Backport of refact: to use go-dbw CreateItems, DeleteItems into release/0.17.x

go.mod

@@ -7,7 +7,7 @@ replace github.com/hashicorp/boundary/api => ./api
 replace github.com/hashicorp/boundary/sdk => ./sdk
 
 require (
-	github.com/fatih/color v1.16.0
+	github.com/fatih/color v1.17.0
 	github.com/fatih/structs v1.1.0
 	github.com/favadi/protoc-go-inject-tag v1.4.0
 	github.com/godbus/dbus/v5 v5.1.0 // indirect
@@ -46,7 +46,6 @@ require (
 	github.com/hashicorp/vault/api v1.12.0
 	github.com/iancoleman/strcase v0.3.0
 	github.com/jackc/pgconn v1.14.3
-	github.com/jackc/pgx/v4 v4.18.3 // indirect
 	github.com/jefferai/keyring v1.1.7-0.20220316160357-58a74bb55891
 	github.com/kr/pretty v0.3.1
 	github.com/kr/text v0.2.0
@@ -67,22 +66,22 @@ require (
 	github.com/stretchr/testify v1.9.0
 	github.com/zalando/go-keyring v0.2.3
 	go.uber.org/atomic v1.11.0
-	golang.org/x/crypto v0.21.0
-	golang.org/x/sync v0.6.0
-	golang.org/x/sys v0.20.0
-	golang.org/x/term v0.18.0
-	golang.org/x/tools v0.17.0
+	golang.org/x/crypto v0.25.0
+	golang.org/x/sync v0.7.0
+	golang.org/x/sys v0.22.0
+	golang.org/x/term v0.22.0
+	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d
 	google.golang.org/genproto v0.0.0-20240205150955-31a09d347014
 	google.golang.org/grpc v1.61.1
 	google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0
-	google.golang.org/protobuf v1.33.0
-	gorm.io/driver/postgres v1.5.7
-	gorm.io/gorm v1.25.7 // indirect
+	google.golang.org/protobuf v1.34.2
+	gorm.io/driver/postgres v1.5.9
+	gorm.io/gorm v1.25.11 // indirect
 	mvdan.cc/gofumpt v0.5.0
 	nhooyr.io/websocket v1.8.10
 )
 
-require github.com/hashicorp/go-dbw v0.1.3-0.20240312210008-7ed943176e5b
+require github.com/hashicorp/go-dbw v0.1.4
 
 require (
 	github.com/DATA-DOG/go-sqlmock v1.5.2
@@ -96,21 +95,21 @@ require (
 	github.com/hashicorp/go-rate v0.0.0-20231204194614-cc8d401f70ab
 	github.com/hashicorp/go-version v1.6.0
 	github.com/hashicorp/nodeenrollment v0.2.13
-	github.com/jackc/pgx/v5 v5.5.5
+	github.com/jackc/pgx/v5 v5.6.0
 	github.com/jimlambrt/gldap v0.1.10
 	github.com/kelseyhightower/envconfig v1.4.0
 	github.com/miekg/dns v1.1.58
 	github.com/mikesmitty/edkey v0.0.0-20170222072505-3356ea4e686a
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/sevlyar/go-daemon v0.1.6
 	golang.org/x/exp v0.0.0-20240205201215-2c58cdc269a3
-	golang.org/x/net v0.23.0
+	golang.org/x/net v0.25.0
 	google.golang.org/genproto/googleapis/api v0.0.0-20240205150955-31a09d347014
 )
 
 require (
 	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/mattn/go-sqlite3 v2.0.1+incompatible // indirect
+	github.com/mattn/go-sqlite3 v1.14.22 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	modernc.org/libc v1.41.0 // indirect
 	modernc.org/mathutil v1.6.0 // indirect
@@ -137,7 +136,7 @@ require (
 	go.opentelemetry.io/otel/metric v1.23.1 // indirect
 	go.opentelemetry.io/otel/sdk v1.23.1 // indirect
 	go.opentelemetry.io/otel/trace v1.23.1 // indirect
-	gorm.io/driver/sqlite v1.5.5 // indirect
+	gorm.io/driver/sqlite v1.5.6 // indirect
 )
 
