diff --git a/cmd/baton/explorer.go b/cmd/baton/explorer.go index 47b8df9d..050ba49f 100644 --- a/cmd/baton/explorer.go +++ b/cmd/baton/explorer.go @@ -89,7 +89,7 @@ func startExplorerAPI(cmd *cobra.Command, devMode bool) { if err != nil { log.Fatal("error loading c1z", err) //nolint:gocritic // reason } - defer store.Close() + defer store.Close(ctx) ctrl := explorer.NewController(ctx, store, syncID, resourceType, devMode) e := ctrl.Run(":8080") diff --git a/cmd/baton/optimize.go b/cmd/baton/optimize.go index 45a3a994..c9945fc0 100644 --- a/cmd/baton/optimize.go +++ b/cmd/baton/optimize.go @@ -47,7 +47,7 @@ func runOptimizeDb(cmd *cobra.Command, args []string) error { return err } - err = store.Close() + err = store.Close(ctx) if err != nil { return err } diff --git a/go.mod b/go.mod index daa27952..caa3d003 100644 --- a/go.mod +++ b/go.mod @@ -3,7 +3,7 @@ module github.com/conductorone/baton go 1.25.2 require ( - github.com/conductorone/baton-sdk v0.6.17 + github.com/conductorone/baton-sdk v0.7.3 github.com/ennyjfrick/ruleguard-logfatal v0.0.2 github.com/envoyproxy/protoc-gen-validate v1.2.1 github.com/gin-gonic/contrib v0.0.0-20250113154928-93b827325fec diff --git a/go.sum b/go.sum index 652cfbcb..4bb6cae9 100644 --- a/go.sum +++ b/go.sum @@ -72,8 +72,8 @@ github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCy github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w= github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/conductorone/baton-sdk v0.6.17 h1:ZC+pcsh/iGA1wjS5GGQjIg+mIIK/Mr0E7G3Dg72f03Y= -github.com/conductorone/baton-sdk v0.6.17/go.mod h1:9S5feBOuIJxlNdGmkv3ObkCNHbVyOHr6foNrIrk+d4Y= +github.com/conductorone/baton-sdk v0.7.3 h1:/5FHAVT7BlPaC7Pe2z2VbUy9UZgylSWoLdiVSSDV3lA= +github.com/conductorone/baton-sdk v0.7.3/go.mod h1:9S5feBOuIJxlNdGmkv3ObkCNHbVyOHr6foNrIrk+d4Y= github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro= github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= diff --git a/vendor/github.com/conductorone/baton-sdk/pb/c1/config/v1/rules.pb.go b/vendor/github.com/conductorone/baton-sdk/pb/c1/config/v1/rules.pb.go index 11073384..afe1a1ff 100644 --- a/vendor/github.com/conductorone/baton-sdk/pb/c1/config/v1/rules.pb.go +++ b/vendor/github.com/conductorone/baton-sdk/pb/c1/config/v1/rules.pb.go @@ -1487,8 +1487,20 @@ func (b0 ResourceIDRules_builder) Build() *ResourceIDRules { type RepeatedResourceIdRules struct { state protoimpl.MessageState `protogen:"hybrid.v1"` AllowedResourceTypeIds []string `protobuf:"bytes,1,rep,name=allowed_resource_type_ids,json=allowedResourceTypeIds,proto3" json:"allowed_resource_type_ids,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + // MinItems specifies that this field must have the specified number of + // items at a minimum + MinItems *uint64 `protobuf:"varint,2,opt,name=min_items,json=minItems,proto3,oneof" json:"min_items,omitempty"` + // MaxItems specifies that this field must have the specified number of + // items at a maximum + MaxItems *uint64 `protobuf:"varint,3,opt,name=max_items,json=maxItems,proto3,oneof" json:"max_items,omitempty"` + // Unique specifies that all elements in this field must be unique. + Unique bool `protobuf:"varint,4,opt,name=unique,proto3" json:"unique,omitempty"` + // IgnoreEmpty specifies that the validation rules of this field should be + // evaluated only if the field is not empty + ValidateEmpty bool `protobuf:"varint,5,opt,name=validate_empty,json=validateEmpty,proto3" json:"validate_empty,omitempty"` + IsRequired bool `protobuf:"varint,6,opt,name=is_required,json=isRequired,proto3" json:"is_required,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *RepeatedResourceIdRules) Reset() { @@ -1523,14 +1535,103 @@ func (x *RepeatedResourceIdRules) GetAllowedResourceTypeIds() []string { return nil } +func (x *RepeatedResourceIdRules) GetMinItems() uint64 { + if x != nil && x.MinItems != nil { + return *x.MinItems + } + return 0 +} + +func (x *RepeatedResourceIdRules) GetMaxItems() uint64 { + if x != nil && x.MaxItems != nil { + return *x.MaxItems + } + return 0 +} + +func (x *RepeatedResourceIdRules) GetUnique() bool { + if x != nil { + return x.Unique + } + return false +} + +func (x *RepeatedResourceIdRules) GetValidateEmpty() bool { + if x != nil { + return x.ValidateEmpty + } + return false +} + +func (x *RepeatedResourceIdRules) GetIsRequired() bool { + if x != nil { + return x.IsRequired + } + return false +} + func (x *RepeatedResourceIdRules) SetAllowedResourceTypeIds(v []string) { x.AllowedResourceTypeIds = v } +func (x *RepeatedResourceIdRules) SetMinItems(v uint64) { + x.MinItems = &v +} + +func (x *RepeatedResourceIdRules) SetMaxItems(v uint64) { + x.MaxItems = &v +} + +func (x *RepeatedResourceIdRules) SetUnique(v bool) { + x.Unique = v +} + +func (x *RepeatedResourceIdRules) SetValidateEmpty(v bool) { + x.ValidateEmpty = v +} + +func (x *RepeatedResourceIdRules) SetIsRequired(v bool) { + x.IsRequired = v +} + +func (x *RepeatedResourceIdRules) HasMinItems() bool { + if x == nil { + return false + } + return x.MinItems != nil +} + +func (x *RepeatedResourceIdRules) HasMaxItems() bool { + if x == nil { + return false + } + return x.MaxItems != nil +} + +func (x *RepeatedResourceIdRules) ClearMinItems() { + x.MinItems = nil +} + +func (x *RepeatedResourceIdRules) ClearMaxItems() { + x.MaxItems = nil +} + type RepeatedResourceIdRules_builder struct { _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. AllowedResourceTypeIds []string + // MinItems specifies that this field must have the specified number of + // items at a minimum + MinItems *uint64 + // MaxItems specifies that this field must have the specified number of + // items at a maximum + MaxItems *uint64 + // Unique specifies that all elements in this field must be unique. + Unique bool + // IgnoreEmpty specifies that the validation rules of this field should be + // evaluated only if the field is not empty + ValidateEmpty bool + IsRequired bool } func (b0 RepeatedResourceIdRules_builder) Build() *RepeatedResourceIdRules { @@ -1538,6 +1639,11 @@ func (b0 RepeatedResourceIdRules_builder) Build() *RepeatedResourceIdRules { b, x := &b0, m0 _, _ = b, x x.AllowedResourceTypeIds = b.AllowedResourceTypeIds + x.MinItems = b.MinItems + x.MaxItems = b.MaxItems + x.Unique = b.Unique + x.ValidateEmpty = b.ValidateEmpty + x.IsRequired = b.IsRequired return m0 } @@ -1630,9 +1736,19 @@ const file_c1_config_v1_rules_proto_rawDesc = "" + "\vis_required\x18\x02 \x01(\bR\n" + "isRequired\"L\n" + "\x0fResourceIDRules\x129\n" + - "\x19allowed_resource_type_ids\x18\x01 \x03(\tR\x16allowedResourceTypeIds\"T\n" + + "\x19allowed_resource_type_ids\x18\x01 \x03(\tR\x16allowedResourceTypeIds\"\x94\x02\n" + "\x17RepeatedResourceIdRules\x129\n" + - "\x19allowed_resource_type_ids\x18\x01 \x03(\tR\x16allowedResourceTypeIds*\x99\x02\n" + + "\x19allowed_resource_type_ids\x18\x01 \x03(\tR\x16allowedResourceTypeIds\x12 \n" + + "\tmin_items\x18\x02 \x01(\x04H\x00R\bminItems\x88\x01\x01\x12 \n" + + "\tmax_items\x18\x03 \x01(\x04H\x01R\bmaxItems\x88\x01\x01\x12\x16\n" + + "\x06unique\x18\x04 \x01(\bR\x06unique\x12%\n" + + "\x0evalidate_empty\x18\x05 \x01(\bR\rvalidateEmpty\x12\x1f\n" + + "\vis_required\x18\x06 \x01(\bR\n" + + "isRequiredB\f\n" + + "\n" + + "_min_itemsB\f\n" + + "\n" + + "_max_items*\x99\x02\n" + "\x0fWellKnownString\x12!\n" + "\x1dWELL_KNOWN_STRING_UNSPECIFIED\x10\x00\x12\x1b\n" + "\x17WELL_KNOWN_STRING_EMAIL\x10\x01\x12\x1e\n" + @@ -1684,6 +1800,7 @@ func file_c1_config_v1_rules_proto_init() { } file_c1_config_v1_rules_proto_msgTypes[3].OneofWrappers = []any{} file_c1_config_v1_rules_proto_msgTypes[4].OneofWrappers = []any{} + file_c1_config_v1_rules_proto_msgTypes[7].OneofWrappers = []any{} type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/vendor/github.com/conductorone/baton-sdk/pb/c1/config/v1/rules.pb.validate.go b/vendor/github.com/conductorone/baton-sdk/pb/c1/config/v1/rules.pb.validate.go index f5f49e9e..ef7e9c54 100644 --- a/vendor/github.com/conductorone/baton-sdk/pb/c1/config/v1/rules.pb.validate.go +++ b/vendor/github.com/conductorone/baton-sdk/pb/c1/config/v1/rules.pb.validate.go @@ -1015,6 +1015,20 @@ func (m *RepeatedResourceIdRules) validate(all bool) error { var errors []error + // no validation rules for Unique + + // no validation rules for ValidateEmpty + + // no validation rules for IsRequired + + if m.MinItems != nil { + // no validation rules for MinItems + } + + if m.MaxItems != nil { + // no validation rules for MaxItems + } + if len(errors) > 0 { return RepeatedResourceIdRulesMultiError(errors) } diff --git a/vendor/github.com/conductorone/baton-sdk/pb/c1/config/v1/rules_protoopaque.pb.go b/vendor/github.com/conductorone/baton-sdk/pb/c1/config/v1/rules_protoopaque.pb.go index 87964c85..a4f425ba 100644 --- a/vendor/github.com/conductorone/baton-sdk/pb/c1/config/v1/rules_protoopaque.pb.go +++ b/vendor/github.com/conductorone/baton-sdk/pb/c1/config/v1/rules_protoopaque.pb.go @@ -1524,6 +1524,13 @@ func (b0 ResourceIDRules_builder) Build() *ResourceIDRules { type RepeatedResourceIdRules struct { state protoimpl.MessageState `protogen:"opaque.v1"` xxx_hidden_AllowedResourceTypeIds []string `protobuf:"bytes,1,rep,name=allowed_resource_type_ids,json=allowedResourceTypeIds,proto3"` + xxx_hidden_MinItems uint64 `protobuf:"varint,2,opt,name=min_items,json=minItems,proto3,oneof"` + xxx_hidden_MaxItems uint64 `protobuf:"varint,3,opt,name=max_items,json=maxItems,proto3,oneof"` + xxx_hidden_Unique bool `protobuf:"varint,4,opt,name=unique,proto3"` + xxx_hidden_ValidateEmpty bool `protobuf:"varint,5,opt,name=validate_empty,json=validateEmpty,proto3"` + xxx_hidden_IsRequired bool `protobuf:"varint,6,opt,name=is_required,json=isRequired,proto3"` + XXX_raceDetectHookData protoimpl.RaceDetectHookData + XXX_presence [1]uint32 unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } @@ -1560,14 +1567,107 @@ func (x *RepeatedResourceIdRules) GetAllowedResourceTypeIds() []string { return nil } +func (x *RepeatedResourceIdRules) GetMinItems() uint64 { + if x != nil { + return x.xxx_hidden_MinItems + } + return 0 +} + +func (x *RepeatedResourceIdRules) GetMaxItems() uint64 { + if x != nil { + return x.xxx_hidden_MaxItems + } + return 0 +} + +func (x *RepeatedResourceIdRules) GetUnique() bool { + if x != nil { + return x.xxx_hidden_Unique + } + return false +} + +func (x *RepeatedResourceIdRules) GetValidateEmpty() bool { + if x != nil { + return x.xxx_hidden_ValidateEmpty + } + return false +} + +func (x *RepeatedResourceIdRules) GetIsRequired() bool { + if x != nil { + return x.xxx_hidden_IsRequired + } + return false +} + func (x *RepeatedResourceIdRules) SetAllowedResourceTypeIds(v []string) { x.xxx_hidden_AllowedResourceTypeIds = v } +func (x *RepeatedResourceIdRules) SetMinItems(v uint64) { + x.xxx_hidden_MinItems = v + protoimpl.X.SetPresent(&(x.XXX_presence[0]), 1, 6) +} + +func (x *RepeatedResourceIdRules) SetMaxItems(v uint64) { + x.xxx_hidden_MaxItems = v + protoimpl.X.SetPresent(&(x.XXX_presence[0]), 2, 6) +} + +func (x *RepeatedResourceIdRules) SetUnique(v bool) { + x.xxx_hidden_Unique = v +} + +func (x *RepeatedResourceIdRules) SetValidateEmpty(v bool) { + x.xxx_hidden_ValidateEmpty = v +} + +func (x *RepeatedResourceIdRules) SetIsRequired(v bool) { + x.xxx_hidden_IsRequired = v +} + +func (x *RepeatedResourceIdRules) HasMinItems() bool { + if x == nil { + return false + } + return protoimpl.X.Present(&(x.XXX_presence[0]), 1) +} + +func (x *RepeatedResourceIdRules) HasMaxItems() bool { + if x == nil { + return false + } + return protoimpl.X.Present(&(x.XXX_presence[0]), 2) +} + +func (x *RepeatedResourceIdRules) ClearMinItems() { + protoimpl.X.ClearPresent(&(x.XXX_presence[0]), 1) + x.xxx_hidden_MinItems = 0 +} + +func (x *RepeatedResourceIdRules) ClearMaxItems() { + protoimpl.X.ClearPresent(&(x.XXX_presence[0]), 2) + x.xxx_hidden_MaxItems = 0 +} + type RepeatedResourceIdRules_builder struct { _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. AllowedResourceTypeIds []string + // MinItems specifies that this field must have the specified number of + // items at a minimum + MinItems *uint64 + // MaxItems specifies that this field must have the specified number of + // items at a maximum + MaxItems *uint64 + // Unique specifies that all elements in this field must be unique. + Unique bool + // IgnoreEmpty specifies that the validation rules of this field should be + // evaluated only if the field is not empty + ValidateEmpty bool + IsRequired bool } func (b0 RepeatedResourceIdRules_builder) Build() *RepeatedResourceIdRules { @@ -1575,6 +1675,17 @@ func (b0 RepeatedResourceIdRules_builder) Build() *RepeatedResourceIdRules { b, x := &b0, m0 _, _ = b, x x.xxx_hidden_AllowedResourceTypeIds = b.AllowedResourceTypeIds + if b.MinItems != nil { + protoimpl.X.SetPresentNonAtomic(&(x.XXX_presence[0]), 1, 6) + x.xxx_hidden_MinItems = *b.MinItems + } + if b.MaxItems != nil { + protoimpl.X.SetPresentNonAtomic(&(x.XXX_presence[0]), 2, 6) + x.xxx_hidden_MaxItems = *b.MaxItems + } + x.xxx_hidden_Unique = b.Unique + x.xxx_hidden_ValidateEmpty = b.ValidateEmpty + x.xxx_hidden_IsRequired = b.IsRequired return m0 } @@ -1667,9 +1778,19 @@ const file_c1_config_v1_rules_proto_rawDesc = "" + "\vis_required\x18\x02 \x01(\bR\n" + "isRequired\"L\n" + "\x0fResourceIDRules\x129\n" + - "\x19allowed_resource_type_ids\x18\x01 \x03(\tR\x16allowedResourceTypeIds\"T\n" + + "\x19allowed_resource_type_ids\x18\x01 \x03(\tR\x16allowedResourceTypeIds\"\x94\x02\n" + "\x17RepeatedResourceIdRules\x129\n" + - "\x19allowed_resource_type_ids\x18\x01 \x03(\tR\x16allowedResourceTypeIds*\x99\x02\n" + + "\x19allowed_resource_type_ids\x18\x01 \x03(\tR\x16allowedResourceTypeIds\x12 \n" + + "\tmin_items\x18\x02 \x01(\x04H\x00R\bminItems\x88\x01\x01\x12 \n" + + "\tmax_items\x18\x03 \x01(\x04H\x01R\bmaxItems\x88\x01\x01\x12\x16\n" + + "\x06unique\x18\x04 \x01(\bR\x06unique\x12%\n" + + "\x0evalidate_empty\x18\x05 \x01(\bR\rvalidateEmpty\x12\x1f\n" + + "\vis_required\x18\x06 \x01(\bR\n" + + "isRequiredB\f\n" + + "\n" + + "_min_itemsB\f\n" + + "\n" + + "_max_items*\x99\x02\n" + "\x0fWellKnownString\x12!\n" + "\x1dWELL_KNOWN_STRING_UNSPECIFIED\x10\x00\x12\x1b\n" + "\x17WELL_KNOWN_STRING_EMAIL\x10\x01\x12\x1e\n" + @@ -1721,6 +1842,7 @@ func file_c1_config_v1_rules_proto_init() { } file_c1_config_v1_rules_proto_msgTypes[3].OneofWrappers = []any{} file_c1_config_v1_rules_proto_msgTypes[4].OneofWrappers = []any{} + file_c1_config_v1_rules_proto_msgTypes[7].OneofWrappers = []any{} type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_resource.pb.go b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_resource.pb.go new file mode 100644 index 00000000..39fa94b8 --- /dev/null +++ b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_resource.pb.go @@ -0,0 +1,110 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.10 +// protoc (unknown) +// source: c1/connector/v2/annotation_resource.proto + +//go:build !protoopaque + +package v2 + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + unsafe "unsafe" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// Resource was not deleted because the resource does not exist. +type ResourceDoesNotExist struct { + state protoimpl.MessageState `protogen:"hybrid.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ResourceDoesNotExist) Reset() { + *x = ResourceDoesNotExist{} + mi := &file_c1_connector_v2_annotation_resource_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ResourceDoesNotExist) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ResourceDoesNotExist) ProtoMessage() {} + +func (x *ResourceDoesNotExist) ProtoReflect() protoreflect.Message { + mi := &file_c1_connector_v2_annotation_resource_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +type ResourceDoesNotExist_builder struct { + _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. + +} + +func (b0 ResourceDoesNotExist_builder) Build() *ResourceDoesNotExist { + m0 := &ResourceDoesNotExist{} + b, x := &b0, m0 + _, _ = b, x + return m0 +} + +var File_c1_connector_v2_annotation_resource_proto protoreflect.FileDescriptor + +const file_c1_connector_v2_annotation_resource_proto_rawDesc = "" + + "\n" + + ")c1/connector/v2/annotation_resource.proto\x12\x0fc1.connector.v2\"\x16\n" + + "\x14ResourceDoesNotExistB6Z4github.com/conductorone/baton-sdk/pb/c1/connector/v2b\x06proto3" + +var file_c1_connector_v2_annotation_resource_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_c1_connector_v2_annotation_resource_proto_goTypes = []any{ + (*ResourceDoesNotExist)(nil), // 0: c1.connector.v2.ResourceDoesNotExist +} +var file_c1_connector_v2_annotation_resource_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_c1_connector_v2_annotation_resource_proto_init() } +func file_c1_connector_v2_annotation_resource_proto_init() { + if File_c1_connector_v2_annotation_resource_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_c1_connector_v2_annotation_resource_proto_rawDesc), len(file_c1_connector_v2_annotation_resource_proto_rawDesc)), + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_c1_connector_v2_annotation_resource_proto_goTypes, + DependencyIndexes: file_c1_connector_v2_annotation_resource_proto_depIdxs, + MessageInfos: file_c1_connector_v2_annotation_resource_proto_msgTypes, + }.Build() + File_c1_connector_v2_annotation_resource_proto = out.File + file_c1_connector_v2_annotation_resource_proto_goTypes = nil + file_c1_connector_v2_annotation_resource_proto_depIdxs = nil +} diff --git a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_resource.pb.validate.go b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_resource.pb.validate.go new file mode 100644 index 00000000..06cd9eab --- /dev/null +++ b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_resource.pb.validate.go @@ -0,0 +1,138 @@ +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: c1/connector/v2/annotation_resource.proto + +package v2 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on ResourceDoesNotExist with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *ResourceDoesNotExist) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on ResourceDoesNotExist with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// ResourceDoesNotExistMultiError, or nil if none found. +func (m *ResourceDoesNotExist) ValidateAll() error { + return m.validate(true) +} + +func (m *ResourceDoesNotExist) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if len(errors) > 0 { + return ResourceDoesNotExistMultiError(errors) + } + + return nil +} + +// ResourceDoesNotExistMultiError is an error wrapping multiple validation +// errors returned by ResourceDoesNotExist.ValidateAll() if the designated +// constraints aren't met. +type ResourceDoesNotExistMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m ResourceDoesNotExistMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m ResourceDoesNotExistMultiError) AllErrors() []error { return m } + +// ResourceDoesNotExistValidationError is the validation error returned by +// ResourceDoesNotExist.Validate if the designated constraints aren't met. +type ResourceDoesNotExistValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e ResourceDoesNotExistValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e ResourceDoesNotExistValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e ResourceDoesNotExistValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e ResourceDoesNotExistValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e ResourceDoesNotExistValidationError) ErrorName() string { + return "ResourceDoesNotExistValidationError" +} + +// Error satisfies the builtin error interface +func (e ResourceDoesNotExistValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sResourceDoesNotExist.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = ResourceDoesNotExistValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = ResourceDoesNotExistValidationError{} diff --git a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_resource_protoopaque.pb.go b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_resource_protoopaque.pb.go new file mode 100644 index 00000000..3c9ff590 --- /dev/null +++ b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_resource_protoopaque.pb.go @@ -0,0 +1,110 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.10 +// protoc (unknown) +// source: c1/connector/v2/annotation_resource.proto + +//go:build protoopaque + +package v2 + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + unsafe "unsafe" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// Resource was not deleted because the resource does not exist. +type ResourceDoesNotExist struct { + state protoimpl.MessageState `protogen:"opaque.