Clean up access list protos, add in conversion functions tests.

api/proto/teleport/accesslist/v1/accesslist.proto

@@ -21,7 +21,7 @@ import "google/protobuf/timestamp.proto";
 import "teleport/header/v1/resourceheader.proto";
 import "teleport/trait/v1/trait.proto";
 
-option go_package = "github.com/gravitational/teleport/api/gen/proto/go/accesslist/v1;accesslist";
+option go_package = "github.com/gravitational/teleport/api/gen/proto/go/teleport/accesslist/v1;accesslistv1";
 
 // AccessList describes the basic building block of access grants, which are
 // similar to access requests but for longer lived permissions that need to be

api/proto/teleport/header/v1/metadata.proto

@@ -18,7 +18,7 @@ package teleport.header.v1;
 
 import "google/protobuf/timestamp.proto";
 
-option go_package = "github.com/gravitational/teleport/api/gen/proto/go/header/v1;header";
+option go_package = "github.com/gravitational/teleport/api/gen/proto/go/teleport/header/v1;headerv1";
 
 // Metadata is resource metadata.
 message Metadata {

api/proto/teleport/header/v1/resourceheader.proto

@@ -18,7 +18,7 @@ package teleport.header.v1;
 
 import "teleport/header/v1/metadata.proto";
 
-option go_package = "github.com/gravitational/teleport/api/gen/proto/go/header/v1;header";
+option go_package = "github.com/gravitational/teleport/api/gen/proto/go/teleport/header/v1;headerv1";
 
 // ResourceHeader is a shared resource header.
 message ResourceHeader {

api/proto/teleport/trait/v1/trait.proto

@@ -16,7 +16,7 @@ syntax = "proto3";
 
 package teleport.trait.v1;
 
-option go_package = "github.com/gravitational/teleport/api/gen/proto/go/trait/v1;trait";
+option go_package = "github.com/gravitational/teleport/api/gen/proto/go/teleport/trait/v1;traitv1";
 
 // Trait is a trait that can be use in various resources.
 message Trait {

api/types/resource.go

@@ -25,7 +25,6 @@ import (
 
 	"github.com/gravitational/teleport/api/defaults"
 	"github.com/gravitational/teleport/api/types/common"
-	"github.com/gravitational/teleport/api/types/header"
 	"github.com/gravitational/teleport/api/utils"
 )
 
@@ -368,17 +367,6 @@ func (h *ResourceHeader) CheckAndSetDefaults() error {
 	return trace.Wrap(h.Metadata.CheckAndSetDefaults())
 }
 
-// FromHeaderMetadata will convert a *header.Metadata object to this metadata object.
-// TODO: Remove this once we get rid of the old Metadata object.
-func FromHeaderMetadata(metadata header.Metadata) Metadata {
-	return Metadata{
-		ID:          metadata.ID,
-		Name:        metadata.Name,
-		Description: metadata.Description,
-		Labels:      metadata.Labels,
-	}
-}
-
 // GetID returns resource ID
 func (m *Metadata) GetID() int64 {
 	return m.ID

lib/services/access_list.go

@@ -21,32 +21,32 @@ import (
 
 	"github.com/gravitational/trace"
 
-	"github.com/gravitational/teleport/api/types"
+	"github.com/gravitational/teleport/lib/types/accesslist"
 	"github.com/gravitational/teleport/lib/utils"
 )
 
 // AccessListsGetter defines an interface for reading access lists.
 type AccessListsGetter interface {
 	// GetAccessLists returns a list of all access lists.
-	GetAccessLists(context.Context) ([]*types.AccessList, error)
+	GetAccessLists(context.Context) ([]*accesslist.AccessList, error)
 	// GetAccessList returns the specified access list resource.
-	GetAccessList(context.Context, string) (*types.AccessList, error)
+	GetAccessList(context.Context, string) (*accesslist.AccessList, error)
 }
 
 // AccessLists defines an interface for managing AccessLists.
 type AccessLists interface {
 	AccessListsGetter
 
 	// UpsertAccessList creates or updates an access list resource.
-	UpsertAccessList(context.Context, *types.AccessList) error
+	UpsertAccessList(context.Context, *accesslist.AccessList) error
 	// DeleteAccessList removes the specified access list resource.
 	DeleteAccessList(context.Context, string) error
 	// DeleteAllAccessLists removes all access lists.
 	DeleteAllAccessLists(context.Context) error
 }
 
