hashicorp
diff --git a/‎api/credentials/option.gen.go‎
Lines changed: 12 additions & 0 deletions b/‎api/credentials/option.gen.go‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎api/credentials/password_attributes.gen.go‎
Lines changed: 41 additions & 0 deletions b/‎api/credentials/password_attributes.gen.go‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎internal/api/genapi/input.go‎
Lines changed: 16 additions & 0 deletions b/‎internal/api/genapi/input.go‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎internal/daemon/controller/handlers/credentials/credential_service.go‎
Lines changed: 92 additions & 1 deletion b/‎internal/daemon/controller/handlers/credentials/credential_service.go‎
Lines changed: 92 additions & 1 deletion
@@ -736,6 +736,22 @@ var inputStructs = []*structInfo{
 			mapstructureConversionTemplate,
 		},
 	},
+	{
+		inProto:     &credentials.PasswordAttributes{},
+		outFile:     "credentials/password_attributes.gen.go",
+		subtypeName: "PasswordCredential",
+		subtype:     "password",
+		fieldOverrides: []fieldInfo{
+			{
+				Name:        "Password",
+				SkipDefault: true,
+			},
+		},
+		parentTypeName: "Credential",
+		templates: []*template.Template{
+			mapstructureConversionTemplate,
+		},
+	},
 	{
 		inProto:     &credentials.SshPrivateKeyAttributes{},
 		outFile:     "credentials/ssh_private_key_attributes.gen.go",
 
@@ -49,6 +49,7 @@ var (
 	upMaskManager   handlers.MaskManager
 	spkMaskManager  handlers.MaskManager
 	jsonMaskManager handlers.MaskManager
+	pMaskmanager    handlers.MaskManager
 
 	// IdActions contains the set of actions that can be performed on
 	// individual resources
@@ -97,6 +98,13 @@ func init() {
 	); err != nil {
 		panic(err)
 	}
+	if pMaskmanager, err = handlers.NewMaskManager(
+		context.Background(),
+		handlers.MaskDestination{&store.PasswordCredential{}},
+		handlers.MaskSource{&pb.Credential{}, &pb.PasswordAttributes{}},
+	); err != nil {
+		panic(err)
+	}
 
 	// TODO: refactor to remove IdActionsMap and CollectionActions package variables
 	action.RegisterResource(resource.Credential, IdActions, CollectionActions)
@@ -454,6 +462,23 @@ func (s Service) createInRepo(ctx context.Context, scopeId string, item *pb.Cred
 			return nil, handlers.ApiErrorWithCodeAndMessage(codes.Internal, "Unable to create credential but no error returned from repository.")
 		}
 		return out, nil
+	case credential.PasswordSubtype.String():
+		cred, err := toPasswordStorageCredential(ctx, item.GetCredentialStoreId(), item)
+		if err != nil {
+			return nil, errors.Wrap(ctx, err, op)
+		}
+		repo, err := s.repoFn()
+		if err != nil {
+			return nil, errors.Wrap(ctx, err, op)
+		}
+		out, err := repo.CreatePasswordCredential(ctx, scopeId, cred)
+		if err != nil {
+			return nil, errors.Wrap(ctx, err, op, errors.WithMsg("unable to create credential"))
+		}
+		if out == nil {
+			return nil, handlers.ApiErrorWithCodeAndMessage(codes.Internal, "Unable to create credential but no error returned from repository.")
+		}
+		return out, nil
 	case credential.SshPrivateKeySubtype.String():
 		cred, err := toSshPrivateKeyStorageCredential(ctx, item.GetCredentialStoreId(), item)
 		if err != nil {
@@ -551,6 +576,29 @@ func (s Service) updateInRepo(
 			return nil, handlers.NotFoundErrorf("Credential %q doesn't exist or incorrect version provided.", id)
 		}
 		return out, nil
+	case credential.PasswordSubtype:
+		dbMasks = append(dbMasks, pMaskmanager.Translate(masks)...)
+		if len(dbMasks) == 0 {
+			return nil, handlers.InvalidArgumentErrorf("No valid fields included in the update mask.", map[string]string{"update_mask": "No valid fields provided in the update mask."})
+		}
+
+		cred, err := toPasswordStorageCredential(ctx, storeId, in)
+		if err != nil {
+			return nil, errors.Wrap(ctx, err, op, errors.WithMsg("unable to convert to password storage credential"))
+		}
+		cred.PublicId = id
+		repo, err := s.repoFn()
+		if err != nil {
+			return nil, errors.Wrap(ctx, err, op)
+		}
+		out, rowsUpdated, err := repo.UpdatePasswordCredential(ctx, scopeId, cred, item.GetVersion(), dbMasks)
+		if err != nil {
+			return nil, errors.Wrap(ctx, err, op, errors.WithMsg("unable to update credential"))
+		}
+		if rowsUpdated == 0 {
+			return nil, handlers.NotFoundErrorf("Credential %q doesn't exist or incorrect version provided.", id)
+		}
+		return out, nil
 
