From 5c806eb5338c52f5fda7ac48f4edf2ad9623c8b0 Mon Sep 17 00:00:00 2001 From: Jakub Nyckowski Date: Wed, 12 Jun 2024 09:07:28 -0400 Subject: [PATCH] Crown Jewel fixes (#42649) * Crown Jewel fixes * Allow passing multiple resource names as crown jewel * Rename requests fields * Add kind validation * GCI --- api/client/crownjewel/crownjewel.go | 6 +- .../teleport/crownjewel/v1/crownjewel.pb.go | 86 ++++---- .../crownjewel/v1/crownjewel_service.pb.go | 187 +++++++++--------- .../teleport/crownjewel/v1/crownjewel.proto | 16 +- .../crownjewel/v1/crownjewel_service.proto | 15 +- lib/auth/crownjewel/crownjewelv1/service.go | 12 +- lib/auth/crownjewel/object.go | 28 ++- lib/auth/crownjewel/object_test.go | 20 +- lib/services/local/crown_jewels_test.go | 12 +- 9 files changed, 211 insertions(+), 171 deletions(-) diff --git a/api/client/crownjewel/crownjewel.go b/api/client/crownjewel/crownjewel.go index 710b5f1a66936..0be067b17a9a5 100644 --- a/api/client/crownjewel/crownjewel.go +++ b/api/client/crownjewel/crownjewel.go @@ -50,7 +50,7 @@ func (c *Client) ListCrownJewels(ctx context.Context, pageSize int64, nextToken // CreateCrownJewel creates a new Crown Jewel. func (c *Client) CreateCrownJewel(ctx context.Context, req *crownjewelv1.CrownJewel) (*crownjewelv1.CrownJewel, error) { rsp, err := c.grpcClient.CreateCrownJewel(ctx, &crownjewelv1.CreateCrownJewelRequest{ - CrownJewels: req, + CrownJewel: req, }) if err != nil { return nil, trace.Wrap(err) @@ -72,7 +72,7 @@ func (c *Client) GetCrownJewel(ctx context.Context, name string) (*crownjewelv1. // UpdateCrownJewel updates an existing Crown Jewel. func (c *Client) UpdateCrownJewel(ctx context.Context, req *crownjewelv1.CrownJewel) (*crownjewelv1.CrownJewel, error) { rsp, err := c.grpcClient.UpdateCrownJewel(ctx, &crownjewelv1.UpdateCrownJewelRequest{ - CrownJewels: req, + CrownJewel: req, }) if err != nil { return nil, trace.Wrap(err) @@ -83,7 +83,7 @@ func (c *Client) UpdateCrownJewel(ctx context.Context, req *crownjewelv1.CrownJe // UpsertCrownJewel upserts a Crown Jewel. func (c *Client) UpsertCrownJewel(ctx context.Context, req *crownjewelv1.CrownJewel) (*crownjewelv1.CrownJewel, error) { rsp, err := c.grpcClient.UpsertCrownJewel(ctx, &crownjewelv1.UpsertCrownJewelRequest{ - CrownJewels: req, + CrownJewel: req, }) if err != nil { return nil, trace.Wrap(err) diff --git a/api/gen/proto/go/teleport/crownjewel/v1/crownjewel.pb.go b/api/gen/proto/go/teleport/crownjewel/v1/crownjewel.pb.go index efe8580dbecc1..7625d9b6ac943 100644 --- a/api/gen/proto/go/teleport/crownjewel/v1/crownjewel.pb.go +++ b/api/gen/proto/go/teleport/crownjewel/v1/crownjewel.pb.go @@ -189,14 +189,14 @@ type TeleportMatcher struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // Name is the name of the resource. When the name is provided, it will match - // the resource with the same name. - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Kind is the kind of the resource: ssh, k8s, db, etc // Multiple kinds can be provided to match multiple kinds. Kinds []string `protobuf:"bytes,2,rep,name=kinds,proto3" json:"kinds,omitempty"` // Labels is a set of labels. Labels []*v11.Label `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty"` + // Names are the name of resources. When the name is provided, it will match + // resources with the same name. + Names []string `protobuf:"bytes,4,rep,name=names,proto3" json:"names,omitempty"` } func (x *TeleportMatcher) Reset() { @@ -231,13 +231,6 @@ func (*TeleportMatcher) Descriptor() ([]byte, []int) { return file_teleport_crownjewel_v1_crownjewel_proto_rawDescGZIP(), []int{2} } -func (x *TeleportMatcher) GetName() string { - if x != nil { - return x.Name - } - return "" -} - func (x *TeleportMatcher) GetKinds() []string { if x != nil { return x.Kinds @@ -252,6 +245,13 @@ func (x *TeleportMatcher) GetLabels() []*v11.Label { return nil } +func (x *TeleportMatcher) GetNames() []string { + if x != nil { + return x.Names + } + return nil +} + // AWSMatcher represents a matcher for AWS resources. // Those matchers are used only by Access Graph. Teleport related matchers are // defined in the TeleportMatcher. @@ -267,8 +267,8 @@ type AWSMatcher struct { // Tags are AWS resource Tags to match. // labels is a set of labels. Tags []*AWSTag `protobuf:"bytes,3,rep,name=tags,proto3" json:"tags,omitempty"` - // ARN is the AWS resource ARN to match. - Arn string `protobuf:"bytes,4,opt,name=arn,proto3" json:"arn,omitempty"` + // ARNs are AWS resources ARN to match. + Arns []string `protobuf:"bytes,5,rep,name=arns,proto3" json:"arns,omitempty"` } func (x *AWSMatcher) Reset() { @@ -324,11 +324,11 @@ func (x *AWSMatcher) GetTags() []*AWSTag { return nil } -func (x *AWSMatcher) GetArn() string { +func (x *AWSMatcher) GetArns() []string { if x != nil { - return x.Arn + return x.Arns } - return "" + return nil } // AWSTag is a tag that is attached to an AWS resource. @@ -426,33 +426,35 @@ var file_teleport_crownjewel_v1_crownjewel_proto_rawDesc = []byte{ 0x32, 0x22, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x57, 0x53, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x52, 0x0b, 0x61, 0x77, 0x73, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, - 0x73, 0x22, 0x6d, 0x0a, 0x0f, 0x54, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x4d, 0x61, 0x74, - 0x63, 0x68, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x6b, 0x69, 0x6e, 0x64, - 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6b, 0x69, 0x6e, 0x64, 0x73, 0x12, 0x30, - 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, - 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x2e, - 0x76, 0x31, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, - 0x22, 0x82, 0x01, 0x0a, 0x0a, 0x41, 0x57, 0x53, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x12, - 0x14, 0x0a, 0x05, 0x74, 0x79, 0x70, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, - 0x74, 0x79, 0x70, 0x65, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x73, - 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x73, 0x12, - 0x32, 0x0a, 0x04, 0x74, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, - 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, - 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x57, 0x53, 0x54, 0x61, 0x67, 0x52, 0x04, 0x74, - 0x61, 0x67, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x61, 0x72, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x61, 0x72, 0x6e, 0x22, 0x50, 0x0a, 0x06, 0x41, 0x57, 0x53, 0x54, 0x61, 0x67, 0x12, - 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, - 0x79, 0x12, 0x34, 0x0a, 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, - 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x42, 0x58, 0x5a, 0x56, 0x67, 0x69, 0x74, 0x68, 0x75, - 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x61, 0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x61, 0x70, 0x69, - 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x2f, 0x74, 0x65, - 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, - 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x76, - 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x73, 0x22, 0x7b, 0x0a, 0x0f, 0x54, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x4d, 0x61, 0x74, + 0x63, 0x68, 0x65, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x6b, 0x69, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, + 0x03, 0x28, 0x09, 0x52, 0x05, 0x6b, 0x69, 0x6e, 0x64, 0x73, 0x12, 0x30, 0x0a, 0x06, 0x6c, 0x61, + 0x62, 0x65, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x74, 0x65, 0x6c, + 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4c, + 0x61, 0x62, 0x65, 0x6c, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x14, 0x0a, 0x05, + 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x61, 0x6d, + 0x65, 0x73, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x8f, + 0x01, 0x0a, 0x0a, 0x41, 0x57, 0x53, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x12, 0x14, 0x0a, + 0x05, 0x74, 0x79, 0x70, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, 0x74, 0x79, + 0x70, 0x65, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x32, 0x0a, + 0x04, 0x74, 0x61, 0x67, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x74, 0x65, + 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, + 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x57, 0x53, 0x54, 0x61, 0x67, 0x52, 0x04, 0x74, 0x61, 0x67, + 0x73, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x72, 0x6e, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x04, 0x61, 0x72, 0x6e, 0x73, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x52, 0x03, 0x61, 0x72, 0x6e, + 0x22, 0x50, 0x0a, 0x06, 0x41, 0x57, 0x53, 0x54, 0x61, 0x67, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, + 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x34, 0x0a, 0x06, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, + 