA[i] = 0x40
}
if m.ProxyListenerMode != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ProxyListenerMode))
i--
dAtA[i] = 0x38
}
if m.WebIdleTimeout != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.WebIdleTimeout))
i--
dAtA[i] = 0x30
}
if len(m.ClientIdleTimeoutMessage) > 0 {
i -= len(m.ClientIdleTimeoutMessage)
copy(dAtA[i:], m.ClientIdleTimeoutMessage)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientIdleTimeoutMessage)))
i--
dAtA[i] = 0x2a
}
if m.SessionControlTimeout != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.SessionControlTimeout))
i--
dAtA[i] = 0x20
}
if m.KeepAliveCountMax != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.KeepAliveCountMax))
i--
dAtA[i] = 0x18
}
if m.KeepAliveInterval != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.KeepAliveInterval))
i--
dAtA[i] = 0x10
}
if m.ClientIdleTimeout != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ClientIdleTimeout))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *TunnelStrategyV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *TunnelStrategyV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TunnelStrategyV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Strategy != nil {
{
size := m.Strategy.Size()
i -= size
if _, err := m.Strategy.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
}
}
return len(dAtA) - i, nil
}
func (m *TunnelStrategyV1_AgentMesh) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TunnelStrategyV1_AgentMesh) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.AgentMesh != nil {
{
size, err := m.AgentMesh.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *TunnelStrategyV1_ProxyPeering) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TunnelStrategyV1_ProxyPeering) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.ProxyPeering != nil {
{
size, err := m.ProxyPeering.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
return len(dAtA) - i, nil
}
func (m *AgentMeshTunnelStrategy) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AgentMeshTunnelStrategy) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AgentMeshTunnelStrategy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
return len(dAtA) - i, nil
}
func (m *ProxyPeeringTunnelStrategy) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ProxyPeeringTunnelStrategy) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ProxyPeeringTunnelStrategy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.AgentConnectionCount != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.AgentConnectionCount))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *SessionRecordingConfigV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SessionRecordingConfigV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SessionRecordingConfigV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Status != nil {
{
size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *KeyLabel) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KeyLabel) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KeyLabel) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Label) > 0 {
i -= len(m.Label)
copy(dAtA[i:], m.Label)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Label)))
i--
dAtA[i] = 0x12
}
if len(m.Type) > 0 {
i -= len(m.Type)
copy(dAtA[i:], m.Type)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ManualKeyManagementConfig) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ManualKeyManagementConfig) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ManualKeyManagementConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.RotatedKeys) > 0 {
for iNdEx := len(m.RotatedKeys) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.RotatedKeys[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
}
if len(m.ActiveKeys) > 0 {
for iNdEx := len(m.ActiveKeys) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.ActiveKeys[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
}
if m.Enabled {
i--
if m.Enabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *SessionRecordingEncryptionConfig) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SessionRecordingEncryptionConfig) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SessionRecordingEncryptionConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.ManualKeyManagement != nil {
{
size, err := m.ManualKeyManagement.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
if m.Enabled {
i--
if m.Enabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *SessionRecordingConfigSpecV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SessionRecordingConfigSpecV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SessionRecordingConfigSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Encryption != nil {
{
size, err := m.Encryption.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
if m.ProxyChecksHostKeys != nil {
{
size := m.ProxyChecksHostKeys.Size()
i -= size
if _, err := m.ProxyChecksHostKeys.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
if len(m.Mode) > 0 {
i -= len(m.Mode)
copy(dAtA[i:], m.Mode)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Mode)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SessionRecordingConfigStatus) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SessionRecordingConfigStatus) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SessionRecordingConfigStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.EncryptionKeys) > 0 {
for iNdEx := len(m.EncryptionKeys) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.EncryptionKeys[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *AuthPreferenceV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AuthPreferenceV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AuthPreferenceV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AuthPreferenceSpecV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AuthPreferenceSpecV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AuthPreferenceSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.StableUnixUserConfig != nil {
{
size, err := m.StableUnixUserConfig.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xb2
}
if len(m.SecondFactors) > 0 {
dAtA132 := make([]byte, len(m.SecondFactors)*10)
var j131 int
for _, num := range m.SecondFactors {
for num >= 1<<7 {
dAtA132[j131] = uint8(uint64(num)&0x7f | 0x80)
num >>= 7
j131++
}
dAtA132[j131] = uint8(num)
j131++
}
i -= j131
copy(dAtA[i:], dAtA132[:j131])
i = encodeVarintTypes(dAtA, i, uint64(j131))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xaa
}
if m.SignatureAlgorithmSuite != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.SignatureAlgorithmSuite))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xa0
}
if m.HardwareKey != nil {
{
size, err := m.HardwareKey.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x9a
}
if m.Okta != nil {
{
size, err := m.Okta.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x8a
}
if m.DefaultSessionTTL != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.DefaultSessionTTL))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x80
}
if m.AllowHeadless != nil {
{
size := m.AllowHeadless.Size()
i -= size
if _, err := m.AllowHeadless.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x7a
}
if m.IDP != nil {
{
size, err := m.IDP.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x72
}
if m.DeviceTrust != nil {
{
size, err := m.DeviceTrust.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x6a
}
if m.RequireMFAType != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.RequireMFAType))
i--
dAtA[i] = 0x60
}
if m.AllowPasswordless != nil {
{
size := m.AllowPasswordless.Size()
i -= size
if _, err := m.AllowPasswordless.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x5a
}
if m.Webauthn != nil {
{
size, err := m.Webauthn.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x52
}
if len(m.LockingMode) > 0 {
i -= len(m.LockingMode)
copy(dAtA[i:], m.LockingMode)
i = encodeVarintTypes(dAtA, i, uint64(len(m.LockingMode)))
i--
dAtA[i] = 0x4a
}
if len(m.MessageOfTheDay) > 0 {
i -= len(m.MessageOfTheDay)
copy(dAtA[i:], m.MessageOfTheDay)
i = encodeVarintTypes(dAtA, i, uint64(len(m.MessageOfTheDay)))
i--
dAtA[i] = 0x42
}
if m.AllowLocalAuth != nil {
{
size := m.AllowLocalAuth.Size()
i -= size
if _, err := m.AllowLocalAuth.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x3a
}
if m.DisconnectExpiredCert != nil {
{
size := m.DisconnectExpiredCert.Size()
i -= size
if _, err := m.DisconnectExpiredCert.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
if m.U2F != nil {
{
size, err := m.U2F.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
if len(m.ConnectorName) > 0 {
i -= len(m.ConnectorName)
copy(dAtA[i:], m.ConnectorName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ConnectorName)))
i--
dAtA[i] = 0x1a
}
if len(m.SecondFactor) > 0 {
i -= len(m.SecondFactor)
copy(dAtA[i:], m.SecondFactor)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SecondFactor)))
i--
dAtA[i] = 0x12
}
if len(m.Type) > 0 {
i -= len(m.Type)
copy(dAtA[i:], m.Type)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *StableUNIXUserConfig) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *StableUNIXUserConfig) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *StableUNIXUserConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.LastUid != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.LastUid))
i--
dAtA[i] = 0x18
}
if m.FirstUid != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.FirstUid))
i--
dAtA[i] = 0x10
}
if m.Enabled {
i--
if m.Enabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *U2F) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *U2F) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *U2F) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.DeviceAttestationCAs) > 0 {
for iNdEx := len(m.DeviceAttestationCAs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.DeviceAttestationCAs[iNdEx])
copy(dAtA[i:], m.DeviceAttestationCAs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.DeviceAttestationCAs[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.Facets) > 0 {
for iNdEx := len(m.Facets) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Facets[iNdEx])
copy(dAtA[i:], m.Facets[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Facets[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.AppID) > 0 {
i -= len(m.AppID)
copy(dAtA[i:], m.AppID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AppID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *Webauthn) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Webauthn) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Webauthn) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.AttestationDeniedCAs) > 0 {
for iNdEx := len(m.AttestationDeniedCAs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.AttestationDeniedCAs[iNdEx])
copy(dAtA[i:], m.AttestationDeniedCAs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.AttestationDeniedCAs[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.AttestationAllowedCAs) > 0 {
for iNdEx := len(m.AttestationAllowedCAs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.AttestationAllowedCAs[iNdEx])
copy(dAtA[i:], m.AttestationAllowedCAs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.AttestationAllowedCAs[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.RPID) > 0 {
i -= len(m.RPID)
copy(dAtA[i:], m.RPID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RPID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *DeviceTrust) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DeviceTrust) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DeviceTrust) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.EKCertAllowedCAs) > 0 {
for iNdEx := len(m.EKCertAllowedCAs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.EKCertAllowedCAs[iNdEx])
copy(dAtA[i:], m.EKCertAllowedCAs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.EKCertAllowedCAs[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if m.AutoEnroll {
i--
if m.AutoEnroll {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x10
}
if len(m.Mode) > 0 {
i -= len(m.Mode)
copy(dAtA[i:], m.Mode)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Mode)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *HardwareKey) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *HardwareKey) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *HardwareKey) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.PinCacheTTL != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.PinCacheTTL))
i--
dAtA[i] = 0x18
}
if m.SerialNumberValidation != nil {
{
size, err := m.SerialNumberValidation.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
if len(m.PIVSlot) > 0 {
i -= len(m.PIVSlot)
copy(dAtA[i:], m.PIVSlot)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PIVSlot)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *HardwareKeySerialNumberValidation) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *HardwareKeySerialNumberValidation) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *HardwareKeySerialNumberValidation) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.SerialNumberTraitName) > 0 {
i -= len(m.SerialNumberTraitName)
copy(dAtA[i:], m.SerialNumberTraitName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SerialNumberTraitName)))
i--
dAtA[i] = 0x12
}
if m.Enabled {
i--
if m.Enabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *Namespace) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Namespace) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Namespace) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *NamespaceSpec) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *NamespaceSpec) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *NamespaceSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
return len(dAtA) - i, nil
}
func (m *UserTokenV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *UserTokenV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *UserTokenV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *UserTokenSpecV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *UserTokenSpecV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *UserTokenSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
n148, err148 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):])
if err148 != nil {
return 0, err148
}
i -= n148
i = encodeVarintTypes(dAtA, i, uint64(n148))
i--
dAtA[i] = 0x22
if m.Usage != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Usage))
i--
dAtA[i] = 0x18
}
if len(m.URL) > 0 {
i -= len(m.URL)
copy(dAtA[i:], m.URL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.URL)))
i--
dAtA[i] = 0x12
}
if len(m.User) > 0 {
i -= len(m.User)
copy(dAtA[i:], m.User)
i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *UserTokenSecretsV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *UserTokenSecretsV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *UserTokenSecretsV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *UserTokenSecretsSpecV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *UserTokenSecretsSpecV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *UserTokenSecretsSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
n151, err151 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):])
if err151 != nil {
return 0, err151
}
i -= n151
i = encodeVarintTypes(dAtA, i, uint64(n151))
i--
dAtA[i] = 0x1a
if len(m.QRCode) > 0 {
i -= len(m.QRCode)
copy(dAtA[i:], m.QRCode)
i = encodeVarintTypes(dAtA, i, uint64(len(m.QRCode)))
i--
dAtA[i] = 0x12
}
if len(m.OTPKey) > 0 {
i -= len(m.OTPKey)
copy(dAtA[i:], m.OTPKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.OTPKey)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AccessRequestV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessRequestV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessRequestV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AccessReviewThreshold) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessReviewThreshold) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessReviewThreshold) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Deny != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Deny))
i--
dAtA[i] = 0x20
}
if m.Approve != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Approve))
i--
dAtA[i] = 0x18
}
if len(m.Filter) > 0 {
i -= len(m.Filter)
copy(dAtA[i:], m.Filter)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Filter)))
i--
dAtA[i] = 0x12
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PromotedAccessList) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PromotedAccessList) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PromotedAccessList) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Title) > 0 {
i -= len(m.Title)
copy(dAtA[i:], m.Title)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Title)))
i--
dAtA[i] = 0x12
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AccessRequestDryRunEnrichment) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessRequestDryRunEnrichment) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessRequestDryRunEnrichment) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ReasonPrompts) > 0 {
for iNdEx := len(m.ReasonPrompts) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ReasonPrompts[iNdEx])
copy(dAtA[i:], m.ReasonPrompts[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ReasonPrompts[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.ReasonMode) > 0 {
i -= len(m.ReasonMode)
copy(dAtA[i:], m.ReasonMode)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ReasonMode)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AccessReview) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessReview) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessReview) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.AssumeStartTime != nil {
n154, err154 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.AssumeStartTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.AssumeStartTime):])
if err154 != nil {
return 0, err154
}
i -= n154
i = encodeVarintTypes(dAtA, i, uint64(n154))
i--
dAtA[i] = 0x52
}
if m.AccessList != nil {
{
size, err := m.AccessList.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
}
if len(m.ThresholdIndexes) > 0 {
dAtA157 := make([]byte, len(m.ThresholdIndexes)*10)
var j156 int
for _, num := range m.ThresholdIndexes {
for num >= 1<<7 {
dAtA157[j156] = uint8(uint64(num)&0x7f | 0x80)
num >>= 7
j156++
}
dAtA157[j156] = uint8(num)
j156++
}
i -= j156
copy(dAtA[i:], dAtA157[:j156])
i = encodeVarintTypes(dAtA, i, uint64(j156))
i--
dAtA[i] = 0x3a
}
{
size := m.Annotations.Size()
i -= size
if _, err := m.Annotations.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
n159, err159 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):])
if err159 != nil {
return 0, err159
}
i -= n159
i = encodeVarintTypes(dAtA, i, uint64(n159))
i--
dAtA[i] = 0x2a
if len(m.Reason) > 0 {
i -= len(m.Reason)
copy(dAtA[i:], m.Reason)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Reason)))
i--
dAtA[i] = 0x22
}
if m.ProposedState != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ProposedState))
i--
dAtA[i] = 0x18
}
if len(m.Roles) > 0 {
for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Roles[iNdEx])
copy(dAtA[i:], m.Roles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Roles[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Author) > 0 {
i -= len(m.Author)
copy(dAtA[i:], m.Author)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Author)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AccessReviewSubmission) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessReviewSubmission) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessReviewSubmission) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Review.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
if len(m.RequestID) > 0 {
i -= len(m.RequestID)
copy(dAtA[i:], m.RequestID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RequestID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ThresholdIndexSet) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ThresholdIndexSet) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ThresholdIndexSet) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Indexes) > 0 {
dAtA162 := make([]byte, len(m.Indexes)*10)
var j161 int
for _, num := range m.Indexes {
for num >= 1<<7 {
dAtA162[j161] = uint8(uint64(num)&0x7f | 0x80)
num >>= 7
j161++
}
dAtA162[j161] = uint8(num)
j161++
}
i -= j161
copy(dAtA[i:], dAtA162[:j161])
i = encodeVarintTypes(dAtA, i, uint64(j161))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ThresholdIndexSets) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ThresholdIndexSets) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ThresholdIndexSets) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Sets) > 0 {
for iNdEx := len(m.Sets) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Sets[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *AccessRequestSpecV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessRequestSpecV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessRequestSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.LongTermGrouping != nil {
{
size, err := m.LongTermGrouping.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xca
}
if m.RequestKind != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.RequestKind))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xc0
}
if m.DryRunEnrichment != nil {
{
size, err := m.DryRunEnrichment.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xba
}
if m.ResourceExpiry != nil {
n165, err165 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.ResourceExpiry, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.ResourceExpiry):])
if err165 != nil {
return 0, err165
}
i -= n165
i = encodeVarintTypes(dAtA, i, uint64(n165))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xb2
}
if m.AssumeStartTime != nil {
n166, err166 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.AssumeStartTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.AssumeStartTime):])
if err166 != nil {
return 0, err166
}
i -= n166
i = encodeVarintTypes(dAtA, i, uint64(n166))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xaa
}
if m.AccessList != nil {
{
size, err := m.AccessList.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xa2
}
n168, err168 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.SessionTTL, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.SessionTTL):])
if err168 != nil {
return 0, err168
}
i -= n168
i = encodeVarintTypes(dAtA, i, uint64(n168))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x92
n169, err169 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.MaxDuration, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.MaxDuration):])
if err169 != nil {
return 0, err169
}
i -= n169
i = encodeVarintTypes(dAtA, i, uint64(n169))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x8a
if m.DryRun {
i--
if m.DryRun {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x80
}
if len(m.LoginHint) > 0 {
i -= len(m.LoginHint)
copy(dAtA[i:], m.LoginHint)
i = encodeVarintTypes(dAtA, i, uint64(len(m.LoginHint)))
i--
dAtA[i] = 0x7a
}
if len(m.RequestedResourceIDs) > 0 {
for iNdEx := len(m.RequestedResourceIDs) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.RequestedResourceIDs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x72
}
}
if len(m.SuggestedReviewers) > 0 {
for iNdEx := len(m.SuggestedReviewers) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.SuggestedReviewers[iNdEx])
copy(dAtA[i:], m.SuggestedReviewers[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.SuggestedReviewers[iNdEx])))
i--
dAtA[i] = 0x6a
}
}
if len(m.Reviews) > 0 {
for iNdEx := len(m.Reviews) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Reviews[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x62
}
}
if len(m.RoleThresholdMapping) > 0 {
for k := range m.RoleThresholdMapping {
v := m.RoleThresholdMapping[k]
baseI := i
{
size, err := (&v).MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0x5a
}
}
if len(m.Thresholds) > 0 {
for iNdEx := len(m.Thresholds) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Thresholds[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x52
}
}
{
size := m.SystemAnnotations.Size()
i -= size
if _, err := m.SystemAnnotations.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
{
size := m.ResolveAnnotations.Size()
i -= size
if _, err := m.ResolveAnnotations.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x42
if len(m.ResolveReason) > 0 {
i -= len(m.ResolveReason)
copy(dAtA[i:], m.ResolveReason)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ResolveReason)))
i--
dAtA[i] = 0x3a
}
if len(m.RequestReason) > 0 {
i -= len(m.RequestReason)
copy(dAtA[i:], m.RequestReason)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RequestReason)))
i--
dAtA[i] = 0x32
}
n173, err173 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):])
if err173 != nil {
return 0, err173
}
i -= n173
i = encodeVarintTypes(dAtA, i, uint64(n173))
i--
dAtA[i] = 0x2a
n174, err174 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):])
if err174 != nil {
return 0, err174
}
i -= n174
i = encodeVarintTypes(dAtA, i, uint64(n174))
i--
dAtA[i] = 0x22
if m.State != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.State))
i--
dAtA[i] = 0x18
}
if len(m.Roles) > 0 {
for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Roles[iNdEx])
copy(dAtA[i:], m.Roles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Roles[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.User) > 0 {
i -= len(m.User)
copy(dAtA[i:], m.User)
i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AccessRequestFilter) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessRequestFilter) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessRequestFilter) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Requester) > 0 {
i -= len(m.Requester)
copy(dAtA[i:], m.Requester)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Requester)))
i--
dAtA[i] = 0x32
}
if m.Scope != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Scope))
i--
dAtA[i] = 0x28
}
if len(m.SearchKeywords) > 0 {
for iNdEx := len(m.SearchKeywords) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.SearchKeywords[iNdEx])
copy(dAtA[i:], m.SearchKeywords[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.SearchKeywords[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if m.State != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.State))
i--
dAtA[i] = 0x18
}
if len(m.User) > 0 {
i -= len(m.User)
copy(dAtA[i:], m.User)
i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
i--
dAtA[i] = 0x12
}
if len(m.ID) > 0 {
i -= len(m.ID)
copy(dAtA[i:], m.ID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AccessCapabilities) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessCapabilities) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessCapabilities) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.AutoRequest {
i--
if m.AutoRequest {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x30
}
if m.RequireReason {
i--
if m.RequireReason {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x28
}
if len(m.RequestPrompt) > 0 {
i -= len(m.RequestPrompt)
copy(dAtA[i:], m.RequestPrompt)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RequestPrompt)))
i--
dAtA[i] = 0x22
}
if len(m.ApplicableRolesForResources) > 0 {
for iNdEx := len(m.ApplicableRolesForResources) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ApplicableRolesForResources[iNdEx])
copy(dAtA[i:], m.ApplicableRolesForResources[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ApplicableRolesForResources[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.SuggestedReviewers) > 0 {
for iNdEx := len(m.SuggestedReviewers) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.SuggestedReviewers[iNdEx])
copy(dAtA[i:], m.SuggestedReviewers[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.SuggestedReviewers[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.RequestableRoles) > 0 {
for iNdEx := len(m.RequestableRoles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.RequestableRoles[iNdEx])
copy(dAtA[i:], m.RequestableRoles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.RequestableRoles[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *AccessCapabilitiesRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessCapabilitiesRequest) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessCapabilitiesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.FilterRequestableRolesByResource {
i--
if m.FilterRequestableRolesByResource {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x30
}
if len(m.Login) > 0 {
i -= len(m.Login)
copy(dAtA[i:], m.Login)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Login)))
i--
dAtA[i] = 0x2a
}
if len(m.ResourceIDs) > 0 {
for iNdEx := len(m.ResourceIDs) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.ResourceIDs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
}
if m.SuggestedReviewers {
i--
if m.SuggestedReviewers {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x18
}
if m.RequestableRoles {
i--
if m.RequestableRoles {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x10
}
if len(m.User) > 0 {
i -= len(m.User)
copy(dAtA[i:], m.User)
i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *RemoteAccessCapabilities) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RemoteAccessCapabilities) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RemoteAccessCapabilities) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ApplicableRolesForResources) > 0 {
for iNdEx := len(m.ApplicableRolesForResources) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ApplicableRolesForResources[iNdEx])
copy(dAtA[i:], m.ApplicableRolesForResources[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ApplicableRolesForResources[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *RemoteAccessCapabilitiesRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RemoteAccessCapabilitiesRequest) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RemoteAccessCapabilitiesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ResourceIDs) > 0 {
for iNdEx := len(m.ResourceIDs) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.ResourceIDs[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
}
if len(m.SearchAsRoles) > 0 {
for iNdEx := len(m.SearchAsRoles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.SearchAsRoles[iNdEx])
copy(dAtA[i:], m.SearchAsRoles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.SearchAsRoles[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.User) > 0 {
i -= len(m.User)
copy(dAtA[i:], m.User)
i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *RequestKubernetesResource) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RequestKubernetesResource) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RequestKubernetesResource) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.APIGroup) > 0 {
i -= len(m.APIGroup)
copy(dAtA[i:], m.APIGroup)
i = encodeVarintTypes(dAtA, i, uint64(len(m.APIGroup)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ResourceID) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ResourceID) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ResourceID) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.SubResourceName) > 0 {
i -= len(m.SubResourceName)
copy(dAtA[i:], m.SubResourceName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubResourceName)))
i--
dAtA[i] = 0x22
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0x1a
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0x12
}
if len(m.ClusterName) > 0 {
i -= len(m.ClusterName)
copy(dAtA[i:], m.ClusterName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClusterName)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginDataV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginDataV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginDataV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginDataEntry) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginDataEntry) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginDataEntry) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Data) > 0 {
for k := range m.Data {
v := m.Data[k]
baseI := i
i -= len(v)
copy(dAtA[i:], v)
i = encodeVarintTypes(dAtA, i, uint64(len(v)))
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *PluginDataSpecV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginDataSpecV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginDataSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Entries) > 0 {
for k := range m.Entries {
v := m.Entries[k]
baseI := i
if v != nil {
{
size, err := v.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *PluginDataFilter) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginDataFilter) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginDataFilter) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Plugin) > 0 {
i -= len(m.Plugin)
copy(dAtA[i:], m.Plugin)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Plugin)))
i--
dAtA[i] = 0x1a
}
if len(m.Resource) > 0 {
i -= len(m.Resource)
copy(dAtA[i:], m.Resource)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Resource)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginDataUpdateParams) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginDataUpdateParams) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginDataUpdateParams) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Expect) > 0 {
for k := range m.Expect {
v := m.Expect[k]
baseI := i
i -= len(v)
copy(dAtA[i:], v)
i = encodeVarintTypes(dAtA, i, uint64(len(v)))
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0x2a
}
}
if len(m.Set) > 0 {
for k := range m.Set {
v := m.Set[k]
baseI := i
i -= len(v)
copy(dAtA[i:], v)
i = encodeVarintTypes(dAtA, i, uint64(len(v)))
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0x22
}
}
if len(m.Plugin) > 0 {
i -= len(m.Plugin)
copy(dAtA[i:], m.Plugin)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Plugin)))
i--
dAtA[i] = 0x1a
}
if len(m.Resource) > 0 {
i -= len(m.Resource)
copy(dAtA[i:], m.Resource)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Resource)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *RoleFilter) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RoleFilter) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RoleFilter) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.SkipSystemRoles {
i--
if m.SkipSystemRoles {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x10
}
if len(m.SearchKeywords) > 0 {
for iNdEx := len(m.SearchKeywords) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.SearchKeywords[iNdEx])
copy(dAtA[i:], m.SearchKeywords[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.SearchKeywords[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *RoleV6) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RoleV6) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RoleV6) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *RoleSpecV6) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RoleSpecV6) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RoleSpecV6) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Deny.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
{
size, err := m.Allow.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
{
size, err := m.Options.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *SSHLocalPortForwarding) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SSHLocalPortForwarding) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SSHLocalPortForwarding) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Enabled != nil {
{
size := m.Enabled.Size()
i -= size
if _, err := m.Enabled.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SSHRemotePortForwarding) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SSHRemotePortForwarding) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SSHRemotePortForwarding) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Enabled != nil {
{
size := m.Enabled.Size()
i -= size
if _, err := m.Enabled.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SSHPortForwarding) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SSHPortForwarding) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SSHPortForwarding) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Remote != nil {
{
size, err := m.Remote.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
if m.Local != nil {
{
size, err := m.Local.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *RoleOptions) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RoleOptions) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RoleOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.SSHPortForwarding != nil {
{
size, err := m.SSHPortForwarding.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2
i--
dAtA[i] = 0x82
}
if len(m.CreateHostUserDefaultShell) > 0 {
i -= len(m.CreateHostUserDefaultShell)
copy(dAtA[i:], m.CreateHostUserDefaultShell)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CreateHostUserDefaultShell)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xfa
}
n188, err188 := github_com_gogo_protobuf_types.StdDurationMarshalTo(m.MFAVerificationInterval, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdDuration(m.MFAVerificationInterval):])
if err188 != nil {
return 0, err188
}
i -= n188
i = encodeVarintTypes(dAtA, i, uint64(n188))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xf2
if m.CreateDatabaseUserMode != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.CreateDatabaseUserMode))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xe8
}
if m.CreateHostUserMode != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.CreateHostUserMode))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xe0
}
if m.CreateDatabaseUser != nil {
{
size := m.CreateDatabaseUser.Size()
i -= size
if _, err := m.CreateDatabaseUser.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xda
}
if m.CreateDesktopUser != nil {
{
size := m.CreateDesktopUser.Size()
i -= size
if _, err := m.CreateDesktopUser.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xd2
}
if m.IDP != nil {
{
size, err := m.IDP.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xca
}
if len(m.DeviceTrustMode) > 0 {
i -= len(m.DeviceTrustMode)
copy(dAtA[i:], m.DeviceTrustMode)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DeviceTrustMode)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xc2
}
if m.RequireMFAType != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.RequireMFAType))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xb8
}
if m.SSHFileCopy != nil {
{
size := m.SSHFileCopy.Size()
i -= size
if _, err := m.SSHFileCopy.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xb2
}
if m.PinSourceIP {
i--
if m.PinSourceIP {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xa8
}
if m.CreateHostUser != nil {
{
size := m.CreateHostUser.Size()
i -= size
if _, err := m.CreateHostUser.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xa2
}
if m.DesktopDirectorySharing != nil {
{
size := m.DesktopDirectorySharing.Size()
i -= size
if _, err := m.DesktopDirectorySharing.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x9a
}
if m.MaxKubernetesConnections != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.MaxKubernetesConnections))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x90
}
if len(m.CertExtensions) > 0 {
for iNdEx := len(m.CertExtensions) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.CertExtensions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x8a
}
}
if m.DesktopClipboard != nil {
{
size := m.DesktopClipboard.Size()
i -= size
if _, err := m.DesktopClipboard.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x82
}
if m.RecordSession != nil {
{
size, err := m.RecordSession.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x7a
}
if len(m.Lock) > 0 {
i -= len(m.Lock)
copy(dAtA[i:], m.Lock)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Lock)))
i--
dAtA[i] = 0x72
}
if len(m.RequestPrompt) > 0 {
i -= len(m.RequestPrompt)
copy(dAtA[i:], m.RequestPrompt)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RequestPrompt)))
i--
dAtA[i] = 0x62
}
if len(m.RequestAccess) > 0 {
i -= len(m.RequestAccess)
copy(dAtA[i:], m.RequestAccess)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RequestAccess)))
i--
dAtA[i] = 0x5a
}
if m.MaxSessions != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.MaxSessions))
i--
dAtA[i] = 0x50
}
if m.MaxConnections != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.MaxConnections))
i--
dAtA[i] = 0x48
}
if m.PermitX11Forwarding {
i--
if m.PermitX11Forwarding {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x40
}
if len(m.BPF) > 0 {
for iNdEx := len(m.BPF) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.BPF[iNdEx])
copy(dAtA[i:], m.BPF[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.BPF[iNdEx])))
i--
dAtA[i] = 0x3a
}
}
if m.DisconnectExpiredCert {
i--
if m.DisconnectExpiredCert {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x30
}
if m.ClientIdleTimeout != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ClientIdleTimeout))
i--
dAtA[i] = 0x28
}
if len(m.CertificateFormat) > 0 {
i -= len(m.CertificateFormat)
copy(dAtA[i:], m.CertificateFormat)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CertificateFormat)))
i--
dAtA[i] = 0x22
}
if m.PortForwarding != nil {
{
size := m.PortForwarding.Size()
i -= size
if _, err := m.PortForwarding.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
if m.MaxSessionTTL != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.MaxSessionTTL))
i--
dAtA[i] = 0x10
}
if m.ForwardAgent {
i--
if m.ForwardAgent {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *RecordSession) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RecordSession) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RecordSession) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.SSH) > 0 {
i -= len(m.SSH)
copy(dAtA[i:], m.SSH)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SSH)))
i--
dAtA[i] = 0x1a
}
if len(m.Default) > 0 {
i -= len(m.Default)
copy(dAtA[i:], m.Default)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Default)))
i--
dAtA[i] = 0x12
}
if m.Desktop != nil {
{
size := m.Desktop.Size()
i -= size
if _, err := m.Desktop.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *CertExtension) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *CertExtension) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *CertExtension) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Value) > 0 {
i -= len(m.Value)
copy(dAtA[i:], m.Value)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Value)))
i--
dAtA[i] = 0x22
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0x1a
}
if m.Mode != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Mode))
i--
dAtA[i] = 0x10
}
if m.Type != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Type))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *RoleConditions) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RoleConditions) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RoleConditions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.MCP != nil {
{
size, err := m.MCP.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2
i--
dAtA[i] = 0xf2
}
if len(m.WorkloadIdentityLabelsExpression) > 0 {
i -= len(m.WorkloadIdentityLabelsExpression)
copy(dAtA[i:], m.WorkloadIdentityLabelsExpression)
i = encodeVarintTypes(dAtA, i, uint64(len(m.WorkloadIdentityLabelsExpression)))
i--
dAtA[i] = 0x2
i--
dAtA[i] = 0xea
}
{
size := m.WorkloadIdentityLabels.Size()
i -= size
if _, err := m.WorkloadIdentityLabels.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2
i--
dAtA[i] = 0xe2
if len(m.GitHubPermissions) > 0 {
for iNdEx := len(m.GitHubPermissions) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.GitHubPermissions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2
i--
dAtA[i] = 0xda
}
}
if len(m.AccountAssignments) > 0 {
for iNdEx := len(m.AccountAssignments) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.AccountAssignments[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2
i--
dAtA[i] = 0xd2
}
}
if len(m.SPIFFE) > 0 {
for iNdEx := len(m.SPIFFE) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.SPIFFE[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2
i--
dAtA[i] = 0xba
}
}
if len(m.DatabasePermissions) > 0 {
for iNdEx := len(m.DatabasePermissions) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.DatabasePermissions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2
i--
dAtA[i] = 0xb2
}
}
if len(m.GroupLabelsExpression) > 0 {
i -= len(m.GroupLabelsExpression)
copy(dAtA[i:], m.GroupLabelsExpression)
i = encodeVarintTypes(dAtA, i, uint64(len(m.GroupLabelsExpression)))
i--
dAtA[i] = 0x2
i--
dAtA[i] = 0xaa
}
if len(m.WindowsDesktopLabelsExpression) > 0 {
i -= len(m.WindowsDesktopLabelsExpression)
copy(dAtA[i:], m.WindowsDesktopLabelsExpression)
i = encodeVarintTypes(dAtA, i, uint64(len(m.WindowsDesktopLabelsExpression)))
i--
dAtA[i] = 0x2
i--
dAtA[i] = 0xa2
}
if len(m.DatabaseServiceLabelsExpression) > 0 {
i -= len(m.DatabaseServiceLabelsExpression)
copy(dAtA[i:], m.DatabaseServiceLabelsExpression)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DatabaseServiceLabelsExpression)))
i--
dAtA[i] = 0x2
i--
dAtA[i] = 0x9a
}
if len(m.DatabaseLabelsExpression) > 0 {
i -= len(m.DatabaseLabelsExpression)
copy(dAtA[i:], m.DatabaseLabelsExpression)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DatabaseLabelsExpression)))
i--
dAtA[i] = 0x2
i--
dAtA[i] = 0x92
}
if len(m.KubernetesLabelsExpression) > 0 {
i -= len(m.KubernetesLabelsExpression)
copy(dAtA[i:], m.KubernetesLabelsExpression)
i = encodeVarintTypes(dAtA, i, uint64(len(m.KubernetesLabelsExpression)))
i--
dAtA[i] = 0x2
i--
dAtA[i] = 0x8a
}
if len(m.ClusterLabelsExpression) > 0 {
i -= len(m.ClusterLabelsExpression)
copy(dAtA[i:], m.ClusterLabelsExpression)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClusterLabelsExpression)))
i--
dAtA[i] = 0x2
i--
dAtA[i] = 0x82
}
if len(m.AppLabelsExpression) > 0 {
i -= len(m.AppLabelsExpression)
copy(dAtA[i:], m.AppLabelsExpression)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AppLabelsExpression)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xfa
}
if len(m.NodeLabelsExpression) > 0 {
i -= len(m.NodeLabelsExpression)
copy(dAtA[i:], m.NodeLabelsExpression)
i = encodeVarintTypes(dAtA, i, uint64(len(m.NodeLabelsExpression)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xf2
}
if len(m.DatabaseRoles) > 0 {
for iNdEx := len(m.DatabaseRoles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.DatabaseRoles[iNdEx])
copy(dAtA[i:], m.DatabaseRoles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.DatabaseRoles[iNdEx])))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xea
}
}
if len(m.DesktopGroups) > 0 {
for iNdEx := len(m.DesktopGroups) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.DesktopGroups[iNdEx])
copy(dAtA[i:], m.DesktopGroups[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.DesktopGroups[iNdEx])))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xe2
}
}
{
size := m.GroupLabels.Size()
