From ea83cea8571ca13db4a0c6fae50f609ea01e1200 Mon Sep 17 00:00:00 2001 From: Sakshyam Shah Date: Tue, 12 Nov 2024 14:27:13 -0500 Subject: [PATCH] [v17] feat: identity center and provisioning service gRPC client with deleteAllxxx methods (#48822) * feat: identity center and provisioning service gRPC client with deleteAllxxx methods * DeleteAllPermissionSets * run make fix-imports --- api/client/client.go | 14 + .../v1/identitycenter_service.pb.go | 305 ++++++++++++++++++ .../v1/identitycenter_service_grpc.pb.go | 264 +++++++++++++++ .../v1/provisioning_service.pb.go | 169 ++++++++++ .../v1/provisioning_service_grpc.pb.go | 142 ++++++++ .../v1/identitycenter_service.proto | 49 +++ .../v1/provisioning_service.proto | 34 ++ lib/auth/authclient/clt.go | 8 + lib/auth/grpcserver.go | 15 + lib/cache/identitycenter.go | 9 +- lib/cache/identitycenter_test.go | 9 +- lib/services/identitycenter.go | 10 +- lib/services/local/identitycenter.go | 19 +- lib/services/local/identitycenter_test.go | 61 +++- lib/services/local/provisioningstates.go | 6 +- lib/services/provisioningstates.go | 4 +- 16 files changed, 1095 insertions(+), 23 deletions(-) create mode 100644 api/gen/proto/go/teleport/identitycenter/v1/identitycenter_service.pb.go create mode 100644 api/gen/proto/go/teleport/identitycenter/v1/identitycenter_service_grpc.pb.go create mode 100644 api/gen/proto/go/teleport/provisioning/v1/provisioning_service.pb.go create mode 100644 api/gen/proto/go/teleport/provisioning/v1/provisioning_service_grpc.pb.go create mode 100644 api/proto/teleport/identitycenter/v1/identitycenter_service.proto create mode 100644 api/proto/teleport/provisioning/v1/provisioning_service.proto diff --git a/api/client/client.go b/api/client/client.go index 5f24aa66b9fc3..a9b8c665de599 100644 --- a/api/client/client.go +++ b/api/client/client.go @@ -77,6 +77,7 @@ import ( discoveryconfigv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/discoveryconfig/v1" dynamicwindowsv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/dynamicwindows/v1" externalauditstoragev1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/externalauditstorage/v1" + identitycenterv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/identitycenter/v1" integrationpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/integration/v1" kubeproto "github.com/gravitational/teleport/api/gen/proto/go/teleport/kube/v1" kubewaitingcontainerpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/kubewaitingcontainer/v1" @@ -86,6 +87,7 @@ import ( oktapb "github.com/gravitational/teleport/api/gen/proto/go/teleport/okta/v1" pluginspb "github.com/gravitational/teleport/api/gen/proto/go/teleport/plugins/v1" presencepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/presence/v1" + provisioningv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/provisioning/v1" resourceusagepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/resourceusage/v1" samlidppb "github.com/gravitational/teleport/api/gen/proto/go/teleport/samlidp/v1" secreportsv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/secreports/v1" @@ -5176,3 +5178,15 @@ func (c *Client) GetRemoteClusters(ctx context.Context) ([]types.RemoteCluster, pageToken = nextToken } } + +// IdentityCenterClient returns Identity Center service client using an underlying +// gRPC connection. +func (c *Client) IdentityCenterClient() identitycenterv1.IdentityCenterServiceClient { + return identitycenterv1.NewIdentityCenterServiceClient(c.conn) +} + +// ProvisioningServiceClient returns provisioning service client using +// an underlying gRPC connection. +func (c *Client) ProvisioningServiceClient() provisioningv1.ProvisioningServiceClient { + return provisioningv1.NewProvisioningServiceClient(c.conn) +} diff --git a/api/gen/proto/go/teleport/identitycenter/v1/identitycenter_service.pb.go b/api/gen/proto/go/teleport/identitycenter/v1/identitycenter_service.pb.go new file mode 100644 index 0000000000000..d6c0b413c3521 --- /dev/null +++ b/api/gen/proto/go/teleport/identitycenter/v1/identitycenter_service.pb.go @@ -0,0 +1,305 @@ +// Copyright 2024 Gravitational, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.35.1 +// protoc (unknown) +// source: teleport/identitycenter/v1/identitycenter_service.proto + +package identitycenterv1 + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + emptypb "google.golang.org/protobuf/types/known/emptypb" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// DeleteAllIdentityCenterAccountsRequest is a request to delete all Identity Center imported accounts. +type DeleteAllIdentityCenterAccountsRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *DeleteAllIdentityCenterAccountsRequest) Reset() { + *x = DeleteAllIdentityCenterAccountsRequest{} + mi := &file_teleport_identitycenter_v1_identitycenter_service_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *DeleteAllIdentityCenterAccountsRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteAllIdentityCenterAccountsRequest) ProtoMessage() {} + +func (x *DeleteAllIdentityCenterAccountsRequest) ProtoReflect() protoreflect.Message { + mi := &file_teleport_identitycenter_v1_identitycenter_service_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteAllIdentityCenterAccountsRequest.ProtoReflect.Descriptor instead. +func (*DeleteAllIdentityCenterAccountsRequest) Descriptor() ([]byte, []int) { + return file_teleport_identitycenter_v1_identitycenter_service_proto_rawDescGZIP(), []int{0} +} + +// DeleteAllAccountAssignmentsRequest is a request to delete all Identity Center account assignments. +type DeleteAllAccountAssignmentsRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *DeleteAllAccountAssignmentsRequest) Reset() { + *x = DeleteAllAccountAssignmentsRequest{} + mi := &file_teleport_identitycenter_v1_identitycenter_service_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *DeleteAllAccountAssignmentsRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteAllAccountAssignmentsRequest) ProtoMessage() {} + +func (x *DeleteAllAccountAssignmentsRequest) ProtoReflect() protoreflect.Message { + mi := &file_teleport_identitycenter_v1_identitycenter_service_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteAllAccountAssignmentsRequest.ProtoReflect.Descriptor instead. +func (*DeleteAllAccountAssignmentsRequest) Descriptor() ([]byte, []int) { + return file_teleport_identitycenter_v1_identitycenter_service_proto_rawDescGZIP(), []int{1} +} + +// DeleteAllPrincipalAssignmentsRequest is a request to delete all Identity Center principal assignments. +type DeleteAllPrincipalAssignmentsRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *DeleteAllPrincipalAssignmentsRequest) Reset() { + *x = DeleteAllPrincipalAssignmentsRequest{} + mi := &file_teleport_identitycenter_v1_identitycenter_service_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *DeleteAllPrincipalAssignmentsRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteAllPrincipalAssignmentsRequest) ProtoMessage() {} + +func (x *DeleteAllPrincipalAssignmentsRequest) ProtoReflect() protoreflect.Message { + mi := &file_teleport_identitycenter_v1_identitycenter_service_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteAllPrincipalAssignmentsRequest.ProtoReflect.Descriptor instead. +func (*DeleteAllPrincipalAssignmentsRequest) Descriptor() ([]byte, []int) { + return file_teleport_identitycenter_v1_identitycenter_service_proto_rawDescGZIP(), []int{2} +} + +// DeleteAllPermissionSetsRequest is a request to delete all Identity Center permission sets. +type DeleteAllPermissionSetsRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *DeleteAllPermissionSetsRequest) Reset() { + *x = DeleteAllPermissionSetsRequest{} + mi := &file_teleport_identitycenter_v1_identitycenter_service_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *DeleteAllPermissionSetsRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteAllPermissionSetsRequest) ProtoMessage() {} + +func (x *DeleteAllPermissionSetsRequest) ProtoReflect() protoreflect.Message { + mi := &file_teleport_identitycenter_v1_identitycenter_service_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteAllPermissionSetsRequest.ProtoReflect.Descriptor instead. +func (*DeleteAllPermissionSetsRequest) Descriptor() ([]byte, []int) { + return file_teleport_identitycenter_v1_identitycenter_service_proto_rawDescGZIP(), []int{3} +} + +var File_teleport_identitycenter_v1_identitycenter_service_proto protoreflect.FileDescriptor + +var file_teleport_identitycenter_v1_identitycenter_service_proto_rawDesc = []byte{ + 0x0a, 0x37, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x64, 0x65, 0x6e, 0x74, + 0x69, 0x74, 0x79, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x2f, 0x76, 0x31, 0x2f, 0x69, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x74, 0x79, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x5f, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1a, 0x74, 0x65, 0x6c, 0x65, 0x70, + 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x63, 0x65, 0x6e, 0x74, + 0x65, 0x72, 0x2e, 0x76, 0x31, 0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x22, 0x28, 0x0a, 0x26, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x6c, 0x6c, 0x49, + 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x43, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x41, 0x63, 0x63, + 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x24, 0x0a, 0x22, + 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x6c, 0x6c, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, + 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x22, 0x26, 0x0a, 0x24, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x6c, 0x6c, 0x50, + 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x6d, 0x65, + 0x6e, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x20, 0x0a, 0x1e, 0x44, 0x65, + 0x6c, 0x65, 0x74, 0x65, 0x41, 0x6c, 0x6c, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, + 0x6e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x32, 0xf7, 0x03, 0x0a, + 0x15, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x43, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x7d, 0x0a, 0x1f, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, + 0x41, 0x6c, 0x6c, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x43, 0x65, 0x6e, 0x74, 0x65, + 0x72, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x12, 0x42, 0x2e, 0x74, 0x65, 0x6c, 0x65, + 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x63, 0x65, 0x6e, + 0x74, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x6c, 0x6c, + 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x43, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x41, 0x63, + 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x75, 0x0a, 0x1b, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, + 0x6c, 0x6c, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x6d, + 0x65, 0x6e, 0x74, 0x73, 0x12, 0x3e, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, + 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x2e, 0x76, + 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x6c, 0x6c, 0x41, 0x63, 0x63, 0x6f, 0x75, + 0x6e, 0x74, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x79, 0x0a, 0x1d, + 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x6c, 0x6c, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, + 0x61, 0x6c, 0x41, 0x73, 0x73, 0x69, 0x67, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x40, 0x2e, + 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, + 0x79, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, + 0x65, 0x41, 0x6c, 0x6c, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x41, 0x73, 0x73, + 0x69, 0x67, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x6d, 0x0a, 0x17, 0x44, 0x65, 0x6c, 0x65, 0x74, + 0x65, 0x41, 0x6c, 0x6c, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x65, + 0x74, 0x73, 0x12, 0x3a, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x69, 0x64, + 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, + 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x41, 0x6c, 0x6c, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, + 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x42, 0x60, 0x5a, 0x5e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x61, 0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x61, 0x70, 0x69, 0x2f, + 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x2f, 0x74, 0x65, 0x6c, + 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x63, 0x65, + 0x6e, 0x74, 0x65, 0x72, 0x2f, 0x76, 0x31, 0x3b, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, + 0x63, 0x65, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_teleport_identitycenter_v1_identitycenter_service_proto_rawDescOnce sync.Once + file_teleport_identitycenter_v1_identitycenter_service_proto_rawDescData = file_teleport_identitycenter_v1_identitycenter_service_proto_rawDesc +) + +func file_teleport_identitycenter_v1_identitycenter_service_proto_rawDescGZIP() []byte { + file_teleport_identitycenter_v1_identitycenter_service_proto_rawDescOnce.Do(func() { + file_teleport_identitycenter_v1_identitycenter_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_teleport_identitycenter_v1_identitycenter_service_proto_rawDescData) + }) + return file_teleport_identitycenter_v1_identitycenter_service_proto_rawDescData +} + +var file_teleport_identitycenter_v1_identitycenter_service_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_teleport_identitycenter_v1_identitycenter_service_proto_goTypes = []any{ + (*DeleteAllIdentityCenterAccountsRequest)(nil), // 0: teleport.identitycenter.v1.DeleteAllIdentityCenterAccountsRequest + (*DeleteAllAccountAssignmentsRequest)(nil), // 1: teleport.identitycenter.v1.DeleteAllAccountAssignmentsRequest + (*DeleteAllPrincipalAssignmentsRequest)(nil), // 2: teleport.identitycenter.v1.DeleteAllPrincipalAssignmentsRequest + (*DeleteAllPermissionSetsRequest)(nil), // 3: teleport.identitycenter.v1.DeleteAllPermissionSetsRequest + (*emptypb.Empty)(nil), // 4: google.protobuf.Empty +} +var file_teleport_identitycenter_v1_identitycenter_service_proto_depIdxs = []int32{ + 0, // 0: teleport.identitycenter.v1.IdentityCenterService.DeleteAllIdentityCenterAccounts:input_type -> teleport.identitycenter.v1.DeleteAllIdentityCenterAccountsRequest + 1, // 1: teleport.identitycenter.v1.IdentityCenterService.DeleteAllAccountAssignments:input_type -> teleport.identitycenter.v1.DeleteAllAccountAssignmentsRequest + 2, // 2: teleport.identitycenter.v1.IdentityCenterService.DeleteAllPrincipalAssignments:input_type -> teleport.identitycenter.v1.DeleteAllPrincipalAssignmentsRequest + 3, // 3: teleport.identitycenter.v1.IdentityCenterService.DeleteAllPermissionSets:input_type -> teleport.identitycenter.v1.DeleteAllPermissionSetsRequest + 4, // 4: teleport.identitycenter.v1.IdentityCenterService.DeleteAllIdentityCenterAccounts:output_type -> google.protobuf.Empty + 4, // 5: teleport.identitycenter.v1.IdentityCenterService.DeleteAllAccountAssignments:output_type -> google.protobuf.Empty + 4, // 6: teleport.identitycenter.v1.IdentityCenterService.DeleteAllPrincipalAssignments:output_type -> google.protobuf.Empty + 4, // 7: teleport.identitycenter.v1.IdentityCenterService.DeleteAllPermissionSets:output_type -> google.protobuf.Empty + 4, // [4:8] is the sub-list for method output_type + 0, // [0:4] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_teleport_identitycenter_v1_identitycenter_service_proto_init() } +func