diff --git a/agent/go.mod b/agent/go.mod index a3ce627933c..c167dd834b2 100644 --- a/agent/go.mod +++ b/agent/go.mod @@ -30,8 +30,6 @@ require ( go.etcd.io/bbolt v1.3.6 golang.org/x/sys v0.13.0 golang.org/x/tools v0.12.0 - google.golang.org/grpc v1.56.3 - google.golang.org/protobuf v1.30.0 k8s.io/api v0.28.1 ) @@ -71,6 +69,8 @@ require ( golang.org/x/text v0.13.0 // indirect golang.org/x/time v0.3.0 // indirect google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect + google.golang.org/grpc v1.56.3 // indirect + google.golang.org/protobuf v1.30.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/agent/taskresource/credentialspec/credentialspec_linux.go b/agent/taskresource/credentialspec/credentialspec_linux.go index f2c8a305391..2a483866bfd 100644 --- a/agent/taskresource/credentialspec/credentialspec_linux.go +++ b/agent/taskresource/credentialspec/credentialspec_linux.go @@ -36,8 +36,8 @@ import ( s3factory "github.com/aws/amazon-ecs-agent/agent/s3/factory" ssmfactory "github.com/aws/amazon-ecs-agent/agent/ssm/factory" - credentialsfetcherclient "github.com/aws/amazon-ecs-agent/agent/taskresource/grpcclient" "github.com/aws/amazon-ecs-agent/ecs-agent/credentials" + credentialsfetcherclient "github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient" "github.com/pkg/errors" ) diff --git a/agent/taskresource/grpcclient/credentialsfetcher/credentialsfetcher.pb.go b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher.pb.go similarity index 98% rename from agent/taskresource/grpcclient/credentialsfetcher/credentialsfetcher.pb.go rename to agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher.pb.go index 743310c42e0..de266dc95a5 100644 --- a/agent/taskresource/grpcclient/credentialsfetcher/credentialsfetcher.pb.go +++ b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher.pb.go @@ -1,9 +1,12 @@ -// AUTOGENERATED FILE +//command to generate gRPC code +//protoc --go_out=. --go_opt=paths=source_relative \ +//--go-grpc_out=. --go-grpc_opt=paths=source_relative credentialsfetcher/credentialsfetcher.proto +// This will generate credentialsfetcher/credentialsfetcher.pb.go and credentialsfetcher/credentialsfetcher_grpc.pb.go files // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.19.4 +// protoc v3.15.8 // source: credentialsfetcher/credentialsfetcher.proto package credentialsfetcher @@ -609,8 +612,6 @@ var file_credentialsfetcher_credentialsfetcher_proto_depIdxs = []int32{ } func init() { file_credentialsfetcher_credentialsfetcher_proto_init() } - -//gocyclo:ignore func file_credentialsfetcher_credentialsfetcher_proto_init() { if File_credentialsfetcher_credentialsfetcher_proto != nil { return diff --git a/agent/taskresource/grpcclient/credentialsfetcher/credentialsfetcher.proto b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher.proto similarity index 96% rename from agent/taskresource/grpcclient/credentialsfetcher/credentialsfetcher.proto rename to agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher.proto index 7da7a90e63c..5393650b16f 100644 --- a/agent/taskresource/grpcclient/credentialsfetcher/credentialsfetcher.proto +++ b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher.proto @@ -4,7 +4,7 @@ // This will generate credentialsfetcher/credentialsfetcher.pb.go and credentialsfetcher/credentialsfetcher_grpc.pb.go files syntax = "proto3"; -option go_package = "grpcclient/credentialsfetcher"; +option go_package = "gmsacredclient/credentialsfetcher"; package credentialsfetcher; service CredentialsFetcherService { diff --git a/agent/taskresource/grpcclient/credentialsfetcher/credentialsfetcher_grpc.pb.go b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher_grpc.pb.go similarity index 99% rename from agent/taskresource/grpcclient/credentialsfetcher/credentialsfetcher_grpc.pb.go rename to agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher_grpc.pb.go index 43cf8ea4908..071fa0a7edb 100644 --- a/agent/taskresource/grpcclient/credentialsfetcher/credentialsfetcher_grpc.pb.go +++ b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.2.0 -// - protoc v3.19.4 +// - protoc v3.15.8 // source: credentialsfetcher/credentialsfetcher.proto package credentialsfetcher diff --git a/agent/taskresource/grpcclient/credentialsfetcherclient.go b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient/credentialsfetcherclient.go similarity index 98% rename from agent/taskresource/grpcclient/credentialsfetcherclient.go rename to agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient/credentialsfetcherclient.go index 957aa5eb085..7ef2f54d155 100644 --- a/agent/taskresource/grpcclient/credentialsfetcherclient.go +++ b/agent/vendor/github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient/credentialsfetcherclient.go @@ -1,4 +1,4 @@ -package grpcclient +package gmsacredclient import ( "context" @@ -8,7 +8,7 @@ import ( "google.golang.org/grpc/codes" "google.golang.org/grpc/status" - pb "github.com/aws/amazon-ecs-agent/agent/taskresource/grpcclient/credentialsfetcher" + pb "github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient/credentialsfetcher" "github.com/cihub/seelog" "google.golang.org/grpc" "google.golang.org/grpc/credentials/insecure" diff --git a/agent/vendor/modules.txt b/agent/vendor/modules.txt index fc9becf2591..b4a87f43887 100644 --- a/agent/vendor/modules.txt +++ b/agent/vendor/modules.txt @@ -35,6 +35,8 @@ github.com/aws/amazon-ecs-agent/ecs-agent/doctor github.com/aws/amazon-ecs-agent/ecs-agent/ec2 github.com/aws/amazon-ecs-agent/ecs-agent/ec2/mocks github.com/aws/amazon-ecs-agent/ecs-agent/eventstream +github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient +github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient/credentialsfetcher github.com/aws/amazon-ecs-agent/ecs-agent/httpclient github.com/aws/amazon-ecs-agent/ecs-agent/httpclient/mock github.com/aws/amazon-ecs-agent/ecs-agent/logger @@ -478,7 +480,6 @@ google.golang.org/grpc/serviceconfig google.golang.org/grpc/stats google.golang.org/grpc/status google.golang.org/grpc/tap -google.golang.org/grpc/test/bufconn # google.golang.org/protobuf v1.30.0 ## explicit; go 1.11 google.golang.org/protobuf/encoding/protojson diff --git a/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher.pb.go b/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher.pb.go new file mode 100644 index 00000000000..de266dc95a5 --- /dev/null +++ b/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher.pb.go @@ -0,0 +1,735 @@ +//command to generate gRPC code +//protoc --go_out=. --go_opt=paths=source_relative \ +//--go-grpc_out=. --go-grpc_opt=paths=source_relative