feat(handlers): Implement CRUDL for vault generic Password credential (#6161)

Author: laero

internal/credential/credential.go

@@ -143,9 +143,9 @@ type UsernamePasswordDomain interface {
 	Domain() string
 }
 
-// PasswordCredential is a credential containing a username and a password.
+// PasswordOnly is a credential containing a password.
 // Does not follow naming convention to avoid conflict with existing Password type.
-type PasswordCredential interface {
+type PasswordOnly interface {
 	Credential
 	Password() Password
 }

internal/credential/vault/private_library.go

@@ -169,7 +169,7 @@ func baseToUsrPassDomain(ctx context.Context, bc *baseCred) (*usrPassDomainCred,
 	}, nil
 }
 
-var _ credential.PasswordCredential = (*passCred)(nil)
+var _ credential.PasswordOnly = (*passCred)(nil)
 
 type passCred struct {
 	*baseCred

internal/daemon/controller/handlers/credentiallibraries/credentiallibrary_service.go

@@ -83,6 +83,7 @@ var (
 		globals.SshPrivateKeyCredentialType,
 		globals.UnspecifiedCredentialType,
 		globals.UsernamePasswordDomainCredentialType,
+		globals.PasswordCredentialType,
 	}
 
 	validKeyTypes = []string{
@@ -851,6 +852,11 @@ func toProto(ctx context.Context, in credential.Library, opt ...handlers.Option)
 						m[domainAttribute] = mapping.DomainAttribute
 					}
 
+				case *vault.PasswordOverride:
+					if mapping.PasswordAttribute != "" {
+						m[passwordAttribute] = mapping.PasswordAttribute
+					}
+
 				case *vault.SshPrivateKeyOverride:
 					if mapping.UsernameAttribute != "" {
 						m[usernameAttribute] = mapping.UsernameAttribute
@@ -1006,6 +1012,17 @@ func toStorageVaultLibrary(ctx context.Context, storeId string, in *pb.Credentia
 			opts = append(opts, vault.WithMappingOverride(vault.NewUsernamePasswordDomainOverride(mapOpts...)))
 		}
 
+	case globals.PasswordCredentialType:
+		opts = append(opts, vault.WithCredentialType(credentialType))
+		overrides := in.CredentialMappingOverrides.AsMap()
+		var mapOpts []vault.Option
+		if password := overrides[passwordAttribute]; password != nil {
+			mapOpts = append(mapOpts, vault.WithOverridePasswordAttribute(password.(string)))
+		}
+		if len(mapOpts) > 0 {
+			opts = append(opts, vault.WithMappingOverride(vault.NewPasswordOverride(mapOpts...)))
+		}
+
 	case globals.SshPrivateKeyCredentialType:
 		opts = append(opts, vault.WithCredentialType(credentialType))
 		overrides := in.CredentialMappingOverrides.AsMap()
@@ -1340,6 +1357,8 @@ func validateMapping(badFields map[string]string, credentialType globals.Credent
 		validFields[usernameAttribute] = true
 		validFields[passwordAttribute] = true
 		validFields[domainAttribute] = true
+	case globals.PasswordCredentialType:
+		validFields[passwordAttribute] = true
 	default:
 		badFields[globals.CredentialTypeField] = fmt.Sprintf("Unknown credential type %q", credentialType)
 		return
@@ -1457,6 +1476,18 @@ func getMappingUpdates(credentialType globals.CredentialType, current vault.Mapp
 		default:
 			ret[domainAttribute] = currentDomain
 		}
+	case globals.PasswordCredentialType:
+		var currentPass any
+		if overrides, ok := current.(*vault.PasswordOverride); ok {
+			currentPass = overrides.PasswordAttribute
+		}
+
+		switch {
+		case masks[passwordAttribute]:
+			ret[passwordAttribute] = new[passwordAttribute]
+		default:
+			ret[passwordAttribute] = currentPass
+		}
 	case globals.SshPrivateKeyCredentialType:
 		var currentUser, currentpPass, currentPk any
 		if overrides, ok := current.(*vault.SshPrivateKeyOverride); ok {