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x06, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x73, 0x42, 0x58, 0x5a, 0x56, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x2f, 0x74, + 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x2f, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, + 0x74, 0x2f, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2f, 0x76, 0x31, 0x3b, + 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/api/gen/proto/go/teleport/crownjewel/v1/crownjewel_service.pb.go b/api/gen/proto/go/teleport/crownjewel/v1/crownjewel_service.pb.go index 2f155505fa513..97a4d9eefddd0 100644 --- a/api/gen/proto/go/teleport/crownjewel/v1/crownjewel_service.pb.go +++ b/api/gen/proto/go/teleport/crownjewel/v1/crownjewel_service.pb.go @@ -41,7 +41,7 @@ type CreateCrownJewelRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - CrownJewels *CrownJewel `protobuf:"bytes,1,opt,name=crown_jewels,json=crownJewels,proto3" json:"crown_jewels,omitempty"` + CrownJewel *CrownJewel `protobuf:"bytes,2,opt,name=crown_jewel,json=crownJewel,proto3" json:"crown_jewel,omitempty"` } func (x *CreateCrownJewelRequest) Reset() { @@ -76,9 +76,9 @@ func (*CreateCrownJewelRequest) Descriptor() ([]byte, []int) { return file_teleport_crownjewel_v1_crownjewel_service_proto_rawDescGZIP(), []int{0} } -func (x *CreateCrownJewelRequest) GetCrownJewels() *CrownJewel { +func (x *CreateCrownJewelRequest) GetCrownJewel() *CrownJewel { if x != nil { - return x.CrownJewels + return x.CrownJewel } return nil } @@ -255,7 +255,7 @@ type UpdateCrownJewelRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - CrownJewels *CrownJewel `protobuf:"bytes,1,opt,name=crown_jewels,json=crownJewels,proto3" json:"crown_jewels,omitempty"` + CrownJewel *CrownJewel `protobuf:"bytes,2,opt,name=crown_jewel,json=crownJewel,proto3" json:"crown_jewel,omitempty"` } func (x *UpdateCrownJewelRequest) Reset() { @@ -290,9 +290,9 @@ func (*UpdateCrownJewelRequest) Descriptor() ([]byte, []int) { return file_teleport_crownjewel_v1_crownjewel_service_proto_rawDescGZIP(), []int{4} } -func (x *UpdateCrownJewelRequest) GetCrownJewels() *CrownJewel { +func (x *UpdateCrownJewelRequest) GetCrownJewel() *CrownJewel { if x != nil { - return x.CrownJewels + return x.CrownJewel } return nil } @@ -303,7 +303,7 @@ type UpsertCrownJewelRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - CrownJewels *CrownJewel `protobuf:"bytes,1,opt,name=crown_jewels,json=crownJewels,proto3" json:"crown_jewels,omitempty"` + CrownJewel *CrownJewel `protobuf:"bytes,2,opt,name=crown_jewel,json=crownJewel,proto3" json:"crown_jewel,omitempty"` } func (x *UpsertCrownJewelRequest) Reset() { @@ -338,9 +338,9 @@ func (*UpsertCrownJewelRequest) Descriptor() ([]byte, []int) { return file_teleport_crownjewel_v1_crownjewel_service_proto_rawDescGZIP(), []int{5} } -func (x *UpsertCrownJewelRequest) GetCrownJewels() *CrownJewel { +func (x *UpsertCrownJewelRequest) GetCrownJewel() *CrownJewel { if x != nil { - return x.CrownJewels + return x.CrownJewel } return nil } @@ -406,91 +406,94 @@ var file_teleport_crownjewel_v1_crownjewel_service_proto_rawDesc = []byte{ 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x27, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2f, 0x76, 0x31, 0x2f, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0x60, 0x0a, 0x17, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, - 0x77, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x45, 0x0a, 0x0c, 0x63, 0x72, - 0x6f, 0x77, 0x6e, 0x5f, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x72, 0x0a, 0x17, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, + 0x77, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x43, 0x0a, 0x0b, 0x63, 0x72, + 0x6f, 0x77, 0x6e, 0x5f, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x22, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, + 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, + 0x77, 0x65, 0x6c, 0x52, 0x0a, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x4a, + 0x04, 0x08, 0x01, 0x10, 0x02, 0x52, 0x0c, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x5f, 0x6a, 0x65, 0x77, + 0x65, 0x6c, 0x73, 0x22, 0x2a, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, + 0x65, 0x77, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, + 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, + 0x54, 0x0a, 0x16, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, + 