credentialsfetcher/credentialsfetcher.proto +// This will generate credentialsfetcher/credentialsfetcher.pb.go and credentialsfetcher/credentialsfetcher_grpc.pb.go files + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.15.8 +// source: credentialsfetcher/credentialsfetcher.proto + +package credentialsfetcher + +import ( + reflect "reflect" + sync "sync" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type CreateKerberosLeaseRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + CredspecContents []string `protobuf:"bytes,1,rep,name=credspec_contents,json=credspecContents,proto3" json:"credspec_contents,omitempty"` +} + +func (x *CreateKerberosLeaseRequest) Reset() { + *x = CreateKerberosLeaseRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_credentialsfetcher_credentialsfetcher_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CreateKerberosLeaseRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CreateKerberosLeaseRequest) ProtoMessage() {} + +func (x *CreateKerberosLeaseRequest) ProtoReflect() protoreflect.Message { + mi := &file_credentialsfetcher_credentialsfetcher_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CreateKerberosLeaseRequest.ProtoReflect.Descriptor instead. +func (*CreateKerberosLeaseRequest) Descriptor() ([]byte, []int) { + return file_credentialsfetcher_credentialsfetcher_proto_rawDescGZIP(), []int{0} +} + +func (x *CreateKerberosLeaseRequest) GetCredspecContents() []string { + if x != nil { + return x.CredspecContents + } + return nil +} + +type CreateKerberosLeaseResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + LeaseId string `protobuf:"bytes,1,opt,name=lease_id,json=leaseId,proto3" json:"lease_id,omitempty"` + CreatedKerberosFilePaths []string `protobuf:"bytes,2,rep,name=created_kerberos_file_paths,json=createdKerberosFilePaths,proto3" json:"created_kerberos_file_paths,omitempty"` +} + +func (x *CreateKerberosLeaseResponse) Reset() { + *x = CreateKerberosLeaseResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_credentialsfetcher_credentialsfetcher_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CreateKerberosLeaseResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CreateKerberosLeaseResponse) ProtoMessage() {} + +func (x *CreateKerberosLeaseResponse) ProtoReflect() protoreflect.Message { + mi := &file_credentialsfetcher_credentialsfetcher_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CreateKerberosLeaseResponse.ProtoReflect.Descriptor instead. +func (*CreateKerberosLeaseResponse) Descriptor() ([]byte, []int) { + return file_credentialsfetcher_credentialsfetcher_proto_rawDescGZIP(), []int{1} +} + +func (x *CreateKerberosLeaseResponse) GetLeaseId() string { + if x != nil { + return x.LeaseId + } + return "" +} + +func (x *CreateKerberosLeaseResponse) GetCreatedKerberosFilePaths() []string { + if x != nil { + return x.CreatedKerberosFilePaths + } + return nil +} + +type CreateNonDomainJoinedKerberosLeaseRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + CredspecContents []string `protobuf:"bytes,1,rep,name=credspec_contents,json=credspecContents,proto3" json:"credspec_contents,omitempty"` + Username string `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"` + Password string `protobuf:"bytes,3,opt,name=password,proto3" json:"password,omitempty"` + Domain string `protobuf:"bytes,4,opt,name=domain,proto3" json:"domain,omitempty"` +} + +func (x *CreateNonDomainJoinedKerberosLeaseRequest) Reset() { + *x = CreateNonDomainJoinedKerberosLeaseRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_credentialsfetcher_credentialsfetcher_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CreateNonDomainJoinedKerberosLeaseRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CreateNonDomainJoinedKerberosLeaseRequest) ProtoMessage() {} + +func (x *CreateNonDomainJoinedKerberosLeaseRequest) ProtoReflect() protoreflect.Message { + mi := &file_credentialsfetcher_credentialsfetcher_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CreateNonDomainJoinedKerberosLeaseRequest.ProtoReflect.Descriptor instead. +func (*CreateNonDomainJoinedKerberosLeaseRequest) Descriptor() ([]byte, []int) { + return file_credentialsfetcher_credentialsfetcher_proto_rawDescGZIP(), []int{2} +} + +func (x *CreateNonDomainJoinedKerberosLeaseRequest) GetCredspecContents() []string { + if x != nil { + return x.CredspecContents + } + return nil +} + +func (x *CreateNonDomainJoinedKerberosLeaseRequest) GetUsername() string { + if x != nil { + return x.Username + } + return "" +} + +func (x *CreateNonDomainJoinedKerberosLeaseRequest) GetPassword() string { + if x != nil { + return x.Password + } + return "" +} + +func (x *CreateNonDomainJoinedKerberosLeaseRequest) GetDomain() string { + if x != nil { + return x.Domain + } + return "" +} + +type CreateNonDomainJoinedKerberosLeaseResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + LeaseId string `protobuf:"bytes,1,opt,name=lease_id,json=leaseId,proto3" json:"lease_id,omitempty"` + CreatedKerberosFilePaths []string `protobuf:"bytes,2,rep,name=created_kerberos_file_paths,json=createdKerberosFilePaths,proto3" json:"created_kerberos_file_paths,omitempty"` +} + +func (x *CreateNonDomainJoinedKerberosLeaseResponse) Reset() { + *x = CreateNonDomainJoinedKerberosLeaseResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_credentialsfetcher_credentialsfetcher_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CreateNonDomainJoinedKerberosLeaseResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CreateNonDomainJoinedKerberosLeaseResponse) ProtoMessage() {} + +func (x *CreateNonDomainJoinedKerberosLeaseResponse) ProtoReflect() protoreflect.Message { + mi := &file_credentialsfetcher_credentialsfetcher_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CreateNonDomainJoinedKerberosLeaseResponse.ProtoReflect.Descriptor instead. +func (*CreateNonDomainJoinedKerberosLeaseResponse) Descriptor() ([]byte, []int) { + return file_credentialsfetcher_credentialsfetcher_proto_rawDescGZIP(), []int{3} +} + +func (x *CreateNonDomainJoinedKerberosLeaseResponse) GetLeaseId() string { + if x != nil { + return x.LeaseId + } + return "" +} + +func (x *CreateNonDomainJoinedKerberosLeaseResponse) GetCreatedKerberosFilePaths() []string { + if x != nil { + return x.CreatedKerberosFilePaths + } + return nil +} + +type RenewNonDomainJoinedKerberosLeaseRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` + Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"` + Domain string `protobuf:"bytes,3,opt,name=domain,proto3" json:"domain,omitempty"` +} + +func (x *RenewNonDomainJoinedKerberosLeaseRequest) Reset() { + *x = RenewNonDomainJoinedKerberosLeaseRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_credentialsfetcher_credentialsfetcher_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RenewNonDomainJoinedKerberosLeaseRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RenewNonDomainJoinedKerberosLeaseRequest) ProtoMessage() {} + +func (x *RenewNonDomainJoinedKerberosLeaseRequest) ProtoReflect() protoreflect.Message { + mi := &file_credentialsfetcher_credentialsfetcher_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RenewNonDomainJoinedKerberosLeaseRequest.ProtoReflect.Descriptor instead. +func (*RenewNonDomainJoinedKerberosLeaseRequest) Descriptor() ([]byte, []int) { + return file_credentialsfetcher_credentialsfetcher_proto_rawDescGZIP(), []int{4} +} + +func (x *RenewNonDomainJoinedKerberosLeaseRequest) GetUsername() string { + if x != nil { + return x.Username + } + return "" +} + +func (x *RenewNonDomainJoinedKerberosLeaseRequest) GetPassword() string { + if x != nil { + return x.Password + } + return "" +} + +func (x *RenewNonDomainJoinedKerberosLeaseRequest) GetDomain() string { + if x != nil { + return x.Domain + } + return "" +} + +type RenewNonDomainJoinedKerberosLeaseResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + RenewedKerberosFilePaths []string `protobuf:"bytes,1,rep,name=renewed_kerberos_file_paths,json=renewedKerberosFilePaths,proto3" json:"renewed_kerberos_file_paths,omitempty"` +} + +func (x *RenewNonDomainJoinedKerberosLeaseResponse) Reset() { + *x = RenewNonDomainJoinedKerberosLeaseResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_credentialsfetcher_credentialsfetcher_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RenewNonDomainJoinedKerberosLeaseResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RenewNonDomainJoinedKerberosLeaseResponse) ProtoMessage() {} + +func (x *RenewNonDomainJoinedKerberosLeaseResponse) ProtoReflect() protoreflect.Message { + mi := &file_credentialsfetcher_credentialsfetcher_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RenewNonDomainJoinedKerberosLeaseResponse.ProtoReflect.Descriptor instead. +func (*RenewNonDomainJoinedKerberosLeaseResponse) Descriptor() ([]byte, []int) { + return file_credentialsfetcher_credentialsfetcher_proto_rawDescGZIP(), []int{5} +} + +func (x *RenewNonDomainJoinedKerberosLeaseResponse) GetRenewedKerberosFilePaths() []string { + if x != nil { + return x.RenewedKerberosFilePaths + } + return nil +} + +type DeleteKerberosLeaseRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + LeaseId string `protobuf:"bytes,1,opt,name=lease_id,json=leaseId,proto3" json:"lease_id,omitempty"` +} + +func (x *DeleteKerberosLeaseRequest) Reset() { + *x = DeleteKerberosLeaseRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_credentialsfetcher_credentialsfetcher_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DeleteKerberosLeaseRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteKerberosLeaseRequest) ProtoMessage() {} + +func (x *DeleteKerberosLeaseRequest) ProtoReflect() protoreflect.Message { + mi := &file_credentialsfetcher_credentialsfetcher_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteKerberosLeaseRequest.ProtoReflect.Descriptor instead. +func (*DeleteKerberosLeaseRequest) Descriptor() ([]byte, []int) { + return file_credentialsfetcher_credentialsfetcher_proto_rawDescGZIP(), []int{6} +} + +func (x *DeleteKerberosLeaseRequest) GetLeaseId() string { + if x != nil { + return x.LeaseId + } + return "" +} + +type DeleteKerberosLeaseResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + LeaseId string `protobuf:"bytes,1,opt,name=lease_id,json=leaseId,proto3" json:"lease_id,omitempty"` + DeletedKerberosFilePaths []string `protobuf:"bytes,2,rep,name=deleted_kerberos_file_paths,json=deletedKerberosFilePaths,proto3" json:"deleted_kerberos_file_paths,omitempty"` +} + +func (x *DeleteKerberosLeaseResponse) Reset() { + *x = DeleteKerberosLeaseResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_credentialsfetcher_credentialsfetcher_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DeleteKerberosLeaseResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteKerberosLeaseResponse) ProtoMessage() {} + +func (x *DeleteKerberosLeaseResponse) ProtoReflect() protoreflect.Message { + mi := &file_credentialsfetcher_credentialsfetcher_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteKerberosLeaseResponse.ProtoReflect.Descriptor instead. +func (*DeleteKerberosLeaseResponse) Descriptor() ([]byte, []int) { + return file_credentialsfetcher_credentialsfetcher_proto_rawDescGZIP(), []int{7} +} + +func (x *DeleteKerberosLeaseResponse) GetLeaseId() string { + if x != nil { + return x.LeaseId + } + return "" +} + +func (x *DeleteKerberosLeaseResponse) GetDeletedKerberosFilePaths() []string { + if x != nil { + return x.DeletedKerberosFilePaths + } + return nil +} + +var File_credentialsfetcher_credentialsfetcher_proto protoreflect.FileDescriptor + +var file_credentialsfetcher_credentialsfetcher_proto_rawDesc = []byte{ + 0x0a, 0x2b, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x66, 0x65, 0x74, + 0x63, 0x68, 0x65, 0x72, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, + 0x66, 0x65, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x63, + 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x66, 0x65, 0x74, 0x63, 0x68, 0x65, + 0x72, 0x22, 0x49, 0x0a, 0x1a, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x72, 0x62, 0x65, + 0x72, 0x6f, 0x73, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, + 0x2b, 0x0a, 0x11, 0x63, 0x72, 0x65, 0x64, 0x73, 0x70, 0x65, 0x63, 0x5f, 0x63, 0x6f, 0x6e, 0x74, + 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x63, 0x72, 0x65, 0x64, + 0x73, 0x70, 0x65, 0x63, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x77, 0x0a, 0x1b, + 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x4c, 0x65, + 0x61, 0x73, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x6c, + 0x65, 0x61, 0x73, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, + 0x65, 0x61, 0x73, 0x65, 0x49, 0x64, 0x12, 0x3d, 0x0a, 0x1b, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x64, 0x5f, 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, + 0x70, 0x61, 0x74, 0x68, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x18, 0x63, 0x72, 0x65, + 0x61, 0x74, 0x65, 0x64, 0x4b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x46, 0x69, 0x6c, 0x65, + 0x50, 0x61, 0x74, 0x68, 0x73, 0x22, 0xa8, 0x01, 0x0a, 0x29, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x4e, 0x6f, 0x6e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x4a, 0x6f, 0x69, 0x6e, 0x65, 0x64, 0x4b, + 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x2b, 