 // MarshalAccessList marshals the access list resource to JSON.
-func MarshalAccessList(accessList *types.AccessList, opts ...MarshalOption) ([]byte, error) {
+func MarshalAccessList(accessList *accesslist.AccessList, opts ...MarshalOption) ([]byte, error) {
 	if err := accessList.CheckAndSetDefaults(); err != nil {
 		return nil, trace.Wrap(err)
 	}
@@ -65,15 +65,15 @@ func MarshalAccessList(accessList *types.AccessList, opts ...MarshalOption) ([]b
 }
 
 // UnmarshalAccessList unmarshals the access list resource from JSON.
-func UnmarshalAccessList(data []byte, opts ...MarshalOption) (*types.AccessList, error) {
+func UnmarshalAccessList(data []byte, opts ...MarshalOption) (*accesslist.AccessList, error) {
 	if len(data) == 0 {
 		return nil, trace.BadParameter("missing access list data")
 	}
 	cfg, err := CollectOptions(opts)
 	if err != nil {
 		return nil, trace.Wrap(err)
 	}
-	var accessList *types.AccessList
+	var accessList *accesslist.AccessList
 	if err := utils.FastUnmarshal(data, &accessList); err != nil {
 		return nil, trace.BadParameter(err.Error())
 	}

lib/services/access_list_test.go

@@ -22,20 +22,20 @@ import (
 
 	"github.com/stretchr/testify/require"
 
-	"github.com/gravitational/teleport/api/types"
-	"github.com/gravitational/teleport/api/types/header"
+	"github.com/gravitational/teleport/lib/types/accesslist"
+	"github.com/gravitational/teleport/lib/types/header"
 	"github.com/gravitational/teleport/lib/utils"
 )
 
 // TestAccessListUnmarshal verifies an access list resource can be unmarshaled.
 func TestAccessListUnmarshal(t *testing.T) {
-	expected, err := types.NewAccessList(
+	expected, err := accesslist.NewAccessList(
 		header.Metadata{
 			Name: "test-access-list",
 		},
-		types.AccessListSpec{
+		accesslist.AccessListSpec{
 			Description: "test access list",
-			Owners: []types.AccessListOwner{
+			Owners: []accesslist.AccessListOwner{
 				{
 					Name:        "test-user1",
 					Description: "test user 1",
@@ -45,31 +45,31 @@ func TestAccessListUnmarshal(t *testing.T) {
 					Description: "test user 2",
 				},
 			},
-			Audit: types.AccessListAudit{
+			Audit: accesslist.AccessListAudit{
 				Frequency: time.Hour,
 			},
-			MembershipRequires: types.AccessListRequires{
+			MembershipRequires: accesslist.AccessListRequires{
 				Roles: []string{"mrole1", "mrole2"},
 				Traits: map[string][]string{
 					"mtrait1": {"mvalue1", "mvalue2"},
 					"mtrait2": {"mvalue3", "mvalue4"},
 				},
 			},
-			OwnershipRequires: types.AccessListRequires{
+			OwnershipRequires: accesslist.AccessListRequires{
 				Roles: []string{"orole1", "orole2"},
 				Traits: map[string][]string{
 					"otrait1": {"ovalue1", "ovalue2"},
 					"otrait2": {"ovalue3", "ovalue4"},
 				},
 			},
-			Grants: types.AccessListGrants{
+			Grants: accesslist.AccessListGrants{
 				Roles: []string{"grole1", "grole2"},
 				Traits: map[string][]string{
 					"gtrait1": {"gvalue1", "gvalue2"},
 					"gtrait2": {"gvalue3", "gvalue4"},
 				},
 			},
-			Members: []types.AccessListMember{
+			Members: []accesslist.AccessListMember{
 				{
 					Name:    "member1",
 					Joined:  time.Date(2023, 1, 1, 0, 0, 0, 0, time.UTC),
@@ -97,13 +97,13 @@ func TestAccessListUnmarshal(t *testing.T) {
 