0x6c, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x67, + 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x70, 0x61, + 0x67, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, + 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65, + 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x88, 0x01, 0x0a, 0x17, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, + 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x12, 0x45, 0x0a, 0x0c, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x5f, 0x6a, 0x65, 0x77, 0x65, 0x6c, + 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, + 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, + 0x2e, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x52, 0x0b, 0x63, 0x72, 0x6f, + 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, + 0x5f, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0d, 0x6e, 0x65, 0x78, 0x74, 0x50, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, + 0x22, 0x72, 0x0a, 0x17, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, + 0x65, 0x77, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x43, 0x0a, 0x0b, 0x63, + 0x72, 0x6f, 0x77, 0x6e, 0x5f, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, - 0x65, 0x77, 0x65, 0x6c, 0x52, 0x0b, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, - 0x73, 0x22, 0x2a, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, - 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x54, 0x0a, - 0x16, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x73, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x61, 0x67, 0x65, 0x5f, - 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x70, 0x61, 0x67, 0x65, - 0x53, 0x69, 0x7a, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, - 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x67, 0x65, 0x54, 0x6f, - 0x6b, 0x65, 0x6e, 0x22, 0x88, 0x01, 0x0a, 0x17, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x6f, 0x77, - 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, - 0x45, 0x0a, 0x0c, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x5f, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x73, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, + 0x65, 0x77, 0x65, 0x6c, 0x52, 0x0a, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, + 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x52, 0x0c, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x5f, 0x6a, 0x65, + 0x77, 0x65, 0x6c, 0x73, 0x22, 0x72, 0x0a, 0x17, 0x55, 0x70, 0x73, 0x65, 0x72, 0x74, 0x43, 0x72, + 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, + 0x43, 0x0a, 0x0b, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x5f, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, + 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, + 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x52, 0x0a, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x4a, + 0x65, 0x77, 0x65, 0x6c, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x52, 0x0c, 0x63, 0x72, 0x6f, 0x77, + 0x6e, 0x5f, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x73, 0x22, 0x2d, 0x0a, 0x17, 0x44, 0x65, 0x6c, 0x65, + 0x74, 0x65, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x32, 0x82, 0x05, 0x0a, 0x11, 0x43, 0x72, 0x6f, 0x77, + 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x67, 0x0a, + 0x10, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, + 0x6c, 0x12, 0x2f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, + 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, + 0x65, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, + 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x6f, 0x77, + 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x12, 0x61, 0x0a, 0x0d, 0x47, 0x65, 0x74, 0x43, 0x72, 0x6f, + 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x12, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, + 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, + 0x2e, 0x47, 0x65, 0x74, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, - 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x52, 0x0b, 0x63, 0x72, 0x6f, 0x77, 0x6e, - 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x6e, 0x65, 0x78, 0x74, 0x5f, 0x70, - 0x61, 0x67, 0x65, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0d, 0x6e, 0x65, 0x78, 0x74, 0x50, 0x61, 0x67, 0x65, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x60, - 0x0a, 0x17, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, - 