 require (
@@ -189,8 +188,7 @@ require (
 	github.com/jackc/pgio v1.0.0 // indirect
 	github.com/jackc/pgpassfile v1.0.0 // indirect
 	github.com/jackc/pgproto3/v2 v2.3.3 // indirect
-	github.com/jackc/pgservicefile v0.0.0-20231201235250-de7065d80cb9 // indirect
-	github.com/jackc/pgtype v1.14.2 // indirect
+	github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
 	github.com/jefferai/go-libsecret v0.0.0-20210525195240-b53481abef97 // indirect
 	github.com/jefferai/isbadcipher v0.0.0-20190226160619-51d2077c035f // indirect
 	github.com/jinzhu/gorm v1.9.16 // indirect
@@ -222,10 +220,10 @@ require (
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
-	github.com/xo/dburl v0.21.1 // indirect
-	golang.org/x/mod v0.15.0 // indirect
+	github.com/xo/dburl v0.23.1 // indirect
+	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/oauth2 v0.17.0 // indirect
-	golang.org/x/text v0.14.0
+	golang.org/x/text v0.16.0
 	golang.org/x/time v0.5.0 // indirect
 	google.golang.org/appengine v1.6.8 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014 // indirect

internal/auth/ldap/auth_method.go

@@ -141,14 +141,14 @@ func (am *AuthMethod) oplog(ctx context.Context, opType oplog.OpType) (oplog.Met
 }
 
 type convertedValues struct {
-	Urls                 []any
-	Certs                []any
-	UserEntrySearchConf  any
-	GroupEntrySearchConf any
-	ClientCertificate    any
-	BindCredential       any
-	AccountAttributeMaps []any
-	DerefAliases         any
+	Urls                 []*Url
+	Certs                []*Certificate
+	UserEntrySearchConf  *UserEntrySearchConf
+	GroupEntrySearchConf *GroupEntrySearchConf
+	ClientCertificate    *ClientCertificate
+	BindCredential       *BindCredential
+	AccountAttributeMaps []*AccountAttributeMap
+	DerefAliases         *DerefAliases
 }
 
 // convertValueObjects converts the embedded value objects. It will return an
@@ -199,15 +199,15 @@ func (am *AuthMethod) convertValueObjects(ctx context.Context) (*convertedValues
 	return converted, nil
 }
 
-// convertCertificates converts any embedded URLs from []string
-// to []any where each slice element is a *Url. It will return an error if the
-// AuthMethod's public id is not set.
-func (am *AuthMethod) convertUrls(ctx context.Context) ([]any, error) {
+// convertUrls converts any embedded URLs from []string to []*Url where each
+// slice element is a *Url. It will return an error if the AuthMethod's public
+// id is not set.
+func (am *AuthMethod) convertUrls(ctx context.Context) ([]*Url, error) {
 	const op = "ldap.(AuthMethod).convertUrls"
 	if am.PublicId == "" {
 		return nil, errors.New(ctx, errors.InvalidPublicId, op, "missing public id")
 	}
-	newValObjs := make([]any, 0, len(am.Urls))
+	newValObjs := make([]*Url, 0, len(am.Urls))
 	for priority, u := range am.Urls {
 		parsed, err := url.Parse(u)
 		if err != nil {
@@ -223,14 +223,14 @@ func (am *AuthMethod) convertUrls(ctx context.Context) ([]any, error) {
 }
 
 // convertCertificates converts any embedded certificates from []string
-// to []any where each slice element is a *Certificate. It will return an error
-// if the AuthMethod's public id is not set.
-func (am *AuthMethod) convertCertificates(ctx context.Context) ([]any, error) {
+// to []*Certificate. It will return an error if the AuthMethod's public id is
+// not set.
+func (am *AuthMethod) convertCertificates(ctx context.Context) ([]*Certificate, error) {
 	const op = "ldap.(AuthMethod).convertCertificates"
 	if am.PublicId == "" {
 		return nil, errors.New(ctx, errors.InvalidPublicId, op, "missing public id")
 	}
-	newValObjs := make([]any, 0, len(am.Certificates))
+	newValObjs := make([]*Certificate, 0, len(am.Certificates))
 	for _, cert := range am.Certificates {
 		obj, err := NewCertificate(ctx, am.PublicId, cert)
 		if err != nil {
@@ -242,9 +242,9 @@ func (am *AuthMethod) convertCertificates(ctx context.Context) ([]any, error) {
 }
 