i -= size
if _, err := m.GroupLabels.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xda
{
size := m.DatabaseServiceLabels.Size()
i -= size
if _, err := m.DatabaseServiceLabels.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xd2
if len(m.GCPServiceAccounts) > 0 {
for iNdEx := len(m.GCPServiceAccounts) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.GCPServiceAccounts[iNdEx])
copy(dAtA[i:], m.GCPServiceAccounts[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.GCPServiceAccounts[iNdEx])))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xca
}
}
if len(m.KubernetesResources) > 0 {
for iNdEx := len(m.KubernetesResources) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.KubernetesResources[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xc2
}
}
if len(m.AzureIdentities) > 0 {
for iNdEx := len(m.AzureIdentities) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.AzureIdentities[iNdEx])
copy(dAtA[i:], m.AzureIdentities[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.AzureIdentities[iNdEx])))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xba
}
}
if len(m.HostSudoers) > 0 {
for iNdEx := len(m.HostSudoers) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.HostSudoers[iNdEx])
copy(dAtA[i:], m.HostSudoers[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.HostSudoers[iNdEx])))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xb2
}
}
if len(m.HostGroups) > 0 {
for iNdEx := len(m.HostGroups) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.HostGroups[iNdEx])
copy(dAtA[i:], m.HostGroups[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.HostGroups[iNdEx])))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xaa
}
}
if len(m.JoinSessions) > 0 {
for iNdEx := len(m.JoinSessions) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.JoinSessions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xa2
}
}
if len(m.RequireSessionJoin) > 0 {
for iNdEx := len(m.RequireSessionJoin) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.RequireSessionJoin[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x9a
}
}
{
size := m.WindowsDesktopLabels.Size()
i -= size
if _, err := m.WindowsDesktopLabels.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x92
if len(m.WindowsDesktopLogins) > 0 {
for iNdEx := len(m.WindowsDesktopLogins) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.WindowsDesktopLogins[iNdEx])
copy(dAtA[i:], m.WindowsDesktopLogins[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.WindowsDesktopLogins[iNdEx])))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x8a
}
}
if len(m.AWSRoleARNs) > 0 {
for iNdEx := len(m.AWSRoleARNs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.AWSRoleARNs[iNdEx])
copy(dAtA[i:], m.AWSRoleARNs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.AWSRoleARNs[iNdEx])))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x82
}
}
if m.ReviewRequests != nil {
{
size, err := m.ReviewRequests.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x7a
}
if m.Impersonate != nil {
{
size, err := m.Impersonate.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x72
}
if len(m.DatabaseUsers) > 0 {
for iNdEx := len(m.DatabaseUsers) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.DatabaseUsers[iNdEx])
copy(dAtA[i:], m.DatabaseUsers[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.DatabaseUsers[iNdEx])))
i--
dAtA[i] = 0x6a
}
}
if len(m.DatabaseNames) > 0 {
for iNdEx := len(m.DatabaseNames) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.DatabaseNames[iNdEx])
copy(dAtA[i:], m.DatabaseNames[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.DatabaseNames[iNdEx])))
i--
dAtA[i] = 0x62
}
}
{
size := m.DatabaseLabels.Size()
i -= size
if _, err := m.DatabaseLabels.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x5a
{
size := m.KubernetesLabels.Size()
i -= size
if _, err := m.KubernetesLabels.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x52
{
size := m.ClusterLabels.Size()
i -= size
if _, err := m.ClusterLabels.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
{
size := m.AppLabels.Size()
i -= size
if _, err := m.AppLabels.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x42
if len(m.KubeUsers) > 0 {
for iNdEx := len(m.KubeUsers) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.KubeUsers[iNdEx])
copy(dAtA[i:], m.KubeUsers[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.KubeUsers[iNdEx])))
i--
dAtA[i] = 0x3a
}
}
if m.Request != nil {
{
size, err := m.Request.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
if len(m.KubeGroups) > 0 {
for iNdEx := len(m.KubeGroups) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.KubeGroups[iNdEx])
copy(dAtA[i:], m.KubeGroups[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.KubeGroups[iNdEx])))
i--
dAtA[i] = 0x2a
}
}
if len(m.Rules) > 0 {
for iNdEx := len(m.Rules) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Rules[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
}
{
size := m.NodeLabels.Size()
i -= size
if _, err := m.NodeLabels.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
if len(m.Namespaces) > 0 {
for iNdEx := len(m.Namespaces) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Namespaces[iNdEx])
copy(dAtA[i:], m.Namespaces[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Namespaces[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Logins) > 0 {
for iNdEx := len(m.Logins) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Logins[iNdEx])
copy(dAtA[i:], m.Logins[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Logins[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *IdentityCenterAccountAssignment) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *IdentityCenterAccountAssignment) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *IdentityCenterAccountAssignment) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Account) > 0 {
i -= len(m.Account)
copy(dAtA[i:], m.Account)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Account)))
i--
dAtA[i] = 0x12
}
if len(m.PermissionSet) > 0 {
i -= len(m.PermissionSet)
copy(dAtA[i:], m.PermissionSet)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PermissionSet)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *GitHubPermission) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *GitHubPermission) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *GitHubPermission) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Organizations) > 0 {
for iNdEx := len(m.Organizations) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Organizations[iNdEx])
copy(dAtA[i:], m.Organizations[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Organizations[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *MCPPermissions) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *MCPPermissions) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *MCPPermissions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Tools) > 0 {
for iNdEx := len(m.Tools) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Tools[iNdEx])
copy(dAtA[i:], m.Tools[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Tools[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *SPIFFERoleCondition) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SPIFFERoleCondition) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SPIFFERoleCondition) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.IPSANs) > 0 {
for iNdEx := len(m.IPSANs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.IPSANs[iNdEx])
copy(dAtA[i:], m.IPSANs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.IPSANs[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.DNSSANs) > 0 {
for iNdEx := len(m.DNSSANs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.DNSSANs[iNdEx])
copy(dAtA[i:], m.DNSSANs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.DNSSANs[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Path) > 0 {
i -= len(m.Path)
copy(dAtA[i:], m.Path)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Path)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *DatabasePermission) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DatabasePermission) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DatabasePermission) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size := m.Match.Size()
i -= size
if _, err := m.Match.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
if len(m.Permissions) > 0 {
for iNdEx := len(m.Permissions) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Permissions[iNdEx])
copy(dAtA[i:], m.Permissions[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Permissions[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *KubernetesResource) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KubernetesResource) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KubernetesResource) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.APIGroup) > 0 {
i -= len(m.APIGroup)
copy(dAtA[i:], m.APIGroup)
i = encodeVarintTypes(dAtA, i, uint64(len(m.APIGroup)))
i--
dAtA[i] = 0x2a
}
if len(m.Verbs) > 0 {
for iNdEx := len(m.Verbs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Verbs[iNdEx])
copy(dAtA[i:], m.Verbs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Verbs[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0x1a
}
if len(m.Namespace) > 0 {
i -= len(m.Namespace)
copy(dAtA[i:], m.Namespace)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Namespace)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SessionRequirePolicy) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SessionRequirePolicy) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SessionRequirePolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.OnLeave) > 0 {
i -= len(m.OnLeave)
copy(dAtA[i:], m.OnLeave)
i = encodeVarintTypes(dAtA, i, uint64(len(m.OnLeave)))
i--
dAtA[i] = 0x32
}
if len(m.Modes) > 0 {
for iNdEx := len(m.Modes) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Modes[iNdEx])
copy(dAtA[i:], m.Modes[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Modes[iNdEx])))
i--
dAtA[i] = 0x2a
}
}
if m.Count != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Count))
i--
dAtA[i] = 0x20
}
if len(m.Kinds) > 0 {
for iNdEx := len(m.Kinds) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Kinds[iNdEx])
copy(dAtA[i:], m.Kinds[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kinds[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.Filter) > 0 {
i -= len(m.Filter)
copy(dAtA[i:], m.Filter)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Filter)))
i--
dAtA[i] = 0x12
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SessionJoinPolicy) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SessionJoinPolicy) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SessionJoinPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Modes) > 0 {
for iNdEx := len(m.Modes) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Modes[iNdEx])
copy(dAtA[i:], m.Modes[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Modes[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if len(m.Kinds) > 0 {
for iNdEx := len(m.Kinds) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Kinds[iNdEx])
copy(dAtA[i:], m.Kinds[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kinds[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.Roles) > 0 {
for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Roles[iNdEx])
copy(dAtA[i:], m.Roles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Roles[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AccessRequestConditions) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessRequestConditions) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessRequestConditions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Reason != nil {
{
size, err := m.Reason.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
}
if len(m.KubernetesResources) > 0 {
for iNdEx := len(m.KubernetesResources) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.KubernetesResources[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x42
}
}
if m.MaxDuration != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.MaxDuration))
i--
dAtA[i] = 0x38
}
if len(m.SearchAsRoles) > 0 {
for iNdEx := len(m.SearchAsRoles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.SearchAsRoles[iNdEx])
copy(dAtA[i:], m.SearchAsRoles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.SearchAsRoles[iNdEx])))
i--
dAtA[i] = 0x32
}
}
if len(m.SuggestedReviewers) > 0 {
for iNdEx := len(m.SuggestedReviewers) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.SuggestedReviewers[iNdEx])
copy(dAtA[i:], m.SuggestedReviewers[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.SuggestedReviewers[iNdEx])))
i--
dAtA[i] = 0x2a
}
}
if len(m.Thresholds) > 0 {
for iNdEx := len(m.Thresholds) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Thresholds[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
}
{
size := m.Annotations.Size()
i -= size
if _, err := m.Annotations.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
if len(m.ClaimsToRoles) > 0 {
for iNdEx := len(m.ClaimsToRoles) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.ClaimsToRoles[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
}
if len(m.Roles) > 0 {
for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Roles[iNdEx])
copy(dAtA[i:], m.Roles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Roles[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *AccessRequestConditionsReason) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessRequestConditionsReason) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessRequestConditionsReason) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Prompt) > 0 {
i -= len(m.Prompt)
copy(dAtA[i:], m.Prompt)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Prompt)))
i--
dAtA[i] = 0x12
}
if len(m.Mode) > 0 {
i -= len(m.Mode)
copy(dAtA[i:], m.Mode)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Mode)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AccessReviewConditions) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessReviewConditions) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessReviewConditions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.PreviewAsRoles) > 0 {
for iNdEx := len(m.PreviewAsRoles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.PreviewAsRoles[iNdEx])
copy(dAtA[i:], m.PreviewAsRoles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.PreviewAsRoles[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if len(m.Where) > 0 {
i -= len(m.Where)
copy(dAtA[i:], m.Where)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Where)))
i--
dAtA[i] = 0x1a
}
if len(m.ClaimsToRoles) > 0 {
for iNdEx := len(m.ClaimsToRoles) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.ClaimsToRoles[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
}
if len(m.Roles) > 0 {
for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Roles[iNdEx])
copy(dAtA[i:], m.Roles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Roles[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *AccessRequestAllowedPromotion) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessRequestAllowedPromotion) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessRequestAllowedPromotion) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.AccessListName) > 0 {
i -= len(m.AccessListName)
copy(dAtA[i:], m.AccessListName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AccessListName)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AccessRequestAllowedPromotions) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessRequestAllowedPromotions) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessRequestAllowedPromotions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Promotions) > 0 {
for iNdEx := len(m.Promotions) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Promotions[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ResourceIDList) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ResourceIDList) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ResourceIDList) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ResourceIds) > 0 {
for iNdEx := len(m.ResourceIds) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.ResourceIds[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *LongTermResourceGrouping) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *LongTermResourceGrouping) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *LongTermResourceGrouping) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.CanProceed {
i--
if m.CanProceed {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x20
}
if len(m.ValidationMessage) > 0 {
i -= len(m.ValidationMessage)
copy(dAtA[i:], m.ValidationMessage)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ValidationMessage)))
i--
dAtA[i] = 0x1a
}
if len(m.RecommendedAccessList) > 0 {
i -= len(m.RecommendedAccessList)
copy(dAtA[i:], m.RecommendedAccessList)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RecommendedAccessList)))
i--
dAtA[i] = 0x12
}
if len(m.AccessListToResources) > 0 {
for k := range m.AccessListToResources {
v := m.AccessListToResources[k]
baseI := i
{
size, err := (&v).MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ClaimMapping) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ClaimMapping) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ClaimMapping) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Roles) > 0 {
for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Roles[iNdEx])
copy(dAtA[i:], m.Roles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Roles[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.Value) > 0 {
i -= len(m.Value)
copy(dAtA[i:], m.Value)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Value)))
i--
dAtA[i] = 0x12
}
if len(m.Claim) > 0 {
i -= len(m.Claim)
copy(dAtA[i:], m.Claim)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Claim)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *TraitMapping) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *TraitMapping) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TraitMapping) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Roles) > 0 {
for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Roles[iNdEx])
copy(dAtA[i:], m.Roles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Roles[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.Value) > 0 {
i -= len(m.Value)
copy(dAtA[i:], m.Value)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Value)))
i--
dAtA[i] = 0x12
}
if len(m.Trait) > 0 {
i -= len(m.Trait)
copy(dAtA[i:], m.Trait)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Trait)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *Rule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Rule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Rule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Actions) > 0 {
for iNdEx := len(m.Actions) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Actions[iNdEx])
copy(dAtA[i:], m.Actions[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Actions[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if len(m.Where) > 0 {
i -= len(m.Where)
copy(dAtA[i:], m.Where)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Where)))
i--
dAtA[i] = 0x1a
}
if len(m.Verbs) > 0 {
for iNdEx := len(m.Verbs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Verbs[iNdEx])
copy(dAtA[i:], m.Verbs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Verbs[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Resources) > 0 {
for iNdEx := len(m.Resources) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Resources[iNdEx])
copy(dAtA[i:], m.Resources[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Resources[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ImpersonateConditions) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ImpersonateConditions) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ImpersonateConditions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Where) > 0 {
i -= len(m.Where)
copy(dAtA[i:], m.Where)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Where)))
i--
dAtA[i] = 0x1a
}
if len(m.Roles) > 0 {
for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Roles[iNdEx])
copy(dAtA[i:], m.Roles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Roles[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Users) > 0 {
for iNdEx := len(m.Users) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Users[iNdEx])
copy(dAtA[i:], m.Users[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Users[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *BoolValue) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *BoolValue) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *BoolValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Value {
i--
if m.Value {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *UserFilter) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *UserFilter) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *UserFilter) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.SkipSystemUsers {
i--
if m.SkipSystemUsers {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x10
}
if len(m.SearchKeywords) > 0 {
for iNdEx := len(m.SearchKeywords) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.SearchKeywords[iNdEx])
copy(dAtA[i:], m.SearchKeywords[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.SearchKeywords[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *UserV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *UserV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *UserV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *UserStatusV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *UserStatusV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *UserStatusV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.MfaWeakestDevice != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.MfaWeakestDevice))
i--
dAtA[i] = 0x10
}
if m.PasswordState != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.PasswordState))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *UserSpecV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *UserSpecV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *UserSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.TrustedDeviceIDs) > 0 {
for iNdEx := len(m.TrustedDeviceIDs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.TrustedDeviceIDs[iNdEx])
copy(dAtA[i:], m.TrustedDeviceIDs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.TrustedDeviceIDs[iNdEx])))
i--
dAtA[i] = 0x52
}
}
if m.LocalAuth != nil {
{
size, err := m.LocalAuth.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
}
{
size, err := m.CreatedBy.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x42
n221, err221 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):])
if err221 != nil {
return 0, err221
}
i -= n221
i = encodeVarintTypes(dAtA, i, uint64(n221))
i--
dAtA[i] = 0x3a
{
size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
{
size := m.Traits.Size()
i -= size
if _, err := m.Traits.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
if len(m.Roles) > 0 {
for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Roles[iNdEx])
copy(dAtA[i:], m.Roles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Roles[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if len(m.GithubIdentities) > 0 {
for iNdEx := len(m.GithubIdentities) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.GithubIdentities[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
}
if len(m.SAMLIdentities) > 0 {
for iNdEx := len(m.SAMLIdentities) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.SAMLIdentities[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
}
if len(m.OIDCIdentities) > 0 {
for iNdEx := len(m.OIDCIdentities) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.OIDCIdentities[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ExternalIdentity) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ExternalIdentity) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ExternalIdentity) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.UserID) > 0 {
i -= len(m.UserID)
copy(dAtA[i:], m.UserID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserID)))
i--
dAtA[i] = 0x22
}
if len(m.SAMLSingleLogoutURL) > 0 {
i -= len(m.SAMLSingleLogoutURL)
copy(dAtA[i:], m.SAMLSingleLogoutURL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SAMLSingleLogoutURL)))
i--
dAtA[i] = 0x1a
}
if len(m.Username) > 0 {
i -= len(m.Username)
copy(dAtA[i:], m.Username)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Username)))
i--
dAtA[i] = 0x12
}
if len(m.ConnectorID) > 0 {
i -= len(m.ConnectorID)
copy(dAtA[i:], m.ConnectorID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ConnectorID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *LoginStatus) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *LoginStatus) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *LoginStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
n224, err224 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LockExpires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LockExpires):])
if err224 != nil {
return 0, err224
}
i -= n224
i = encodeVarintTypes(dAtA, i, uint64(n224))
i--
dAtA[i] = 0x22
n225, err225 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LockedTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LockedTime):])
if err225 != nil {
return 0, err225
}
i -= n225
i = encodeVarintTypes(dAtA, i, uint64(n225))
i--
dAtA[i] = 0x1a
if len(m.LockedMessage) > 0 {
i -= len(m.LockedMessage)
copy(dAtA[i:], m.LockedMessage)
i = encodeVarintTypes(dAtA, i, uint64(len(m.LockedMessage)))
i--
dAtA[i] = 0x12
}
if m.IsLocked {
i--
if m.IsLocked {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *CreatedBy) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *CreatedBy) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *CreatedBy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.User.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
n227, err227 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Time, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Time):])
if err227 != nil {
return 0, err227
}
i -= n227
i = encodeVarintTypes(dAtA, i, uint64(n227))
i--
dAtA[i] = 0x12
if m.Connector != nil {
{
size, err := m.Connector.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *LocalAuthSecrets) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *LocalAuthSecrets) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *LocalAuthSecrets) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Webauthn != nil {
{
size, err := m.Webauthn.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
if len(m.MFA) > 0 {
for iNdEx := len(m.MFA) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.MFA[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
}
}
if len(m.TOTPKey) > 0 {
i -= len(m.TOTPKey)
copy(dAtA[i:], m.TOTPKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TOTPKey)))
i--
dAtA[i] = 0x12
}
if len(m.PasswordHash) > 0 {
i -= len(m.PasswordHash)
copy(dAtA[i:], m.PasswordHash)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PasswordHash)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *WebauthnLocalAuth) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *WebauthnLocalAuth) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *WebauthnLocalAuth) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.UserID) > 0 {
i -= len(m.UserID)
copy(dAtA[i:], m.UserID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ConnectorRef) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ConnectorRef) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ConnectorRef) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Identity) > 0 {
i -= len(m.Identity)
copy(dAtA[i:], m.Identity)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Identity)))
i--
dAtA[i] = 0x1a
}
if len(m.ID) > 0 {
i -= len(m.ID)
copy(dAtA[i:], m.ID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ID)))
i--
dAtA[i] = 0x12
}
if len(m.Type) > 0 {
i -= len(m.Type)
copy(dAtA[i:], m.Type)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *UserRef) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *UserRef) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *UserRef) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ReverseTunnelV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ReverseTunnelV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ReverseTunnelV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ReverseTunnelSpecV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ReverseTunnelSpecV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ReverseTunnelSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Type) > 0 {
i -= len(m.Type)
copy(dAtA[i:], m.Type)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
i--
dAtA[i] = 0x1a
}
if len(m.DialAddrs) > 0 {
for iNdEx := len(m.DialAddrs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.DialAddrs[iNdEx])
copy(dAtA[i:], m.DialAddrs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.DialAddrs[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.ClusterName) > 0 {
i -= len(m.ClusterName)
copy(dAtA[i:], m.ClusterName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClusterName)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *TunnelConnectionV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *TunnelConnectionV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TunnelConnectionV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *TunnelConnectionSpecV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *TunnelConnectionSpecV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TunnelConnectionSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Type) > 0 {
i -= len(m.Type)
copy(dAtA[i:], m.Type)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
i--
dAtA[i] = 0x22
}
n234, err234 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastHeartbeat, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastHeartbeat):])
if err234 != nil {
return 0, err234
}
i -= n234
i = encodeVarintTypes(dAtA, i, uint64(n234))
i--
dAtA[i] = 0x1a
if len(m.ProxyName) > 0 {
i -= len(m.ProxyName)
copy(dAtA[i:], m.ProxyName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProxyName)))
i--
dAtA[i] = 0x12
}
if len(m.ClusterName) > 0 {
i -= len(m.ClusterName)
copy(dAtA[i:], m.ClusterName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClusterName)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SemaphoreFilter) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SemaphoreFilter) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SemaphoreFilter) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.SemaphoreName) > 0 {
i -= len(m.SemaphoreName)
copy(dAtA[i:], m.SemaphoreName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SemaphoreName)))
i--
dAtA[i] = 0x12
}
if len(m.SemaphoreKind) > 0 {
i -= len(m.SemaphoreKind)
copy(dAtA[i:], m.SemaphoreKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SemaphoreKind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AcquireSemaphoreRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AcquireSemaphoreRequest) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AcquireSemaphoreRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Holder) > 0 {
i -= len(m.Holder)
copy(dAtA[i:], m.Holder)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Holder)))
i--
dAtA[i] = 0x2a
}
n235, err235 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):])
if err235 != nil {
return 0, err235
}
i -= n235
i = encodeVarintTypes(dAtA, i, uint64(n235))
i--
dAtA[i] = 0x22
if m.MaxLeases != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.MaxLeases))
i--
dAtA[i] = 0x18
}
if len(m.SemaphoreName) > 0 {
i -= len(m.SemaphoreName)
copy(dAtA[i:], m.SemaphoreName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SemaphoreName)))
i--
dAtA[i] = 0x12
}
if len(m.SemaphoreKind) > 0 {
i -= len(m.SemaphoreKind)
copy(dAtA[i:], m.SemaphoreKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SemaphoreKind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SemaphoreLease) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SemaphoreLease) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SemaphoreLease) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
n236, err236 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):])
if err236 != nil {
return 0, err236
}
i -= n236
i = encodeVarintTypes(dAtA, i, uint64(n236))
i--
dAtA[i] = 0x2a
if len(m.LeaseID) > 0 {
i -= len(m.LeaseID)
copy(dAtA[i:], m.LeaseID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.LeaseID)))
i--
dAtA[i] = 0x1a
}
if len(m.SemaphoreName) > 0 {
i -= len(m.SemaphoreName)
copy(dAtA[i:], m.SemaphoreName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SemaphoreName)))
i--
dAtA[i] = 0x12
}
if len(m.SemaphoreKind) > 0 {
i -= len(m.SemaphoreKind)
copy(dAtA[i:], m.SemaphoreKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SemaphoreKind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SemaphoreLeaseRef) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SemaphoreLeaseRef) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SemaphoreLeaseRef) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Holder) > 0 {
i -= len(m.Holder)
copy(dAtA[i:], m.Holder)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Holder)))
i--
dAtA[i] = 0x1a
}
n237, err237 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):])
if err237 != nil {
return 0, err237
}
i -= n237
i = encodeVarintTypes(dAtA, i, uint64(n237))
i--
dAtA[i] = 0x12
if len(m.LeaseID) > 0 {
i -= len(m.LeaseID)
copy(dAtA[i:], m.LeaseID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.LeaseID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SemaphoreV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SemaphoreV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SemaphoreV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SemaphoreSpecV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SemaphoreSpecV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SemaphoreSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Leases) > 0 {
for iNdEx := len(m.Leases) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Leases[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *WebSessionV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *WebSessionV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *WebSessionV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *WebSessionSpecV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *WebSessionSpecV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *WebSessionSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.TLSPriv) > 0 {
i -= len(m.TLSPriv)
copy(dAtA[i:], m.TLSPriv)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TLSPriv)))
i--
dAtA[i] = 0x7a
}
if m.TrustedDeviceRequirement != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.TrustedDeviceRequirement))
i--
dAtA[i] = 0x70
}
if m.HasDeviceExtensions {
i--
if m.HasDeviceExtensions {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x68
}
if m.DeviceWebToken != nil {
{
size, err := m.DeviceWebToken.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x62
}
if m.SAMLSession != nil {
{
size, err := m.SAMLSession.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x5a
}
if len(m.ConsumedAccessRequestID) > 0 {
i -= len(m.ConsumedAccessRequestID)
copy(dAtA[i:], m.ConsumedAccessRequestID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ConsumedAccessRequestID)))
i--
dAtA[i] = 0x52
}
if m.IdleTimeout != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.IdleTimeout))
i--
dAtA[i] = 0x48
}
n244, err244 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LoginTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LoginTime):])
if err244 != nil {
return 0, err244
}
i -= n244
i = encodeVarintTypes(dAtA, i, uint64(n244))
i--
dAtA[i] = 0x42
n245, err245 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):])
if err245 != nil {
return 0, err245
}
i -= n245
i = encodeVarintTypes(dAtA, i, uint64(n245))
i--
dAtA[i] = 0x3a
n246, err246 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.BearerTokenExpires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.BearerTokenExpires):])
if err246 != nil {
return 0, err246
}
i -= n246
i = encodeVarintTypes(dAtA, i, uint64(n246))
i--
dAtA[i] = 0x32
if len(m.BearerToken) > 0 {
i -= len(m.BearerToken)
copy(dAtA[i:], m.BearerToken)
i = encodeVarintTypes(dAtA, i, uint64(len(m.BearerToken)))
i--
dAtA[i] = 0x2a
}
if len(m.TLSCert) > 0 {
i -= len(m.TLSCert)
copy(dAtA[i:], m.TLSCert)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TLSCert)))
i--
dAtA[i] = 0x22
}
if len(m.Priv) > 0 {
i -= len(m.Priv)
copy(dAtA[i:], m.Priv)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Priv)))
i--
dAtA[i] = 0x1a
}
if len(m.Pub) > 0 {
i -= len(m.Pub)
copy(dAtA[i:], m.Pub)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Pub)))
i--
dAtA[i] = 0x12
}
if len(m.User) > 0 {
i -= len(m.User)
copy(dAtA[i:], m.User)
i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *DeviceWebToken) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DeviceWebToken) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DeviceWebToken) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Token) > 0 {
i -= len(m.Token)
copy(dAtA[i:], m.Token)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Token)))
i--
dAtA[i] = 0x12
}
if len(m.Id) > 0 {
i -= len(m.Id)
copy(dAtA[i:], m.Id)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Id)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *WebSessionFilter) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *WebSessionFilter) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *WebSessionFilter) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.User) > 0 {
i -= len(m.User)
copy(dAtA[i:], m.User)
i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SAMLSessionData) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SAMLSessionData) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SAMLSessionData) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.CustomAttributes) > 0 {
for iNdEx := len(m.CustomAttributes) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.CustomAttributes[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x7a
}
}
if len(m.UserScopedAffiliation) > 0 {
i -= len(m.UserScopedAffiliation)
copy(dAtA[i:], m.UserScopedAffiliation)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserScopedAffiliation)))
i--
dAtA[i] = 0x72
}
if len(m.UserGivenName) > 0 {
i -= len(m.UserGivenName)
copy(dAtA[i:], m.UserGivenName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserGivenName)))
i--
dAtA[i] = 0x6a
}
if len(m.UserSurname) > 0 {
i -= len(m.UserSurname)
copy(dAtA[i:], m.UserSurname)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserSurname)))
i--
dAtA[i] = 0x62
}
if len(m.UserCommonName) > 0 {
i -= len(m.UserCommonName)
copy(dAtA[i:], m.UserCommonName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserCommonName)))
i--
dAtA[i] = 0x5a
}
if len(m.UserEmail) > 0 {
i -= len(m.UserEmail)
copy(dAtA[i:], m.UserEmail)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserEmail)))
i--
dAtA[i] = 0x52
}
if len(m.UserName) > 0 {
i -= len(m.UserName)
copy(dAtA[i:], m.UserName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserName)))
i--
dAtA[i] = 0x4a
}
if len(m.Groups) > 0 {
for iNdEx := len(m.Groups) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Groups[iNdEx])
copy(dAtA[i:], m.Groups[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Groups[iNdEx])))
i--
dAtA[i] = 0x42
}
}
if len(m.SubjectID) > 0 {
i -= len(m.SubjectID)
copy(dAtA[i:], m.SubjectID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubjectID)))
i--
dAtA[i] = 0x3a
}
if len(m.NameIDFormat) > 0 {
i -= len(m.NameIDFormat)
copy(dAtA[i:], m.NameIDFormat)
i = encodeVarintTypes(dAtA, i, uint64(len(m.NameIDFormat)))
i--
dAtA[i] = 0x32
}
if len(m.NameID) > 0 {
i -= len(m.NameID)
copy(dAtA[i:], m.NameID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.NameID)))
i--
dAtA[i] = 0x2a
}
if len(m.Index) > 0 {
i -= len(m.Index)
copy(dAtA[i:], m.Index)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Index)))
i--
dAtA[i] = 0x22
}
n247, err247 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.ExpireTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.ExpireTime):])
if err247 != nil {
return 0, err247
}
i -= n247
i = encodeVarintTypes(dAtA, i, uint64(n247))
i--
dAtA[i] = 0x1a
n248, err248 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.CreateTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.CreateTime):])
if err248 != nil {
return 0, err248
}
i -= n248
i = encodeVarintTypes(dAtA, i, uint64(n248))
i--
dAtA[i] = 0x12
if len(m.ID) > 0 {
i -= len(m.ID)
copy(dAtA[i:], m.ID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SAMLAttribute) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SAMLAttribute) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SAMLAttribute) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Values) > 0 {
for iNdEx := len(m.Values) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Values[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
}
if len(m.NameFormat) > 0 {
i -= len(m.NameFormat)
copy(dAtA[i:], m.NameFormat)
i = encodeVarintTypes(dAtA, i, uint64(len(m.NameFormat)))
i--
dAtA[i] = 0x1a
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0x12
}
if len(m.FriendlyName) > 0 {
i -= len(m.FriendlyName)
copy(dAtA[i:], m.FriendlyName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.FriendlyName)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SAMLAttributeValue) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SAMLAttributeValue) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SAMLAttributeValue) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.NameID != nil {
{
size, err := m.NameID.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
if len(m.Value) > 0 {
i -= len(m.Value)
copy(dAtA[i:], m.Value)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Value)))
i--
dAtA[i] = 0x12
}
if len(m.Type) > 0 {
i -= len(m.Type)
copy(dAtA[i:], m.Type)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SAMLNameID) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SAMLNameID) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SAMLNameID) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Value) > 0 {
i -= len(m.Value)
copy(dAtA[i:], m.Value)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Value)))
i--
dAtA[i] = 0x2a
}
if len(m.SPProvidedID) > 0 {
i -= len(m.SPProvidedID)
copy(dAtA[i:], m.SPProvidedID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SPProvidedID)))
i--
dAtA[i] = 0x22
}
if len(m.Format) > 0 {
i -= len(m.Format)
copy(dAtA[i:], m.Format)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Format)))
i--
dAtA[i] = 0x1a
}
if len(m.SPNameQualifier) > 0 {
i -= len(m.SPNameQualifier)
copy(dAtA[i:], m.SPNameQualifier)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SPNameQualifier)))
i--
dAtA[i] = 0x12
}
if len(m.NameQualifier) > 0 {
i -= len(m.NameQualifier)
copy(dAtA[i:], m.NameQualifier)
i = encodeVarintTypes(dAtA, i, uint64(len(m.NameQualifier)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *RemoteClusterV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RemoteClusterV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RemoteClusterV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *RemoteClusterStatusV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RemoteClusterStatusV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RemoteClusterStatusV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
n252, err252 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastHeartbeat, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastHeartbeat):])
if err252 != nil {
return 0, err252
}
i -= n252
i = encodeVarintTypes(dAtA, i, uint64(n252))
i--
dAtA[i] = 0x12
if len(m.Connection) > 0 {
i -= len(m.Connection)
copy(dAtA[i:], m.Connection)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Connection)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *KubernetesCluster) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KubernetesCluster) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KubernetesCluster) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.DynamicLabels) > 0 {
for k := range m.DynamicLabels {
v := m.DynamicLabels[k]
baseI := i
{
size, err := (&v).MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0x1a
}
}
if len(m.StaticLabels) > 0 {
for k := range m.StaticLabels {
v := m.StaticLabels[k]
baseI := i
i -= len(v)
copy(dAtA[i:], v)
i = encodeVarintTypes(dAtA, i, uint64(len(v)))
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0x12
}
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *KubernetesClusterV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KubernetesClusterV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KubernetesClusterV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Status != nil {
{
size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *KubernetesClusterSpecV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KubernetesClusterSpecV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KubernetesClusterSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.GCP.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.AWS.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
{
size, err := m.Azure.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
if len(m.Kubeconfig) > 0 {
i -= len(m.Kubeconfig)
copy(dAtA[i:], m.Kubeconfig)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kubeconfig)))
i--
dAtA[i] = 0x12
}
if len(m.DynamicLabels) > 0 {
for k := range m.DynamicLabels {
v := m.DynamicLabels[k]
baseI := i
{
size, err := (&v).MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *KubeAzure) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KubeAzure) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KubeAzure) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.SubscriptionID) > 0 {
i -= len(m.SubscriptionID)
copy(dAtA[i:], m.SubscriptionID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubscriptionID)))
i--
dAtA[i] = 0x22
}
if len(m.TenantID) > 0 {
i -= len(m.TenantID)
copy(dAtA[i:], m.TenantID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TenantID)))
i--
dAtA[i] = 0x1a
}
if len(m.ResourceGroup) > 0 {
i -= len(m.ResourceGroup)
copy(dAtA[i:], m.ResourceGroup)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ResourceGroup)))
i--
dAtA[i] = 0x12
}
if len(m.ResourceName) > 0 {
i -= len(m.ResourceName)
copy(dAtA[i:], m.ResourceName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ResourceName)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *KubeAWS) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KubeAWS) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KubeAWS) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0x1a
}
if len(m.AccountID) > 0 {
i -= len(m.AccountID)
copy(dAtA[i:], m.AccountID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AccountID)))
i--
dAtA[i] = 0x12
}
if len(m.Region) > 0 {
i -= len(m.Region)
