github.com/google/osv-scalibr@v0.4.1/binary/proto/secret.go (about) 1 // Copyright 2025 Google LLC 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package proto 16 17 import ( 18 "errors" 19 "fmt" 20 "time" 21 22 "github.com/google/osv-scalibr/extractor/filesystem/secrets/mariadb" 23 velesmysqlmylogin "github.com/google/osv-scalibr/extractor/filesystem/secrets/mysqlmylogin" 24 velesonepasswordconnecttoken "github.com/google/osv-scalibr/extractor/filesystem/secrets/onepasswordconnecttoken" 25 velespgpass "github.com/google/osv-scalibr/extractor/filesystem/secrets/pgpass" 26 "github.com/google/osv-scalibr/inventory" 27 "github.com/google/osv-scalibr/veles" 28 velesanthropicapikey "github.com/google/osv-scalibr/veles/secrets/anthropicapikey" 29 "github.com/google/osv-scalibr/veles/secrets/awsaccesskey" 30 velesazurestorageaccountaccesskey "github.com/google/osv-scalibr/veles/secrets/azurestorageaccountaccesskey" 31 velesazuretoken "github.com/google/osv-scalibr/veles/secrets/azuretoken" 32 "github.com/google/osv-scalibr/veles/secrets/cratesioapitoken" 33 velesdigitalocean "github.com/google/osv-scalibr/veles/secrets/digitaloceanapikey" 34 "github.com/google/osv-scalibr/veles/secrets/dockerhubpat" 35 velesgcpapikey "github.com/google/osv-scalibr/veles/secrets/gcpapikey" 36 "github.com/google/osv-scalibr/veles/secrets/gcpoauth2access" 37 "github.com/google/osv-scalibr/veles/secrets/gcpoauth2client" 38 velesgcpsak "github.com/google/osv-scalibr/veles/secrets/gcpsak" 39 "github.com/google/osv-scalibr/veles/secrets/gcshmackey" 40 "github.com/google/osv-scalibr/veles/secrets/gitbasicauth/codecatalyst" 41 velesgithub "github.com/google/osv-scalibr/veles/secrets/github" 42 "github.com/google/osv-scalibr/veles/secrets/gitlabpat" 43 velesgrokxaiapikey "github.com/google/osv-scalibr/veles/secrets/grokxaiapikey" 44 veleshashicorpvault "github.com/google/osv-scalibr/veles/secrets/hashicorpvault" 45 veleshashicorpcloudplatform "github.com/google/osv-scalibr/veles/secrets/hcp" 46 "github.com/google/osv-scalibr/veles/secrets/huggingfaceapikey" 47 "github.com/google/osv-scalibr/veles/secrets/jwt" 48 velesonepasswordkeys "github.com/google/osv-scalibr/veles/secrets/onepasswordkeys" 49 velesopenai "github.com/google/osv-scalibr/veles/secrets/openai" 50 velesperplexity "github.com/google/osv-scalibr/veles/secrets/perplexityapikey" 51 velespostmanapikey "github.com/google/osv-scalibr/veles/secrets/postmanapikey" 52 velesprivatekey "github.com/google/osv-scalibr/veles/secrets/privatekey" 53 pypiapitoken "github.com/google/osv-scalibr/veles/secrets/pypiapitoken" 54 pyxkeyv1 "github.com/google/osv-scalibr/veles/secrets/pyxkeyv1" 55 pyxkeyv2 "github.com/google/osv-scalibr/veles/secrets/pyxkeyv2" 56 "github.com/google/osv-scalibr/veles/secrets/recaptchakey" 57 velesslacktoken "github.com/google/osv-scalibr/veles/secrets/slacktoken" 58 velesstripeapikeys "github.com/google/osv-scalibr/veles/secrets/stripeapikeys" 59 "github.com/google/osv-scalibr/veles/secrets/tinkkeyset" 60 "github.com/google/osv-scalibr/veles/secrets/vapid" 61 62 spb "github.com/google/osv-scalibr/binary/proto/scan_result_go_proto" 63 "google.golang.org/protobuf/types/known/timestamppb" 64 ) 65 66 var ( 67 // --- Errors 68 69 // ErrMultipleSecretLocations will be returned if multiple secret locations are set. 70 ErrMultipleSecretLocations = errors.New("multiple secret locations are not supported") 71 72 // ErrUnsupportedValidationType will be returned if the validation type is not supported. 73 ErrUnsupportedValidationType = errors.New("validation type is not supported") 74 75 // ErrUnsupportedSecretType will be returned if the secret type is not supported. 76 ErrUnsupportedSecretType = errors.New("unsupported secret type") 77 78 structToProtoValidation = map[veles.ValidationStatus]spb.SecretStatus_SecretStatusEnum{ 79 veles.ValidationUnspecified: spb.SecretStatus_UNSPECIFIED, 80 veles.ValidationUnsupported: spb.SecretStatus_UNSUPPORTED, 81 veles.ValidationFailed: spb.SecretStatus_FAILED, 82 veles.ValidationInvalid: spb.SecretStatus_INVALID, 83 veles.ValidationValid: spb.SecretStatus_VALID, 84 } 85 86 protoToStructValidation = func() map[spb.SecretStatus_SecretStatusEnum]veles.ValidationStatus { 87 m := make(map[spb.SecretStatus_SecretStatusEnum]veles.ValidationStatus) 88 for k, v := range structToProtoValidation { 89 m[v] = k 90 } 91 if len(m) != len(structToProtoValidation) { 92 panic("protoToStructValidation does not contain all values from structToProtoValidation") 93 } 94 return m 95 }() 96 ) 97 98 // --- Struct to Proto 99 100 // SecretToProto converts a struct Secret to its proto representation. 101 func SecretToProto(s *inventory.Secret) (*spb.Secret, error) { 102 if s == nil { 103 return nil, nil 104 } 105 106 sec, err := velesSecretToProto(s.Secret) 107 if err != nil { 108 return nil, err 109 } 110 res, err := validationResultToProto(s.Validation) 111 if err != nil { 112 return nil, err 113 } 114 return &spb.Secret{ 115 Secret: sec, 116 Status: res, 117 Locations: secretLocationToProto(s.Location), 118 }, nil 119 } 120 121 func velesSecretToProto(s veles.Secret) (*spb.SecretData, error) { 122 switch t := s.