file_teleport_identitycenter_v1_identitycenter_service_proto_init() { + if File_teleport_identitycenter_v1_identitycenter_service_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_teleport_identitycenter_v1_identitycenter_service_proto_rawDesc, + NumEnums: 0, + NumMessages: 4, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_teleport_identitycenter_v1_identitycenter_service_proto_goTypes, + DependencyIndexes: file_teleport_identitycenter_v1_identitycenter_service_proto_depIdxs, + MessageInfos: file_teleport_identitycenter_v1_identitycenter_service_proto_msgTypes, + }.Build() + File_teleport_identitycenter_v1_identitycenter_service_proto = out.File + file_teleport_identitycenter_v1_identitycenter_service_proto_rawDesc = nil + file_teleport_identitycenter_v1_identitycenter_service_proto_goTypes = nil + file_teleport_identitycenter_v1_identitycenter_service_proto_depIdxs = nil +} diff --git a/api/gen/proto/go/teleport/identitycenter/v1/identitycenter_service_grpc.pb.go b/api/gen/proto/go/teleport/identitycenter/v1/identitycenter_service_grpc.pb.go new file mode 100644 index 0000000000000..de6e1b076ca42 --- /dev/null +++ b/api/gen/proto/go/teleport/identitycenter/v1/identitycenter_service_grpc.pb.go @@ -0,0 +1,264 @@ +// Copyright 2024 Gravitational, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc (unknown) +// source: teleport/identitycenter/v1/identitycenter_service.proto + +package identitycenterv1 + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" + emptypb "google.golang.org/protobuf/types/known/emptypb" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + IdentityCenterService_DeleteAllIdentityCenterAccounts_FullMethodName = "/teleport.identitycenter.v1.IdentityCenterService/DeleteAllIdentityCenterAccounts" + IdentityCenterService_DeleteAllAccountAssignments_FullMethodName = "/teleport.identitycenter.v1.IdentityCenterService/DeleteAllAccountAssignments" + IdentityCenterService_DeleteAllPrincipalAssignments_FullMethodName = "/teleport.identitycenter.v1.IdentityCenterService/DeleteAllPrincipalAssignments" + IdentityCenterService_DeleteAllPermissionSets_FullMethodName = "/teleport.identitycenter.v1.IdentityCenterService/DeleteAllPermissionSets" +) + +// IdentityCenterServiceClient is the client API for IdentityCenterService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +// +// IdentityCenterService provides methods to manage Identity Center +// resources. +type IdentityCenterServiceClient interface { + // DeleteAllIdentityCenterAccounts deletes all Identity Center accounts. + DeleteAllIdentityCenterAccounts(ctx context.Context, in *DeleteAllIdentityCenterAccountsRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAllAccountAssignments deletes all Identity Center Account assignments. + DeleteAllAccountAssignments(ctx context.Context, in *DeleteAllAccountAssignmentsRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAllPrincipalAssignments deletes all Identity Center principal assignments. + DeleteAllPrincipalAssignments(ctx context.Context, in *DeleteAllPrincipalAssignmentsRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) + // DeleteAllPermissionSets deletes all Identity Center permission sets. + DeleteAllPermissionSets(ctx context.Context, in *DeleteAllPermissionSetsRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) +} + +type identityCenterServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewIdentityCenterServiceClient(cc grpc.ClientConnInterface) IdentityCenterServiceClient { + return &identityCenterServiceClient{cc} +} + +func (c *identityCenterServiceClient) DeleteAllIdentityCenterAccounts(ctx context.Context, in *DeleteAllIdentityCenterAccountsRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, IdentityCenterService_DeleteAllIdentityCenterAccounts_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *identityCenterServiceClient) DeleteAllAccountAssignments(ctx context.Context, in *DeleteAllAccountAssignmentsRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, IdentityCenterService_DeleteAllAccountAssignments_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *identityCenterServiceClient) DeleteAllPrincipalAssignments(ctx context.Context, in *DeleteAllPrincipalAssignmentsRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, IdentityCenterService_DeleteAllPrincipalAssignments_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *identityCenterServiceClient) DeleteAllPermissionSets(ctx context.Context, in *DeleteAllPermissionSetsRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, IdentityCenterService_DeleteAllPermissionSets_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +// IdentityCenterServiceServer is the server API for IdentityCenterService service. +// All implementations must embed UnimplementedIdentityCenterServiceServer +// for forward compatibility. +// +// IdentityCenterService provides methods to manage Identity Center +// resources. +type IdentityCenterServiceServer interface { + // DeleteAllIdentityCenterAccounts deletes all Identity Center accounts. + DeleteAllIdentityCenterAccounts(context.Context, *DeleteAllIdentityCenterAccountsRequest) (*emptypb.Empty, error) + // DeleteAllAccountAssignments deletes all Identity Center Account assignments. + DeleteAllAccountAssignments(context.Context, *DeleteAllAccountAssignmentsRequest) (*emptypb.Empty, error) + // DeleteAllPrincipalAssignments deletes all Identity Center principal assignments. + DeleteAllPrincipalAssignments(context.Context, *DeleteAllPrincipalAssignmentsRequest) (*emptypb.Empty, error) + // DeleteAllPermissionSets deletes all Identity Center permission sets. + DeleteAllPermissionSets(context.Context, *DeleteAllPermissionSetsRequest) (*emptypb.Empty, error) + mustEmbedUnimplementedIdentityCenterServiceServer() +} + +// UnimplementedIdentityCenterServiceServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedIdentityCenterServiceServer struct{} + +func (UnimplementedIdentityCenterServiceServer) DeleteAllIdentityCenterAccounts(context.Context, *DeleteAllIdentityCenterAccountsRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllIdentityCenterAccounts not implemented") +} +func (UnimplementedIdentityCenterServiceServer) DeleteAllAccountAssignments(context.Context, *DeleteAllAccountAssignmentsRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllAccountAssignments not implemented") +} +func (UnimplementedIdentityCenterServiceServer) DeleteAllPrincipalAssignments(context.Context, *DeleteAllPrincipalAssignmentsRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllPrincipalAssignments not implemented") +} +func (UnimplementedIdentityCenterServiceServer) DeleteAllPermissionSets(context.Context, *DeleteAllPermissionSetsRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteAllPermissionSets not implemented") +} +func (UnimplementedIdentityCenterServiceServer) mustEmbedUnimplementedIdentityCenterServiceServer() {} +func (UnimplementedIdentityCenterServiceServer) testEmbeddedByValue() {} + +// UnsafeIdentityCenterServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to IdentityCenterServiceServer will +// result in compilation errors. +type UnsafeIdentityCenterServiceServer interface { + mustEmbedUnimplementedIdentityCenterServiceServer() +} + +func RegisterIdentityCenterServiceServer(s grpc.ServiceRegistrar, srv IdentityCenterServiceServer) { + // If the following call pancis, it indicates UnimplementedIdentityCenterServiceServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&IdentityCenterService_ServiceDesc, srv) +} + +func _IdentityCenterService_DeleteAllIdentityCenterAccounts_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteAllIdentityCenterAccountsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(IdentityCenterServiceServer).DeleteAllIdentityCenterAccounts(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: IdentityCenterService_DeleteAllIdentityCenterAccounts_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(IdentityCenterServiceServer).DeleteAllIdentityCenterAccounts(ctx, req.(*DeleteAllIdentityCenterAccountsRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _IdentityCenterService_DeleteAllAccountAssignments_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteAllAccountAssignmentsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(IdentityCenterServiceServer).DeleteAllAccountAssignments(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: IdentityCenterService_DeleteAllAccountAssignments_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(IdentityCenterServiceServer).DeleteAllAccountAssignments(ctx, req.(*DeleteAllAccountAssignmentsRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _IdentityCenterService_DeleteAllPrincipalAssignments_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteAllPrincipalAssignmentsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(IdentityCenterServiceServer).DeleteAllPrincipalAssignments(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: IdentityCenterService_DeleteAllPrincipalAssignments_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(IdentityCenterServiceServer).DeleteAllPrincipalAssignments(ctx, req.(*DeleteAllPrincipalAssignmentsRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _IdentityCenterService_DeleteAllPermissionSets_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteAllPermissionSetsRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(IdentityCenterServiceServer).DeleteAllPermissionSets(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: IdentityCenterService_DeleteAllPermissionSets_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(IdentityCenterServiceServer).DeleteAllPermissionSets(ctx, req.(*DeleteAllPermissionSetsRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// IdentityCenterService_ServiceDesc is the grpc.ServiceDesc for IdentityCenterService service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var IdentityCenterService_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "teleport.identitycenter.v1.IdentityCenterService", + HandlerType: (*IdentityCenterServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "DeleteAllIdentityCenterAccounts", + Handler: _IdentityCenterService_DeleteAllIdentityCenterAccounts_Handler, + }, + { + MethodName: "DeleteAllAccountAssignments", + Handler: _IdentityCenterService_DeleteAllAccountAssignments_Handler, + }, + { + MethodName: "DeleteAllPrincipalAssignments", + Handler: _IdentityCenterService_DeleteAllPrincipalAssignments_Handler, + }, + { + MethodName: "DeleteAllPermissionSets", + Handler: _IdentityCenterService_DeleteAllPermissionSets_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "teleport/identitycenter/v1/identitycenter_service.proto", +} diff --git a/api/gen/proto/go/teleport/provisioning/v1/provisioning_service.pb.go b/api/gen/proto/go/teleport/provisioning/v1/provisioning_service.pb.go new file mode 100644 index 0000000000000..27972626d5da9 --- /dev/null +++ b/api/gen/proto/go/teleport/provisioning/v1/provisioning_service.pb.go @@ -0,0 +1,169 @@ +// Copyright 2024 Gravitational, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.35.1 +// protoc (unknown) +// source: teleport/provisioning/v1/provisioning_service.proto + +package provisioningv1 + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + emptypb "google.golang.org/protobuf/types/known/emptypb" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// DeleteDownstreamProvisioningStatesRequest is a request to delete all provisioning states for +// a given DownstreamId. +type DeleteDownstreamProvisioningStatesRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // DownstreamId identifies the downstream service that this state applies to. + DownstreamId string `protobuf:"bytes,1,opt,name=downstream_id,json=downstreamId,proto3" json:"downstream_id,omitempty"` +} + +func (x *DeleteDownstreamProvisioningStatesRequest) Reset() { + *x = DeleteDownstreamProvisioningStatesRequest{} + mi := &file_teleport_provisioning_v1_provisioning_service_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *DeleteDownstreamProvisioningStatesRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteDownstreamProvisioningStatesRequest) ProtoMessage() {} + +func (x *DeleteDownstreamProvisioningStatesRequest) ProtoReflect() protoreflect.Message { + mi := &file_teleport_provisioning_v1_provisioning_service_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteDownstreamProvisioningStatesRequest.ProtoReflect.Descriptor instead. +func (*DeleteDownstreamProvisioningStatesRequest) Descriptor() ([]byte, []int) { + return file_teleport_provisioning_v1_provisioning_service_proto_rawDescGZIP(), []int{0} +} + +func (x *DeleteDownstreamProvisioningStatesRequest) GetDownstreamId() string { + if x != nil { + return x.DownstreamId + } + return "" +} + +var File_teleport_provisioning_v1_provisioning_service_proto protoreflect.FileDescriptor + +var file_teleport_provisioning_v1_provisioning_service_proto_rawDesc = []byte{ + 0x0a, 0x33, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, + 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, + 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x18, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, + 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x1a, + 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x50, 0x0a, 0x29, + 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x44, 0x6f, 0x77, 0x6e, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, + 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, + 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x64, 0x6f, 0x77, + 0x6e, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0c, 0x64, 0x6f, 0x77, 0x6e, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x49, 0x64, 0x32, 0x99, + 0x01, 0x0a, 0x13, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x53, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x81, 0x01, 0x0a, 0x22, 0x44, 0x65, 0x6c, 0x65, 0x74, + 0x65, 0x44, 0x6f, 0x77, 0x6e, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x50, 0x72, 0x6f, 0x76, 0x69, + 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x73, 0x12, 0x43, 0x2e, + 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, + 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x44, + 0x6f, 0x77, 0x6e, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, + 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x42, 0x5c, 0x5a, 0x5a, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, + 0x61, 0x70, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, + 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, + 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x3b, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, + 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_teleport_provisioning_v1_provisioning_service_proto_rawDescOnce sync.Once + file_teleport_provisioning_v1_provisioning_service_proto_rawDescData = file_teleport_provisioning_v1_provisioning_service_proto_rawDesc +) + +func file_teleport_provisioning_v1_provisioning_service_proto_rawDescGZIP() []byte { + file_teleport_provisioning_v1_provisioning_service_proto_rawDescOnce.Do(func() { + file_teleport_provisioning_v1_provisioning_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_teleport_provisioning_v1_provisioning_service_proto_rawDescData) + }) + return file_teleport_provisioning_v1_provisioning_service_proto_rawDescData +} + +var file_teleport_provisioning_v1_provisioning_service_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_teleport_provisioning_v1_provisioning_service_proto_goTypes = []any{ + (*DeleteDownstreamProvisioningStatesRequest)(nil), // 0: teleport.provisioning.v1.DeleteDownstreamProvisioningStatesRequest + (*emptypb.Empty)(nil), // 1: google.protobuf.Empty +} +var file_teleport_provisioning_v1_provisioning_service_proto_depIdxs = []int32{ + 0, // 0: teleport.provisioning.v1.ProvisioningService.DeleteDownstreamProvisioningStates:input_type -> teleport.provisioning.v1.DeleteDownstreamProvisioningStatesRequest + 1, // 1: teleport.provisioning.v1.ProvisioningService.DeleteDownstreamProvisioningStates:output_type -> google.protobuf.Empty + 1, // [1:2] is the sub-list for method output_type + 0, // [0:1] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_teleport_provisioning_v1_provisioning_service_proto_init() } +func file_teleport_provisioning_v1_provisioning_service_proto_init() { + if File_teleport_provisioning_v1_provisioning_service_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_teleport_provisioning_v1_provisioning_service_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_teleport_provisioning_v1_provisioning_service_proto_goTypes, + DependencyIndexes: file_teleport_provisioning_v1_provisioning_service_proto_depIdxs, + MessageInfos: file_teleport_provisioning_v1_provisioning_service_proto_msgTypes, + }.Build() + File_teleport_provisioning_v1_provisioning_service_proto = out.File + file_teleport_provisioning_v1_provisioning_service_proto_rawDesc = nil + file_teleport_provisioning_v1_provisioning_service_proto_goTypes = nil + file_teleport_provisioning_v1_provisioning_service_proto_depIdxs = nil +} diff --git a/api/gen/proto/go/teleport/provisioning/v1/provisioning_service_grpc.pb.go b/api/gen/proto/go/teleport/provisioning/v1/provisioning_service_grpc.pb.go new file mode 100644 index 0000000000000..fdfe2a7bde4f4 --- /dev/null +++ b/api/gen/proto/go/teleport/provisioning/v1/provisioning_service_grpc.pb.go @@ -0,0 +1,142 @@ +// Copyright 2024 Gravitational, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc (unknown) +// source: teleport/provisioning/v1/provisioning_service.proto + +package provisioningv1 + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" + emptypb "google.golang.org/protobuf/types/known/emptypb" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + ProvisioningService_DeleteDownstreamProvisioningStates_FullMethodName = "/teleport.provisioning.v1.ProvisioningService/DeleteDownstreamProvisioningStates" +) + +// ProvisioningServiceClient is the client API for ProvisioningService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +// +// ProvisioningService provides methods to manage Provisioning resources. +type ProvisioningServiceClient interface { + // DeleteDownstreamProvisioningStates deletes all Identity Center provisioning state for a given downstream. + DeleteDownstreamProvisioningStates(ctx context.Context, in *DeleteDownstreamProvisioningStatesRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) +} + +type provisioningServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewProvisioningServiceClient(cc grpc.ClientConnInterface) ProvisioningServiceClient { + return &provisioningServiceClient{cc} +} + +func (c *provisioningServiceClient) DeleteDownstreamProvisioningStates(ctx context.Context, in *DeleteDownstreamProvisioningStatesRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(emptypb.Empty) + err := c.cc.Invoke(ctx, ProvisioningService_DeleteDownstreamProvisioningStates_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +// ProvisioningServiceServer is the server API for ProvisioningService service. +// All implementations must embed UnimplementedProvisioningServiceServer +// for forward compatibility. +// +// ProvisioningService provides methods to manage Provisioning resources. +type ProvisioningServiceServer interface { + // DeleteDownstreamProvisioningStates deletes all Identity Center provisioning state for a given downstream. + DeleteDownstreamProvisioningStates(context.Context, *DeleteDownstreamProvisioningStatesRequest) (*emptypb.Empty, error) + mustEmbedUnimplementedProvisioningServiceServer() +} + +// UnimplementedProvisioningServiceServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedProvisioningServiceServer struct{} + +func (UnimplementedProvisioningServiceServer) DeleteDownstreamProvisioningStates(context.Context, *DeleteDownstreamProvisioningStatesRequest) (*emptypb.Empty, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteDownstreamProvisioningStates not implemented") +} +func (UnimplementedProvisioningServiceServer) mustEmbedUnimplementedProvisioningServiceServer() {} +func (UnimplementedProvisioningServiceServer) testEmbeddedByValue() {} + +// UnsafeProvisioningServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to ProvisioningServiceServer will +// result in compilation errors. +type UnsafeProvisioningServiceServer interface { + mustEmbedUnimplementedProvisioningServiceServer() +} + +func RegisterProvisioningServiceServer(s grpc.ServiceRegistrar, srv ProvisioningServiceServer) { + // If the following call pancis, it indicates UnimplementedProvisioningServiceServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&ProvisioningService_ServiceDesc, srv) +} + +func _ProvisioningService_DeleteDownstreamProvisioningStates_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteDownstreamProvisioningStatesRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ProvisioningServiceServer).DeleteDownstreamProvisioningStates(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: ProvisioningService_DeleteDownstreamProvisioningStates_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ProvisioningServiceServer).DeleteDownstreamProvisioningStates(ctx, req.(*DeleteDownstreamProvisioningStatesRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// ProvisioningService_ServiceDesc is the grpc.ServiceDesc for ProvisioningService service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var ProvisioningService_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "teleport.provisioning.v1.ProvisioningService", + HandlerType: (*ProvisioningServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "DeleteDownstreamProvisioningStates", + Handler: _ProvisioningService_DeleteDownstreamProvisioningStates_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "teleport/provisioning/v1/provisioning_service.proto", +} diff --git a/api/proto/teleport/identitycenter/v1/identitycenter_service.proto b/api/proto/teleport/identitycenter/v1/identitycenter_service.proto new file mode 100644 index 0000000000000..5230c53040f60 --- /dev/null +++ b/api/proto/teleport/identitycenter/v1/identitycenter_service.proto @@ -0,0 +1,49 @@ +// Copyright 2024 Gravitational, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package teleport.identitycenter.v1; + +import "google/protobuf/empty.proto"; + +option go_package = "github.com/gravitational/teleport/api/gen/proto/go/teleport/identitycenter/v1;identitycenterv1"; + +// IdentityCenterService provides methods to manage Identity Center +// resources. +service IdentityCenterService { + // DeleteAllIdentityCenterAccounts deletes all Identity Center accounts. + rpc DeleteAllIdentityCenterAccounts(DeleteAllIdentityCenterAccountsRequest) returns (google.protobuf.Empty); + + // DeleteAllAccountAssignments deletes all Identity Center Account assignments. + rpc DeleteAllAccountAssignments(DeleteAllAccountAssignmentsRequest) returns (google.protobuf.Empty); + + // DeleteAllPrincipalAssignments deletes all Identity Center principal assignments. + rpc DeleteAllPrincipalAssignments(DeleteAllPrincipalAssignmentsRequest) returns (google.protobuf.Empty); + + // DeleteAllPermissionSets deletes all Identity Center permission sets. + rpc