copy(dAtA[i:], m.Region)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Region)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *KubeGCP) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KubeGCP) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KubeGCP) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0x1a
}
if len(m.ProjectID) > 0 {
i -= len(m.ProjectID)
copy(dAtA[i:], m.ProjectID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProjectID)))
i--
dAtA[i] = 0x12
}
if len(m.Location) > 0 {
i -= len(m.Location)
copy(dAtA[i:], m.Location)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Location)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *KubernetesClusterStatus) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KubernetesClusterStatus) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KubernetesClusterStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Discovery != nil {
{
size, err := m.Discovery.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *KubernetesClusterDiscoveryStatus) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KubernetesClusterDiscoveryStatus) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KubernetesClusterDiscoveryStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Aws != nil {
{
size, err := m.Aws.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *KubernetesClusterAWSStatus) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KubernetesClusterAWSStatus) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KubernetesClusterAWSStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.DiscoveryAssumedRole != nil {
{
size, err := m.DiscoveryAssumedRole.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
if len(m.Integration) > 0 {
i -= len(m.Integration)
copy(dAtA[i:], m.Integration)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Integration)))
i--
dAtA[i] = 0x12
}
if len(m.SetupAccessForArn) > 0 {
i -= len(m.SetupAccessForArn)
copy(dAtA[i:], m.SetupAccessForArn)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SetupAccessForArn)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *KubernetesClusterV3List) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KubernetesClusterV3List) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KubernetesClusterV3List) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.KubernetesClusters) > 0 {
for iNdEx := len(m.KubernetesClusters) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.KubernetesClusters[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *KubernetesServerV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KubernetesServerV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KubernetesServerV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Scope) > 0 {
i -= len(m.Scope)
copy(dAtA[i:], m.Scope)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Scope)))
i--
dAtA[i] = 0x3a
}
if m.Status != nil {
{
size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *KubernetesServerSpecV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KubernetesServerSpecV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KubernetesServerSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.RelayIds) > 0 {
for iNdEx := len(m.RelayIds) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.RelayIds[iNdEx])
copy(dAtA[i:], m.RelayIds[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.RelayIds[iNdEx])))
i--
dAtA[i] = 0x42
}
}
if len(m.RelayGroup) > 0 {
i -= len(m.RelayGroup)
copy(dAtA[i:], m.RelayGroup)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RelayGroup)))
i--
dAtA[i] = 0x3a
}
if len(m.ProxyIDs) > 0 {
for iNdEx := len(m.ProxyIDs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ProxyIDs[iNdEx])
copy(dAtA[i:], m.ProxyIDs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProxyIDs[iNdEx])))
i--
dAtA[i] = 0x32
}
}
if m.Cluster != nil {
{
size, err := m.Cluster.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
}
{
size, err := m.Rotation.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.HostID) > 0 {
i -= len(m.HostID)
copy(dAtA[i:], m.HostID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.HostID)))
i--
dAtA[i] = 0x1a
}
if len(m.Hostname) > 0 {
i -= len(m.Hostname)
copy(dAtA[i:], m.Hostname)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Hostname)))
i--
dAtA[i] = 0x12
}
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *KubernetesServerStatusV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KubernetesServerStatusV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KubernetesServerStatusV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.TargetHealth != nil {
{
size, err := m.TargetHealth.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *WebTokenV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *WebTokenV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *WebTokenV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *WebTokenSpecV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *WebTokenSpecV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *WebTokenSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Token) > 0 {
i -= len(m.Token)
copy(dAtA[i:], m.Token)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Token)))
i--
dAtA[i] = 0x12
}
if len(m.User) > 0 {
i -= len(m.User)
copy(dAtA[i:], m.User)
i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *GetWebSessionRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *GetWebSessionRequest) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *GetWebSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.SessionID) > 0 {
i -= len(m.SessionID)
copy(dAtA[i:], m.SessionID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SessionID)))
i--
dAtA[i] = 0x12
}
if len(m.User) > 0 {
i -= len(m.User)
copy(dAtA[i:], m.User)
i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *DeleteWebSessionRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DeleteWebSessionRequest) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DeleteWebSessionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.SessionID) > 0 {
i -= len(m.SessionID)
copy(dAtA[i:], m.SessionID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SessionID)))
i--
dAtA[i] = 0x12
}
if len(m.User) > 0 {
i -= len(m.User)
copy(dAtA[i:], m.User)
i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *GetWebTokenRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *GetWebTokenRequest) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *GetWebTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Token) > 0 {
i -= len(m.Token)
copy(dAtA[i:], m.Token)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Token)))
i--
dAtA[i] = 0x12
}
if len(m.User) > 0 {
i -= len(m.User)
copy(dAtA[i:], m.User)
i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *DeleteWebTokenRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DeleteWebTokenRequest) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DeleteWebTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Token) > 0 {
i -= len(m.Token)
copy(dAtA[i:], m.Token)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Token)))
i--
dAtA[i] = 0x12
}
if len(m.User) > 0 {
i -= len(m.User)
copy(dAtA[i:], m.User)
i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ResourceRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ResourceRequest) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ResourceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ResourceWithSecretsRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ResourceWithSecretsRequest) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ResourceWithSecretsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.SAMLValidationNoFollowURLs {
i--
if m.SAMLValidationNoFollowURLs {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x18
}
if m.WithSecrets {
i--
if m.WithSecrets {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x10
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ResourcesWithSecretsRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ResourcesWithSecretsRequest) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ResourcesWithSecretsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.SAMLValidationNoFollowURLs {
i--
if m.SAMLValidationNoFollowURLs {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x10
}
if m.WithSecrets {
i--
if m.WithSecrets {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *ResourceInNamespaceRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ResourceInNamespaceRequest) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ResourceInNamespaceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Namespace) > 0 {
i -= len(m.Namespace)
copy(dAtA[i:], m.Namespace)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Namespace)))
i--
dAtA[i] = 0x12
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ResourcesInNamespaceRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ResourcesInNamespaceRequest) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ResourcesInNamespaceRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Namespace) > 0 {
i -= len(m.Namespace)
copy(dAtA[i:], m.Namespace)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Namespace)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *OIDCConnectorV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *OIDCConnectorV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *OIDCConnectorV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *OIDCConnectorV3List) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *OIDCConnectorV3List) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *OIDCConnectorV3List) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.OIDCConnectors) > 0 {
for iNdEx := len(m.OIDCConnectors) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.OIDCConnectors[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *OIDCConnectorSpecV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *OIDCConnectorSpecV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *OIDCConnectorSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.EntraIdGroupsProvider != nil {
{
size, err := m.EntraIdGroupsProvider.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xba
}
if len(m.RequestObjectMode) > 0 {
i -= len(m.RequestObjectMode)
copy(dAtA[i:], m.RequestObjectMode)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RequestObjectMode)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xb2
}
if len(m.UserMatchers) > 0 {
for iNdEx := len(m.UserMatchers) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.UserMatchers[iNdEx])
copy(dAtA[i:], m.UserMatchers[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserMatchers[iNdEx])))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xaa
}
}
if len(m.PKCEMode) > 0 {
i -= len(m.PKCEMode)
copy(dAtA[i:], m.PKCEMode)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PKCEMode)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xa2
}
if m.MFASettings != nil {
{
size, err := m.MFASettings.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x9a
}
if m.ClientRedirectSettings != nil {
{
size, err := m.ClientRedirectSettings.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x92
}
if m.MaxAge != nil {
{
size, err := m.MaxAge.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x8a
}
if len(m.UsernameClaim) > 0 {
i -= len(m.UsernameClaim)
copy(dAtA[i:], m.UsernameClaim)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UsernameClaim)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x82
}
if m.AllowUnverifiedEmail {
i--
if m.AllowUnverifiedEmail {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x78
}
{
size := m.RedirectURLs.Size()
i -= size
if _, err := m.RedirectURLs.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x72
if len(m.GoogleAdminEmail) > 0 {
i -= len(m.GoogleAdminEmail)
copy(dAtA[i:], m.GoogleAdminEmail)
i = encodeVarintTypes(dAtA, i, uint64(len(m.GoogleAdminEmail)))
i--
dAtA[i] = 0x6a
}
if len(m.GoogleServiceAccount) > 0 {
i -= len(m.GoogleServiceAccount)
copy(dAtA[i:], m.GoogleServiceAccount)
i = encodeVarintTypes(dAtA, i, uint64(len(m.GoogleServiceAccount)))
i--
dAtA[i] = 0x62
}
if len(m.GoogleServiceAccountURI) > 0 {
i -= len(m.GoogleServiceAccountURI)
copy(dAtA[i:], m.GoogleServiceAccountURI)
i = encodeVarintTypes(dAtA, i, uint64(len(m.GoogleServiceAccountURI)))
i--
dAtA[i] = 0x5a
}
if len(m.ClaimsToRoles) > 0 {
for iNdEx := len(m.ClaimsToRoles) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.ClaimsToRoles[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x52
}
}
if len(m.Prompt) > 0 {
i -= len(m.Prompt)
copy(dAtA[i:], m.Prompt)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Prompt)))
i--
dAtA[i] = 0x4a
}
if len(m.Scope) > 0 {
for iNdEx := len(m.Scope) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Scope[iNdEx])
copy(dAtA[i:], m.Scope[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Scope[iNdEx])))
i--
dAtA[i] = 0x42
}
}
if len(m.Display) > 0 {
i -= len(m.Display)
copy(dAtA[i:], m.Display)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Display)))
i--
dAtA[i] = 0x3a
}
if len(m.Provider) > 0 {
i -= len(m.Provider)
copy(dAtA[i:], m.Provider)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Provider)))
i--
dAtA[i] = 0x32
}
if len(m.ACR) > 0 {
i -= len(m.ACR)
copy(dAtA[i:], m.ACR)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ACR)))
i--
dAtA[i] = 0x2a
}
if len(m.ClientSecret) > 0 {
i -= len(m.ClientSecret)
copy(dAtA[i:], m.ClientSecret)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientSecret)))
i--
dAtA[i] = 0x1a
}
if len(m.ClientID) > 0 {
i -= len(m.ClientID)
copy(dAtA[i:], m.ClientID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientID)))
i--
dAtA[i] = 0x12
}
if len(m.IssuerURL) > 0 {
i -= len(m.IssuerURL)
copy(dAtA[i:], m.IssuerURL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.IssuerURL)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *EntraIDGroupsProvider) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *EntraIDGroupsProvider) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *EntraIDGroupsProvider) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.GraphEndpoint) > 0 {
i -= len(m.GraphEndpoint)
copy(dAtA[i:], m.GraphEndpoint)
i = encodeVarintTypes(dAtA, i, uint64(len(m.GraphEndpoint)))
i--
dAtA[i] = 0x1a
}
if len(m.GroupType) > 0 {
i -= len(m.GroupType)
copy(dAtA[i:], m.GroupType)
i = encodeVarintTypes(dAtA, i, uint64(len(m.GroupType)))
i--
dAtA[i] = 0x12
}
if m.Disabled {
i--
if m.Disabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *MaxAge) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *MaxAge) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *MaxAge) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Value != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Value))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *SSOClientRedirectSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SSOClientRedirectSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SSOClientRedirectSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.InsecureAllowedCidrRanges) > 0 {
for iNdEx := len(m.InsecureAllowedCidrRanges) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.InsecureAllowedCidrRanges[iNdEx])
copy(dAtA[i:], m.InsecureAllowedCidrRanges[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.InsecureAllowedCidrRanges[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.AllowedHttpsHostnames) > 0 {
for iNdEx := len(m.AllowedHttpsHostnames) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.AllowedHttpsHostnames[iNdEx])
copy(dAtA[i:], m.AllowedHttpsHostnames[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.AllowedHttpsHostnames[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *OIDCConnectorMFASettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *OIDCConnectorMFASettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *OIDCConnectorMFASettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.RequestObjectMode) > 0 {
i -= len(m.RequestObjectMode)
copy(dAtA[i:], m.RequestObjectMode)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RequestObjectMode)))
i--
dAtA[i] = 0x3a
}
if m.MaxAge != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.MaxAge))
i--
dAtA[i] = 0x30
}
if len(m.Prompt) > 0 {
i -= len(m.Prompt)
copy(dAtA[i:], m.Prompt)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Prompt)))
i--
dAtA[i] = 0x2a
}
if len(m.AcrValues) > 0 {
i -= len(m.AcrValues)
copy(dAtA[i:], m.AcrValues)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AcrValues)))
i--
dAtA[i] = 0x22
}
if len(m.ClientSecret) > 0 {
i -= len(m.ClientSecret)
copy(dAtA[i:], m.ClientSecret)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientSecret)))
i--
dAtA[i] = 0x1a
}
if len(m.ClientId) > 0 {
i -= len(m.ClientId)
copy(dAtA[i:], m.ClientId)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientId)))
i--
dAtA[i] = 0x12
}
if m.Enabled {
i--
if m.Enabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *OIDCAuthRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *OIDCAuthRequest) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *OIDCAuthRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Scope) > 0 {
i -= len(m.Scope)
copy(dAtA[i:], m.Scope)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Scope)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xd2
}
if len(m.LoginHint) > 0 {
i -= len(m.LoginHint)
copy(dAtA[i:], m.LoginHint)
i = encodeVarintTypes(dAtA, i, uint64(len(m.LoginHint)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xca
}
if len(m.PkceVerifier) > 0 {
i -= len(m.PkceVerifier)
copy(dAtA[i:], m.PkceVerifier)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PkceVerifier)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xc2
}
if m.TlsAttestationStatement != nil {
{
size, err := m.TlsAttestationStatement.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xba
}
if m.SshAttestationStatement != nil {
{
size, err := m.SshAttestationStatement.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xb2
}
if len(m.TlsPublicKey) > 0 {
i -= len(m.TlsPublicKey)
copy(dAtA[i:], m.TlsPublicKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TlsPublicKey)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xaa
}
if len(m.SshPublicKey) > 0 {
i -= len(m.SshPublicKey)
copy(dAtA[i:], m.SshPublicKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SshPublicKey)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xa2
}
if len(m.ClientUserAgent) > 0 {
i -= len(m.ClientUserAgent)
copy(dAtA[i:], m.ClientUserAgent)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientUserAgent)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x9a
}
if len(m.ClientLoginIP) > 0 {
i -= len(m.ClientLoginIP)
copy(dAtA[i:], m.ClientLoginIP)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientLoginIP)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x92
}
if len(m.ProxyAddress) > 0 {
i -= len(m.ProxyAddress)
copy(dAtA[i:], m.ProxyAddress)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProxyAddress)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x82
}
if m.ConnectorSpec != nil {
{
size, err := m.ConnectorSpec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x7a
}
if m.SSOTestFlow {
i--
if m.SSOTestFlow {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x70
}
if len(m.KubernetesCluster) > 0 {
i -= len(m.KubernetesCluster)
copy(dAtA[i:], m.KubernetesCluster)
i = encodeVarintTypes(dAtA, i, uint64(len(m.KubernetesCluster)))
i--
dAtA[i] = 0x6a
}
if len(m.RouteToCluster) > 0 {
i -= len(m.RouteToCluster)
copy(dAtA[i:], m.RouteToCluster)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RouteToCluster)))
i--
dAtA[i] = 0x62
}
if len(m.Compatibility) > 0 {
i -= len(m.Compatibility)
copy(dAtA[i:], m.Compatibility)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Compatibility)))
i--
dAtA[i] = 0x5a
}
if len(m.ClientRedirectURL) > 0 {
i -= len(m.ClientRedirectURL)
copy(dAtA[i:], m.ClientRedirectURL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientRedirectURL)))
i--
dAtA[i] = 0x52
}
if m.CreateWebSession {
i--
if m.CreateWebSession {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x48
}
if m.CertTTL != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.CertTTL))
i--
dAtA[i] = 0x40
}
if len(m.RedirectURL) > 0 {
i -= len(m.RedirectURL)
copy(dAtA[i:], m.RedirectURL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RedirectURL)))
i--
dAtA[i] = 0x32
}
if len(m.CSRFToken) > 0 {
i -= len(m.CSRFToken)
copy(dAtA[i:], m.CSRFToken)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CSRFToken)))
i--
dAtA[i] = 0x2a
}
if len(m.StateToken) > 0 {
i -= len(m.StateToken)
copy(dAtA[i:], m.StateToken)
i = encodeVarintTypes(dAtA, i, uint64(len(m.StateToken)))
i--
dAtA[i] = 0x22
}
if m.CheckUser {
i--
if m.CheckUser {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x18
}
if len(m.Type) > 0 {
i -= len(m.Type)
copy(dAtA[i:], m.Type)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
i--
dAtA[i] = 0x12
}
if len(m.ConnectorID) > 0 {
i -= len(m.ConnectorID)
copy(dAtA[i:], m.ConnectorID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ConnectorID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SAMLConnectorV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SAMLConnectorV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SAMLConnectorV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SAMLConnectorV2List) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SAMLConnectorV2List) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SAMLConnectorV2List) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.SAMLConnectors) > 0 {
for iNdEx := len(m.SAMLConnectors) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.SAMLConnectors[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *SAMLConnectorSpecV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SAMLConnectorSpecV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SAMLConnectorSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.IncludeSubject {
i--
if m.IncludeSubject {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xa8
}
if len(m.UserMatchers) > 0 {
for iNdEx := len(m.UserMatchers) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.UserMatchers[iNdEx])
copy(dAtA[i:], m.UserMatchers[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserMatchers[iNdEx])))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xa2
}
}
if len(m.PreferredRequestBinding) > 0 {
i -= len(m.PreferredRequestBinding)
copy(dAtA[i:], m.PreferredRequestBinding)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PreferredRequestBinding)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x9a
}
if m.ForceAuthn != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ForceAuthn))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x90
}
if m.MFASettings != nil {
{
size, err := m.MFASettings.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x8a
}
if len(m.SingleLogoutURL) > 0 {
i -= len(m.SingleLogoutURL)
copy(dAtA[i:], m.SingleLogoutURL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SingleLogoutURL)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x82
}
if m.ClientRedirectSettings != nil {
{
size, err := m.ClientRedirectSettings.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x7a
}
if m.AllowIDPInitiated {
i--
if m.AllowIDPInitiated {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x70
}
if m.EncryptionKeyPair != nil {
{
size, err := m.EncryptionKeyPair.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x6a
}
if len(m.Provider) > 0 {
i -= len(m.Provider)
copy(dAtA[i:], m.Provider)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Provider)))
i--
dAtA[i] = 0x62
}
if m.SigningKeyPair != nil {
{
size, err := m.SigningKeyPair.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x5a
}
if len(m.AttributesToRoles) > 0 {
for iNdEx := len(m.AttributesToRoles) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.AttributesToRoles[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x52
}
}
if len(m.EntityDescriptorURL) > 0 {
i -= len(m.EntityDescriptorURL)
copy(dAtA[i:], m.EntityDescriptorURL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EntityDescriptorURL)))
i--
dAtA[i] = 0x4a
}
if len(m.EntityDescriptor) > 0 {
i -= len(m.EntityDescriptor)
copy(dAtA[i:], m.EntityDescriptor)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EntityDescriptor)))
i--
dAtA[i] = 0x42
}
if len(m.ServiceProviderIssuer) > 0 {
i -= len(m.ServiceProviderIssuer)
copy(dAtA[i:], m.ServiceProviderIssuer)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ServiceProviderIssuer)))
i--
dAtA[i] = 0x3a
}
if len(m.Audience) > 0 {
i -= len(m.Audience)
copy(dAtA[i:], m.Audience)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Audience)))
i--
dAtA[i] = 0x32
}
if len(m.AssertionConsumerService) > 0 {
i -= len(m.AssertionConsumerService)
copy(dAtA[i:], m.AssertionConsumerService)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AssertionConsumerService)))
i--
dAtA[i] = 0x2a
}
if len(m.Display) > 0 {
i -= len(m.Display)
copy(dAtA[i:], m.Display)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Display)))
i--
dAtA[i] = 0x22
}
if len(m.Cert) > 0 {
i -= len(m.Cert)
copy(dAtA[i:], m.Cert)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Cert)))
i--
dAtA[i] = 0x1a
}
if len(m.SSO) > 0 {
i -= len(m.SSO)
copy(dAtA[i:], m.SSO)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SSO)))
i--
dAtA[i] = 0x12
}
if len(m.Issuer) > 0 {
i -= len(m.Issuer)
copy(dAtA[i:], m.Issuer)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Issuer)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SAMLConnectorMFASettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SAMLConnectorMFASettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SAMLConnectorMFASettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Cert) > 0 {
i -= len(m.Cert)
copy(dAtA[i:], m.Cert)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Cert)))
i--
dAtA[i] = 0x3a
}
if len(m.Sso) > 0 {
i -= len(m.Sso)
copy(dAtA[i:], m.Sso)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Sso)))
i--
dAtA[i] = 0x32
}
if len(m.Issuer) > 0 {
i -= len(m.Issuer)
copy(dAtA[i:], m.Issuer)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Issuer)))
i--
dAtA[i] = 0x2a
}
if m.ForceAuthn != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ForceAuthn))
i--
dAtA[i] = 0x20
}
if len(m.EntityDescriptorUrl) > 0 {
i -= len(m.EntityDescriptorUrl)
copy(dAtA[i:], m.EntityDescriptorUrl)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EntityDescriptorUrl)))
i--
dAtA[i] = 0x1a
}
if len(m.EntityDescriptor) > 0 {
i -= len(m.EntityDescriptor)
copy(dAtA[i:], m.EntityDescriptor)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EntityDescriptor)))
i--
dAtA[i] = 0x12
}
if m.Enabled {
i--
if m.Enabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *SAMLAuthRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SAMLAuthRequest) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SAMLAuthRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Scope) > 0 {
i -= len(m.Scope)
copy(dAtA[i:], m.Scope)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Scope)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xd2
}
if len(m.SubjectIdentifier) > 0 {
i -= len(m.SubjectIdentifier)
copy(dAtA[i:], m.SubjectIdentifier)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubjectIdentifier)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xca
}
if len(m.ClientVersion) > 0 {
i -= len(m.ClientVersion)
copy(dAtA[i:], m.ClientVersion)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientVersion)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xc2
}
if len(m.PostForm) > 0 {
i -= len(m.PostForm)
copy(dAtA[i:], m.PostForm)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PostForm)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xba
}
if m.TlsAttestationStatement != nil {
{
size, err := m.TlsAttestationStatement.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xb2
}
if m.SshAttestationStatement != nil {
{
size, err := m.SshAttestationStatement.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xaa
}
if len(m.TlsPublicKey) > 0 {
i -= len(m.TlsPublicKey)
copy(dAtA[i:], m.TlsPublicKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TlsPublicKey)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xa2
}
if len(m.SshPublicKey) > 0 {
i -= len(m.SshPublicKey)
copy(dAtA[i:], m.SshPublicKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SshPublicKey)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x9a
}
if len(m.ClientUserAgent) > 0 {
i -= len(m.ClientUserAgent)
copy(dAtA[i:], m.ClientUserAgent)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientUserAgent)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x92
}
if len(m.ClientLoginIP) > 0 {
i -= len(m.ClientLoginIP)
copy(dAtA[i:], m.ClientLoginIP)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientLoginIP)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x8a
}
if m.ConnectorSpec != nil {
{
size, err := m.ConnectorSpec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x7a
}
if m.SSOTestFlow {
i--
if m.SSOTestFlow {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x70
}
if len(m.KubernetesCluster) > 0 {
i -= len(m.KubernetesCluster)
copy(dAtA[i:], m.KubernetesCluster)
i = encodeVarintTypes(dAtA, i, uint64(len(m.KubernetesCluster)))
i--
dAtA[i] = 0x6a
}
if len(m.RouteToCluster) > 0 {
i -= len(m.RouteToCluster)
copy(dAtA[i:], m.RouteToCluster)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RouteToCluster)))
i--
dAtA[i] = 0x62
}
if len(m.Compatibility) > 0 {
i -= len(m.Compatibility)
copy(dAtA[i:], m.Compatibility)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Compatibility)))
i--
dAtA[i] = 0x5a
}
if len(m.ClientRedirectURL) > 0 {
i -= len(m.ClientRedirectURL)
copy(dAtA[i:], m.ClientRedirectURL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientRedirectURL)))
i--
dAtA[i] = 0x52
}
if m.CreateWebSession {
i--
if m.CreateWebSession {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x48
}
if len(m.CSRFToken) > 0 {
i -= len(m.CSRFToken)
copy(dAtA[i:], m.CSRFToken)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CSRFToken)))
i--
dAtA[i] = 0x42
}
if m.CertTTL != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.CertTTL))
i--
dAtA[i] = 0x38
}
if len(m.RedirectURL) > 0 {
i -= len(m.RedirectURL)
copy(dAtA[i:], m.RedirectURL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RedirectURL)))
i--
dAtA[i] = 0x2a
}
if m.CheckUser {
i--
if m.CheckUser {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x20
}
if len(m.Type) > 0 {
i -= len(m.Type)
copy(dAtA[i:], m.Type)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
i--
dAtA[i] = 0x1a
}
if len(m.ConnectorID) > 0 {
i -= len(m.ConnectorID)
copy(dAtA[i:], m.ConnectorID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ConnectorID)))
i--
dAtA[i] = 0x12
}
if len(m.ID) > 0 {
i -= len(m.ID)
copy(dAtA[i:], m.ID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AttributeMapping) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AttributeMapping) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AttributeMapping) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Roles) > 0 {
for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Roles[iNdEx])
copy(dAtA[i:], m.Roles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Roles[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.Value) > 0 {
i -= len(m.Value)
copy(dAtA[i:], m.Value)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Value)))
i--
dAtA[i] = 0x12
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AsymmetricKeyPair) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AsymmetricKeyPair) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AsymmetricKeyPair) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Cert) > 0 {
i -= len(m.Cert)
copy(dAtA[i:], m.Cert)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Cert)))
i--
dAtA[i] = 0x12
}
if len(m.PrivateKey) > 0 {
i -= len(m.PrivateKey)
copy(dAtA[i:], m.PrivateKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PrivateKey)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *GithubConnectorV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *GithubConnectorV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *GithubConnectorV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *GithubConnectorV3List) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *GithubConnectorV3List) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *GithubConnectorV3List) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.GithubConnectors) > 0 {
for iNdEx := len(m.GithubConnectors) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.GithubConnectors[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *GithubConnectorSpecV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *GithubConnectorSpecV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *GithubConnectorSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.UserMatchers) > 0 {
for iNdEx := len(m.UserMatchers) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.UserMatchers[iNdEx])
copy(dAtA[i:], m.UserMatchers[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserMatchers[iNdEx])))
i--
dAtA[i] = 0x52
}
}
if m.ClientRedirectSettings != nil {
{
size, err := m.ClientRedirectSettings.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
}
if len(m.APIEndpointURL) > 0 {
i -= len(m.APIEndpointURL)
copy(dAtA[i:], m.APIEndpointURL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.APIEndpointURL)))
i--
dAtA[i] = 0x42
}
if len(m.EndpointURL) > 0 {
i -= len(m.EndpointURL)
copy(dAtA[i:], m.EndpointURL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EndpointURL)))
i--
dAtA[i] = 0x3a
}
if len(m.TeamsToRoles) > 0 {
for iNdEx := len(m.TeamsToRoles) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.TeamsToRoles[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
}
if len(m.Display) > 0 {
i -= len(m.Display)
copy(dAtA[i:], m.Display)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Display)))
i--
dAtA[i] = 0x2a
}
if len(m.TeamsToLogins) > 0 {
for iNdEx := len(m.TeamsToLogins) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.TeamsToLogins[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
}
if len(m.RedirectURL) > 0 {
i -= len(m.RedirectURL)
copy(dAtA[i:], m.RedirectURL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RedirectURL)))
i--
dAtA[i] = 0x1a
}
if len(m.ClientSecret) > 0 {
i -= len(m.ClientSecret)
copy(dAtA[i:], m.ClientSecret)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientSecret)))
i--
dAtA[i] = 0x12
}
if len(m.ClientID) > 0 {
i -= len(m.ClientID)
copy(dAtA[i:], m.ClientID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *GithubAuthRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *GithubAuthRequest) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *GithubAuthRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Scope) > 0 {
i -= len(m.Scope)
copy(dAtA[i:], m.Scope)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Scope)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xc2
}
if len(m.AuthenticatedUser) > 0 {
i -= len(m.AuthenticatedUser)
copy(dAtA[i:], m.AuthenticatedUser)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AuthenticatedUser)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xba
}
if m.TlsAttestationStatement != nil {
{
size, err := m.TlsAttestationStatement.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xb2
}
if m.SshAttestationStatement != nil {
{
size, err := m.SshAttestationStatement.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xaa
}
if len(m.TlsPublicKey) > 0 {
i -= len(m.TlsPublicKey)
copy(dAtA[i:], m.TlsPublicKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TlsPublicKey)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xa2
}
if len(m.SshPublicKey) > 0 {
i -= len(m.SshPublicKey)
copy(dAtA[i:], m.SshPublicKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SshPublicKey)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x9a
}
if len(m.ClientUserAgent) > 0 {
i -= len(m.ClientUserAgent)
copy(dAtA[i:], m.ClientUserAgent)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientUserAgent)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x92
}
if len(m.ClientLoginIP) > 0 {
i -= len(m.ClientLoginIP)
copy(dAtA[i:], m.ClientLoginIP)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientLoginIP)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x8a
}
if m.ConnectorSpec != nil {
{
size, err := m.ConnectorSpec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x7a
}
if m.SSOTestFlow {
i--
if m.SSOTestFlow {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x70
}
if len(m.KubernetesCluster) > 0 {
i -= len(m.KubernetesCluster)
copy(dAtA[i:], m.KubernetesCluster)
i = encodeVarintTypes(dAtA, i, uint64(len(m.KubernetesCluster)))
i--
dAtA[i] = 0x6a
}
if len(m.RouteToCluster) > 0 {
i -= len(m.RouteToCluster)
copy(dAtA[i:], m.RouteToCluster)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RouteToCluster)))
i--
dAtA[i] = 0x62
}
if m.Expires != nil {
n297, err297 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Expires):])
if err297 != nil {
return 0, err297
}
i -= n297
i = encodeVarintTypes(dAtA, i, uint64(n297))
i--
dAtA[i] = 0x5a
}
if len(m.Compatibility) > 0 {
i -= len(m.Compatibility)
copy(dAtA[i:], m.Compatibility)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Compatibility)))
i--
dAtA[i] = 0x52
}
if len(m.ClientRedirectURL) > 0 {
i -= len(m.ClientRedirectURL)
copy(dAtA[i:], m.ClientRedirectURL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientRedirectURL)))
i--
dAtA[i] = 0x4a
}
if len(m.RedirectURL) > 0 {
i -= len(m.RedirectURL)
copy(dAtA[i:], m.RedirectURL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RedirectURL)))
i--
dAtA[i] = 0x42
}
if m.CreateWebSession {
i--
if m.CreateWebSession {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x38
}
if m.CertTTL != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.CertTTL))
i--
dAtA[i] = 0x30
}
if len(m.CSRFToken) > 0 {
i -= len(m.CSRFToken)
copy(dAtA[i:], m.CSRFToken)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CSRFToken)))
i--
dAtA[i] = 0x22
}
if len(m.StateToken) > 0 {
i -= len(m.StateToken)
copy(dAtA[i:], m.StateToken)
i = encodeVarintTypes(dAtA, i, uint64(len(m.StateToken)))
i--
dAtA[i] = 0x1a
}
if len(m.Type) > 0 {
i -= len(m.Type)
copy(dAtA[i:], m.Type)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
i--
dAtA[i] = 0x12
}
if len(m.ConnectorID) > 0 {
i -= len(m.ConnectorID)
copy(dAtA[i:], m.ConnectorID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ConnectorID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SSOWarnings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SSOWarnings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SSOWarnings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Warnings) > 0 {
for iNdEx := len(m.Warnings) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Warnings[iNdEx])
copy(dAtA[i:], m.Warnings[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Warnings[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Message) > 0 {
i -= len(m.Message)
copy(dAtA[i:], m.Message)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Message)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *CreateUserParams) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *CreateUserParams) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *CreateUserParams) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.SessionTTL != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.SessionTTL))
i--
dAtA[i] = 0x40
}
{
size := m.Traits.Size()
i -= size
if _, err := m.Traits.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x3a
if len(m.Roles) > 0 {
for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Roles[iNdEx])
copy(dAtA[i:], m.Roles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Roles[iNdEx])))
i--
dAtA[i] = 0x32
}
}
if len(m.KubeUsers) > 0 {
for iNdEx := len(m.KubeUsers) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.KubeUsers[iNdEx])
copy(dAtA[i:], m.KubeUsers[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.KubeUsers[iNdEx])))
i--
dAtA[i] = 0x2a
}
}
if len(m.KubeGroups) > 0 {
for iNdEx := len(m.KubeGroups) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.KubeGroups[iNdEx])
copy(dAtA[i:], m.KubeGroups[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.KubeGroups[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if len(m.Logins) > 0 {
for iNdEx := len(m.Logins) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Logins[iNdEx])
copy(dAtA[i:], m.Logins[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Logins[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.Username) > 0 {
i -= len(m.Username)
copy(dAtA[i:], m.Username)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Username)))
i--
dAtA[i] = 0x12
}
if len(m.ConnectorName) > 0 {
i -= len(m.ConnectorName)
copy(dAtA[i:], m.ConnectorName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ConnectorName)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SSODiagnosticInfo) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SSODiagnosticInfo) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SSODiagnosticInfo) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.AppliedLoginRules) > 0 {
for iNdEx := len(m.AppliedLoginRules) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.AppliedLoginRules[iNdEx])
copy(dAtA[i:], m.AppliedLoginRules[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.AppliedLoginRules[iNdEx])))
i--
dAtA[i] = 0x2
i--
dAtA[i] = 0x92
}
}
if m.GithubTokenInfo != nil {
{
size, err := m.GithubTokenInfo.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2
i--
dAtA[i] = 0x8a
}
if len(m.GithubTeamsToRoles) > 0 {
for iNdEx := len(m.GithubTeamsToRoles) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.GithubTeamsToRoles[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2
i--
dAtA[i] = 0x82
}
}
if len(m.GithubTeamsToLogins) > 0 {
for iNdEx := len(m.GithubTeamsToLogins) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.GithubTeamsToLogins[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xfa
}
}
if m.GithubClaims != nil {
{
size, err := m.GithubClaims.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xf2
}
if len(m.OIDCConnectorTraitMapping) > 0 {
for iNdEx := len(m.OIDCConnectorTraitMapping) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.OIDCConnectorTraitMapping[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xca
}
}
{
size := m.OIDCTraitsFromClaims.Size()
i -= size
if _, err := m.OIDCTraitsFromClaims.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xc2
if m.OIDCIdentity != nil {
{
size := m.OIDCIdentity.Size()
i -= size
if _, err := m.OIDCIdentity.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xba
}
{
size := m.OIDCClaims.Size()
i -= size
if _, err := m.OIDCClaims.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xb2
if m.OIDCClaimsToRolesWarnings != nil {
{
size, err := m.OIDCClaimsToRolesWarnings.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xaa
}
if len(m.OIDCClaimsToRoles) > 0 {
for iNdEx := len(m.OIDCClaimsToRoles) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.OIDCClaimsToRoles[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xa2
}
}
if len(m.SAMLConnectorTraitMapping) > 0 {
for iNdEx := len(m.SAMLConnectorTraitMapping) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.SAMLConnectorTraitMapping[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x7a
}
}
{
size := m.SAMLTraitsFromAssertions.Size()
i -= size
if _, err := m.SAMLTraitsFromAssertions.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x72
if m.SAMLAssertionInfo != nil {
{
size := m.SAMLAssertionInfo.Size()
i -= size
if _, err := m.SAMLAssertionInfo.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x6a
}
{
size := m.SAMLAttributeStatements.Size()
i -= size
if _, err := m.SAMLAttributeStatements.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x62
if m.SAMLAttributesToRolesWarnings != nil {
{
size, err := m.SAMLAttributesToRolesWarnings.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x5a
}
if len(m.SAMLAttributesToRoles) > 0 {
for iNdEx := len(m.SAMLAttributesToRoles) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.SAMLAttributesToRoles[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x52
}
}
if m.CreateUserParams != nil {
{
size, err := m.CreateUserParams.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
if m.Success {
i--
if m.Success {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x18
}
if len(m.Error) > 0 {
i -= len(m.Error)
copy(dAtA[i:], m.Error)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Error)))
i--
dAtA[i] = 0x12
}
if m.TestFlow {
i--
if m.TestFlow {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *GithubTokenInfo) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *GithubTokenInfo) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *GithubTokenInfo) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Scope) > 0 {
i -= len(m.Scope)
copy(dAtA[i:], m.Scope)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Scope)))
i--
dAtA[i] = 0x1a
}
if m.Expires != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Expires))
i--
dAtA[i] = 0x10
}
if len(m.TokenType) > 0 {
i -= len(m.TokenType)
copy(dAtA[i:], m.TokenType)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TokenType)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *GithubClaims) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *GithubClaims) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *GithubClaims) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.UserID) > 0 {
i -= len(m.UserID)
copy(dAtA[i:], m.UserID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserID)))
i--
dAtA[i] = 0x22
}
if len(m.Teams) > 0 {
for iNdEx := len(m.Teams) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Teams[iNdEx])
copy(dAtA[i:], m.Teams[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Teams[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
{
size := m.OrganizationToTeams.Size()
i -= size
if _, err := m.OrganizationToTeams.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
if len(m.Username) > 0 {
i -= len(m.Username)
copy(dAtA[i:], m.Username)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Username)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *TeamMapping) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *TeamMapping) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TeamMapping) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.KubeUsers) > 0 {
for iNdEx := len(m.KubeUsers) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.KubeUsers[iNdEx])
copy(dAtA[i:], m.KubeUsers[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.KubeUsers[iNdEx])))
i--
dAtA[i] = 0x2a
}
}
if len(m.KubeGroups) > 0 {
for iNdEx := len(m.KubeGroups) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.KubeGroups[iNdEx])
copy(dAtA[i:], m.KubeGroups[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.KubeGroups[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if len(m.Logins) > 0 {
for iNdEx := len(m.Logins) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Logins[iNdEx])
copy(dAtA[i:], m.Logins[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Logins[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.Team) > 0 {
i -= len(m.Team)
copy(dAtA[i:], m.Team)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Team)))
i--
dAtA[i] = 0x12
}
if len(m.Organization) > 0 {
i -= len(m.Organization)