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ResourceDoesNotExist) Reset() { + *x = ResourceDoesNotExist{} + mi := &file_c1_connector_v2_annotation_resource_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ResourceDoesNotExist) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ResourceDoesNotExist) ProtoMessage() {} + +func (x *ResourceDoesNotExist) ProtoReflect() protoreflect.Message { + mi := &file_c1_connector_v2_annotation_resource_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +type ResourceDoesNotExist_builder struct { + _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. + +} + +func (b0 ResourceDoesNotExist_builder) Build() *ResourceDoesNotExist { + m0 := &ResourceDoesNotExist{} + b, x := &b0, m0 + _, _ = b, x + return m0 +} + +var File_c1_connector_v2_annotation_resource_proto protoreflect.FileDescriptor + +const file_c1_connector_v2_annotation_resource_proto_rawDesc = "" + + "\n" + + ")c1/connector/v2/annotation_resource.proto\x12\x0fc1.connector.v2\"\x16\n" + + "\x14ResourceDoesNotExistB6Z4github.com/conductorone/baton-sdk/pb/c1/connector/v2b\x06proto3" + +var file_c1_connector_v2_annotation_resource_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_c1_connector_v2_annotation_resource_proto_goTypes = []any{ + (*ResourceDoesNotExist)(nil), // 0: c1.connector.v2.ResourceDoesNotExist +} +var file_c1_connector_v2_annotation_resource_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_c1_connector_v2_annotation_resource_proto_init() } +func file_c1_connector_v2_annotation_resource_proto_init() { + if File_c1_connector_v2_annotation_resource_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_c1_connector_v2_annotation_resource_proto_rawDesc), len(file_c1_connector_v2_annotation_resource_proto_rawDesc)), + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_c1_connector_v2_annotation_resource_proto_goTypes, + DependencyIndexes: file_c1_connector_v2_annotation_resource_proto_depIdxs, + MessageInfos: file_c1_connector_v2_annotation_resource_proto_msgTypes, + }.Build() + File_c1_connector_v2_annotation_resource_proto = out.File + file_c1_connector_v2_annotation_resource_proto_goTypes = nil + file_c1_connector_v2_annotation_resource_proto_depIdxs = nil +} diff --git a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_security_insight.pb.go b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_security_insight.pb.go index 9da76c41..354f27af 100644 --- a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_security_insight.pb.go +++ b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_security_insight.pb.go @@ -24,15 +24,152 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) +// RiskScore represents a risk score insight +type RiskScore struct { + state protoimpl.MessageState `protogen:"hybrid.v1"` + // The risk score value (e.g., "85", "High") + Value string `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *RiskScore) Reset() { + *x = RiskScore{} + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *RiskScore) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RiskScore) ProtoMessage() {} + +func (x *RiskScore) ProtoReflect() protoreflect.Message { + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +func (x *RiskScore) GetValue() string { + if x != nil { + return x.Value + } + return "" +} + +func (x *RiskScore) SetValue(v string) { + x.Value = v +} + +type RiskScore_builder struct { + _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. + + // The risk score value (e.g., "85", "High") + Value string +} + +func (b0 RiskScore_builder) Build() *RiskScore { + m0 := &RiskScore{} + b, x := &b0, m0 + _, _ = b, x + x.Value = b.Value + return m0 +} + +// Issue represents a security issue or vulnerability +type Issue struct { + state protoimpl.MessageState `protogen:"hybrid.v1"` + // The issue description or severity (e.g., "Critical", "CVE-2024-1234") + Value string `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"` + Severity string `protobuf:"bytes,2,opt,name=severity,proto3" json:"severity,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Issue) Reset() { + *x = Issue{} + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Issue) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Issue) ProtoMessage() {} + +func (x *Issue) ProtoReflect() protoreflect.Message { + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +func (x *Issue) GetValue() string { + if x != nil { + return x.Value + } + return "" +} + +func (x *Issue) GetSeverity() string { + if x != nil { + return x.Severity + } + return "" +} + +func (x *Issue) SetValue(v string) { + x.Value = v +} + +func (x *Issue) SetSeverity(v string) { + x.Severity = v +} + +type Issue_builder struct { + _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. + + // The issue description or severity (e.g., "Critical", "CVE-2024-1234") + Value string + Severity string +} + +func (b0 Issue_builder) Build() *Issue { + m0 := &Issue{} + b, x := &b0, m0 + _, _ = b, x + x.Value = b.Value + x.Severity = b.Severity + return m0 +} + // SecurityInsightTrait is the trait annotation for resources with TRAIT_SECURITY_INSIGHT. // It contains the metadata for the security insight including type, value, observation time, // and the target entity (user or resource) that this insight should be bound to. type SecurityInsightTrait struct { state protoimpl.MessageState `protogen:"hybrid.v1"` - // The type of insight (e.g., "crowdstrike_zta_score", "wiz_critical_vulnerability") - InsightType string `protobuf:"bytes,1,opt,name=insight_type,json=insightType,proto3" json:"insight_type,omitempty"` - // The value of the insight (e.g., "85", "High", "Critical") - Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` + // The type and value of the insight + // + // Types that are valid to be assigned to InsightType: + // + // *SecurityInsightTrait_RiskScore + // *SecurityInsightTrait_Issue + InsightType isSecurityInsightTrait_InsightType `protobuf_oneof:"insight_type"` // When this insight was observed/captured from the source system ObservedAt *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=observed_at,json=observedAt,proto3" json:"observed_at,omitempty"` // The target entity this insight should be bound to @@ -42,6 +179,7 @@ type SecurityInsightTrait struct { // *SecurityInsightTrait_User // *SecurityInsightTrait_ResourceId // *SecurityInsightTrait_ExternalResource + // *SecurityInsightTrait_AppUser Target isSecurityInsightTrait_Target `protobuf_oneof:"target"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache @@ -49,7 +187,7 @@ type SecurityInsightTrait struct { func (x *SecurityInsightTrait) Reset() { *x = SecurityInsightTrait{} - mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[0] + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -61,7 +199,7 @@ func (x *SecurityInsightTrait) String() string { func (*SecurityInsightTrait) ProtoMessage() {} func (x *SecurityInsightTrait) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[0] + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[2] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -72,18 +210,29 @@ func (x *SecurityInsightTrait) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -func (x *SecurityInsightTrait) GetInsightType() string { +func (x *SecurityInsightTrait) GetInsightType() isSecurityInsightTrait_InsightType { if x != nil { return x.InsightType } - return "" + return nil } -func (x *SecurityInsightTrait) GetValue() string { +func (x *SecurityInsightTrait) GetRiskScore() *RiskScore { if x != nil { - return x.Value + if x, ok := x.InsightType.(*SecurityInsightTrait_RiskScore); ok { + return x.RiskScore + } } - return "" + return nil +} + +func (x *SecurityInsightTrait) GetIssue() *Issue { + if x != nil { + if x, ok := x.InsightType.(*SecurityInsightTrait_Issue); ok { + return x.Issue + } + } + return nil } func (x *SecurityInsightTrait) GetObservedAt() *timestamppb.Timestamp { @@ -127,12 +276,29 @@ func (x *SecurityInsightTrait) GetExternalResource() *SecurityInsightTrait_Exter return nil } -func (x *SecurityInsightTrait) SetInsightType(v string) { - x.InsightType = v +func (x *SecurityInsightTrait) GetAppUser() *SecurityInsightTrait_AppUserTarget { + if x != nil { + if x, ok := x.Target.(*SecurityInsightTrait_AppUser); ok { + return x.AppUser + } + } + return nil } -func (x *SecurityInsightTrait) SetValue(v string) { - x.Value = v +func (x *SecurityInsightTrait) SetRiskScore(v *RiskScore) { + if v == nil { + x.InsightType = nil + return + } + x.InsightType = &SecurityInsightTrait_RiskScore{v} +} + +func (x *SecurityInsightTrait) SetIssue(v *Issue) { + if v == nil { + x.InsightType = nil + return + } + x.InsightType = &SecurityInsightTrait_Issue{v} } func (x *SecurityInsightTrait) SetObservedAt(v *timestamppb.Timestamp) { @@ -163,6 +329,37 @@ func (x *SecurityInsightTrait) SetExternalResource(v *SecurityInsightTrait_Exter x.Target = &SecurityInsightTrait_ExternalResource{v} } +func (x *SecurityInsightTrait) SetAppUser(v *SecurityInsightTrait_AppUserTarget) { + if v == nil { + x.Target = nil + return + } + x.Target = &SecurityInsightTrait_AppUser{v} +} + +func (x *SecurityInsightTrait) HasInsightType() bool { + if x == nil { + return false + } + return x.InsightType != nil +} + +func (x *SecurityInsightTrait) HasRiskScore() bool { + if x == nil { + return false + } + _, ok := x.InsightType.(*SecurityInsightTrait_RiskScore) + return ok +} + +func (x *SecurityInsightTrait) HasIssue() bool { + if x == nil { + return false + } + _, ok := x.InsightType.(*SecurityInsightTrait_Issue) + return ok +} + func (x *SecurityInsightTrait) HasObservedAt() bool { if x == nil { return false @@ -201,6 +398,30 @@ func (x *SecurityInsightTrait) HasExternalResource() bool { return ok } +func (x *SecurityInsightTrait) HasAppUser() bool { + if x == nil { + return false + } + _, ok := x.Target.(*SecurityInsightTrait_AppUser) + return ok +} + +func (x *SecurityInsightTrait) ClearInsightType() { + x.InsightType = nil +} + +func (x *SecurityInsightTrait) ClearRiskScore() { + if _, ok := x.InsightType.(*SecurityInsightTrait_RiskScore); ok { + x.InsightType = nil + } +} + +func (x *SecurityInsightTrait) ClearIssue() { + if _, ok := x.InsightType.(*SecurityInsightTrait_Issue); ok { + x.InsightType = nil + } +} + func (x *SecurityInsightTrait) ClearObservedAt() { x.ObservedAt = nil } @@ -227,10 +448,35 @@ func (x *SecurityInsightTrait) ClearExternalResource() { } } +func (x *SecurityInsightTrait) ClearAppUser() { + if _, ok := x.Target.(*SecurityInsightTrait_AppUser); ok { + x.Target = nil + } +} + +const SecurityInsightTrait_InsightType_not_set_case case_SecurityInsightTrait_InsightType = 0 +const SecurityInsightTrait_RiskScore_case case_SecurityInsightTrait_InsightType = 1 +const SecurityInsightTrait_Issue_case case_SecurityInsightTrait_InsightType = 2 + +func (x *SecurityInsightTrait) WhichInsightType() case_SecurityInsightTrait_InsightType { + if x == nil { + return SecurityInsightTrait_InsightType_not_set_case + } + switch x.InsightType.(type) { + case *SecurityInsightTrait_RiskScore: + return SecurityInsightTrait_RiskScore_case + case *SecurityInsightTrait_Issue: + return SecurityInsightTrait_Issue_case + default: + return SecurityInsightTrait_InsightType_not_set_case + } +} + const SecurityInsightTrait_Target_not_set_case case_SecurityInsightTrait_Target = 0 const SecurityInsightTrait_User_case case_SecurityInsightTrait_Target = 4 const SecurityInsightTrait_ResourceId_case case_SecurityInsightTrait_Target = 5 const SecurityInsightTrait_ExternalResource_case case_SecurityInsightTrait_Target = 6 +const SecurityInsightTrait_AppUser_case case_SecurityInsightTrait_Target = 7 func (x *SecurityInsightTrait) WhichTarget() case_SecurityInsightTrait_Target { if x == nil { @@ -243,6 +489,8 @@ func (x *SecurityInsightTrait) WhichTarget() case_SecurityInsightTrait_Target { return SecurityInsightTrait_ResourceId_case case *SecurityInsightTrait_ExternalResource: return SecurityInsightTrait_ExternalResource_case + case *SecurityInsightTrait_AppUser: + return SecurityInsightTrait_AppUser_case default: return SecurityInsightTrait_Target_not_set_case } @@ -251,10 +499,12 @@ func (x *SecurityInsightTrait) WhichTarget() case_SecurityInsightTrait_Target { type SecurityInsightTrait_builder struct { _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. - // The type of insight (e.g., "crowdstrike_zta_score", "wiz_critical_vulnerability") - InsightType string - // The value of the insight (e.g., "85", "High", "Critical") - Value string + // The type and value of the insight + + // Fields of oneof InsightType: + RiskScore *RiskScore + Issue *Issue + // -- end of InsightType // When this insight was observed/captured from the source system ObservedAt *timestamppb.Timestamp // The target entity this insight should be bound to @@ -266,6 +516,8 @@ type SecurityInsightTrait_builder struct { ResourceId *ResourceId // For binding to an AppResource by external ID ExternalResource *SecurityInsightTrait_ExternalResourceTarget + // For binding to an AppUser by email address + AppUser *SecurityInsightTrait_AppUserTarget // -- end of Target } @@ -273,8 +525,12 @@ func (b0 SecurityInsightTrait_builder) Build() *SecurityInsightTrait { m0 := &SecurityInsightTrait{} b, x := &b0, m0 _, _ = b, x - x.InsightType = b.InsightType - x.Value = b.Value + if b.RiskScore != nil { + x.InsightType = &SecurityInsightTrait_RiskScore{b.RiskScore} + } + if b.Issue != nil { + x.InsightType = &SecurityInsightTrait_Issue{b.Issue} + } x.ObservedAt = b.ObservedAt if b.User != nil { x.Target = &SecurityInsightTrait_User{b.User} @@ -285,19 +541,48 @@ func (b0 SecurityInsightTrait_builder) Build() *SecurityInsightTrait { if b.ExternalResource != nil { x.Target = &SecurityInsightTrait_ExternalResource{b.ExternalResource} } + if b.AppUser != nil { + x.Target = &SecurityInsightTrait_AppUser{b.AppUser} + } return m0 } +type case_SecurityInsightTrait_InsightType protoreflect.FieldNumber + +func (x case_SecurityInsightTrait_InsightType) String() string { + md := file_c1_connector_v2_annotation_security_insight_proto_msgTypes[2].Descriptor() + if x == 0 { + return "not set" + } + return protoimpl.X.MessageFieldStringOf(md, protoreflect.FieldNumber(x)) +} + type case_SecurityInsightTrait_Target protoreflect.FieldNumber func (x case_SecurityInsightTrait_Target) String() string { - md := file_c1_connector_v2_annotation_security_insight_proto_msgTypes[0].Descriptor() + md := file_c1_connector_v2_annotation_security_insight_proto_msgTypes[2].Descriptor() if x == 0 { return "not set" } return protoimpl.X.MessageFieldStringOf(md, protoreflect.FieldNumber(x)) } +type isSecurityInsightTrait_InsightType interface { + isSecurityInsightTrait_InsightType() +} + +type SecurityInsightTrait_RiskScore struct { + RiskScore *RiskScore `protobuf:"bytes,1,opt,name=risk_score,json=riskScore,proto3,oneof"` +} + +type SecurityInsightTrait_Issue struct { + Issue *Issue `protobuf:"bytes,2,opt,name=issue,proto3,oneof"` +} + +func (*SecurityInsightTrait_RiskScore) isSecurityInsightTrait_InsightType() {} + +func (*SecurityInsightTrait_Issue) isSecurityInsightTrait_InsightType() {} + type isSecurityInsightTrait_Target interface { isSecurityInsightTrait_Target() } @@ -317,12 +602,19 @@ type SecurityInsightTrait_ExternalResource struct { ExternalResource *SecurityInsightTrait_ExternalResourceTarget `protobuf:"bytes,6,opt,name=external_resource,json=externalResource,proto3,oneof"` } +type SecurityInsightTrait_AppUser struct { + // For binding to an AppUser by email address + AppUser *SecurityInsightTrait_AppUserTarget `protobuf:"bytes,7,opt,name=app_user,json=appUser,proto3,oneof"` +} + func (*SecurityInsightTrait_User) isSecurityInsightTrait_Target() {} func (*SecurityInsightTrait_ResourceId) isSecurityInsightTrait_Target() {} func (*SecurityInsightTrait_ExternalResource) isSecurityInsightTrait_Target() {} +func (*SecurityInsightTrait_AppUser) isSecurityInsightTrait_Target() {} + // UserTarget identifies a user by email for resolution to a C1 User type SecurityInsightTrait_UserTarget struct { state protoimpl.MessageState `protogen:"hybrid.v1"` @@ -333,7 +625,7 @@ type SecurityInsightTrait_UserTarget struct { func (x *SecurityInsightTrait_UserTarget) Reset() { *x = SecurityInsightTrait_UserTarget{} - mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[1] + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -345,7 +637,7 @@ func (x *SecurityInsightTrait_UserTarget) String() string { func (*SecurityInsightTrait_UserTarget) ProtoMessage() {} func (x *SecurityInsightTrait_UserTarget) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[1] + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[3] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -381,6 +673,80 @@ func (b0 SecurityInsightTrait_UserTarget_builder) Build() *SecurityInsightTrait_ return m0 } +// AppUserTarget identifies a user by email for resolution to an AppUser. +type SecurityInsightTrait_AppUserTarget struct { + state protoimpl.MessageState `protogen:"hybrid.v1"` + Email string `protobuf:"bytes,1,opt,name=email,proto3" json:"email,omitempty"` + // The external identifier of the user (e.g., ID, GUID, etc.) + ExternalId string `protobuf:"bytes,2,opt,name=external_id,json=externalId,proto3" json:"external_id,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *SecurityInsightTrait_AppUserTarget) Reset() { + *x = SecurityInsightTrait_AppUserTarget{} + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *SecurityInsightTrait_AppUserTarget) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SecurityInsightTrait_AppUserTarget) ProtoMessage() {} + +func (x *SecurityInsightTrait_AppUserTarget) ProtoReflect() protoreflect.Message { + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +func (x *SecurityInsightTrait_AppUserTarget) GetEmail() string { + if x != nil { + return x.Email + } + return "" +} + +func (x *SecurityInsightTrait_AppUserTarget) GetExternalId() string { + if x != nil { + return x.ExternalId + } + return "" +} + +func (x *SecurityInsightTrait_AppUserTarget) SetEmail(v string) { + x.Email = v +} + +func (x *SecurityInsightTrait_AppUserTarget) SetExternalId(v string) { + x.ExternalId = v +} + +type SecurityInsightTrait_AppUserTarget_builder struct { + _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. + + Email string + // The external identifier of the user (e.g., ID, GUID, etc.) + ExternalId string +} + +func (b0 SecurityInsightTrait_AppUserTarget_builder) Build() *SecurityInsightTrait_AppUserTarget { + m0 := &SecurityInsightTrait_AppUserTarget{} + b, x := &b0, m0 + _, _ = b, x + x.Email = b.Email + x.ExternalId = b.ExternalId + return m0 +} + // ExternalResourceTarget identifies a resource by external ID for resolution to an AppResource. // Use this when the connector doesn't sync the target resource itself. type SecurityInsightTrait_ExternalResourceTarget struct { @@ -395,7 +761,7 @@ type SecurityInsightTrait_ExternalResourceTarget struct { func (x *SecurityInsightTrait_ExternalResourceTarget) Reset() { *x = SecurityInsightTrait_ExternalResourceTarget{} - mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[2] + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -407,7 +773,7 @@ func (x *SecurityInsightTrait_ExternalResourceTarget) String() string { func (*SecurityInsightTrait_ExternalResourceTarget) ProtoMessage() {} func (x *SecurityInsightTrait_ExternalResourceTarget) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[2] + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[5] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -462,46 +828,64 @@ var File_c1_connector_v2_annotation_security_insight_proto protoreflect.FileDesc const file_c1_connector_v2_annotation_security_insight_proto_rawDesc = "" + "\n" + - "1c1/connector/v2/annotation_security_insight.proto\x12\x0fc1.connector.v2\x1a\x1ec1/connector/v2/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17validate/validate.proto\"\xc9\x04\n" + - "\x14SecurityInsightTrait\x12-\n" + - "\finsight_type\x18\x01 \x01(\tB\n" + - "\xfaB\ar\x05 \x01(\x80\bR\vinsightType\x12 \n" + - "\x05value\x18\x02 \x01(\tB\n" + - "\xfaB\ar\x05 \x01(\x80\bR\x05value\x12;\n" + + "1c1/connector/v2/annotation_security_insight.proto\x12\x0fc1.connector.v2\x1a\x1ec1/connector/v2/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17validate/validate.proto\"!\n" + + "\tRiskScore\x12\x14\n" + + "\x05value\x18\x01 \x01(\tR\x05value\"E\n" + + "\x05Issue\x12\x14\n" + + "\x05value\x18\x01 \x01(\tR\x05value\x12&\n" + + "\bseverity\x18\x02 \x01(\tB\n" + + "\xfaB\ar\x05 \x00(\x80\bR\bseverity\"\xae\x06\n" + + "\x14SecurityInsightTrait\x12;\n" + + "\n" + + "risk_score\x18\x01 \x01(\v2\x1a.c1.connector.v2.RiskScoreH\x00R\triskScore\x12.\n" + + "\x05issue\x18\x02 \x01(\v2\x16.c1.connector.v2.IssueH\x00R\x05issue\x12;\n" + "\vobserved_at\x18\x03 \x01(\v2\x1a.google.protobuf.TimestampR\n" + "observedAt\x12F\n" + - "\x04user\x18\x04 \x01(\v20.c1.connector.v2.SecurityInsightTrait.UserTargetH\x00R\x04user\x12>\n" + - "\vresource_id\x18\x05 \x01(\v2\x1b.c1.connector.v2.ResourceIdH\x00R\n" + + "\x04user\x18\x04 \x01(\v20.c1.connector.v2.SecurityInsightTrait.UserTargetH\x01R\x04user\x12>\n" + + "\vresource_id\x18\x05 \x01(\v2\x1b.c1.connector.v2.ResourceIdH\x01R\n" + "resourceId\x12k\n" + - "\x11external_resource\x18\x06 \x01(\v2<.c1.connector.v2.SecurityInsightTrait.ExternalResourceTargetH\x00R\x10externalResource\x1a0\n" + + "\x11external_resource\x18\x06 \x01(\v2<.c1.connector.v2.SecurityInsightTrait.ExternalResourceTargetH\x01R\x10externalResource\x12P\n" + + "\bapp_user\x18\a \x01(\v23.c1.connector.v2.SecurityInsightTrait.AppUserTargetH\x01R\aappUser\x1a0\n" + "\n" + "UserTarget\x12\"\n" + - "\x05email\x18\x01 \x01(\tB\f\xfaB\tr\a \x01(\x80\b`\x01R\x05email\x1am\n" + + "\x05email\x18\x01 \x01(\tB\f\xfaB\tr\a \x01(\x80\b`\x01R\x05email\x1a`\n" + + "\rAppUserTarget\x12\"\n" + + "\x05email\x18\x01 \x01(\tB\f\xfaB\tr\a \x01(\x80\b`\x01R\x05email\x12+\n" + + "\vexternal_id\x18\x02 \x01(\tB\n" + + "\xfaB\ar\x05 \x01(\x80 R\n" + + "externalId\x1am\n" + "\x16ExternalResourceTarget\x12+\n" + "\vexternal_id\x18\x01 \x01(\tB\n" + "\xfaB\ar\x05 \x01(\x80 R\n" + "externalId\x12&\n" + - "\bapp_hint\x18\x02 \x01(\tB\v\xfaB\br\x06(\x80\b\xd0\x01\x01R\aappHintB\r\n" + + "\bapp_hint\x18\x02 \x01(\tB\v\xfaB\br\x06(\x80\b\xd0\x01\x01R\aappHintB\x13\n" + + "\finsight_type\x12\x03\xf8B\x01B\r\n" + "\x06target\x12\x03\xf8B\x01B6Z4github.com/conductorone/baton-sdk/pb/c1/connector/v2b\x06proto3" -var file_c1_connector_v2_annotation_security_insight_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_c1_connector_v2_annotation_security_insight_proto_msgTypes = make([]protoimpl.MessageInfo, 6) var file_c1_connector_v2_annotation_security_insight_proto_goTypes = []any{ - (*SecurityInsightTrait)(nil), // 0: c1.connector.v2.SecurityInsightTrait - (*SecurityInsightTrait_UserTarget)(nil), // 1: c1.connector.v2.SecurityInsightTrait.UserTarget - (*SecurityInsightTrait_ExternalResourceTarget)(nil), // 2: c1.connector.v2.SecurityInsightTrait.ExternalResourceTarget - (*timestamppb.Timestamp)(nil), // 3: google.protobuf.Timestamp - (*ResourceId)(nil), // 4: c1.connector.v2.ResourceId + (*RiskScore)(nil), // 0: c1.connector.v2.RiskScore + (*Issue)(nil), // 1: c1.connector.v2.Issue + (*SecurityInsightTrait)(nil), // 2: c1.connector.v2.SecurityInsightTrait + (*SecurityInsightTrait_UserTarget)(nil), // 3: c1.connector.v2.SecurityInsightTrait.UserTarget + (*SecurityInsightTrait_AppUserTarget)(nil), // 4: c1.connector.v2.SecurityInsightTrait.AppUserTarget + (*SecurityInsightTrait_ExternalResourceTarget)(nil), // 5: c1.connector.v2.SecurityInsightTrait.ExternalResourceTarget + (*timestamppb.Timestamp)(nil), // 6: google.protobuf.Timestamp + (*ResourceId)(nil), // 7: c1.connector.v2.ResourceId } var file_c1_connector_v2_annotation_security_insight_proto_depIdxs = []int32{ - 3, // 0: c1.connector.v2.SecurityInsightTrait.observed_at:type_name -> google.protobuf.Timestamp - 1, // 1: c1.connector.v2.SecurityInsightTrait.user:type_name -> c1.connector.v2.SecurityInsightTrait.UserTarget - 4, // 2: c1.connector.v2.SecurityInsightTrait.resource_id:type_name -> c1.connector.v2.ResourceId - 2, // 3: c1.connector.v2.SecurityInsightTrait.external_resource:type_name -> c1.connector.v2.SecurityInsightTrait.ExternalResourceTarget - 4, // [4:4] is the sub-list for method output_type - 4, // [4:4] is the sub-list for method input_type - 4, // [4:4] is the sub-list for extension type_name - 4, // [4:4] is the sub-list for extension extendee - 0, // [0:4] is the sub-list for field type_name + 0, // 0: c1.connector.v2.SecurityInsightTrait.risk_score:type_name -> c1.connector.v2.RiskScore + 1, // 1: c1.connector.v2.SecurityInsightTrait.issue:type_name -> c1.connector.v2.Issue + 6, // 2: c1.connector.v2.SecurityInsightTrait.observed_at:type_name -> google.protobuf.Timestamp + 3, // 3: c1.connector.v2.SecurityInsightTrait.user:type_name -> c1.connector.v2.SecurityInsightTrait.UserTarget + 7, // 4: c1.connector.v2.SecurityInsightTrait.resource_id:type_name -> c1.connector.v2.ResourceId + 5, // 5: c1.connector.v2.SecurityInsightTrait.external_resource:type_name -> c1.connector.v2.SecurityInsightTrait.ExternalResourceTarget + 4, // 6: c1.connector.v2.SecurityInsightTrait.app_user:type_name -> c1.connector.v2.SecurityInsightTrait.AppUserTarget + 7, // [7:7] is the sub-list for method output_type + 7, // [7:7] is the sub-list for method input_type + 7, // [7:7] is the sub-list for extension type_name + 7, // [7:7] is the sub-list for extension extendee + 0, // [0:7] is the sub-list for field type_name } func init() { file_c1_connector_v2_annotation_security_insight_proto_init() } @@ -510,10 +894,13 @@ func file_c1_connector_v2_annotation_security_insight_proto_init() { return } file_c1_connector_v2_resource_proto_init() - file_c1_connector_v2_annotation_security_insight_proto_msgTypes[0].OneofWrappers = []any{ + file_c1_connector_v2_annotation_security_insight_proto_msgTypes[2].OneofWrappers = []any{ + (*SecurityInsightTrait_RiskScore)(nil), + (*SecurityInsightTrait_Issue)(nil), (*SecurityInsightTrait_User)(nil), (*SecurityInsightTrait_ResourceId)(nil), (*SecurityInsightTrait_ExternalResource)(nil), + (*SecurityInsightTrait_AppUser)(nil), } type x struct{} out := protoimpl.TypeBuilder{ @@ -521,7 +908,7 @@ func file_c1_connector_v2_annotation_security_insight_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_c1_connector_v2_annotation_security_insight_proto_rawDesc), len(file_c1_connector_v2_annotation_security_insight_proto_rawDesc)), NumEnums: 0, - NumMessages: 3, + NumMessages: 6, NumExtensions: 0, NumServices: 0, }, diff --git a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_security_insight.pb.validate.go b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_security_insight.pb.validate.go index b550d79e..6b83aee6 100644 --- a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_security_insight.pb.validate.go +++ b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_security_insight.pb.validate.go @@ -35,6 +35,218 @@ var ( _ = sort.Sort ) +// Validate checks the field values on RiskScore with the rules defined in the +// proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *RiskScore) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on RiskScore with the rules defined in +// the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in RiskScoreMultiError, or nil +// if none found. +func (m *RiskScore) ValidateAll() error { + return m.validate(true) +} + +func (m *RiskScore) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Value + + if len(errors) > 0 { + return RiskScoreMultiError(errors) + } + + return nil +} + +// RiskScoreMultiError is an error wrapping multiple validation errors returned +// by RiskScore.ValidateAll() if the designated constraints aren't met. +type RiskScoreMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m RiskScoreMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m RiskScoreMultiError) AllErrors() []error { return m } + +// RiskScoreValidationError is the validation error returned by +// RiskScore.Validate if the designated constraints aren't met. +type RiskScoreValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e RiskScoreValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e RiskScoreValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e RiskScoreValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e RiskScoreValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e RiskScoreValidationError) ErrorName() string { return "RiskScoreValidationError" } + +// Error satisfies the builtin error interface +func (e RiskScoreValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sRiskScore.