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x45, 0x0a, 0x0c, 0x63, 0x72, 0x6f, - 0x77, 0x6e, 0x5f, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x22, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, - 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, - 0x77, 0x65, 0x6c, 0x52, 0x0b, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x73, - 0x22, 0x60, 0x0a, 0x17, 0x55, 0x70, 0x73, 0x65, 0x72, 0x74, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, - 0x65, 0x77, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x45, 0x0a, 0x0c, 0x63, - 0x72, 0x6f, 0x77, 0x6e, 0x5f, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x22, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, - 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x6f, 0x77, 0x6e, - 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x52, 0x0b, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, - 0x6c, 0x73, 0x22, 0x2d, 0x0a, 0x17, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x43, 0x72, 0x6f, 0x77, - 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x32, 0x82, 0x05, 0x0a, 0x11, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x67, 0x0a, 0x10, 0x43, 0x72, 0x65, 0x61, 0x74, - 0x65, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x12, 0x2f, 0x2e, 0x74, 0x65, - 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, - 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x43, 0x72, 0x6f, 0x77, 0x6e, - 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x74, + 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x12, 0x72, 0x0a, 0x0f, 0x4c, 0x69, 0x73, + 0x74, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x73, 0x12, 0x2e, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, - 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, - 0x12, 0x61, 0x0a, 0x0d, 0x47, 0x65, 0x74, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, - 0x6c, 0x12, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, - 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x72, - 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x22, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, - 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, - 0x77, 0x65, 0x6c, 0x12, 0x72, 0x0a, 0x0f, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x6f, 0x77, 0x6e, - 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x73, 0x12, 0x2e, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, - 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, - 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x73, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, - 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, - 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x73, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x67, 0x0a, 0x10, 0x55, 0x70, 0x64, 0x61, 0x74, - 0x65, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x12, 0x2f, 0x2e, 0x74, 0x65, - 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, - 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x72, 0x6f, 0x77, 0x6e, - 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x74, + 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, + 0x65, 0x77, 0x65, 0x6c, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, - 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, - 0x12, 0x67, 0x0a, 0x10, 0x55, 0x70, 0x73, 0x65, 0x72, 0x74, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, - 0x65, 0x77, 0x65, 0x6c, 0x12, 0x2f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, - 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, - 0x73, 0x65, 0x72, 0x74, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, - 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, - 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x12, 0x5b, 0x0a, 0x10, 0x44, 0x65, 0x6c, - 0x65, 0x74, 0x65, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x12, 0x2f, 0x2e, - 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, - 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x43, 0x72, 0x6f, - 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x42, 0x58, 0x5a, 0x56, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x61, 0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x61, 0x70, 0x69, 0x2f, - 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x2f, 0x74, 0x65, 0x6c, - 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, - 0x2f, 0x76, 0x31, 0x3b, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x76, 