diff --git a/.github/workflows/pr_build.yaml b/.github/workflows/pr_build.yaml new file mode 100644 index 0000000..9787b4a --- /dev/null +++ b/.github/workflows/pr_build.yaml @@ -0,0 +1,47 @@ +name: PR Build +on: + pull_request: {} + workflow_dispatch: {} +env: + GO_VERSION: 1.14 +permissions: + contents: read + +jobs: + lint: + name: lint + runs-on: ubuntu-22.04 + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup go + uses: actions/setup-go@v3 + with: + go-version: ${{ env.GO_VERSION }} + - name: Tidy check + run: make tidy-check + - name: Generate check + run: make generate-check + + unit-test: + runs-on: ubuntu-22.04 + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Setup go + uses: actions/setup-go@v3 + with: + go-version: ${{ env.GO_VERSION }} + - name: Run unit tests + run: make test + + # This job is just here to make sure that the other jobs have completed + # and is used as a single job to block PR merge from. GH doesn't have a + # way to say "all jobs from this action", which would be ideal. + success: + needs: [unit-test, lint] + runs-on: ubuntu-22.04 + steps: + - name: Shout it out + run: echo SUCCESS + diff --git a/.go-version b/.go-version index 622f042..7bdcec5 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.17.6 +1.23.12 diff --git a/CODEOWNERS b/CODEOWNERS index 72696b7..f27dfc6 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1 +1 @@ -* @evan2645 @amartinezfayo @azdagron @APTy @rturner3 +* @evan2645 @amartinezfayo @sorindumitru @MarcosDY @rturner3 diff --git a/Makefile b/Makefile index 29777f8..eb2c8b2 100644 --- a/Makefile +++ b/Makefile @@ -23,6 +23,7 @@ help: @echo "$(bold)Usage:$(reset) make $(cyan)$(reset)" @echo " $(cyan)generate$(reset) - generate gRPC and plugin interface code" @echo " $(cyan)generate-check$(reset) - ensure generated code is up to date" + @echo " $(cyan)test$(reset) - run unit tests" @echo @echo "For verbose output set V=1" @echo " for example: $(cyan)make V=1$(reset)" @@ -39,9 +40,10 @@ plugin-protos := \ proto/spire/plugin/agent/nodeattestor/v1/nodeattestor.proto \ proto/spire/plugin/agent/svidstore/v1/svidstore.proto \ proto/spire/plugin/agent/workloadattestor/v1/workloadattestor.proto \ + proto/spire/plugin/server/bundlepublisher/v1/bundlepublisher.proto \ + proto/spire/plugin/server/credentialcomposer/v1/credentialcomposer.proto \ proto/spire/plugin/server/keymanager/v1/keymanager.proto \ proto/spire/plugin/server/nodeattestor/v1/nodeattestor.proto \ - proto/spire/plugin/server/noderesolver/v1/noderesolver.proto \ proto/spire/plugin/server/notifier/v1/notifier.proto \ proto/spire/plugin/server/upstreamauthority/v1/upstreamauthority.proto \ @@ -102,12 +104,12 @@ go_bin_dir := $(go_dir)/bin go_url = https://storage.googleapis.com/golang/go$(go_version).$(os1)-$(arch2).tar.gz go_path := PATH="$(go_bin_dir):$(PATH)" -golangci_lint_version = v1.27.0 -golangci_lint_dir = $(build_dir)/golangci_lint/$(golangci_lint_version) -golangci_lint_bin = $(golangci_lint_dir)/golangci-lint - -protoc_version = 3.20.1 -ifeq ($(arch2),arm64) +protoc_version = 30.2 +ifeq ($(os1),windows) +protoc_url = https://github.com/protocolbuffers/protobuf/releases/download/v$(protoc_version)/protoc-$(protoc_version)-win64.zip +else ifeq ($(arch1),arm64) +protoc_url = https://github.com/protocolbuffers/protobuf/releases/download/v$(protoc_version)/protoc-$(protoc_version)-$(os2)-aarch_64.zip +else ifeq ($(arch1),aarch64) protoc_url = https://github.com/protocolbuffers/protobuf/releases/download/v$(protoc_version)/protoc-$(protoc_version)-$(os2)-aarch_64.zip else protoc_url = https://github.com/protocolbuffers/protobuf/releases/download/v$(protoc_version)/protoc-$(protoc_version)-$(os2)-$(arch1).zip @@ -120,7 +122,7 @@ protoc_gen_go_base_dir := $(build_dir)/protoc-gen-go protoc_gen_go_dir := $(protoc_gen_go_base_dir)/$(protoc_gen_go_version)-go$(go_version) protoc_gen_go_bin := $(protoc_gen_go_dir)/protoc-gen-go -protoc_gen_go_grpc_version := v1.1.0 +protoc_gen_go_grpc_version := v1.5.1 protoc_gen_go_grpc_base_dir := $(build_dir)/protoc-gen-go-grpc protoc_gen_go_grpc_dir := $(protoc_gen_go_grpc_base_dir)/$(protoc_gen_go_grpc_version)-go$(go_version) protoc_gen_go_grpc_bin := $(protoc_gen_go_grpc_dir)/protoc-gen-go-grpc @@ -146,6 +148,24 @@ else @echo "Git repository is clean." endif +############################################################################# +# Code cleanliness +############################################################################# + +.PHONY: tidy tidy-check lint lint-code +tidy: | go-check + $(E)$(go_path) go mod tidy + $(E)cd proto/spire; $(go_path) go mod tidy + +tidy-check: +ifneq ($(git_dirty),) + $(error tidy-check must be invoked on a clean repository) +endif + @echo "Running go tidy..." + $(E)$(MAKE) tidy + @echo "Ensuring git repository is clean..." + $(E)$(MAKE) git-clean-check + ############################################################################# # Test Targets ############################################################################# @@ -251,6 +271,7 @@ endif # correct go binary. go-check: ifneq (go$(go_version), $(shell $(go_path) go version 2>/dev/null | cut -f3 -d' ')) + @echo "go_url:" $(go_url) @echo "Installing go$(go_version)..." $(E)rm -rf $(dir $(go_dir)) $(E)mkdir -p $(go_dir) @@ -274,10 +295,9 @@ $(protoc_gen_go_bin): | go-check $(protoc_gen_go_grpc_bin): | go-check @echo "Installing protoc-gen-go-grpc $(protoc_gen_go_grpc_version)..." - $(E)rm -rf $(protoc_gen_go_grpc_base_dir) - $(E)mkdir -p $(protoc_gen_go_grpc_dir) - $(E)echo "module tools" > $(protoc_gen_go_grpc_dir)/go.mod - $(E)cd $(protoc_gen_go_grpc_dir) && GOBIN=$(protoc_gen_go_grpc_dir) $(go_path) go get google.golang.org/grpc/cmd/protoc-gen-go-grpc@$(protoc_gen_go_grpc_version) + @rm -rf $(protoc_gen_go_grpc_base_dir) + @mkdir -p $(protoc_gen_go_grpc_dir) + @GOBIN=$(protoc_gen_go_grpc_dir) $(go_path) go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@$(protoc_gen_go_grpc_version) $(protoc_gen_go_spire_bin): $(wildcard ./cmd/protoc-gen-go-spire/*) | go-check @echo "Installing protoc-gen-go-spire..." diff --git a/README.md b/README.md index 1027a16..5cd766d 100644 --- a/README.md +++ b/README.md @@ -32,13 +32,14 @@ There are three types of interfaces: ### Server -| Plugin | Versions | Description | Template | -| ------ | -------- | ----------- | ----------- | -| KeyManager | [v1](proto/spire/plugin/server/keymanager/v1/keymanager.proto) | Manages private keys and performs signing operations. | [link](templates/server/keymanager) | -| NodeAttestor | [v1](proto/spire/plugin/server/nodeattestor/v1/nodeattestor.proto) | Performs the server side of the node attestation flow. | [link](templates/server/nodeattestor) | -| NodeResolver | [v1](proto/spire/plugin/server/noderesolver/v1/noderesolver.proto) | Provides additional selectors for attested nodes. | [link](templates/server/noderesolver) | -| Notifier | [v1](proto/spire/plugin/server/notifier/v1/notifier.proto) | Notifies external systems of certain SPIRE events. | [link](templates/server/notifier) | -| UpstreamAuthority | [v1](proto/spire/plugin/server/upstreamauthority/v1/upstreamauthority.proto) | Plugs SPIRE into an upstream PKI. | [link](templates/server/upstreamauthority) | +| Plugin | Versions | Description | Template | +| ------ | -------- | ----------- | ----------- | +| BundlePublisher | [v1](proto/spire/plugin/server/bundlepublisher/v1/bundlepublisher.proto) | Publishes a trust bundle to a store. | [link](templates/server/bundlepublisher) | +| CredentialComposer | [v1](proto/spire/plugin/server/credentialcomposer/v1/credentialcomposer.proto) | Allows customization of SVID and CA attributes. | [link](templates/server/credentialcomposer) | +| KeyManager | [v1](proto/spire/plugin/server/keymanager/v1/keymanager.proto) | Manages private keys and performs signing operations. | [link](templates/server/keymanager) | +| NodeAttestor | [v1](proto/spire/plugin/server/nodeattestor/v1/nodeattestor.proto) | Performs the server side of the node attestation flow. | [link](templates/server/nodeattestor) | +| Notifier | [v1](proto/spire/plugin/server/notifier/v1/notifier.proto) | Notifies external systems of certain SPIRE events. | [link](templates/server/notifier) | +| UpstreamAuthority | [v1](proto/spire/plugin/server/upstreamauthority/v1/upstreamauthority.proto) | Plugs SPIRE into an upstream PKI. | [link](templates/server/upstreamauthority) | ## Services diff --git a/docs/AUTHORING.md b/docs/AUTHORING.md index 6880569..bc3d1fe 100644 --- a/docs/AUTHORING.md +++ b/docs/AUTHORING.md @@ -3,7 +3,34 @@ This document gives guidance for authoring plugins. SPIRE plugins implement one and only one plugin _type_ (e.g. KeyManager). They -also implement zero or more services. +also implement zero or more services. Below is a list of plugin types, alongside templates that can be used as a base +for authoring plugins. + +## Templates +Each template contains a go file that can be used as a starting point for authoring plugins. A test file is also +provided for each template; the test file contains a test suite that can be used to verify that the plugin has been +loaded and is working as expected using [plugintest](https://pkg.go.dev/github.com/spiffe/spire-plugin-sdk/plugintest). + +### Agent + +| Plugin | Description | Template | +|------------------|-------------------------------------------------------|---------------------------------------------| +| KeyManager | Manages private keys and performs signing operations. | [link](../templates/agent/keymanager) | +| NodeAttestor | Performs the agent side of the node attestation flow. | [link](../templates/agent/nodeattestor) | +| SVIDStore | Stores workload X509-SVIDs to arbitrary destinations. | [link](../templates/agent/svidstore) | +| WorkloadAttestor | Attests workloads and provides selectors. | [link](../templates/agent/workloadattestor) | + +### Server + +| Plugin | Description | Template | +|--------------------|--------------------------------------------------------|------------------------------------------------| +| KeyManager | Manages private keys and performs signing operations. | [link](../templates/server/keymanager) | +| NodeAttestor | Performs the server side of the node attestation flow. | [link](../templates/server/nodeattestor) | +| Notifier | Notifies external systems of certain SPIRE events. | [link](../templates/server/notifier) | +| UpstreamAuthority | Plugs SPIRE into an upstream PKI. | [link](../templates/server/upstreamauthority) | +| CredentialComposer | Allows customization of SVID and CA attributes. | [link](../templates/server/credentialcomposer) | + + ## Configuration @@ -69,7 +96,7 @@ func main() { plugin := new(Plugin) pluginmain.Serve( keymanagerv1.KeyManagerPluginServer(plugin), - configv1.ConfigPluginServer(plugin), // <-- add the Config service server implementation + configv1.ConfigServiceServer(plugin), // <-- add the Config service server implementation ) } ``` @@ -148,6 +175,22 @@ Plugin authors can decide if the lack of support for a specific host service is an error or not. If the plugin returns an error from BrokerHostServices, the plugin will fail to load. +## Cleanup + +Plugins are separate processes and are terminated when the plugin is unloaded. +However, it may be desirable to perform some graceful cleanup operations. + +To facilitate this, if plugin/service implementations implement the io.Closer +interface, then the `Close` method will be invoked before the plugin is +unloaded. No other RPCs will be invoked at any time during or after the `Close` +method is called. Errors returned from `Close` are simply logged and will not +impact any runtime behavior of SPIRE Server. + +Implementations of `Close` should avoid long running or blocking behavior. +SPIRE may employ deadlines on the operation and could terminate the plugin +before the cleanup is fully completed if plugin implementations ignore this +advice. + ## Unit Testing The [plugintest](https://pkg.go.dev/github.com/spiffe/spire-plugin-sdk/plugintest) @@ -160,7 +203,7 @@ See the package docs for more information. ## Running The [pluginmain](https://pkg.go.dev/github.com/spiffe/spire-plugin-sdk/pluginmain) package -is used to run the plugin. It takes care of setting up all of the plugin facilities and +is used to run the plugin. It takes care of setting up all the plugin facilities and wiring up the logger and hostservices. See the package docs for more information. diff --git a/docs/CONTRIBUTING.md b/docs/CONTRIBUTING.md index 23f7b1e..5f11ff7 100644 --- a/docs/CONTRIBUTING.md +++ b/docs/CONTRIBUTING.md @@ -29,25 +29,28 @@ $ make If you are adding a new .proto file, you first need to update the `Makefile` and add the .proto file to the relevant variables. -## Consuming Changes in SPIRE +## Opening PRs + +All PRs should target the `next` branch. The `next` branch is a staging area +for all features under development but not ready for release in an official +version of SPIRE. -SPIRE's main branch depends on a pseudo-version of this repository (see -https://golang.org/ref/mod#pseudo-versions). +Changes are cherry-picked into `main` from the `next` branch ahead of an +official SPIRE release. The commits in `main` are tagged with the supporting +SPIRE version. -While a new change in this repository is under development, you can add a -temporary `replace` directive to the SPIRE `go.mod` to allow you to consume the -changes. Care must be taken to not push the `replace` directive change up to -SPIRE. +## Consuming Changes in SPIRE -Once those changes have been merged and you are ready to consume them from -SPIRE, run `go get github.com/spiffe/spire-plugin-sdk@` in the SPIRE -repository. This will update `go.mod` in SPIRE to use the latest pseudo version -with that commit. +While a new change in this repository is under development, you can use [Go +Workspaces](https://go.dev/ref/mod#workspaces) to allow SPIRE to consume the +changes before they are merged into this repository. -When cutting a SPIRE release, this repository is tagged with the SPIRE -release version. The release branch in SPIRE is updated to depend explicitly -on that version (i.e. `go get github.com/spiffe/spire-plugin-sdk@`). +SPIRE's main branch depends on a pseudo-version of this repository based on the +`next` branch (see https://golang.org/ref/mod#pseudo-versions). Once changes +have been merged into the `next` branch, the pseudo-version dependency in the +SPIRE repository can be updated by running `go get +github.com/spiffe/spire-plugin-sdk@next` from the SPIRE repository. Relying on a pseudo versions means that this repository only needs tags -for the offically released versions, while still allowing SPIRE to work with +for the officially released versions, while still allowing SPIRE to work with unreleased changes during development. diff --git a/docs/MIGRATING.md b/docs/MIGRATING.md index 5020dfe..da2729b 100644 --- a/docs/MIGRATING.md +++ b/docs/MIGRATING.md @@ -125,17 +125,11 @@ to couple it to that operation. The `Attest` RPC request and response fields are now contained within `oneof`'s to strongly convey the difference in field requirements in requests and -responses during the atestation flow. The attestation payload no longer needs +responses during the attestation flow. The attestation payload no longer needs to include a type, since that is now inferred by SPIRE from the name of the plugin. The selectors returned in the final response are selector values only. The selector type is inferred by SPIRE from the name of the plugin. -### Server NodeResolver - -The `Resolve` RPC now handles resolution for a single agent SPIFFE ID instead -of a list of IDs. The response returns selector values only. The selector type -is inferred by SPIRE from the name of the plugin. - ### Server Notifier No substantial changes outside of the migration to plugin SDK types. diff --git a/go.mod b/go.mod index 3c5374d..5405e99 100644 --- a/go.mod +++ b/go.mod @@ -1,11 +1,39 @@ module github.com/spiffe/spire-plugin-sdk -go 1.14 +go 1.23.0 + +toolchain go1.24.2 require ( + github.com/go-jose/go-jose/v3 v3.0.0 github.com/hashicorp/go-hclog v0.15.0 github.com/hashicorp/go-plugin v1.4.0 github.com/hashicorp/hcl v1.0.0 - google.golang.org/grpc v1.48.0 - google.golang.org/protobuf v1.28.0 + github.com/spiffe/go-spiffe/v2 v2.5.0 + github.com/stretchr/testify v1.10.0 + google.golang.org/grpc v1.74.2 + google.golang.org/protobuf v1.36.6 +) + +require ( + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/fatih/color v1.15.0 // indirect + github.com/go-jose/go-jose/v4 v4.0.5 // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb // indirect + github.com/kr/pretty v0.3.1 // indirect + github.com/mattn/go-colorable v0.1.13 // indirect + github.com/mattn/go-isatty v0.0.19 // indirect + github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77 // indirect + github.com/oklog/run v1.0.0 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/rogpeppe/go-internal v1.13.1 // indirect + github.com/zeebo/errs v1.4.0 // indirect + golang.org/x/crypto v0.38.0 // indirect + golang.org/x/net v0.40.0 // indirect + golang.org/x/sys v0.33.0 // indirect + golang.org/x/text v0.25.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a // indirect + gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index d646992..603b3cb 100644 --- a/go.sum +++ b/go.sum @@ -1,56 +1,38 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= -github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= +github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw= +github.com/go-jose/go-jose/v3 v3.0.0 h1:s6rrhirfEP/CGIoc6p+PZAeogN2SxKav6Wp7+dyMWVo= +github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= +github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE= +github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ= -github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v0.15.0 h1:qMuK0wxsoW4D0ddCCYwPSTm4KQv1X1ke3WmPWZ0Mvsk= github.com/hashicorp/go-hclog v0.15.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= @@ -62,28 +44,58 @@ github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb h1:b5rjCoWHc7eqmAS github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE= github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74= -github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.10 h1:qxFzApOv4WsAL965uUPIsXzAKCZxN2p9UqdhFS4ZW10= github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77 h1:7GoSOOW2jpsfkntVKaS2rAr1TJqfcxotyaUcuxoZSzg= github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= +github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= +github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/spiffe/go-spiffe/v2 v2.5.0 h1:N2I01KCUkv1FAjZXJMwh95KK1ZIQLYbPfhaxw8WS0hE= +github.com/spiffe/go-spiffe/v2 v2.5.0/go.mod h1:P+NxobPc6wXhVtINNtFjNWGBTreew1GBUCwT2wPmb7g= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/zeebo/errs v1.4.0 h1:XNdoD/RRMKP7HD0UhJnIzUy74ISdGGxURlYG8HSWSfM= +github.com/zeebo/errs v1.4.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/otel v1.36.0 h1:UumtzIklRBY6cI/lllNZlALOF5nNIzJVb16APdvgTXg= +go.opentelemetry.io/otel v1.36.0/go.mod h1:/TcFMXYjyRNh8khOAO9ybYkqaDBb/70aVwkNML4pP8E= +go.opentelemetry.io/otel/metric v1.36.0 h1:MoWPKVhQvJ+eeXWHFBOPoBOi20jh6Iq2CcCREuTYufE= +go.opentelemetry.io/otel/metric v1.36.0/go.mod h1:zC7Ks+yeyJt4xig9DEw9kuUFe5C3zLbVjV2PzT6qzbs= +go.opentelemetry.io/otel/sdk v1.36.0 h1:b6SYIuLRs88ztox4EyrvRti80uXIFy+Sqzoh9kFULbs= +go.opentelemetry.io/otel/sdk v1.36.0/go.mod h1:+lC+mTgD+MUWfjJubi2vvXWcVxyr9rmlshZni72pXeY= +go.opentelemetry.io/otel/sdk/metric v1.36.0 h1:r0ntwwGosWGaa0CrSt8cuNuTcccMXERFwHX4dThiPis= +go.opentelemetry.io/otel/sdk/metric v1.36.0/go.mod h1:qTNOhFDfKRwX0yXOqJYegL5WRaW376QbB7P4Pb0qva4= +go.opentelemetry.io/otel/trace v1.36.0 h1:ahxWNuqZjpdiFAyrIoQ4GIiAIhxAunQR6MUoKrsNd4w= +go.opentelemetry.io/otel/trace v1.36.0/go.mod h1:gQ+OnDZzrybY4k4seLzPAWNwVBBVlF2szhehOBB/tGA= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8= +golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -91,76 +103,52 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974 h1:IX6qOQeG5uLjB/hjjwjedwfjND0hgjPMMyO1RoIXQNI= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY= +golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4 h1:myAQVi0cGEoqQVR5POX+8RR2mrocKqNN1hmeMqhX27k= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw= +golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4= +golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013 h1:+kGHl1aib/qcwaRi1CbqBZ1rk19r85MNUf8HaBghugY= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a h1:v2PbRU4K3llS09c7zodFpNePeamkAwG3mPrAery9VeE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.48.0 h1:rQOsyJ/8+ufEDJd/Gdsz7HG220Mh9HAhFHRGnIjda0w= -google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= -google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +google.golang.org/grpc v1.74.2 h1:WoosgB65DlWVC9FqI82dGsZhWFNBSLjQ84bjROOpMu4= +google.golang.org/grpc v1.74.2/go.mod h1:CtQ+BGjaAIXHs/5YS3i473GqwBBa1zGQNevxdeBEXrM= +google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= +google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/internal/proto/spire/service/private/init/v1/init.pb.go b/internal/proto/spire/service/private/init/v1/init.pb.go index a7239bd..938d49a 100644 --- a/internal/proto/spire/service/private/init/v1/init.pb.go +++ b/internal/proto/spire/service/private/init/v1/init.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: spire/service/private/init/v1/init.proto package initv1 @@ -11,6 +11,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -22,23 +23,20 @@ const ( // Init request parameters type InitRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // List of all the names of gRPC services implemented by the host (i.e. // SPIRE). These names are the fully qualified gRPC service name (e.g. // spire.hostservice.v1.Foo). HostServiceNames []string `protobuf:"bytes,1,rep,name=host_service_names,json=hostServiceNames,proto3" json:"host_service_names,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *InitRequest) Reset() { *x = InitRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_service_private_init_v1_init_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_service_private_init_v1_init_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *InitRequest) String() string { @@ -49,7 +47,7 @@ func (*InitRequest) ProtoMessage() {} func (x *InitRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_service_private_init_v1_init_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -73,23 +71,20 @@ func (x *InitRequest) GetHostServiceNames() []string { // Init response parameters type InitResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // List of all the names of gRPC services implemented by the service. These // names are the fully qualified gRPC service name (e.g. // spire.plugin.server.keymanager.v1.Keymanager). PluginServiceNames []string `protobuf:"bytes,1,rep,name=plugin_service_names,json=pluginServiceNames,proto3" json:"plugin_service_names,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *InitResponse) Reset() { *x = InitResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_service_private_init_v1_init_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_service_private_init_v1_init_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *InitResponse) String() string { @@ -100,7 +95,7 @@ func (*InitResponse) ProtoMessage() {} func (x *InitResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_service_private_init_v1_init_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -122,59 +117,121 @@ func (x *InitResponse) GetPluginServiceNames() []string { return nil } -var File_spire_service_private_init_v1_init_proto protoreflect.FileDescriptor +// Deinit request parameters +type DeinitRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *DeinitRequest) Reset() { + *x = DeinitRequest{} + mi := &file_spire_service_private_init_v1_init_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *DeinitRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeinitRequest) ProtoMessage() {} + +func (x *DeinitRequest) ProtoReflect() protoreflect.Message { + mi := &file_spire_service_private_init_v1_init_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeinitRequest.ProtoReflect.Descriptor instead. +func (*DeinitRequest) Descriptor() ([]byte, []int) { + return file_spire_service_private_init_v1_init_proto_rawDescGZIP(), []int{2} +} + +// Deinit response parameters +type DeinitResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *DeinitResponse) Reset() { + *x = DeinitResponse{} + mi := &file_spire_service_private_init_v1_init_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} -var file_spire_service_private_init_v1_init_proto_rawDesc = []byte{ - 0x0a, 0x28, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, - 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x69, 0x6e, 0x69, 0x74, 0x2f, 0x76, 0x31, 0x2f, - 0x69, 0x6e, 0x69, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1d, 0x73, 0x70, 0x69, 0x72, - 0x65, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, - 0x65, 0x2e, 0x69, 0x6e, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x22, 0x3b, 0x0a, 0x0b, 0x49, 0x6e, 0x69, - 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x68, 0x6f, 0x73, 0x74, - 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x01, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x68, 0x6f, 0x73, 0x74, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x40, 0x0a, 0x0c, 0x49, 0x6e, 0x69, 0x74, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x30, 0x0a, 0x14, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, - 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x01, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x12, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x32, 0x67, 0x0a, 0x04, 0x49, 0x6e, 0x69, 0x74, - 0x12, 0x5f, 0x0a, 0x04, 0x49, 0x6e, 0x69, 0x74, 0x12, 0x2a, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, - 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, - 0x2e, 0x69, 0x6e, 0x69, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6e, 0x69, 0x74, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x73, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2e, 0x69, 0x6e, 0x69, - 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6e, 0x69, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x42, 0x58, 0x5a, 0x56, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x70, 0x6c, 0x75, - 0x67, 0x69, 0x6e, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, - 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x73, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x69, 0x6e, 0x69, - 0x74, 0x2f, 0x76, 0x31, 0x3b, 0x69, 0x6e, 0x69, 0x74, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, +func (x *DeinitResponse) String() string { + return protoimpl.X.MessageStringOf(x) } +func (*DeinitResponse) ProtoMessage() {} + +func (x *DeinitResponse) ProtoReflect() protoreflect.Message { + mi := &file_spire_service_private_init_v1_init_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeinitResponse.ProtoReflect.Descriptor instead. +func (*DeinitResponse) Descriptor() ([]byte, []int) { + return file_spire_service_private_init_v1_init_proto_rawDescGZIP(), []int{3} +} + +var File_spire_service_private_init_v1_init_proto protoreflect.FileDescriptor + +const file_spire_service_private_init_v1_init_proto_rawDesc = "" + + "\n" + + "(spire/service/private/init/v1/init.proto\x12\x1dspire.service.private.init.v1\";\n" + + "\vInitRequest\x12,\n" + + "\x12host_service_names\x18\x01 \x03(\tR\x10hostServiceNames\"@\n" + + "\fInitResponse\x120\n" + + "\x14plugin_service_names\x18\x01 \x03(\tR\x12pluginServiceNames\"\x0f\n" + + "\rDeinitRequest\"\x10\n" + + "\x0eDeinitResponse2\xce\x01\n" + + "\x04Init\x12_\n" + + "\x04Init\x12*.spire.service.private.init.v1.InitRequest\x1a+.spire.service.private.init.v1.InitResponse\x12e\n" + + "\x06Deinit\x12,.spire.service.private.init.v1.DeinitRequest\x1a-.spire.service.private.init.v1.DeinitResponseBXZVgithub.com/spiffe/spire-plugin-sdk/internal/proto/spire/service/private/init/v1;initv1b\x06proto3" + var ( file_spire_service_private_init_v1_init_proto_rawDescOnce sync.Once - file_spire_service_private_init_v1_init_proto_rawDescData = file_spire_service_private_init_v1_init_proto_rawDesc + file_spire_service_private_init_v1_init_proto_rawDescData []byte ) func file_spire_service_private_init_v1_init_proto_rawDescGZIP() []byte { file_spire_service_private_init_v1_init_proto_rawDescOnce.Do(func() { - file_spire_service_private_init_v1_init_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_service_private_init_v1_init_proto_rawDescData) + file_spire_service_private_init_v1_init_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_service_private_init_v1_init_proto_rawDesc), len(file_spire_service_private_init_v1_init_proto_rawDesc))) }) return file_spire_service_private_init_v1_init_proto_rawDescData } -var file_spire_service_private_init_v1_init_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_spire_service_private_init_v1_init_proto_goTypes = []interface{}{ - (*InitRequest)(nil), // 0: spire.service.private.init.v1.InitRequest - (*InitResponse)(nil), // 1: spire.service.private.init.v1.InitResponse +var file_spire_service_private_init_v1_init_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_spire_service_private_init_v1_init_proto_goTypes = []any{ + (*InitRequest)(nil), // 0: spire.service.private.init.v1.InitRequest + (*InitResponse)(nil), // 1: spire.service.private.init.v1.InitResponse + (*DeinitRequest)(nil), // 2: spire.service.private.init.v1.DeinitRequest + (*DeinitResponse)(nil), // 3: spire.service.private.init.v1.DeinitResponse } var file_spire_service_private_init_v1_init_proto_depIdxs = []int32{ 0, // 0: spire.service.private.init.v1.Init.Init:input_type -> spire.service.private.init.v1.InitRequest - 1, // 1: spire.service.private.init.v1.Init.Init:output_type -> spire.service.private.init.v1.InitResponse - 1, // [1:2] is the sub-list for method output_type - 0, // [0:1] is the sub-list for method input_type + 2, // 1: spire.service.private.init.v1.Init.Deinit:input_type -> spire.service.private.init.v1.DeinitRequest + 1, // 2: spire.service.private.init.v1.Init.Init:output_type -> spire.service.private.init.v1.InitResponse + 3, // 3: spire.service.private.init.v1.Init.Deinit:output_type -> spire.service.private.init.v1.DeinitResponse + 2, // [2:4] is the sub-list for method output_type + 0, // [0:2] is the sub-list for method input_type 0, // [0:0] is the sub-list for extension type_name 0, // [0:0] is the sub-list for extension extendee 0, // [0:0] is the sub-list for field type_name @@ -185,39 +242,13 @@ func file_spire_service_private_init_v1_init_proto_init() { if File_spire_service_private_init_v1_init_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_spire_service_private_init_v1_init_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*InitRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_service_private_init_v1_init_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*InitResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_service_private_init_v1_init_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_service_private_init_v1_init_proto_rawDesc), len(file_spire_service_private_init_v1_init_proto_rawDesc)), NumEnums: 0, - NumMessages: 2, + NumMessages: 4, NumExtensions: 0, NumServices: 1, }, @@ -226,7 +257,6 @@ func file_spire_service_private_init_v1_init_proto_init() { MessageInfos: file_spire_service_private_init_v1_init_proto_msgTypes, }.Build() File_spire_service_private_init_v1_init_proto = out.File - file_spire_service_private_init_v1_init_proto_rawDesc = nil file_spire_service_private_init_v1_init_proto_goTypes = nil file_spire_service_private_init_v1_init_proto_depIdxs = nil } diff --git a/internal/proto/spire/service/private/init/v1/init.proto b/internal/proto/spire/service/private/init/v1/init.proto index 0d4b537..dfe3c88 100644 --- a/internal/proto/spire/service/private/init/v1/init.proto +++ b/internal/proto/spire/service/private/init/v1/init.proto @@ -8,8 +8,10 @@ option go_package = "github.com/spiffe/spire-plugin-sdk/internal/proto/spire/ser // plugin client connects, since the client is responsible for hosting the // broker that is used to provide host services. If we initialize before that, // there would be no broker available to connect to host services with. +// The service is also used for graceful cleanup when the plugin is unloaded. service Init { rpc Init(InitRequest) returns (InitResponse); + rpc Deinit(DeinitRequest) returns (DeinitResponse); } // Init request parameters @@ -27,3 +29,9 @@ message InitResponse { // spire.plugin.server.keymanager.v1.Keymanager). repeated string plugin_service_names = 1; } + +// Deinit request parameters +message DeinitRequest {} + +// Deinit response parameters +message DeinitResponse {} diff --git a/internal/proto/spire/service/private/init/v1/init_grpc.pb.go b/internal/proto/spire/service/private/init/v1/init_grpc.pb.go index 41f7e33..bafdc33 100644 --- a/internal/proto/spire/service/private/init/v1/init_grpc.pb.go +++ b/internal/proto/spire/service/private/init/v1/init_grpc.pb.go @@ -1,4 +1,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: spire/service/private/init/v1/init.proto package initv1 @@ -11,14 +15,27 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + Init_Init_FullMethodName = "/spire.service.private.init.v1.Init/Init" + Init_Deinit_FullMethodName = "/spire.service.private.init.v1.Init/Deinit" +) // InitClient is the client API for Init service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +// +// Init is an internal service that the plugin framework uses to initialize +// a plugin after it has been loaded. Initialization takes place when the +// plugin client connects, since the client is responsible for hosting the +// broker that is used to provide host services. If we initialize before that, +// there would be no broker available to connect to host services with. +// The service is also used for graceful cleanup when the plugin is unloaded. type InitClient interface { Init(ctx context.Context, in *InitRequest, opts ...grpc.CallOption) (*InitResponse, error) + Deinit(ctx context.Context, in *DeinitRequest, opts ...grpc.CallOption) (*DeinitResponse, error) } type initClient struct { @@ -30,8 +47,19 @@ func NewInitClient(cc grpc.ClientConnInterface) InitClient { } func (c *initClient) Init(ctx context.Context, in *InitRequest, opts ...grpc.CallOption) (*InitResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(InitResponse) - err := c.cc.Invoke(ctx, "/spire.service.private.init.v1.Init/Init", in, out, opts...) + err := c.cc.Invoke(ctx, Init_Init_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *initClient) Deinit(ctx context.Context, in *DeinitRequest, opts ...grpc.CallOption) (*DeinitResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(DeinitResponse) + err := c.cc.Invoke(ctx, Init_Deinit_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -40,20 +68,35 @@ func (c *initClient) Init(ctx context.Context, in *InitRequest, opts ...grpc.Cal // InitServer is the server API for Init service. // All implementations must embed UnimplementedInitServer -// for forward compatibility +// for forward compatibility. +// +// Init is an internal service that the plugin framework uses to initialize +// a plugin after it has been loaded. Initialization takes place when the +// plugin client connects, since the client is responsible for hosting the +// broker that is used to provide host services. If we initialize before that, +// there would be no broker available to connect to host services with. +// The service is also used for graceful cleanup when the plugin is unloaded. type InitServer interface { Init(context.Context, *InitRequest) (*InitResponse, error) + Deinit(context.Context, *DeinitRequest) (*DeinitResponse, error) mustEmbedUnimplementedInitServer() } -// UnimplementedInitServer must be embedded to have forward compatible implementations. -type UnimplementedInitServer struct { -} +// UnimplementedInitServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedInitServer struct{} func (UnimplementedInitServer) Init(context.Context, *InitRequest) (*InitResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method Init not implemented") } +func (UnimplementedInitServer) Deinit(context.Context, *DeinitRequest) (*DeinitResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Deinit not implemented") +} func (UnimplementedInitServer) mustEmbedUnimplementedInitServer() {} +func (UnimplementedInitServer) testEmbeddedByValue() {} // UnsafeInitServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to InitServer will @@ -63,6 +106,13 @@ type UnsafeInitServer interface { } func RegisterInitServer(s grpc.ServiceRegistrar, srv InitServer) { + // If the following call pancis, it indicates UnimplementedInitServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&Init_ServiceDesc, srv) } @@ -76,7 +126,7 @@ func _Init_Init_Handler(srv interface{}, ctx context.Context, dec func(interface } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.service.private.init.v1.Init/Init", + FullMethod: Init_Init_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(InitServer).Init(ctx, req.(*InitRequest)) @@ -84,6 +134,24 @@ func _Init_Init_Handler(srv interface{}, ctx context.Context, dec func(interface return interceptor(ctx, in, info, handler) } +func _Init_Deinit_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeinitRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(InitServer).Deinit(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: Init_Deinit_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(InitServer).Deinit(ctx, req.(*DeinitRequest)) + } + return interceptor(ctx, in, info, handler) +} + // Init_ServiceDesc is the grpc.ServiceDesc for Init service. // It's only intended for direct use with grpc.RegisterService, // and not to be introspected or modified (even as a copy) @@ -95,6 +163,10 @@ var Init_ServiceDesc = grpc.ServiceDesc{ MethodName: "Init", Handler: _Init_Init_Handler, }, + { + MethodName: "Deinit", + Handler: _Init_Deinit_Handler, + }, }, Streams: []grpc.StreamDesc{}, Metadata: "spire/service/private/init/v1/init.proto", diff --git a/pluginmain/serve.go b/pluginmain/serve.go index ed2abe0..c32dbc9 100644 --- a/pluginmain/serve.go +++ b/pluginmain/serve.go @@ -8,13 +8,13 @@ import ( // Serve serves the plugin using the given plugin/service servers. It does // not return. It is intended to be called from main(). For example: // -// func main() { -// plugin := new(Plugin) -// pluginmain.Serve( -// keymanagerv1.KeyManagerPluginServer(plugin), -// configv1.ConfigPluginServer(plugin), -// ) -// } +// func main() { +// plugin := new(Plugin) +// pluginmain.Serve( +// keymanagerv1.KeyManagerPluginServer(plugin), +// configv1.ConfigServiceServer(plugin), +// ) +// } func Serve(pluginServer pluginsdk.PluginServer, serviceServers ...pluginsdk.ServiceServer) { logger := internal.NewLogger() internal.Serve(logger, logger, pluginServer, serviceServers, nil) diff --git a/pluginsdk/support/bundleformat/bundleformat.go b/pluginsdk/support/bundleformat/bundleformat.go new file mode 100644 index 0000000..57acf95 --- /dev/null +++ b/pluginsdk/support/bundleformat/bundleformat.go @@ -0,0 +1,256 @@ +// Package bundleformat provides helper functions related with bundle formatting +// for plugins implementing the BundlePublisher interface. +// BundlePublisher plugins should use this package as a way to have a +// standarized name for bundle formats in their configuration, and avoid the +// re-implementation of bundle parsing logic of formats supported in this +// package. +package bundleformat + +import ( + "bytes" + "crypto" + "crypto/x509" + "encoding/json" + "encoding/pem" + "errors" + "fmt" + "strings" + "time" + + "github.com/go-jose/go-jose/v3" + "github.com/spiffe/go-spiffe/v2/bundle/spiffebundle" + "github.com/spiffe/go-spiffe/v2/spiffeid" + "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/types" +) + +const ( + FormatUnset Format = iota + SPIFFE + PEM + JWKS +) + +// Formatter formats a bundle in different formats. +type Formatter struct { + bundle *types.Bundle + + jwksBytes []byte + pemBytes []byte + spiffeBytes []byte +} + +// Format represents the bundle formats that are supported by the Formatter. +type Format int + +// String returns the string name for the bundle format. +func (bundleFormat Format) String() string { + switch bundleFormat { + case FormatUnset: + return "UNSET" + case SPIFFE: + return "spiffe" + case PEM: + return "pem" + case JWKS: + return "jwks" + default: + return fmt.Sprintf("UNKNOWN(%d)", int(bundleFormat)) + } +} + +// FromString returns the Format corresponding to the provided string. +func FromString(s string) (Format, error) { + switch strings.ToLower(s) { + case "spiffe": + return SPIFFE, nil + case "jwks": + return JWKS, nil + case "pem": + return PEM, nil + default: + return FormatUnset, fmt.Errorf("unknown bundle format: %q", s) + } +} + +// NewFormatter return a new *Formatter with the *types.Bundle provided. +// Use the Bytes() function to get a slice of bytes with the bundle formatted in +// the format specified. +func NewFormatter(pluginBundle *types.Bundle) *Formatter { + return &Formatter{ + bundle: pluginBundle, + } +} + +// Format returns the bundle in the form of a slice of bytes in +// the chosen format. +func (b *Formatter) Format(format Format) ([]byte, error) { + if b.bundle == nil { + return nil, errors.New("missing bundle") + } + + switch format { + case FormatUnset: + return nil, errors.New("no format specified") + case JWKS: + if b.jwksBytes != nil { + return b.jwksBytes, nil + } + jwksBytes, err := b.toJWKS() + if err != nil { + return nil, fmt.Errorf("could not convert bundle to jwks format: %w", err) + } + b.jwksBytes = jwksBytes + return jwksBytes, nil + case PEM: + if b.pemBytes != nil { + return b.pemBytes, nil + } + pemBytes, err := b.toPEM() + if err != nil { + return nil, fmt.Errorf("could not convert bundle to pem format: %w", err) + } + b.pemBytes = pemBytes + return pemBytes, nil + case SPIFFE: + if b.spiffeBytes != nil { + return b.spiffeBytes, nil + } + spiffeBytes, err := b.toSPIFFEBundle() + if err != nil { + return nil, fmt.Errorf("could not convert bundle to spiffe format: %w", err) + } + b.spiffeBytes = spiffeBytes + return spiffeBytes, nil + default: + return nil, fmt.Errorf("invalid format: %q", format) + } +} + +// toJWKS converts to JWKS the current bundle. +func (b *Formatter) toJWKS() ([]byte, error) { + var jwks jose.JSONWebKeySet + + x509Authorities, jwtAuthorities, err := getAuthorities(b.bundle) + if err != nil { + return nil, err + } + + for _, rootCA := range x509Authorities { + jwks.Keys = append(jwks.Keys, jose.JSONWebKey{ + Key: rootCA.PublicKey, + Certificates: []*x509.Certificate{rootCA}, + }) + } + + for keyID, jwtSigningKey := range jwtAuthorities { + jwks.Keys = append(jwks.Keys, jose.JSONWebKey{ + Key: jwtSigningKey, + KeyID: keyID, + }) + } + + return json.Marshal(jwks) +} + +// toPEM converts to PEM the current bundle. +func (b *Formatter) toPEM() ([]byte, error) { + bundleData := new(bytes.Buffer) + for _, x509Authority := range b.bundle.X509Authorities { + if err := pem.Encode(bundleData, &pem.Block{ + Type: "CERTIFICATE", + Bytes: x509Authority.Asn1, + }); err != nil { + return nil, fmt.Errorf("could not perform PEM encoding: %w", err) + } + } + + return bundleData.Bytes(), nil +} + +// toSPIFFEBundle converts to a SPIFFE bundle the current bundle. +func (b *Formatter) toSPIFFEBundle() ([]byte, error) { + sb, err := spiffeBundleFromPluginProto(b.bundle) + if err != nil { + return nil, fmt.Errorf("failed to convert bundle: %w", err) + } + docBytes, err := sb.Marshal() + if err != nil { + return nil, fmt.Errorf("failed to marshal bundle: %w", err) + } + + return docBytes, nil +} + +// FormatBundle returns the bundle in the form of a slice of bytes in +// the chosen format. +func FormatBundle(bundle *types.Bundle, format Format) ([]byte, error) { + return NewFormatter(bundle).Format(format) +} + +// getAuthorities gets the X.509 authorities and JWT authorities from the +// provided *types.Bundle. +func getAuthorities(bundleProto *types.Bundle) ([]*x509.Certificate, map[string]crypto.PublicKey, error) { + x509Authorities, err := x509CertificatesFromProto(bundleProto.X509Authorities) + if err != nil { + return nil, nil, err + } + jwtAuthorities, err := jwtKeysFromProto(bundleProto.JwtAuthorities) + if err != nil { + return nil, nil, err + } + + return x509Authorities, jwtAuthorities, nil +} + +// jwtKeysFromProto converts JWT keys from the given []*types.JWTKey to +// map[string]crypto.PublicKey. +// The key ID of the public key is used as the key in the returned map. +func jwtKeysFromProto(proto []*types.JWTKey) (map[string]crypto.PublicKey, error) { + keys := make(map[string]crypto.PublicKey) + for i, publicKey := range proto { + jwtSigningKey, err := x509.ParsePKIXPublicKey(publicKey.PublicKey) + if err != nil { + return nil, fmt.Errorf("unable to parse JWT signing key %d: %w", i, err) + } + keys[publicKey.KeyId] = jwtSigningKey + } + return keys, nil +} + +// spiffeBundleFromPluginProto converts a bundle from the given *types.Bundle to +// *spiffebundle.Bundle. +func spiffeBundleFromPluginProto(bundleProto *types.Bundle) (*spiffebundle.Bundle, error) { + td, err := spiffeid.TrustDomainFromString(bundleProto.TrustDomain) + if err != nil { + return nil, err + } + x509Authorities, jwtAuthorities, err := getAuthorities(bundleProto) + if err != nil { + return nil, err + } + + bundle := spiffebundle.New(td) + bundle.SetX509Authorities(x509Authorities) + bundle.SetJWTAuthorities(jwtAuthorities) + if bundleProto.RefreshHint > 0 { + bundle.SetRefreshHint(time.Duration(bundleProto.RefreshHint) * time.Second) + } + if bundleProto.SequenceNumber > 0 { + bundle.SetSequenceNumber(bundleProto.SequenceNumber) + } + return bundle, nil +} + +// x509CertificatesFromProto converts X.509 certificates from the given +// []*types.X509Certificate to []*x509.Certificate. +func x509CertificatesFromProto(proto []*types.X509Certificate) ([]*x509.Certificate, error) { + var certs []*x509.Certificate + for i, auth := range proto { + cert, err := x509.ParseCertificate(auth.Asn1) + if err != nil { + return nil, fmt.Errorf("unable to parse root CA %d: %w", i, err) + } + certs = append(certs, cert) + } + return certs, nil +} diff --git a/pluginsdk/support/bundleformat/bundleformat_test.go b/pluginsdk/support/bundleformat/bundleformat_test.go new file mode 100644 index 0000000..2c956fd --- /dev/null +++ b/pluginsdk/support/bundleformat/bundleformat_test.go @@ -0,0 +1,164 @@ +package bundleformat + +import ( + "crypto/x509" + "encoding/pem" + "fmt" + "math" + "testing" + + "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/types" + "github.com/stretchr/testify/require" + "google.golang.org/protobuf/proto" +) + +func TestBytes(t *testing.T) { + const ( + certPEM = `-----BEGIN CERTIFICATE----- +MIIBKjCB0aADAgECAgEBMAoGCCqGSM49BAMCMAAwIhgPMDAwMTAxMDEwMDAwMDBa +GA85OTk5MTIzMTIzNTk1OVowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHyv +sCk5yi+yhSzNu5aquQwvm8a1Wh+qw1fiHAkhDni+wq+g3TQWxYlV51TCPH030yXs +RxvujD4hUUaIQrXk4KKjODA2MA8GA1UdEwEB/wQFMAMBAf8wIwYDVR0RAQH/BBkw +F4YVc3BpZmZlOi8vZG9tYWluMS50ZXN0MAoGCCqGSM49BAMCA0gAMEUCIA2dO09X +makw2ekuHKWC4hBhCkpr5qY4bI8YUcXfxg/1AiEA67kMyH7bQnr7OVLUrL+b9ylA +dZglS5kKnYigmwDh+/U= +-----END CERTIFICATE----- +` + ) + block, _ := pem.Decode([]byte(certPEM)) + require.NotNil(t, block, "unable to unmarshal certificate response: malformed PEM block") + + cert, err := x509.ParseCertificate(block.Bytes) + require.NoError(t, err) + + keyPkix, err := x509.MarshalPKIXPublicKey(cert.PublicKey) + require.NoError(t, err) + + testBundle := &types.Bundle{ + TrustDomain: "example.org", + X509Authorities: []*types.X509Certificate{{Asn1: cert.Raw}}, + JwtAuthorities: []*types.JWTKey{ + { + KeyId: "KID", + PublicKey: keyPkix, + }, + }, + RefreshHint: 1440, + SequenceNumber: 100, + } + standardJWKS := `{"keys":[{%s"kty":"EC","crv":"P-256","x":"fK-wKTnKL7KFLM27lqq5DC-bxrVaH6rDV-IcCSEOeL4","y":"wq-g3TQWxYlV51TCPH030yXsRxvujD4hUUaIQrXk4KI","x5c":["MIIBKjCB0aADAgECAgEBMAoGCCqGSM49BAMCMAAwIhgPMDAwMTAxMDEwMDAwMDBaGA85OTk5MTIzMTIzNTk1OVowADBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABHyvsCk5yi+yhSzNu5aquQwvm8a1Wh+qw1fiHAkhDni+wq+g3TQWxYlV51TCPH030yXsRxvujD4hUUaIQrXk4KKjODA2MA8GA1UdEwEB/wQFMAMBAf8wIwYDVR0RAQH/BBkwF4YVc3BpZmZlOi8vZG9tYWluMS50ZXN0MAoGCCqGSM49BAMCA0gAMEUCIA2dO09Xmakw2ekuHKWC4hBhCkpr5qY4bI8YUcXfxg/1AiEA67kMyH7bQnr7OVLUrL+b9ylAdZglS5kKnYigmwDh+/U="]},{%s"kty":"EC","kid":"KID","crv":"P-256","x":"fK-wKTnKL7KFLM27lqq5DC-bxrVaH6rDV-IcCSEOeL4","y":"wq-g3TQWxYlV51TCPH030yXsRxvujD4hUUaIQrXk4KI"}]%s}` + expectedJWKS := fmt.Sprintf(standardJWKS, "", "", "") + expectedSPIFFEBundle := fmt.Sprintf(standardJWKS, `"use":"x509-svid",`, `"use":"jwt-svid",`, `,"spiffe_sequence":100,"spiffe_refresh_hint":1440`) + + for _, tt := range []struct { + name string + format Format + bundle *types.Bundle + expectBytes []byte + expectError string + }{ + { + name: "format not set", + bundle: testBundle, + expectError: "no format specified", + }, + { + name: "invalid format", + format: math.MaxInt, + bundle: testBundle, + expectError: fmt.Sprintf("invalid format: \"UNKNOWN(%d)\"", math.MaxInt), + }, + { + name: "no bundle", + format: SPIFFE, + expectError: "missing bundle", + }, + { + name: "jwks format", + format: JWKS, + bundle: testBundle, + expectBytes: []byte(expectedJWKS), + }, + { + name: "pem format", + format: PEM, + bundle: testBundle, + expectBytes: []byte(certPEM), + }, + { + name: "spiffe format", + format: SPIFFE, + bundle: testBundle, + expectBytes: []byte(expectedSPIFFEBundle), + }, + } { + t.Run(tt.name, func(t *testing.T) { + b := NewFormatter(tt.bundle) + + if !proto.Equal(tt.bundle, b.bundle) { + require.Equal(t, tt.bundle, b.bundle) + } + + // Test the Format function that's provided by the formatter and + // also test the FormatBundle function that should have the same + // result. + formatResult, formatErr := b.Format(tt.format) + formatBundleResult, formatBundleErr := FormatBundle(tt.bundle, tt.format) + if tt.expectError != "" { + require.EqualError(t, formatErr, tt.expectError) + require.Nil(t, formatResult) + + require.EqualError(t, formatBundleErr, tt.expectError) + require.Nil(t, formatBundleResult) + return + } + require.NoError(t, formatErr) + require.NoError(t, formatBundleErr) + + require.Equal(t, string(tt.expectBytes), string(formatResult)) + require.Equal(t, string(tt.expectBytes), string(formatBundleResult)) + }) + } +} + +func TestStringConversion(t *testing.T) { + for _, tt := range []struct { + name string + formatString string + expectError string + expectFormat Format + }{ + { + name: "invalid format", + formatString: "INVALID", + expectError: `unknown bundle format: "INVALID"`, + }, + { + name: "jwks format", + formatString: "jwks", + expectFormat: JWKS, + }, + { + name: "pem format", + formatString: "pem", + expectFormat: PEM, + }, + { + name: "spiffe format", + formatString: "spiffe", + expectFormat: SPIFFE, + }, + } { + t.Run(tt.name, func(t *testing.T) { + format, err := FromString(tt.formatString) + if tt.expectError != "" { + require.EqualError(t, err, tt.expectError) + require.Equal(t, FormatUnset, format) + return + } + require.NoError(t, err) + require.Equal(t, tt.expectFormat, format) + require.Equal(t, tt.formatString, format.String()) + }) + } +} diff --git a/plugintest/serve.go b/plugintest/serve.go index c0bf04f..f040279 100644 --- a/plugintest/serve.go +++ b/plugintest/serve.go @@ -131,6 +131,12 @@ func ServeInBackground(t *testing.T, config Config) { t.Fatalf("failed to initialize plugin: %v", err) } + t.Cleanup(func() { + if err := private.Deinit(ctx, conn); err != nil { + t.Fatalf("failed to deinitialize plugin: %v", err) + } + }) + assertInitClient(t, conn, config.PluginClient, grpcServiceNames) for _, serviceClient := range config.ServiceClients { assertInitClient(t, conn, serviceClient, grpcServiceNames) diff --git a/plugintest/serve_test.go b/plugintest/serve_test.go index 5e65404..70f1124 100644 --- a/plugintest/serve_test.go +++ b/plugintest/serve_test.go @@ -63,7 +63,7 @@ func TestServe(t *testing.T) { assertStringEqual(t, "hostService-in,hostService-out", hostServiceResp.Out) }) - assertStringEqual(t, "[INFO] PLUGIN: in=plugin-in\n[INFO] SERVICE: in=service-in\n", log.String()) + assertStringEqual(t, "[INFO] PLUGIN: in=plugin-in\n[INFO] SERVICE: in=service-in\n[INFO] CLOSED\n", log.String()) } func assertStringEqual(t *testing.T, expected, actual string) { @@ -105,6 +105,11 @@ func (p *TestPlugin) ServiceEcho(_ context.Context, req *test.EchoRequest) (*tes return &test.EchoResponse{Out: req.In + ",service-out"}, nil } +func (p *TestPlugin) Close() error { + p.log.Info("CLOSED") + return nil +} + type someHostService struct { test.UnimplementedSomeHostServiceServer } diff --git a/private/init.go b/private/init.go index ade283e..86ba5b0 100644 --- a/private/init.go +++ b/private/init.go @@ -5,6 +5,8 @@ import ( initv1 "github.com/spiffe/spire-plugin-sdk/internal/proto/spire/service/private/init/v1" "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" ) // Init initializes the plugin and advertises the given host service names to @@ -21,3 +23,17 @@ func Init(ctx context.Context, conn grpc.ClientConnInterface, hostServiceNames [ } return resp.PluginServiceNames, nil } + +// Deinit deinitializes the plugin. It should only be called right before the +// host unloads the plugin and will not be invoking any other plugin or service +// RPCs. +func Deinit(ctx context.Context, conn grpc.ClientConnInterface) error { + client := initv1.NewInitClient(conn) + _, err := client.Deinit(ctx, &initv1.DeinitRequest{}) + switch status.Code(err) { + case codes.OK, codes.Unimplemented: + return nil + default: + return err + } +} diff --git a/private/proto/test/echo.pb.go b/private/proto/test/echo.pb.go index 594eed3..961e17f 100644 --- a/private/proto/test/echo.pb.go +++ b/private/proto/test/echo.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: test/echo.proto package test @@ -14,6 +14,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -24,20 +25,17 @@ const ( ) type EchoRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` + In string `protobuf:"bytes,1,opt,name=in,proto3" json:"in,omitempty"` unknownFields protoimpl.UnknownFields - - In string `protobuf:"bytes,1,opt,name=in,proto3" json:"in,omitempty"` + sizeCache protoimpl.SizeCache } func (x *EchoRequest) Reset() { *x = EchoRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_test_echo_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_test_echo_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EchoRequest) String() string { @@ -48,7 +46,7 @@ func (*EchoRequest) ProtoMessage() {} func (x *EchoRequest) ProtoReflect() protoreflect.Message { mi := &file_test_echo_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -71,20 +69,17 @@ func (x *EchoRequest) GetIn() string { } type EchoResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` + Out string `protobuf:"bytes,1,opt,name=out,proto3" json:"out,omitempty"` unknownFields protoimpl.UnknownFields - - Out string `protobuf:"bytes,1,opt,name=out,proto3" json:"out,omitempty"` + sizeCache protoimpl.SizeCache } func (x *EchoResponse) Reset() { *x = EchoResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_test_echo_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_test_echo_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EchoResponse) String() string { @@ -95,7 +90,7 @@ func (*EchoResponse) ProtoMessage() {} func (x *EchoResponse) ProtoReflect() protoreflect.Message { mi := &file_test_echo_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -119,33 +114,28 @@ func (x *EchoResponse) GetOut() string { var File_test_echo_proto protoreflect.FileDescriptor -var file_test_echo_proto_rawDesc = []byte{ - 0x0a, 0x0f, 0x74, 0x65, 0x73, 0x74, 0x2f, 0x65, 0x63, 0x68, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x12, 0x04, 0x74, 0x65, 0x73, 0x74, 0x22, 0x1d, 0x0a, 0x0b, 0x45, 0x63, 0x68, 0x6f, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x02, 0x69, 0x6e, 0x22, 0x20, 0x0a, 0x0c, 0x45, 0x63, 0x68, 0x6f, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x6f, 0x75, 0x74, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x6f, 0x75, 0x74, 0x42, 0x37, 0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, - 0x69, 0x72, 0x65, 0x2d, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, - 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x74, 0x65, 0x73, - 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +const file_test_echo_proto_rawDesc = "" + + "\n" + + "\x0ftest/echo.proto\x12\x04test\"\x1d\n" + + "\vEchoRequest\x12\x0e\n" + + "\x02in\x18\x01 \x01(\tR\x02in\" \n" + + "\fEchoResponse\x12\x10\n" + + "\x03out\x18\x01 \x01(\tR\x03outB7Z5github.com/spiffe/spire-plugin-sdk/private/proto/testb\x06proto3" var ( file_test_echo_proto_rawDescOnce sync.Once - file_test_echo_proto_rawDescData = file_test_echo_proto_rawDesc + file_test_echo_proto_rawDescData []byte ) func file_test_echo_proto_rawDescGZIP() []byte { file_test_echo_proto_rawDescOnce.Do(func() { - file_test_echo_proto_rawDescData = protoimpl.X.CompressGZIP(file_test_echo_proto_rawDescData) + file_test_echo_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_test_echo_proto_rawDesc), len(file_test_echo_proto_rawDesc))) }) return file_test_echo_proto_rawDescData } var file_test_echo_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_test_echo_proto_goTypes = []interface{}{ +var file_test_echo_proto_goTypes = []any{ (*EchoRequest)(nil), // 0: test.EchoRequest (*EchoResponse)(nil), // 1: test.EchoResponse } @@ -162,37 +152,11 @@ func file_test_echo_proto_init() { if File_test_echo_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_test_echo_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EchoRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_test_echo_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EchoResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_test_echo_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_test_echo_proto_rawDesc), len(file_test_echo_proto_rawDesc)), NumEnums: 0, NumMessages: 2, NumExtensions: 0, @@ -203,7 +167,6 @@ func file_test_echo_proto_init() { MessageInfos: file_test_echo_proto_msgTypes, }.Build() File_test_echo_proto = out.File - file_test_echo_proto_rawDesc = nil file_test_echo_proto_goTypes = nil file_test_echo_proto_depIdxs = nil } diff --git a/private/proto/test/somehostservice.pb.go b/private/proto/test/somehostservice.pb.go index 795163b..e40e70c 100644 --- a/private/proto/test/somehostservice.pb.go +++ b/private/proto/test/somehostservice.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: test/somehostservice.proto package test @@ -13,6 +13,7 @@ import ( protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" + unsafe "unsafe" ) const ( @@ -24,23 +25,13 @@ const ( var File_test_somehostservice_proto protoreflect.FileDescriptor -var file_test_somehostservice_proto_rawDesc = []byte{ - 0x0a, 0x1a, 0x74, 0x65, 0x73, 0x74, 0x2f, 0x73, 0x6f, 0x6d, 0x65, 0x68, 0x6f, 0x73, 0x74, 0x73, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x74, 0x65, - 0x73, 0x74, 0x1a, 0x0f, 0x74, 0x65, 0x73, 0x74, 0x2f, 0x65, 0x63, 0x68, 0x6f, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x32, 0x4b, 0x0a, 0x0f, 0x53, 0x6f, 0x6d, 0x65, 0x48, 0x6f, 0x73, 0x74, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x38, 0x0a, 0x0f, 0x48, 0x6f, 0x73, 0x74, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x63, 0x68, 0x6f, 0x12, 0x11, 0x2e, 0x74, 0x65, 0x73, 0x74, - 0x2e, 0x45, 0x63, 0x68, 0x6f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, 0x74, - 0x65, 0x73, 0x74, 0x2e, 0x45, 0x63, 0x68, 0x6f, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x42, 0x37, 0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, - 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x70, 0x6c, 0x75, 0x67, - 0x69, 0x6e, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x74, 0x65, 0x73, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, -} +const file_test_somehostservice_proto_rawDesc = "" + + "\n" + + "\x1atest/somehostservice.proto\x12\x04test\x1a\x0ftest/echo.proto2K\n" + + "\x0fSomeHostService\x128\n" + + "\x0fHostServiceEcho\x12\x11.test.EchoRequest\x1a\x12.test.EchoResponseB7Z5github.com/spiffe/spire-plugin-sdk/private/proto/testb\x06proto3" -var file_test_somehostservice_proto_goTypes = []interface{}{ +var file_test_somehostservice_proto_goTypes = []any{ (*EchoRequest)(nil), // 0: test.EchoRequest (*EchoResponse)(nil), // 1: test.EchoResponse } @@ -64,7 +55,7 @@ func file_test_somehostservice_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_test_somehostservice_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_test_somehostservice_proto_rawDesc), len(file_test_somehostservice_proto_rawDesc)), NumEnums: 0, NumMessages: 0, NumExtensions: 0, @@ -74,7 +65,6 @@ func file_test_somehostservice_proto_init() { DependencyIndexes: file_test_somehostservice_proto_depIdxs, }.Build() File_test_somehostservice_proto = out.File - file_test_somehostservice_proto_rawDesc = nil file_test_somehostservice_proto_goTypes = nil file_test_somehostservice_proto_depIdxs = nil } diff --git a/private/proto/test/somehostservice_grpc.pb.go b/private/proto/test/somehostservice_grpc.pb.go index 4b5ffa3..73242b2 100644 --- a/private/proto/test/somehostservice_grpc.pb.go +++ b/private/proto/test/somehostservice_grpc.pb.go @@ -1,4 +1,11 @@ +// This file defines simple interfaces used for testing. These interfaces are +// only intended to be used internally and by SPIRE. See /private/README.md. + // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: test/somehostservice.proto package test @@ -11,8 +18,12 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + SomeHostService_HostServiceEcho_FullMethodName = "/test.SomeHostService/HostServiceEcho" +) // SomeHostServiceClient is the client API for SomeHostService service. // @@ -30,8 +41,9 @@ func NewSomeHostServiceClient(cc grpc.ClientConnInterface) SomeHostServiceClient } func (c *someHostServiceClient) HostServiceEcho(ctx context.Context, in *EchoRequest, opts ...grpc.CallOption) (*EchoResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(EchoResponse) - err := c.cc.Invoke(ctx, "/test.SomeHostService/HostServiceEcho", in, out, opts...) + err := c.cc.Invoke(ctx, SomeHostService_HostServiceEcho_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -40,20 +52,24 @@ func (c *someHostServiceClient) HostServiceEcho(ctx context.Context, in *EchoReq // SomeHostServiceServer is the server API for SomeHostService service. // All implementations must embed UnimplementedSomeHostServiceServer -// for forward compatibility +// for forward compatibility. type SomeHostServiceServer interface { HostServiceEcho(context.Context, *EchoRequest) (*EchoResponse, error) mustEmbedUnimplementedSomeHostServiceServer() } -// UnimplementedSomeHostServiceServer must be embedded to have forward compatible implementations. -type UnimplementedSomeHostServiceServer struct { -} +// UnimplementedSomeHostServiceServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedSomeHostServiceServer struct{} func (UnimplementedSomeHostServiceServer) HostServiceEcho(context.Context, *EchoRequest) (*EchoResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method HostServiceEcho not implemented") } func (UnimplementedSomeHostServiceServer) mustEmbedUnimplementedSomeHostServiceServer() {} +func (UnimplementedSomeHostServiceServer) testEmbeddedByValue() {} // UnsafeSomeHostServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to SomeHostServiceServer will @@ -63,6 +79,13 @@ type UnsafeSomeHostServiceServer interface { } func RegisterSomeHostServiceServer(s grpc.ServiceRegistrar, srv SomeHostServiceServer) { + // If the following call pancis, it indicates UnimplementedSomeHostServiceServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&SomeHostService_ServiceDesc, srv) } @@ -76,7 +99,7 @@ func _SomeHostService_HostServiceEcho_Handler(srv interface{}, ctx context.Conte } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/test.SomeHostService/HostServiceEcho", + FullMethod: SomeHostService_HostServiceEcho_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(SomeHostServiceServer).HostServiceEcho(ctx, req.