(type) { 123 case velesprivatekey.PrivateKey: 124 return privatekeyToProto(t), nil 125 case velesgcpsak.GCPSAK: 126 return gcpsakToProto(t), nil 127 case velesmysqlmylogin.Section: 128 return mysqlMyloginSectionToProto(t), nil 129 case dockerhubpat.DockerHubPAT: 130 return dockerHubPATToProto(t), nil 131 case velesdigitalocean.DigitaloceanAPIToken: 132 return digitaloceanAPIKeyToProto(t), nil 133 case pypiapitoken.PyPIAPIToken: 134 return pypiAPITokenToProto(t), nil 135 case cratesioapitoken.CratesIOAPItoken: 136 return cratesioAPITokenToProto(t), nil 137 case velesslacktoken.SlackAppConfigAccessToken: 138 return slackAppConfigAccessTokenToProto(t), nil 139 case velesslacktoken.SlackAppConfigRefreshToken: 140 return slackAppConfigRefreshTokenToProto(t), nil 141 case velesslacktoken.SlackAppLevelToken: 142 return slackAppLevelTokenToProto(t), nil 143 case velesanthropicapikey.WorkspaceAPIKey: 144 return anthropicWorkspaceAPIKeyToProto(t.Key), nil 145 case velesanthropicapikey.ModelAPIKey: 146 return anthropicModelAPIKeyToProto(t.Key), nil 147 case velesperplexity.PerplexityAPIKey: 148 return perplexityAPIKeyToProto(t), nil 149 case velesgrokxaiapikey.GrokXAIAPIKey: 150 return grokXAIAPIKeyToProto(t), nil 151 case velesgrokxaiapikey.GrokXAIManagementKey: 152 return grokXAIManagementKeyToProto(t), nil 153 case velesgithub.AppRefreshToken: 154 return githubAppRefreshTokenToProto(t.Token), nil 155 case velesgithub.AppServerToServerToken: 156 return githubAppServerToServerTokenToProto(t.Token), nil 157 case velesgithub.FineGrainedPersonalAccessToken: 158 return githubFineGrainedPersonalAccessTokenToProto(t.Token), nil 159 case velesgithub.ClassicPersonalAccessToken: 160 return githubClassicPersonalAccessTokenToProto(t.Token), nil 161 case velesgithub.AppUserToServerToken: 162 return githubAppUserToServerTokenToProto(t.Token), nil 163 case velesgithub.OAuthToken: 164 return githubOAuthTokenToProto(t.Token), nil 165 case gitlabpat.GitlabPAT: 166 return gitalbPatKeyToProto(t), nil 167 case velesazuretoken.AzureAccessToken: 168 return azureAccessTokenToProto(t), nil 169 case velesazuretoken.AzureIdentityToken: 170 return azureIdentityTokenToProto(t), nil 171 case tinkkeyset.TinkKeySet: 172 return tinkKeysetToProto(t), nil 173 case velesopenai.APIKey: 174 return openaiAPIKeyToProto(t.Key), nil 175 case velespostmanapikey.PostmanAPIKey: 176 return postmanAPIKeyToProto(t), nil 177 case velespostmanapikey.PostmanCollectionToken: 178 return postmanCollectionTokenToProto(t), nil 179 case velesazurestorageaccountaccesskey.AzureStorageAccountAccessKey: 180 return azureStorageAccountAccessKeyToProto(t), nil 181 case veleshashicorpvault.Token: 182 return hashicorpVaultTokenToProto(t), nil 183 case veleshashicorpvault.AppRoleCredentials: 184 return hashicorpVaultAppRoleCredentialsToProto(t), nil 185 case velesgcpapikey.GCPAPIKey: 186 return gcpAPIKeyToProto(t.Key), nil 187 case velespgpass.Pgpass: 188 return pgpassToProto(t), nil 189 case huggingfaceapikey.HuggingfaceAPIKey: 190 return huggingfaceAPIKeyToProto(t), nil 191 case velesstripeapikeys.StripeSecretKey: 192 return stripeSecretKeyToProto(t), nil 193 case velesstripeapikeys.StripeRestrictedKey: 194 return stripeRestrictedKeyToProto(t), nil 195 case velesstripeapikeys.StripeWebhookSecret: 196 return stripeWebhookSecretToProto(t), nil 197 case gcpoauth2client.Credentials: 198 return gcpOAuth2ClientCredentialsToProto(t), nil 199 case gcpoauth2access.Token: 200 return gcpOAuth2AccessTokenToProto(t), nil 201 case gcshmackey.HMACKey: 202 return gcsHmacKeyToProto(t), nil 203 case velesonepasswordconnecttoken.OnePasswordConnectToken: 204 return onePasswordConnectTokenToProto(t), nil 205 case velesonepasswordkeys.OnePasswordSecretKey: 206 return onepasswordSecretKeyToProto(t), nil 207 case velesonepasswordkeys.OnePasswordServiceToken: 208 return onepasswordServiceTokenToProto(t), nil 209 case velesonepasswordkeys.OnePasswordRecoveryCode: 210 return onepasswordRecoveryCodeToProto(t), nil 211 case veleshashicorpcloudplatform.ClientCredentials: 212 return hashicorpCloudPlatformCredentialsToProto(t), nil 213 case veleshashicorpcloudplatform.AccessToken: 214 return hashicorpCloudPlatformTokenToProto(t), nil 215 case mariadb.Credentials: 216 return mariadbCredentialsToProto(t), nil 217 case awsaccesskey.Credentials: 218 return awsAccessKeyCredentialToProto(t), nil 219 case vapid.Key: 220 return vapidKeyToProto(t), nil 221 case recaptchakey.Key: 222 return reCaptchaKeyToProto(t), nil 223 case jwt.Token: 224 return jwtTokenToProto(t), nil 225 case pyxkeyv1.PyxKeyV1: 226 return pyxKeyV1ToProto(t), nil 227 case pyxkeyv2.PyxKeyV2: 228 return pyxKeyV2ToProto(t), nil 229 case codecatalyst.Credentials: 230 return codeCatalystCredentialsToProto(t), nil 231 default: 232 return nil, fmt.Errorf("%w: %T", ErrUnsupportedSecretType, s) 233 } 234 } 235 236 func codeCatalystCredentialsToProto(s codecatalyst.Credentials) *spb.SecretData { 237 return &spb.SecretData{ 238 Secret: &spb.SecretData_CodeCatalystCredentials_{ 239 CodeCatalystCredentials: &spb.SecretData_CodeCatalystCredentials{ 240 Url: s.FullURL, 241 }, 242 }, 243 } 244 } 245 246 func awsAccessKeyCredentialToProto(s awsaccesskey.Credentials) *spb.SecretData { 247 return &spb.SecretData{ 248 Secret: &spb.SecretData_AwsAccessKeyCredentials_{ 249 AwsAccessKeyCredentials: &spb.SecretData_AwsAccessKeyCredentials{ 250 AccessId: s.AccessID, 251 Secret: s.Secret, 252 }, 253 }, 254 } 255 } 256 257 func jwtTokenToProto(s