0x31, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, + 0x65, 0x77, 0x65, 0x6c, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x67, 0x0a, + 0x10, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, + 0x6c, 0x12, 0x2f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, + 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, + 0x65, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, + 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x6f, 0x77, + 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x12, 0x67, 0x0a, 0x10, 0x55, 0x70, 0x73, 0x65, 0x72, 0x74, + 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x12, 0x2f, 0x2e, 0x74, 0x65, 0x6c, + 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, + 0x2e, 0x76, 0x31, 0x2e, 0x55, 0x70, 0x73, 0x65, 0x72, 0x74, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, + 0x65, 0x77, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x74, 0x65, + 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, + 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x12, + 0x5b, 0x0a, 0x10, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, + 0x77, 0x65, 0x6c, 0x12, 0x2f, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x63, + 0x72, 0x6f, 0x77, 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, + 0x65, 0x74, 0x65, 0x43, 0x72, 0x6f, 0x77, 0x6e, 0x4a, 0x65, 0x77, 0x65, 0x6c, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x42, 0x58, 0x5a, 0x56, + 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x76, 0x69, + 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, + 0x74, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, + 0x67, 0x6f, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x63, 0x72, 0x6f, 0x77, + 0x6e, 0x6a, 0x65, 0x77, 0x65, 0x6c, 0x2f, 0x76, 0x31, 0x3b, 0x63, 0x72, 0x6f, 0x77, 0x6e, 0x6a, + 0x65, 0x77, 0x65, 0x6c, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -518,10 +521,10 @@ var file_teleport_crownjewel_v1_crownjewel_service_proto_goTypes = []any{ (*emptypb.Empty)(nil), // 8: google.protobuf.Empty } var file_teleport_crownjewel_v1_crownjewel_service_proto_depIdxs = []int32{ - 7, // 0: teleport.crownjewel.v1.CreateCrownJewelRequest.crown_jewels:type_name -> teleport.crownjewel.v1.CrownJewel + 7, // 0: teleport.crownjewel.v1.CreateCrownJewelRequest.crown_jewel:type_name -> teleport.crownjewel.v1.CrownJewel 7, // 1: teleport.crownjewel.v1.ListCrownJewelsResponse.crown_jewels:type_name -> teleport.crownjewel.v1.CrownJewel - 7, // 2: teleport.crownjewel.v1.UpdateCrownJewelRequest.crown_jewels:type_name -> teleport.crownjewel.v1.CrownJewel - 7, // 3: teleport.crownjewel.v1.UpsertCrownJewelRequest.crown_jewels:type_name -> teleport.crownjewel.v1.CrownJewel + 7, // 2: teleport.crownjewel.v1.UpdateCrownJewelRequest.crown_jewel:type_name -> teleport.crownjewel.v1.CrownJewel + 7, // 3: teleport.crownjewel.v1.UpsertCrownJewelRequest.crown_jewel:type_name -> teleport.crownjewel.v1.CrownJewel 0, // 4: teleport.crownjewel.v1.CrownJewelService.CreateCrownJewel:input_type -> teleport.crownjewel.v1.CreateCrownJewelRequest 1, // 5: teleport.crownjewel.v1.CrownJewelService.GetCrownJewel:input_type -> teleport.crownjewel.v1.GetCrownJewelRequest 2, // 6: teleport.crownjewel.v1.CrownJewelService.ListCrownJewels:input_type -> teleport.crownjewel.v1.ListCrownJewelsRequest diff --git a/api/proto/teleport/crownjewel/v1/crownjewel.proto b/api/proto/teleport/crownjewel/v1/crownjewel.proto index 48cb07e8e286d..170a7da8d8ea6 100644 --- a/api/proto/teleport/crownjewel/v1/crownjewel.proto +++ b/api/proto/teleport/crownjewel/v1/crownjewel.proto @@ -49,14 +49,16 @@ message CrownJewelSpec { // TeleportMatcher represents a matcher for Teleport resources. message TeleportMatcher { - // Name is the name of the resource. When the name is provided, it will match - // the resource with the same name. - string name = 1; + reserved 1; + reserved "name"; // Kind is the kind of the resource: ssh, k8s, db, etc // Multiple kinds can be provided to match multiple kinds. repeated string kinds = 2; // Labels is a set of labels. repeated teleport.label.v1.Label labels = 3; + // Names are the name of resources. When the name is provided, it will match + // resources with the same name. + repeated string names = 4; } // AWSMatcher represents a matcher for AWS resources. @@ -70,8 +72,12 @@ message AWSMatcher { // Tags are AWS resource Tags to match. // labels is a set of labels. repeated AWSTag tags = 