annotations

lib/auth/auth.go

@@ -1550,17 +1550,19 @@ func (a *Server) SetAccessRequestState(ctx context.Context, params services.Acce
 		RequestID:    params.RequestID,
 		RequestState: params.State.String(),
 		Reason:       params.Reason,
+		Roles:        params.Roles,
 	}
+
 	if delegator := getDelegator(ctx); delegator != "" {
 		event.Delegator = delegator
 	}
 
-	if len(params.Attrs) > 0 {
-		attrs, err := events.EncodeMapStrings(params.Attrs)
+	if len(params.Annotations) > 0 {
+		annotations, err := events.EncodeMapStrings(params.Annotations)
 		if err != nil {
-			log.WithError(err).Debugf("Failed to encode access request attrs.")
+			log.WithError(err).Debugf("Failed to encode access request annotations.")
 		} else {
-			event.Attrs = attrs
+			event.Annotations = annotations
 		}
 	}
 	err := a.emitter.EmitAuditEvent(a.closeCtx, event)

lib/auth/clt.go

@@ -2799,11 +2799,11 @@ func (c *Client) SetAccessRequestState(ctx context.Context, params services.Acce
 		return trace.Wrap(err)
 	}
 	setter := proto.RequestStateSetter{
-		ID:     params.RequestID,
-		State:  params.State,
-		Reason: params.Reason,
-		Attrs:  params.Attrs,
-		Roles:  params.Roles,
+		ID:          params.RequestID,
+		State:       params.State,
+		Reason:      params.Reason,
+		Annotations: params.Annotations,
+		Roles:       params.Roles,
 	}
 	if d := getDelegator(ctx); d != "" {
 		setter.Delegator = d

lib/auth/grpcserver.go

@@ -386,11 +386,11 @@ func (g *GRPCServer) SetAccessRequestState(ctx context.Context, req *proto.Reque
 		ctx = WithDelegator(ctx, req.Delegator)
 	}
 	if err := auth.ServerWithRoles.SetAccessRequestState(ctx, services.AccessRequestUpdate{
-		RequestID: req.ID,
-		State:     req.State,
-		Reason:    req.Reason,
-		Attrs:     req.Attrs,
-		Roles:     req.Roles,
+		RequestID:   req.ID,
+		State:       req.State,
+		Reason:      req.Reason,
+		Annotations: req.Annotations,
+		Roles:       req.Roles,
 	}); err != nil {
 		return nil, trail.ToGRPC(err)
 	}

lib/auth/proto/authservice.proto

@@ -167,12 +167,12 @@ message RequestStateSetter {
     // Reason is an optional message indicating the reason for the
     // resolution (approval, denail , etc...).
     string Reason = 4 [ (gogoproto.jsontag) = "reason,omitempty" ];
-    // Attrs are key/value pairs received from plugins during request
+    // Annotations are key/value pairs received from plugins during request
     // resolution.  They are currently only used to provide additional logging
     // information.
-    wrappers.LabelValues Attrs = 5 [
+    wrappers.LabelValues Annotations = 5 [
         (gogoproto.nullable) = false,
-        (gogoproto.jsontag) = "attrs,omitempty",
+        (gogoproto.jsontag) = "annotations,omitempty",
         (gogoproto.customtype) = "github.com/gravitational/teleport/lib/wrappers.Traits"
     ];
     // Roles, if present, overrides the existing set of roles associated

lib/events/events.proto

@@ -550,10 +550,10 @@ message AccessRequestCreate {
     // created or updated.
     string Reason = 8 [ (gogoproto.jsontag) = "reason,omitempty" ];
 
-    // Attrs is an optional set of attributes supplied by a plugin during
+    // Annotations is an optional set of attributes supplied by a plugin during
     // approval/denail of the request.
-    google.protobuf.Struct Attrs = 9
-        [ (gogoproto.jsontag) = "attrs,omitempty", (gogoproto.casttype) = "Struct" ];
+    google.protobuf.Struct Annotations = 9
+        [ (gogoproto.jsontag) = "annotations,omitempty", (gogoproto.casttype) = "Struct" ];
 }
 
 // PortForward is emitted when a user requests port forwarding.

lib/services/access_request.go

@@ -148,11 +148,11 @@ func (f *AccessRequestFilter) Equals(o AccessRequestFilter) bool {
 }
 
 type AccessRequestUpdate struct {
-	RequestID string
-	State     RequestState
-	Reason    string
-	Attrs     map[string][]string
-	Roles     []string
+	RequestID   string
+	State       RequestState
+	Reason      string
+	Annotations map[string][]string
+	Roles       []string
 }
 
 func (u *AccessRequestUpdate) Check() error {
@@ -223,8 +223,8 @@ type AccessRequest interface {
 	SetRequestReason(string)
 	GetResolveReason() string
 	SetResolveReason(string)
-	GetResolveAttrs() map[string][]string
-	SetResolveAttrs(map[string][]string)
+	GetResolveAnnotations() map[string][]string
+	SetResolveAnnotations(map[string][]string)
 
 	// CheckAndSetDefaults validates the access request and
 	// supplies default values where appropriate.
@@ -479,12 +479,12 @@ func (r *AccessRequestV3) SetResolveReason(reason string) {
 	r.Spec.ResolveReason = reason
 }
 
-func (r *AccessRequestV3) GetResolveAttrs() map[string][]string {
-	return r.Spec.ResolveAttrs
+func (r *AccessRequestV3) GetResolveAnnotations() map[string][]string {
+	return r.Spec.ResolveAnnotations
 }
 
-func (r *AccessRequestV3) SetResolveAttrs(attrs map[string][]string) {
-	r.Spec.ResolveAttrs = attrs
+func (r *AccessRequestV3) SetResolveAnnotations(annotations map[string][]string) {
+	r.Spec.ResolveAnnotations = annotations
 }
 
 func (r *AccessRequestV3) CheckAndSetDefaults() error {
@@ -525,8 +525,8 @@ func (r *AccessRequestV3) Check() error {
 		if r.GetResolveReason() != "" {
 			return trace.BadParameter("pending requests cannot include resolve reason")
 		}
-		if len(r.GetResolveAttrs()) != 0 {
-			return trace.BadParameter("pending requests cannot include resolve attrs")
+		if len(r.GetResolveAnnotations()) != 0 {
+			return trace.BadParameter("pending requests cannot include resolve annotations")
 		}
 	}
 	return nil
@@ -640,7 +640,7 @@ const AccessRequestSpecSchema = `{
 		"expires": { "type": "string" },
 		"request_reason": { "type": "string" },
 		"resolve_reason": { "type": "string" },
-		"resolve_attrs": { "type": "object" }
+		"resolve_annotations": { "type": "object" }
 	}
 }`