jwt.Token) *spb.SecretData { 258 return &spb.SecretData{ 259 Secret: &spb.SecretData_JwtToken{ 260 JwtToken: &spb.SecretData_JWTToken{ 261 Token: s.Value, 262 }, 263 }, 264 } 265 } 266 267 func reCaptchaKeyToProto(s recaptchakey.Key) *spb.SecretData { 268 return &spb.SecretData{ 269 Secret: &spb.SecretData_ReCaptchaKey_{ 270 ReCaptchaKey: &spb.SecretData_ReCaptchaKey{ 271 Secret: s.Secret, 272 }, 273 }, 274 } 275 } 276 277 func dockerHubPATToProto(s dockerhubpat.DockerHubPAT) *spb.SecretData { 278 return &spb.SecretData{ 279 Secret: &spb.SecretData_DockerHubPat_{ 280 DockerHubPat: &spb.SecretData_DockerHubPat{ 281 Pat: s.Pat, 282 Username: s.Username, 283 }, 284 }, 285 } 286 } 287 288 func digitaloceanAPIKeyToProto(s velesdigitalocean.DigitaloceanAPIToken) *spb.SecretData { 289 return &spb.SecretData{ 290 Secret: &spb.SecretData_Digitalocean{ 291 Digitalocean: &spb.SecretData_DigitalOceanAPIToken{ 292 Key: s.Key, 293 }, 294 }, 295 } 296 } 297 298 func pypiAPITokenToProto(s pypiapitoken.PyPIAPIToken) *spb.SecretData { 299 return &spb.SecretData{ 300 Secret: &spb.SecretData_Pypi{ 301 Pypi: &spb.SecretData_PyPIAPIToken{ 302 Token: s.Token, 303 }, 304 }, 305 } 306 } 307 308 func slackAppLevelTokenToProto(s velesslacktoken.SlackAppLevelToken) *spb.SecretData { 309 return &spb.SecretData{ 310 Secret: &spb.SecretData_SlackAppLevelToken_{ 311 SlackAppLevelToken: &spb.SecretData_SlackAppLevelToken{ 312 Token: s.Token, 313 }, 314 }, 315 } 316 } 317 318 func slackAppConfigAccessTokenToProto(s velesslacktoken.SlackAppConfigAccessToken) *spb.SecretData { 319 return &spb.SecretData{ 320 Secret: &spb.SecretData_SlackAppConfigAccessToken_{ 321 SlackAppConfigAccessToken: &spb.SecretData_SlackAppConfigAccessToken{ 322 Token: s.Token, 323 }, 324 }, 325 } 326 } 327 328 func slackAppConfigRefreshTokenToProto(s velesslacktoken.SlackAppConfigRefreshToken) *spb.SecretData { 329 return &spb.SecretData{ 330 Secret: &spb.SecretData_SlackAppConfigRefreshToken_{ 331 SlackAppConfigRefreshToken: &spb.SecretData_SlackAppConfigRefreshToken{ 332 Token: s.Token, 333 }, 334 }, 335 } 336 } 337 338 func cratesioAPITokenToProto(s cratesioapitoken.CratesIOAPItoken) *spb.SecretData { 339 return &spb.SecretData{ 340 Secret: &spb.SecretData_CratesIoApiToken{ 341 CratesIoApiToken: &spb.SecretData_CratesIOAPIToken{ 342 Token: s.Token, 343 }, 344 }, 345 } 346 } 347 348 func gcpsakToProto(sak velesgcpsak.GCPSAK) *spb.SecretData { 349 sakPB := &spb.SecretData_GCPSAK{ 350 PrivateKeyId: sak.PrivateKeyID, 351 ClientEmail: sak.ServiceAccount, 352 Signature: sak.Signature, 353 } 354 if sak.Extra != nil { 355 sakPB.Type = sak.Extra.Type 356 sakPB.ProjectId = sak.Extra.ProjectID 357 sakPB.ClientId = sak.Extra.ClientID 358 sakPB.AuthUri = sak.Extra.AuthURI 359 sakPB.TokenUri = sak.Extra.TokenURI 360 sakPB.AuthProviderX509CertUrl = sak.Extra.AuthProviderX509CertURL 361 sakPB.ClientX509CertUrl = sak.Extra.ClientX509CertURL 362 sakPB.UniverseDomain = sak.Extra.UniverseDomain 363 sakPB.PrivateKey = sak.Extra.PrivateKey 364 } 365 return &spb.SecretData{ 366 Secret: &spb.SecretData_Gcpsak{ 367 Gcpsak: sakPB, 368 }, 369 } 370 } 371 372 func gcsHmacKeyToProto(t gcshmackey.HMACKey) *spb.SecretData { 373 return &spb.SecretData{ 374 Secret: &spb.SecretData_GcsHmacKey{ 375 GcsHmacKey: &spb.SecretData_GCSHmacKey{ 376 AccessId: t.AccessID, 377 Secret: t.Secret, 378 }, 379 }, 380 } 381 } 382 383 func mysqlMyloginSectionToProto(e velesmysqlmylogin.Section) *spb.SecretData { 384 ePB := &spb.SecretData_MysqlMyloginSection{ 385 SectionName: e.SectionName, 386 User: e.User, 387 Password: e.Password, 388 Host: e.Host, 389 Port: e.Port, 390 Socket: e.Socket, 391 } 392 393 return &spb.SecretData{ 394 Secret: &spb.SecretData_MysqlMyloginSection_{ 395 MysqlMyloginSection: ePB, 396 }, 397 } 398 } 399 400 func gcpAPIKeyToProto(key string) *spb.SecretData { 401 return &spb.SecretData{ 402 Secret: &spb.SecretData_GcpApiKey{ 403 GcpApiKey: &spb.SecretData_GCPAPIKey{ 404 Key: key, 405 }, 406 }, 407 } 408 } 409 410 func anthropicWorkspaceAPIKeyToProto(key string) *spb.SecretData { 411 return &spb.SecretData{ 412 Secret: &spb.SecretData_AnthropicWorkspaceApiKey{ 413 AnthropicWorkspaceApiKey: &spb.SecretData_AnthropicWorkspaceAPIKey{ 414 Key: key, 415 }, 416 }, 417 } 418 } 419 420 func anthropicModelAPIKeyToProto(key string) *spb.SecretData { 421 return &spb.SecretData{ 422 Secret: &spb.SecretData_AnthropicModelApiKey{ 423 AnthropicModelApiKey: &spb.SecretData_AnthropicModelAPIKey{ 424 Key: key, 425 }, 426 }, 427 } 428 } 429 430 func onePasswordConnectTokenToProto(s velesonepasswordconnecttoken.OnePasswordConnectToken) *spb.SecretData { 431 return &spb.SecretData{ 432 Secret: &spb.SecretData_OnepasswordConnectToken{ 433 OnepasswordConnectToken: &spb.SecretData_OnePasswordConnectToken{ 434 DeviceUuid: s.DeviceUUID, 435 Version: s.Version, 436 EncryptedData: s.EncryptedData, 437 EncryptionKeyId: s.EncryptionKeyID, 438 Iv: s.IV, 439 UniqueKeyId: s.UniqueKeyID, 440 VerifierSalt: s.VerifierSalt, 441 VerifierLocalHash: s.VerifierLocalHash, 442 }, 443 }, 444 } 445 } 446 447 func perplexityAPIKeyToProto(s velesperplexity.PerplexityAPIKey) *spb.SecretData { 448 return &spb.SecretData{ 449 Secret: &spb.SecretData_Perplexity{ 450 Perplexity: &spb.SecretData_PerplexityAPIKey{ 451 Key: s.Key, 452 }, 453 }, 454 } 455 } 456 457 func