(*EchoRequest)) diff --git a/private/proto/test/someplugin.pb.go b/private/proto/test/someplugin.pb.go index 469a3a1..9acb747 100644 --- a/private/proto/test/someplugin.pb.go +++ b/private/proto/test/someplugin.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: test/someplugin.proto package test @@ -13,6 +13,7 @@ import ( protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" + unsafe "unsafe" ) const ( @@ -24,22 +25,15 @@ const ( var File_test_someplugin_proto protoreflect.FileDescriptor -var file_test_someplugin_proto_rawDesc = []byte{ - 0x0a, 0x15, 0x74, 0x65, 0x73, 0x74, 0x2f, 0x73, 0x6f, 0x6d, 0x65, 0x70, 0x6c, 0x75, 0x67, 0x69, - 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x74, 0x65, 0x73, 0x74, 0x1a, 0x0f, 0x74, - 0x65, 0x73, 0x74, 0x2f, 0x65, 0x63, 0x68, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x32, 0x41, - 0x0a, 0x0a, 0x53, 0x6f, 0x6d, 0x65, 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x12, 0x33, 0x0a, 0x0a, - 0x50, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x45, 0x63, 0x68, 0x6f, 0x12, 0x11, 0x2e, 0x74, 0x65, 0x73, - 0x74, 0x2e, 0x45, 0x63, 0x68, 0x6f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x12, 0x2e, - 0x74, 0x65, 0x73, 0x74, 0x2e, 0x45, 0x63, 0x68, 0x6f, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x42, 0x37, 0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, - 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x70, 0x6c, 0x75, - 0x67, 0x69, 0x6e, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x2f, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x74, 0x65, 0x73, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, -} +const file_test_someplugin_proto_rawDesc = "" + + "\n" + + "\x15test/someplugin.proto\x12\x04test\x1a\x0ftest/echo.proto2A\n" + + "\n" + + "SomePlugin\x123\n" + + "\n" + + "PluginEcho\x12\x11.test.EchoRequest\x1a\x12.test.EchoResponseB7Z5github.com/spiffe/spire-plugin-sdk/private/proto/testb\x06proto3" -var file_test_someplugin_proto_goTypes = []interface{}{ +var file_test_someplugin_proto_goTypes = []any{ (*EchoRequest)(nil), // 0: test.EchoRequest (*EchoResponse)(nil), // 1: test.EchoResponse } @@ -63,7 +57,7 @@ func file_test_someplugin_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_test_someplugin_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_test_someplugin_proto_rawDesc), len(file_test_someplugin_proto_rawDesc)), NumEnums: 0, NumMessages: 0, NumExtensions: 0, @@ -73,7 +67,6 @@ func file_test_someplugin_proto_init() { DependencyIndexes: file_test_someplugin_proto_depIdxs, }.Build() File_test_someplugin_proto = out.File - file_test_someplugin_proto_rawDesc = nil file_test_someplugin_proto_goTypes = nil file_test_someplugin_proto_depIdxs = nil } diff --git a/private/proto/test/someplugin_grpc.pb.go b/private/proto/test/someplugin_grpc.pb.go index b624bf0..d3e851a 100644 --- a/private/proto/test/someplugin_grpc.pb.go +++ b/private/proto/test/someplugin_grpc.pb.go @@ -1,4 +1,11 @@ +// This file defines simple interfaces used for testing. These interfaces are +// only intended to be used internally and by SPIRE. See /private/README.md. + // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: test/someplugin.proto package test @@ -11,8 +18,12 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + SomePlugin_PluginEcho_FullMethodName = "/test.SomePlugin/PluginEcho" +) // SomePluginClient is the client API for SomePlugin service. // @@ -30,8 +41,9 @@ func NewSomePluginClient(cc grpc.ClientConnInterface) SomePluginClient { } func (c *somePluginClient) PluginEcho(ctx context.Context, in *EchoRequest, opts ...grpc.CallOption) (*EchoResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(EchoResponse) - err := c.cc.Invoke(ctx, "/test.SomePlugin/PluginEcho", in, out, opts...) + err := c.cc.Invoke(ctx, SomePlugin_PluginEcho_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -40,20 +52,24 @@ func (c *somePluginClient) PluginEcho(ctx context.Context, in *EchoRequest, opts // SomePluginServer is the server API for SomePlugin service. // All implementations must embed UnimplementedSomePluginServer -// for forward compatibility +// for forward compatibility. type SomePluginServer interface { PluginEcho(context.Context, *EchoRequest) (*EchoResponse, error) mustEmbedUnimplementedSomePluginServer() } -// UnimplementedSomePluginServer must be embedded to have forward compatible implementations. -type UnimplementedSomePluginServer struct { -} +// UnimplementedSomePluginServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedSomePluginServer struct{} func (UnimplementedSomePluginServer) PluginEcho(context.Context, *EchoRequest) (*EchoResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method PluginEcho not implemented") } func (UnimplementedSomePluginServer) mustEmbedUnimplementedSomePluginServer() {} +func (UnimplementedSomePluginServer) testEmbeddedByValue() {} // UnsafeSomePluginServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to SomePluginServer will @@ -63,6 +79,13 @@ type UnsafeSomePluginServer interface { } func RegisterSomePluginServer(s grpc.ServiceRegistrar, srv SomePluginServer) { + // If the following call pancis, it indicates UnimplementedSomePluginServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&SomePlugin_ServiceDesc, srv) } @@ -76,7 +99,7 @@ func _SomePlugin_PluginEcho_Handler(srv interface{}, ctx context.Context, dec fu } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/test.SomePlugin/PluginEcho", + FullMethod: SomePlugin_PluginEcho_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(SomePluginServer).PluginEcho(ctx, req.(*EchoRequest)) diff --git a/private/proto/test/someservice.pb.go b/private/proto/test/someservice.pb.go index 930d139..295aebd 100644 --- a/private/proto/test/someservice.pb.go +++ b/private/proto/test/someservice.pb.go @@ -3,8 +3,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: test/someservice.proto package test @@ -13,6 +13,7 @@ import ( protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" + unsafe "unsafe" ) const ( @@ -24,22 +25,13 @@ const ( var File_test_someservice_proto protoreflect.FileDescriptor -var file_test_someservice_proto_rawDesc = []byte{ - 0x0a, 0x16, 0x74, 0x65, 0x73, 0x74, 0x2f, 0x73, 0x6f, 0x6d, 0x65, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x04, 0x74, 0x65, 0x73, 0x74, 0x1a, 0x0f, - 0x74, 0x65, 0x73, 0x74, 0x2f, 0x65, 0x63, 0x68, 0x6f, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x32, - 0x43, 0x0a, 0x0b, 0x53, 0x6f, 0x6d, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x34, - 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x63, 0x68, 0x6f, 0x12, 0x11, 0x2e, - 0x74, 0x65, 0x73, 0x74, 0x2e, 0x45, 0x63, 0x68, 0x6f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x12, 0x2e, 0x74, 0x65, 0x73, 0x74, 0x2e, 0x45, 0x63, 0x68, 0x6f, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x37, 0x5a, 0x35, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, - 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x69, 0x76, 0x61, - 0x74, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x74, 0x65, 0x73, 0x74, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +const file_test_someservice_proto_rawDesc = "" + + "\n" + + "\x16test/someservice.proto\x12\x04test\x1a\x0ftest/echo.proto2C\n" + + "\vSomeService\x124\n" + + "\vServiceEcho\x12\x11.test.EchoRequest\x1a\x12.test.EchoResponseB7Z5github.com/spiffe/spire-plugin-sdk/private/proto/testb\x06proto3" -var file_test_someservice_proto_goTypes = []interface{}{ +var file_test_someservice_proto_goTypes = []any{ (*EchoRequest)(nil), // 0: test.EchoRequest (*EchoResponse)(nil), // 1: test.EchoResponse } @@ -63,7 +55,7 @@ func file_test_someservice_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_test_someservice_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_test_someservice_proto_rawDesc), len(file_test_someservice_proto_rawDesc)), NumEnums: 0, NumMessages: 0, NumExtensions: 0, @@ -73,7 +65,6 @@ func file_test_someservice_proto_init() { DependencyIndexes: file_test_someservice_proto_depIdxs, }.Build() File_test_someservice_proto = out.File - file_test_someservice_proto_rawDesc = nil file_test_someservice_proto_goTypes = nil file_test_someservice_proto_depIdxs = nil } diff --git a/private/proto/test/someservice_grpc.pb.go b/private/proto/test/someservice_grpc.pb.go index a7ae34c..2f63d7d 100644 --- a/private/proto/test/someservice_grpc.pb.go +++ b/private/proto/test/someservice_grpc.pb.go @@ -1,4 +1,11 @@ +// This file defines simple interfaces used for testing. These interfaces are +// only intended to be used internally and by SPIRE. See /private/README.md. + // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: test/someservice.proto package test @@ -11,8 +18,12 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + SomeService_ServiceEcho_FullMethodName = "/test.SomeService/ServiceEcho" +) // SomeServiceClient is the client API for SomeService service. // @@ -30,8 +41,9 @@ func NewSomeServiceClient(cc grpc.ClientConnInterface) SomeServiceClient { } func (c *someServiceClient) ServiceEcho(ctx context.Context, in *EchoRequest, opts ...grpc.CallOption) (*EchoResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(EchoResponse) - err := c.cc.Invoke(ctx, "/test.SomeService/ServiceEcho", in, out, opts...) + err := c.cc.Invoke(ctx, SomeService_ServiceEcho_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -40,20 +52,24 @@ func (c *someServiceClient) ServiceEcho(ctx context.Context, in *EchoRequest, op // SomeServiceServer is the server API for SomeService service. // All implementations must embed UnimplementedSomeServiceServer -// for forward compatibility +// for forward compatibility. type SomeServiceServer interface { ServiceEcho(context.Context, *EchoRequest) (*EchoResponse, error) mustEmbedUnimplementedSomeServiceServer() } -// UnimplementedSomeServiceServer must be embedded to have forward compatible implementations. -type UnimplementedSomeServiceServer struct { -} +// UnimplementedSomeServiceServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedSomeServiceServer struct{} func (UnimplementedSomeServiceServer) ServiceEcho(context.Context, *EchoRequest) (*EchoResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method ServiceEcho not implemented") } func (UnimplementedSomeServiceServer) mustEmbedUnimplementedSomeServiceServer() {} +func (UnimplementedSomeServiceServer) testEmbeddedByValue() {} // UnsafeSomeServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to SomeServiceServer will @@ -63,6 +79,13 @@ type UnsafeSomeServiceServer interface { } func RegisterSomeServiceServer(s grpc.ServiceRegistrar, srv SomeServiceServer) { + // If the following call pancis, it indicates UnimplementedSomeServiceServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&SomeService_ServiceDesc, srv) } @@ -76,7 +99,7 @@ func _SomeService_ServiceEcho_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/test.SomeService/ServiceEcho", + FullMethod: SomeService_ServiceEcho_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(SomeServiceServer).ServiceEcho(ctx, req.(*EchoRequest)) diff --git a/private/register.go b/private/register.go index 577b2dd..ac44de3 100644 --- a/private/register.go +++ b/private/register.go @@ -2,6 +2,7 @@ package private import ( "context" + "io" "github.com/hashicorp/go-hclog" initv1 "github.com/spiffe/spire-plugin-sdk/internal/proto/spire/service/private/init/v1" @@ -77,6 +78,26 @@ func (s *initService) Init(ctx context.Context, req *initv1.InitRequest) (*initv }, nil } +func (s *initService) Deinit(ctx context.Context, req *initv1.DeinitRequest) (*initv1.DeinitResponse, error) { + deinitted := map[interface{}]struct{}{} + for _, impl := range s.impls { + // Deinitialize the implementation. Since the same + // implementation might back more than one server, only deinitialize + // once. + if _, ok := deinitted[impl]; ok { + continue + } + deinitted[impl] = struct{}{} + + if impl, ok := impl.(io.Closer); ok { + if err := impl.Close(); err != nil { + s.logger.Error("Plugin implementation failed to deinitialize", "error", err) + } + } + } + return &initv1.DeinitResponse{}, nil +} + type serviceBroker struct { conn grpc.ClientConnInterface hostServiceNames []string diff --git a/proto/spire/hostservice/common/metrics/v1/metrics.pb.go b/proto/spire/hostservice/common/metrics/v1/metrics.pb.go index 9205c0d..daf5d7f 100644 --- a/proto/spire/hostservice/common/metrics/v1/metrics.pb.go +++ b/proto/spire/hostservice/common/metrics/v1/metrics.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: spire/hostservice/common/metrics/v1/metrics.proto package metricsv1 @@ -12,6 +12,7 @@ import ( emptypb "google.golang.org/protobuf/types/known/emptypb" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -22,25 +23,22 @@ const ( ) type SetGaugeRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The gauge key. Key []string `protobuf:"bytes,1,rep,name=key,proto3" json:"key,omitempty"` // Required. The gauge value. Val float32 `protobuf:"fixed32,2,opt,name=val,proto3" json:"val,omitempty"` // Optional. One or more labels for the gauge. - Labels []*Label `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty"` + Labels []*Label `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *SetGaugeRequest) Reset() { *x = SetGaugeRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *SetGaugeRequest) String() string { @@ -51,7 +49,7 @@ func (*SetGaugeRequest) ProtoMessage() {} func (x *SetGaugeRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -88,23 +86,20 @@ func (x *SetGaugeRequest) GetLabels() []*Label { } type EmitKeyRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The key key. Key []string `protobuf:"bytes,1,rep,name=key,proto3" json:"key,omitempty"` // Required. The key value. - Val float32 `protobuf:"fixed32,2,opt,name=val,proto3" json:"val,omitempty"` + Val float32 `protobuf:"fixed32,2,opt,name=val,proto3" json:"val,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *EmitKeyRequest) Reset() { *x = EmitKeyRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EmitKeyRequest) String() string { @@ -115,7 +110,7 @@ func (*EmitKeyRequest) ProtoMessage() {} func (x *EmitKeyRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -145,25 +140,22 @@ func (x *EmitKeyRequest) GetVal() float32 { } type IncrCounterRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The counter key. Key []string `protobuf:"bytes,1,rep,name=key,proto3" json:"key,omitempty"` // Required. The counter value. Val float32 `protobuf:"fixed32,2,opt,name=val,proto3" json:"val,omitempty"` // Optional. One or more labels for the counter. - Labels []*Label `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty"` + Labels []*Label `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *IncrCounterRequest) Reset() { *x = IncrCounterRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *IncrCounterRequest) String() string { @@ -174,7 +166,7 @@ func (*IncrCounterRequest) ProtoMessage() {} func (x *IncrCounterRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -211,25 +203,22 @@ func (x *IncrCounterRequest) GetLabels() []*Label { } type AddSampleRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The sample key. Key []string `protobuf:"bytes,1,rep,name=key,proto3" json:"key,omitempty"` // Required. The sample value. Val float32 `protobuf:"fixed32,2,opt,name=val,proto3" json:"val,omitempty"` // Optional. One or more labels for the sample. - Labels []*Label `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty"` + Labels []*Label `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *AddSampleRequest) Reset() { *x = AddSampleRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *AddSampleRequest) String() string { @@ -240,7 +229,7 @@ func (*AddSampleRequest) ProtoMessage() {} func (x *AddSampleRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -277,25 +266,22 @@ func (x *AddSampleRequest) GetLabels() []*Label { } type MeasureSinceRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The sample key for the time measurement. Key []string `protobuf:"bytes,1,rep,name=key,proto3" json:"key,omitempty"` // Required. Unix time in nanoseconds. Time int64 `protobuf:"varint,2,opt,name=time,proto3" json:"time,omitempty"` // Optional. One or more labels for the sample. - Labels []*Label `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty"` + Labels []*Label `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *MeasureSinceRequest) Reset() { *x = MeasureSinceRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *MeasureSinceRequest) String() string { @@ -306,7 +292,7 @@ func (*MeasureSinceRequest) ProtoMessage() {} func (x *MeasureSinceRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -343,23 +329,20 @@ func (x *MeasureSinceRequest) GetLabels() []*Label { } type Label struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The name of the label. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Required. The value of the label. - Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` + Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *Label) Reset() { *x = Label{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Label) String() string { @@ -370,7 +353,7 @@ func (*Label) ProtoMessage() {} func (x *Label) ProtoReflect() protoreflect.Message { mi := &file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -401,105 +384,52 @@ func (x *Label) GetValue() string { var File_spire_hostservice_common_metrics_v1_metrics_proto protoreflect.FileDescriptor -var file_spire_hostservice_common_metrics_v1_metrics_proto_rawDesc = []byte{ - 0x0a, 0x31, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x6d, 0x65, 0x74, 0x72, 0x69, - 0x63, 0x73, 0x2f, 0x76, 0x31, 0x2f, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x12, 0x23, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x68, 0x6f, 0x73, 0x74, 0x73, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x6d, 0x65, - 0x74, 0x72, 0x69, 0x63, 0x73, 0x2e, 0x76, 0x31, 0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x79, 0x0a, 0x0f, 0x53, 0x65, 0x74, 0x47, 0x61, 0x75, 0x67, - 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x76, 0x61, - 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x02, 0x52, 0x03, 0x76, 0x61, 0x6c, 0x12, 0x42, 0x0a, 0x06, - 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x73, - 0x70, 0x69, 0x72, 0x65, 0x2e, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x2e, - 0x76, 0x31, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, - 0x22, 0x34, 0x0a, 0x0e, 0x45, 0x6d, 0x69, 0x74, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x02, 0x52, 0x03, 0x76, 0x61, 0x6c, 0x22, 0x7c, 0x0a, 0x12, 0x49, 0x6e, 0x63, 0x72, 0x43, 0x6f, - 0x75, 0x6e, 0x74, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x02, 0x52, 0x03, 0x76, 0x61, 0x6c, - 0x12, 0x42, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x2a, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x6d, 0x65, 0x74, 0x72, - 0x69, 0x63, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x52, 0x06, 0x6c, 0x61, - 0x62, 0x65, 0x6c, 0x73, 0x22, 0x7a, 0x0a, 0x10, 0x41, 0x64, 0x64, 0x53, 0x61, 0x6d, 0x70, 0x6c, - 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x76, 0x61, - 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x02, 0x52, 0x03, 0x76, 0x61, 0x6c, 0x12, 0x42, 0x0a, 0x06, - 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x73, - 0x70, 0x69, 0x72, 0x65, 0x2e, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x2e, - 0x76, 0x31, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, - 0x22, 0x7f, 0x0a, 0x13, 0x4d, 0x65, 0x61, 0x73, 0x75, 0x72, 0x65, 0x53, 0x69, 0x6e, 0x63, 0x65, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x03, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x69, 0x6d, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x42, 0x0a, - 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, - 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, - 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, - 0x73, 0x22, 0x31, 0x0a, 0x05, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x32, 0xd9, 0x03, 0x0a, 0x07, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, - 0x12, 0x58, 0x0a, 0x08, 0x53, 0x65, 0x74, 0x47, 0x61, 0x75, 0x67, 0x65, 0x12, 0x34, 0x2e, 0x73, - 0x70, 0x69, 0x72, 0x65, 0x2e, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x2e, - 0x76, 0x31, 0x2e, 0x53, 0x65, 0x74, 0x47, 0x61, 0x75, 0x67, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x56, 0x0a, 0x07, 0x45, 0x6d, - 0x69, 0x74, 0x4b, 0x65, 0x79, 0x12, 0x33, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x68, 0x6f, - 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, - 0x2e, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6d, 0x69, 0x74, - 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, - 0x74, 0x79, 0x12, 0x5e, 0x0a, 0x0b, 0x49, 0x6e, 0x63, 0x72, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x65, - 0x72, 0x12, 0x37, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x6d, 0x65, 0x74, - 0x72, 0x69, 0x63, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x49, 0x6e, 0x63, 0x72, 0x43, 0x6f, 0x75, 0x6e, - 0x74, 0x65, 0x72, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, - 0x74, 0x79, 0x12, 0x5a, 0x0a, 0x09, 0x41, 0x64, 0x64, 0x53, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x12, - 0x35, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x6d, 0x65, 0x74, 0x72, 0x69, - 0x63, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x64, 0x64, 0x53, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x60, - 0x0a, 0x0c, 0x4d, 0x65, 0x61, 0x73, 0x75, 0x72, 0x65, 0x53, 0x69, 0x6e, 0x63, 0x65, 0x12, 0x38, - 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, - 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x61, 0x73, 0x75, 0x72, 0x65, 0x53, 0x69, 0x6e, 0x63, - 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, - 0x42, 0x58, 0x5a, 0x56, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, - 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x70, 0x6c, 0x75, 0x67, - 0x69, 0x6e, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, - 0x72, 0x65, 0x2f, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x63, - 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x2f, 0x76, 0x31, - 0x3b, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, -} +const file_spire_hostservice_common_metrics_v1_metrics_proto_rawDesc = "" + + "\n" + + "1spire/hostservice/common/metrics/v1/metrics.proto\x12#spire.hostservice.common.metrics.v1\x1a\x1bgoogle/protobuf/empty.proto\"y\n" + + "\x0fSetGaugeRequest\x12\x10\n" + + "\x03key\x18\x01 \x03(\tR\x03key\x12\x10\n" + + "\x03val\x18\x02 \x01(\x02R\x03val\x12B\n" + + "\x06labels\x18\x03 \x03(\v2*.spire.hostservice.common.metrics.v1.LabelR\x06labels\"4\n" + + "\x0eEmitKeyRequest\x12\x10\n" + + "\x03key\x18\x01 \x03(\tR\x03key\x12\x10\n" + + "\x03val\x18\x02 \x01(\x02R\x03val\"|\n" + + "\x12IncrCounterRequest\x12\x10\n" + + "\x03key\x18\x01 \x03(\tR\x03key\x12\x10\n" + + "\x03val\x18\x02 \x01(\x02R\x03val\x12B\n" + + "\x06labels\x18\x03 \x03(\v2*.spire.hostservice.common.metrics.v1.LabelR\x06labels\"z\n" + + "\x10AddSampleRequest\x12\x10\n" + + "\x03key\x18\x01 \x03(\tR\x03key\x12\x10\n" + + "\x03val\x18\x02 \x01(\x02R\x03val\x12B\n" + + "\x06labels\x18\x03 \x03(\v2*.spire.hostservice.common.metrics.v1.LabelR\x06labels\"\x7f\n" + + "\x13MeasureSinceRequest\x12\x10\n" + + "\x03key\x18\x01 \x03(\tR\x03key\x12\x12\n" + + "\x04time\x18\x02 \x01(\x03R\x04time\x12B\n" + + "\x06labels\x18\x03 \x03(\v2*.spire.hostservice.common.metrics.v1.LabelR\x06labels\"1\n" + + "\x05Label\x12\x12\n" + + "\x04name\x18\x01 \x01(\tR\x04name\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value2\xd9\x03\n" + + "\aMetrics\x12X\n" + + "\bSetGauge\x124.spire.hostservice.common.metrics.v1.SetGaugeRequest\x1a\x16.google.protobuf.Empty\x12V\n" + + "\aEmitKey\x123.spire.hostservice.common.metrics.v1.EmitKeyRequest\x1a\x16.google.protobuf.Empty\x12^\n" + + "\vIncrCounter\x127.spire.hostservice.common.metrics.v1.IncrCounterRequest\x1a\x16.google.protobuf.Empty\x12Z\n" + + "\tAddSample\x125.spire.hostservice.common.metrics.v1.AddSampleRequest\x1a\x16.google.protobuf.Empty\x12`\n" + + "\fMeasureSince\x128.spire.hostservice.common.metrics.v1.MeasureSinceRequest\x1a\x16.google.protobuf.EmptyBXZVgithub.com/spiffe/spire-plugin-sdk/proto/spire/hostservice/common/metrics/v1;metricsv1b\x06proto3" var ( file_spire_hostservice_common_metrics_v1_metrics_proto_rawDescOnce sync.Once - file_spire_hostservice_common_metrics_v1_metrics_proto_rawDescData = file_spire_hostservice_common_metrics_v1_metrics_proto_rawDesc + file_spire_hostservice_common_metrics_v1_metrics_proto_rawDescData []byte ) func file_spire_hostservice_common_metrics_v1_metrics_proto_rawDescGZIP() []byte { file_spire_hostservice_common_metrics_v1_metrics_proto_rawDescOnce.Do(func() { - file_spire_hostservice_common_metrics_v1_metrics_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_hostservice_common_metrics_v1_metrics_proto_rawDescData) + file_spire_hostservice_common_metrics_v1_metrics_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_hostservice_common_metrics_v1_metrics_proto_rawDesc), len(file_spire_hostservice_common_metrics_v1_metrics_proto_rawDesc))) }) return file_spire_hostservice_common_metrics_v1_metrics_proto_rawDescData } var file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes = make([]protoimpl.MessageInfo, 6) -var file_spire_hostservice_common_metrics_v1_metrics_proto_goTypes = []interface{}{ +var file_spire_hostservice_common_metrics_v1_metrics_proto_goTypes = []any{ (*SetGaugeRequest)(nil), // 0: spire.hostservice.common.metrics.v1.SetGaugeRequest (*EmitKeyRequest)(nil), // 1: spire.hostservice.common.metrics.v1.EmitKeyRequest (*IncrCounterRequest)(nil), // 2: spire.hostservice.common.metrics.v1.IncrCounterRequest @@ -535,85 +465,11 @@ func file_spire_hostservice_common_metrics_v1_metrics_proto_init() { if File_spire_hostservice_common_metrics_v1_metrics_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SetGaugeRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EmitKeyRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IncrCounterRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AddSampleRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MeasureSinceRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Label); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_hostservice_common_metrics_v1_metrics_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_hostservice_common_metrics_v1_metrics_proto_rawDesc), len(file_spire_hostservice_common_metrics_v1_metrics_proto_rawDesc)), NumEnums: 0, NumMessages: 6, NumExtensions: 0, @@ -624,7 +480,6 @@ func file_spire_hostservice_common_metrics_v1_metrics_proto_init() { MessageInfos: file_spire_hostservice_common_metrics_v1_metrics_proto_msgTypes, }.Build() File_spire_hostservice_common_metrics_v1_metrics_proto = out.File - file_spire_hostservice_common_metrics_v1_metrics_proto_rawDesc = nil file_spire_hostservice_common_metrics_v1_metrics_proto_goTypes = nil file_spire_hostservice_common_metrics_v1_metrics_proto_depIdxs = nil } diff --git a/proto/spire/hostservice/common/metrics/v1/metrics_grpc.pb.go b/proto/spire/hostservice/common/metrics/v1/metrics_grpc.pb.go index c66261a..6f32cbc 100644 --- a/proto/spire/hostservice/common/metrics/v1/metrics_grpc.pb.go +++ b/proto/spire/hostservice/common/metrics/v1/metrics_grpc.pb.go @@ -1,4 +1,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: spire/hostservice/common/metrics/v1/metrics.proto package metricsv1 @@ -12,8 +16,16 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + Metrics_SetGauge_FullMethodName = "/spire.hostservice.common.metrics.v1.Metrics/SetGauge" + Metrics_EmitKey_FullMethodName = "/spire.hostservice.common.metrics.v1.Metrics/EmitKey" + Metrics_IncrCounter_FullMethodName = "/spire.hostservice.common.metrics.v1.Metrics/IncrCounter" + Metrics_AddSample_FullMethodName = "/spire.hostservice.common.metrics.v1.Metrics/AddSample" + Metrics_MeasureSince_FullMethodName = "/spire.hostservice.common.metrics.v1.Metrics/MeasureSince" +) // MetricsClient is the client API for Metrics service. // @@ -42,8 +54,9 @@ func NewMetricsClient(cc grpc.ClientConnInterface) MetricsClient { } func (c *metricsClient) SetGauge(ctx context.Context, in *SetGaugeRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(emptypb.Empty) - err := c.cc.Invoke(ctx, "/spire.hostservice.common.metrics.v1.Metrics/SetGauge", in, out, opts...) + err := c.cc.Invoke(ctx, Metrics_SetGauge_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -51,8 +64,9 @@ func (c *metricsClient) SetGauge(ctx context.Context, in *SetGaugeRequest, opts } func (c *metricsClient) EmitKey(ctx context.Context, in *EmitKeyRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(emptypb.Empty) - err := c.cc.Invoke(ctx, "/spire.hostservice.common.metrics.v1.Metrics/EmitKey", in, out, opts...) + err := c.cc.Invoke(ctx, Metrics_EmitKey_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -60,8 +74,9 @@ func (c *metricsClient) EmitKey(ctx context.Context, in *EmitKeyRequest, opts .. } func (c *metricsClient) IncrCounter(ctx context.Context, in *IncrCounterRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(emptypb.Empty) - err := c.cc.Invoke(ctx, "/spire.hostservice.common.metrics.v1.Metrics/IncrCounter", in, out, opts...) + err := c.cc.Invoke(ctx, Metrics_IncrCounter_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -69,8 +84,9 @@ func (c *metricsClient) IncrCounter(ctx context.Context, in *IncrCounterRequest, } func (c *metricsClient) AddSample(ctx context.Context, in *AddSampleRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(emptypb.Empty) - err := c.cc.Invoke(ctx, "/spire.hostservice.common.metrics.v1.Metrics/AddSample", in, out, opts...) + err := c.cc.Invoke(ctx, Metrics_AddSample_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -78,8 +94,9 @@ func (c *metricsClient) AddSample(ctx context.Context, in *AddSampleRequest, opt } func (c *metricsClient) MeasureSince(ctx context.Context, in *MeasureSinceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(emptypb.Empty) - err := c.cc.Invoke(ctx, "/spire.hostservice.common.metrics.v1.Metrics/MeasureSince", in, out, opts...) + err := c.cc.Invoke(ctx, Metrics_MeasureSince_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -88,7 +105,7 @@ func (c *metricsClient) MeasureSince(ctx context.Context, in *MeasureSinceReques // MetricsServer is the server API for Metrics service. // All implementations must embed UnimplementedMetricsServer -// for forward compatibility +// for forward compatibility. type MetricsServer interface { // Sets a gauge to the specified value with zero or more labels. SetGauge(context.Context, *SetGaugeRequest) (*emptypb.Empty, error) @@ -105,9 +122,12 @@ type MetricsServer interface { mustEmbedUnimplementedMetricsServer() } -// UnimplementedMetricsServer must be embedded to have forward compatible implementations. -type UnimplementedMetricsServer struct { -} +// UnimplementedMetricsServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedMetricsServer struct{} func (UnimplementedMetricsServer) SetGauge(context.Context, *SetGaugeRequest) (*emptypb.Empty, error) { return nil, status.Errorf(codes.Unimplemented, "method SetGauge not implemented") @@ -125,6 +145,7 @@ func (UnimplementedMetricsServer) MeasureSince(context.Context, *MeasureSinceReq return nil, status.Errorf(codes.Unimplemented, "method MeasureSince not implemented") } func (UnimplementedMetricsServer) mustEmbedUnimplementedMetricsServer() {} +func (UnimplementedMetricsServer) testEmbeddedByValue() {} // UnsafeMetricsServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to MetricsServer will @@ -134,6 +155,13 @@ type UnsafeMetricsServer interface { } func RegisterMetricsServer(s grpc.ServiceRegistrar, srv MetricsServer) { + // If the following call pancis, it indicates UnimplementedMetricsServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&Metrics_ServiceDesc, srv) } @@ -147,7 +175,7 @@ func _Metrics_SetGauge_Handler(srv interface{}, ctx context.Context, dec func(in } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.hostservice.common.metrics.v1.Metrics/SetGauge", + FullMethod: Metrics_SetGauge_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(MetricsServer).SetGauge(ctx, req.(*SetGaugeRequest)) @@ -165,7 +193,7 @@ func _Metrics_EmitKey_Handler(srv interface{}, ctx context.Context, dec func(int } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.hostservice.common.metrics.v1.Metrics/EmitKey", + FullMethod: Metrics_EmitKey_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(MetricsServer).EmitKey(ctx, req.(*EmitKeyRequest)) @@ -183,7 +211,7 @@ func _Metrics_IncrCounter_Handler(srv interface{}, ctx context.Context, dec func } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.hostservice.common.metrics.v1.Metrics/IncrCounter", + FullMethod: Metrics_IncrCounter_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(MetricsServer).IncrCounter(ctx, req.(*IncrCounterRequest)) @@ -201,7 +229,7 @@ func _Metrics_AddSample_Handler(srv interface{}, ctx context.Context, dec func(i } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.hostservice.common.metrics.v1.Metrics/AddSample", + FullMethod: Metrics_AddSample_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(MetricsServer).AddSample(ctx, req.(*AddSampleRequest)) @@ -219,7 +247,7 @@ func _Metrics_MeasureSince_Handler(srv interface{}, ctx context.Context, dec fun } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.hostservice.common.metrics.v1.Metrics/MeasureSince", + FullMethod: Metrics_MeasureSince_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(MetricsServer).MeasureSince(ctx, req.(*MeasureSinceRequest)) diff --git a/proto/spire/hostservice/server/agentstore/v1/agentstore.pb.go b/proto/spire/hostservice/server/agentstore/v1/agentstore.pb.go index a29ea98..476b993 100644 --- a/proto/spire/hostservice/server/agentstore/v1/agentstore.pb.go +++ b/proto/spire/hostservice/server/agentstore/v1/agentstore.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: spire/hostservice/server/agentstore/v1/agentstore.proto package agentstorev1 @@ -11,6 +11,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -21,21 +22,18 @@ const ( ) type GetAgentInfoRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The ID of the agent to get information for. - AgentId string `protobuf:"bytes,1,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"` + AgentId string `protobuf:"bytes,1,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GetAgentInfoRequest) Reset() { *x = GetAgentInfoRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_hostservice_server_agentstore_v1_agentstore_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_hostservice_server_agentstore_v1_agentstore_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetAgentInfoRequest) String() string { @@ -46,7 +44,7 @@ func (*GetAgentInfoRequest) ProtoMessage() {} func (x *GetAgentInfoRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_hostservice_server_agentstore_v1_agentstore_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -69,21 +67,18 @@ func (x *GetAgentInfoRequest) GetAgentId() string { } type GetAgentInfoResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The agent information. - Info *AgentInfo `protobuf:"bytes,1,opt,name=info,proto3" json:"info,omitempty"` + Info *AgentInfo `protobuf:"bytes,1,opt,name=info,proto3" json:"info,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GetAgentInfoResponse) Reset() { *x = GetAgentInfoResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_hostservice_server_agentstore_v1_agentstore_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_hostservice_server_agentstore_v1_agentstore_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetAgentInfoResponse) String() string { @@ -94,7 +89,7 @@ func (*GetAgentInfoResponse) ProtoMessage() {} func (x *GetAgentInfoResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_hostservice_server_agentstore_v1_agentstore_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -117,21 +112,18 @@ func (x *GetAgentInfoResponse) GetInfo() *AgentInfo { } type AgentInfo struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The ID of the agent. - AgentId string `protobuf:"bytes,1,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"` + AgentId string `protobuf:"bytes,1,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *AgentInfo) Reset() { *x = AgentInfo{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_hostservice_server_agentstore_v1_agentstore_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_hostservice_server_agentstore_v1_agentstore_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *AgentInfo) String() string { @@ -142,7 +134,7 @@ func (*AgentInfo) ProtoMessage() {} func (x *AgentInfo) ProtoReflect() protoreflect.Message { mi := &file_spire_hostservice_server_agentstore_v1_agentstore_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -166,57 +158,33 @@ func (x *AgentInfo) GetAgentId() string { var File_spire_hostservice_server_agentstore_v1_agentstore_proto protoreflect.FileDescriptor -var file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDesc = []byte{ - 0x0a, 0x37, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x61, 0x67, 0x65, 0x6e, 0x74, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x74, - 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x26, 0x73, 0x70, 0x69, 0x72, 0x65, - 0x2e, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x73, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x76, - 0x31, 0x22, 0x30, 0x0a, 0x13, 0x47, 0x65, 0x74, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x49, 0x6e, 0x66, - 0x6f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x19, 0x0a, 0x08, 0x61, 0x67, 0x65, 0x6e, - 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x67, 0x65, 0x6e, - 0x74, 0x49, 0x64, 0x22, 0x5d, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x49, - 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x45, 0x0a, 0x04, 0x69, - 0x6e, 0x66, 0x6f, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x73, 0x70, 0x69, 0x72, - 0x65, 0x2e, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, - 0x76, 0x31, 0x2e, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x04, 0x69, 0x6e, - 0x66, 0x6f, 0x22, 0x26, 0x0a, 0x09, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x12, - 0x19, 0x0a, 0x08, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x07, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x32, 0x98, 0x01, 0x0a, 0x0a, 0x41, - 0x67, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x12, 0x89, 0x01, 0x0a, 0x0c, 0x47, 0x65, - 0x74, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x3b, 0x2e, 0x73, 0x70, 0x69, - 0x72, 0x65, 0x2e, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x74, 0x6f, 0x72, 0x65, - 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x49, 0x6e, 0x66, 0x6f, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3c, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, - 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, - 0x2e, 0x47, 0x65, 0x74, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x5e, 0x5a, 0x5c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, - 0x2d, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x61, 0x67, 0x65, 0x6e, 0x74, - 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x76, 0x31, 0x3b, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x74, - 0x6f, 0x72, 0x65, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +const file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDesc = "" + + "\n" + + "7spire/hostservice/server/agentstore/v1/agentstore.proto\x12&spire.hostservice.server.agentstore.v1\"0\n" + + "\x13GetAgentInfoRequest\x12\x19\n" + + "\bagent_id\x18\x01 \x01(\tR\aagentId\"]\n" + + "\x14GetAgentInfoResponse\x12E\n" + + "\x04info\x18\x01 \x01(\v21.spire.hostservice.server.agentstore.v1.AgentInfoR\x04info\"&\n" + + "\tAgentInfo\x12\x19\n" + + "\bagent_id\x18\x01 \x01(\tR\aagentId2\x98\x01\n" + + "\n" + + "AgentStore\x12\x89\x01\n" + + "\fGetAgentInfo\x12;.spire.hostservice.server.agentstore.v1.GetAgentInfoRequest\x1a<.spire.hostservice.server.agentstore.v1.GetAgentInfoResponseB^Z\\github.com/spiffe/spire-plugin-sdk/proto/spire/hostservice/server/agentstore/v1;agentstorev1b\x06proto3" var ( file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDescOnce sync.Once - file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDescData = file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDesc + file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDescData []byte ) func file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDescGZIP() []byte { file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDescOnce.Do(func() { - file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDescData) + file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDesc), len(file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDesc))) }) return file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDescData } var file_spire_hostservice_server_agentstore_v1_agentstore_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_spire_hostservice_server_agentstore_v1_agentstore_proto_goTypes = []interface{}{ +var file_spire_hostservice_server_agentstore_v1_agentstore_proto_goTypes = []any{ (*GetAgentInfoRequest)(nil), // 0: spire.hostservice.server.agentstore.v1.GetAgentInfoRequest (*GetAgentInfoResponse)(nil), // 1: spire.hostservice.server.agentstore.v1.GetAgentInfoResponse (*AgentInfo)(nil), // 2: spire.hostservice.server.agentstore.v1.AgentInfo @@ -237,49 +205,11 @@ func file_spire_hostservice_server_agentstore_v1_agentstore_proto_init() { if File_spire_hostservice_server_agentstore_v1_agentstore_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_spire_hostservice_server_agentstore_v1_agentstore_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GetAgentInfoRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_hostservice_server_agentstore_v1_agentstore_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GetAgentInfoResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_hostservice_server_agentstore_v1_agentstore_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AgentInfo); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDesc), len(file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDesc)), NumEnums: 0, NumMessages: 3, NumExtensions: 0, @@ -290,7 +220,6 @@ func file_spire_hostservice_server_agentstore_v1_agentstore_proto_init() { MessageInfos: file_spire_hostservice_server_agentstore_v1_agentstore_proto_msgTypes, }.Build() File_spire_hostservice_server_agentstore_v1_agentstore_proto = out.File - file_spire_hostservice_server_agentstore_v1_agentstore_proto_rawDesc = nil file_spire_hostservice_server_agentstore_v1_agentstore_proto_goTypes = nil file_spire_hostservice_server_agentstore_v1_agentstore_proto_depIdxs = nil } diff --git a/proto/spire/hostservice/server/agentstore/v1/agentstore_grpc.pb.go b/proto/spire/hostservice/server/agentstore/v1/agentstore_grpc.pb.go index 9ff9148..01e3208 100644 --- a/proto/spire/hostservice/server/agentstore/v1/agentstore_grpc.pb.go +++ b/proto/spire/hostservice/server/agentstore/v1/agentstore_grpc.pb.go @@ -1,4 +1,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: spire/hostservice/server/agentstore/v1/agentstore.proto package agentstorev1 @@ -11,8 +15,12 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + AgentStore_GetAgentInfo_FullMethodName = "/spire.hostservice.server.agentstore.v1.AgentStore/GetAgentInfo" +) // AgentStoreClient is the client API for AgentStore service. // @@ -34,8 +42,9 @@ func NewAgentStoreClient(cc grpc.ClientConnInterface) AgentStoreClient { } func (c *agentStoreClient) GetAgentInfo(ctx context.Context, in *GetAgentInfoRequest, opts ...grpc.CallOption) (*GetAgentInfoResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(GetAgentInfoResponse) - err := c.cc.Invoke(ctx, "/spire.hostservice.server.agentstore.v1.AgentStore/GetAgentInfo", in, out, opts...) + err := c.cc.Invoke(ctx, AgentStore_GetAgentInfo_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -44,7 +53,7 @@ func (c *agentStoreClient) GetAgentInfo(ctx context.Context, in *GetAgentInfoReq // AgentStoreServer is the server API for AgentStore service. // All implementations must embed UnimplementedAgentStoreServer -// for forward compatibility +// for forward compatibility. type AgentStoreServer interface { // Gets the information associated with the given agent ID. If the given // agent is not attested, NOT_FOUND is returned. This RPC is currently @@ -54,14 +63,18 @@ type AgentStoreServer interface { mustEmbedUnimplementedAgentStoreServer() } -// UnimplementedAgentStoreServer must be embedded to have forward compatible implementations. -type UnimplementedAgentStoreServer struct { -} +// UnimplementedAgentStoreServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedAgentStoreServer struct{} func (UnimplementedAgentStoreServer) GetAgentInfo(context.Context, *GetAgentInfoRequest) (*GetAgentInfoResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method GetAgentInfo not implemented") } func (UnimplementedAgentStoreServer) mustEmbedUnimplementedAgentStoreServer() {} +func (UnimplementedAgentStoreServer) testEmbeddedByValue() {} // UnsafeAgentStoreServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to AgentStoreServer will @@ -71,6 +84,13 @@ type UnsafeAgentStoreServer interface { } func RegisterAgentStoreServer(s grpc.ServiceRegistrar, srv AgentStoreServer) { + // If the following call pancis, it indicates UnimplementedAgentStoreServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&AgentStore_ServiceDesc, srv) } @@ -84,7 +104,7 @@ func _AgentStore_GetAgentInfo_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.hostservice.server.agentstore.v1.AgentStore/GetAgentInfo", + FullMethod: AgentStore_GetAgentInfo_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(AgentStoreServer).GetAgentInfo(ctx, req.(*GetAgentInfoRequest)) diff --git a/proto/spire/hostservice/server/identityprovider/v1/identityprovider.pb.go b/proto/spire/hostservice/server/identityprovider/v1/identityprovider.pb.go index 0730c40..59b8c62 100644 --- a/proto/spire/hostservice/server/identityprovider/v1/identityprovider.pb.go +++ b/proto/spire/hostservice/server/identityprovider/v1/identityprovider.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: spire/hostservice/server/identityprovider/v1/identityprovider.proto package identityproviderv1 @@ -12,6 +12,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -22,18 +23,16 @@ const ( ) type FetchX509IdentityRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *FetchX509IdentityRequest) Reset() { *x = FetchX509IdentityRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *FetchX509IdentityRequest) String() string { @@ -44,7 +43,7 @@ func (*FetchX509IdentityRequest) ProtoMessage() {} func (x *FetchX509IdentityRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -60,23 +59,20 @@ func (*FetchX509IdentityRequest) Descriptor() ([]byte, []int) { } type FetchX509IdentityResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The X.509 identity. Identity *X509Identity `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` // Required. The bundle of the trust domain. - Bundle *types.Bundle `protobuf:"bytes,2,opt,name=bundle,proto3" json:"bundle,omitempty"` + Bundle *types.Bundle `protobuf:"bytes,2,opt,name=bundle,proto3" json:"bundle,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *FetchX509IdentityResponse) Reset() { *x = FetchX509IdentityResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *FetchX509IdentityResponse) String() string { @@ -87,7 +83,7 @@ func (*FetchX509IdentityResponse) ProtoMessage() {} func (x *FetchX509IdentityResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -117,24 +113,21 @@ func (x *FetchX509IdentityResponse) GetBundle() *types.Bundle { } type X509Identity struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The certificate chain (ASN.1 encoded). The first certificate // in the chain is the leaf (e.g. the X509-SVID). CertChain [][]byte `protobuf:"bytes,1,rep,name=cert_chain,json=certChain,proto3" json:"cert_chain,omitempty"` // Required. The private key for the identity (PKCS #8 encoded). - PrivateKey []byte `protobuf:"bytes,2,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` + PrivateKey []byte `protobuf:"bytes,2,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *X509Identity) Reset() { *x = X509Identity{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *X509Identity) String() string { @@ -145,7 +138,7 @@ func (*X509Identity) ProtoMessage() {} func (x *X509Identity) ProtoReflect() protoreflect.Message { mi := &file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -176,69 +169,35 @@ func (x *X509Identity) GetPrivateKey() []byte { var File_spire_hostservice_server_identityprovider_v1_identityprovider_proto protoreflect.FileDescriptor -var file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDesc = []byte{ - 0x0a, 0x43, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x69, 0x64, 0x65, 0x6e, 0x74, - 0x69, 0x74, 0x79, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x2f, 0x76, 0x31, 0x2f, 0x69, - 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x2c, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x68, 0x6f, 0x73, - 0x74, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, - 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, - 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, - 0x6e, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x1a, 0x0a, 0x18, 0x46, 0x65, 0x74, 0x63, 0x68, 0x58, 0x35, 0x30, - 0x39, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x22, 0xa7, 0x01, 0x0a, 0x19, 0x46, 0x65, 0x74, 0x63, 0x68, 0x58, 0x35, 0x30, 0x39, 0x49, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x56, - 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x3a, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x69, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x74, 0x79, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, - 0x58, 0x35, 0x30, 0x39, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x08, 0x69, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x32, 0x0a, 0x06, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, - 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x42, 0x75, 0x6e, 0x64, - 0x6c, 0x65, 0x52, 0x06, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x22, 0x4e, 0x0a, 0x0c, 0x58, 0x35, - 0x30, 0x39, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x65, - 0x72, 0x74, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x52, 0x09, - 0x63, 0x65, 0x72, 0x74, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x69, - 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, - 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x32, 0xb9, 0x01, 0x0a, 0x10, 0x49, - 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, - 0xa4, 0x01, 0x0a, 0x11, 0x46, 0x65, 0x74, 0x63, 0x68, 0x58, 0x35, 0x30, 0x39, 0x49, 0x64, 0x65, - 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x46, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x68, 0x6f, - 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, - 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x46, 0x65, 0x74, 0x63, 0x68, 0x58, 0x35, 0x30, 0x39, 0x49, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x47, 0x2e, - 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, - 0x79, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x46, 0x65, 0x74, - 0x63, 0x68, 0x58, 0x35, 0x30, 0x39, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x6a, 0x5a, 0x68, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, - 0x65, 0x2d, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x69, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x74, 0x79, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x2f, 0x76, 0x31, 0x3b, - 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, - 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +const file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDesc = "" + + "\n" + + "Cspire/hostservice/server/identityprovider/v1/identityprovider.proto\x12,spire.hostservice.server.identityprovider.v1\x1a\x1fspire/plugin/types/bundle.proto\"\x1a\n" + + "\x18FetchX509IdentityRequest\"\xa7\x01\n" + + "\x19FetchX509IdentityResponse\x12V\n" + + "\bidentity\x18\x01 \x01(\v2:.spire.hostservice.server.identityprovider.v1.X509IdentityR\bidentity\x122\n" + + "\x06bundle\x18\x02 \x01(\v2\x1a.spire.plugin.types.BundleR\x06bundle\"N\n" + + "\fX509Identity\x12\x1d\n" + + "\n" + + "cert_chain\x18\x01 \x03(\fR\tcertChain\x12\x1f\n" + + "\vprivate_key\x18\x02 \x01(\fR\n" + + "privateKey2\xb9\x01\n" + + "\x10IdentityProvider\x12\xa4\x01\n" + + "\x11FetchX509Identity\x12F.spire.hostservice.server.identityprovider.v1.FetchX509IdentityRequest\x1aG.spire.hostservice.server.identityprovider.v1.FetchX509IdentityResponseBjZhgithub.com/spiffe/spire-plugin-sdk/proto/spire/hostservice/server/identityprovider/v1;identityproviderv1b\x06proto3" var ( file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDescOnce sync.Once - file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDescData = file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDesc + file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDescData []byte ) func file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDescGZIP() []byte { file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDescOnce.Do(func() { - file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDescData) + file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDesc), len(file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDesc))) }) return file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDescData } var file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_goTypes = []interface{}{ +var file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_goTypes = []any{ (*FetchX509IdentityRequest)(nil), // 0: spire.hostservice.server.identityprovider.v1.FetchX509IdentityRequest (*FetchX509IdentityResponse)(nil), // 1: spire.hostservice.server.identityprovider.v1.FetchX509IdentityResponse (*X509Identity)(nil), // 2: spire.hostservice.server.identityprovider.v1.X509Identity @@ -261,49 +220,11 @@ func file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_in if File_spire_hostservice_server_identityprovider_v1_identityprovider_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FetchX509IdentityRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*FetchX509IdentityResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*X509Identity); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDesc), len(file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDesc)), NumEnums: 0, NumMessages: 3, NumExtensions: 0, @@ -314,7 +235,6 @@ func file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_in MessageInfos: file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_msgTypes, }.Build() File_spire_hostservice_server_identityprovider_v1_identityprovider_proto = out.File - file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_rawDesc = nil file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_goTypes = nil file_spire_hostservice_server_identityprovider_v1_identityprovider_proto_depIdxs = nil } diff --git a/proto/spire/hostservice/server/identityprovider/v1/identityprovider_grpc.pb.go b/proto/spire/hostservice/server/identityprovider/v1/identityprovider_grpc.pb.go index d11f3a6..4d2daf6 100644 --- a/proto/spire/hostservice/server/identityprovider/v1/identityprovider_grpc.pb.go +++ b/proto/spire/hostservice/server/identityprovider/v1/identityprovider_grpc.pb.go @@ -1,4 +1,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: spire/hostservice/server/identityprovider/v1/identityprovider.proto package identityproviderv1 @@ -11,8 +15,12 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + IdentityProvider_FetchX509Identity_FullMethodName = "/spire.hostservice.server.identityprovider.v1.IdentityProvider/FetchX509Identity" +) // IdentityProviderClient is the client API for IdentityProvider service. // @@ -33,8 +41,9 @@ func NewIdentityProviderClient(cc grpc.ClientConnInterface) IdentityProviderClie } func (c *identityProviderClient) FetchX509Identity(ctx context.Context, in *FetchX509IdentityRequest, opts ...grpc.CallOption) (*FetchX509IdentityResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(FetchX509IdentityResponse) - err := c.cc.Invoke(ctx, "/spire.hostservice.server.identityprovider.v1.IdentityProvider/FetchX509Identity", in, out, opts...) + err := c.cc.Invoke(ctx, IdentityProvider_FetchX509Identity_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -43,7 +52,7 @@ func (c *identityProviderClient) FetchX509Identity(ctx context.Context, in *Fetc // IdentityProviderServer is the server API for IdentityProvider service. // All implementations must embed UnimplementedIdentityProviderServer -// for forward compatibility +// for forward compatibility. type IdentityProviderServer interface { // Fetches an X.509 identity (i.e. X509-SVID) that the caller can use to // authenticate with other members of the trust domain. Also returns the @@ -52,14 +61,18 @@ type IdentityProviderServer interface { mustEmbedUnimplementedIdentityProviderServer() } -// UnimplementedIdentityProviderServer must be embedded to have forward compatible implementations. -type UnimplementedIdentityProviderServer struct { -} +// UnimplementedIdentityProviderServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedIdentityProviderServer struct{} func (UnimplementedIdentityProviderServer) FetchX509Identity(context.Context, *FetchX509IdentityRequest) (*FetchX509IdentityResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method FetchX509Identity not implemented") } func (UnimplementedIdentityProviderServer) mustEmbedUnimplementedIdentityProviderServer() {} +func (UnimplementedIdentityProviderServer) testEmbeddedByValue() {} // UnsafeIdentityProviderServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to IdentityProviderServer will @@ -69,6 +82,13 @@ type UnsafeIdentityProviderServer interface { } func RegisterIdentityProviderServer(s grpc.ServiceRegistrar, srv IdentityProviderServer) { + // If the following call pancis, it indicates UnimplementedIdentityProviderServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&IdentityProvider_ServiceDesc, srv) } @@ -82,7 +102,7 @@ func _IdentityProvider_FetchX509Identity_Handler(srv interface{}, ctx context.Co } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.hostservice.server.identityprovider.v1.IdentityProvider/FetchX509Identity", + FullMethod: IdentityProvider_FetchX509Identity_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(IdentityProviderServer).FetchX509Identity(ctx, req.(*FetchX509IdentityRequest)) diff --git a/proto/spire/plugin/agent/keymanager/v1/keymanager.pb.go b/proto/spire/plugin/agent/keymanager/v1/keymanager.pb.go index ee03a0b..815ae3b 100644 --- a/proto/spire/plugin/agent/keymanager/v1/keymanager.pb.go +++ b/proto/spire/plugin/agent/keymanager/v1/keymanager.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: spire/plugin/agent/keymanager/v1/keymanager.proto package keymanagerv1 @@ -11,6 +11,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -151,10 +152,7 @@ func (HashAlgorithm) EnumDescriptor() ([]byte, []int) { } type PublicKey struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The ID of the key, as provided when the key was created. Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // Required. The type of the key. @@ -180,16 +178,16 @@ type PublicKey struct { // // The fingerprinting algorithm is also left to plugin implementations. A // native implementation is a non-cryptographic hash over the PKIX data. - Fingerprint string `protobuf:"bytes,4,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"` + Fingerprint string `protobuf:"bytes,4,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *PublicKey) Reset() { *x = PublicKey{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *PublicKey) String() string { @@ -200,7 +198,7 @@ func (*PublicKey) ProtoMessage() {} func (x *PublicKey) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -244,24 +242,21 @@ func (x *PublicKey) GetFingerprint() string { } type GenerateKeyRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The ID to give the generated key (or to identify the existing // key to overwrite (see GenerateKey). KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` // Required. The type of the key to generate. - KeyType KeyType `protobuf:"varint,2,opt,name=key_type,json=keyType,proto3,enum=spire.plugin.agent.keymanager.v1.KeyType" json:"key_type,omitempty"` + KeyType KeyType `protobuf:"varint,2,opt,name=key_type,json=keyType,proto3,enum=spire.plugin.agent.keymanager.v1.KeyType" json:"key_type,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GenerateKeyRequest) Reset() { *x = GenerateKeyRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GenerateKeyRequest) String() string { @@ -272,7 +267,7 @@ func (*GenerateKeyRequest) ProtoMessage() {} func (x *GenerateKeyRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -302,21 +297,18 @@ func (x *GenerateKeyRequest) GetKeyType() KeyType { } type GenerateKeyResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The generated key. - PublicKey *PublicKey `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` + PublicKey *PublicKey `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GenerateKeyResponse) Reset() { *x = GenerateKeyResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GenerateKeyResponse) String() string { @@ -327,7 +319,7 @@ func (*GenerateKeyResponse) ProtoMessage() {} func (x *GenerateKeyResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -350,21 +342,18 @@ func (x *GenerateKeyResponse) GetPublicKey() *PublicKey { } type GetPublicKeyRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The ID of the key to retrieve. - KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` + KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GetPublicKeyRequest) Reset() { *x = GetPublicKeyRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetPublicKeyRequest) String() string { @@ -375,7 +364,7 @@ func (*GetPublicKeyRequest) ProtoMessage() {} func (x *GetPublicKeyRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -398,21 +387,18 @@ func (x *GetPublicKeyRequest) GetKeyId() string { } type GetPublicKeyResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The public key to return. - PublicKey *PublicKey `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` + PublicKey *PublicKey `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GetPublicKeyResponse) Reset() { *x = GetPublicKeyResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetPublicKeyResponse) String() string { @@ -423,7 +409,7 @@ func (*GetPublicKeyResponse) ProtoMessage() {} func (x *GetPublicKeyResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -446,18 +432,16 @@ func (x *GetPublicKeyResponse) GetPublicKey() *PublicKey { } type GetPublicKeysRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GetPublicKeysRequest) Reset() { *x = GetPublicKeysRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetPublicKeysRequest) String() string { @@ -468,7 +452,7 @@ func (*GetPublicKeysRequest) ProtoMessage() {} func (x *GetPublicKeysRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -484,21 +468,18 @@ func (*GetPublicKeysRequest) Descriptor() ([]byte, []int) { } type GetPublicKeysResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The public keys managed by the KeyManager. May be empty. - PublicKeys []*PublicKey `protobuf:"bytes,1,rep,name=public_keys,json=publicKeys,proto3" json:"public_keys,omitempty"` + PublicKeys []*PublicKey `protobuf:"bytes,1,rep,name=public_keys,json=publicKeys,proto3" json:"public_keys,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GetPublicKeysResponse) Reset() { *x = GetPublicKeysResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetPublicKeysResponse) String() string { @@ -509,7 +490,7 @@ func (*GetPublicKeysResponse) ProtoMessage() {} func (x *GetPublicKeysResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -532,10 +513,7 @@ func (x *GetPublicKeysResponse) GetPublicKeys() []*PublicKey { } type SignDataRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The ID of the key to use to sign the data. KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` // Required. The data to sign. @@ -543,19 +521,20 @@ type SignDataRequest struct { // Required. The signature options. The PSS options are only valid // for RSA keys. // - // Types that are assignable to SignerOpts: + // Types that are valid to be assigned to SignerOpts: + // // *SignDataRequest_HashAlgorithm // *SignDataRequest_PssOptions - SignerOpts isSignDataRequest_SignerOpts `protobuf_oneof:"signer_opts"` + SignerOpts isSignDataRequest_SignerOpts `protobuf_oneof:"signer_opts"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *SignDataRequest) Reset() { *x = SignDataRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *SignDataRequest) String() string { @@ -566,7 +545,7 @@ func (*SignDataRequest) ProtoMessage() {} func (x *SignDataRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -595,23 +574,27 @@ func (x *SignDataRequest) GetData() []byte { return nil } -func (m *SignDataRequest) GetSignerOpts() isSignDataRequest_SignerOpts { - if m != nil { - return m.SignerOpts +func (x *SignDataRequest) GetSignerOpts() isSignDataRequest_SignerOpts { + if x != nil { + return x.SignerOpts } return nil } func (x *SignDataRequest) GetHashAlgorithm() HashAlgorithm { - if x, ok := x.GetSignerOpts().(*SignDataRequest_HashAlgorithm); ok { - return x.HashAlgorithm + if x != nil { + if x, ok := x.SignerOpts.(*SignDataRequest_HashAlgorithm); ok { + return x.HashAlgorithm + } } return HashAlgorithm_UNSPECIFIED_HASH_ALGORITHM } func (x *SignDataRequest) GetPssOptions() *SignDataRequest_PSSOptions { - if x, ok := x.GetSignerOpts().(*SignDataRequest_PssOptions); ok { - return x.PssOptions + if x != nil { + if x, ok := x.SignerOpts.(*SignDataRequest_PssOptions); ok { + return x.PssOptions + } } return nil } @@ -633,23 +616,20 @@ func (*SignDataRequest_HashAlgorithm) isSignDataRequest_SignerOpts() {} func (*SignDataRequest_PssOptions) isSignDataRequest_SignerOpts() {} type SignDataResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The signature of the data. Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"` // Required. The fingerprint of the key used to sign the data. KeyFingerprint string `protobuf:"bytes,2,opt,name=key_fingerprint,json=keyFingerprint,proto3" json:"key_fingerprint,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *SignDataResponse) Reset() { *x = SignDataResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *SignDataResponse) String() string { @@ -660,7 +640,7 @@ func (*SignDataResponse) ProtoMessage() {} func (x *SignDataResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -690,23 +670,20 @@ func (x *SignDataResponse) GetKeyFingerprint() string { } type SignDataRequest_PSSOptions struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The salt length. SaltLength int32 `protobuf:"varint,1,opt,name=salt_length,json=saltLength,proto3" json:"salt_length,omitempty"` // Required. The hash algorithm. HashAlgorithm HashAlgorithm `protobuf:"varint,2,opt,name=hash_algorithm,json=hashAlgorithm,proto3,enum=spire.plugin.agent.keymanager.v1.HashAlgorithm" json:"hash_algorithm,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *SignDataRequest_PSSOptions) Reset() { *x = SignDataRequest_PSSOptions{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *SignDataRequest_PSSOptions) String() string { @@ -717,7 +694,7 @@ func (*SignDataRequest_PSSOptions) ProtoMessage() {} func (x *SignDataRequest_PSSOptions) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -748,156 +725,91 @@ func (x *SignDataRequest_PSSOptions) GetHashAlgorithm() HashAlgorithm { var File_spire_plugin_agent_keymanager_v1_keymanager_proto protoreflect.FileDescriptor -var file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDesc = []byte{ - 0x0a, 0x31, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x61, - 0x67, 0x65, 0x6e, 0x74, 0x2f, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2f, - 0x76, 0x31, 0x2f, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x12, 0x20, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, - 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, - 0x65, 0x72, 0x2e, 0x76, 0x31, 0x22, 0x99, 0x01, 0x0a, 0x09, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, - 0x4b, 0x65, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x02, 0x69, 0x64, 0x12, 0x3d, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x29, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, - 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, - 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x65, 0x79, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, - 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x6b, 0x69, 0x78, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x70, 0x6b, 0x69, 0x78, 0x44, 0x61, 0x74, 0x61, 0x12, - 0x20, 0x0a, 0x0b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, - 0x74, 0x22, 0x71, 0x0a, 0x12, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x15, 0x0a, 0x06, 0x6b, 0x65, 0x79, 0x5f, 0x69, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6b, 0x65, 0x79, 0x49, 0x64, 0x12, 0x44, - 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x29, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, - 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, - 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x65, 0x79, 0x54, 0x79, 0x70, 0x65, 0x52, 0x07, 0x6b, 0x65, 0x79, - 0x54, 0x79, 0x70, 0x65, 0x22, 0x61, 0x0a, 0x13, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, - 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4a, 0x0a, 0x0a, 0x70, - 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x2b, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, - 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, - 0x76, 0x31, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x09, 0x70, 0x75, - 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x22, 0x2c, 0x0a, 0x13, 0x47, 0x65, 0x74, 0x50, 0x75, - 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x15, - 0x0a, 0x06, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x6b, 0x65, 0x79, 0x49, 0x64, 0x22, 0x62, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, - 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4a, 0x0a, - 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x2b, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, - 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, - 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x09, - 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x22, 0x16, 0x0a, 0x14, 0x47, 0x65, 0x74, - 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x22, 0x65, 0x0a, 0x15, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, - 0x79, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4c, 0x0a, 0x0b, 0x70, 0x75, - 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x2b, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, - 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, - 0x76, 0x31, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x0a, 0x70, 0x75, - 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x73, 0x22, 0x8e, 0x03, 0x0a, 0x0f, 0x53, 0x69, 0x67, - 0x6e, 0x44, 0x61, 0x74, 0x61, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x15, 0x0a, 0x06, - 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6b, 0x65, - 0x79, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x12, 0x58, 0x0a, 0x0e, 0x68, 0x61, 0x73, 0x68, 0x5f, - 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, - 0x2f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, - 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, - 0x76, 0x31, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, - 0x48, 0x00, 0x52, 0x0d, 0x68, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, - 0x6d, 0x12, 0x5f, 0x0a, 0x0b, 0x70, 0x73, 0x73, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, - 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x6b, 0x65, 0x79, 0x6d, - 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x44, 0x61, - 0x74, 0x61, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x50, 0x53, 0x53, 0x4f, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x48, 0x00, 0x52, 0x0a, 0x70, 0x73, 0x73, 0x4f, 0x70, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x1a, 0x85, 0x01, 0x0a, 0x0a, 0x50, 0x53, 0x53, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, - 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x61, 0x6c, 0x74, 0x5f, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x73, 0x61, 0x6c, 0x74, 0x4c, 0x65, 0x6e, 0x67, - 0x74, 0x68, 0x12, 0x56, 0x0a, 0x0e, 0x68, 0x61, 0x73, 0x68, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, - 0x69, 0x74, 0x68, 0x6d, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x73, 0x70, 0x69, - 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, - 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x61, - 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x52, 0x0d, 0x68, 0x61, 0x73, - 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x42, 0x0d, 0x0a, 0x0b, 0x73, 0x69, - 0x67, 0x6e, 0x65, 0x72, 0x5f, 0x6f, 0x70, 0x74, 0x73, 0x22, 0x59, 0x0a, 0x10, 0x53, 0x69, 0x67, - 0x6e, 0x44, 0x61, 0x74, 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, - 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, - 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x6b, - 0x65, 0x79, 0x5f, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6b, 0x65, 0x79, 0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, - 0x72, 0x69, 0x6e, 0x74, 0x2a, 0x59, 0x0a, 0x07, 0x4b, 0x65, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, - 0x18, 0x0a, 0x14, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x5f, 0x4b, - 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x43, 0x5f, - 0x50, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x43, 0x5f, 0x50, 0x33, 0x38, - 0x34, 0x10, 0x02, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x10, - 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x53, 0x41, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x10, 0x04, 0x2a, - 0xb7, 0x01, 0x0a, 0x0d, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, - 0x6d, 0x12, 0x1e, 0x0a, 0x1a, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, - 0x5f, 0x48, 0x41, 0x53, 0x48, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x10, - 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x32, 0x32, 0x34, 0x10, 0x04, 0x12, 0x0a, 0x0a, - 0x06, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, - 0x33, 0x38, 0x34, 0x10, 0x06, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, - 0x07, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, 0x32, 0x32, 0x34, 0x10, 0x0a, 0x12, - 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x0b, 0x12, 0x0c, 0x0a, - 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x0c, 0x12, 0x0c, 0x0a, 0x08, 0x53, - 0x48, 0x41, 0x33, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x0d, 0x12, 0x0e, 0x0a, 0x0a, 0x53, 0x48, 0x41, - 0x35, 0x31, 0x32, 0x5f, 0x32, 0x32, 0x34, 0x10, 0x0e, 0x12, 0x0e, 0x0a, 0x0a, 0x53, 0x48, 0x41, - 0x35, 0x31, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x0f, 0x32, 0xfd, 0x03, 0x0a, 0x0a, 0x4b, 0x65, - 0x79, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x12, 0x7a, 0x0a, 0x0b, 0x47, 0x65, 0x6e, 0x65, - 0x72, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x34, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, - 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x6b, 0x65, 0x79, - 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, - 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x35, 0x2e, - 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, - 0x6e, 0x74, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, - 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7d, 0x0a, 0x0c, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, - 0x63, 0x4b, 0x65, 0x79, 0x12, 0x35, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, - 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, - 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, - 0x63, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x36, 0x2e, 0x73, 0x70, - 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, - 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x47, - 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x12, 0x80, 0x01, 0x0a, 0x0d, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, - 0x63, 0x4b, 0x65, 0x79, 0x73, 0x12, 0x36, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, - 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, - 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, - 0x69, 0x63, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x37, 0x2e, - 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, - 0x6e, 0x74, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, - 0x2e, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x71, 0x0a, 0x08, 0x53, 0x69, 0x67, 0x6e, 0x44, 0x61, - 0x74, 0x61, 0x12, 0x31, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, - 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, - 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x44, 0x61, 0x74, 0x61, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x32, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, - 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, - 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x44, 0x61, 0x74, - 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x58, 0x5a, 0x56, 0x67, 0x69, 0x74, - 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, - 0x70, 0x69, 0x72, 0x65, 0x2d, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2d, 0x73, 0x64, 0x6b, 0x2f, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, - 0x69, 0x6e, 0x2f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2f, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, - 0x67, 0x65, 0x72, 0x2f, 0x76, 0x31, 0x3b, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, - 0x72, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +const file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDesc = "" + + "\n" + + "1spire/plugin/agent/keymanager/v1/keymanager.proto\x12 spire.plugin.agent.keymanager.v1\"\x99\x01\n" + + "\tPublicKey\x12\x0e\n" + + "\x02id\x18\x01 \x01(\tR\x02id\x12=\n" + + "\x04type\x18\x02 \x01(\x0e2).spire.plugin.agent.keymanager.v1.KeyTypeR\x04type\x12\x1b\n" + + "\tpkix_data\x18\x03 \x01(\fR\bpkixData\x12 \n" + + "\vfingerprint\x18\x04 \x01(\tR\vfingerprint\"q\n" + + "\x12GenerateKeyRequest\x12\x15\n" + + "\x06key_id\x18\x01 \x01(\tR\x05keyId\x12D\n" + + "\bkey_type\x18\x02 \x01(\x0e2).spire.plugin.agent.keymanager.v1.KeyTypeR\akeyType\"a\n" + + "\x13GenerateKeyResponse\x12J\n" + + "\n" + + "public_key\x18\x01 \x01(\v2+.spire.plugin.agent.keymanager.v1.PublicKeyR\tpublicKey\",\n" + + "\x13GetPublicKeyRequest\x12\x15\n" + + "\x06key_id\x18\x01 \x01(\tR\x05keyId\"b\n" + + "\x14GetPublicKeyResponse\x12J\n" + + "\n" + + "public_key\x18\x01 \x01(\v2+.spire.plugin.agent.keymanager.v1.PublicKeyR\tpublicKey\"\x16\n" + + "\x14GetPublicKeysRequest\"e\n" + + "\x15GetPublicKeysResponse\x12L\n" + + "\vpublic_keys\x18\x01 \x03(\v2+.spire.plugin.agent.keymanager.v1.PublicKeyR\n" + + "publicKeys\"\x8e\x03\n" + + "\x0fSignDataRequest\x12\x15\n" + + "\x06key_id\x18\x01 \x01(\tR\x05keyId\x12\x12\n" + + "\x04data\x18\x02 \x01(\fR\x04data\x12X\n" + + "\x0ehash_algorithm\x18\x03 \x01(\x0e2/.spire.plugin.agent.keymanager.v1.HashAlgorithmH\x00R\rhashAlgorithm\x12_\n" + + "\vpss_options\x18\x04 \x01(\v2<.spire.plugin.agent.keymanager.v1.SignDataRequest.PSSOptionsH\x00R\n" + + "pssOptions\x1a\x85\x01\n" + + "\n" + + "PSSOptions\x12\x1f\n" + + "\vsalt_length\x18\x01 \x01(\x05R\n" + + "saltLength\x12V\n" + + "\x0ehash_algorithm\x18\x02 \x01(\x0e2/.spire.plugin.agent.keymanager.v1.HashAlgorithmR\rhashAlgorithmB\r\n" + + "\vsigner_opts\"Y\n" + + "\x10SignDataResponse\x12\x1c\n" + + "\tsignature\x18\x01 \x01(\fR\tsignature\x12'\n" + + "\x0fkey_fingerprint\x18\x02 \x01(\tR\x0ekeyFingerprint*Y\n" + + "\aKeyType\x12\x18\n" + + "\x14UNSPECIFIED_KEY_TYPE\x10\x00\x12\v\n" + + "\aEC_P256\x10\x01\x12\v\n" + + "\aEC_P384\x10\x02\x12\f\n" + + "\bRSA_2048\x10\x03\x12\f\n" + + "\bRSA_4096\x10\x04*\xb7\x01\n" + + "\rHashAlgorithm\x12\x1e\n" + + "\x1aUNSPECIFIED_HASH_ALGORITHM\x10\x00\x12\n" + + "\n" + + "\x06SHA224\x10\x04\x12\n" + + "\n" + + "\x06SHA256\x10\x05\x12\n" + + "\n" + + "\x06SHA384\x10\x06\x12\n" + + "\n" + + "\x06SHA512\x10\a\x12\f\n" + + "\bSHA3_224\x10\n" + + "\x12\f\n" + + "\bSHA3_256\x10\v\x12\f\n" + + "\bSHA3_384\x10\f\x12\f\n" + + "\bSHA3_512\x10\r\x12\x0e\n" + + "\n" + + "SHA512_224\x10\x0e\x12\x0e\n" + + "\n" + + "SHA512_256\x10\x0f2\xfd\x03\n" + + "\n" + + "KeyManager\x12z\n" + + "\vGenerateKey\x124.spire.plugin.agent.keymanager.v1.GenerateKeyRequest\x1a5.spire.plugin.agent.keymanager.v1.GenerateKeyResponse\x12}\n" + + "\fGetPublicKey\x125.spire.plugin.agent.keymanager.v1.GetPublicKeyRequest\x1a6.spire.plugin.agent.keymanager.v1.GetPublicKeyResponse\x12\x80\x01\n" + + "\rGetPublicKeys\x126.spire.plugin.agent.keymanager.v1.GetPublicKeysRequest\x1a7.spire.plugin.agent.keymanager.v1.GetPublicKeysResponse\x12q\n" + + "\bSignData\x121.spire.plugin.agent.keymanager.v1.SignDataRequest\x1a2.spire.plugin.agent.keymanager.v1.SignDataResponseBXZVgithub.com/spiffe/spire-plugin-sdk/proto/spire/plugin/agent/keymanager/v1;keymanagerv1b\x06proto3" var ( file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDescOnce sync.Once - file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDescData = file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDesc + file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDescData []byte ) func file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDescGZIP() []byte { file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDescOnce.Do(func() { - file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDescData) + file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDesc), len(file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDesc))) }) return file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDescData } var file_spire_plugin_agent_keymanager_v1_keymanager_proto_enumTypes = make([]protoimpl.EnumInfo, 2) var file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes = make([]protoimpl.MessageInfo, 10) -var file_spire_plugin_agent_keymanager_v1_keymanager_proto_goTypes = []interface{}{ +var file_spire_plugin_agent_keymanager_v1_keymanager_proto_goTypes = []any{ (KeyType)(0), // 0: spire.plugin.agent.keymanager.v1.KeyType (HashAlgorithm)(0), // 1: spire.plugin.agent.keymanager.v1.HashAlgorithm (*PublicKey)(nil), // 2: spire.plugin.agent.keymanager.v1.PublicKey @@ -940,129 +852,7 @@ func file_spire_plugin_agent_keymanager_v1_keymanager_proto_init() { if File_spire_plugin_agent_keymanager_v1_keymanager_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PublicKey); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GenerateKeyRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GenerateKeyResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GetPublicKeyRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GetPublicKeyResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GetPublicKeysRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GetPublicKeysResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignDataRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignDataResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignDataRequest_PSSOptions); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[7].OneofWrappers = []interface{}{ + file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes[7].OneofWrappers = []any{ (*SignDataRequest_HashAlgorithm)(nil), (*SignDataRequest_PssOptions)(nil), } @@ -1070,7 +860,7 @@ func file_spire_plugin_agent_keymanager_v1_keymanager_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDesc), len(file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDesc)), NumEnums: 2, NumMessages: 10, NumExtensions: 0, @@ -1082,7 +872,6 @@ func file_spire_plugin_agent_keymanager_v1_keymanager_proto_init() { MessageInfos: file_spire_plugin_agent_keymanager_v1_keymanager_proto_msgTypes, }.Build() File_spire_plugin_agent_keymanager_v1_keymanager_proto = out.File - file_spire_plugin_agent_keymanager_v1_keymanager_proto_rawDesc = nil file_spire_plugin_agent_keymanager_v1_keymanager_proto_goTypes = nil file_spire_plugin_agent_keymanager_v1_keymanager_proto_depIdxs = nil } diff --git a/proto/spire/plugin/agent/keymanager/v1/keymanager_grpc.pb.go b/proto/spire/plugin/agent/keymanager/v1/keymanager_grpc.pb.go index 79e19a9..a7fa03d 100644 --- a/proto/spire/plugin/agent/keymanager/v1/keymanager_grpc.pb.go +++ b/proto/spire/plugin/agent/keymanager/v1/keymanager_grpc.pb.go @@ -1,4 +1,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: spire/plugin/agent/keymanager/v1/keymanager.proto package keymanagerv1 @@ -11,8 +15,15 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + KeyManager_GenerateKey_FullMethodName = "/spire.plugin.agent.keymanager.v1.KeyManager/GenerateKey" + KeyManager_GetPublicKey_FullMethodName = "/spire.plugin.agent.keymanager.v1.KeyManager/GetPublicKey" + KeyManager_GetPublicKeys_FullMethodName = "/spire.plugin.agent.keymanager.v1.KeyManager/GetPublicKeys" + KeyManager_SignData_FullMethodName = "/spire.plugin.agent.keymanager.v1.KeyManager/SignData" +) // KeyManagerClient is the client API for KeyManager service. // @@ -46,8 +57,9 @@ func NewKeyManagerClient(cc grpc.ClientConnInterface) KeyManagerClient { } func (c *keyManagerClient) GenerateKey(ctx context.Context, in *GenerateKeyRequest, opts ...grpc.CallOption) (*GenerateKeyResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(GenerateKeyResponse) - err := c.cc.Invoke(ctx, "/spire.plugin.agent.keymanager.v1.KeyManager/GenerateKey", in, out, opts...) + err := c.cc.Invoke(ctx, KeyManager_GenerateKey_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -55,8 +67,9 @@ func (c *keyManagerClient) GenerateKey(ctx context.Context, in *GenerateKeyReque } func (c *keyManagerClient) GetPublicKey(ctx context.Context, in *GetPublicKeyRequest, opts ...grpc.CallOption) (*GetPublicKeyResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(GetPublicKeyResponse) - err := c.cc.Invoke(ctx, "/spire.plugin.agent.keymanager.v1.KeyManager/GetPublicKey", in, out, opts...) + err := c.cc.Invoke(ctx, KeyManager_GetPublicKey_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -64,8 +77,9 @@ func (c *keyManagerClient) GetPublicKey(ctx context.Context, in *GetPublicKeyReq } func (c *keyManagerClient) GetPublicKeys(ctx context.Context, in *GetPublicKeysRequest, opts ...grpc.CallOption) (*GetPublicKeysResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(GetPublicKeysResponse) - err := c.cc.Invoke(ctx, "/spire.plugin.agent.keymanager.v1.KeyManager/GetPublicKeys", in, out, opts...) + err := c.cc.Invoke(ctx, KeyManager_GetPublicKeys_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -73,8 +87,9 @@ func (c *keyManagerClient) GetPublicKeys(ctx context.Context, in *GetPublicKeysR } func (c *keyManagerClient) SignData(ctx context.Context, in *SignDataRequest, opts ...grpc.CallOption) (*SignDataResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(SignDataResponse) - err := c.cc.Invoke(ctx, "/spire.plugin.agent.keymanager.v1.KeyManager/SignData", in, out, opts...) + err := c.cc.Invoke(ctx, KeyManager_SignData_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -83,7 +98,7 @@ func (c *keyManagerClient) SignData(ctx context.Context, in *SignDataRequest, op // KeyManagerServer is the server API for KeyManager service. // All implementations must embed UnimplementedKeyManagerServer -// for forward compatibility +// for forward compatibility. type KeyManagerServer interface { // Generates a new private key with the given ID. If a key already exists // under that ID, it is overwritten and given a different fingerprint. See @@ -105,9 +120,12 @@ type KeyManagerServer interface { mustEmbedUnimplementedKeyManagerServer() } -// UnimplementedKeyManagerServer must be embedded to have forward compatible implementations. -type UnimplementedKeyManagerServer struct { -} +// UnimplementedKeyManagerServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedKeyManagerServer struct{} func (UnimplementedKeyManagerServer) GenerateKey(context.Context, *GenerateKeyRequest) (*GenerateKeyResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method GenerateKey not implemented") @@ -122,6 +140,7 @@ func (UnimplementedKeyManagerServer) SignData(context.Context, *SignDataRequest) return nil, status.Errorf(codes.Unimplemented, "method SignData not implemented") } func (UnimplementedKeyManagerServer) mustEmbedUnimplementedKeyManagerServer() {} +func (UnimplementedKeyManagerServer) testEmbeddedByValue() {} // UnsafeKeyManagerServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to KeyManagerServer will @@ -131,6 +150,13 @@ type UnsafeKeyManagerServer interface { } func RegisterKeyManagerServer(s grpc.ServiceRegistrar, srv KeyManagerServer) { + // If the following call pancis, it indicates UnimplementedKeyManagerServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&KeyManager_ServiceDesc, srv) } @@ -144,7 +170,7 @@ func _KeyManager_GenerateKey_Handler(srv interface{}, ctx context.Context, dec f } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.plugin.agent.keymanager.v1.KeyManager/GenerateKey", + FullMethod: KeyManager_GenerateKey_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(KeyManagerServer).GenerateKey(ctx, req.(*GenerateKeyRequest)) @@ -162,7 +188,7 @@ func _KeyManager_GetPublicKey_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.plugin.agent.keymanager.v1.KeyManager/GetPublicKey", + FullMethod: KeyManager_GetPublicKey_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(KeyManagerServer).GetPublicKey(ctx, req.(*GetPublicKeyRequest)) @@ -180,7 +206,7 @@ func _KeyManager_GetPublicKeys_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.plugin.agent.keymanager.v1.KeyManager/GetPublicKeys", + FullMethod: KeyManager_GetPublicKeys_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(KeyManagerServer).GetPublicKeys(ctx, req.(*GetPublicKeysRequest)) @@ -198,7 +224,7 @@ func _KeyManager_SignData_Handler(srv interface{}, ctx context.Context, dec func } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.plugin.agent.keymanager.v1.KeyManager/SignData", + FullMethod: KeyManager_SignData_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(KeyManagerServer).SignData(ctx, req.(*SignDataRequest)) diff --git a/proto/spire/plugin/agent/nodeattestor/v1/nodeattestor.pb.go b/proto/spire/plugin/agent/nodeattestor/v1/nodeattestor.pb.go index 184e91f..454544c 100644 --- a/proto/spire/plugin/agent/nodeattestor/v1/nodeattestor.pb.go +++ b/proto/spire/plugin/agent/nodeattestor/v1/nodeattestor.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: spire/plugin/agent/nodeattestor/v1/nodeattestor.proto package nodeattestorv1 @@ -11,6 +11,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -21,22 +22,19 @@ const ( ) type Challenge struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The challenge issued by SPIRE Server. See the AidAttestation // RPC for details. - Challenge []byte `protobuf:"bytes,1,opt,name=challenge,proto3" json:"challenge,omitempty"` + Challenge []byte `protobuf:"bytes,1,opt,name=challenge,proto3" json:"challenge,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *Challenge) Reset() { *x = Challenge{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Challenge) String() string { @@ -47,7 +45,7 @@ func (*Challenge) ProtoMessage() {} func (x *Challenge) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -70,23 +68,21 @@ func (x *Challenge) GetChallenge() []byte { } type PayloadOrChallengeResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Types that are assignable to Data: + state protoimpl.MessageState `protogen:"open.v1"` + // Types that are valid to be assigned to Data: + // // *PayloadOrChallengeResponse_Payload // *PayloadOrChallengeResponse_ChallengeResponse - Data isPayloadOrChallengeResponse_Data `protobuf_oneof:"data"` + Data isPayloadOrChallengeResponse_Data `protobuf_oneof:"data"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *PayloadOrChallengeResponse) Reset() { *x = PayloadOrChallengeResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *PayloadOrChallengeResponse) String() string { @@ -97,7 +93,7 @@ func (*PayloadOrChallengeResponse) ProtoMessage() {} func (x *PayloadOrChallengeResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -112,23 +108,27 @@ func (*PayloadOrChallengeResponse) Descriptor() ([]byte, []int) { return file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDescGZIP(), []int{1} } -func (m *PayloadOrChallengeResponse) GetData() isPayloadOrChallengeResponse_Data { - if m != nil { - return m.Data +func (x *PayloadOrChallengeResponse) GetData() isPayloadOrChallengeResponse_Data { + if x != nil { + return x.Data } return nil } func (x *PayloadOrChallengeResponse) GetPayload() []byte { - if x, ok := x.GetData().(*PayloadOrChallengeResponse_Payload); ok { - return x.Payload + if x != nil { + if x, ok := x.Data.(*PayloadOrChallengeResponse_Payload); ok { + return x.Payload + } } return nil } func (x *PayloadOrChallengeResponse) GetChallengeResponse() []byte { - if x, ok := x.GetData().(*PayloadOrChallengeResponse_ChallengeResponse); ok { - return x.ChallengeResponse + if x != nil { + if x, ok := x.Data.(*PayloadOrChallengeResponse_ChallengeResponse); ok { + return x.ChallengeResponse + } } return nil } @@ -157,55 +157,32 @@ func (*PayloadOrChallengeResponse_ChallengeResponse) isPayloadOrChallengeRespons var File_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto protoreflect.FileDescriptor -var file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDesc = []byte{ - 0x0a, 0x35, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x61, - 0x67, 0x65, 0x6e, 0x74, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x6f, - 0x72, 0x2f, 0x76, 0x31, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x6f, - 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x22, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, - 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x6e, 0x6f, 0x64, 0x65, - 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x22, 0x29, 0x0a, 0x09, 0x43, - 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x63, 0x68, 0x61, 0x6c, - 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x63, 0x68, 0x61, - 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x22, 0x71, 0x0a, 0x1a, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, - 0x64, 0x4f, 0x72, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, - 0x12, 0x2f, 0x0a, 0x12, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x5f, 0x72, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x11, - 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x42, 0x06, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x32, 0x94, 0x01, 0x0a, 0x0c, 0x4e, 0x6f, - 0x64, 0x65, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x12, 0x83, 0x01, 0x0a, 0x0e, 0x41, - 0x69, 0x64, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2d, 0x2e, - 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, - 0x6e, 0x74, 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x2e, - 0x76, 0x31, 0x2e, 0x43, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x1a, 0x3e, 0x2e, 0x73, - 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, - 0x74, 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x2e, 0x76, - 0x31, 0x2e, 0x50, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x4f, 0x72, 0x43, 0x68, 0x61, 0x6c, 0x6c, - 0x65, 0x6e, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x28, 0x01, 0x30, 0x01, - 0x42, 0x5c, 0x5a, 0x5a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, - 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x70, 0x6c, 0x75, 0x67, - 0x69, 0x6e, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, - 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2f, - 0x6e, 0x6f, 0x64, 0x65, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x2f, 0x76, 0x31, 0x3b, - 0x6e, 0x6f, 0x64, 0x65, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x76, 0x31, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +const file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDesc = "" + + "\n" + + "5spire/plugin/agent/nodeattestor/v1/nodeattestor.proto\x12\"spire.plugin.agent.nodeattestor.v1\")\n" + + "\tChallenge\x12\x1c\n" + + "\tchallenge\x18\x01 \x01(\fR\tchallenge\"q\n" + + "\x1aPayloadOrChallengeResponse\x12\x1a\n" + + "\apayload\x18\x01 \x01(\fH\x00R\apayload\x12/\n" + + "\x12challenge_response\x18\x02 \x01(\fH\x00R\x11challengeResponseB\x06\n" + + "\x04data2\x94\x01\n" + + "\fNodeAttestor\x12\x83\x01\n" + + "\x0eAidAttestation\x12-.spire.plugin.agent.nodeattestor.v1.Challenge\x1a>.spire.plugin.agent.nodeattestor.v1.PayloadOrChallengeResponse(\x010\x01B\\ZZgithub.com/spiffe/spire-plugin-sdk/proto/spire/plugin/agent/nodeattestor/v1;nodeattestorv1b\x06proto3" var ( file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDescOnce sync.Once - file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDescData = file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDesc + file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDescData []byte ) func file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDescGZIP() []byte { file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDescOnce.Do(func() { - file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDescData) + file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDesc), len(file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDesc))) }) return file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDescData } var file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_goTypes = []interface{}{ +var file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_goTypes = []any{ (*Challenge)(nil), // 0: spire.plugin.agent.nodeattestor.v1.Challenge (*PayloadOrChallengeResponse)(nil), // 1: spire.plugin.agent.nodeattestor.v1.PayloadOrChallengeResponse } @@ -224,33 +201,7 @@ func file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_init() { if File_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Challenge); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PayloadOrChallengeResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_msgTypes[1].OneofWrappers = []interface{}{ + file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_msgTypes[1].OneofWrappers = []any{ (*PayloadOrChallengeResponse_Payload)(nil), (*PayloadOrChallengeResponse_ChallengeResponse)(nil), } @@ -258,7 +209,7 @@ func file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDesc), len(file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDesc)), NumEnums: 0, NumMessages: 2, NumExtensions: 0, @@ -269,7 +220,6 @@ func file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_init() { MessageInfos: file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_msgTypes, }.Build() File_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto = out.File - file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_rawDesc = nil file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_goTypes = nil file_spire_plugin_agent_nodeattestor_v1_nodeattestor_proto_depIdxs = nil } diff --git a/proto/spire/plugin/agent/nodeattestor/v1/nodeattestor_grpc.pb.go b/proto/spire/plugin/agent/nodeattestor/v1/nodeattestor_grpc.pb.go index f96c331..69887ae 100644 --- a/proto/spire/plugin/agent/nodeattestor/v1/nodeattestor_grpc.pb.go +++ b/proto/spire/plugin/agent/nodeattestor/v1/nodeattestor_grpc.pb.go @@ -1,4 +1,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: spire/plugin/agent/nodeattestor/v1/nodeattestor.proto package nodeattestorv1 @@ -11,8 +15,12 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + NodeAttestor_AidAttestation_FullMethodName = "/spire.plugin.agent.nodeattestor.v1.NodeAttestor/AidAttestation" +) // NodeAttestorClient is the client API for NodeAttestor service. // @@ -22,16 +30,16 @@ type NodeAttestorClient interface { // payload and participating in attestation challenge/response. // // The attestation flow is as follows: - // 1. SPIRE Agent opens up a stream to the plugin via FetchAttestationData. - // 2. The plugin returns a response with the payload. - // 3. SPIRE Agent sends the payload to SPIRE Server. - // 4. Optionally, SPIRE Server responds with a challenge: - // 4a. SPIRE Agent sends the challenge to the plugin. - // 4b. The plugin responds with the challenge response. - // 4c. SPIRE Agent sends the challenge response to SPIRE Server. - // 4d. Step 4 is repeated until SPIRE Server is satisfied and does not - // respond with an additional challenge. - // 5. SPIRE Agent closes the stream. + // 1. SPIRE Agent opens up a stream to the plugin via FetchAttestationData. + // 2. The plugin returns a response with the payload. + // 3. SPIRE Agent sends the payload to SPIRE Server. + // 4. Optionally, SPIRE Server responds with a challenge: + // 4a. SPIRE Agent sends the challenge to the plugin. + // 4b. The plugin responds with the challenge response. + // 4c. SPIRE Agent sends the challenge response to SPIRE Server. + // 4d. Step 4 is repeated until SPIRE Server is satisfied and does not + // respond with an additional challenge. + // 5. SPIRE Agent closes the stream. // // Note that SPIRE Agent does NOT send a request down the stream unless it // needs to issue the challenge returned by SPIRE Server (step 4a). @@ -39,7 +47,7 @@ type NodeAttestorClient interface { // Plugins that do not need challenge/response as part of the attestation // process may close the stream as soon as they send the attestation // payload (step 2). - AidAttestation(ctx context.Context, opts ...grpc.CallOption) (NodeAttestor_AidAttestationClient, error) + AidAttestation(ctx context.Context, opts ...grpc.CallOption) (grpc.BidiStreamingClient[Challenge, PayloadOrChallengeResponse], error) } type nodeAttestorClient struct { @@ -50,55 +58,37 @@ func NewNodeAttestorClient(cc grpc.ClientConnInterface) NodeAttestorClient { return &nodeAttestorClient{cc} } -func (c *nodeAttestorClient) AidAttestation(ctx context.Context, opts ...grpc.CallOption) (NodeAttestor_AidAttestationClient, error) { - stream, err := c.cc.NewStream(ctx, &NodeAttestor_ServiceDesc.Streams[0], "/spire.plugin.agent.nodeattestor.v1.NodeAttestor/AidAttestation", opts...) +func (c *nodeAttestorClient) AidAttestation(ctx context.Context, opts ...grpc.CallOption) (grpc.BidiStreamingClient[Challenge, PayloadOrChallengeResponse], error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + stream, err := c.cc.NewStream(ctx, &NodeAttestor_ServiceDesc.Streams[0], NodeAttestor_AidAttestation_FullMethodName, cOpts...) if err != nil { return nil, err } - x := &nodeAttestorAidAttestationClient{stream} + x := &grpc.GenericClientStream[Challenge, PayloadOrChallengeResponse]{ClientStream: stream} return x, nil } -type NodeAttestor_AidAttestationClient interface { - Send(*Challenge) error - Recv() (*PayloadOrChallengeResponse, error) - grpc.ClientStream -} - -type nodeAttestorAidAttestationClient struct { - grpc.ClientStream -} - -func (x *nodeAttestorAidAttestationClient) Send(m *Challenge) error { - return x.ClientStream.SendMsg(m) -} - -func (x *nodeAttestorAidAttestationClient) Recv() (*PayloadOrChallengeResponse, error) { - m := new(PayloadOrChallengeResponse) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type NodeAttestor_AidAttestationClient = grpc.BidiStreamingClient[Challenge, PayloadOrChallengeResponse] // NodeAttestorServer is the server API for NodeAttestor service. // All implementations must embed UnimplementedNodeAttestorServer -// for forward compatibility +// for forward compatibility. type NodeAttestorServer interface { // AidAttestation facilitates attestation by returning the attestation // payload and participating in attestation challenge/response. // // The attestation flow is as follows: - // 1. SPIRE Agent opens up a stream to the plugin via FetchAttestationData. - // 2. The plugin returns a response with the payload. - // 3. SPIRE Agent sends the payload to SPIRE Server. - // 4. Optionally, SPIRE Server responds with a challenge: - // 4a. SPIRE Agent sends the challenge to the plugin. - // 4b. The plugin responds with the challenge response. - // 4c. SPIRE Agent sends the challenge response to SPIRE Server. - // 4d. Step 4 is repeated until SPIRE Server is satisfied and does not - // respond with an additional challenge. - // 5. SPIRE Agent closes the stream. + // 1. SPIRE Agent opens up a stream to the plugin via FetchAttestationData. + // 2. The plugin returns a response with the payload. + // 3. SPIRE Agent sends the payload to SPIRE Server. + // 4. Optionally, SPIRE Server responds with a challenge: + // 4a. SPIRE Agent sends the challenge to the plugin. + // 4b. The plugin responds with the challenge response. + // 4c. SPIRE Agent sends the challenge response to SPIRE Server. + // 4d. Step 4 is repeated until SPIRE Server is satisfied and does not + // respond with an additional challenge. + // 5. SPIRE Agent closes the stream. // // Note that SPIRE Agent does NOT send a request down the stream unless it // needs to issue the challenge returned by SPIRE Server (step 4a). @@ -106,18 +96,22 @@ type NodeAttestorServer interface { // Plugins that do not need challenge/response as part of the attestation // process may close the stream as soon as they send the attestation // payload (step 2). - AidAttestation(NodeAttestor_AidAttestationServer) error + AidAttestation(grpc.BidiStreamingServer[Challenge, PayloadOrChallengeResponse]) error mustEmbedUnimplementedNodeAttestorServer() } -// UnimplementedNodeAttestorServer must be embedded to have forward compatible implementations. -type UnimplementedNodeAttestorServer struct { -} +// UnimplementedNodeAttestorServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedNodeAttestorServer struct{} -func (UnimplementedNodeAttestorServer) AidAttestation(NodeAttestor_AidAttestationServer) error { +func (UnimplementedNodeAttestorServer) AidAttestation(grpc.BidiStreamingServer[Challenge, PayloadOrChallengeResponse]) error { return status.Errorf(codes.Unimplemented, "method AidAttestation not implemented") } func (UnimplementedNodeAttestorServer) mustEmbedUnimplementedNodeAttestorServer() {} +func (UnimplementedNodeAttestorServer) testEmbeddedByValue() {} // UnsafeNodeAttestorServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to NodeAttestorServer will @@ -127,34 +121,22 @@ type UnsafeNodeAttestorServer interface { } func RegisterNodeAttestorServer(s grpc.ServiceRegistrar, srv NodeAttestorServer) { + // If the following call pancis, it indicates UnimplementedNodeAttestorServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&NodeAttestor_ServiceDesc, srv) } func _NodeAttestor_AidAttestation_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(NodeAttestorServer).AidAttestation(&nodeAttestorAidAttestationServer{stream}) -} - -type NodeAttestor_AidAttestationServer interface { - Send(*PayloadOrChallengeResponse) error - Recv() (*Challenge, error) - grpc.ServerStream -} - -type nodeAttestorAidAttestationServer struct { - grpc.ServerStream + return srv.(NodeAttestorServer).AidAttestation(&grpc.GenericServerStream[Challenge, PayloadOrChallengeResponse]{ServerStream: stream}) } -func (x *nodeAttestorAidAttestationServer) Send(m *PayloadOrChallengeResponse) error { - return x.ServerStream.SendMsg(m) -} - -func (x *nodeAttestorAidAttestationServer) Recv() (*Challenge, error) { - m := new(Challenge) - if err := x.ServerStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type NodeAttestor_AidAttestationServer = grpc.BidiStreamingServer[Challenge, PayloadOrChallengeResponse] // NodeAttestor_ServiceDesc is the grpc.ServiceDesc for NodeAttestor service. // It's only intended for direct use with grpc.RegisterService, diff --git a/proto/spire/plugin/agent/svidstore/v1/svidstore.pb.go b/proto/spire/plugin/agent/svidstore/v1/svidstore.pb.go index b829b41..212ee28 100644 --- a/proto/spire/plugin/agent/svidstore/v1/svidstore.pb.go +++ b/proto/spire/plugin/agent/svidstore/v1/svidstore.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: spire/plugin/agent/svidstore/v1/svidstore.proto package svidstorev1 @@ -11,6 +11,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -21,25 +22,22 @@ const ( ) type PutX509SVIDRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // X509-SVID to be stored Svid *X509SVID `protobuf:"bytes,1,opt,name=svid,proto3" json:"svid,omitempty"` // Relevant information to store on specific platform Metadata []string `protobuf:"bytes,2,rep,name=metadata,proto3" json:"metadata,omitempty"` // Federated bundles to store - FederatedBundles map[string][]byte `protobuf:"bytes,3,rep,name=federated_bundles,json=federatedBundles,proto3" json:"federated_bundles,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + FederatedBundles map[string][]byte `protobuf:"bytes,3,rep,name=federated_bundles,json=federatedBundles,proto3" json:"federated_bundles,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *PutX509SVIDRequest) Reset() { *x = PutX509SVIDRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *PutX509SVIDRequest) String() string { @@ -50,7 +48,7 @@ func (*PutX509SVIDRequest) ProtoMessage() {} func (x *PutX509SVIDRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -87,18 +85,16 @@ func (x *PutX509SVIDRequest) GetFederatedBundles() map[string][]byte { } type PutX509SVIDResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *PutX509SVIDResponse) Reset() { *x = PutX509SVIDResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *PutX509SVIDResponse) String() string { @@ -109,7 +105,7 @@ func (*PutX509SVIDResponse) ProtoMessage() {} func (x *PutX509SVIDResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -125,21 +121,18 @@ func (*PutX509SVIDResponse) Descriptor() ([]byte, []int) { } type DeleteX509SVIDRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Relevant information to delete on specific platform - Metadata []string `protobuf:"bytes,1,rep,name=metadata,proto3" json:"metadata,omitempty"` + Metadata []string `protobuf:"bytes,1,rep,name=metadata,proto3" json:"metadata,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *DeleteX509SVIDRequest) Reset() { *x = DeleteX509SVIDRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *DeleteX509SVIDRequest) String() string { @@ -150,7 +143,7 @@ func (*DeleteX509SVIDRequest) ProtoMessage() {} func (x *DeleteX509SVIDRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -173,18 +166,16 @@ func (x *DeleteX509SVIDRequest) GetMetadata() []string { } type DeleteX509SVIDResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *DeleteX509SVIDResponse) Reset() { *x = DeleteX509SVIDResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *DeleteX509SVIDResponse) String() string { @@ -195,7 +186,7 @@ func (*DeleteX509SVIDResponse) ProtoMessage() {} func (x *DeleteX509SVIDResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -211,10 +202,7 @@ func (*DeleteX509SVIDResponse) Descriptor() ([]byte, []int) { } type X509SVID struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // SPIFFE ID of the SVID. SpiffeID string `protobuf:"bytes,1,opt,name=spiffeID,proto3" json:"spiffeID,omitempty"` // Certificate and intermediates (ASN.1 DER encoded) @@ -224,16 +212,16 @@ type X509SVID struct { // Bundle certificates (ASN.1 DER encoded) Bundle [][]byte `protobuf:"bytes,4,rep,name=bundle,proto3" json:"bundle,omitempty"` // Expiration timestamp (seconds since Unix epoch). - ExpiresAt int64 `protobuf:"varint,5,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` + ExpiresAt int64 `protobuf:"varint,5,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *X509SVID) Reset() { *x = X509SVID{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *X509SVID) String() string { @@ -244,7 +232,7 @@ func (*X509SVID) ProtoMessage() {} func (x *X509SVID) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -296,87 +284,47 @@ func (x *X509SVID) GetExpiresAt() int64 { var File_spire_plugin_agent_svidstore_v1_svidstore_proto protoreflect.FileDescriptor -var file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDesc = []byte{ - 0x0a, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x61, - 0x67, 0x65, 0x6e, 0x74, 0x2f, 0x73, 0x76, 0x69, 0x64, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x76, - 0x31, 0x2f, 0x73, 0x76, 0x69, 0x64, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x12, 0x1f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, - 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x73, 0x76, 0x69, 0x64, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, - 0x76, 0x31, 0x22, 0xac, 0x02, 0x0a, 0x12, 0x50, 0x75, 0x74, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, - 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3d, 0x0a, 0x04, 0x73, 0x76, 0x69, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, - 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x73, 0x76, 0x69, - 0x64, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, - 0x49, 0x44, 0x52, 0x04, 0x73, 0x76, 0x69, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, - 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, - 0x64, 0x61, 0x74, 0x61, 0x12, 0x76, 0x0a, 0x11, 0x66, 0x65, 0x64, 0x65, 0x72, 0x61, 0x74, 0x65, - 0x64, 0x5f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x49, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, - 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x73, 0x76, 0x69, 0x64, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x76, - 0x31, 0x2e, 0x50, 0x75, 0x74, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x2e, 0x46, 0x65, 0x64, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x42, 0x75, - 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x10, 0x66, 0x65, 0x64, 0x65, - 0x72, 0x61, 0x74, 0x65, 0x64, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, 0x1a, 0x43, 0x0a, 0x15, - 0x46, 0x65, 0x64, 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, - 0x01, 0x22, 0x15, 0x0a, 0x13, 0x50, 0x75, 0x74, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x33, 0x0a, 0x15, 0x44, 0x65, 0x6c, 0x65, - 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0x18, 0x0a, - 0x16, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x9d, 0x01, 0x0a, 0x08, 0x58, 0x35, 0x30, 0x39, - 0x53, 0x56, 0x49, 0x44, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49, 0x44, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49, 0x44, - 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x02, - 0x20, 0x03, 0x28, 0x0c, 0x52, 0x09, 0x63, 0x65, 0x72, 0x74, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x12, - 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, - 0x12, 0x16, 0x0a, 0x06, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0c, - 0x52, 0x06, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x65, 0x78, 0x70, 0x69, - 0x72, 0x65, 0x73, 0x5f, 0x61, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x65, 0x78, - 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x74, 0x32, 0x89, 0x02, 0x0a, 0x09, 0x53, 0x56, 0x49, 0x44, - 0x53, 0x74, 0x6f, 0x72, 0x65, 0x12, 0x78, 0x0a, 0x0b, 0x50, 0x75, 0x74, 0x58, 0x35, 0x30, 0x39, - 0x53, 0x56, 0x49, 0x44, 0x12, 0x33, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, - 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x73, 0x76, 0x69, 0x64, 0x73, 0x74, - 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x74, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, - 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x34, 0x2e, 0x73, 0x70, 0x69, 0x72, - 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x73, - 0x76, 0x69, 0x64, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x74, 0x58, - 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, - 0x81, 0x01, 0x0a, 0x0e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, - 0x49, 0x44, 0x12, 0x36, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, - 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x73, 0x76, 0x69, 0x64, 0x73, 0x74, 0x6f, 0x72, - 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x53, - 0x56, 0x49, 0x44, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x37, 0x2e, 0x73, 0x70, 0x69, - 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, - 0x73, 0x76, 0x69, 0x64, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, - 0x65, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x53, 0x56, 0x49, 0x44, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x42, 0x56, 0x5a, 0x54, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x70, - 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, - 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x61, 0x67, 0x65, - 0x6e, 0x74, 0x2f, 0x73, 0x76, 0x69, 0x64, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2f, 0x76, 0x31, 0x3b, - 0x73, 0x76, 0x69, 0x64, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, -} +const file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDesc = "" + + "\n" + + "/spire/plugin/agent/svidstore/v1/svidstore.proto\x12\x1fspire.plugin.agent.svidstore.v1\"\xac\x02\n" + + "\x12PutX509SVIDRequest\x12=\n" + + "\x04svid\x18\x01 \x01(\v2).spire.plugin.agent.svidstore.v1.X509SVIDR\x04svid\x12\x1a\n" + + "\bmetadata\x18\x02 \x03(\tR\bmetadata\x12v\n" + + "\x11federated_bundles\x18\x03 \x03(\v2I.spire.plugin.agent.svidstore.v1.PutX509SVIDRequest.FederatedBundlesEntryR\x10federatedBundles\x1aC\n" + + "\x15FederatedBundlesEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\fR\x05value:\x028\x01\"\x15\n" + + "\x13PutX509SVIDResponse\"3\n" + + "\x15DeleteX509SVIDRequest\x12\x1a\n" + + "\bmetadata\x18\x01 \x03(\tR\bmetadata\"\x18\n" + + "\x16DeleteX509SVIDResponse\"\x9d\x01\n" + + "\bX509SVID\x12\x1a\n" + + "\bspiffeID\x18\x01 \x01(\tR\bspiffeID\x12\x1d\n" + + "\n" + + "cert_chain\x18\x02 \x03(\fR\tcertChain\x12\x1f\n" + + "\vprivate_key\x18\x03 \x01(\fR\n" + + "privateKey\x12\x16\n" + + "\x06bundle\x18\x04 \x03(\fR\x06bundle\x12\x1d\n" + + "\n" + + "expires_at\x18\x05 \x01(\x03R\texpiresAt2\x89\x02\n" + + "\tSVIDStore\x12x\n" + + "\vPutX509SVID\x123.spire.plugin.agent.svidstore.v1.PutX509SVIDRequest\x1a4.spire.plugin.agent.svidstore.v1.PutX509SVIDResponse\x12\x81\x01\n" + + "\x0eDeleteX509SVID\x126.spire.plugin.agent.svidstore.v1.DeleteX509SVIDRequest\x1a7.spire.plugin.agent.svidstore.v1.DeleteX509SVIDResponseBVZTgithub.com/spiffe/spire-plugin-sdk/proto/spire/plugin/agent/svidstore/v1;svidstorev1b\x06proto3" var ( file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDescOnce sync.Once - file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDescData = file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDesc + file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDescData []byte ) func file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDescGZIP() []byte { file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDescOnce.Do(func() { - file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDescData) + file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDesc), len(file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDesc))) }) return file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDescData } var file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes = make([]protoimpl.MessageInfo, 6) -var file_spire_plugin_agent_svidstore_v1_svidstore_proto_goTypes = []interface{}{ +var file_spire_plugin_agent_svidstore_v1_svidstore_proto_goTypes = []any{ (*PutX509SVIDRequest)(nil), // 0: spire.plugin.agent.svidstore.v1.PutX509SVIDRequest (*PutX509SVIDResponse)(nil), // 1: spire.plugin.agent.svidstore.v1.PutX509SVIDResponse (*DeleteX509SVIDRequest)(nil), // 2: spire.plugin.agent.svidstore.v1.DeleteX509SVIDRequest @@ -403,73 +351,11 @@ func file_spire_plugin_agent_svidstore_v1_svidstore_proto_init() { if File_spire_plugin_agent_svidstore_v1_svidstore_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PutX509SVIDRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PutX509SVIDResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DeleteX509SVIDRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DeleteX509SVIDResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*X509SVID); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDesc), len(file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDesc)), NumEnums: 0, NumMessages: 6, NumExtensions: 0, @@ -480,7 +366,6 @@ func file_spire_plugin_agent_svidstore_v1_svidstore_proto_init() { MessageInfos: file_spire_plugin_agent_svidstore_v1_svidstore_proto_msgTypes, }.Build() File_spire_plugin_agent_svidstore_v1_svidstore_proto = out.File - file_spire_plugin_agent_svidstore_v1_svidstore_proto_rawDesc = nil file_spire_plugin_agent_svidstore_v1_svidstore_proto_goTypes = nil file_spire_plugin_agent_svidstore_v1_svidstore_proto_depIdxs = nil } diff --git a/proto/spire/plugin/agent/svidstore/v1/svidstore_grpc.pb.go b/proto/spire/plugin/agent/svidstore/v1/svidstore_grpc.pb.go index c5a4aa2..0b4d649 100644 --- a/proto/spire/plugin/agent/svidstore/v1/svidstore_grpc.pb.go +++ b/proto/spire/plugin/agent/svidstore/v1/svidstore_grpc.pb.go @@ -1,4 +1,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: spire/plugin/agent/svidstore/v1/svidstore.proto package svidstorev1 @@ -11,8 +15,13 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + SVIDStore_PutX509SVID_FullMethodName = "/spire.plugin.agent.svidstore.v1.SVIDStore/PutX509SVID" + SVIDStore_DeleteX509SVID_FullMethodName = "/spire.plugin.agent.svidstore.v1.SVIDStore/DeleteX509SVID" +) // SVIDStoreClient is the client API for SVIDStore service. // @@ -33,8 +42,9 @@ func NewSVIDStoreClient(cc grpc.ClientConnInterface) SVIDStoreClient { } func (c *sVIDStoreClient) PutX509SVID(ctx context.Context, in *PutX509SVIDRequest, opts ...grpc.CallOption) (*PutX509SVIDResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(PutX509SVIDResponse) - err := c.cc.Invoke(ctx, "/spire.plugin.agent.svidstore.v1.SVIDStore/PutX509SVID", in, out, opts...) + err := c.cc.Invoke(ctx, SVIDStore_PutX509SVID_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -42,8 +52,9 @@ func (c *sVIDStoreClient) PutX509SVID(ctx context.Context, in *PutX509SVIDReques } func (c *sVIDStoreClient) DeleteX509SVID(ctx context.Context, in *DeleteX509SVIDRequest, opts ...grpc.CallOption) (*DeleteX509SVIDResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(DeleteX509SVIDResponse) - err := c.cc.Invoke(ctx, "/spire.plugin.agent.svidstore.v1.SVIDStore/DeleteX509SVID", in, out, opts...) + err := c.cc.Invoke(ctx, SVIDStore_DeleteX509SVID_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -52,7 +63,7 @@ func (c *sVIDStoreClient) DeleteX509SVID(ctx context.Context, in *DeleteX509SVID // SVIDStoreServer is the server API for SVIDStore service. // All implementations must embed UnimplementedSVIDStoreServer -// for forward compatibility +// for forward compatibility. type SVIDStoreServer interface { // Puts an X509-SVID in a configured secrets store PutX509SVID(context.Context, *PutX509SVIDRequest) (*PutX509SVIDResponse, error) @@ -61,9 +72,12 @@ type SVIDStoreServer interface { mustEmbedUnimplementedSVIDStoreServer() } -// UnimplementedSVIDStoreServer must be embedded to have forward compatible implementations. -type UnimplementedSVIDStoreServer struct { -} +// UnimplementedSVIDStoreServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedSVIDStoreServer struct{} func (UnimplementedSVIDStoreServer) PutX509SVID(context.Context, *PutX509SVIDRequest) (*PutX509SVIDResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method PutX509SVID not implemented") @@ -72,6 +86,7 @@ func (UnimplementedSVIDStoreServer) DeleteX509SVID(context.Context, *DeleteX509S return nil, status.Errorf(codes.Unimplemented, "method DeleteX509SVID not implemented") } func (UnimplementedSVIDStoreServer) mustEmbedUnimplementedSVIDStoreServer() {} +func (UnimplementedSVIDStoreServer) testEmbeddedByValue() {} // UnsafeSVIDStoreServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to SVIDStoreServer will @@ -81,6 +96,13 @@ type UnsafeSVIDStoreServer interface { } func RegisterSVIDStoreServer(s grpc.ServiceRegistrar, srv SVIDStoreServer) { + // If the following call pancis, it indicates UnimplementedSVIDStoreServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&SVIDStore_ServiceDesc, srv) } @@ -94,7 +116,7 @@ func _SVIDStore_PutX509SVID_Handler(srv interface{}, ctx context.Context, dec fu } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.plugin.agent.svidstore.v1.SVIDStore/PutX509SVID", + FullMethod: SVIDStore_PutX509SVID_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(SVIDStoreServer).PutX509SVID(ctx, req.