Kyle Isom
7ede54afb2
- Add auth/login and auth/logout to mciasgrpcctl, calling the existing AuthService.Login/Logout RPCs; password is always prompted interactively (term.ReadPassword), never accepted as a flag, raw bytes zeroed after use - Add proto/mcias/v1/policy.proto with PolicyService (List, Create, Get, Update, Delete policy rules) - Regenerate gen/mcias/v1/ stubs to include policy - Implement internal/grpcserver/policyservice.go delegating to the same db layer as the REST policy handlers - Register PolicyService in grpcserver.go - Add policy list/create/get/update/delete to mciasgrpcctl - Update mciasgrpcctl man page with new commands Security: auth login uses the same interactive password prompt pattern as mciasctl; password never appears in process args, shell history, or logs; raw bytes zeroed after string conversion (same as REST CLI and REST server). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
410 lines
12 KiB
Go
410 lines
12 KiB
Go
// Common message types shared across MCIAS gRPC services.
|
|
|
|
// Code generated by protoc-gen-go. DO NOT EDIT.
|
|
// versions:
|
|
// protoc-gen-go v1.36.11
|
|
// protoc v3.20.3
|
|
// source: mcias/v1/common.proto
|
|
|
|
package mciasv1
|
|
|
|
import (
|
|
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
|
|
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
|
|
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
|
|
reflect "reflect"
|
|
sync "sync"
|
|
unsafe "unsafe"
|
|
)
|
|
|
|
const (
|
|
// Verify that this generated code is sufficiently up-to-date.
|
|
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
|
|
// Verify that runtime/protoimpl is sufficiently up-to-date.
|
|
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
|
|
)
|
|
|
|
// Account represents a user or service identity. Credential fields
|
|
// (password_hash, totp_secret) are never included in any response.
|
|
type Account struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // UUID
|
|
Username string `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"`
|
|
AccountType string `protobuf:"bytes,3,opt,name=account_type,json=accountType,proto3" json:"account_type,omitempty"` // "human" or "system"
|
|
Status string `protobuf:"bytes,4,opt,name=status,proto3" json:"status,omitempty"` // "active", "inactive", or "deleted"
|
|
TotpEnabled bool `protobuf:"varint,5,opt,name=totp_enabled,json=totpEnabled,proto3" json:"totp_enabled,omitempty"`
|
|
CreatedAt *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
|
|
UpdatedAt *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=updated_at,json=updatedAt,proto3" json:"updated_at,omitempty"`
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *Account) Reset() {
|
|
*x = Account{}
|
|
mi := &file_mcias_v1_common_proto_msgTypes[0]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *Account) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*Account) ProtoMessage() {}
|
|
|
|
func (x *Account) ProtoReflect() protoreflect.Message {
|
|
mi := &file_mcias_v1_common_proto_msgTypes[0]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use Account.ProtoReflect.Descriptor instead.
|
|
func (*Account) Descriptor() ([]byte, []int) {
|
|
return file_mcias_v1_common_proto_rawDescGZIP(), []int{0}
|
|
}
|
|
|
|
func (x *Account) GetId() string {
|
|
if x != nil {
|
|
return x.Id
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *Account) GetUsername() string {
|
|
if x != nil {
|
|
return x.Username
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *Account) GetAccountType() string {
|
|
if x != nil {
|
|
return x.AccountType
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *Account) GetStatus() string {
|
|
if x != nil {
|
|
return x.Status
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *Account) GetTotpEnabled() bool {
|
|
if x != nil {
|
|
return x.TotpEnabled
|
|
}
|
|
return false
|
|
}
|
|
|
|
func (x *Account) GetCreatedAt() *timestamppb.Timestamp {
|
|
if x != nil {
|
|
return x.CreatedAt
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *Account) GetUpdatedAt() *timestamppb.Timestamp {
|
|
if x != nil {
|
|
return x.UpdatedAt
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// TokenInfo describes an issued token by its JTI (never the raw value).
|
|
type TokenInfo struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
Jti string `protobuf:"bytes,1,opt,name=jti,proto3" json:"jti,omitempty"`
|
|
IssuedAt *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=issued_at,json=issuedAt,proto3" json:"issued_at,omitempty"`
|
|
ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
|
|
RevokedAt *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=revoked_at,json=revokedAt,proto3" json:"revoked_at,omitempty"` // zero if not revoked
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *TokenInfo) Reset() {
|
|
*x = TokenInfo{}
|
|
mi := &file_mcias_v1_common_proto_msgTypes[1]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *TokenInfo) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*TokenInfo) ProtoMessage() {}
|
|
|
|
func (x *TokenInfo) ProtoReflect() protoreflect.Message {
|
|
mi := &file_mcias_v1_common_proto_msgTypes[1]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use TokenInfo.ProtoReflect.Descriptor instead.