 // convertUserEntrySearchConf converts an embedded user entry search fields
-// into an any type.  It will return an error if the AuthMethod's public id is
-// not set.
-func (am *AuthMethod) convertUserEntrySearchConf(ctx context.Context) (any, error) {
+// into an *UserEntrySearchConf type.  It will return an error if the
+// AuthMethod's public id is not set.
+func (am *AuthMethod) convertUserEntrySearchConf(ctx context.Context) (*UserEntrySearchConf, error) {
 	const op = "ldap.(AuthMethod).convertUserEntrySearchConf"
 	if am.PublicId == "" {
 		return nil, errors.New(ctx, errors.InvalidPublicId, op, "missing public id")
@@ -257,9 +257,9 @@ func (am *AuthMethod) convertUserEntrySearchConf(ctx context.Context) (any, erro
 }
 
 // convertGroupEntrySearchConf converts an embedded group entry search fields
-// into an any type.  It will return an error if the AuthMethod's public id is
-// not set.
-func (am *AuthMethod) convertGroupEntrySearchConf(ctx context.Context) (any, error) {
+// into an *GroupEntrySearchConf type.  It will return an error if the
+// AuthMethod's public id is not set.
+func (am *AuthMethod) convertGroupEntrySearchConf(ctx context.Context) (*GroupEntrySearchConf, error) {
 	const op = "ldap.(AuthMethod).convertGroupEntrySearchConf"
 	if am.PublicId == "" {
 		return nil, errors.New(ctx, errors.InvalidPublicId, op, "missing public id")
@@ -272,9 +272,9 @@ func (am *AuthMethod) convertGroupEntrySearchConf(ctx context.Context) (any, err
 }
 
 // convertClientCertificate converts an embedded client certificate entry into
-// an any type.  It will return an error if the AuthMethod's public id is not
-// set.
-func (am *AuthMethod) convertClientCertificate(ctx context.Context) (any, error) {
+// an *ClientCertificate type.  It will return an error if the AuthMethod's
+// public id is not set.
+func (am *AuthMethod) convertClientCertificate(ctx context.Context) (*ClientCertificate, error) {
 	const op = "ldap.(AuthMethod).convertClientCertificate"
 	if am.PublicId == "" {
 		return nil, errors.New(ctx, errors.InvalidPublicId, op, "missing auth method id")
@@ -287,9 +287,9 @@ func (am *AuthMethod) convertClientCertificate(ctx context.Context) (any, error)
 }
 
 // convertBindCredential converts an embedded bind credential entry into
-// an any type.  It will return an error if the AuthMethod's public id is not
-// set.
-func (am *AuthMethod) convertBindCredential(ctx context.Context) (any, error) {
+// an *BindCredential type.  It will return an error if the AuthMethod's public
+// id is not set.
+func (am *AuthMethod) convertBindCredential(ctx context.Context) (*BindCredential, error) {
 	const op = "ldap.(AuthMethod).convertBindCredentials"
 	if am.PublicId == "" {
 		return nil, errors.New(ctx, errors.InvalidPublicId, op, "missing auth method id")
@@ -302,9 +302,9 @@ func (am *AuthMethod) convertBindCredential(ctx context.Context) (any, error) {
 }
 
 // convertDerefAliases converts an embedded deref aliases entry into
-// an any type.  It will return an error if the AuthMethod's public id is not
-// set.
-func (am *AuthMethod) convertDerefAliases(ctx context.Context) (any, error) {
+// an *DerefAliases type.  It will return an error if the AuthMethod's public id
+// is not set.
+func (am *AuthMethod) convertDerefAliases(ctx context.Context) (*DerefAliases, error) {
 	const op = "ldap.(AuthMethod).convertDerefAliases"
 	if am.PublicId == "" {
 		return nil, errors.New(ctx, errors.InvalidPublicId, op, "missing auth method id")
@@ -317,15 +317,15 @@ func (am *AuthMethod) convertDerefAliases(ctx context.Context) (any, error) {
 }
 