grokXAIAPIKeyToProto(s velesgrokxaiapikey.GrokXAIAPIKey) *spb.SecretData { 458 return &spb.SecretData{ 459 Secret: &spb.SecretData_GrokXaiApiKey{ 460 GrokXaiApiKey: &spb.SecretData_GrokXAIAPIKey{ 461 Key: s.Key, 462 }, 463 }, 464 } 465 } 466 467 func azureStorageAccountAccessKeyToProto(s velesazurestorageaccountaccesskey.AzureStorageAccountAccessKey) *spb.SecretData { 468 return &spb.SecretData{ 469 Secret: &spb.SecretData_AzureStorageAccountAccessKey_{ 470 AzureStorageAccountAccessKey: &spb.SecretData_AzureStorageAccountAccessKey{ 471 Key: s.Key, 472 }, 473 }, 474 } 475 } 476 477 func grokXAIManagementKeyToProto(s velesgrokxaiapikey.GrokXAIManagementKey) *spb.SecretData { 478 return &spb.SecretData{ 479 Secret: &spb.SecretData_GrokXaiManagementApiKey{ 480 GrokXaiManagementApiKey: &spb.SecretData_GrokXAIManagementAPIKey{ 481 Key: s.Key, 482 }, 483 }, 484 } 485 } 486 func gitalbPatKeyToProto(s gitlabpat.GitlabPAT) *spb.SecretData { 487 return &spb.SecretData{ 488 Secret: &spb.SecretData_GitlabPat_{ 489 GitlabPat: &spb.SecretData_GitlabPat{ 490 Pat: s.Pat, 491 }, 492 }, 493 } 494 } 495 496 func postmanAPIKeyToProto(s velespostmanapikey.PostmanAPIKey) *spb.SecretData { 497 return &spb.SecretData{ 498 Secret: &spb.SecretData_PostmanApiKey{ 499 PostmanApiKey: &spb.SecretData_PostmanAPIKey{ 500 Key: s.Key, 501 }, 502 }, 503 } 504 } 505 506 func postmanCollectionTokenToProto(s velespostmanapikey.PostmanCollectionToken) *spb.SecretData { 507 return &spb.SecretData{ 508 Secret: &spb.SecretData_PostmanCollectionAccessToken_{ // wrapper type has trailing underscore 509 PostmanCollectionAccessToken: &spb.SecretData_PostmanCollectionAccessToken{ 510 Key: s.Key, 511 }, 512 }, 513 } 514 } 515 516 func privatekeyToProto(pk velesprivatekey.PrivateKey) *spb.SecretData { 517 return &spb.SecretData{ 518 Secret: &spb.SecretData_PrivateKey_{ 519 PrivateKey: &spb.SecretData_PrivateKey{ 520 Block: pk.Block, 521 Der: pk.Der, 522 }, 523 }, 524 } 525 } 526 527 func pgpassToProto(e velespgpass.Pgpass) *spb.SecretData { 528 ePB := &spb.SecretData_Pgpass{ 529 Hostname: e.Hostname, 530 Port: e.Port, 531 Database: e.Database, 532 Username: e.Username, 533 Password: e.Password, 534 } 535 536 return &spb.SecretData{ 537 Secret: &spb.SecretData_Pgpass_{ 538 Pgpass: ePB, 539 }, 540 } 541 } 542 543 func githubAppRefreshTokenToProto(token string) *spb.SecretData { 544 return &spb.SecretData{ 545 Secret: &spb.SecretData_GithubAppRefreshToken_{ 546 GithubAppRefreshToken: &spb.SecretData_GithubAppRefreshToken{ 547 Token: token, 548 }, 549 }, 550 } 551 } 552 553 func githubAppServerToServerTokenToProto(token string) *spb.SecretData { 554 return &spb.SecretData{ 555 Secret: &spb.SecretData_GithubAppServerToServerToken_{ 556 GithubAppServerToServerToken: &spb.SecretData_GithubAppServerToServerToken{ 557 Token: token, 558 }, 559 }, 560 } 561 } 562 563 func githubAppUserToServerTokenToProto(token string) *spb.SecretData { 564 return &spb.SecretData{ 565 Secret: &spb.SecretData_GithubAppUserToServerToken_{ 566 GithubAppUserToServerToken: &spb.SecretData_GithubAppUserToServerToken{ 567 Token: token, 568 }, 569 }, 570 } 571 } 572 573 func githubFineGrainedPersonalAccessTokenToProto(token string) *spb.SecretData { 574 return &spb.SecretData{ 575 Secret: &spb.SecretData_GithubFineGrainedPersonalAccessToken_{ 576 GithubFineGrainedPersonalAccessToken: &spb.SecretData_GithubFineGrainedPersonalAccessToken{ 577 Token: token, 578 }, 579 }, 580 } 581 } 582 583 func githubClassicPersonalAccessTokenToProto(token string) *spb.SecretData { 584 return &spb.SecretData{ 585 Secret: &spb.SecretData_GithubClassicPersonalAccessToken_{ 586 GithubClassicPersonalAccessToken: &spb.SecretData_GithubClassicPersonalAccessToken{ 587 Token: token, 588 }, 589 }, 590 } 591 } 592 593 func githubOAuthTokenToProto(token string) *spb.SecretData { 594 return &spb.SecretData{ 595 Secret: &spb.SecretData_GithubOauthToken{ 596 GithubOauthToken: &spb.SecretData_GithubOAuthToken{ 597 Token: token, 598 }, 599 }, 600 } 601 } 602 603 func azureAccessTokenToProto(pk velesazuretoken.AzureAccessToken) *spb.SecretData { 604 return &spb.SecretData{ 605 Secret: &spb.SecretData_AzureAccessToken_{ 606 AzureAccessToken: &spb.SecretData_AzureAccessToken{ 607 Token: pk.Token, 608 }, 609 }, 610 } 611 } 612 613 func azureIdentityTokenToProto(pk velesazuretoken.AzureIdentityToken) *spb.SecretData { 614 return &spb.SecretData{ 615 Secret: &spb.SecretData_AzureIdentityToken_{ 616 AzureIdentityToken: &spb.SecretData_AzureIdentityToken{ 617 Token: pk.Token, 618 }, 619 }, 620 } 621 } 622 623 func tinkKeysetToProto(t tinkkeyset.TinkKeySet) *spb.SecretData { 624 return &spb.SecretData{ 625 Secret: &spb.SecretData_TinkKeyset_{ 626 TinkKeyset: &spb.SecretData_TinkKeyset{ 627 Content: t.Content, 628 }, 629 }, 630 } 631 } 632 633 func openaiAPIKeyToProto(key string) *spb.SecretData { 634 return &spb.SecretData{ 635 Secret: &spb.SecretData_OpenaiApiKey{ 636 OpenaiApiKey: &spb.SecretData_OpenAIAPIKey{ 637 Key: key, 638 }, 639 }, 640 } 641 } 642 643 func hashicorpVaultTokenToProto(s veleshashicorpvault.Token) *spb.SecretData { 644 return &spb.SecretData{ 645 Secret: &spb.SecretData_HashicorpVaultToken{ 646 HashicorpVaultToken: &spb.SecretData_HashiCorpVaultToken{ 647 Token: s.Token, 648 }, 649 }, 650 } 651 } 652 653 func