(*PutX509SVIDRequest)) @@ -112,7 +134,7 @@ func _SVIDStore_DeleteX509SVID_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.plugin.agent.svidstore.v1.SVIDStore/DeleteX509SVID", + FullMethod: SVIDStore_DeleteX509SVID_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(SVIDStoreServer).DeleteX509SVID(ctx, req.(*DeleteX509SVIDRequest)) diff --git a/proto/spire/plugin/agent/workloadattestor/v1/workloadattestor.pb.go b/proto/spire/plugin/agent/workloadattestor/v1/workloadattestor.pb.go index 2b3d887..a890d55 100644 --- a/proto/spire/plugin/agent/workloadattestor/v1/workloadattestor.pb.go +++ b/proto/spire/plugin/agent/workloadattestor/v1/workloadattestor.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: spire/plugin/agent/workloadattestor/v1/workloadattestor.proto package v1 @@ -11,6 +11,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -21,21 +22,18 @@ const ( ) type AttestRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The process ID of the workload to attest. - Pid int32 `protobuf:"varint,1,opt,name=pid,proto3" json:"pid,omitempty"` + Pid int32 `protobuf:"varint,1,opt,name=pid,proto3" json:"pid,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *AttestRequest) Reset() { *x = AttestRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *AttestRequest) String() string { @@ -46,7 +44,7 @@ func (*AttestRequest) ProtoMessage() {} func (x *AttestRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -69,22 +67,19 @@ func (x *AttestRequest) GetPid() int32 { } type AttestResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Optional. Selector values related to the attested workload. The type // of the selector is inferred from the plugin name. SelectorValues []string `protobuf:"bytes,1,rep,name=selector_values,json=selectorValues,proto3" json:"selector_values,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *AttestResponse) Reset() { *x = AttestResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *AttestResponse) String() string { @@ -95,7 +90,7 @@ func (*AttestResponse) ProtoMessage() {} func (x *AttestResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -119,50 +114,30 @@ func (x *AttestResponse) GetSelectorValues() []string { var File_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto protoreflect.FileDescriptor -var file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDesc = []byte{ - 0x0a, 0x3d, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x61, - 0x67, 0x65, 0x6e, 0x74, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x61, 0x74, 0x74, - 0x65, 0x73, 0x74, 0x6f, 0x72, 0x2f, 0x76, 0x31, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, - 0x26, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, - 0x65, 0x6e, 0x74, 0x2e, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x61, 0x74, 0x74, 0x65, - 0x73, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x22, 0x21, 0x0a, 0x0d, 0x41, 0x74, 0x74, 0x65, 0x73, - 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x70, 0x69, 0x64, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x70, 0x69, 0x64, 0x22, 0x39, 0x0a, 0x0e, 0x41, 0x74, - 0x74, 0x65, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x27, 0x0a, 0x0f, - 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x73, 0x32, 0x8b, 0x01, 0x0a, 0x10, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, - 0x61, 0x64, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x12, 0x77, 0x0a, 0x06, 0x41, 0x74, - 0x74, 0x65, 0x73, 0x74, 0x12, 0x35, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, - 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, - 0x61, 0x64, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, - 0x74, 0x65, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x36, 0x2e, 0x73, 0x70, - 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x61, 0x67, 0x65, 0x6e, 0x74, - 0x2e, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x6f, - 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x42, 0x51, 0x5a, 0x4f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x70, - 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, - 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x61, 0x67, 0x65, - 0x6e, 0x74, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x61, 0x74, 0x74, 0x65, 0x73, - 0x74, 0x6f, 0x72, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +const file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDesc = "" + + "\n" + + "=spire/plugin/agent/workloadattestor/v1/workloadattestor.proto\x12&spire.plugin.agent.workloadattestor.v1\"!\n" + + "\rAttestRequest\x12\x10\n" + + "\x03pid\x18\x01 \x01(\x05R\x03pid\"9\n" + + "\x0eAttestResponse\x12'\n" + + "\x0fselector_values\x18\x01 \x03(\tR\x0eselectorValues2\x8b\x01\n" + + "\x10WorkloadAttestor\x12w\n" + + "\x06Attest\x125.spire.plugin.agent.workloadattestor.v1.AttestRequest\x1a6.spire.plugin.agent.workloadattestor.v1.AttestResponseBQZOgithub.com/spiffe/spire-plugin-sdk/proto/spire/plugin/agent/workloadattestor/v1b\x06proto3" var ( file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDescOnce sync.Once - file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDescData = file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDesc + file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDescData []byte ) func file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDescGZIP() []byte { file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDescOnce.Do(func() { - file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDescData) + file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDesc), len(file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDesc))) }) return file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDescData } var file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_goTypes = []interface{}{ +var file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_goTypes = []any{ (*AttestRequest)(nil), // 0: spire.plugin.agent.workloadattestor.v1.AttestRequest (*AttestResponse)(nil), // 1: spire.plugin.agent.workloadattestor.v1.AttestResponse } @@ -181,37 +156,11 @@ func file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_init() { if File_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AttestRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AttestResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDesc), len(file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDesc)), NumEnums: 0, NumMessages: 2, NumExtensions: 0, @@ -222,7 +171,6 @@ func file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_init() { MessageInfos: file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_msgTypes, }.Build() File_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto = out.File - file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_rawDesc = nil file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_goTypes = nil file_spire_plugin_agent_workloadattestor_v1_workloadattestor_proto_depIdxs = nil } diff --git a/proto/spire/plugin/agent/workloadattestor/v1/workloadattestor_grpc.pb.go b/proto/spire/plugin/agent/workloadattestor/v1/workloadattestor_grpc.pb.go index 44406e1..fa194ad 100644 --- a/proto/spire/plugin/agent/workloadattestor/v1/workloadattestor_grpc.pb.go +++ b/proto/spire/plugin/agent/workloadattestor/v1/workloadattestor_grpc.pb.go @@ -1,4 +1,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: spire/plugin/agent/workloadattestor/v1/workloadattestor.proto package v1 @@ -11,8 +15,12 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + WorkloadAttestor_Attest_FullMethodName = "/spire.plugin.agent.workloadattestor.v1.WorkloadAttestor/Attest" +) // WorkloadAttestorClient is the client API for WorkloadAttestor service. // @@ -36,8 +44,9 @@ func NewWorkloadAttestorClient(cc grpc.ClientConnInterface) WorkloadAttestorClie } func (c *workloadAttestorClient) Attest(ctx context.Context, in *AttestRequest, opts ...grpc.CallOption) (*AttestResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(AttestResponse) - err := c.cc.Invoke(ctx, "/spire.plugin.agent.workloadattestor.v1.WorkloadAttestor/Attest", in, out, opts...) + err := c.cc.Invoke(ctx, WorkloadAttestor_Attest_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -46,7 +55,7 @@ func (c *workloadAttestorClient) Attest(ctx context.Context, in *AttestRequest, // WorkloadAttestorServer is the server API for WorkloadAttestor service. // All implementations must embed UnimplementedWorkloadAttestorServer -// for forward compatibility +// for forward compatibility. type WorkloadAttestorServer interface { // Attests the specified workload process. If the process is not one the // attestor is in a position to attest (e.g. k8s attestor attesting a @@ -58,14 +67,18 @@ type WorkloadAttestorServer interface { mustEmbedUnimplementedWorkloadAttestorServer() } -// UnimplementedWorkloadAttestorServer must be embedded to have forward compatible implementations. -type UnimplementedWorkloadAttestorServer struct { -} +// UnimplementedWorkloadAttestorServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedWorkloadAttestorServer struct{} func (UnimplementedWorkloadAttestorServer) Attest(context.Context, *AttestRequest) (*AttestResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method Attest not implemented") } func (UnimplementedWorkloadAttestorServer) mustEmbedUnimplementedWorkloadAttestorServer() {} +func (UnimplementedWorkloadAttestorServer) testEmbeddedByValue() {} // UnsafeWorkloadAttestorServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to WorkloadAttestorServer will @@ -75,6 +88,13 @@ type UnsafeWorkloadAttestorServer interface { } func RegisterWorkloadAttestorServer(s grpc.ServiceRegistrar, srv WorkloadAttestorServer) { + // If the following call pancis, it indicates UnimplementedWorkloadAttestorServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&WorkloadAttestor_ServiceDesc, srv) } @@ -88,7 +108,7 @@ func _WorkloadAttestor_Attest_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.plugin.agent.workloadattestor.v1.WorkloadAttestor/Attest", + FullMethod: WorkloadAttestor_Attest_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(WorkloadAttestorServer).Attest(ctx, req.(*AttestRequest)) diff --git a/proto/spire/plugin/server/bundlepublisher/v1/bundlepublisher.pb.go b/proto/spire/plugin/server/bundlepublisher/v1/bundlepublisher.pb.go new file mode 100644 index 0000000..1d08791 --- /dev/null +++ b/proto/spire/plugin/server/bundlepublisher/v1/bundlepublisher.pb.go @@ -0,0 +1,168 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.6 +// protoc v6.30.2 +// source: spire/plugin/server/bundlepublisher/v1/bundlepublisher.proto + +package bundlepublisherv1 + +import ( + types "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/types" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" + unsafe "unsafe" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type PublishBundleRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Required. The trust bundle to publish. + Bundle *types.Bundle `protobuf:"bytes,1,opt,name=bundle,proto3" json:"bundle,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *PublishBundleRequest) Reset() { + *x = PublishBundleRequest{} + mi := &file_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *PublishBundleRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PublishBundleRequest) ProtoMessage() {} + +func (x *PublishBundleRequest) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PublishBundleRequest.ProtoReflect.Descriptor instead. +func (*PublishBundleRequest) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto_rawDescGZIP(), []int{0} +} + +func (x *PublishBundleRequest) GetBundle() *types.Bundle { + if x != nil { + return x.Bundle + } + return nil +} + +type PublishBundleResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *PublishBundleResponse) Reset() { + *x = PublishBundleResponse{} + mi := &file_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *PublishBundleResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PublishBundleResponse) ProtoMessage() {} + +func (x *PublishBundleResponse) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PublishBundleResponse.ProtoReflect.Descriptor instead. +func (*PublishBundleResponse) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto_rawDescGZIP(), []int{1} +} + +var File_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto protoreflect.FileDescriptor + +const file_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto_rawDesc = "" + + "\n" + + " spire.plugin.types.Bundle + 0, // 1: spire.plugin.server.bundlepublisher.v1.BundlePublisher.PublishBundle:input_type -> spire.plugin.server.bundlepublisher.v1.PublishBundleRequest + 1, // 2: spire.plugin.server.bundlepublisher.v1.BundlePublisher.PublishBundle:output_type -> spire.plugin.server.bundlepublisher.v1.PublishBundleResponse + 2, // [2:3] is the sub-list for method output_type + 1, // [1:2] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto_init() } +func file_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto_init() { + if File_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto_rawDesc), len(file_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto_rawDesc)), + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto_goTypes, + DependencyIndexes: file_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto_depIdxs, + MessageInfos: file_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto_msgTypes, + }.Build() + File_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto = out.File + file_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto_goTypes = nil + file_spire_plugin_server_bundlepublisher_v1_bundlepublisher_proto_depIdxs = nil +} diff --git a/proto/spire/plugin/server/bundlepublisher/v1/bundlepublisher.proto b/proto/spire/plugin/server/bundlepublisher/v1/bundlepublisher.proto new file mode 100644 index 0000000..507e06e --- /dev/null +++ b/proto/spire/plugin/server/bundlepublisher/v1/bundlepublisher.proto @@ -0,0 +1,20 @@ +syntax = "proto3"; +package spire.plugin.server.bundlepublisher.v1; +option go_package = "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/bundlepublisher/v1;bundlepublisherv1"; + +import "spire/plugin/types/bundle.proto"; + +// The BundlePublisher plugin publishes a trust bundle to a store. +service BundlePublisher { + // PublishBundle publishes the trust bundle that is in the request + // to a store. + rpc PublishBundle(PublishBundleRequest) returns (PublishBundleResponse); +} + +message PublishBundleRequest { + // Required. The trust bundle to publish. + spire.plugin.types.Bundle bundle = 1; +} + +message PublishBundleResponse { +} diff --git a/proto/spire/plugin/server/bundlepublisher/v1/bundlepublisher_grpc.pb.go b/proto/spire/plugin/server/bundlepublisher/v1/bundlepublisher_grpc.pb.go new file mode 100644 index 0000000..0cc95e4 --- /dev/null +++ b/proto/spire/plugin/server/bundlepublisher/v1/bundlepublisher_grpc.pb.go @@ -0,0 +1,129 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: spire/plugin/server/bundlepublisher/v1/bundlepublisher.proto + +package bundlepublisherv1 + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + BundlePublisher_PublishBundle_FullMethodName = "/spire.plugin.server.bundlepublisher.v1.BundlePublisher/PublishBundle" +) + +// BundlePublisherClient is the client API for BundlePublisher service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +// +// The BundlePublisher plugin publishes a trust bundle to a store. +type BundlePublisherClient interface { + // PublishBundle publishes the trust bundle that is in the request + // to a store. + PublishBundle(ctx context.Context, in *PublishBundleRequest, opts ...grpc.CallOption) (*PublishBundleResponse, error) +} + +type bundlePublisherClient struct { + cc grpc.ClientConnInterface +} + +func NewBundlePublisherClient(cc grpc.ClientConnInterface) BundlePublisherClient { + return &bundlePublisherClient{cc} +} + +func (c *bundlePublisherClient) PublishBundle(ctx context.Context, in *PublishBundleRequest, opts ...grpc.CallOption) (*PublishBundleResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(PublishBundleResponse) + err := c.cc.Invoke(ctx, BundlePublisher_PublishBundle_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +// BundlePublisherServer is the server API for BundlePublisher service. +// All implementations must embed UnimplementedBundlePublisherServer +// for forward compatibility. +// +// The BundlePublisher plugin publishes a trust bundle to a store. +type BundlePublisherServer interface { + // PublishBundle publishes the trust bundle that is in the request + // to a store. + PublishBundle(context.Context, *PublishBundleRequest) (*PublishBundleResponse, error) + mustEmbedUnimplementedBundlePublisherServer() +} + +// UnimplementedBundlePublisherServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedBundlePublisherServer struct{} + +func (UnimplementedBundlePublisherServer) PublishBundle(context.Context, *PublishBundleRequest) (*PublishBundleResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method PublishBundle not implemented") +} +func (UnimplementedBundlePublisherServer) mustEmbedUnimplementedBundlePublisherServer() {} +func (UnimplementedBundlePublisherServer) testEmbeddedByValue() {} + +// UnsafeBundlePublisherServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to BundlePublisherServer will +// result in compilation errors. +type UnsafeBundlePublisherServer interface { + mustEmbedUnimplementedBundlePublisherServer() +} + +func RegisterBundlePublisherServer(s grpc.ServiceRegistrar, srv BundlePublisherServer) { + // If the following call pancis, it indicates UnimplementedBundlePublisherServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&BundlePublisher_ServiceDesc, srv) +} + +func _BundlePublisher_PublishBundle_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(PublishBundleRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(BundlePublisherServer).PublishBundle(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: BundlePublisher_PublishBundle_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(BundlePublisherServer).PublishBundle(ctx, req.(*PublishBundleRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// BundlePublisher_ServiceDesc is the grpc.ServiceDesc for BundlePublisher service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var BundlePublisher_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "spire.plugin.server.bundlepublisher.v1.BundlePublisher", + HandlerType: (*BundlePublisherServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "PublishBundle", + Handler: _BundlePublisher_PublishBundle_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "spire/plugin/server/bundlepublisher/v1/bundlepublisher.proto", +} diff --git a/proto/spire/plugin/server/bundlepublisher/v1/bundlepublisher_spire_plugin.pb.go b/proto/spire/plugin/server/bundlepublisher/v1/bundlepublisher_spire_plugin.pb.go new file mode 100644 index 0000000..a5a0d62 --- /dev/null +++ b/proto/spire/plugin/server/bundlepublisher/v1/bundlepublisher_spire_plugin.pb.go @@ -0,0 +1,50 @@ +// Code generated by protoc-gen-go-spire. DO NOT EDIT. + +package bundlepublisherv1 + +import ( + pluginsdk "github.com/spiffe/spire-plugin-sdk/pluginsdk" + grpc "google.golang.org/grpc" +) + +func BundlePublisherPluginServer(server BundlePublisherServer) pluginsdk.PluginServer { + return bundlePublisherPluginServer{BundlePublisherServer: server} +} + +type bundlePublisherPluginServer struct { + BundlePublisherServer +} + +func (s bundlePublisherPluginServer) Type() string { + return "BundlePublisher" +} + +func (s bundlePublisherPluginServer) GRPCServiceName() string { + return "spire.plugin.server.bundlepublisher.v1.BundlePublisher" +} + +func (s bundlePublisherPluginServer) RegisterServer(server *grpc.Server) interface{} { + RegisterBundlePublisherServer(server, s.BundlePublisherServer) + return s.BundlePublisherServer +} + +type BundlePublisherPluginClient struct { + BundlePublisherClient +} + +func (s BundlePublisherPluginClient) Type() string { + return "BundlePublisher" +} + +func (c *BundlePublisherPluginClient) IsInitialized() bool { + return c.BundlePublisherClient != nil +} + +func (c *BundlePublisherPluginClient) GRPCServiceName() string { + return "spire.plugin.server.bundlepublisher.v1.BundlePublisher" +} + +func (c *BundlePublisherPluginClient) InitClient(conn grpc.ClientConnInterface) interface{} { + c.BundlePublisherClient = NewBundlePublisherClient(conn) + return c.BundlePublisherClient +} diff --git a/proto/spire/plugin/server/credentialcomposer/v1/credentialcomposer.pb.go b/proto/spire/plugin/server/credentialcomposer/v1/credentialcomposer.pb.go new file mode 100644 index 0000000..762f543 --- /dev/null +++ b/proto/spire/plugin/server/credentialcomposer/v1/credentialcomposer.pb.go @@ -0,0 +1,1165 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.6 +// protoc v6.30.2 +// source: spire/plugin/server/credentialcomposer/v1/credentialcomposer.proto + +package credentialcomposerv1 + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + structpb "google.golang.org/protobuf/types/known/structpb" + reflect "reflect" + sync "sync" + unsafe "unsafe" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type ComposeServerX509CARequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The attributes for the server X509 CA. To maintain forward compatibility + // with future attribute field additions, these attributes SHOULD be + // mutated and used to populate the attributes field in the + // ComposeServerX509CAResponse. + Attributes *X509CAAttributes `protobuf:"bytes,1,opt,name=attributes,proto3" json:"attributes,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ComposeServerX509CARequest) Reset() { + *x = ComposeServerX509CARequest{} + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ComposeServerX509CARequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ComposeServerX509CARequest) ProtoMessage() {} + +func (x *ComposeServerX509CARequest) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ComposeServerX509CARequest.ProtoReflect.Descriptor instead. +func (*ComposeServerX509CARequest) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescGZIP(), []int{0} +} + +func (x *ComposeServerX509CARequest) GetAttributes() *X509CAAttributes { + if x != nil { + return x.Attributes + } + return nil +} + +type ComposeServerX509CAResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The attributes for the server X509 CA. To maintain forward compatibility + // with future attribute field additions, these attributes SHOULD be + // populated with the mutated attributes field in the + // ComposeServerX509CARequest. If this field is not included in the + // response, the original attributes sent in the request will be used. + Attributes *X509CAAttributes `protobuf:"bytes,1,opt,name=attributes,proto3" json:"attributes,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ComposeServerX509CAResponse) Reset() { + *x = ComposeServerX509CAResponse{} + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ComposeServerX509CAResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ComposeServerX509CAResponse) ProtoMessage() {} + +func (x *ComposeServerX509CAResponse) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ComposeServerX509CAResponse.ProtoReflect.Descriptor instead. +func (*ComposeServerX509CAResponse) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescGZIP(), []int{1} +} + +func (x *ComposeServerX509CAResponse) GetAttributes() *X509CAAttributes { + if x != nil { + return x.Attributes + } + return nil +} + +type ComposeServerX509SVIDRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The attributes for the server X509-SVID. To maintain forward + // compatibility with future attribute field additions, these attributes + // SHOULD be mutated and used to populate the attributes field in the + // ComposeServerX509SVIDResponse. + Attributes *X509SVIDAttributes `protobuf:"bytes,1,opt,name=attributes,proto3" json:"attributes,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ComposeServerX509SVIDRequest) Reset() { + *x = ComposeServerX509SVIDRequest{} + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ComposeServerX509SVIDRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ComposeServerX509SVIDRequest) ProtoMessage() {} + +func (x *ComposeServerX509SVIDRequest) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ComposeServerX509SVIDRequest.ProtoReflect.Descriptor instead. +func (*ComposeServerX509SVIDRequest) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescGZIP(), []int{2} +} + +func (x *ComposeServerX509SVIDRequest) GetAttributes() *X509SVIDAttributes { + if x != nil { + return x.Attributes + } + return nil +} + +type ComposeServerX509SVIDResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The attributes for the server X509-SVID. To maintain forward + // compatibility with future attribute field additions, these attributes + // SHOULD be populated with the mutated attributes field in the + // ComposeServerX509SVIDRequest. If this field is not included in the + // response, the original attributes sent in the request will be used. + Attributes *X509SVIDAttributes `protobuf:"bytes,1,opt,name=attributes,proto3" json:"attributes,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ComposeServerX509SVIDResponse) Reset() { + *x = ComposeServerX509SVIDResponse{} + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ComposeServerX509SVIDResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ComposeServerX509SVIDResponse) ProtoMessage() {} + +func (x *ComposeServerX509SVIDResponse) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ComposeServerX509SVIDResponse.ProtoReflect.Descriptor instead. +func (*ComposeServerX509SVIDResponse) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescGZIP(), []int{3} +} + +func (x *ComposeServerX509SVIDResponse) GetAttributes() *X509SVIDAttributes { + if x != nil { + return x.Attributes + } + return nil +} + +type ComposeAgentX509SVIDRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The attributes for the agent X509-SVID. To maintain forward + // compatibility with future attribute field additions, these attributes + // SHOULD be mutated and used to populate the attributes field in the + // ComposeAgentX509SVIDResponse. + Attributes *X509SVIDAttributes `protobuf:"bytes,1,opt,name=attributes,proto3" json:"attributes,omitempty"` + // The SPIFFE ID of the agent. + SpiffeId string `protobuf:"bytes,2,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"` + // PKIX encoded public key of the agent. + PublicKey []byte `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ComposeAgentX509SVIDRequest) Reset() { + *x = ComposeAgentX509SVIDRequest{} + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ComposeAgentX509SVIDRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ComposeAgentX509SVIDRequest) ProtoMessage() {} + +func (x *ComposeAgentX509SVIDRequest) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ComposeAgentX509SVIDRequest.ProtoReflect.Descriptor instead. +func (*ComposeAgentX509SVIDRequest) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescGZIP(), []int{4} +} + +func (x *ComposeAgentX509SVIDRequest) GetAttributes() *X509SVIDAttributes { + if x != nil { + return x.Attributes + } + return nil +} + +func (x *ComposeAgentX509SVIDRequest) GetSpiffeId() string { + if x != nil { + return x.SpiffeId + } + return "" +} + +func (x *ComposeAgentX509SVIDRequest) GetPublicKey() []byte { + if x != nil { + return x.PublicKey + } + return nil +} + +type ComposeAgentX509SVIDResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The attributes for the agent X509-SVID. To maintain forward + // compatibility with future attribute field additions, these attributes + // SHOULD be populated with the mutated attributes field in the + // ComposeAgentX509SVIDRequest. If this field is not included in the + // response, the original attributes sent in the request will be used. + Attributes *X509SVIDAttributes `protobuf:"bytes,1,opt,name=attributes,proto3" json:"attributes,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ComposeAgentX509SVIDResponse) Reset() { + *x = ComposeAgentX509SVIDResponse{} + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ComposeAgentX509SVIDResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ComposeAgentX509SVIDResponse) ProtoMessage() {} + +func (x *ComposeAgentX509SVIDResponse) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ComposeAgentX509SVIDResponse.ProtoReflect.Descriptor instead. +func (*ComposeAgentX509SVIDResponse) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescGZIP(), []int{5} +} + +func (x *ComposeAgentX509SVIDResponse) GetAttributes() *X509SVIDAttributes { + if x != nil { + return x.Attributes + } + return nil +} + +type ComposeWorkloadX509SVIDRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The attributes for the workload X509-SVID. To maintain forward + // compatibility with future attribute field additions, these attributes + // SHOULD be mutated and used to populate the attributes field in the + // ComposeWorkloadX509SVIDResponse. + Attributes *X509SVIDAttributes `protobuf:"bytes,1,opt,name=attributes,proto3" json:"attributes,omitempty"` + // The SPIFFE ID of the workload. + SpiffeId string `protobuf:"bytes,2,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"` + // PKIX encoded public key of the workload. + PublicKey []byte `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ComposeWorkloadX509SVIDRequest) Reset() { + *x = ComposeWorkloadX509SVIDRequest{} + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ComposeWorkloadX509SVIDRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ComposeWorkloadX509SVIDRequest) ProtoMessage() {} + +func (x *ComposeWorkloadX509SVIDRequest) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[6] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ComposeWorkloadX509SVIDRequest.ProtoReflect.Descriptor instead. +func (*ComposeWorkloadX509SVIDRequest) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescGZIP(), []int{6} +} + +func (x *ComposeWorkloadX509SVIDRequest) GetAttributes() *X509SVIDAttributes { + if x != nil { + return x.Attributes + } + return nil +} + +func (x *ComposeWorkloadX509SVIDRequest) GetSpiffeId() string { + if x != nil { + return x.SpiffeId + } + return "" +} + +func (x *ComposeWorkloadX509SVIDRequest) GetPublicKey() []byte { + if x != nil { + return x.PublicKey + } + return nil +} + +type ComposeWorkloadX509SVIDResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The attributes for the workload X509-SVID. To maintain forward + // compatibility with future attribute field additions, these attributes + // SHOULD be populated with the mutated attributes field in the + // ComposeWorkloadX509SVIDRequest. If this message is not included in the + // response, the original attributes sent in the request will be used. + Attributes *X509SVIDAttributes `protobuf:"bytes,1,opt,name=attributes,proto3" json:"attributes,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ComposeWorkloadX509SVIDResponse) Reset() { + *x = ComposeWorkloadX509SVIDResponse{} + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ComposeWorkloadX509SVIDResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ComposeWorkloadX509SVIDResponse) ProtoMessage() {} + +func (x *ComposeWorkloadX509SVIDResponse) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[7] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ComposeWorkloadX509SVIDResponse.ProtoReflect.Descriptor instead. +func (*ComposeWorkloadX509SVIDResponse) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescGZIP(), []int{7} +} + +func (x *ComposeWorkloadX509SVIDResponse) GetAttributes() *X509SVIDAttributes { + if x != nil { + return x.Attributes + } + return nil +} + +type ComposeWorkloadJWTSVIDRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The attributes for the workload JWT-SVID. To maintain forward + // compatibility with future attribute field additions, these attributes + // SHOULD be mutated and used to populate the attributes field in the + // ComposeWorkloadJWTSVIDResponse. + Attributes *JWTSVIDAttributes `protobuf:"bytes,1,opt,name=attributes,proto3" json:"attributes,omitempty"` + // The SPIFFE ID of the workload. + SpiffeId string `protobuf:"bytes,2,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ComposeWorkloadJWTSVIDRequest) Reset() { + *x = ComposeWorkloadJWTSVIDRequest{} + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ComposeWorkloadJWTSVIDRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ComposeWorkloadJWTSVIDRequest) ProtoMessage() {} + +func (x *ComposeWorkloadJWTSVIDRequest) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[8] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ComposeWorkloadJWTSVIDRequest.ProtoReflect.Descriptor instead. +func (*ComposeWorkloadJWTSVIDRequest) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescGZIP(), []int{8} +} + +func (x *ComposeWorkloadJWTSVIDRequest) GetAttributes() *JWTSVIDAttributes { + if x != nil { + return x.Attributes + } + return nil +} + +func (x *ComposeWorkloadJWTSVIDRequest) GetSpiffeId() string { + if x != nil { + return x.SpiffeId + } + return "" +} + +type ComposeWorkloadJWTSVIDResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The attributes for the workload JWT-SVID. To maintain forward + // compatibility with future attribute field additions, these attributes + // SHOULD be populated with the mutated attributes field in the + // ComposeWorkloadJWTSVIDRequest. If this field is not included in the + // response, the original attributes sent in the request will be used. + Attributes *JWTSVIDAttributes `protobuf:"bytes,1,opt,name=attributes,proto3" json:"attributes,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ComposeWorkloadJWTSVIDResponse) Reset() { + *x = ComposeWorkloadJWTSVIDResponse{} + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ComposeWorkloadJWTSVIDResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ComposeWorkloadJWTSVIDResponse) ProtoMessage() {} + +func (x *ComposeWorkloadJWTSVIDResponse) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[9] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ComposeWorkloadJWTSVIDResponse.ProtoReflect.Descriptor instead. +func (*ComposeWorkloadJWTSVIDResponse) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescGZIP(), []int{9} +} + +func (x *ComposeWorkloadJWTSVIDResponse) GetAttributes() *JWTSVIDAttributes { + if x != nil { + return x.Attributes + } + return nil +} + +type X509CAAttributes struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The subject of the X509 CA. + Subject *DistinguishedName `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"` + // Zero or more policy identifiers (OIDs) to apply to the CA. + PolicyIdentifiers []string `protobuf:"bytes,2,rep,name=policy_identifiers,json=policyIdentifiers,proto3" json:"policy_identifiers,omitempty"` + // Zero or more extensions to apply to the X509 CA. These will override + // any extensions otherwise added by the other fields. + ExtraExtensions []*X509Extension `protobuf:"bytes,3,rep,name=extra_extensions,json=extraExtensions,proto3" json:"extra_extensions,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *X509CAAttributes) Reset() { + *x = X509CAAttributes{} + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *X509CAAttributes) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*X509CAAttributes) ProtoMessage() {} + +func (x *X509CAAttributes) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[10] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use X509CAAttributes.ProtoReflect.Descriptor instead. +func (*X509CAAttributes) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescGZIP(), []int{10} +} + +func (x *X509CAAttributes) GetSubject() *DistinguishedName { + if x != nil { + return x.Subject + } + return nil +} + +func (x *X509CAAttributes) GetPolicyIdentifiers() []string { + if x != nil { + return x.PolicyIdentifiers + } + return nil +} + +func (x *X509CAAttributes) GetExtraExtensions() []*X509Extension { + if x != nil { + return x.ExtraExtensions + } + return nil +} + +type X509SVIDAttributes struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The subject of the X509-SVID. + Subject *DistinguishedName `protobuf:"bytes,1,opt,name=subject,proto3" json:"subject,omitempty"` + // Zero or more DNS SANs to apply to the X509-SVID. + DnsSans []string `protobuf:"bytes,2,rep,name=dns_sans,json=dnsSans,proto3" json:"dns_sans,omitempty"` + // Zero or more extensions to apply to the X509-SVID . These will override + // any extensions otherwise added by the other fields. This field cannot + // be used to change the URI SAN of the X509-SVID (i.e. the SPIFFE ID). + ExtraExtensions []*X509Extension `protobuf:"bytes,3,rep,name=extra_extensions,json=extraExtensions,proto3" json:"extra_extensions,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *X509SVIDAttributes) Reset() { + *x = X509SVIDAttributes{} + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *X509SVIDAttributes) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*X509SVIDAttributes) ProtoMessage() {} + +func (x *X509SVIDAttributes) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[11] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use X509SVIDAttributes.ProtoReflect.Descriptor instead. +func (*X509SVIDAttributes) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescGZIP(), []int{11} +} + +func (x *X509SVIDAttributes) GetSubject() *DistinguishedName { + if x != nil { + return x.Subject + } + return nil +} + +func (x *X509SVIDAttributes) GetDnsSans() []string { + if x != nil { + return x.DnsSans + } + return nil +} + +func (x *X509SVIDAttributes) GetExtraExtensions() []*X509Extension { + if x != nil { + return x.ExtraExtensions + } + return nil +} + +type X509Extension struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The OID of the X.509 extension (e.g. "1.2.3.4") + Oid string `protobuf:"bytes,1,opt,name=oid,proto3" json:"oid,omitempty"` + // Opaque value of the extension. No validity checking is performed on + // this value. Plugin implementors must ensure they are providing well + // formed values for the given extension OID. + Value []byte `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` + // Whether or not the extension is critical, i.e., must be + // handled/understood by verifiers or not. + Critical bool `protobuf:"varint,3,opt,name=critical,proto3" json:"critical,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *X509Extension) Reset() { + *x = X509Extension{} + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *X509Extension) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*X509Extension) ProtoMessage() {} + +func (x *X509Extension) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[12] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use X509Extension.ProtoReflect.Descriptor instead. +func (*X509Extension) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescGZIP(), []int{12} +} + +func (x *X509Extension) GetOid() string { + if x != nil { + return x.Oid + } + return "" +} + +func (x *X509Extension) GetValue() []byte { + if x != nil { + return x.Value + } + return nil +} + +func (x *X509Extension) GetCritical() bool { + if x != nil { + return x.Critical + } + return false +} + +type DistinguishedName struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Zero or more country designations. + Country []string `protobuf:"bytes,1,rep,name=country,proto3" json:"country,omitempty"` + // Zero or more organization designations. + Organization []string `protobuf:"bytes,2,rep,name=organization,proto3" json:"organization,omitempty"` + // Zero or more organizational unit designations. + OrganizationalUnit []string `protobuf:"bytes,3,rep,name=organizational_unit,json=organizationalUnit,proto3" json:"organizational_unit,omitempty"` + // Zero or more locality designations. + Locality []string `protobuf:"bytes,4,rep,name=locality,proto3" json:"locality,omitempty"` + // Zero or more province designations. + Province []string `protobuf:"bytes,5,rep,name=province,proto3" json:"province,omitempty"` + // Zero or more street address designations. + StreetAddress []string `protobuf:"bytes,6,rep,name=street_address,json=streetAddress,proto3" json:"street_address,omitempty"` + // Zero or more postal code designations. + PostalCode []string `protobuf:"bytes,7,rep,name=postal_code,json=postalCode,proto3" json:"postal_code,omitempty"` + // The serial number designation. The attribute is only set if this field + // is non-empty. + SerialNumber string `protobuf:"bytes,8,opt,name=serial_number,json=serialNumber,proto3" json:"serial_number,omitempty"` + // The common name designation. The attribute is only set if this field is + // non-empty. + CommonName string `protobuf:"bytes,9,opt,name=common_name,json=commonName,proto3" json:"common_name,omitempty"` + // Extra names, determined by oid and value, to be added to the + // distinguished names. This field is to support names not covered by the + // DistinguishedName message. It will override values specified in other + // fields in the DistinguishedName if the attributes overlap. + ExtraNames []*AttributeTypeAndValue `protobuf:"bytes,10,rep,name=extra_names,json=extraNames,proto3" json:"extra_names,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *DistinguishedName) Reset() { + *x = DistinguishedName{} + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *DistinguishedName) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DistinguishedName) ProtoMessage() {} + +func (x *DistinguishedName) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[13] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DistinguishedName.ProtoReflect.Descriptor instead. +func (*DistinguishedName) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescGZIP(), []int{13} +} + +func (x *DistinguishedName) GetCountry() []string { + if x != nil { + return x.Country + } + return nil +} + +func (x *DistinguishedName) GetOrganization() []string { + if x != nil { + return x.Organization + } + return nil +} + +func (x *DistinguishedName) GetOrganizationalUnit() []string { + if x != nil { + return x.OrganizationalUnit + } + return nil +} + +func (x *DistinguishedName) GetLocality() []string { + if x != nil { + return x.Locality + } + return nil +} + +func (x *DistinguishedName) GetProvince() []string { + if x != nil { + return x.Province + } + return nil +} + +func (x *DistinguishedName) GetStreetAddress() []string { + if x != nil { + return x.StreetAddress + } + return nil +} + +func (x *DistinguishedName) GetPostalCode() []string { + if x != nil { + return x.PostalCode + } + return nil +} + +func (x *DistinguishedName) GetSerialNumber() string { + if x != nil { + return x.SerialNumber + } + return "" +} + +func (x *DistinguishedName) GetCommonName() string { + if x != nil { + return x.CommonName + } + return "" +} + +func (x *DistinguishedName) GetExtraNames() []*AttributeTypeAndValue { + if x != nil { + return x.ExtraNames + } + return nil +} + +type AttributeTypeAndValue struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The OID of the attribute (e.g. "1.2.3.4"). + Oid string `protobuf:"bytes,1,opt,name=oid,proto3" json:"oid,omitempty"` + // The value of the attribute. Only UTF-8 strings are currently supported. + // this field may be encapsulated in a oneof at a later point. + StringValue string `protobuf:"bytes,2,opt,name=string_value,json=stringValue,proto3" json:"string_value,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *AttributeTypeAndValue) Reset() { + *x = AttributeTypeAndValue{} + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[14] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *AttributeTypeAndValue) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AttributeTypeAndValue) ProtoMessage() {} + +func (x *AttributeTypeAndValue) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[14] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AttributeTypeAndValue.ProtoReflect.Descriptor instead. +func (*AttributeTypeAndValue) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescGZIP(), []int{14} +} + +func (x *AttributeTypeAndValue) GetOid() string { + if x != nil { + return x.Oid + } + return "" +} + +func (x *AttributeTypeAndValue) GetStringValue() string { + if x != nil { + return x.StringValue + } + return "" +} + +type JWTSVIDAttributes struct { + state protoimpl.MessageState `protogen:"open.v1"` + // The JWT-SVID claims. Returned attributes must contain all of the + // claims required by the JWT-SVID specification: + // + // https://github.com/spiffe/spiffe/blob/main/standards/JWT-SVID.md + // + // The subject claim (i.e. SPIFFE ID) cannot be overriden. + Claims *structpb.Struct `protobuf:"bytes,1,opt,name=claims,proto3" json:"claims,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *JWTSVIDAttributes) Reset() { + *x = JWTSVIDAttributes{} + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[15] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *JWTSVIDAttributes) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*JWTSVIDAttributes) ProtoMessage() {} + +func (x *JWTSVIDAttributes) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes[15] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use JWTSVIDAttributes.ProtoReflect.Descriptor instead. +func (*JWTSVIDAttributes) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescGZIP(), []int{15} +} + +func (x *JWTSVIDAttributes) GetClaims() *structpb.Struct { + if x != nil { + return x.Claims + } + return nil +} + +var File_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto protoreflect.FileDescriptor + +const file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDesc = "" + + "\n" + + "Bspire/plugin/server/credentialcomposer/v1/credentialcomposer.proto\x12)spire.plugin.server.credentialcomposer.v1\x1a\x1cgoogle/protobuf/struct.proto\"y\n" + + "\x1aComposeServerX509CARequest\x12[\n" + + "\n" + + "attributes\x18\x01 \x01(\v2;.spire.plugin.server.credentialcomposer.v1.X509CAAttributesR\n" + + "attributes\"z\n" + + "\x1bComposeServerX509CAResponse\x12[\n" + + "\n" + + "attributes\x18\x01 \x01(\v2;.spire.plugin.server.credentialcomposer.v1.X509CAAttributesR\n" + + "attributes\"}\n" + + "\x1cComposeServerX509SVIDRequest\x12]\n" + + "\n" + + "attributes\x18\x01 \x01(\v2=.spire.plugin.server.credentialcomposer.v1.X509SVIDAttributesR\n" + + "attributes\"~\n" + + "\x1dComposeServerX509SVIDResponse\x12]\n" + + "\n" + + "attributes\x18\x01 \x01(\v2=.spire.plugin.server.credentialcomposer.v1.X509SVIDAttributesR\n" + + "attributes\"\xb8\x01\n" + + "\x1bComposeAgentX509SVIDRequest\x12]\n" + + "\n" + + "attributes\x18\x01 \x01(\v2=.spire.plugin.server.credentialcomposer.v1.X509SVIDAttributesR\n" + + "attributes\x12\x1b\n" + + "\tspiffe_id\x18\x02 \x01(\tR\bspiffeId\x12\x1d\n" + + "\n" + + "public_key\x18\x03 \x01(\fR\tpublicKey\"}\n" + + "\x1cComposeAgentX509SVIDResponse\x12]\n" + + "\n" + + "attributes\x18\x01 \x01(\v2=.spire.plugin.server.credentialcomposer.v1.X509SVIDAttributesR\n" + + "attributes\"\xbb\x01\n" + + "\x1eComposeWorkloadX509SVIDRequest\x12]\n" + + "\n" + + "attributes\x18\x01 \x01(\v2=.spire.plugin.server.credentialcomposer.v1.X509SVIDAttributesR\n" + + "attributes\x12\x1b\n" + + "\tspiffe_id\x18\x02 \x01(\tR\bspiffeId\x12\x1d\n" + + "\n" + + "public_key\x18\x03 \x01(\fR\tpublicKey\"\x80\x01\n" + + "\x1fComposeWorkloadX509SVIDResponse\x12]\n" + + "\n" + + "attributes\x18\x01 \x01(\v2=.spire.plugin.server.credentialcomposer.v1.X509SVIDAttributesR\n" + + "attributes\"\x9a\x01\n" + + "\x1dComposeWorkloadJWTSVIDRequest\x12\\\n" + + "\n" + + "attributes\x18\x01 \x01(\v2<.spire.plugin.server.credentialcomposer.v1.JWTSVIDAttributesR\n" + + "attributes\x12\x1b\n" + + "\tspiffe_id\x18\x02 \x01(\tR\bspiffeId\"~\n" + + "\x1eComposeWorkloadJWTSVIDResponse\x12\\\n" + + "\n" + + "attributes\x18\x01 \x01(\v2<.spire.plugin.server.credentialcomposer.v1.JWTSVIDAttributesR\n" + + "attributes\"\xfe\x01\n" + + "\x10X509CAAttributes\x12V\n" + + "\asubject\x18\x01 \x01(\v2<.spire.plugin.server.credentialcomposer.v1.DistinguishedNameR\asubject\x12-\n" + + "\x12policy_identifiers\x18\x02 \x03(\tR\x11policyIdentifiers\x12c\n" + + "\x10extra_extensions\x18\x03 \x03(\v28.spire.plugin.server.credentialcomposer.v1.X509ExtensionR\x0fextraExtensions\"\xec\x01\n" + + "\x12X509SVIDAttributes\x12V\n" + + "\asubject\x18\x01 \x01(\v2<.spire.plugin.server.credentialcomposer.v1.DistinguishedNameR\asubject\x12\x19\n" + + "\bdns_sans\x18\x02 \x03(\tR\adnsSans\x12c\n" + + "\x10extra_extensions\x18\x03 \x03(\v28.spire.plugin.server.credentialcomposer.v1.X509ExtensionR\x0fextraExtensions\"S\n" + + "\rX509Extension\x12\x10\n" + + "\x03oid\x18\x01 \x01(\tR\x03oid\x12\x14\n" + + "\x05value\x18\x02 \x01(\fR\x05value\x12\x1a\n" + + "\bcritical\x18\x03 \x01(\bR\bcritical\"\xab\x03\n" + + "\x11DistinguishedName\x12\x18\n" + + "\acountry\x18\x01 \x03(\tR\acountry\x12\"\n" + + "\forganization\x18\x02 \x03(\tR\forganization\x12/\n" + + "\x13organizational_unit\x18\x03 \x03(\tR\x12organizationalUnit\x12\x1a\n" + + "\blocality\x18\x04 \x03(\tR\blocality\x12\x1a\n" + + "\bprovince\x18\x05 \x03(\tR\bprovince\x12%\n" + + "\x0estreet_address\x18\x06 \x03(\tR\rstreetAddress\x12\x1f\n" + + "\vpostal_code\x18\a \x03(\tR\n" + + "postalCode\x12#\n" + + "\rserial_number\x18\b \x01(\tR\fserialNumber\x12\x1f\n" + + "\vcommon_name\x18\t \x01(\tR\n" + + "commonName\x12a\n" + + "\vextra_names\x18\n" + + " \x03(\v2@.spire.plugin.server.credentialcomposer.v1.AttributeTypeAndValueR\n" + + "extraNames\"L\n" + + "\x15AttributeTypeAndValue\x12\x10\n" + + "\x03oid\x18\x01 \x01(\tR\x03oid\x12!\n" + + "\fstring_value\x18\x02 \x01(\tR\vstringValue\"D\n" + + "\x11JWTSVIDAttributes\x12/\n" + + "\x06claims\x18\x01 \x01(\v2\x17.google.protobuf.StructR\x06claims2\xf5\x06\n" + + "\x12CredentialComposer\x12\xa4\x01\n" + + "\x13ComposeServerX509CA\x12E.spire.plugin.server.credentialcomposer.v1.ComposeServerX509CARequest\x1aF.spire.plugin.server.credentialcomposer.v1.ComposeServerX509CAResponse\x12\xaa\x01\n" + + "\x15ComposeServerX509SVID\x12G.spire.plugin.server.credentialcomposer.v1.ComposeServerX509SVIDRequest\x1aH.spire.plugin.server.credentialcomposer.v1.ComposeServerX509SVIDResponse\x12\xa7\x01\n" + + "\x14ComposeAgentX509SVID\x12F.spire.plugin.server.credentialcomposer.v1.ComposeAgentX509SVIDRequest\x1aG.spire.plugin.server.credentialcomposer.v1.ComposeAgentX509SVIDResponse\x12\xb0\x01\n" + + "\x17ComposeWorkloadX509SVID\x12I.spire.plugin.server.credentialcomposer.v1.ComposeWorkloadX509SVIDRequest\x1aJ.spire.plugin.server.credentialcomposer.v1.ComposeWorkloadX509SVIDResponse\x12\xad\x01\n" + + "\x16ComposeWorkloadJWTSVID\x12H.spire.plugin.server.credentialcomposer.v1.ComposeWorkloadJWTSVIDRequest\x1aI.spire.plugin.server.credentialcomposer.v1.ComposeWorkloadJWTSVIDResponseBiZggithub.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/credentialcomposer/v1;credentialcomposerv1b\x06proto3" + +var ( + file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescOnce sync.Once + file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescData []byte +) + +func file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescGZIP() []byte { + file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescOnce.Do(func() { + file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDesc), len(file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDesc))) + }) + return file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDescData +} + +var file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes = make([]protoimpl.MessageInfo, 16) +var file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_goTypes = []any{ + (*ComposeServerX509CARequest)(nil), // 0: spire.plugin.server.credentialcomposer.v1.ComposeServerX509CARequest + (*ComposeServerX509CAResponse)(nil), // 1: spire.plugin.server.credentialcomposer.v1.ComposeServerX509CAResponse + (*ComposeServerX509SVIDRequest)(nil), // 2: spire.plugin.server.credentialcomposer.v1.ComposeServerX509SVIDRequest + (*ComposeServerX509SVIDResponse)(nil), // 3: spire.plugin.server.credentialcomposer.v1.ComposeServerX509SVIDResponse + (*ComposeAgentX509SVIDRequest)(nil), // 4: spire.plugin.server.credentialcomposer.v1.ComposeAgentX509SVIDRequest + (*ComposeAgentX509SVIDResponse)(nil), // 5: spire.plugin.server.credentialcomposer.v1.ComposeAgentX509SVIDResponse + (*ComposeWorkloadX509SVIDRequest)(nil), // 6: spire.plugin.server.credentialcomposer.v1.ComposeWorkloadX509SVIDRequest + (*ComposeWorkloadX509SVIDResponse)(nil), // 7: spire.plugin.server.credentialcomposer.v1.ComposeWorkloadX509SVIDResponse + (*ComposeWorkloadJWTSVIDRequest)(nil), // 8: spire.plugin.server.credentialcomposer.v1.ComposeWorkloadJWTSVIDRequest + (*ComposeWorkloadJWTSVIDResponse)(nil), // 9: spire.plugin.server.credentialcomposer.v1.ComposeWorkloadJWTSVIDResponse + (*X509CAAttributes)(nil), // 10: spire.plugin.server.credentialcomposer.v1.X509CAAttributes + (*X509SVIDAttributes)(nil), // 11: spire.plugin.server.credentialcomposer.v1.X509SVIDAttributes + (*X509Extension)(nil), // 12: spire.plugin.server.credentialcomposer.v1.X509Extension + (*DistinguishedName)(nil), // 13: spire.plugin.server.credentialcomposer.v1.DistinguishedName + (*AttributeTypeAndValue)(nil), // 14: spire.plugin.server.credentialcomposer.v1.AttributeTypeAndValue + (*JWTSVIDAttributes)(nil), // 15: spire.plugin.server.credentialcomposer.v1.JWTSVIDAttributes + (*structpb.Struct)(nil), // 16: google.protobuf.Struct +} +var file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_depIdxs = []int32{ + 10, // 0: spire.plugin.server.credentialcomposer.v1.ComposeServerX509CARequest.attributes:type_name -> spire.plugin.server.credentialcomposer.v1.X509CAAttributes + 10, // 1: spire.plugin.server.credentialcomposer.v1.ComposeServerX509CAResponse.attributes:type_name -> spire.plugin.server.credentialcomposer.v1.X509CAAttributes + 11, // 2: spire.plugin.server.credentialcomposer.v1.ComposeServerX509SVIDRequest.attributes:type_name -> spire.plugin.server.credentialcomposer.v1.X509SVIDAttributes + 11, // 3: spire.plugin.server.credentialcomposer.v1.ComposeServerX509SVIDResponse.attributes:type_name -> spire.plugin.server.credentialcomposer.v1.X509SVIDAttributes + 11, // 4: spire.plugin.server.credentialcomposer.v1.ComposeAgentX509SVIDRequest.attributes:type_name -> spire.plugin.server.credentialcomposer.v1.X509SVIDAttributes + 11, // 5: spire.plugin.server.credentialcomposer.v1.ComposeAgentX509SVIDResponse.attributes:type_name -> spire.plugin.server.credentialcomposer.v1.X509SVIDAttributes + 11, // 6: spire.plugin.server.credentialcomposer.v1.ComposeWorkloadX509SVIDRequest.attributes:type_name -> spire.plugin.server.credentialcomposer.v1.X509SVIDAttributes + 11, // 7: spire.plugin.server.credentialcomposer.v1.ComposeWorkloadX509SVIDResponse.attributes:type_name -> spire.plugin.server.credentialcomposer.v1.X509SVIDAttributes + 15, // 8: spire.plugin.server.credentialcomposer.v1.ComposeWorkloadJWTSVIDRequest.attributes:type_name -> spire.plugin.server.credentialcomposer.v1.JWTSVIDAttributes + 15, // 9: spire.plugin.server.credentialcomposer.v1.ComposeWorkloadJWTSVIDResponse.attributes:type_name -> spire.plugin.server.credentialcomposer.v1.JWTSVIDAttributes + 13, // 10: spire.plugin.server.credentialcomposer.v1.X509CAAttributes.subject:type_name -> spire.plugin.server.credentialcomposer.v1.DistinguishedName + 12, // 11: spire.plugin.server.credentialcomposer.v1.X509CAAttributes.extra_extensions:type_name -> spire.plugin.server.credentialcomposer.v1.X509Extension + 13, // 12: spire.plugin.server.credentialcomposer.v1.X509SVIDAttributes.subject:type_name -> spire.plugin.server.credentialcomposer.v1.DistinguishedName + 12, // 13: spire.plugin.server.credentialcomposer.v1.X509SVIDAttributes.extra_extensions:type_name -> spire.plugin.server.credentialcomposer.v1.X509Extension + 14, // 14: spire.plugin.server.credentialcomposer.v1.DistinguishedName.extra_names:type_name -> spire.plugin.server.credentialcomposer.v1.AttributeTypeAndValue + 16, // 15: spire.plugin.server.credentialcomposer.v1.JWTSVIDAttributes.claims:type_name -> google.protobuf.Struct + 0, // 16: spire.plugin.server.credentialcomposer.v1.CredentialComposer.ComposeServerX509CA:input_type -> spire.plugin.server.credentialcomposer.v1.ComposeServerX509CARequest + 2, // 17: spire.plugin.server.credentialcomposer.v1.CredentialComposer.ComposeServerX509SVID:input_type -> spire.plugin.server.credentialcomposer.v1.ComposeServerX509SVIDRequest + 4, // 18: spire.plugin.server.credentialcomposer.v1.CredentialComposer.ComposeAgentX509SVID:input_type -> spire.plugin.server.credentialcomposer.v1.ComposeAgentX509SVIDRequest + 6, // 19: spire.plugin.server.credentialcomposer.v1.CredentialComposer.ComposeWorkloadX509SVID:input_type -> spire.plugin.server.credentialcomposer.v1.ComposeWorkloadX509SVIDRequest + 8, // 20: spire.plugin.server.credentialcomposer.v1.CredentialComposer.ComposeWorkloadJWTSVID:input_type -> spire.plugin.server.credentialcomposer.v1.ComposeWorkloadJWTSVIDRequest + 1, // 21: spire.plugin.server.credentialcomposer.v1.CredentialComposer.ComposeServerX509CA:output_type -> spire.plugin.server.credentialcomposer.v1.ComposeServerX509CAResponse + 3, // 22: spire.plugin.server.credentialcomposer.v1.CredentialComposer.ComposeServerX509SVID:output_type -> spire.plugin.server.credentialcomposer.v1.ComposeServerX509SVIDResponse + 5, // 23: spire.plugin.server.credentialcomposer.v1.CredentialComposer.ComposeAgentX509SVID:output_type -> spire.plugin.server.credentialcomposer.v1.ComposeAgentX509SVIDResponse + 7, // 24: spire.plugin.server.credentialcomposer.v1.CredentialComposer.ComposeWorkloadX509SVID:output_type -> spire.plugin.server.credentialcomposer.v1.ComposeWorkloadX509SVIDResponse + 9, // 25: spire.plugin.server.credentialcomposer.v1.CredentialComposer.ComposeWorkloadJWTSVID:output_type -> spire.plugin.server.credentialcomposer.v1.ComposeWorkloadJWTSVIDResponse + 21, // [21:26] is the sub-list for method output_type + 16, // [16:21] is the sub-list for method input_type + 16, // [16:16] is the sub-list for extension type_name + 16, // [16:16] is the sub-list for extension extendee + 0, // [0:16] is the sub-list for field type_name +} + +func init() { file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_init() } +func file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_init() { + if File_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDesc), len(file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_rawDesc)), + NumEnums: 0, + NumMessages: 16, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_goTypes, + DependencyIndexes: file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_depIdxs, + MessageInfos: file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_msgTypes, + }.Build() + File_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto = out.File + file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_goTypes = nil + file_spire_plugin_server_credentialcomposer_v1_credentialcomposer_proto_depIdxs = nil +} diff --git a/proto/spire/plugin/server/credentialcomposer/v1/credentialcomposer.proto b/proto/spire/plugin/server/credentialcomposer/v1/credentialcomposer.proto new file mode 100644 index 0000000..34e63f5 --- /dev/null +++ b/proto/spire/plugin/server/credentialcomposer/v1/credentialcomposer.proto @@ -0,0 +1,248 @@ +syntax = "proto3"; +package spire.plugin.server.credentialcomposer.v1; +option go_package = "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/credentialcomposer/v1;credentialcomposerv1"; + +import "google/protobuf/struct.proto"; + +// The CredentialComposer plugin influences the attributes of X.509 +// certificates and JWT tokens minted by or on behalf of SPIRE Server. +service CredentialComposer { + // Composes the SPIRE Server X509 CA. The server will supply the default + // attributes it will apply to the CA. If the plugin returns an empty + // response or NOT_IMPLEMENTED, the server will apply the default + // attributes. Otherwise the returned attributes are used. If a CA is + // produced that does not conform to the SPIFFE X509-SVID specification for + // signing certificates, it will be rejected. + rpc ComposeServerX509CA(ComposeServerX509CARequest) returns (ComposeServerX509CAResponse); + + // Composes the SPIRE Server X509-SVID. The server will supply the default + // attributes it will apply to the server X509-SVID. If the plugin returns + // an empty response or NOT_IMPLEMENTED, the server will apply the default + // attributes. Otherwise the returned attributes are used. If an X509-SVID + // is produced that does not conform to the SPIFFE X509-SVID specification + // for leaf certificates, it will be rejected. This function cannot be used + // to modify the SPIFFE ID of the X509-SVID. + rpc ComposeServerX509SVID(ComposeServerX509SVIDRequest) returns (ComposeServerX509SVIDResponse); + + // Composes the SPIRE Agent X509-SVID. The server will supply the default + // attributes it will apply to the agent X509-SVID. If the plugin returns + // an empty response or NOT_IMPLEMENTED, the server will apply the default + // attributes. Otherwise the returned attributes are used. If an X509-SVID + // is produced that does not conform to the SPIFFE X509-SVID specification + // for leaf certificates, it will be rejected. This function cannot be used + // to modify the SPIFFE ID of the X509-SVID. + rpc ComposeAgentX509SVID(ComposeAgentX509SVIDRequest) returns (ComposeAgentX509SVIDResponse); + + // Composes workload X509-SVIDs. The server will supply the default + // attributes it will apply to the workload X509-SVID. If the plugin + // returns an empty response or NOT_IMPLEMENTED, the server will apply the + // default attributes. Otherwise the returned attributes are used. If an + // X509-SVID is produced that does not conform