secrets/db: fix structpb conversion for external plugins using alternative cred types (#15801)

2026-05-05 12:26:34 +02:00 · 2022-06-03 16:15:09 -07:00 · 2022-06-03 16:15:09 -07:00 · 4ac2b575fa
commit 4ac2b575fa
parent 47a43ab8ac
2 changed files with 12 additions and 3 deletions
--- a/sdk/database/dbplugin/v5/database.go
+++ b/sdk/database/dbplugin/v5/database.go
@ -79,7 +79,7 @@ const SupportedCredentialTypesKey = "supported_credential_types"
 // supported by the database plugin. It can be used by database plugins
 // to communicate what CredentialType values it supports managing.
 func (ir InitializeResponse) SetSupportedCredentialTypes(credTypes []CredentialType) {
-	sct := make([]string, 0, len(credTypes))
+	sct := make([]interface{}, 0, len(credTypes))
 	for _, t := range credTypes {
 		sct = append(sct, t.String())
 	}
--- a/sdk/database/dbplugin/v5/grpc_client.go
+++ b/sdk/database/dbplugin/v5/grpc_client.go
@ -81,8 +81,17 @@ func (c gRPCClient) NewUser(ctx context.Context, req NewUserRequest) (NewUserRes
 }

 func newUserReqToProto(req NewUserRequest) (*proto.NewUserRequest, error) {
-	if req.Password == "" {
-		return nil, fmt.Errorf("missing password")
+	switch req.CredentialType {
+	case CredentialTypePassword:
+		if req.Password == "" {
+			return nil, fmt.Errorf("missing password credential")
+		}
+	case CredentialTypeRSAPrivateKey:
+		if len(req.PublicKey) == 0 {
+			return nil, fmt.Errorf("missing public key credential")
+		}
+	default:
+		return nil, fmt.Errorf("unknown credential type")
 	}

 	expiration, err := ptypes.TimestampProto(req.Expiration)