copy(dAtA[i:], m.Organization)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Organization)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *TeamRolesMapping) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *TeamRolesMapping) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TeamRolesMapping) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Roles) > 0 {
for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Roles[iNdEx])
copy(dAtA[i:], m.Roles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Roles[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.Team) > 0 {
i -= len(m.Team)
copy(dAtA[i:], m.Team)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Team)))
i--
dAtA[i] = 0x12
}
if len(m.Organization) > 0 {
i -= len(m.Organization)
copy(dAtA[i:], m.Organization)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Organization)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *TrustedClusterV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *TrustedClusterV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TrustedClusterV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *TrustedClusterV2List) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *TrustedClusterV2List) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TrustedClusterV2List) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.TrustedClusters) > 0 {
for iNdEx := len(m.TrustedClusters) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.TrustedClusters[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *TrustedClusterSpecV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *TrustedClusterSpecV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TrustedClusterSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.RoleMap) > 0 {
for iNdEx := len(m.RoleMap) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.RoleMap[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
}
if len(m.ReverseTunnelAddress) > 0 {
i -= len(m.ReverseTunnelAddress)
copy(dAtA[i:], m.ReverseTunnelAddress)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ReverseTunnelAddress)))
i--
dAtA[i] = 0x2a
}
if len(m.ProxyAddress) > 0 {
i -= len(m.ProxyAddress)
copy(dAtA[i:], m.ProxyAddress)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProxyAddress)))
i--
dAtA[i] = 0x22
}
if len(m.Token) > 0 {
i -= len(m.Token)
copy(dAtA[i:], m.Token)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Token)))
i--
dAtA[i] = 0x1a
}
if len(m.Roles) > 0 {
for iNdEx := len(m.Roles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Roles[iNdEx])
copy(dAtA[i:], m.Roles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Roles[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if m.Enabled {
i--
if m.Enabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *LockV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *LockV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *LockV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *LockSpecV2) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *LockSpecV2) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *LockSpecV2) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.CreatedBy) > 0 {
i -= len(m.CreatedBy)
copy(dAtA[i:], m.CreatedBy)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CreatedBy)))
i--
dAtA[i] = 0x2a
}
n315, err315 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.CreatedAt, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.CreatedAt):])
if err315 != nil {
return 0, err315
}
i -= n315
i = encodeVarintTypes(dAtA, i, uint64(n315))
i--
dAtA[i] = 0x22
if m.Expires != nil {
n316, err316 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Expires):])
if err316 != nil {
return 0, err316
}
i -= n316
i = encodeVarintTypes(dAtA, i, uint64(n316))
i--
dAtA[i] = 0x1a
}
if len(m.Message) > 0 {
i -= len(m.Message)
copy(dAtA[i:], m.Message)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Message)))
i--
dAtA[i] = 0x12
}
{
size, err := m.Target.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *LockTarget) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *LockTarget) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *LockTarget) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.JoinToken) > 0 {
i -= len(m.JoinToken)
copy(dAtA[i:], m.JoinToken)
i = encodeVarintTypes(dAtA, i, uint64(len(m.JoinToken)))
i--
dAtA[i] = 0x5a
}
if len(m.BotInstanceID) > 0 {
i -= len(m.BotInstanceID)
copy(dAtA[i:], m.BotInstanceID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.BotInstanceID)))
i--
dAtA[i] = 0x52
}
if len(m.ServerID) > 0 {
i -= len(m.ServerID)
copy(dAtA[i:], m.ServerID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ServerID)))
i--
dAtA[i] = 0x4a
}
if len(m.Device) > 0 {
i -= len(m.Device)
copy(dAtA[i:], m.Device)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Device)))
i--
dAtA[i] = 0x42
}
if len(m.AccessRequest) > 0 {
i -= len(m.AccessRequest)
copy(dAtA[i:], m.AccessRequest)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AccessRequest)))
i--
dAtA[i] = 0x3a
}
if len(m.WindowsDesktop) > 0 {
i -= len(m.WindowsDesktop)
copy(dAtA[i:], m.WindowsDesktop)
i = encodeVarintTypes(dAtA, i, uint64(len(m.WindowsDesktop)))
i--
dAtA[i] = 0x32
}
if len(m.MFADevice) > 0 {
i -= len(m.MFADevice)
copy(dAtA[i:], m.MFADevice)
i = encodeVarintTypes(dAtA, i, uint64(len(m.MFADevice)))
i--
dAtA[i] = 0x2a
}
if len(m.Login) > 0 {
i -= len(m.Login)
copy(dAtA[i:], m.Login)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Login)))
i--
dAtA[i] = 0x1a
}
if len(m.Role) > 0 {
i -= len(m.Role)
copy(dAtA[i:], m.Role)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Role)))
i--
dAtA[i] = 0x12
}
if len(m.User) > 0 {
i -= len(m.User)
copy(dAtA[i:], m.User)
i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *LockFilter) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *LockFilter) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *LockFilter) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.InForceOnly {
i--
if m.InForceOnly {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x10
}
if len(m.Targets) > 0 {
for iNdEx := len(m.Targets) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Targets[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *AddressCondition) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AddressCondition) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AddressCondition) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.CIDR) > 0 {
i -= len(m.CIDR)
copy(dAtA[i:], m.CIDR)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CIDR)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *NetworkRestrictionsSpecV4) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *NetworkRestrictionsSpecV4) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *NetworkRestrictionsSpecV4) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Deny) > 0 {
for iNdEx := len(m.Deny) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Deny[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
}
if len(m.Allow) > 0 {
for iNdEx := len(m.Allow) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Allow[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *NetworkRestrictionsV4) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *NetworkRestrictionsV4) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *NetworkRestrictionsV4) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *WindowsDesktopServiceV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *WindowsDesktopServiceV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *WindowsDesktopServiceV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *WindowsDesktopServiceSpecV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *WindowsDesktopServiceSpecV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *WindowsDesktopServiceSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.RelayIds) > 0 {
for iNdEx := len(m.RelayIds) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.RelayIds[iNdEx])
copy(dAtA[i:], m.RelayIds[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.RelayIds[iNdEx])))
i--
dAtA[i] = 0x32
}
}
if len(m.RelayGroup) > 0 {
i -= len(m.RelayGroup)
copy(dAtA[i:], m.RelayGroup)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RelayGroup)))
i--
dAtA[i] = 0x2a
}
if len(m.ProxyIDs) > 0 {
for iNdEx := len(m.ProxyIDs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ProxyIDs[iNdEx])
copy(dAtA[i:], m.ProxyIDs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProxyIDs[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if len(m.Hostname) > 0 {
i -= len(m.Hostname)
copy(dAtA[i:], m.Hostname)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Hostname)))
i--
dAtA[i] = 0x1a
}
if len(m.TeleportVersion) > 0 {
i -= len(m.TeleportVersion)
copy(dAtA[i:], m.TeleportVersion)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TeleportVersion)))
i--
dAtA[i] = 0x12
}
if len(m.Addr) > 0 {
i -= len(m.Addr)
copy(dAtA[i:], m.Addr)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Addr)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *WindowsDesktopFilter) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *WindowsDesktopFilter) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *WindowsDesktopFilter) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0x12
}
if len(m.HostID) > 0 {
i -= len(m.HostID)
copy(dAtA[i:], m.HostID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.HostID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *WindowsDesktopV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *WindowsDesktopV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *WindowsDesktopV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *WindowsDesktopSpecV3) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *WindowsDesktopSpecV3) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *WindowsDesktopSpecV3) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.ScreenSize != nil {
{
size, err := m.ScreenSize.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
}
if m.NonAD {
i--
if m.NonAD {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x20
}
if len(m.HostID) > 0 {
i -= len(m.HostID)
copy(dAtA[i:], m.HostID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.HostID)))
i--
dAtA[i] = 0x1a
}
if len(m.Domain) > 0 {
i -= len(m.Domain)
copy(dAtA[i:], m.Domain)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Domain)))
i--
dAtA[i] = 0x12
}
if len(m.Addr) > 0 {
i -= len(m.Addr)
copy(dAtA[i:], m.Addr)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Addr)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *DynamicWindowsDesktopV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DynamicWindowsDesktopV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DynamicWindowsDesktopV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *DynamicWindowsDesktopSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DynamicWindowsDesktopSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DynamicWindowsDesktopSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.ScreenSize != nil {
{
size, err := m.ScreenSize.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
}
if m.NonAD {
i--
if m.NonAD {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x20
}
if len(m.Domain) > 0 {
i -= len(m.Domain)
copy(dAtA[i:], m.Domain)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Domain)))
i--
dAtA[i] = 0x12
}
if len(m.Addr) > 0 {
i -= len(m.Addr)
copy(dAtA[i:], m.Addr)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Addr)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *Resolution) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Resolution) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Resolution) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Height != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Height))
i--
dAtA[i] = 0x10
}
if m.Width != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Width))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *RegisterUsingTokenRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RegisterUsingTokenRequest) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RegisterUsingTokenRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.PreviousBotInstanceID) > 0 {
i -= len(m.PreviousBotInstanceID)
copy(dAtA[i:], m.PreviousBotInstanceID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PreviousBotInstanceID)))
i--
dAtA[i] = 0x7a
}
if m.BotGeneration != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.BotGeneration))
i--
dAtA[i] = 0x70
}
if len(m.BotInstanceID) > 0 {
i -= len(m.BotInstanceID)
copy(dAtA[i:], m.BotInstanceID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.BotInstanceID)))
i--
dAtA[i] = 0x6a
}
if m.Expires != nil {
n328, err328 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.Expires):])
if err328 != nil {
return 0, err328
}
i -= n328
i = encodeVarintTypes(dAtA, i, uint64(n328))
i--
dAtA[i] = 0x62
}
if len(m.IDToken) > 0 {
i -= len(m.IDToken)
copy(dAtA[i:], m.IDToken)
i = encodeVarintTypes(dAtA, i, uint64(len(m.IDToken)))
i--
dAtA[i] = 0x5a
}
if len(m.EC2IdentityDocument) > 0 {
i -= len(m.EC2IdentityDocument)
copy(dAtA[i:], m.EC2IdentityDocument)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EC2IdentityDocument)))
i--
dAtA[i] = 0x52
}
if len(m.RemoteAddr) > 0 {
i -= len(m.RemoteAddr)
copy(dAtA[i:], m.RemoteAddr)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RemoteAddr)))
i--
dAtA[i] = 0x4a
}
if len(m.PublicSSHKey) > 0 {
i -= len(m.PublicSSHKey)
copy(dAtA[i:], m.PublicSSHKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PublicSSHKey)))
i--
dAtA[i] = 0x42
}
if len(m.PublicTLSKey) > 0 {
i -= len(m.PublicTLSKey)
copy(dAtA[i:], m.PublicTLSKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PublicTLSKey)))
i--
dAtA[i] = 0x3a
}
if len(m.DNSNames) > 0 {
for iNdEx := len(m.DNSNames) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.DNSNames[iNdEx])
copy(dAtA[i:], m.DNSNames[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.DNSNames[iNdEx])))
i--
dAtA[i] = 0x32
}
}
if len(m.AdditionalPrincipals) > 0 {
for iNdEx := len(m.AdditionalPrincipals) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.AdditionalPrincipals[iNdEx])
copy(dAtA[i:], m.AdditionalPrincipals[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.AdditionalPrincipals[iNdEx])))
i--
dAtA[i] = 0x2a
}
}
if len(m.Token) > 0 {
i -= len(m.Token)
copy(dAtA[i:], m.Token)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Token)))
i--
dAtA[i] = 0x22
}
if len(m.Role) > 0 {
i -= len(m.Role)
copy(dAtA[i:], m.Role)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Role)))
i--
dAtA[i] = 0x1a
}
if len(m.NodeName) > 0 {
i -= len(m.NodeName)
copy(dAtA[i:], m.NodeName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.NodeName)))
i--
dAtA[i] = 0x12
}
if len(m.HostID) > 0 {
i -= len(m.HostID)
copy(dAtA[i:], m.HostID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.HostID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *RecoveryCodesV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RecoveryCodesV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RecoveryCodesV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *RecoveryCodesSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RecoveryCodesSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RecoveryCodesSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
n331, err331 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):])
if err331 != nil {
return 0, err331
}
i -= n331
i = encodeVarintTypes(dAtA, i, uint64(n331))
i--
dAtA[i] = 0x12
if len(m.Codes) > 0 {
for iNdEx := len(m.Codes) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Codes[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *RecoveryCode) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *RecoveryCode) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *RecoveryCode) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.IsUsed {
i--
if m.IsUsed {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x10
}
if len(m.HashedCode) > 0 {
i -= len(m.HashedCode)
copy(dAtA[i:], m.HashedCode)
i = encodeVarintTypes(dAtA, i, uint64(len(m.HashedCode)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *NullableSessionState) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *NullableSessionState) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *NullableSessionState) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.State != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.State))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *SessionTrackerFilter) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SessionTrackerFilter) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SessionTrackerFilter) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.DesktopName) > 0 {
i -= len(m.DesktopName)
copy(dAtA[i:], m.DesktopName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DesktopName)))
i--
dAtA[i] = 0x1a
}
if m.State != nil {
{
size, err := m.State.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SessionTrackerV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SessionTrackerV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SessionTrackerV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *SessionTrackerSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SessionTrackerSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SessionTrackerSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.InitialCommand) > 0 {
for iNdEx := len(m.InitialCommand) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.InitialCommand[iNdEx])
copy(dAtA[i:], m.InitialCommand[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.InitialCommand[iNdEx])))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xba
}
}
if len(m.TargetSubKind) > 0 {
i -= len(m.TargetSubKind)
copy(dAtA[i:], m.TargetSubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TargetSubKind)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xb2
}
if len(m.HostID) > 0 {
i -= len(m.HostID)
copy(dAtA[i:], m.HostID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.HostID)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xaa
}
if len(m.DesktopName) > 0 {
i -= len(m.DesktopName)
copy(dAtA[i:], m.DesktopName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DesktopName)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xa2
}
if len(m.AppSessionID) > 0 {
i -= len(m.AppSessionID)
copy(dAtA[i:], m.AppSessionID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AppSessionID)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x9a
}
if len(m.AppName) > 0 {
i -= len(m.AppName)
copy(dAtA[i:], m.AppName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AppName)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x92
}
if len(m.DatabaseName) > 0 {
i -= len(m.DatabaseName)
copy(dAtA[i:], m.DatabaseName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DatabaseName)))
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x8a
}
if len(m.HostPolicies) > 0 {
for iNdEx := len(m.HostPolicies) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.HostPolicies[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x82
}
}
if len(m.HostUser) > 0 {
i -= len(m.HostUser)
copy(dAtA[i:], m.HostUser)
i = encodeVarintTypes(dAtA, i, uint64(len(m.HostUser)))
i--
dAtA[i] = 0x7a
}
if len(m.KubernetesCluster) > 0 {
i -= len(m.KubernetesCluster)
copy(dAtA[i:], m.KubernetesCluster)
i = encodeVarintTypes(dAtA, i, uint64(len(m.KubernetesCluster)))
i--
dAtA[i] = 0x72
}
if len(m.Participants) > 0 {
for iNdEx := len(m.Participants) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Participants[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x6a
}
}
if len(m.Login) > 0 {
i -= len(m.Login)
copy(dAtA[i:], m.Login)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Login)))
i--
dAtA[i] = 0x62
}
if len(m.ClusterName) > 0 {
i -= len(m.ClusterName)
copy(dAtA[i:], m.ClusterName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClusterName)))
i--
dAtA[i] = 0x5a
}
if len(m.Address) > 0 {
i -= len(m.Address)
copy(dAtA[i:], m.Address)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Address)))
i--
dAtA[i] = 0x52
}
if len(m.Hostname) > 0 {
i -= len(m.Hostname)
copy(dAtA[i:], m.Hostname)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Hostname)))
i--
dAtA[i] = 0x4a
}
if len(m.Invited) > 0 {
for iNdEx := len(m.Invited) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Invited[iNdEx])
copy(dAtA[i:], m.Invited[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Invited[iNdEx])))
i--
dAtA[i] = 0x42
}
}
if len(m.Reason) > 0 {
i -= len(m.Reason)
copy(dAtA[i:], m.Reason)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Reason)))
i--
dAtA[i] = 0x3a
}
if len(m.AttachedData) > 0 {
i -= len(m.AttachedData)
copy(dAtA[i:], m.AttachedData)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AttachedData)))
i--
dAtA[i] = 0x32
}
n335, err335 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):])
if err335 != nil {
return 0, err335
}
i -= n335
i = encodeVarintTypes(dAtA, i, uint64(n335))
i--
dAtA[i] = 0x2a
n336, err336 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):])
if err336 != nil {
return 0, err336
}
i -= n336
i = encodeVarintTypes(dAtA, i, uint64(n336))
i--
dAtA[i] = 0x22
if m.State != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.State))
i--
dAtA[i] = 0x18
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0x12
}
if len(m.SessionID) > 0 {
i -= len(m.SessionID)
copy(dAtA[i:], m.SessionID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SessionID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SessionTrackerPolicySet) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SessionTrackerPolicySet) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SessionTrackerPolicySet) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.RequireSessionJoin) > 0 {
for iNdEx := len(m.RequireSessionJoin) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.RequireSessionJoin[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
}
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x12
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *Participant) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Participant) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Participant) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Cluster) > 0 {
i -= len(m.Cluster)
copy(dAtA[i:], m.Cluster)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Cluster)))
i--
dAtA[i] = 0x2a
}
n337, err337 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastActive, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastActive):])
if err337 != nil {
return 0, err337
}
i -= n337
i = encodeVarintTypes(dAtA, i, uint64(n337))
i--
dAtA[i] = 0x22
if len(m.Mode) > 0 {
i -= len(m.Mode)
copy(dAtA[i:], m.Mode)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Mode)))
i--
dAtA[i] = 0x1a
}
if len(m.User) > 0 {
i -= len(m.User)
copy(dAtA[i:], m.User)
i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
i--
dAtA[i] = 0x12
}
if len(m.ID) > 0 {
i -= len(m.ID)
copy(dAtA[i:], m.ID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *UIConfigV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *UIConfigV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *UIConfigV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *UIConfigSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *UIConfigSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *UIConfigSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ShowResources) > 0 {
i -= len(m.ShowResources)
copy(dAtA[i:], m.ShowResources)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ShowResources)))
i--
dAtA[i] = 0x12
}
if m.ScrollbackLines != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ScrollbackLines))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *InstallerV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *InstallerV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *InstallerV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *InstallerSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *InstallerSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *InstallerSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Script) > 0 {
i -= len(m.Script)
copy(dAtA[i:], m.Script)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Script)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *InstallerV1List) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *InstallerV1List) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *InstallerV1List) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Installers) > 0 {
for iNdEx := len(m.Installers) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Installers[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *SortBy) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SortBy) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SortBy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Field) > 0 {
i -= len(m.Field)
copy(dAtA[i:], m.Field)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Field)))
i--
dAtA[i] = 0x12
}
if m.IsDesc {
i--
if m.IsDesc {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *ConnectionDiagnosticV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ConnectionDiagnosticV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ConnectionDiagnosticV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *ConnectionDiagnosticSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ConnectionDiagnosticSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ConnectionDiagnosticSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Traces) > 0 {
for iNdEx := len(m.Traces) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Traces[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
}
if len(m.Message) > 0 {
i -= len(m.Message)
copy(dAtA[i:], m.Message)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Message)))
i--
dAtA[i] = 0x12
}
if m.Success {
i--
if m.Success {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *ConnectionDiagnosticTrace) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ConnectionDiagnosticTrace) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ConnectionDiagnosticTrace) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Error) > 0 {
i -= len(m.Error)
copy(dAtA[i:], m.Error)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Error)))
i--
dAtA[i] = 0x22
}
if len(m.Details) > 0 {
i -= len(m.Details)
copy(dAtA[i:], m.Details)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Details)))
i--
dAtA[i] = 0x1a
}
if m.Status != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Status))
i--
dAtA[i] = 0x10
}
if m.Type != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Type))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *DatabaseServiceV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DatabaseServiceV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DatabaseServiceV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *DatabaseServiceSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DatabaseServiceSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DatabaseServiceSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Hostname) > 0 {
i -= len(m.Hostname)
copy(dAtA[i:], m.Hostname)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Hostname)))
i--
dAtA[i] = 0x12
}
if len(m.ResourceMatchers) > 0 {
for iNdEx := len(m.ResourceMatchers) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.ResourceMatchers[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *DatabaseResourceMatcher) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DatabaseResourceMatcher) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DatabaseResourceMatcher) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.AWS.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
if m.Labels != nil {
{
size := m.Labels.Size()
i -= size
if _, err := m.Labels.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ResourceMatcherAWS) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ResourceMatcherAWS) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ResourceMatcherAWS) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ExternalID) > 0 {
i -= len(m.ExternalID)
copy(dAtA[i:], m.ExternalID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ExternalID)))
i--
dAtA[i] = 0x12
}
if len(m.AssumeRoleARN) > 0 {
i -= len(m.AssumeRoleARN)
copy(dAtA[i:], m.AssumeRoleARN)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AssumeRoleARN)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ClusterAlert) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ClusterAlert) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ClusterAlert) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *ClusterAlertSpec) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ClusterAlertSpec) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ClusterAlertSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
n350, err350 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Created, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Created):])
if err350 != nil {
return 0, err350
}
i -= n350
i = encodeVarintTypes(dAtA, i, uint64(n350))
i--
dAtA[i] = 0x1a
if len(m.Message) > 0 {
i -= len(m.Message)
copy(dAtA[i:], m.Message)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Message)))
i--
dAtA[i] = 0x12
}
if m.Severity != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Severity))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *GetClusterAlertsRequest) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *GetClusterAlertsRequest) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *GetClusterAlertsRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.WithUntargeted {
i--
if m.WithUntargeted {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x30
}
if m.WithAcknowledged {
i--
if m.WithAcknowledged {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x28
}
if m.WithSuperseded {
i--
if m.WithSuperseded {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x20
}
if len(m.Labels) > 0 {
for k := range m.Labels {
v := m.Labels[k]
baseI := i
i -= len(v)
copy(dAtA[i:], v)
i = encodeVarintTypes(dAtA, i, uint64(len(v)))
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0x1a
}
}
if len(m.AlertID) > 0 {
i -= len(m.AlertID)
copy(dAtA[i:], m.AlertID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AlertID)))
i--
dAtA[i] = 0x12
}
if m.Severity != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Severity))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *AlertAcknowledgement) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AlertAcknowledgement) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AlertAcknowledgement) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
n351, err351 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):])
if err351 != nil {
return 0, err351
}
i -= n351
i = encodeVarintTypes(dAtA, i, uint64(n351))
i--
dAtA[i] = 0x22
if len(m.Reason) > 0 {
i -= len(m.Reason)
copy(dAtA[i:], m.Reason)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Reason)))
i--
dAtA[i] = 0x12
}
if len(m.AlertID) > 0 {
i -= len(m.AlertID)
copy(dAtA[i:], m.AlertID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AlertID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *Release) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Release) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Release) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Assets) > 0 {
for iNdEx := len(m.Assets) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Assets[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
}
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x2a
}
if len(m.Status) > 0 {
i -= len(m.Status)
copy(dAtA[i:], m.Status)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Status)))
i--
dAtA[i] = 0x22
}
if len(m.ReleaseID) > 0 {
i -= len(m.ReleaseID)
copy(dAtA[i:], m.ReleaseID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ReleaseID)))
i--
dAtA[i] = 0x1a
}
if len(m.Product) > 0 {
i -= len(m.Product)
copy(dAtA[i:], m.Product)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Product)))
i--
dAtA[i] = 0x12
}
if len(m.NotesMD) > 0 {
i -= len(m.NotesMD)
copy(dAtA[i:], m.NotesMD)
i = encodeVarintTypes(dAtA, i, uint64(len(m.NotesMD)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *Asset) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Asset) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Asset) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.PublicURL) > 0 {
i -= len(m.PublicURL)
copy(dAtA[i:], m.PublicURL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PublicURL)))
i--
dAtA[i] = 0x4a
}
if len(m.ReleaseIDs) > 0 {
for iNdEx := len(m.ReleaseIDs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ReleaseIDs[iNdEx])
copy(dAtA[i:], m.ReleaseIDs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ReleaseIDs[iNdEx])))
i--
dAtA[i] = 0x42
}
}
if len(m.DisplaySize) > 0 {
i -= len(m.DisplaySize)
copy(dAtA[i:], m.DisplaySize)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DisplaySize)))
i--
dAtA[i] = 0x3a
}
if m.AssetSize != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.AssetSize))
i--
dAtA[i] = 0x30
}
if len(m.SHA256) > 0 {
i -= len(m.SHA256)
copy(dAtA[i:], m.SHA256)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SHA256)))
i--
dAtA[i] = 0x2a
}
if len(m.OS) > 0 {
i -= len(m.OS)
copy(dAtA[i:], m.OS)
i = encodeVarintTypes(dAtA, i, uint64(len(m.OS)))
i--
dAtA[i] = 0x22
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0x1a
}
if len(m.Description) > 0 {
i -= len(m.Description)
copy(dAtA[i:], m.Description)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Description)))
i--
dAtA[i] = 0x12
}
if len(m.Arch) > 0 {
i -= len(m.Arch)
copy(dAtA[i:], m.Arch)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Arch)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Credentials != nil {
{
size, err := m.Credentials.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x3a
}
{
size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Settings != nil {
{
size := m.Settings.Size()
i -= size
if _, err := m.Settings.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
}
}
if len(m.Generation) > 0 {
i -= len(m.Generation)
copy(dAtA[i:], m.Generation)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Generation)))
i--
dAtA[i] = 0x5a
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_SlackAccessPlugin) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_SlackAccessPlugin) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.SlackAccessPlugin != nil {
{
size, err := m.SlackAccessPlugin.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_Opsgenie) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_Opsgenie) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Opsgenie != nil {
{
size, err := m.Opsgenie.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_Openai) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_Openai) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Openai != nil {
{
size, err := m.Openai.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_Okta) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_Okta) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Okta != nil {
{
size, err := m.Okta.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_Jamf) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_Jamf) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Jamf != nil {
{
size, err := m.Jamf.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_PagerDuty) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_PagerDuty) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.PagerDuty != nil {
{
size, err := m.PagerDuty.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_Mattermost) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_Mattermost) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Mattermost != nil {
{
size, err := m.Mattermost.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x3a
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_Jira) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_Jira) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Jira != nil {
{
size, err := m.Jira.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x42
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_Discord) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_Discord) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Discord != nil {
{
size, err := m.Discord.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_ServiceNow) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_ServiceNow) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.ServiceNow != nil {
{
size, err := m.ServiceNow.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x52
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_Gitlab) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_Gitlab) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Gitlab != nil {
{
size, err := m.Gitlab.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x62
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_EntraId) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_EntraId) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.EntraId != nil {
{
size, err := m.EntraId.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x6a
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_Scim) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_Scim) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Scim != nil {
{
size, err := m.Scim.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x72
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_Datadog) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_Datadog) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Datadog != nil {
{
size, err := m.Datadog.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x7a
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_AwsIc) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_AwsIc) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.AwsIc != nil {
{
size, err := m.AwsIc.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x82
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_Email) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_Email) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Email != nil {
{
size, err := m.Email.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x8a
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_Msteams) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_Msteams) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Msteams != nil {
{
size, err := m.Msteams.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x92
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_NetIq) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_NetIq) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.NetIq != nil {
{
size, err := m.NetIq.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0x9a
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_Github) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_Github) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Github != nil {
{
size, err := m.Github.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xa2
}
return len(dAtA) - i, nil
}
func (m *PluginSpecV1_Intune) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSpecV1_Intune) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Intune != nil {
{
size, err := m.Intune.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1
i--
dAtA[i] = 0xaa
}
return len(dAtA) - i, nil
}
func (m *PluginGithubSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginGithubSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginGithubSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
n376, err376 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.StartDate, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.StartDate):])
if err376 != nil {
return 0, err376
}
i -= n376
i = encodeVarintTypes(dAtA, i, uint64(n376))
i--
dAtA[i] = 0x22
if len(m.OrganizationName) > 0 {
i -= len(m.OrganizationName)
copy(dAtA[i:], m.OrganizationName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.OrganizationName)))
i--
dAtA[i] = 0x1a
}
if len(m.ClientId) > 0 {
i -= len(m.ClientId)
copy(dAtA[i:], m.ClientId)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientId)))
i--
dAtA[i] = 0x12
}
if len(m.ApiEndpoint) > 0 {
i -= len(m.ApiEndpoint)
copy(dAtA[i:], m.ApiEndpoint)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ApiEndpoint)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginSlackAccessSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginSlackAccessSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSlackAccessSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.FallbackChannel) > 0 {
i -= len(m.FallbackChannel)
copy(dAtA[i:], m.FallbackChannel)
i = encodeVarintTypes(dAtA, i, uint64(len(m.FallbackChannel)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginGitlabSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginGitlabSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginGitlabSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ApiEndpoint) > 0 {
i -= len(m.ApiEndpoint)
copy(dAtA[i:], m.ApiEndpoint)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ApiEndpoint)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginOpsgenieAccessSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginOpsgenieAccessSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginOpsgenieAccessSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ApiEndpoint) > 0 {
i -= len(m.ApiEndpoint)
copy(dAtA[i:], m.ApiEndpoint)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ApiEndpoint)))
i--
dAtA[i] = 0x2a
}
if len(m.DefaultSchedules) > 0 {
for iNdEx := len(m.DefaultSchedules) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.DefaultSchedules[iNdEx])
copy(dAtA[i:], m.DefaultSchedules[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.DefaultSchedules[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if len(m.AlertTags) > 0 {
for iNdEx := len(m.AlertTags) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.AlertTags[iNdEx])
copy(dAtA[i:], m.AlertTags[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.AlertTags[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.Priority) > 0 {
i -= len(m.Priority)
copy(dAtA[i:], m.Priority)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Priority)))
i--
dAtA[i] = 0x12
}
return len(dAtA) - i, nil
}
func (m *PluginServiceNowSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginServiceNowSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginServiceNowSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.CloseCode) > 0 {
i -= len(m.CloseCode)
copy(dAtA[i:], m.CloseCode)
i = encodeVarintTypes(dAtA, i, uint64(len(m.CloseCode)))
i--
dAtA[i] = 0x22
}
if len(m.Password) > 0 {
i -= len(m.Password)
copy(dAtA[i:], m.Password)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Password)))
i--
dAtA[i] = 0x1a
}
if len(m.Username) > 0 {
i -= len(m.Username)
copy(dAtA[i:], m.Username)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Username)))
i--
dAtA[i] = 0x12
}
if len(m.ApiEndpoint) > 0 {
i -= len(m.ApiEndpoint)
copy(dAtA[i:], m.ApiEndpoint)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ApiEndpoint)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginPagerDutySettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginPagerDutySettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginPagerDutySettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ApiEndpoint) > 0 {
i -= len(m.ApiEndpoint)
copy(dAtA[i:], m.ApiEndpoint)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ApiEndpoint)))
i--
dAtA[i] = 0x12
}
if len(m.UserEmail) > 0 {
i -= len(m.UserEmail)
copy(dAtA[i:], m.UserEmail)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserEmail)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginJiraSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginJiraSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginJiraSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.IssueType) > 0 {
i -= len(m.IssueType)
copy(dAtA[i:], m.IssueType)
i = encodeVarintTypes(dAtA, i, uint64(len(m.IssueType)))
i--
dAtA[i] = 0x1a
}
if len(m.ProjectKey) > 0 {
i -= len(m.ProjectKey)
copy(dAtA[i:], m.ProjectKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProjectKey)))
i--
dAtA[i] = 0x12
}
if len(m.ServerUrl) > 0 {
i -= len(m.ServerUrl)
copy(dAtA[i:], m.ServerUrl)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ServerUrl)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginOpenAISettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginOpenAISettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginOpenAISettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
return len(dAtA) - i, nil
}
func (m *PluginMattermostSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginMattermostSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginMattermostSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ReportToEmail) > 0 {
i -= len(m.ReportToEmail)
copy(dAtA[i:], m.ReportToEmail)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ReportToEmail)))
i--
dAtA[i] = 0x22
}
if len(m.Channel) > 0 {
i -= len(m.Channel)
copy(dAtA[i:], m.Channel)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Channel)))
i--
dAtA[i] = 0x1a
}
if len(m.Team) > 0 {
i -= len(m.Team)
copy(dAtA[i:], m.Team)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Team)))
i--
dAtA[i] = 0x12
}
if len(m.ServerUrl) > 0 {
i -= len(m.ServerUrl)
copy(dAtA[i:], m.ServerUrl)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ServerUrl)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginJamfSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginJamfSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginJamfSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.JamfSpec != nil {
{
size, err := m.JamfSpec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginIntuneSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginIntuneSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginIntuneSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.GraphEndpoint) > 0 {
i -= len(m.GraphEndpoint)
copy(dAtA[i:], m.GraphEndpoint)
i = encodeVarintTypes(dAtA, i, uint64(len(m.GraphEndpoint)))
i--
dAtA[i] = 0x1a
}
if len(m.LoginEndpoint) > 0 {
i -= len(m.LoginEndpoint)
copy(dAtA[i:], m.LoginEndpoint)
i = encodeVarintTypes(dAtA, i, uint64(len(m.LoginEndpoint)))
i--
dAtA[i] = 0x12
}
if len(m.Tenant) > 0 {
i -= len(m.Tenant)
copy(dAtA[i:], m.Tenant)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Tenant)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginOktaSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginOktaSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginOktaSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.CredentialsInfo != nil {
{
size, err := m.CredentialsInfo.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
}
if m.SyncSettings != nil {
{
size, err := m.SyncSettings.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
if len(m.SsoConnectorId) > 0 {
i -= len(m.SsoConnectorId)
copy(dAtA[i:], m.SsoConnectorId)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SsoConnectorId)))
i--
dAtA[i] = 0x1a
}
if m.EnableUserSync {
i--
if m.EnableUserSync {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x10
}
if len(m.OrgUrl) > 0 {
i -= len(m.OrgUrl)
copy(dAtA[i:], m.OrgUrl)