to the SPIFFE X509-SVID + // specification for leaf certificates, it will be rejected. This function + // cannot be used to modify the SPIFFE ID of the X509-SVID. + rpc ComposeWorkloadX509SVID(ComposeWorkloadX509SVIDRequest) returns (ComposeWorkloadX509SVIDResponse); + + // Composes workload JWT-SVIDs. The server will supply the default + // attributes it will apply to the workload JWT-SVID. If the plugin + // returns an empty response or NOT_IMPLEMENTED, the server will apply the + // default attributes. Otherwise the returned attributes are used. If a + // JWT-SVID is produced that does not conform to the SPIFFE JWT-SVID + // specification, it will be rejected. This function cannot be used to + // modify the SPIFFE ID of the JWT-SVID. + rpc ComposeWorkloadJWTSVID(ComposeWorkloadJWTSVIDRequest) returns (ComposeWorkloadJWTSVIDResponse); +} + +message ComposeServerX509CARequest { + // The attributes for the server X509 CA. To maintain forward compatibility + // with future attribute field additions, these attributes SHOULD be + // mutated and used to populate the attributes field in the + // ComposeServerX509CAResponse. + X509CAAttributes attributes = 1; +} + +message ComposeServerX509CAResponse { + // The attributes for the server X509 CA. To maintain forward compatibility + // with future attribute field additions, these attributes SHOULD be + // populated with the mutated attributes field in the + // ComposeServerX509CARequest. If this field is not included in the + // response, the original attributes sent in the request will be used. + X509CAAttributes attributes = 1; +} + +message ComposeServerX509SVIDRequest { + // The attributes for the server X509-SVID. To maintain forward + // compatibility with future attribute field additions, these attributes + // SHOULD be mutated and used to populate the attributes field in the + // ComposeServerX509SVIDResponse. + X509SVIDAttributes attributes = 1; +} + +message ComposeServerX509SVIDResponse { + // The attributes for the server X509-SVID. To maintain forward + // compatibility with future attribute field additions, these attributes + // SHOULD be populated with the mutated attributes field in the + // ComposeServerX509SVIDRequest. If this field is not included in the + // response, the original attributes sent in the request will be used. + X509SVIDAttributes attributes = 1; +} + +message ComposeAgentX509SVIDRequest { + // The attributes for the agent X509-SVID. To maintain forward + // compatibility with future attribute field additions, these attributes + // SHOULD be mutated and used to populate the attributes field in the + // ComposeAgentX509SVIDResponse. + X509SVIDAttributes attributes = 1; + + // The SPIFFE ID of the agent. + string spiffe_id = 2; + + // PKIX encoded public key of the agent. + bytes public_key = 3; +} + +message ComposeAgentX509SVIDResponse { + // The attributes for the agent X509-SVID. To maintain forward + // compatibility with future attribute field additions, these attributes + // SHOULD be populated with the mutated attributes field in the + // ComposeAgentX509SVIDRequest. If this field is not included in the + // response, the original attributes sent in the request will be used. + X509SVIDAttributes attributes = 1; +} + +message ComposeWorkloadX509SVIDRequest { + // The attributes for the workload X509-SVID. To maintain forward + // compatibility with future attribute field additions, these attributes + // SHOULD be mutated and used to populate the attributes field in the + // ComposeWorkloadX509SVIDResponse. + X509SVIDAttributes attributes = 1; + + // The SPIFFE ID of the workload. + string spiffe_id = 2; + + // PKIX encoded public key of the workload. + bytes public_key = 3; +} + +message ComposeWorkloadX509SVIDResponse { + // The attributes for the workload X509-SVID. To maintain forward + // compatibility with future attribute field additions, these attributes + // SHOULD be populated with the mutated attributes field in the + // ComposeWorkloadX509SVIDRequest. If this message is not included in the + // response, the original attributes sent in the request will be used. + X509SVIDAttributes attributes = 1; +} + +message ComposeWorkloadJWTSVIDRequest { + // The attributes for the workload JWT-SVID. To maintain forward + // compatibility with future attribute field additions, these attributes + // SHOULD be mutated and used to populate the attributes field in the + // ComposeWorkloadJWTSVIDResponse. + JWTSVIDAttributes attributes = 1; + + // The SPIFFE ID of the workload. + string spiffe_id = 2; +} + +message ComposeWorkloadJWTSVIDResponse { + // The attributes for the workload JWT-SVID. To maintain forward + // compatibility with future attribute field additions, these attributes + // SHOULD be populated with the mutated attributes field in the + // ComposeWorkloadJWTSVIDRequest. If this field is not included in the + // response, the original attributes sent in the request will be used. + JWTSVIDAttributes attributes = 1; +} + +message X509CAAttributes { + // The subject of the X509 CA. + DistinguishedName subject = 1; + + // Zero or more policy identifiers (OIDs) to apply to the CA. + repeated string policy_identifiers = 2; + + // Zero or more extensions to apply to the X509 CA. These will override + // any extensions otherwise added by the other fields. + repeated X509Extension extra_extensions = 3; +} + +message X509SVIDAttributes { + // The subject of the X509-SVID. + DistinguishedName subject = 1; + + // Zero or more DNS SANs to apply to the X509-SVID. + repeated string dns_sans = 2; + + // Zero or more extensions to apply to the X509-SVID . These will override + // any extensions otherwise added by the other fields. This field cannot + // be used to change the URI SAN of the X509-SVID (i.e. the SPIFFE ID). + repeated X509Extension extra_extensions = 3; +} + +message X509Extension { + // The OID of the X.509 extension (e.g. "1.2.3.4") + string oid = 1; + + // Opaque value of the extension. No validity checking is performed on + // this value. Plugin implementors must ensure they are providing well + // formed values for the given extension OID. + bytes value = 2; + + // Whether or not the extension is critical, i.e., must be + // handled/understood by verifiers or not. + bool critical = 3; +} + +message DistinguishedName { + // Zero or more country designations. + repeated string country = 1; + + // Zero or more organization designations. + repeated string organization = 2; + + // Zero or more organizational unit designations. + repeated string organizational_unit = 3; + + // Zero or more locality designations. + repeated string locality = 4; + + // Zero or more province designations. + repeated string province = 5; + + // Zero or more street address designations. + repeated string street_address = 6; + + // Zero or more postal code designations. + repeated string postal_code = 7; + + // The serial number designation. The attribute is only set if this field + // is non-empty. + string serial_number = 8; + + // The common name designation. The attribute is only set if this field is + // non-empty. + string common_name = 9; + + // Extra names, determined by oid and value, to be added to the + // distinguished names. This field is to support names not covered by the + // DistinguishedName message. It will override values specified in other + // fields in the DistinguishedName if the attributes overlap. + repeated AttributeTypeAndValue extra_names = 10; +} + +message AttributeTypeAndValue { + // The OID of the attribute (e.g. "1.2.3.4"). + string oid = 1; + + // The value of the attribute. Only UTF-8 strings are currently supported. + // this field may be encapsulated in a oneof at a later point. + string string_value = 2; +} + +message JWTSVIDAttributes { + // The JWT-SVID claims. Returned attributes must contain all of the + // claims required by the JWT-SVID specification: + // + // https://github.com/spiffe/spiffe/blob/main/standards/JWT-SVID.md + // + // The subject claim (i.e. SPIFFE ID) cannot be overriden. + google.protobuf.Struct claims = 1; +} diff --git a/proto/spire/plugin/server/credentialcomposer/v1/credentialcomposer_grpc.pb.go b/proto/spire/plugin/server/credentialcomposer/v1/credentialcomposer_grpc.pb.go new file mode 100644 index 0000000..8e8cdc6 --- /dev/null +++ b/proto/spire/plugin/server/credentialcomposer/v1/credentialcomposer_grpc.pb.go @@ -0,0 +1,347 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: spire/plugin/server/credentialcomposer/v1/credentialcomposer.proto + +package credentialcomposerv1 + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + CredentialComposer_ComposeServerX509CA_FullMethodName = "/spire.plugin.server.credentialcomposer.v1.CredentialComposer/ComposeServerX509CA" + CredentialComposer_ComposeServerX509SVID_FullMethodName = "/spire.plugin.server.credentialcomposer.v1.CredentialComposer/ComposeServerX509SVID" + CredentialComposer_ComposeAgentX509SVID_FullMethodName = "/spire.plugin.server.credentialcomposer.v1.CredentialComposer/ComposeAgentX509SVID" + CredentialComposer_ComposeWorkloadX509SVID_FullMethodName = "/spire.plugin.server.credentialcomposer.v1.CredentialComposer/ComposeWorkloadX509SVID" + CredentialComposer_ComposeWorkloadJWTSVID_FullMethodName = "/spire.plugin.server.credentialcomposer.v1.CredentialComposer/ComposeWorkloadJWTSVID" +) + +// CredentialComposerClient is the client API for CredentialComposer service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +// +// The CredentialComposer plugin influences the attributes of X.509 +// certificates and JWT tokens minted by or on behalf of SPIRE Server. +type CredentialComposerClient interface { + // Composes the SPIRE Server X509 CA. The server will supply the default + // attributes it will apply to the CA. If the plugin returns an empty + // response or NOT_IMPLEMENTED, the server will apply the default + // attributes. Otherwise the returned attributes are used. If a CA is + // produced that does not conform to the SPIFFE X509-SVID specification for + // signing certificates, it will be rejected. + ComposeServerX509CA(ctx context.Context, in *ComposeServerX509CARequest, opts ...grpc.CallOption) (*ComposeServerX509CAResponse, error) + // Composes the SPIRE Server X509-SVID. The server will supply the default + // attributes it will apply to the server X509-SVID. If the plugin returns + // an empty response or NOT_IMPLEMENTED, the server will apply the default + // attributes. Otherwise the returned attributes are used. If an X509-SVID + // is produced that does not conform to the SPIFFE X509-SVID specification + // for leaf certificates, it will be rejected. This function cannot be used + // to modify the SPIFFE ID of the X509-SVID. + ComposeServerX509SVID(ctx context.Context, in *ComposeServerX509SVIDRequest, opts ...grpc.CallOption) (*ComposeServerX509SVIDResponse, error) + // Composes the SPIRE Agent X509-SVID. The server will supply the default + // attributes it will apply to the agent X509-SVID. If the plugin returns + // an empty response or NOT_IMPLEMENTED, the server will apply the default + // attributes. Otherwise the returned attributes are used. If an X509-SVID + // is produced that does not conform to the SPIFFE X509-SVID specification + // for leaf certificates, it will be rejected. This function cannot be used + // to modify the SPIFFE ID of the X509-SVID. + ComposeAgentX509SVID(ctx context.Context, in *ComposeAgentX509SVIDRequest, opts ...grpc.CallOption) (*ComposeAgentX509SVIDResponse, error) + // Composes workload X509-SVIDs. The server will supply the default + // attributes it will apply to the workload X509-SVID. If the plugin + // returns an empty response or NOT_IMPLEMENTED, the server will apply the + // default attributes. Otherwise the returned attributes are used. If an + // X509-SVID is produced that does not conform to the SPIFFE X509-SVID + // specification for leaf certificates, it will be rejected. This function + // cannot be used to modify the SPIFFE ID of the X509-SVID. + ComposeWorkloadX509SVID(ctx context.Context, in *ComposeWorkloadX509SVIDRequest, opts ...grpc.CallOption) (*ComposeWorkloadX509SVIDResponse, error) + // Composes workload JWT-SVIDs. The server will supply the default + // attributes it will apply to the workload JWT-SVID. If the plugin + // returns an empty response or NOT_IMPLEMENTED, the server will apply the + // default attributes. Otherwise the returned attributes are used. If a + // JWT-SVID is produced that does not conform to the SPIFFE JWT-SVID + // specification, it will be rejected. This function cannot be used to + // modify the SPIFFE ID of the JWT-SVID. + ComposeWorkloadJWTSVID(ctx context.Context, in *ComposeWorkloadJWTSVIDRequest, opts ...grpc.CallOption) (*ComposeWorkloadJWTSVIDResponse, error) +} + +type credentialComposerClient struct { + cc grpc.ClientConnInterface +} + +func NewCredentialComposerClient(cc grpc.ClientConnInterface) CredentialComposerClient { + return &credentialComposerClient{cc} +} + +func (c *credentialComposerClient) ComposeServerX509CA(ctx context.Context, in *ComposeServerX509CARequest, opts ...grpc.CallOption) (*ComposeServerX509CAResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(ComposeServerX509CAResponse) + err := c.cc.Invoke(ctx, CredentialComposer_ComposeServerX509CA_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *credentialComposerClient) ComposeServerX509SVID(ctx context.Context, in *ComposeServerX509SVIDRequest, opts ...grpc.CallOption) (*ComposeServerX509SVIDResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(ComposeServerX509SVIDResponse) + err := c.cc.Invoke(ctx, CredentialComposer_ComposeServerX509SVID_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *credentialComposerClient) ComposeAgentX509SVID(ctx context.Context, in *ComposeAgentX509SVIDRequest, opts ...grpc.CallOption) (*ComposeAgentX509SVIDResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(ComposeAgentX509SVIDResponse) + err := c.cc.Invoke(ctx, CredentialComposer_ComposeAgentX509SVID_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *credentialComposerClient) ComposeWorkloadX509SVID(ctx context.Context, in *ComposeWorkloadX509SVIDRequest, opts ...grpc.CallOption) (*ComposeWorkloadX509SVIDResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(ComposeWorkloadX509SVIDResponse) + err := c.cc.Invoke(ctx, CredentialComposer_ComposeWorkloadX509SVID_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *credentialComposerClient) ComposeWorkloadJWTSVID(ctx context.Context, in *ComposeWorkloadJWTSVIDRequest, opts ...grpc.CallOption) (*ComposeWorkloadJWTSVIDResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(ComposeWorkloadJWTSVIDResponse) + err := c.cc.Invoke(ctx, CredentialComposer_ComposeWorkloadJWTSVID_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +// CredentialComposerServer is the server API for CredentialComposer service. +// All implementations must embed UnimplementedCredentialComposerServer +// for forward compatibility. +// +// The CredentialComposer plugin influences the attributes of X.509 +// certificates and JWT tokens minted by or on behalf of SPIRE Server. +type CredentialComposerServer interface { + // Composes the SPIRE Server X509 CA. The server will supply the default + // attributes it will apply to the CA. If the plugin returns an empty + // response or NOT_IMPLEMENTED, the server will apply the default + // attributes. Otherwise the returned attributes are used. If a CA is + // produced that does not conform to the SPIFFE X509-SVID specification for + // signing certificates, it will be rejected. + ComposeServerX509CA(context.Context, *ComposeServerX509CARequest) (*ComposeServerX509CAResponse, error) + // Composes the SPIRE Server X509-SVID. The server will supply the default + // attributes it will apply to the server X509-SVID. If the plugin returns + // an empty response or NOT_IMPLEMENTED, the server will apply the default + // attributes. Otherwise the returned attributes are used. If an X509-SVID + // is produced that does not conform to the SPIFFE X509-SVID specification + // for leaf certificates, it will be rejected. This function cannot be used + // to modify the SPIFFE ID of the X509-SVID. + ComposeServerX509SVID(context.Context, *ComposeServerX509SVIDRequest) (*ComposeServerX509SVIDResponse, error) + // Composes the SPIRE Agent X509-SVID. The server will supply the default + // attributes it will apply to the agent X509-SVID. If the plugin returns + // an empty response or NOT_IMPLEMENTED, the server will apply the default + // attributes. Otherwise the returned attributes are used. If an X509-SVID + // is produced that does not conform to the SPIFFE X509-SVID specification + // for leaf certificates, it will be rejected. This function cannot be used + // to modify the SPIFFE ID of the X509-SVID. + ComposeAgentX509SVID(context.Context, *ComposeAgentX509SVIDRequest) (*ComposeAgentX509SVIDResponse, error) + // Composes workload X509-SVIDs. The server will supply the default + // attributes it will apply to the workload X509-SVID. If the plugin + // returns an empty response or NOT_IMPLEMENTED, the server will apply the + // default attributes. Otherwise the returned attributes are used. If an + // X509-SVID is produced that does not conform to the SPIFFE X509-SVID + // specification for leaf certificates, it will be rejected. This function + // cannot be used to modify the SPIFFE ID of the X509-SVID. + ComposeWorkloadX509SVID(context.Context, *ComposeWorkloadX509SVIDRequest) (*ComposeWorkloadX509SVIDResponse, error) + // Composes workload JWT-SVIDs. The server will supply the default + // attributes it will apply to the workload JWT-SVID. If the plugin + // returns an empty response or NOT_IMPLEMENTED, the server will apply the + // default attributes. Otherwise the returned attributes are used. If a + // JWT-SVID is produced that does not conform to the SPIFFE JWT-SVID + // specification, it will be rejected. This function cannot be used to + // modify the SPIFFE ID of the JWT-SVID. + ComposeWorkloadJWTSVID(context.Context, *ComposeWorkloadJWTSVIDRequest) (*ComposeWorkloadJWTSVIDResponse, error) + mustEmbedUnimplementedCredentialComposerServer() +} + +// UnimplementedCredentialComposerServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedCredentialComposerServer struct{} + +func (UnimplementedCredentialComposerServer) ComposeServerX509CA(context.Context, *ComposeServerX509CARequest) (*ComposeServerX509CAResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ComposeServerX509CA not implemented") +} +func (UnimplementedCredentialComposerServer) ComposeServerX509SVID(context.Context, *ComposeServerX509SVIDRequest) (*ComposeServerX509SVIDResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ComposeServerX509SVID not implemented") +} +func (UnimplementedCredentialComposerServer) ComposeAgentX509SVID(context.Context, *ComposeAgentX509SVIDRequest) (*ComposeAgentX509SVIDResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ComposeAgentX509SVID not implemented") +} +func (UnimplementedCredentialComposerServer) ComposeWorkloadX509SVID(context.Context, *ComposeWorkloadX509SVIDRequest) (*ComposeWorkloadX509SVIDResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ComposeWorkloadX509SVID not implemented") +} +func (UnimplementedCredentialComposerServer) ComposeWorkloadJWTSVID(context.Context, *ComposeWorkloadJWTSVIDRequest) (*ComposeWorkloadJWTSVIDResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method ComposeWorkloadJWTSVID not implemented") +} +func (UnimplementedCredentialComposerServer) mustEmbedUnimplementedCredentialComposerServer() {} +func (UnimplementedCredentialComposerServer) testEmbeddedByValue() {} + +// UnsafeCredentialComposerServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to CredentialComposerServer will +// result in compilation errors. +type UnsafeCredentialComposerServer interface { + mustEmbedUnimplementedCredentialComposerServer() +} + +func RegisterCredentialComposerServer(s grpc.ServiceRegistrar, srv CredentialComposerServer) { + // If the following call pancis, it indicates UnimplementedCredentialComposerServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&CredentialComposer_ServiceDesc, srv) +} + +func _CredentialComposer_ComposeServerX509CA_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ComposeServerX509CARequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CredentialComposerServer).ComposeServerX509CA(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: CredentialComposer_ComposeServerX509CA_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CredentialComposerServer).ComposeServerX509CA(ctx, req.(*ComposeServerX509CARequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CredentialComposer_ComposeServerX509SVID_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ComposeServerX509SVIDRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CredentialComposerServer).ComposeServerX509SVID(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: CredentialComposer_ComposeServerX509SVID_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CredentialComposerServer).ComposeServerX509SVID(ctx, req.(*ComposeServerX509SVIDRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CredentialComposer_ComposeAgentX509SVID_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ComposeAgentX509SVIDRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CredentialComposerServer).ComposeAgentX509SVID(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: CredentialComposer_ComposeAgentX509SVID_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CredentialComposerServer).ComposeAgentX509SVID(ctx, req.(*ComposeAgentX509SVIDRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CredentialComposer_ComposeWorkloadX509SVID_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ComposeWorkloadX509SVIDRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CredentialComposerServer).ComposeWorkloadX509SVID(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: CredentialComposer_ComposeWorkloadX509SVID_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CredentialComposerServer).ComposeWorkloadX509SVID(ctx, req.(*ComposeWorkloadX509SVIDRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CredentialComposer_ComposeWorkloadJWTSVID_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ComposeWorkloadJWTSVIDRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CredentialComposerServer).ComposeWorkloadJWTSVID(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: CredentialComposer_ComposeWorkloadJWTSVID_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CredentialComposerServer).ComposeWorkloadJWTSVID(ctx, req.(*ComposeWorkloadJWTSVIDRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// CredentialComposer_ServiceDesc is the grpc.ServiceDesc for CredentialComposer service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var CredentialComposer_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "spire.plugin.server.credentialcomposer.v1.CredentialComposer", + HandlerType: (*CredentialComposerServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "ComposeServerX509CA", + Handler: _CredentialComposer_ComposeServerX509CA_Handler, + }, + { + MethodName: "ComposeServerX509SVID", + Handler: _CredentialComposer_ComposeServerX509SVID_Handler, + }, + { + MethodName: "ComposeAgentX509SVID", + Handler: _CredentialComposer_ComposeAgentX509SVID_Handler, + }, + { + MethodName: "ComposeWorkloadX509SVID", + Handler: _CredentialComposer_ComposeWorkloadX509SVID_Handler, + }, + { + MethodName: "ComposeWorkloadJWTSVID", + Handler: _CredentialComposer_ComposeWorkloadJWTSVID_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "spire/plugin/server/credentialcomposer/v1/credentialcomposer.proto", +} diff --git a/proto/spire/plugin/server/credentialcomposer/v1/credentialcomposer_spire_plugin.pb.go b/proto/spire/plugin/server/credentialcomposer/v1/credentialcomposer_spire_plugin.pb.go new file mode 100644 index 0000000..a9d6c50 --- /dev/null +++ b/proto/spire/plugin/server/credentialcomposer/v1/credentialcomposer_spire_plugin.pb.go @@ -0,0 +1,50 @@ +// Code generated by protoc-gen-go-spire. DO NOT EDIT. + +package credentialcomposerv1 + +import ( + pluginsdk "github.com/spiffe/spire-plugin-sdk/pluginsdk" + grpc "google.golang.org/grpc" +) + +func CredentialComposerPluginServer(server CredentialComposerServer) pluginsdk.PluginServer { + return credentialComposerPluginServer{CredentialComposerServer: server} +} + +type credentialComposerPluginServer struct { + CredentialComposerServer +} + +func (s credentialComposerPluginServer) Type() string { + return "CredentialComposer" +} + +func (s credentialComposerPluginServer) GRPCServiceName() string { + return "spire.plugin.server.credentialcomposer.v1.CredentialComposer" +} + +func (s credentialComposerPluginServer) RegisterServer(server *grpc.Server) interface{} { + RegisterCredentialComposerServer(server, s.CredentialComposerServer) + return s.CredentialComposerServer +} + +type CredentialComposerPluginClient struct { + CredentialComposerClient +} + +func (s CredentialComposerPluginClient) Type() string { + return "CredentialComposer" +} + +func (c *CredentialComposerPluginClient) IsInitialized() bool { + return c.CredentialComposerClient != nil +} + +func (c *CredentialComposerPluginClient) GRPCServiceName() string { + return "spire.plugin.server.credentialcomposer.v1.CredentialComposer" +} + +func (c *CredentialComposerPluginClient) InitClient(conn grpc.ClientConnInterface) interface{} { + c.CredentialComposerClient = NewCredentialComposerClient(conn) + return c.CredentialComposerClient +} diff --git a/proto/spire/plugin/server/keymanager/v1/keymanager.pb.go b/proto/spire/plugin/server/keymanager/v1/keymanager.pb.go index 9aca6a9..b39a0e2 100644 --- a/proto/spire/plugin/server/keymanager/v1/keymanager.pb.go +++ b/proto/spire/plugin/server/keymanager/v1/keymanager.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: spire/plugin/server/keymanager/v1/keymanager.proto package keymanagerv1 @@ -11,6 +11,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -151,10 +152,7 @@ func (HashAlgorithm) EnumDescriptor() ([]byte, []int) { } type PublicKey struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The ID of the key, as provided when the key was created. Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // Required. The type of the key. @@ -180,16 +178,16 @@ type PublicKey struct { // // The fingerprinting algorithm is also left to plugin implementations. A // native implementation is a non-cryptographic hash over the PKIX data. - Fingerprint string `protobuf:"bytes,4,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"` + Fingerprint string `protobuf:"bytes,4,opt,name=fingerprint,proto3" json:"fingerprint,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *PublicKey) Reset() { *x = PublicKey{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *PublicKey) String() string { @@ -200,7 +198,7 @@ func (*PublicKey) ProtoMessage() {} func (x *PublicKey) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -244,24 +242,21 @@ func (x *PublicKey) GetFingerprint() string { } type GenerateKeyRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The ID to give the generated key (or to identify the existing // key to overwrite (see GenerateKey). KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` // Required. The type of the key to generate. - KeyType KeyType `protobuf:"varint,2,opt,name=key_type,json=keyType,proto3,enum=spire.plugin.server.keymanager.v1.KeyType" json:"key_type,omitempty"` + KeyType KeyType `protobuf:"varint,2,opt,name=key_type,json=keyType,proto3,enum=spire.plugin.server.keymanager.v1.KeyType" json:"key_type,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GenerateKeyRequest) Reset() { *x = GenerateKeyRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GenerateKeyRequest) String() string { @@ -272,7 +267,7 @@ func (*GenerateKeyRequest) ProtoMessage() {} func (x *GenerateKeyRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -302,21 +297,18 @@ func (x *GenerateKeyRequest) GetKeyType() KeyType { } type GenerateKeyResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The generated key. - PublicKey *PublicKey `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` + PublicKey *PublicKey `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GenerateKeyResponse) Reset() { *x = GenerateKeyResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GenerateKeyResponse) String() string { @@ -327,7 +319,7 @@ func (*GenerateKeyResponse) ProtoMessage() {} func (x *GenerateKeyResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -350,21 +342,18 @@ func (x *GenerateKeyResponse) GetPublicKey() *PublicKey { } type GetPublicKeyRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The ID of the key to retrieve. - KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` + KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GetPublicKeyRequest) Reset() { *x = GetPublicKeyRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetPublicKeyRequest) String() string { @@ -375,7 +364,7 @@ func (*GetPublicKeyRequest) ProtoMessage() {} func (x *GetPublicKeyRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -398,21 +387,18 @@ func (x *GetPublicKeyRequest) GetKeyId() string { } type GetPublicKeyResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The public key to return. - PublicKey *PublicKey `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` + PublicKey *PublicKey `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GetPublicKeyResponse) Reset() { *x = GetPublicKeyResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetPublicKeyResponse) String() string { @@ -423,7 +409,7 @@ func (*GetPublicKeyResponse) ProtoMessage() {} func (x *GetPublicKeyResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -446,18 +432,16 @@ func (x *GetPublicKeyResponse) GetPublicKey() *PublicKey { } type GetPublicKeysRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GetPublicKeysRequest) Reset() { *x = GetPublicKeysRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetPublicKeysRequest) String() string { @@ -468,7 +452,7 @@ func (*GetPublicKeysRequest) ProtoMessage() {} func (x *GetPublicKeysRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -484,21 +468,18 @@ func (*GetPublicKeysRequest) Descriptor() ([]byte, []int) { } type GetPublicKeysResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The public keys managed by the KeyManager. May be empty. - PublicKeys []*PublicKey `protobuf:"bytes,1,rep,name=public_keys,json=publicKeys,proto3" json:"public_keys,omitempty"` + PublicKeys []*PublicKey `protobuf:"bytes,1,rep,name=public_keys,json=publicKeys,proto3" json:"public_keys,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *GetPublicKeysResponse) Reset() { *x = GetPublicKeysResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *GetPublicKeysResponse) String() string { @@ -509,7 +490,7 @@ func (*GetPublicKeysResponse) ProtoMessage() {} func (x *GetPublicKeysResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -532,10 +513,7 @@ func (x *GetPublicKeysResponse) GetPublicKeys() []*PublicKey { } type SignDataRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The ID of the key to use to sign the data. KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` // Required. The data to sign. @@ -543,19 +521,20 @@ type SignDataRequest struct { // Required. The signature options. The PSS options are only valid // for RSA keys. // - // Types that are assignable to SignerOpts: + // Types that are valid to be assigned to SignerOpts: + // // *SignDataRequest_HashAlgorithm // *SignDataRequest_PssOptions - SignerOpts isSignDataRequest_SignerOpts `protobuf_oneof:"signer_opts"` + SignerOpts isSignDataRequest_SignerOpts `protobuf_oneof:"signer_opts"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *SignDataRequest) Reset() { *x = SignDataRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *SignDataRequest) String() string { @@ -566,7 +545,7 @@ func (*SignDataRequest) ProtoMessage() {} func (x *SignDataRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -595,23 +574,27 @@ func (x *SignDataRequest) GetData() []byte { return nil } -func (m *SignDataRequest) GetSignerOpts() isSignDataRequest_SignerOpts { - if m != nil { - return m.SignerOpts +func (x *SignDataRequest) GetSignerOpts() isSignDataRequest_SignerOpts { + if x != nil { + return x.SignerOpts } return nil } func (x *SignDataRequest) GetHashAlgorithm() HashAlgorithm { - if x, ok := x.GetSignerOpts().(*SignDataRequest_HashAlgorithm); ok { - return x.HashAlgorithm + if x != nil { + if x, ok := x.SignerOpts.(*SignDataRequest_HashAlgorithm); ok { + return x.HashAlgorithm + } } return HashAlgorithm_UNSPECIFIED_HASH_ALGORITHM } func (x *SignDataRequest) GetPssOptions() *SignDataRequest_PSSOptions { - if x, ok := x.GetSignerOpts().(*SignDataRequest_PssOptions); ok { - return x.PssOptions + if x != nil { + if x, ok := x.SignerOpts.(*SignDataRequest_PssOptions); ok { + return x.PssOptions + } } return nil } @@ -633,23 +616,20 @@ func (*SignDataRequest_HashAlgorithm) isSignDataRequest_SignerOpts() {} func (*SignDataRequest_PssOptions) isSignDataRequest_SignerOpts() {} type SignDataResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The signature of the data. Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"` // Required. The fingerprint of the key used to sign the data. KeyFingerprint string `protobuf:"bytes,2,opt,name=key_fingerprint,json=keyFingerprint,proto3" json:"key_fingerprint,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *SignDataResponse) Reset() { *x = SignDataResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *SignDataResponse) String() string { @@ -660,7 +640,7 @@ func (*SignDataResponse) ProtoMessage() {} func (x *SignDataResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -690,23 +670,20 @@ func (x *SignDataResponse) GetKeyFingerprint() string { } type SignDataRequest_PSSOptions struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The salt length. SaltLength int32 `protobuf:"varint,1,opt,name=salt_length,json=saltLength,proto3" json:"salt_length,omitempty"` // Required. The hash algorithm. HashAlgorithm HashAlgorithm `protobuf:"varint,2,opt,name=hash_algorithm,json=hashAlgorithm,proto3,enum=spire.plugin.server.keymanager.v1.HashAlgorithm" json:"hash_algorithm,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *SignDataRequest_PSSOptions) Reset() { *x = SignDataRequest_PSSOptions{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *SignDataRequest_PSSOptions) String() string { @@ -717,7 +694,7 @@ func (*SignDataRequest_PSSOptions) ProtoMessage() {} func (x *SignDataRequest_PSSOptions) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -748,157 +725,91 @@ func (x *SignDataRequest_PSSOptions) GetHashAlgorithm() HashAlgorithm { var File_spire_plugin_server_keymanager_v1_keymanager_proto protoreflect.FileDescriptor -var file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDesc = []byte{ - 0x0a, 0x32, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, - 0x2f, 0x76, 0x31, 0x2f, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x21, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, - 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, - 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x22, 0x9a, 0x01, 0x0a, 0x09, 0x50, 0x75, 0x62, 0x6c, - 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, - 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, - 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x65, 0x79, 0x54, 0x79, 0x70, 0x65, 0x52, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x6b, 0x69, 0x78, 0x5f, 0x64, 0x61, - 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x70, 0x6b, 0x69, 0x78, 0x44, 0x61, - 0x74, 0x61, 0x12, 0x20, 0x0a, 0x0b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, - 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x66, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, - 0x72, 0x69, 0x6e, 0x74, 0x22, 0x72, 0x0a, 0x12, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, - 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x15, 0x0a, 0x06, 0x6b, 0x65, - 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6b, 0x65, 0x79, 0x49, - 0x64, 0x12, 0x45, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, - 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, - 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x65, 0x79, 0x54, 0x79, 0x70, 0x65, 0x52, - 0x07, 0x6b, 0x65, 0x79, 0x54, 0x79, 0x70, 0x65, 0x22, 0x62, 0x0a, 0x13, 0x47, 0x65, 0x6e, 0x65, - 0x72, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, - 0x4b, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, - 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, - 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, - 0x79, 0x52, 0x09, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x22, 0x2c, 0x0a, 0x13, - 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x15, 0x0a, 0x06, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x05, 0x6b, 0x65, 0x79, 0x49, 0x64, 0x22, 0x63, 0x0a, 0x14, 0x47, 0x65, - 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x4b, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, - 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6b, 0x65, 0x79, - 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, - 0x63, 0x4b, 0x65, 0x79, 0x52, 0x09, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x22, - 0x16, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x73, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x66, 0x0a, 0x15, 0x47, 0x65, 0x74, 0x50, 0x75, - 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x4d, 0x0a, 0x0b, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x73, 0x18, - 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, - 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6b, 0x65, 0x79, 0x6d, - 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, - 0x4b, 0x65, 0x79, 0x52, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x73, 0x22, - 0x91, 0x03, 0x0a, 0x0f, 0x53, 0x69, 0x67, 0x6e, 0x44, 0x61, 0x74, 0x61, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x15, 0x0a, 0x06, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x05, 0x6b, 0x65, 0x79, 0x49, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x64, 0x61, - 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x12, 0x59, - 0x0a, 0x0e, 0x68, 0x61, 0x73, 0x68, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x30, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, - 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6b, 0x65, 0x79, - 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, - 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x48, 0x00, 0x52, 0x0d, 0x68, 0x61, 0x73, 0x68, - 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x60, 0x0a, 0x0b, 0x70, 0x73, 0x73, - 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, - 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, - 0x76, 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x44, 0x61, 0x74, 0x61, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x2e, 0x50, 0x53, 0x53, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x48, 0x00, 0x52, - 0x0a, 0x70, 0x73, 0x73, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0x86, 0x01, 0x0a, 0x0a, - 0x50, 0x53, 0x53, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x61, - 0x6c, 0x74, 0x5f, 0x6c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, - 0x0a, 0x73, 0x61, 0x6c, 0x74, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, 0x12, 0x57, 0x0a, 0x0e, 0x68, - 0x61, 0x73, 0x68, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0e, 0x32, 0x30, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, - 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, - 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, - 0x72, 0x69, 0x74, 0x68, 0x6d, 0x52, 0x0d, 0x68, 0x61, 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x72, - 0x69, 0x74, 0x68, 0x6d, 0x42, 0x0d, 0x0a, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x65, 0x72, 0x5f, 0x6f, - 0x70, 0x74, 0x73, 0x22, 0x59, 0x0a, 0x10, 0x53, 0x69, 0x67, 0x6e, 0x44, 0x61, 0x74, 0x61, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, - 0x74, 0x75, 0x72, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, - 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x6b, 0x65, 0x79, 0x5f, 0x66, 0x69, 0x6e, - 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, - 0x6b, 0x65, 0x79, 0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x2a, 0x59, - 0x0a, 0x07, 0x4b, 0x65, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x14, 0x55, 0x4e, 0x53, - 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, - 0x45, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x43, 0x5f, 0x50, 0x32, 0x35, 0x36, 0x10, 0x01, - 0x12, 0x0b, 0x0a, 0x07, 0x45, 0x43, 0x5f, 0x50, 0x33, 0x38, 0x34, 0x10, 0x02, 0x12, 0x0c, 0x0a, - 0x08, 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x10, 0x03, 0x12, 0x0c, 0x0a, 0x08, 0x52, - 0x53, 0x41, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x10, 0x04, 0x2a, 0xb7, 0x01, 0x0a, 0x0d, 0x48, 0x61, - 0x73, 0x68, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x12, 0x1e, 0x0a, 0x1a, 0x55, - 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x5f, 0x48, 0x41, 0x53, 0x48, 0x5f, - 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, - 0x48, 0x41, 0x32, 0x32, 0x34, 0x10, 0x04, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x32, 0x35, - 0x36, 0x10, 0x05, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x33, 0x38, 0x34, 0x10, 0x06, 0x12, - 0x0a, 0x0a, 0x06, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x10, 0x07, 0x12, 0x0c, 0x0a, 0x08, 0x53, - 0x48, 0x41, 0x33, 0x5f, 0x32, 0x32, 0x34, 0x10, 0x0a, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, - 0x33, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x0b, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, - 0x33, 0x38, 0x34, 0x10, 0x0c, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x41, 0x33, 0x5f, 0x35, 0x31, - 0x32, 0x10, 0x0d, 0x12, 0x0e, 0x0a, 0x0a, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x5f, 0x32, 0x32, - 0x34, 0x10, 0x0e, 0x12, 0x0e, 0x0a, 0x0a, 0x53, 0x48, 0x41, 0x35, 0x31, 0x32, 0x5f, 0x32, 0x35, - 0x36, 0x10, 0x0f, 0x32, 0x85, 0x04, 0x0a, 0x0a, 0x4b, 0x65, 0x79, 0x4d, 0x61, 0x6e, 0x61, 0x67, - 0x65, 0x72, 0x12, 0x7c, 0x0a, 0x0b, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4b, 0x65, - 0x79, 0x12, 0x35, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, - 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, - 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x4b, 0x65, - 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x36, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, - 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6b, - 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x6e, - 0x65, 0x72, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x7f, 0x0a, 0x0c, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, - 0x12, 0x36, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, - 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, - 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, - 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x37, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, - 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6b, - 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, - 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x12, 0x82, 0x01, 0x0a, 0x0d, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, - 0x65, 0x79, 0x73, 0x12, 0x37, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, - 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, - 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, - 0x63, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x38, 0x2e, 0x73, - 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, - 0x2e, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x73, 0x0a, 0x08, 0x53, 0x69, 0x67, 0x6e, 0x44, 0x61, - 0x74, 0x61, 0x12, 0x32, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, - 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, 0x61, - 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x44, 0x61, 0x74, 0x61, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x33, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, - 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6b, 0x65, 0x79, - 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x44, - 0x61, 0x74, 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x59, 0x5a, 0x57, 0x67, - 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, - 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2d, 0x73, 0x64, - 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, - 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x6b, 0x65, 0x79, 0x6d, - 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2f, 0x76, 0x31, 0x3b, 0x6b, 0x65, 0x79, 0x6d, 0x61, 0x6e, - 0x61, 0x67, 0x65, 0x72, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +const file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDesc = "" + + "\n" + + "2spire/plugin/server/keymanager/v1/keymanager.proto\x12!spire.plugin.server.keymanager.v1\"\x9a\x01\n" + + "\tPublicKey\x12\x0e\n" + + "\x02id\x18\x01 \x01(\tR\x02id\x12>\n" + + "\x04type\x18\x02 \x01(\x0e2*.spire.plugin.server.keymanager.v1.KeyTypeR\x04type\x12\x1b\n" + + "\tpkix_data\x18\x03 \x01(\fR\bpkixData\x12 \n" + + "\vfingerprint\x18\x04 \x01(\tR\vfingerprint\"r\n" + + "\x12GenerateKeyRequest\x12\x15\n" + + "\x06key_id\x18\x01 \x01(\tR\x05keyId\x12E\n" + + "\bkey_type\x18\x02 \x01(\x0e2*.spire.plugin.server.keymanager.v1.KeyTypeR\akeyType\"b\n" + + "\x13GenerateKeyResponse\x12K\n" + + "\n" + + "public_key\x18\x01 \x01(\v2,.spire.plugin.server.keymanager.v1.PublicKeyR\tpublicKey\",\n" + + "\x13GetPublicKeyRequest\x12\x15\n" + + "\x06key_id\x18\x01 \x01(\tR\x05keyId\"c\n" + + "\x14GetPublicKeyResponse\x12K\n" + + "\n" + + "public_key\x18\x01 \x01(\v2,.spire.plugin.server.keymanager.v1.PublicKeyR\tpublicKey\"\x16\n" + + "\x14GetPublicKeysRequest\"f\n" + + "\x15GetPublicKeysResponse\x12M\n" + + "\vpublic_keys\x18\x01 \x03(\v2,.spire.plugin.server.keymanager.v1.PublicKeyR\n" + + "publicKeys\"\x91\x03\n" + + "\x0fSignDataRequest\x12\x15\n" + + "\x06key_id\x18\x01 \x01(\tR\x05keyId\x12\x12\n" + + "\x04data\x18\x02 \x01(\fR\x04data\x12Y\n" + + "\x0ehash_algorithm\x18\x03 \x01(\x0e20.spire.plugin.server.keymanager.v1.HashAlgorithmH\x00R\rhashAlgorithm\x12`\n" + + "\vpss_options\x18\x04 \x01(\v2=.spire.plugin.server.keymanager.v1.SignDataRequest.PSSOptionsH\x00R\n" + + "pssOptions\x1a\x86\x01\n" + + "\n" + + "PSSOptions\x12\x1f\n" + + "\vsalt_length\x18\x01 \x01(\x05R\n" + + "saltLength\x12W\n" + + "\x0ehash_algorithm\x18\x02 \x01(\x0e20.spire.plugin.server.keymanager.v1.HashAlgorithmR\rhashAlgorithmB\r\n" + + "\vsigner_opts\"Y\n" + + "\x10SignDataResponse\x12\x1c\n" + + "\tsignature\x18\x01 \x01(\fR\tsignature\x12'\n" + + "\x0fkey_fingerprint\x18\x02 \x01(\tR\x0ekeyFingerprint*Y\n" + + "\aKeyType\x12\x18\n" + + "\x14UNSPECIFIED_KEY_TYPE\x10\x00\x12\v\n" + + "\aEC_P256\x10\x01\x12\v\n" + + "\aEC_P384\x10\x02\x12\f\n" + + "\bRSA_2048\x10\x03\x12\f\n" + + "\bRSA_4096\x10\x04*\xb7\x01\n" + + "\rHashAlgorithm\x12\x1e\n" + + "\x1aUNSPECIFIED_HASH_ALGORITHM\x10\x00\x12\n" + + "\n" + + "\x06SHA224\x10\x04\x12\n" + + "\n" + + "\x06SHA256\x10\x05\x12\n" + + "\n" + + "\x06SHA384\x10\x06\x12\n" + + "\n" + + "\x06SHA512\x10\a\x12\f\n" + + "\bSHA3_224\x10\n" + + "\x12\f\n" + + "\bSHA3_256\x10\v\x12\f\n" + + "\bSHA3_384\x10\f\x12\f\n" + + "\bSHA3_512\x10\r\x12\x0e\n" + + "\n" + + "SHA512_224\x10\x0e\x12\x0e\n" + + "\n" + + "SHA512_256\x10\x0f2\x85\x04\n" + + "\n" + + "KeyManager\x12|\n" + + "\vGenerateKey\x125.spire.plugin.server.keymanager.v1.GenerateKeyRequest\x1a6.spire.plugin.server.keymanager.v1.GenerateKeyResponse\x12\x7f\n" + + "\fGetPublicKey\x126.spire.plugin.server.keymanager.v1.GetPublicKeyRequest\x1a7.spire.plugin.server.keymanager.v1.GetPublicKeyResponse\x12\x82\x01\n" + + "\rGetPublicKeys\x127.spire.plugin.server.keymanager.v1.GetPublicKeysRequest\x1a8.spire.plugin.server.keymanager.v1.GetPublicKeysResponse\x12s\n" + + "\bSignData\x122.spire.plugin.server.keymanager.v1.SignDataRequest\x1a3.spire.plugin.server.keymanager.v1.SignDataResponseBYZWgithub.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/keymanager/v1;keymanagerv1b\x06proto3" var ( file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDescOnce sync.Once - file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDescData = file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDesc + file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDescData []byte ) func file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDescGZIP() []byte { file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDescOnce.Do(func() { - file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDescData) + file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDesc), len(file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDesc))) }) return file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDescData } var file_spire_plugin_server_keymanager_v1_keymanager_proto_enumTypes = make([]protoimpl.EnumInfo, 2) var file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes = make([]protoimpl.MessageInfo, 10) -var file_spire_plugin_server_keymanager_v1_keymanager_proto_goTypes = []interface{}{ +var file_spire_plugin_server_keymanager_v1_keymanager_proto_goTypes = []any{ (KeyType)(0), // 0: spire.plugin.server.keymanager.v1.KeyType (HashAlgorithm)(0), // 1: spire.plugin.server.keymanager.v1.HashAlgorithm (*PublicKey)(nil), // 2: spire.plugin.server.keymanager.v1.PublicKey @@ -941,129 +852,7 @@ func file_spire_plugin_server_keymanager_v1_keymanager_proto_init() { if File_spire_plugin_server_keymanager_v1_keymanager_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PublicKey); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GenerateKeyRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GenerateKeyResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GetPublicKeyRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GetPublicKeyResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GetPublicKeysRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GetPublicKeysResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignDataRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignDataResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*SignDataRequest_PSSOptions); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[7].OneofWrappers = []interface{}{ + file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes[7].OneofWrappers = []any{ (*SignDataRequest_HashAlgorithm)(nil), (*SignDataRequest_PssOptions)(nil), } @@ -1071,7 +860,7 @@ func file_spire_plugin_server_keymanager_v1_keymanager_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDesc), len(file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDesc)), NumEnums: 2, NumMessages: 10, NumExtensions: 0, @@ -1083,7 +872,6 @@ func file_spire_plugin_server_keymanager_v1_keymanager_proto_init() { MessageInfos: file_spire_plugin_server_keymanager_v1_keymanager_proto_msgTypes, }.Build() File_spire_plugin_server_keymanager_v1_keymanager_proto = out.File - file_spire_plugin_server_keymanager_v1_keymanager_proto_rawDesc = nil file_spire_plugin_server_keymanager_v1_keymanager_proto_goTypes = nil file_spire_plugin_server_keymanager_v1_keymanager_proto_depIdxs = nil } diff --git a/proto/spire/plugin/server/keymanager/v1/keymanager_grpc.pb.go b/proto/spire/plugin/server/keymanager/v1/keymanager_grpc.pb.go index 1658e7d..8960395 100644 --- a/proto/spire/plugin/server/keymanager/v1/keymanager_grpc.pb.go +++ b/proto/spire/plugin/server/keymanager/v1/keymanager_grpc.pb.go @@ -1,4 +1,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: spire/plugin/server/keymanager/v1/keymanager.proto package keymanagerv1 @@ -11,8 +15,15 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + KeyManager_GenerateKey_FullMethodName = "/spire.plugin.server.keymanager.v1.KeyManager/GenerateKey" + KeyManager_GetPublicKey_FullMethodName = "/spire.plugin.server.keymanager.v1.KeyManager/GetPublicKey" + KeyManager_GetPublicKeys_FullMethodName = "/spire.plugin.server.keymanager.v1.KeyManager/GetPublicKeys" + KeyManager_SignData_FullMethodName = "/spire.plugin.server.keymanager.v1.KeyManager/SignData" +) // KeyManagerClient is the client API for KeyManager service. // @@ -46,8 +57,9 @@ func NewKeyManagerClient(cc grpc.ClientConnInterface) KeyManagerClient { } func (c *keyManagerClient) GenerateKey(ctx context.Context, in *GenerateKeyRequest, opts ...grpc.CallOption) (*GenerateKeyResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(GenerateKeyResponse) - err := c.cc.Invoke(ctx, "/spire.plugin.server.keymanager.v1.KeyManager/GenerateKey", in, out, opts...) + err := c.cc.Invoke(ctx, KeyManager_GenerateKey_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -55,8 +67,9 @@ func (c *keyManagerClient) GenerateKey(ctx context.Context, in *GenerateKeyReque } func (c *keyManagerClient) GetPublicKey(ctx context.Context, in *GetPublicKeyRequest, opts ...grpc.CallOption) (*GetPublicKeyResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(GetPublicKeyResponse) - err := c.cc.Invoke(ctx, "/spire.plugin.server.keymanager.v1.KeyManager/GetPublicKey", in, out, opts...) + err := c.cc.Invoke(ctx, KeyManager_GetPublicKey_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -64,8 +77,9 @@ func (c *keyManagerClient) GetPublicKey(ctx context.Context, in *GetPublicKeyReq } func (c *keyManagerClient) GetPublicKeys(ctx context.Context, in *GetPublicKeysRequest, opts ...grpc.CallOption) (*GetPublicKeysResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(GetPublicKeysResponse) - err := c.cc.Invoke(ctx, "/spire.plugin.server.keymanager.v1.KeyManager/GetPublicKeys", in, out, opts...) + err := c.cc.Invoke(ctx, KeyManager_GetPublicKeys_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -73,8 +87,9 @@ func (c *keyManagerClient) GetPublicKeys(ctx context.Context, in *GetPublicKeysR } func (c *keyManagerClient) SignData(ctx context.Context, in *SignDataRequest, opts ...grpc.CallOption) (*SignDataResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(SignDataResponse) - err := c.cc.Invoke(ctx, "/spire.plugin.server.keymanager.v1.KeyManager/SignData", in, out, opts...) + err := c.cc.Invoke(ctx, KeyManager_SignData_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -83,7 +98,7 @@ func (c *keyManagerClient) SignData(ctx context.Context, in *SignDataRequest, op // KeyManagerServer is the server API for KeyManager service. // All implementations must embed UnimplementedKeyManagerServer -// for forward compatibility +// for forward compatibility. type KeyManagerServer interface { // Generates a new private key with the given ID. If a key already exists // under that ID, it is overwritten and given a different fingerprint. See @@ -105,9 +120,12 @@ type KeyManagerServer interface { mustEmbedUnimplementedKeyManagerServer() } -// UnimplementedKeyManagerServer must be embedded to have forward compatible implementations. -type UnimplementedKeyManagerServer struct { -} +// UnimplementedKeyManagerServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedKeyManagerServer struct{} func (UnimplementedKeyManagerServer) GenerateKey(context.Context, *GenerateKeyRequest) (*GenerateKeyResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method GenerateKey not implemented") @@ -122,6 +140,7 @@ func (UnimplementedKeyManagerServer) SignData(context.Context, *SignDataRequest) return nil, status.Errorf(codes.Unimplemented, "method SignData not implemented") } func (UnimplementedKeyManagerServer) mustEmbedUnimplementedKeyManagerServer() {} +func (UnimplementedKeyManagerServer) testEmbeddedByValue() {} // UnsafeKeyManagerServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to KeyManagerServer will @@ -131,6 +150,13 @@ type UnsafeKeyManagerServer interface { } func RegisterKeyManagerServer(s grpc.ServiceRegistrar, srv KeyManagerServer) { + // If the following call pancis, it indicates UnimplementedKeyManagerServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&KeyManager_ServiceDesc, srv) } @@ -144,7 +170,7 @@ func _KeyManager_GenerateKey_Handler(srv interface{}, ctx context.Context, dec f } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.plugin.server.keymanager.v1.KeyManager/GenerateKey", + FullMethod: KeyManager_GenerateKey_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(KeyManagerServer).GenerateKey(ctx, req.(*GenerateKeyRequest)) @@ -162,7 +188,7 @@ func _KeyManager_GetPublicKey_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.plugin.server.keymanager.v1.KeyManager/GetPublicKey", + FullMethod: KeyManager_GetPublicKey_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(KeyManagerServer).GetPublicKey(ctx, req.(*GetPublicKeyRequest)) @@ -180,7 +206,7 @@ func _KeyManager_GetPublicKeys_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.plugin.server.keymanager.v1.KeyManager/GetPublicKeys", + FullMethod: KeyManager_GetPublicKeys_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(KeyManagerServer).GetPublicKeys(ctx, req.(*GetPublicKeysRequest)) @@ -198,7 +224,7 @@ func _KeyManager_SignData_Handler(srv interface{}, ctx context.Context, dec func } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.plugin.server.keymanager.v1.KeyManager/SignData", + FullMethod: KeyManager_SignData_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(KeyManagerServer).SignData(ctx, req.(*SignDataRequest)) diff --git a/proto/spire/plugin/server/nodeattestor/v1/nodeattestor.pb.go b/proto/spire/plugin/server/nodeattestor/v1/nodeattestor.pb.go index 98df193..ea63a38 100644 --- a/proto/spire/plugin/server/nodeattestor/v1/nodeattestor.pb.go +++ b/proto/spire/plugin/server/nodeattestor/v1/nodeattestor.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: spire/plugin/server/nodeattestor/v1/nodeattestor.proto package nodeattestorv1 @@ -11,6 +11,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -21,23 +22,21 @@ const ( ) type AttestRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Types that are assignable to Request: + state protoimpl.MessageState `protogen:"open.v1"` + // Types that are valid to be assigned to Request: + // // *AttestRequest_Payload // *AttestRequest_ChallengeResponse - Request isAttestRequest_Request `protobuf_oneof:"request"` + Request isAttestRequest_Request `protobuf_oneof:"request"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *AttestRequest) Reset() { *x = AttestRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *AttestRequest) String() string { @@ -48,7 +47,7 @@ func (*AttestRequest) ProtoMessage() {} func (x *AttestRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -63,23 +62,27 @@ func (*AttestRequest) Descriptor() ([]byte, []int) { return file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDescGZIP(), []int{0} } -func (m *AttestRequest) GetRequest() isAttestRequest_Request { - if m != nil { - return m.Request +func (x *AttestRequest) GetRequest() isAttestRequest_Request { + if x != nil { + return x.Request } return nil } func (x *AttestRequest) GetPayload() []byte { - if x, ok := x.GetRequest().(*AttestRequest_Payload); ok { - return x.Payload + if x != nil { + if x, ok := x.Request.(*AttestRequest_Payload); ok { + return x.Payload + } } return nil } func (x *AttestRequest) GetChallengeResponse() []byte { - if x, ok := x.GetRequest().(*AttestRequest_ChallengeResponse); ok { - return x.ChallengeResponse + if x != nil { + if x, ok := x.Request.(*AttestRequest_ChallengeResponse); ok { + return x.ChallengeResponse + } } return nil } @@ -105,23 +108,21 @@ func (*AttestRequest_Payload) isAttestRequest_Request() {} func (*AttestRequest_ChallengeResponse) isAttestRequest_Request() {} type AttestResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Types that are assignable to Response: + state protoimpl.MessageState `protogen:"open.v1"` + // Types that are valid to be assigned to Response: + // // *AttestResponse_Challenge // *AttestResponse_AgentAttributes - Response isAttestResponse_Response `protobuf_oneof:"response"` + Response isAttestResponse_Response `protobuf_oneof:"response"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *AttestResponse) Reset() { *x = AttestResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *AttestResponse) String() string { @@ -132,7 +133,7 @@ func (*AttestResponse) ProtoMessage() {} func (x *AttestResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -147,23 +148,27 @@ func (*AttestResponse) Descriptor() ([]byte, []int) { return file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDescGZIP(), []int{1} } -func (m *AttestResponse) GetResponse() isAttestResponse_Response { - if m != nil { - return m.Response +func (x *AttestResponse) GetResponse() isAttestResponse_Response { + if x != nil { + return x.Response } return nil } func (x *AttestResponse) GetChallenge() []byte { - if x, ok := x.GetResponse().(*AttestResponse_Challenge); ok { - return x.Challenge + if x != nil { + if x, ok := x.Response.(*AttestResponse_Challenge); ok { + return x.Challenge + } } return nil } func (x *AttestResponse) GetAgentAttributes() *AgentAttributes { - if x, ok := x.GetResponse().(*AttestResponse_AgentAttributes); ok { - return x.AgentAttributes + if x != nil { + if x, ok := x.Response.