 // convertAccountAttributeMaps converts the embedded account attribute maps from
-// []string to []interface{} where each slice element is a *AccountAttributeMap. It
-// will return an error if the AuthMethod's public id is not set or it can
-// convert the account attribute maps.
-func (am *AuthMethod) convertAccountAttributeMaps(ctx context.Context) ([]any, error) {
+// []string to []*AccountAttributeMap. It will return an error if the
+// AuthMethod's public id is not set or it can convert the account attribute
+// maps.
+func (am *AuthMethod) convertAccountAttributeMaps(ctx context.Context) ([]*AccountAttributeMap, error) {
 	const op = "ldap.(AuthMethod).convertAccountAttributeMaps"
 	if am.PublicId == "" {
 		return nil, errors.New(ctx, errors.InvalidPublicId, op, "missing public id")
 	}
-	newInterfaces := make([]any, 0, len(am.AccountAttributeMaps))
+	acctAttribMaps := make([]*AccountAttributeMap, 0, len(am.AccountAttributeMaps))
 	const (
 		from = 0
 		to   = 1
@@ -343,7 +343,7 @@ func (am *AuthMethod) convertAccountAttributeMaps(ctx context.Context) ([]any, e
 		if err != nil {
 			return nil, errors.Wrap(ctx, err, op)
 		}
-		newInterfaces = append(newInterfaces, obj)
+		acctAttribMaps = append(acctAttribMaps, obj)
 	}
-	return newInterfaces, nil
+	return acctAttribMaps, nil
 }

internal/auth/ldap/auth_method_test.go

@@ -348,17 +348,17 @@ func Test_convertValueObjects(t *testing.T) {
 	testCerts := []string{pem}
 	c, err := NewCertificate(testCtx, testPublicId, pem)
 	require.NoError(t, err)
-	testCertificates := []any{c}
+	testCertificates := []*Certificate{c}
 
-	testUrls := make([]any, 0, len(testLdapServers))
+	testUrls := make([]*Url, 0, len(testLdapServers))
 	for priority, uu := range TestConvertToUrls(t, testLdapServers...) {
 		u, err := NewUrl(testCtx, testPublicId, priority+1, uu)
 		require.NoError(t, err)
 		testUrls = append(testUrls, u)
 	}
 
 	testAttrMaps := []string{"email_address=email", "display_name=fullName"}
-	testAccountAttributeMaps := make([]any, 0, len(testAttrMaps))
+	testAccountAttributeMaps := make([]*AccountAttributeMap, 0, len(testAttrMaps))
 	acms, err := ParseAccountAttributeMaps(testCtx, testAttrMaps...)
 	require.NoError(t, err)
 	for _, m := range acms {
@@ -618,6 +618,23 @@ func (a converted) Less(i, j int) bool {
 }
 
 func testSortConverted(t *testing.T, c *convertedValues) {
-	sort.Sort(converted(c.Urls))
-	sort.Sort(converted(c.Certs))
+	t.Helper()
+	sort.Sort(sortableUrls(c.Urls))
+	sort.Sort(sortableCerts(c.Certs))
+}
+
+type sortableUrls []*Url
+
+func (u sortableUrls) Len() int      { return len(u) }
+func (u sortableUrls) Swap(i, j int) { u[i], u[j] = u[j], u[i] }
+func (u sortableUrls) Less(i, j int) bool {
+	return u[i].GetServerUrl() < u[j].GetServerUrl()
+}
+
+type sortableCerts []*Certificate
+
+func (c sortableCerts) Len() int      { return len(c) }
+func (c sortableCerts) Swap(i, j int) { c[i], c[j] = c[j], c[i] }
+func (c sortableCerts) Less(i, j int) bool {
+	return c[i].GetCert() < c[j].GetCert()
 }

internal/auth/ldap/repository_auth_method_create.go

@@ -68,20 +68,12 @@ func (r *Repository) CreateAuthMethod(ctx context.Context, am *AuthMethod, opt .
 	}
 
 	if cv.BindCredential != nil {
-		bc, ok := cv.BindCredential.(*BindCredential)
-		if !ok {
-			return nil, errors.New(ctx, errors.Internal, op, fmt.Sprintf("invalid type (%T) is not a bind credential", cv.BindCredential))
-		}
-		if err := bc.encrypt(ctx, dbWrapper); err != nil {
+		if err := cv.BindCredential.encrypt(ctx, dbWrapper); err != nil {
 			return nil, errors.Wrap(ctx, err, op, errors.WithMsg("failed to encrypt bind credential"))
 		}
 	}
 	if cv.ClientCertificate != nil {
-		cc, ok := cv.ClientCertificate.(*ClientCertificate)
-		if !ok {
-			return nil, errors.New(ctx, errors.Internal, op, fmt.Sprintf("invalid type (%T) is not a client certificate", cv.ClientCertificate))
-		}
-		if err := cc.encrypt(ctx, dbWrapper); err != nil {
+		if err := cv.ClientCertificate.encrypt(ctx, dbWrapper); err != nil {
 			return nil, errors.Wrap(ctx, err, op, errors.WithMsg("failed to encrypt client certificate"))
 		}
 	}