|
|
func (*TokenInfo) Descriptor() ([]byte, []int) {
|
|
return file_mcias_v1_common_proto_rawDescGZIP(), []int{1}
|
|
}
|
|
|
|
func (x *TokenInfo) GetJti() string {
|
|
if x != nil {
|
|
return x.Jti
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *TokenInfo) GetIssuedAt() *timestamppb.Timestamp {
|
|
if x != nil {
|
|
return x.IssuedAt
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *TokenInfo) GetExpiresAt() *timestamppb.Timestamp {
|
|
if x != nil {
|
|
return x.ExpiresAt
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (x *TokenInfo) GetRevokedAt() *timestamppb.Timestamp {
|
|
if x != nil {
|
|
return x.RevokedAt
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// PGCreds holds Postgres connection details. Password is decrypted and
|
|
// present only when explicitly requested via GetPGCreds; it is never
|
|
// included in list responses.
|
|
type PGCreds struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"`
|
|
Database string `protobuf:"bytes,2,opt,name=database,proto3" json:"database,omitempty"`
|
|
Username string `protobuf:"bytes,3,opt,name=username,proto3" json:"username,omitempty"`
|
|
Password string `protobuf:"bytes,4,opt,name=password,proto3" json:"password,omitempty"` // security: only populated on explicit get
|
|
Port int32 `protobuf:"varint,5,opt,name=port,proto3" json:"port,omitempty"`
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *PGCreds) Reset() {
|
|
*x = PGCreds{}
|
|
mi := &file_mcias_v1_common_proto_msgTypes[2]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *PGCreds) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*PGCreds) ProtoMessage() {}
|
|
|
|
func (x *PGCreds) ProtoReflect() protoreflect.Message {
|
|
mi := &file_mcias_v1_common_proto_msgTypes[2]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use PGCreds.ProtoReflect.Descriptor instead.
|
|
func (*PGCreds) Descriptor() ([]byte, []int) {
|
|
return file_mcias_v1_common_proto_rawDescGZIP(), []int{2}
|
|
}
|
|
|
|
func (x *PGCreds) GetHost() string {
|
|
if x != nil {
|
|
return x.Host
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *PGCreds) GetDatabase() string {
|
|
if x != nil {
|
|
return x.Database
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *PGCreds) GetUsername() string {
|
|
if x != nil {
|
|
return x.Username
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *PGCreds) GetPassword() string {
|
|
if x != nil {
|
|
return x.Password
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *PGCreds) GetPort() int32 {
|
|
if x != nil {
|
|
return x.Port
|
|
}
|
|
return 0
|
|
}
|
|
|
|
// Error is the canonical error detail embedded in gRPC status details.
|
|
type Error struct {
|
|
state protoimpl.MessageState `protogen:"open.v1"`
|
|
Message string `protobuf:"bytes,1,opt,name=message,proto3" json:"message,omitempty"`
|
|
Code string `protobuf:"bytes,2,opt,name=code,proto3" json:"code,omitempty"`
|
|
unknownFields protoimpl.UnknownFields
|
|
sizeCache protoimpl.SizeCache
|
|
}
|
|
|
|
func (x *Error) Reset() {
|
|
*x = Error{}
|
|
mi := &file_mcias_v1_common_proto_msgTypes[3]
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
|
|
func (x *Error) String() string {
|
|
return protoimpl.X.MessageStringOf(x)
|
|
}
|
|
|
|
func (*Error) ProtoMessage() {}
|
|
|
|
func (x *Error) ProtoReflect() protoreflect.Message {
|
|
mi := &file_mcias_v1_common_proto_msgTypes[3]
|
|
if x != nil {
|
|
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
|
|
if ms.LoadMessageInfo() == nil {
|
|
ms.StoreMessageInfo(mi)
|
|
}
|
|
return ms
|
|
}
|
|
return mi.MessageOf(x)
|
|
}
|
|
|
|
// Deprecated: Use Error.ProtoReflect.Descriptor instead.