(*AttestResponse_AgentAttributes); ok { + return x.AgentAttributes + } } return nil } @@ -189,10 +194,7 @@ func (*AttestResponse_Challenge) isAttestResponse_Response() {} func (*AttestResponse_AgentAttributes) isAttestResponse_Response() {} type AgentAttributes struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // The ID to assign to the agent. Each agent in SPIRE must have a unique ID. // The convention for agent IDs is as follows: // @@ -215,16 +217,16 @@ type AgentAttributes struct { // attestation payload without operator intervention. // This also allows the server to clear out old entries automatically // since they can be easily recreated. - CanReattest bool `protobuf:"varint,3,opt,name=can_reattest,json=canReattest,proto3" json:"can_reattest,omitempty"` + CanReattest bool `protobuf:"varint,3,opt,name=can_reattest,json=canReattest,proto3" json:"can_reattest,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *AgentAttributes) Reset() { *x = AgentAttributes{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *AgentAttributes) String() string { @@ -235,7 +237,7 @@ func (*AgentAttributes) ProtoMessage() {} func (x *AgentAttributes) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -273,69 +275,39 @@ func (x *AgentAttributes) GetCanReattest() bool { var File_spire_plugin_server_nodeattestor_v1_nodeattestor_proto protoreflect.FileDescriptor -var file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDesc = []byte{ - 0x0a, 0x36, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, - 0x6f, 0x72, 0x2f, 0x76, 0x31, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, - 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x23, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, - 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6e, 0x6f, - 0x64, 0x65, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x22, 0x67, 0x0a, - 0x0d, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1a, - 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x48, - 0x00, 0x52, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x12, 0x2f, 0x0a, 0x12, 0x63, 0x68, - 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x11, 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, - 0x6e, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x09, 0x0a, 0x07, 0x72, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x9f, 0x01, 0x0a, 0x0e, 0x41, 0x74, 0x74, 0x65, 0x73, - 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1e, 0x0a, 0x09, 0x63, 0x68, 0x61, - 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x09, - 0x63, 0x68, 0x61, 0x6c, 0x6c, 0x65, 0x6e, 0x67, 0x65, 0x12, 0x61, 0x0a, 0x10, 0x61, 0x67, 0x65, - 0x6e, 0x74, 0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, - 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x61, 0x74, - 0x74, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x41, - 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x48, 0x00, 0x52, 0x0f, 0x61, 0x67, 0x65, - 0x6e, 0x74, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x42, 0x0a, 0x0a, 0x08, - 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x7a, 0x0a, 0x0f, 0x41, 0x67, 0x65, 0x6e, - 0x74, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x73, - 0x70, 0x69, 0x66, 0x66, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, - 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x49, 0x64, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x65, 0x6c, 0x65, - 0x63, 0x74, 0x6f, 0x72, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x0e, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x63, 0x61, 0x6e, 0x5f, 0x72, 0x65, 0x61, 0x74, 0x74, 0x65, 0x73, - 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x63, 0x61, 0x6e, 0x52, 0x65, 0x61, 0x74, - 0x74, 0x65, 0x73, 0x74, 0x32, 0x85, 0x01, 0x0a, 0x0c, 0x4e, 0x6f, 0x64, 0x65, 0x41, 0x74, 0x74, - 0x65, 0x73, 0x74, 0x6f, 0x72, 0x12, 0x75, 0x0a, 0x06, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x12, - 0x32, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, - 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x33, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, - 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x61, 0x74, - 0x74, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x5d, 0x5a, 0x5b, - 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, - 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2d, 0x73, - 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, - 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x6e, 0x6f, 0x64, - 0x65, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x2f, 0x76, 0x31, 0x3b, 0x6e, 0x6f, 0x64, - 0x65, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x6f, 0x72, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, -} +const file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDesc = "" + + "\n" + + "6spire/plugin/server/nodeattestor/v1/nodeattestor.proto\x12#spire.plugin.server.nodeattestor.v1\"g\n" + + "\rAttestRequest\x12\x1a\n" + + "\apayload\x18\x01 \x01(\fH\x00R\apayload\x12/\n" + + "\x12challenge_response\x18\x02 \x01(\fH\x00R\x11challengeResponseB\t\n" + + "\arequest\"\x9f\x01\n" + + "\x0eAttestResponse\x12\x1e\n" + + "\tchallenge\x18\x01 \x01(\fH\x00R\tchallenge\x12a\n" + + "\x10agent_attributes\x18\x02 \x01(\v24.spire.plugin.server.nodeattestor.v1.AgentAttributesH\x00R\x0fagentAttributesB\n" + + "\n" + + "\bresponse\"z\n" + + "\x0fAgentAttributes\x12\x1b\n" + + "\tspiffe_id\x18\x01 \x01(\tR\bspiffeId\x12'\n" + + "\x0fselector_values\x18\x02 \x03(\tR\x0eselectorValues\x12!\n" + + "\fcan_reattest\x18\x03 \x01(\bR\vcanReattest2\x85\x01\n" + + "\fNodeAttestor\x12u\n" + + "\x06Attest\x122.spire.plugin.server.nodeattestor.v1.AttestRequest\x1a3.spire.plugin.server.nodeattestor.v1.AttestResponse(\x010\x01B]Z[github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/nodeattestor/v1;nodeattestorv1b\x06proto3" var ( file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDescOnce sync.Once - file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDescData = file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDesc + file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDescData []byte ) func file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDescGZIP() []byte { file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDescOnce.Do(func() { - file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDescData) + file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDesc), len(file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDesc))) }) return file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDescData } var file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_goTypes = []interface{}{ +var file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_goTypes = []any{ (*AttestRequest)(nil), // 0: spire.plugin.server.nodeattestor.v1.AttestRequest (*AttestResponse)(nil), // 1: spire.plugin.server.nodeattestor.v1.AttestResponse (*AgentAttributes)(nil), // 2: spire.plugin.server.nodeattestor.v1.AgentAttributes @@ -356,49 +328,11 @@ func file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_init() { if File_spire_plugin_server_nodeattestor_v1_nodeattestor_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AttestRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AttestResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*AgentAttributes); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes[0].OneofWrappers = []interface{}{ + file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes[0].OneofWrappers = []any{ (*AttestRequest_Payload)(nil), (*AttestRequest_ChallengeResponse)(nil), } - file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes[1].OneofWrappers = []interface{}{ + file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes[1].OneofWrappers = []any{ (*AttestResponse_Challenge)(nil), (*AttestResponse_AgentAttributes)(nil), } @@ -406,7 +340,7 @@ func file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_init() { out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDesc), len(file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDesc)), NumEnums: 0, NumMessages: 3, NumExtensions: 0, @@ -417,7 +351,6 @@ func file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_init() { MessageInfos: file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_msgTypes, }.Build() File_spire_plugin_server_nodeattestor_v1_nodeattestor_proto = out.File - file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_rawDesc = nil file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_goTypes = nil file_spire_plugin_server_nodeattestor_v1_nodeattestor_proto_depIdxs = nil } diff --git a/proto/spire/plugin/server/nodeattestor/v1/nodeattestor_grpc.pb.go b/proto/spire/plugin/server/nodeattestor/v1/nodeattestor_grpc.pb.go index 663eefa..5851f20 100644 --- a/proto/spire/plugin/server/nodeattestor/v1/nodeattestor_grpc.pb.go +++ b/proto/spire/plugin/server/nodeattestor/v1/nodeattestor_grpc.pb.go @@ -1,4 +1,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: spire/plugin/server/nodeattestor/v1/nodeattestor.proto package nodeattestorv1 @@ -11,8 +15,12 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + NodeAttestor_Attest_FullMethodName = "/spire.plugin.server.nodeattestor.v1.NodeAttestor/Attest" +) // NodeAttestorClient is the client API for NodeAttestor service. // @@ -22,18 +30,18 @@ type NodeAttestorClient interface { // optionally participates in challenge/response attestation mechanics. // // The attestation flow is as follows: - // 1. SPIRE Server opens up a stream to the plugin via Attest. - // 2. SPIRE Server sends a request containing the attestation payload - // received from the agent. - // 3. Optionally, the plugin responds with a challenge: - // 3a. SPIRE Server sends the challenge to the agent. - // 3b. SPIRE Agent responds with the challenge response. - // 3c. SPIRE Server sends the challenge response to the plugin. - // 3d. Step 3 is repeated until the plugin is satisfied and does - // not respond with an additional challenge. - // 4. The plugin returns the attestation results to SPIRE Server and closes - // the stream. - Attest(ctx context.Context, opts ...grpc.CallOption) (NodeAttestor_AttestClient, error) + // 1. SPIRE Server opens up a stream to the plugin via Attest. + // 2. SPIRE Server sends a request containing the attestation payload + // received from the agent. + // 3. Optionally, the plugin responds with a challenge: + // 3a. SPIRE Server sends the challenge to the agent. + // 3b. SPIRE Agent responds with the challenge response. + // 3c. SPIRE Server sends the challenge response to the plugin. + // 3d. Step 3 is repeated until the plugin is satisfied and does + // not respond with an additional challenge. + // 4. The plugin returns the attestation results to SPIRE Server and closes + // the stream. + Attest(ctx context.Context, opts ...grpc.CallOption) (grpc.BidiStreamingClient[AttestRequest, AttestResponse], error) } type nodeAttestorClient struct { @@ -44,68 +52,54 @@ func NewNodeAttestorClient(cc grpc.ClientConnInterface) NodeAttestorClient { return &nodeAttestorClient{cc} } -func (c *nodeAttestorClient) Attest(ctx context.Context, opts ...grpc.CallOption) (NodeAttestor_AttestClient, error) { - stream, err := c.cc.NewStream(ctx, &NodeAttestor_ServiceDesc.Streams[0], "/spire.plugin.server.nodeattestor.v1.NodeAttestor/Attest", opts...) +func (c *nodeAttestorClient) Attest(ctx context.Context, opts ...grpc.CallOption) (grpc.BidiStreamingClient[AttestRequest, AttestResponse], error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + stream, err := c.cc.NewStream(ctx, &NodeAttestor_ServiceDesc.Streams[0], NodeAttestor_Attest_FullMethodName, cOpts...) if err != nil { return nil, err } - x := &nodeAttestorAttestClient{stream} + x := &grpc.GenericClientStream[AttestRequest, AttestResponse]{ClientStream: stream} return x, nil } -type NodeAttestor_AttestClient interface { - Send(*AttestRequest) error - Recv() (*AttestResponse, error) - grpc.ClientStream -} - -type nodeAttestorAttestClient struct { - grpc.ClientStream -} - -func (x *nodeAttestorAttestClient) Send(m *AttestRequest) error { - return x.ClientStream.SendMsg(m) -} - -func (x *nodeAttestorAttestClient) Recv() (*AttestResponse, error) { - m := new(AttestResponse) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type NodeAttestor_AttestClient = grpc.BidiStreamingClient[AttestRequest, AttestResponse] // NodeAttestorServer is the server API for NodeAttestor service. // All implementations must embed UnimplementedNodeAttestorServer -// for forward compatibility +// for forward compatibility. type NodeAttestorServer interface { // Attest attests attestation payload received from the agent and // optionally participates in challenge/response attestation mechanics. // // The attestation flow is as follows: - // 1. SPIRE Server opens up a stream to the plugin via Attest. - // 2. SPIRE Server sends a request containing the attestation payload - // received from the agent. - // 3. Optionally, the plugin responds with a challenge: - // 3a. SPIRE Server sends the challenge to the agent. - // 3b. SPIRE Agent responds with the challenge response. - // 3c. SPIRE Server sends the challenge response to the plugin. - // 3d. Step 3 is repeated until the plugin is satisfied and does - // not respond with an additional challenge. - // 4. The plugin returns the attestation results to SPIRE Server and closes - // the stream. - Attest(NodeAttestor_AttestServer) error + // 1. SPIRE Server opens up a stream to the plugin via Attest. + // 2. SPIRE Server sends a request containing the attestation payload + // received from the agent. + // 3. Optionally, the plugin responds with a challenge: + // 3a. SPIRE Server sends the challenge to the agent. + // 3b. SPIRE Agent responds with the challenge response. + // 3c. SPIRE Server sends the challenge response to the plugin. + // 3d. Step 3 is repeated until the plugin is satisfied and does + // not respond with an additional challenge. + // 4. The plugin returns the attestation results to SPIRE Server and closes + // the stream. + Attest(grpc.BidiStreamingServer[AttestRequest, AttestResponse]) error mustEmbedUnimplementedNodeAttestorServer() } -// UnimplementedNodeAttestorServer must be embedded to have forward compatible implementations. -type UnimplementedNodeAttestorServer struct { -} +// UnimplementedNodeAttestorServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedNodeAttestorServer struct{} -func (UnimplementedNodeAttestorServer) Attest(NodeAttestor_AttestServer) error { +func (UnimplementedNodeAttestorServer) Attest(grpc.BidiStreamingServer[AttestRequest, AttestResponse]) error { return status.Errorf(codes.Unimplemented, "method Attest not implemented") } func (UnimplementedNodeAttestorServer) mustEmbedUnimplementedNodeAttestorServer() {} +func (UnimplementedNodeAttestorServer) testEmbeddedByValue() {} // UnsafeNodeAttestorServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to NodeAttestorServer will @@ -115,34 +109,22 @@ type UnsafeNodeAttestorServer interface { } func RegisterNodeAttestorServer(s grpc.ServiceRegistrar, srv NodeAttestorServer) { + // If the following call pancis, it indicates UnimplementedNodeAttestorServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&NodeAttestor_ServiceDesc, srv) } func _NodeAttestor_Attest_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(NodeAttestorServer).Attest(&nodeAttestorAttestServer{stream}) -} - -type NodeAttestor_AttestServer interface { - Send(*AttestResponse) error - Recv() (*AttestRequest, error) - grpc.ServerStream -} - -type nodeAttestorAttestServer struct { - grpc.ServerStream + return srv.(NodeAttestorServer).Attest(&grpc.GenericServerStream[AttestRequest, AttestResponse]{ServerStream: stream}) } -func (x *nodeAttestorAttestServer) Send(m *AttestResponse) error { - return x.ServerStream.SendMsg(m) -} - -func (x *nodeAttestorAttestServer) Recv() (*AttestRequest, error) { - m := new(AttestRequest) - if err := x.ServerStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type NodeAttestor_AttestServer = grpc.BidiStreamingServer[AttestRequest, AttestResponse] // NodeAttestor_ServiceDesc is the grpc.ServiceDesc for NodeAttestor service. // It's only intended for direct use with grpc.RegisterService, diff --git a/proto/spire/plugin/server/noderesolver/v1/noderesolver.pb.go b/proto/spire/plugin/server/noderesolver/v1/noderesolver.pb.go deleted file mode 100644 index 948eb3b..0000000 --- a/proto/spire/plugin/server/noderesolver/v1/noderesolver.pb.go +++ /dev/null @@ -1,229 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 -// source: spire/plugin/server/noderesolver/v1/noderesolver.proto - -package noderesolverv1 - -import ( - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -type ResolveRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Required. The agent ID to resolve selectors for. - AgentId string `protobuf:"bytes,1,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"` -} - -func (x *ResolveRequest) Reset() { - *x = ResolveRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_noderesolver_v1_noderesolver_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ResolveRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ResolveRequest) ProtoMessage() {} - -func (x *ResolveRequest) ProtoReflect() protoreflect.Message { - mi := &file_spire_plugin_server_noderesolver_v1_noderesolver_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ResolveRequest.ProtoReflect.Descriptor instead. -func (*ResolveRequest) Descriptor() ([]byte, []int) { - return file_spire_plugin_server_noderesolver_v1_noderesolver_proto_rawDescGZIP(), []int{0} -} - -func (x *ResolveRequest) GetAgentId() string { - if x != nil { - return x.AgentId - } - return "" -} - -type ResolveResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Optional. The selector values to ascribe to the agent. The type of - // the selector is inferred from the plugin name. - SelectorValues []string `protobuf:"bytes,1,rep,name=selector_values,json=selectorValues,proto3" json:"selector_values,omitempty"` -} - -func (x *ResolveResponse) Reset() { - *x = ResolveResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_noderesolver_v1_noderesolver_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ResolveResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ResolveResponse) ProtoMessage() {} - -func (x *ResolveResponse) ProtoReflect() protoreflect.Message { - mi := &file_spire_plugin_server_noderesolver_v1_noderesolver_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ResolveResponse.ProtoReflect.Descriptor instead. -func (*ResolveResponse) Descriptor() ([]byte, []int) { - return file_spire_plugin_server_noderesolver_v1_noderesolver_proto_rawDescGZIP(), []int{1} -} - -func (x *ResolveResponse) GetSelectorValues() []string { - if x != nil { - return x.SelectorValues - } - return nil -} - -var File_spire_plugin_server_noderesolver_v1_noderesolver_proto protoreflect.FileDescriptor - -var file_spire_plugin_server_noderesolver_v1_noderesolver_proto_rawDesc = []byte{ - 0x0a, 0x36, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, - 0x65, 0x72, 0x2f, 0x76, 0x31, 0x2f, 0x6e, 0x6f, 0x64, 0x65, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, - 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x23, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, - 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6e, 0x6f, - 0x64, 0x65, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x22, 0x2b, 0x0a, - 0x0e, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, - 0x19, 0x0a, 0x08, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x07, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x22, 0x3a, 0x0a, 0x0f, 0x52, 0x65, - 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x27, 0x0a, - 0x0f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, - 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, - 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x32, 0x84, 0x01, 0x0a, 0x0c, 0x4e, 0x6f, 0x64, 0x65, 0x52, - 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x12, 0x74, 0x0a, 0x07, 0x52, 0x65, 0x73, 0x6f, 0x6c, - 0x76, 0x65, 0x12, 0x33, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, - 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6e, 0x6f, 0x64, 0x65, 0x72, 0x65, 0x73, - 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x34, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, - 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6e, 0x6f, - 0x64, 0x65, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, - 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x5d, 0x5a, - 0x5b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, - 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2d, - 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, - 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x6e, 0x6f, - 0x64, 0x65, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x2f, 0x76, 0x31, 0x3b, 0x6e, 0x6f, - 0x64, 0x65, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x72, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_spire_plugin_server_noderesolver_v1_noderesolver_proto_rawDescOnce sync.Once - file_spire_plugin_server_noderesolver_v1_noderesolver_proto_rawDescData = file_spire_plugin_server_noderesolver_v1_noderesolver_proto_rawDesc -) - -func file_spire_plugin_server_noderesolver_v1_noderesolver_proto_rawDescGZIP() []byte { - file_spire_plugin_server_noderesolver_v1_noderesolver_proto_rawDescOnce.Do(func() { - file_spire_plugin_server_noderesolver_v1_noderesolver_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_plugin_server_noderesolver_v1_noderesolver_proto_rawDescData) - }) - return file_spire_plugin_server_noderesolver_v1_noderesolver_proto_rawDescData -} - -var file_spire_plugin_server_noderesolver_v1_noderesolver_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_spire_plugin_server_noderesolver_v1_noderesolver_proto_goTypes = []interface{}{ - (*ResolveRequest)(nil), // 0: spire.plugin.server.noderesolver.v1.ResolveRequest - (*ResolveResponse)(nil), // 1: spire.plugin.server.noderesolver.v1.ResolveResponse -} -var file_spire_plugin_server_noderesolver_v1_noderesolver_proto_depIdxs = []int32{ - 0, // 0: spire.plugin.server.noderesolver.v1.NodeResolver.Resolve:input_type -> spire.plugin.server.noderesolver.v1.ResolveRequest - 1, // 1: spire.plugin.server.noderesolver.v1.NodeResolver.Resolve:output_type -> spire.plugin.server.noderesolver.v1.ResolveResponse - 1, // [1:2] is the sub-list for method output_type - 0, // [0:1] is the sub-list for method input_type - 0, // [0:0] is the sub-list for extension type_name - 0, // [0:0] is the sub-list for extension extendee - 0, // [0:0] is the sub-list for field type_name -} - -func init() { file_spire_plugin_server_noderesolver_v1_noderesolver_proto_init() } -func file_spire_plugin_server_noderesolver_v1_noderesolver_proto_init() { - if File_spire_plugin_server_noderesolver_v1_noderesolver_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_spire_plugin_server_noderesolver_v1_noderesolver_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ResolveRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_noderesolver_v1_noderesolver_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ResolveResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_plugin_server_noderesolver_v1_noderesolver_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 1, - }, - GoTypes: file_spire_plugin_server_noderesolver_v1_noderesolver_proto_goTypes, - DependencyIndexes: file_spire_plugin_server_noderesolver_v1_noderesolver_proto_depIdxs, - MessageInfos: file_spire_plugin_server_noderesolver_v1_noderesolver_proto_msgTypes, - }.Build() - File_spire_plugin_server_noderesolver_v1_noderesolver_proto = out.File - file_spire_plugin_server_noderesolver_v1_noderesolver_proto_rawDesc = nil - file_spire_plugin_server_noderesolver_v1_noderesolver_proto_goTypes = nil - file_spire_plugin_server_noderesolver_v1_noderesolver_proto_depIdxs = nil -} diff --git a/proto/spire/plugin/server/noderesolver/v1/noderesolver.proto b/proto/spire/plugin/server/noderesolver/v1/noderesolver.proto deleted file mode 100644 index aa429b3..0000000 --- a/proto/spire/plugin/server/noderesolver/v1/noderesolver.proto +++ /dev/null @@ -1,19 +0,0 @@ -syntax = "proto3"; -package spire.plugin.server.noderesolver.v1; -option go_package = "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/noderesolver/v1;noderesolverv1"; - -service NodeResolver { - // Resolve resolves additional selectors for a given agent. - rpc Resolve(ResolveRequest) returns (ResolveResponse); -} - -message ResolveRequest { - // Required. The agent ID to resolve selectors for. - string agent_id = 1; -} - -message ResolveResponse { - // Optional. The selector values to ascribe to the agent. The type of - // the selector is inferred from the plugin name. - repeated string selector_values = 1; -} diff --git a/proto/spire/plugin/server/noderesolver/v1/noderesolver_grpc.pb.go b/proto/spire/plugin/server/noderesolver/v1/noderesolver_grpc.pb.go deleted file mode 100644 index 24465a6..0000000 --- a/proto/spire/plugin/server/noderesolver/v1/noderesolver_grpc.pb.go +++ /dev/null @@ -1,103 +0,0 @@ -// Code generated by protoc-gen-go-grpc. DO NOT EDIT. - -package noderesolverv1 - -import ( - context "context" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" -) - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 - -// NodeResolverClient is the client API for NodeResolver service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. -type NodeResolverClient interface { - // Resolve resolves additional selectors for a given agent. - Resolve(ctx context.Context, in *ResolveRequest, opts ...grpc.CallOption) (*ResolveResponse, error) -} - -type nodeResolverClient struct { - cc grpc.ClientConnInterface -} - -func NewNodeResolverClient(cc grpc.ClientConnInterface) NodeResolverClient { - return &nodeResolverClient{cc} -} - -func (c *nodeResolverClient) Resolve(ctx context.Context, in *ResolveRequest, opts ...grpc.CallOption) (*ResolveResponse, error) { - out := new(ResolveResponse) - err := c.cc.Invoke(ctx, "/spire.plugin.server.noderesolver.v1.NodeResolver/Resolve", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// NodeResolverServer is the server API for NodeResolver service. -// All implementations must embed UnimplementedNodeResolverServer -// for forward compatibility -type NodeResolverServer interface { - // Resolve resolves additional selectors for a given agent. - Resolve(context.Context, *ResolveRequest) (*ResolveResponse, error) - mustEmbedUnimplementedNodeResolverServer() -} - -// UnimplementedNodeResolverServer must be embedded to have forward compatible implementations. -type UnimplementedNodeResolverServer struct { -} - -func (UnimplementedNodeResolverServer) Resolve(context.Context, *ResolveRequest) (*ResolveResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Resolve not implemented") -} -func (UnimplementedNodeResolverServer) mustEmbedUnimplementedNodeResolverServer() {} - -// UnsafeNodeResolverServer may be embedded to opt out of forward compatibility for this service. -// Use of this interface is not recommended, as added methods to NodeResolverServer will -// result in compilation errors. -type UnsafeNodeResolverServer interface { - mustEmbedUnimplementedNodeResolverServer() -} - -func RegisterNodeResolverServer(s grpc.ServiceRegistrar, srv NodeResolverServer) { - s.RegisterService(&NodeResolver_ServiceDesc, srv) -} - -func _NodeResolver_Resolve_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ResolveRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(NodeResolverServer).Resolve(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/spire.plugin.server.noderesolver.v1.NodeResolver/Resolve", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(NodeResolverServer).Resolve(ctx, req.(*ResolveRequest)) - } - return interceptor(ctx, in, info, handler) -} - -// NodeResolver_ServiceDesc is the grpc.ServiceDesc for NodeResolver service. -// It's only intended for direct use with grpc.RegisterService, -// and not to be introspected or modified (even as a copy) -var NodeResolver_ServiceDesc = grpc.ServiceDesc{ - ServiceName: "spire.plugin.server.noderesolver.v1.NodeResolver", - HandlerType: (*NodeResolverServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "Resolve", - Handler: _NodeResolver_Resolve_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "spire/plugin/server/noderesolver/v1/noderesolver.proto", -} diff --git a/proto/spire/plugin/server/noderesolver/v1/noderesolver_spire_plugin.pb.go b/proto/spire/plugin/server/noderesolver/v1/noderesolver_spire_plugin.pb.go deleted file mode 100644 index 27d3ada..0000000 --- a/proto/spire/plugin/server/noderesolver/v1/noderesolver_spire_plugin.pb.go +++ /dev/null @@ -1,50 +0,0 @@ -// Code generated by protoc-gen-go-spire. DO NOT EDIT. - -package noderesolverv1 - -import ( - pluginsdk "github.com/spiffe/spire-plugin-sdk/pluginsdk" - grpc "google.golang.org/grpc" -) - -func NodeResolverPluginServer(server NodeResolverServer) pluginsdk.PluginServer { - return nodeResolverPluginServer{NodeResolverServer: server} -} - -type nodeResolverPluginServer struct { - NodeResolverServer -} - -func (s nodeResolverPluginServer) Type() string { - return "NodeResolver" -} - -func (s nodeResolverPluginServer) GRPCServiceName() string { - return "spire.plugin.server.noderesolver.v1.NodeResolver" -} - -func (s nodeResolverPluginServer) RegisterServer(server *grpc.Server) interface{} { - RegisterNodeResolverServer(server, s.NodeResolverServer) - return s.NodeResolverServer -} - -type NodeResolverPluginClient struct { - NodeResolverClient -} - -func (s NodeResolverPluginClient) Type() string { - return "NodeResolver" -} - -func (c *NodeResolverPluginClient) IsInitialized() bool { - return c.NodeResolverClient != nil -} - -func (c *NodeResolverPluginClient) GRPCServiceName() string { - return "spire.plugin.server.noderesolver.v1.NodeResolver" -} - -func (c *NodeResolverPluginClient) InitClient(conn grpc.ClientConnInterface) interface{} { - c.NodeResolverClient = NewNodeResolverClient(conn) - return c.NodeResolverClient -} diff --git a/proto/spire/plugin/server/notifier/v1/notifier.pb.go b/proto/spire/plugin/server/notifier/v1/notifier.pb.go index 7ad31f7..4ebc2bf 100644 --- a/proto/spire/plugin/server/notifier/v1/notifier.pb.go +++ b/proto/spire/plugin/server/notifier/v1/notifier.pb.go @@ -2,8 +2,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: spire/plugin/server/notifier/v1/notifier.proto package notifierv1 @@ -14,6 +14,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -24,24 +25,22 @@ const ( ) type NotifyRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The event the plugin is being notified for. // - // Types that are assignable to Event: + // Types that are valid to be assigned to Event: + // // *NotifyRequest_BundleUpdated - Event isNotifyRequest_Event `protobuf_oneof:"event"` + Event isNotifyRequest_Event `protobuf_oneof:"event"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *NotifyRequest) Reset() { *x = NotifyRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *NotifyRequest) String() string { @@ -52,7 +51,7 @@ func (*NotifyRequest) ProtoMessage() {} func (x *NotifyRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -67,16 +66,18 @@ func (*NotifyRequest) Descriptor() ([]byte, []int) { return file_spire_plugin_server_notifier_v1_notifier_proto_rawDescGZIP(), []int{0} } -func (m *NotifyRequest) GetEvent() isNotifyRequest_Event { - if m != nil { - return m.Event +func (x *NotifyRequest) GetEvent() isNotifyRequest_Event { + if x != nil { + return x.Event } return nil } func (x *NotifyRequest) GetBundleUpdated() *BundleUpdated { - if x, ok := x.GetEvent().(*NotifyRequest_BundleUpdated); ok { - return x.BundleUpdated + if x != nil { + if x, ok := x.Event.(*NotifyRequest_BundleUpdated); ok { + return x.BundleUpdated + } } return nil } @@ -94,18 +95,16 @@ type NotifyRequest_BundleUpdated struct { func (*NotifyRequest_BundleUpdated) isNotifyRequest_Event() {} type NotifyResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *NotifyResponse) Reset() { *x = NotifyResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *NotifyResponse) String() string { @@ -116,7 +115,7 @@ func (*NotifyResponse) ProtoMessage() {} func (x *NotifyResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -132,21 +131,18 @@ func (*NotifyResponse) Descriptor() ([]byte, []int) { } type BundleLoaded struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The bundle that was loaded. - Bundle *types.Bundle `protobuf:"bytes,1,opt,name=bundle,proto3" json:"bundle,omitempty"` + Bundle *types.Bundle `protobuf:"bytes,1,opt,name=bundle,proto3" json:"bundle,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *BundleLoaded) Reset() { *x = BundleLoaded{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *BundleLoaded) String() string { @@ -157,7 +153,7 @@ func (*BundleLoaded) ProtoMessage() {} func (x *BundleLoaded) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -180,24 +176,22 @@ func (x *BundleLoaded) GetBundle() *types.Bundle { } type NotifyAndAdviseRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The event the plugin is being notified for. // - // Types that are assignable to Event: + // Types that are valid to be assigned to Event: + // // *NotifyAndAdviseRequest_BundleLoaded - Event isNotifyAndAdviseRequest_Event `protobuf_oneof:"event"` + Event isNotifyAndAdviseRequest_Event `protobuf_oneof:"event"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *NotifyAndAdviseRequest) Reset() { *x = NotifyAndAdviseRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *NotifyAndAdviseRequest) String() string { @@ -208,7 +202,7 @@ func (*NotifyAndAdviseRequest) ProtoMessage() {} func (x *NotifyAndAdviseRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -223,16 +217,18 @@ func (*NotifyAndAdviseRequest) Descriptor() ([]byte, []int) { return file_spire_plugin_server_notifier_v1_notifier_proto_rawDescGZIP(), []int{3} } -func (m *NotifyAndAdviseRequest) GetEvent() isNotifyAndAdviseRequest_Event { - if m != nil { - return m.Event +func (x *NotifyAndAdviseRequest) GetEvent() isNotifyAndAdviseRequest_Event { + if x != nil { + return x.Event } return nil } func (x *NotifyAndAdviseRequest) GetBundleLoaded() *BundleLoaded { - if x, ok := x.GetEvent().(*NotifyAndAdviseRequest_BundleLoaded); ok { - return x.BundleLoaded + if x != nil { + if x, ok := x.Event.(*NotifyAndAdviseRequest_BundleLoaded); ok { + return x.BundleLoaded + } } return nil } @@ -250,18 +246,16 @@ type NotifyAndAdviseRequest_BundleLoaded struct { func (*NotifyAndAdviseRequest_BundleLoaded) isNotifyAndAdviseRequest_Event() {} type NotifyAndAdviseResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *NotifyAndAdviseResponse) Reset() { *x = NotifyAndAdviseResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *NotifyAndAdviseResponse) String() string { @@ -272,7 +266,7 @@ func (*NotifyAndAdviseResponse) ProtoMessage() {} func (x *NotifyAndAdviseResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -288,21 +282,18 @@ func (*NotifyAndAdviseResponse) Descriptor() ([]byte, []int) { } type BundleUpdated struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The bundle that was updated. - Bundle *types.Bundle `protobuf:"bytes,1,opt,name=bundle,proto3" json:"bundle,omitempty"` + Bundle *types.Bundle `protobuf:"bytes,1,opt,name=bundle,proto3" json:"bundle,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *BundleUpdated) Reset() { *x = BundleUpdated{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *BundleUpdated) String() string { @@ -313,7 +304,7 @@ func (*BundleUpdated) ProtoMessage() {} func (x *BundleUpdated) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -337,79 +328,39 @@ func (x *BundleUpdated) GetBundle() *types.Bundle { var File_spire_plugin_server_notifier_v1_notifier_proto protoreflect.FileDescriptor -var file_spire_plugin_server_notifier_v1_notifier_proto_rawDesc = []byte{ - 0x0a, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2f, 0x76, - 0x31, 0x2f, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x12, 0x1f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x76, - 0x31, 0x1a, 0x1f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, - 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x22, 0x71, 0x0a, 0x0d, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x57, 0x0a, 0x0e, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x5f, 0x75, 0x70, - 0x64, 0x61, 0x74, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x73, 0x70, - 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x75, - 0x6e, 0x64, 0x6c, 0x65, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x48, 0x00, 0x52, 0x0d, 0x62, - 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, 0x42, 0x07, 0x0a, 0x05, - 0x65, 0x76, 0x65, 0x6e, 0x74, 0x22, 0x10, 0x0a, 0x0e, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x42, 0x0a, 0x0c, 0x42, 0x75, 0x6e, 0x64, 0x6c, - 0x65, 0x4c, 0x6f, 0x61, 0x64, 0x65, 0x64, 0x12, 0x32, 0x0a, 0x06, 0x62, 0x75, 0x6e, 0x64, 0x6c, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, - 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x42, 0x75, 0x6e, - 0x64, 0x6c, 0x65, 0x52, 0x06, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x22, 0x77, 0x0a, 0x16, 0x4e, - 0x6f, 0x74, 0x69, 0x66, 0x79, 0x41, 0x6e, 0x64, 0x41, 0x64, 0x76, 0x69, 0x73, 0x65, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x54, 0x0a, 0x0d, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x5f, - 0x6c, 0x6f, 0x61, 0x64, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x73, - 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x42, - 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x6f, 0x61, 0x64, 0x65, 0x64, 0x48, 0x00, 0x52, 0x0c, 0x62, - 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x4c, 0x6f, 0x61, 0x64, 0x65, 0x64, 0x42, 0x07, 0x0a, 0x05, 0x65, - 0x76, 0x65, 0x6e, 0x74, 0x22, 0x19, 0x0a, 0x17, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x41, 0x6e, - 0x64, 0x41, 0x64, 0x76, 0x69, 0x73, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, - 0x43, 0x0a, 0x0d, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, - 0x12, 0x32, 0x0a, 0x06, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1a, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, - 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x52, 0x06, 0x62, 0x75, - 0x6e, 0x64, 0x6c, 0x65, 0x32, 0xfc, 0x01, 0x0a, 0x08, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, - 0x72, 0x12, 0x69, 0x0a, 0x06, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x12, 0x2e, 0x2e, 0x73, 0x70, - 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x4e, 0x6f, - 0x74, 0x69, 0x66, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x73, 0x70, - 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x4e, 0x6f, - 0x74, 0x69, 0x66, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x84, 0x01, 0x0a, - 0x0f, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x41, 0x6e, 0x64, 0x41, 0x64, 0x76, 0x69, 0x73, 0x65, - 0x12, 0x37, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, - 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, - 0x76, 0x31, 0x2e, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x41, 0x6e, 0x64, 0x41, 0x64, 0x76, 0x69, - 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x38, 0x2e, 0x73, 0x70, 0x69, 0x72, - 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, - 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2e, 0x76, 0x31, 0x2e, 0x4e, 0x6f, 0x74, 0x69, - 0x66, 0x79, 0x41, 0x6e, 0x64, 0x41, 0x64, 0x76, 0x69, 0x73, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x42, 0x55, 0x5a, 0x53, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, - 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x70, - 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, - 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x73, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x2f, 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x2f, 0x76, 0x31, 0x3b, - 0x6e, 0x6f, 0x74, 0x69, 0x66, 0x69, 0x65, 0x72, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, -} +const file_spire_plugin_server_notifier_v1_notifier_proto_rawDesc = "" + + "\n" + + ".spire/plugin/server/notifier/v1/notifier.proto\x12\x1fspire.plugin.server.notifier.v1\x1a\x1fspire/plugin/types/bundle.proto\"q\n" + + "\rNotifyRequest\x12W\n" + + "\x0ebundle_updated\x18\x01 \x01(\v2..spire.plugin.server.notifier.v1.BundleUpdatedH\x00R\rbundleUpdatedB\a\n" + + "\x05event\"\x10\n" + + "\x0eNotifyResponse\"B\n" + + "\fBundleLoaded\x122\n" + + "\x06bundle\x18\x01 \x01(\v2\x1a.spire.plugin.types.BundleR\x06bundle\"w\n" + + "\x16NotifyAndAdviseRequest\x12T\n" + + "\rbundle_loaded\x18\x01 \x01(\v2-.spire.plugin.server.notifier.v1.BundleLoadedH\x00R\fbundleLoadedB\a\n" + + "\x05event\"\x19\n" + + "\x17NotifyAndAdviseResponse\"C\n" + + "\rBundleUpdated\x122\n" + + "\x06bundle\x18\x01 \x01(\v2\x1a.spire.plugin.types.BundleR\x06bundle2\xfc\x01\n" + + "\bNotifier\x12i\n" + + "\x06Notify\x12..spire.plugin.server.notifier.v1.NotifyRequest\x1a/.spire.plugin.server.notifier.v1.NotifyResponse\x12\x84\x01\n" + + "\x0fNotifyAndAdvise\x127.spire.plugin.server.notifier.v1.NotifyAndAdviseRequest\x1a8.spire.plugin.server.notifier.v1.NotifyAndAdviseResponseBUZSgithub.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/notifier/v1;notifierv1b\x06proto3" var ( file_spire_plugin_server_notifier_v1_notifier_proto_rawDescOnce sync.Once - file_spire_plugin_server_notifier_v1_notifier_proto_rawDescData = file_spire_plugin_server_notifier_v1_notifier_proto_rawDesc + file_spire_plugin_server_notifier_v1_notifier_proto_rawDescData []byte ) func file_spire_plugin_server_notifier_v1_notifier_proto_rawDescGZIP() []byte { file_spire_plugin_server_notifier_v1_notifier_proto_rawDescOnce.Do(func() { - file_spire_plugin_server_notifier_v1_notifier_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_plugin_server_notifier_v1_notifier_proto_rawDescData) + file_spire_plugin_server_notifier_v1_notifier_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_plugin_server_notifier_v1_notifier_proto_rawDesc), len(file_spire_plugin_server_notifier_v1_notifier_proto_rawDesc))) }) return file_spire_plugin_server_notifier_v1_notifier_proto_rawDescData } var file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes = make([]protoimpl.MessageInfo, 6) -var file_spire_plugin_server_notifier_v1_notifier_proto_goTypes = []interface{}{ +var file_spire_plugin_server_notifier_v1_notifier_proto_goTypes = []any{ (*NotifyRequest)(nil), // 0: spire.plugin.server.notifier.v1.NotifyRequest (*NotifyResponse)(nil), // 1: spire.plugin.server.notifier.v1.NotifyResponse (*BundleLoaded)(nil), // 2: spire.plugin.server.notifier.v1.BundleLoaded @@ -439,91 +390,17 @@ func file_spire_plugin_server_notifier_v1_notifier_proto_init() { if File_spire_plugin_server_notifier_v1_notifier_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*NotifyRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*NotifyResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*BundleLoaded); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*NotifyAndAdviseRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*NotifyAndAdviseResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*BundleUpdated); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[0].OneofWrappers = []interface{}{ + file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[0].OneofWrappers = []any{ (*NotifyRequest_BundleUpdated)(nil), } - file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[3].OneofWrappers = []interface{}{ + file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes[3].OneofWrappers = []any{ (*NotifyAndAdviseRequest_BundleLoaded)(nil), } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_plugin_server_notifier_v1_notifier_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_plugin_server_notifier_v1_notifier_proto_rawDesc), len(file_spire_plugin_server_notifier_v1_notifier_proto_rawDesc)), NumEnums: 0, NumMessages: 6, NumExtensions: 0, @@ -534,7 +411,6 @@ func file_spire_plugin_server_notifier_v1_notifier_proto_init() { MessageInfos: file_spire_plugin_server_notifier_v1_notifier_proto_msgTypes, }.Build() File_spire_plugin_server_notifier_v1_notifier_proto = out.File - file_spire_plugin_server_notifier_v1_notifier_proto_rawDesc = nil file_spire_plugin_server_notifier_v1_notifier_proto_goTypes = nil file_spire_plugin_server_notifier_v1_notifier_proto_depIdxs = nil } diff --git a/proto/spire/plugin/server/notifier/v1/notifier_grpc.pb.go b/proto/spire/plugin/server/notifier/v1/notifier_grpc.pb.go index 4c89aab..68058c9 100644 --- a/proto/spire/plugin/server/notifier/v1/notifier_grpc.pb.go +++ b/proto/spire/plugin/server/notifier/v1/notifier_grpc.pb.go @@ -1,4 +1,10 @@ +// A Notifier plugin reacts to various server related events + // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: spire/plugin/server/notifier/v1/notifier.proto package notifierv1 @@ -11,8 +17,13 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + Notifier_Notify_FullMethodName = "/spire.plugin.server.notifier.v1.Notifier/Notify" + Notifier_NotifyAndAdvise_FullMethodName = "/spire.plugin.server.notifier.v1.Notifier/NotifyAndAdvise" +) // NotifierClient is the client API for Notifier service. // @@ -36,8 +47,9 @@ func NewNotifierClient(cc grpc.ClientConnInterface) NotifierClient { } func (c *notifierClient) Notify(ctx context.Context, in *NotifyRequest, opts ...grpc.CallOption) (*NotifyResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(NotifyResponse) - err := c.cc.Invoke(ctx, "/spire.plugin.server.notifier.v1.Notifier/Notify", in, out, opts...) + err := c.cc.Invoke(ctx, Notifier_Notify_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -45,8 +57,9 @@ func (c *notifierClient) Notify(ctx context.Context, in *NotifyRequest, opts ... } func (c *notifierClient) NotifyAndAdvise(ctx context.Context, in *NotifyAndAdviseRequest, opts ...grpc.CallOption) (*NotifyAndAdviseResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(NotifyAndAdviseResponse) - err := c.cc.Invoke(ctx, "/spire.plugin.server.notifier.v1.Notifier/NotifyAndAdvise", in, out, opts...) + err := c.cc.Invoke(ctx, Notifier_NotifyAndAdvise_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -55,7 +68,7 @@ func (c *notifierClient) NotifyAndAdvise(ctx context.Context, in *NotifyAndAdvis // NotifierServer is the server API for Notifier service. // All implementations must embed UnimplementedNotifierServer -// for forward compatibility +// for forward compatibility. type NotifierServer interface { // Notify notifies the plugin that an event occurred. Errors returned by // the plugin are logged but otherwise ignored. @@ -67,9 +80,12 @@ type NotifierServer interface { mustEmbedUnimplementedNotifierServer() } -// UnimplementedNotifierServer must be embedded to have forward compatible implementations. -type UnimplementedNotifierServer struct { -} +// UnimplementedNotifierServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedNotifierServer struct{} func (UnimplementedNotifierServer) Notify(context.Context, *NotifyRequest) (*NotifyResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method Notify not implemented") @@ -78,6 +94,7 @@ func (UnimplementedNotifierServer) NotifyAndAdvise(context.Context, *NotifyAndAd return nil, status.Errorf(codes.Unimplemented, "method NotifyAndAdvise not implemented") } func (UnimplementedNotifierServer) mustEmbedUnimplementedNotifierServer() {} +func (UnimplementedNotifierServer) testEmbeddedByValue() {} // UnsafeNotifierServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to NotifierServer will @@ -87,6 +104,13 @@ type UnsafeNotifierServer interface { } func RegisterNotifierServer(s grpc.ServiceRegistrar, srv NotifierServer) { + // If the following call pancis, it indicates UnimplementedNotifierServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&Notifier_ServiceDesc, srv) } @@ -100,7 +124,7 @@ func _Notifier_Notify_Handler(srv interface{}, ctx context.Context, dec func(int } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.plugin.server.notifier.v1.Notifier/Notify", + FullMethod: Notifier_Notify_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(NotifierServer).Notify(ctx, req.(*NotifyRequest)) @@ -118,7 +142,7 @@ func _Notifier_NotifyAndAdvise_Handler(srv interface{}, ctx context.Context, dec } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.plugin.server.notifier.v1.Notifier/NotifyAndAdvise", + FullMethod: Notifier_NotifyAndAdvise_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(NotifierServer).NotifyAndAdvise(ctx, req.(*NotifyAndAdviseRequest)) diff --git a/proto/spire/plugin/server/upstreamauthority/v1/upstreamauthority.pb.go b/proto/spire/plugin/server/upstreamauthority/v1/upstreamauthority.pb.go index 6ec68cf..8969ad7 100644 --- a/proto/spire/plugin/server/upstreamauthority/v1/upstreamauthority.pb.go +++ b/proto/spire/plugin/server/upstreamauthority/v1/upstreamauthority.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: spire/plugin/server/upstreamauthority/v1/upstreamauthority.proto package upstreamauthorityv1 @@ -12,6 +12,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -22,25 +23,22 @@ const ( ) type MintX509CARequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. Certificate signing request (PKCS#10) Csr []byte `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"` // Optional. Preferred TTL is the TTL preferred by SPIRE Server for signed CA. If // zero, the plugin should determine its own TTL value. Plugins are free to // ignore this and use their own policies around TTLs. - PreferredTtl int32 `protobuf:"varint,2,opt,name=preferred_ttl,json=preferredTtl,proto3" json:"preferred_ttl,omitempty"` + PreferredTtl int32 `protobuf:"varint,2,opt,name=preferred_ttl,json=preferredTtl,proto3" json:"preferred_ttl,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *MintX509CARequest) Reset() { *x = MintX509CARequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *MintX509CARequest) String() string { @@ -51,7 +49,7 @@ func (*MintX509CARequest) ProtoMessage() {} func (x *MintX509CARequest) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -81,10 +79,7 @@ func (x *MintX509CARequest) GetPreferredTtl() int32 { } type MintX509CAResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required on the first response. Contains ASN.1 encoded certificates // representing the X.509 CA along with any intermediates necessary to // chain back to a certificate present in the upstream_x509_roots. The @@ -92,15 +87,15 @@ type MintX509CAResponse struct { X509CaChain []*types.X509Certificate `protobuf:"bytes,1,rep,name=x509_ca_chain,json=x509CaChain,proto3" json:"x509_ca_chain,omitempty"` // Required. The trusted X.509 root authorities for the upstream authority. UpstreamX509Roots []*types.X509Certificate `protobuf:"bytes,2,rep,name=upstream_x509_roots,json=upstreamX509Roots,proto3" json:"upstream_x509_roots,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *MintX509CAResponse) Reset() { *x = MintX509CAResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *MintX509CAResponse) String() string { @@ -111,7 +106,7 @@ func (*MintX509CAResponse) ProtoMessage() {} func (x *MintX509CAResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -141,21 +136,18 @@ func (x *MintX509CAResponse) GetUpstreamX509Roots() []*types.X509Certificate { } type PublishJWTKeyRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The JWT signing key to publish upstream. - JwtKey *types.JWTKey `protobuf:"bytes,1,opt,name=jwt_key,json=jwtKey,proto3" json:"jwt_key,omitempty"` + JwtKey *types.JWTKey `protobuf:"bytes,1,opt,name=jwt_key,json=jwtKey,proto3" json:"jwt_key,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *PublishJWTKeyRequest) Reset() { *x = PublishJWTKeyRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *PublishJWTKeyRequest) String() string { @@ -166,7 +158,7 @@ func (*PublishJWTKeyRequest) ProtoMessage() {} func (x *PublishJWTKeyRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -189,21 +181,18 @@ func (x *PublishJWTKeyRequest) GetJwtKey() *types.JWTKey { } type PublishJWTKeyResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. The upstream JWT signing keys. UpstreamJwtKeys []*types.JWTKey `protobuf:"bytes,1,rep,name=upstream_jwt_keys,json=upstreamJwtKeys,proto3" json:"upstream_jwt_keys,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *PublishJWTKeyResponse) Reset() { *x = PublishJWTKeyResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *PublishJWTKeyResponse) String() string { @@ -214,7 +203,7 @@ func (*PublishJWTKeyResponse) ProtoMessage() {} func (x *PublishJWTKeyResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -236,113 +225,161 @@ func (x *PublishJWTKeyResponse) GetUpstreamJwtKeys() []*types.JWTKey { return nil } -var File_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto protoreflect.FileDescriptor +type SubscribeToLocalBundleRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *SubscribeToLocalBundleRequest) Reset() { + *x = SubscribeToLocalBundleRequest{} + mi := &file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *SubscribeToLocalBundleRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SubscribeToLocalBundleRequest) ProtoMessage() {} + +func (x *SubscribeToLocalBundleRequest) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SubscribeToLocalBundleRequest.ProtoReflect.Descriptor instead. +func (*SubscribeToLocalBundleRequest) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDescGZIP(), []int{4} +} + +type SubscribeToLocalBundleResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Required. The trusted X.509 root authorities for the upstream authority. + UpstreamX509Roots []*types.X509Certificate `protobuf:"bytes,1,rep,name=upstream_x509_roots,json=upstreamX509Roots,proto3" json:"upstream_x509_roots,omitempty"` + // Required. The upstream JWT signing keys. + UpstreamJwtKeys []*types.JWTKey `protobuf:"bytes,2,rep,name=upstream_jwt_keys,json=upstreamJwtKeys,proto3" json:"upstream_jwt_keys,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *SubscribeToLocalBundleResponse) Reset() { + *x = SubscribeToLocalBundleResponse{} + mi := &file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} -var file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDesc = []byte{ - 0x0a, 0x40, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x76, 0x31, 0x2f, 0x75, 0x70, 0x73, 0x74, 0x72, - 0x65, 0x61, 0x6d, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x12, 0x28, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, - 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, - 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x1a, 0x1f, 0x73, 0x70, - 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, - 0x2f, 0x6a, 0x77, 0x74, 0x6b, 0x65, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x28, 0x73, - 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x74, 0x79, 0x70, 0x65, - 0x73, 0x2f, 0x78, 0x35, 0x30, 0x39, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x4a, 0x0a, 0x11, 0x4d, 0x69, 0x6e, 0x74, 0x58, - 0x35, 0x30, 0x39, 0x43, 0x41, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, - 0x63, 0x73, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x03, 0x63, 0x73, 0x72, 0x12, 0x23, - 0x0a, 0x0d, 0x70, 0x72, 0x65, 0x66, 0x65, 0x72, 0x72, 0x65, 0x64, 0x5f, 0x74, 0x74, 0x6c, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0c, 0x70, 0x72, 0x65, 0x66, 0x65, 0x72, 0x72, 0x65, 0x64, - 0x54, 0x74, 0x6c, 0x22, 0xb2, 0x01, 0x0a, 0x12, 0x4d, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, - 0x43, 0x41, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x47, 0x0a, 0x0d, 0x78, 0x35, - 0x30, 0x39, 0x5f, 0x63, 0x61, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x23, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, - 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x0b, 0x78, 0x35, 0x30, 0x39, 0x43, 0x61, 0x43, 0x68, - 0x61, 0x69, 0x6e, 0x12, 0x53, 0x0a, 0x13, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, - 0x78, 0x35, 0x30, 0x39, 0x5f, 0x72, 0x6f, 0x6f, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x23, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, - 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x58, 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x11, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x58, - 0x35, 0x30, 0x39, 0x52, 0x6f, 0x6f, 0x74, 0x73, 0x22, 0x4b, 0x0a, 0x14, 0x50, 0x75, 0x62, 0x6c, - 0x69, 0x73, 0x68, 0x4a, 0x57, 0x54, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x12, 0x33, 0x0a, 0x07, 0x6a, 0x77, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1a, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, - 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x4a, 0x57, 0x54, 0x4b, 0x65, 0x79, 0x52, 0x06, 0x6a, - 0x77, 0x74, 0x4b, 0x65, 0x79, 0x22, 0x5f, 0x0a, 0x15, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, - 0x4a, 0x57, 0x54, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x46, - 0x0a, 0x11, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x6a, 0x77, 0x74, 0x5f, 0x6b, - 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x73, 0x70, 0x69, 0x72, - 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x4a, - 0x57, 0x54, 0x4b, 0x65, 0x79, 0x52, 0x0f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x4a, - 0x77, 0x74, 0x4b, 0x65, 0x79, 0x73, 0x32, 0xcc, 0x02, 0x0a, 0x11, 0x55, 0x70, 0x73, 0x74, 0x72, - 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x95, 0x01, 0x0a, - 0x16, 0x4d, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x43, 0x41, 0x41, 0x6e, 0x64, 0x53, 0x75, - 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x12, 0x3b, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, - 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x75, 0x70, - 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, - 0x76, 0x31, 0x2e, 0x4d, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x43, 0x41, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3c, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, - 0x67, 0x69, 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x75, 0x70, 0x73, 0x74, 0x72, - 0x65, 0x61, 0x6d, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, - 0x4d, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x43, 0x41, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x30, 0x01, 0x12, 0x9e, 0x01, 0x0a, 0x19, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, - 0x4a, 0x57, 0x54, 0x4b, 0x65, 0x79, 0x41, 0x6e, 0x64, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, - 0x62, 0x65, 0x12, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, - 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, - 0x6d, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, - 0x62, 0x6c, 0x69, 0x73, 0x68, 0x4a, 0x57, 0x54, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, - 0x6e, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, - 0x6d, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, - 0x62, 0x6c, 0x69, 0x73, 0x68, 0x4a, 0x57, 0x54, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x30, 0x01, 0x42, 0x67, 0x5a, 0x65, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, - 0x2d, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x76, 0x31, 0x3b, 0x75, 0x70, 0x73, 0x74, 0x72, - 0x65, 0x61, 0x6d, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x76, 0x31, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +func (x *SubscribeToLocalBundleResponse) String() string { + return protoimpl.X.MessageStringOf(x) } +func (*SubscribeToLocalBundleResponse) ProtoMessage() {} + +func (x *SubscribeToLocalBundleResponse) ProtoReflect() protoreflect.Message { + mi := &file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SubscribeToLocalBundleResponse.ProtoReflect.Descriptor instead. +func (*SubscribeToLocalBundleResponse) Descriptor() ([]byte, []int) { + return file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDescGZIP(), []int{5} +} + +func (x *SubscribeToLocalBundleResponse) GetUpstreamX509Roots() []*types.X509Certificate { + if x != nil { + return x.UpstreamX509Roots + } + return nil +} + +func (x *SubscribeToLocalBundleResponse) GetUpstreamJwtKeys() []*types.JWTKey { + if x != nil { + return x.UpstreamJwtKeys + } + return nil +} + +var File_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto protoreflect.FileDescriptor + +const file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDesc = "" + + "\n" + + "@spire/plugin/server/upstreamauthority/v1/upstreamauthority.proto\x12(spire.plugin.server.upstreamauthority.v1\x1a\x1fspire/plugin/types/jwtkey.proto\x1a(spire/plugin/types/x509certificate.proto\"J\n" + + "\x11MintX509CARequest\x12\x10\n" + + "\x03csr\x18\x01 \x01(\fR\x03csr\x12#\n" + + "\rpreferred_ttl\x18\x02 \x01(\x05R\fpreferredTtl\"\xb2\x01\n" + + "\x12MintX509CAResponse\x12G\n" + + "\rx509_ca_chain\x18\x01 \x03(\v2#.spire.plugin.types.X509CertificateR\vx509CaChain\x12S\n" + + "\x13upstream_x509_roots\x18\x02 \x03(\v2#.spire.plugin.types.X509CertificateR\x11upstreamX509Roots\"K\n" + + "\x14PublishJWTKeyRequest\x123\n" + + "\ajwt_key\x18\x01 \x01(\v2\x1a.spire.plugin.types.JWTKeyR\x06jwtKey\"_\n" + + "\x15PublishJWTKeyResponse\x12F\n" + + "\x11upstream_jwt_keys\x18\x01 \x03(\v2\x1a.spire.plugin.types.JWTKeyR\x0fupstreamJwtKeys\"\x1f\n" + + "\x1dSubscribeToLocalBundleRequest\"\xbd\x01\n" + + "\x1eSubscribeToLocalBundleResponse\x12S\n" + + "\x13upstream_x509_roots\x18\x01 \x03(\v2#.spire.plugin.types.X509CertificateR\x11upstreamX509Roots\x12F\n" + + "\x11upstream_jwt_keys\x18\x02 \x03(\v2\x1a.spire.plugin.types.JWTKeyR\x0fupstreamJwtKeys2\xfc\x03\n" + + "\x11UpstreamAuthority\x12\x95\x01\n" + + "\x16MintX509CAAndSubscribe\x12;.spire.plugin.server.upstreamauthority.v1.MintX509CARequest\x1a<.spire.plugin.server.upstreamauthority.v1.MintX509CAResponse0\x01\x12\x9e\x01\n" + + "\x19PublishJWTKeyAndSubscribe\x12>.spire.plugin.server.upstreamauthority.v1.PublishJWTKeyRequest\x1a?.spire.plugin.server.upstreamauthority.v1.PublishJWTKeyResponse0\x01\x12\xad\x01\n" + + "\x16SubscribeToLocalBundle\x12G.spire.plugin.server.upstreamauthority.v1.SubscribeToLocalBundleRequest\x1aH.spire.plugin.server.upstreamauthority.v1.SubscribeToLocalBundleResponse0\x01BgZegithub.