i = encodeVarintTypes(dAtA, i, uint64(len(m.OrgUrl)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginOktaCredentialsInfo) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginOktaCredentialsInfo) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginOktaCredentialsInfo) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.HasScimToken {
i--
if m.HasScimToken {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x18
}
if m.HasOauthCredentials {
i--
if m.HasOauthCredentials {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x10
}
if m.HasSsmToken {
i--
if m.HasSsmToken {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *PluginOktaSyncSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginOktaSyncSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginOktaSyncSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.TimeBetweenImports) > 0 {
i -= len(m.TimeBetweenImports)
copy(dAtA[i:], m.TimeBetweenImports)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TimeBetweenImports)))
i--
dAtA[i] = 0x72
}
if m.DisableAssignDefaultRoles {
i--
if m.DisableAssignDefaultRoles {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x68
}
if m.EnableSystemLogExport {
i--
if m.EnableSystemLogExport {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x60
}
if len(m.UserSyncSource) > 0 {
i -= len(m.UserSyncSource)
copy(dAtA[i:], m.UserSyncSource)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UserSyncSource)))
i--
dAtA[i] = 0x5a
}
if m.DisableBidirectionalSync {
i--
if m.DisableBidirectionalSync {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x50
}
if m.DisableSyncAppGroups {
i--
if m.DisableSyncAppGroups {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x48
}
if len(m.AppName) > 0 {
i -= len(m.AppName)
copy(dAtA[i:], m.AppName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AppName)))
i--
dAtA[i] = 0x42
}
if len(m.AppFilters) > 0 {
for iNdEx := len(m.AppFilters) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.AppFilters[iNdEx])
copy(dAtA[i:], m.AppFilters[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.AppFilters[iNdEx])))
i--
dAtA[i] = 0x3a
}
}
if len(m.GroupFilters) > 0 {
for iNdEx := len(m.GroupFilters) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.GroupFilters[iNdEx])
copy(dAtA[i:], m.GroupFilters[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.GroupFilters[iNdEx])))
i--
dAtA[i] = 0x32
}
}
if len(m.AppId) > 0 {
i -= len(m.AppId)
copy(dAtA[i:], m.AppId)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AppId)))
i--
dAtA[i] = 0x2a
}
if len(m.DefaultOwners) > 0 {
for iNdEx := len(m.DefaultOwners) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.DefaultOwners[iNdEx])
copy(dAtA[i:], m.DefaultOwners[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.DefaultOwners[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if m.SyncAccessLists {
i--
if m.SyncAccessLists {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x18
}
if len(m.SsoConnectorId) > 0 {
i -= len(m.SsoConnectorId)
copy(dAtA[i:], m.SsoConnectorId)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SsoConnectorId)))
i--
dAtA[i] = 0x12
}
if m.SyncUsers {
i--
if m.SyncUsers {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *DiscordChannels) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *DiscordChannels) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *DiscordChannels) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ChannelIds) > 0 {
for iNdEx := len(m.ChannelIds) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ChannelIds[iNdEx])
copy(dAtA[i:], m.ChannelIds[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ChannelIds[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *PluginDiscordSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginDiscordSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginDiscordSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.RoleToRecipients) > 0 {
for k := range m.RoleToRecipients {
v := m.RoleToRecipients[k]
baseI := i
if v != nil {
{
size, err := v.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *PluginEntraIDSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginEntraIDSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginEntraIDSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.AccessGraphSettings != nil {
{
size, err := m.AccessGraphSettings.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
if m.SyncSettings != nil {
{
size, err := m.SyncSettings.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginEntraIDSyncSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginEntraIDSyncSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginEntraIDSyncSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.GroupFilters) > 0 {
for iNdEx := len(m.GroupFilters) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.GroupFilters[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
}
if len(m.EntraAppId) > 0 {
i -= len(m.EntraAppId)
copy(dAtA[i:], m.EntraAppId)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EntraAppId)))
i--
dAtA[i] = 0x2a
}
if len(m.TenantId) > 0 {
i -= len(m.TenantId)
copy(dAtA[i:], m.TenantId)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TenantId)))
i--
dAtA[i] = 0x22
}
if m.CredentialsSource != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.CredentialsSource))
i--
dAtA[i] = 0x18
}
if len(m.SsoConnectorId) > 0 {
i -= len(m.SsoConnectorId)
copy(dAtA[i:], m.SsoConnectorId)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SsoConnectorId)))
i--
dAtA[i] = 0x12
}
if len(m.DefaultOwners) > 0 {
for iNdEx := len(m.DefaultOwners) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.DefaultOwners[iNdEx])
copy(dAtA[i:], m.DefaultOwners[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.DefaultOwners[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *PluginSyncFilter) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginSyncFilter) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSyncFilter) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Exclude != nil {
{
size := m.Exclude.Size()
i -= size
if _, err := m.Exclude.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
}
}
if m.Include != nil {
{
size := m.Include.Size()
i -= size
if _, err := m.Include.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
}
}
return len(dAtA) - i, nil
}
func (m *PluginSyncFilter_Id) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSyncFilter_Id) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
i -= len(m.Id)
copy(dAtA[i:], m.Id)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Id)))
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *PluginSyncFilter_NameRegex) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSyncFilter_NameRegex) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
i -= len(m.NameRegex)
copy(dAtA[i:], m.NameRegex)
i = encodeVarintTypes(dAtA, i, uint64(len(m.NameRegex)))
i--
dAtA[i] = 0x12
return len(dAtA) - i, nil
}
func (m *PluginSyncFilter_ExcludeId) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSyncFilter_ExcludeId) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
i -= len(m.ExcludeId)
copy(dAtA[i:], m.ExcludeId)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ExcludeId)))
i--
dAtA[i] = 0x1a
return len(dAtA) - i, nil
}
func (m *PluginSyncFilter_ExcludeNameRegex) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSyncFilter_ExcludeNameRegex) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
i -= len(m.ExcludeNameRegex)
copy(dAtA[i:], m.ExcludeNameRegex)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ExcludeNameRegex)))
i--
dAtA[i] = 0x22
return len(dAtA) - i, nil
}
func (m *PluginEntraIDAccessGraphSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginEntraIDAccessGraphSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginEntraIDAccessGraphSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.AppSsoSettingsCache) > 0 {
for iNdEx := len(m.AppSsoSettingsCache) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.AppSsoSettingsCache[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *PluginEntraIDAppSSOSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginEntraIDAppSSOSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginEntraIDAppSSOSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.FederatedSsoV2) > 0 {
i -= len(m.FederatedSsoV2)
copy(dAtA[i:], m.FederatedSsoV2)
i = encodeVarintTypes(dAtA, i, uint64(len(m.FederatedSsoV2)))
i--
dAtA[i] = 0x12
}
if len(m.AppId) > 0 {
i -= len(m.AppId)
copy(dAtA[i:], m.AppId)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AppId)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginSCIMSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginSCIMSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSCIMSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.ConnectorInfo != nil {
{
size, err := m.ConnectorInfo.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
if len(m.DefaultRole) > 0 {
i -= len(m.DefaultRole)
copy(dAtA[i:], m.DefaultRole)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DefaultRole)))
i--
dAtA[i] = 0x12
}
if len(m.SamlConnectorName) > 0 {
i -= len(m.SamlConnectorName)
copy(dAtA[i:], m.SamlConnectorName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SamlConnectorName)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginSCIMSettings_ConnectorInfo) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginSCIMSettings_ConnectorInfo) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginSCIMSettings_ConnectorInfo) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Type) > 0 {
i -= len(m.Type)
copy(dAtA[i:], m.Type)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Type)))
i--
dAtA[i] = 0x12
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginDatadogAccessSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginDatadogAccessSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginDatadogAccessSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.FallbackRecipient) > 0 {
i -= len(m.FallbackRecipient)
copy(dAtA[i:], m.FallbackRecipient)
i = encodeVarintTypes(dAtA, i, uint64(len(m.FallbackRecipient)))
i--
dAtA[i] = 0x12
}
if len(m.ApiEndpoint) > 0 {
i -= len(m.ApiEndpoint)
copy(dAtA[i:], m.ApiEndpoint)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ApiEndpoint)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginAWSICSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginAWSICSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginAWSICSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.RolesSyncMode) > 0 {
i -= len(m.RolesSyncMode)
copy(dAtA[i:], m.RolesSyncMode)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RolesSyncMode)))
i--
dAtA[i] = 0x62
}
if m.Credentials != nil {
{
size, err := m.Credentials.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x5a
}
if len(m.GroupSyncFilters) > 0 {
for iNdEx := len(m.GroupSyncFilters) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.GroupSyncFilters[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x52
}
}
if len(m.AwsAccountsFilters) > 0 {
for iNdEx := len(m.AwsAccountsFilters) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.AwsAccountsFilters[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
}
}
if len(m.UserSyncFilters) > 0 {
for iNdEx := len(m.UserSyncFilters) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.UserSyncFilters[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x42
}
}
if m.CredentialsSource != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.CredentialsSource))
i--
dAtA[i] = 0x38
}
if len(m.SamlIdpServiceProviderName) > 0 {
i -= len(m.SamlIdpServiceProviderName)
copy(dAtA[i:], m.SamlIdpServiceProviderName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SamlIdpServiceProviderName)))
i--
dAtA[i] = 0x32
}
if len(m.AccessListDefaultOwners) > 0 {
for iNdEx := len(m.AccessListDefaultOwners) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.AccessListDefaultOwners[iNdEx])
copy(dAtA[i:], m.AccessListDefaultOwners[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.AccessListDefaultOwners[iNdEx])))
i--
dAtA[i] = 0x2a
}
}
if m.ProvisioningSpec != nil {
{
size, err := m.ProvisioningSpec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
if len(m.Arn) > 0 {
i -= len(m.Arn)
copy(dAtA[i:], m.Arn)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Arn)))
i--
dAtA[i] = 0x1a
}
if len(m.Region) > 0 {
i -= len(m.Region)
copy(dAtA[i:], m.Region)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Region)))
i--
dAtA[i] = 0x12
}
if len(m.IntegrationName) > 0 {
i -= len(m.IntegrationName)
copy(dAtA[i:], m.IntegrationName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.IntegrationName)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AWSICCredentials) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWSICCredentials) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSICCredentials) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Source != nil {
{
size := m.Source.Size()
i -= size
if _, err := m.Source.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
}
}
return len(dAtA) - i, nil
}
func (m *AWSICCredentials_System) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSICCredentials_System) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.System != nil {
{
size, err := m.System.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AWSICCredentials_Oidc) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSICCredentials_Oidc) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Oidc != nil {
{
size, err := m.Oidc.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
return len(dAtA) - i, nil
}
func (m *AWSICCredentialSourceSystem) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWSICCredentialSourceSystem) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSICCredentialSourceSystem) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.AssumeRoleArn) > 0 {
i -= len(m.AssumeRoleArn)
copy(dAtA[i:], m.AssumeRoleArn)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AssumeRoleArn)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AWSICCredentialSourceOIDC) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWSICCredentialSourceOIDC) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSICCredentialSourceOIDC) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.IntegrationName) > 0 {
i -= len(m.IntegrationName)
copy(dAtA[i:], m.IntegrationName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.IntegrationName)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AWSICResourceFilter) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWSICResourceFilter) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSICResourceFilter) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Exclude != nil {
{
size := m.Exclude.Size()
i -= size
if _, err := m.Exclude.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
}
}
if m.Include != nil {
{
size := m.Include.Size()
i -= size
if _, err := m.Include.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
}
}
return len(dAtA) - i, nil
}
func (m *AWSICResourceFilter_Id) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSICResourceFilter_Id) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
i -= len(m.Id)
copy(dAtA[i:], m.Id)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Id)))
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *AWSICResourceFilter_NameRegex) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSICResourceFilter_NameRegex) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
i -= len(m.NameRegex)
copy(dAtA[i:], m.NameRegex)
i = encodeVarintTypes(dAtA, i, uint64(len(m.NameRegex)))
i--
dAtA[i] = 0x12
return len(dAtA) - i, nil
}
func (m *AWSICResourceFilter_ExcludeId) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSICResourceFilter_ExcludeId) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
i -= len(m.ExcludeId)
copy(dAtA[i:], m.ExcludeId)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ExcludeId)))
i--
dAtA[i] = 0x1a
return len(dAtA) - i, nil
}
func (m *AWSICResourceFilter_ExcludeNameRegex) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSICResourceFilter_ExcludeNameRegex) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
i -= len(m.ExcludeNameRegex)
copy(dAtA[i:], m.ExcludeNameRegex)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ExcludeNameRegex)))
i--
dAtA[i] = 0x22
return len(dAtA) - i, nil
}
func (m *AWSICUserSyncFilter) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWSICUserSyncFilter) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSICUserSyncFilter) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Labels) > 0 {
for k := range m.Labels {
v := m.Labels[k]
baseI := i
i -= len(v)
copy(dAtA[i:], v)
i = encodeVarintTypes(dAtA, i, uint64(len(v)))
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0x42
}
}
return len(dAtA) - i, nil
}
func (m *AWSICProvisioningSpec) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWSICProvisioningSpec) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSICProvisioningSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.BearerToken) > 0 {
i -= len(m.BearerToken)
copy(dAtA[i:], m.BearerToken)
i = encodeVarintTypes(dAtA, i, uint64(len(m.BearerToken)))
i--
dAtA[i] = 0x12
}
if len(m.BaseUrl) > 0 {
i -= len(m.BaseUrl)
copy(dAtA[i:], m.BaseUrl)
i = encodeVarintTypes(dAtA, i, uint64(len(m.BaseUrl)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginAWSICStatusV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginAWSICStatusV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginAWSICStatusV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.GroupImportStatus != nil {
{
size, err := m.GroupImportStatus.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AWSICGroupImportStatus) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWSICGroupImportStatus) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSICGroupImportStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ErrorMessage) > 0 {
i -= len(m.ErrorMessage)
copy(dAtA[i:], m.ErrorMessage)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ErrorMessage)))
i--
dAtA[i] = 0x12
}
if m.StatusCode != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.StatusCode))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *PluginEmailSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginEmailSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginEmailSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Spec != nil {
{
size := m.Spec.Size()
i -= size
if _, err := m.Spec.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
}
}
if len(m.FallbackRecipient) > 0 {
i -= len(m.FallbackRecipient)
copy(dAtA[i:], m.FallbackRecipient)
i = encodeVarintTypes(dAtA, i, uint64(len(m.FallbackRecipient)))
i--
dAtA[i] = 0x12
}
if len(m.Sender) > 0 {
i -= len(m.Sender)
copy(dAtA[i:], m.Sender)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Sender)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginEmailSettings_MailgunSpec) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginEmailSettings_MailgunSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.MailgunSpec != nil {
{
size, err := m.MailgunSpec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
return len(dAtA) - i, nil
}
func (m *PluginEmailSettings_SmtpSpec) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginEmailSettings_SmtpSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.SmtpSpec != nil {
{
size, err := m.SmtpSpec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
return len(dAtA) - i, nil
}
func (m *MailgunSpec) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *MailgunSpec) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *MailgunSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Domain) > 0 {
i -= len(m.Domain)
copy(dAtA[i:], m.Domain)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Domain)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SMTPSpec) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SMTPSpec) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SMTPSpec) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.StartTlsPolicy) > 0 {
i -= len(m.StartTlsPolicy)
copy(dAtA[i:], m.StartTlsPolicy)
i = encodeVarintTypes(dAtA, i, uint64(len(m.StartTlsPolicy)))
i--
dAtA[i] = 0x1a
}
if m.Port != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Port))
i--
dAtA[i] = 0x10
}
if len(m.Host) > 0 {
i -= len(m.Host)
copy(dAtA[i:], m.Host)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Host)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginMSTeamsSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginMSTeamsSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginMSTeamsSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.DefaultRecipient) > 0 {
i -= len(m.DefaultRecipient)
copy(dAtA[i:], m.DefaultRecipient)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DefaultRecipient)))
i--
dAtA[i] = 0x2a
}
if len(m.Region) > 0 {
i -= len(m.Region)
copy(dAtA[i:], m.Region)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Region)))
i--
dAtA[i] = 0x22
}
if len(m.TeamsAppId) > 0 {
i -= len(m.TeamsAppId)
copy(dAtA[i:], m.TeamsAppId)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TeamsAppId)))
i--
dAtA[i] = 0x1a
}
if len(m.TenantId) > 0 {
i -= len(m.TenantId)
copy(dAtA[i:], m.TenantId)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TenantId)))
i--
dAtA[i] = 0x12
}
if len(m.AppId) > 0 {
i -= len(m.AppId)
copy(dAtA[i:], m.AppId)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AppId)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginNetIQSettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginNetIQSettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginNetIQSettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.InsecureSkipVerify {
i--
if m.InsecureSkipVerify {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x18
}
if len(m.ApiEndpoint) > 0 {
i -= len(m.ApiEndpoint)
copy(dAtA[i:], m.ApiEndpoint)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ApiEndpoint)))
i--
dAtA[i] = 0x12
}
if len(m.OauthIssuerEndpoint) > 0 {
i -= len(m.OauthIssuerEndpoint)
copy(dAtA[i:], m.OauthIssuerEndpoint)
i = encodeVarintTypes(dAtA, i, uint64(len(m.OauthIssuerEndpoint)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginBootstrapCredentialsV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginBootstrapCredentialsV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginBootstrapCredentialsV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Credentials != nil {
{
size := m.Credentials.Size()
i -= size
if _, err := m.Credentials.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
}
}
return len(dAtA) - i, nil
}
func (m *PluginBootstrapCredentialsV1_Oauth2AuthorizationCode) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginBootstrapCredentialsV1_Oauth2AuthorizationCode) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Oauth2AuthorizationCode != nil {
{
size, err := m.Oauth2AuthorizationCode.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginBootstrapCredentialsV1_BearerToken) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginBootstrapCredentialsV1_BearerToken) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.BearerToken != nil {
{
size, err := m.BearerToken.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
return len(dAtA) - i, nil
}
func (m *PluginBootstrapCredentialsV1_IdSecret) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginBootstrapCredentialsV1_IdSecret) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.IdSecret != nil {
{
size, err := m.IdSecret.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
return len(dAtA) - i, nil
}
func (m *PluginIdSecretCredential) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginIdSecretCredential) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginIdSecretCredential) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Secret) > 0 {
i -= len(m.Secret)
copy(dAtA[i:], m.Secret)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Secret)))
i--
dAtA[i] = 0x12
}
if len(m.Id) > 0 {
i -= len(m.Id)
copy(dAtA[i:], m.Id)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Id)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginOAuth2AuthorizationCodeCredentials) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginOAuth2AuthorizationCodeCredentials) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginOAuth2AuthorizationCodeCredentials) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.RedirectUri) > 0 {
i -= len(m.RedirectUri)
copy(dAtA[i:], m.RedirectUri)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RedirectUri)))
i--
dAtA[i] = 0x12
}
if len(m.AuthorizationCode) > 0 {
i -= len(m.AuthorizationCode)
copy(dAtA[i:], m.AuthorizationCode)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AuthorizationCode)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginStatusV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginStatusV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginStatusV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Details != nil {
{
size := m.Details.Size()
i -= size
if _, err := m.Details.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
}
}
if len(m.LastRawError) > 0 {
i -= len(m.LastRawError)
copy(dAtA[i:], m.LastRawError)
i = encodeVarintTypes(dAtA, i, uint64(len(m.LastRawError)))
i--
dAtA[i] = 0x32
}
n394, err394 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastSyncTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastSyncTime):])
if err394 != nil {
return 0, err394
}
i -= n394
i = encodeVarintTypes(dAtA, i, uint64(n394))
i--
dAtA[i] = 0x1a
if len(m.ErrorMessage) > 0 {
i -= len(m.ErrorMessage)
copy(dAtA[i:], m.ErrorMessage)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ErrorMessage)))
i--
dAtA[i] = 0x12
}
if m.Code != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Code))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *PluginStatusV1_Gitlab) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginStatusV1_Gitlab) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Gitlab != nil {
{
size, err := m.Gitlab.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
return len(dAtA) - i, nil
}
func (m *PluginStatusV1_EntraId) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginStatusV1_EntraId) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.EntraId != nil {
{
size, err := m.EntraId.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
}
return len(dAtA) - i, nil
}
func (m *PluginStatusV1_Okta) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginStatusV1_Okta) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Okta != nil {
{
size, err := m.Okta.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x3a
}
return len(dAtA) - i, nil
}
func (m *PluginStatusV1_AwsIc) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginStatusV1_AwsIc) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.AwsIc != nil {
{
size, err := m.AwsIc.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x42
}
return len(dAtA) - i, nil
}
func (m *PluginStatusV1_NetIq) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginStatusV1_NetIq) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.NetIq != nil {
{
size, err := m.NetIq.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x4a
}
return len(dAtA) - i, nil
}
func (m *PluginNetIQStatusV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginNetIQStatusV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginNetIQStatusV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.ImportedResources != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ImportedResources))
i--
dAtA[i] = 0x20
}
if m.ImportedRoles != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ImportedRoles))
i--
dAtA[i] = 0x18
}
if m.ImportedGroups != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ImportedGroups))
i--
dAtA[i] = 0x10
}
if m.ImportedUsers != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ImportedUsers))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *PluginGitlabStatusV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginGitlabStatusV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginGitlabStatusV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.ImportedProjects != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ImportedProjects))
i--
dAtA[i] = 0x18
}
if m.ImportedGroups != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ImportedGroups))
i--
dAtA[i] = 0x10
}
if m.ImportedUsers != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ImportedUsers))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *PluginEntraIDStatusV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginEntraIDStatusV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginEntraIDStatusV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.ImportedGroups != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ImportedGroups))
i--
dAtA[i] = 0x10
}
if m.ImportedUsers != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.ImportedUsers))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *PluginOktaStatusV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginOktaStatusV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginOktaStatusV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.SystemLogExportDetails != nil {
{
size, err := m.SystemLogExportDetails.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
if m.AccessListsSyncDetails != nil {
{
size, err := m.AccessListsSyncDetails.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
}
if m.ScimDetails != nil {
{
size, err := m.ScimDetails.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
if m.UsersSyncDetails != nil {
{
size, err := m.UsersSyncDetails.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
if m.AppGroupSyncDetails != nil {
{
size, err := m.AppGroupSyncDetails.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
if m.SsoDetails != nil {
{
size, err := m.SsoDetails.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginOktaStatusDetailsSSO) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginOktaStatusDetailsSSO) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginOktaStatusDetailsSSO) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.OktaGroupEveryoneMappedRoles) > 0 {
for iNdEx := len(m.OktaGroupEveryoneMappedRoles) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.OktaGroupEveryoneMappedRoles[iNdEx])
copy(dAtA[i:], m.OktaGroupEveryoneMappedRoles[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.OktaGroupEveryoneMappedRoles[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if len(m.AppName) > 0 {
i -= len(m.AppName)
copy(dAtA[i:], m.AppName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AppName)))
i--
dAtA[i] = 0x1a
}
if len(m.AppId) > 0 {
i -= len(m.AppId)
copy(dAtA[i:], m.AppId)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AppId)))
i--
dAtA[i] = 0x12
}
if m.Enabled {
i--
if m.Enabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *PluginOktaStatusDetailsAppGroupSync) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginOktaStatusDetailsAppGroupSync) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginOktaStatusDetailsAppGroupSync) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Error) > 0 {
i -= len(m.Error)
copy(dAtA[i:], m.Error)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Error)))
i--
dAtA[i] = 0x3a
}
if m.NumGroupsSynced != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.NumGroupsSynced))
i--
dAtA[i] = 0x30
}
if m.NumAppsSynced != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.NumAppsSynced))
i--
dAtA[i] = 0x28
}
if m.LastFailed != nil {
n406, err406 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.LastFailed, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.LastFailed):])
if err406 != nil {
return 0, err406
}
i -= n406
i = encodeVarintTypes(dAtA, i, uint64(n406))
i--
dAtA[i] = 0x22
}
if m.LastSuccessful != nil {
n407, err407 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.LastSuccessful, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.LastSuccessful):])
if err407 != nil {
return 0, err407
}
i -= n407
i = encodeVarintTypes(dAtA, i, uint64(n407))
i--
dAtA[i] = 0x1a
}
if m.StatusCode != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.StatusCode))
i--
dAtA[i] = 0x10
}
if m.Enabled {
i--
if m.Enabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *PluginOktaStatusDetailsUsersSync) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginOktaStatusDetailsUsersSync) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginOktaStatusDetailsUsersSync) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Error) > 0 {
i -= len(m.Error)
copy(dAtA[i:], m.Error)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Error)))
i--
dAtA[i] = 0x32
}
if m.NumUsersSynced != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.NumUsersSynced))
i--
dAtA[i] = 0x28
}
if m.LastFailed != nil {
n408, err408 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.LastFailed, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.LastFailed):])
if err408 != nil {
return 0, err408
}
i -= n408
i = encodeVarintTypes(dAtA, i, uint64(n408))
i--
dAtA[i] = 0x22
}
if m.LastSuccessful != nil {
n409, err409 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.LastSuccessful, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.LastSuccessful):])
if err409 != nil {
return 0, err409
}
i -= n409
i = encodeVarintTypes(dAtA, i, uint64(n409))
i--
dAtA[i] = 0x1a
}
if m.StatusCode != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.StatusCode))
i--
dAtA[i] = 0x10
}
if m.Enabled {
i--
if m.Enabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *PluginOktaStatusDetailsSCIM) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginOktaStatusDetailsSCIM) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginOktaStatusDetailsSCIM) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Enabled {
i--
if m.Enabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *PluginOktaStatusDetailsAccessListsSync) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginOktaStatusDetailsAccessListsSync) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginOktaStatusDetailsAccessListsSync) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Error) > 0 {
i -= len(m.Error)
copy(dAtA[i:], m.Error)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Error)))
i--
dAtA[i] = 0x4a
}
if m.NumGroupsSynced != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.NumGroupsSynced))
i--
dAtA[i] = 0x40
}
if len(m.GroupFilters) > 0 {
for iNdEx := len(m.GroupFilters) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.GroupFilters[iNdEx])
copy(dAtA[i:], m.GroupFilters[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.GroupFilters[iNdEx])))
i--
dAtA[i] = 0x3a
}
}
if m.NumAppsSynced != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.NumAppsSynced))
i--
dAtA[i] = 0x30
}
if len(m.AppFilters) > 0 {
for iNdEx := len(m.AppFilters) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.AppFilters[iNdEx])
copy(dAtA[i:], m.AppFilters[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.AppFilters[iNdEx])))
i--
dAtA[i] = 0x2a
}
}
if m.LastFailed != nil {
n410, err410 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.LastFailed, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.LastFailed):])
if err410 != nil {
return 0, err410
}
i -= n410
i = encodeVarintTypes(dAtA, i, uint64(n410))
i--
dAtA[i] = 0x22
}
if m.LastSuccessful != nil {
n411, err411 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.LastSuccessful, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.LastSuccessful):])
if err411 != nil {
return 0, err411
}
i -= n411
i = encodeVarintTypes(dAtA, i, uint64(n411))
i--
dAtA[i] = 0x1a
}
if m.StatusCode != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.StatusCode))
i--
dAtA[i] = 0x10
}
if m.Enabled {
i--
if m.Enabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *PluginOktaStatusSystemLogExporter) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginOktaStatusSystemLogExporter) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginOktaStatusSystemLogExporter) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Error) > 0 {
i -= len(m.Error)
copy(dAtA[i:], m.Error)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Error)))
i--
dAtA[i] = 0x4a
}
if m.LastFailed != nil {
n412, err412 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.LastFailed, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.LastFailed):])
if err412 != nil {
return 0, err412
}
i -= n412
i = encodeVarintTypes(dAtA, i, uint64(n412))
i--
dAtA[i] = 0x22
}
if m.LastSuccessful != nil {
n413, err413 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.LastSuccessful, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.LastSuccessful):])
if err413 != nil {
return 0, err413
}
i -= n413
i = encodeVarintTypes(dAtA, i, uint64(n413))
i--
dAtA[i] = 0x1a
}
if m.StatusCode != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.StatusCode))
i--
dAtA[i] = 0x10
}
if m.Enabled {
i--
if m.Enabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *PluginCredentialsV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginCredentialsV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginCredentialsV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Credentials != nil {
{
size := m.Credentials.Size()
i -= size
if _, err := m.Credentials.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
}
}
return len(dAtA) - i, nil
}
func (m *PluginCredentialsV1_Oauth2AccessToken) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginCredentialsV1_Oauth2AccessToken) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.Oauth2AccessToken != nil {
{
size, err := m.Oauth2AccessToken.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginCredentialsV1_BearerToken) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginCredentialsV1_BearerToken) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.BearerToken != nil {
{
size, err := m.BearerToken.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
return len(dAtA) - i, nil
}
func (m *PluginCredentialsV1_IdSecret) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginCredentialsV1_IdSecret) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.IdSecret != nil {
{
size, err := m.IdSecret.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
return len(dAtA) - i, nil
}
func (m *PluginCredentialsV1_StaticCredentialsRef) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginCredentialsV1_StaticCredentialsRef) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.StaticCredentialsRef != nil {
{
size, err := m.StaticCredentialsRef.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
return len(dAtA) - i, nil
}
func (m *PluginOAuth2AccessTokenCredentials) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginOAuth2AccessTokenCredentials) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginOAuth2AccessTokenCredentials) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
n418, err418 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Expires, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires):])
if err418 != nil {
return 0, err418
}
i -= n418
i = encodeVarintTypes(dAtA, i, uint64(n418))
i--
dAtA[i] = 0x1a
if len(m.RefreshToken) > 0 {
i -= len(m.RefreshToken)
copy(dAtA[i:], m.RefreshToken)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RefreshToken)))
i--
dAtA[i] = 0x12
}
if len(m.AccessToken) > 0 {
i -= len(m.AccessToken)
copy(dAtA[i:], m.AccessToken)
i = encodeVarintTypes(dAtA, i, uint64(len(m.AccessToken)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginBearerTokenCredentials) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginBearerTokenCredentials) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginBearerTokenCredentials) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Token) > 0 {
i -= len(m.Token)
copy(dAtA[i:], m.Token)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Token)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginStaticCredentialsRef) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginStaticCredentialsRef) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginStaticCredentialsRef) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Labels) > 0 {
for k := range m.Labels {
v := m.Labels[k]
baseI := i
i -= len(v)
copy(dAtA[i:], v)
i = encodeVarintTypes(dAtA, i, uint64(len(v)))
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *PluginListV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginListV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginListV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Plugins) > 0 {
for iNdEx := len(m.Plugins) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Plugins[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *PluginStaticCredentialsV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginStaticCredentialsV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginStaticCredentialsV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Spec != nil {
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *PluginStaticCredentialsSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginStaticCredentialsSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginStaticCredentialsSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Credentials != nil {
{
size := m.Credentials.Size()
i -= size
if _, err := m.Credentials.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
}
}
return len(dAtA) - i, nil
}
func (m *PluginStaticCredentialsSpecV1_APIToken) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginStaticCredentialsSpecV1_APIToken) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
i -= len(m.APIToken)
copy(dAtA[i:], m.APIToken)
i = encodeVarintTypes(dAtA, i, uint64(len(m.APIToken)))
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *PluginStaticCredentialsSpecV1_BasicAuth) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginStaticCredentialsSpecV1_BasicAuth) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.BasicAuth != nil {
{
size, err := m.BasicAuth.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
return len(dAtA) - i, nil
}
func (m *PluginStaticCredentialsSpecV1_OAuthClientSecret) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginStaticCredentialsSpecV1_OAuthClientSecret) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.OAuthClientSecret != nil {
{
size, err := m.OAuthClientSecret.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
return len(dAtA) - i, nil
}
func (m *PluginStaticCredentialsSpecV1_SSHCertAuthorities) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginStaticCredentialsSpecV1_SSHCertAuthorities) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.SSHCertAuthorities != nil {
{
size, err := m.SSHCertAuthorities.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
return len(dAtA) - i, nil
}
func (m *PluginStaticCredentialsSpecV1_PrivateKey) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginStaticCredentialsSpecV1_PrivateKey) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.PrivateKey != nil {
i -= len(m.PrivateKey)
copy(dAtA[i:], m.PrivateKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PrivateKey)))
i--
dAtA[i] = 0x2a
}
return len(dAtA) - i, nil
}
func (m *PluginStaticCredentialsBasicAuth) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginStaticCredentialsBasicAuth) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginStaticCredentialsBasicAuth) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Password) > 0 {
i -= len(m.Password)
copy(dAtA[i:], m.Password)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Password)))
i--
dAtA[i] = 0x12
}
if len(m.Username) > 0 {
i -= len(m.Username)
copy(dAtA[i:], m.Username)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Username)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginStaticCredentialsOAuthClientSecret) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginStaticCredentialsOAuthClientSecret) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginStaticCredentialsOAuthClientSecret) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ClientSecret) > 0 {
i -= len(m.ClientSecret)
copy(dAtA[i:], m.ClientSecret)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientSecret)))
i--
dAtA[i] = 0x12
}
if len(m.ClientId) > 0 {
i -= len(m.ClientId)
copy(dAtA[i:], m.ClientId)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientId)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *PluginStaticCredentialsSSHCertAuthorities) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *PluginStaticCredentialsSSHCertAuthorities) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *PluginStaticCredentialsSSHCertAuthorities) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.CertAuthorities) > 0 {
for iNdEx := len(m.CertAuthorities) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.CertAuthorities[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *SAMLIdPServiceProviderV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SAMLIdPServiceProviderV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SAMLIdPServiceProviderV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *SAMLIdPServiceProviderSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SAMLIdPServiceProviderSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SAMLIdPServiceProviderSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.LaunchURLs) > 0 {
for iNdEx := len(m.LaunchURLs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.LaunchURLs[iNdEx])
copy(dAtA[i:], m.LaunchURLs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.LaunchURLs[iNdEx])))
i--
dAtA[i] = 0x3a
}
}
if len(m.RelayState) > 0 {
i -= len(m.RelayState)
copy(dAtA[i:], m.RelayState)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RelayState)))
i--
dAtA[i] = 0x32
}
if len(m.Preset) > 0 {
i -= len(m.Preset)
copy(dAtA[i:], m.Preset)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Preset)))
i--
dAtA[i] = 0x2a
}
if len(m.AttributeMapping) > 0 {
for iNdEx := len(m.AttributeMapping) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.AttributeMapping[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
}
if len(m.ACSURL) > 0 {
i -= len(m.ACSURL)
copy(dAtA[i:], m.ACSURL)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ACSURL)))
i--
dAtA[i] = 0x1a
}
if len(m.EntityID) > 0 {
i -= len(m.EntityID)
copy(dAtA[i:], m.EntityID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EntityID)))
i--
dAtA[i] = 0x12
}
if len(m.EntityDescriptor) > 0 {
i -= len(m.EntityDescriptor)
copy(dAtA[i:], m.EntityDescriptor)
i = encodeVarintTypes(dAtA, i, uint64(len(m.EntityDescriptor)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *SAMLAttributeMapping) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *SAMLAttributeMapping) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *SAMLAttributeMapping) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Value) > 0 {
i -= len(m.Value)
copy(dAtA[i:], m.Value)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Value)))
i--
dAtA[i] = 0x1a
}
if len(m.NameFormat) > 0 {
i -= len(m.NameFormat)
copy(dAtA[i:], m.NameFormat)
i = encodeVarintTypes(dAtA, i, uint64(len(m.NameFormat)))
i--
dAtA[i] = 0x12
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *IdPOptions) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *IdPOptions) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *IdPOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.SAML != nil {
