From 69833b20324e3bd2a4e3132baabdd5c03bbd8fc9 Mon Sep 17 00:00:00 2001 From: Marcin Walas Date: Fri, 9 May 2025 13:06:49 +0200 Subject: [PATCH 1/6] Implement redacting of certain fields for MPA --- cmd/sansshell-server/default-policy.rego | 1 - services/httpoverrpc/httpoverrpc.go | 2 +- services/httpoverrpc/httpoverrpc.pb.go | 222 +++++++++--------- services/httpoverrpc/httpoverrpc.proto | 3 +- services/mpa/annotations/annotations.go | 22 ++ .../mpa/annotations/mpa_annotations.pb.go | 94 ++++++++ .../mpa/annotations/mpa_annotations.proto | 27 +++ services/mpa/mpahooks/mpa_redact.go | 120 ++++++++++ services/mpa/mpahooks/mpahooks.go | 10 + services/mpa/server/server.go | 16 +- 10 files changed, 403 insertions(+), 114 deletions(-) create mode 100644 services/mpa/annotations/annotations.go create mode 100644 services/mpa/annotations/mpa_annotations.pb.go create mode 100644 services/mpa/annotations/mpa_annotations.proto create mode 100644 services/mpa/mpahooks/mpa_redact.go diff --git a/cmd/sansshell-server/default-policy.rego b/cmd/sansshell-server/default-policy.rego index d9956f1f..aa95c94c 100644 --- a/cmd/sansshell-server/default-policy.rego +++ b/cmd/sansshell-server/default-policy.rego @@ -106,7 +106,6 @@ allow { # Allow MPA setting when not sending a proxied identity. The proxy is allowed above. allow { - not input.metadata["proxied-sansshell-identity"] input.method = ["/Mpa.Mpa/Store", "/Mpa.Mpa/Approve"][_] } diff --git a/services/httpoverrpc/httpoverrpc.go b/services/httpoverrpc/httpoverrpc.go index d5058079..0b72e8e7 100644 --- a/services/httpoverrpc/httpoverrpc.go +++ b/services/httpoverrpc/httpoverrpc.go @@ -19,4 +19,4 @@ package httpoverrpc // To regenerate the proto headers if the proto changes, just run go generate // and this encodes the necessary magic: -//go:generate protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=require_unimplemented_servers=false:. --go-grpc_opt=paths=source_relative --go-grpcproxy_out=. --go-grpcproxy_opt=paths=source_relative httpoverrpc.proto +//go:generate protoc --proto_path=../../ --go_out=../../ --go_opt=paths=source_relative --go-grpc_out=require_unimplemented_servers=false:. --go-grpc_opt=paths=source_relative --go-grpcproxy_out=../../ --go-grpcproxy_opt=paths=source_relative services/httpoverrpc/httpoverrpc.proto diff --git a/services/httpoverrpc/httpoverrpc.pb.go b/services/httpoverrpc/httpoverrpc.pb.go index 48d93008..6cff240a 100644 --- a/services/httpoverrpc/httpoverrpc.pb.go +++ b/services/httpoverrpc/httpoverrpc.pb.go @@ -17,11 +17,12 @@ // versions: // protoc-gen-go v1.34.2 // protoc v5.29.3 -// source: httpoverrpc.proto +// source: services/httpoverrpc/httpoverrpc.proto package httpoverrpc import ( + _ "github.com/Snowflake-Labs/sansshell/services/mpa/annotations" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" _ "google.golang.org/protobuf/types/descriptorpb" @@ -57,7 +58,7 @@ type HostHTTPRequest struct { func (x *HostHTTPRequest) Reset() { *x = HostHTTPRequest{} if protoimpl.UnsafeEnabled { - mi := &file_httpoverrpc_proto_msgTypes[0] + mi := &file_services_httpoverrpc_httpoverrpc_proto_msgTypes[0] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -70,7 +71,7 @@ func (x *HostHTTPRequest) String() string { func (*HostHTTPRequest) ProtoMessage() {} func (x *HostHTTPRequest) ProtoReflect() protoreflect.Message { - mi := &file_httpoverrpc_proto_msgTypes[0] + mi := &file_services_httpoverrpc_httpoverrpc_proto_msgTypes[0] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -83,7 +84,7 @@ func (x *HostHTTPRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use HostHTTPRequest.ProtoReflect.Descriptor instead. func (*HostHTTPRequest) Descriptor() ([]byte, []int) { - return file_httpoverrpc_proto_rawDescGZIP(), []int{0} + return file_services_httpoverrpc_httpoverrpc_proto_rawDescGZIP(), []int{0} } func (x *HostHTTPRequest) GetRequest() *HTTPRequest { @@ -140,7 +141,7 @@ type TLSConfig struct { func (x *TLSConfig) Reset() { *x = TLSConfig{} if protoimpl.UnsafeEnabled { - mi := &file_httpoverrpc_proto_msgTypes[1] + mi := &file_services_httpoverrpc_httpoverrpc_proto_msgTypes[1] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -153,7 +154,7 @@ func (x *TLSConfig) String() string { func (*TLSConfig) ProtoMessage() {} func (x *TLSConfig) ProtoReflect() protoreflect.Message { - mi := &file_httpoverrpc_proto_msgTypes[1] + mi := &file_services_httpoverrpc_httpoverrpc_proto_msgTypes[1] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -166,7 +167,7 @@ func (x *TLSConfig) ProtoReflect() protoreflect.Message { // Deprecated: Use TLSConfig.ProtoReflect.Descriptor instead. func (*TLSConfig) Descriptor() ([]byte, []int) { - return file_httpoverrpc_proto_rawDescGZIP(), []int{1} + return file_services_httpoverrpc_httpoverrpc_proto_rawDescGZIP(), []int{1} } func (x *TLSConfig) GetInsecureSkipVerify() bool { @@ -188,7 +189,7 @@ type DialConfig struct { func (x *DialConfig) Reset() { *x = DialConfig{} if protoimpl.UnsafeEnabled { - mi := &file_httpoverrpc_proto_msgTypes[2] + mi := &file_services_httpoverrpc_httpoverrpc_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -201,7 +202,7 @@ func (x *DialConfig) String() string { func (*DialConfig) ProtoMessage() {} func (x *DialConfig) ProtoReflect() protoreflect.Message { - mi := &file_httpoverrpc_proto_msgTypes[2] + mi := &file_services_httpoverrpc_httpoverrpc_proto_msgTypes[2] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -214,7 +215,7 @@ func (x *DialConfig) ProtoReflect() protoreflect.Message { // Deprecated: Use DialConfig.ProtoReflect.Descriptor instead. func (*DialConfig) Descriptor() ([]byte, []int) { - return file_httpoverrpc_proto_rawDescGZIP(), []int{2} + return file_services_httpoverrpc_httpoverrpc_proto_rawDescGZIP(), []int{2} } func (x *DialConfig) GetDialAddress() string { @@ -236,7 +237,7 @@ type Header struct { func (x *Header) Reset() { *x = Header{} if protoimpl.UnsafeEnabled { - mi := &file_httpoverrpc_proto_msgTypes[3] + mi := &file_services_httpoverrpc_httpoverrpc_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -249,7 +250,7 @@ func (x *Header) String() string { func (*Header) ProtoMessage() {} func (x *Header) ProtoReflect() protoreflect.Message { - mi := &file_httpoverrpc_proto_msgTypes[3] + mi := &file_services_httpoverrpc_httpoverrpc_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -262,7 +263,7 @@ func (x *Header) ProtoReflect() protoreflect.Message { // Deprecated: Use Header.ProtoReflect.Descriptor instead. func (*Header) Descriptor() ([]byte, []int) { - return file_httpoverrpc_proto_rawDescGZIP(), []int{3} + return file_services_httpoverrpc_httpoverrpc_proto_rawDescGZIP(), []int{3} } func (x *Header) GetKey() string { @@ -294,7 +295,7 @@ type HTTPRequest struct { func (x *HTTPRequest) Reset() { *x = HTTPRequest{} if protoimpl.UnsafeEnabled { - mi := &file_httpoverrpc_proto_msgTypes[4] + mi := &file_services_httpoverrpc_httpoverrpc_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -307,7 +308,7 @@ func (x *HTTPRequest) String() string { func (*HTTPRequest) ProtoMessage() {} func (x *HTTPRequest) ProtoReflect() protoreflect.Message { - mi := &file_httpoverrpc_proto_msgTypes[4] + mi := &file_services_httpoverrpc_httpoverrpc_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -320,7 +321,7 @@ func (x *HTTPRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use HTTPRequest.ProtoReflect.Descriptor instead. func (*HTTPRequest) Descriptor() ([]byte, []int) { - return file_httpoverrpc_proto_rawDescGZIP(), []int{4} + return file_services_httpoverrpc_httpoverrpc_proto_rawDescGZIP(), []int{4} } func (x *HTTPRequest) GetMethod() string { @@ -365,7 +366,7 @@ type HTTPReply struct { func (x *HTTPReply) Reset() { *x = HTTPReply{} if protoimpl.UnsafeEnabled { - mi := &file_httpoverrpc_proto_msgTypes[5] + mi := &file_services_httpoverrpc_httpoverrpc_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -378,7 +379,7 @@ func (x *HTTPReply) String() string { func (*HTTPReply) ProtoMessage() {} func (x *HTTPReply) ProtoReflect() protoreflect.Message { - mi := &file_httpoverrpc_proto_msgTypes[5] + mi := &file_services_httpoverrpc_httpoverrpc_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -391,7 +392,7 @@ func (x *HTTPReply) ProtoReflect() protoreflect.Message { // Deprecated: Use HTTPReply.ProtoReflect.Descriptor instead. func (*HTTPReply) Descriptor() ([]byte, []int) { - return file_httpoverrpc_proto_rawDescGZIP(), []int{5} + return file_services_httpoverrpc_httpoverrpc_proto_rawDescGZIP(), []int{5} } func (x *HTTPReply) GetStatusCode() int32 { @@ -415,83 +416,88 @@ func (x *HTTPReply) GetBody() []byte { return nil } -var File_httpoverrpc_proto protoreflect.FileDescriptor - -var file_httpoverrpc_proto_rawDesc = []byte{ - 0x0a, 0x11, 0x68, 0x74, 0x74, 0x70, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x70, 0x63, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x12, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x4f, 0x76, 0x65, 0x72, 0x52, 0x50, 0x43, - 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x22, 0x94, 0x02, 0x0a, 0x0f, 0x48, 0x6f, 0x73, 0x74, 0x48, 0x54, 0x54, 0x50, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x32, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4f, 0x76, - 0x65, 0x72, 0x52, 0x50, 0x43, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x52, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, - 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x1a, - 0x0a, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x08, 0x68, 0x6f, 0x73, 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x34, 0x0a, 0x09, 0x74, 0x6c, 0x73, 0x63, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x48, 0x54, 0x54, 0x50, - 0x4f, 0x76, 0x65, 0x72, 0x52, 0x50, 0x43, 0x2e, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x52, 0x09, 0x74, 0x6c, 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3c, 0x0a, 0x0a, - 0x64, 0x69, 0x61, 0x6c, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x17, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4f, 0x76, 0x65, 0x72, 0x52, 0x50, 0x43, 0x2e, 0x44, - 0x69, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x0a, 0x64, 0x69, 0x61, - 0x6c, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x88, 0x01, 0x01, 0x42, 0x0d, 0x0a, 0x0b, 0x5f, 0x64, - 0x69, 0x61, 0x6c, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x22, 0x3b, 0x0a, 0x09, 0x54, 0x4c, 0x53, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2e, 0x0a, 0x12, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, - 0x72, 0x65, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x12, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x53, 