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/upstreamauthority/v1;upstreamauthorityv1b\x06proto3" + var ( file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDescOnce sync.Once - file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDescData = file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDesc + file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDescData []byte ) func file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDescGZIP() []byte { file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDescOnce.Do(func() { - file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDescData) + file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDesc), len(file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDesc))) }) return file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDescData } -var file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes = make([]protoimpl.MessageInfo, 4) -var file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_goTypes = []interface{}{ - (*MintX509CARequest)(nil), // 0: spire.plugin.server.upstreamauthority.v1.MintX509CARequest - (*MintX509CAResponse)(nil), // 1: spire.plugin.server.upstreamauthority.v1.MintX509CAResponse - (*PublishJWTKeyRequest)(nil), // 2: spire.plugin.server.upstreamauthority.v1.PublishJWTKeyRequest - (*PublishJWTKeyResponse)(nil), // 3: spire.plugin.server.upstreamauthority.v1.PublishJWTKeyResponse - (*types.X509Certificate)(nil), // 4: spire.plugin.types.X509Certificate - (*types.JWTKey)(nil), // 5: spire.plugin.types.JWTKey +var file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes = make([]protoimpl.MessageInfo, 6) +var file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_goTypes = []any{ + (*MintX509CARequest)(nil), // 0: spire.plugin.server.upstreamauthority.v1.MintX509CARequest + (*MintX509CAResponse)(nil), // 1: spire.plugin.server.upstreamauthority.v1.MintX509CAResponse + (*PublishJWTKeyRequest)(nil), // 2: spire.plugin.server.upstreamauthority.v1.PublishJWTKeyRequest + (*PublishJWTKeyResponse)(nil), // 3: spire.plugin.server.upstreamauthority.v1.PublishJWTKeyResponse + (*SubscribeToLocalBundleRequest)(nil), // 4: spire.plugin.server.upstreamauthority.v1.SubscribeToLocalBundleRequest + (*SubscribeToLocalBundleResponse)(nil), // 5: spire.plugin.server.upstreamauthority.v1.SubscribeToLocalBundleResponse + (*types.X509Certificate)(nil), // 6: spire.plugin.types.X509Certificate + (*types.JWTKey)(nil), // 7: spire.plugin.types.JWTKey } var file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_depIdxs = []int32{ - 4, // 0: spire.plugin.server.upstreamauthority.v1.MintX509CAResponse.x509_ca_chain:type_name -> spire.plugin.types.X509Certificate - 4, // 1: spire.plugin.server.upstreamauthority.v1.MintX509CAResponse.upstream_x509_roots:type_name -> spire.plugin.types.X509Certificate - 5, // 2: spire.plugin.server.upstreamauthority.v1.PublishJWTKeyRequest.jwt_key:type_name -> spire.plugin.types.JWTKey - 5, // 3: spire.plugin.server.upstreamauthority.v1.PublishJWTKeyResponse.upstream_jwt_keys:type_name -> spire.plugin.types.JWTKey - 0, // 4: spire.plugin.server.upstreamauthority.v1.UpstreamAuthority.MintX509CAAndSubscribe:input_type -> spire.plugin.server.upstreamauthority.v1.MintX509CARequest - 2, // 5: spire.plugin.server.upstreamauthority.v1.UpstreamAuthority.PublishJWTKeyAndSubscribe:input_type -> spire.plugin.server.upstreamauthority.v1.PublishJWTKeyRequest - 1, // 6: spire.plugin.server.upstreamauthority.v1.UpstreamAuthority.MintX509CAAndSubscribe:output_type -> spire.plugin.server.upstreamauthority.v1.MintX509CAResponse - 3, // 7: spire.plugin.server.upstreamauthority.v1.UpstreamAuthority.PublishJWTKeyAndSubscribe:output_type -> spire.plugin.server.upstreamauthority.v1.PublishJWTKeyResponse - 6, // [6:8] is the sub-list for method output_type - 4, // [4:6] is the sub-list for method input_type - 4, // [4:4] is the sub-list for extension type_name - 4, // [4:4] is the sub-list for extension extendee - 0, // [0:4] is the sub-list for field type_name + 6, // 0: spire.plugin.server.upstreamauthority.v1.MintX509CAResponse.x509_ca_chain:type_name -> spire.plugin.types.X509Certificate + 6, // 1: spire.plugin.server.upstreamauthority.v1.MintX509CAResponse.upstream_x509_roots:type_name -> spire.plugin.types.X509Certificate + 7, // 2: spire.plugin.server.upstreamauthority.v1.PublishJWTKeyRequest.jwt_key:type_name -> spire.plugin.types.JWTKey + 7, // 3: spire.plugin.server.upstreamauthority.v1.PublishJWTKeyResponse.upstream_jwt_keys:type_name -> spire.plugin.types.JWTKey + 6, // 4: spire.plugin.server.upstreamauthority.v1.SubscribeToLocalBundleResponse.upstream_x509_roots:type_name -> spire.plugin.types.X509Certificate + 7, // 5: spire.plugin.server.upstreamauthority.v1.SubscribeToLocalBundleResponse.upstream_jwt_keys:type_name -> spire.plugin.types.JWTKey + 0, // 6: spire.plugin.server.upstreamauthority.v1.UpstreamAuthority.MintX509CAAndSubscribe:input_type -> spire.plugin.server.upstreamauthority.v1.MintX509CARequest + 2, // 7: spire.plugin.server.upstreamauthority.v1.UpstreamAuthority.PublishJWTKeyAndSubscribe:input_type -> spire.plugin.server.upstreamauthority.v1.PublishJWTKeyRequest + 4, // 8: spire.plugin.server.upstreamauthority.v1.UpstreamAuthority.SubscribeToLocalBundle:input_type -> spire.plugin.server.upstreamauthority.v1.SubscribeToLocalBundleRequest + 1, // 9: spire.plugin.server.upstreamauthority.v1.UpstreamAuthority.MintX509CAAndSubscribe:output_type -> spire.plugin.server.upstreamauthority.v1.MintX509CAResponse + 3, // 10: spire.plugin.server.upstreamauthority.v1.UpstreamAuthority.PublishJWTKeyAndSubscribe:output_type -> spire.plugin.server.upstreamauthority.v1.PublishJWTKeyResponse + 5, // 11: spire.plugin.server.upstreamauthority.v1.UpstreamAuthority.SubscribeToLocalBundle:output_type -> spire.plugin.server.upstreamauthority.v1.SubscribeToLocalBundleResponse + 9, // [9:12] is the sub-list for method output_type + 6, // [6:9] is the sub-list for method input_type + 6, // [6:6] is the sub-list for extension type_name + 6, // [6:6] is the sub-list for extension extendee + 0, // [0:6] is the sub-list for field type_name } func init() { file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_init() } @@ -350,63 +387,13 @@ func file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_init( if File_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MintX509CARequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MintX509CAResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PublishJWTKeyRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PublishJWTKeyResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDesc), len(file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDesc)), NumEnums: 0, - NumMessages: 4, + NumMessages: 6, NumExtensions: 0, NumServices: 1, }, @@ -415,7 +402,6 @@ func file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_init( MessageInfos: file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_msgTypes, }.Build() File_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto = out.File - file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_rawDesc = nil file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_goTypes = nil file_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto_depIdxs = nil } diff --git a/proto/spire/plugin/server/upstreamauthority/v1/upstreamauthority.proto b/proto/spire/plugin/server/upstreamauthority/v1/upstreamauthority.proto index a039e52..a094532 100644 --- a/proto/spire/plugin/server/upstreamauthority/v1/upstreamauthority.proto +++ b/proto/spire/plugin/server/upstreamauthority/v1/upstreamauthority.proto @@ -29,6 +29,15 @@ service UpstreamAuthority { // encountered while tracking changes to the upstream JWT keys as SPIRE // Server will not reopen a closed stream until the next JWT key rotation. rpc PublishJWTKeyAndSubscribe(PublishJWTKeyRequest) returns (stream PublishJWTKeyResponse); + + // Returns the trust bundle of the local trust domain as seen by the upstream + // authority. Returns the current set of X.509 roots and JWT public keys + // that make up the trust bundle of the trust domain. If supported by the + // implementation, subsequent responses on the stream contain trust bundle + // updates, otherwise the stream is closed after the initial response. + // + // This RPC is optional and will return NotImplemented if unsupported. + rpc SubscribeToLocalBundle(SubscribeToLocalBundleRequest) returns (stream SubscribeToLocalBundleResponse); } message MintX509CARequest { @@ -61,3 +70,13 @@ message PublishJWTKeyResponse { // Required. The upstream JWT signing keys. repeated spire.plugin.types.JWTKey upstream_jwt_keys = 1; } + +message SubscribeToLocalBundleRequest { +} + +message SubscribeToLocalBundleResponse { + // Required. The trusted X.509 root authorities for the upstream authority. + repeated spire.plugin.types.X509Certificate upstream_x509_roots = 1; + // Required. The upstream JWT signing keys. + repeated spire.plugin.types.JWTKey upstream_jwt_keys = 2; +} diff --git a/proto/spire/plugin/server/upstreamauthority/v1/upstreamauthority_grpc.pb.go b/proto/spire/plugin/server/upstreamauthority/v1/upstreamauthority_grpc.pb.go index 05b98b2..936a121 100644 --- a/proto/spire/plugin/server/upstreamauthority/v1/upstreamauthority_grpc.pb.go +++ b/proto/spire/plugin/server/upstreamauthority/v1/upstreamauthority_grpc.pb.go @@ -1,4 +1,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: spire/plugin/server/upstreamauthority/v1/upstreamauthority.proto package upstreamauthorityv1 @@ -11,8 +15,14 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + UpstreamAuthority_MintX509CAAndSubscribe_FullMethodName = "/spire.plugin.server.upstreamauthority.v1.UpstreamAuthority/MintX509CAAndSubscribe" + UpstreamAuthority_PublishJWTKeyAndSubscribe_FullMethodName = "/spire.plugin.server.upstreamauthority.v1.UpstreamAuthority/PublishJWTKeyAndSubscribe" + UpstreamAuthority_SubscribeToLocalBundle_FullMethodName = "/spire.plugin.server.upstreamauthority.v1.UpstreamAuthority/SubscribeToLocalBundle" +) // UpstreamAuthorityClient is the client API for UpstreamAuthority service. // @@ -27,7 +37,7 @@ type UpstreamAuthorityClient interface { // The stream should be kept open in the face of transient errors // encountered while tracking changes to the upstream X.509 roots as SPIRE // Server will not reopen a closed stream until the next X.509 CA rotation. - MintX509CAAndSubscribe(ctx context.Context, in *MintX509CARequest, opts ...grpc.CallOption) (UpstreamAuthority_MintX509CAAndSubscribeClient, error) + MintX509CAAndSubscribe(ctx context.Context, in *MintX509CARequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[MintX509CAResponse], error) // Publishes a JWT signing key upstream and responds with the upstream JWT // keys. If supported by the implementation, subsequent responses on the // stream contain upstream JWT key updates, otherwise the stream is closed @@ -39,7 +49,15 @@ type UpstreamAuthorityClient interface { // The stream should be kept open in the face of transient errors // encountered while tracking changes to the upstream JWT keys as SPIRE // Server will not reopen a closed stream until the next JWT key rotation. - PublishJWTKeyAndSubscribe(ctx context.Context, in *PublishJWTKeyRequest, opts ...grpc.CallOption) (UpstreamAuthority_PublishJWTKeyAndSubscribeClient, error) + PublishJWTKeyAndSubscribe(ctx context.Context, in *PublishJWTKeyRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[PublishJWTKeyResponse], error) + // Returns the trust bundle of the local trust domain as seen by the upstream + // authority. Returns the current set of X.509 roots and JWT public keys + // that make up the trust bundle of the trust domain. If supported by the + // implementation, subsequent responses on the stream contain trust bundle + // updates, otherwise the stream is closed after the initial response. + // + // This RPC is optional and will return NotImplemented if unsupported. + SubscribeToLocalBundle(ctx context.Context, in *SubscribeToLocalBundleRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[SubscribeToLocalBundleResponse], error) } type upstreamAuthorityClient struct { @@ -50,12 +68,13 @@ func NewUpstreamAuthorityClient(cc grpc.ClientConnInterface) UpstreamAuthorityCl return &upstreamAuthorityClient{cc} } -func (c *upstreamAuthorityClient) MintX509CAAndSubscribe(ctx context.Context, in *MintX509CARequest, opts ...grpc.CallOption) (UpstreamAuthority_MintX509CAAndSubscribeClient, error) { - stream, err := c.cc.NewStream(ctx, &UpstreamAuthority_ServiceDesc.Streams[0], "/spire.plugin.server.upstreamauthority.v1.UpstreamAuthority/MintX509CAAndSubscribe", opts...) +func (c *upstreamAuthorityClient) MintX509CAAndSubscribe(ctx context.Context, in *MintX509CARequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[MintX509CAResponse], error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + stream, err := c.cc.NewStream(ctx, &UpstreamAuthority_ServiceDesc.Streams[0], UpstreamAuthority_MintX509CAAndSubscribe_FullMethodName, cOpts...) if err != nil { return nil, err } - x := &upstreamAuthorityMintX509CAAndSubscribeClient{stream} + x := &grpc.GenericClientStream[MintX509CARequest, MintX509CAResponse]{ClientStream: stream} if err := x.ClientStream.SendMsg(in); err != nil { return nil, err } @@ -65,29 +84,16 @@ func (c *upstreamAuthorityClient) MintX509CAAndSubscribe(ctx context.Context, in return x, nil } -type UpstreamAuthority_MintX509CAAndSubscribeClient interface { - Recv() (*MintX509CAResponse, error) - grpc.ClientStream -} - -type upstreamAuthorityMintX509CAAndSubscribeClient struct { - grpc.ClientStream -} - -func (x *upstreamAuthorityMintX509CAAndSubscribeClient) Recv() (*MintX509CAResponse, error) { - m := new(MintX509CAResponse) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type UpstreamAuthority_MintX509CAAndSubscribeClient = grpc.ServerStreamingClient[MintX509CAResponse] -func (c *upstreamAuthorityClient) PublishJWTKeyAndSubscribe(ctx context.Context, in *PublishJWTKeyRequest, opts ...grpc.CallOption) (UpstreamAuthority_PublishJWTKeyAndSubscribeClient, error) { - stream, err := c.cc.NewStream(ctx, &UpstreamAuthority_ServiceDesc.Streams[1], "/spire.plugin.server.upstreamauthority.v1.UpstreamAuthority/PublishJWTKeyAndSubscribe", opts...) +func (c *upstreamAuthorityClient) PublishJWTKeyAndSubscribe(ctx context.Context, in *PublishJWTKeyRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[PublishJWTKeyResponse], error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + stream, err := c.cc.NewStream(ctx, &UpstreamAuthority_ServiceDesc.Streams[1], UpstreamAuthority_PublishJWTKeyAndSubscribe_FullMethodName, cOpts...) if err != nil { return nil, err } - x := &upstreamAuthorityPublishJWTKeyAndSubscribeClient{stream} + x := &grpc.GenericClientStream[PublishJWTKeyRequest, PublishJWTKeyResponse]{ClientStream: stream} if err := x.ClientStream.SendMsg(in); err != nil { return nil, err } @@ -97,26 +103,31 @@ func (c *upstreamAuthorityClient) PublishJWTKeyAndSubscribe(ctx context.Context, return x, nil } -type UpstreamAuthority_PublishJWTKeyAndSubscribeClient interface { - Recv() (*PublishJWTKeyResponse, error) - grpc.ClientStream -} - -type upstreamAuthorityPublishJWTKeyAndSubscribeClient struct { - grpc.ClientStream -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type UpstreamAuthority_PublishJWTKeyAndSubscribeClient = grpc.ServerStreamingClient[PublishJWTKeyResponse] -func (x *upstreamAuthorityPublishJWTKeyAndSubscribeClient) Recv() (*PublishJWTKeyResponse, error) { - m := new(PublishJWTKeyResponse) - if err := x.ClientStream.RecvMsg(m); err != nil { +func (c *upstreamAuthorityClient) SubscribeToLocalBundle(ctx context.Context, in *SubscribeToLocalBundleRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[SubscribeToLocalBundleResponse], error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + stream, err := c.cc.NewStream(ctx, &UpstreamAuthority_ServiceDesc.Streams[2], UpstreamAuthority_SubscribeToLocalBundle_FullMethodName, cOpts...) + if err != nil { + return nil, err + } + x := &grpc.GenericClientStream[SubscribeToLocalBundleRequest, SubscribeToLocalBundleResponse]{ClientStream: stream} + if err := x.ClientStream.SendMsg(in); err != nil { + return nil, err + } + if err := x.ClientStream.CloseSend(); err != nil { return nil, err } - return m, nil + return x, nil } +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type UpstreamAuthority_SubscribeToLocalBundleClient = grpc.ServerStreamingClient[SubscribeToLocalBundleResponse] + // UpstreamAuthorityServer is the server API for UpstreamAuthority service. // All implementations must embed UnimplementedUpstreamAuthorityServer -// for forward compatibility +// for forward compatibility. type UpstreamAuthorityServer interface { // Mints an X.509 CA and responds with the signed X.509 CA certificate // chain and upstream X.509 roots. If supported by the implementation, @@ -127,7 +138,7 @@ type UpstreamAuthorityServer interface { // The stream should be kept open in the face of transient errors // encountered while tracking changes to the upstream X.509 roots as SPIRE // Server will not reopen a closed stream until the next X.509 CA rotation. - MintX509CAAndSubscribe(*MintX509CARequest, UpstreamAuthority_MintX509CAAndSubscribeServer) error + MintX509CAAndSubscribe(*MintX509CARequest, grpc.ServerStreamingServer[MintX509CAResponse]) error // Publishes a JWT signing key upstream and responds with the upstream JWT // keys. If supported by the implementation, subsequent responses on the // stream contain upstream JWT key updates, otherwise the stream is closed @@ -139,21 +150,36 @@ type UpstreamAuthorityServer interface { // The stream should be kept open in the face of transient errors // encountered while tracking changes to the upstream JWT keys as SPIRE // Server will not reopen a closed stream until the next JWT key rotation. - PublishJWTKeyAndSubscribe(*PublishJWTKeyRequest, UpstreamAuthority_PublishJWTKeyAndSubscribeServer) error + PublishJWTKeyAndSubscribe(*PublishJWTKeyRequest, grpc.ServerStreamingServer[PublishJWTKeyResponse]) error + // Returns the trust bundle of the local trust domain as seen by the upstream + // authority. Returns the current set of X.509 roots and JWT public keys + // that make up the trust bundle of the trust domain. If supported by the + // implementation, subsequent responses on the stream contain trust bundle + // updates, otherwise the stream is closed after the initial response. + // + // This RPC is optional and will return NotImplemented if unsupported. + SubscribeToLocalBundle(*SubscribeToLocalBundleRequest, grpc.ServerStreamingServer[SubscribeToLocalBundleResponse]) error mustEmbedUnimplementedUpstreamAuthorityServer() } -// UnimplementedUpstreamAuthorityServer must be embedded to have forward compatible implementations. -type UnimplementedUpstreamAuthorityServer struct { -} +// UnimplementedUpstreamAuthorityServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedUpstreamAuthorityServer struct{} -func (UnimplementedUpstreamAuthorityServer) MintX509CAAndSubscribe(*MintX509CARequest, UpstreamAuthority_MintX509CAAndSubscribeServer) error { +func (UnimplementedUpstreamAuthorityServer) MintX509CAAndSubscribe(*MintX509CARequest, grpc.ServerStreamingServer[MintX509CAResponse]) error { return status.Errorf(codes.Unimplemented, "method MintX509CAAndSubscribe not implemented") } -func (UnimplementedUpstreamAuthorityServer) PublishJWTKeyAndSubscribe(*PublishJWTKeyRequest, UpstreamAuthority_PublishJWTKeyAndSubscribeServer) error { +func (UnimplementedUpstreamAuthorityServer) PublishJWTKeyAndSubscribe(*PublishJWTKeyRequest, grpc.ServerStreamingServer[PublishJWTKeyResponse]) error { return status.Errorf(codes.Unimplemented, "method PublishJWTKeyAndSubscribe not implemented") } +func (UnimplementedUpstreamAuthorityServer) SubscribeToLocalBundle(*SubscribeToLocalBundleRequest, grpc.ServerStreamingServer[SubscribeToLocalBundleResponse]) error { + return status.Errorf(codes.Unimplemented, "method SubscribeToLocalBundle not implemented") +} func (UnimplementedUpstreamAuthorityServer) mustEmbedUnimplementedUpstreamAuthorityServer() {} +func (UnimplementedUpstreamAuthorityServer) testEmbeddedByValue() {} // UnsafeUpstreamAuthorityServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to UpstreamAuthorityServer will @@ -163,6 +189,13 @@ type UnsafeUpstreamAuthorityServer interface { } func RegisterUpstreamAuthorityServer(s grpc.ServiceRegistrar, srv UpstreamAuthorityServer) { + // If the following call pancis, it indicates UnimplementedUpstreamAuthorityServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&UpstreamAuthority_ServiceDesc, srv) } @@ -171,42 +204,33 @@ func _UpstreamAuthority_MintX509CAAndSubscribe_Handler(srv interface{}, stream g if err := stream.RecvMsg(m); err != nil { return err } - return srv.(UpstreamAuthorityServer).MintX509CAAndSubscribe(m, &upstreamAuthorityMintX509CAAndSubscribeServer{stream}) + return srv.(UpstreamAuthorityServer).MintX509CAAndSubscribe(m, &grpc.GenericServerStream[MintX509CARequest, MintX509CAResponse]{ServerStream: stream}) } -type UpstreamAuthority_MintX509CAAndSubscribeServer interface { - Send(*MintX509CAResponse) error - grpc.ServerStream -} - -type upstreamAuthorityMintX509CAAndSubscribeServer struct { - grpc.ServerStream -} - -func (x *upstreamAuthorityMintX509CAAndSubscribeServer) Send(m *MintX509CAResponse) error { - return x.ServerStream.SendMsg(m) -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type UpstreamAuthority_MintX509CAAndSubscribeServer = grpc.ServerStreamingServer[MintX509CAResponse] func _UpstreamAuthority_PublishJWTKeyAndSubscribe_Handler(srv interface{}, stream grpc.ServerStream) error { m := new(PublishJWTKeyRequest) if err := stream.RecvMsg(m); err != nil { return err } - return srv.(UpstreamAuthorityServer).PublishJWTKeyAndSubscribe(m, &upstreamAuthorityPublishJWTKeyAndSubscribeServer{stream}) + return srv.(UpstreamAuthorityServer).PublishJWTKeyAndSubscribe(m, &grpc.GenericServerStream[PublishJWTKeyRequest, PublishJWTKeyResponse]{ServerStream: stream}) } -type UpstreamAuthority_PublishJWTKeyAndSubscribeServer interface { - Send(*PublishJWTKeyResponse) error - grpc.ServerStream -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type UpstreamAuthority_PublishJWTKeyAndSubscribeServer = grpc.ServerStreamingServer[PublishJWTKeyResponse] -type upstreamAuthorityPublishJWTKeyAndSubscribeServer struct { - grpc.ServerStream +func _UpstreamAuthority_SubscribeToLocalBundle_Handler(srv interface{}, stream grpc.ServerStream) error { + m := new(SubscribeToLocalBundleRequest) + if err := stream.RecvMsg(m); err != nil { + return err + } + return srv.(UpstreamAuthorityServer).SubscribeToLocalBundle(m, &grpc.GenericServerStream[SubscribeToLocalBundleRequest, SubscribeToLocalBundleResponse]{ServerStream: stream}) } -func (x *upstreamAuthorityPublishJWTKeyAndSubscribeServer) Send(m *PublishJWTKeyResponse) error { - return x.ServerStream.SendMsg(m) -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type UpstreamAuthority_SubscribeToLocalBundleServer = grpc.ServerStreamingServer[SubscribeToLocalBundleResponse] // UpstreamAuthority_ServiceDesc is the grpc.ServiceDesc for UpstreamAuthority service. // It's only intended for direct use with grpc.RegisterService, @@ -226,6 +250,11 @@ var UpstreamAuthority_ServiceDesc = grpc.ServiceDesc{ Handler: _UpstreamAuthority_PublishJWTKeyAndSubscribe_Handler, ServerStreams: true, }, + { + StreamName: "SubscribeToLocalBundle", + Handler: _UpstreamAuthority_SubscribeToLocalBundle_Handler, + ServerStreams: true, + }, }, Metadata: "spire/plugin/server/upstreamauthority/v1/upstreamauthority.proto", } diff --git a/proto/spire/plugin/types/bundle.pb.go b/proto/spire/plugin/types/bundle.pb.go index e545027..184f247 100644 --- a/proto/spire/plugin/types/bundle.pb.go +++ b/proto/spire/plugin/types/bundle.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: spire/plugin/types/bundle.proto package types @@ -11,6 +11,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -21,10 +22,7 @@ const ( ) type Bundle struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // The name of the trust domain the bundle belongs to (e.g., "example.org"). TrustDomain string `protobuf:"bytes,1,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"` // X.509 authorities for authenticating X509-SVIDs. @@ -36,15 +34,15 @@ type Bundle struct { RefreshHint int64 `protobuf:"varint,4,opt,name=refresh_hint,json=refreshHint,proto3" json:"refresh_hint,omitempty"` // The sequence number of the bundle. SequenceNumber uint64 `protobuf:"varint,5,opt,name=sequence_number,json=sequenceNumber,proto3" json:"sequence_number,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *Bundle) Reset() { *x = Bundle{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_types_bundle_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_types_bundle_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Bundle) String() string { @@ -55,7 +53,7 @@ func (*Bundle) ProtoMessage() {} func (x *Bundle) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_types_bundle_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -107,53 +105,30 @@ func (x *Bundle) GetSequenceNumber() uint64 { var File_spire_plugin_types_bundle_proto protoreflect.FileDescriptor -var file_spire_plugin_types_bundle_proto_rawDesc = []byte{ - 0x0a, 0x1f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x74, - 0x79, 0x70, 0x65, 0x73, 0x2f, 0x62, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x12, 0x12, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, - 0x74, 0x79, 0x70, 0x65, 0x73, 0x1a, 0x1f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, - 0x67, 0x69, 0x6e, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x6a, 0x77, 0x74, 0x6b, 0x65, 0x79, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x28, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, - 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x78, 0x35, 0x30, 0x39, 0x63, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x22, 0x8c, 0x02, 0x0a, 0x06, 0x42, 0x75, 0x6e, 0x64, 0x6c, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0b, 0x74, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x4e, - 0x0a, 0x10, 0x78, 0x35, 0x30, 0x39, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, - 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, - 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x58, 0x35, - 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x0f, 0x78, - 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x43, - 0x0a, 0x0f, 0x6a, 0x77, 0x74, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x69, 0x65, - 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, - 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x4a, 0x57, 0x54, - 0x4b, 0x65, 0x79, 0x52, 0x0e, 0x6a, 0x77, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x69, 0x65, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, 0x68, - 0x69, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0b, 0x72, 0x65, 0x66, 0x72, 0x65, - 0x73, 0x68, 0x48, 0x69, 0x6e, 0x74, 0x12, 0x27, 0x0a, 0x0f, 0x73, 0x65, 0x71, 0x75, 0x65, 0x6e, - 0x63, 0x65, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x04, 0x52, - 0x0e, 0x73, 0x65, 0x71, 0x75, 0x65, 0x6e, 0x63, 0x65, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x42, - 0x3d, 0x5a, 0x3b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, - 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x70, 0x6c, 0x75, 0x67, 0x69, - 0x6e, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, - 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +const file_spire_plugin_types_bundle_proto_rawDesc = "" + + "\n" + + "\x1fspire/plugin/types/bundle.proto\x12\x12spire.plugin.types\x1a\x1fspire/plugin/types/jwtkey.proto\x1a(spire/plugin/types/x509certificate.proto\"\x8c\x02\n" + + "\x06Bundle\x12!\n" + + "\ftrust_domain\x18\x01 \x01(\tR\vtrustDomain\x12N\n" + + "\x10x509_authorities\x18\x02 \x03(\v2#.spire.plugin.types.X509CertificateR\x0fx509Authorities\x12C\n" + + "\x0fjwt_authorities\x18\x03 \x03(\v2\x1a.spire.plugin.types.JWTKeyR\x0ejwtAuthorities\x12!\n" + + "\frefresh_hint\x18\x04 \x01(\x03R\vrefreshHint\x12'\n" + + "\x0fsequence_number\x18\x05 \x01(\x04R\x0esequenceNumberB=Z;github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/typesb\x06proto3" var ( file_spire_plugin_types_bundle_proto_rawDescOnce sync.Once - file_spire_plugin_types_bundle_proto_rawDescData = file_spire_plugin_types_bundle_proto_rawDesc + file_spire_plugin_types_bundle_proto_rawDescData []byte ) func file_spire_plugin_types_bundle_proto_rawDescGZIP() []byte { file_spire_plugin_types_bundle_proto_rawDescOnce.Do(func() { - file_spire_plugin_types_bundle_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_plugin_types_bundle_proto_rawDescData) + file_spire_plugin_types_bundle_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_plugin_types_bundle_proto_rawDesc), len(file_spire_plugin_types_bundle_proto_rawDesc))) }) return file_spire_plugin_types_bundle_proto_rawDescData } var file_spire_plugin_types_bundle_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_spire_plugin_types_bundle_proto_goTypes = []interface{}{ +var file_spire_plugin_types_bundle_proto_goTypes = []any{ (*Bundle)(nil), // 0: spire.plugin.types.Bundle (*X509Certificate)(nil), // 1: spire.plugin.types.X509Certificate (*JWTKey)(nil), // 2: spire.plugin.types.JWTKey @@ -175,25 +150,11 @@ func file_spire_plugin_types_bundle_proto_init() { } file_spire_plugin_types_jwtkey_proto_init() file_spire_plugin_types_x509certificate_proto_init() - if !protoimpl.UnsafeEnabled { - file_spire_plugin_types_bundle_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Bundle); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_plugin_types_bundle_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_plugin_types_bundle_proto_rawDesc), len(file_spire_plugin_types_bundle_proto_rawDesc)), NumEnums: 0, NumMessages: 1, NumExtensions: 0, @@ -204,7 +165,6 @@ func file_spire_plugin_types_bundle_proto_init() { MessageInfos: file_spire_plugin_types_bundle_proto_msgTypes, }.Build() File_spire_plugin_types_bundle_proto = out.File - file_spire_plugin_types_bundle_proto_rawDesc = nil file_spire_plugin_types_bundle_proto_goTypes = nil file_spire_plugin_types_bundle_proto_depIdxs = nil } diff --git a/proto/spire/plugin/types/jwtkey.pb.go b/proto/spire/plugin/types/jwtkey.pb.go index 1c5f2f1..d5df8bb 100644 --- a/proto/spire/plugin/types/jwtkey.pb.go +++ b/proto/spire/plugin/types/jwtkey.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: spire/plugin/types/jwtkey.proto package types @@ -11,6 +11,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -21,10 +22,7 @@ const ( ) type JWTKey struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // The PKIX encoded public key. PublicKey []byte `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` // The key identifier. @@ -32,15 +30,17 @@ type JWTKey struct { // When the key expires (seconds since Unix epoch). If zero, the key does // not expire. ExpiresAt int64 `protobuf:"varint,3,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` + // Indicates if the key has been tainted. A tainted key is not safe to be used anymore. + Tainted bool `protobuf:"varint,4,opt,name=tainted,proto3" json:"tainted,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *JWTKey) Reset() { *x = JWTKey{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_types_jwtkey_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_types_jwtkey_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *JWTKey) String() string { @@ -51,7 +51,7 @@ func (*JWTKey) ProtoMessage() {} func (x *JWTKey) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_types_jwtkey_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -87,39 +87,40 @@ func (x *JWTKey) GetExpiresAt() int64 { return 0 } +func (x *JWTKey) GetTainted() bool { + if x != nil { + return x.Tainted + } + return false +} + var File_spire_plugin_types_jwtkey_proto protoreflect.FileDescriptor -var file_spire_plugin_types_jwtkey_proto_rawDesc = []byte{ - 0x0a, 0x1f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x74, - 0x79, 0x70, 0x65, 0x73, 0x2f, 0x6a, 0x77, 0x74, 0x6b, 0x65, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x12, 0x12, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, - 0x74, 0x79, 0x70, 0x65, 0x73, 0x22, 0x5d, 0x0a, 0x06, 0x4a, 0x57, 0x54, 0x4b, 0x65, 0x79, 0x12, - 0x1d, 0x0a, 0x0a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x09, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x15, - 0x0a, 0x06, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x6b, 0x65, 0x79, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, - 0x5f, 0x61, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, - 0x65, 0x73, 0x41, 0x74, 0x42, 0x3d, 0x5a, 0x3b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, - 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x74, 0x79, - 0x70, 0x65, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +const file_spire_plugin_types_jwtkey_proto_rawDesc = "" + + "\n" + + "\x1fspire/plugin/types/jwtkey.proto\x12\x12spire.plugin.types\"w\n" + + "\x06JWTKey\x12\x1d\n" + + "\n" + + "public_key\x18\x01 \x01(\fR\tpublicKey\x12\x15\n" + + "\x06key_id\x18\x02 \x01(\tR\x05keyId\x12\x1d\n" + + "\n" + + "expires_at\x18\x03 \x01(\x03R\texpiresAt\x12\x18\n" + + "\atainted\x18\x04 \x01(\bR\ataintedB=Z;github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/typesb\x06proto3" var ( file_spire_plugin_types_jwtkey_proto_rawDescOnce sync.Once - file_spire_plugin_types_jwtkey_proto_rawDescData = file_spire_plugin_types_jwtkey_proto_rawDesc + file_spire_plugin_types_jwtkey_proto_rawDescData []byte ) func file_spire_plugin_types_jwtkey_proto_rawDescGZIP() []byte { file_spire_plugin_types_jwtkey_proto_rawDescOnce.Do(func() { - file_spire_plugin_types_jwtkey_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_plugin_types_jwtkey_proto_rawDescData) + file_spire_plugin_types_jwtkey_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_plugin_types_jwtkey_proto_rawDesc), len(file_spire_plugin_types_jwtkey_proto_rawDesc))) }) return file_spire_plugin_types_jwtkey_proto_rawDescData } var file_spire_plugin_types_jwtkey_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_spire_plugin_types_jwtkey_proto_goTypes = []interface{}{ +var file_spire_plugin_types_jwtkey_proto_goTypes = []any{ (*JWTKey)(nil), // 0: spire.plugin.types.JWTKey } var file_spire_plugin_types_jwtkey_proto_depIdxs = []int32{ @@ -135,25 +136,11 @@ func file_spire_plugin_types_jwtkey_proto_init() { if File_spire_plugin_types_jwtkey_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_spire_plugin_types_jwtkey_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*JWTKey); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_plugin_types_jwtkey_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_plugin_types_jwtkey_proto_rawDesc), len(file_spire_plugin_types_jwtkey_proto_rawDesc)), NumEnums: 0, NumMessages: 1, NumExtensions: 0, @@ -164,7 +151,6 @@ func file_spire_plugin_types_jwtkey_proto_init() { MessageInfos: file_spire_plugin_types_jwtkey_proto_msgTypes, }.Build() File_spire_plugin_types_jwtkey_proto = out.File - file_spire_plugin_types_jwtkey_proto_rawDesc = nil file_spire_plugin_types_jwtkey_proto_goTypes = nil file_spire_plugin_types_jwtkey_proto_depIdxs = nil } diff --git a/proto/spire/plugin/types/jwtkey.proto b/proto/spire/plugin/types/jwtkey.proto index 414760f..74683dd 100644 --- a/proto/spire/plugin/types/jwtkey.proto +++ b/proto/spire/plugin/types/jwtkey.proto @@ -12,4 +12,7 @@ message JWTKey { // When the key expires (seconds since Unix epoch). If zero, the key does // not expire. int64 expires_at = 3; + + // Indicates if the key has been tainted. A tainted key is not safe to be used anymore. + bool tainted = 4; } diff --git a/proto/spire/plugin/types/x509certificate.pb.go b/proto/spire/plugin/types/x509certificate.pb.go index 43412b9..d8d5912 100644 --- a/proto/spire/plugin/types/x509certificate.pb.go +++ b/proto/spire/plugin/types/x509certificate.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: spire/plugin/types/x509certificate.proto package types @@ -11,6 +11,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -21,21 +22,20 @@ const ( ) type X509Certificate struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // The ASN.1 DER encoded bytes of the X.509 certificate. Asn1 []byte `protobuf:"bytes,1,opt,name=asn1,proto3" json:"asn1,omitempty"` + // Indicates if the authority has been tainted. A tainted authority is not safe to be used anymore. + Tainted bool `protobuf:"varint,2,opt,name=tainted,proto3" json:"tainted,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *X509Certificate) Reset() { *x = X509Certificate{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_plugin_types_x509certificate_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_plugin_types_x509certificate_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *X509Certificate) String() string { @@ -46,7 +46,7 @@ func (*X509Certificate) ProtoMessage() {} func (x *X509Certificate) ProtoReflect() protoreflect.Message { mi := &file_spire_plugin_types_x509certificate_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -68,36 +68,36 @@ func (x *X509Certificate) GetAsn1() []byte { return nil } +func (x *X509Certificate) GetTainted() bool { + if x != nil { + return x.Tainted + } + return false +} + var File_spire_plugin_types_x509certificate_proto protoreflect.FileDescriptor -var file_spire_plugin_types_x509certificate_proto_rawDesc = []byte{ - 0x0a, 0x28, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x74, - 0x79, 0x70, 0x65, 0x73, 0x2f, 0x78, 0x35, 0x30, 0x39, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x12, 0x73, 0x70, 0x69, 0x72, - 0x65, 0x2e, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x22, 0x25, - 0x0a, 0x0f, 0x58, 0x35, 0x30, 0x39, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x73, 0x6e, 0x31, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, - 0x04, 0x61, 0x73, 0x6e, 0x31, 0x42, 0x3d, 0x5a, 0x3b, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, - 0x2d, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2f, 0x74, - 0x79, 0x70, 0x65, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +const file_spire_plugin_types_x509certificate_proto_rawDesc = "" + + "\n" + + "(spire/plugin/types/x509certificate.proto\x12\x12spire.plugin.types\"?\n" + + "\x0fX509Certificate\x12\x12\n" + + "\x04asn1\x18\x01 \x01(\fR\x04asn1\x12\x18\n" + + "\atainted\x18\x02 \x01(\bR\ataintedB=Z;github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/typesb\x06proto3" var ( file_spire_plugin_types_x509certificate_proto_rawDescOnce sync.Once - file_spire_plugin_types_x509certificate_proto_rawDescData = file_spire_plugin_types_x509certificate_proto_rawDesc + file_spire_plugin_types_x509certificate_proto_rawDescData []byte ) func file_spire_plugin_types_x509certificate_proto_rawDescGZIP() []byte { file_spire_plugin_types_x509certificate_proto_rawDescOnce.Do(func() { - file_spire_plugin_types_x509certificate_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_plugin_types_x509certificate_proto_rawDescData) + file_spire_plugin_types_x509certificate_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_plugin_types_x509certificate_proto_rawDesc), len(file_spire_plugin_types_x509certificate_proto_rawDesc))) }) return file_spire_plugin_types_x509certificate_proto_rawDescData } var file_spire_plugin_types_x509certificate_proto_msgTypes = make([]protoimpl.MessageInfo, 1) -var file_spire_plugin_types_x509certificate_proto_goTypes = []interface{}{ +var file_spire_plugin_types_x509certificate_proto_goTypes = []any{ (*X509Certificate)(nil), // 0: spire.plugin.types.X509Certificate } var file_spire_plugin_types_x509certificate_proto_depIdxs = []int32{ @@ -113,25 +113,11 @@ func file_spire_plugin_types_x509certificate_proto_init() { if File_spire_plugin_types_x509certificate_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_spire_plugin_types_x509certificate_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*X509Certificate); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_plugin_types_x509certificate_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_plugin_types_x509certificate_proto_rawDesc), len(file_spire_plugin_types_x509certificate_proto_rawDesc)), NumEnums: 0, NumMessages: 1, NumExtensions: 0, @@ -142,7 +128,6 @@ func file_spire_plugin_types_x509certificate_proto_init() { MessageInfos: file_spire_plugin_types_x509certificate_proto_msgTypes, }.Build() File_spire_plugin_types_x509certificate_proto = out.File - file_spire_plugin_types_x509certificate_proto_rawDesc = nil file_spire_plugin_types_x509certificate_proto_goTypes = nil file_spire_plugin_types_x509certificate_proto_depIdxs = nil } diff --git a/proto/spire/plugin/types/x509certificate.proto b/proto/spire/plugin/types/x509certificate.proto index 20396f8..c639ba5 100644 --- a/proto/spire/plugin/types/x509certificate.proto +++ b/proto/spire/plugin/types/x509certificate.proto @@ -5,4 +5,7 @@ option go_package = "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/types message X509Certificate { // The ASN.1 DER encoded bytes of the X.509 certificate. bytes asn1 = 1; + + // Indicates if the authority has been tainted. A tainted authority is not safe to be used anymore. + bool tainted = 2; } diff --git a/proto/spire/service/common/config/v1/config.pb.go b/proto/spire/service/common/config/v1/config.pb.go index ec93e1e..205d241 100644 --- a/proto/spire/service/common/config/v1/config.pb.go +++ b/proto/spire/service/common/config/v1/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.0 -// protoc v3.20.1 +// protoc-gen-go v1.36.6 +// protoc v6.30.2 // source: spire/service/common/config/v1/config.proto package configv1 @@ -11,6 +11,7 @@ import ( protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" sync "sync" + unsafe "unsafe" ) const ( @@ -21,23 +22,20 @@ const ( ) type ConfigureRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - + state protoimpl.MessageState `protogen:"open.v1"` // Required. Core SPIRE configuration. CoreConfiguration *CoreConfiguration `protobuf:"bytes,1,opt,name=core_configuration,json=coreConfiguration,proto3" json:"core_configuration,omitempty"` // Required. HCL encoded plugin configuration. HclConfiguration string `protobuf:"bytes,2,opt,name=hcl_configuration,json=hclConfiguration,proto3" json:"hcl_configuration,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *ConfigureRequest) Reset() { *x = ConfigureRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_service_common_config_v1_config_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_service_common_config_v1_config_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ConfigureRequest) String() string { @@ -48,7 +46,7 @@ func (*ConfigureRequest) ProtoMessage() {} func (x *ConfigureRequest) ProtoReflect() protoreflect.Message { mi := &file_spire_service_common_config_v1_config_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -78,18 +76,16 @@ func (x *ConfigureRequest) GetHclConfiguration() string { } type ConfigureResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *ConfigureResponse) Reset() { *x = ConfigureResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_service_common_config_v1_config_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_service_common_config_v1_config_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ConfigureResponse) String() string { @@ -100,7 +96,7 @@ func (*ConfigureResponse) ProtoMessage() {} func (x *ConfigureResponse) ProtoReflect() protoreflect.Message { mi := &file_spire_service_common_config_v1_config_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -115,23 +111,132 @@ func (*ConfigureResponse) Descriptor() ([]byte, []int) { return file_spire_service_common_config_v1_config_proto_rawDescGZIP(), []int{1} } -type CoreConfiguration struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache +type ValidateRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Required. Core SPIRE configuration. + CoreConfiguration *CoreConfiguration `protobuf:"bytes,1,opt,name=core_configuration,json=coreConfiguration,proto3" json:"core_configuration,omitempty"` + // Required. HCL encoded plugin configuration. + HclConfiguration string `protobuf:"bytes,2,opt,name=hcl_configuration,json=hclConfiguration,proto3" json:"hcl_configuration,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ValidateRequest) Reset() { + *x = ValidateRequest{} + mi := &file_spire_service_common_config_v1_config_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ValidateRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ValidateRequest) ProtoMessage() {} + +func (x *ValidateRequest) ProtoReflect() protoreflect.Message { + mi := &file_spire_service_common_config_v1_config_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ValidateRequest.ProtoReflect.Descriptor instead. +func (*ValidateRequest) Descriptor() ([]byte, []int) { + return file_spire_service_common_config_v1_config_proto_rawDescGZIP(), []int{2} +} + +func (x *ValidateRequest) GetCoreConfiguration() *CoreConfiguration { + if x != nil { + return x.CoreConfiguration + } + return nil +} + +func (x *ValidateRequest) GetHclConfiguration() string { + if x != nil { + return x.HclConfiguration + } + return "" +} + +type ValidateResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Required. True when the plugin deems the configuration usable. + Valid bool `protobuf:"varint,1,opt,name=valid,proto3" json:"valid,omitempty"` + // Examples of invalid configuration notes include: + // - value for "plugin.port" is not a number. + // - missing field "plugin.user" + // - specified SPIFFE ID in "plugin.spiffe_id" is not within system trust domain. + // - etc. + Notes []string `protobuf:"bytes,2,rep,name=notes,proto3" json:"notes,omitempty"` unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ValidateResponse) Reset() { + *x = ValidateResponse{} + mi := &file_spire_service_common_config_v1_config_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ValidateResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ValidateResponse) ProtoMessage() {} + +func (x *ValidateResponse) ProtoReflect() protoreflect.Message { + mi := &file_spire_service_common_config_v1_config_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} +// Deprecated: Use ValidateResponse.ProtoReflect.Descriptor instead. +func (*ValidateResponse) Descriptor() ([]byte, []int) { + return file_spire_service_common_config_v1_config_proto_rawDescGZIP(), []int{3} +} + +func (x *ValidateResponse) GetValid() bool { + if x != nil { + return x.Valid + } + return false +} + +func (x *ValidateResponse) GetNotes() []string { + if x != nil { + return x.Notes + } + return nil +} + +type CoreConfiguration struct { + state protoimpl.MessageState `protogen:"open.v1"` // Required. The trust domain name SPIRE is configured with (e.g. // "example.org"). - TrustDomain string `protobuf:"bytes,1,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"` + TrustDomain string `protobuf:"bytes,1,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *CoreConfiguration) Reset() { *x = CoreConfiguration{} - if protoimpl.UnsafeEnabled { - mi := &file_spire_service_common_config_v1_config_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_spire_service_common_config_v1_config_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *CoreConfiguration) String() string { @@ -141,8 +246,8 @@ func (x *CoreConfiguration) String() string { func (*CoreConfiguration) ProtoMessage() {} func (x *CoreConfiguration) ProtoReflect() protoreflect.Message { - mi := &file_spire_service_common_config_v1_config_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_spire_service_common_config_v1_config_proto_msgTypes[4] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -154,7 +259,7 @@ func (x *CoreConfiguration) ProtoReflect() protoreflect.Message { // Deprecated: Use CoreConfiguration.ProtoReflect.Descriptor instead. func (*CoreConfiguration) Descriptor() ([]byte, []int) { - return file_spire_service_common_config_v1_config_proto_rawDescGZIP(), []int{2} + return file_spire_service_common_config_v1_config_proto_rawDescGZIP(), []int{4} } func (x *CoreConfiguration) GetTrustDomain() string { @@ -166,70 +271,57 @@ func (x *CoreConfiguration) GetTrustDomain() string { var File_spire_service_common_config_v1_config_proto protoreflect.FileDescriptor -var file_spire_service_common_config_v1_config_proto_rawDesc = []byte{ - 0x0a, 0x2b, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, - 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x76, 0x31, - 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x73, - 0x70, 0x69, 0x72, 0x65, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6d, - 0x6d, 0x6f, 0x6e, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x22, 0xa1, 0x01, - 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x12, 0x60, 0x0a, 0x12, 0x63, 0x6f, 0x72, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, - 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, - 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e, - 0x43, 0x6f, 0x72, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x52, 0x11, 0x63, 0x6f, 0x72, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2b, 0x0a, 0x11, 0x68, 0x63, 0x6c, 0x5f, 0x63, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x10, 0x68, 0x63, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x22, 0x13, 0x0a, 0x11, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x36, 0x0a, 0x11, 0x43, 0x6f, 0x72, 0x65, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x21, 0x0a, 0x0c, 0x74, - 0x72, 0x75, 0x73, 0x74, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0b, 0x74, 0x72, 0x75, 0x73, 0x74, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x32, 0x7a, - 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x70, 0x0a, 0x09, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x75, 0x72, 0x65, 0x12, 0x30, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x63, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x65, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, - 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2e, 0x63, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, - 0x72, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x52, 0x5a, 0x50, 0x67, 0x69, - 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, - 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2d, 0x73, 0x64, 0x6b, - 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x73, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x2f, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x2f, 0x63, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x2f, 0x76, 0x31, 0x3b, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x76, 0x31, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} +const file_spire_service_common_config_v1_config_proto_rawDesc = "" + + "\n" + + "+spire/service/common/config/v1/config.proto\x12\x1espire.service.common.config.v1\"\xa1\x01\n" + + "\x10ConfigureRequest\x12`\n" + + "\x12core_configuration\x18\x01 \x01(\v21.spire.service.common.config.v1.CoreConfigurationR\x11coreConfiguration\x12+\n" + + "\x11hcl_configuration\x18\x02 \x01(\tR\x10hclConfiguration\"\x13\n" + + "\x11ConfigureResponse\"\xa0\x01\n" + + "\x0fValidateRequest\x12`\n" + + "\x12core_configuration\x18\x01 \x01(\v21.spire.service.common.config.v1.CoreConfigurationR\x11coreConfiguration\x12+\n" + + "\x11hcl_configuration\x18\x02 \x01(\tR\x10hclConfiguration\">\n" + + "\x10ValidateResponse\x12\x14\n" + + "\x05valid\x18\x01 \x01(\bR\x05valid\x12\x14\n" + + "\x05notes\x18\x02 \x03(\tR\x05notes\"6\n" + + "\x11CoreConfiguration\x12!\n" + + "\ftrust_domain\x18\x01 \x01(\tR\vtrustDomain2\xe9\x01\n" + + "\x06Config\x12p\n" + + "\tConfigure\x120.spire.service.common.config.v1.ConfigureRequest\x1a1.spire.service.common.config.v1.ConfigureResponse\x12m\n" + + "\bValidate\x12/.spire.service.common.config.v1.ValidateRequest\x1a0.spire.service.common.config.v1.ValidateResponseBRZPgithub.com/spiffe/spire-plugin-sdk/proto/spire/service/common/config/v1;configv1b\x06proto3" var ( file_spire_service_common_config_v1_config_proto_rawDescOnce sync.Once - file_spire_service_common_config_v1_config_proto_rawDescData = file_spire_service_common_config_v1_config_proto_rawDesc + file_spire_service_common_config_v1_config_proto_rawDescData []byte ) func file_spire_service_common_config_v1_config_proto_rawDescGZIP() []byte { file_spire_service_common_config_v1_config_proto_rawDescOnce.Do(func() { - file_spire_service_common_config_v1_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_spire_service_common_config_v1_config_proto_rawDescData) + file_spire_service_common_config_v1_config_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_spire_service_common_config_v1_config_proto_rawDesc), len(file_spire_service_common_config_v1_config_proto_rawDesc))) }) return file_spire_service_common_config_v1_config_proto_rawDescData } -var file_spire_service_common_config_v1_config_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_spire_service_common_config_v1_config_proto_goTypes = []interface{}{ +var file_spire_service_common_config_v1_config_proto_msgTypes = make([]protoimpl.MessageInfo, 5) +var file_spire_service_common_config_v1_config_proto_goTypes = []any{ (*ConfigureRequest)(nil), // 0: spire.service.common.config.v1.ConfigureRequest (*ConfigureResponse)(nil), // 1: spire.service.common.config.v1.ConfigureResponse - (*CoreConfiguration)(nil), // 2: spire.service.common.config.v1.CoreConfiguration + (*ValidateRequest)(nil), // 2: spire.service.common.config.v1.ValidateRequest + (*ValidateResponse)(nil), // 3: spire.service.common.config.v1.ValidateResponse + (*CoreConfiguration)(nil), // 4: spire.service.common.config.v1.CoreConfiguration } var file_spire_service_common_config_v1_config_proto_depIdxs = []int32{ - 2, // 0: spire.service.common.config.v1.ConfigureRequest.core_configuration:type_name -> spire.service.common.config.v1.CoreConfiguration - 0, // 1: spire.service.common.config.v1.Config.Configure:input_type -> spire.service.common.config.v1.ConfigureRequest - 1, // 2: spire.service.common.config.v1.Config.Configure:output_type -> spire.service.common.config.v1.ConfigureResponse - 2, // [2:3] is the sub-list for method output_type - 1, // [1:2] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name + 4, // 0: spire.service.common.config.v1.ConfigureRequest.core_configuration:type_name -> spire.service.common.config.v1.CoreConfiguration + 4, // 1: spire.service.common.config.v1.ValidateRequest.core_configuration:type_name -> spire.service.common.config.v1.CoreConfiguration + 0, // 2: spire.service.common.config.v1.Config.Configure:input_type -> spire.service.common.config.v1.ConfigureRequest + 2, // 3: spire.service.common.config.v1.Config.Validate:input_type -> spire.service.common.config.v1.ValidateRequest + 1, // 4: spire.service.common.config.v1.Config.Configure:output_type -> spire.service.common.config.v1.ConfigureResponse + 3, // 5: spire.service.common.config.v1.Config.Validate:output_type -> spire.service.common.config.v1.ValidateResponse + 4, // [4:6] is the sub-list for method output_type + 2, // [2:4] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name } func init() { file_spire_service_common_config_v1_config_proto_init() } @@ -237,51 +329,13 @@ func file_spire_service_common_config_v1_config_proto_init() { if File_spire_service_common_config_v1_config_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_spire_service_common_config_v1_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConfigureRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_service_common_config_v1_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConfigureResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_spire_service_common_config_v1_config_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CoreConfiguration); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_spire_service_common_config_v1_config_proto_rawDesc, + RawDescriptor: unsafe.Slice(unsafe.StringData(file_spire_service_common_config_v1_config_proto_rawDesc), len(file_spire_service_common_config_v1_config_proto_rawDesc)), NumEnums: 0, - NumMessages: 3, + NumMessages: 5, NumExtensions: 0, NumServices: 1, }, @@ -290,7 +344,6 @@ func file_spire_service_common_config_v1_config_proto_init() { MessageInfos: file_spire_service_common_config_v1_config_proto_msgTypes, }.Build() File_spire_service_common_config_v1_config_proto = out.File - file_spire_service_common_config_v1_config_proto_rawDesc = nil file_spire_service_common_config_v1_config_proto_goTypes = nil file_spire_service_common_config_v1_config_proto_depIdxs = nil } diff --git a/proto/spire/service/common/config/v1/config.proto b/proto/spire/service/common/config/v1/config.proto index 878524f..3a0a6e5 100644 --- a/proto/spire/service/common/config/v1/config.proto +++ b/proto/spire/service/common/config/v1/config.proto @@ -12,6 +12,10 @@ service Config { // calls to Configure can happen concurrently with other RPCs against the // plugin. rpc Configure(ConfigureRequest) returns (ConfigureResponse); + + // Validate is called by SPIRE with a potential specific configuration for + // the plugin to determine if it is usable. + rpc Validate(ValidateRequest) returns (ValidateResponse); } message ConfigureRequest { @@ -25,6 +29,34 @@ message ConfigureRequest { message ConfigureResponse { } +message ValidateRequest { + // Required. Core SPIRE configuration. + CoreConfiguration core_configuration = 1; + + // Required. HCL encoded plugin configuration. + string hcl_configuration = 2; +} + +message ValidateResponse { + // Required. True when the plugin deems the configuration usable. + bool valid = 1; + + // Optional. Zero or more notes providing feedback to an end user. + + // Examples of valid configuration notes include: + // - "configuration valid" + // - "please ensure port 23423 is open" + // - "check access to (whatever) from the deployment environment" + // etc. + + // Examples of invalid configuration notes include: + // - value for "plugin.port" is not a number. + // - missing field "plugin.user" + // - specified SPIFFE ID in "plugin.spiffe_id" is not within system trust domain. + // - etc. + repeated string notes = 2; +} + message CoreConfiguration { // Required. The trust domain name SPIRE is configured with (e.g. // "example.org"). diff --git a/proto/spire/service/common/config/v1/config_grpc.pb.go b/proto/spire/service/common/config/v1/config_grpc.pb.go index c51079f..90ac3ee 100644 --- a/proto/spire/service/common/config/v1/config_grpc.pb.go +++ b/proto/spire/service/common/config/v1/config_grpc.pb.go @@ -1,4 +1,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v6.30.2 +// source: spire/service/common/config/v1/config.proto package configv1 @@ -11,8 +15,13 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + Config_Configure_FullMethodName = "/spire.service.common.config.v1.Config/Configure" + Config_Validate_FullMethodName = "/spire.service.common.config.v1.Config/Validate" +) // ConfigClient is the client API for Config service. // @@ -26,6 +35,9 @@ type ConfigClient interface { // calls to Configure can happen concurrently with other RPCs against the // plugin. Configure(ctx context.Context, in *ConfigureRequest, opts ...grpc.CallOption) (*ConfigureResponse, error) + // Validate is called by SPIRE with a potential specific configuration for + // the plugin to determine if it is usable. + Validate(ctx context.Context, in *ValidateRequest, opts ...grpc.CallOption) (*ValidateResponse, error) } type configClient struct { @@ -37,8 +49,19 @@ func NewConfigClient(cc grpc.ClientConnInterface) ConfigClient { } func (c *configClient) Configure(ctx context.Context, in *ConfigureRequest, opts ...grpc.CallOption) (*ConfigureResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) out := new(ConfigureResponse) - err := c.cc.Invoke(ctx, "/spire.service.common.config.v1.Config/Configure", in, out, opts...) + err := c.cc.Invoke(ctx, Config_Configure_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *configClient) Validate(ctx context.Context, in *ValidateRequest, opts ...grpc.CallOption) (*ValidateResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(ValidateResponse) + err := c.cc.Invoke(ctx, Config_Validate_FullMethodName, in, out, cOpts...) if err != nil { return nil, err } @@ -47,7 +70,7 @@ func (c *configClient) Configure(ctx context.Context, in *ConfigureRequest, opts // ConfigServer is the server API for Config service. // All implementations must embed UnimplementedConfigServer -// for forward compatibility +// for forward compatibility. type ConfigServer interface { // Configure is called by SPIRE to configure the plugin with the plugin // specific configuration data and a set of SPIRE core configuration. It is @@ -57,17 +80,27 @@ type ConfigServer interface { // calls to Configure can happen concurrently with other RPCs against the // plugin. Configure(context.Context, *ConfigureRequest) (*ConfigureResponse, error) + // Validate is called by SPIRE with a potential specific configuration for + // the plugin to determine if it is usable. + Validate(context.Context, *ValidateRequest) (*ValidateResponse, error) mustEmbedUnimplementedConfigServer() } -// UnimplementedConfigServer must be embedded to have forward compatible implementations. -type UnimplementedConfigServer struct { -} +// UnimplementedConfigServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedConfigServer struct{} func (UnimplementedConfigServer) Configure(context.Context, *ConfigureRequest) (*ConfigureResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method Configure not implemented") } +func (UnimplementedConfigServer) Validate(context.Context, *ValidateRequest) (*ValidateResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Validate not implemented") +} func (UnimplementedConfigServer) mustEmbedUnimplementedConfigServer() {} +func (UnimplementedConfigServer) testEmbeddedByValue() {} // UnsafeConfigServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to ConfigServer will @@ -77,6 +110,13 @@ type UnsafeConfigServer interface { } func RegisterConfigServer(s grpc.ServiceRegistrar, srv ConfigServer) { + // If the following call pancis, it indicates UnimplementedConfigServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } s.RegisterService(&Config_ServiceDesc, srv) } @@ -90,7 +130,7 @@ func _Config_Configure_Handler(srv interface{}, ctx context.Context, dec func(in } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: "/spire.service.common.config.v1.Config/Configure", + FullMethod: Config_Configure_FullMethodName, } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(ConfigServer).Configure(ctx, req.(*ConfigureRequest)) @@ -98,6 +138,24 @@ func _Config_Configure_Handler(srv interface{}, ctx context.Context, dec func(in return interceptor(ctx, in, info, handler) } +func _Config_Validate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ValidateRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ConfigServer).Validate(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: Config_Validate_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ConfigServer).Validate(ctx, req.