{
size, err := m.SAML.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *IdPSAMLOptions) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *IdPSAMLOptions) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *IdPSAMLOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Enabled != nil {
{
size := m.Enabled.Size()
i -= size
if _, err := m.Enabled.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *KubernetesResourceV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KubernetesResourceV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KubernetesResourceV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *KubernetesResourceSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KubernetesResourceSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KubernetesResourceSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Namespace) > 0 {
i -= len(m.Namespace)
copy(dAtA[i:], m.Namespace)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Namespace)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ClusterMaintenanceConfigV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ClusterMaintenanceConfigV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ClusterMaintenanceConfigV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Nonce != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Nonce))
i--
dAtA[i] = 0x18
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *ClusterMaintenanceConfigSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ClusterMaintenanceConfigSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ClusterMaintenanceConfigSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.AgentUpgrades != nil {
{
size, err := m.AgentUpgrades.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AgentUpgradeWindow) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AgentUpgradeWindow) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AgentUpgradeWindow) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Weekdays) > 0 {
for iNdEx := len(m.Weekdays) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Weekdays[iNdEx])
copy(dAtA[i:], m.Weekdays[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Weekdays[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if m.UTCStartHour != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.UTCStartHour))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *ScheduledAgentUpgradeWindow) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ScheduledAgentUpgradeWindow) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ScheduledAgentUpgradeWindow) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
n433, err433 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Stop, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Stop):])
if err433 != nil {
return 0, err433
}
i -= n433
i = encodeVarintTypes(dAtA, i, uint64(n433))
i--
dAtA[i] = 0x12
n434, err434 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.Start, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.Start):])
if err434 != nil {
return 0, err434
}
i -= n434
i = encodeVarintTypes(dAtA, i, uint64(n434))
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *AgentUpgradeSchedule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AgentUpgradeSchedule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AgentUpgradeSchedule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Windows) > 0 {
for iNdEx := len(m.Windows) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Windows[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *UserGroupV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *UserGroupV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *UserGroupV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *UserGroupSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *UserGroupSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *UserGroupSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Applications) > 0 {
for iNdEx := len(m.Applications) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Applications[iNdEx])
copy(dAtA[i:], m.Applications[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Applications[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *OktaImportRuleSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *OktaImportRuleSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *OktaImportRuleSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Mappings) > 0 {
for iNdEx := len(m.Mappings) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Mappings[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
}
if m.Priority != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Priority))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *OktaImportRuleMappingV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *OktaImportRuleMappingV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *OktaImportRuleMappingV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.AddLabels) > 0 {
for k := range m.AddLabels {
v := m.AddLabels[k]
baseI := i
i -= len(v)
copy(dAtA[i:], v)
i = encodeVarintTypes(dAtA, i, uint64(len(v)))
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0x12
}
}
if len(m.Match) > 0 {
for iNdEx := len(m.Match) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Match[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *OktaImportRuleV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *OktaImportRuleV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *OktaImportRuleV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *OktaImportRuleMatchV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *OktaImportRuleMatchV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *OktaImportRuleMatchV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.GroupNameRegexes) > 0 {
for iNdEx := len(m.GroupNameRegexes) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.GroupNameRegexes[iNdEx])
copy(dAtA[i:], m.GroupNameRegexes[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.GroupNameRegexes[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if len(m.AppNameRegexes) > 0 {
for iNdEx := len(m.AppNameRegexes) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.AppNameRegexes[iNdEx])
copy(dAtA[i:], m.AppNameRegexes[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.AppNameRegexes[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.GroupIDs) > 0 {
for iNdEx := len(m.GroupIDs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.GroupIDs[iNdEx])
copy(dAtA[i:], m.GroupIDs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.GroupIDs[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.AppIDs) > 0 {
for iNdEx := len(m.AppIDs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.AppIDs[iNdEx])
copy(dAtA[i:], m.AppIDs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.AppIDs[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *OktaAssignmentV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *OktaAssignmentV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *OktaAssignmentV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *OktaAssignmentSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *OktaAssignmentSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *OktaAssignmentSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Finalized {
i--
if m.Finalized {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x30
}
n441, err441 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.LastTransition, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.LastTransition):])
if err441 != nil {
return 0, err441
}
i -= n441
i = encodeVarintTypes(dAtA, i, uint64(n441))
i--
dAtA[i] = 0x2a
if m.Status != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Status))
i--
dAtA[i] = 0x20
}
n442, err442 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.CleanupTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.CleanupTime):])
if err442 != nil {
return 0, err442
}
i -= n442
i = encodeVarintTypes(dAtA, i, uint64(n442))
i--
dAtA[i] = 0x1a
if len(m.Targets) > 0 {
for iNdEx := len(m.Targets) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Targets[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
}
if len(m.User) > 0 {
i -= len(m.User)
copy(dAtA[i:], m.User)
i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *OktaAssignmentTargetV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *OktaAssignmentTargetV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *OktaAssignmentTargetV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Id) > 0 {
i -= len(m.Id)
copy(dAtA[i:], m.Id)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Id)))
i--
dAtA[i] = 0x12
}
if m.Type != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.Type))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *IntegrationV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *IntegrationV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *IntegrationV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Status.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *IntegrationSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *IntegrationSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *IntegrationSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.SubKindSpec != nil {
{
size := m.SubKindSpec.Size()
i -= size
if _, err := m.SubKindSpec.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
}
}
if m.Credentials != nil {
{
size, err := m.Credentials.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
}
return len(dAtA) - i, nil
}
func (m *IntegrationSpecV1_AWSOIDC) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *IntegrationSpecV1_AWSOIDC) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.AWSOIDC != nil {
{
size, err := m.AWSOIDC.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *IntegrationSpecV1_AzureOIDC) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *IntegrationSpecV1_AzureOIDC) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.AzureOIDC != nil {
{
size, err := m.AzureOIDC.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
return len(dAtA) - i, nil
}
func (m *IntegrationSpecV1_GitHub) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *IntegrationSpecV1_GitHub) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.GitHub != nil {
{
size, err := m.GitHub.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
return len(dAtA) - i, nil
}
func (m *IntegrationSpecV1_AWSRA) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *IntegrationSpecV1_AWSRA) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
if m.AWSRA != nil {
{
size, err := m.AWSRA.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
}
return len(dAtA) - i, nil
}
func (m *IntegrationStatusV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *IntegrationStatusV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *IntegrationStatusV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.AWSRolesAnywhere != nil {
{
size, err := m.AWSRolesAnywhere.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AWSOIDCIntegrationSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWSOIDCIntegrationSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSOIDCIntegrationSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Audience) > 0 {
i -= len(m.Audience)
copy(dAtA[i:], m.Audience)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Audience)))
i--
dAtA[i] = 0x1a
}
if len(m.IssuerS3URI) > 0 {
i -= len(m.IssuerS3URI)
copy(dAtA[i:], m.IssuerS3URI)
i = encodeVarintTypes(dAtA, i, uint64(len(m.IssuerS3URI)))
i--
dAtA[i] = 0x12
}
if len(m.RoleARN) > 0 {
i -= len(m.RoleARN)
copy(dAtA[i:], m.RoleARN)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RoleARN)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AzureOIDCIntegrationSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AzureOIDCIntegrationSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AzureOIDCIntegrationSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ClientID) > 0 {
i -= len(m.ClientID)
copy(dAtA[i:], m.ClientID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientID)))
i--
dAtA[i] = 0x12
}
if len(m.TenantID) > 0 {
i -= len(m.TenantID)
copy(dAtA[i:], m.TenantID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TenantID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *GitHubIntegrationSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *GitHubIntegrationSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *GitHubIntegrationSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Organization) > 0 {
i -= len(m.Organization)
copy(dAtA[i:], m.Organization)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Organization)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AWSRAIntegrationSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWSRAIntegrationSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSRAIntegrationSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.ProfileSyncConfig != nil {
{
size, err := m.ProfileSyncConfig.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
if len(m.TrustAnchorARN) > 0 {
i -= len(m.TrustAnchorARN)
copy(dAtA[i:], m.TrustAnchorARN)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TrustAnchorARN)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AWSRolesAnywhereProfileSyncConfig) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWSRolesAnywhereProfileSyncConfig) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSRolesAnywhereProfileSyncConfig) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ProfileNameFilters) > 0 {
for iNdEx := len(m.ProfileNameFilters) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ProfileNameFilters[iNdEx])
copy(dAtA[i:], m.ProfileNameFilters[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProfileNameFilters[iNdEx])))
i--
dAtA[i] = 0x2a
}
}
if len(m.RoleARN) > 0 {
i -= len(m.RoleARN)
copy(dAtA[i:], m.RoleARN)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RoleARN)))
i--
dAtA[i] = 0x22
}
if m.ProfileAcceptsRoleSessionName {
i--
if m.ProfileAcceptsRoleSessionName {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x18
}
if len(m.ProfileARN) > 0 {
i -= len(m.ProfileARN)
copy(dAtA[i:], m.ProfileARN)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProfileARN)))
i--
dAtA[i] = 0x12
}
if m.Enabled {
i--
if m.Enabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *AWSRAIntegrationStatusV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWSRAIntegrationStatusV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSRAIntegrationStatusV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.LastProfileSync != nil {
{
size, err := m.LastProfileSync.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AWSRolesAnywhereProfileSyncIterationSummary) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWSRolesAnywhereProfileSyncIterationSummary) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSRolesAnywhereProfileSyncIterationSummary) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.SyncedProfiles != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.SyncedProfiles))
i--
dAtA[i] = 0x28
}
if len(m.ErrorMessage) > 0 {
i -= len(m.ErrorMessage)
copy(dAtA[i:], m.ErrorMessage)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ErrorMessage)))
i--
dAtA[i] = 0x22
}
if len(m.Status) > 0 {
i -= len(m.Status)
copy(dAtA[i:], m.Status)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Status)))
i--
dAtA[i] = 0x1a
}
n454, err454 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.EndTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.EndTime):])
if err454 != nil {
return 0, err454
}
i -= n454
i = encodeVarintTypes(dAtA, i, uint64(n454))
i--
dAtA[i] = 0x12
n455, err455 := github_com_gogo_protobuf_types.StdTimeMarshalTo(m.StartTime, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(m.StartTime):])
if err455 != nil {
return 0, err455
}
i -= n455
i = encodeVarintTypes(dAtA, i, uint64(n455))
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *HeadlessAuthentication) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *HeadlessAuthentication) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *HeadlessAuthentication) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.TlsPublicKey) > 0 {
i -= len(m.TlsPublicKey)
copy(dAtA[i:], m.TlsPublicKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TlsPublicKey)))
i--
dAtA[i] = 0x42
}
if len(m.SshPublicKey) > 0 {
i -= len(m.SshPublicKey)
copy(dAtA[i:], m.SshPublicKey)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SshPublicKey)))
i--
dAtA[i] = 0x3a
}
if len(m.ClientIpAddress) > 0 {
i -= len(m.ClientIpAddress)
copy(dAtA[i:], m.ClientIpAddress)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientIpAddress)))
i--
dAtA[i] = 0x32
}
if m.MfaDevice != nil {
{
size, err := m.MfaDevice.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
}
if m.State != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.State))
i--
dAtA[i] = 0x20
}
if len(m.User) > 0 {
i -= len(m.User)
copy(dAtA[i:], m.User)
i = encodeVarintTypes(dAtA, i, uint64(len(m.User)))
i--
dAtA[i] = 0x12
}
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *WatchKind) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *WatchKind) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *WatchKind) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x32
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x2a
}
if len(m.Filter) > 0 {
for k := range m.Filter {
v := m.Filter[k]
baseI := i
i -= len(v)
copy(dAtA[i:], v)
i = encodeVarintTypes(dAtA, i, uint64(len(v)))
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0x22
}
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0x1a
}
if m.LoadSecrets {
i--
if m.LoadSecrets {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x10
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *WatchStatusV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *WatchStatusV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *WatchStatusV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *WatchStatusSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *WatchStatusSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *WatchStatusSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Kinds) > 0 {
for iNdEx := len(m.Kinds) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Kinds[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *ServerInfoV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ServerInfoV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ServerInfoV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
{
size, err := m.Metadata.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if len(m.Version) > 0 {
i -= len(m.Version)
copy(dAtA[i:], m.Version)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Version)))
i--
dAtA[i] = 0x1a
}
if len(m.SubKind) > 0 {
i -= len(m.SubKind)
copy(dAtA[i:], m.SubKind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubKind)))
i--
dAtA[i] = 0x12
}
if len(m.Kind) > 0 {
i -= len(m.Kind)
copy(dAtA[i:], m.Kind)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Kind)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *ServerInfoSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *ServerInfoSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *ServerInfoSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.NewLabels) > 0 {
for k := range m.NewLabels {
v := m.NewLabels[k]
baseI := i
i -= len(v)
copy(dAtA[i:], v)
i = encodeVarintTypes(dAtA, i, uint64(len(v)))
i--
dAtA[i] = 0x12
i -= len(k)
copy(dAtA[i:], k)
i = encodeVarintTypes(dAtA, i, uint64(len(k)))
i--
dAtA[i] = 0xa
i = encodeVarintTypes(dAtA, i, uint64(baseI-i))
i--
dAtA[i] = 0x12
}
}
return len(dAtA) - i, nil
}
func (m *JamfSpecV1) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *JamfSpecV1) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *JamfSpecV1) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Inventory) > 0 {
for iNdEx := len(m.Inventory) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Inventory[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x3a
}
}
if len(m.ApiEndpoint) > 0 {
i -= len(m.ApiEndpoint)
copy(dAtA[i:], m.ApiEndpoint)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ApiEndpoint)))
i--
dAtA[i] = 0x22
}
if m.SyncDelay != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.SyncDelay))
i--
dAtA[i] = 0x18
}
if len(m.Name) > 0 {
i -= len(m.Name)
copy(dAtA[i:], m.Name)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Name)))
i--
dAtA[i] = 0x12
}
if m.Enabled {
i--
if m.Enabled {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *JamfInventoryEntry) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *JamfInventoryEntry) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *JamfInventoryEntry) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.PageSize != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.PageSize))
i--
dAtA[i] = 0x28
}
if len(m.OnMissing) > 0 {
i -= len(m.OnMissing)
copy(dAtA[i:], m.OnMissing)
i = encodeVarintTypes(dAtA, i, uint64(len(m.OnMissing)))
i--
dAtA[i] = 0x22
}
if m.SyncPeriodFull != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.SyncPeriodFull))
i--
dAtA[i] = 0x18
}
if m.SyncPeriodPartial != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.SyncPeriodPartial))
i--
dAtA[i] = 0x10
}
if len(m.FilterRsql) > 0 {
i -= len(m.FilterRsql)
copy(dAtA[i:], m.FilterRsql)
i = encodeVarintTypes(dAtA, i, uint64(len(m.FilterRsql)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *MessageWithHeader) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *MessageWithHeader) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *MessageWithHeader) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size, err := m.ResourceHeader.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *AWSMatcher) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWSMatcher) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSMatcher) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Organization != nil {
{
size, err := m.Organization.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x52
}
if len(m.SetupAccessForARN) > 0 {
i -= len(m.SetupAccessForARN)
copy(dAtA[i:], m.SetupAccessForARN)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SetupAccessForARN)))
i--
dAtA[i] = 0x4a
}
if m.KubeAppDiscovery {
i--
if m.KubeAppDiscovery {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x40
}
if len(m.Integration) > 0 {
i -= len(m.Integration)
copy(dAtA[i:], m.Integration)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Integration)))
i--
dAtA[i] = 0x3a
}
if m.SSM != nil {
{
size, err := m.SSM.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
if m.Params != nil {
{
size, err := m.Params.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
}
{
size := m.Tags.Size()
i -= size
if _, err := m.Tags.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x22
if m.AssumeRole != nil {
{
size, err := m.AssumeRole.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
if len(m.Regions) > 0 {
for iNdEx := len(m.Regions) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Regions[iNdEx])
copy(dAtA[i:], m.Regions[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Regions[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Types) > 0 {
for iNdEx := len(m.Types) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Types[iNdEx])
copy(dAtA[i:], m.Types[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Types[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *AWSOrganizationMatcher) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWSOrganizationMatcher) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSOrganizationMatcher) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.OrganizationalUnits != nil {
{
size, err := m.OrganizationalUnits.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
if len(m.OrganizationID) > 0 {
i -= len(m.OrganizationID)
copy(dAtA[i:], m.OrganizationID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.OrganizationID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AWSOrganizationUnitsMatcher) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWSOrganizationUnitsMatcher) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSOrganizationUnitsMatcher) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Exclude) > 0 {
for iNdEx := len(m.Exclude) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Exclude[iNdEx])
copy(dAtA[i:], m.Exclude[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Exclude[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Include) > 0 {
for iNdEx := len(m.Include) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Include[iNdEx])
copy(dAtA[i:], m.Include[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Include[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *AssumeRole) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AssumeRole) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AssumeRole) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.RoleName) > 0 {
i -= len(m.RoleName)
copy(dAtA[i:], m.RoleName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RoleName)))
i--
dAtA[i] = 0x1a
}
if len(m.ExternalID) > 0 {
i -= len(m.ExternalID)
copy(dAtA[i:], m.ExternalID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ExternalID)))
i--
dAtA[i] = 0x12
}
if len(m.RoleARN) > 0 {
i -= len(m.RoleARN)
copy(dAtA[i:], m.RoleARN)
i = encodeVarintTypes(dAtA, i, uint64(len(m.RoleARN)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *InstallerParams) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *InstallerParams) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *InstallerParams) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.HTTPProxySettings != nil {
{
size, err := m.HTTPProxySettings.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x5a
}
if len(m.UpdateGroup) > 0 {
i -= len(m.UpdateGroup)
copy(dAtA[i:], m.UpdateGroup)
i = encodeVarintTypes(dAtA, i, uint64(len(m.UpdateGroup)))
i--
dAtA[i] = 0x52
}
if len(m.Suffix) > 0 {
i -= len(m.Suffix)
copy(dAtA[i:], m.Suffix)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Suffix)))
i--
dAtA[i] = 0x4a
}
if m.EnrollMode != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.EnrollMode))
i--
dAtA[i] = 0x40
}
if m.Azure != nil {
{
size, err := m.Azure.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x3a
}
if len(m.PublicProxyAddr) > 0 {
i -= len(m.PublicProxyAddr)
copy(dAtA[i:], m.PublicProxyAddr)
i = encodeVarintTypes(dAtA, i, uint64(len(m.PublicProxyAddr)))
i--
dAtA[i] = 0x32
}
if len(m.SSHDConfig) > 0 {
i -= len(m.SSHDConfig)
copy(dAtA[i:], m.SSHDConfig)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SSHDConfig)))
i--
dAtA[i] = 0x2a
}
if m.InstallTeleport {
i--
if m.InstallTeleport {
dAtA[i] = 1
} else {
dAtA[i] = 0
}
i--
dAtA[i] = 0x20
}
if len(m.ScriptName) > 0 {
i -= len(m.ScriptName)
copy(dAtA[i:], m.ScriptName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ScriptName)))
i--
dAtA[i] = 0x1a
}
if len(m.JoinToken) > 0 {
i -= len(m.JoinToken)
copy(dAtA[i:], m.JoinToken)
i = encodeVarintTypes(dAtA, i, uint64(len(m.JoinToken)))
i--
dAtA[i] = 0x12
}
if len(m.JoinMethod) > 0 {
i -= len(m.JoinMethod)
copy(dAtA[i:], m.JoinMethod)
i = encodeVarintTypes(dAtA, i, uint64(len(m.JoinMethod)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *HTTPProxySettings) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *HTTPProxySettings) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *HTTPProxySettings) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.NoProxy) > 0 {
i -= len(m.NoProxy)
copy(dAtA[i:], m.NoProxy)
i = encodeVarintTypes(dAtA, i, uint64(len(m.NoProxy)))
i--
dAtA[i] = 0x1a
}
if len(m.HTTPSProxy) > 0 {
i -= len(m.HTTPSProxy)
copy(dAtA[i:], m.HTTPSProxy)
i = encodeVarintTypes(dAtA, i, uint64(len(m.HTTPSProxy)))
i--
dAtA[i] = 0x12
}
if len(m.HTTPProxy) > 0 {
i -= len(m.HTTPProxy)
copy(dAtA[i:], m.HTTPProxy)
i = encodeVarintTypes(dAtA, i, uint64(len(m.HTTPProxy)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AWSSSM) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AWSSSM) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AWSSSM) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.DocumentName) > 0 {
i -= len(m.DocumentName)
copy(dAtA[i:], m.DocumentName)
i = encodeVarintTypes(dAtA, i, uint64(len(m.DocumentName)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AzureInstallerParams) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AzureInstallerParams) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AzureInstallerParams) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.ClientID) > 0 {
i -= len(m.ClientID)
copy(dAtA[i:], m.ClientID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.ClientID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AzureMatcher) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AzureMatcher) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AzureMatcher) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Integration) > 0 {
i -= len(m.Integration)
copy(dAtA[i:], m.Integration)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Integration)))
i--
dAtA[i] = 0x3a
}
if m.Params != nil {
{
size, err := m.Params.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
{
size := m.ResourceTags.Size()
i -= size
if _, err := m.ResourceTags.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
if len(m.Regions) > 0 {
for iNdEx := len(m.Regions) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Regions[iNdEx])
copy(dAtA[i:], m.Regions[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Regions[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if len(m.Types) > 0 {
for iNdEx := len(m.Types) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Types[iNdEx])
copy(dAtA[i:], m.Types[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Types[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.ResourceGroups) > 0 {
for iNdEx := len(m.ResourceGroups) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ResourceGroups[iNdEx])
copy(dAtA[i:], m.ResourceGroups[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ResourceGroups[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Subscriptions) > 0 {
for iNdEx := len(m.Subscriptions) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Subscriptions[iNdEx])
copy(dAtA[i:], m.Subscriptions[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Subscriptions[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *GCPMatcher) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *GCPMatcher) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *GCPMatcher) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size := m.Labels.Size()
i -= size
if _, err := m.Labels.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x3a
if m.Params != nil {
{
size, err := m.Params.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
if len(m.ServiceAccounts) > 0 {
for iNdEx := len(m.ServiceAccounts) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ServiceAccounts[iNdEx])
copy(dAtA[i:], m.ServiceAccounts[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ServiceAccounts[iNdEx])))
i--
dAtA[i] = 0x2a
}
}
if len(m.ProjectIDs) > 0 {
for iNdEx := len(m.ProjectIDs) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.ProjectIDs[iNdEx])
copy(dAtA[i:], m.ProjectIDs[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.ProjectIDs[iNdEx])))
i--
dAtA[i] = 0x22
}
}
{
size := m.Tags.Size()
i -= size
if _, err := m.Tags.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
if len(m.Locations) > 0 {
for iNdEx := len(m.Locations) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Locations[iNdEx])
copy(dAtA[i:], m.Locations[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Locations[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Types) > 0 {
for iNdEx := len(m.Types) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Types[iNdEx])
copy(dAtA[i:], m.Types[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Types[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *KubernetesMatcher) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *KubernetesMatcher) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *KubernetesMatcher) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size := m.Labels.Size()
i -= size
if _, err := m.Labels.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
if len(m.Namespaces) > 0 {
for iNdEx := len(m.Namespaces) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Namespaces[iNdEx])
copy(dAtA[i:], m.Namespaces[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Namespaces[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Types) > 0 {
for iNdEx := len(m.Types) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Types[iNdEx])
copy(dAtA[i:], m.Types[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Types[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *OktaOptions) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *OktaOptions) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *OktaOptions) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.SyncPeriod != 0 {
i = encodeVarintTypes(dAtA, i, uint64(m.SyncPeriod))
i--
dAtA[i] = 0x8
}
return len(dAtA) - i, nil
}
func (m *AccessGraphSync) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessGraphSync) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessGraphSync) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Azure) > 0 {
for iNdEx := len(m.Azure) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Azure[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
}
n477, err477 := github_com_gogo_protobuf_types.StdDurationMarshalTo(m.PollInterval, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdDuration(m.PollInterval):])
if err477 != nil {
return 0, err477
}
i -= n477
i = encodeVarintTypes(dAtA, i, uint64(n477))
i--
dAtA[i] = 0x12
if len(m.AWS) > 0 {
for iNdEx := len(m.AWS) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.AWS[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *AccessGraphAWSSyncCloudTrailLogs) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessGraphAWSSyncCloudTrailLogs) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessGraphAWSSyncCloudTrailLogs) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.SQSQueue) > 0 {
i -= len(m.SQSQueue)
copy(dAtA[i:], m.SQSQueue)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SQSQueue)))
i--
dAtA[i] = 0x12
}
if len(m.Region) > 0 {
i -= len(m.Region)
copy(dAtA[i:], m.Region)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Region)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *AccessGraphAWSSyncEKSAuditLogs) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessGraphAWSSyncEKSAuditLogs) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessGraphAWSSyncEKSAuditLogs) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
{
size := m.Tags.Size()
i -= size
if _, err := m.Tags.MarshalTo(dAtA[i:]); err != nil {
return 0, err
}
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
return len(dAtA) - i, nil
}
func (m *AccessGraphAWSSync) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessGraphAWSSync) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessGraphAWSSync) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.EksAuditLogs != nil {
{
size, err := m.EksAuditLogs.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x32
}
if m.CloudTrailLogs != nil {
{
size, err := m.CloudTrailLogs.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x2a
}
if len(m.Integration) > 0 {
i -= len(m.Integration)
copy(dAtA[i:], m.Integration)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Integration)))
i--
dAtA[i] = 0x22
}
if m.AssumeRole != nil {
{
size, err := m.AssumeRole.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintTypes(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
if len(m.Regions) > 0 {
for iNdEx := len(m.Regions) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Regions[iNdEx])
copy(dAtA[i:], m.Regions[iNdEx])
i = encodeVarintTypes(dAtA, i, uint64(len(m.Regions[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *AccessGraphAzureSync) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AccessGraphAzureSync) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AccessGraphAzureSync) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Integration) > 0 {
i -= len(m.Integration)
copy(dAtA[i:], m.Integration)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Integration)))
i--
dAtA[i] = 0x12
}
if len(m.SubscriptionID) > 0 {
i -= len(m.SubscriptionID)
copy(dAtA[i:], m.SubscriptionID)
i = encodeVarintTypes(dAtA, i, uint64(len(m.SubscriptionID)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *TargetHealth) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *TargetHealth) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *TargetHealth) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Message) > 0 {
i -= len(m.Message)
copy(dAtA[i:], m.Message)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Message)))
i--
dAtA[i] = 0x3a
}
if len(m.TransitionError) > 0 {
i -= len(m.TransitionError)
copy(dAtA[i:], m.TransitionError)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TransitionError)))
i--
dAtA[i] = 0x32
}
if len(m.TransitionReason) > 0 {
i -= len(m.TransitionReason)
copy(dAtA[i:], m.TransitionReason)
i = encodeVarintTypes(dAtA, i, uint64(len(m.TransitionReason)))
i--
dAtA[i] = 0x2a
}
if m.TransitionTimestamp != nil {
n482, err482 := github_com_gogo_protobuf_types.StdTimeMarshalTo(*m.TransitionTimestamp, dAtA[i-github_com_gogo_protobuf_types.SizeOfStdTime(*m.TransitionTimestamp):])
if err482 != nil {
return 0, err482
}
i -= n482
i = encodeVarintTypes(dAtA, i, uint64(n482))
i--
dAtA[i] = 0x22
}
if len(m.Status) > 0 {
i -= len(m.Status)
copy(dAtA[i:], m.Status)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Status)))
i--
dAtA[i] = 0x1a
}
if len(m.Protocol) > 0 {
i -= len(m.Protocol)
copy(dAtA[i:], m.Protocol)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Protocol)))
i--
dAtA[i] = 0x12
}
if len(m.Address) > 0 {
i -= len(m.Address)
copy(dAtA[i:], m.Address)
i = encodeVarintTypes(dAtA, i, uint64(len(m.Address)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func encodeVarintTypes(dAtA []byte, offset int, v uint64) int {
offset -= sovTypes(v)
base := offset
for v >= 1<<7 {
dAtA[offset] = uint8(v&0x7f | 0x80)
v >>= 7
offset++
}
dAtA[offset] = uint8(v)
return base
}
func (m *KeepAlive) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Namespace)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires)
n += 1 + l + sovTypes(uint64(l))
if m.Type != 0 {
n += 1 + sovTypes(uint64(m.Type))
}
l = len(m.HostID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *Rotation) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.State)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Phase)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Mode)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.CurrentID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Started)
n += 1 + l + sovTypes(uint64(l))
if m.GracePeriod != 0 {
n += 1 + sovTypes(uint64(m.GracePeriod))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.LastRotated)
n += 1 + l + sovTypes(uint64(l))
l = m.Schedule.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *RotationSchedule) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.UpdateClients)
n += 1 + l + sovTypes(uint64(l))
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.UpdateServers)
n += 1 + l + sovTypes(uint64(l))
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Standby)
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ResourceHeader) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DatabaseServerV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Status.Size()
n += 1 + l + sovTypes(uint64(l))
l = len(m.Scope)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DatabaseServerSpecV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Hostname)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.HostID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Rotation.Size()
n += 1 + l + sovTypes(uint64(l))
if m.Database != nil {
l = m.Database.Size()
n += 1 + l + sovTypes(uint64(l))
}
if len(m.ProxyIDs) > 0 {
for _, s := range m.ProxyIDs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.RelayGroup)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.RelayIds) > 0 {
for _, s := range m.RelayIds {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DatabaseServerStatusV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.TargetHealth != nil {
l = m.TargetHealth.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DatabaseV3List) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Databases) > 0 {
for _, e := range m.Databases {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DatabaseV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Status.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DatabaseSpecV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Protocol)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.URI)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.CACert)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.DynamicLabels) > 0 {
for k, v := range m.DynamicLabels {
_ = k
_ = v
l = v.Size()
mapEntrySize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + l + sovTypes(uint64(l))
n += mapEntrySize + 1 + sovTypes(uint64(mapEntrySize))
}
}
l = m.AWS.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.GCP.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Azure.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.TLS.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.AD.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.MySQL.Size()
n += 1 + l + sovTypes(uint64(l))
if m.AdminUser != nil {
l = m.AdminUser.Size()
n += 1 + l + sovTypes(uint64(l))
}
l = m.MongoAtlas.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Oracle.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DatabaseAdminUser) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.DefaultDatabase)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *OracleOptions) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.AuditUser)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.RetryCount != 0 {
n += 1 + sovTypes(uint64(m.RetryCount))
}
if m.ShuffleHostnames {
n += 2
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DatabaseStatusV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.CACert)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.AWS.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.MySQL.Size()
n += 1 + l + sovTypes(uint64(l))
if len(m.ManagedUsers) > 0 {
for _, s := range m.ManagedUsers {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = m.Azure.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AWS) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Region)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Redshift.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.RDS.Size()
n += 1 + l + sovTypes(uint64(l))
l = len(m.AccountID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.ElastiCache.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.SecretStore.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.MemoryDB.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.RDSProxy.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.RedshiftServerless.Size()
n += 1 + l + sovTypes(uint64(l))
l = len(m.ExternalID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.AssumeRoleARN)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.OpenSearch.Size()
n += 1 + l + sovTypes(uint64(l))
if m.IAMPolicyStatus != 0 {
n += 1 + sovTypes(uint64(m.IAMPolicyStatus))
}
if len(m.SessionTags) > 0 {
for k, v := range m.SessionTags {
_ = k
_ = v
mapEntrySize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + len(v) + sovTypes(uint64(len(v)))
n += mapEntrySize + 1 + sovTypes(uint64(mapEntrySize))
}
}
l = m.DocumentDB.Size()
n += 2 + l + sovTypes(uint64(l))
l = m.ElastiCacheServerless.Size()
n += 2 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SecretStore) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.KeyPrefix)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.KMSKeyID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *Redshift) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ClusterID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *RDS) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.InstanceID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ClusterID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ResourceID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.IAMAuth {
n += 2
}
if len(m.Subnets) > 0 {
for _, s := range m.Subnets {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.VPCID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.SecurityGroups) > 0 {
for _, s := range m.SecurityGroups {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *RDSProxy) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.CustomEndpointName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ResourceID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ElastiCache) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ReplicationGroupID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.UserGroupIDs) > 0 {
for _, s := range m.UserGroupIDs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.TransitEncryptionEnabled {
n += 2
}
l = len(m.EndpointType)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ElastiCacheServerless) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.CacheName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *MemoryDB) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ClusterName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ACLName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.TLSEnabled {
n += 2
}
l = len(m.EndpointType)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *RedshiftServerless) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.WorkgroupName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.EndpointName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.WorkgroupID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *OpenSearch) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.DomainName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.DomainID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.EndpointType)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DocumentDB) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ClusterID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.InstanceID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.EndpointType)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *GCPCloudSQL) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ProjectID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.InstanceID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.AlloyDB.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AlloyDB) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.EndpointType)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.EndpointOverride)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *Azure) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ResourceID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Redis.Size()
n += 1 + l + sovTypes(uint64(l))
if m.IsFlexiServer {
n += 2