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = RiskScoreValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = RiskScoreValidationError{} + +// Validate checks the field values on Issue with the rules defined in the +// proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *Issue) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on Issue with the rules defined in the +// proto definition for this message. If any rules are violated, the result is +// a list of violation errors wrapped in IssueMultiError, or nil if none found. +func (m *Issue) ValidateAll() error { + return m.validate(true) +} + +func (m *Issue) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Value + + if l := len(m.GetSeverity()); l < 0 || l > 1024 { + err := IssueValidationError{ + field: "Severity", + reason: "value length must be between 0 and 1024 bytes, inclusive", + } + if !all { + return err + } + errors = append(errors, err) + } + + if len(errors) > 0 { + return IssueMultiError(errors) + } + + return nil +} + +// IssueMultiError is an error wrapping multiple validation errors returned by +// Issue.ValidateAll() if the designated constraints aren't met. +type IssueMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m IssueMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m IssueMultiError) AllErrors() []error { return m } + +// IssueValidationError is the validation error returned by Issue.Validate if +// the designated constraints aren't met. +type IssueValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e IssueValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e IssueValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e IssueValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e IssueValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e IssueValidationError) ErrorName() string { return "IssueValidationError" } + +// Error satisfies the builtin error interface +func (e IssueValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sIssue.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = IssueValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = IssueValidationError{} + // Validate checks the field values on SecurityInsightTrait with the rules // defined in the proto definition for this message. If any rules are // violated, the first error encountered is returned, or nil if there are no violations. @@ -57,28 +269,6 @@ func (m *SecurityInsightTrait) validate(all bool) error { var errors []error - if l := len(m.GetInsightType()); l < 1 || l > 1024 { - err := SecurityInsightTraitValidationError{ - field: "InsightType", - reason: "value length must be between 1 and 1024 bytes, inclusive", - } - if !all { - return err - } - errors = append(errors, err) - } - - if l := len(m.GetValue()); l < 1 || l > 1024 { - err := SecurityInsightTraitValidationError{ - field: "Value", - reason: "value length must be between 1 and 1024 bytes, inclusive", - } - if !all { - return err - } - errors = append(errors, err) - } - if all { switch v := interface{}(m.GetObservedAt()).(type) { case interface{ ValidateAll() error }: @@ -108,6 +298,105 @@ func (m *SecurityInsightTrait) validate(all bool) error { } } + oneofInsightTypePresent := false + switch v := m.InsightType.(type) { + case *SecurityInsightTrait_RiskScore: + if v == nil { + err := SecurityInsightTraitValidationError{ + field: "InsightType", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + oneofInsightTypePresent = true + + if all { + switch v := interface{}(m.GetRiskScore()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, SecurityInsightTraitValidationError{ + field: "RiskScore", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, SecurityInsightTraitValidationError{ + field: "RiskScore", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetRiskScore()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return SecurityInsightTraitValidationError{ + field: "RiskScore", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *SecurityInsightTrait_Issue: + if v == nil { + err := SecurityInsightTraitValidationError{ + field: "InsightType", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + oneofInsightTypePresent = true + + if all { + switch v := interface{}(m.GetIssue()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, SecurityInsightTraitValidationError{ + field: "Issue", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, SecurityInsightTraitValidationError{ + field: "Issue", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetIssue()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return SecurityInsightTraitValidationError{ + field: "Issue", + reason: "embedded message failed validation", + cause: err, + } + } + } + + default: + _ = v // ensures v is used + } + if !oneofInsightTypePresent { + err := SecurityInsightTraitValidationError{ + field: "InsightType", + reason: "value is required", + } + if !all { + return err + } + errors = append(errors, err) + } oneofTargetPresent := false switch v := m.Target.(type) { case *SecurityInsightTrait_User: @@ -236,6 +525,48 @@ func (m *SecurityInsightTrait) validate(all bool) error { } } + case *SecurityInsightTrait_AppUser: + if v == nil { + err := SecurityInsightTraitValidationError{ + field: "Target", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + oneofTargetPresent = true + + if all { + switch v := interface{}(m.GetAppUser()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, SecurityInsightTraitValidationError{ + field: "AppUser", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, SecurityInsightTraitValidationError{ + field: "AppUser", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetAppUser()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return SecurityInsightTraitValidationError{ + field: "AppUser", + reason: "embedded message failed validation", + cause: err, + } + } + } + default: _ = v // ensures v is used } @@ -506,6 +837,195 @@ var _ interface { ErrorName() string } = SecurityInsightTrait_UserTargetValidationError{} +// Validate checks the field values on SecurityInsightTrait_AppUserTarget with +// the rules defined in the proto definition for this message. If any rules +// are violated, the first error encountered is returned, or nil if there are +// no violations. +func (m *SecurityInsightTrait_AppUserTarget) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on SecurityInsightTrait_AppUserTarget +// with the rules defined in the proto definition for this message. If any +// rules are violated, the result is a list of violation errors wrapped in +// SecurityInsightTrait_AppUserTargetMultiError, or nil if none found. +func (m *SecurityInsightTrait_AppUserTarget) ValidateAll() error { + return m.validate(true) +} + +func (m *SecurityInsightTrait_AppUserTarget) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if l := len(m.GetEmail()); l < 1 || l > 1024 { + err := SecurityInsightTrait_AppUserTargetValidationError{ + field: "Email", + reason: "value length must be between 1 and 1024 bytes, inclusive", + } + if !all { + return err + } + errors = append(errors, err) + } + + if err := m._validateEmail(m.GetEmail()); err != nil { + err = SecurityInsightTrait_AppUserTargetValidationError{ + field: "Email", + reason: "value must be a valid email address", + cause: err, + } + if !all { + return err + } + errors = append(errors, err) + } + + if l := len(m.GetExternalId()); l < 1 || l > 4096 { + err := SecurityInsightTrait_AppUserTargetValidationError{ + field: "ExternalId", + reason: "value length must be between 1 and 4096 bytes, inclusive", + } + if !all { + return err + } + errors = append(errors, err) + } + + if len(errors) > 0 { + return SecurityInsightTrait_AppUserTargetMultiError(errors) + } + + return nil +} + +func (m *SecurityInsightTrait_AppUserTarget) _validateHostname(host string) error { + s := strings.ToLower(strings.TrimSuffix(host, ".")) + + if len(host) > 253 { + return errors.New("hostname cannot exceed 253 characters") + } + + for _, part := range strings.Split(s, ".") { + if l := len(part); l == 0 || l > 63 { + return errors.New("hostname part must be non-empty and cannot exceed 63 characters") + } + + if part[0] == '-' { + return errors.New("hostname parts cannot begin with hyphens") + } + + if part[len(part)-1] == '-' { + return errors.New("hostname parts cannot end with hyphens") + } + + for _, r := range part { + if (r < 'a' || r > 'z') && (r < '0' || r > '9') && r != '-' { + return fmt.Errorf("hostname parts can only contain alphanumeric characters or hyphens, got %q", string(r)) + } + } + } + + return nil +} + +func (m *SecurityInsightTrait_AppUserTarget) _validateEmail(addr string) error { + a, err := mail.ParseAddress(addr) + if err != nil { + return err + } + addr = a.Address + + if len(addr) > 254 { + return errors.New("email addresses cannot exceed 254 characters") + } + + parts := strings.SplitN(addr, "@", 2) + + if len(parts[0]) > 64 { + return errors.New("email address local phrase cannot exceed 64 characters") + } + + return m._validateHostname(parts[1]) +} + +// SecurityInsightTrait_AppUserTargetMultiError is an error wrapping multiple +// validation errors returned by +// SecurityInsightTrait_AppUserTarget.ValidateAll() if the designated +// constraints aren't met. +type SecurityInsightTrait_AppUserTargetMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m SecurityInsightTrait_AppUserTargetMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m SecurityInsightTrait_AppUserTargetMultiError) AllErrors() []error { return m } + +// SecurityInsightTrait_AppUserTargetValidationError is the validation error +// returned by SecurityInsightTrait_AppUserTarget.Validate if the designated +// constraints aren't met. +type SecurityInsightTrait_AppUserTargetValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e SecurityInsightTrait_AppUserTargetValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e SecurityInsightTrait_AppUserTargetValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e SecurityInsightTrait_AppUserTargetValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e SecurityInsightTrait_AppUserTargetValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e SecurityInsightTrait_AppUserTargetValidationError) ErrorName() string { + return "SecurityInsightTrait_AppUserTargetValidationError" +} + +// Error satisfies the builtin error interface +func (e SecurityInsightTrait_AppUserTargetValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sSecurityInsightTrait_AppUserTarget.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = SecurityInsightTrait_AppUserTargetValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = SecurityInsightTrait_AppUserTargetValidationError{} + // Validate checks the field values on // SecurityInsightTrait_ExternalResourceTarget with the rules defined in the // proto definition for this message. If any rules are violated, the first diff --git a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_security_insight_protoopaque.pb.go b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_security_insight_protoopaque.pb.go index 184346c1..394575c8 100644 --- a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_security_insight_protoopaque.pb.go +++ b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_security_insight_protoopaque.pb.go @@ -24,22 +24,153 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) +// RiskScore represents a risk score insight +type RiskScore struct { + state protoimpl.MessageState `protogen:"opaque.v1"` + xxx_hidden_Value string `protobuf:"bytes,1,opt,name=value,proto3"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *RiskScore) Reset() { + *x = RiskScore{} + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *RiskScore) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RiskScore) ProtoMessage() {} + +func (x *RiskScore) ProtoReflect() protoreflect.Message { + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +func (x *RiskScore) GetValue() string { + if x != nil { + return x.xxx_hidden_Value + } + return "" +} + +func (x *RiskScore) SetValue(v string) { + x.xxx_hidden_Value = v +} + +type RiskScore_builder struct { + _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. + + // The risk score value (e.g., "85", "High") + Value string +} + +func (b0 RiskScore_builder) Build() *RiskScore { + m0 := &RiskScore{} + b, x := &b0, m0 + _, _ = b, x + x.xxx_hidden_Value = b.Value + return m0 +} + +// Issue represents a security issue or vulnerability +type Issue struct { + state protoimpl.MessageState `protogen:"opaque.v1"` + xxx_hidden_Value string `protobuf:"bytes,1,opt,name=value,proto3"` + xxx_hidden_Severity string `protobuf:"bytes,2,opt,name=severity,proto3"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Issue) Reset() { + *x = Issue{} + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Issue) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Issue) ProtoMessage() {} + +func (x *Issue) ProtoReflect() protoreflect.Message { + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +func (x *Issue) GetValue() string { + if x != nil { + return x.xxx_hidden_Value + } + return "" +} + +func (x *Issue) GetSeverity() string { + if x != nil { + return x.xxx_hidden_Severity + } + return "" +} + +func (x *Issue) SetValue(v string) { + x.xxx_hidden_Value = v +} + +func (x *Issue) SetSeverity(v string) { + x.xxx_hidden_Severity = v +} + +type Issue_builder struct { + _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. + + // The issue description or severity (e.g., "Critical", "CVE-2024-1234") + Value string + Severity string +} + +func (b0 Issue_builder) Build() *Issue { + m0 := &Issue{} + b, x := &b0, m0 + _, _ = b, x + x.xxx_hidden_Value = b.Value + x.xxx_hidden_Severity = b.Severity + return m0 +} + // SecurityInsightTrait is the trait annotation for resources with TRAIT_SECURITY_INSIGHT. // It contains the metadata for the security insight including type, value, observation time, // and the target entity (user or resource) that this insight should be bound to. type SecurityInsightTrait struct { - state protoimpl.MessageState `protogen:"opaque.v1"` - xxx_hidden_InsightType string `protobuf:"bytes,1,opt,name=insight_type,json=insightType,proto3"` - xxx_hidden_Value string `protobuf:"bytes,2,opt,name=value,proto3"` - xxx_hidden_ObservedAt *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=observed_at,json=observedAt,proto3"` - xxx_hidden_Target isSecurityInsightTrait_Target `protobuf_oneof:"target"` + state protoimpl.MessageState `protogen:"opaque.v1"` + xxx_hidden_InsightType isSecurityInsightTrait_InsightType `protobuf_oneof:"insight_type"` + xxx_hidden_ObservedAt *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=observed_at,json=observedAt,proto3"` + xxx_hidden_Target isSecurityInsightTrait_Target `protobuf_oneof:"target"` unknownFields protoimpl.UnknownFields sizeCache protoimpl.SizeCache } func (x *SecurityInsightTrait) Reset() { *x = SecurityInsightTrait{} - mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[0] + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -51,7 +182,7 @@ func (x *SecurityInsightTrait) String() string { func (*SecurityInsightTrait) ProtoMessage() {} func (x *SecurityInsightTrait) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[0] + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[2] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -62,18 +193,22 @@ func (x *SecurityInsightTrait) ProtoReflect() protoreflect.Message { return mi.MessageOf(x) } -func (x *SecurityInsightTrait) GetInsightType() string { +func (x *SecurityInsightTrait) GetRiskScore() *RiskScore { if x != nil { - return x.xxx_hidden_InsightType + if x, ok := x.xxx_hidden_InsightType.(*securityInsightTrait_RiskScore); ok { + return x.RiskScore + } } - return "" + return nil } -func (x *SecurityInsightTrait) GetValue() string { +func (x *SecurityInsightTrait) GetIssue() *Issue { if x != nil { - return x.xxx_hidden_Value + if x, ok := x.xxx_hidden_InsightType.(*securityInsightTrait_Issue); ok { + return x.Issue + } } - return "" + return nil } func (x *SecurityInsightTrait) GetObservedAt() *timestamppb.Timestamp { @@ -110,12 +245,29 @@ func (x *SecurityInsightTrait) GetExternalResource() *SecurityInsightTrait_Exter return nil } -func (x *SecurityInsightTrait) SetInsightType(v string) { - x.xxx_hidden_InsightType = v +func (x *SecurityInsightTrait) GetAppUser() *SecurityInsightTrait_AppUserTarget { + if x != nil { + if x, ok := x.xxx_hidden_Target.(*securityInsightTrait_AppUser); ok { + return x.AppUser + } + } + return nil } -func (x *SecurityInsightTrait) SetValue(v string) { - x.xxx_hidden_Value = v +func (x *SecurityInsightTrait) SetRiskScore(v *RiskScore) { + if v == nil { + x.xxx_hidden_InsightType = nil + return + } + x.xxx_hidden_InsightType = &securityInsightTrait_RiskScore{v} +} + +func (x *SecurityInsightTrait) SetIssue(v *Issue) { + if v == nil { + x.xxx_hidden_InsightType = nil + return + } + x.xxx_hidden_InsightType = &securityInsightTrait_Issue{v} } func (x *SecurityInsightTrait) SetObservedAt(v *timestamppb.Timestamp) { @@ -146,6 +298,37 @@ func (x *SecurityInsightTrait) SetExternalResource(v *SecurityInsightTrait_Exter x.xxx_hidden_Target = &securityInsightTrait_ExternalResource{v} } +func (x *SecurityInsightTrait) SetAppUser(v *SecurityInsightTrait_AppUserTarget) { + if v == nil { + x.xxx_hidden_Target = nil + return + } + x.xxx_hidden_Target = &securityInsightTrait_AppUser{v} +} + +func (x *SecurityInsightTrait) HasInsightType() bool { + if x == nil { + return false + } + return x.xxx_hidden_InsightType != nil +} + +func (x *SecurityInsightTrait) HasRiskScore() bool { + if x == nil { + return false + } + _, ok := x.xxx_hidden_InsightType.(*securityInsightTrait_RiskScore) + return ok +} + +func (x *SecurityInsightTrait) HasIssue() bool { + if x == nil { + return false + } + _, ok := x.xxx_hidden_InsightType.(*securityInsightTrait_Issue) + return ok +} + func (x *SecurityInsightTrait) HasObservedAt() bool { if x == nil { return false @@ -184,6 +367,30 @@ func (x *SecurityInsightTrait) HasExternalResource() bool { return ok } +func (x *SecurityInsightTrait) HasAppUser() bool { + if x == nil { + return false + } + _, ok := x.xxx_hidden_Target.(*securityInsightTrait_AppUser) + return ok +} + +func (x *SecurityInsightTrait) ClearInsightType() { + x.xxx_hidden_InsightType = nil +} + +func (x *SecurityInsightTrait) ClearRiskScore() { + if _, ok := x.xxx_hidden_InsightType.(*securityInsightTrait_RiskScore); ok { + x.xxx_hidden_InsightType = nil + } +} + +func (x *SecurityInsightTrait) ClearIssue() { + if _, ok := x.xxx_hidden_InsightType.(*securityInsightTrait_Issue); ok { + x.xxx_hidden_InsightType = nil + } +} + func (x *SecurityInsightTrait) ClearObservedAt() { x.xxx_hidden_ObservedAt = nil } @@ -210,10 +417,35 @@ func (x *SecurityInsightTrait) ClearExternalResource() { } } +func (x *SecurityInsightTrait) ClearAppUser() { + if _, ok := x.xxx_hidden_Target.(*securityInsightTrait_AppUser); ok { + x.xxx_hidden_Target = nil + } +} + +const SecurityInsightTrait_InsightType_not_set_case case_SecurityInsightTrait_InsightType = 0 +const SecurityInsightTrait_RiskScore_case case_SecurityInsightTrait_InsightType = 1 +const SecurityInsightTrait_Issue_case case_SecurityInsightTrait_InsightType = 2 + +func (x *SecurityInsightTrait) WhichInsightType() case_SecurityInsightTrait_InsightType { + if x == nil { + return SecurityInsightTrait_InsightType_not_set_case + } + switch x.xxx_hidden_InsightType.