0x0a, 0x11, 0x63, 0x72, 0x65, 0x64, 0x73, 0x70, 0x65, 0x63, 0x5f, + 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, + 0x63, 0x72, 0x65, 0x64, 0x73, 0x70, 0x65, 0x63, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x73, + 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, + 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, + 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, + 0x69, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, + 0x22, 0x86, 0x01, 0x0a, 0x2a, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e, 0x6f, 0x6e, 0x44, 0x6f, + 0x6d, 0x61, 0x69, 0x6e, 0x4a, 0x6f, 0x69, 0x6e, 0x65, 0x64, 0x4b, 0x65, 0x72, 0x62, 0x65, 0x72, + 0x6f, 0x73, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, + 0x19, 0x0a, 0x08, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x07, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x49, 0x64, 0x12, 0x3d, 0x0a, 0x1b, 0x63, 0x72, + 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x5f, 0x66, + 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x18, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x4b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, + 0x46, 0x69, 0x6c, 0x65, 0x50, 0x61, 0x74, 0x68, 0x73, 0x22, 0x7a, 0x0a, 0x28, 0x52, 0x65, 0x6e, + 0x65, 0x77, 0x4e, 0x6f, 0x6e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x4a, 0x6f, 0x69, 0x6e, 0x65, + 0x64, 0x4b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x75, 0x73, 0x65, 0x72, 0x6e, 0x61, 0x6d, + 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x12, 0x16, 0x0a, + 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, + 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x22, 0x6a, 0x0a, 0x29, 0x52, 0x65, 0x6e, 0x65, 0x77, 0x4e, 0x6f, + 0x6e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x4a, 0x6f, 0x69, 0x6e, 0x65, 0x64, 0x4b, 0x65, 0x72, + 0x62, 0x65, 0x72, 0x6f, 0x73, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x12, 0x3d, 0x0a, 0x1b, 0x72, 0x65, 0x6e, 0x65, 0x77, 0x65, 0x64, 0x5f, 0x6b, 0x65, + 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, + 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x18, 0x72, 0x65, 0x6e, 0x65, 0x77, 0x65, 0x64, + 0x4b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x46, 0x69, 0x6c, 0x65, 0x50, 0x61, 0x74, 0x68, + 0x73, 0x22, 0x37, 0x0a, 0x1a, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4b, 0x65, 0x72, 0x62, 0x65, + 0x72, 0x6f, 0x73, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, + 0x19, 0x0a, 0x08, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x07, 0x6c, 0x65, 0x61, 0x73, 0x65, 0x49, 0x64, 0x22, 0x77, 0x0a, 0x1b, 0x44, 0x65, + 0x6c, 0x65, 0x74, 0x65, 0x4b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x4c, 0x65, 0x61, 0x73, + 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x6c, 0x65, 0x61, + 0x73, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x65, 0x61, + 0x73, 0x65, 0x49, 0x64, 0x12, 0x3d, 0x0a, 0x1b, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x5f, + 0x6b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x70, 0x61, + 0x74, 0x68, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x18, 0x64, 0x65, 0x6c, 0x65, 0x74, + 0x65, 0x64, 0x4b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x46, 0x69, 0x6c, 0x65, 0x50, 0x61, + 0x74, 0x68, 0x73, 0x32, 0xce, 0x04, 0x0a, 0x19, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, + 0x61, 0x6c, 0x73, 0x46, 0x65, 0x74, 0x63, 0x68, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x12, 0x73, 0x0a, 0x10, 0x41, 0x64, 0x64, 0x4b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, + 0x4c, 0x65, 0x61, 0x73, 0x65, 0x12, 0x2e, 0x2e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, + 0x61, 0x6c, 0x73, 0x66, 0x65, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, + 0x65, 0x4b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, + 0x61, 0x6c, 0x73, 0x66, 0x65, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, + 0x65, 0x4b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0xa0, 0x01, 0x0a, 0x1f, 0x41, 0x64, 0x64, 0x4e, 0x6f, + 0x6e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x4a, 0x6f, 0x69, 0x6e, 0x65, 0x64, 0x4b, 0x65, 0x72, + 0x62, 0x65, 0x72, 0x6f, 0x73, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x12, 0x3d, 0x2e, 0x63, 0x72, 0x65, + 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x66, 0x65, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, + 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e, 0x6f, 0x6e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x4a, + 0x6f, 0x69, 0x6e, 0x65, 0x64, 0x4b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x4c, 0x65, 0x61, + 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3e, 0x2e, 0x63, 0x72, 0x65, 0x64, + 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x66, 0x65, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x43, + 0x72, 0x65, 0x61, 0x74, 0x65, 0x4e, 0x6f, 0x6e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x4a, 0x6f, + 0x69, 0x6e, 0x65, 0x64, 0x4b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x4c, 0x65, 0x61, 0x73, + 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0xa0, 0x01, 0x0a, 0x21, 0x52, 0x65, + 0x6e, 0x65, 0x77, 0x4e, 0x6f, 0x6e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x4a, 0x6f, 0x69, 0x6e, + 0x65, 0x64, 0x4b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x12, + 0x3c, 0x2e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x66, 0x65, 0x74, + 0x63, 0x68, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x6e, 0x65, 0x77, 0x4e, 0x6f, 0x6e, 0x44, 0x6f, 0x6d, + 0x61, 0x69, 0x6e, 0x4a, 0x6f, 0x69, 0x6e, 0x65, 0x64, 0x4b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, + 0x73, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3d, 0x2e, + 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x66, 0x65, 0x74, 0x63, 0x68, + 0x65, 0x72, 0x2e, 0x52, 0x65, 0x6e, 0x65, 0x77, 0x4e, 0x6f, 0x6e, 0x44, 0x6f, 0x6d, 0x61, 0x69, + 0x6e, 0x4a, 0x6f, 0x69, 0x6e, 0x65, 0x64, 0x4b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x4c, + 0x65, 0x61, 0x73, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x76, 0x0a, 0x13, + 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4b, 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x4c, 0x65, + 0x61, 0x73, 0x65, 0x12, 0x2e, 0x2e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, + 0x73, 0x66, 0x65, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4b, + 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, + 0x73, 0x66, 0x65, 0x74, 0x63, 0x68, 0x65, 0x72, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x4b, + 0x65, 0x72, 0x62, 0x65, 0x72, 0x6f, 0x73, 0x4c, 0x65, 0x61, 0x73, 0x65, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x1f, 