(*ValidateRequest)) + } + return interceptor(ctx, in, info, handler) +} + // Config_ServiceDesc is the grpc.ServiceDesc for Config service. // It's only intended for direct use with grpc.RegisterService, // and not to be introspected or modified (even as a copy) @@ -109,6 +167,10 @@ var Config_ServiceDesc = grpc.ServiceDesc{ MethodName: "Configure", Handler: _Config_Configure_Handler, }, + { + MethodName: "Validate", + Handler: _Config_Validate_Handler, + }, }, Streams: []grpc.StreamDesc{}, Metadata: "spire/service/common/config/v1/config.proto", diff --git a/templates/agent/keymanager/keymanager.go b/templates/agent/keymanager/keymanager.go index fbfc55d..a0f1fa8 100644 --- a/templates/agent/keymanager/keymanager.go +++ b/templates/agent/keymanager/keymanager.go @@ -15,12 +15,12 @@ import ( ) var ( - // This compile time assertion ensures the plugin conforms properly to the + // This compile-time assertion ensures the plugin conforms properly to the // pluginsdk.NeedsLogger interface. // TODO: Remove if the plugin does not need the logger. _ pluginsdk.NeedsLogger = (*Plugin)(nil) - // This compile time assertion ensures the plugin conforms properly to the + // This compile-time assertion ensures the plugin conforms properly to the // pluginsdk.NeedsHostServices interface. // TODO: Remove if the plugin does not need host services. _ pluginsdk.NeedsHostServices = (*Plugin)(nil) @@ -50,22 +50,8 @@ type Plugin struct { logger hclog.Logger } -// SetLogger is called by the framework when the plugin is loaded and provides -// the plugin with a logger wired up to SPIRE's logging facilities. -// TODO: Remove if the plugin does not need the logger. -func (p *Plugin) SetLogger(logger hclog.Logger) { - p.logger = logger -} - -// BrokerHostServices is called by the framework when the plugin is loaded to -// give the plugin a chance to obtain clients to SPIRE host services. -// TODO: Remove if the plugin does not need host services. -func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { - // TODO: Use the broker to obtain host service clients - return nil -} - -// GenerateKey implements the KeyManager GenerateKey RPC +// GenerateKey implements the KeyManager GenerateKey RPC. Generates a new private key with the given ID. +// If a key already exists under that ID, it is overwritten and given a different fingerprint. func (p *Plugin) GenerateKey(ctx context.Context, req *keymanagerv1.GenerateKeyRequest) (*keymanagerv1.GenerateKeyResponse, error) { config, err := p.getConfig() if err != nil { @@ -80,7 +66,8 @@ func (p *Plugin) GenerateKey(ctx context.Context, req *keymanagerv1.GenerateKeyR return nil, status.Error(codes.Unimplemented, "not implemented") } -// GetPublicKey implements the KeyManager GetPublicKey RPC +// GetPublicKey implements the KeyManager GetPublicKey RPC. Gets the public key information for the private key managed +// by the plugin with the given ID. If a key with the given ID does not exist, NOT_FOUND is returned. func (p *Plugin) GetPublicKey(ctx context.Context, req *keymanagerv1.GetPublicKeyRequest) (*keymanagerv1.GetPublicKeyResponse, error) { config, err := p.getConfig() if err != nil { @@ -95,7 +82,8 @@ func (p *Plugin) GetPublicKey(ctx context.Context, req *keymanagerv1.GetPublicKe return nil, status.Error(codes.Unimplemented, "not implemented") } -// GetPublicKeys implements the KeyManager GetPublicKeys RPC +// GetPublicKeys implements the KeyManager GetPublicKeys RPC. Gets all public key information for the private keys +// managed by the plugin. func (p *Plugin) GetPublicKeys(ctx context.Context, req *keymanagerv1.GetPublicKeysRequest) (*keymanagerv1.GetPublicKeysResponse, error) { config, err := p.getConfig() if err != nil { @@ -110,7 +98,9 @@ func (p *Plugin) GetPublicKeys(ctx context.Context, req *keymanagerv1.GetPublicK return nil, status.Error(codes.Unimplemented, "not implemented") } -// SignData implements the KeyManager SignData RPC +// SignData implements the KeyManager SignData RPC. Signs data with the private key identified by the given ID. If a key +// with the given ID does not exist, NOT_FOUND is returned. The response contains the signed data and the fingerprint of +// the key used to sign the data. See the PublicKey message for more details on the role of the fingerprint. func (p *Plugin) SignData(ctx context.Context, req *keymanagerv1.SignDataRequest) (*keymanagerv1.SignDataResponse, error) { config, err := p.getConfig() if err != nil { @@ -126,7 +116,7 @@ func (p *Plugin) SignData(ctx context.Context, req *keymanagerv1.SignDataRequest } // Configure configures the plugin. This is invoked by SPIRE when the plugin is -// first loaded. In the future, tt may be invoked to reconfigure the plugin. +// first loaded. In the future, it may be invoked to reconfigure the plugin. // As such, it should replace the previous configuration atomically. // TODO: Remove if no configuration is required func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) (*configv1.ConfigureResponse, error) { @@ -142,6 +132,21 @@ func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) return &configv1.ConfigureResponse{}, nil } +// BrokerHostServices is called by the framework when the plugin is loaded to +// give the plugin a chance to obtain clients to SPIRE host services. +// TODO: Remove if the plugin does not need host services. +func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { + // TODO: Use the broker to obtain host service clients + return nil +} + +// SetLogger is called by the framework when the plugin is loaded and provides +// the plugin with a logger wired up to SPIRE's logging facilities. +// TODO: Remove if the plugin does not need the logger. +func (p *Plugin) SetLogger(logger hclog.Logger) { + p.logger = logger +} + // setConfig replaces the configuration atomically under a write lock. // TODO: Remove if no configuration is required func (p *Plugin) setConfig(config *Config) { diff --git a/templates/agent/keymanager/keymanager_test.go b/templates/agent/keymanager/keymanager_test.go index fde3cfe..f572a51 100644 --- a/templates/agent/keymanager/keymanager_test.go +++ b/templates/agent/keymanager/keymanager_test.go @@ -1,6 +1,7 @@ package keymanager_test import ( + "context" "testing" "github.com/spiffe/spire-plugin-sdk/pluginsdk" @@ -8,6 +9,8 @@ import ( keymanagerv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/agent/keymanager/v1" configv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/service/common/config/v1" "github.com/spiffe/spire-plugin-sdk/templates/agent/keymanager" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func Test(t *testing.T) { @@ -32,5 +35,23 @@ func Test(t *testing.T) { }, }) - // TODO: Invoke methods on the clients and assert the results + ctx := context.Background() + + // TODO: Remove if no configuration is required. + _, err := configClient.Configure(ctx, &configv1.ConfigureRequest{ + CoreConfiguration: &configv1.CoreConfiguration{TrustDomain: "example.org"}, + HclConfiguration: `{}`, + }) + assert.NoError(t, err) + + require.True(t, kmClient.IsInitialized()) + // TODO: Make assertions using the desired plugin behavior. + _, err = kmClient.GenerateKey(ctx, &keymanagerv1.GenerateKeyRequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") + _, err = kmClient.GetPublicKeys(ctx, &keymanagerv1.GetPublicKeysRequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") + _, err = kmClient.GetPublicKey(ctx, &keymanagerv1.GetPublicKeyRequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") + _, err = kmClient.SignData(ctx, &keymanagerv1.SignDataRequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") } diff --git a/templates/agent/nodeattestor/nodeattestor.go b/templates/agent/nodeattestor/nodeattestor.go index 42a8028..9c205ee 100644 --- a/templates/agent/nodeattestor/nodeattestor.go +++ b/templates/agent/nodeattestor/nodeattestor.go @@ -15,12 +15,12 @@ import ( ) var ( - // This compile time assertion ensures the plugin conforms properly to the + // This compile-time assertion ensures the plugin conforms properly to the // pluginsdk.NeedsLogger interface. // TODO: Remove if the plugin does not need the logger. _ pluginsdk.NeedsLogger = (*Plugin)(nil) - // This compile time assertion ensures the plugin conforms properly to the + // This compile-time assertion ensures the plugin conforms properly to the // pluginsdk.NeedsHostServices interface. // TODO: Remove if the plugin does not need host services. _ pluginsdk.NeedsHostServices = (*Plugin)(nil) @@ -50,22 +50,9 @@ type Plugin struct { logger hclog.Logger } -// SetLogger is called by the framework when the plugin is loaded and provides -// the plugin with a logger wired up to SPIRE's logging facilities. -// TODO: Remove if the plugin does not need the logger. -func (p *Plugin) SetLogger(logger hclog.Logger) { - p.logger = logger -} - -// BrokerHostServices is called by the framework when the plugin is loaded to -// give the plugin a chance to obtain clients to SPIRE host services. -// TODO: Remove if the plugin does not need host services. -func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { - // TODO: Use the broker to obtain host service clients - return nil -} - -// AidAttestation implements the NodeAttestor AidAttestation RPC +// AidAttestation implements the NodeAttestor AidAttestation RPC. AidAttestation facilitates attestation by returning +// the attestation payload and participating in attestation challenge/response. This RPC uses a bidirectional stream for +// communication. func (p *Plugin) AidAttestation(stream nodeattestorv1.NodeAttestor_AidAttestationServer) error { config, err := p.getConfig() if err != nil { @@ -81,7 +68,7 @@ func (p *Plugin) AidAttestation(stream nodeattestorv1.NodeAttestor_AidAttestatio } // Configure configures the plugin. This is invoked by SPIRE when the plugin is -// first loaded. In the future, tt may be invoked to reconfigure the plugin. +// first loaded. In the future, it may be invoked to reconfigure the plugin. // As such, it should replace the previous configuration atomically. // TODO: Remove if no configuration is required func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) (*configv1.ConfigureResponse, error) { @@ -97,6 +84,21 @@ func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) return &configv1.ConfigureResponse{}, nil } +// BrokerHostServices is called by the framework when the plugin is loaded to +// give the plugin a chance to obtain clients to SPIRE host services. +// TODO: Remove if the plugin does not need host services. +func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { + // TODO: Use the broker to obtain host service clients + return nil +} + +// SetLogger is called by the framework when the plugin is loaded and provides +// the plugin with a logger wired up to SPIRE's logging facilities. +// TODO: Remove if the plugin does not need the logger. +func (p *Plugin) SetLogger(logger hclog.Logger) { + p.logger = logger +} + // setConfig replaces the configuration atomically under a write lock. // TODO: Remove if no configuration is required func (p *Plugin) setConfig(config *Config) { diff --git a/templates/agent/nodeattestor/nodeattestor_test.go b/templates/agent/nodeattestor/nodeattestor_test.go index 71403ce..c8eb00b 100644 --- a/templates/agent/nodeattestor/nodeattestor_test.go +++ b/templates/agent/nodeattestor/nodeattestor_test.go @@ -1,6 +1,7 @@ package nodeattestor_test import ( + "context" "testing" "github.com/spiffe/spire-plugin-sdk/pluginsdk" @@ -8,6 +9,8 @@ import ( nodeattestorv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/agent/nodeattestor/v1" configv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/service/common/config/v1" "github.com/spiffe/spire-plugin-sdk/templates/agent/nodeattestor" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func Test(t *testing.T) { @@ -32,5 +35,20 @@ func Test(t *testing.T) { }, }) - // TODO: Invoke methods on the clients and assert the results + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + // TODO: Remove if no configuration is required. + _, err := configClient.Configure(ctx, &configv1.ConfigureRequest{ + CoreConfiguration: &configv1.CoreConfiguration{TrustDomain: "example.org"}, + HclConfiguration: `{}`, + }) + assert.NoError(t, err) + + require.True(t, naClient.IsInitialized()) + // TODO: Make assertions using the desired plugin behavior. + stream, err := naClient.AidAttestation(ctx) + require.NoError(t, err) + _, err = stream.Recv() + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") } diff --git a/templates/agent/svidstore/svidstore.go b/templates/agent/svidstore/svidstore.go index 14689c7..7bff342 100644 --- a/templates/agent/svidstore/svidstore.go +++ b/templates/agent/svidstore/svidstore.go @@ -15,12 +15,12 @@ import ( ) var ( - // This compile time assertion ensures the plugin conforms properly to the + // This compile-time assertion ensures the plugin conforms properly to the // pluginsdk.NeedsLogger interface. // TODO: Remove if the plugin does not need the logger. _ pluginsdk.NeedsLogger = (*Plugin)(nil) - // This compile time assertion ensures the plugin conforms properly to the + // This compile-time assertion ensures the plugin conforms properly to the // pluginsdk.NeedsHostServices interface. // TODO: Remove if the plugin does not need host services. _ pluginsdk.NeedsHostServices = (*Plugin)(nil) @@ -50,22 +50,7 @@ type Plugin struct { logger hclog.Logger } -// SetLogger is called by the framework when the plugin is loaded and provides -// the plugin with a logger wired up to SPIRE's logging facilities. -// TODO: Remove if the plugin does not need the logger. -func (p *Plugin) SetLogger(logger hclog.Logger) { - p.logger = logger -} - -// BrokerHostServices is called by the framework when the plugin is loaded to -// give the plugin a chance to obtain clients to SPIRE host services. -// TODO: Remove if the plugin does not need host services. -func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { - // TODO: Use the broker to obtain host service clients - return nil -} - -// DeleteX509SVID implements the SVIDStore DeleteX509SVID RPC +// DeleteX509SVID implements the SVIDStore DeleteX509SVID RPC. Puts an X509-SVID in a configured secrets store. func (p *Plugin) DeleteX509SVID(ctx context.Context, req *svidstorev1.DeleteX509SVIDRequest) (*svidstorev1.DeleteX509SVIDResponse, error) { config, err := p.getConfig() if err != nil { @@ -80,7 +65,7 @@ func (p *Plugin) DeleteX509SVID(ctx context.Context, req *svidstorev1.DeleteX509 return nil, status.Error(codes.Unimplemented, "not implemented") } -// PutX509SVID implements the SVIDStore PutX509SVID RPC +// PutX509SVID implements the SVIDStore PutX509SVID RPC. Deletes an SVID from the store. func (p *Plugin) PutX509SVID(ctx context.Context, req *svidstorev1.PutX509SVIDRequest) (*svidstorev1.PutX509SVIDResponse, error) { config, err := p.getConfig() if err != nil { @@ -96,7 +81,7 @@ func (p *Plugin) PutX509SVID(ctx context.Context, req *svidstorev1.PutX509SVIDRe } // Configure configures the plugin. This is invoked by SPIRE when the plugin is -// first loaded. In the future, tt may be invoked to reconfigure the plugin. +// first loaded. In the future, it may be invoked to reconfigure the plugin. // As such, it should replace the previous configuration atomically. // TODO: Remove if no configuration is required func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) (*configv1.ConfigureResponse, error) { @@ -112,6 +97,21 @@ func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) return &configv1.ConfigureResponse{}, nil } +// BrokerHostServices is called by the framework when the plugin is loaded to +// give the plugin a chance to obtain clients to SPIRE host services. +// TODO: Remove if the plugin does not need host services. +func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { + // TODO: Use the broker to obtain host service clients + return nil +} + +// SetLogger is called by the framework when the plugin is loaded and provides +// the plugin with a logger wired up to SPIRE's logging facilities. +// TODO: Remove if the plugin does not need the logger. +func (p *Plugin) SetLogger(logger hclog.Logger) { + p.logger = logger +} + // setConfig replaces the configuration atomically under a write lock. // TODO: Remove if no configuration is required func (p *Plugin) setConfig(config *Config) { diff --git a/templates/agent/svidstore/svidstore_test.go b/templates/agent/svidstore/svidstore_test.go index 775e3ac..37d07e3 100644 --- a/templates/agent/svidstore/svidstore_test.go +++ b/templates/agent/svidstore/svidstore_test.go @@ -1,6 +1,7 @@ package svidstore_test import ( + "context" "testing" "github.com/spiffe/spire-plugin-sdk/pluginsdk" @@ -8,6 +9,8 @@ import ( svidstorev1 "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/agent/svidstore/v1" configv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/service/common/config/v1" "github.com/spiffe/spire-plugin-sdk/templates/agent/svidstore" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func Test(t *testing.T) { @@ -32,5 +35,19 @@ func Test(t *testing.T) { }, }) - // TODO: Invoke methods on the clients and assert the results + ctx := context.Background() + + // TODO: Remove if no configuration is required. + _, err := configClient.Configure(ctx, &configv1.ConfigureRequest{ + CoreConfiguration: &configv1.CoreConfiguration{TrustDomain: "example.org"}, + HclConfiguration: `{}`, + }) + assert.NoError(t, err) + + require.True(t, ssClient.IsInitialized()) + // TODO: Make assertions using the desired plugin behavior. + _, err = ssClient.PutX509SVID(ctx, &svidstorev1.PutX509SVIDRequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") + _, err = ssClient.DeleteX509SVID(ctx, &svidstorev1.DeleteX509SVIDRequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") } diff --git a/templates/agent/workloadattestor/workloadattestor.go b/templates/agent/workloadattestor/workloadattestor.go index 430753d..8ed63be 100644 --- a/templates/agent/workloadattestor/workloadattestor.go +++ b/templates/agent/workloadattestor/workloadattestor.go @@ -15,12 +15,12 @@ import ( ) var ( - // This compile time assertion ensures the plugin conforms properly to the + // This compile-time assertion ensures the plugin conforms properly to the // pluginsdk.NeedsLogger interface. // TODO: Remove if the plugin does not need the logger. _ pluginsdk.NeedsLogger = (*Plugin)(nil) - // This compile time assertion ensures the plugin conforms properly to the + // This compile-time assertion ensures the plugin conforms properly to the // pluginsdk.NeedsHostServices interface. // TODO: Remove if the plugin does not need host services. _ pluginsdk.NeedsHostServices = (*Plugin)(nil) @@ -50,22 +50,11 @@ type Plugin struct { logger hclog.Logger } -// SetLogger is called by the framework when the plugin is loaded and provides -// the plugin with a logger wired up to SPIRE's logging facilities. -// TODO: Remove if the plugin does not need the logger. -func (p *Plugin) SetLogger(logger hclog.Logger) { - p.logger = logger -} - -// BrokerHostServices is called by the framework when the plugin is loaded to -// give the plugin a chance to obtain clients to SPIRE host services. -// TODO: Remove if the plugin does not need host services. -func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { - // TODO: Use the broker to obtain host service clients - return nil -} - -// Attest implements the WorkloadAttestor Attest RPC +// Attest implements the WorkloadAttestor Attest RPC. Attests the specified workload process. If the process is not one +// the attestor is in a position to attest (e.g. k8s attestor attesting a non-k8s workload), the call will succeed but +// return no selectors. If the process is one of the attestor is in a position to attest, but the attestor fails to +// gather all selectors related to that workload, the call will fail. Otherwise, the attestor will return one or more +// workload selectors. func (p *Plugin) Attest(ctx context.Context, req *workloadattestorv1.AttestRequest) (*workloadattestorv1.AttestResponse, error) { config, err := p.getConfig() if err != nil { @@ -81,7 +70,7 @@ func (p *Plugin) Attest(ctx context.Context, req *workloadattestorv1.AttestReque } // Configure configures the plugin. This is invoked by SPIRE when the plugin is -// first loaded. In the future, tt may be invoked to reconfigure the plugin. +// first loaded. In the future, it may be invoked to reconfigure the plugin. // As such, it should replace the previous configuration atomically. // TODO: Remove if no configuration is required func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) (*configv1.ConfigureResponse, error) { @@ -97,6 +86,21 @@ func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) return &configv1.ConfigureResponse{}, nil } +// BrokerHostServices is called by the framework when the plugin is loaded to +// give the plugin a chance to obtain clients to SPIRE host services. +// TODO: Remove if the plugin does not need host services. +func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { + // TODO: Use the broker to obtain host service clients + return nil +} + +// SetLogger is called by the framework when the plugin is loaded and provides +// the plugin with a logger wired up to SPIRE's logging facilities. +// TODO: Remove if the plugin does not need the logger. +func (p *Plugin) SetLogger(logger hclog.Logger) { + p.logger = logger +} + // setConfig replaces the configuration atomically under a write lock. // TODO: Remove if no configuration is required func (p *Plugin) setConfig(config *Config) { diff --git a/templates/agent/workloadattestor/workloadattestor_test.go b/templates/agent/workloadattestor/workloadattestor_test.go index 9537b4b..c895c00 100644 --- a/templates/agent/workloadattestor/workloadattestor_test.go +++ b/templates/agent/workloadattestor/workloadattestor_test.go @@ -1,6 +1,7 @@ package workloadattestor_test import ( + "context" "testing" "github.com/spiffe/spire-plugin-sdk/pluginsdk" @@ -8,6 +9,8 @@ import ( workloadattestorv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/agent/workloadattestor/v1" configv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/service/common/config/v1" "github.com/spiffe/spire-plugin-sdk/templates/agent/workloadattestor" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func Test(t *testing.T) { @@ -32,5 +35,18 @@ func Test(t *testing.T) { }, }) - // TODO: Invoke methods on the clients and assert the results + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + // TODO: Remove if no configuration is required. + _, err := configClient.Configure(ctx, &configv1.ConfigureRequest{ + CoreConfiguration: &configv1.CoreConfiguration{TrustDomain: "example.org"}, + HclConfiguration: `{}`, + }) + assert.NoError(t, err) + + require.True(t, waClient.IsInitialized()) + // TODO: Make assertions using the desired plugin behavior. + _, err = waClient.Attest(ctx, &workloadattestorv1.AttestRequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") } diff --git a/templates/server/noderesolver/noderesolver.go b/templates/server/bundlepublisher/bundlepublisher.go similarity index 88% rename from templates/server/noderesolver/noderesolver.go rename to templates/server/bundlepublisher/bundlepublisher.go index b241f1b..967a4ac 100644 --- a/templates/server/noderesolver/noderesolver.go +++ b/templates/server/bundlepublisher/bundlepublisher.go @@ -1,4 +1,4 @@ -package noderesolver +package bundlepublisher import ( "context" @@ -8,7 +8,7 @@ import ( "github.com/hashicorp/hcl" "github.com/spiffe/spire-plugin-sdk/pluginmain" "github.com/spiffe/spire-plugin-sdk/pluginsdk" - noderesolverv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/noderesolver/v1" + bundlepublisherv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/bundlepublisher/v1" configv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/service/common/config/v1" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" @@ -31,10 +31,10 @@ var ( type Config struct { } -// Plugin implements the NodeResolver plugin +// Plugin implements the BundlePublisher plugin type Plugin struct { - // UnimplementedNodeResolverServer is embedded to satisfy gRPC - noderesolverv1.UnimplementedNodeResolverServer + // UnimplementedBundlePublisherServer is embedded to satisfy gRPC + bundlepublisherv1.UnimplementedBundlePublisherServer // UnimplementedConfigServer is embedded to satisfy gRPC // TODO: Remove if this plugin does not require configuration @@ -65,8 +65,7 @@ func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { return nil } -// Attest implements the NodeResolver Attest RPC -func (p *Plugin) Resolve(ctx context.Context, req *noderesolverv1.ResolveRequest) (*noderesolverv1.ResolveResponse, error) { +func (p *Plugin) PublishBundle(ctx context.Context, req *bundlepublisherv1.PublishBundleRequest) (*bundlepublisherv1.PublishBundleResponse, error) { config, err := p.getConfig() if err != nil { return nil, err @@ -121,7 +120,7 @@ func main() { // Serve the plugin. This function call will not return. If there is a // failure to serve, the process will exit with a non-zero exit code. pluginmain.Serve( - noderesolverv1.NodeResolverPluginServer(plugin), + bundlepublisherv1.BundlePublisherPluginServer(plugin), // TODO: Remove if no configuration is required configv1.ConfigServiceServer(plugin), ) diff --git a/templates/server/noderesolver/noderesolver_test.go b/templates/server/bundlepublisher/bundlepublisher_test.go similarity index 68% rename from templates/server/noderesolver/noderesolver_test.go rename to templates/server/bundlepublisher/bundlepublisher_test.go index 38db5db..a924510 100644 --- a/templates/server/noderesolver/noderesolver_test.go +++ b/templates/server/bundlepublisher/bundlepublisher_test.go @@ -1,18 +1,18 @@ -package noderesolver_test +package bundlepublisher_test import ( "testing" "github.com/spiffe/spire-plugin-sdk/pluginsdk" "github.com/spiffe/spire-plugin-sdk/plugintest" - noderesolverv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/noderesolver/v1" + bundlepublisherv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/bundlepublisher/v1" configv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/service/common/config/v1" - "github.com/spiffe/spire-plugin-sdk/templates/server/noderesolver" + "github.com/spiffe/spire-plugin-sdk/templates/server/bundlepublisher" ) func Test(t *testing.T) { - plugin := new(noderesolver.Plugin) - nrClient := new(noderesolverv1.NodeResolverPluginClient) + plugin := new(bundlepublisher.Plugin) + pluginClient := new(bundlepublisherv1.BundlePublisherPluginClient) configClient := new(configv1.ConfigServiceClient) // Serve the plugin in the background with the configured plugin and @@ -22,8 +22,8 @@ func Test(t *testing.T) { // TODO: Provide host service server implementations if required by the // plugin. plugintest.ServeInBackground(t, plugintest.Config{ - PluginServer: noderesolverv1.NodeResolverPluginServer(plugin), - PluginClient: nrClient, + PluginServer: bundlepublisherv1.BundlePublisherPluginServer(plugin), + PluginClient: pluginClient, ServiceServers: []pluginsdk.ServiceServer{ configv1.ConfigServiceServer(plugin), }, diff --git a/templates/server/credentialcomposer/credentialcomposer.go b/templates/server/credentialcomposer/credentialcomposer.go new file mode 100644 index 0000000..0d2cc00 --- /dev/null +++ b/templates/server/credentialcomposer/credentialcomposer.go @@ -0,0 +1,207 @@ +package credentialcomposer + +import ( + "context" + "sync" + + "github.com/hashicorp/go-hclog" + "github.com/hashicorp/hcl" + "github.com/spiffe/spire-plugin-sdk/pluginmain" + "github.com/spiffe/spire-plugin-sdk/pluginsdk" + credentialcomposerv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/credentialcomposer/v1" + configv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/service/common/config/v1" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" +) + +var ( + // This compile-time assertion ensures the plugin conforms properly to the + // pluginsdk.NeedsLogger interface. + // TODO: Remove if the plugin does not need the logger. + _ pluginsdk.NeedsLogger = (*Plugin)(nil) + + // This compile-time assertion ensures the plugin conforms properly to the + // pluginsdk.NeedsHostServices interface. + // TODO: Remove if the plugin does not need host services. + _ pluginsdk.NeedsHostServices = (*Plugin)(nil) +) + +// Config defines the configuration for the plugin. +// TODO: Add relevant configurables or remove if no configuration is required. +type Config struct { +} + +// Plugin implements the CredentialComposer plugin +type Plugin struct { + // UnimplementedCredentialComposerServer is embedded to satisfy gRPC + credentialcomposerv1.UnimplementedCredentialComposerServer + + // UnimplementedConfigServer is embedded to satisfy gRPC + // TODO: Remove if this plugin does not require configuration + configv1.UnimplementedConfigServer + + // Configuration should be set atomically + // TODO: Remove if this plugin does not require configuration + configMtx sync.RWMutex + config *Config + + // The logger received from the framework via the SetLogger method + // TODO: Remove if this plugin does not need the logger. + logger hclog.Logger +} + +// ComposeServerX509CA implements the CredentialComposer ComposeServerX509CA RPC. Composes the SPIRE Server X509 CA. +// The server will supply the default attributes it will apply to the CA. If the plugin returns an empty response or +// NOT_IMPLEMENTED, the server will apply the default attributes. Otherwise, the returned attributes are used. +// If a CA is produced that does not conform to the SPIFFE X509-SVID specification for signing certificates, it will be rejected. +func (p *Plugin) ComposeServerX509CA(ctx context.Context, req *credentialcomposerv1.ComposeServerX509CARequest) (*credentialcomposerv1.ComposeServerX509CAResponse, error) { + config, err := p.getConfig() + if err != nil { + return nil, err + } + + // TODO: Implement the RPC behavior. The following line silences compiler + // warnings and can be removed once the configuration is referenced by the + // implementation. + config = config + + return nil, status.Error(codes.Unimplemented, "not implemented") +} + +// ComposeServerX509SVID implements the CredentialComposer ComposeServerX509SVID RPC. Composes the SPIRE Server X509-SVID. +// The server will supply the default attributes it will apply to the server X509-SVID. If the plugin returns an empty +// response or NOT_IMPLEMENTED, the server will apply the default attributes. Otherwise, the returned attributes are +// used. If an X509-SVID is produced that does not conform to the SPIFFE X509-SVID specification for leaf certificates, +// it will be rejected. This function cannot be used to modify the SPIFFE ID of the X509-SVID. +func (p *Plugin) ComposeServerX509SVID(ctx context.Context, req *credentialcomposerv1.ComposeServerX509SVIDRequest) (*credentialcomposerv1.ComposeServerX509SVIDResponse, error) { + config, err := p.getConfig() + if err != nil { + return nil, err + } + + // TODO: Implement the RPC behavior. The following line silences compiler + // warnings and can be removed once the configuration is referenced by the + // implementation. + config = config + + return nil, status.Error(codes.Unimplemented, "not implemented") +} + +// ComposeAgentX509SVID implements the CredentialComposer ComposeAgentX509SVID RPC. Composes the SPIRE Agent X509-SVID. +// The server will supply the default attributes it will apply to the agent X509-SVID. If the plugin returns an empty +// response or NOT_IMPLEMENTED, the server will apply the default attributes. Otherwise, the returned attributes are used. +// If an X509-SVID is produced that does not conform to the SPIFFE X509-SVID specification for leaf certificates, it will +// be rejected. This function cannot be used to modify the SPIFFE ID of the X509-SVID. +func (p *Plugin) ComposeAgentX509SVID(ctx context.Context, req *credentialcomposerv1.ComposeAgentX509SVIDRequest) (*credentialcomposerv1.ComposeAgentX509SVIDResponse, error) { + config, err := p.getConfig() + if err != nil { + return nil, err + } + + // TODO: Implement the RPC behavior. The following line silences compiler + // warnings and can be removed once the configuration is referenced by the + // implementation. + config = config + + return nil, status.Error(codes.Unimplemented, "not implemented") +} + +// ComposeWorkloadX509SVID implements the CredentialComposer ComposeWorkloadX509SVID RPC. Composes workload X509-SVIDs. +// The server will supply the default attributes it will apply to the workload X509-SVID. If the plugin returns an empty +// response or NOT_IMPLEMENTED, the server will apply the default attributes. Otherwise, the returned attributes are used. +// If an X509-SVID is produced that does not conform to the SPIFFE X509-SVID specification for leaf certificates, it will +// be rejected. This function cannot be used to modify the SPIFFE ID of the X509-SVID. +func (p *Plugin) ComposeWorkloadX509SVID(ctx context.Context, req *credentialcomposerv1.ComposeWorkloadX509SVIDRequest) (*credentialcomposerv1.ComposeWorkloadX509SVIDResponse, error) { + config, err := p.getConfig() + if err != nil { + return nil, err + } + + // TODO: Implement the RPC behavior. The following line silences compiler + // warnings and can be removed once the configuration is referenced by the + // implementation. + config = config + + return nil, status.Error(codes.Unimplemented, "not implemented") +} + +// ComposeWorkloadJWTSVID implements the CredentialComposer ComposeWorkloadJWTSVID RPC. Composes workload JWT-SVIDs. +// The server will supply the default attributes it will apply to the workload JWT-SVID. If the plugin returns an empty +// response or NOT_IMPLEMENTED, the server will apply the default attributes. Otherwise, the returned attributes are used. +// If a JWT-SVID is produced that does not conform to the SPIFFE JWT-SVID specification, it will be rejected. +// This function cannot be used to modify the SPIFFE ID of the JWT-SVID. +func (p *Plugin) ComposeWorkloadJWTSVID(ctx context.Context, req *credentialcomposerv1.ComposeWorkloadJWTSVIDRequest) (*credentialcomposerv1.ComposeWorkloadJWTSVIDResponse, error) { + config, err := p.getConfig() + if err != nil { + return nil, err + } + + // TODO: Implement the RPC behavior. The following line silences compiler + // warnings and can be removed once the configuration is referenced by the + // implementation. + config = config + + return nil, status.Error(codes.Unimplemented, "not implemented") +} + +// Configure configures the plugin. This is invoked by SPIRE when the plugin is +// first loaded. In the future, it may be invoked to reconfigure the plugin. +// As such, it should replace the previous configuration atomically. +// TODO: Remove if no configuration is required +func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) (*configv1.ConfigureResponse, error) { + config := new(Config) + if err := hcl.Decode(config, req.HclConfiguration); err != nil { + return nil, status.Errorf(codes.InvalidArgument, "failed to decode configuration: %v", err) + } + + // TODO: Validate configuration before setting/replacing existing + // configuration + + p.setConfig(config) + return &configv1.ConfigureResponse{}, nil +} + +// BrokerHostServices is called by the framework when the plugin is loaded to +// give the plugin a chance to obtain clients to SPIRE host services. +// TODO: Remove if the plugin does not need host services. +func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { + // TODO: Use the broker to obtain host service clients + return nil +} + +// SetLogger is called by the framework when the plugin is loaded and provides +// the plugin with a logger wired up to SPIRE's logging facilities. +// TODO: Remove if the plugin does not need the logger. +func (p *Plugin) SetLogger(logger hclog.Logger) { + p.logger = logger +} + +// setConfig replaces the configuration atomically under a write lock. +// TODO: Remove if no configuration is required +func (p *Plugin) setConfig(config *Config) { + p.configMtx.Lock() + p.config = config + p.configMtx.Unlock() +} + +// getConfig gets the configuration under a read lock. +// TODO: Remove if no configuration is required +func (p *Plugin) getConfig() (*Config, error) { + p.configMtx.RLock() + defer p.configMtx.RUnlock() + if p.config == nil { + return nil, status.Error(codes.FailedPrecondition, "not configured") + } + return p.config, nil +} + +func main() { + plugin := new(Plugin) + // Serve the plugin. This function call will not return. If there is a + // failure to serve, the process will exit with a non-zero exit code. + pluginmain.Serve( + credentialcomposerv1.CredentialComposerPluginServer(plugin), + // TODO: Remove if no configuration is required + configv1.ConfigServiceServer(plugin), + ) +} diff --git a/templates/server/credentialcomposer/credentialcomposer_test.go b/templates/server/credentialcomposer/credentialcomposer_test.go new file mode 100644 index 0000000..edad0e9 --- /dev/null +++ b/templates/server/credentialcomposer/credentialcomposer_test.go @@ -0,0 +1,59 @@ +package credentialcomposer_test + +import ( + "context" + "testing" + + "github.com/spiffe/spire-plugin-sdk/pluginsdk" + "github.com/spiffe/spire-plugin-sdk/plugintest" + credentialcomposerv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/credentialcomposer/v1" + configv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/service/common/config/v1" + "github.com/spiffe/spire-plugin-sdk/templates/server/credentialcomposer" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func Test(t *testing.T) { + plugin := new(credentialcomposer.Plugin) + pluginClient := new(credentialcomposerv1.CredentialComposerPluginClient) + configClient := new(configv1.ConfigServiceClient) + + // Serve the plugin in the background with the configured plugin and + // service servers. The servers will be cleaned up when the test finishes. + // TODO: Remove the config service server and client if no configuration + // is required. + // TODO: Provide host service server implementations if required by the + // plugin. + plugintest.ServeInBackground(t, plugintest.Config{ + PluginServer: credentialcomposerv1.CredentialComposerPluginServer(plugin), + PluginClient: pluginClient, + ServiceServers: []pluginsdk.ServiceServer{ + configv1.ConfigServiceServer(plugin), + }, + ServiceClients: []pluginsdk.ServiceClient{ + configClient, + }, + }) + + ctx := context.Background() + + // TODO: Remove if no configuration is required. + _, err := configClient.Configure(ctx, &configv1.ConfigureRequest{ + CoreConfiguration: &configv1.CoreConfiguration{TrustDomain: "example.org"}, + HclConfiguration: `{}`, + }) + assert.NoError(t, err) + + require.True(t, pluginClient.IsInitialized()) + // TODO: Make assertions using the desired plugin behavior. + _, err = pluginClient.ComposeServerX509CA(ctx, &credentialcomposerv1.ComposeServerX509CARequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") + _, err = pluginClient.ComposeServerX509SVID(ctx, &credentialcomposerv1.ComposeServerX509SVIDRequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") + _, err = pluginClient.ComposeAgentX509SVID(ctx, &credentialcomposerv1.ComposeAgentX509SVIDRequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") + _, err = pluginClient.ComposeWorkloadX509SVID(ctx, &credentialcomposerv1.ComposeWorkloadX509SVIDRequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") + _, err = pluginClient.ComposeWorkloadJWTSVID(ctx, &credentialcomposerv1.ComposeWorkloadJWTSVIDRequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") +} diff --git a/templates/server/keymanager/keymanager.go b/templates/server/keymanager/keymanager.go index fd9fd28..6a03668 100644 --- a/templates/server/keymanager/keymanager.go +++ b/templates/server/keymanager/keymanager.go @@ -15,12 +15,12 @@ import ( ) var ( - // This compile time assertion ensures the plugin conforms properly to the + // This compile-time assertion ensures the plugin conforms properly to the // pluginsdk.NeedsLogger interface. // TODO: Remove if the plugin does not need the logger. _ pluginsdk.NeedsLogger = (*Plugin)(nil) - // This compile time assertion ensures the plugin conforms properly to the + // This compile-time assertion ensures the plugin conforms properly to the // pluginsdk.NeedsHostServices interface. // TODO: Remove if the plugin does not need host services. _ pluginsdk.NeedsHostServices = (*Plugin)(nil) @@ -50,22 +50,8 @@ type Plugin struct { logger hclog.Logger } -// SetLogger is called by the framework when the plugin is loaded and provides -// the plugin with a logger wired up to SPIRE's logging facilities. -// TODO: Remove if the plugin does not need the logger. -func (p *Plugin) SetLogger(logger hclog.Logger) { - p.logger = logger -} - -// BrokerHostServices is called by the framework when the plugin is loaded to -// give the plugin a chance to obtain clients to SPIRE host services. -// TODO: Remove if the plugin does not need host services. -func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { - // TODO: Use the broker to obtain host service clients - return nil -} - -// GenerateKey implements the KeyManager GenerateKey RPC +// GenerateKey implements the KeyManager GenerateKey RPC. Generates a new private key with the given ID. +// If a key already exists under that ID, it is overwritten and given a different fingerprint. func (p *Plugin) GenerateKey(ctx context.Context, req *keymanagerv1.GenerateKeyRequest) (*keymanagerv1.GenerateKeyResponse, error) { config, err := p.getConfig() if err != nil { @@ -80,7 +66,8 @@ func (p *Plugin) GenerateKey(ctx context.Context, req *keymanagerv1.GenerateKeyR return nil, status.Error(codes.Unimplemented, "not implemented") } -// GetPublicKey implements the KeyManager GetPublicKey RPC +// GetPublicKey implements the KeyManager GetPublicKey RPC. Gets the public key information for the private key managed +// by the plugin with the given ID. If a key with the given ID does not exist, NOT_FOUND is returned. func (p *Plugin) GetPublicKey(ctx context.Context, req *keymanagerv1.GetPublicKeyRequest) (*keymanagerv1.GetPublicKeyResponse, error) { config, err := p.getConfig() if err != nil { @@ -95,7 +82,8 @@ func (p *Plugin) GetPublicKey(ctx context.Context, req *keymanagerv1.GetPublicKe return nil, status.Error(codes.Unimplemented, "not implemented") } -// GetPublicKeys implements the KeyManager GetPublicKeys RPC +// GetPublicKeys implements the KeyManager GetPublicKeys RPC. Gets all public key information for the private keys +// managed by the plugin. func (p *Plugin) GetPublicKeys(ctx context.Context, req *keymanagerv1.GetPublicKeysRequest) (*keymanagerv1.GetPublicKeysResponse, error) { config, err := p.getConfig() if err != nil { @@ -110,7 +98,9 @@ func (p *Plugin) GetPublicKeys(ctx context.Context, req *keymanagerv1.GetPublicK return nil, status.Error(codes.Unimplemented, "not implemented") } -// SignData implements the KeyManager SignData RPC +// SignData implements the KeyManager SignData RPC. Signs data with the private key identified by the given ID. If a key +// with the given ID does not exist, NOT_FOUND is returned. The response contains the signed data and the fingerprint of +// the key used to sign the data. See the PublicKey message for more details on the role of the fingerprint. func (p *Plugin) SignData(ctx context.Context, req *keymanagerv1.SignDataRequest) (*keymanagerv1.SignDataResponse, error) { config, err := p.getConfig() if err != nil { @@ -126,7 +116,7 @@ func (p *Plugin) SignData(ctx context.Context, req *keymanagerv1.SignDataRequest } // Configure configures the plugin. This is invoked by SPIRE when the plugin is -// first loaded. In the future, tt may be invoked to reconfigure the plugin. +// first loaded. In the future, it may be invoked to reconfigure the plugin. // As such, it should replace the previous configuration atomically. // TODO: Remove if no configuration is required func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) (*configv1.ConfigureResponse, error) { @@ -142,6 +132,21 @@ func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) return &configv1.ConfigureResponse{}, nil } +// BrokerHostServices is called by the framework when the plugin is loaded to +// give the plugin a chance to obtain clients to SPIRE host services. +// TODO: Remove if the plugin does not need host services. +func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { + // TODO: Use the broker to obtain host service clients + return nil +} + +// SetLogger is called by the framework when the plugin is loaded and provides +// the plugin with a logger wired up to SPIRE's logging facilities. +// TODO: Remove if the plugin does not need the logger. +func (p *Plugin) SetLogger(logger hclog.Logger) { + p.logger = logger +} + // setConfig replaces the configuration atomically under a write lock. // TODO: Remove if no configuration is required func (p *Plugin) setConfig(config *Config) { diff --git a/templates/server/keymanager/keymanager_test.go b/templates/server/keymanager/keymanager_test.go index 717b083..d5d0b6c 100644 --- a/templates/server/keymanager/keymanager_test.go +++ b/templates/server/keymanager/keymanager_test.go @@ -1,6 +1,7 @@ package keymanager_test import ( + "context" "testing" "github.com/spiffe/spire-plugin-sdk/pluginsdk" @@ -8,6 +9,8 @@ import ( keymanagerv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/keymanager/v1" configv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/service/common/config/v1" "github.com/spiffe/spire-plugin-sdk/templates/server/keymanager" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func Test(t *testing.T) { @@ -32,5 +35,23 @@ func Test(t *testing.T) { }, }) - // TODO: Invoke methods on the clients and assert the results + ctx := context.Background() + + // TODO: Remove if no configuration is required. + _, err := configClient.Configure(ctx, &configv1.ConfigureRequest{ + CoreConfiguration: &configv1.CoreConfiguration{TrustDomain: "example.org"}, + HclConfiguration: `{}`, + }) + assert.NoError(t, err) + + require.True(t, kmClient.IsInitialized()) + // TODO: Make assertions using the desired plugin behavior. + _, err = kmClient.GenerateKey(ctx, &keymanagerv1.GenerateKeyRequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") + _, err = kmClient.GetPublicKeys(ctx, &keymanagerv1.GetPublicKeysRequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") + _, err = kmClient.GetPublicKey(ctx, &keymanagerv1.GetPublicKeyRequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") + _, err = kmClient.SignData(ctx, &keymanagerv1.SignDataRequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") } diff --git a/templates/server/nodeattestor/nodeattestor.go b/templates/server/nodeattestor/nodeattestor.go index 4e721bb..4ad8314 100644 --- a/templates/server/nodeattestor/nodeattestor.go +++ b/templates/server/nodeattestor/nodeattestor.go @@ -15,12 +15,12 @@ import ( ) var ( - // This compile time assertion ensures the plugin conforms properly to the + // This compile-time assertion ensures the plugin conforms properly to the // pluginsdk.NeedsLogger interface. // TODO: Remove if the plugin does not need the logger. _ pluginsdk.NeedsLogger = (*Plugin)(nil) - // This compile time assertion ensures the plugin conforms properly to the + // This compile-time assertion ensures the plugin conforms properly to the // pluginsdk.NeedsHostServices interface. // TODO: Remove if the plugin does not need host services. _ pluginsdk.NeedsHostServices = (*Plugin)(nil) @@ -50,22 +50,9 @@ type Plugin struct { logger hclog.Logger } -// SetLogger is called by the framework when the plugin is loaded and provides -// the plugin with a logger wired up to SPIRE's logging facilities. -// TODO: Remove if the plugin does not need the logger. -func (p *Plugin) SetLogger(logger hclog.Logger) { - p.logger = logger -} - -// BrokerHostServices is called by the framework when the plugin is loaded to -// give the plugin a chance to obtain clients to SPIRE host services. -// TODO: Remove if the plugin does not need host services. -func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { - // TODO: Use the broker to obtain host service clients - return nil -} - -// Attest implements the NodeAttestor Attest RPC +// Attest implements the NodeAttestor Attest RPC. Attest attests attestation payload received from the agent and +// optionally participates in challenge/response attestation mechanics. This RPC uses a bidirectional stream for +// communication. func (p *Plugin) Attest(stream nodeattestorv1.NodeAttestor_AttestServer) error { config, err := p.getConfig() if err != nil { @@ -81,7 +68,7 @@ func (p *Plugin) Attest(stream nodeattestorv1.NodeAttestor_AttestServer) error { } // Configure configures the plugin. This is invoked by SPIRE when the plugin is -// first loaded. In the future, tt may be invoked to reconfigure the plugin. +// first loaded. In the future, it may be invoked to reconfigure the plugin. // As such, it should replace the previous configuration atomically. // TODO: Remove if no configuration is required func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) (*configv1.ConfigureResponse, error) { @@ -97,6 +84,21 @@ func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) return &configv1.ConfigureResponse{}, nil } +// BrokerHostServices is called by the framework when the plugin is loaded to +// give the plugin a chance to obtain clients to SPIRE host services. +// TODO: Remove if the plugin does not need host services. +func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { + // TODO: Use the broker to obtain host service clients + return nil +} + +// SetLogger is called by the framework when the plugin is loaded and provides +// the plugin with a logger wired up to SPIRE's logging facilities. +// TODO: Remove if the plugin does not need the logger. +func (p *Plugin) SetLogger(logger hclog.Logger) { + p.logger = logger +} + // setConfig replaces the configuration atomically under a write lock. // TODO: Remove if no configuration is required func (p *Plugin) setConfig(config *Config) { diff --git a/templates/server/nodeattestor/nodeattestor_test.go b/templates/server/nodeattestor/nodeattestor_test.go index 9eabe16..a484a2d 100644 --- a/templates/server/nodeattestor/nodeattestor_test.go +++ b/templates/server/nodeattestor/nodeattestor_test.go @@ -1,6 +1,7 @@ package nodeattestor_test import ( + "context" "testing" "github.com/spiffe/spire-plugin-sdk/pluginsdk" @@ -8,6 +9,8 @@ import ( nodeattestorv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/nodeattestor/v1" configv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/service/common/config/v1" "github.com/spiffe/spire-plugin-sdk/templates/server/nodeattestor" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func Test(t *testing.T) { @@ -32,5 +35,20 @@ func Test(t *testing.T) { }, }) - // TODO: Invoke methods on the clients and assert the results + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + // TODO: Remove if no configuration is required. + _, err := configClient.Configure(ctx, &configv1.ConfigureRequest{ + CoreConfiguration: &configv1.CoreConfiguration{TrustDomain: "example.org"}, + HclConfiguration: `{}`, + }) + assert.NoError(t, err) + + require.True(t, naClient.IsInitialized()) + // TODO: Make assertions using the desired plugin behavior. + stream, err := naClient.Attest(ctx) + require.NoError(t, err) + _, err = stream.Recv() + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") } diff --git a/templates/server/notifier/notifier.go b/templates/server/notifier/notifier.go index d93c0b5..aa7096b 100644 --- a/templates/server/notifier/notifier.go +++ b/templates/server/notifier/notifier.go @@ -15,12 +15,12 @@ import ( ) var ( - // This compile time assertion ensures the plugin conforms properly to the + // This compile-time assertion ensures the plugin conforms properly to the // pluginsdk.NeedsLogger interface. // TODO: Remove if the plugin does not need the logger. _ pluginsdk.NeedsLogger = (*Plugin)(nil) - // This compile time assertion ensures the plugin conforms properly to the + // This compile-time assertion ensures the plugin conforms properly to the // pluginsdk.NeedsHostServices interface. // TODO: Remove if the plugin does not need host services. _ pluginsdk.NeedsHostServices = (*Plugin)(nil) @@ -50,21 +50,8 @@ type Plugin struct { logger hclog.Logger } -// SetLogger is called by the framework when the plugin is loaded and provides -// the plugin with a logger wired up to SPIRE's logging facilities. -// TODO: Remove if the plugin does not need the logger. -func (p *Plugin) SetLogger(logger hclog.Logger) { - p.logger = logger -} - -// BrokerHostServices is called by the framework when the plugin is loaded to -// give the plugin a chance to obtain clients to SPIRE host services. -// TODO: Remove if the plugin does not need host services. -func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { - // TODO: Use the broker to obtain host service clients - return nil -} - +// Notify implements the Notifier Notify RPC. Notify notifies the plugin that an event occurred. Errors returned by +// the plugin are logged but otherwise ignored. func (p *Plugin) Notify(ctx context.Context, req *notifierv1.NotifyRequest) (*notifierv1.NotifyResponse, error) { config, err := p.getConfig() if err != nil { @@ -79,6 +66,9 @@ func (p *Plugin) Notify(ctx context.Context, req *notifierv1.NotifyRequest) (*no return nil, status.Error(codes.Unimplemented, "not implemented") } +// NotifyAndAdvise implements the Notifier NotifyAndAdvise RPC. NotifyAndAdvise notifies the plugin that an event +// occurred and waits for a response. Errors returned by the plugin control SPIRE Server behavior. +// See NotifyAndAdviseRequest for per-event details. func (p *Plugin) NotifyAndAdvise(ctx context.Context, req *notifierv1.NotifyAndAdviseRequest) (*notifierv1.NotifyAndAdviseResponse, error) { config, err := p.getConfig() if err != nil { @@ -94,7 +84,7 @@ func (p *Plugin) NotifyAndAdvise(ctx context.Context, req *notifierv1.NotifyAndA } // Configure configures the plugin. This is invoked by SPIRE when the plugin is -// first loaded. In the future, tt may be invoked to reconfigure the plugin. +// first loaded. In the future, it may be invoked to reconfigure the plugin. // As such, it should replace the previous configuration atomically. // TODO: Remove if no configuration is required func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) (*configv1.ConfigureResponse, error) { @@ -110,6 +100,21 @@ func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) return &configv1.ConfigureResponse{}, nil } +// BrokerHostServices is called by the framework when the plugin is loaded to +// give the plugin a chance to obtain clients to SPIRE host services. +// TODO: Remove if the plugin does not need host services. +func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { + // TODO: Use the broker to obtain host service clients + return nil +} + +// SetLogger is called by the framework when the plugin is loaded and provides +// the plugin with a logger wired up to SPIRE's logging facilities. +// TODO: Remove if the plugin does not need the logger. +func (p *Plugin) SetLogger(logger hclog.Logger) { + p.logger = logger +} + // setConfig replaces the configuration atomically under a write lock. // TODO: Remove if no configuration is required func (p *Plugin) setConfig(config *Config) { diff --git a/templates/server/notifier/notifier_test.go b/templates/server/notifier/notifier_test.go index c3e1408..aae00c5 100644 --- a/templates/server/notifier/notifier_test.go +++ b/templates/server/notifier/notifier_test.go @@ -1,6 +1,7 @@ package notifier_test import ( + "context" "testing" "github.com/spiffe/spire-plugin-sdk/pluginsdk" @@ -8,11 +9,13 @@ import ( notifierv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/notifier/v1" configv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/service/common/config/v1" "github.com/spiffe/spire-plugin-sdk/templates/server/notifier" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func Test(t *testing.T) { plugin := new(notifier.Plugin) - notClient := new(notifierv1.NotifierPluginClient) + ntClient := new(notifierv1.NotifierPluginClient) configClient := new(configv1.ConfigServiceClient) // Serve the plugin in the background with the configured plugin and @@ -23,7 +26,7 @@ func Test(t *testing.T) { // plugin. plugintest.ServeInBackground(t, plugintest.Config{ PluginServer: notifierv1.NotifierPluginServer(plugin), - PluginClient: notClient, + PluginClient: ntClient, ServiceServers: []pluginsdk.ServiceServer{ configv1.ConfigServiceServer(plugin), }, @@ -32,5 +35,19 @@ func Test(t *testing.T) { }, }) - // TODO: Invoke methods on the clients and assert the results + ctx := context.Background() + + // TODO: Remove if no configuration is required. + _, err := configClient.Configure(ctx, &configv1.ConfigureRequest{ + CoreConfiguration: &configv1.CoreConfiguration{TrustDomain: "example.org"}, + HclConfiguration: `{}`, + }) + assert.NoError(t, err) + + require.True(t, ntClient.IsInitialized()) + // TODO: Make assertions using the desired plugin behavior. + _, err = ntClient.Notify(ctx, ¬ifierv1.NotifyRequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") + _, err = ntClient.NotifyAndAdvise(ctx, ¬ifierv1.NotifyAndAdviseRequest{}) + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") } diff --git a/templates/server/upstreamauthority/upstreamauthority.go b/templates/server/upstreamauthority/upstreamauthority.go index 7b527fd..b8f0e6d 100644 --- a/templates/server/upstreamauthority/upstreamauthority.go +++ b/templates/server/upstreamauthority/upstreamauthority.go @@ -15,12 +15,12 @@ import ( ) var ( - // This compile time assertion ensures the plugin conforms properly to the + // This compile-time assertion ensures the plugin conforms properly to the // pluginsdk.NeedsLogger interface. // TODO: Remove if the plugin does not need the logger. _ pluginsdk.NeedsLogger = (*Plugin)(nil) - // This compile time assertion ensures the plugin conforms properly to the + // This compile-time assertion ensures the plugin conforms properly to the // pluginsdk.NeedsHostServices interface. // TODO: Remove if the plugin does not need host services. _ pluginsdk.NeedsHostServices = (*Plugin)(nil) @@ -50,21 +50,14 @@ type Plugin struct { logger hclog.Logger } -// SetLogger is called by the framework when the plugin is loaded and provides -// the plugin with a logger wired up to SPIRE's logging facilities. -// TODO: Remove if the plugin does not need the logger. -func (p *Plugin) SetLogger(logger hclog.Logger) { - p.logger = logger -} - -// BrokerHostServices is called by the framework when the plugin is loaded to -// give the plugin a chance to obtain clients to SPIRE host services. -// TODO: Remove if the plugin does not need host services. -func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { - // TODO: Use the broker to obtain host service clients - return nil -} - +// MintX509CAAndSubscribe implements the UpstreamAuthority MintX509CAAndSubscribe RPC. Mints an X.509 CA and responds +// with the signed X.509 CA certificate chain and upstream X.509 roots. If supported by the implementation, subsequent +// responses on the stream contain upstream X.509 root updates, otherwise the stream is closed after the initial response. +// +// Implementation note: +// The stream should be kept open in the face of transient errors +// encountered while tracking changes to the upstream X.509 roots as SPIRE +// Server will not reopen a closed stream until the next X.509 CA rotation. func (p *Plugin) MintX509CAAndSubscribe(req *upstreamauthorityv1.MintX509CARequest, stream upstreamauthorityv1.UpstreamAuthority_MintX509CAAndSubscribeServer) error { config, err := p.getConfig() if err != nil { @@ -79,6 +72,16 @@ func (p *Plugin) MintX509CAAndSubscribe(req *upstreamauthorityv1.MintX509CAReque return status.Error(codes.Unimplemented, "not implemented") } +// PublishJWTKeyAndSubscribe implements the UpstreamAuthority PublishJWTKeyAndSubscribe RPC. Publishes a JWT signing key +// upstream and responds with the upstream JWT keys. If supported by the implementation, subsequent responses on the +// stream contain upstream JWT key updates, otherwise the stream is closed after the initial response. +// +// This RPC is optional and will return NotImplemented if unsupported. +// +// Implementation note: +// The stream should be kept open in the face of transient errors +// encountered while tracking changes to the upstream JWT keys as SPIRE +// Server will not reopen a closed stream until the next JWT key rotation. func (p *Plugin) PublishJWTKeyAndSubscribe(req *upstreamauthorityv1.PublishJWTKeyRequest, stream upstreamauthorityv1.UpstreamAuthority_PublishJWTKeyAndSubscribeServer) error { config, err := p.getConfig() if err != nil { @@ -94,7 +97,7 @@ func (p *Plugin) PublishJWTKeyAndSubscribe(req *upstreamauthorityv1.PublishJWTKe } // Configure configures the plugin. This is invoked by SPIRE when the plugin is -// first loaded. In the future, tt may be invoked to reconfigure the plugin. +// first loaded. In the future, it may be invoked to reconfigure the plugin. // As such, it should replace the previous configuration atomically. // TODO: Remove if no configuration is required func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) (*configv1.ConfigureResponse, error) { @@ -110,6 +113,21 @@ func (p *Plugin) Configure(ctx context.Context, req *configv1.ConfigureRequest) return &configv1.ConfigureResponse{}, nil } +// BrokerHostServices is called by the framework when the plugin is loaded to +// give the plugin a chance to obtain clients to SPIRE host services. +// TODO: Remove if the plugin does not need host services. +func (p *Plugin) BrokerHostServices(broker pluginsdk.ServiceBroker) error { + // TODO: Use the broker to obtain host service clients + return nil +} + +// SetLogger is called by the framework when the plugin is loaded and provides +// the plugin with a logger wired up to SPIRE's logging facilities. +// TODO: Remove if the plugin does not need the logger. +func (p *Plugin) SetLogger(logger hclog.Logger) { + p.logger = logger +} + // setConfig replaces the configuration atomically under a write lock. // TODO: Remove if no configuration is required func (p *Plugin) setConfig(config *Config) { diff --git a/templates/server/upstreamauthority/upstreamauthority_test.go b/templates/server/upstreamauthority/upstreamauthority_test.go index 2102372..dbbf091 100644 --- a/templates/server/upstreamauthority/upstreamauthority_test.go +++ b/templates/server/upstreamauthority/upstreamauthority_test.go @@ -1,6 +1,7 @@ package upstreamauthority_test import ( + "context" "testing" "github.com/spiffe/spire-plugin-sdk/pluginsdk" @@ -8,6 +9,8 @@ import ( upstreamauthorityv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/server/upstreamauthority/v1" configv1 "github.com/spiffe/spire-plugin-sdk/proto/spire/service/common/config/v1" "github.com/spiffe/spire-plugin-sdk/templates/server/upstreamauthority" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" ) func Test(t *testing.T) { @@ -32,5 +35,24 @@ func Test(t *testing.T) { }, }) - // TODO: Invoke methods on the clients and assert the results + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + // TODO: Remove if no configuration is required. + _, err := configClient.Configure(ctx, &configv1.ConfigureRequest{ + CoreConfiguration: &configv1.CoreConfiguration{TrustDomain: "example.org"}, + HclConfiguration: `{}`, + }) + assert.NoError(t, err) + + require.True(t, uaClient.IsInitialized()) + // TODO: Make assertions using the desired plugin behavior. + mintStream, err := uaClient.MintX509CAAndSubscribe(ctx, &upstreamauthorityv1.MintX509CARequest{}) + require.NoError(t, err) + _, err = mintStream.Recv() + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") + publishStream, err := uaClient.PublishJWTKeyAndSubscribe(ctx, &upstreamauthorityv1.PublishJWTKeyRequest{}) + require.NoError(t, err) + _, err = publishStream.Recv() + assert.EqualError(t, err, "rpc error: code = Unimplemented desc = not implemented") }