(type) { + case *securityInsightTrait_RiskScore: + return SecurityInsightTrait_RiskScore_case + case *securityInsightTrait_Issue: + return SecurityInsightTrait_Issue_case + default: + return SecurityInsightTrait_InsightType_not_set_case + } +} + const SecurityInsightTrait_Target_not_set_case case_SecurityInsightTrait_Target = 0 const SecurityInsightTrait_User_case case_SecurityInsightTrait_Target = 4 const SecurityInsightTrait_ResourceId_case case_SecurityInsightTrait_Target = 5 const SecurityInsightTrait_ExternalResource_case case_SecurityInsightTrait_Target = 6 +const SecurityInsightTrait_AppUser_case case_SecurityInsightTrait_Target = 7 func (x *SecurityInsightTrait) WhichTarget() case_SecurityInsightTrait_Target { if x == nil { @@ -226,6 +458,8 @@ func (x *SecurityInsightTrait) WhichTarget() case_SecurityInsightTrait_Target { return SecurityInsightTrait_ResourceId_case case *securityInsightTrait_ExternalResource: return SecurityInsightTrait_ExternalResource_case + case *securityInsightTrait_AppUser: + return SecurityInsightTrait_AppUser_case default: return SecurityInsightTrait_Target_not_set_case } @@ -234,10 +468,12 @@ func (x *SecurityInsightTrait) WhichTarget() case_SecurityInsightTrait_Target { type SecurityInsightTrait_builder struct { _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. - // The type of insight (e.g., "crowdstrike_zta_score", "wiz_critical_vulnerability") - InsightType string - // The value of the insight (e.g., "85", "High", "Critical") - Value string + // The type and value of the insight + + // Fields of oneof xxx_hidden_InsightType: + RiskScore *RiskScore + Issue *Issue + // -- end of xxx_hidden_InsightType // When this insight was observed/captured from the source system ObservedAt *timestamppb.Timestamp // The target entity this insight should be bound to @@ -249,6 +485,8 @@ type SecurityInsightTrait_builder struct { ResourceId *ResourceId // For binding to an AppResource by external ID ExternalResource *SecurityInsightTrait_ExternalResourceTarget + // For binding to an AppUser by email address + AppUser *SecurityInsightTrait_AppUserTarget // -- end of xxx_hidden_Target } @@ -256,8 +494,12 @@ func (b0 SecurityInsightTrait_builder) Build() *SecurityInsightTrait { m0 := &SecurityInsightTrait{} b, x := &b0, m0 _, _ = b, x - x.xxx_hidden_InsightType = b.InsightType - x.xxx_hidden_Value = b.Value + if b.RiskScore != nil { + x.xxx_hidden_InsightType = &securityInsightTrait_RiskScore{b.RiskScore} + } + if b.Issue != nil { + x.xxx_hidden_InsightType = &securityInsightTrait_Issue{b.Issue} + } x.xxx_hidden_ObservedAt = b.ObservedAt if b.User != nil { x.xxx_hidden_Target = &securityInsightTrait_User{b.User} @@ -268,19 +510,48 @@ func (b0 SecurityInsightTrait_builder) Build() *SecurityInsightTrait { if b.ExternalResource != nil { x.xxx_hidden_Target = &securityInsightTrait_ExternalResource{b.ExternalResource} } + if b.AppUser != nil { + x.xxx_hidden_Target = &securityInsightTrait_AppUser{b.AppUser} + } return m0 } +type case_SecurityInsightTrait_InsightType protoreflect.FieldNumber + +func (x case_SecurityInsightTrait_InsightType) String() string { + md := file_c1_connector_v2_annotation_security_insight_proto_msgTypes[2].Descriptor() + if x == 0 { + return "not set" + } + return protoimpl.X.MessageFieldStringOf(md, protoreflect.FieldNumber(x)) +} + type case_SecurityInsightTrait_Target protoreflect.FieldNumber func (x case_SecurityInsightTrait_Target) String() string { - md := file_c1_connector_v2_annotation_security_insight_proto_msgTypes[0].Descriptor() + md := file_c1_connector_v2_annotation_security_insight_proto_msgTypes[2].Descriptor() if x == 0 { return "not set" } return protoimpl.X.MessageFieldStringOf(md, protoreflect.FieldNumber(x)) } +type isSecurityInsightTrait_InsightType interface { + isSecurityInsightTrait_InsightType() +} + +type securityInsightTrait_RiskScore struct { + RiskScore *RiskScore `protobuf:"bytes,1,opt,name=risk_score,json=riskScore,proto3,oneof"` +} + +type securityInsightTrait_Issue struct { + Issue *Issue `protobuf:"bytes,2,opt,name=issue,proto3,oneof"` +} + +func (*securityInsightTrait_RiskScore) isSecurityInsightTrait_InsightType() {} + +func (*securityInsightTrait_Issue) isSecurityInsightTrait_InsightType() {} + type isSecurityInsightTrait_Target interface { isSecurityInsightTrait_Target() } @@ -300,12 +571,19 @@ type securityInsightTrait_ExternalResource struct { ExternalResource *SecurityInsightTrait_ExternalResourceTarget `protobuf:"bytes,6,opt,name=external_resource,json=externalResource,proto3,oneof"` } +type securityInsightTrait_AppUser struct { + // For binding to an AppUser by email address + AppUser *SecurityInsightTrait_AppUserTarget `protobuf:"bytes,7,opt,name=app_user,json=appUser,proto3,oneof"` +} + func (*securityInsightTrait_User) isSecurityInsightTrait_Target() {} func (*securityInsightTrait_ResourceId) isSecurityInsightTrait_Target() {} func (*securityInsightTrait_ExternalResource) isSecurityInsightTrait_Target() {} +func (*securityInsightTrait_AppUser) isSecurityInsightTrait_Target() {} + // UserTarget identifies a user by email for resolution to a C1 User type SecurityInsightTrait_UserTarget struct { state protoimpl.MessageState `protogen:"opaque.v1"` @@ -316,7 +594,7 @@ type SecurityInsightTrait_UserTarget struct { func (x *SecurityInsightTrait_UserTarget) Reset() { *x = SecurityInsightTrait_UserTarget{} - mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[1] + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -328,7 +606,7 @@ func (x *SecurityInsightTrait_UserTarget) String() string { func (*SecurityInsightTrait_UserTarget) ProtoMessage() {} func (x *SecurityInsightTrait_UserTarget) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[1] + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[3] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -364,6 +642,79 @@ func (b0 SecurityInsightTrait_UserTarget_builder) Build() *SecurityInsightTrait_ return m0 } +// AppUserTarget identifies a user by email for resolution to an AppUser. +type SecurityInsightTrait_AppUserTarget struct { + state protoimpl.MessageState `protogen:"opaque.v1"` + xxx_hidden_Email string `protobuf:"bytes,1,opt,name=email,proto3"` + xxx_hidden_ExternalId string `protobuf:"bytes,2,opt,name=external_id,json=externalId,proto3"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *SecurityInsightTrait_AppUserTarget) Reset() { + *x = SecurityInsightTrait_AppUserTarget{} + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *SecurityInsightTrait_AppUserTarget) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SecurityInsightTrait_AppUserTarget) ProtoMessage() {} + +func (x *SecurityInsightTrait_AppUserTarget) ProtoReflect() protoreflect.Message { + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +func (x *SecurityInsightTrait_AppUserTarget) GetEmail() string { + if x != nil { + return x.xxx_hidden_Email + } + return "" +} + +func (x *SecurityInsightTrait_AppUserTarget) GetExternalId() string { + if x != nil { + return x.xxx_hidden_ExternalId + } + return "" +} + +func (x *SecurityInsightTrait_AppUserTarget) SetEmail(v string) { + x.xxx_hidden_Email = v +} + +func (x *SecurityInsightTrait_AppUserTarget) SetExternalId(v string) { + x.xxx_hidden_ExternalId = v +} + +type SecurityInsightTrait_AppUserTarget_builder struct { + _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. + + Email string + // The external identifier of the user (e.g., ID, GUID, etc.) + ExternalId string +} + +func (b0 SecurityInsightTrait_AppUserTarget_builder) Build() *SecurityInsightTrait_AppUserTarget { + m0 := &SecurityInsightTrait_AppUserTarget{} + b, x := &b0, m0 + _, _ = b, x + x.xxx_hidden_Email = b.Email + x.xxx_hidden_ExternalId = b.ExternalId + return m0 +} + // ExternalResourceTarget identifies a resource by external ID for resolution to an AppResource. // Use this when the connector doesn't sync the target resource itself. type SecurityInsightTrait_ExternalResourceTarget struct { @@ -376,7 +727,7 @@ type SecurityInsightTrait_ExternalResourceTarget struct { func (x *SecurityInsightTrait_ExternalResourceTarget) Reset() { *x = SecurityInsightTrait_ExternalResourceTarget{} - mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[2] + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -388,7 +739,7 @@ func (x *SecurityInsightTrait_ExternalResourceTarget) String() string { func (*SecurityInsightTrait_ExternalResourceTarget) ProtoMessage() {} func (x *SecurityInsightTrait_ExternalResourceTarget) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[2] + mi := &file_c1_connector_v2_annotation_security_insight_proto_msgTypes[5] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -443,46 +794,64 @@ var File_c1_connector_v2_annotation_security_insight_proto protoreflect.FileDesc const file_c1_connector_v2_annotation_security_insight_proto_rawDesc = "" + "\n" + - "1c1/connector/v2/annotation_security_insight.proto\x12\x0fc1.connector.v2\x1a\x1ec1/connector/v2/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17validate/validate.proto\"\xc9\x04\n" + - "\x14SecurityInsightTrait\x12-\n" + - "\finsight_type\x18\x01 \x01(\tB\n" + - "\xfaB\ar\x05 \x01(\x80\bR\vinsightType\x12 \n" + - "\x05value\x18\x02 \x01(\tB\n" + - "\xfaB\ar\x05 \x01(\x80\bR\x05value\x12;\n" + + "1c1/connector/v2/annotation_security_insight.proto\x12\x0fc1.connector.v2\x1a\x1ec1/connector/v2/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17validate/validate.proto\"!\n" + + "\tRiskScore\x12\x14\n" + + "\x05value\x18\x01 \x01(\tR\x05value\"E\n" + + "\x05Issue\x12\x14\n" + + "\x05value\x18\x01 \x01(\tR\x05value\x12&\n" + + "\bseverity\x18\x02 \x01(\tB\n" + + "\xfaB\ar\x05 \x00(\x80\bR\bseverity\"\xae\x06\n" + + "\x14SecurityInsightTrait\x12;\n" + + "\n" + + "risk_score\x18\x01 \x01(\v2\x1a.c1.connector.v2.RiskScoreH\x00R\triskScore\x12.\n" + + "\x05issue\x18\x02 \x01(\v2\x16.c1.connector.v2.IssueH\x00R\x05issue\x12;\n" + "\vobserved_at\x18\x03 \x01(\v2\x1a.google.protobuf.TimestampR\n" + "observedAt\x12F\n" + - "\x04user\x18\x04 \x01(\v20.c1.connector.v2.SecurityInsightTrait.UserTargetH\x00R\x04user\x12>\n" + - "\vresource_id\x18\x05 \x01(\v2\x1b.c1.connector.v2.ResourceIdH\x00R\n" + + "\x04user\x18\x04 \x01(\v20.c1.connector.v2.SecurityInsightTrait.UserTargetH\x01R\x04user\x12>\n" + + "\vresource_id\x18\x05 \x01(\v2\x1b.c1.connector.v2.ResourceIdH\x01R\n" + "resourceId\x12k\n" + - "\x11external_resource\x18\x06 \x01(\v2<.c1.connector.v2.SecurityInsightTrait.ExternalResourceTargetH\x00R\x10externalResource\x1a0\n" + + "\x11external_resource\x18\x06 \x01(\v2<.c1.connector.v2.SecurityInsightTrait.ExternalResourceTargetH\x01R\x10externalResource\x12P\n" + + "\bapp_user\x18\a \x01(\v23.c1.connector.v2.SecurityInsightTrait.AppUserTargetH\x01R\aappUser\x1a0\n" + "\n" + "UserTarget\x12\"\n" + - "\x05email\x18\x01 \x01(\tB\f\xfaB\tr\a \x01(\x80\b`\x01R\x05email\x1am\n" + + "\x05email\x18\x01 \x01(\tB\f\xfaB\tr\a \x01(\x80\b`\x01R\x05email\x1a`\n" + + "\rAppUserTarget\x12\"\n" + + "\x05email\x18\x01 \x01(\tB\f\xfaB\tr\a \x01(\x80\b`\x01R\x05email\x12+\n" + + "\vexternal_id\x18\x02 \x01(\tB\n" + + "\xfaB\ar\x05 \x01(\x80 R\n" + + "externalId\x1am\n" + "\x16ExternalResourceTarget\x12+\n" + "\vexternal_id\x18\x01 \x01(\tB\n" + "\xfaB\ar\x05 \x01(\x80 R\n" + "externalId\x12&\n" + - "\bapp_hint\x18\x02 \x01(\tB\v\xfaB\br\x06(\x80\b\xd0\x01\x01R\aappHintB\r\n" + + "\bapp_hint\x18\x02 \x01(\tB\v\xfaB\br\x06(\x80\b\xd0\x01\x01R\aappHintB\x13\n" + + "\finsight_type\x12\x03\xf8B\x01B\r\n" + "\x06target\x12\x03\xf8B\x01B6Z4github.com/conductorone/baton-sdk/pb/c1/connector/v2b\x06proto3" -var file_c1_connector_v2_annotation_security_insight_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_c1_connector_v2_annotation_security_insight_proto_msgTypes = make([]protoimpl.MessageInfo, 6) var file_c1_connector_v2_annotation_security_insight_proto_goTypes = []any{ - (*SecurityInsightTrait)(nil), // 0: c1.connector.v2.SecurityInsightTrait - (*SecurityInsightTrait_UserTarget)(nil), // 1: c1.connector.v2.SecurityInsightTrait.UserTarget - (*SecurityInsightTrait_ExternalResourceTarget)(nil), // 2: c1.connector.v2.SecurityInsightTrait.ExternalResourceTarget - (*timestamppb.Timestamp)(nil), // 3: google.protobuf.Timestamp - (*ResourceId)(nil), // 4: c1.connector.v2.ResourceId + (*RiskScore)(nil), // 0: c1.connector.v2.RiskScore + (*Issue)(nil), // 1: c1.connector.v2.Issue + (*SecurityInsightTrait)(nil), // 2: c1.connector.v2.SecurityInsightTrait + (*SecurityInsightTrait_UserTarget)(nil), // 3: c1.connector.v2.SecurityInsightTrait.UserTarget + (*SecurityInsightTrait_AppUserTarget)(nil), // 4: c1.connector.v2.SecurityInsightTrait.AppUserTarget + (*SecurityInsightTrait_ExternalResourceTarget)(nil), // 5: c1.connector.v2.SecurityInsightTrait.ExternalResourceTarget + (*timestamppb.Timestamp)(nil), // 6: google.protobuf.Timestamp + (*ResourceId)(nil), // 7: c1.connector.v2.ResourceId } var file_c1_connector_v2_annotation_security_insight_proto_depIdxs = []int32{ - 3, // 0: c1.connector.v2.SecurityInsightTrait.observed_at:type_name -> google.protobuf.Timestamp - 1, // 1: c1.connector.v2.SecurityInsightTrait.user:type_name -> c1.connector.v2.SecurityInsightTrait.UserTarget - 4, // 2: c1.connector.v2.SecurityInsightTrait.resource_id:type_name -> c1.connector.v2.ResourceId - 2, // 3: c1.connector.v2.SecurityInsightTrait.external_resource:type_name -> c1.connector.v2.SecurityInsightTrait.ExternalResourceTarget - 4, // [4:4] is the sub-list for method output_type - 4, // [4:4] is the sub-list for method input_type - 4, // [4:4] is the sub-list for extension type_name - 4, // [4:4] is the sub-list for extension extendee - 0, // [0:4] is the sub-list for field type_name + 0, // 0: c1.connector.v2.SecurityInsightTrait.risk_score:type_name -> c1.connector.v2.RiskScore + 1, // 1: c1.connector.v2.SecurityInsightTrait.issue:type_name -> c1.connector.v2.Issue + 6, // 2: c1.connector.v2.SecurityInsightTrait.observed_at:type_name -> google.protobuf.Timestamp + 3, // 3: c1.connector.v2.SecurityInsightTrait.user:type_name -> c1.connector.v2.SecurityInsightTrait.UserTarget + 7, // 4: c1.connector.v2.SecurityInsightTrait.resource_id:type_name -> c1.connector.v2.ResourceId + 5, // 5: c1.connector.v2.SecurityInsightTrait.external_resource:type_name -> c1.connector.v2.SecurityInsightTrait.ExternalResourceTarget + 4, // 6: c1.connector.v2.SecurityInsightTrait.app_user:type_name -> c1.connector.v2.SecurityInsightTrait.AppUserTarget + 7, // [7:7] is the sub-list for method output_type + 7, // [7:7] is the sub-list for method input_type + 7, // [7:7] is the sub-list for extension type_name + 7, // [7:7] is the sub-list for extension extendee + 0, // [0:7] is the sub-list for field type_name } func init() { file_c1_connector_v2_annotation_security_insight_proto_init() } @@ -491,10 +860,13 @@ func file_c1_connector_v2_annotation_security_insight_proto_init() { return } file_c1_connector_v2_resource_proto_init() - file_c1_connector_v2_annotation_security_insight_proto_msgTypes[0].OneofWrappers = []any{ + file_c1_connector_v2_annotation_security_insight_proto_msgTypes[2].OneofWrappers = []any{ + (*securityInsightTrait_RiskScore)(nil), + (*securityInsightTrait_Issue)(nil), (*securityInsightTrait_User)(nil), (*securityInsightTrait_ResourceId)(nil), (*securityInsightTrait_ExternalResource)(nil), + (*securityInsightTrait_AppUser)(nil), } type x struct{} out := protoimpl.TypeBuilder{ @@ -502,7 +874,7 @@ func file_c1_connector_v2_annotation_security_insight_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_c1_connector_v2_annotation_security_insight_proto_rawDesc), len(file_c1_connector_v2_annotation_security_insight_proto_rawDesc)), NumEnums: 0, - NumMessages: 3, + NumMessages: 6, NumExtensions: 0, NumServices: 0, }, diff --git a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_trait.pb.go b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_trait.pb.go index 7b79389a..8a50448f 100644 --- a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_trait.pb.go +++ b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_trait.pb.go @@ -583,10 +583,11 @@ func (b0 GroupTrait_builder) Build() *GroupTrait { } type RoleTrait struct { - state protoimpl.MessageState `protogen:"hybrid.v1"` - Profile *structpb.Struct `protobuf:"bytes,1,opt,name=profile,proto3" json:"profile,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"hybrid.v1"` + Profile *structpb.Struct `protobuf:"bytes,1,opt,name=profile,proto3" json:"profile,omitempty"` + RoleScopeConditions *RoleScopeConditions `protobuf:"bytes,2,opt,name=role_scope_conditions,json=roleScopeConditions,proto3" json:"role_scope_conditions,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *RoleTrait) Reset() { @@ -621,10 +622,21 @@ func (x *RoleTrait) GetProfile() *structpb.Struct { return nil } +func (x *RoleTrait) GetRoleScopeConditions() *RoleScopeConditions { + if x != nil { + return x.RoleScopeConditions + } + return nil +} + func (x *RoleTrait) SetProfile(v *structpb.Struct) { x.Profile = v } +func (x *RoleTrait) SetRoleScopeConditions(v *RoleScopeConditions) { + x.RoleScopeConditions = v +} + func (x *RoleTrait) HasProfile() bool { if x == nil { return false @@ -632,14 +644,26 @@ func (x *RoleTrait) HasProfile() bool { return x.Profile != nil } +func (x *RoleTrait) HasRoleScopeConditions() bool { + if x == nil { + return false + } + return x.RoleScopeConditions != nil +} + func (x *RoleTrait) ClearProfile() { x.Profile = nil } +func (x *RoleTrait) ClearRoleScopeConditions() { + x.RoleScopeConditions = nil +} + type RoleTrait_builder struct { _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. - Profile *structpb.Struct + Profile *structpb.Struct + RoleScopeConditions *RoleScopeConditions } func (b0 RoleTrait_builder) Build() *RoleTrait { @@ -647,6 +671,234 @@ func (b0 RoleTrait_builder) Build() *RoleTrait { b, x := &b0, m0 _, _ = b, x x.Profile = b.Profile + x.RoleScopeConditions = b.RoleScopeConditions + return m0 +} + +type RoleScopeConditions struct { + state protoimpl.MessageState `protogen:"hybrid.v1"` + Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` + Conditions []*RoleScopeCondition `protobuf:"bytes,3,rep,name=conditions,proto3" json:"conditions,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *RoleScopeConditions) Reset() { + *x = RoleScopeConditions{} + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *RoleScopeConditions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RoleScopeConditions) ProtoMessage() {} + +func (x *RoleScopeConditions) ProtoReflect() protoreflect.Message { + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +func (x *RoleScopeConditions) GetType() string { + if x != nil { + return x.Type + } + return "" +} + +func (x *RoleScopeConditions) GetConditions() []*RoleScopeCondition { + if x != nil { + return x.Conditions + } + return nil +} + +func (x *RoleScopeConditions) SetType(v string) { + x.Type = v +} + +func (x *RoleScopeConditions) SetConditions(v []*RoleScopeCondition) { + x.Conditions = v +} + +type RoleScopeConditions_builder struct { + _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. + + Type string + Conditions []*RoleScopeCondition +} + +func (b0 RoleScopeConditions_builder) Build() *RoleScopeConditions { + m0 := &RoleScopeConditions{} + b, x := &b0, m0 + _, _ = b, x + x.Type = b.Type + x.Conditions = b.Conditions + return m0 +} + +type RoleScopeCondition struct { + state protoimpl.MessageState `protogen:"hybrid.v1"` + Expression string `protobuf:"bytes,1,opt,name=expression,proto3" json:"expression,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *RoleScopeCondition) Reset() { + *x = RoleScopeCondition{} + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *RoleScopeCondition) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RoleScopeCondition) ProtoMessage() {} + +func (x *RoleScopeCondition) ProtoReflect() protoreflect.Message { + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +func (x *RoleScopeCondition) GetExpression() string { + if x != nil { + return x.Expression + } + return "" +} + +func (x *RoleScopeCondition) SetExpression(v string) { + x.Expression = v +} + +type RoleScopeCondition_builder struct { + _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. + + Expression string +} + +func (b0 RoleScopeCondition_builder) Build() *RoleScopeCondition { + m0 := &RoleScopeCondition{} + b, x := &b0, m0 + _, _ = b, x + x.Expression = b.Expression + return m0 +} + +// ScopeBindingTrait is used to scope a role to a resource or set of resources. +// The scope may be static (determined at crawl time) or dynamic (determined based on conditions). +// For example, in Azure a role definition can be scoped to a subscription, management group, or resource group. +// In that case, the role ID would be the resource ID of the role definition, and the scope resource ID would be the resource ID of the subscription, management group, or resource group. +type ScopeBindingTrait struct { + state protoimpl.MessageState `protogen:"hybrid.v1"` + RoleId *ResourceId `protobuf:"bytes,1,opt,name=role_id,json=roleId,proto3" json:"role_id,omitempty"` // The role that is scoped. Must be a resource with the role trait. + // Remove required if we add more ways to scope roles. (eg: Expressions.) + ScopeResourceId *ResourceId `protobuf:"bytes,2,opt,name=scope_resource_id,json=scopeResourceId,proto3" json:"scope_resource_id,omitempty"` // The resource that the role is scoped to. + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ScopeBindingTrait) Reset() { + *x = ScopeBindingTrait{} + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ScopeBindingTrait) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ScopeBindingTrait) ProtoMessage() {} + +func (x *ScopeBindingTrait) ProtoReflect() protoreflect.Message { + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +func (x *ScopeBindingTrait) GetRoleId() *ResourceId { + if x != nil { + return x.RoleId + } + return nil +} + +func (x *ScopeBindingTrait) GetScopeResourceId() *ResourceId { + if x != nil { + return x.ScopeResourceId + } + return nil +} + +func (x *ScopeBindingTrait) SetRoleId(v *ResourceId) { + x.RoleId = v +} + +func (x *ScopeBindingTrait) SetScopeResourceId(v *ResourceId) { + x.ScopeResourceId = v +} + +func (x *ScopeBindingTrait) HasRoleId() bool { + if x == nil { + return false + } + return x.RoleId != nil +} + +func (x *ScopeBindingTrait) HasScopeResourceId() bool { + if x == nil { + return false + } + return x.ScopeResourceId != nil +} + +func (x *ScopeBindingTrait) ClearRoleId() { + x.RoleId = nil +} + +func (x *ScopeBindingTrait) ClearScopeResourceId() { + x.ScopeResourceId = nil +} + +type ScopeBindingTrait_builder struct { + _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. + + RoleId *ResourceId + // Remove required if we add more ways to scope roles. (eg: Expressions.) + ScopeResourceId *ResourceId +} + +func (b0 ScopeBindingTrait_builder) Build() *ScopeBindingTrait { + m0 := &ScopeBindingTrait{} + b, x := &b0, m0 + _, _ = b, x + x.RoleId = b.RoleId + x.ScopeResourceId = b.ScopeResourceId return m0 } @@ -663,7 +915,7 @@ type AppTrait struct { func (x *AppTrait) Reset() { *x = AppTrait{} - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[3] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -675,7 +927,7 @@ func (x *AppTrait) String() string { func (*AppTrait) ProtoMessage() {} func (x *AppTrait) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[3] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[6] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -810,7 +1062,7 @@ type SecretTrait struct { func (x *SecretTrait) Reset() { *x = SecretTrait{} - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[4] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -822,7 +1074,7 @@ func (x *SecretTrait) String() string { func (*SecretTrait) ProtoMessage() {} func (x *SecretTrait) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[4] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[7] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1000,7 +1252,7 @@ type UserTrait_Email struct { func (x *UserTrait_Email) Reset() { *x = UserTrait_Email{} - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[5] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1012,7 +1264,7 @@ func (x *UserTrait_Email) String() string { func (*UserTrait_Email) ProtoMessage() {} func (x *UserTrait_Email) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[5] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[8] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1072,7 +1324,7 @@ type UserTrait_Status struct { func (x *UserTrait_Status) Reset() { *x = UserTrait_Status{} - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[6] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1084,7 +1336,7 @@ func (x *UserTrait_Status) String() string { func (*UserTrait_Status) ProtoMessage() {} func (x *UserTrait_Status) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[6] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[9] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1142,7 +1394,7 @@ type UserTrait_MFAStatus struct { func (x *UserTrait_MFAStatus) Reset() { *x = UserTrait_MFAStatus{} - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[7] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1154,7 +1406,7 @@ func (x *UserTrait_MFAStatus) String() string { func (*UserTrait_MFAStatus) ProtoMessage() {} func (x *UserTrait_MFAStatus) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[7] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[10] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1199,7 +1451,7 @@ type UserTrait_SSOStatus struct { func (x *UserTrait_SSOStatus) Reset() { *x = UserTrait_SSOStatus{} - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[8] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1211,7 +1463,7 @@ func (x *UserTrait_SSOStatus) String() string { func (*UserTrait_SSOStatus) ProtoMessage() {} func (x *UserTrait_SSOStatus) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[8] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[11] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1260,7 +1512,7 @@ type UserTrait_StructuredName struct { func (x *UserTrait_StructuredName) Reset() { *x = UserTrait_StructuredName{} - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[9] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1272,7 +1524,7 @@ func (x *UserTrait_StructuredName) String() string { func (*UserTrait_StructuredName) ProtoMessage() {} func (x *UserTrait_StructuredName) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[9] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[12] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1419,9 +1671,22 @@ const file_c1_connector_v2_annotation_trait_proto_rawDesc = "" + "\n" + "GroupTrait\x12-\n" + "\x04icon\x18\x01 \x01(\v2\x19.c1.connector.v2.AssetRefR\x04icon\x121\n" + - "\aprofile\x18\x02 \x01(\v2\x17.google.protobuf.StructR\aprofile\">\n" + + "\aprofile\x18\x02 \x01(\v2\x17.google.protobuf.StructR\aprofile\"\x98\x01\n" + "\tRoleTrait\x121\n" + - "\aprofile\x18\x01 \x01(\v2\x17.google.protobuf.StructR\aprofile\"\x9a\x03\n" + + "\aprofile\x18\x01 \x01(\v2\x17.google.protobuf.StructR\aprofile\x12X\n" + + "\x15role_scope_conditions\x18\x02 \x01(\v2$.c1.connector.v2.RoleScopeConditionsR\x13roleScopeConditions\"n\n" + + "\x13RoleScopeConditions\x12\x12\n" + + "\x04type\x18\x01 \x01(\tR\x04type\x12C\n" + + "\n" + + "conditions\x18\x03 \x03(\v2#.c1.connector.v2.RoleScopeConditionR\n" + + "conditions\"4\n" + + "\x12RoleScopeCondition\x12\x1e\n" + + "\n" + + "expression\x18\x01 \x01(\tR\n" + + "expression\"\xa6\x01\n" + + "\x11ScopeBindingTrait\x12>\n" + + "\arole_id\x18\x01 \x01(\v2\x1b.c1.connector.v2.ResourceIdB\b\xfaB\x05\x8a\x01\x02\x10\x01R\x06roleId\x12Q\n" + + "\x11scope_resource_id\x18\x02 \x01(\v2\x1b.c1.connector.v2.ResourceIdB\b\xfaB\x05\x8a\x01\x02\x10\x01R\x0fscopeResourceId\"\x9a\x03\n" + "\bAppTrait\x125\n" + "\bhelp_url\x18\x01 \x01(\tB\x1a\xfaB\x17r\x15 \x01(\x80\b:\bhttps://\xd0\x01\x01\x88\x01\x01R\ahelpUrl\x12-\n" + "\x04icon\x18\x02 \x01(\v2\x19.c1.connector.v2.AssetRefR\x04icon\x12-\n" + @@ -1448,7 +1713,7 @@ const file_c1_connector_v2_annotation_trait_proto_rawDesc = "" + "identityIdB6Z4github.com/conductorone/baton-sdk/pb/c1/connector/v2b\x06proto3" var file_c1_connector_v2_annotation_trait_proto_enumTypes = make([]protoimpl.EnumInfo, 3) -var file_c1_connector_v2_annotation_trait_proto_msgTypes = make([]protoimpl.MessageInfo, 10) +var file_c1_connector_v2_annotation_trait_proto_msgTypes = make([]protoimpl.MessageInfo, 13) var file_c1_connector_v2_annotation_trait_proto_goTypes = []any{ (UserTrait_AccountType)(0), // 0: c1.connector.v2.UserTrait.AccountType (UserTrait_Status_Status)(0), // 1: c1.connector.v2.UserTrait.Status.Status @@ -1456,48 +1721,55 @@ var file_c1_connector_v2_annotation_trait_proto_goTypes = []any{ (*UserTrait)(nil), // 3: c1.connector.v2.UserTrait (*GroupTrait)(nil), // 4: c1.connector.v2.GroupTrait (*RoleTrait)(nil), // 5: c1.connector.v2.RoleTrait - (*AppTrait)(nil), // 6: c1.connector.v2.AppTrait - (*SecretTrait)(nil), // 7: c1.connector.v2.SecretTrait - (*UserTrait_Email)(nil), // 8: c1.connector.v2.UserTrait.Email - (*UserTrait_Status)(nil), // 9: c1.connector.v2.UserTrait.Status - (*UserTrait_MFAStatus)(nil), // 10: c1.connector.v2.UserTrait.MFAStatus - (*UserTrait_SSOStatus)(nil), // 11: c1.connector.v2.UserTrait.SSOStatus - (*UserTrait_StructuredName)(nil), // 12: c1.connector.v2.UserTrait.StructuredName - (*structpb.Struct)(nil), // 13: google.protobuf.Struct - (*AssetRef)(nil), // 14: c1.connector.v2.AssetRef - (*timestamppb.Timestamp)(nil), // 15: google.protobuf.Timestamp - (*ResourceId)(nil), // 16: c1.connector.v2.ResourceId + (*RoleScopeConditions)(nil), // 6: c1.connector.v2.RoleScopeConditions + (*RoleScopeCondition)(nil), // 7: c1.connector.v2.RoleScopeCondition + (*ScopeBindingTrait)(nil), // 8: c1.connector.v2.ScopeBindingTrait + (*AppTrait)(nil), // 9: c1.connector.v2.AppTrait + (*SecretTrait)(nil), // 10: c1.connector.v2.SecretTrait + (*UserTrait_Email)(nil), // 11: c1.connector.v2.UserTrait.Email + (*UserTrait_Status)(nil), // 12: c1.connector.v2.UserTrait.Status + (*UserTrait_MFAStatus)(nil), // 13: c1.connector.v2.UserTrait.MFAStatus + (*UserTrait_SSOStatus)(nil), // 14: c1.connector.v2.UserTrait.SSOStatus + (*UserTrait_StructuredName)(nil), // 15: c1.connector.v2.UserTrait.StructuredName + (*structpb.Struct)(nil), // 16: google.protobuf.Struct + (*AssetRef)(nil), // 17: c1.connector.v2.AssetRef + (*timestamppb.Timestamp)(nil), // 18: google.protobuf.Timestamp + (*ResourceId)(nil), // 19: c1.connector.v2.ResourceId } var file_c1_connector_v2_annotation_trait_proto_depIdxs = []int32{ - 8, // 0: c1.connector.v2.UserTrait.emails:type_name -> c1.connector.v2.UserTrait.Email - 9, // 1: c1.connector.v2.UserTrait.status:type_name -> c1.connector.v2.UserTrait.Status - 13, // 2: c1.connector.v2.UserTrait.profile:type_name -> google.protobuf.Struct - 14, // 3: c1.connector.v2.UserTrait.icon:type_name -> c1.connector.v2.AssetRef + 11, // 0: c1.connector.v2.UserTrait.emails:type_name -> c1.connector.v2.UserTrait.Email + 12, // 1: c1.connector.v2.UserTrait.status:type_name -> c1.connector.v2.UserTrait.Status + 16, // 2: c1.connector.v2.UserTrait.profile:type_name -> google.protobuf.Struct + 17, // 3: c1.connector.v2.UserTrait.icon:type_name -> c1.connector.v2.AssetRef 0, // 4: c1.connector.v2.UserTrait.account_type:type_name -> c1.connector.v2.UserTrait.AccountType - 15, // 5: c1.connector.v2.UserTrait.created_at:type_name -> google.protobuf.Timestamp - 15, // 6: c1.connector.v2.UserTrait.last_login:type_name -> google.protobuf.Timestamp - 10, // 7: c1.connector.v2.UserTrait.mfa_status:type_name -> c1.connector.v2.UserTrait.MFAStatus - 11, // 8: c1.connector.v2.UserTrait.sso_status:type_name -> c1.connector.v2.UserTrait.SSOStatus - 12, // 9: c1.connector.v2.UserTrait.structured_name:type_name -> c1.connector.v2.UserTrait.StructuredName - 14, // 10: c1.connector.v2.GroupTrait.icon:type_name -> c1.connector.v2.AssetRef - 13, // 11: c1.connector.v2.GroupTrait.profile:type_name -> google.protobuf.Struct - 13, // 12: c1.connector.v2.RoleTrait.profile:type_name -> google.protobuf.Struct - 14, // 13: c1.connector.v2.AppTrait.icon:type_name -> c1.connector.v2.AssetRef - 14, // 14: c1.connector.v2.AppTrait.logo:type_name -> c1.connector.v2.AssetRef - 13, // 15: c1.connector.v2.AppTrait.profile:type_name -> google.protobuf.Struct - 2, // 16: c1.connector.v2.AppTrait.flags:type_name -> c1.connector.v2.AppTrait.AppFlag - 13, // 17: c1.connector.v2.SecretTrait.profile:type_name -> google.protobuf.Struct - 15, // 18: c1.connector.v2.SecretTrait.created_at:type_name -> google.protobuf.Timestamp - 15, // 19: c1.connector.v2.SecretTrait.expires_at:type_name -> google.protobuf.Timestamp - 15, // 20: c1.connector.v2.SecretTrait.last_used_at:type_name -> google.protobuf.Timestamp - 16, // 21: c1.connector.v2.SecretTrait.created_by_id:type_name -> c1.connector.v2.ResourceId - 16, // 22: c1.connector.v2.SecretTrait.identity_id:type_name -> c1.connector.v2.ResourceId - 1, // 23: c1.connector.v2.UserTrait.Status.status:type_name -> c1.connector.v2.UserTrait.Status.Status - 24, // [24:24] is the sub-list for method output_type - 24, // [24:24] is the sub-list for method input_type - 24, // [24:24] is the sub-list for extension type_name - 24, // [24:24] is the sub-list for extension extendee - 0, // [0:24] is the sub-list for field type_name + 18, // 5: c1.connector.v2.UserTrait.created_at:type_name -> google.protobuf.Timestamp + 18, // 6: c1.connector.v2.UserTrait.last_login:type_name -> google.protobuf.Timestamp + 13, // 7: c1.connector.v2.UserTrait.mfa_status:type_name -> c1.connector.v2.UserTrait.MFAStatus + 14, // 8: c1.connector.v2.UserTrait.sso_status:type_name -> c1.connector.v2.UserTrait.SSOStatus + 15, // 9: c1.connector.v2.UserTrait.structured_name:type_name -> c1.connector.v2.UserTrait.StructuredName + 17, // 10: c1.connector.v2.GroupTrait.icon:type_name -> c1.connector.v2.AssetRef + 16, // 11: c1.connector.v2.GroupTrait.profile:type_name -> google.protobuf.Struct + 16, // 12: c1.connector.v2.RoleTrait.profile:type_name -> google.protobuf.Struct + 6, // 13: c1.connector.v2.RoleTrait.role_scope_conditions:type_name -> c1.connector.v2.RoleScopeConditions + 7, // 14: c1.connector.v2.RoleScopeConditions.conditions:type_name -> c1.connector.v2.RoleScopeCondition + 19, // 15: c1.connector.v2.ScopeBindingTrait.role_id:type_name -> c1.connector.v2.ResourceId + 19, // 16: c1.connector.v2.ScopeBindingTrait.scope_resource_id:type_name -> c1.connector.v2.ResourceId + 17, // 17: c1.connector.v2.AppTrait.icon:type_name -> c1.connector.v2.AssetRef + 17, // 18: c1.connector.v2.AppTrait.logo:type_name -> c1.connector.v2.AssetRef + 16, // 19: c1.connector.v2.AppTrait.profile:type_name -> google.protobuf.Struct + 2, // 20: c1.connector.v2.AppTrait.flags:type_name -> c1.connector.v2.AppTrait.AppFlag + 16, // 21: c1.connector.v2.SecretTrait.profile:type_name -> google.protobuf.Struct + 18, // 22: c1.connector.v2.SecretTrait.created_at:type_name -> google.protobuf.Timestamp + 18, // 23: c1.connector.v2.SecretTrait.expires_at:type_name -> google.protobuf.Timestamp + 18, // 24: c1.connector.v2.SecretTrait.last_used_at:type_name -> google.protobuf.Timestamp + 19, // 25: c1.connector.v2.SecretTrait.created_by_id:type_name -> c1.connector.v2.ResourceId + 19, // 26: c1.connector.v2.SecretTrait.identity_id:type_name -> c1.connector.v2.ResourceId + 1, // 27: c1.connector.v2.UserTrait.Status.status:type_name -> c1.connector.v2.UserTrait.Status.Status + 28, // [28:28] is the sub-list for method output_type + 28, // [28:28] is the sub-list for method input_type + 28, // [28:28] is the sub-list for extension type_name + 28, // [28:28] is the sub-list for extension extendee + 0, // [0:28] is the sub-list for field type_name } func init() { file_c1_connector_v2_annotation_trait_proto_init() } @@ -1513,7 +1785,7 @@ func file_c1_connector_v2_annotation_trait_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_c1_connector_v2_annotation_trait_proto_rawDesc), len(file_c1_connector_v2_annotation_trait_proto_rawDesc)), NumEnums: 3, - NumMessages: 10, + NumMessages: 13, NumExtensions: 0, NumServices: 0, }, diff --git a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_trait.pb.validate.go b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_trait.pb.validate.go index a0288dc3..c79b43ca 100644 --- a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_trait.pb.validate.go +++ b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_trait.pb.validate.go @@ -632,6 +632,35 @@ func (m *RoleTrait) validate(all bool) error { } } + if all { + switch v := interface{}(m.GetRoleScopeConditions()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, RoleTraitValidationError{ + field: "RoleScopeConditions", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, RoleTraitValidationError{ + field: "RoleScopeConditions", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetRoleScopeConditions()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return RoleTraitValidationError{ + field: "RoleScopeConditions", + reason: "embedded message failed validation", + cause: err, + } + } + } + if len(errors) > 0 { return RoleTraitMultiError(errors) } @@ -709,6 +738,430 @@ var _ interface { ErrorName() string } = RoleTraitValidationError{} +// Validate checks the field values on RoleScopeConditions with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *RoleScopeConditions) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on RoleScopeConditions with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// RoleScopeConditionsMultiError, or nil if none found. +func (m *RoleScopeConditions) ValidateAll() error { + return m.validate(true) +} + +func (m *RoleScopeConditions) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Type + + for idx, item := range m.GetConditions() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, RoleScopeConditionsValidationError{ + field: fmt.Sprintf("Conditions[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, RoleScopeConditionsValidationError{ + field: fmt.Sprintf("Conditions[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return RoleScopeConditionsValidationError{ + field: fmt.Sprintf("Conditions[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return RoleScopeConditionsMultiError(errors) + } + + return nil +} + +// RoleScopeConditionsMultiError is an error wrapping multiple validation +// errors returned by RoleScopeConditions.ValidateAll() if the designated +// constraints aren't met. +type RoleScopeConditionsMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m RoleScopeConditionsMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m RoleScopeConditionsMultiError) AllErrors() []error { return m } + +// RoleScopeConditionsValidationError is the validation error returned by +// RoleScopeConditions.Validate if the designated constraints aren't met. +type RoleScopeConditionsValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e RoleScopeConditionsValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e RoleScopeConditionsValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e RoleScopeConditionsValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e RoleScopeConditionsValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e RoleScopeConditionsValidationError) ErrorName() string { + return "RoleScopeConditionsValidationError" +} + +// Error satisfies the builtin error interface +func (e RoleScopeConditionsValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sRoleScopeConditions.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = RoleScopeConditionsValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = RoleScopeConditionsValidationError{} + +// Validate checks the field values on RoleScopeCondition with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *RoleScopeCondition) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on RoleScopeCondition with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// RoleScopeConditionMultiError, or nil if none found. +func (m *RoleScopeCondition) ValidateAll() error { + return m.validate(true) +} + +func (m *RoleScopeCondition) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Expression + + if len(errors) > 0 { + return RoleScopeConditionMultiError(errors) + } + + return nil +} + +// RoleScopeConditionMultiError is an error wrapping multiple validation errors +// returned by RoleScopeCondition.ValidateAll() if the designated constraints +// aren't met. +type RoleScopeConditionMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m RoleScopeConditionMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m RoleScopeConditionMultiError) AllErrors() []error { return m } + +// RoleScopeConditionValidationError is the validation error returned by +// RoleScopeCondition.Validate if the designated constraints aren't met. +type RoleScopeConditionValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e RoleScopeConditionValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e RoleScopeConditionValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e RoleScopeConditionValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e RoleScopeConditionValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e RoleScopeConditionValidationError) ErrorName() string { + return "RoleScopeConditionValidationError" +} + +// Error satisfies the builtin error interface +func (e RoleScopeConditionValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sRoleScopeCondition.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = RoleScopeConditionValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = RoleScopeConditionValidationError{} + +// Validate checks the field values on ScopeBindingTrait with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *ScopeBindingTrait) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on ScopeBindingTrait with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// ScopeBindingTraitMultiError, or nil if none found. +func (m *ScopeBindingTrait) ValidateAll() error { + return m.validate(true) +} + +func (m *ScopeBindingTrait) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if m.GetRoleId() == nil { + err := ScopeBindingTraitValidationError{ + field: "RoleId", + reason: "value is required", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetRoleId()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ScopeBindingTraitValidationError{ + field: "RoleId", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ScopeBindingTraitValidationError{ + field: "RoleId", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetRoleId()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ScopeBindingTraitValidationError{ + field: "RoleId", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if m.GetScopeResourceId() == nil { + err := ScopeBindingTraitValidationError{ + field: "ScopeResourceId", + reason: "value is required", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetScopeResourceId()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ScopeBindingTraitValidationError{ + field: "ScopeResourceId", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ScopeBindingTraitValidationError{ + field: "ScopeResourceId", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetScopeResourceId()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ScopeBindingTraitValidationError{ + field: "ScopeResourceId", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return ScopeBindingTraitMultiError(errors) + } + + return nil +} + +// ScopeBindingTraitMultiError is an error wrapping multiple validation errors +// returned by ScopeBindingTrait.ValidateAll() if the designated constraints +// aren't met. +type ScopeBindingTraitMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m ScopeBindingTraitMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m ScopeBindingTraitMultiError) AllErrors() []error { return m } + +// ScopeBindingTraitValidationError is the validation error returned by +// ScopeBindingTrait.Validate if the designated constraints aren't met. +type ScopeBindingTraitValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e ScopeBindingTraitValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e ScopeBindingTraitValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e ScopeBindingTraitValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e ScopeBindingTraitValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e ScopeBindingTraitValidationError) ErrorName() string { + return "ScopeBindingTraitValidationError" +} + +// Error satisfies the builtin error interface +func (e ScopeBindingTraitValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sScopeBindingTrait.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = ScopeBindingTraitValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = ScopeBindingTraitValidationError{} + // Validate checks the field values on AppTrait with the rules defined in the // proto definition for this message. If any rules are violated, the first // error encountered is returned, or nil if there are no violations. diff --git a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_trait_protoopaque.pb.go b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_trait_protoopaque.pb.go index c7a4531b..db2e7db8 100644 --- a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_trait_protoopaque.pb.go +++ b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/annotation_trait_protoopaque.pb.go @@ -583,10 +583,11 @@ func (b0 GroupTrait_builder) Build() *GroupTrait { } type RoleTrait struct { - state protoimpl.MessageState `protogen:"opaque.v1"` - xxx_hidden_Profile *structpb.Struct `protobuf:"bytes,1,opt,name=profile,proto3"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"opaque.v1"` + xxx_hidden_Profile *structpb.Struct `protobuf:"bytes,1,opt,name=profile,proto3"` + xxx_hidden_RoleScopeConditions *RoleScopeConditions `protobuf:"bytes,2,opt,name=role_scope_conditions,json=roleScopeConditions,proto3"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *RoleTrait) Reset() { @@ -621,10 +622,21 @@ func (x *RoleTrait) GetProfile() *structpb.Struct { return nil } +func (x *RoleTrait) GetRoleScopeConditions() *RoleScopeConditions { + if x != nil { + return x.xxx_hidden_RoleScopeConditions + } + return nil +} + func (x *RoleTrait) SetProfile(v *structpb.Struct) { x.xxx_hidden_Profile = v } +func (x *RoleTrait) SetRoleScopeConditions(v *RoleScopeConditions) { + x.xxx_hidden_RoleScopeConditions = v +} + func (x *RoleTrait) HasProfile() bool { if x == nil { return false @@ -632,14 +644,26 @@ func (x *RoleTrait) HasProfile() bool { return x.xxx_hidden_Profile != nil } +func (x *RoleTrait) HasRoleScopeConditions() bool { + if x == nil { + return false + } + return x.xxx_hidden_RoleScopeConditions != nil +} + func (x *RoleTrait) ClearProfile() { x.xxx_hidden_Profile = nil } +func (x *RoleTrait) ClearRoleScopeConditions() { + x.xxx_hidden_RoleScopeConditions = nil +} + type RoleTrait_builder struct { _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. - Profile *structpb.Struct + Profile *structpb.Struct + RoleScopeConditions *RoleScopeConditions } func (b0 RoleTrait_builder) Build() *RoleTrait { @@ -647,6 +671,235 @@ func (b0 RoleTrait_builder) Build() *RoleTrait { b, x := &b0, m0 _, _ = b, x x.xxx_hidden_Profile = b.Profile + x.xxx_hidden_RoleScopeConditions = b.RoleScopeConditions + return m0 +} + +type RoleScopeConditions struct { + state protoimpl.MessageState `protogen:"opaque.v1"` + xxx_hidden_Type string `protobuf:"bytes,1,opt,name=type,proto3"` + xxx_hidden_Conditions *[]*RoleScopeCondition `protobuf:"bytes,3,rep,name=conditions,proto3"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *RoleScopeConditions) Reset() { + *x = RoleScopeConditions{} + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *RoleScopeConditions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RoleScopeConditions) ProtoMessage() {} + +func (x *RoleScopeConditions) ProtoReflect() protoreflect.Message { + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +func (x *RoleScopeConditions) GetType() string { + if x != nil { + return x.xxx_hidden_Type + } + return "" +} + +func (x *RoleScopeConditions) GetConditions() []*RoleScopeCondition { + if x != nil { + if x.xxx_hidden_Conditions != nil { + return *x.xxx_hidden_Conditions + } + } + return nil +} + +func (x *RoleScopeConditions) SetType(v string) { + x.xxx_hidden_Type = v +} + +func (x *RoleScopeConditions) SetConditions(v []*RoleScopeCondition) { + x.xxx_hidden_Conditions = &v +} + +type RoleScopeConditions_builder struct { + _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. + + Type string + Conditions []*RoleScopeCondition +} + +func (b0 RoleScopeConditions_builder) Build() *RoleScopeConditions { + m0 := &RoleScopeConditions{} + b, x := &b0, m0 + _, _ = b, x + x.xxx_hidden_Type = b.Type + x.xxx_hidden_Conditions = &b.Conditions + return m0 +} + +type RoleScopeCondition struct { + state protoimpl.MessageState `protogen:"opaque.v1"` + xxx_hidden_Expression string `protobuf:"bytes,1,opt,name=expression,proto3"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *RoleScopeCondition) Reset() { + *x = RoleScopeCondition{} + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *RoleScopeCondition) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RoleScopeCondition) ProtoMessage() {} + +func (x *RoleScopeCondition) ProtoReflect() protoreflect.Message { + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +func (x *RoleScopeCondition) GetExpression() string { + if x != nil { + return x.xxx_hidden_Expression + } + return "" +} + +func (x *RoleScopeCondition) SetExpression(v string) { + x.xxx_hidden_Expression = v +} + +type RoleScopeCondition_builder struct { + _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. + + Expression string +} + +func (b0 RoleScopeCondition_builder) Build() *RoleScopeCondition { + m0 := &RoleScopeCondition{} + b, x := &b0, m0 + _, _ = b, x + x.xxx_hidden_Expression = b.Expression + return m0 +} + +// ScopeBindingTrait is used to scope a role to a resource or set of resources. +// The scope may be static (determined at crawl time) or dynamic (determined based on conditions). +// For example, in Azure a role definition can be scoped to a subscription, management group, or resource group. +// In that case, the role ID would be the resource ID of the role definition, and the scope resource ID would be the resource ID of the subscription, management group, or resource group. +type ScopeBindingTrait struct { + state protoimpl.MessageState `protogen:"opaque.v1"` + xxx_hidden_RoleId *ResourceId `protobuf:"bytes,1,opt,name=role_id,json=roleId,proto3"` + xxx_hidden_ScopeResourceId *ResourceId `protobuf:"bytes,2,opt,name=scope_resource_id,json=scopeResourceId,proto3"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ScopeBindingTrait) Reset() { + *x = ScopeBindingTrait{} + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ScopeBindingTrait) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ScopeBindingTrait) ProtoMessage() {} + +func (x *ScopeBindingTrait) ProtoReflect() protoreflect.Message { + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +func (x *ScopeBindingTrait) GetRoleId() *ResourceId { + if x != nil { + return x.xxx_hidden_RoleId + } + return nil +} + +func (x *ScopeBindingTrait) GetScopeResourceId() *ResourceId { + if x != nil { + return x.xxx_hidden_ScopeResourceId + } + return nil +} + +func (x *ScopeBindingTrait) SetRoleId(v *ResourceId) { + x.xxx_hidden_RoleId = v +} + +func (x *ScopeBindingTrait) SetScopeResourceId(v *ResourceId) { + x.xxx_hidden_ScopeResourceId = v +} + +func (x *ScopeBindingTrait) HasRoleId() bool { + if x == nil { + return false + } + return x.xxx_hidden_RoleId != nil +} + +func (x *ScopeBindingTrait) HasScopeResourceId() bool { + if x == nil { + return false + } + return x.xxx_hidden_ScopeResourceId != nil +} + +func (x *ScopeBindingTrait) ClearRoleId() { + x.xxx_hidden_RoleId = nil +} + +func (x *ScopeBindingTrait) ClearScopeResourceId() { + x.xxx_hidden_ScopeResourceId = nil +} + +type ScopeBindingTrait_builder struct { + _ [0]func() // Prevents comparability and use of unkeyed literals for the builder. + + RoleId *ResourceId + // Remove required if we add more ways to scope roles. (eg: Expressions.) + ScopeResourceId *ResourceId +} + +func (b0 ScopeBindingTrait_builder) Build() *ScopeBindingTrait { + m0 := &ScopeBindingTrait{} + b, x := &b0, m0 + _, _ = b, x + x.xxx_hidden_RoleId = b.RoleId + x.xxx_hidden_ScopeResourceId = b.ScopeResourceId return m0 } @@ -663,7 +916,7 @@ type AppTrait struct { func (x *AppTrait) Reset() { *x = AppTrait{} - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[3] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -675,7 +928,7 @@ func (x *AppTrait) String() string { func (*AppTrait) ProtoMessage() {} func (x *AppTrait) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[3] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[6] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -810,7 +1063,7 @@ type SecretTrait struct { func (x *SecretTrait) Reset() { *x = SecretTrait{} - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[4] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -822,7 +1075,7 @@ func (x *SecretTrait) String() string { func (*SecretTrait) ProtoMessage() {} func (x *SecretTrait) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[4] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[7] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -999,7 +1252,7 @@ type UserTrait_Email struct { func (x *UserTrait_Email) Reset() { *x = UserTrait_Email{} - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[5] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1011,7 +1264,7 @@ func (x *UserTrait_Email) String() string { func (*UserTrait_Email) ProtoMessage() {} func (x *UserTrait_Email) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[5] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[8] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1071,7 +1324,7 @@ type UserTrait_Status struct { func (x *UserTrait_Status) Reset() { *x = UserTrait_Status{} - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[6] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1083,7 +1336,7 @@ func (x *UserTrait_Status) String() string { func (*UserTrait_Status) ProtoMessage() {} func (x *UserTrait_Status) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[6] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[9] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1141,7 +1394,7 @@ type UserTrait_MFAStatus struct { func (x *UserTrait_MFAStatus) Reset() { *x = UserTrait_MFAStatus{} - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[7] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1153,7 +1406,7 @@ func (x *UserTrait_MFAStatus) String() string { func (*UserTrait_MFAStatus) ProtoMessage() {} func (x *UserTrait_MFAStatus) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[7] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[10] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1198,7 +1451,7 @@ type UserTrait_SSOStatus struct { func (x *UserTrait_SSOStatus) Reset() { *x = UserTrait_SSOStatus{} - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[8] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1210,7 +1463,7 @@ func (x *UserTrait_SSOStatus) String() string { func (*UserTrait_SSOStatus) ProtoMessage() {} func (x *UserTrait_SSOStatus) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[8] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[11] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1259,7 +1512,7 @@ type UserTrait_StructuredName struct { func (x *UserTrait_StructuredName) Reset() { *x = UserTrait_StructuredName{} - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[9] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1271,7 +1524,7 @@ func (x *UserTrait_StructuredName) String() string { func (*UserTrait_StructuredName) ProtoMessage() {} func (x *UserTrait_StructuredName) ProtoReflect() protoreflect.Message { - mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[9] + mi := &file_c1_connector_v2_annotation_trait_proto_msgTypes[12] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1418,9 +1671,22 @@ const file_c1_connector_v2_annotation_trait_proto_rawDesc = "" + "\n" + "GroupTrait\x12-\n" + "\x04icon\x18\x01 \x01(\v2\x19.c1.connector.v2.AssetRefR\x04icon\x121\n" + - "\aprofile\x18\x02 \x01(\v2\x17.google.protobuf.StructR\aprofile\">\n" + + "\aprofile\x18\x02 \x01(\v2\x17.google.protobuf.StructR\aprofile\"\x98\x01\n" + "\tRoleTrait\x121\n" + - "\aprofile\x18\x01 \x01(\v2\x17.google.protobuf.StructR\aprofile\"\x9a\x03\n" + + "\aprofile\x18\x01 \x01(\v2\x17.google.protobuf.StructR\aprofile\x12X\n" + + "\x15role_scope_conditions\x18\x02 \x01(\v2$.c1.connector.v2.RoleScopeConditionsR\x13roleScopeConditions\"n\n" + + "\x13RoleScopeConditions\x12\x12\n" + + "\x04type\x18\x01 \x01(\tR\x04type\x12C\n" + + "\n" + + "conditions\x18\x03 \x03(\v2#.c1.connector.v2.RoleScopeConditionR\n" + + "conditions\"4\n" + + "\x12RoleScopeCondition\x12\x1e\n" + + "\n" + + "expression\x18\x01 \x01(\tR\n" + + "expression\"\xa6\x01\n" + + "\x11ScopeBindingTrait\x12>\n" + + "\arole_id\x18\x01 \x01(\v2\x1b.c1.connector.v2.ResourceIdB\b\xfaB\x05\x8a\x01\x02\x10\x01R\x06roleId\x12Q\n" + + "\x11scope_resource_id\x18\x02 \x01(\v2\x1b.c1.connector.v2.ResourceIdB\b\xfaB\x05\x8a\x01\x02\x10\x01R\x0fscopeResourceId\"\x9a\x03\n" + "\bAppTrait\x125\n" + "\bhelp_url\x18\x01 \x01(\tB\x1a\xfaB\x17r\x15 \x01(\x80\b:\bhttps://\xd0\x01\x01\x88\x01\x01R\ahelpUrl\x12-\n" + "\x04icon\x18\x02 \x01(\v2\x19.c1.connector.v2.AssetRefR\x04icon\x12-\n" + @@ -1447,7 +1713,7 @@ const file_c1_connector_v2_annotation_trait_proto_rawDesc = "" + "identityIdB6Z4github.com/conductorone/baton-sdk/pb/c1/connector/v2b\x06proto3" var file_c1_connector_v2_annotation_trait_proto_enumTypes = make([]protoimpl.EnumInfo, 3) -var file_c1_connector_v2_annotation_trait_proto_msgTypes = make([]protoimpl.MessageInfo, 10) +var file_c1_connector_v2_annotation_trait_proto_msgTypes = make([]protoimpl.MessageInfo, 13) var file_c1_connector_v2_annotation_trait_proto_goTypes = []any{ (UserTrait_AccountType)(0), // 0: c1.connector.v2.UserTrait.AccountType (UserTrait_Status_Status)(0), // 1: c1.connector.v2.UserTrait.Status.Status @@ -1455,48 +1721,55 @@ var file_c1_connector_v2_annotation_trait_proto_goTypes = []any{ (*UserTrait)(nil), // 3: c1.connector.v2.UserTrait (*GroupTrait)(nil), // 4: c1.connector.v2.GroupTrait (*RoleTrait)(nil), // 5: c1.connector.v2.RoleTrait - (*AppTrait)(nil), // 6: c1.connector.v2.AppTrait - (*SecretTrait)(nil), // 7: c1.connector.v2.SecretTrait - (*UserTrait_Email)(nil), // 8: c1.connector.v2.UserTrait.Email - (*UserTrait_Status)(nil), // 9: c1.connector.v2.UserTrait.Status - (*UserTrait_MFAStatus)(nil), // 10: c1.connector.v2.UserTrait.MFAStatus - (*UserTrait_SSOStatus)(nil), // 11: c1.connector.v2.UserTrait.SSOStatus - (*UserTrait_StructuredName)(nil), // 12: c1.connector.v2.UserTrait.StructuredName - (*structpb.Struct)(nil), // 13: google.protobuf.Struct - (*AssetRef)(nil), // 14: c1.connector.v2.AssetRef - (*timestamppb.Timestamp)(nil), // 15: google.protobuf.Timestamp - (*ResourceId)(nil), // 16: c1.connector.v2.ResourceId + (*RoleScopeConditions)(nil), // 6: c1.connector.v2.RoleScopeConditions + (*RoleScopeCondition)(nil), // 7: c1.connector.v2.RoleScopeCondition + (*ScopeBindingTrait)(nil), // 8: c1.connector.v2.ScopeBindingTrait + (*AppTrait)(nil), // 9: c1.connector.v2.AppTrait + (*SecretTrait)(nil), // 10: c1.connector.v2.SecretTrait + (*UserTrait_Email)(nil), // 11: c1.connector.v2.UserTrait.Email + (*UserTrait_Status)(nil), // 12: c1.connector.v2.UserTrait.Status + (*UserTrait_MFAStatus)(nil), // 13: c1.connector.v2.UserTrait.MFAStatus + (*UserTrait_SSOStatus)(nil), // 14: c1.connector.v2.UserTrait.SSOStatus + (*UserTrait_StructuredName)(nil), // 15: c1.connector.v2.UserTrait.StructuredName + (*structpb.Struct)(nil), // 16: google.protobuf.Struct + (*AssetRef)(nil), // 17: c1.connector.v2.AssetRef + (*timestamppb.Timestamp)(nil), // 18: google.protobuf.Timestamp + (*ResourceId)(nil), // 19: c1.connector.v2.ResourceId } var file_c1_connector_v2_annotation_trait_proto_depIdxs = []int32{ - 8, // 0: c1.connector.v2.UserTrait.emails:type_name -> c1.connector.v2.UserTrait.Email - 9, // 1: c1.connector.v2.UserTrait.status:type_name -> c1.connector.v2.UserTrait.Status - 13, // 2: c1.connector.v2.UserTrait.profile:type_name -> google.protobuf.Struct - 14, // 3: c1.connector.v2.UserTrait.icon:type_name -> c1.connector.v2.AssetRef + 11, // 0: c1.connector.v2.UserTrait.emails:type_name -> c1.connector.v2.UserTrait.Email + 12, // 1: c1.connector.v2.UserTrait.status:type_name -> c1.connector.v2.UserTrait.Status + 16, // 2: c1.connector.v2.UserTrait.profile:type_name -> google.protobuf.Struct + 17, // 3: c1.connector.v2.UserTrait.icon:type_name -> c1.connector.v2.AssetRef 0, // 4: c1.connector.v2.UserTrait.account_type:type_name -> c1.connector.v2.UserTrait.AccountType - 15, // 5: c1.connector.v2.UserTrait.created_at:type_name -> google.protobuf.Timestamp - 15, // 6: c1.connector.v2.UserTrait.last_login:type_name -> google.protobuf.Timestamp - 10, // 7: c1.connector.v2.UserTrait.mfa_status:type_name -> c1.connector.v2.UserTrait.MFAStatus - 11, // 8: c1.connector.v2.UserTrait.sso_status:type_name -> c1.connector.v2.UserTrait.SSOStatus - 12, // 9: c1.connector.v2.UserTrait.structured_name:type_name -> c1.connector.v2.UserTrait.StructuredName - 14, // 10: c1.connector.v2.GroupTrait.icon:type_name -> c1.connector.v2.AssetRef - 13, // 11: c1.connector.v2.GroupTrait.profile:type_name -> google.protobuf.Struct - 13, // 12: c1.connector.v2.RoleTrait.profile:type_name -> google.protobuf.Struct - 14, // 13: c1.connector.v2.AppTrait.icon:type_name -> c1.connector.v2.AssetRef - 14, // 14: c1.connector.v2.AppTrait.logo:type_name -> c1.connector.v2.AssetRef - 13, // 15: c1.connector.v2.AppTrait.profile:type_name -> google.protobuf.Struct - 2, // 16: c1.connector.v2.AppTrait.flags:type_name -> c1.connector.v2.AppTrait.AppFlag - 13, // 17: c1.connector.v2.SecretTrait.profile:type_name -> google.protobuf.Struct - 15, // 18: c1.connector.v2.SecretTrait.created_at:type_name -> google.protobuf.Timestamp - 15, // 19: c1.connector.v2.SecretTrait.expires_at:type_name -> google.protobuf.Timestamp - 15, // 20: c1.connector.v2.SecretTrait.last_used_at:type_name -> google.protobuf.Timestamp - 16, // 21: c1.connector.v2.SecretTrait.created_by_id:type_name -> c1.connector.v2.ResourceId - 16, // 22: c1.connector.v2.SecretTrait.identity_id:type_name -> c1.connector.v2.ResourceId - 1, // 23: c1.connector.v2.UserTrait.Status.status:type_name -> c1.connector.v2.UserTrait.Status.Status - 24, // [24:24] is the sub-list for method output_type - 24, // [24:24] is the sub-list for method input_type - 24, // [24:24] is the sub-list for extension type_name - 24, // [24:24] is the sub-list for extension extendee - 0, // [0:24] is the sub-list for field type_name + 18, // 5: c1.connector.v2.UserTrait.created_at:type_name -> google.protobuf.Timestamp + 18, // 6: c1.connector.v2.UserTrait.last_login:type_name -> google.protobuf.Timestamp + 13, // 7: c1.connector.v2.UserTrait.mfa_status:type_name -> c1.connector.v2.UserTrait.MFAStatus + 14, // 8: c1.connector.v2.UserTrait.sso_status:type_name -> c1.connector.v2.UserTrait.SSOStatus + 15, // 9: c1.connector.v2.UserTrait.structured_name:type_name -> c1.connector.v2.UserTrait.StructuredName + 17, // 10: c1.connector.v2.GroupTrait.icon:type_name -> c1.connector.v2.AssetRef + 16, // 11: c1.connector.v2.GroupTrait.profile:type_name -> google.protobuf.Struct + 16, // 12: c1.connector.v2.RoleTrait.profile:type_name -> google.protobuf.Struct + 6, // 13: c1.connector.v2.RoleTrait.role_scope_conditions:type_name -> c1.connector.v2.RoleScopeConditions + 7, // 14: c1.connector.v2.RoleScopeConditions.conditions:type_name -> c1.connector.v2.RoleScopeCondition + 19, // 15: c1.connector.v2.ScopeBindingTrait.role_id:type_name -> c1.connector.v2.ResourceId + 19, // 16: c1.connector.v2.ScopeBindingTrait.scope_resource_id:type_name -> c1.connector.v2.ResourceId + 17, // 17: c1.connector.v2.AppTrait.icon:type_name -> c1.connector.v2.AssetRef + 17, // 18: c1.connector.v2.AppTrait.logo:type_name -> c1.connector.v2.AssetRef + 16, // 19: c1.connector.v2.AppTrait.profile:type_name -> google.protobuf.Struct + 2, // 20: c1.connector.v2.AppTrait.flags:type_name -> c1.connector.v2.AppTrait.AppFlag + 16, // 21: c1.connector.v2.SecretTrait.profile:type_name -> google.protobuf.Struct + 18, // 22: c1.connector.v2.SecretTrait.created_at:type_name -> google.protobuf.Timestamp + 18, // 23: c1.connector.v2.SecretTrait.expires_at:type_name -> google.protobuf.Timestamp + 18, // 24: c1.connector.v2.SecretTrait.last_used_at:type_name -> google.protobuf.Timestamp + 19, // 25: c1.connector.v2.SecretTrait.created_by_id:type_name -> c1.connector.v2.ResourceId + 19, // 26: c1.connector.v2.SecretTrait.identity_id:type_name -> c1.connector.v2.ResourceId + 1, // 27: c1.connector.v2.UserTrait.Status.status:type_name -> c1.connector.v2.UserTrait.Status.Status + 28, // [28:28] is the sub-list for method output_type + 28, // [28:28] is the sub-list for method input_type + 28, // [28:28] is the sub-list for extension type_name + 28, // [28:28] is the sub-list for extension extendee + 0, // [0:28] is the sub-list for field type_name } func init() { file_c1_connector_v2_annotation_trait_proto_init() } @@ -1512,7 +1785,7 @@ func file_c1_connector_v2_annotation_trait_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_c1_connector_v2_annotation_trait_proto_rawDesc), len(file_c1_connector_v2_annotation_trait_proto_rawDesc)), NumEnums: 3, - NumMessages: 10, + NumMessages: 13, NumExtensions: 0, NumServices: 0, }, diff --git a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/connector.pb.go b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/connector.pb.go index 21ac6d98..8795297d 100644 --- a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/connector.pb.go +++ b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/connector.pb.go @@ -28,19 +28,20 @@ const ( type Capability int32 const ( - Capability_CAPABILITY_UNSPECIFIED Capability = 0 - Capability_CAPABILITY_PROVISION Capability = 1 - Capability_CAPABILITY_SYNC Capability = 2 - Capability_CAPABILITY_EVENT_FEED Capability = 3 - Capability_CAPABILITY_TICKETING Capability = 4 - Capability_CAPABILITY_ACCOUNT_PROVISIONING Capability = 5 - Capability_CAPABILITY_CREDENTIAL_ROTATION Capability = 6 - Capability_CAPABILITY_RESOURCE_CREATE Capability = 7 - Capability_CAPABILITY_RESOURCE_DELETE Capability = 8 - Capability_CAPABILITY_SYNC_SECRETS Capability = 9 - Capability_CAPABILITY_ACTIONS Capability = 10 - Capability_CAPABILITY_TARGETED_SYNC Capability = 11 - Capability_CAPABILITY_EVENT_FEED_V2 Capability = 12 + Capability_CAPABILITY_UNSPECIFIED Capability = 0 + Capability_CAPABILITY_PROVISION Capability = 1 + Capability_CAPABILITY_SYNC Capability = 2 + Capability_CAPABILITY_EVENT_FEED Capability = 3 + Capability_CAPABILITY_TICKETING Capability = 4 + Capability_CAPABILITY_ACCOUNT_PROVISIONING Capability = 5 + Capability_CAPABILITY_CREDENTIAL_ROTATION Capability = 6 + Capability_CAPABILITY_RESOURCE_CREATE Capability = 7 + Capability_CAPABILITY_RESOURCE_DELETE Capability = 8 + Capability_CAPABILITY_SYNC_SECRETS Capability = 9 + Capability_CAPABILITY_ACTIONS Capability = 10 + Capability_CAPABILITY_TARGETED_SYNC Capability = 11 + Capability_CAPABILITY_EVENT_FEED_V2 Capability = 12 + Capability_CAPABILITY_SERVICE_MODE_TARGETED_SYNC Capability = 13 ) // Enum value maps for Capability. @@ -59,21 +60,23 @@ var ( 10: "CAPABILITY_ACTIONS", 11: "CAPABILITY_TARGETED_SYNC", 12: "CAPABILITY_EVENT_FEED_V2", + 13: "CAPABILITY_SERVICE_MODE_TARGETED_SYNC", } Capability_value = map[string]int32{ - "CAPABILITY_UNSPECIFIED": 0, - "CAPABILITY_PROVISION": 1, - "CAPABILITY_SYNC": 2, - "CAPABILITY_EVENT_FEED": 3, - "CAPABILITY_TICKETING": 4, - "CAPABILITY_ACCOUNT_PROVISIONING": 5, - "CAPABILITY_CREDENTIAL_ROTATION": 6, - "CAPABILITY_RESOURCE_CREATE": 7, - "CAPABILITY_RESOURCE_DELETE": 8, - "CAPABILITY_SYNC_SECRETS": 9, - "CAPABILITY_ACTIONS": 10, - "CAPABILITY_TARGETED_SYNC": 11, - "CAPABILITY_EVENT_FEED_V2": 12, + "CAPABILITY_UNSPECIFIED": 0, + "CAPABILITY_PROVISION": 1, + "CAPABILITY_SYNC": 2, + "CAPABILITY_EVENT_FEED": 3, + "CAPABILITY_TICKETING": 4, + "CAPABILITY_ACCOUNT_PROVISIONING": 5, + "CAPABILITY_CREDENTIAL_ROTATION": 6, + "CAPABILITY_RESOURCE_CREATE": 7, + "CAPABILITY_RESOURCE_DELETE": 8, + "CAPABILITY_SYNC_SECRETS": 9, + "CAPABILITY_ACTIONS": 10, + "CAPABILITY_TARGETED_SYNC": 11, + "CAPABILITY_EVENT_FEED_V2": 12, + "CAPABILITY_SERVICE_MODE_TARGETED_SYNC": 13, } ) @@ -2151,7 +2154,7 @@ const file_c1_connector_v2_connector_proto_rawDesc = "" + "\rdefault_value\x18\x01 \x03(\v2J.c1.connector.v2.ConnectorAccountCreationSchema.MapField.DefaultValueEntryR\fdefaultValue\x1av\n" + "\x11DefaultValueEntry\x12\x10\n" + "\x03key\x18\x01 \x01(\tR\x03key\x12K\n" + - "\x05value\x18\x02 \x01(\v25.c1.connector.v2.ConnectorAccountCreationSchema.FieldR\x05value:\x028\x01*\x86\x03\n" + + "\x05value\x18\x02 \x01(\v25.c1.connector.v2.ConnectorAccountCreationSchema.FieldR\x05value:\x028\x01*\xb1\x03\n" + "\n" + "Capability\x12\x1a\n" + "\x16CAPABILITY_UNSPECIFIED\x10\x00\x12\x18\n" + @@ -2167,7 +2170,8 @@ const file_c1_connector_v2_connector_proto_rawDesc = "" + "\x12CAPABILITY_ACTIONS\x10\n" + "\x12\x1c\n" + "\x18CAPABILITY_TARGETED_SYNC\x10\v\x12\x1c\n" + - "\x18CAPABILITY_EVENT_FEED_V2\x10\f*\xae\x02\n" + + "\x18CAPABILITY_EVENT_FEED_V2\x10\f\x12)\n" + + "%CAPABILITY_SERVICE_MODE_TARGETED_SYNC\x10\r*\xae\x02\n" + " CapabilityDetailCredentialOption\x123\n" + "/CAPABILITY_DETAIL_CREDENTIAL_OPTION_UNSPECIFIED\x10\x00\x123\n" + "/CAPABILITY_DETAIL_CREDENTIAL_OPTION_NO_PASSWORD\x10\x01\x127\n" + diff --git a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/connector_protoopaque.pb.go b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/connector_protoopaque.pb.go index e8ec7de5..2025995c 100644 --- a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/connector_protoopaque.pb.go +++ b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/connector_protoopaque.pb.go @@ -28,19 +28,20 @@ const ( type Capability int32 const ( - Capability_CAPABILITY_UNSPECIFIED Capability = 0 - Capability_CAPABILITY_PROVISION Capability = 1 - Capability_CAPABILITY_SYNC Capability = 2 - Capability_CAPABILITY_EVENT_FEED Capability = 3 - Capability_CAPABILITY_TICKETING Capability = 4 - Capability_CAPABILITY_ACCOUNT_PROVISIONING Capability = 5 - Capability_CAPABILITY_CREDENTIAL_ROTATION Capability = 6 - Capability_CAPABILITY_RESOURCE_CREATE Capability = 7 - Capability_CAPABILITY_RESOURCE_DELETE Capability = 8 - Capability_CAPABILITY_SYNC_SECRETS Capability = 9 - Capability_CAPABILITY_ACTIONS Capability = 10 - Capability_CAPABILITY_TARGETED_SYNC Capability = 11 - Capability_CAPABILITY_EVENT_FEED_V2 Capability = 12 + Capability_CAPABILITY_UNSPECIFIED Capability = 0 + Capability_CAPABILITY_PROVISION Capability = 1 + Capability_CAPABILITY_SYNC Capability = 2 + Capability_CAPABILITY_EVENT_FEED Capability = 3 + Capability_CAPABILITY_TICKETING Capability = 4 + Capability_CAPABILITY_ACCOUNT_PROVISIONING Capability = 5 + Capability_CAPABILITY_CREDENTIAL_ROTATION Capability = 6 + Capability_CAPABILITY_RESOURCE_CREATE Capability = 7 + Capability_CAPABILITY_RESOURCE_DELETE Capability = 8 + Capability_CAPABILITY_SYNC_SECRETS Capability = 9 + Capability_CAPABILITY_ACTIONS Capability = 10 + Capability_CAPABILITY_TARGETED_SYNC Capability = 11 + Capability_CAPABILITY_EVENT_FEED_V2 Capability = 12 + Capability_CAPABILITY_SERVICE_MODE_TARGETED_SYNC Capability = 13 ) // Enum value maps for Capability. @@ -59,21 +60,23 @@ var ( 10: "CAPABILITY_ACTIONS", 11: "CAPABILITY_TARGETED_SYNC", 12: "CAPABILITY_EVENT_FEED_V2", + 13: "CAPABILITY_SERVICE_MODE_TARGETED_SYNC", } Capability_value = map[string]int32{ - "CAPABILITY_UNSPECIFIED": 0, - "CAPABILITY_PROVISION": 