DeleteAllPermissionSets(DeleteAllPermissionSetsRequest) returns (google.protobuf.Empty); +} + +// DeleteAllIdentityCenterAccountsRequest is a request to delete all Identity Center imported accounts. +message DeleteAllIdentityCenterAccountsRequest {} + +// DeleteAllAccountAssignmentsRequest is a request to delete all Identity Center account assignments. +message DeleteAllAccountAssignmentsRequest {} + +// DeleteAllPrincipalAssignmentsRequest is a request to delete all Identity Center principal assignments. +message DeleteAllPrincipalAssignmentsRequest {} + +// DeleteAllPermissionSetsRequest is a request to delete all Identity Center permission sets. +message DeleteAllPermissionSetsRequest {} diff --git a/api/proto/teleport/provisioning/v1/provisioning_service.proto b/api/proto/teleport/provisioning/v1/provisioning_service.proto new file mode 100644 index 0000000000000..a477786bd0698 --- /dev/null +++ b/api/proto/teleport/provisioning/v1/provisioning_service.proto @@ -0,0 +1,34 @@ +// Copyright 2024 Gravitational, Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package teleport.provisioning.v1; + +import "google/protobuf/empty.proto"; + +option go_package = "github.com/gravitational/teleport/api/gen/proto/go/teleport/provisioning/v1;provisioningv1"; + +// ProvisioningService provides methods to manage Provisioning resources. +service ProvisioningService { + // DeleteDownstreamProvisioningStates deletes all Identity Center provisioning state for a given downstream. + rpc DeleteDownstreamProvisioningStates(DeleteDownstreamProvisioningStatesRequest) returns (google.protobuf.Empty); +} + +// DeleteDownstreamProvisioningStatesRequest is a request to delete all provisioning states for +// a given DownstreamId. +message DeleteDownstreamProvisioningStatesRequest { + // DownstreamId identifies the downstream service that this state applies to. + string downstream_id = 1; +} diff --git a/lib/auth/authclient/clt.go b/lib/auth/authclient/clt.go index 4d3bdabd846b7..8c818c9015d80 100644 --- a/lib/auth/authclient/clt.go +++ b/lib/auth/authclient/clt.go @@ -43,11 +43,13 @@ import ( clusterconfigpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/clusterconfig/v1" dbobjectimportrulev1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/dbobjectimportrule/v1" devicepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/devicetrust/v1" + identitycenterv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/identitycenter/v1" integrationv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/integration/v1" loginrulepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/loginrule/v1" machineidv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/machineid/v1" notificationsv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/notifications/v1" pluginspb "github.com/gravitational/teleport/api/gen/proto/go/teleport/plugins/v1" + provisioningv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/provisioning/v1" resourceusagepb "github.com/gravitational/teleport/api/gen/proto/go/teleport/resourceusage/v1" samlidppb "github.com/gravitational/teleport/api/gen/proto/go/teleport/samlidp/v1" trustpb "github.com/gravitational/teleport/api/gen/proto/go/teleport/trust/v1" @@ -1882,4 +1884,10 @@ type ClientI interface { // GenerateAppToken creates a JWT token with application access. GenerateAppToken(ctx context.Context, req types.GenerateAppTokenRequest) (string, error) + + // IdentityCenterClient returns Identity Center service client. + IdentityCenterClient() identitycenterv1.IdentityCenterServiceClient + + // ProvisioningServiceClient returns provisioning service client. + ProvisioningServiceClient() provisioningv1.ProvisioningServiceClient } diff --git a/lib/auth/grpcserver.go b/lib/auth/grpcserver.go index b4bd1d985ea97..d62476dbabaf1 100644 --- a/lib/auth/grpcserver.go +++ b/lib/auth/grpcserver.go @@ -58,6 +58,7 @@ import ( dbobjectimportrulev1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/dbobjectimportrule/v1" discoveryconfigv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/discoveryconfig/v1" dynamicwindowsv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/dynamicwindows/v1" + identitycenterv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/identitycenter/v1" integrationv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/integration/v1" kubewaitingcontainerv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/kubewaitingcontainer/v1" loginrulev1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/loginrule/v1" @@ -65,6 +66,7 @@ import ( mfav1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/mfa/v1" notificationsv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/notifications/v1" presencev1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/presence/v1" + provisioningv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/provisioning/v1" trustv1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/trust/v1" userloginstatev1pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/userloginstate/v1" userprovisioningv2pb "github.com/gravitational/teleport/api/gen/proto/go/teleport/userprovisioning/v2" @@ -5345,6 +5347,19 @@ func NewGRPCServer(cfg GRPCServerConfig) (*GRPCServer, error) { } autoupdatev1pb.RegisterAutoUpdateServiceServer(server, autoUpdateServiceServer) + identityCenterService, err := local.NewIdentityCenterService(local.IdentityCenterServiceConfig{ + Backend: cfg.AuthServer.bk}) + if err != nil { + return nil, trace.Wrap(err) + } + identitycenterv1.RegisterIdentityCenterServiceServer(server, identityCenterService) + + provisioningStateService, err := local.NewProvisioningStateService(cfg.AuthServer.bk) + if err != nil { + return nil, trace.Wrap(err) + } + provisioningv1.RegisterProvisioningServiceServer(server, provisioningStateService) + // Only register the service if this is an open source build. Enterprise builds // register the actual service via an auth plugin, if we register here then all // Enterprise builds would fail with a duplicate service registered error. diff --git a/lib/cache/identitycenter.go b/lib/cache/identitycenter.go index 1b431cba57da2..953da7d4ce913 100644 --- a/lib/cache/identitycenter.go +++ b/lib/cache/identitycenter.go @@ -64,7 +64,8 @@ func (identityCenterAccountExecutor) delete(ctx context.Context, cache *Cache, r } func (identityCenterAccountExecutor) deleteAll(ctx context.Context, cache *Cache) error { - return trace.Wrap(cache.identityCenterCache.DeleteAllIdentityCenterAccounts(ctx)) + _, err := cache.identityCenterCache.DeleteAllIdentityCenterAccounts(ctx, &identitycenterv1.DeleteAllIdentityCenterAccountsRequest{}) + return trace.Wrap(err) } func (identityCenterAccountExecutor) getReader(cache *Cache, cacheOK bool) identityCenterAccountGetter { @@ -125,7 +126,8 @@ func (identityCenterPrincipalAssignmentExecutor) delete(ctx context.Context, cac } func (identityCenterPrincipalAssignmentExecutor) deleteAll(ctx context.Context, cache *Cache) error { - return trace.Wrap(cache.identityCenterCache.DeleteAllPrincipalAssignments(ctx)) + _, err := cache.identityCenterCache.DeleteAllPrincipalAssignments(ctx, &identitycenterv1.DeleteAllPrincipalAssignmentsRequest{}) + return trace.Wrap(err) } func (identityCenterPrincipalAssignmentExecutor) getReader(cache *Cache, cacheOK bool) identityCenterPrincipalAssignmentGetter { @@ -176,7 +178,8 @@ func (identityCenterAccountAssignmentExecutor) delete(ctx context.Context, cache } func (identityCenterAccountAssignmentExecutor) deleteAll(ctx context.Context, cache *Cache) error { - return trace.Wrap(cache.identityCenterCache.DeleteAllIdentityCenterAccounts(ctx)) + _, err := cache.identityCenterCache.DeleteAllIdentityCenterAccounts(ctx, &identitycenterv1.DeleteAllIdentityCenterAccountsRequest{}) + return