|
|
func (*Error) Descriptor() ([]byte, []int) {
|
|
return file_mcias_v1_common_proto_rawDescGZIP(), []int{3}
|
|
}
|
|
|
|
func (x *Error) GetMessage() string {
|
|
if x != nil {
|
|
return x.Message
|
|
}
|
|
return ""
|
|
}
|
|
|
|
func (x *Error) GetCode() string {
|
|
if x != nil {
|
|
return x.Code
|
|
}
|
|
return ""
|
|
}
|
|
|
|
var File_mcias_v1_common_proto protoreflect.FileDescriptor
|
|
|
|
const file_mcias_v1_common_proto_rawDesc = "" +
|
|
"\n" +
|
|
"\x15mcias/v1/common.proto\x12\bmcias.v1\x1a\x1fgoogle/protobuf/timestamp.proto\"\x89\x02\n" +
|
|
"\aAccount\x12\x0e\n" +
|
|
"\x02id\x18\x01 \x01(\tR\x02id\x12\x1a\n" +
|
|
"\busername\x18\x02 \x01(\tR\busername\x12!\n" +
|
|
"\faccount_type\x18\x03 \x01(\tR\vaccountType\x12\x16\n" +
|
|
"\x06status\x18\x04 \x01(\tR\x06status\x12!\n" +
|
|
"\ftotp_enabled\x18\x05 \x01(\bR\vtotpEnabled\x129\n" +
|
|
"\n" +
|
|
"created_at\x18\x06 \x01(\v2\x1a.google.protobuf.TimestampR\tcreatedAt\x129\n" +
|
|
"\n" +
|
|
"updated_at\x18\a \x01(\v2\x1a.google.protobuf.TimestampR\tupdatedAt\"\xcc\x01\n" +
|
|
"\tTokenInfo\x12\x10\n" +
|
|
"\x03jti\x18\x01 \x01(\tR\x03jti\x127\n" +
|
|
"\tissued_at\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampR\bissuedAt\x129\n" +
|
|
"\n" +
|
|
"expires_at\x18\x03 \x01(\v2\x1a.google.protobuf.TimestampR\texpiresAt\x129\n" +
|
|
"\n" +
|
|
"revoked_at\x18\x04 \x01(\v2\x1a.google.protobuf.TimestampR\trevokedAt\"\x85\x01\n" +
|
|
"\aPGCreds\x12\x12\n" +
|
|
"\x04host\x18\x01 \x01(\tR\x04host\x12\x1a\n" +
|
|
"\bdatabase\x18\x02 \x01(\tR\bdatabase\x12\x1a\n" +
|
|
"\busername\x18\x03 \x01(\tR\busername\x12\x1a\n" +
|
|
"\bpassword\x18\x04 \x01(\tR\bpassword\x12\x12\n" +
|
|
"\x04port\x18\x05 \x01(\x05R\x04port\"5\n" +
|
|
"\x05Error\x12\x18\n" +
|
|
"\amessage\x18\x01 \x01(\tR\amessage\x12\x12\n" +
|
|
"\x04code\x18\x02 \x01(\tR\x04codeB2Z0git.wntrmute.dev/kyle/mcias/gen/mcias/v1;mciasv1b\x06proto3"
|
|
|
|
var (
|
|
file_mcias_v1_common_proto_rawDescOnce sync.Once
|
|
file_mcias_v1_common_proto_rawDescData []byte
|
|
)
|
|
|
|
func file_mcias_v1_common_proto_rawDescGZIP() []byte {
|
|
file_mcias_v1_common_proto_rawDescOnce.Do(func() {
|
|
file_mcias_v1_common_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_mcias_v1_common_proto_rawDesc), len(file_mcias_v1_common_proto_rawDesc)))
|
|
})
|
|
return file_mcias_v1_common_proto_rawDescData
|
|
}
|
|
|
|
var file_mcias_v1_common_proto_msgTypes = make([]protoimpl.MessageInfo, 4)
|
|
var file_mcias_v1_common_proto_goTypes = []any{
|
|
(*Account)(nil), // 0: mcias.v1.Account
|
|
(*TokenInfo)(nil), // 1: mcias.v1.TokenInfo
|
|
(*PGCreds)(nil), // 2: mcias.v1.PGCreds
|
|
(*Error)(nil), // 3: mcias.v1.Error
|
|
(*timestamppb.Timestamp)(nil), // 4: google.protobuf.Timestamp
|
|
}
|
|
var file_mcias_v1_common_proto_depIdxs = []int32{
|
|
4, // 0: mcias.v1.Account.created_at:type_name -> google.protobuf.Timestamp
|
|
4, // 1: mcias.v1.Account.updated_at:type_name -> google.protobuf.Timestamp
|
|
4, // 2: mcias.v1.TokenInfo.issued_at:type_name -> google.protobuf.Timestamp
|
|
4, // 3: mcias.v1.TokenInfo.expires_at:type_name -> google.protobuf.Timestamp
|
|
4, // 4: mcias.v1.TokenInfo.revoked_at:type_name -> google.protobuf.Timestamp
|
|
5, // [5:5] is the sub-list for method output_type
|
|
5, // [5:5] is the sub-list for method input_type
|
|
5, // [5:5] is the sub-list for extension type_name
|
|
5, // [5:5] is the sub-list for extension extendee
|
|
0, // [0:5] is the sub-list for field type_name
|
|
}
|
|
|
|
func init() { file_mcias_v1_common_proto_init() }
|
|
func file_mcias_v1_common_proto_init() {
|
|
if File_mcias_v1_common_proto != nil {
|
|
return
|
|
}
|
|
type x struct{}
|
|
out := protoimpl.TypeBuilder{
|
|
File: protoimpl.DescBuilder{
|
|
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
|
|
RawDescriptor: unsafe.Slice(unsafe.StringData(file_mcias_v1_common_proto_rawDesc), len(file_mcias_v1_common_proto_rawDesc)),
|
|
NumEnums: 0,
|
|
NumMessages: 4,
|
|
NumExtensions: 0,
|
|
NumServices: 0,
|
|
},
|
|
GoTypes: file_mcias_v1_common_proto_goTypes,
|
|
DependencyIndexes: file_mcias_v1_common_proto_depIdxs,
|
|
MessageInfos: file_mcias_v1_common_proto_msgTypes,
|
|
}.Build()
|
|
File_mcias_v1_common_proto = out.File
|
|
file_mcias_v1_common_proto_goTypes = nil
|
|
file_mcias_v1_common_proto_depIdxs = nil
|
|
}
|