1, - "CAPABILITY_SYNC": 2, - "CAPABILITY_EVENT_FEED": 3, - "CAPABILITY_TICKETING": 4, - "CAPABILITY_ACCOUNT_PROVISIONING": 5, - "CAPABILITY_CREDENTIAL_ROTATION": 6, - "CAPABILITY_RESOURCE_CREATE": 7, - "CAPABILITY_RESOURCE_DELETE": 8, - "CAPABILITY_SYNC_SECRETS": 9, - "CAPABILITY_ACTIONS": 10, - "CAPABILITY_TARGETED_SYNC": 11, - "CAPABILITY_EVENT_FEED_V2": 12, + "CAPABILITY_UNSPECIFIED": 0, + "CAPABILITY_PROVISION": 1, + "CAPABILITY_SYNC": 2, + "CAPABILITY_EVENT_FEED": 3, + "CAPABILITY_TICKETING": 4, + "CAPABILITY_ACCOUNT_PROVISIONING": 5, + "CAPABILITY_CREDENTIAL_ROTATION": 6, + "CAPABILITY_RESOURCE_CREATE": 7, + "CAPABILITY_RESOURCE_DELETE": 8, + "CAPABILITY_SYNC_SECRETS": 9, + "CAPABILITY_ACTIONS": 10, + "CAPABILITY_TARGETED_SYNC": 11, + "CAPABILITY_EVENT_FEED_V2": 12, + "CAPABILITY_SERVICE_MODE_TARGETED_SYNC": 13, } ) @@ -2173,7 +2176,7 @@ const file_c1_connector_v2_connector_proto_rawDesc = "" + "\rdefault_value\x18\x01 \x03(\v2J.c1.connector.v2.ConnectorAccountCreationSchema.MapField.DefaultValueEntryR\fdefaultValue\x1av\n" + "\x11DefaultValueEntry\x12\x10\n" + "\x03key\x18\x01 \x01(\tR\x03key\x12K\n" + - "\x05value\x18\x02 \x01(\v25.c1.connector.v2.ConnectorAccountCreationSchema.FieldR\x05value:\x028\x01*\x86\x03\n" + + "\x05value\x18\x02 \x01(\v25.c1.connector.v2.ConnectorAccountCreationSchema.FieldR\x05value:\x028\x01*\xb1\x03\n" + "\n" + "Capability\x12\x1a\n" + "\x16CAPABILITY_UNSPECIFIED\x10\x00\x12\x18\n" + @@ -2189,7 +2192,8 @@ const file_c1_connector_v2_connector_proto_rawDesc = "" + "\x12CAPABILITY_ACTIONS\x10\n" + "\x12\x1c\n" + "\x18CAPABILITY_TARGETED_SYNC\x10\v\x12\x1c\n" + - "\x18CAPABILITY_EVENT_FEED_V2\x10\f*\xae\x02\n" + + "\x18CAPABILITY_EVENT_FEED_V2\x10\f\x12)\n" + + "%CAPABILITY_SERVICE_MODE_TARGETED_SYNC\x10\r*\xae\x02\n" + " CapabilityDetailCredentialOption\x123\n" + "/CAPABILITY_DETAIL_CREDENTIAL_OPTION_UNSPECIFIED\x10\x00\x123\n" + "/CAPABILITY_DETAIL_CREDENTIAL_OPTION_NO_PASSWORD\x10\x01\x127\n" + diff --git a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/resource.pb.go b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/resource.pb.go index e86d89c8..34601877 100644 --- a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/resource.pb.go +++ b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/resource.pb.go @@ -35,6 +35,7 @@ const ( ResourceType_TRAIT_APP ResourceType_Trait = 4 ResourceType_TRAIT_SECRET ResourceType_Trait = 5 ResourceType_TRAIT_SECURITY_INSIGHT ResourceType_Trait = 6 + ResourceType_TRAIT_SCOPE_BINDING ResourceType_Trait = 7 ) // Enum value maps for ResourceType_Trait. @@ -47,6 +48,7 @@ var ( 4: "TRAIT_APP", 5: "TRAIT_SECRET", 6: "TRAIT_SECURITY_INSIGHT", + 7: "TRAIT_SCOPE_BINDING", } ResourceType_Trait_value = map[string]int32{ "TRAIT_UNSPECIFIED": 0, @@ -56,6 +58,7 @@ var ( "TRAIT_APP": 4, "TRAIT_SECRET": 5, "TRAIT_SECURITY_INSIGHT": 6, + "TRAIT_SCOPE_BINDING": 7, } ) @@ -81,7 +84,6 @@ func (x ResourceType_Trait) Number() protoreflect.EnumNumber { return protoreflect.EnumNumber(x) } -// FIXME(mstanbCO): call this something else? Should it just be a bool? Possibly just use an annotation? type Resource_CreationSource int32 const ( @@ -2820,17 +2822,23 @@ func (b0 ResourceId_builder) Build() *ResourceId { } type Resource struct { - state protoimpl.MessageState `protogen:"hybrid.v1"` - Id *ResourceId `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` - ParentResourceId *ResourceId `protobuf:"bytes,2,opt,name=parent_resource_id,json=parentResourceId,proto3" json:"parent_resource_id,omitempty"` - DisplayName string `protobuf:"bytes,3,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` - Annotations []*anypb.Any `protobuf:"bytes,4,rep,name=annotations,proto3" json:"annotations,omitempty"` - Description string `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty"` - BatonResource bool `protobuf:"varint,6,opt,name=baton_resource,json=batonResource,proto3" json:"baton_resource,omitempty"` - ExternalId *ExternalId `protobuf:"bytes,7,opt,name=external_id,json=externalId,proto3" json:"external_id,omitempty"` - CreationSource Resource_CreationSource `protobuf:"varint,8,opt,name=creation_source,json=creationSource,proto3,enum=c1.connector.v2.Resource_CreationSource" json:"creation_source,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"hybrid.v1"` + Id *ResourceId `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + ParentResourceId *ResourceId `protobuf:"bytes,2,opt,name=parent_resource_id,json=parentResourceId,proto3" json:"parent_resource_id,omitempty"` + DisplayName string `protobuf:"bytes,3,opt,name=display_name,json=displayName,proto3" json:"display_name,omitempty"` + Annotations []*anypb.Any `protobuf:"bytes,4,rep,name=annotations,proto3" json:"annotations,omitempty"` + Description string `protobuf:"bytes,5,opt,name=description,proto3" json:"description,omitempty"` + BatonResource bool `protobuf:"varint,6,opt,name=baton_resource,json=batonResource,proto3" json:"baton_resource,omitempty"` + // Deprecated. This is no longer used. + // + // Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. + ExternalId *ExternalId `protobuf:"bytes,7,opt,name=external_id,json=externalId,proto3" json:"external_id,omitempty"` + // Deprecated. This is no longer used. + // + // Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. + CreationSource Resource_CreationSource `protobuf:"varint,8,opt,name=creation_source,json=creationSource,proto3,enum=c1.connector.v2.Resource_CreationSource" json:"creation_source,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *Resource) Reset() { @@ -2900,6 +2908,7 @@ func (x *Resource) GetBatonResource() bool { return false } +// Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. func (x *Resource) GetExternalId() *ExternalId { if x != nil { return x.ExternalId @@ -2907,6 +2916,7 @@ func (x *Resource) GetExternalId() *ExternalId { return nil } +// Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. func (x *Resource) GetCreationSource() Resource_CreationSource { if x != nil { return x.CreationSource @@ -2938,10 +2948,12 @@ func (x *Resource) SetBatonResource(v bool) { x.BatonResource = v } +// Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. func (x *Resource) SetExternalId(v *ExternalId) { x.ExternalId = v } +// Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. func (x *Resource) SetCreationSource(v Resource_CreationSource) { x.CreationSource = v } @@ -2960,6 +2972,7 @@ func (x *Resource) HasParentResourceId() bool { return x.ParentResourceId != nil } +// Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. func (x *Resource) HasExternalId() bool { if x == nil { return false @@ -2975,6 +2988,7 @@ func (x *Resource) ClearParentResourceId() { x.ParentResourceId = nil } +// Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. func (x *Resource) ClearExternalId() { x.ExternalId = nil } @@ -2988,8 +3002,14 @@ type Resource_builder struct { Annotations []*anypb.Any Description string BatonResource bool - ExternalId *ExternalId - CreationSource Resource_CreationSource + // Deprecated. This is no longer used. + // + // Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. + ExternalId *ExternalId + // Deprecated. This is no longer used. + // + // Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. + CreationSource Resource_CreationSource } func (b0 Resource_builder) Build() *Resource { @@ -4453,7 +4473,7 @@ var File_c1_connector_v2_resource_proto protoreflect.FileDescriptor const file_c1_connector_v2_resource_proto_rawDesc = "" + "\n" + - "\x1ec1/connector/v2/resource.proto\x12\x0fc1.connector.v2\x1a\x19google/protobuf/any.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x17validate/validate.proto\"\xd1\x03\n" + + "\x1ec1/connector/v2/resource.proto\x12\x0fc1.connector.v2\x1a\x19google/protobuf/any.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x17validate/validate.proto\"\xea\x03\n" + "\fResourceType\x12\x1a\n" + "\x02id\x18\x01 \x01(\tB\n" + "\xfaB\ar\x05 \x01(\x80\bR\x02id\x120\n" + @@ -4463,7 +4483,7 @@ const file_c1_connector_v2_resource_proto_rawDesc = "" + "\vannotations\x18\x04 \x03(\v2\x14.google.protobuf.AnyR\vannotations\x12/\n" + "\vdescription\x18\x05 \x01(\tB\r\xfaB\n" + "r\b \x01(\x80 \xd0\x01\x01R\vdescription\x12-\n" + - "\x12sourced_externally\x18\x06 \x01(\bR\x11sourcedExternally\"\x8c\x01\n" + + "\x12sourced_externally\x18\x06 \x01(\bR\x11sourcedExternally\"\xa5\x01\n" + "\x05Trait\x12\x15\n" + "\x11TRAIT_UNSPECIFIED\x10\x00\x12\x0e\n" + "\n" + @@ -4473,7 +4493,8 @@ const file_c1_connector_v2_resource_proto_rawDesc = "" + "TRAIT_ROLE\x10\x03\x12\r\n" + "\tTRAIT_APP\x10\x04\x12\x10\n" + "\fTRAIT_SECRET\x10\x05\x12\x1a\n" + - "\x16TRAIT_SECURITY_INSIGHT\x10\x06\"\xa6\x02\n" + + "\x16TRAIT_SECURITY_INSIGHT\x10\x06\x12\x17\n" + + "\x13TRAIT_SCOPE_BINDING\x10\a\"\xa6\x02\n" + ",ResourceTypesServiceListResourceTypesRequest\x121\n" + "\x06parent\x18\x01 \x01(\v2\x19.c1.connector.v2.ResourceR\x06parent\x12'\n" + "\tpage_size\x18\x02 \x01(\rB\n" + @@ -4615,7 +4636,7 @@ const file_c1_connector_v2_resource_proto_rawDesc = "" + "\xfaB\ar\x05 \x01(\x80\bR\fresourceType\x12&\n" + "\bresource\x18\x02 \x01(\tB\n" + "\xfaB\ar\x05 \x01(\x80\bR\bresource\x12%\n" + - "\x0ebaton_resource\x18\x03 \x01(\bR\rbatonResource\"\xf0\x04\n" + + "\x0ebaton_resource\x18\x03 \x01(\bR\rbatonResource\"\xf8\x04\n" + "\bResource\x12+\n" + "\x02id\x18\x01 \x01(\v2\x1b.c1.connector.v2.ResourceIdR\x02id\x12I\n" + "\x12parent_resource_id\x18\x02 \x01(\v2\x1b.c1.connector.v2.ResourceIdR\x10parentResourceId\x120\n" + @@ -4624,10 +4645,10 @@ const file_c1_connector_v2_resource_proto_rawDesc = "" + "\vannotations\x18\x04 \x03(\v2\x14.google.protobuf.AnyR\vannotations\x12/\n" + "\vdescription\x18\x05 \x01(\tB\r\xfaB\n" + "r\b \x01(\x80\x10\xd0\x01\x01R\vdescription\x12%\n" + - "\x0ebaton_resource\x18\x06 \x01(\bR\rbatonResource\x12<\n" + - "\vexternal_id\x18\a \x01(\v2\x1b.c1.connector.v2.ExternalIdR\n" + - "externalId\x12Q\n" + - "\x0fcreation_source\x18\b \x01(\x0e2(.c1.connector.v2.Resource.CreationSourceR\x0ecreationSource\"\x98\x01\n" + + "\x0ebaton_resource\x18\x06 \x01(\bR\rbatonResource\x12@\n" + + "\vexternal_id\x18\a \x01(\v2\x1b.c1.connector.v2.ExternalIdB\x02\x18\x01R\n" + + "externalId\x12U\n" + + "\x0fcreation_source\x18\b \x01(\x0e2(.c1.connector.v2.Resource.CreationSourceB\x02\x18\x01R\x0ecreationSource\"\x98\x01\n" + "\x0eCreationSource\x12\x1f\n" + "\x1bCREATION_SOURCE_UNSPECIFIED\x10\x00\x12,\n" + "(CREATION_SOURCE_CONNECTOR_LIST_RESOURCES\x10\x01\x127\n" + diff --git a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/resource_protoopaque.pb.go b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/resource_protoopaque.pb.go index c2093c67..12dcb8a5 100644 --- a/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/resource_protoopaque.pb.go +++ b/vendor/github.com/conductorone/baton-sdk/pb/c1/connector/v2/resource_protoopaque.pb.go @@ -35,6 +35,7 @@ const ( ResourceType_TRAIT_APP ResourceType_Trait = 4 ResourceType_TRAIT_SECRET ResourceType_Trait = 5 ResourceType_TRAIT_SECURITY_INSIGHT ResourceType_Trait = 6 + ResourceType_TRAIT_SCOPE_BINDING ResourceType_Trait = 7 ) // Enum value maps for ResourceType_Trait. @@ -47,6 +48,7 @@ var ( 4: "TRAIT_APP", 5: "TRAIT_SECRET", 6: "TRAIT_SECURITY_INSIGHT", + 7: "TRAIT_SCOPE_BINDING", } ResourceType_Trait_value = map[string]int32{ "TRAIT_UNSPECIFIED": 0, @@ -56,6 +58,7 @@ var ( "TRAIT_APP": 4, "TRAIT_SECRET": 5, "TRAIT_SECURITY_INSIGHT": 6, + "TRAIT_SCOPE_BINDING": 7, } ) @@ -81,7 +84,6 @@ func (x ResourceType_Trait) Number() protoreflect.EnumNumber { return protoreflect.EnumNumber(x) } -// FIXME(mstanbCO): call this something else? Should it just be a bool? Possibly just use an annotation? type Resource_CreationSource int32 const ( @@ -2878,6 +2880,7 @@ func (x *Resource) GetBatonResource() bool { return false } +// Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. func (x *Resource) GetExternalId() *ExternalId { if x != nil { return x.xxx_hidden_ExternalId @@ -2885,6 +2888,7 @@ func (x *Resource) GetExternalId() *ExternalId { return nil } +// Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. func (x *Resource) GetCreationSource() Resource_CreationSource { if x != nil { return x.xxx_hidden_CreationSource @@ -2916,10 +2920,12 @@ func (x *Resource) SetBatonResource(v bool) { x.xxx_hidden_BatonResource = v } +// Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. func (x *Resource) SetExternalId(v *ExternalId) { x.xxx_hidden_ExternalId = v } +// Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. func (x *Resource) SetCreationSource(v Resource_CreationSource) { x.xxx_hidden_CreationSource = v } @@ -2938,6 +2944,7 @@ func (x *Resource) HasParentResourceId() bool { return x.xxx_hidden_ParentResourceId != nil } +// Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. func (x *Resource) HasExternalId() bool { if x == nil { return false @@ -2953,6 +2960,7 @@ func (x *Resource) ClearParentResourceId() { x.xxx_hidden_ParentResourceId = nil } +// Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. func (x *Resource) ClearExternalId() { x.xxx_hidden_ExternalId = nil } @@ -2966,8 +2974,14 @@ type Resource_builder struct { Annotations []*anypb.Any Description string BatonResource bool - ExternalId *ExternalId - CreationSource Resource_CreationSource + // Deprecated. This is no longer used. + // + // Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. + ExternalId *ExternalId + // Deprecated. This is no longer used. + // + // Deprecated: Marked as deprecated in c1/connector/v2/resource.proto. + CreationSource Resource_CreationSource } func (b0 Resource_builder) Build() *Resource { @@ -4446,7 +4460,7 @@ var File_c1_connector_v2_resource_proto protoreflect.FileDescriptor const file_c1_connector_v2_resource_proto_rawDesc = "" + "\n" + - "\x1ec1/connector/v2/resource.proto\x12\x0fc1.connector.v2\x1a\x19google/protobuf/any.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x17validate/validate.proto\"\xd1\x03\n" + + "\x1ec1/connector/v2/resource.proto\x12\x0fc1.connector.v2\x1a\x19google/protobuf/any.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x17validate/validate.proto\"\xea\x03\n" + "\fResourceType\x12\x1a\n" + "\x02id\x18\x01 \x01(\tB\n" + "\xfaB\ar\x05 \x01(\x80\bR\x02id\x120\n" + @@ -4456,7 +4470,7 @@ const file_c1_connector_v2_resource_proto_rawDesc = "" + "\vannotations\x18\x04 \x03(\v2\x14.google.protobuf.AnyR\vannotations\x12/\n" + "\vdescription\x18\x05 \x01(\tB\r\xfaB\n" + "r\b \x01(\x80 \xd0\x01\x01R\vdescription\x12-\n" + - "\x12sourced_externally\x18\x06 \x01(\bR\x11sourcedExternally\"\x8c\x01\n" + + "\x12sourced_externally\x18\x06 \x01(\bR\x11sourcedExternally\"\xa5\x01\n" + "\x05Trait\x12\x15\n" + "\x11TRAIT_UNSPECIFIED\x10\x00\x12\x0e\n" + "\n" + @@ -4466,7 +4480,8 @@ const file_c1_connector_v2_resource_proto_rawDesc = "" + "TRAIT_ROLE\x10\x03\x12\r\n" + "\tTRAIT_APP\x10\x04\x12\x10\n" + "\fTRAIT_SECRET\x10\x05\x12\x1a\n" + - "\x16TRAIT_SECURITY_INSIGHT\x10\x06\"\xa6\x02\n" + + "\x16TRAIT_SECURITY_INSIGHT\x10\x06\x12\x17\n" + + "\x13TRAIT_SCOPE_BINDING\x10\a\"\xa6\x02\n" + ",ResourceTypesServiceListResourceTypesRequest\x121\n" + "\x06parent\x18\x01 \x01(\v2\x19.c1.connector.v2.ResourceR\x06parent\x12'\n" + "\tpage_size\x18\x02 \x01(\rB\n" + @@ -4608,7 +4623,7 @@ const file_c1_connector_v2_resource_proto_rawDesc = "" + "\xfaB\ar\x05 \x01(\x80\bR\fresourceType\x12&\n" + "\bresource\x18\x02 \x01(\tB\n" + "\xfaB\ar\x05 \x01(\x80\bR\bresource\x12%\n" + - "\x0ebaton_resource\x18\x03 \x01(\bR\rbatonResource\"\xf0\x04\n" + + "\x0ebaton_resource\x18\x03 \x01(\bR\rbatonResource\"\xf8\x04\n" + "\bResource\x12+\n" + "\x02id\x18\x01 \x01(\v2\x1b.c1.connector.v2.ResourceIdR\x02id\x12I\n" + "\x12parent_resource_id\x18\x02 \x01(\v2\x1b.c1.connector.v2.ResourceIdR\x10parentResourceId\x120\n" + @@ -4617,10 +4632,10 @@ const file_c1_connector_v2_resource_proto_rawDesc = "" + "\vannotations\x18\x04 \x03(\v2\x14.google.protobuf.AnyR\vannotations\x12/\n" + "\vdescription\x18\x05 \x01(\tB\r\xfaB\n" + "r\b \x01(\x80\x10\xd0\x01\x01R\vdescription\x12%\n" + - "\x0ebaton_resource\x18\x06 \x01(\bR\rbatonResource\x12<\n" + - "\vexternal_id\x18\a \x01(\v2\x1b.c1.connector.v2.ExternalIdR\n" + - "externalId\x12Q\n" + - "\x0fcreation_source\x18\b \x01(\x0e2(.c1.connector.v2.Resource.CreationSourceR\x0ecreationSource\"\x98\x01\n" + + "\x0ebaton_resource\x18\x06 \x01(\bR\rbatonResource\x12@\n" + + "\vexternal_id\x18\a \x01(\v2\x1b.c1.connector.v2.ExternalIdB\x02\x18\x01R\n" + + "externalId\x12U\n" + + "\x0fcreation_source\x18\b \x01(\x0e2(.c1.connector.v2.Resource.CreationSourceB\x02\x18\x01R\x0ecreationSource\"\x98\x01\n" + "\x0eCreationSource\x12\x1f\n" + "\x1bCREATION_SOURCE_UNSPECIFIED\x10\x00\x12,\n" + "(CREATION_SOURCE_CONNECTOR_LIST_RESOURCES\x10\x01\x127\n" + diff --git a/vendor/github.com/conductorone/baton-sdk/pkg/connectorstore/connectorstore.go b/vendor/github.com/conductorone/baton-sdk/pkg/connectorstore/connectorstore.go index 64e352ec..65793949 100644 --- a/vendor/github.com/conductorone/baton-sdk/pkg/connectorstore/connectorstore.go +++ b/vendor/github.com/conductorone/baton-sdk/pkg/connectorstore/connectorstore.go @@ -11,10 +11,12 @@ import ( type SyncType string const ( - SyncTypeFull SyncType = "full" - SyncTypePartial SyncType = "partial" - SyncTypeResourcesOnly SyncType = "resources_only" - SyncTypeAny SyncType = "" + SyncTypeFull SyncType = "full" + SyncTypePartial SyncType = "partial" + SyncTypeResourcesOnly SyncType = "resources_only" + SyncTypePartialUpserts SyncType = "partial_upserts" // Diff sync: additions and modifications + SyncTypePartialDeletions SyncType = "partial_deletions" // Diff sync: deletions + SyncTypeAny SyncType = "" ) var AllSyncTypes = []SyncType{ @@ -22,6 +24,8 @@ var AllSyncTypes = []SyncType{ SyncTypeFull, SyncTypePartial, SyncTypeResourcesOnly, + SyncTypePartialUpserts, + SyncTypePartialDeletions, } // ConnectorStoreReader implements the ConnectorV2 API, along with getters for individual objects. @@ -44,7 +48,7 @@ type Reader interface { // the GRPC api, but because this is defined as a streaming RPC, it isn't trivial to implement grpc streaming as part of the c1z format. GetAsset(ctx context.Context, req *v2.AssetServiceGetAssetRequest) (string, io.Reader, error) - Close() error + Close(ctx context.Context) error } // ConnectorStoreWriter defines an implementation for a connector v2 datasource writer. This is used to store sync data from an upstream provider. diff --git a/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/c1file.go b/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/c1file.go index 548968ce..19876916 100644 --- a/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/c1file.go +++ b/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/c1file.go @@ -11,6 +11,7 @@ import ( "time" "github.com/doug-martin/goqu/v9" + "github.com/grpc-ecosystem/go-grpc-middleware/logging/zap/ctxzap" "go.uber.org/zap" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" @@ -46,6 +47,8 @@ type C1File struct { pragmas []pragma readOnly bool encoderConcurrency int + closed bool + closedMu sync.Mutex // Cached sync run for listConnectorObjects (avoids N+1 queries) cachedViewSyncRun *syncRun @@ -57,6 +60,9 @@ type C1File struct { slowQueryLogTimesMu sync.Mutex slowQueryThreshold time.Duration slowQueryLogFrequency time.Duration + + // Sync cleanup settings + syncLimit int } var _ connectorstore.Writer = (*C1File)(nil) @@ -90,6 +96,14 @@ func WithC1FEncoderConcurrency(concurrency int) C1FOption { } } +// WithC1FSyncCountLimit sets the number of syncs to keep during cleanup. +// If not set, defaults to 2 (or BATON_KEEP_SYNC_COUNT env var if set). +func WithC1FSyncCountLimit(limit int) C1FOption { + return func(o *C1File) { + o.syncLimit = limit + } +} + // Returns a C1File instance for the given db filepath. func NewC1File(ctx context.Context, dbFilePath string, opts ...C1FOption) (*C1File, error) { ctx, span := tracer.Start(ctx, "NewC1File") @@ -136,7 +150,9 @@ type c1zOptions struct { decoderOptions []DecoderOption readOnly bool encoderConcurrency int + syncLimit int } + type C1ZOption func(*c1zOptions) // WithTmpDir sets the temporary directory to extract the c1z file to. @@ -176,6 +192,14 @@ func WithEncoderConcurrency(concurrency int) C1ZOption { } } +// WithSyncLimit sets the number of syncs to keep during cleanup. +// If not set, defaults to 2 (or BATON_KEEP_SYNC_COUNT env var if set). +func WithSyncLimit(limit int) C1ZOption { + return func(o *c1zOptions) { + o.syncLimit = limit + } +} + // Returns a new C1File instance with its state stored at the provided filename. func NewC1ZFile(ctx context.Context, outputFilePath string, opts ...C1ZOption) (*C1File, error) { ctx, span := tracer.Start(ctx, "NewC1ZFile") @@ -204,6 +228,9 @@ func NewC1ZFile(ctx context.Context, outputFilePath string, opts ...C1ZOption) ( return nil, fmt.Errorf("encoder concurrency must be greater than 0") } c1fopts = append(c1fopts, WithC1FEncoderConcurrency(options.encoderConcurrency)) + if options.syncLimit > 0 { + c1fopts = append(c1fopts, WithC1FSyncCountLimit(options.syncLimit)) + } c1File, err := NewC1File(ctx, dbFilePath, c1fopts...) if err != nil { @@ -226,17 +253,18 @@ func cleanupDbDir(dbFilePath string, err error) error { var ErrReadOnly = errors.New("c1z: read only mode") // Close ensures that the sqlite database is flushed to disk, and if any changes were made we update the original database -// with our changes. It uses context.Background() for the WAL checkpoint operation. -// Use CloseContext to pass a specific context. -func (c *C1File) Close() error { - return c.CloseContext(context.Background()) -} - -// CloseContext ensures that the sqlite database is flushed to disk, and if any changes were made we update the original database // with our changes. The provided context is used for the WAL checkpoint operation. -func (c *C1File) CloseContext(ctx context.Context) error { +func (c *C1File) Close(ctx context.Context) error { var err error + c.closedMu.Lock() + defer c.closedMu.Unlock() + if c.closed { + l := ctxzap.Extract(ctx) + l.Warn("close called on already-closed c1file", zap.String("db_path", c.dbFilePath)) + return nil + } + if c.rawDb != nil { // CRITICAL: Force a full WAL checkpoint before closing the database. // This ensures all WAL data is written back to the main database file @@ -251,13 +279,14 @@ func (c *C1File) CloseContext(ctx context.Context) error { if c.dbUpdated && !c.readOnly { _, err = c.rawDb.ExecContext(ctx, "PRAGMA wal_checkpoint(TRUNCATE)") if err != nil { + l := ctxzap.Extract(ctx) // Checkpoint failed - log and continue. The subsequent Close() // will attempt a passive checkpoint. If that also fails, we'll // get an error from Close() or saveC1z() will read stale data. // We log here for debugging but don't fail because: // 1. Close() will still attempt its own checkpoint // 2. The error might be transient (busy) - zap.L().Warn("WAL checkpoint failed before close", + l.Warn("WAL checkpoint failed before close", zap.Error(err), zap.String("db_path", c.dbFilePath)) } @@ -282,7 +311,13 @@ func (c *C1File) CloseContext(ctx context.Context) error { } } - return cleanupDbDir(c.dbFilePath, err) + err = cleanupDbDir(c.dbFilePath, err) + if err != nil { + return err + } + c.closed = true + + return nil } // init ensures that the database has all of the required schema. diff --git a/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/c1file_attached.go b/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/c1file_attached.go index