3; - // ARN is the AWS resource ARN to match. - string arn = 4; + + reserved 4; + reserved "arn"; + + // ARNs are AWS resources ARN to match. + repeated string arns = 5; } // AWSTag is a tag that is attached to an AWS resource. diff --git a/api/proto/teleport/crownjewel/v1/crownjewel_service.proto b/api/proto/teleport/crownjewel/v1/crownjewel_service.proto index 9593437089556..3ca25630d0743 100644 --- a/api/proto/teleport/crownjewel/v1/crownjewel_service.proto +++ b/api/proto/teleport/crownjewel/v1/crownjewel_service.proto @@ -39,7 +39,10 @@ service CrownJewelService { // CrownJewelRequest is a request to create a new CrownJewel. message CreateCrownJewelRequest { - teleport.crownjewel.v1.CrownJewel crown_jewels = 1; + reserved 1; + reserved "crown_jewels"; + + teleport.crownjewel.v1.CrownJewel crown_jewel = 2; } // GetCrownJewelRequest is a request to get a CrownJewel by name. @@ -68,12 +71,18 @@ message ListCrownJewelsResponse { // UpdateCrownJewelRequest is a request to update an existing CrownJewel. message UpdateCrownJewelRequest { - teleport.crownjewel.v1.CrownJewel crown_jewels = 1; + reserved 1; + reserved "crown_jewels"; + + teleport.crownjewel.v1.CrownJewel crown_jewel = 2; } // UpsertCrownJewelRequest is a request to upsert a CrownJewel. message UpsertCrownJewelRequest { - teleport.crownjewel.v1.CrownJewel crown_jewels = 1; + reserved 1; + reserved "crown_jewels"; + + teleport.crownjewel.v1.CrownJewel crown_jewel = 2; } // DeleteCrownJewelRequest is a request to delete a CrownJewel. diff --git a/lib/auth/crownjewel/crownjewelv1/service.go b/lib/auth/crownjewel/crownjewelv1/service.go index 3b251c9b16b0d..e4b8bc051f0de 100644 --- a/lib/auth/crownjewel/crownjewelv1/service.go +++ b/lib/auth/crownjewel/crownjewelv1/service.go @@ -102,11 +102,11 @@ func (s *Service) CreateCrownJewel(ctx context.Context, req *crownjewelv1.Create return nil, trace.Wrap(err) } - if err := crownjewel.ValidateCrownJewel(req.CrownJewels); err != nil { + if err := crownjewel.ValidateCrownJewel(req.CrownJewel); err != nil { return nil, trace.Wrap(err) } - rsp, err := s.backend.CreateCrownJewel(ctx, req.CrownJewels) + rsp, err := s.backend.CreateCrownJewel(ctx, req.CrownJewel) if err != nil { return nil, trace.Wrap(err) } @@ -171,11 +171,11 @@ func (s *Service) UpdateCrownJewel(ctx context.Context, req *crownjewelv1.Update return nil, trace.Wrap(err) } - if err := crownjewel.ValidateCrownJewel(req.CrownJewels); err != nil { + if err := crownjewel.ValidateCrownJewel(req.CrownJewel); err != nil { return nil, trace.Wrap(err) } - rsp, err := s.backend.UpdateCrownJewel(ctx, req.CrownJewels) + rsp, err := s.backend.UpdateCrownJewel(ctx, req.CrownJewel) if err != nil { return nil, trace.Wrap(err) } @@ -198,11 +198,11 @@ func (s *Service) UpsertCrownJewel(ctx context.Context, req *crownjewelv1.Upsert return nil, trace.Wrap(err) } - if err := crownjewel.ValidateCrownJewel(req.CrownJewels); err != nil { + if err := crownjewel.ValidateCrownJewel(req.CrownJewel); err != nil { return nil, trace.Wrap(err) } - rsp, err := s.backend.UpsertCrownJewel(ctx, req.CrownJewels) + rsp, err := s.backend.UpsertCrownJewel(ctx, req.CrownJewel) if err != nil { return nil, trace.Wrap(err) } diff --git a/lib/auth/crownjewel/object.go b/lib/auth/crownjewel/object.go index b4075b26f8405..8dd3d99506678 100644 --- a/lib/auth/crownjewel/object.go +++ b/lib/auth/crownjewel/object.go @@ -23,12 +23,15 @@ import ( crownjewelv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/crownjewel/v1" headerv1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/header/v1" + "github.com/gravitational/teleport/api/types" ) // NewCrownJewel creates a new CrownJewel object. // It validates the object before returning it. func NewCrownJewel(name string, spec *crownjewelv1.CrownJewelSpec) (*crownjewelv1.CrownJewel, error) { cj := &crownjewelv1.CrownJewel{ + Kind: types.KindCrownJewel, + Version: types.V1, Metadata: &headerv1.Metadata{ Name: name, }, @@ -67,8 +70,12 @@ func ValidateCrownJewel(jewel *crownjewelv1.CrownJewel) error { return trace.BadParameter("teleport matcher kinds must be set") } - if matcher.Name == "" && len(matcher.GetLabels()) == 0 { - return trace.BadParameter("teleport matcher name or labels must be set") + if err := validateTeleportKinds(matcher.GetKinds()); err != nil { + return trace.Wrap(err) + } + + if len(matcher.Names) == 0 && len(matcher.GetLabels()) == 0 { + return