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AzureRedis) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ClusteringPolicy)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AD) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.KeytabFile)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Krb5File)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Domain)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SPN)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.LDAPCert)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.KDCHostName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.LDAPServiceAccountName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.LDAPServiceAccountSID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DatabaseTLS) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Mode != 0 {
n += 1 + sovTypes(uint64(m.Mode))
}
l = len(m.CACert)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ServerName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.TrustSystemCertPool {
n += 2
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *MySQLOptions) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ServerVersion)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *MongoAtlas) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *InstanceV1) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = m.ResourceHeader.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *InstanceSpecV1) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Services) > 0 {
for _, s := range m.Services {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.Hostname)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.AuthID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.LastSeen)
n += 1 + l + sovTypes(uint64(l))
if len(m.ControlLog) > 0 {
for _, e := range m.ControlLog {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.ExternalUpgrader)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ExternalUpgraderVersion)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.LastMeasurement != nil {
l = m.LastMeasurement.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.UpdaterInfo != nil {
l = m.UpdaterInfo.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SystemClockMeasurement) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.ControllerSystemClock)
n += 1 + l + sovTypes(uint64(l))
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.SystemClock)
n += 1 + l + sovTypes(uint64(l))
l = github_com_gogo_protobuf_types.SizeOfStdDuration(m.RequestDuration)
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *InstanceControlLogEntry) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Type)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.ID != 0 {
n += 1 + sovTypes(uint64(m.ID))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Time)
n += 1 + l + sovTypes(uint64(l))
if m.TTL != 0 {
n += 1 + sovTypes(uint64(m.TTL))
}
if len(m.Labels) > 0 {
for k, v := range m.Labels {
_ = k
_ = v
mapEntrySize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + len(v) + sovTypes(uint64(len(v)))
n += mapEntrySize + 1 + sovTypes(uint64(mapEntrySize))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *UpdaterV2Info) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.UpdateGroup)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.UpdateUUID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.UpdaterStatus != 0 {
n += 1 + sovTypes(uint64(m.UpdaterStatus))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *InstanceFilter) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ServerID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Services) > 0 {
for _, s := range m.Services {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.ExternalUpgrader)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.NoExtUpgrader {
n += 2
}
l = len(m.OlderThanVersion)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.NewerThanVersion)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.UpdateGroup)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ServerV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
l = len(m.Scope)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ServerSpecV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Addr)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Hostname)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.CmdLabels) > 0 {
for k, v := range m.CmdLabels {
_ = k
_ = v
l = v.Size()
mapEntrySize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + l + sovTypes(uint64(l))
n += mapEntrySize + 1 + sovTypes(uint64(mapEntrySize))
}
}
l = m.Rotation.Size()
n += 1 + l + sovTypes(uint64(l))
if m.UseTunnel {
n += 2
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.PeerAddr)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.ProxyIDs) > 0 {
for _, s := range m.ProxyIDs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.PublicAddrs) > 0 {
for _, s := range m.PublicAddrs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.CloudMetadata != nil {
l = m.CloudMetadata.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.GitHub != nil {
l = m.GitHub.Size()
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.RelayGroup)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if len(m.RelayIds) > 0 {
for _, s := range m.RelayIds {
l = len(s)
n += 2 + l + sovTypes(uint64(l))
}
}
if m.ComponentFeatures != nil {
l = m.ComponentFeatures.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AWSInfo) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.AccountID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.InstanceID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Region)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.VPCID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Integration)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubnetID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *CloudMetadata) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.AWS != nil {
l = m.AWS.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *GitHubServerMetadata) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Organization)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Integration)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AppServerV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
l = len(m.Scope)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AppServerSpecV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Hostname)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.HostID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Rotation.Size()
n += 1 + l + sovTypes(uint64(l))
if m.App != nil {
l = m.App.Size()
n += 1 + l + sovTypes(uint64(l))
}
if len(m.ProxyIDs) > 0 {
for _, s := range m.ProxyIDs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.RelayGroup)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.RelayIds) > 0 {
for _, s := range m.RelayIds {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.ComponentFeatures != nil {
l = m.ComponentFeatures.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AppV3List) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Apps) > 0 {
for _, e := range m.Apps {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AppV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *CORSPolicy) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.AllowedOrigins) > 0 {
for _, s := range m.AllowedOrigins {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.AllowedMethods) > 0 {
for _, s := range m.AllowedMethods {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.AllowedHeaders) > 0 {
for _, s := range m.AllowedHeaders {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.AllowCredentials {
n += 2
}
if m.MaxAge != 0 {
n += 1 + sovTypes(uint64(m.MaxAge))
}
if len(m.ExposedHeaders) > 0 {
for _, s := range m.ExposedHeaders {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *IdentityCenterPermissionSet) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ARN)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.AssignmentID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AppIdentityCenter) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.AccountID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.PermissionSets) > 0 {
for _, e := range m.PermissionSets {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AppSpecV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.URI)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.PublicAddr)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.DynamicLabels) > 0 {
for k, v := range m.DynamicLabels {
_ = k
_ = v
l = v.Size()
mapEntrySize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + l + sovTypes(uint64(l))
n += mapEntrySize + 1 + sovTypes(uint64(mapEntrySize))
}
}
if m.InsecureSkipVerify {
n += 2
}
if m.Rewrite != nil {
l = m.Rewrite.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.AWS != nil {
l = m.AWS.Size()
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Cloud)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.UserGroups) > 0 {
for _, s := range m.UserGroups {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.Integration)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.RequiredAppNames) > 0 {
for _, s := range m.RequiredAppNames {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.CORS != nil {
l = m.CORS.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.IdentityCenter != nil {
l = m.IdentityCenter.Size()
n += 1 + l + sovTypes(uint64(l))
}
if len(m.TCPPorts) > 0 {
for _, e := range m.TCPPorts {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.UseAnyProxyPublicAddr {
n += 2
}
if m.MCP != nil {
l = m.MCP.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *MCP) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Command)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Args) > 0 {
for _, s := range m.Args {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.RunAsHostUser)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *Rewrite) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Redirect) > 0 {
for _, s := range m.Redirect {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.Headers) > 0 {
for _, e := range m.Headers {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.JWTClaims)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *Header) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Value)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *PortRange) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Port != 0 {
n += 1 + sovTypes(uint64(m.Port))
}
if m.EndPort != 0 {
n += 1 + sovTypes(uint64(m.EndPort))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *CommandLabelV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Period != 0 {
n += 1 + sovTypes(uint64(m.Period))
}
if len(m.Command) > 0 {
for _, s := range m.Command {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.Result)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AppAWS) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ExternalID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.RolesAnywhereProfile != nil {
l = m.RolesAnywhereProfile.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AppAWSRolesAnywhereProfile) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ProfileARN)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.AcceptRoleSessionName {
n += 2
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SSHKeyPair) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.PublicKey)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.PrivateKey)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.PrivateKeyType != 0 {
n += 1 + sovTypes(uint64(m.PrivateKeyType))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *TLSKeyPair) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Cert)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Key)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.KeyType != 0 {
n += 1 + sovTypes(uint64(m.KeyType))
}
l = len(m.CRL)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *JWTKeyPair) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.PublicKey)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.PrivateKey)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.PrivateKeyType != 0 {
n += 1 + sovTypes(uint64(m.PrivateKeyType))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *EncryptionKeyPair) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.PublicKey)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.PrivateKey)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.PrivateKeyType != 0 {
n += 1 + sovTypes(uint64(m.PrivateKeyType))
}
if m.Hash != 0 {
n += 1 + sovTypes(uint64(m.Hash))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AgeEncryptionKey) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.PublicKey)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *CertAuthorityV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *CertAuthoritySpecV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Type)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ClusterName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Roles) > 0 {
for _, s := range m.Roles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.RoleMap) > 0 {
for _, e := range m.RoleMap {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.Rotation != nil {
l = m.Rotation.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.SigningAlg != 0 {
n += 1 + sovTypes(uint64(m.SigningAlg))
}
l = m.ActiveKeys.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.AdditionalTrustedKeys.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *CAKeySet) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.SSH) > 0 {
for _, e := range m.SSH {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.TLS) > 0 {
for _, e := range m.TLS {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.JWT) > 0 {
for _, e := range m.JWT {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *RoleMapping) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Remote)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Local) > 0 {
for _, s := range m.Local {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenV1) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Roles) > 0 {
for _, s := range m.Roles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires)
n += 1 + l + sovTypes(uint64(l))
l = len(m.Token)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.Status != nil {
l = m.Status.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenV2List) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.ProvisionTokens) > 0 {
for _, e := range m.ProvisionTokens {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *TokenRule) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.AWSAccount)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.AWSRegions) > 0 {
for _, s := range m.AWSRegions {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.AWSRole)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.AWSARN)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.AWSOrganizationID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Roles) > 0 {
for _, s := range m.Roles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.Allow) > 0 {
for _, e := range m.Allow {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.AWSIIDTTL != 0 {
n += 1 + sovTypes(uint64(m.AWSIIDTTL))
}
l = len(m.JoinMethod)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.BotName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.SuggestedLabels.Size()
n += 1 + l + sovTypes(uint64(l))
if m.GitHub != nil {
l = m.GitHub.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.CircleCI != nil {
l = m.CircleCI.Size()
n += 1 + l + sovTypes(uint64(l))
}
l = m.SuggestedAgentMatcherLabels.Size()
n += 1 + l + sovTypes(uint64(l))
if m.Kubernetes != nil {
l = m.Kubernetes.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.Azure != nil {
l = m.Azure.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.GitLab != nil {
l = m.GitLab.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.GCP != nil {
l = m.GCP.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.Spacelift != nil {
l = m.Spacelift.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.TPM != nil {
l = m.TPM.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.TerraformCloud != nil {
l = m.TerraformCloud.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.Bitbucket != nil {
l = m.Bitbucket.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.Oracle != nil {
l = m.Oracle.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.BoundKeypair != nil {
l = m.BoundKeypair.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.AzureDevops != nil {
l = m.AzureDevops.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.Env0 != nil {
l = m.Env0.Size()
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.Integration)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2AzureDevops) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Allow) > 0 {
for _, e := range m.Allow {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.OrganizationID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2AzureDevops_Rule) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Sub)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ProjectName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.PipelineName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ProjectID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.DefinitionID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.RepositoryURI)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.RepositoryVersion)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.RepositoryRef)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2TPM) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Allow) > 0 {
for _, e := range m.Allow {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.EKCertAllowedCAs) > 0 {
for _, s := range m.EKCertAllowedCAs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2TPM_Rule) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Description)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.EKPublicHash)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.EKCertificateSerial)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2GitHub) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Allow) > 0 {
for _, e := range m.Allow {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.EnterpriseServerHost)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.EnterpriseSlug)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.StaticJWKS)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2GitHub_Rule) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Sub)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Repository)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.RepositoryOwner)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Workflow)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Environment)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Actor)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Ref)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.RefType)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2GitLab) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Allow) > 0 {
for _, e := range m.Allow {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.Domain)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.StaticJWKS)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2GitLab_Rule) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Sub)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Ref)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.RefType)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.NamespacePath)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ProjectPath)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.PipelineSource)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Environment)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.UserLogin)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.UserID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.UserEmail)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.RefProtected != nil {
l = m.RefProtected.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.EnvironmentProtected != nil {
l = m.EnvironmentProtected.Size()
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.CIConfigSHA)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.CIConfigRefURI)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.DeploymentTier)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ProjectVisibility)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2CircleCI) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Allow) > 0 {
for _, e := range m.Allow {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.OrganizationID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2CircleCI_Rule) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ProjectID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ContextID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2Spacelift) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Allow) > 0 {
for _, e := range m.Allow {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.Hostname)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.EnableGlobMatching {
n += 2
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2Spacelift_Rule) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.SpaceID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.CallerID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.CallerType)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Scope)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2Kubernetes) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Allow) > 0 {
for _, e := range m.Allow {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.Type)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.StaticJWKS != nil {
l = m.StaticJWKS.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.OIDC != nil {
l = m.OIDC.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2Kubernetes_StaticJWKSConfig) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.JWKS)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2Kubernetes_OIDCConfig) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Issuer)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.InsecureAllowHTTPIssuer {
n += 2
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2Kubernetes_Rule) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ServiceAccount)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2Azure) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Allow) > 0 {
for _, e := range m.Allow {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2Azure_Rule) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Subscription)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.ResourceGroups) > 0 {
for _, s := range m.ResourceGroups {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2GCP) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Allow) > 0 {
for _, e := range m.Allow {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2GCP_Rule) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.ProjectIDs) > 0 {
for _, s := range m.ProjectIDs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.Locations) > 0 {
for _, s := range m.Locations {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.ServiceAccounts) > 0 {
for _, s := range m.ServiceAccounts {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2TerraformCloud) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Allow) > 0 {
for _, e := range m.Allow {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.Audience)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Hostname)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2TerraformCloud_Rule) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.OrganizationID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.OrganizationName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ProjectID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ProjectName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.WorkspaceID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.WorkspaceName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.RunPhase)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2Bitbucket) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Allow) > 0 {
for _, e := range m.Allow {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.Audience)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.IdentityProviderURL)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2Bitbucket_Rule) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.WorkspaceUUID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.RepositoryUUID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.DeploymentEnvironmentUUID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.BranchName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2Oracle) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Allow) > 0 {
for _, e := range m.Allow {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2Oracle_Rule) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Tenancy)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.ParentCompartments) > 0 {
for _, s := range m.ParentCompartments {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.Regions) > 0 {
for _, s := range m.Regions {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.Instances) > 0 {
for _, s := range m.Instances {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2Env0) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Allow) > 0 {
for _, e := range m.Allow {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2Env0_Rule) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.OrganizationID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ProjectID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ProjectName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.TemplateID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.TemplateName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.EnvironmentID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.EnvironmentName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.WorkspaceName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.DeploymentType)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.DeployerEmail)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Env0Tag)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2BoundKeypair) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Onboarding != nil {
l = m.Onboarding.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.Recovery != nil {
l = m.Recovery.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.RotateAfter != nil {
l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.RotateAfter)
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2BoundKeypair_OnboardingSpec) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.InitialPublicKey)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.RegistrationSecret)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.MustRegisterBefore != nil {
l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.MustRegisterBefore)
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenSpecV2BoundKeypair_RecoverySpec) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Limit != 0 {
n += 1 + sovTypes(uint64(m.Limit))
}
l = len(m.Mode)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenStatusV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.BoundKeypair != nil {
l = m.BoundKeypair.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProvisionTokenStatusV2BoundKeypair) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.RegistrationSecret)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.BoundPublicKey)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.BoundBotInstanceID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.RecoveryCount != 0 {
n += 1 + sovTypes(uint64(m.RecoveryCount))
}
if m.LastRecoveredAt != nil {
l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.LastRecoveredAt)
n += 1 + l + sovTypes(uint64(l))
}
if m.LastRotatedAt != nil {
l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.LastRotatedAt)
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *StaticTokensV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *StaticTokensSpecV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.StaticTokens) > 0 {
for _, e := range m.StaticTokens {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ClusterNameV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ClusterNameSpecV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ClusterName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ClusterID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ClusterAuditConfigV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ClusterAuditConfigSpecV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Type)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Region)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.AuditSessionsURI)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.AuditEventsURI.Size()
n += 1 + l + sovTypes(uint64(l))
if m.EnableContinuousBackups {
n += 2
}
if m.EnableAutoScaling {
n += 2
}
if m.ReadMaxCapacity != 0 {
n += 1 + sovTypes(uint64(m.ReadMaxCapacity))
}
if m.ReadMinCapacity != 0 {
n += 1 + sovTypes(uint64(m.ReadMinCapacity))
}
if m.ReadTargetValue != 0 {
n += 9
}
if m.WriteMaxCapacity != 0 {
n += 1 + sovTypes(uint64(m.WriteMaxCapacity))
}
if m.WriteMinCapacity != 0 {
n += 1 + sovTypes(uint64(m.WriteMinCapacity))
}
if m.WriteTargetValue != 0 {
n += 9
}
if m.RetentionPeriod != 0 {
n += 1 + sovTypes(uint64(m.RetentionPeriod))
}
if m.UseFIPSEndpoint != 0 {
n += 1 + sovTypes(uint64(m.UseFIPSEndpoint))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ClusterNetworkingConfigV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ClusterNetworkingConfigSpecV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.ClientIdleTimeout != 0 {
n += 1 + sovTypes(uint64(m.ClientIdleTimeout))
}
if m.KeepAliveInterval != 0 {
n += 1 + sovTypes(uint64(m.KeepAliveInterval))
}
if m.KeepAliveCountMax != 0 {
n += 1 + sovTypes(uint64(m.KeepAliveCountMax))
}
if m.SessionControlTimeout != 0 {
n += 1 + sovTypes(uint64(m.SessionControlTimeout))
}
l = len(m.ClientIdleTimeoutMessage)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.WebIdleTimeout != 0 {
n += 1 + sovTypes(uint64(m.WebIdleTimeout))
}
if m.ProxyListenerMode != 0 {
n += 1 + sovTypes(uint64(m.ProxyListenerMode))
}
if m.RoutingStrategy != 0 {
n += 1 + sovTypes(uint64(m.RoutingStrategy))
}
if m.TunnelStrategy != nil {
l = m.TunnelStrategy.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.ProxyPingInterval != 0 {
n += 1 + sovTypes(uint64(m.ProxyPingInterval))
}
if m.AssistCommandExecutionWorkers != 0 {
n += 1 + sovTypes(uint64(m.AssistCommandExecutionWorkers))
}
if m.CaseInsensitiveRouting {
n += 2
}
if m.SSHDialTimeout != 0 {
n += 1 + sovTypes(uint64(m.SSHDialTimeout))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *TunnelStrategyV1) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Strategy != nil {
n += m.Strategy.Size()
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *TunnelStrategyV1_AgentMesh) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.AgentMesh != nil {
l = m.AgentMesh.Size()
n += 1 + l + sovTypes(uint64(l))
}
return n
}
func (m *TunnelStrategyV1_ProxyPeering) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.ProxyPeering != nil {
l = m.ProxyPeering.Size()
n += 1 + l + sovTypes(uint64(l))
}
return n
}
func (m *AgentMeshTunnelStrategy) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ProxyPeeringTunnelStrategy) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.AgentConnectionCount != 0 {
n += 1 + sovTypes(uint64(m.AgentConnectionCount))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SessionRecordingConfigV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.Status != nil {
l = m.Status.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *KeyLabel) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Type)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Label)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ManualKeyManagementConfig) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Enabled {
n += 2
}
if len(m.ActiveKeys) > 0 {
for _, e := range m.ActiveKeys {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.RotatedKeys) > 0 {
for _, e := range m.RotatedKeys {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SessionRecordingEncryptionConfig) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Enabled {
n += 2
}
if m.ManualKeyManagement != nil {
l = m.ManualKeyManagement.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SessionRecordingConfigSpecV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Mode)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.ProxyChecksHostKeys != nil {
l = m.ProxyChecksHostKeys.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.Encryption != nil {
l = m.Encryption.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SessionRecordingConfigStatus) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.EncryptionKeys) > 0 {
for _, e := range m.EncryptionKeys {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AuthPreferenceV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AuthPreferenceSpecV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Type)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SecondFactor)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ConnectorName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.U2F != nil {
l = m.U2F.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.DisconnectExpiredCert != nil {
l = m.DisconnectExpiredCert.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.AllowLocalAuth != nil {
l = m.AllowLocalAuth.Size()
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.MessageOfTheDay)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.LockingMode)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.Webauthn != nil {
l = m.Webauthn.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.AllowPasswordless != nil {
l = m.AllowPasswordless.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.RequireMFAType != 0 {
n += 1 + sovTypes(uint64(m.RequireMFAType))
}
if m.DeviceTrust != nil {
l = m.DeviceTrust.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.IDP != nil {
l = m.IDP.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.AllowHeadless != nil {
l = m.AllowHeadless.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.DefaultSessionTTL != 0 {
n += 2 + sovTypes(uint64(m.DefaultSessionTTL))
}
if m.Okta != nil {
l = m.Okta.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.HardwareKey != nil {
l = m.HardwareKey.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.SignatureAlgorithmSuite != 0 {
n += 2 + sovTypes(uint64(m.SignatureAlgorithmSuite))
}
if len(m.SecondFactors) > 0 {
l = 0
for _, e := range m.SecondFactors {
l += sovTypes(uint64(e))
}
n += 2 + sovTypes(uint64(l)) + l
}
if m.StableUnixUserConfig != nil {
l = m.StableUnixUserConfig.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *StableUNIXUserConfig) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Enabled {
n += 2
}
if m.FirstUid != 0 {
n += 1 + sovTypes(uint64(m.FirstUid))
}
if m.LastUid != 0 {
n += 1 + sovTypes(uint64(m.LastUid))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *U2F) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.AppID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Facets) > 0 {
for _, s := range m.Facets {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.DeviceAttestationCAs) > 0 {
for _, s := range m.DeviceAttestationCAs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *Webauthn) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.RPID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.AttestationAllowedCAs) > 0 {
for _, s := range m.AttestationAllowedCAs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.AttestationDeniedCAs) > 0 {
for _, s := range m.AttestationDeniedCAs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DeviceTrust) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Mode)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.AutoEnroll {
n += 2
}
if len(m.EKCertAllowedCAs) > 0 {
for _, s := range m.EKCertAllowedCAs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *HardwareKey) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.PIVSlot)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.SerialNumberValidation != nil {
l = m.SerialNumberValidation.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.PinCacheTTL != 0 {
n += 1 + sovTypes(uint64(m.PinCacheTTL))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *HardwareKeySerialNumberValidation) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Enabled {
n += 2
}
l = len(m.SerialNumberTraitName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *Namespace) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *NamespaceSpec) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *UserTokenV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *UserTokenSpecV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.User)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.URL)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.Usage != 0 {
n += 1 + sovTypes(uint64(m.Usage))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Created)
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *UserTokenSecretsV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *UserTokenSecretsSpecV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.OTPKey)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.QRCode)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Created)
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AccessRequestV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AccessReviewThreshold) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Filter)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.Approve != 0 {
n += 1 + sovTypes(uint64(m.Approve))
}
if m.Deny != 0 {
n += 1 + sovTypes(uint64(m.Deny))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *PromotedAccessList) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Title)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AccessRequestDryRunEnrichment) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ReasonMode)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.ReasonPrompts) > 0 {
for _, s := range m.ReasonPrompts {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AccessReview) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Author)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Roles) > 0 {
for _, s := range m.Roles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.ProposedState != 0 {
n += 1 + sovTypes(uint64(m.ProposedState))
}
l = len(m.Reason)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Created)
n += 1 + l + sovTypes(uint64(l))
l = m.Annotations.Size()
n += 1 + l + sovTypes(uint64(l))
if len(m.ThresholdIndexes) > 0 {
l = 0
for _, e := range m.ThresholdIndexes {
l += sovTypes(uint64(e))
}
n += 1 + sovTypes(uint64(l)) + l
}
if m.AccessList != nil {
l = m.AccessList.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.AssumeStartTime != nil {
l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.AssumeStartTime)
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AccessReviewSubmission) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.RequestID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Review.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ThresholdIndexSet) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Indexes) > 0 {
l = 0
for _, e := range m.Indexes {
l += sovTypes(uint64(e))
}
n += 1 + sovTypes(uint64(l)) + l
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ThresholdIndexSets) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Sets) > 0 {
for _, e := range m.Sets {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AccessRequestSpecV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.User)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Roles) > 0 {
for _, s := range m.Roles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.State != 0 {
n += 1 + sovTypes(uint64(m.State))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Created)
n += 1 + l + sovTypes(uint64(l))
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires)
n += 1 + l + sovTypes(uint64(l))
l = len(m.RequestReason)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ResolveReason)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.ResolveAnnotations.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.SystemAnnotations.Size()
n += 1 + l + sovTypes(uint64(l))
if len(m.Thresholds) > 0 {
for _, e := range m.Thresholds {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.RoleThresholdMapping) > 0 {
for k, v := range m.RoleThresholdMapping {
_ = k
_ = v
l = v.Size()
mapEntrySize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + l + sovTypes(uint64(l))
n += mapEntrySize + 1 + sovTypes(uint64(mapEntrySize))
}
}
if len(m.Reviews) > 0 {
for _, e := range m.Reviews {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.SuggestedReviewers) > 0 {
for _, s := range m.SuggestedReviewers {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.RequestedResourceIDs) > 0 {
for _, e := range m.RequestedResourceIDs {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.LoginHint)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.DryRun {
n += 3
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.MaxDuration)
n += 2 + l + sovTypes(uint64(l))
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.SessionTTL)
n += 2 + l + sovTypes(uint64(l))
if m.AccessList != nil {
l = m.AccessList.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.AssumeStartTime != nil {
l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.AssumeStartTime)
n += 2 + l + sovTypes(uint64(l))
}
if m.ResourceExpiry != nil {
l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.ResourceExpiry)
n += 2 + l + sovTypes(uint64(l))
}
if m.DryRunEnrichment != nil {
l = m.DryRunEnrichment.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.RequestKind != 0 {
n += 2 + sovTypes(uint64(m.RequestKind))
}
if m.LongTermGrouping != nil {
l = m.LongTermGrouping.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AccessRequestFilter) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.User)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.State != 0 {
n += 1 + sovTypes(uint64(m.State))
}
if len(m.SearchKeywords) > 0 {
for _, s := range m.SearchKeywords {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.Scope != 0 {
n += 1 + sovTypes(uint64(m.Scope))
}
l = len(m.Requester)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AccessCapabilities) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.RequestableRoles) > 0 {
for _, s := range m.RequestableRoles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.SuggestedReviewers) > 0 {
for _, s := range m.SuggestedReviewers {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.ApplicableRolesForResources) > 0 {
for _, s := range m.ApplicableRolesForResources {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.RequestPrompt)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.RequireReason {
n += 2
}
if m.AutoRequest {
n += 2
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AccessCapabilitiesRequest) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.User)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.RequestableRoles {
n += 2
}
if m.SuggestedReviewers {
n += 2
}
if len(m.ResourceIDs) > 0 {
for _, e := range m.ResourceIDs {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.Login)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.FilterRequestableRolesByResource {
n += 2
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *RemoteAccessCapabilities) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.ApplicableRolesForResources) > 0 {
for _, s := range m.ApplicableRolesForResources {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *RemoteAccessCapabilitiesRequest) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.User)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.SearchAsRoles) > 0 {
for _, s := range m.SearchAsRoles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.ResourceIDs) > 0 {
for _, e := range m.ResourceIDs {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *RequestKubernetesResource) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.APIGroup)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ResourceID) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ClusterName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubResourceName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *PluginDataV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *PluginDataEntry) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Data) > 0 {
for k, v := range m.Data {
_ = k
_ = v
mapEntrySize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + len(v) + sovTypes(uint64(len(v)))
n += mapEntrySize + 1 + sovTypes(uint64(mapEntrySize))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *PluginDataSpecV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Entries) > 0 {
for k, v := range m.Entries {
_ = k
_ = v
l = 0
if v != nil {
l = v.Size()
l += 1 + sovTypes(uint64(l))
}
mapEntrySize := 1 + len(k) + sovTypes(uint64(len(k))) + l
n += mapEntrySize + 1 + sovTypes(uint64(mapEntrySize))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *PluginDataFilter) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Resource)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Plugin)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *PluginDataUpdateParams) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Resource)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Plugin)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Set) > 0 {
for k, v := range m.Set {
_ = k
_ = v
mapEntrySize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + len(v) + sovTypes(uint64(len(v)))
n += mapEntrySize + 1 + sovTypes(uint64(mapEntrySize))
}
}
if len(m.Expect) > 0 {
for k, v := range m.Expect {
_ = k
_ = v
mapEntrySize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + len(v) + sovTypes(uint64(len(v)))
n += mapEntrySize + 1 + sovTypes(uint64(mapEntrySize))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *RoleFilter) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.SearchKeywords) > 0 {
for _, s := range m.SearchKeywords {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.SkipSystemRoles {
n += 2
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *RoleV6) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *RoleSpecV6) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = m.Options.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Allow.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Deny.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SSHLocalPortForwarding) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Enabled != nil {
l = m.Enabled.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SSHRemotePortForwarding) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Enabled != nil {