0x6b, 0x69, 0x70, - 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x22, 0x43, 0x0a, 0x0a, 0x44, 0x69, 0x61, 0x6c, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x12, 0x25, 0x0a, 0x0b, 0x64, 0x69, 0x61, 0x6c, 0x41, 0x64, 0x64, 0x72, - 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b, 0x64, 0x69, 0x61, - 0x6c, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x88, 0x01, 0x01, 0x42, 0x0e, 0x0a, 0x0c, 0x5f, - 0x64, 0x69, 0x61, 0x6c, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x22, 0x37, 0x0a, 0x06, 0x48, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x1b, 0x0a, 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x42, 0x03, 0x80, 0x01, 0x01, 0x52, 0x06, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x73, 0x22, 0x8e, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x1f, 0x0a, 0x0b, - 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0a, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x55, 0x72, 0x69, 0x12, 0x2d, 0x0a, - 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, - 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4f, 0x76, 0x65, 0x72, 0x52, 0x50, 0x43, 0x2e, 0x48, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x17, 0x0a, 0x04, - 0x62, 0x6f, 0x64, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0x80, 0x01, 0x01, 0x52, - 0x04, 0x62, 0x6f, 0x64, 0x79, 0x22, 0x6f, 0x0a, 0x09, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x70, - 0x6c, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f, 0x63, 0x6f, 0x64, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, - 0x6f, 0x64, 0x65, 0x12, 0x2d, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x02, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4f, 0x76, 0x65, 0x72, 0x52, - 0x50, 0x43, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, - 0x52, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x32, 0x4d, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x4f, 0x76, - 0x65, 0x72, 0x52, 0x50, 0x43, 0x12, 0x3e, 0x0a, 0x04, 0x48, 0x6f, 0x73, 0x74, 0x12, 0x1c, 0x2e, - 0x48, 0x54, 0x54, 0x50, 0x4f, 0x76, 0x65, 0x72, 0x52, 0x50, 0x43, 0x2e, 0x48, 0x6f, 0x73, 0x74, - 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x48, 0x54, - 0x54, 0x50, 0x4f, 0x76, 0x65, 0x72, 0x52, 0x50, 0x43, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, - 0x70, 0x6c, 0x79, 0x22, 0x00, 0x42, 0x31, 0x5a, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x53, 0x6e, 0x6f, 0x77, 0x66, 0x6c, 0x61, 0x6b, 0x65, 0x2d, 0x4c, 0x61, - 0x62, 0x73, 0x2f, 0x73, 0x61, 0x6e, 0x73, 0x73, 0x68, 0x65, 0x6c, 0x6c, 0x2f, 0x68, 0x74, 0x74, - 0x70, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x70, 0x63, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +var File_services_httpoverrpc_httpoverrpc_proto protoreflect.FileDescriptor + +var file_services_httpoverrpc_httpoverrpc_proto_rawDesc = []byte{ + 0x0a, 0x26, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x6f, + 0x76, 0x65, 0x72, 0x72, 0x70, 0x63, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x6f, 0x76, 0x65, 0x72, 0x72, + 0x70, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x4f, 0x76, + 0x65, 0x72, 0x52, 0x50, 0x43, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, + 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x73, 0x2f, 0x6d, 0x70, 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x2f, 0x6d, 0x70, 0x61, 0x5f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9a, 0x02, 0x0a, 0x0f, 0x48, 0x6f, 0x73, 0x74, + 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x38, 0x0a, 0x07, 0x72, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x48, + 0x54, 0x54, 0x50, 0x4f, 0x76, 0x65, 0x72, 0x52, 0x50, 0x43, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x42, 0x04, 0x80, 0xb5, 0x18, 0x01, 0x52, 0x07, 0x72, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x68, 0x6f, 0x73, + 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x68, 0x6f, 0x73, + 0x74, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, + 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, + 0x6c, 0x12, 0x34, 0x0a, 0x09, 0x74, 0x6c, 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4f, 0x76, 0x65, 0x72, 0x52, + 0x50, 0x43, 0x2e, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x09, 0x74, 0x6c, + 0x73, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3c, 0x0a, 0x0a, 0x64, 0x69, 0x61, 0x6c, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x48, 0x54, + 0x54, 0x50, 0x4f, 0x76, 0x65, 0x72, 0x52, 0x50, 0x43, 0x2e, 0x44, 0x69, 0x61, 0x6c, 0x43, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x0a, 0x64, 0x69, 0x61, 0x6c, 0x63, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x88, 0x01, 0x01, 0x42, 0x0d, 0x0a, 0x0b, 0x5f, 0x64, 0x69, 0x61, 0x6c, 0x63, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x22, 0x3b, 0x0a, 0x09, 0x54, 0x4c, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x12, 0x2e, 0x0a, 0x12, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x53, 0x6b, 0x69, + 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x69, + 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, + 0x79, 0x22, 0x43, 0x0a, 0x0a, 0x44, 0x69, 0x61, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, + 0x25, 0x0a, 0x0b, 0x64, 0x69, 0x61, 0x6c, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b, 0x64, 0x69, 0x61, 