hashicorpVaultAppRoleCredentialsToProto(s veleshashicorpvault.AppRoleCredentials) *spb.SecretData { 654 return &spb.SecretData{ 655 Secret: &spb.SecretData_HashicorpVaultAppRoleCredentials{ 656 HashicorpVaultAppRoleCredentials: &spb.SecretData_HashiCorpVaultAppRoleCredentials{ 657 RoleId: s.RoleID, 658 SecretId: s.SecretID, 659 Id: s.ID, 660 }, 661 }, 662 } 663 } 664 665 func huggingfaceAPIKeyToProto(s huggingfaceapikey.HuggingfaceAPIKey) *spb.SecretData { 666 return &spb.SecretData{ 667 Secret: &spb.SecretData_Hugginface{ 668 Hugginface: &spb.SecretData_HuggingfaceAPIKey{ 669 Key: s.Key, 670 Role: s.Role, 671 FineGrainedScope: s.FineGrainedScope, 672 }, 673 }, 674 } 675 } 676 677 func stripeSecretKeyToProto(s velesstripeapikeys.StripeSecretKey) *spb.SecretData { 678 return &spb.SecretData{ 679 Secret: &spb.SecretData_StripeSecretKey_{ 680 StripeSecretKey: &spb.SecretData_StripeSecretKey{ 681 Key: s.Key, 682 }, 683 }, 684 } 685 } 686 687 func stripeRestrictedKeyToProto(s velesstripeapikeys.StripeRestrictedKey) *spb.SecretData { 688 return &spb.SecretData{ 689 Secret: &spb.SecretData_StripeRestrictedKey_{ 690 StripeRestrictedKey: &spb.SecretData_StripeRestrictedKey{ 691 Key: s.Key, 692 }, 693 }, 694 } 695 } 696 697 func stripeWebhookSecretToProto(s velesstripeapikeys.StripeWebhookSecret) *spb.SecretData { 698 return &spb.SecretData{ 699 Secret: &spb.SecretData_StripeWebhookSecret_{ 700 StripeWebhookSecret: &spb.SecretData_StripeWebhookSecret{ 701 Key: s.Key, 702 }, 703 }, 704 } 705 } 706 707 func gcpOAuth2ClientCredentialsToProto(s gcpoauth2client.Credentials) *spb.SecretData { 708 return &spb.SecretData{ 709 Secret: &spb.SecretData_GcpOauth2ClientCredentials{ 710 GcpOauth2ClientCredentials: &spb.SecretData_GCPOAuth2ClientCredentials{ 711 Id: s.ID, 712 Secret: s.Secret, 713 }, 714 }, 715 } 716 } 717 718 func gcpOAuth2AccessTokenToProto(s gcpoauth2access.Token) *spb.SecretData { 719 return &spb.SecretData{ 720 Secret: &spb.SecretData_GcpOauth2AccessToken{ 721 GcpOauth2AccessToken: &spb.SecretData_GCPOAuth2AccessToken{ 722 Token: s.Token, 723 }, 724 }, 725 } 726 } 727 728 func onepasswordSecretKeyToProto(s velesonepasswordkeys.OnePasswordSecretKey) *spb.SecretData { 729 return &spb.SecretData{ 730 Secret: &spb.SecretData_OnepasswordSecretKey{ 731 OnepasswordSecretKey: &spb.SecretData_OnePasswordSecretKey{ 732 Key: s.Key, 733 }, 734 }, 735 } 736 } 737 738 func onepasswordServiceTokenToProto(s velesonepasswordkeys.OnePasswordServiceToken) *spb.SecretData { 739 return &spb.SecretData{ 740 Secret: &spb.SecretData_OnepasswordServiceToken{ 741 OnepasswordServiceToken: &spb.SecretData_OnePasswordServiceToken{ 742 Key: s.Key, 743 }, 744 }, 745 } 746 } 747 748 func onepasswordRecoveryCodeToProto(s velesonepasswordkeys.OnePasswordRecoveryCode) *spb.SecretData { 749 return &spb.SecretData{ 750 Secret: &spb.SecretData_OnepasswordRecoveryCode{ 751 OnepasswordRecoveryCode: &spb.SecretData_OnePasswordRecoveryCode{ 752 Key: s.Key, 753 }, 754 }, 755 } 756 } 757 758 func pyxKeyV1ToProto(s pyxkeyv1.PyxKeyV1) *spb.SecretData { 759 return &spb.SecretData{ 760 Secret: &spb.SecretData_PyxKeyV1_{ 761 PyxKeyV1: &spb.SecretData_PyxKeyV1{ 762 Key: s.Key, 763 }, 764 }, 765 } 766 } 767 768 func pyxKeyV2ToProto(s pyxkeyv2.PyxKeyV2) *spb.SecretData { 769 return &spb.SecretData{ 770 Secret: &spb.SecretData_PyxKeyV2_{ 771 PyxKeyV2: &spb.SecretData_PyxKeyV2{ 772 Key: s.Key, 773 }, 774 }, 775 } 776 } 777 778 func validationResultToProto(r inventory.SecretValidationResult) (*spb.SecretStatus, error) { 779 status, err := validationStatusToProto(r.Status) 780 if err != nil { 781 return nil, err 782 } 783 784 var lastUpdate *timestamppb.Timestamp 785 if !r.At.IsZero() { 786 lastUpdate = timestamppb.New(r.At) 787 } 788 789 // Prefer nil over empty proto. 790 if lastUpdate == nil && status == spb.SecretStatus_UNSPECIFIED { 791 return nil, nil 792 } 793 794 return &spb.SecretStatus{ 795 Status: status, 796 LastUpdated: lastUpdate, 797 }, nil 798 } 799 800 func validationStatusToProto(s veles.ValidationStatus) (spb.SecretStatus_SecretStatusEnum, error) { 801 v, ok := structToProtoValidation[s] 802 if !ok { 803 return spb.SecretStatus_UNSPECIFIED, fmt.Errorf("%w: %q", ErrUnsupportedValidationType, s) 804 } 805 return v, nil 806 } 807 808 func secretLocationToProto(filepath string) []*spb.Location { 809 return []*spb.Location{ 810 { 811 Location: &spb.Location_Filepath{ 812 Filepath: &spb.Filepath{ 813 Path: filepath, 814 }, 815 }, 816 }, 817 } 818 } 819 820 // --- Proto to Struct 821 822 // SecretToStruct converts a proto Secret to its struct representation. 823 func SecretToStruct(s *spb.Secret) (*inventory.Secret, error) { 824 if s == nil { 825 return nil, nil 826 } 827 828 if len(s.GetLocations()) > 1 { 829 return nil, ErrMultipleSecretLocations 830 } 831 832 sec, err := velesSecretToStruct(s.GetSecret()) 833 if err != nil { 834 return nil, err 835 } 836 res, err := validationResultToStruct(s.GetStatus()) 837 if err != nil { 838 return nil, err 839 } 840 var path string 841 if len(s.GetLocations()) > 0 { 842 path = secretLocationToStruct(s.GetLocations()[0]) 843 } 844 845 return &inventory.Secret{ 846 Secret: sec, 847 Location: path, 848 Validation: res, 849 }, nil 850 } 851 852 func velesSecretToStruct(s *spb.SecretData) (veles.Secret, error) { 853 switch s.Secret.