 	case credential.SshPrivateKeySubtype:
 		dbMasks = append(dbMasks, spkMaskManager.Translate(masks)...)
@@ -731,6 +779,8 @@ func toProto(in credential.Static, opt ...handlers.Option) (*pb.Credential, erro
 			out.Type = credential.UsernamePasswordSubtype.String()
 		case *static.UsernamePasswordDomainCredential:
 			out.Type = credential.UsernamePasswordDomainSubtype.String()
+		case *static.PasswordCredential:
+			out.Type = credential.PasswordSubtype.String()
 		case *static.SshPrivateKeyCredential:
 			out.Type = credential.SshPrivateKeySubtype.String()
 		case *static.JsonCredential:
@@ -779,6 +829,14 @@ func toProto(in credential.Static, opt ...handlers.Option) (*pb.Credential, erro
 				},
 			}
 		}
+	case *static.PasswordCredential:
+		if outputFields.Has(globals.AttributesField) {
+			out.Attrs = &pb.Credential_PasswordAttributes{
+				PasswordAttributes: &pb.PasswordAttributes{
+					PasswordHmac: base64.RawURLEncoding.EncodeToString(cred.GetPasswordHmac()),
+				},
+			}
+		}
 	case *static.SshPrivateKeyCredential:
 		if outputFields.Has(globals.AttributesField) {
 			out.Attrs = &pb.Credential_SshPrivateKeyAttributes{
@@ -848,6 +906,28 @@ func toUsernamePasswordDomainStorageCredential(ctx context.Context, storeId stri
 	return cs, err
 }
 
+func toPasswordStorageCredential(ctx context.Context, storeId string, in *pb.Credential) (out *static.PasswordCredential, err error) {
+	const op = "credentials.toPasswordStorageCredential"
+	var opts []static.Option
+	if in.GetName() != nil {
+		opts = append(opts, static.WithName(in.GetName().GetValue()))
+	}
+	if in.GetDescription() != nil {
+		opts = append(opts, static.WithDescription(in.GetDescription().GetValue()))
+	}
+
+	attrs := in.GetPasswordAttributes()
+	cs, err := static.NewPasswordCredential(
+		storeId,
+		credential.Password(attrs.GetPassword().GetValue()),
+		opts...)
+	if err != nil {
+		return nil, errors.Wrap(ctx, err, op, errors.WithMsg("unable to build credential"))
+	}
+
+	return cs, err
+}
+
 func toSshPrivateKeyStorageCredential(ctx context.Context, storeId string, in *pb.Credential) (out *static.SshPrivateKeyCredential, err error) {
 	const op = "credentials.toSshPrivateKeyStorageCredential"
 	var opts []static.Option
@@ -919,6 +999,7 @@ func validateGetRequest(req *pbs.GetCredentialRequest) error {
 		globals.UsernamePasswordCredentialPrefix,
 		globals.UsernamePasswordCredentialPreviousPrefix,
 		globals.UsernamePasswordDomainCredentialPrefix,
+		globals.PasswordCredentialPrefix,
 		globals.SshPrivateKeyCredentialPrefix,
 		globals.JsonCredentialPrefix,
 	)
@@ -949,6 +1030,10 @@ func validateCreateRequest(req *pbs.CreateCredentialRequest) error {
 			if req.Item.GetUsernamePasswordDomainAttributes().GetDomain().GetValue() == "" {
 				badFields[domainField] = "Field required for creating a username-password-domain credential."
 			}
+		case credential.PasswordSubtype.String():
+			if req.Item.GetPasswordAttributes().GetPassword().GetValue() == "" {
+				badFields[passwordField] = "Field required for creating a password credential."
+			}
 		case credential.SshPrivateKeySubtype.String():
 			if req.Item.GetSshPrivateKeyAttributes().GetUsername().GetValue() == "" {
 				badFields[usernameField] = "Field required for creating an SSH private key credential."
@@ -1018,7 +1103,11 @@ func validateUpdateRequest(req *pbs.UpdateCredentialRequest) error {
 			if handlers.MaskContains(req.GetUpdateMask().GetPaths(), domainField) && attrs.GetDomain().GetValue() == "" {
 				badFields[domainField] = "This is a required field and cannot be set to empty."
 			}
-
+		case credential.PasswordSubtype:
+			attrs := req.GetItem().GetPasswordAttributes()
+			if handlers.MaskContains(req.GetUpdateMask().GetPaths(), passwordField) && attrs.GetPassword().GetValue() == "" {
+				badFields[passwordField] = "This is a required field and cannot be set to empty."
+			}
 		case credential.SshPrivateKeySubtype:
 			attrs := req.GetItem().GetSshPrivateKeyAttributes()
 			if handlers.MaskContains(req.GetUpdateMask().GetPaths(), usernameField) && attrs.GetUsername().GetValue() == "" {
@@ -1070,6 +1159,7 @@ func validateUpdateRequest(req *pbs.UpdateCredentialRequest) error {
 		globals.UsernamePasswordCredentialPrefix,
 		globals.UsernamePasswordCredentialPreviousPrefix,
 		globals.UsernamePasswordDomainCredentialPrefix,
+		globals.PasswordCredentialPrefix,
 		globals.SshPrivateKeyCredentialPrefix,
 		globals.JsonCredentialPrefix,
 	)
@@ -1082,6 +1172,7 @@ func validateDeleteRequest(req *pbs.DeleteCredentialRequest) error {
 		globals.UsernamePasswordCredentialPrefix,
 		globals.UsernamePasswordCredentialPreviousPrefix,
 		globals.UsernamePasswordDomainCredentialPrefix,
+		globals.PasswordCredentialPrefix,
 		globals.SshPrivateKeyCredentialPrefix,
 		globals.JsonCredentialPrefix,
 	)