trace.BadParameter("teleport matcher names or labels must be set") } for _, label := range matcher.GetLabels() { @@ -85,8 +92,8 @@ func ValidateCrownJewel(jewel *crownjewelv1.CrownJewel) error { return trace.BadParameter("aws matcher type must be set") } - if matcher.GetArn() == "" && len(matcher.GetTags()) == 0 { - return trace.BadParameter("aws matcher arn or tags must be set") + if len(matcher.GetArns()) == 0 && len(matcher.GetTags()) == 0 { + return trace.BadParameter("aws matcher arns or tags must be set") } for _, label := range matcher.GetTags() { @@ -99,3 +106,16 @@ func ValidateCrownJewel(jewel *crownjewelv1.CrownJewel) error { return nil } + +func validateTeleportKinds(kinds []string) error { + for _, kind := range kinds { + switch kind { + case types.KindUser, types.KindNode, types.KindKubeServer, types.KindApp, types.KindWindowsDesktop, types.KindDatabase: + continue + default: + return trace.BadParameter("teleport matcher kind %q is not supported", kind) + } + } + + return nil +} diff --git a/lib/auth/crownjewel/object_test.go b/lib/auth/crownjewel/object_test.go index b985b078f4d17..748b0890b5cec 100644 --- a/lib/auth/crownjewel/object_test.go +++ b/lib/auth/crownjewel/object_test.go @@ -52,8 +52,8 @@ func TestValidateCrownJewel(t *testing.T) { Spec: &crownjewelv1.CrownJewelSpec{ TeleportMatchers: []*crownjewelv1.TeleportMatcher{ { - Kinds: []string{"kind1"}, - Name: "name1", + Kinds: []string{"db"}, + Names: []string{"name1"}, Labels: []*labelv1.Label{ { Name: "label1", @@ -65,7 +65,7 @@ func TestValidateCrownJewel(t *testing.T) { AwsMatchers: []*crownjewelv1.AWSMatcher{ { Types: []string{"type1"}, - Arn: "arn1", + Arns: []string{"arn1"}, Tags: []*crownjewelv1.AWSTag{ { Key: "key1", @@ -95,7 +95,7 @@ func TestValidateCrownJewel(t *testing.T) { TeleportMatchers: []*crownjewelv1.TeleportMatcher{ { Kinds: []string{"kind1"}, - Name: "name1", + Names: []string{"name1"}, Labels: []*labelv1.Label{ { Name: "label1", @@ -118,7 +118,7 @@ func TestValidateCrownJewel(t *testing.T) { TeleportMatchers: []*crownjewelv1.TeleportMatcher{ { Kinds: []string{"kind1"}, - Name: "name1", + Names: []string{"name1"}, Labels: []*labelv1.Label{ { Name: "label1", @@ -130,7 +130,7 @@ func TestValidateCrownJewel(t *testing.T) { AwsMatchers: []*crownjewelv1.AWSMatcher{ { Types: []string{"type1"}, - Arn: "arn1", + Arns: []string{"arn1"}, Tags: []*crownjewelv1.AWSTag{ { Key: "key1", @@ -153,7 +153,7 @@ func TestValidateCrownJewel(t *testing.T) { TeleportMatchers: []*crownjewelv1.TeleportMatcher{ { Kinds: []string{}, - Name: "name1", + Names: []string{"name1"}, Labels: []*labelv1.Label{ { Name: "label1", @@ -165,7 +165,7 @@ func TestValidateCrownJewel(t *testing.T) { AwsMatchers: []*crownjewelv1.AWSMatcher{ { Types: []string{"type1"}, - Arn: "arn1", + Arns: []string{"arn1"}, Tags: []*crownjewelv1.AWSTag{ { Key: "key1", @@ -188,7 +188,7 @@ func TestValidateCrownJewel(t *testing.T) { TeleportMatchers: []*crownjewelv1.TeleportMatcher{ { Kinds: []string{"type2"}, - Name: "name1", + Names: []string{"name1"}, Labels: []*labelv1.Label{ { Name: "label1", @@ -200,7 +200,7 @@ func TestValidateCrownJewel(t *testing.T) { AwsMatchers: []*crownjewelv1.AWSMatcher{ { Types: []string{}, - Arn: "arn1", + Arns: []string{"arn1"}, Tags: []*crownjewelv1.AWSTag{ { Key: "key1", diff --git a/lib/services/local/crown_jewels_test.go b/lib/services/local/crown_jewels_test.go index 9bb942dd8b98f..d1f8c80ec8ddd 100644 --- a/lib/services/local/crown_jewels_test.go +++ b/lib/services/local/crown_jewels_test.go @@ -48,8 +48,8 @@ func TestCreateCrownJewel(t *testing.T) { obj, err := crownjewel.NewCrownJewel("obj", &crownjewelv1.CrownJewelSpec{ TeleportMatchers: []*crownjewelv1.TeleportMatcher{ { - Kinds: []string{"ssh"}, - Name: "test", + Kinds: []string{"node"}, + Names: []string{"test"}, }, }, }) @@ -74,8 +74,8 @@ func TestUpsertCrownJewel(t *testing.T) { obj, err := crownjewel.NewCrownJewel("obj", &crownjewelv1.CrownJewelSpec{ TeleportMatchers: []*crownjewelv1.TeleportMatcher{ { - Kinds: []string{"ssh"}, - Name: "test", + Kinds: []string{"node"}, + Names: []string{"test"}, }, }, }) @@ -287,8 +287,8 @@ func getObject(t *testing.T, index int) *crownjewelv1.CrownJewel { obj, err := crownjewel.NewCrownJewel(name, &crownjewelv1.CrownJewelSpec{ TeleportMatchers: []*crownjewelv1.TeleportMatcher{ { - Kinds: []string{"ssh"}, - Name: "test", + Kinds: []string{"node"}, + Names: []string{"test"}, }, }, })