0x6c, 0x41, 0x64, 0x64, 0x72, + 0x65, 0x73, 0x73, 0x88, 0x01, 0x01, 0x42, 0x0e, 0x0a, 0x0c, 0x5f, 0x64, 0x69, 0x61, 0x6c, 0x41, + 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x22, 0x37, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, + 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, + 0x65, 0x79, 0x12, 0x1b, 0x0a, 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x09, 0x42, 0x03, 0x80, 0x01, 0x01, 0x52, 0x06, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x22, + 0x8e, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, + 0x16, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x72, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x72, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x55, 0x72, 0x69, 0x12, 0x2d, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x48, 0x54, 0x54, 0x50, + 0x4f, 0x76, 0x65, 0x72, 0x52, 0x50, 0x43, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x07, + 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x17, 0x0a, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x03, 0x80, 0x01, 0x01, 0x52, 0x04, 0x62, 0x6f, 0x64, 0x79, + 0x22, 0x6f, 0x0a, 0x09, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x12, 0x1f, 0x0a, + 0x0b, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x43, 0x6f, 0x64, 0x65, 0x12, 0x2d, + 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x13, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4f, 0x76, 0x65, 0x72, 0x52, 0x50, 0x43, 0x2e, 0x48, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x12, 0x0a, + 0x04, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x62, 0x6f, 0x64, + 0x79, 0x32, 0x4d, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x4f, 0x76, 0x65, 0x72, 0x52, 0x50, 0x43, + 0x12, 0x3e, 0x0a, 0x04, 0x48, 0x6f, 0x73, 0x74, 0x12, 0x1c, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4f, + 0x76, 0x65, 0x72, 0x52, 0x50, 0x43, 0x2e, 0x48, 0x6f, 0x73, 0x74, 0x48, 0x54, 0x54, 0x50, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4f, 0x76, 0x65, + 0x72, 0x52, 0x50, 0x43, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x70, 0x6c, 0x79, 0x22, 0x00, + 0x42, 0x31, 0x5a, 0x2f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x53, + 0x6e, 0x6f, 0x77, 0x66, 0x6c, 0x61, 0x6b, 0x65, 0x2d, 0x4c, 0x61, 0x62, 0x73, 0x2f, 0x73, 0x61, + 0x6e, 0x73, 0x73, 0x68, 0x65, 0x6c, 0x6c, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x6f, 0x76, 0x65, 0x72, + 0x72, 0x70, 0x63, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( - file_httpoverrpc_proto_rawDescOnce sync.Once - file_httpoverrpc_proto_rawDescData = file_httpoverrpc_proto_rawDesc + file_services_httpoverrpc_httpoverrpc_proto_rawDescOnce sync.Once + file_services_httpoverrpc_httpoverrpc_proto_rawDescData = file_services_httpoverrpc_httpoverrpc_proto_rawDesc ) -func file_httpoverrpc_proto_rawDescGZIP() []byte { - file_httpoverrpc_proto_rawDescOnce.Do(func() { - file_httpoverrpc_proto_rawDescData = protoimpl.X.CompressGZIP(file_httpoverrpc_proto_rawDescData) +func file_services_httpoverrpc_httpoverrpc_proto_rawDescGZIP() []byte { + file_services_httpoverrpc_httpoverrpc_proto_rawDescOnce.Do(func() { + file_services_httpoverrpc_httpoverrpc_proto_rawDescData = protoimpl.X.CompressGZIP(file_services_httpoverrpc_httpoverrpc_proto_rawDescData) }) - return file_httpoverrpc_proto_rawDescData + return file_services_httpoverrpc_httpoverrpc_proto_rawDescData } -var file_httpoverrpc_proto_msgTypes = make([]protoimpl.MessageInfo, 6) -var file_httpoverrpc_proto_goTypes = []any{ +var file_services_httpoverrpc_httpoverrpc_proto_msgTypes = make([]protoimpl.MessageInfo, 6) +var file_services_httpoverrpc_httpoverrpc_proto_goTypes = []any{ (*HostHTTPRequest)(nil), // 0: HTTPOverRPC.HostHTTPRequest (*TLSConfig)(nil), // 1: HTTPOverRPC.TLSConfig (*DialConfig)(nil), // 2: HTTPOverRPC.DialConfig @@ -499,7 +505,7 @@ var file_httpoverrpc_proto_goTypes = []any{ (*HTTPRequest)(nil), // 4: HTTPOverRPC.HTTPRequest (*HTTPReply)(nil), // 5: HTTPOverRPC.HTTPReply } -var file_httpoverrpc_proto_depIdxs = []int32{ +var file_services_httpoverrpc_httpoverrpc_proto_depIdxs = []int32{ 4, // 0: HTTPOverRPC.HostHTTPRequest.request:type_name -> HTTPOverRPC.HTTPRequest 1, // 1: HTTPOverRPC.HostHTTPRequest.tlsconfig:type_name -> HTTPOverRPC.TLSConfig 2, // 2: HTTPOverRPC.HostHTTPRequest.dialconfig:type_name -> HTTPOverRPC.DialConfig @@ -514,13 +520,13 @@ var file_httpoverrpc_proto_depIdxs = []int32{ 0, // [0:5] is the sub-list for field type_name } -func init() { file_httpoverrpc_proto_init() } -func file_httpoverrpc_proto_init() { - if File_httpoverrpc_proto != nil { +func init() { file_services_httpoverrpc_httpoverrpc_proto_init() } +func file_services_httpoverrpc_httpoverrpc_proto_init() { + if File_services_httpoverrpc_httpoverrpc_proto != nil { return } if !protoimpl.UnsafeEnabled { - file_httpoverrpc_proto_msgTypes[0].Exporter = func(v any, i int) any { + file_services_httpoverrpc_httpoverrpc_proto_msgTypes[0].Exporter = func(v any, i int) any { switch v := v.(*HostHTTPRequest); i { case 0: return &v.state @@ -532,7 +538,7 @@ func file_httpoverrpc_proto_init() { return nil } } - file_httpoverrpc_proto_msgTypes[1].Exporter = func(v any, i int) any { + file_services_httpoverrpc_httpoverrpc_proto_msgTypes[1].Exporter = func(v any, i int) any { switch v := v.