l = m.Enabled.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SSHPortForwarding) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Local != nil {
l = m.Local.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.Remote != nil {
l = m.Remote.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *RoleOptions) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.ForwardAgent {
n += 2
}
if m.MaxSessionTTL != 0 {
n += 1 + sovTypes(uint64(m.MaxSessionTTL))
}
if m.PortForwarding != nil {
l = m.PortForwarding.Size()
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.CertificateFormat)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.ClientIdleTimeout != 0 {
n += 1 + sovTypes(uint64(m.ClientIdleTimeout))
}
if m.DisconnectExpiredCert {
n += 2
}
if len(m.BPF) > 0 {
for _, s := range m.BPF {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.PermitX11Forwarding {
n += 2
}
if m.MaxConnections != 0 {
n += 1 + sovTypes(uint64(m.MaxConnections))
}
if m.MaxSessions != 0 {
n += 1 + sovTypes(uint64(m.MaxSessions))
}
l = len(m.RequestAccess)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.RequestPrompt)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Lock)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.RecordSession != nil {
l = m.RecordSession.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.DesktopClipboard != nil {
l = m.DesktopClipboard.Size()
n += 2 + l + sovTypes(uint64(l))
}
if len(m.CertExtensions) > 0 {
for _, e := range m.CertExtensions {
l = e.Size()
n += 2 + l + sovTypes(uint64(l))
}
}
if m.MaxKubernetesConnections != 0 {
n += 2 + sovTypes(uint64(m.MaxKubernetesConnections))
}
if m.DesktopDirectorySharing != nil {
l = m.DesktopDirectorySharing.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.CreateHostUser != nil {
l = m.CreateHostUser.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.PinSourceIP {
n += 3
}
if m.SSHFileCopy != nil {
l = m.SSHFileCopy.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.RequireMFAType != 0 {
n += 2 + sovTypes(uint64(m.RequireMFAType))
}
l = len(m.DeviceTrustMode)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if m.IDP != nil {
l = m.IDP.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.CreateDesktopUser != nil {
l = m.CreateDesktopUser.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.CreateDatabaseUser != nil {
l = m.CreateDatabaseUser.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.CreateHostUserMode != 0 {
n += 2 + sovTypes(uint64(m.CreateHostUserMode))
}
if m.CreateDatabaseUserMode != 0 {
n += 2 + sovTypes(uint64(m.CreateDatabaseUserMode))
}
l = github_com_gogo_protobuf_types.SizeOfStdDuration(m.MFAVerificationInterval)
n += 2 + l + sovTypes(uint64(l))
l = len(m.CreateHostUserDefaultShell)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if m.SSHPortForwarding != nil {
l = m.SSHPortForwarding.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *RecordSession) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Desktop != nil {
l = m.Desktop.Size()
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Default)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SSH)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *CertExtension) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Type != 0 {
n += 1 + sovTypes(uint64(m.Type))
}
if m.Mode != 0 {
n += 1 + sovTypes(uint64(m.Mode))
}
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Value)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *RoleConditions) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Logins) > 0 {
for _, s := range m.Logins {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.Namespaces) > 0 {
for _, s := range m.Namespaces {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = m.NodeLabels.Size()
n += 1 + l + sovTypes(uint64(l))
if len(m.Rules) > 0 {
for _, e := range m.Rules {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.KubeGroups) > 0 {
for _, s := range m.KubeGroups {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.Request != nil {
l = m.Request.Size()
n += 1 + l + sovTypes(uint64(l))
}
if len(m.KubeUsers) > 0 {
for _, s := range m.KubeUsers {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = m.AppLabels.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.ClusterLabels.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.KubernetesLabels.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.DatabaseLabels.Size()
n += 1 + l + sovTypes(uint64(l))
if len(m.DatabaseNames) > 0 {
for _, s := range m.DatabaseNames {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.DatabaseUsers) > 0 {
for _, s := range m.DatabaseUsers {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.Impersonate != nil {
l = m.Impersonate.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.ReviewRequests != nil {
l = m.ReviewRequests.Size()
n += 1 + l + sovTypes(uint64(l))
}
if len(m.AWSRoleARNs) > 0 {
for _, s := range m.AWSRoleARNs {
l = len(s)
n += 2 + l + sovTypes(uint64(l))
}
}
if len(m.WindowsDesktopLogins) > 0 {
for _, s := range m.WindowsDesktopLogins {
l = len(s)
n += 2 + l + sovTypes(uint64(l))
}
}
l = m.WindowsDesktopLabels.Size()
n += 2 + l + sovTypes(uint64(l))
if len(m.RequireSessionJoin) > 0 {
for _, e := range m.RequireSessionJoin {
l = e.Size()
n += 2 + l + sovTypes(uint64(l))
}
}
if len(m.JoinSessions) > 0 {
for _, e := range m.JoinSessions {
l = e.Size()
n += 2 + l + sovTypes(uint64(l))
}
}
if len(m.HostGroups) > 0 {
for _, s := range m.HostGroups {
l = len(s)
n += 2 + l + sovTypes(uint64(l))
}
}
if len(m.HostSudoers) > 0 {
for _, s := range m.HostSudoers {
l = len(s)
n += 2 + l + sovTypes(uint64(l))
}
}
if len(m.AzureIdentities) > 0 {
for _, s := range m.AzureIdentities {
l = len(s)
n += 2 + l + sovTypes(uint64(l))
}
}
if len(m.KubernetesResources) > 0 {
for _, e := range m.KubernetesResources {
l = e.Size()
n += 2 + l + sovTypes(uint64(l))
}
}
if len(m.GCPServiceAccounts) > 0 {
for _, s := range m.GCPServiceAccounts {
l = len(s)
n += 2 + l + sovTypes(uint64(l))
}
}
l = m.DatabaseServiceLabels.Size()
n += 2 + l + sovTypes(uint64(l))
l = m.GroupLabels.Size()
n += 2 + l + sovTypes(uint64(l))
if len(m.DesktopGroups) > 0 {
for _, s := range m.DesktopGroups {
l = len(s)
n += 2 + l + sovTypes(uint64(l))
}
}
if len(m.DatabaseRoles) > 0 {
for _, s := range m.DatabaseRoles {
l = len(s)
n += 2 + l + sovTypes(uint64(l))
}
}
l = len(m.NodeLabelsExpression)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.AppLabelsExpression)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.ClusterLabelsExpression)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.KubernetesLabelsExpression)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.DatabaseLabelsExpression)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.DatabaseServiceLabelsExpression)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.WindowsDesktopLabelsExpression)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.GroupLabelsExpression)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if len(m.DatabasePermissions) > 0 {
for _, e := range m.DatabasePermissions {
l = e.Size()
n += 2 + l + sovTypes(uint64(l))
}
}
if len(m.SPIFFE) > 0 {
for _, e := range m.SPIFFE {
l = e.Size()
n += 2 + l + sovTypes(uint64(l))
}
}
if len(m.AccountAssignments) > 0 {
for _, e := range m.AccountAssignments {
l = e.Size()
n += 2 + l + sovTypes(uint64(l))
}
}
if len(m.GitHubPermissions) > 0 {
for _, e := range m.GitHubPermissions {
l = e.Size()
n += 2 + l + sovTypes(uint64(l))
}
}
l = m.WorkloadIdentityLabels.Size()
n += 2 + l + sovTypes(uint64(l))
l = len(m.WorkloadIdentityLabelsExpression)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if m.MCP != nil {
l = m.MCP.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *IdentityCenterAccountAssignment) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.PermissionSet)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Account)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *GitHubPermission) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Organizations) > 0 {
for _, s := range m.Organizations {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *MCPPermissions) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Tools) > 0 {
for _, s := range m.Tools {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SPIFFERoleCondition) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Path)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.DNSSANs) > 0 {
for _, s := range m.DNSSANs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.IPSANs) > 0 {
for _, s := range m.IPSANs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DatabasePermission) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Permissions) > 0 {
for _, s := range m.Permissions {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = m.Match.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *KubernetesResource) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Namespace)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Verbs) > 0 {
for _, s := range m.Verbs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.APIGroup)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SessionRequirePolicy) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Filter)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Kinds) > 0 {
for _, s := range m.Kinds {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.Count != 0 {
n += 1 + sovTypes(uint64(m.Count))
}
if len(m.Modes) > 0 {
for _, s := range m.Modes {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.OnLeave)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SessionJoinPolicy) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Roles) > 0 {
for _, s := range m.Roles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.Kinds) > 0 {
for _, s := range m.Kinds {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.Modes) > 0 {
for _, s := range m.Modes {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AccessRequestConditions) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Roles) > 0 {
for _, s := range m.Roles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.ClaimsToRoles) > 0 {
for _, e := range m.ClaimsToRoles {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
l = m.Annotations.Size()
n += 1 + l + sovTypes(uint64(l))
if len(m.Thresholds) > 0 {
for _, e := range m.Thresholds {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.SuggestedReviewers) > 0 {
for _, s := range m.SuggestedReviewers {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.SearchAsRoles) > 0 {
for _, s := range m.SearchAsRoles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.MaxDuration != 0 {
n += 1 + sovTypes(uint64(m.MaxDuration))
}
if len(m.KubernetesResources) > 0 {
for _, e := range m.KubernetesResources {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.Reason != nil {
l = m.Reason.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AccessRequestConditionsReason) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Mode)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Prompt)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AccessReviewConditions) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Roles) > 0 {
for _, s := range m.Roles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.ClaimsToRoles) > 0 {
for _, e := range m.ClaimsToRoles {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.Where)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.PreviewAsRoles) > 0 {
for _, s := range m.PreviewAsRoles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AccessRequestAllowedPromotion) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.AccessListName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AccessRequestAllowedPromotions) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Promotions) > 0 {
for _, e := range m.Promotions {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ResourceIDList) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.ResourceIds) > 0 {
for _, e := range m.ResourceIds {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *LongTermResourceGrouping) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.AccessListToResources) > 0 {
for k, v := range m.AccessListToResources {
_ = k
_ = v
l = v.Size()
mapEntrySize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + l + sovTypes(uint64(l))
n += mapEntrySize + 1 + sovTypes(uint64(mapEntrySize))
}
}
l = len(m.RecommendedAccessList)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ValidationMessage)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.CanProceed {
n += 2
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ClaimMapping) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Claim)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Value)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Roles) > 0 {
for _, s := range m.Roles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *TraitMapping) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Trait)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Value)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Roles) > 0 {
for _, s := range m.Roles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *Rule) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Resources) > 0 {
for _, s := range m.Resources {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.Verbs) > 0 {
for _, s := range m.Verbs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.Where)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Actions) > 0 {
for _, s := range m.Actions {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ImpersonateConditions) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Users) > 0 {
for _, s := range m.Users {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.Roles) > 0 {
for _, s := range m.Roles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.Where)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *BoolValue) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Value {
n += 2
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *UserFilter) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.SearchKeywords) > 0 {
for _, s := range m.SearchKeywords {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.SkipSystemUsers {
n += 2
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *UserV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Status.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *UserStatusV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.PasswordState != 0 {
n += 1 + sovTypes(uint64(m.PasswordState))
}
if m.MfaWeakestDevice != 0 {
n += 1 + sovTypes(uint64(m.MfaWeakestDevice))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *UserSpecV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.OIDCIdentities) > 0 {
for _, e := range m.OIDCIdentities {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.SAMLIdentities) > 0 {
for _, e := range m.SAMLIdentities {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.GithubIdentities) > 0 {
for _, e := range m.GithubIdentities {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.Roles) > 0 {
for _, s := range m.Roles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = m.Traits.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Status.Size()
n += 1 + l + sovTypes(uint64(l))
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires)
n += 1 + l + sovTypes(uint64(l))
l = m.CreatedBy.Size()
n += 1 + l + sovTypes(uint64(l))
if m.LocalAuth != nil {
l = m.LocalAuth.Size()
n += 1 + l + sovTypes(uint64(l))
}
if len(m.TrustedDeviceIDs) > 0 {
for _, s := range m.TrustedDeviceIDs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ExternalIdentity) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ConnectorID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Username)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SAMLSingleLogoutURL)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.UserID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *LoginStatus) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.IsLocked {
n += 2
}
l = len(m.LockedMessage)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.LockedTime)
n += 1 + l + sovTypes(uint64(l))
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.LockExpires)
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *CreatedBy) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Connector != nil {
l = m.Connector.Size()
n += 1 + l + sovTypes(uint64(l))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Time)
n += 1 + l + sovTypes(uint64(l))
l = m.User.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *LocalAuthSecrets) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.PasswordHash)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.TOTPKey)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.MFA) > 0 {
for _, e := range m.MFA {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.Webauthn != nil {
l = m.Webauthn.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *WebauthnLocalAuth) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.UserID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ConnectorRef) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Type)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Identity)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *UserRef) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ReverseTunnelV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ReverseTunnelSpecV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ClusterName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.DialAddrs) > 0 {
for _, s := range m.DialAddrs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.Type)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *TunnelConnectionV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *TunnelConnectionSpecV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ClusterName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ProxyName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.LastHeartbeat)
n += 1 + l + sovTypes(uint64(l))
l = len(m.Type)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SemaphoreFilter) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.SemaphoreKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SemaphoreName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AcquireSemaphoreRequest) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.SemaphoreKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SemaphoreName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.MaxLeases != 0 {
n += 1 + sovTypes(uint64(m.MaxLeases))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires)
n += 1 + l + sovTypes(uint64(l))
l = len(m.Holder)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SemaphoreLease) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.SemaphoreKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SemaphoreName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.LeaseID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires)
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SemaphoreLeaseRef) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.LeaseID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires)
n += 1 + l + sovTypes(uint64(l))
l = len(m.Holder)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SemaphoreV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SemaphoreSpecV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Leases) > 0 {
for _, e := range m.Leases {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *WebSessionV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *WebSessionSpecV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.User)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Pub)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Priv)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.TLSCert)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.BearerToken)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.BearerTokenExpires)
n += 1 + l + sovTypes(uint64(l))
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.Expires)
n += 1 + l + sovTypes(uint64(l))
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.LoginTime)
n += 1 + l + sovTypes(uint64(l))
if m.IdleTimeout != 0 {
n += 1 + sovTypes(uint64(m.IdleTimeout))
}
l = len(m.ConsumedAccessRequestID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.SAMLSession != nil {
l = m.SAMLSession.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.DeviceWebToken != nil {
l = m.DeviceWebToken.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.HasDeviceExtensions {
n += 2
}
if m.TrustedDeviceRequirement != 0 {
n += 1 + sovTypes(uint64(m.TrustedDeviceRequirement))
}
l = len(m.TLSPriv)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DeviceWebToken) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Id)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Token)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *WebSessionFilter) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.User)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SAMLSessionData) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.CreateTime)
n += 1 + l + sovTypes(uint64(l))
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.ExpireTime)
n += 1 + l + sovTypes(uint64(l))
l = len(m.Index)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.NameID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.NameIDFormat)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubjectID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Groups) > 0 {
for _, s := range m.Groups {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.UserName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.UserEmail)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.UserCommonName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.UserSurname)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.UserGivenName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.UserScopedAffiliation)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.CustomAttributes) > 0 {
for _, e := range m.CustomAttributes {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SAMLAttribute) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.FriendlyName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.NameFormat)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Values) > 0 {
for _, e := range m.Values {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SAMLAttributeValue) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Type)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Value)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.NameID != nil {
l = m.NameID.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SAMLNameID) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.NameQualifier)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SPNameQualifier)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Format)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SPProvidedID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Value)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *RemoteClusterV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Status.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *RemoteClusterStatusV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Connection)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = github_com_gogo_protobuf_types.SizeOfStdTime(m.LastHeartbeat)
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *KubernetesCluster) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.StaticLabels) > 0 {
for k, v := range m.StaticLabels {
_ = k
_ = v
mapEntrySize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + len(v) + sovTypes(uint64(len(v)))
n += mapEntrySize + 1 + sovTypes(uint64(mapEntrySize))
}
}
if len(m.DynamicLabels) > 0 {
for k, v := range m.DynamicLabels {
_ = k
_ = v
l = v.Size()
mapEntrySize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + l + sovTypes(uint64(l))
n += mapEntrySize + 1 + sovTypes(uint64(mapEntrySize))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *KubernetesClusterV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.Status != nil {
l = m.Status.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *KubernetesClusterSpecV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.DynamicLabels) > 0 {
for k, v := range m.DynamicLabels {
_ = k
_ = v
l = v.Size()
mapEntrySize := 1 + len(k) + sovTypes(uint64(len(k))) + 1 + l + sovTypes(uint64(l))
n += mapEntrySize + 1 + sovTypes(uint64(mapEntrySize))
}
}
l = len(m.Kubeconfig)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Azure.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.AWS.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.GCP.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *KubeAzure) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ResourceName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ResourceGroup)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.TenantID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubscriptionID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *KubeAWS) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Region)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.AccountID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *KubeGCP) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Location)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ProjectID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *KubernetesClusterStatus) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Discovery != nil {
l = m.Discovery.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *KubernetesClusterDiscoveryStatus) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Aws != nil {
l = m.Aws.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *KubernetesClusterAWSStatus) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.SetupAccessForArn)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Integration)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.DiscoveryAssumedRole != nil {
l = m.DiscoveryAssumedRole.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *KubernetesClusterV3List) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.KubernetesClusters) > 0 {
for _, e := range m.KubernetesClusters {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *KubernetesServerV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.Status != nil {
l = m.Status.Size()
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Scope)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *KubernetesServerSpecV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Hostname)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.HostID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Rotation.Size()
n += 1 + l + sovTypes(uint64(l))
if m.Cluster != nil {
l = m.Cluster.Size()
n += 1 + l + sovTypes(uint64(l))
}
if len(m.ProxyIDs) > 0 {
for _, s := range m.ProxyIDs {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.RelayGroup)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.RelayIds) > 0 {
for _, s := range m.RelayIds {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *KubernetesServerStatusV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.TargetHealth != nil {
l = m.TargetHealth.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *WebTokenV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *WebTokenSpecV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.User)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Token)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *GetWebSessionRequest) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.User)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SessionID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DeleteWebSessionRequest) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.User)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SessionID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *GetWebTokenRequest) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.User)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Token)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *DeleteWebTokenRequest) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.User)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Token)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ResourceRequest) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ResourceWithSecretsRequest) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.WithSecrets {
n += 2
}
if m.SAMLValidationNoFollowURLs {
n += 2
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ResourcesWithSecretsRequest) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.WithSecrets {
n += 2
}
if m.SAMLValidationNoFollowURLs {
n += 2
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ResourceInNamespaceRequest) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Namespace)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *ResourcesInNamespaceRequest) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Namespace)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *OIDCConnectorV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *OIDCConnectorV3List) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.OIDCConnectors) > 0 {
for _, e := range m.OIDCConnectors {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *OIDCConnectorSpecV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.IssuerURL)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ClientID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ClientSecret)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ACR)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Provider)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Display)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Scope) > 0 {
for _, s := range m.Scope {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.Prompt)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.ClaimsToRoles) > 0 {
for _, e := range m.ClaimsToRoles {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.GoogleServiceAccountURI)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.GoogleServiceAccount)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.GoogleAdminEmail)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.RedirectURLs.Size()
n += 1 + l + sovTypes(uint64(l))
if m.AllowUnverifiedEmail {
n += 2
}
l = len(m.UsernameClaim)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if m.MaxAge != nil {
l = m.MaxAge.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.ClientRedirectSettings != nil {
l = m.ClientRedirectSettings.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.MFASettings != nil {
l = m.MFASettings.Size()
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.PKCEMode)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if len(m.UserMatchers) > 0 {
for _, s := range m.UserMatchers {
l = len(s)
n += 2 + l + sovTypes(uint64(l))
}
}
l = len(m.RequestObjectMode)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if m.EntraIdGroupsProvider != nil {
l = m.EntraIdGroupsProvider.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *EntraIDGroupsProvider) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Disabled {
n += 2
}
l = len(m.GroupType)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.GraphEndpoint)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *MaxAge) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Value != 0 {
n += 1 + sovTypes(uint64(m.Value))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SSOClientRedirectSettings) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.AllowedHttpsHostnames) > 0 {
for _, s := range m.AllowedHttpsHostnames {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.InsecureAllowedCidrRanges) > 0 {
for _, s := range m.InsecureAllowedCidrRanges {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *OIDCConnectorMFASettings) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Enabled {
n += 2
}
l = len(m.ClientId)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ClientSecret)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.AcrValues)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Prompt)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.MaxAge != 0 {
n += 1 + sovTypes(uint64(m.MaxAge))
}
l = len(m.RequestObjectMode)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *OIDCAuthRequest) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ConnectorID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Type)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.CheckUser {
n += 2
}
l = len(m.StateToken)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.CSRFToken)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.RedirectURL)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.CertTTL != 0 {
n += 1 + sovTypes(uint64(m.CertTTL))
}
if m.CreateWebSession {
n += 2
}
l = len(m.ClientRedirectURL)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Compatibility)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.RouteToCluster)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.KubernetesCluster)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.SSOTestFlow {
n += 2
}
if m.ConnectorSpec != nil {
l = m.ConnectorSpec.Size()
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ProxyAddress)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.ClientLoginIP)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.ClientUserAgent)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.SshPublicKey)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.TlsPublicKey)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if m.SshAttestationStatement != nil {
l = m.SshAttestationStatement.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.TlsAttestationStatement != nil {
l = m.TlsAttestationStatement.Size()
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.PkceVerifier)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.LoginHint)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.Scope)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SAMLConnectorV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SAMLConnectorV2List) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.SAMLConnectors) > 0 {
for _, e := range m.SAMLConnectors {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SAMLConnectorSpecV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Issuer)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SSO)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Cert)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Display)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.AssertionConsumerService)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Audience)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ServiceProviderIssuer)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.EntityDescriptor)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.EntityDescriptorURL)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.AttributesToRoles) > 0 {
for _, e := range m.AttributesToRoles {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.SigningKeyPair != nil {
l = m.SigningKeyPair.Size()
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Provider)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.EncryptionKeyPair != nil {
l = m.EncryptionKeyPair.Size()
n += 1 + l + sovTypes(uint64(l))
}
if m.AllowIDPInitiated {
n += 2
}
if m.ClientRedirectSettings != nil {
l = m.ClientRedirectSettings.Size()
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SingleLogoutURL)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if m.MFASettings != nil {
l = m.MFASettings.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.ForceAuthn != 0 {
n += 2 + sovTypes(uint64(m.ForceAuthn))
}
l = len(m.PreferredRequestBinding)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if len(m.UserMatchers) > 0 {
for _, s := range m.UserMatchers {
l = len(s)
n += 2 + l + sovTypes(uint64(l))
}
}
if m.IncludeSubject {
n += 3
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SAMLConnectorMFASettings) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Enabled {
n += 2
}
l = len(m.EntityDescriptor)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.EntityDescriptorUrl)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.ForceAuthn != 0 {
n += 1 + sovTypes(uint64(m.ForceAuthn))
}
l = len(m.Issuer)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Sso)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Cert)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SAMLAuthRequest) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ConnectorID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Type)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.CheckUser {
n += 2
}
l = len(m.RedirectURL)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.CertTTL != 0 {
n += 1 + sovTypes(uint64(m.CertTTL))
}
l = len(m.CSRFToken)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.CreateWebSession {
n += 2
}
l = len(m.ClientRedirectURL)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Compatibility)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.RouteToCluster)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.KubernetesCluster)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.SSOTestFlow {
n += 2
}
if m.ConnectorSpec != nil {
l = m.ConnectorSpec.Size()
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ClientLoginIP)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.ClientUserAgent)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.SshPublicKey)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.TlsPublicKey)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if m.SshAttestationStatement != nil {
l = m.SshAttestationStatement.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.TlsAttestationStatement != nil {
l = m.TlsAttestationStatement.Size()
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.PostForm)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.ClientVersion)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.SubjectIdentifier)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.Scope)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AttributeMapping) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Name)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Value)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Roles) > 0 {
for _, s := range m.Roles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *AsymmetricKeyPair) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.PrivateKey)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Cert)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *GithubConnectorV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *GithubConnectorV3List) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.GithubConnectors) > 0 {
for _, e := range m.GithubConnectors {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *GithubConnectorSpecV3) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ClientID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ClientSecret)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.RedirectURL)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.TeamsToLogins) > 0 {
for _, e := range m.TeamsToLogins {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.Display)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.TeamsToRoles) > 0 {
for _, e := range m.TeamsToRoles {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.EndpointURL)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.APIEndpointURL)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.ClientRedirectSettings != nil {
l = m.ClientRedirectSettings.Size()
n += 1 + l + sovTypes(uint64(l))
}
if len(m.UserMatchers) > 0 {
for _, s := range m.UserMatchers {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *GithubAuthRequest) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ConnectorID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Type)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.StateToken)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.CSRFToken)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.CertTTL != 0 {
n += 1 + sovTypes(uint64(m.CertTTL))
}
if m.CreateWebSession {
n += 2
}
l = len(m.RedirectURL)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ClientRedirectURL)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Compatibility)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.Expires != nil {
l = github_com_gogo_protobuf_types.SizeOfStdTime(*m.Expires)
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.RouteToCluster)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.KubernetesCluster)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.SSOTestFlow {
n += 2
}
if m.ConnectorSpec != nil {
l = m.ConnectorSpec.Size()
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ClientLoginIP)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.ClientUserAgent)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.SshPublicKey)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.TlsPublicKey)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if m.SshAttestationStatement != nil {
l = m.SshAttestationStatement.Size()
n += 2 + l + sovTypes(uint64(l))
}
if m.TlsAttestationStatement != nil {
l = m.TlsAttestationStatement.Size()
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.AuthenticatedUser)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
l = len(m.Scope)
if l > 0 {
n += 2 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SSOWarnings) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Message)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Warnings) > 0 {
for _, s := range m.Warnings {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *CreateUserParams) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.ConnectorName)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Username)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Logins) > 0 {
for _, s := range m.Logins {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.KubeGroups) > 0 {
for _, s := range m.KubeGroups {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.KubeUsers) > 0 {
for _, s := range m.KubeUsers {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.Roles) > 0 {
for _, s := range m.Roles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = m.Traits.Size()
n += 1 + l + sovTypes(uint64(l))
if m.SessionTTL != 0 {
n += 1 + sovTypes(uint64(m.SessionTTL))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *SSODiagnosticInfo) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.TestFlow {
n += 2
}
l = len(m.Error)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.Success {
n += 2
}
if m.CreateUserParams != nil {
l = m.CreateUserParams.Size()
n += 1 + l + sovTypes(uint64(l))
}
if len(m.SAMLAttributesToRoles) > 0 {
for _, e := range m.SAMLAttributesToRoles {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.SAMLAttributesToRolesWarnings != nil {
l = m.SAMLAttributesToRolesWarnings.Size()
n += 1 + l + sovTypes(uint64(l))
}
l = m.SAMLAttributeStatements.Size()
n += 1 + l + sovTypes(uint64(l))
if m.SAMLAssertionInfo != nil {
l = m.SAMLAssertionInfo.Size()
n += 1 + l + sovTypes(uint64(l))
}
l = m.SAMLTraitsFromAssertions.Size()
n += 1 + l + sovTypes(uint64(l))
if len(m.SAMLConnectorTraitMapping) > 0 {
for _, e := range m.SAMLConnectorTraitMapping {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.OIDCClaimsToRoles) > 0 {
for _, e := range m.OIDCClaimsToRoles {
l = e.Size()
n += 2 + l + sovTypes(uint64(l))
}
}
if m.OIDCClaimsToRolesWarnings != nil {
l = m.OIDCClaimsToRolesWarnings.Size()
n += 2 + l + sovTypes(uint64(l))
}
l = m.OIDCClaims.Size()
n += 2 + l + sovTypes(uint64(l))
if m.OIDCIdentity != nil {
l = m.OIDCIdentity.Size()
n += 2 + l + sovTypes(uint64(l))
}
l = m.OIDCTraitsFromClaims.Size()
n += 2 + l + sovTypes(uint64(l))
if len(m.OIDCConnectorTraitMapping) > 0 {
for _, e := range m.OIDCConnectorTraitMapping {
l = e.Size()
n += 2 + l + sovTypes(uint64(l))
}
}
if m.GithubClaims != nil {
l = m.GithubClaims.Size()
n += 2 + l + sovTypes(uint64(l))
}
if len(m.GithubTeamsToLogins) > 0 {
for _, e := range m.GithubTeamsToLogins {
l = e.Size()
n += 2 + l + sovTypes(uint64(l))
}
}
if len(m.GithubTeamsToRoles) > 0 {
for _, e := range m.GithubTeamsToRoles {
l = e.Size()
n += 2 + l + sovTypes(uint64(l))
}
}
if m.GithubTokenInfo != nil {
l = m.GithubTokenInfo.Size()
n += 2 + l + sovTypes(uint64(l))
}
if len(m.AppliedLoginRules) > 0 {
for _, s := range m.AppliedLoginRules {
l = len(s)
n += 2 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *GithubTokenInfo) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.TokenType)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.Expires != 0 {
n += 1 + sovTypes(uint64(m.Expires))
}
l = len(m.Scope)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *GithubClaims) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Username)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.OrganizationToTeams.Size()
n += 1 + l + sovTypes(uint64(l))
if len(m.Teams) > 0 {
for _, s := range m.Teams {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.UserID)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *TeamMapping) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Organization)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Team)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Logins) > 0 {
for _, s := range m.Logins {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.KubeGroups) > 0 {
for _, s := range m.KubeGroups {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if len(m.KubeUsers) > 0 {
for _, s := range m.KubeUsers {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *TeamRolesMapping) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Organization)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Team)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.Roles) > 0 {
for _, s := range m.Roles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *TrustedClusterV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Kind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.SubKind)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.Version)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = m.Metadata.Size()
n += 1 + l + sovTypes(uint64(l))
l = m.Spec.Size()
n += 1 + l + sovTypes(uint64(l))
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *TrustedClusterV2List) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.TrustedClusters) > 0 {
for _, e := range m.TrustedClusters {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *TrustedClusterSpecV2) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Enabled {
n += 2
}
if len(m.Roles) > 0 {
for _, s := range m.Roles {
l = len(s)
n += 1 + l + sovTypes(uint64(l))
}
}
l = len(m.Token)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ProxyAddress)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
l = len(m.ReverseTunnelAddress)
if l > 0 {
n += 1 + l + sovTypes(uint64(l))
}
if len(m.RoleMap) > 0 {
for _, e := range m.RoleMap {
l = e.Size()
n += 1 + l + sovTypes(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *LockV2) Size() (n int) {