d7ee4c6d..54e64f4f 100644 --- a/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/c1file_attached.go +++ b/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/c1file_attached.go @@ -2,12 +2,15 @@ package dotc1z import ( "context" + "database/sql" "errors" "fmt" + "time" reader_v2 "github.com/conductorone/baton-sdk/pb/c1/reader/v2" "github.com/conductorone/baton-sdk/pkg/connectorstore" "github.com/doug-martin/goqu/v9" + "github.com/segmentio/ksuid" ) type C1FileAttached struct { @@ -37,8 +40,8 @@ func (c *C1FileAttached) CompactTable(ctx context.Context, baseSyncID string, ap selectList += ", " } columnList += col - if col == "sync_id" { - selectList += "? as sync_id" + if col == "sync_id" { //nolint:goconst,nolintlint // ... + selectList += "? as sync_id" //nolint:goconst,nolintlint // ... } else { selectList += col } @@ -174,3 +177,223 @@ func (c *C1FileAttached) UpdateSync(ctx context.Context, baseSync *reader_v2.Syn return nil } + +// GenerateSyncDiffFromFile compares the old sync (in attached) with the new sync (in main) +// and generates two new syncs in the main database. +// +// IMPORTANT: This assumes main=NEW/compacted and attached=OLD/base: +// - diffTableFromAttached: items in attached (OLD) not in main (NEW) = deletions +// - diffTableFromMain: items in main (NEW) not in attached (OLD) = upserts (additions) +// +// Parameters: +// - oldSyncID: the sync ID in the attached database (OLD/base state) +// - newSyncID: the sync ID in the main database (NEW/compacted state) +// +// Returns (upsertsSyncID, deletionsSyncID, error). +func (c *C1FileAttached) GenerateSyncDiffFromFile(ctx context.Context, oldSyncID string, newSyncID string) (string, string, error) { + if !c.safe { + return "", "", errors.New("database has been detached") + } + + ctx, span := tracer.Start(ctx, "C1FileAttached.GenerateSyncDiffFromFile") + defer span.End() + + // Generate unique IDs for the diff syncs + deletionsSyncID := ksuid.New().String() + upsertsSyncID := ksuid.New().String() + + // Start transaction for atomicity + tx, err := c.file.rawDb.BeginTx(ctx, nil) + if err != nil { + return "", "", fmt.Errorf("failed to begin transaction: %w", err) + } + + // Ensure rollback on error + committed := false + defer func() { + if !committed { + _ = tx.Rollback() + } + }() + + now := time.Now().Format("2006-01-02 15:04:05.999999999") + + // Create the deletions sync first (so upserts is "latest") + // Link it to upserts sync bidirectionally + deletionsInsert := c.file.db.Insert(syncRuns.Name()).Rows(goqu.Record{ + "sync_id": deletionsSyncID, + "started_at": now, + "sync_token": "", + "sync_type": connectorstore.SyncTypePartialDeletions, + "parent_sync_id": oldSyncID, + "linked_sync_id": upsertsSyncID, + }) + query, args, err := deletionsInsert.ToSQL() + if err != nil { + return "", "", fmt.Errorf("failed to build deletions sync insert: %w", err) + } + if _, err = tx.ExecContext(ctx, query, args...); err != nil { + return "", "", fmt.Errorf("failed to create deletions sync: %w", err) + } + + // Create the upserts sync, linked to deletions sync + upsertsInsert := c.file.db.Insert(syncRuns.Name()).Rows(goqu.Record{ + "sync_id": upsertsSyncID, + "started_at": now, + "sync_token": "", + "sync_type": connectorstore.SyncTypePartialUpserts, + "parent_sync_id": oldSyncID, + "linked_sync_id": deletionsSyncID, + }) + query, args, err = upsertsInsert.ToSQL() + if err != nil { + return "", "", fmt.Errorf("failed to build upserts sync insert: %w", err) + } + if _, err = tx.ExecContext(ctx, query, args...); err != nil { + return "", "", fmt.Errorf("failed to create upserts sync: %w", err) + } + + // Process each table + // main=NEW, attached=OLD + // - diffTableFromAttachedTx finds items in OLD not in NEW = deletions + // - diffTableFromMainTx finds items in NEW not in OLD or modified = upserts + tables := []string{"v1_resource_types", "v1_resources", "v1_entitlements", "v1_grants"} + for _, tableName := range tables { + if err := c.diffTableFromAttachedTx(ctx, tx, tableName, oldSyncID, newSyncID, deletionsSyncID); err != nil { + return "", "", fmt.Errorf("failed to generate deletions for %s: %w", tableName, err) + } + if err := c.diffTableFromMainTx(ctx, tx, tableName, oldSyncID, newSyncID, upsertsSyncID); err != nil { + return "", "", fmt.Errorf("failed to generate upserts for %s: %w", tableName, err) + } + } + + // End the syncs (deletions first, then upserts) + endedAt := time.Now().Format("2006-01-02 15:04:05.999999999") + + endDeletions := c.file.db.Update(syncRuns.Name()). + Set(goqu.Record{"ended_at": endedAt}). + Where(goqu.C("sync_id").Eq(deletionsSyncID), goqu.C("ended_at").IsNull()) + query, args, err = endDeletions.ToSQL() + if err != nil { + return "", "", fmt.Errorf("failed to build end deletions sync: %w", err) + } + if _, err = tx.ExecContext(ctx, query, args...); err != nil { + return "", "", fmt.Errorf("failed to end deletions sync: %w", err) + } + + endUpserts := c.file.db.Update(syncRuns.Name()). + Set(goqu.Record{"ended_at": endedAt}). + Where(goqu.C("sync_id").Eq(upsertsSyncID), goqu.C("ended_at").IsNull()) + query, args, err = endUpserts.ToSQL() + if err != nil { + return "", "", fmt.Errorf("failed to build end upserts sync: %w", err) + } + if _, err = tx.ExecContext(ctx, query, args...); err != nil { + return "", "", fmt.Errorf("failed to end upserts sync: %w", err) + } + + // Commit transaction + if err = tx.Commit(); err != nil { + return "", "", fmt.Errorf("failed to commit transaction: %w", err) + } + committed = true + c.file.dbUpdated = true + + return upsertsSyncID, deletionsSyncID, nil +} + +// diffTableFromAttachedTx finds items in attached (OLD) that don't exist in main (NEW). +// These are DELETIONS - items that existed before but no longer exist. +// Uses the provided transaction. +func (c *C1FileAttached) diffTableFromAttachedTx(ctx context.Context, tx *sql.Tx, tableName string, oldSyncID string, newSyncID string, targetSyncID string) error { + columns, err := c.getTableColumns(ctx, tableName) + if err != nil { + return err + } + + // Build column lists + columnList := "" + selectList := "" + for i, col := range columns { + if i > 0 { + columnList += ", " + selectList += ", " + } + columnList += col + if col == "sync_id" { + selectList += "? as sync_id" + } else { + selectList += col + } + } + + // Insert items from attached (OLD) that don't exist in main (NEW) + // oldSyncID is in attached, newSyncID is in main + //nolint:gosec // table names are from hardcoded list, not user input + query := fmt.Sprintf(` + INSERT INTO main.%s (%s) + SELECT %s + FROM attached.%s AS a + WHERE a.sync_id = ? + AND NOT EXISTS ( + SELECT 1 FROM main.%s AS m + WHERE m.external_id = a.external_id AND m.sync_id = ? + ) + `, tableName, columnList, selectList, tableName, tableName) + + _, err = tx.ExecContext(ctx, query, targetSyncID, oldSyncID, newSyncID) + return err +} + +// diffTableFromMainTx finds items in main (NEW) that are new or modified compared to attached (OLD). +// These are UPSERTS - items that are new or have changed. +// Uses the provided transaction. +func (c *C1FileAttached) diffTableFromMainTx(ctx context.Context, tx *sql.Tx, tableName string, oldSyncID string, newSyncID string, targetSyncID string) error { + columns, err := c.getTableColumns(ctx, tableName) + if err != nil { + return err + } + + // Build column lists + columnList := "" + selectList := "" + for i, col := range columns { + if i > 0 { + columnList += ", " + selectList += ", " + } + columnList += col + if col == "sync_id" { + selectList += "? as sync_id" + } else { + selectList += col + } + } + + // Insert items from main (NEW) that are: + // 1. Not in attached (OLD) - additions + // 2. In attached but with different data - modifications + // newSyncID is in main, oldSyncID is in attached + //nolint:gosec // table names are from hardcoded list, not user input + query := fmt.Sprintf(` + INSERT INTO main.%s (%s) + SELECT %s + FROM main.%s AS m + WHERE m.sync_id = ? + AND ( + NOT EXISTS ( + SELECT 1 FROM attached.%s AS a + WHERE a.external_id = m.external_id AND a.sync_id = ? + ) + OR EXISTS ( + SELECT 1 FROM attached.%s AS a + WHERE a.external_id = m.external_id + AND a.sync_id = ? + AND a.data != m.data + ) + ) + `, tableName, columnList, selectList, tableName, tableName, tableName) + + _, err = tx.ExecContext(ctx, query, targetSyncID, newSyncID, oldSyncID, oldSyncID) + return err +} diff --git a/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/clone_sync.go b/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/clone_sync.go index 0a6050d0..64aad8aa 100644 --- a/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/clone_sync.go +++ b/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/clone_sync.go @@ -78,7 +78,7 @@ func (c *C1File) CloneSync(ctx context.Context, outPath string, syncID string) ( if err != nil { return err } - defer out.Close() + defer out.Close(ctx) err = out.init(ctx) if err != nil { @@ -142,7 +142,7 @@ func (c *C1File) CloneSync(ctx context.Context, outPath string, syncID string) ( } outFile.dbUpdated = true outFile.outputFilePath = outPath - err = outFile.Close() + err = outFile.Close(ctx) if err != nil { return err } diff --git a/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/diff.go b/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/diff.go index 4324a7cc..162001e4 100644 --- a/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/diff.go +++ b/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/diff.go @@ -99,7 +99,7 @@ func (c *C1File) diffTableQuery(table tableDescriptor, baseSyncID, appliedSyncID queryColumns := []interface{}{} for _, col := range columns { - if col == "sync_id" { + if col == "sync_id" { //nolint:goconst,nolintlint // ... queryColumns = append(queryColumns, goqu.L(fmt.Sprintf("'%s' as sync_id", newSyncID))) continue } diff --git a/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/session_store.go b/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/session_store.go index 796c0648..c20be9d6 100644 --- a/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/session_store.go +++ b/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/session_store.go @@ -216,7 +216,8 @@ func (c *C1File) Clear(ctx context.Context, opt ...sessions.SessionStoreOption) q = q.Where(goqu.C("sync_id").Eq(bag.SyncID)) if bag.Prefix != "" { - q = q.Where(goqu.C("key").Like(escapeLike(bag.Prefix) + "%")) + pattern := escapeLike(bag.Prefix) + "%" + q = q.Where(goqu.L("key LIKE ? ESCAPE '\\'", pattern)) } sql, params, err := q.ToSQL() @@ -366,7 +367,8 @@ func (c *C1File) getAllChunk(ctx context.Context, pageToken string, sizeLimit in Limit(100) if bag.Prefix != "" { - q = q.Where(goqu.C("key").Like(escapeLike(bag.Prefix) + "%")) + pattern := escapeLike(bag.Prefix) + "%" + q = q.Where(goqu.L("key LIKE ? ESCAPE '\\'", pattern)) } if pageToken != "" { diff --git a/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/sql_helpers.go b/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/sql_helpers.go index 9c3efa34..296da43f 100644 --- a/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/sql_helpers.go +++ b/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/sql_helpers.go @@ -279,7 +279,8 @@ func listConnectorObjects[T proto.Message](ctx context.Context, c *C1File, table return ret, nextPageToken, nil } -var protoMarshaler = proto.MarshalOptions{Deterministic: false} +// This is required for sync diffs to work. Its not much slower. +var protoMarshaler = proto.MarshalOptions{Deterministic: true} // prepareSingleConnectorObjectRow processes a single message and returns the prepared record. func prepareSingleConnectorObjectRow[T proto.Message]( @@ -344,8 +345,8 @@ func prepareConnectorObjectRowsParallel[T proto.Message]( protoMarshallers := make([]proto.MarshalOptions, numWorkers) for i := range numWorkers { - // Don't enable deterministic marshaling, as it sorts keys in lexicographical order which hurts performance. - protoMarshallers[i] = proto.MarshalOptions{} + // Deterministic marshaling is required for sync diffs to work. Its not much slower. + protoMarshallers[i] = proto.MarshalOptions{Deterministic: true} } rows := make([]*goqu.Record, len(msgs)) diff --git a/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/sync_runs.go b/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/sync_runs.go index e2b4ee78..4426a3e5 100644 --- a/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/sync_runs.go +++ b/vendor/github.com/conductorone/baton-sdk/pkg/dotc1z/sync_runs.go @@ -32,7 +32,8 @@ create table if not exists %s ( ended_at datetime, sync_token text not null, sync_type text not null default 'full', - parent_sync_id text not null default '' + parent_sync_id text not null default '', + linked_sync_id text not null default '' ); create unique index if not exists %s on %s (sync_id);` @@ -83,6 +84,19 @@ func (r *syncRunsTable) Migrations(ctx context.Context, db *goqu.Database) error } } + // Check if linked_sync_id column exists + var linkedSyncIDExists int + err = db.QueryRowContext(ctx, fmt.Sprintf("select count(*) from pragma_table_info('%s') where name='linked_sync_id'", r.Name())).Scan(&linkedSyncIDExists) + if err != nil { + return err + } + if linkedSyncIDExists == 0 { + _, err = db.ExecContext(ctx, fmt.Sprintf("alter table %s add column linked_sync_id text not null default ''", r.Name())) + if err != nil { + return err + } + } + return nil } @@ -93,6 +107,7 @@ type syncRun struct { SyncToken string Type connectorstore.SyncType ParentSyncID string + LinkedSyncID string } // getCachedViewSyncRun returns the cached sync run for read operations. @@ -144,7 +159,7 @@ func (c *C1File) getLatestUnfinishedSync(ctx context.Context, syncType connector oneWeekAgo := time.Now().AddDate(0, 0, -7) ret := &syncRun{} q := c.db.From(syncRuns.Name()) - q = q.Select("sync_id", "started_at", "ended_at", "sync_token", "sync_type", "parent_sync_id") + q = q.Select("sync_id", "started_at", "ended_at", "sync_token", "sync_type", "parent_sync_id", "linked_sync_id") q = q.Where(goqu.C("ended_at").IsNull()) q = q.Where(goqu.C("started_at").Gte(oneWeekAgo)) q = q.Order(goqu.C("started_at").Desc()) @@ -160,7 +175,7 @@ func (c *C1File) getLatestUnfinishedSync(ctx context.Context, syncType connector row := c.db.QueryRowContext(ctx, query, args...) - err = row.Scan(&ret.ID, &ret.StartedAt, &ret.EndedAt, &ret.SyncToken, &ret.Type, &ret.ParentSyncID) + err = row.Scan(&ret.ID, &ret.StartedAt, &ret.EndedAt, &ret.SyncToken, &ret.Type, &ret.ParentSyncID, &ret.LinkedSyncID) if err != nil { if errors.Is(err, sql.ErrNoRows) { return nil, nil @@ -187,7 +202,7 @@ func (c *C1File) getFinishedSync(ctx context.Context, offset uint, syncType conn ret := &syncRun{} q := c.db.From(syncRuns.Name()) - q = q.Select("sync_id", "started_at", "ended_at", "sync_token", "sync_type", "parent_sync_id") + q = q.Select("sync_id", "started_at", "ended_at", "sync_token", "sync_type", "parent_sync_id", "linked_sync_id") q = q.Where(goqu.C("ended_at").IsNotNull()) if syncType != connectorstore.SyncTypeAny { q = q.Where(goqu.C("sync_type").Eq(syncType)) @@ -206,7 +221,7 @@ func (c *C1File) getFinishedSync(ctx context.Context, offset uint, syncType conn row := c.db.QueryRowContext(ctx, query, args...) - err = row.Scan(&ret.ID, &ret.StartedAt, &ret.EndedAt, &ret.SyncToken, &ret.Type, &ret.ParentSyncID) + err = row.Scan(&ret.ID, &ret.StartedAt, &ret.EndedAt, &ret.SyncToken, &ret.Type, &ret.ParentSyncID, &ret.LinkedSyncID) if err != nil { if errors.Is(err, sql.ErrNoRows) { return nil, nil @@ -227,7 +242,7 @@ func (c *C1File) ListSyncRuns(ctx context.Context, pageToken string, pageSize ui } q := c.db.From(syncRuns.Name()).Prepared(true) - q = q.Select("id", "sync_id", "started_at", "ended_at", "sync_token", "sync_type", "parent_sync_id") + q = q.Select("id", "sync_id", "started_at", "ended_at", "sync_token", "sync_type", "parent_sync_id", "linked_sync_id") if pageToken != "" { q = q.Where(goqu.C("id").Gte(pageToken)) @@ -262,7 +277,7 @@ func (c *C1File) ListSyncRuns(ctx context.Context, pageToken string, pageSize ui } rowId := 0 data := &syncRun{} - err := rows.Scan(&rowId, &data.ID, &data.StartedAt, &data.EndedAt, &data.SyncToken, &data.Type, &data.ParentSyncID) + err := rows.Scan(&rowId, &data.ID, &data.StartedAt, &data.EndedAt, &data.SyncToken, &data.Type, &data.ParentSyncID, &data.LinkedSyncID) if err != nil { return nil, "", err } @@ -351,7 +366,7 @@ func (c *C1File) getSync(ctx context.Context, syncID string) (*syncRun, error) { ret := &syncRun{} q := c.db.From(syncRuns.Name()) - q = q.Select("sync_id", "started_at", "ended_at", "sync_token", "sync_type", "parent_sync_id") + q = q.Select("sync_id", "started_at", "ended_at", "sync_token", "sync_type", "parent_sync_id", "linked_sync_id") q = q.Where(goqu.C("sync_id").Eq(syncID)) query, args, err := q.ToSQL() @@ -359,7 +374,7 @@ func (c *C1File) getSync(ctx context.Context, syncID string) (*syncRun, error) { return nil, err } row := c.db.QueryRowContext(ctx, query, args...) - err = row.Scan(&ret.ID, &ret.StartedAt, &ret.EndedAt, &ret.SyncToken, &ret.Type, &ret.ParentSyncID) + err = row.Scan(&ret.ID, &ret.StartedAt, &ret.EndedAt, &ret.SyncToken, &ret.Type, &ret.ParentSyncID, &ret.LinkedSyncID) if err != nil { return nil, err } @@ -558,6 +573,10 @@ func (c *C1File) StartNewSync(ctx context.Context, syncType connectorstore.SyncT } func (c *C1File) insertSyncRun(ctx context.Context, syncID string, syncType connectorstore.SyncType, parentSyncID string) error { + return c.insertSyncRunWithLink(ctx, syncID, syncType, parentSyncID, "") +} + +func (c *C1File) insertSyncRunWithLink(ctx context.Context, syncID string, syncType connectorstore.SyncType, parentSyncID string, linkedSyncID string) error { if c.readOnly { return ErrReadOnly } @@ -569,6 +588,7 @@ func (c *C1File) insertSyncRun(ctx context.Context, syncID string, syncType conn "sync_token": "", "sync_type": syncType, "parent_sync_id": parentSyncID, + "linked_sync_id": linkedSyncID, }) query, args, err := q.ToSQL() @@ -659,8 +679,9 @@ func (c *C1File) Cleanup(ctx context.Context) error { return nil } - var ret []*syncRun + var fullSyncs []*syncRun var partials []*syncRun + var diffSyncs []*syncRun pageToken := "" for { @@ -673,10 +694,13 @@ func (c *C1File) Cleanup(ctx context.Context) error { if sr.EndedAt == nil { continue } - if sr.Type == connectorstore.SyncTypePartial || sr.Type == connectorstore.SyncTypeResourcesOnly { + switch sr.Type { + case connectorstore.SyncTypePartial, connectorstore.SyncTypeResourcesOnly: partials = append(partials, sr) - } else { - ret = append(ret, sr) + case connectorstore.SyncTypePartialUpserts, connectorstore.SyncTypePartialDeletions: + diffSyncs = append(diffSyncs, sr) + default: + fullSyncs = append(fullSyncs, sr) } } @@ -687,27 +711,31 @@ func (c *C1File) Cleanup(ctx context.Context) error { } syncLimit := 2 - if customSyncLimit, err := strconv.ParseInt(os.Getenv("BATON_KEEP_SYNC_COUNT"), 10, 64); err == nil && customSyncLimit > 0 { + if c.syncLimit > 0 { + syncLimit = c.syncLimit + } else if customSyncLimit, err := strconv.ParseInt(os.Getenv("BATON_KEEP_SYNC_COUNT"), 10, 64); err == nil && customSyncLimit > 0 { syncLimit = int(customSyncLimit) } - l.Debug("found syncs", zap.Int("count", len(ret)), zap.Int("sync_limit", syncLimit)) - if len(ret) <= syncLimit { - return nil - } + l.Debug("found syncs", + zap.Int("full_count", len(fullSyncs)), + zap.Int("partial_count", len(partials)), + zap.Int("diff_count", len(diffSyncs)), + zap.Int("sync_limit", syncLimit)) - l.Info("Cleaning up old sync data...") - for i := 0; i < len(ret)-syncLimit; i++ { - err = c.DeleteSyncRun(ctx, ret[i].ID) - if err != nil { - return err + // Clean up old full syncs beyond the limit + if len(fullSyncs) > syncLimit { + l.Info("Cleaning up old sync data...") + for i := 0; i < len(fullSyncs)-syncLimit; i++ { + err = c.DeleteSyncRun(ctx, fullSyncs[i].ID) + if err != nil { + return err + } + l.Info("Removed old sync data.", zap.String("sync_date", fullSyncs[i].EndedAt.Format(time.RFC3339)), zap.String("sync_id", fullSyncs[i].ID)) } - l.Info("Removed old sync data.", zap.String("sync_date", ret[i].EndedAt.Format(time.RFC3339)), zap.String("sync_id", ret[i].ID)) - } - // Delete non-full syncs that ended before the earliest-kept full sync started - if len(ret) > syncLimit { - earliestKeptSync := ret[len(ret)-syncLimit] + // Delete partial syncs that ended before the earliest-kept full sync started + earliestKeptSync := fullSyncs[len(fullSyncs)-syncLimit] l.Debug("Earliest kept sync", zap.String("sync_id", earliestKeptSync.ID), zap.Time("started_at", *earliestKeptSync.StartedAt)) for _, partial := range partials { @@ -724,6 +752,56 @@ func (c *C1File) Cleanup(ctx context.Context) error { } } + // Clean up old diff syncs - keep only the most recent diff sync (upserts or deletions) and its linked pair (if present) + if len(diffSyncs) > 2 { + // Build a map for quick lookup by ID + syncByID := make(map[string]*syncRun) + for _, ds := range diffSyncs { + syncByID[ds.ID] = ds + } + + // Determine which syncs to keep. diffSyncs are ordered by row id (ascending), + // so the last element is the most recently created diff sync. + keepIDs := make(map[string]bool) + latestDiff := diffSyncs[len(diffSyncs)-1] + keepIDs[latestDiff.ID] = true + l.Debug("keeping latest diff sync", + zap.String("sync_id", latestDiff.ID), + zap.String("sync_type", string(latestDiff.Type))) + + // Also keep its linked pair if it exists. + // NOTE: We intentionally do NOT require a bidirectional link; if the latest diff sync exists, + // it's better to keep it and best-effort keep its linked partner (if present). + if latestDiff.LinkedSyncID != "" { + if linkedSync := syncByID[latestDiff.LinkedSyncID]; linkedSync != nil { + keepIDs[linkedSync.ID] = true + l.Debug("keeping linked diff sync", + zap.String("sync_id", linkedSync.ID), + zap.String("sync_type", string(linkedSync.Type))) + if linkedSync.LinkedSyncID != latestDiff.ID { + l.Warn("diff sync link is not bidirectional", + zap.String("sync_id", latestDiff.ID), + zap.String("linked_sync_id", latestDiff.LinkedSyncID), + zap.String("linked_sync_linked_sync_id", linkedSync.LinkedSyncID)) + } + } + } + + // Delete all diff syncs except the ones we're keeping + for _, ds := range diffSyncs { + if keepIDs[ds.ID] { + continue + } + err = c.DeleteSyncRun(ctx, ds.ID) + if err != nil { + return err + } + l.Info("Removed old diff sync.", + zap.String("sync_type", string(ds.Type)), + zap.String("sync_id", ds.ID)) + } + } + l.Debug("vacuuming database") err = c.Vacuum(ctx) if err != nil { diff --git a/vendor/github.com/conductorone/baton-sdk/pkg/sdk/version.go b/vendor/github.com/conductorone/baton-sdk/pkg/sdk/version.go index 294f6f73..7e31fe1c 100644 --- a/vendor/github.com/conductorone/baton-sdk/pkg/sdk/version.go +++ b/vendor/github.com/conductorone/baton-sdk/pkg/sdk/version.go @@ -1,3 +1,3 @@ package sdk -const Version = "v0.6.16" +const Version = "v0.7.2" diff --git a/vendor/modules.txt b/vendor/modules.txt index f6b92f1f..4ed1d0f5 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -190,7 +190,7 @@ github.com/cloudwego/base64x/internal/native github.com/cloudwego/base64x/internal/native/avx2 github.com/cloudwego/base64x/internal/native/sse github.com/cloudwego/base64x/internal/rt -# github.com/conductorone/baton-sdk v0.6.17 +# github.com/conductorone/baton-sdk v0.7.3 ## explicit; go 1.25.2 github.com/conductorone/baton-sdk/pb/c1/c1z/v1 github.com/conductorone/baton-sdk/pb/c1/config/v1