0x5a, 0x1d, 0x67, 0x72, 0x70, 0x63, 0x63, 0x6c, 0x69, 0x65, + 0x6e, 0x74, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x66, 0x65, + 0x74, 0x63, 0x68, 0x65, 0x72, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_credentialsfetcher_credentialsfetcher_proto_rawDescOnce sync.Once + file_credentialsfetcher_credentialsfetcher_proto_rawDescData = file_credentialsfetcher_credentialsfetcher_proto_rawDesc +) + +func file_credentialsfetcher_credentialsfetcher_proto_rawDescGZIP() []byte { + file_credentialsfetcher_credentialsfetcher_proto_rawDescOnce.Do(func() { + file_credentialsfetcher_credentialsfetcher_proto_rawDescData = protoimpl.X.CompressGZIP(file_credentialsfetcher_credentialsfetcher_proto_rawDescData) + }) + return file_credentialsfetcher_credentialsfetcher_proto_rawDescData +} + +var file_credentialsfetcher_credentialsfetcher_proto_msgTypes = make([]protoimpl.MessageInfo, 8) +var file_credentialsfetcher_credentialsfetcher_proto_goTypes = []interface{}{ + (*CreateKerberosLeaseRequest)(nil), // 0: credentialsfetcher.CreateKerberosLeaseRequest + (*CreateKerberosLeaseResponse)(nil), // 1: credentialsfetcher.CreateKerberosLeaseResponse + (*CreateNonDomainJoinedKerberosLeaseRequest)(nil), // 2: credentialsfetcher.CreateNonDomainJoinedKerberosLeaseRequest + (*CreateNonDomainJoinedKerberosLeaseResponse)(nil), // 3: credentialsfetcher.CreateNonDomainJoinedKerberosLeaseResponse + (*RenewNonDomainJoinedKerberosLeaseRequest)(nil), // 4: credentialsfetcher.RenewNonDomainJoinedKerberosLeaseRequest + (*RenewNonDomainJoinedKerberosLeaseResponse)(nil), // 5: credentialsfetcher.RenewNonDomainJoinedKerberosLeaseResponse + (*DeleteKerberosLeaseRequest)(nil), // 6: credentialsfetcher.DeleteKerberosLeaseRequest + (*DeleteKerberosLeaseResponse)(nil), // 7: credentialsfetcher.DeleteKerberosLeaseResponse +} +var file_credentialsfetcher_credentialsfetcher_proto_depIdxs = []int32{ + 0, // 0: credentialsfetcher.CredentialsFetcherService.AddKerberosLease:input_type -> credentialsfetcher.CreateKerberosLeaseRequest + 2, // 1: credentialsfetcher.CredentialsFetcherService.AddNonDomainJoinedKerberosLease:input_type -> credentialsfetcher.CreateNonDomainJoinedKerberosLeaseRequest + 4, // 2: credentialsfetcher.CredentialsFetcherService.RenewNonDomainJoinedKerberosLease:input_type -> credentialsfetcher.RenewNonDomainJoinedKerberosLeaseRequest + 6, // 3: credentialsfetcher.CredentialsFetcherService.DeleteKerberosLease:input_type -> credentialsfetcher.DeleteKerberosLeaseRequest + 1, // 4: credentialsfetcher.CredentialsFetcherService.AddKerberosLease:output_type -> credentialsfetcher.CreateKerberosLeaseResponse + 3, // 5: credentialsfetcher.CredentialsFetcherService.AddNonDomainJoinedKerberosLease:output_type -> credentialsfetcher.CreateNonDomainJoinedKerberosLeaseResponse + 5, // 6: credentialsfetcher.CredentialsFetcherService.RenewNonDomainJoinedKerberosLease:output_type -> credentialsfetcher.RenewNonDomainJoinedKerberosLeaseResponse + 7, // 7: credentialsfetcher.CredentialsFetcherService.DeleteKerberosLease:output_type -> credentialsfetcher.DeleteKerberosLeaseResponse + 4, // [4:8] is the sub-list for method output_type + 0, // [0:4] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_credentialsfetcher_credentialsfetcher_proto_init() } +func file_credentialsfetcher_credentialsfetcher_proto_init() { + if File_credentialsfetcher_credentialsfetcher_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_credentialsfetcher_credentialsfetcher_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CreateKerberosLeaseRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_credentialsfetcher_credentialsfetcher_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CreateKerberosLeaseResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_credentialsfetcher_credentialsfetcher_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CreateNonDomainJoinedKerberosLeaseRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_credentialsfetcher_credentialsfetcher_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CreateNonDomainJoinedKerberosLeaseResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_credentialsfetcher_credentialsfetcher_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RenewNonDomainJoinedKerberosLeaseRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_credentialsfetcher_credentialsfetcher_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RenewNonDomainJoinedKerberosLeaseResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_credentialsfetcher_credentialsfetcher_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DeleteKerberosLeaseRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_credentialsfetcher_credentialsfetcher_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DeleteKerberosLeaseResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_credentialsfetcher_credentialsfetcher_proto_rawDesc, + NumEnums: 0, + NumMessages: 8, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_credentialsfetcher_credentialsfetcher_proto_goTypes, + DependencyIndexes: file_credentialsfetcher_credentialsfetcher_proto_depIdxs, + MessageInfos: file_credentialsfetcher_credentialsfetcher_proto_msgTypes, + }.Build() + File_credentialsfetcher_credentialsfetcher_proto = out.File + file_credentialsfetcher_credentialsfetcher_proto_rawDesc = nil + file_credentialsfetcher_credentialsfetcher_proto_goTypes = nil + file_credentialsfetcher_credentialsfetcher_proto_depIdxs = nil +} diff --git a/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher.proto b/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher.proto new file mode 100644 index 00000000000..5393650b16f --- /dev/null +++ b/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher.proto @@ -0,0 +1,58 @@ +//command to generate gRPC code +//protoc --go_out=. --go_opt=paths=source_relative \ +//--go-grpc_out=. --go-grpc_opt=paths=source_relative credentialsfetcher/credentialsfetcher.proto +// This will generate credentialsfetcher/credentialsfetcher.pb.go and credentialsfetcher/credentialsfetcher_grpc.pb.go files +syntax = "proto3"; + +option go_package = "gmsacredclient/credentialsfetcher"; +package credentialsfetcher; + +service CredentialsFetcherService { + rpc AddKerberosLease (CreateKerberosLeaseRequest) returns (CreateKerberosLeaseResponse); + rpc AddNonDomainJoinedKerberosLease + (CreateNonDomainJoinedKerberosLeaseRequest) + returns (CreateNonDomainJoinedKerberosLeaseResponse); + rpc RenewNonDomainJoinedKerberosLease + (RenewNonDomainJoinedKerberosLeaseRequest) returns (RenewNonDomainJoinedKerberosLeaseResponse); + rpc DeleteKerberosLease (DeleteKerberosLeaseRequest) returns (DeleteKerberosLeaseResponse); +} + +message CreateKerberosLeaseRequest { + repeated string credspec_contents = 1; +} + +message CreateKerberosLeaseResponse { + string lease_id = 1; + repeated string created_kerberos_file_paths = 2; +} + +message CreateNonDomainJoinedKerberosLeaseRequest{ + repeated string credspec_contents = 1; + string username = 2; + string password = 3; + string domain = 4; +} + +message CreateNonDomainJoinedKerberosLeaseResponse{ + string lease_id = 1; + repeated string created_kerberos_file_paths = 2; +} + +message RenewNonDomainJoinedKerberosLeaseRequest{ + string username = 1; + string password = 2; + string domain = 3; +} + +message RenewNonDomainJoinedKerberosLeaseResponse{ + repeated string renewed_kerberos_file_paths = 1; +} + +message DeleteKerberosLeaseRequest { + string lease_id = 1; +} + +message DeleteKerberosLeaseResponse { + string lease_id = 1; + repeated string deleted_kerberos_file_paths = 2; +} \ No newline at end of file diff --git a/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher_grpc.pb.go b/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher_grpc.pb.go new file mode 100644 index 00000000000..071fa0a7edb --- /dev/null +++ b/ecs-agent/gmsacredclient/credentialsfetcher/credentialsfetcher_grpc.pb.go @@ -0,0 +1,215 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.2.0 +// - protoc v3.15.8 +// source: credentialsfetcher/credentialsfetcher.proto + +package credentialsfetcher + +import ( + context "context" + + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +// CredentialsFetcherServiceClient is the client API for CredentialsFetcherService service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type CredentialsFetcherServiceClient interface { + AddKerberosLease(ctx context.Context, in *CreateKerberosLeaseRequest, opts ...grpc.CallOption) (*CreateKerberosLeaseResponse, error) + AddNonDomainJoinedKerberosLease(ctx context.Context, in *CreateNonDomainJoinedKerberosLeaseRequest, opts ...grpc.CallOption) (*CreateNonDomainJoinedKerberosLeaseResponse, error) + RenewNonDomainJoinedKerberosLease(ctx context.Context, in *RenewNonDomainJoinedKerberosLeaseRequest, opts ...grpc.CallOption) (*RenewNonDomainJoinedKerberosLeaseResponse, error) + DeleteKerberosLease(ctx context.Context, in *DeleteKerberosLeaseRequest, opts ...grpc.CallOption) (*DeleteKerberosLeaseResponse, error) +} + +type credentialsFetcherServiceClient struct { + cc grpc.ClientConnInterface +} + +func NewCredentialsFetcherServiceClient(cc grpc.ClientConnInterface) CredentialsFetcherServiceClient { + return &credentialsFetcherServiceClient{cc} +} + +func (c *credentialsFetcherServiceClient) AddKerberosLease(ctx context.Context, in *CreateKerberosLeaseRequest, opts ...grpc.CallOption) (*CreateKerberosLeaseResponse, error) { + out := new(CreateKerberosLeaseResponse) + err := c.cc.Invoke(ctx, "/credentialsfetcher.CredentialsFetcherService/AddKerberosLease", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *credentialsFetcherServiceClient) AddNonDomainJoinedKerberosLease(ctx context.Context, in *CreateNonDomainJoinedKerberosLeaseRequest, opts ...grpc.CallOption) (*CreateNonDomainJoinedKerberosLeaseResponse, error) { + out := new(CreateNonDomainJoinedKerberosLeaseResponse) + err := c.cc.Invoke(ctx, "/credentialsfetcher.CredentialsFetcherService/AddNonDomainJoinedKerberosLease", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *credentialsFetcherServiceClient) RenewNonDomainJoinedKerberosLease(ctx context.Context, in *RenewNonDomainJoinedKerberosLeaseRequest, opts ...grpc.CallOption) (*RenewNonDomainJoinedKerberosLeaseResponse, error) { + out := new(RenewNonDomainJoinedKerberosLeaseResponse) + err := c.cc.Invoke(ctx, "/credentialsfetcher.CredentialsFetcherService/RenewNonDomainJoinedKerberosLease", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *credentialsFetcherServiceClient) DeleteKerberosLease(ctx context.Context, in *DeleteKerberosLeaseRequest, opts ...grpc.CallOption) (*DeleteKerberosLeaseResponse, error) { + out := new(DeleteKerberosLeaseResponse) + err := c.cc.Invoke(ctx, "/credentialsfetcher.CredentialsFetcherService/DeleteKerberosLease", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// CredentialsFetcherServiceServer is the server API for CredentialsFetcherService service. +// All implementations must embed UnimplementedCredentialsFetcherServiceServer +// for forward compatibility +type CredentialsFetcherServiceServer interface { + AddKerberosLease(context.Context, *CreateKerberosLeaseRequest) (*CreateKerberosLeaseResponse, error) + AddNonDomainJoinedKerberosLease(context.Context, *CreateNonDomainJoinedKerberosLeaseRequest) (*CreateNonDomainJoinedKerberosLeaseResponse, error) + RenewNonDomainJoinedKerberosLease(context.Context, *RenewNonDomainJoinedKerberosLeaseRequest) (*RenewNonDomainJoinedKerberosLeaseResponse, error) + DeleteKerberosLease(context.Context, *DeleteKerberosLeaseRequest) (*DeleteKerberosLeaseResponse, error) + mustEmbedUnimplementedCredentialsFetcherServiceServer() +} + +// UnimplementedCredentialsFetcherServiceServer must be embedded to have forward compatible implementations. +type UnimplementedCredentialsFetcherServiceServer struct { +} + +func (UnimplementedCredentialsFetcherServiceServer) AddKerberosLease(context.Context, *CreateKerberosLeaseRequest) (*CreateKerberosLeaseResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method AddKerberosLease not implemented") +} +func (UnimplementedCredentialsFetcherServiceServer) AddNonDomainJoinedKerberosLease(context.Context, *CreateNonDomainJoinedKerberosLeaseRequest) (*CreateNonDomainJoinedKerberosLeaseResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method AddNonDomainJoinedKerberosLease not implemented") +} +func (UnimplementedCredentialsFetcherServiceServer) RenewNonDomainJoinedKerberosLease(context.Context, *RenewNonDomainJoinedKerberosLeaseRequest) (*RenewNonDomainJoinedKerberosLeaseResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method RenewNonDomainJoinedKerberosLease not implemented") +} +func (UnimplementedCredentialsFetcherServiceServer) DeleteKerberosLease(context.Context, *DeleteKerberosLeaseRequest) (*DeleteKerberosLeaseResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method DeleteKerberosLease not implemented") +} +func (UnimplementedCredentialsFetcherServiceServer) mustEmbedUnimplementedCredentialsFetcherServiceServer() { +} + +// UnsafeCredentialsFetcherServiceServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to CredentialsFetcherServiceServer will +// result in compilation errors. +type UnsafeCredentialsFetcherServiceServer interface { + mustEmbedUnimplementedCredentialsFetcherServiceServer() +} + +func RegisterCredentialsFetcherServiceServer(s grpc.ServiceRegistrar, srv CredentialsFetcherServiceServer) { + s.RegisterService(&CredentialsFetcherService_ServiceDesc, srv) +} + +func _CredentialsFetcherService_AddKerberosLease_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CreateKerberosLeaseRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CredentialsFetcherServiceServer).AddKerberosLease(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/credentialsfetcher.CredentialsFetcherService/AddKerberosLease", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CredentialsFetcherServiceServer).AddKerberosLease(ctx, req.