trace.Wrap(err) } func (identityCenterAccountAssignmentExecutor) getReader(cache *Cache, cacheOK bool) identityCenterAccountAssignmentGetter { diff --git a/lib/cache/identitycenter_test.go b/lib/cache/identitycenter_test.go index c312d778aeafa..136c170d9475a 100644 --- a/lib/cache/identitycenter_test.go +++ b/lib/cache/identitycenter_test.go @@ -98,7 +98,8 @@ func TestIdentityCenterAccount(t *testing.T) { ctx, services.IdentityCenterAccountID(id))) }, deleteAll: func(ctx context.Context) error { - return trace.Wrap(fixturePack.identityCenter.DeleteAllIdentityCenterAccounts(ctx)) + _, err := fixturePack.identityCenter.DeleteAllIdentityCenterAccounts(ctx, &identitycenterv1.DeleteAllIdentityCenterAccountsRequest{}) + return trace.Wrap(err) }, cacheList: func(ctx context.Context) ([]services.IdentityCenterAccount, error) { return collect(ctx, fixturePack.cache.identityCenterCache) @@ -173,7 +174,8 @@ func TestIdentityCenterPrincipalAssignment(t *testing.T) { return trace.Wrap(fixturePack.identityCenter.DeletePrincipalAssignment(ctx, services.PrincipalAssignmentID(id))) }, deleteAll: func(ctx context.Context) error { - return trace.Wrap(fixturePack.identityCenter.DeleteAllPrincipalAssignments(ctx)) + _, err := fixturePack.identityCenter.DeleteAllPrincipalAssignments(ctx, &identitycenterv1.DeleteAllPrincipalAssignmentsRequest{}) + return trace.Wrap(err) }, cacheList: func(ctx context.Context) ([]*identitycenterv1.PrincipalAssignment, error) { return collect(ctx, fixturePack.cache.identityCenterCache) @@ -249,7 +251,8 @@ func TestIdentityCenterAccountAssignment(t *testing.T) { return trace.Wrap(fixturePack.identityCenter.DeleteAccountAssignment(ctx, services.IdentityCenterAccountAssignmentID(id))) }, deleteAll: func(ctx context.Context) error { - return trace.Wrap(fixturePack.identityCenter.DeleteAllAccountAssignments(ctx)) + _, err := fixturePack.identityCenter.DeleteAllAccountAssignments(ctx, &identitycenterv1.DeleteAllAccountAssignmentsRequest{}) + return trace.Wrap(err) }, cacheList: func(ctx context.Context) ([]services.IdentityCenterAccountAssignment, error) { return collect(ctx, fixturePack.cache.identityCenterCache) diff --git a/lib/services/identitycenter.go b/lib/services/identitycenter.go index e256ab9941025..d3053b544e005 100644 --- a/lib/services/identitycenter.go +++ b/lib/services/identitycenter.go @@ -20,6 +20,7 @@ import ( "context" "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/types/known/emptypb" identitycenterv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/identitycenter/v1" "github.com/gravitational/teleport/lib/utils/pagination" @@ -90,7 +91,7 @@ type IdentityCenterAccounts interface { DeleteIdentityCenterAccount(context.Context, IdentityCenterAccountID) error // DeleteAllIdentityCenterAccounts deletes all Identity Center Account records - DeleteAllIdentityCenterAccounts(context.Context) error + DeleteAllIdentityCenterAccounts(context.Context, *identitycenterv1.DeleteAllIdentityCenterAccountsRequest) (*emptypb.Empty, error) } // PrincipalAssignmentID is a strongly-typed ID for Identity Center Principal @@ -124,7 +125,7 @@ type IdentityCenterPrincipalAssignments interface { DeletePrincipalAssignment(context.Context, PrincipalAssignmentID) error // DeleteAllPrincipalAssignments deletes all assignment record - DeleteAllPrincipalAssignments(context.Context) error + DeleteAllPrincipalAssignments(context.Context, *identitycenterv1.DeleteAllPrincipalAssignmentsRequest) (*emptypb.Empty, error) } // PermissionSetID is a strongly typed ID for an identitycenterv1.PermissionSet @@ -150,6 +151,9 @@ type IdentityCenterPermissionSets interface { // DeletePermissionSet deletes a specific Identity Center PermissionSet DeletePermissionSet(context.Context, PermissionSetID) error + + // DeleteAllPermissionSets deletes all Identity Center PermissionSets. + DeleteAllPermissionSets(context.Context, *identitycenterv1.DeleteAllPermissionSetsRequest) (*emptypb.Empty, error) } // IdentityCenterAccountAssignment wraps a raw identitycenterv1.AccountAssignment @@ -212,7 +216,7 @@ type IdentityCenterAccountAssignments interface { DeleteAccountAssignment(context.Context, IdentityCenterAccountAssignmentID) error // DeleteAllAccountAssignments deletes all known account assignments - DeleteAllAccountAssignments(context.Context) error + DeleteAllAccountAssignments(context.Context, *identitycenterv1.DeleteAllAccountAssignmentsRequest) (*emptypb.Empty, error) } // IdentityCenter combines all the resource managers used by the Identity Center plugin diff --git a/lib/services/local/identitycenter.go b/lib/services/local/identitycenter.go index 10cdf7777e33b..92904a5b9fa42 100644 --- a/lib/services/local/identitycenter.go +++ b/lib/services/local/identitycenter.go @@ -21,6 +21,7 @@ import ( "log/slog" "github.com/gravitational/trace" + "google.golang.org/protobuf/types/known/emptypb" "github.com/gravitational/teleport" identitycenterv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/identitycenter/v1" @@ -71,6 +72,7 @@ func (cfg *IdentityCenterServiceConfig) CheckAndSetDefaults() error { // IdentityCenterService handles low-level CRUD operations for the identity- // center related resources type IdentityCenterService struct { + identitycenterv1.UnimplementedIdentityCenterServiceServer accounts *generic.ServiceWrapper[*identitycenterv1.Account] permissionSets *generic.ServiceWrapper[*identitycenterv1.PermissionSet] principalAssignments *generic.ServiceWrapper[*identitycenterv1.PrincipalAssignment] @@ -213,8 +215,8 @@ func (svc *IdentityCenterService) DeleteIdentityCenterAccount(ctx context.Contex } // DeleteAllIdentityCenterAccounts deletes all Identity Center Account records -func (svc *IdentityCenterService) DeleteAllIdentityCenterAccounts(ctx context.Context) error { - return trace.Wrap(svc.accounts.DeleteAllResources(ctx)) +func (svc *IdentityCenterService) DeleteAllIdentityCenterAccounts(ctx context.Context, req *identitycenterv1.DeleteAllIdentityCenterAccountsRequest) (*emptypb.Empty, error) { + return &emptypb.Empty{}, trace.Wrap(svc.accounts.DeleteAllResources(ctx)) } // ListPrincipalAssignments lists all PrincipalAssignment records in the service @@ -281,8 +283,8 @@ func (svc *IdentityCenterService) DeletePrincipalAssignment(ctx context.Context, } // DeleteAllPrincipalAssignments deletes all assignment record -func (svc *IdentityCenterService) DeleteAllPrincipalAssignments(ctx context.Context) error { - return trace.Wrap(svc.principalAssignments.DeleteAllResources(ctx)) +func (svc *IdentityCenterService) DeleteAllPrincipalAssignments(ctx context.Context, req *identitycenterv1.DeleteAllPrincipalAssignmentsRequest) (*emptypb.Empty, error) { + return &emptypb.Empty{}, trace.Wrap(svc.principalAssignments.DeleteAllResources(ctx)) } // ListPermissionSets list the known Permission Sets in the managed Identity Center @@ -335,6 +337,11 @@ func (svc *IdentityCenterService) DeletePermissionSet(ctx context.Context, name return trace.Wrap(svc.permissionSets.DeleteResource(ctx, string(name))) } +// DeleteAllPermissionSets deletes all Identity Center PermissionSet +func (svc *IdentityCenterService) DeleteAllPermissionSets(ctx context.Context, req *identitycenterv1.DeleteAllPermissionSetsRequest) (*emptypb.Empty, error) { + return &emptypb.Empty{}, trace.Wrap(svc.permissionSets.DeleteAllResources(ctx)) +} + // ListAccountAssignments lists all IdentityCenterAccountAssignment record // known to the service func (svc *IdentityCenterService) ListAccountAssignments(ctx context.Context, pageSize int, page *pagination.PageRequestToken) ([]services.IdentityCenterAccountAssignment, pagination.NextPageToken, error) { @@ -404,6 +411,6 @@ func (svc *IdentityCenterService) DeleteAccountAssignment(ctx context.Context, n } // DeleteAllAccountAssignments deletes all known account assignments -func (svc *IdentityCenterService) DeleteAllAccountAssignments(ctx context.Context) error { - return trace.Wrap(svc.accountAssignments.DeleteAllResources(ctx)) +func (svc *IdentityCenterService) DeleteAllAccountAssignments(ctx context.Context, req *identitycenterv1.DeleteAllAccountAssignmentsRequest) (*emptypb.Empty, error) { + return &emptypb.Empty{}, trace.Wrap(svc.accountAssignments.DeleteAllResources(ctx)) } diff --git a/lib/services/local/identitycenter_test.go b/lib/services/local/identitycenter_test.go index b64a98eda5df6..0a2c085fa76ce 100644 --- a/lib/services/local/identitycenter_test.go +++ b/lib/services/local/identitycenter_test.go @@ -24,6 +24,7 @@ import ( "github.com/gravitational/trace" "github.com/jonboulle/clockwork" "github.com/stretchr/testify/require" + "google.golang.org/protobuf/types/known/emptypb" headerv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/header/v1" identitycenterv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/identitycenter/v1" @@ -52,11 +53,12 @@ func TestIdentityCenterResourceCRUD(t *testing.T) { const resourceID = "alpha" testCases := []struct { - name string - createResource func(*testing.T, context.Context, services.IdentityCenter, string) types.Resource153 - getResource func(context.Context, services.IdentityCenter, string) (types.Resource153, error) - updateResource func(context.Context, services.IdentityCenter, types.Resource153) (types.Resource153, error) - upsertResource func(context.Context, services.IdentityCenter, types.Resource153) (types.Resource153, error) + name string + createResource func(*testing.T, context.Context, services.IdentityCenter, string) types.Resource153 + getResource func(context.Context, services.IdentityCenter, string) (types.Resource153, error) + updateResource func(context.Context, services.IdentityCenter, types.Resource153) (types.Resource153, error) + upsertResource func(context.Context, services.IdentityCenter, types.Resource153) (types.Resource153, error) + deleteAllResources func(context.Context, services.IdentityCenter) (*emptypb.Empty, error) }{ { name: "Account", @@ -74,6 +76,9 @@ func TestIdentityCenterResourceCRUD(t *testing.T) { acct := r.(services.IdentityCenterAccount) return svc.UpsertIdentityCenterAccount(subtestCtx, acct) }, + deleteAllResources: func(subtestCtx context.Context, svc services.IdentityCenter) (*emptypb.Empty, error) { + return svc.DeleteAllIdentityCenterAccounts(subtestCtx, &identitycenterv1.DeleteAllIdentityCenterAccountsRequest{}) + }, }, { name: "PermissionSet", @@ -87,6 +92,9 @@ func TestIdentityCenterResourceCRUD(t *testing.T) { ps := r.(*identitycenterv1.PermissionSet) return svc.UpdatePermissionSet(subtestCtx, ps) }, + deleteAllResources: func(subtestCtx context.Context, svc services.IdentityCenter) (*emptypb.Empty, error) { + return svc.DeleteAllPermissionSets(subtestCtx, &identitycenterv1.DeleteAllPermissionSetsRequest{}) + }, }, { name: "AccountAssignment", @@ -104,6 +112,9 @@ func TestIdentityCenterResourceCRUD(t *testing.T) { asmt := r.(services.IdentityCenterAccountAssignment) return svc.UpsertAccountAssignment(subtestCtx, asmt) }, + deleteAllResources: func(subtestCtx context.Context, svc services.IdentityCenter) (*emptypb.Empty, error) { + return svc.DeleteAllAccountAssignments(subtestCtx, &identitycenterv1.DeleteAllAccountAssignmentsRequest{}) + }, }, { name: "PrincipalAssignment", @@ -121,6 +132,9 @@ func TestIdentityCenterResourceCRUD(t *testing.T) { asmt := r.(*identitycenterv1.PrincipalAssignment) return svc.UpsertPrincipalAssignment(subtestCtx, asmt) }, + deleteAllResources: func(subtestCtx context.Context, svc services.IdentityCenter) (*emptypb.Empty, error) { + return svc.DeleteAllPrincipalAssignments(subtestCtx, &identitycenterv1.DeleteAllPrincipalAssignmentsRequest{}) + }, }, } @@ -215,6 +229,43 @@ func TestIdentityCenterResourceCRUD(t *testing.T) { require.NoError(t, err) require.Equal(t, "2", r.GetMetadata().Labels["update"]) }) + + t.Run("DeleteAllResources", func(t *testing.T) { + t.Parallel() + + ctx := newTestContext(t) + clock := clockwork.NewFakeClock() + backend := newTestBackend(t, ctx, clock) + defer backend.Close() + + // GIVEN an IdentityCenter service populated with a resource + uut, err := NewIdentityCenterService(IdentityCenterServiceConfig{Backend: backend}) + require.NoError(t, err) + + resourceTestNames := []string{"r1", "r2"} + for _, v := range resourceTestNames { + test.createResource(t, ctx, uut, v) + } + + // EXPECT that the backend records for the resources created above can be fetched + var resourceNamesFromBackend []string + for _, v := range resourceTestNames { + r, err := test.getResource(ctx, uut, v) + require.NoError(t, err) + resourceNamesFromBackend = append(resourceNamesFromBackend, r.GetMetadata().GetName()) + } + require.ElementsMatch(t, resourceTestNames, resourceNamesFromBackend) + + // WHEN I attempt to Delete resources + _, err = test.deleteAllResources(ctx, uut) + require.NoError(t, err) + + // EXPECT that the backend reflects the resource were deleted. + for _, v := range resourceTestNames { + _, err := test.getResource(ctx, uut, v) + require.ErrorContains(t, err, "doesn't exist") + } + }) }) } } diff --git a/lib/services/local/provisioningstates.go b/lib/services/local/provisioningstates.go index 407c964fa3855..d28a9f4fb244e 100644 --- a/lib/services/local/provisioningstates.go +++ b/lib/services/local/provisioningstates.go @@ -20,6 +20,7 @@ import ( "context" "github.com/gravitational/trace" + "google.golang.org/protobuf/types/known/emptypb" provisioningv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/provisioning/v1" "github.com/gravitational/teleport/api/types" @@ -36,6 +37,7 @@ const ( // ProvisioningStateService handles low-level CRUD operations for the provisioning status type ProvisioningStateService struct { + provisioningv1.UnimplementedProvisioningServiceServer service *generic.ServiceWrapper[*provisioningv1.PrincipalState] } @@ -172,8 +174,8 @@ func (ss *ProvisioningStateService) DeleteProvisioningState(ctx context.Context, // DeleteDownstreamProvisioningStates deletes *all* provisioning records for // a given downstream -func (ss *ProvisioningStateService) DeleteDownstreamProvisioningStates(ctx context.Context, downstreamID services.DownstreamID) error { - return trace.Wrap(ss.service.WithPrefix(string(downstreamID)).DeleteAllResources(ctx)) +func (ss *ProvisioningStateService) DeleteDownstreamProvisioningStates(ctx context.Context, req *provisioningv1.DeleteDownstreamProvisioningStatesRequest) (*emptypb.Empty, error) { + return &emptypb.Empty{}, trace.Wrap(ss.service.WithPrefix(req.GetDownstreamId()).DeleteAllResources(ctx)) } // DeleteAllProvisioningStates deletes *all* provisioning records for a *all* diff --git a/lib/services/provisioningstates.go b/lib/services/provisioningstates.go index 8d1e1c0de5497..0a141cc115f2f 100644 --- a/lib/services/provisioningstates.go +++ b/lib/services/provisioningstates.go @@ -19,6 +19,8 @@ package services import ( "context" + "google.golang.org/protobuf/types/known/emptypb" + provisioningv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/provisioning/v1" "github.com/gravitational/teleport/lib/utils/pagination" ) @@ -69,7 +71,7 @@ type DownstreamProvisioningStates interface { // DeleteDownstreamProvisioningStates deletes *all* provisioning records for // a given downstream - DeleteDownstreamProvisioningStates(context.Context, DownstreamID) error + DeleteDownstreamProvisioningStates(context.Context, *provisioningv1.DeleteDownstreamProvisioningStatesRequest) (*emptypb.Empty, error) } // ProvisioningStates defines an interface for managing a Provisioning Principal