(type) { 854 case *spb.SecretData_JwtToken: 855 return jwt.Token{Value: s.GetJwtToken().GetToken()}, nil 856 case *spb.SecretData_PrivateKey_: 857 return privatekeyToStruct(s.GetPrivateKey()), nil 858 case *spb.SecretData_Pgpass_: 859 return pgpassToStruct(s.GetPgpass()), nil 860 case *spb.SecretData_Gcpsak: 861 return gcpsakToStruct(s.GetGcpsak()), nil 862 case *spb.SecretData_MysqlMyloginSection_: 863 return mysqlMyloginSectionToStruct(s.GetMysqlMyloginSection()), nil 864 case *spb.SecretData_DockerHubPat_: 865 return dockerHubPATToStruct(s.GetDockerHubPat()), nil 866 case *spb.SecretData_GitlabPat_: 867 return gitlabPATToStruct(s.GetGitlabPat()), nil 868 case *spb.SecretData_Digitalocean: 869 return digitalOceanAPITokenToStruct(s.GetDigitalocean()), nil 870 case *spb.SecretData_Pypi: 871 return pypiAPITokenToStruct(s.GetPypi()), nil 872 case *spb.SecretData_CratesIoApiToken: 873 return cratesioAPITokenToStruct(s.GetCratesIoApiToken()), nil 874 case *spb.SecretData_SlackAppConfigRefreshToken_: 875 return slackAppConfigRefreshTokenToStruct(s.GetSlackAppConfigRefreshToken()), nil 876 case *spb.SecretData_SlackAppConfigAccessToken_: 877 return slackAppConfigAccessTokenToStruct(s.GetSlackAppConfigAccessToken()), nil 878 case *spb.SecretData_SlackAppLevelToken_: 879 return slackAppLevelTokenToStruct(s.GetSlackAppLevelToken()), nil 880 case *spb.SecretData_AnthropicWorkspaceApiKey: 881 return velesanthropicapikey.WorkspaceAPIKey{Key: s.GetAnthropicWorkspaceApiKey().GetKey()}, nil 882 case *spb.SecretData_AnthropicModelApiKey: 883 return velesanthropicapikey.ModelAPIKey{Key: s.GetAnthropicModelApiKey().GetKey()}, nil 884 case *spb.SecretData_Perplexity: 885 return perplexityAPIKeyToStruct(s.GetPerplexity()), nil 886 case *spb.SecretData_GrokXaiApiKey: 887 return velesgrokxaiapikey.GrokXAIAPIKey{Key: s.GetGrokXaiApiKey().GetKey()}, nil 888 case *spb.SecretData_AzureStorageAccountAccessKey_: 889 return velesazurestorageaccountaccesskeyToStruct(s.GetAzureStorageAccountAccessKey()), nil 890 case *spb.SecretData_GrokXaiManagementApiKey: 891 return velesgrokxaiapikey.GrokXAIManagementKey{Key: s.GetGrokXaiManagementApiKey().GetKey()}, nil 892 case *spb.SecretData_GithubAppRefreshToken_: 893 return velesgithub.AppRefreshToken{Token: s.GetGithubAppRefreshToken().GetToken()}, nil 894 case *spb.SecretData_GithubAppServerToServerToken_: 895 return velesgithub.AppServerToServerToken{Token: s.GetGithubAppServerToServerToken().GetToken()}, nil 896 case *spb.SecretData_GithubFineGrainedPersonalAccessToken_: 897 return velesgithub.FineGrainedPersonalAccessToken{ 898 Token: s.GetGithubFineGrainedPersonalAccessToken().GetToken(), 899 }, nil 900 case *spb.SecretData_GithubClassicPersonalAccessToken_: 901 return velesgithub.ClassicPersonalAccessToken{ 902 Token: s.GetGithubClassicPersonalAccessToken().GetToken(), 903 }, nil 904 case *spb.SecretData_GithubAppUserToServerToken_: 905 return velesgithub.AppUserToServerToken{ 906 Token: s.GetGithubAppUserToServerToken().GetToken(), 907 }, nil 908 case *spb.SecretData_GithubOauthToken: 909 return velesgithub.OAuthToken{Token: s.GetGithubOauthToken().GetToken()}, nil 910 case *spb.SecretData_AzureAccessToken_: 911 return velesazuretoken.AzureAccessToken{Token: s.GetAzureAccessToken().GetToken()}, nil 912 case *spb.SecretData_AzureIdentityToken_: 913 return velesazuretoken.AzureIdentityToken{Token: s.GetAzureIdentityToken().GetToken()}, nil 914 case *spb.SecretData_TinkKeyset_: 915 return tinkkeyset.TinkKeySet{Content: s.GetTinkKeyset().GetContent()}, nil 916 case *spb.SecretData_PostmanApiKey: 917 return velespostmanapikey.PostmanAPIKey{ 918 Key: s.GetPostmanApiKey().GetKey(), 919 }, nil 920 case *spb.SecretData_PostmanCollectionAccessToken_: 921 return velespostmanapikey.PostmanCollectionToken{ 922 Key: s.GetPostmanCollectionAccessToken().GetKey(), 923 }, nil 924 case *spb.SecretData_HashicorpVaultToken: 925 return hashicorpVaultTokenToStruct(s.GetHashicorpVaultToken()), nil 926 case *spb.SecretData_HashicorpVaultAppRoleCredentials: 927 return hashicorpVaultAppRoleCredentialsToStruct(s.GetHashicorpVaultAppRoleCredentials()), nil 928 case *spb.SecretData_GcpApiKey: 929 return velesgcpapikey.GCPAPIKey{Key: s.GetGcpApiKey().GetKey()}, nil 930 case *spb.SecretData_Hugginface: 931 return huggingfaceAPIKeyToStruct(s.GetHugginface()), nil 932 case *spb.SecretData_StripeSecretKey_: 933 return velesstripeapikeys.StripeSecretKey{ 934 Key: s.GetStripeSecretKey().GetKey(), 935 }, nil 936 case *spb.SecretData_StripeRestrictedKey_: 937 return velesstripeapikeys.StripeRestrictedKey{ 938 Key: s.GetStripeRestrictedKey().GetKey(), 939 }, nil 940 case *spb.SecretData_StripeWebhookSecret_: 941 return velesstripeapikeys.StripeWebhookSecret{ 942 Key: s.GetStripeWebhookSecret().GetKey(), 943 }, nil 944 case *spb.SecretData_GcpOauth2ClientCredentials: 945 return gcpOAuth2ClientCredentialsToStruct(s.GetGcpOauth2ClientCredentials()), nil 946 case *spb.SecretData_GcpOauth2AccessToken: 947 return gcpOAuth2AccessTokenToStruct(s.GetGcpOauth2AccessToken()), nil 948 case *spb.SecretData_OnepasswordSecretKey: 949 return velesonepasswordkeys.OnePasswordSecretKey{ 950 Key: s.GetOnepasswordSecretKey().GetKey(), 951 }, nil 952 case *spb.SecretData_OnepasswordServiceToken: 953 return velesonepasswordkeys.OnePasswordServiceToken{ 954 Key: s.GetOnepasswordServiceToken().GetKey(), 955 }, nil 956 case *spb.SecretData_OnepasswordRecoveryCode: 957 return velesonepasswordkeys.OnePasswordRecoveryCode{ 958 Key: s.GetOnepasswordRecoveryCode().GetKey(), 959 }, nil 960 case *spb.SecretData_OnepasswordConnectToken: 961 return onePasswordConnectTokenToStruct(s.GetOnepasswordConnectToken()), nil 962 case *spb.SecretData_HashicorpCloudPlatformCredentials: 963 return veleshashicorpcloudplatform.ClientCredentials{ 964 ClientID: s.GetHashicorpCloudPlatformCredentials().GetClientId(), 965 ClientSecret: s.GetHashicorpCloudPlatformCredentials().GetClientSecret(), 966 }, nil 967 case *spb.SecretData_HashicorpCloudPlatformToken: 968 t := s.GetHashicorpCloudPlatformToken() 969 return veleshashicorpcloudplatform.AccessToken{ 970 Token: t.GetToken(), 971 OrganizationID: t.GetOrganizationId(), 972 ProjectID: t.GetProjectId(), 973 PrincipalID: t.GetPrincipalId(), 974 PrincipalType: t.GetPrincipalType(), 975 ServiceName: t.GetServiceName(), 976 GroupIDs: t.GetGroupIds(), 977 UserID: t.GetUserId(), 978 UserEmail: t.GetUserEmail(), 979 }, nil 980 case *spb.SecretData_GcsHmacKey: 981 t := s.GetGcsHmacKey() 982 return gcshmackey.HMACKey{AccessID: t.GetAccessId(), Secret: t.GetSecret()}, nil 983 case *spb.SecretData_MariaDbCredentials: 984 creds := s.GetMariaDbCredentials() 985 return mariadb.Credentials{ 986 Section: creds.Section, 987 Host: creds.Host, 988 Port: creds.Port, 989 User: creds.User, 990 Password: creds.Password, 991 }, nil 992 case *spb.SecretData_AwsAccessKeyCredentials_: 993 creds := s.GetAwsAccessKeyCredentials() 994 return &awsaccesskey.Credentials{ 995 AccessID: creds.AccessId, 996 Secret: creds.Secret, 997 }, nil 998 case *spb.SecretData_VapidKey_: 999 t := s.GetVapidKey() 1000 return vapid.Key{PrivateB64: t.PrivateB64, PublicB64: t.PublicB64}, nil 1001 case *spb.SecretData_ReCaptchaKey_: 1002 return recaptchakey.Key{ 1003 Secret: s.GetReCaptchaKey().GetSecret(), 1004 }, nil 1005 case *spb.SecretData_PyxKeyV1_: 1006 return pyxkeyv1.PyxKeyV1{ 1007 Key: s.GetPyxKeyV1().GetKey(), 1008 }, nil 1009 case *spb.SecretData_PyxKeyV2_: 1010 return pyxkeyv2.PyxKeyV2{ 1011 Key: s.GetPyxKeyV2().GetKey(), 1012 }, nil 1013 case *spb.SecretData_CodeCatalystCredentials_: 1014 return codecatalyst.Credentials{ 1015 FullURL: s.GetCodeCatalystCredentials().GetUrl(), 1016 }, nil 1017 default: 1018 return nil, fmt.Errorf("%w: %T", ErrUnsupportedSecretType, s.GetSecret()) 1019 } 1020 } 1021 1022 func digitalOceanAPITokenToStruct(kPB *spb.SecretData_DigitalOceanAPIToken) velesdigitalocean.DigitaloceanAPIToken { 1023 return velesdigitalocean.DigitaloceanAPIToken{ 1024 Key: kPB.GetKey(), 1025 } 1026 } 1027 1028 func pypiAPITokenToStruct(kPB *spb.SecretData_PyPIAPIToken) pypiapitoken.PyPIAPIToken { 1029 return pypiapitoken.PyPIAPIToken{ 1030 Token: kPB.GetToken(), 1031 } 1032 } 1033 1034 func cratesioAPITokenToStruct(kPB *spb.SecretData_CratesIOAPIToken) cratesioapitoken.CratesIOAPItoken { 1035 return cratesioapitoken.CratesIOAPItoken{ 1036 Token: kPB.GetToken(), 1037 } 1038 } 1039 1040 func slackAppLevelTokenToStruct(kPB *spb.SecretData_SlackAppLevelToken) velesslacktoken.SlackAppLevelToken { 1041 return velesslacktoken.SlackAppLevelToken{ 1042 Token: kPB.GetToken(), 1043 } 1044 } 1045 1046 func slackAppConfigAccessTokenToStruct(kPB *spb.SecretData_SlackAppConfigAccessToken) velesslacktoken.SlackAppConfigAccessToken { 1047 return velesslacktoken.SlackAppConfigAccessToken{ 1048 Token: kPB.GetToken(), 1049 } 1050 } 1051 1052 func slackAppConfigRefreshTokenToStruct(kPB *spb.SecretData_SlackAppConfigRefreshToken) velesslacktoken.SlackAppConfigRefreshToken { 1053 return velesslacktoken.SlackAppConfigRefreshToken{ 1054 Token: kPB.GetToken(), 1055 } 1056 } 1057 1058 func dockerHubPATToStruct(kPB *spb.SecretData_DockerHubPat) dockerhubpat.DockerHubPAT { 1059 return dockerhubpat.DockerHubPAT{ 1060 Pat: kPB.GetPat(), 1061 Username: kPB.GetUsername(), 1062 } 1063 } 1064 1065 func gitlabPATToStruct(kPB *spb.SecretData_GitlabPat) gitlabpat.GitlabPAT { 1066 return gitlabpat.GitlabPAT{ 1067 Pat: kPB.GetPat(), 1068 } 1069 } 1070 1071 func onePasswordConnectTokenToStruct(kPB *spb.SecretData_OnePasswordConnectToken) velesonepasswordconnecttoken.OnePasswordConnectToken { 1072 if kPB == nil { 1073 return velesonepasswordconnecttoken.OnePasswordConnectToken{} 1074 } 1075 return velesonepasswordconnecttoken.OnePasswordConnectToken{ 1076 DeviceUUID: kPB.GetDeviceUuid(), 1077 Version: kPB.GetVersion(), 1078 EncryptedData: kPB.GetEncryptedData(), 1079 EncryptionKeyID: kPB.GetEncryptionKeyId(), 1080 IV: kPB.GetIv(), 1081 UniqueKeyID: kPB.GetUniqueKeyId(), 1082 VerifierSalt: kPB.GetVerifierSalt(), 1083 VerifierLocalHash: kPB.GetVerifierLocalHash(), 1084 } 1085 } 1086 1087 func huggingfaceAPIKeyToStruct(kPB *spb.SecretData_HuggingfaceAPIKey) huggingfaceapikey.HuggingfaceAPIKey { 1088 return huggingfaceapikey.HuggingfaceAPIKey{ 1089 Key: kPB.GetKey(), 1090 Role: kPB.GetRole(), 1091 FineGrainedScope: kPB.GetFineGrainedScope(), 1092 } 1093 } 1094 1095 func gcpOAuth2ClientCredentialsToStruct(kPB *spb.SecretData_GCPOAuth2ClientCredentials) gcpoauth2client.Credentials { 1096 return gcpoauth2client.Credentials{ 1097 ID: kPB.GetId(), 1098 Secret: kPB.GetSecret(), 1099 } 1100 } 1101 1102 func gcpOAuth2AccessTokenToStruct(kPB *spb.SecretData_GCPOAuth2AccessToken) gcpoauth2access.Token { 1103 return gcpoauth2access.Token{ 1104 Token: kPB.GetToken(), 1105 } 1106 } 1107 1108 func gcpsakToStruct(sakPB *spb.SecretData_GCPSAK) velesgcpsak.GCPSAK { 1109 sak := velesgcpsak.GCPSAK{ 1110 PrivateKeyID: sakPB.GetPrivateKeyId(), 1111 ServiceAccount: sakPB.GetClientEmail(), 1112 Signature: sakPB.GetSignature(), 1113 } 1114 if sakPB.GetType() != "" { 1115 sak.Extra = &velesgcpsak.ExtraFields{ 1116 Type: sakPB.GetType(), 1117 ProjectID: sakPB.GetProjectId(), 1118 ClientID: sakPB.GetClientId(), 1119 AuthURI: sakPB.GetAuthUri(), 1120 TokenURI: sakPB.GetTokenUri(), 1121 AuthProviderX509CertURL: sakPB.GetAuthProviderX509CertUrl(), 1122 ClientX509CertURL: sakPB.GetClientX509CertUrl(), 1123 UniverseDomain: sakPB.GetUniverseDomain(), 1124 PrivateKey: sakPB.GetPrivateKey(), 1125 } 1126 } 1127 return sak 1128 } 1129 1130 func mysqlMyloginSectionToStruct(ePB *spb.SecretData_MysqlMyloginSection) velesmysqlmylogin.Section { 1131 mysqlmylogin := velesmysqlmylogin.Section{ 1132 SectionName: ePB.GetSectionName(), 1133 User: ePB.GetUser(), 1134 Password: ePB.GetPassword(), 1135 Host: ePB.GetHost(), 1136 Port: ePB.GetPort(), 1137 Socket: ePB.GetSocket(), 1138 } 1139 return mysqlmylogin 1140 } 1141 1142 func pgpassToStruct(ePB *spb.SecretData_Pgpass) velespgpass.Pgpass { 1143 pgpass := velespgpass.Pgpass{ 1144 Hostname: ePB.GetHostname(), 1145 Port: ePB.GetPort(), 1146 Database: ePB.GetDatabase(), 1147 Username: ePB.GetUsername(), 1148 Password: ePB.GetPassword(), 1149 } 1150 return pgpass 1151 } 1152 1153 func perplexityAPIKeyToStruct(kPB *spb.SecretData_PerplexityAPIKey) velesperplexity.PerplexityAPIKey { 1154 return velesperplexity.PerplexityAPIKey{ 1155 Key: kPB.GetKey(), 1156 } 1157 } 1158 1159 func velesazurestorageaccountaccesskeyToStruct(kPB *spb.SecretData_AzureStorageAccountAccessKey) velesazurestorageaccountaccesskey.AzureStorageAccountAccessKey { 1160 return velesazurestorageaccountaccesskey.AzureStorageAccountAccessKey{ 1161 Key: kPB.GetKey(), 1162 } 1163 } 1164 1165 func privatekeyToStruct(pkPB *spb.SecretData_PrivateKey) velesprivatekey.PrivateKey { 1166 return velesprivatekey.PrivateKey{ 1167 Block: pkPB.GetBlock(), 1168 Der: pkPB.GetDer(), 1169 } 1170 } 1171 1172 func validationResultToStruct(r *spb.SecretStatus) (inventory.SecretValidationResult, error) { 1173 status, err := validationStatusToStruct(r.GetStatus()) 1174 if err != nil { 1175 return inventory.SecretValidationResult{}, err 1176 } 1177 var at time.Time 1178 if r.GetLastUpdated() != nil { 1179 at = r.GetLastUpdated().AsTime() 1180 } 1181 return inventory.SecretValidationResult{ 1182 Status: status, 1183 At: at, 1184 }, nil 1185 } 1186 1187 func validationStatusToStruct(s spb.SecretStatus_SecretStatusEnum) (veles.ValidationStatus, error) { 1188 v, ok := protoToStructValidation[s] 1189 if !ok { 1190 return veles.ValidationUnspecified, fmt.Errorf("%w: %q", ErrUnsupportedValidationType, s) 1191 } 1192 return v, nil 1193 } 1194 1195 func secretLocationToStruct(location *spb.Location) string { 1196 if location.GetFilepath() != nil { 1197 return location.GetFilepath().GetPath() 1198 } 1199 return "" 1200 } 1201 1202 func hashicorpVaultTokenToStruct(tokenPB *spb.SecretData_HashiCorpVaultToken) veleshashicorpvault.Token { 1203 return veleshashicorpvault.Token{ 1204 Token: tokenPB.GetToken(), 1205 } 1206 } 1207 1208 func hashicorpVaultAppRoleCredentialsToStruct(credsPB *spb.SecretData_HashiCorpVaultAppRoleCredentials) veleshashicorpvault.AppRoleCredentials { 1209 return veleshashicorpvault.AppRoleCredentials{ 1210 RoleID: credsPB.GetRoleId(), 1211 SecretID: credsPB.GetSecretId(), 1212 ID: credsPB.GetId(), 1213 } 1214 } 1215 1216 func hashicorpCloudPlatformCredentialsToProto(creds veleshashicorpcloudplatform.ClientCredentials) *spb.SecretData { 1217 return &spb.SecretData{ 1218 Secret: &spb.SecretData_HashicorpCloudPlatformCredentials{ 1219 HashicorpCloudPlatformCredentials: &spb.SecretData_HashiCorpCloudPlatformCredentials{ 1220 ClientId: creds.ClientID, 1221 ClientSecret: creds.ClientSecret, 1222 }, 1223 }, 1224 } 1225 } 1226 1227 func hashicorpCloudPlatformTokenToProto(token veleshashicorpcloudplatform.AccessToken) *spb.SecretData { 1228 return &spb.SecretData{ 1229 Secret: &spb.SecretData_HashicorpCloudPlatformToken{ 1230 HashicorpCloudPlatformToken: &spb.SecretData_HashiCorpCloudPlatformToken{ 1231 Token: token.Token, 1232 OrganizationId: token.OrganizationID, 1233 ProjectId: token.ProjectID, 1234 PrincipalId: token.PrincipalID, 1235 PrincipalType: token.PrincipalType, 1236 ServiceName: token.ServiceName, 1237 GroupIds: token.GroupIDs, 1238 UserId: token.UserID, 1239 UserEmail: token.UserEmail, 1240 }, 1241 }, 1242 } 1243 } 1244 func mariadbCredentialsToProto(t mariadb.Credentials) *spb.SecretData { 1245 return &spb.SecretData{ 1246 Secret: &spb.SecretData_MariaDbCredentials{ 1247 MariaDbCredentials: &spb.SecretData_MariaDBCredentials{ 1248 Host: t.Host, 1249 Port: t.Port, 1250 User: t.User, 1251 Password: t.Password, 1252 Section: t.Section, 1253 }, 1254 }, 1255 } 1256 } 1257 1258 func vapidKeyToProto(t vapid.Key) *spb.SecretData { 1259 return &spb.SecretData{ 1260 Secret: &spb.SecretData_VapidKey_{ 1261 VapidKey: &spb.SecretData_VapidKey{ 1262 PrivateB64: t.PrivateB64, 1263 PublicB64: t.PublicB64, 1264 }, 1265 }, 1266 } 1267 }