(*CreateKerberosLeaseRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CredentialsFetcherService_AddNonDomainJoinedKerberosLease_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CreateNonDomainJoinedKerberosLeaseRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CredentialsFetcherServiceServer).AddNonDomainJoinedKerberosLease(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/credentialsfetcher.CredentialsFetcherService/AddNonDomainJoinedKerberosLease", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CredentialsFetcherServiceServer).AddNonDomainJoinedKerberosLease(ctx, req.(*CreateNonDomainJoinedKerberosLeaseRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CredentialsFetcherService_RenewNonDomainJoinedKerberosLease_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RenewNonDomainJoinedKerberosLeaseRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CredentialsFetcherServiceServer).RenewNonDomainJoinedKerberosLease(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/credentialsfetcher.CredentialsFetcherService/RenewNonDomainJoinedKerberosLease", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CredentialsFetcherServiceServer).RenewNonDomainJoinedKerberosLease(ctx, req.(*RenewNonDomainJoinedKerberosLeaseRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CredentialsFetcherService_DeleteKerberosLease_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteKerberosLeaseRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CredentialsFetcherServiceServer).DeleteKerberosLease(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/credentialsfetcher.CredentialsFetcherService/DeleteKerberosLease", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CredentialsFetcherServiceServer).DeleteKerberosLease(ctx, req.(*DeleteKerberosLeaseRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// CredentialsFetcherService_ServiceDesc is the grpc.ServiceDesc for CredentialsFetcherService service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var CredentialsFetcherService_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "credentialsfetcher.CredentialsFetcherService", + HandlerType: (*CredentialsFetcherServiceServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "AddKerberosLease", + Handler: _CredentialsFetcherService_AddKerberosLease_Handler, + }, + { + MethodName: "AddNonDomainJoinedKerberosLease", + Handler: _CredentialsFetcherService_AddNonDomainJoinedKerberosLease_Handler, + }, + { + MethodName: "RenewNonDomainJoinedKerberosLease", + Handler: _CredentialsFetcherService_RenewNonDomainJoinedKerberosLease_Handler, + }, + { + MethodName: "DeleteKerberosLease", + Handler: _CredentialsFetcherService_DeleteKerberosLease_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "credentialsfetcher/credentialsfetcher.proto", +} diff --git a/ecs-agent/gmsacredclient/credentialsfetcherclient.go b/ecs-agent/gmsacredclient/credentialsfetcherclient.go new file mode 100644 index 00000000000..7ef2f54d155 --- /dev/null +++ b/ecs-agent/gmsacredclient/credentialsfetcherclient.go @@ -0,0 +1,189 @@ +package gmsacredclient + +import ( + "context" + "os" + "time" + + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + + pb "github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient/credentialsfetcher" + "github.com/cihub/seelog" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials/insecure" +) + +type CredentialsFetcherClient struct { + conn *grpc.ClientConn + timeout time.Duration +} + +// GetGrpcClientConnection() returns grpc client connection +func GetGrpcClientConnection() (*grpc.ClientConn, error) { + address, err := getSocketAddress() + if err != nil { + seelog.Errorf("could not find path to credentials fetcher host dir : %v", err) + return nil, err + } + + conn, err := grpc.Dial(address, grpc.WithTransportCredentials(insecure.NewCredentials())) + if err != nil { + seelog.Errorf("could not initialize client connection %v", err) + return nil, err + } + return conn, nil + +} + +// getSocketAddress() returns the credentials-fetcher socket dir +func getSocketAddress() (string, error) { + credentialsfetcherHostDir := os.Getenv("CREDENTIALS_FETCHER_HOST_DIR") + + _, err := os.Stat(credentialsfetcherHostDir) + if err != nil { + return "", err + } + return "unix:" + credentialsfetcherHostDir, nil +} + +func NewCredentialsFetcherClient(conn *grpc.ClientConn, timeout time.Duration) CredentialsFetcherClient { + return CredentialsFetcherClient{ + conn: conn, + timeout: timeout, + } +} + +// Credentials fetcher is a daemon running on the host which supports gMSA on linux +type CredentialsFetcherResponse struct { + //lease id is a unique identifier associated with the kerberos tickets created for a container + LeaseID string + //path to the kerberos tickets created for the service accounts + KerberosTicketPaths []string +} + +// AddKerberosLease() invokes credentials fetcher daemon running on the host +// to create kerberos tickets associated with gMSA accounts +func (c CredentialsFetcherClient) AddKerberosLease(ctx context.Context, credentialspecs []string) (CredentialsFetcherResponse, error) { + if len(credentialspecs) == 0 { + return CredentialsFetcherResponse{}, status.Errorf(codes.InvalidArgument, "credentialspecs should not be empty") + } + + defer c.conn.Close() + client := pb.NewCredentialsFetcherServiceClient(c.conn) + + request := &pb.CreateKerberosLeaseRequest{CredspecContents: credentialspecs} + + ctx, cancel := context.WithDeadline(ctx, time.Now().Add(c.timeout)) + defer cancel() + + response, err := client.AddKerberosLease(ctx, request) + if err != nil { + seelog.Errorf("could not create kerberos tickets: %v", err) + return CredentialsFetcherResponse{}, err + } + seelog.Infof("created kerberos tickets and associated with LeaseID: %s", response.GetLeaseId()) + + credentialsFetcherResponse := CredentialsFetcherResponse{ + LeaseID: response.GetLeaseId(), + KerberosTicketPaths: response.GetCreatedKerberosFilePaths(), + } + + return credentialsFetcherResponse, nil +} + +// AddNonDomainJoinedKerberosLease() invokes credentials fetcher daemon running on the host +// to create kerberos tickets associated with gMSA accounts in domainless mode +func (c CredentialsFetcherClient) AddNonDomainJoinedKerberosLease(ctx context.Context, credentialspecs []string, username string, password string, domain string) (CredentialsFetcherResponse, error) { + if len(credentialspecs) == 0 { + seelog.Error("credentialspecs request should not be empty") + return CredentialsFetcherResponse{}, status.Errorf(codes.InvalidArgument, "credentialspecs should not be empty") + } + + if len(username) == 0 || len(password) == 0 || len(domain) == 0 { + seelog.Error("username, password or domain should not be empty") + return CredentialsFetcherResponse{}, status.Errorf(codes.InvalidArgument, "username, password or domain should not be empty") + } + + defer c.conn.Close() + client := pb.NewCredentialsFetcherServiceClient(c.conn) + + request := &pb.CreateNonDomainJoinedKerberosLeaseRequest{CredspecContents: credentialspecs, Username: username, Password: password, Domain: domain} + + ctx, cancel := context.WithDeadline(ctx, time.Now().Add(c.timeout)) + defer cancel() + + response, err := client.AddNonDomainJoinedKerberosLease(ctx, request) + if err != nil { + seelog.Errorf("could not create kerberos tickets: %v", err) + return CredentialsFetcherResponse{}, err + } + seelog.Infof("created kerberos tickets and associated with LeaseID: %s", response.GetLeaseId()) + + credentialsFetcherResponse := CredentialsFetcherResponse{ + LeaseID: response.GetLeaseId(), + KerberosTicketPaths: response.GetCreatedKerberosFilePaths(), + } + + return credentialsFetcherResponse, nil +} + +// RenewNonDomainJoinedKerberosLease() invokes credentials fetcher daemon running on the host +// to renew kerberos tickets associated with gMSA accounts in domainless mode +func (c CredentialsFetcherClient) RenewNonDomainJoinedKerberosLease(ctx context.Context, username string, password string, domain string) (CredentialsFetcherResponse, error) { + if len(username) == 0 || len(password) == 0 || len(domain) == 0 { + seelog.Error("username, password or domain should not be empty") + return CredentialsFetcherResponse{}, status.Errorf(codes.InvalidArgument, "username, password or domain should not be empty") + } + + defer c.conn.Close() + client := pb.NewCredentialsFetcherServiceClient(c.conn) + + request := &pb.RenewNonDomainJoinedKerberosLeaseRequest{Username: username, Password: password, Domain: domain} + + ctx, cancel := context.WithDeadline(ctx, time.Now().Add(c.timeout)) + defer cancel() + + response, err := client.RenewNonDomainJoinedKerberosLease(ctx, request) + if err != nil { + seelog.Errorf("could not renew kerberos tickets: %v", err) + return CredentialsFetcherResponse{}, err + } + + credentialsFetcherResponse := CredentialsFetcherResponse{ + KerberosTicketPaths: response.GetRenewedKerberosFilePaths(), + } + + return credentialsFetcherResponse, nil +} + +// DeleteKerberosLease() invokes credentials fetcher daemon running on the host +// to delete kerberos tickets of gMSA accounts associated with the leaseid +func (c CredentialsFetcherClient) DeleteKerberosLease(ctx context.Context, leaseid string) (CredentialsFetcherResponse, error) { + if len(leaseid) == 0 { + seelog.Error("invalid leaseid provided") + return CredentialsFetcherResponse{}, status.Errorf(codes.InvalidArgument, "invalid leaseid provided") + } + + defer c.conn.Close() + client := pb.NewCredentialsFetcherServiceClient(c.conn) + + request := &pb.DeleteKerberosLeaseRequest{LeaseId: leaseid} + + ctx, cancel := context.WithDeadline(ctx, time.Now().Add(c.timeout)) + defer cancel() + + response, err := client.DeleteKerberosLease(ctx, request) + if err != nil { + seelog.Errorf("could not delete kerberos tickets: %v", err) + return CredentialsFetcherResponse{}, err + } + seelog.Infof("deleted kerberos associated with LeaseID: %s", response.GetLeaseId()) + + credentialsFetcherResponse := CredentialsFetcherResponse{ + LeaseID: response.GetLeaseId(), + KerberosTicketPaths: response.GetDeletedKerberosFilePaths(), + } + + return credentialsFetcherResponse, nil +} diff --git a/agent/taskresource/grpcclient/credentialsfetcherclient_test.go b/ecs-agent/gmsacredclient/credentialsfetcherclient_test.go similarity index 98% rename from agent/taskresource/grpcclient/credentialsfetcherclient_test.go rename to ecs-agent/gmsacredclient/credentialsfetcherclient_test.go index 58995808805..684a41cde69 100644 --- a/agent/taskresource/grpcclient/credentialsfetcherclient_test.go +++ b/ecs-agent/gmsacredclient/credentialsfetcherclient_test.go @@ -13,7 +13,7 @@ // on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either // express or implied. See the License for the specific language governing // permissions and limitations under the License. -package grpcclient +package gmsacredclient import ( "context" @@ -22,7 +22,7 @@ import ( "testing" "time" - pb "github.com/aws/amazon-ecs-agent/agent/taskresource/grpcclient/credentialsfetcher" + pb "github.com/aws/amazon-ecs-agent/ecs-agent/gmsacredclient/credentialsfetcher" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "google.golang.org/grpc" diff --git a/ecs-agent/go.mod b/ecs-agent/go.mod index aadab772c78..9566850b34f 100644 --- a/ecs-agent/go.mod +++ b/ecs-agent/go.mod @@ -26,6 +26,7 @@ require ( golang.org/x/sys v0.10.0 golang.org/x/tools v0.8.0 google.golang.org/grpc v1.53.0 + google.golang.org/protobuf v1.30.0 k8s.io/api v0.28.1 ) @@ -56,7 +57,6 @@ require ( golang.org/x/text v0.11.0 // indirect golang.org/x/time v0.3.0 // indirect google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f // indirect - google.golang.org/protobuf v1.30.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/agent/vendor/google.golang.org/grpc/test/bufconn/bufconn.go b/ecs-agent/vendor/google.golang.org/grpc/test/bufconn/bufconn.go similarity index 100% rename from agent/vendor/google.golang.org/grpc/test/bufconn/bufconn.go rename to ecs-agent/vendor/google.golang.org/grpc/test/bufconn/bufconn.go diff --git a/ecs-agent/vendor/modules.txt b/ecs-agent/vendor/modules.txt index cbecf50ff6e..5c8c659ab4d 100644 --- a/ecs-agent/vendor/modules.txt +++ b/ecs-agent/vendor/modules.txt @@ -344,6 +344,7 @@ google.golang.org/grpc/serviceconfig google.golang.org/grpc/stats google.golang.org/grpc/status google.golang.org/grpc/tap +google.golang.org/grpc/test/bufconn # google.golang.org/protobuf v1.30.0 ## explicit; go 1.11 google.golang.org/protobuf/encoding/protojson