(*TLSConfig); i { case 0: return &v.state @@ -544,7 +550,7 @@ func file_httpoverrpc_proto_init() { return nil } } - file_httpoverrpc_proto_msgTypes[2].Exporter = func(v any, i int) any { + file_services_httpoverrpc_httpoverrpc_proto_msgTypes[2].Exporter = func(v any, i int) any { switch v := v.(*DialConfig); i { case 0: return &v.state @@ -556,7 +562,7 @@ func file_httpoverrpc_proto_init() { return nil } } - file_httpoverrpc_proto_msgTypes[3].Exporter = func(v any, i int) any { + file_services_httpoverrpc_httpoverrpc_proto_msgTypes[3].Exporter = func(v any, i int) any { switch v := v.(*Header); i { case 0: return &v.state @@ -568,7 +574,7 @@ func file_httpoverrpc_proto_init() { return nil } } - file_httpoverrpc_proto_msgTypes[4].Exporter = func(v any, i int) any { + file_services_httpoverrpc_httpoverrpc_proto_msgTypes[4].Exporter = func(v any, i int) any { switch v := v.(*HTTPRequest); i { case 0: return &v.state @@ -580,7 +586,7 @@ func file_httpoverrpc_proto_init() { return nil } } - file_httpoverrpc_proto_msgTypes[5].Exporter = func(v any, i int) any { + file_services_httpoverrpc_httpoverrpc_proto_msgTypes[5].Exporter = func(v any, i int) any { switch v := v.(*HTTPReply); i { case 0: return &v.state @@ -593,24 +599,24 @@ func file_httpoverrpc_proto_init() { } } } - file_httpoverrpc_proto_msgTypes[0].OneofWrappers = []any{} - file_httpoverrpc_proto_msgTypes[2].OneofWrappers = []any{} + file_services_httpoverrpc_httpoverrpc_proto_msgTypes[0].OneofWrappers = []any{} + file_services_httpoverrpc_httpoverrpc_proto_msgTypes[2].OneofWrappers = []any{} type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_httpoverrpc_proto_rawDesc, + RawDescriptor: file_services_httpoverrpc_httpoverrpc_proto_rawDesc, NumEnums: 0, NumMessages: 6, NumExtensions: 0, NumServices: 1, }, - GoTypes: file_httpoverrpc_proto_goTypes, - DependencyIndexes: file_httpoverrpc_proto_depIdxs, - MessageInfos: file_httpoverrpc_proto_msgTypes, + GoTypes: file_services_httpoverrpc_httpoverrpc_proto_goTypes, + DependencyIndexes: file_services_httpoverrpc_httpoverrpc_proto_depIdxs, + MessageInfos: file_services_httpoverrpc_httpoverrpc_proto_msgTypes, }.Build() - File_httpoverrpc_proto = out.File - file_httpoverrpc_proto_rawDesc = nil - file_httpoverrpc_proto_goTypes = nil - file_httpoverrpc_proto_depIdxs = nil + File_services_httpoverrpc_httpoverrpc_proto = out.File + file_services_httpoverrpc_httpoverrpc_proto_rawDesc = nil + file_services_httpoverrpc_httpoverrpc_proto_goTypes = nil + file_services_httpoverrpc_httpoverrpc_proto_depIdxs = nil } diff --git a/services/httpoverrpc/httpoverrpc.proto b/services/httpoverrpc/httpoverrpc.proto index 3eeed858..41ea965d 100644 --- a/services/httpoverrpc/httpoverrpc.proto +++ b/services/httpoverrpc/httpoverrpc.proto @@ -17,6 +17,7 @@ syntax = "proto3"; import "google/protobuf/descriptor.proto"; +import "services/mpa/annotations/mpa_annotations.proto"; option go_package = "github.com/Snowflake-Labs/sansshell/httpoverrpc"; @@ -29,7 +30,7 @@ service HTTPOverRPC { } message HostHTTPRequest { - HTTPRequest request = 1; + HTTPRequest request = 1 [(sansshell.annotations.mpa_redacted) = true]; // The port to use for the request on the local host. int32 port = 2; // Hostname can be specified as either an ip address or domain name diff --git a/services/mpa/annotations/annotations.go b/services/mpa/annotations/annotations.go new file mode 100644 index 00000000..0e8dba16 --- /dev/null +++ b/services/mpa/annotations/annotations.go @@ -0,0 +1,22 @@ +/* Copyright (c) 2019 Snowflake Inc. All rights reserved. + + Licensed under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +// Package mpa defines the RPC interface for the sansshell MPA actions. +package annotations + +// To regenerate the proto headers if the .proto changes, just run go generate +// and this encodes the necessary magic: +//go:generate protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=require_unimplemented_servers=false:. --go-grpc_opt=paths=source_relative --go-grpcproxy_out=. --go-grpcproxy_opt=paths=source_relative mpa_annotations.proto diff --git a/services/mpa/annotations/mpa_annotations.pb.go b/services/mpa/annotations/mpa_annotations.pb.go new file mode 100644 index 00000000..6b952204 --- /dev/null +++ b/services/mpa/annotations/mpa_annotations.pb.go @@ -0,0 +1,94 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.34.2 +// protoc v5.29.3 +// source: mpa_annotations.proto + +package annotations + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + descriptorpb "google.golang.org/protobuf/types/descriptorpb" + reflect "reflect" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +var file_mpa_annotations_proto_extTypes = []protoimpl.ExtensionInfo{ + { + ExtendedType: (*descriptorpb.FieldOptions)(nil), + ExtensionType: (*bool)(nil), + Field: 50000, + Name: "sansshell.annotations.mpa_redacted", + Tag: "varint,50000,opt,name=mpa_redacted", + Filename: "mpa_annotations.proto", + }, +} + +// Extension fields to descriptorpb.FieldOptions. +var ( + // optional bool mpa_redacted = 50000; + E_MpaRedacted = &file_mpa_annotations_proto_extTypes[0] // Using a high number to avoid conflicts +) + +var File_mpa_annotations_proto protoreflect.FileDescriptor + +var file_mpa_annotations_proto_rawDesc = []byte{ + 0x0a, 0x15, 0x6d, 0x70, 0x61, 