 // TestAccessListMarshal verifies a marshaled access list resource can be unmarshaled back.
 func TestAccessListMarshal(t *testing.T) {
-	expected, err := types.NewAccessList(
+	expected, err := accesslist.NewAccessList(
 		header.Metadata{
 			Name: "test-rule",
 		},
-		types.AccessListSpec{
+		accesslist.AccessListSpec{
 			Description: "test access list",
-			Owners: []types.AccessListOwner{
+			Owners: []accesslist.AccessListOwner{
 				{
 					Name:        "test-user1",
 					Description: "test user 1",
@@ -113,31 +113,31 @@ func TestAccessListMarshal(t *testing.T) {
 					Description: "test user 2",
 				},
 			},
-			Audit: types.AccessListAudit{
+			Audit: accesslist.AccessListAudit{
 				Frequency: time.Hour,
 			},
-			MembershipRequires: types.AccessListRequires{
+			MembershipRequires: accesslist.AccessListRequires{
 				Roles: []string{"mrole1", "mrole2"},
 				Traits: map[string][]string{
 					"mtrait1": {"mvalue1", "mvalue2"},
 					"mtrait2": {"mvalue3", "mvalue4"},
 				},
 			},
-			OwnershipRequires: types.AccessListRequires{
+			OwnershipRequires: accesslist.AccessListRequires{
 				Roles: []string{"orole1", "orole2"},
 				Traits: map[string][]string{
 					"otrait1": {"ovalue1", "ovalue2"},
 					"otrait2": {"ovalue3", "ovalue4"},
 				},
 			},
-			Grants: types.AccessListGrants{
+			Grants: accesslist.AccessListGrants{
 				Roles: []string{"grole1", "grole2"},
 				Traits: map[string][]string{
 					"gtrait1": {"gvalue1", "gvalue2"},
 					"gtrait2": {"gvalue3", "gvalue4"},
 				},
 			},
-			Members: []types.AccessListMember{
+			Members: []accesslist.AccessListMember{
 				{
 					Name:    "member1",
 					Joined:  time.Date(2023, 1, 1, 0, 0, 0, 0, time.UTC),

lib/services/local/access_list.go

@@ -27,6 +27,7 @@ import (
 	"github.com/gravitational/teleport/lib/backend"
 	"github.com/gravitational/teleport/lib/services"
 	"github.com/gravitational/teleport/lib/services/local/generic"
+	"github.com/gravitational/teleport/lib/types/accesslist"
 )
 
 const (
@@ -37,12 +38,12 @@ const (
 type AccessListService struct {
 	log   logrus.FieldLogger
 	clock clockwork.Clock
-	svc   *generic.Service[*types.AccessList]
+	svc   *generic.Service[*accesslist.AccessList]
 }
 
 // NewAccessListService creates a new AccessListService.
 func NewAccessListService(backend backend.Backend, clock clockwork.Clock) (*AccessListService, error) {
-	svc, err := generic.NewService(&generic.ServiceConfig[*types.AccessList]{
+	svc, err := generic.NewService(&generic.ServiceConfig[*accesslist.AccessList]{
 		Backend:       backend,
 		ResourceKind:  types.KindAccessList,
 		BackendPrefix: accessListPrefix,
@@ -61,19 +62,19 @@ func NewAccessListService(backend backend.Backend, clock clockwork.Clock) (*Acce
 }
 
 // GetAccessLists returns a list of all access lists.
-func (a *AccessListService) GetAccessLists(ctx context.Context) ([]*types.AccessList, error) {
+func (a *AccessListService) GetAccessLists(ctx context.Context) ([]*accesslist.AccessList, error) {
 	accessLists, err := a.svc.GetResources(ctx)
 	return accessLists, trace.Wrap(err)
 }
 
 // GetAccessList returns the specified access list resource.
-func (a *AccessListService) GetAccessList(ctx context.Context, name string) (*types.AccessList, error) {
+func (a *AccessListService) GetAccessList(ctx context.Context, name string) (*accesslist.AccessList, error) {
 	accessList, err := a.svc.GetResource(ctx, name)
 	return accessList, trace.Wrap(err)
 }
 
 // UpsertAccessList creates or updates an access list resource.
-func (a *AccessListService) UpsertAccessList(ctx context.Context, accessList *types.AccessList) error {
+func (a *AccessListService) UpsertAccessList(ctx context.Context, accessList *accesslist.AccessList) error {
 	return trace.Wrap(a.svc.UpsertResource(ctx, accessList))
 }