0x5f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x73, 0x61, 0x6e, 0x73, 0x73, 0x68, 0x65, + 0x6c, 0x6c, 0x2e, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x20, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, + 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x3a, 0x42, 0x0a, 0x0c, 0x6d, 0x70, 0x61, 0x5f, 0x72, 0x65, 0x64, 0x61, 0x63, 0x74, 0x65, 0x64, + 0x12, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, + 0xd0, 0x86, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x6d, 0x70, 0x61, 0x52, 0x65, 0x64, 0x61, + 0x63, 0x74, 0x65, 0x64, 0x42, 0x3e, 0x5a, 0x3c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x53, 0x6e, 0x6f, 0x77, 0x66, 0x6c, 0x61, 0x6b, 0x65, 0x2d, 0x4c, 0x61, 0x62, + 0x73, 0x2f, 0x73, 0x61, 0x6e, 0x73, 0x73, 0x68, 0x65, 0x6c, 0x6c, 0x2f, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x73, 0x2f, 0x6d, 0x70, 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var file_mpa_annotations_proto_goTypes = []any{ + (*descriptorpb.FieldOptions)(nil), // 0: google.protobuf.FieldOptions +} +var file_mpa_annotations_proto_depIdxs = []int32{ + 0, // 0: sansshell.annotations.mpa_redacted:extendee -> google.protobuf.FieldOptions + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 0, // [0:1] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_mpa_annotations_proto_init() } +func file_mpa_annotations_proto_init() { + if File_mpa_annotations_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_mpa_annotations_proto_rawDesc, + NumEnums: 0, + NumMessages: 0, + NumExtensions: 1, + NumServices: 0, + }, + GoTypes: file_mpa_annotations_proto_goTypes, + DependencyIndexes: file_mpa_annotations_proto_depIdxs, + ExtensionInfos: file_mpa_annotations_proto_extTypes, + }.Build() + File_mpa_annotations_proto = out.File + file_mpa_annotations_proto_rawDesc = nil + file_mpa_annotations_proto_goTypes = nil + file_mpa_annotations_proto_depIdxs = nil +} diff --git a/services/mpa/annotations/mpa_annotations.proto b/services/mpa/annotations/mpa_annotations.proto new file mode 100644 index 00000000..653ef459 --- /dev/null +++ b/services/mpa/annotations/mpa_annotations.proto @@ -0,0 +1,27 @@ +/* Copyright (c) 2019 Snowflake Inc. All rights reserved. + + Licensed under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +syntax = "proto3"; + +package sansshell.annotations; + +import "google/protobuf/descriptor.proto"; + +option go_package = "github.com/Snowflake-Labs/sansshell/services/mpa/annotations"; + +extend google.protobuf.FieldOptions { + bool mpa_redacted = 50000; // Using a high number to avoid conflicts +} \ No newline at end of file diff --git a/services/mpa/mpahooks/mpa_redact.go b/services/mpa/mpahooks/mpa_redact.go new file mode 100644 index 00000000..a91cc1ab --- /dev/null +++ b/services/mpa/mpahooks/mpa_redact.go @@ -0,0 +1,120 @@ +/* Copyright (c) 2023 Snowflake Inc. All rights reserved. + + Licensed under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +*/ + +package mpahooks + +import ( + "fmt" + + "github.com/Snowflake-Labs/sansshell/services/mpa/annotations" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/types/descriptorpb" + "google.golang.org/protobuf/types/known/anypb" +) + +// RedactFieldsForMPA processes an Any proto message and redacts (sets to nil/zero) +// any fields that are marked with the mpa_redacted annotation. +// Returns true if the message was modified. +func RedactFieldsForMPA(anyMsg *anypb.Any) (bool, error) { + // First extract the message from Any + msg, err := anyMsg.UnmarshalNew() + if err != nil { + return false, fmt.Errorf("failed to unmarshal Any message: %v", err) + } + fmt.Printf("\n\n") + + // Process the message to redact marked fields + modified := redactMessageFields(msg) + fmt.Printf("######################## Redacted %v fields on message: %v\n\n\n", modified, msg.ProtoReflect().Descriptor().FullName()) + + // If we made changes, update the Any message + if modified { + if err := anyMsg.MarshalFrom(msg); err != nil { + return false, fmt.Errorf("failed to re-marshal message: %v", err) + } + } + + return modified, nil +} + +// redactMessageFields recursively processes a message and redacts fields +// marked with the mpa_redacted annotation. +// Returns true if any field was redacted. +func redactMessageFields(message proto.Message) bool { + modified := false + + // Get the reflective view of the message + m := message.ProtoReflect() + + // Iterate through all fields in the message + m.Range(func(fd protoreflect.FieldDescriptor, v protoreflect.Value) bool { + // Check if this field has the mpa_redacted option set + opts := fd.Options().(*descriptorpb.FieldOptions) + fmt.Printf("##### Field: %s, fd: %v Value: %v, opts: %v \n", fd.FullName(), fd, v, opts) + + if proto.GetExtension(opts, annotations.E_MpaRedacted).(bool) { + // Field should be redacted + fmt.Printf("##### Redacting field: %s\n", fd.FullName()) + + m.Clear(fd) + modified = true + return true // Continue iteration + } + + // If it's a message field that's not nil, recursively process it + if fd.Kind() == protoreflect.MessageKind && v.IsValid() { + if fd.IsList() { + // Handle repeated message fields + list := v.List() + for i := 0; i < list.Len(); i++ { + item := list.Get(i) + if item.Message().IsValid() { + // Create a new proto.Message from this item + nestedMsg := item.Message().Interface() + if redactMessageFields(nestedMsg) { + modified = true + } + } + } + } else if fd.IsMap() { + // Handle map fields where values are messages + if fd.MapValue().Kind() == protoreflect.MessageKind { + mapVal := v.Map() + mapVal.Range(func(k protoreflect.MapKey, v protoreflect.Value) bool { + if v.Message().IsValid() { + nestedMsg := v.Message().Interface() + if redactMessageFields(nestedMsg) { + modified = true + } + } + return true + }) + } + } else if v.Message().IsValid() { + // Handle regular message fields + nestedMsg := v.Message().Interface() + if redactMessageFields(nestedMsg) { + modified = true + } + } + } + + return true // Continue iteration + }) + + return modified +} diff --git a/services/mpa/mpahooks/mpahooks.go b/services/mpa/mpahooks/mpahooks.go index 327e0e6f..27ed1d95 100644 --- a/services/mpa/mpahooks/mpahooks.go +++ b/services/mpa/mpahooks/mpahooks.go @@ -86,6 +86,11 @@ func ActionMatchesInput(ctx context.Context, action *mpa.Action, input *rpcauth. return fmt.Errorf("unable to marshal into anyproto: %v", err) } + // Redact fields that shouldn't be checked for equality + if _, err := RedactFieldsForMPA(&msg); err != nil { + return fmt.Errorf("error redacting marked fields: %v", err) + } + // Prefer using a proxied identity if provided var user string if p := proxiedidentity.FromContext(ctx); p != nil { @@ -120,6 +125,11 @@ func createAndBlockOnSingleTargetMPA(ctx context.Context, method string, req any return "", fmt.Errorf("unable to marshal into anyproto: %v", err) } + // Redact fields that shouldn't be stored in the MPA + if _, err := RedactFieldsForMPA(&msg); err != nil { + return "", fmt.Errorf("error redacting marked fields: %v", err) + } + mpaClient := mpa.NewMpaClient(cc) result, err := mpaClient.Store(ctx, &mpa.StoreRequest{ Method: method, diff --git a/services/mpa/server/server.go b/services/mpa/server/server.go index a6fcf208..1374614b 100644 --- a/services/mpa/server/server.go +++ b/services/mpa/server/server.go @@ -86,10 +86,18 @@ func actionId(action *mpa.Action) (string, error) { // output for the same input. Go provides a deterministic marshalling option, // but this marshalling isn't guaranteed to be stable over time. // JSON encoding can be made deterministic by canonicalizing. + + msg := action.Message + // Redact fields that shouldn't be checked for equality + if _, err := mpahooks.RedactFieldsForMPA(msg); err != nil { + return "", fmt.Errorf("error redacting marked fields: %v", err) + } + b, err := protojson.Marshal(action) if err != nil { return "", err } + canonical, err := jcs.Transform(b) if err != nil { return "", err @@ -219,9 +227,11 @@ func (s *server) Approve(ctx context.Context, in *mpa.ApproveRequest) (*mpa.Appr if !ok { return nil, status.Error(codes.NotFound, "MPA request with provided input not found") } - if act.action.User == p.ID { - return nil, status.Error(codes.InvalidArgument, "MPA requests cannot be approved by their requestor") - } + /* + if act.action.User == p.ID { + return nil, status.Error(codes.InvalidArgument, "MPA requests cannot be approved by their requestor") + } + */ act.lastModified = time.Now() // Only add the approver if it's new compared to existing approvals if !containsPrincipal(act.approvers, p) { From 489ab4f42e9f4e343045509c7797ef9fca695a37 Mon Sep 17 00:00:00 2001 From: Marcin Walas Date: Fri, 9 May 2025 13:10:28 +0200 Subject: [PATCH 2/6] Remove excessive printing --- services/mpa/annotations/mpa_annotations.proto | 2 +- services/mpa/mpahooks/mpa_redact.go | 6 ------ 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/services/mpa/annotations/mpa_annotations.proto b/services/mpa/annotations/mpa_annotations.proto index 653ef459..3e369a13 100644 --- a/services/mpa/annotations/mpa_annotations.proto +++ b/services/mpa/annotations/mpa_annotations.proto @@ -24,4 +24,4 @@ option go_package = "github.com/Snowflake-Labs/sansshell/services/mpa/annotation extend google.protobuf.FieldOptions { bool mpa_redacted = 50000; // Using a high number to avoid conflicts -} \ No newline at end of file +} diff --git a/services/mpa/mpahooks/mpa_redact.go b/services/mpa/mpahooks/mpa_redact.go index a91cc1ab..620ce84a 100644 --- a/services/mpa/mpahooks/mpa_redact.go +++ b/services/mpa/mpahooks/mpa_redact.go @@ -35,11 +35,9 @@ func RedactFieldsForMPA(anyMsg *anypb.Any) (bool, error) { if err != nil { return false, fmt.Errorf("failed to unmarshal Any message: %v", err) } - fmt.Printf("\n\n") // Process the message to redact marked fields modified := redactMessageFields(msg) - fmt.Printf("######################## Redacted %v fields on message: %v\n\n\n", modified, msg.ProtoReflect().Descriptor().FullName()) // If we made changes, update the Any message if modified { @@ -64,12 +62,8 @@ func redactMessageFields(message proto.Message) bool { m.Range(func(fd protoreflect.FieldDescriptor, v protoreflect.Value) bool { // Check if this field has the mpa_redacted option set opts := fd.Options().(*descriptorpb.FieldOptions) - fmt.Printf("##### Field: %s, fd: %v Value: %v, opts: %v \n", fd.FullName(), fd, v, opts) if proto.GetExtension(opts, annotations.E_MpaRedacted).(bool) { - // Field should be redacted - fmt.Printf("##### Redacting field: %s\n", fd.FullName()) - m.Clear(fd) modified = true return true // Continue iteration From b885275808aee9fe49965deab8d39d75bc343e2b Mon Sep 17 00:00:00 2001 From: Marcin Walas Date: Fri, 9 May 2025 13:11:53 +0200 Subject: [PATCH 3/6] Rollback a hack for local testing --- services/mpa/server/server.go | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/services/mpa/server/server.go b/services/mpa/server/server.go index 1374614b..94ae9e02 100644 --- a/services/mpa/server/server.go +++ b/services/mpa/server/server.go @@ -227,11 +227,9 @@ func (s *server) Approve(ctx context.Context, in *mpa.ApproveRequest) (*mpa.Appr if !ok { return nil, status.Error(codes.NotFound, "MPA request with provided input not found") } - /* - if act.action.User == p.ID { - return nil, status.Error(codes.InvalidArgument, "MPA requests cannot be approved by their requestor") - } - */ + if act.action.User == p.ID { + return nil, status.Error(codes.InvalidArgument, "MPA requests cannot be approved by their requestor") + } act.lastModified = time.Now() // Only add the approver if it's new compared to existing approvals if !containsPrincipal(act.approvers, p) { From 2211c505d06ae8081cc59619e772b68993d24cd3 Mon Sep 17 00:00:00 2001 From: Marcin Walas Date: Fri, 9 May 2025 13:32:53 +0200 Subject: [PATCH 4/6] Make sure redaction does not fail on nil messages --- services/mpa/mpahooks/mpa_redact.go | 3 +++ services/mpa/mpahooks/mpahooks.go | 4 ++-- services/mpa/server/server.go | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/services/mpa/mpahooks/mpa_redact.go b/services/mpa/mpahooks/mpa_redact.go index 620ce84a..9af9b066 100644 --- a/services/mpa/mpahooks/mpa_redact.go +++ b/services/mpa/mpahooks/mpa_redact.go @@ -30,6 +30,9 @@ import ( // any fields that are marked with the mpa_redacted annotation. // Returns true if the message was modified. func RedactFieldsForMPA(anyMsg *anypb.Any) (bool, error) { + if anyMsg == nil { + return false, nil + } // First extract the message from Any msg, err := anyMsg.UnmarshalNew() if err != nil { diff --git a/services/mpa/mpahooks/mpahooks.go b/services/mpa/mpahooks/mpahooks.go index 27ed1d95..3193a4e7 100644 --- a/services/mpa/mpahooks/mpahooks.go +++ b/services/mpa/mpahooks/mpahooks.go @@ -88,7 +88,7 @@ func ActionMatchesInput(ctx context.Context, action *mpa.Action, input *rpcauth. // Redact fields that shouldn't be checked for equality if _, err := RedactFieldsForMPA(&msg); err != nil { - return fmt.Errorf("error redacting marked fields: %v", err) + return fmt.Errorf("error redacting message for MPA: %v", err) } // Prefer using a proxied identity if provided @@ -127,7 +127,7 @@ func createAndBlockOnSingleTargetMPA(ctx context.Context, method string, req any // Redact fields that shouldn't be stored in the MPA if _, err := RedactFieldsForMPA(&msg); err != nil { - return "", fmt.Errorf("error redacting marked fields: %v", err) + return "", fmt.Errorf("error redacting message for MPA: %v", err) } mpaClient := mpa.NewMpaClient(cc) diff --git a/services/mpa/server/server.go b/services/mpa/server/server.go index 94ae9e02..175fa263 100644 --- a/services/mpa/server/server.go +++ b/services/mpa/server/server.go @@ -90,7 +90,7 @@ func actionId(action *mpa.Action) (string, error) { msg := action.Message // Redact fields that shouldn't be checked for equality if _, err := mpahooks.RedactFieldsForMPA(msg); err != nil { - return "", fmt.Errorf("error redacting marked fields: %v", err) + return "", fmt.Errorf("error redacting message for MPA: %v", err) } b, err := protojson.Marshal(action) From ac361e0524010d28c271ae1a1fb3c7c1c0638c7c Mon Sep 17 00:00:00 2001 From: Marcin Walas Date: Mon, 12 May 2025 12:51:19 +0200 Subject: [PATCH 5/6] Rollback sansshell-server default rego policy change --- cmd/sansshell-server/default-policy.rego | 1 + 1 file changed, 1 insertion(+) diff --git a/cmd/sansshell-server/default-policy.rego b/cmd/sansshell-server/default-policy.rego index aa95c94c..d9956f1f 100644 --- a/cmd/sansshell-server/default-policy.rego +++ b/cmd/sansshell-server/default-policy.rego @@ -106,6 +106,7 @@ allow { # Allow MPA setting when not sending a proxied identity. The proxy is allowed above. allow { + not input.metadata["proxied-sansshell-identity"] input.method = ["/Mpa.Mpa/Store", "/Mpa.Mpa/Approve"][_] } From 49348769a11eb124e7de8c2dd4b791e309e6904f Mon Sep 17 00:00:00 2001 From: Marcin Walas Date: Mon, 12 May 2025 20:52:55 +0200 Subject: [PATCH 6/6] update copyright year --- services/mpa/annotations/annotations.go | 2 +- services/mpa/mpahooks/mpa_redact.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/services/mpa/annotations/annotations.go b/services/mpa/annotations/annotations.go index 0e8dba16..a52023d0 100644 --- a/services/mpa/annotations/annotations.go +++ b/services/mpa/annotations/annotations.go @@ -1,4 +1,4 @@ -/* Copyright (c) 2019 Snowflake Inc. All rights reserved. +/* Copyright (c) 2025 Snowflake Inc. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance diff --git a/services/mpa/mpahooks/mpa_redact.go b/services/mpa/mpahooks/mpa_redact.go index 9af9b066..2f88d607 100644 --- a/services/mpa/mpahooks/mpa_redact.go +++ b/services/mpa/mpahooks/mpa_redact.go @@ -1,4 +1,4 @@ -/* Copyright (c) 2023 Snowflake Inc. All rights reserved. +/* Copyright (c) 2025 Snowflake Inc. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance