diff --git a/buf.lock b/buf.lock index d15a117..709ae02 100644 --- a/buf.lock +++ b/buf.lock @@ -2,5 +2,5 @@ version: v2 deps: - name: buf.build/bufbuild/protovalidate - commit: 80ab13bee0bf4272b6161a72bf7034e0 - digest: b5:1aa6a965be5d02d64e1d81954fa2e78ef9d1e33a0c30f92bc2626039006a94deb3a5b05f14ed8893f5c3ffce444ac008f7e968188ad225c4c29c813aa5f2daa1 + commit: 50325440f8f24053b047484a6bf60b76 + digest: b5:74cb6f5c0853c3c10aafc701614194bbd63326bdb8ef4068214454b8894b03ba4113e04b3a33a8321cdf05336e37db4dc14a5e2495db8462566914f36086ba31 diff --git a/cmd/protoc-gen-go-extension/main.go b/cmd/protoc-gen-go-extension/main.go index 33dd7a6..da6e412 100644 --- a/cmd/protoc-gen-go-extension/main.go +++ b/cmd/protoc-gen-go-extension/main.go @@ -99,7 +99,7 @@ func generateServiceBridges(g *protogen.GeneratedFile, serviceName, serviceFullN g.P() g.P("const (") if isPlugin { - g.P(" Type = ", strconv.Quote(serviceName)) + g.P(" Type = ", strconv.Quote(strings.TrimSuffix(serviceName, "Service"))) } g.P(" GRPCServiceFullName = ", strconv.Quote(serviceFullName)) g.P(")") diff --git a/internal/proto/service/init/v1/init.pb.go b/internal/proto/service/init/v1/init.pb.go index 9b50700..a0fe002 100644 --- a/internal/proto/service/init/v1/init.pb.go +++ b/internal/proto/service/init/v1/init.pb.go @@ -7,11 +7,10 @@ package initv1 import ( - reflect "reflect" - sync "sync" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" ) const ( diff --git a/internal/proto/service/init/v1/init_ext_service.pb.go b/internal/proto/service/init/v1/init_ext_service.pb.go index 2eb7c75..11b10a7 100644 --- a/internal/proto/service/init/v1/init_ext_service.pb.go +++ b/internal/proto/service/init/v1/init_ext_service.pb.go @@ -3,9 +3,8 @@ package initv1 import ( - grpc "google.golang.org/grpc" - api "github.com/openkcm/plugin-sdk/api" + grpc "google.golang.org/grpc" ) const ( diff --git a/internal/proto/service/init/v1/init_grpc.pb.go b/internal/proto/service/init/v1/init_grpc.pb.go index f4f4276..7fd786d 100644 --- a/internal/proto/service/init/v1/init_grpc.pb.go +++ b/internal/proto/service/init/v1/init_grpc.pb.go @@ -8,7 +8,6 @@ package initv1 import ( context "context" - grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" diff --git a/pkg/catalog/plugin.go b/pkg/catalog/plugin.go index 4343dca..e3dbc47 100644 --- a/pkg/catalog/plugin.go +++ b/pkg/catalog/plugin.go @@ -24,40 +24,21 @@ import ( type PluginConfigs []PluginConfig type PluginConfig struct { - // Name of the plugin - Name string - - // Type is the plugin type - Type string - - // Path is the path on disk to the plugin. - Path string - - // Args are the command line arguments to supply to the plugin - Args []string - - // Env is the environment variables to supply to the plugin - Env map[string]string - - // Checksum is the hex-encoded SHA256 hash of the plugin binary. - Checksum string - - Version uint32 - - DataSource DataSource - - YamlConfiguration string - - LogLevel string - - Disabled bool - - Logger *slog.Logger - + Name string `yaml:"name" json:"name"` + Type string `yaml:"type" json:"type"` + Path string `yaml:"path" json:"path"` + Args []string `yaml:"args" json:"args"` + Env map[string]string `yaml:"env" json:"env"` + Checksum string `yaml:"checksum" json:"checksum"` + Version uint32 `yaml:"version" json:"version"` + YamlConfiguration string `yaml:"yamlConfiguration" json:"yamlConfiguration"` + LogLevel string `yaml:"logLevel" json:"logLevel"` + Disabled bool `yaml:"disabled" json:"disabled"` + Tags []string `yaml:"tags" json:"tags"` + + Logger *slog.Logger + DataSource DataSource HostServices []api.ServiceServer - - // Tags are the metadata associated with a plugin these can be used to filter plugins later e.g. ['FeatureA'] on client side. - Tags []string } func (c *PluginConfig) IsExternal() bool { diff --git a/proto/plugin/certificate_issuer/v1/certificate_issuer_ext_plugin.pb.go b/proto/plugin/certificate_issuer/v1/certificate_issuer_ext_plugin.pb.go index dfe9e3a..7d0d285 100644 --- a/proto/plugin/certificate_issuer/v1/certificate_issuer_ext_plugin.pb.go +++ b/proto/plugin/certificate_issuer/v1/certificate_issuer_ext_plugin.pb.go @@ -9,7 +9,7 @@ import ( ) const ( - Type = "CertificateIssuerService" + Type = "CertificateIssuer" GRPCServiceFullName = "plugin.certificate_issuer.v1.CertificateIssuerService" ) diff --git a/proto/plugin/cipher_wrapper/v1/cipher_wrapper.pb.go b/proto/plugin/cipher_wrapper/v1/cipher_wrapper.pb.go new file mode 100644 index 0000000..864f0b0 --- /dev/null +++ b/proto/plugin/cipher_wrapper/v1/cipher_wrapper.pb.go @@ -0,0 +1,515 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.11 +// protoc (unknown) +// source: plugin/cipher_wrapper/v1/cipher_wrapper.proto + +package cipher_wrapperv1 + +import ( + reflect "reflect" + sync "sync" + unsafe "unsafe" + + _ "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// KeyReference identifies a specific key within an external KMS provider and +// carries all routing config the plugin needs to reach it — address, engine path, +// namespace, region, project, etc. — so no out-of-band registration is required. +type KeyReference struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Primary external identifier: ARN, Vault transit path, Azure key URI, + // GCP resource name, PKCS#11 label. + KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` + // Logical Krypton name — for providers that distinguish path from logical name + // and for audit log correlation. + KeyName *string `protobuf:"bytes,2,opt,name=key_name,json=keyName,proto3,oneof" json:"key_name,omitempty"` + // Specific version (for versioned providers: AWS KMS, Azure Key Vault). + Version *string `protobuf:"bytes,3,opt,name=version,proto3,oneof" json:"version,omitempty"` + // Provider-specific routing: address, engine_path, namespace, region, project_id … + // Always flat key-value — KMS addressing never needs nested structure. + Properties map[string]string `protobuf:"bytes,4,rep,name=properties,proto3" json:"properties,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *KeyReference) Reset() { + *x = KeyReference{} + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *KeyReference) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KeyReference) ProtoMessage() {} + +func (x *KeyReference) ProtoReflect() protoreflect.Message { + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KeyReference.ProtoReflect.Descriptor instead. +func (*KeyReference) Descriptor() ([]byte, []int) { + return file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescGZIP(), []int{0} +} + +func (x *KeyReference) GetKeyId() string { + if x != nil { + return x.KeyId + } + return "" +} + +func (x *KeyReference) GetKeyName() string { + if x != nil && x.KeyName != nil { + return *x.KeyName + } + return "" +} + +func (x *KeyReference) GetVersion() string { + if x != nil && x.Version != nil { + return *x.Version + } + return "" +} + +func (x *KeyReference) GetProperties() map[string]string { + if x != nil { + return x.Properties + } + return nil +} + +// EncryptedData pairs the ciphertext with the IV used during encryption. +// Kept together so storage and retrieval are always atomic — a ciphertext +// without its IV is unrecoverable. +type EncryptedData struct { + state protoimpl.MessageState `protogen:"open.v1"` + Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` + // OPTIONAL: Initialization Vector (IV) or Nonce. + // Must be provided if it was returned in the WrapResponse. + Iv []byte `protobuf:"bytes,2,opt,name=iv,proto3,oneof" json:"iv,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EncryptedData) Reset() { + *x = EncryptedData{} + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EncryptedData) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EncryptedData) ProtoMessage() {} + +func (x *EncryptedData) ProtoReflect() protoreflect.Message { + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EncryptedData.ProtoReflect.Descriptor instead. +func (*EncryptedData) Descriptor() ([]byte, []int) { + return file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescGZIP(), []int{1} +} + +func (x *EncryptedData) GetCiphertext() []byte { + if x != nil { + return x.Ciphertext + } + return nil +} + +func (x *EncryptedData) GetIv() []byte { + if x != nil { + return x.Iv + } + return nil +} + +type WrapRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + // OPTIONAL/REQUIRED: The structured definition of the key to use. + Key *KeyReference `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + // REQUIRED: The raw cryptographic material to be wrapped. + Plaintext []byte `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"` + // OPTIONAL: Standard Additional Authenticated Data (AAD) byte buffer. + // Kept in proto because AAD often changes per request (e.g., binding to a specific Tenant ID). + Aad []byte `protobuf:"bytes,3,opt,name=aad,proto3,oneof" json:"aad,omitempty"` + // IV hint: only set when the CMK engine is dictating the IV to the HSM + // (deterministic-IV hardware modes). Left unset for all software KMS providers. + IvHint []byte `protobuf:"bytes,4,opt,name=iv_hint,json=ivHint,proto3,oneof" json:"iv_hint,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *WrapRequest) Reset() { + *x = WrapRequest{} + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *WrapRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WrapRequest) ProtoMessage() {} + +func (x *WrapRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WrapRequest.ProtoReflect.Descriptor instead. +func (*WrapRequest) Descriptor() ([]byte, []int) { + return file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescGZIP(), []int{2} +} + +func (x *WrapRequest) GetKey() *KeyReference { + if x != nil { + return x.Key + } + return nil +} + +func (x *WrapRequest) GetPlaintext() []byte { + if x != nil { + return x.Plaintext + } + return nil +} + +func (x *WrapRequest) GetAad() []byte { + if x != nil { + return x.Aad + } + return nil +} + +func (x *WrapRequest) GetIvHint() []byte { + if x != nil { + return x.IvHint + } + return nil +} + +// WrapResponse returns the provider-specific ciphertext and metadata. +type WrapResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + // REQUIRED: The opaque, vendor-specific ciphertext. + EncryptedData *EncryptedData `protobuf:"bytes,1,opt,name=encrypted_data,json=encryptedData,proto3" json:"encrypted_data,omitempty"` + // OPTIONAL: The exact key version ID used during the operation. + // Some providers (like HSMs) do not have a concept of version IDs. + KeyVersionId *string `protobuf:"bytes,2,opt,name=key_version_id,json=keyVersionId,proto3,oneof" json:"key_version_id,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *WrapResponse) Reset() { + *x = WrapResponse{} + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *WrapResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WrapResponse) ProtoMessage() {} + +func (x *WrapResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WrapResponse.ProtoReflect.Descriptor instead. +func (*WrapResponse) Descriptor() ([]byte, []int) { + return file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescGZIP(), []int{3} +} + +func (x *WrapResponse) GetEncryptedData() *EncryptedData { + if x != nil { + return x.EncryptedData + } + return nil +} + +func (x *WrapResponse) GetKeyVersionId() string { + if x != nil && x.KeyVersionId != nil { + return *x.KeyVersionId + } + return "" +} + +type UnwrapRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + // REQUIRED: The structured definition of the key to use. + Key *KeyReference `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + // REQUIRED: The opaque ciphertext retrieved from the CMK persistent storage. + EncryptedData *EncryptedData `protobuf:"bytes,2,opt,name=encrypted_data,json=encryptedData,proto3" json:"encrypted_data,omitempty"` + // OPTIONAL: Standard Additional Authenticated Data (AAD) byte buffer. + Aad []byte `protobuf:"bytes,3,opt,name=aad,proto3,oneof" json:"aad,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *UnwrapRequest) Reset() { + *x = UnwrapRequest{} + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *UnwrapRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UnwrapRequest) ProtoMessage() {} + +func (x *UnwrapRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UnwrapRequest.ProtoReflect.Descriptor instead. +func (*UnwrapRequest) Descriptor() ([]byte, []int) { + return file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescGZIP(), []int{4} +} + +func (x *UnwrapRequest) GetKey() *KeyReference { + if x != nil { + return x.Key + } + return nil +} + +func (x *UnwrapRequest) GetEncryptedData() *EncryptedData { + if x != nil { + return x.EncryptedData + } + return nil +} + +func (x *UnwrapRequest) GetAad() []byte { + if x != nil { + return x.Aad + } + return nil +} + +// UnwrapResponse returns the recovered raw cryptographic material. +type UnwrapResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + // REQUIRED: The recovered raw cryptographic material. + Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *UnwrapResponse) Reset() { + *x = UnwrapResponse{} + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *UnwrapResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UnwrapResponse) ProtoMessage() {} + +func (x *UnwrapResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UnwrapResponse.ProtoReflect.Descriptor instead. +func (*UnwrapResponse) Descriptor() ([]byte, []int) { + return file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescGZIP(), []int{5} +} + +func (x *UnwrapResponse) GetPlaintext() []byte { + if x != nil { + return x.Plaintext + } + return nil +} + +var File_plugin_cipher_wrapper_v1_cipher_wrapper_proto protoreflect.FileDescriptor + +const file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDesc = "" + + "\n" + + "-plugin/cipher_wrapper/v1/cipher_wrapper.proto\x12 krypton.plugin.cipher_wrapper.v1\x1a\x1bbuf/validate/validate.proto\"\xa5\x02\n" + + "\fKeyReference\x12\x1e\n" + + "\x06key_id\x18\x01 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\x05keyId\x12\x1e\n" + + "\bkey_name\x18\x02 \x01(\tH\x00R\akeyName\x88\x01\x01\x12\x1d\n" + + "\aversion\x18\x03 \x01(\tH\x01R\aversion\x88\x01\x01\x12^\n" + + "\n" + + "properties\x18\x04 \x03(\v2>.krypton.plugin.cipher_wrapper.v1.KeyReference.PropertiesEntryR\n" + + "properties\x1a=\n" + + "\x0fPropertiesEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\v\n" + + "\t_key_nameB\n" + + "\n" + + "\b_version\"T\n" + + "\rEncryptedData\x12'\n" + + "\n" + + "ciphertext\x18\x01 \x01(\fB\a\xbaH\x04z\x02\x10\x01R\n" + + "ciphertext\x12\x13\n" + + "\x02iv\x18\x02 \x01(\fH\x00R\x02iv\x88\x01\x01B\x05\n" + + "\x03_iv\"\xca\x01\n" + + "\vWrapRequest\x12H\n" + + "\x03key\x18\x01 \x01(\v2..krypton.plugin.cipher_wrapper.v1.KeyReferenceB\x06\xbaH\x03\xc8\x01\x01R\x03key\x12(\n" + + "\tplaintext\x18\x02 \x01(\fB\n" + + "\xbaH\a\xc8\x01\x01z\x02\x10\x01R\tplaintext\x12\x15\n" + + "\x03aad\x18\x03 \x01(\fH\x00R\x03aad\x88\x01\x01\x12\x1c\n" + + "\aiv_hint\x18\x04 \x01(\fH\x01R\x06ivHint\x88\x01\x01B\x06\n" + + "\x04_aadB\n" + + "\n" + + "\b_iv_hint\"\xa4\x01\n" + + "\fWrapResponse\x12V\n" + + "\x0eencrypted_data\x18\x01 \x01(\v2/.krypton.plugin.cipher_wrapper.v1.EncryptedDataR\rencryptedData\x12)\n" + + "\x0ekey_version_id\x18\x02 \x01(\tH\x00R\fkeyVersionId\x88\x01\x01B\x11\n" + + "\x0f_key_version_id\"\xd8\x01\n" + + "\rUnwrapRequest\x12H\n" + + "\x03key\x18\x01 \x01(\v2..krypton.plugin.cipher_wrapper.v1.KeyReferenceB\x06\xbaH\x03\xc8\x01\x01R\x03key\x12^\n" + + "\x0eencrypted_data\x18\x02 \x01(\v2/.krypton.plugin.cipher_wrapper.v1.EncryptedDataB\x06\xbaH\x03\xc8\x01\x01R\rencryptedData\x12\x15\n" + + "\x03aad\x18\x03 \x01(\fH\x00R\x03aad\x88\x01\x01B\x06\n" + + "\x04_aad\".\n" + + "\x0eUnwrapResponse\x12\x1c\n" + + "\tplaintext\x18\x01 \x01(\fR\tplaintext2\xe3\x01\n" + + "\rCipherWrapper\x12e\n" + + "\x04Wrap\x12-.krypton.plugin.cipher_wrapper.v1.WrapRequest\x1a..krypton.plugin.cipher_wrapper.v1.WrapResponse\x12k\n" + + "\x06Unwrap\x12/.krypton.plugin.cipher_wrapper.v1.UnwrapRequest\x1a0.krypton.plugin.cipher_wrapper.v1.UnwrapResponseB\xa8\x02\n" + + "$com.krypton.plugin.cipher_wrapper.v1B\x12CipherWrapperProtoP\x01ZMgithub.com/openkcm/plugin-sdk/proto/plugin/cipher_wrapper/v1;cipher_wrapperv1\xa2\x02\x03KPC\xaa\x02\x1fKrypton.Plugin.CipherWrapper.V1\xca\x02\x1fKrypton\\Plugin\\CipherWrapper\\V1\xe2\x02+Krypton\\Plugin\\CipherWrapper\\V1\\GPBMetadata\xea\x02\"Krypton::Plugin::CipherWrapper::V1b\x06proto3" + +var ( + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescOnce sync.Once + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescData []byte +) + +func file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescGZIP() []byte { + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescOnce.Do(func() { + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDesc), len(file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDesc))) + }) + return file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescData +} + +var file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes = make([]protoimpl.MessageInfo, 7) +var file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_goTypes = []any{ + (*KeyReference)(nil), // 0: krypton.plugin.cipher_wrapper.v1.KeyReference + (*EncryptedData)(nil), // 1: krypton.plugin.cipher_wrapper.v1.EncryptedData + (*WrapRequest)(nil), // 2: krypton.plugin.cipher_wrapper.v1.WrapRequest + (*WrapResponse)(nil), // 3: krypton.plugin.cipher_wrapper.v1.WrapResponse + (*UnwrapRequest)(nil), // 4: krypton.plugin.cipher_wrapper.v1.UnwrapRequest + (*UnwrapResponse)(nil), // 5: krypton.plugin.cipher_wrapper.v1.UnwrapResponse + nil, // 6: krypton.plugin.cipher_wrapper.v1.KeyReference.PropertiesEntry +} +var file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_depIdxs = []int32{ + 6, // 0: krypton.plugin.cipher_wrapper.v1.KeyReference.properties:type_name -> krypton.plugin.cipher_wrapper.v1.KeyReference.PropertiesEntry + 0, // 1: krypton.plugin.cipher_wrapper.v1.WrapRequest.key:type_name -> krypton.plugin.cipher_wrapper.v1.KeyReference + 1, // 2: krypton.plugin.cipher_wrapper.v1.WrapResponse.encrypted_data:type_name -> krypton.plugin.cipher_wrapper.v1.EncryptedData + 0, // 3: krypton.plugin.cipher_wrapper.v1.UnwrapRequest.key:type_name -> krypton.plugin.cipher_wrapper.v1.KeyReference + 1, // 4: krypton.plugin.cipher_wrapper.v1.UnwrapRequest.encrypted_data:type_name -> krypton.plugin.cipher_wrapper.v1.EncryptedData + 2, // 5: krypton.plugin.cipher_wrapper.v1.CipherWrapper.Wrap:input_type -> krypton.plugin.cipher_wrapper.v1.WrapRequest + 4, // 6: krypton.plugin.cipher_wrapper.v1.CipherWrapper.Unwrap:input_type -> krypton.plugin.cipher_wrapper.v1.UnwrapRequest + 3, // 7: krypton.plugin.cipher_wrapper.v1.CipherWrapper.Wrap:output_type -> krypton.plugin.cipher_wrapper.v1.WrapResponse + 5, // 8: krypton.plugin.cipher_wrapper.v1.CipherWrapper.Unwrap:output_type -> krypton.plugin.cipher_wrapper.v1.UnwrapResponse + 7, // [7:9] is the sub-list for method output_type + 5, // [5:7] is the sub-list for method input_type + 5, // [5:5] is the sub-list for extension type_name + 5, // [5:5] is the sub-list for extension extendee + 0, // [0:5] is the sub-list for field type_name +} + +func init() { file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_init() } +func file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_init() { + if File_plugin_cipher_wrapper_v1_cipher_wrapper_proto != nil { + return + } + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[0].OneofWrappers = []any{} + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[1].OneofWrappers = []any{} + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[2].OneofWrappers = []any{} + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[3].OneofWrappers = []any{} + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[4].OneofWrappers = []any{} + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDesc), len(file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDesc)), + NumEnums: 0, + NumMessages: 7, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_goTypes, + DependencyIndexes: file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_depIdxs, + MessageInfos: file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes, + }.Build() + File_plugin_cipher_wrapper_v1_cipher_wrapper_proto = out.File + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_goTypes = nil + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_depIdxs = nil +} diff --git a/proto/plugin/cipher_wrapper/v1/cipher_wrapper.pb.validate.go b/proto/plugin/cipher_wrapper/v1/cipher_wrapper.pb.validate.go new file mode 100644 index 0000000..740744c --- /dev/null +++ b/proto/plugin/cipher_wrapper/v1/cipher_wrapper.pb.validate.go @@ -0,0 +1,787 @@ +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: plugin/cipher_wrapper/v1/cipher_wrapper.proto + +package cipher_wrapperv1 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on KeyReference with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *KeyReference) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on KeyReference with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in KeyReferenceMultiError, or +// nil if none found. +func (m *KeyReference) ValidateAll() error { + return m.validate(true) +} + +func (m *KeyReference) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for KeyId + + // no validation rules for Properties + + if m.KeyName != nil { + // no validation rules for KeyName + } + + if m.Version != nil { + // no validation rules for Version + } + + if len(errors) > 0 { + return KeyReferenceMultiError(errors) + } + + return nil +} + +// KeyReferenceMultiError is an error wrapping multiple validation errors +// returned by KeyReference.ValidateAll() if the designated constraints aren't met. +type KeyReferenceMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m KeyReferenceMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m KeyReferenceMultiError) AllErrors() []error { return m } + +// KeyReferenceValidationError is the validation error returned by +// KeyReference.Validate if the designated constraints aren't met. +type KeyReferenceValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e KeyReferenceValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e KeyReferenceValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e KeyReferenceValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e KeyReferenceValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e KeyReferenceValidationError) ErrorName() string { return "KeyReferenceValidationError" } + +// Error satisfies the builtin error interface +func (e KeyReferenceValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sKeyReference.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = KeyReferenceValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = KeyReferenceValidationError{} + +// Validate checks the field values on EncryptedData with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *EncryptedData) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on EncryptedData with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in EncryptedDataMultiError, or +// nil if none found. +func (m *EncryptedData) ValidateAll() error { + return m.validate(true) +} + +func (m *EncryptedData) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Ciphertext + + if m.Iv != nil { + // no validation rules for Iv + } + + if len(errors) > 0 { + return EncryptedDataMultiError(errors) + } + + return nil +} + +// EncryptedDataMultiError is an error wrapping multiple validation errors +// returned by EncryptedData.ValidateAll() if the designated constraints +// aren't met. +type EncryptedDataMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m EncryptedDataMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m EncryptedDataMultiError) AllErrors() []error { return m } + +// EncryptedDataValidationError is the validation error returned by +// EncryptedData.Validate if the designated constraints aren't met. +type EncryptedDataValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e EncryptedDataValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e EncryptedDataValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e EncryptedDataValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e EncryptedDataValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e EncryptedDataValidationError) ErrorName() string { return "EncryptedDataValidationError" } + +// Error satisfies the builtin error interface +func (e EncryptedDataValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sEncryptedData.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = EncryptedDataValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = EncryptedDataValidationError{} + +// Validate checks the field values on WrapRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *WrapRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on WrapRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in WrapRequestMultiError, or +// nil if none found. +func (m *WrapRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *WrapRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetKey()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, WrapRequestValidationError{ + field: "Key", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, WrapRequestValidationError{ + field: "Key", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKey()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return WrapRequestValidationError{ + field: "Key", + reason: "embedded message failed validation", + cause: err, + } + } + } + + // no validation rules for Plaintext + + if m.Aad != nil { + // no validation rules for Aad + } + + if m.IvHint != nil { + // no validation rules for IvHint + } + + if len(errors) > 0 { + return WrapRequestMultiError(errors) + } + + return nil +} + +// WrapRequestMultiError is an error wrapping multiple validation errors +// returned by WrapRequest.ValidateAll() if the designated constraints aren't met. +type WrapRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m WrapRequestMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m WrapRequestMultiError) AllErrors() []error { return m } + +// WrapRequestValidationError is the validation error returned by +// WrapRequest.Validate if the designated constraints aren't met. +type WrapRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e WrapRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e WrapRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e WrapRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e WrapRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e WrapRequestValidationError) ErrorName() string { return "WrapRequestValidationError" } + +// Error satisfies the builtin error interface +func (e WrapRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sWrapRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = WrapRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = WrapRequestValidationError{} + +// Validate checks the field values on WrapResponse with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *WrapResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on WrapResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in WrapResponseMultiError, or +// nil if none found. +func (m *WrapResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *WrapResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetEncryptedData()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, WrapResponseValidationError{ + field: "EncryptedData", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, WrapResponseValidationError{ + field: "EncryptedData", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetEncryptedData()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return WrapResponseValidationError{ + field: "EncryptedData", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if m.KeyVersionId != nil { + // no validation rules for KeyVersionId + } + + if len(errors) > 0 { + return WrapResponseMultiError(errors) + } + + return nil +} + +// WrapResponseMultiError is an error wrapping multiple validation errors +// returned by WrapResponse.ValidateAll() if the designated constraints aren't met. +type WrapResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m WrapResponseMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m WrapResponseMultiError) AllErrors() []error { return m } + +// WrapResponseValidationError is the validation error returned by +// WrapResponse.Validate if the designated constraints aren't met. +type WrapResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e WrapResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e WrapResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e WrapResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e WrapResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e WrapResponseValidationError) ErrorName() string { return "WrapResponseValidationError" } + +// Error satisfies the builtin error interface +func (e WrapResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sWrapResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = WrapResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = WrapResponseValidationError{} + +// Validate checks the field values on UnwrapRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *UnwrapRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on UnwrapRequest with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in UnwrapRequestMultiError, or +// nil if none found. +func (m *UnwrapRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *UnwrapRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetKey()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, UnwrapRequestValidationError{ + field: "Key", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, UnwrapRequestValidationError{ + field: "Key", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKey()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return UnwrapRequestValidationError{ + field: "Key", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetEncryptedData()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, UnwrapRequestValidationError{ + field: "EncryptedData", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, UnwrapRequestValidationError{ + field: "EncryptedData", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetEncryptedData()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return UnwrapRequestValidationError{ + field: "EncryptedData", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if m.Aad != nil { + // no validation rules for Aad + } + + if len(errors) > 0 { + return UnwrapRequestMultiError(errors) + } + + return nil +} + +// UnwrapRequestMultiError is an error wrapping multiple validation errors +// returned by UnwrapRequest.ValidateAll() if the designated constraints +// aren't met. +type UnwrapRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m UnwrapRequestMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m UnwrapRequestMultiError) AllErrors() []error { return m } + +// UnwrapRequestValidationError is the validation error returned by +// UnwrapRequest.Validate if the designated constraints aren't met. +type UnwrapRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e UnwrapRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e UnwrapRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e UnwrapRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e UnwrapRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e UnwrapRequestValidationError) ErrorName() string { return "UnwrapRequestValidationError" } + +// Error satisfies the builtin error interface +func (e UnwrapRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sUnwrapRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = UnwrapRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = UnwrapRequestValidationError{} + +// Validate checks the field values on UnwrapResponse with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *UnwrapResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on UnwrapResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in UnwrapResponseMultiError, +// or nil if none found. +func (m *UnwrapResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *UnwrapResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Plaintext + + if len(errors) > 0 { + return UnwrapResponseMultiError(errors) + } + + return nil +} + +// UnwrapResponseMultiError is an error wrapping multiple validation errors +// returned by UnwrapResponse.ValidateAll() if the designated constraints +// aren't met. +type UnwrapResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m UnwrapResponseMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m UnwrapResponseMultiError) AllErrors() []error { return m } + +// UnwrapResponseValidationError is the validation error returned by +// UnwrapResponse.Validate if the designated constraints aren't met. +type UnwrapResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e UnwrapResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e UnwrapResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e UnwrapResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e UnwrapResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e UnwrapResponseValidationError) ErrorName() string { return "UnwrapResponseValidationError" } + +// Error satisfies the builtin error interface +func (e UnwrapResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sUnwrapResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = UnwrapResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = UnwrapResponseValidationError{} diff --git a/proto/plugin/cipher_wrapper/v1/cipher_wrapper.proto b/proto/plugin/cipher_wrapper/v1/cipher_wrapper.proto new file mode 100644 index 0000000..95a346a --- /dev/null +++ b/proto/plugin/cipher_wrapper/v1/cipher_wrapper.proto @@ -0,0 +1,95 @@ +syntax = "proto3"; + +package krypton.plugin.cipher_wrapper.v1; + +import "buf/validate/validate.proto"; + +// KeyWrapper defines the universal envelope encryption interface for CMK. +// It allows the core engine to delegate cryptographic wrapping and unwrapping +// to any external provider (AWS KMS, Google Cloud KMS, Azure Key Vault, +// HashiCorp Vault, or hardware HSMs via PKCS#11) over a local gRPC socket. +service CipherWrapper { + // Wrap encrypts the provided plaintext using the remote KMS provider. + rpc Wrap(WrapRequest) returns (WrapResponse); + + // Unwrap decrypts the provided ciphertext using the remote KMS provider, + // returning the raw plaintext key material. + rpc Unwrap(UnwrapRequest) returns (UnwrapResponse); +} + +// KeyReference identifies a specific key within an external KMS provider and +// carries all routing config the plugin needs to reach it — address, engine path, +// namespace, region, project, etc. — so no out-of-band registration is required. +message KeyReference { + // Primary external identifier: ARN, Vault transit path, Azure key URI, + // GCP resource name, PKCS#11 label. + string key_id = 1 [(buf.validate.field).string.min_len = 1]; + + // Logical Krypton name — for providers that distinguish path from logical name + // and for audit log correlation. + optional string key_name = 2; + + // Specific version (for versioned providers: AWS KMS, Azure Key Vault). + optional string version = 3; + + // Provider-specific routing: address, engine_path, namespace, region, project_id … + // Always flat key-value — KMS addressing never needs nested structure. + map properties = 4; +} + +// EncryptedData pairs the ciphertext with the IV used during encryption. +// Kept together so storage and retrieval are always atomic — a ciphertext +// without its IV is unrecoverable. +message EncryptedData { + bytes ciphertext = 1 [(buf.validate.field).bytes.min_len = 1]; + + // OPTIONAL: Initialization Vector (IV) or Nonce. + // Must be provided if it was returned in the WrapResponse. + optional bytes iv = 2; +} + +message WrapRequest { + // OPTIONAL/REQUIRED: The structured definition of the key to use. + KeyReference key = 1 [(buf.validate.field).required = true]; + + // REQUIRED: The raw cryptographic material to be wrapped. + bytes plaintext = 2 [ + (buf.validate.field).required = true, + (buf.validate.field).bytes.min_len = 1 + ]; + + // OPTIONAL: Standard Additional Authenticated Data (AAD) byte buffer. + // Kept in proto because AAD often changes per request (e.g., binding to a specific Tenant ID). + optional bytes aad = 3; + + // IV hint: only set when the CMK engine is dictating the IV to the HSM + // (deterministic-IV hardware modes). Left unset for all software KMS providers. + optional bytes iv_hint = 4; +} + +// WrapResponse returns the provider-specific ciphertext and metadata. +message WrapResponse { + // REQUIRED: The opaque, vendor-specific ciphertext. + EncryptedData encrypted_data = 1; + + // OPTIONAL: The exact key version ID used during the operation. + // Some providers (like HSMs) do not have a concept of version IDs. + optional string key_version_id = 2; +} + +message UnwrapRequest { + // REQUIRED: The structured definition of the key to use. + KeyReference key = 1 [(buf.validate.field).required = true]; + + // REQUIRED: The opaque ciphertext retrieved from the CMK persistent storage. + EncryptedData encrypted_data = 2 [(buf.validate.field).required = true]; + + // OPTIONAL: Standard Additional Authenticated Data (AAD) byte buffer. + optional bytes aad = 3; +} + +// UnwrapResponse returns the recovered raw cryptographic material. +message UnwrapResponse { + // REQUIRED: The recovered raw cryptographic material. + bytes plaintext = 1; +} diff --git a/proto/plugin/cipher_wrapper/v1/cipher_wrapper_ext_plugin.pb.go b/proto/plugin/cipher_wrapper/v1/cipher_wrapper_ext_plugin.pb.go new file mode 100644 index 0000000..62dc7bc --- /dev/null +++ b/proto/plugin/cipher_wrapper/v1/cipher_wrapper_ext_plugin.pb.go @@ -0,0 +1,56 @@ +// Code generated by protoc-gen-go-extension. DO NOT EDIT. + +package cipher_wrapperv1 + +import ( + grpc "google.golang.org/grpc" + + api "github.com/openkcm/plugin-sdk/api" +) + +const ( + Type = "CipherWrapper" + GRPCServiceFullName = "krypton.plugin.cipher_wrapper.v1.CipherWrapper" +) + +func CipherWrapperPluginServer(server CipherWrapperServer) api.PluginServer { + return cipherWrapperPluginServer{CipherWrapperServer: server} +} + +type cipherWrapperPluginServer struct { + CipherWrapperServer +} + +func (s cipherWrapperPluginServer) Type() string { + return Type +} + +func (s cipherWrapperPluginServer) GRPCServiceName() string { + return GRPCServiceFullName +} + +func (s cipherWrapperPluginServer) RegisterServer(server *grpc.Server) any { + RegisterCipherWrapperServer(server, s.CipherWrapperServer) + return s.CipherWrapperServer +} + +type CipherWrapperPluginClient struct { + CipherWrapperClient +} + +func (s CipherWrapperPluginClient) Type() string { + return Type +} + +func (c *CipherWrapperPluginClient) IsInitialized() bool { + return c.CipherWrapperClient != nil +} + +func (c *CipherWrapperPluginClient) GRPCServiceName() string { + return GRPCServiceFullName +} + +func (c *CipherWrapperPluginClient) InitClient(conn grpc.ClientConnInterface) any { + c.CipherWrapperClient = NewCipherWrapperClient(conn) + return c.CipherWrapperClient +} diff --git a/proto/plugin/cipher_wrapper/v1/cipher_wrapper_grpc.pb.go b/proto/plugin/cipher_wrapper/v1/cipher_wrapper_grpc.pb.go new file mode 100644 index 0000000..f805cd3 --- /dev/null +++ b/proto/plugin/cipher_wrapper/v1/cipher_wrapper_grpc.pb.go @@ -0,0 +1,176 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.6.1 +// - protoc (unknown) +// source: plugin/cipher_wrapper/v1/cipher_wrapper.proto + +package cipher_wrapperv1 + +import ( + context "context" + + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + CipherWrapper_Wrap_FullMethodName = "/krypton.plugin.cipher_wrapper.v1.CipherWrapper/Wrap" + CipherWrapper_Unwrap_FullMethodName = "/krypton.plugin.cipher_wrapper.v1.CipherWrapper/Unwrap" +) + +// CipherWrapperClient is the client API for CipherWrapper service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +// +// KeyWrapper defines the universal envelope encryption interface for CMK. +// It allows the core engine to delegate cryptographic wrapping and unwrapping +// to any external provider (AWS KMS, Google Cloud KMS, Azure Key Vault, +// HashiCorp Vault, or hardware HSMs via PKCS#11) over a local gRPC socket. +type CipherWrapperClient interface { + // Wrap encrypts the provided plaintext using the remote KMS provider. + Wrap(ctx context.Context, in *WrapRequest, opts ...grpc.CallOption) (*WrapResponse, error) + // Unwrap decrypts the provided ciphertext using the remote KMS provider, + // returning the raw plaintext key material. + Unwrap(ctx context.Context, in *UnwrapRequest, opts ...grpc.CallOption) (*UnwrapResponse, error) +} + +type cipherWrapperClient struct { + cc grpc.ClientConnInterface +} + +func NewCipherWrapperClient(cc grpc.ClientConnInterface) CipherWrapperClient { + return &cipherWrapperClient{cc} +} + +func (c *cipherWrapperClient) Wrap(ctx context.Context, in *WrapRequest, opts ...grpc.CallOption) (*WrapResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(WrapResponse) + err := c.cc.Invoke(ctx, CipherWrapper_Wrap_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cipherWrapperClient) Unwrap(ctx context.Context, in *UnwrapRequest, opts ...grpc.CallOption) (*UnwrapResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(UnwrapResponse) + err := c.cc.Invoke(ctx, CipherWrapper_Unwrap_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +// CipherWrapperServer is the server API for CipherWrapper service. +// All implementations must embed UnimplementedCipherWrapperServer +// for forward compatibility. +// +// KeyWrapper defines the universal envelope encryption interface for CMK. +// It allows the core engine to delegate cryptographic wrapping and unwrapping +// to any external provider (AWS KMS, Google Cloud KMS, Azure Key Vault, +// HashiCorp Vault, or hardware HSMs via PKCS#11) over a local gRPC socket. +type CipherWrapperServer interface { + // Wrap encrypts the provided plaintext using the remote KMS provider. + Wrap(context.Context, *WrapRequest) (*WrapResponse, error) + // Unwrap decrypts the provided ciphertext using the remote KMS provider, + // returning the raw plaintext key material. + Unwrap(context.Context, *UnwrapRequest) (*UnwrapResponse, error) + mustEmbedUnimplementedCipherWrapperServer() +} + +// UnimplementedCipherWrapperServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedCipherWrapperServer struct{} + +func (UnimplementedCipherWrapperServer) Wrap(context.Context, *WrapRequest) (*WrapResponse, error) { + return nil, status.Error(codes.Unimplemented, "method Wrap not implemented") +} +func (UnimplementedCipherWrapperServer) Unwrap(context.Context, *UnwrapRequest) (*UnwrapResponse, error) { + return nil, status.Error(codes.Unimplemented, "method Unwrap not implemented") +} +func (UnimplementedCipherWrapperServer) mustEmbedUnimplementedCipherWrapperServer() {} +func (UnimplementedCipherWrapperServer) testEmbeddedByValue() {} + +// UnsafeCipherWrapperServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to CipherWrapperServer will +// result in compilation errors. +type UnsafeCipherWrapperServer interface { + mustEmbedUnimplementedCipherWrapperServer() +} + +func RegisterCipherWrapperServer(s grpc.ServiceRegistrar, srv CipherWrapperServer) { + // If the following call panics, it indicates UnimplementedCipherWrapperServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&CipherWrapper_ServiceDesc, srv) +} + +func _CipherWrapper_Wrap_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(WrapRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CipherWrapperServer).Wrap(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: CipherWrapper_Wrap_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CipherWrapperServer).Wrap(ctx, req.(*WrapRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CipherWrapper_Unwrap_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UnwrapRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CipherWrapperServer).Unwrap(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: CipherWrapper_Unwrap_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CipherWrapperServer).Unwrap(ctx, req.(*UnwrapRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// CipherWrapper_ServiceDesc is the grpc.ServiceDesc for CipherWrapper service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var CipherWrapper_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "krypton.plugin.cipher_wrapper.v1.CipherWrapper", + HandlerType: (*CipherWrapperServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Wrap", + Handler: _CipherWrapper_Wrap_Handler, + }, + { + MethodName: "Unwrap", + Handler: _CipherWrapper_Unwrap_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "plugin/cipher_wrapper/v1/cipher_wrapper.proto", +} diff --git a/proto/plugin/identity_management/v1/identity_management_ext_plugin.pb.go b/proto/plugin/identity_management/v1/identity_management_ext_plugin.pb.go index a047d65..ecd0fc7 100644 --- a/proto/plugin/identity_management/v1/identity_management_ext_plugin.pb.go +++ b/proto/plugin/identity_management/v1/identity_management_ext_plugin.pb.go @@ -9,7 +9,7 @@ import ( ) const ( - Type = "IdentityManagementService" + Type = "IdentityManagement" GRPCServiceFullName = "plugin.identity_management.v1.IdentityManagementService" ) diff --git a/proto/plugin/key_material_storage/v1/key_material_storage.pb.go b/proto/plugin/key_material_storage/v1/key_material_storage.pb.go new file mode 100644 index 0000000..b7c0445 --- /dev/null +++ b/proto/plugin/key_material_storage/v1/key_material_storage.pb.go @@ -0,0 +1,910 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.11 +// protoc (unknown) +// source: plugin/key_material_storage/v1/key_material_storage.proto + +package key_material_storagev1 + +import ( + reflect "reflect" + sync "sync" + unsafe "unsafe" + + _ "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + timestamppb "google.golang.org/protobuf/types/known/timestamppb" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// KeyMaterial represents a single unit of stored data. +type KeyMaterial struct { + state protoimpl.MessageState `protogen:"open.v1"` + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"` + Algorithm string `protobuf:"bytes,3,opt,name=algorithm,proto3" json:"algorithm,omitempty"` + PreviousVersionId *string `protobuf:"bytes,4,opt,name=previous_version_id,json=previousVersionId,proto3,oneof" json:"previous_version_id,omitempty"` + Checksum *string `protobuf:"bytes,5,opt,name=checksum,proto3,oneof" json:"checksum,omitempty"` + CreatedAt *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"` + Tags map[string]string `protobuf:"bytes,7,rep,name=tags,proto3" json:"tags,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *KeyMaterial) Reset() { + *x = KeyMaterial{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *KeyMaterial) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KeyMaterial) ProtoMessage() {} + +func (x *KeyMaterial) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KeyMaterial.ProtoReflect.Descriptor instead. +func (*KeyMaterial) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{0} +} + +func (x *KeyMaterial) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +func (x *KeyMaterial) GetData() []byte { + if x != nil { + return x.Data + } + return nil +} + +func (x *KeyMaterial) GetAlgorithm() string { + if x != nil { + return x.Algorithm + } + return "" +} + +func (x *KeyMaterial) GetPreviousVersionId() string { + if x != nil && x.PreviousVersionId != nil { + return *x.PreviousVersionId + } + return "" +} + +func (x *KeyMaterial) GetChecksum() string { + if x != nil && x.Checksum != nil { + return *x.Checksum + } + return "" +} + +func (x *KeyMaterial) GetCreatedAt() *timestamppb.Timestamp { + if x != nil { + return x.CreatedAt + } + return nil +} + +func (x *KeyMaterial) GetTags() map[string]string { + if x != nil { + return x.Tags + } + return nil +} + +type Filter struct { + state protoimpl.MessageState `protogen:"open.v1"` + Id *Filter_StringMatch `protobuf:"bytes,1,opt,name=id,proto3,oneof" json:"id,omitempty"` + // Filter by cryptographic algorithm (e.g., "AES-256-GCM"). + Algorithm *string `protobuf:"bytes,2,opt,name=algorithm,proto3,oneof" json:"algorithm,omitempty"` + // Filter by metadata tags (e.g., {"env": "prod"}). + // Match is typically performed as "contains all". + Tags map[string]string `protobuf:"bytes,3,rep,name=tags,proto3" json:"tags,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + CreatedAt *Filter_TimeRange `protobuf:"bytes,4,opt,name=created_at,json=createdAt,proto3,oneof" json:"created_at,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Filter) Reset() { + *x = Filter{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Filter) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Filter) ProtoMessage() {} + +func (x *Filter) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Filter.ProtoReflect.Descriptor instead. +func (*Filter) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{1} +} + +func (x *Filter) GetId() *Filter_StringMatch { + if x != nil { + return x.Id + } + return nil +} + +func (x *Filter) GetAlgorithm() string { + if x != nil && x.Algorithm != nil { + return *x.Algorithm + } + return "" +} + +func (x *Filter) GetTags() map[string]string { + if x != nil { + return x.Tags + } + return nil +} + +func (x *Filter) GetCreatedAt() *Filter_TimeRange { + if x != nil { + return x.CreatedAt + } + return nil +} + +type ListIDsRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` + Filter *Filter `protobuf:"bytes,2,opt,name=filter,proto3,oneof" json:"filter,omitempty"` + // Pagination support + PageSize uint32 `protobuf:"varint,3,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` + PageToken string `protobuf:"bytes,4,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ListIDsRequest) Reset() { + *x = ListIDsRequest{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ListIDsRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListIDsRequest) ProtoMessage() {} + +func (x *ListIDsRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListIDsRequest.ProtoReflect.Descriptor instead. +func (*ListIDsRequest) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{2} +} + +func (x *ListIDsRequest) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *ListIDsRequest) GetFilter() *Filter { + if x != nil { + return x.Filter + } + return nil +} + +func (x *ListIDsRequest) GetPageSize() uint32 { + if x != nil { + return x.PageSize + } + return 0 +} + +func (x *ListIDsRequest) GetPageToken() string { + if x != nil { + return x.PageToken + } + return "" +} + +type ListIDsResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + Ids []string `protobuf:"bytes,1,rep,name=ids,proto3" json:"ids,omitempty"` + NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ListIDsResponse) Reset() { + *x = ListIDsResponse{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ListIDsResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListIDsResponse) ProtoMessage() {} + +func (x *ListIDsResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListIDsResponse.ProtoReflect.Descriptor instead. +func (*ListIDsResponse) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{3} +} + +func (x *ListIDsResponse) GetIds() []string { + if x != nil { + return x.Ids + } + return nil +} + +func (x *ListIDsResponse) GetNextPageToken() string { + if x != nil { + return x.NextPageToken + } + return "" +} + +type StoreRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` + KeyMaterial *KeyMaterial `protobuf:"bytes,2,opt,name=key_material,json=keyMaterial,proto3" json:"key_material,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *StoreRequest) Reset() { + *x = StoreRequest{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *StoreRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*StoreRequest) ProtoMessage() {} + +func (x *StoreRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use StoreRequest.ProtoReflect.Descriptor instead. +func (*StoreRequest) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{4} +} + +func (x *StoreRequest) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *StoreRequest) GetKeyMaterial() *KeyMaterial { + if x != nil { + return x.KeyMaterial + } + return nil +} + +type StoreResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *StoreResponse) Reset() { + *x = StoreResponse{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *StoreResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*StoreResponse) ProtoMessage() {} + +func (x *StoreResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use StoreResponse.ProtoReflect.Descriptor instead. +func (*StoreResponse) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{5} +} + +type LoadRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` + Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *LoadRequest) Reset() { + *x = LoadRequest{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *LoadRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*LoadRequest) ProtoMessage() {} + +func (x *LoadRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[6] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use LoadRequest.ProtoReflect.Descriptor instead. +func (*LoadRequest) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{6} +} + +func (x *LoadRequest) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *LoadRequest) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +type LoadResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + KeyMaterial *KeyMaterial `protobuf:"bytes,1,opt,name=key_material,json=keyMaterial,proto3" json:"key_material,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *LoadResponse) Reset() { + *x = LoadResponse{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *LoadResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*LoadResponse) ProtoMessage() {} + +func (x *LoadResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[7] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use LoadResponse.ProtoReflect.Descriptor instead. +func (*LoadResponse) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{7} +} + +func (x *LoadResponse) GetKeyMaterial() *KeyMaterial { + if x != nil { + return x.KeyMaterial + } + return nil +} + +type DeleteRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` + Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *DeleteRequest) Reset() { + *x = DeleteRequest{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *DeleteRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteRequest) ProtoMessage() {} + +func (x *DeleteRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[8] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteRequest.ProtoReflect.Descriptor instead. +func (*DeleteRequest) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{8} +} + +func (x *DeleteRequest) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *DeleteRequest) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +type DeleteResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *DeleteResponse) Reset() { + *x = DeleteResponse{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *DeleteResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteResponse) ProtoMessage() {} + +func (x *DeleteResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[9] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteResponse.ProtoReflect.Descriptor instead. +func (*DeleteResponse) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{9} +} + +// Pattern-based matching for the primary Key ID. +type Filter_StringMatch struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Types that are valid to be assigned to Type: + // + // *Filter_StringMatch_Prefix + // *Filter_StringMatch_Suffix + // *Filter_StringMatch_Contains + // *Filter_StringMatch_Exact + Type isFilter_StringMatch_Type `protobuf_oneof:"type"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Filter_StringMatch) Reset() { + *x = Filter_StringMatch{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Filter_StringMatch) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Filter_StringMatch) ProtoMessage() {} + +func (x *Filter_StringMatch) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[11] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Filter_StringMatch.ProtoReflect.Descriptor instead. +func (*Filter_StringMatch) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{1, 0} +} + +func (x *Filter_StringMatch) GetType() isFilter_StringMatch_Type { + if x != nil { + return x.Type + } + return nil +} + +func (x *Filter_StringMatch) GetPrefix() string { + if x != nil { + if x, ok := x.Type.(*Filter_StringMatch_Prefix); ok { + return x.Prefix + } + } + return "" +} + +func (x *Filter_StringMatch) GetSuffix() string { + if x != nil { + if x, ok := x.Type.(*Filter_StringMatch_Suffix); ok { + return x.Suffix + } + } + return "" +} + +func (x *Filter_StringMatch) GetContains() string { + if x != nil { + if x, ok := x.Type.(*Filter_StringMatch_Contains); ok { + return x.Contains + } + } + return "" +} + +func (x *Filter_StringMatch) GetExact() string { + if x != nil { + if x, ok := x.Type.(*Filter_StringMatch_Exact); ok { + return x.Exact + } + } + return "" +} + +type isFilter_StringMatch_Type interface { + isFilter_StringMatch_Type() +} + +type Filter_StringMatch_Prefix struct { + Prefix string `protobuf:"bytes,1,opt,name=prefix,proto3,oneof"` +} + +type Filter_StringMatch_Suffix struct { + Suffix string `protobuf:"bytes,2,opt,name=suffix,proto3,oneof"` +} + +type Filter_StringMatch_Contains struct { + Contains string `protobuf:"bytes,3,opt,name=contains,proto3,oneof"` +} + +type Filter_StringMatch_Exact struct { + Exact string `protobuf:"bytes,4,opt,name=exact,proto3,oneof"` +} + +func (*Filter_StringMatch_Prefix) isFilter_StringMatch_Type() {} + +func (*Filter_StringMatch_Suffix) isFilter_StringMatch_Type() {} + +func (*Filter_StringMatch_Contains) isFilter_StringMatch_Type() {} + +func (*Filter_StringMatch_Exact) isFilter_StringMatch_Type() {} + +// Filter by the time the key was created. +type Filter_TimeRange struct { + state protoimpl.MessageState `protogen:"open.v1"` + From *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=from,proto3" json:"from,omitempty"` + To *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=to,proto3" json:"to,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Filter_TimeRange) Reset() { + *x = Filter_TimeRange{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Filter_TimeRange) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Filter_TimeRange) ProtoMessage() {} + +func (x *Filter_TimeRange) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[13] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Filter_TimeRange.ProtoReflect.Descriptor instead. +func (*Filter_TimeRange) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{1, 2} +} + +func (x *Filter_TimeRange) GetFrom() *timestamppb.Timestamp { + if x != nil { + return x.From + } + return nil +} + +func (x *Filter_TimeRange) GetTo() *timestamppb.Timestamp { + if x != nil { + return x.To + } + return nil +} + +var File_plugin_key_material_storage_v1_key_material_storage_proto protoreflect.FileDescriptor + +const file_plugin_key_material_storage_v1_key_material_storage_proto_rawDesc = "" + + "\n" + + "9plugin/key_material_storage/v1/key_material_storage.proto\x12&krypton.plugin.key_material_storage.v1\x1a\x1bbuf/validate/validate.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xac\x03\n" + + "\vKeyMaterial\x12\x17\n" + + "\x02id\x18\x01 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\x02id\x12\x1b\n" + + "\x04data\x18\x02 \x01(\fB\a\xbaH\x04z\x02\x10\x01R\x04data\x12%\n" + + "\talgorithm\x18\x03 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\talgorithm\x123\n" + + "\x13previous_version_id\x18\x04 \x01(\tH\x00R\x11previousVersionId\x88\x01\x01\x12\x1f\n" + + "\bchecksum\x18\x05 \x01(\tH\x01R\bchecksum\x88\x01\x01\x129\n" + + "\n" + + "created_at\x18\x06 \x01(\v2\x1a.google.protobuf.TimestampR\tcreatedAt\x12Q\n" + + "\x04tags\x18\a \x03(\v2=.krypton.plugin.key_material_storage.v1.KeyMaterial.TagsEntryR\x04tags\x1a7\n" + + "\tTagsEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\x16\n" + + "\x14_previous_version_idB\v\n" + + "\t_checksum\"\xef\x04\n" + + "\x06Filter\x12O\n" + + "\x02id\x18\x01 \x01(\v2:.krypton.plugin.key_material_storage.v1.Filter.StringMatchH\x00R\x02id\x88\x01\x01\x12!\n" + + "\talgorithm\x18\x02 \x01(\tH\x01R\talgorithm\x88\x01\x01\x12L\n" + + "\x04tags\x18\x03 \x03(\v28.krypton.plugin.key_material_storage.v1.Filter.TagsEntryR\x04tags\x12\\\n" + + "\n" + + "created_at\x18\x04 \x01(\v28.krypton.plugin.key_material_storage.v1.Filter.TimeRangeH\x02R\tcreatedAt\x88\x01\x01\x1a\x7f\n" + + "\vStringMatch\x12\x18\n" + + "\x06prefix\x18\x01 \x01(\tH\x00R\x06prefix\x12\x18\n" + + "\x06suffix\x18\x02 \x01(\tH\x00R\x06suffix\x12\x1c\n" + + "\bcontains\x18\x03 \x01(\tH\x00R\bcontains\x12\x16\n" + + "\x05exact\x18\x04 \x01(\tH\x00R\x05exactB\x06\n" + + "\x04type\x1a7\n" + + "\tTagsEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01\x1ag\n" + + "\tTimeRange\x12.\n" + + "\x04from\x18\x01 \x01(\v2\x1a.google.protobuf.TimestampR\x04from\x12*\n" + + "\x02to\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampR\x02toB\x05\n" + + "\x03_idB\f\n" + + "\n" + + "_algorithmB\r\n" + + "\v_created_at\"\xcb\x01\n" + + "\x0eListIDsRequest\x12%\n" + + "\tnamespace\x18\x01 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\tnamespace\x12K\n" + + "\x06filter\x18\x02 \x01(\v2..krypton.plugin.key_material_storage.v1.FilterH\x00R\x06filter\x88\x01\x01\x12\x1b\n" + + "\tpage_size\x18\x03 \x01(\rR\bpageSize\x12\x1d\n" + + "\n" + + "page_token\x18\x04 \x01(\tR\tpageTokenB\t\n" + + "\a_filter\"K\n" + + "\x0fListIDsResponse\x12\x10\n" + + "\x03ids\x18\x01 \x03(\tR\x03ids\x12&\n" + + "\x0fnext_page_token\x18\x02 \x01(\tR\rnextPageToken\"\x95\x01\n" + + "\fStoreRequest\x12%\n" + + "\tnamespace\x18\x01 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\tnamespace\x12^\n" + + "\fkey_material\x18\x02 \x01(\v23.krypton.plugin.key_material_storage.v1.KeyMaterialB\x06\xbaH\x03\xc8\x01\x01R\vkeyMaterial\"\x0f\n" + + "\rStoreResponse\"M\n" + + "\vLoadRequest\x12%\n" + + "\tnamespace\x18\x01 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\tnamespace\x12\x17\n" + + "\x02id\x18\x02 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\x02id\"f\n" + + "\fLoadResponse\x12V\n" + + "\fkey_material\x18\x01 \x01(\v23.krypton.plugin.key_material_storage.v1.KeyMaterialR\vkeyMaterial\"O\n" + + "\rDeleteRequest\x12%\n" + + "\tnamespace\x18\x01 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\tnamespace\x12\x17\n" + + "\x02id\x18\x02 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\x02id\"\x10\n" + + "\x0eDeleteResponse2\xf4\x03\n" + + "\x12KeyMaterialStorage\x12t\n" + + "\x05Store\x124.krypton.plugin.key_material_storage.v1.StoreRequest\x1a5.krypton.plugin.key_material_storage.v1.StoreResponse\x12q\n" + + "\x04Load\x123.krypton.plugin.key_material_storage.v1.LoadRequest\x1a4.krypton.plugin.key_material_storage.v1.LoadResponse\x12w\n" + + "\x06Delete\x125.krypton.plugin.key_material_storage.v1.DeleteRequest\x1a6.krypton.plugin.key_material_storage.v1.DeleteResponse\x12|\n" + + "\aListIDs\x126.krypton.plugin.key_material_storage.v1.ListIDsRequest\x1a7.krypton.plugin.key_material_storage.v1.ListIDsResponse0\x01B\xd3\x02\n" + + "*com.krypton.plugin.key_material_storage.v1B\x17KeyMaterialStorageProtoP\x01ZYgithub.com/openkcm/plugin-sdk/proto/plugin/key_material_storage/v1;key_material_storagev1\xa2\x02\x03KPK\xaa\x02$Krypton.Plugin.KeyMaterialStorage.V1\xca\x02$Krypton\\Plugin\\KeyMaterialStorage\\V1\xe2\x020Krypton\\Plugin\\KeyMaterialStorage\\V1\\GPBMetadata\xea\x02'Krypton::Plugin::KeyMaterialStorage::V1b\x06proto3" + +var ( + file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescOnce sync.Once + file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescData []byte +) + +func file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP() []byte { + file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescOnce.Do(func() { + file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_plugin_key_material_storage_v1_key_material_storage_proto_rawDesc), len(file_plugin_key_material_storage_v1_key_material_storage_proto_rawDesc))) + }) + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescData +} + +var file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes = make([]protoimpl.MessageInfo, 14) +var file_plugin_key_material_storage_v1_key_material_storage_proto_goTypes = []any{ + (*KeyMaterial)(nil), // 0: krypton.plugin.key_material_storage.v1.KeyMaterial + (*Filter)(nil), // 1: krypton.plugin.key_material_storage.v1.Filter + (*ListIDsRequest)(nil), // 2: krypton.plugin.key_material_storage.v1.ListIDsRequest + (*ListIDsResponse)(nil), // 3: krypton.plugin.key_material_storage.v1.ListIDsResponse + (*StoreRequest)(nil), // 4: krypton.plugin.key_material_storage.v1.StoreRequest + (*StoreResponse)(nil), // 5: krypton.plugin.key_material_storage.v1.StoreResponse + (*LoadRequest)(nil), // 6: krypton.plugin.key_material_storage.v1.LoadRequest + (*LoadResponse)(nil), // 7: krypton.plugin.key_material_storage.v1.LoadResponse + (*DeleteRequest)(nil), // 8: krypton.plugin.key_material_storage.v1.DeleteRequest + (*DeleteResponse)(nil), // 9: krypton.plugin.key_material_storage.v1.DeleteResponse + nil, // 10: krypton.plugin.key_material_storage.v1.KeyMaterial.TagsEntry + (*Filter_StringMatch)(nil), // 11: krypton.plugin.key_material_storage.v1.Filter.StringMatch + nil, // 12: krypton.plugin.key_material_storage.v1.Filter.TagsEntry + (*Filter_TimeRange)(nil), // 13: krypton.plugin.key_material_storage.v1.Filter.TimeRange + (*timestamppb.Timestamp)(nil), // 14: google.protobuf.Timestamp +} +var file_plugin_key_material_storage_v1_key_material_storage_proto_depIdxs = []int32{ + 14, // 0: krypton.plugin.key_material_storage.v1.KeyMaterial.created_at:type_name -> google.protobuf.Timestamp + 10, // 1: krypton.plugin.key_material_storage.v1.KeyMaterial.tags:type_name -> krypton.plugin.key_material_storage.v1.KeyMaterial.TagsEntry + 11, // 2: krypton.plugin.key_material_storage.v1.Filter.id:type_name -> krypton.plugin.key_material_storage.v1.Filter.StringMatch + 12, // 3: krypton.plugin.key_material_storage.v1.Filter.tags:type_name -> krypton.plugin.key_material_storage.v1.Filter.TagsEntry + 13, // 4: krypton.plugin.key_material_storage.v1.Filter.created_at:type_name -> krypton.plugin.key_material_storage.v1.Filter.TimeRange + 1, // 5: krypton.plugin.key_material_storage.v1.ListIDsRequest.filter:type_name -> krypton.plugin.key_material_storage.v1.Filter + 0, // 6: krypton.plugin.key_material_storage.v1.StoreRequest.key_material:type_name -> krypton.plugin.key_material_storage.v1.KeyMaterial + 0, // 7: krypton.plugin.key_material_storage.v1.LoadResponse.key_material:type_name -> krypton.plugin.key_material_storage.v1.KeyMaterial + 14, // 8: krypton.plugin.key_material_storage.v1.Filter.TimeRange.from:type_name -> google.protobuf.Timestamp + 14, // 9: krypton.plugin.key_material_storage.v1.Filter.TimeRange.to:type_name -> google.protobuf.Timestamp + 4, // 10: krypton.plugin.key_material_storage.v1.KeyMaterialStorage.Store:input_type -> krypton.plugin.key_material_storage.v1.StoreRequest + 6, // 11: krypton.plugin.key_material_storage.v1.KeyMaterialStorage.Load:input_type -> krypton.plugin.key_material_storage.v1.LoadRequest + 8, // 12: krypton.plugin.key_material_storage.v1.KeyMaterialStorage.Delete:input_type -> krypton.plugin.key_material_storage.v1.DeleteRequest + 2, // 13: krypton.plugin.key_material_storage.v1.KeyMaterialStorage.ListIDs:input_type -> krypton.plugin.key_material_storage.v1.ListIDsRequest + 5, // 14: krypton.plugin.key_material_storage.v1.KeyMaterialStorage.Store:output_type -> krypton.plugin.key_material_storage.v1.StoreResponse + 7, // 15: krypton.plugin.key_material_storage.v1.KeyMaterialStorage.Load:output_type -> krypton.plugin.key_material_storage.v1.LoadResponse + 9, // 16: krypton.plugin.key_material_storage.v1.KeyMaterialStorage.Delete:output_type -> krypton.plugin.key_material_storage.v1.DeleteResponse + 3, // 17: krypton.plugin.key_material_storage.v1.KeyMaterialStorage.ListIDs:output_type -> krypton.plugin.key_material_storage.v1.ListIDsResponse + 14, // [14:18] is the sub-list for method output_type + 10, // [10:14] is the sub-list for method input_type + 10, // [10:10] is the sub-list for extension type_name + 10, // [10:10] is the sub-list for extension extendee + 0, // [0:10] is the sub-list for field type_name +} + +func init() { file_plugin_key_material_storage_v1_key_material_storage_proto_init() } +func file_plugin_key_material_storage_v1_key_material_storage_proto_init() { + if File_plugin_key_material_storage_v1_key_material_storage_proto != nil { + return + } + file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[0].OneofWrappers = []any{} + file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[1].OneofWrappers = []any{} + file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[2].OneofWrappers = []any{} + file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[11].OneofWrappers = []any{ + (*Filter_StringMatch_Prefix)(nil), + (*Filter_StringMatch_Suffix)(nil), + (*Filter_StringMatch_Contains)(nil), + (*Filter_StringMatch_Exact)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_plugin_key_material_storage_v1_key_material_storage_proto_rawDesc), len(file_plugin_key_material_storage_v1_key_material_storage_proto_rawDesc)), + NumEnums: 0, + NumMessages: 14, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_plugin_key_material_storage_v1_key_material_storage_proto_goTypes, + DependencyIndexes: file_plugin_key_material_storage_v1_key_material_storage_proto_depIdxs, + MessageInfos: file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes, + }.Build() + File_plugin_key_material_storage_v1_key_material_storage_proto = out.File + file_plugin_key_material_storage_v1_key_material_storage_proto_goTypes = nil + file_plugin_key_material_storage_v1_key_material_storage_proto_depIdxs = nil +} diff --git a/proto/plugin/key_material_storage/v1/key_material_storage.pb.validate.go b/proto/plugin/key_material_storage/v1/key_material_storage.pb.validate.go new file mode 100644 index 0000000..40394cd --- /dev/null +++ b/proto/plugin/key_material_storage/v1/key_material_storage.pb.validate.go @@ -0,0 +1,1569 @@ +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: plugin/key_material_storage/v1/key_material_storage.proto + +package key_material_storagev1 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on KeyMaterial with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *KeyMaterial) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on KeyMaterial with the rules defined in +// the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in KeyMaterialMultiError, or +// nil if none found. +func (m *KeyMaterial) ValidateAll() error { + return m.validate(true) +} + +func (m *KeyMaterial) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Id + + // no validation rules for Data + + // no validation rules for Algorithm + + if all { + switch v := interface{}(m.GetCreatedAt()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeyMaterialValidationError{ + field: "CreatedAt", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeyMaterialValidationError{ + field: "CreatedAt", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetCreatedAt()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeyMaterialValidationError{ + field: "CreatedAt", + reason: "embedded message failed validation", + cause: err, + } + } + } + + // no validation rules for Tags + + if m.PreviousVersionId != nil { + // no validation rules for PreviousVersionId + } + + if m.Checksum != nil { + // no validation rules for Checksum + } + + if len(errors) > 0 { + return KeyMaterialMultiError(errors) + } + + return nil +} + +// KeyMaterialMultiError is an error wrapping multiple validation errors +// returned by KeyMaterial.ValidateAll() if the designated constraints aren't met. +type KeyMaterialMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m KeyMaterialMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m KeyMaterialMultiError) AllErrors() []error { return m } + +// KeyMaterialValidationError is the validation error returned by +// KeyMaterial.Validate if the designated constraints aren't met. +type KeyMaterialValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e KeyMaterialValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e KeyMaterialValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e KeyMaterialValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e KeyMaterialValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e KeyMaterialValidationError) ErrorName() string { return "KeyMaterialValidationError" } + +// Error satisfies the builtin error interface +func (e KeyMaterialValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sKeyMaterial.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = KeyMaterialValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = KeyMaterialValidationError{} + +// Validate checks the field values on Filter with the rules defined in the +// proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *Filter) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on Filter with the rules defined in the +// proto definition for this message. If any rules are violated, the result is +// a list of violation errors wrapped in FilterMultiError, or nil if none found. +func (m *Filter) ValidateAll() error { + return m.validate(true) +} + +func (m *Filter) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Tags + + if m.Id != nil { + + if all { + switch v := interface{}(m.GetId()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, FilterValidationError{ + field: "Id", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, FilterValidationError{ + field: "Id", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetId()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return FilterValidationError{ + field: "Id", + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if m.Algorithm != nil { + // no validation rules for Algorithm + } + + if m.CreatedAt != nil { + + if all { + switch v := interface{}(m.GetCreatedAt()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, FilterValidationError{ + field: "CreatedAt", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, FilterValidationError{ + field: "CreatedAt", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetCreatedAt()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return FilterValidationError{ + field: "CreatedAt", + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return FilterMultiError(errors) + } + + return nil +} + +// FilterMultiError is an error wrapping multiple validation errors returned by +// Filter.ValidateAll() if the designated constraints aren't met. +type FilterMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m FilterMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m FilterMultiError) AllErrors() []error { return m } + +// FilterValidationError is the validation error returned by Filter.Validate if +// the designated constraints aren't met. +type FilterValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e FilterValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e FilterValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e FilterValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e FilterValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e FilterValidationError) ErrorName() string { return "FilterValidationError" } + +// Error satisfies the builtin error interface +func (e FilterValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sFilter.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = FilterValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = FilterValidationError{} + +// Validate checks the field values on ListIDsRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *ListIDsRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on ListIDsRequest with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in ListIDsRequestMultiError, +// or nil if none found. +func (m *ListIDsRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *ListIDsRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Namespace + + // no validation rules for PageSize + + // no validation rules for PageToken + + if m.Filter != nil { + + if all { + switch v := interface{}(m.GetFilter()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ListIDsRequestValidationError{ + field: "Filter", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ListIDsRequestValidationError{ + field: "Filter", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetFilter()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ListIDsRequestValidationError{ + field: "Filter", + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return ListIDsRequestMultiError(errors) + } + + return nil +} + +// ListIDsRequestMultiError is an error wrapping multiple validation errors +// returned by ListIDsRequest.ValidateAll() if the designated constraints +// aren't met. +type ListIDsRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m ListIDsRequestMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m ListIDsRequestMultiError) AllErrors() []error { return m } + +// ListIDsRequestValidationError is the validation error returned by +// ListIDsRequest.Validate if the designated constraints aren't met. +type ListIDsRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e ListIDsRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e ListIDsRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e ListIDsRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e ListIDsRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e ListIDsRequestValidationError) ErrorName() string { return "ListIDsRequestValidationError" } + +// Error satisfies the builtin error interface +func (e ListIDsRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sListIDsRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = ListIDsRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = ListIDsRequestValidationError{} + +// Validate checks the field values on ListIDsResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *ListIDsResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on ListIDsResponse with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// ListIDsResponseMultiError, or nil if none found. +func (m *ListIDsResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *ListIDsResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for NextPageToken + + if len(errors) > 0 { + return ListIDsResponseMultiError(errors) + } + + return nil +} + +// ListIDsResponseMultiError is an error wrapping multiple validation errors +// returned by ListIDsResponse.ValidateAll() if the designated constraints +// aren't met. +type ListIDsResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m ListIDsResponseMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m ListIDsResponseMultiError) AllErrors() []error { return m } + +// ListIDsResponseValidationError is the validation error returned by +// ListIDsResponse.Validate if the designated constraints aren't met. +type ListIDsResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e ListIDsResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e ListIDsResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e ListIDsResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e ListIDsResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e ListIDsResponseValidationError) ErrorName() string { return "ListIDsResponseValidationError" } + +// Error satisfies the builtin error interface +func (e ListIDsResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sListIDsResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = ListIDsResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = ListIDsResponseValidationError{} + +// Validate checks the field values on StoreRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *StoreRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on StoreRequest with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in StoreRequestMultiError, or +// nil if none found. +func (m *StoreRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *StoreRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Namespace + + if all { + switch v := interface{}(m.GetKeyMaterial()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, StoreRequestValidationError{ + field: "KeyMaterial", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, StoreRequestValidationError{ + field: "KeyMaterial", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeyMaterial()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return StoreRequestValidationError{ + field: "KeyMaterial", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return StoreRequestMultiError(errors) + } + + return nil +} + +// StoreRequestMultiError is an error wrapping multiple validation errors +// returned by StoreRequest.ValidateAll() if the designated constraints aren't met. +type StoreRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m StoreRequestMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m StoreRequestMultiError) AllErrors() []error { return m } + +// StoreRequestValidationError is the validation error returned by +// StoreRequest.Validate if the designated constraints aren't met. +type StoreRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e StoreRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e StoreRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e StoreRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e StoreRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e StoreRequestValidationError) ErrorName() string { return "StoreRequestValidationError" } + +// Error satisfies the builtin error interface +func (e StoreRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sStoreRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = StoreRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = StoreRequestValidationError{} + +// Validate checks the field values on StoreResponse with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *StoreResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on StoreResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in StoreResponseMultiError, or +// nil if none found. +func (m *StoreResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *StoreResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if len(errors) > 0 { + return StoreResponseMultiError(errors) + } + + return nil +} + +// StoreResponseMultiError is an error wrapping multiple validation errors +// returned by StoreResponse.ValidateAll() if the designated constraints +// aren't met. +type StoreResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m StoreResponseMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m StoreResponseMultiError) AllErrors() []error { return m } + +// StoreResponseValidationError is the validation error returned by +// StoreResponse.Validate if the designated constraints aren't met. +type StoreResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e StoreResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e StoreResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e StoreResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e StoreResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e StoreResponseValidationError) ErrorName() string { return "StoreResponseValidationError" } + +// Error satisfies the builtin error interface +func (e StoreResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sStoreResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = StoreResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = StoreResponseValidationError{} + +// Validate checks the field values on LoadRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *LoadRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on LoadRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in LoadRequestMultiError, or +// nil if none found. +func (m *LoadRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *LoadRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Namespace + + // no validation rules for Id + + if len(errors) > 0 { + return LoadRequestMultiError(errors) + } + + return nil +} + +// LoadRequestMultiError is an error wrapping multiple validation errors +// returned by LoadRequest.ValidateAll() if the designated constraints aren't met. +type LoadRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m LoadRequestMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m LoadRequestMultiError) AllErrors() []error { return m } + +// LoadRequestValidationError is the validation error returned by +// LoadRequest.Validate if the designated constraints aren't met. +type LoadRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e LoadRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e LoadRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e LoadRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e LoadRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e LoadRequestValidationError) ErrorName() string { return "LoadRequestValidationError" } + +// Error satisfies the builtin error interface +func (e LoadRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sLoadRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = LoadRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = LoadRequestValidationError{} + +// Validate checks the field values on LoadResponse with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *LoadResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on LoadResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in LoadResponseMultiError, or +// nil if none found. +func (m *LoadResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *LoadResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetKeyMaterial()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, LoadResponseValidationError{ + field: "KeyMaterial", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, LoadResponseValidationError{ + field: "KeyMaterial", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeyMaterial()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return LoadResponseValidationError{ + field: "KeyMaterial", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return LoadResponseMultiError(errors) + } + + return nil +} + +// LoadResponseMultiError is an error wrapping multiple validation errors +// returned by LoadResponse.ValidateAll() if the designated constraints aren't met. +type LoadResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m LoadResponseMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m LoadResponseMultiError) AllErrors() []error { return m } + +// LoadResponseValidationError is the validation error returned by +// LoadResponse.Validate if the designated constraints aren't met. +type LoadResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e LoadResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e LoadResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e LoadResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e LoadResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e LoadResponseValidationError) ErrorName() string { return "LoadResponseValidationError" } + +// Error satisfies the builtin error interface +func (e LoadResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sLoadResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = LoadResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = LoadResponseValidationError{} + +// Validate checks the field values on DeleteRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *DeleteRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on DeleteRequest with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in DeleteRequestMultiError, or +// nil if none found. +func (m *DeleteRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *DeleteRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Namespace + + // no validation rules for Id + + if len(errors) > 0 { + return DeleteRequestMultiError(errors) + } + + return nil +} + +// DeleteRequestMultiError is an error wrapping multiple validation errors +// returned by DeleteRequest.ValidateAll() if the designated constraints +// aren't met. +type DeleteRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m DeleteRequestMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m DeleteRequestMultiError) AllErrors() []error { return m } + +// DeleteRequestValidationError is the validation error returned by +// DeleteRequest.Validate if the designated constraints aren't met. +type DeleteRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e DeleteRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e DeleteRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e DeleteRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e DeleteRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e DeleteRequestValidationError) ErrorName() string { return "DeleteRequestValidationError" } + +// Error satisfies the builtin error interface +func (e DeleteRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sDeleteRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = DeleteRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = DeleteRequestValidationError{} + +// Validate checks the field values on DeleteResponse with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *DeleteResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on DeleteResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in DeleteResponseMultiError, +// or nil if none found. +func (m *DeleteResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *DeleteResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if len(errors) > 0 { + return DeleteResponseMultiError(errors) + } + + return nil +} + +// DeleteResponseMultiError is an error wrapping multiple validation errors +// returned by DeleteResponse.ValidateAll() if the designated constraints +// aren't met. +type DeleteResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m DeleteResponseMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m DeleteResponseMultiError) AllErrors() []error { return m } + +// DeleteResponseValidationError is the validation error returned by +// DeleteResponse.Validate if the designated constraints aren't met. +type DeleteResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e DeleteResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e DeleteResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e DeleteResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e DeleteResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e DeleteResponseValidationError) ErrorName() string { return "DeleteResponseValidationError" } + +// Error satisfies the builtin error interface +func (e DeleteResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sDeleteResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = DeleteResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = DeleteResponseValidationError{} + +// Validate checks the field values on Filter_StringMatch with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *Filter_StringMatch) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on Filter_StringMatch with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// Filter_StringMatchMultiError, or nil if none found. +func (m *Filter_StringMatch) ValidateAll() error { + return m.validate(true) +} + +func (m *Filter_StringMatch) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + switch v := m.Type.(type) { + case *Filter_StringMatch_Prefix: + if v == nil { + err := Filter_StringMatchValidationError{ + field: "Type", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + // no validation rules for Prefix + case *Filter_StringMatch_Suffix: + if v == nil { + err := Filter_StringMatchValidationError{ + field: "Type", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + // no validation rules for Suffix + case *Filter_StringMatch_Contains: + if v == nil { + err := Filter_StringMatchValidationError{ + field: "Type", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + // no validation rules for Contains + case *Filter_StringMatch_Exact: + if v == nil { + err := Filter_StringMatchValidationError{ + field: "Type", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + // no validation rules for Exact + default: + _ = v // ensures v is used + } + + if len(errors) > 0 { + return Filter_StringMatchMultiError(errors) + } + + return nil +} + +// Filter_StringMatchMultiError is an error wrapping multiple validation errors +// returned by Filter_StringMatch.ValidateAll() if the designated constraints +// aren't met. +type Filter_StringMatchMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m Filter_StringMatchMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m Filter_StringMatchMultiError) AllErrors() []error { return m } + +// Filter_StringMatchValidationError is the validation error returned by +// Filter_StringMatch.Validate if the designated constraints aren't met. +type Filter_StringMatchValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e Filter_StringMatchValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e Filter_StringMatchValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e Filter_StringMatchValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e Filter_StringMatchValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e Filter_StringMatchValidationError) ErrorName() string { + return "Filter_StringMatchValidationError" +} + +// Error satisfies the builtin error interface +func (e Filter_StringMatchValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sFilter_StringMatch.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = Filter_StringMatchValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = Filter_StringMatchValidationError{} + +// Validate checks the field values on Filter_TimeRange with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *Filter_TimeRange) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on Filter_TimeRange with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// Filter_TimeRangeMultiError, or nil if none found. +func (m *Filter_TimeRange) ValidateAll() error { + return m.validate(true) +} + +func (m *Filter_TimeRange) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetFrom()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, Filter_TimeRangeValidationError{ + field: "From", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, Filter_TimeRangeValidationError{ + field: "From", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetFrom()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return Filter_TimeRangeValidationError{ + field: "From", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetTo()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, Filter_TimeRangeValidationError{ + field: "To", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, Filter_TimeRangeValidationError{ + field: "To", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetTo()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return Filter_TimeRangeValidationError{ + field: "To", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return Filter_TimeRangeMultiError(errors) + } + + return nil +} + +// Filter_TimeRangeMultiError is an error wrapping multiple validation errors +// returned by Filter_TimeRange.ValidateAll() if the designated constraints +// aren't met. +type Filter_TimeRangeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m Filter_TimeRangeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m Filter_TimeRangeMultiError) AllErrors() []error { return m } + +// Filter_TimeRangeValidationError is the validation error returned by +// Filter_TimeRange.Validate if the designated constraints aren't met. +type Filter_TimeRangeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e Filter_TimeRangeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e Filter_TimeRangeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e Filter_TimeRangeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e Filter_TimeRangeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e Filter_TimeRangeValidationError) ErrorName() string { return "Filter_TimeRangeValidationError" } + +// Error satisfies the builtin error interface +func (e Filter_TimeRangeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sFilter_TimeRange.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = Filter_TimeRangeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = Filter_TimeRangeValidationError{} diff --git a/proto/plugin/key_material_storage/v1/key_material_storage.proto b/proto/plugin/key_material_storage/v1/key_material_storage.proto new file mode 100644 index 0000000..786f0a7 --- /dev/null +++ b/proto/plugin/key_material_storage/v1/key_material_storage.proto @@ -0,0 +1,97 @@ +syntax = "proto3"; + +package krypton.plugin.key_material_storage.v1; + +import "buf/validate/validate.proto"; +import "google/protobuf/timestamp.proto"; + +// KeyMaterialStorage defines the universal interface for persisting and +// retrieving opaque blobs of data, typically wrapped key material. +service KeyMaterialStorage { + rpc Store(StoreRequest) returns (StoreResponse); + rpc Load(LoadRequest) returns (LoadResponse); + rpc Delete(DeleteRequest) returns (DeleteResponse); + + // ListIDs returns batches of IDs matching the criteria. + rpc ListIDs(ListIDsRequest) returns (stream ListIDsResponse); +} + +// KeyMaterial represents a single unit of stored data. +message KeyMaterial { + string id = 1 [(buf.validate.field).string.min_len = 1]; + bytes data = 2 [(buf.validate.field).bytes.min_len = 1]; + string algorithm = 3 [(buf.validate.field).string.min_len = 1]; + + optional string previous_version_id = 4; + optional string checksum = 5; + google.protobuf.Timestamp created_at = 6; + map tags = 7; +} + +// --- Filter Refactor --- + +message Filter { + // Pattern-based matching for the primary Key ID. + message StringMatch { + oneof type { + string prefix = 1; + string suffix = 2; + string contains = 3; + string exact = 4; + } + } + optional StringMatch id = 1; + + // Filter by cryptographic algorithm (e.g., "AES-256-GCM"). + optional string algorithm = 2; + + // Filter by metadata tags (e.g., {"env": "prod"}). + // Match is typically performed as "contains all". + map tags = 3; + + // Filter by the time the key was created. + message TimeRange { + google.protobuf.Timestamp from = 1; + google.protobuf.Timestamp to = 2; + } + optional TimeRange created_at = 4; +} + +// --- RPC Messages --- + +message ListIDsRequest { + string namespace = 1 [(buf.validate.field).string.min_len = 1]; + optional Filter filter = 2; + + // Pagination support + uint32 page_size = 3; + string page_token = 4; +} + +message ListIDsResponse { + repeated string ids = 1; + string next_page_token = 2; +} + +message StoreRequest { + string namespace = 1 [(buf.validate.field).string.min_len = 1]; + KeyMaterial key_material = 2 [(buf.validate.field).required = true]; +} + +message StoreResponse {} + +message LoadRequest { + string namespace = 1 [(buf.validate.field).string.min_len = 1]; + string id = 2 [(buf.validate.field).string.min_len = 1]; +} + +message LoadResponse { + KeyMaterial key_material = 1; +} + +message DeleteRequest { + string namespace = 1 [(buf.validate.field).string.min_len = 1]; + string id = 2 [(buf.validate.field).string.min_len = 1]; +} + +message DeleteResponse {} diff --git a/proto/plugin/key_material_storage/v1/key_material_storage_ext_plugin.pb.go b/proto/plugin/key_material_storage/v1/key_material_storage_ext_plugin.pb.go new file mode 100644 index 0000000..fbb9f20 --- /dev/null +++ b/proto/plugin/key_material_storage/v1/key_material_storage_ext_plugin.pb.go @@ -0,0 +1,56 @@ +// Code generated by protoc-gen-go-extension. DO NOT EDIT. + +package key_material_storagev1 + +import ( + grpc "google.golang.org/grpc" + + api "github.com/openkcm/plugin-sdk/api" +) + +const ( + Type = "KeyMaterialStorage" + GRPCServiceFullName = "krypton.plugin.key_material_storage.v1.KeyMaterialStorage" +) + +func KeyMaterialStoragePluginServer(server KeyMaterialStorageServer) api.PluginServer { + return keyMaterialStoragePluginServer{KeyMaterialStorageServer: server} +} + +type keyMaterialStoragePluginServer struct { + KeyMaterialStorageServer +} + +func (s keyMaterialStoragePluginServer) Type() string { + return Type +} + +func (s keyMaterialStoragePluginServer) GRPCServiceName() string { + return GRPCServiceFullName +} + +func (s keyMaterialStoragePluginServer) RegisterServer(server *grpc.Server) any { + RegisterKeyMaterialStorageServer(server, s.KeyMaterialStorageServer) + return s.KeyMaterialStorageServer +} + +type KeyMaterialStoragePluginClient struct { + KeyMaterialStorageClient +} + +func (s KeyMaterialStoragePluginClient) Type() string { + return Type +} + +func (c *KeyMaterialStoragePluginClient) IsInitialized() bool { + return c.KeyMaterialStorageClient != nil +} + +func (c *KeyMaterialStoragePluginClient) GRPCServiceName() string { + return GRPCServiceFullName +} + +func (c *KeyMaterialStoragePluginClient) InitClient(conn grpc.ClientConnInterface) any { + c.KeyMaterialStorageClient = NewKeyMaterialStorageClient(conn) + return c.KeyMaterialStorageClient +} diff --git a/proto/plugin/key_material_storage/v1/key_material_storage_grpc.pb.go b/proto/plugin/key_material_storage/v1/key_material_storage_grpc.pb.go new file mode 100644 index 0000000..064b571 --- /dev/null +++ b/proto/plugin/key_material_storage/v1/key_material_storage_grpc.pb.go @@ -0,0 +1,248 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.6.1 +// - protoc (unknown) +// source: plugin/key_material_storage/v1/key_material_storage.proto + +package key_material_storagev1 + +import ( + context "context" + + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + KeyMaterialStorage_Store_FullMethodName = "/krypton.plugin.key_material_storage.v1.KeyMaterialStorage/Store" + KeyMaterialStorage_Load_FullMethodName = "/krypton.plugin.key_material_storage.v1.KeyMaterialStorage/Load" + KeyMaterialStorage_Delete_FullMethodName = "/krypton.plugin.key_material_storage.v1.KeyMaterialStorage/Delete" + KeyMaterialStorage_ListIDs_FullMethodName = "/krypton.plugin.key_material_storage.v1.KeyMaterialStorage/ListIDs" +) + +// KeyMaterialStorageClient is the client API for KeyMaterialStorage service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +// +// KeyMaterialStorage defines the universal interface for persisting and +// retrieving opaque blobs of data, typically wrapped key material. +type KeyMaterialStorageClient interface { + Store(ctx context.Context, in *StoreRequest, opts ...grpc.CallOption) (*StoreResponse, error) + Load(ctx context.Context, in *LoadRequest, opts ...grpc.CallOption) (*LoadResponse, error) + Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*DeleteResponse, error) + // ListIDs returns batches of IDs matching the criteria. + ListIDs(ctx context.Context, in *ListIDsRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[ListIDsResponse], error) +} + +type keyMaterialStorageClient struct { + cc grpc.ClientConnInterface +} + +func NewKeyMaterialStorageClient(cc grpc.ClientConnInterface) KeyMaterialStorageClient { + return &keyMaterialStorageClient{cc} +} + +func (c *keyMaterialStorageClient) Store(ctx context.Context, in *StoreRequest, opts ...grpc.CallOption) (*StoreResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(StoreResponse) + err := c.cc.Invoke(ctx, KeyMaterialStorage_Store_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *keyMaterialStorageClient) Load(ctx context.Context, in *LoadRequest, opts ...grpc.CallOption) (*LoadResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(LoadResponse) + err := c.cc.Invoke(ctx, KeyMaterialStorage_Load_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *keyMaterialStorageClient) Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*DeleteResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(DeleteResponse) + err := c.cc.Invoke(ctx, KeyMaterialStorage_Delete_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *keyMaterialStorageClient) ListIDs(ctx context.Context, in *ListIDsRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[ListIDsResponse], error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + stream, err := c.cc.NewStream(ctx, &KeyMaterialStorage_ServiceDesc.Streams[0], KeyMaterialStorage_ListIDs_FullMethodName, cOpts...) + if err != nil { + return nil, err + } + x := &grpc.GenericClientStream[ListIDsRequest, ListIDsResponse]{ClientStream: stream} + if err := x.ClientStream.SendMsg(in); err != nil { + return nil, err + } + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + return x, nil +} + +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type KeyMaterialStorage_ListIDsClient = grpc.ServerStreamingClient[ListIDsResponse] + +// KeyMaterialStorageServer is the server API for KeyMaterialStorage service. +// All implementations must embed UnimplementedKeyMaterialStorageServer +// for forward compatibility. +// +// KeyMaterialStorage defines the universal interface for persisting and +// retrieving opaque blobs of data, typically wrapped key material. +type KeyMaterialStorageServer interface { + Store(context.Context, *StoreRequest) (*StoreResponse, error) + Load(context.Context, *LoadRequest) (*LoadResponse, error) + Delete(context.Context, *DeleteRequest) (*DeleteResponse, error) + // ListIDs returns batches of IDs matching the criteria. + ListIDs(*ListIDsRequest, grpc.ServerStreamingServer[ListIDsResponse]) error + mustEmbedUnimplementedKeyMaterialStorageServer() +} + +// UnimplementedKeyMaterialStorageServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedKeyMaterialStorageServer struct{} + +func (UnimplementedKeyMaterialStorageServer) Store(context.Context, *StoreRequest) (*StoreResponse, error) { + return nil, status.Error(codes.Unimplemented, "method Store not implemented") +} +func (UnimplementedKeyMaterialStorageServer) Load(context.Context, *LoadRequest) (*LoadResponse, error) { + return nil, status.Error(codes.Unimplemented, "method Load not implemented") +} +func (UnimplementedKeyMaterialStorageServer) Delete(context.Context, *DeleteRequest) (*DeleteResponse, error) { + return nil, status.Error(codes.Unimplemented, "method Delete not implemented") +} +func (UnimplementedKeyMaterialStorageServer) ListIDs(*ListIDsRequest, grpc.ServerStreamingServer[ListIDsResponse]) error { + return status.Error(codes.Unimplemented, "method ListIDs not implemented") +} +func (UnimplementedKeyMaterialStorageServer) mustEmbedUnimplementedKeyMaterialStorageServer() {} +func (UnimplementedKeyMaterialStorageServer) testEmbeddedByValue() {} + +// UnsafeKeyMaterialStorageServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to KeyMaterialStorageServer will +// result in compilation errors. +type UnsafeKeyMaterialStorageServer interface { + mustEmbedUnimplementedKeyMaterialStorageServer() +} + +func RegisterKeyMaterialStorageServer(s grpc.ServiceRegistrar, srv KeyMaterialStorageServer) { + // If the following call panics, it indicates UnimplementedKeyMaterialStorageServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&KeyMaterialStorage_ServiceDesc, srv) +} + +func _KeyMaterialStorage_Store_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(StoreRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KeyMaterialStorageServer).Store(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KeyMaterialStorage_Store_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KeyMaterialStorageServer).Store(ctx, req.(*StoreRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _KeyMaterialStorage_Load_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(LoadRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KeyMaterialStorageServer).Load(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KeyMaterialStorage_Load_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KeyMaterialStorageServer).Load(ctx, req.(*LoadRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _KeyMaterialStorage_Delete_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KeyMaterialStorageServer).Delete(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KeyMaterialStorage_Delete_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KeyMaterialStorageServer).Delete(ctx, req.(*DeleteRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _KeyMaterialStorage_ListIDs_Handler(srv interface{}, stream grpc.ServerStream) error { + m := new(ListIDsRequest) + if err := stream.RecvMsg(m); err != nil { + return err + } + return srv.(KeyMaterialStorageServer).ListIDs(m, &grpc.GenericServerStream[ListIDsRequest, ListIDsResponse]{ServerStream: stream}) +} + +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type KeyMaterialStorage_ListIDsServer = grpc.ServerStreamingServer[ListIDsResponse] + +// KeyMaterialStorage_ServiceDesc is the grpc.ServiceDesc for KeyMaterialStorage service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var KeyMaterialStorage_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "krypton.plugin.key_material_storage.v1.KeyMaterialStorage", + HandlerType: (*KeyMaterialStorageServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Store", + Handler: _KeyMaterialStorage_Store_Handler, + }, + { + MethodName: "Load", + Handler: _KeyMaterialStorage_Load_Handler, + }, + { + MethodName: "Delete", + Handler: _KeyMaterialStorage_Delete_Handler, + }, + }, + Streams: []grpc.StreamDesc{ + { + StreamName: "ListIDs", + Handler: _KeyMaterialStorage_ListIDs_Handler, + ServerStreams: true, + }, + }, + Metadata: "plugin/key_material_storage/v1/key_material_storage.proto", +} diff --git a/proto/plugin/llm/v1/llm.pb.go b/proto/plugin/llm/v1/llm.pb.go new file mode 100644 index 0000000..084794d --- /dev/null +++ b/proto/plugin/llm/v1/llm.pb.go @@ -0,0 +1,438 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.11 +// protoc (unknown) +// source: plugin/llm/v1/llm.proto + +package llmv1 + +import ( + reflect "reflect" + sync "sync" + unsafe "unsafe" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// FindingSummary is a single rule-engine finding passed to the LLM for enrichment. +// Only aggregate metrics are included — never key material or key IDs. +type FindingSummary struct { + state protoimpl.MessageState `protogen:"open.v1"` + Category string `protobuf:"bytes,1,opt,name=category,proto3" json:"category,omitempty"` + Severity string `protobuf:"bytes,2,opt,name=severity,proto3" json:"severity,omitempty"` + Title string `protobuf:"bytes,3,opt,name=title,proto3" json:"title,omitempty"` + Description string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"` + // aggregate_metadata contains counts and names only (e.g. algorithm="AES-256", count="12"). + AggregateMetadata map[string]string `protobuf:"bytes,5,rep,name=aggregate_metadata,json=aggregateMetadata,proto3" json:"aggregate_metadata,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *FindingSummary) Reset() { + *x = FindingSummary{} + mi := &file_plugin_llm_v1_llm_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *FindingSummary) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FindingSummary) ProtoMessage() {} + +func (x *FindingSummary) ProtoReflect() protoreflect.Message { + mi := &file_plugin_llm_v1_llm_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FindingSummary.ProtoReflect.Descriptor instead. +func (*FindingSummary) Descriptor() ([]byte, []int) { + return file_plugin_llm_v1_llm_proto_rawDescGZIP(), []int{0} +} + +func (x *FindingSummary) GetCategory() string { + if x != nil { + return x.Category + } + return "" +} + +func (x *FindingSummary) GetSeverity() string { + if x != nil { + return x.Severity + } + return "" +} + +func (x *FindingSummary) GetTitle() string { + if x != nil { + return x.Title + } + return "" +} + +func (x *FindingSummary) GetDescription() string { + if x != nil { + return x.Description + } + return "" +} + +func (x *FindingSummary) GetAggregateMetadata() map[string]string { + if x != nil { + return x.AggregateMetadata + } + return nil +} + +// EnrichedFinding contains LLM-enhanced descriptions for a single finding. +type EnrichedFinding struct { + state protoimpl.MessageState `protogen:"open.v1"` + EnrichedDescription string `protobuf:"bytes,1,opt,name=enriched_description,json=enrichedDescription,proto3" json:"enriched_description,omitempty"` + EnrichedRemediation string `protobuf:"bytes,2,opt,name=enriched_remediation,json=enrichedRemediation,proto3" json:"enriched_remediation,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EnrichedFinding) Reset() { + *x = EnrichedFinding{} + mi := &file_plugin_llm_v1_llm_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnrichedFinding) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnrichedFinding) ProtoMessage() {} + +func (x *EnrichedFinding) ProtoReflect() protoreflect.Message { + mi := &file_plugin_llm_v1_llm_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnrichedFinding.ProtoReflect.Descriptor instead. +func (*EnrichedFinding) Descriptor() ([]byte, []int) { + return file_plugin_llm_v1_llm_proto_rawDescGZIP(), []int{1} +} + +func (x *EnrichedFinding) GetEnrichedDescription() string { + if x != nil { + return x.EnrichedDescription + } + return "" +} + +func (x *EnrichedFinding) GetEnrichedRemediation() string { + if x != nil { + return x.EnrichedRemediation + } + return "" +} + +type EnrichRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Findings []*FindingSummary `protobuf:"bytes,1,rep,name=findings,proto3" json:"findings,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EnrichRequest) Reset() { + *x = EnrichRequest{} + mi := &file_plugin_llm_v1_llm_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnrichRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnrichRequest) ProtoMessage() {} + +func (x *EnrichRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_llm_v1_llm_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnrichRequest.ProtoReflect.Descriptor instead. +func (*EnrichRequest) Descriptor() ([]byte, []int) { + return file_plugin_llm_v1_llm_proto_rawDescGZIP(), []int{2} +} + +func (x *EnrichRequest) GetFindings() []*FindingSummary { + if x != nil { + return x.Findings + } + return nil +} + +type EnrichResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + Enriched []*EnrichedFinding `protobuf:"bytes,1,rep,name=enriched,proto3" json:"enriched,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EnrichResponse) Reset() { + *x = EnrichResponse{} + mi := &file_plugin_llm_v1_llm_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnrichResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnrichResponse) ProtoMessage() {} + +func (x *EnrichResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_llm_v1_llm_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnrichResponse.ProtoReflect.Descriptor instead. +func (*EnrichResponse) Descriptor() ([]byte, []int) { + return file_plugin_llm_v1_llm_proto_rawDescGZIP(), []int{3} +} + +func (x *EnrichResponse) GetEnriched() []*EnrichedFinding { + if x != nil { + return x.Enriched + } + return nil +} + +// AnswerRequest carries a free-form question and aggregate context signals. +// context_signals must contain only counts and names — never key material. +type AnswerRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Question string `protobuf:"bytes,1,opt,name=question,proto3" json:"question,omitempty"` + ContextSignals map[string]string `protobuf:"bytes,2,rep,name=context_signals,json=contextSignals,proto3" json:"context_signals,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *AnswerRequest) Reset() { + *x = AnswerRequest{} + mi := &file_plugin_llm_v1_llm_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *AnswerRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AnswerRequest) ProtoMessage() {} + +func (x *AnswerRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_llm_v1_llm_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AnswerRequest.ProtoReflect.Descriptor instead. +func (*AnswerRequest) Descriptor() ([]byte, []int) { + return file_plugin_llm_v1_llm_proto_rawDescGZIP(), []int{4} +} + +func (x *AnswerRequest) GetQuestion() string { + if x != nil { + return x.Question + } + return "" +} + +func (x *AnswerRequest) GetContextSignals() map[string]string { + if x != nil { + return x.ContextSignals + } + return nil +} + +type AnswerResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + Answer string `protobuf:"bytes,1,opt,name=answer,proto3" json:"answer,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *AnswerResponse) Reset() { + *x = AnswerResponse{} + mi := &file_plugin_llm_v1_llm_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *AnswerResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AnswerResponse) ProtoMessage() {} + +func (x *AnswerResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_llm_v1_llm_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AnswerResponse.ProtoReflect.Descriptor instead. +func (*AnswerResponse) Descriptor() ([]byte, []int) { + return file_plugin_llm_v1_llm_proto_rawDescGZIP(), []int{5} +} + +func (x *AnswerResponse) GetAnswer() string { + if x != nil { + return x.Answer + } + return "" +} + +var File_plugin_llm_v1_llm_proto protoreflect.FileDescriptor + +const file_plugin_llm_v1_llm_proto_rawDesc = "" + + "\n" + + "\x17plugin/llm/v1/llm.proto\x12\x15krypton.plugin.llm.v1\"\xb3\x02\n" + + "\x0eFindingSummary\x12\x1a\n" + + "\bcategory\x18\x01 \x01(\tR\bcategory\x12\x1a\n" + + "\bseverity\x18\x02 \x01(\tR\bseverity\x12\x14\n" + + "\x05title\x18\x03 \x01(\tR\x05title\x12 \n" + + "\vdescription\x18\x04 \x01(\tR\vdescription\x12k\n" + + "\x12aggregate_metadata\x18\x05 \x03(\v2<.krypton.plugin.llm.v1.FindingSummary.AggregateMetadataEntryR\x11aggregateMetadata\x1aD\n" + + "\x16AggregateMetadataEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01\"w\n" + + "\x0fEnrichedFinding\x121\n" + + "\x14enriched_description\x18\x01 \x01(\tR\x13enrichedDescription\x121\n" + + "\x14enriched_remediation\x18\x02 \x01(\tR\x13enrichedRemediation\"R\n" + + "\rEnrichRequest\x12A\n" + + "\bfindings\x18\x01 \x03(\v2%.krypton.plugin.llm.v1.FindingSummaryR\bfindings\"T\n" + + "\x0eEnrichResponse\x12B\n" + + "\benriched\x18\x01 \x03(\v2&.krypton.plugin.llm.v1.EnrichedFindingR\benriched\"\xd1\x01\n" + + "\rAnswerRequest\x12\x1a\n" + + "\bquestion\x18\x01 \x01(\tR\bquestion\x12a\n" + + "\x0fcontext_signals\x18\x02 \x03(\v28.krypton.plugin.llm.v1.AnswerRequest.ContextSignalsEntryR\x0econtextSignals\x1aA\n" + + "\x13ContextSignalsEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01\"(\n" + + "\x0eAnswerResponse\x12\x16\n" + + "\x06answer\x18\x01 \x01(\tR\x06answer2\xb3\x01\n" + + "\x03LLM\x12U\n" + + "\x06Enrich\x12$.krypton.plugin.llm.v1.EnrichRequest\x1a%.krypton.plugin.llm.v1.EnrichResponse\x12U\n" + + "\x06Answer\x12$.krypton.plugin.llm.v1.AnswerRequest\x1a%.krypton.plugin.llm.v1.AnswerResponseB\xd5\x01\n" + + "\x19com.krypton.plugin.llm.v1B\bLlmProtoP\x01Z7github.com/openkcm/plugin-sdk/proto/plugin/llm/v1;llmv1\xa2\x02\x03KPL\xaa\x02\x15Krypton.Plugin.Llm.V1\xca\x02\x15Krypton\\Plugin\\Llm\\V1\xe2\x02!Krypton\\Plugin\\Llm\\V1\\GPBMetadata\xea\x02\x18Krypton::Plugin::Llm::V1b\x06proto3" + +var ( + file_plugin_llm_v1_llm_proto_rawDescOnce sync.Once + file_plugin_llm_v1_llm_proto_rawDescData []byte +) + +func file_plugin_llm_v1_llm_proto_rawDescGZIP() []byte { + file_plugin_llm_v1_llm_proto_rawDescOnce.Do(func() { + file_plugin_llm_v1_llm_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_plugin_llm_v1_llm_proto_rawDesc), len(file_plugin_llm_v1_llm_proto_rawDesc))) + }) + return file_plugin_llm_v1_llm_proto_rawDescData +} + +var file_plugin_llm_v1_llm_proto_msgTypes = make([]protoimpl.MessageInfo, 8) +var file_plugin_llm_v1_llm_proto_goTypes = []any{ + (*FindingSummary)(nil), // 0: krypton.plugin.llm.v1.FindingSummary + (*EnrichedFinding)(nil), // 1: krypton.plugin.llm.v1.EnrichedFinding + (*EnrichRequest)(nil), // 2: krypton.plugin.llm.v1.EnrichRequest + (*EnrichResponse)(nil), // 3: krypton.plugin.llm.v1.EnrichResponse + (*AnswerRequest)(nil), // 4: krypton.plugin.llm.v1.AnswerRequest + (*AnswerResponse)(nil), // 5: krypton.plugin.llm.v1.AnswerResponse + nil, // 6: krypton.plugin.llm.v1.FindingSummary.AggregateMetadataEntry + nil, // 7: krypton.plugin.llm.v1.AnswerRequest.ContextSignalsEntry +} +var file_plugin_llm_v1_llm_proto_depIdxs = []int32{ + 6, // 0: krypton.plugin.llm.v1.FindingSummary.aggregate_metadata:type_name -> krypton.plugin.llm.v1.FindingSummary.AggregateMetadataEntry + 0, // 1: krypton.plugin.llm.v1.EnrichRequest.findings:type_name -> krypton.plugin.llm.v1.FindingSummary + 1, // 2: krypton.plugin.llm.v1.EnrichResponse.enriched:type_name -> krypton.plugin.llm.v1.EnrichedFinding + 7, // 3: krypton.plugin.llm.v1.AnswerRequest.context_signals:type_name -> krypton.plugin.llm.v1.AnswerRequest.ContextSignalsEntry + 2, // 4: krypton.plugin.llm.v1.LLM.Enrich:input_type -> krypton.plugin.llm.v1.EnrichRequest + 4, // 5: krypton.plugin.llm.v1.LLM.Answer:input_type -> krypton.plugin.llm.v1.AnswerRequest + 3, // 6: krypton.plugin.llm.v1.LLM.Enrich:output_type -> krypton.plugin.llm.v1.EnrichResponse + 5, // 7: krypton.plugin.llm.v1.LLM.Answer:output_type -> krypton.plugin.llm.v1.AnswerResponse + 6, // [6:8] is the sub-list for method output_type + 4, // [4:6] is the sub-list for method input_type + 4, // [4:4] is the sub-list for extension type_name + 4, // [4:4] is the sub-list for extension extendee + 0, // [0:4] is the sub-list for field type_name +} + +func init() { file_plugin_llm_v1_llm_proto_init() } +func file_plugin_llm_v1_llm_proto_init() { + if File_plugin_llm_v1_llm_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_plugin_llm_v1_llm_proto_rawDesc), len(file_plugin_llm_v1_llm_proto_rawDesc)), + NumEnums: 0, + NumMessages: 8, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_plugin_llm_v1_llm_proto_goTypes, + DependencyIndexes: file_plugin_llm_v1_llm_proto_depIdxs, + MessageInfos: file_plugin_llm_v1_llm_proto_msgTypes, + }.Build() + File_plugin_llm_v1_llm_proto = out.File + file_plugin_llm_v1_llm_proto_goTypes = nil + file_plugin_llm_v1_llm_proto_depIdxs = nil +} diff --git a/proto/plugin/llm/v1/llm.pb.validate.go b/proto/plugin/llm/v1/llm.pb.validate.go new file mode 100644 index 0000000..bfe21ac --- /dev/null +++ b/proto/plugin/llm/v1/llm.pb.validate.go @@ -0,0 +1,724 @@ +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: plugin/llm/v1/llm.proto + +package llmv1 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on FindingSummary with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *FindingSummary) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on FindingSummary with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in FindingSummaryMultiError, +// or nil if none found. +func (m *FindingSummary) ValidateAll() error { + return m.validate(true) +} + +func (m *FindingSummary) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Category + + // no validation rules for Severity + + // no validation rules for Title + + // no validation rules for Description + + // no validation rules for AggregateMetadata + + if len(errors) > 0 { + return FindingSummaryMultiError(errors) + } + + return nil +} + +// FindingSummaryMultiError is an error wrapping multiple validation errors +// returned by FindingSummary.ValidateAll() if the designated constraints +// aren't met. +type FindingSummaryMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m FindingSummaryMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m FindingSummaryMultiError) AllErrors() []error { return m } + +// FindingSummaryValidationError is the validation error returned by +// FindingSummary.Validate if the designated constraints aren't met. +type FindingSummaryValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e FindingSummaryValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e FindingSummaryValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e FindingSummaryValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e FindingSummaryValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e FindingSummaryValidationError) ErrorName() string { return "FindingSummaryValidationError" } + +// Error satisfies the builtin error interface +func (e FindingSummaryValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sFindingSummary.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = FindingSummaryValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = FindingSummaryValidationError{} + +// Validate checks the field values on EnrichedFinding with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *EnrichedFinding) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on EnrichedFinding with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// EnrichedFindingMultiError, or nil if none found. +func (m *EnrichedFinding) ValidateAll() error { + return m.validate(true) +} + +func (m *EnrichedFinding) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for EnrichedDescription + + // no validation rules for EnrichedRemediation + + if len(errors) > 0 { + return EnrichedFindingMultiError(errors) + } + + return nil +} + +// EnrichedFindingMultiError is an error wrapping multiple validation errors +// returned by EnrichedFinding.ValidateAll() if the designated constraints +// aren't met. +type EnrichedFindingMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m EnrichedFindingMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m EnrichedFindingMultiError) AllErrors() []error { return m } + +// EnrichedFindingValidationError is the validation error returned by +// EnrichedFinding.Validate if the designated constraints aren't met. +type EnrichedFindingValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e EnrichedFindingValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e EnrichedFindingValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e EnrichedFindingValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e EnrichedFindingValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e EnrichedFindingValidationError) ErrorName() string { return "EnrichedFindingValidationError" } + +// Error satisfies the builtin error interface +func (e EnrichedFindingValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sEnrichedFinding.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = EnrichedFindingValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = EnrichedFindingValidationError{} + +// Validate checks the field values on EnrichRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *EnrichRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on EnrichRequest with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in EnrichRequestMultiError, or +// nil if none found. +func (m *EnrichRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *EnrichRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + for idx, item := range m.GetFindings() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, EnrichRequestValidationError{ + field: fmt.Sprintf("Findings[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, EnrichRequestValidationError{ + field: fmt.Sprintf("Findings[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return EnrichRequestValidationError{ + field: fmt.Sprintf("Findings[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return EnrichRequestMultiError(errors) + } + + return nil +} + +// EnrichRequestMultiError is an error wrapping multiple validation errors +// returned by EnrichRequest.ValidateAll() if the designated constraints +// aren't met. +type EnrichRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m EnrichRequestMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m EnrichRequestMultiError) AllErrors() []error { return m } + +// EnrichRequestValidationError is the validation error returned by +// EnrichRequest.Validate if the designated constraints aren't met. +type EnrichRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e EnrichRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e EnrichRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e EnrichRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e EnrichRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e EnrichRequestValidationError) ErrorName() string { return "EnrichRequestValidationError" } + +// Error satisfies the builtin error interface +func (e EnrichRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sEnrichRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = EnrichRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = EnrichRequestValidationError{} + +// Validate checks the field values on EnrichResponse with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *EnrichResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on EnrichResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in EnrichResponseMultiError, +// or nil if none found. +func (m *EnrichResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *EnrichResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + for idx, item := range m.GetEnriched() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, EnrichResponseValidationError{ + field: fmt.Sprintf("Enriched[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, EnrichResponseValidationError{ + field: fmt.Sprintf("Enriched[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return EnrichResponseValidationError{ + field: fmt.Sprintf("Enriched[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return EnrichResponseMultiError(errors) + } + + return nil +} + +// EnrichResponseMultiError is an error wrapping multiple validation errors +// returned by EnrichResponse.ValidateAll() if the designated constraints +// aren't met. +type EnrichResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m EnrichResponseMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m EnrichResponseMultiError) AllErrors() []error { return m } + +// EnrichResponseValidationError is the validation error returned by +// EnrichResponse.Validate if the designated constraints aren't met. +type EnrichResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e EnrichResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e EnrichResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e EnrichResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e EnrichResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e EnrichResponseValidationError) ErrorName() string { return "EnrichResponseValidationError" } + +// Error satisfies the builtin error interface +func (e EnrichResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sEnrichResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = EnrichResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = EnrichResponseValidationError{} + +// Validate checks the field values on AnswerRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *AnswerRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on AnswerRequest with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in AnswerRequestMultiError, or +// nil if none found. +func (m *AnswerRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *AnswerRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Question + + // no validation rules for ContextSignals + + if len(errors) > 0 { + return AnswerRequestMultiError(errors) + } + + return nil +} + +// AnswerRequestMultiError is an error wrapping multiple validation errors +// returned by AnswerRequest.ValidateAll() if the designated constraints +// aren't met. +type AnswerRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m AnswerRequestMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m AnswerRequestMultiError) AllErrors() []error { return m } + +// AnswerRequestValidationError is the validation error returned by +// AnswerRequest.Validate if the designated constraints aren't met. +type AnswerRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e AnswerRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e AnswerRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e AnswerRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e AnswerRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e AnswerRequestValidationError) ErrorName() string { return "AnswerRequestValidationError" } + +// Error satisfies the builtin error interface +func (e AnswerRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sAnswerRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = AnswerRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = AnswerRequestValidationError{} + +// Validate checks the field values on AnswerResponse with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *AnswerResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on AnswerResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in AnswerResponseMultiError, +// or nil if none found. +func (m *AnswerResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *AnswerResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Answer + + if len(errors) > 0 { + return AnswerResponseMultiError(errors) + } + + return nil +} + +// AnswerResponseMultiError is an error wrapping multiple validation errors +// returned by AnswerResponse.ValidateAll() if the designated constraints +// aren't met. +type AnswerResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m AnswerResponseMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m AnswerResponseMultiError) AllErrors() []error { return m } + +// AnswerResponseValidationError is the validation error returned by +// AnswerResponse.Validate if the designated constraints aren't met. +type AnswerResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e AnswerResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e AnswerResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e AnswerResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e AnswerResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e AnswerResponseValidationError) ErrorName() string { return "AnswerResponseValidationError" } + +// Error satisfies the builtin error interface +func (e AnswerResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sAnswerResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = AnswerResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = AnswerResponseValidationError{} diff --git a/proto/plugin/llm/v1/llm.proto b/proto/plugin/llm/v1/llm.proto new file mode 100644 index 0000000..2d8d46b --- /dev/null +++ b/proto/plugin/llm/v1/llm.proto @@ -0,0 +1,52 @@ +syntax = "proto3"; + +package krypton.plugin.llm.v1; + +// LLM is the plugin interface for AI language-model backends used by the +// Advisor module. Only aggregate, privacy-safe statistics are ever transmitted — +// no key material, no key IDs, and no principal names. +service LLM { + // Enrich takes rule-engine findings (plain text, no sensitive data) and + // returns enriched descriptions and remediation steps. + rpc Enrich(EnrichRequest) returns (EnrichResponse); + + // Answer responds to a free-form question about key posture using only the + // supplied aggregate signals — no key material, no key IDs, no principal names. + rpc Answer(AnswerRequest) returns (AnswerResponse); +} + +// FindingSummary is a single rule-engine finding passed to the LLM for enrichment. +// Only aggregate metrics are included — never key material or key IDs. +message FindingSummary { + string category = 1; + string severity = 2; + string title = 3; + string description = 4; + // aggregate_metadata contains counts and names only (e.g. algorithm="AES-256", count="12"). + map aggregate_metadata = 5; +} + +// EnrichedFinding contains LLM-enhanced descriptions for a single finding. +message EnrichedFinding { + string enriched_description = 1; + string enriched_remediation = 2; +} + +message EnrichRequest { + repeated FindingSummary findings = 1; +} + +message EnrichResponse { + repeated EnrichedFinding enriched = 1; +} + +// AnswerRequest carries a free-form question and aggregate context signals. +// context_signals must contain only counts and names — never key material. +message AnswerRequest { + string question = 1; + map context_signals = 2; +} + +message AnswerResponse { + string answer = 1; +} diff --git a/proto/plugin/llm/v1/llm_ext_plugin.pb.go b/proto/plugin/llm/v1/llm_ext_plugin.pb.go new file mode 100644 index 0000000..45daed2 --- /dev/null +++ b/proto/plugin/llm/v1/llm_ext_plugin.pb.go @@ -0,0 +1,56 @@ +// Code generated by protoc-gen-go-extension. DO NOT EDIT. + +package llmv1 + +import ( + grpc "google.golang.org/grpc" + + api "github.com/openkcm/plugin-sdk/api" +) + +const ( + Type = "LLM" + GRPCServiceFullName = "krypton.plugin.llm.v1.LLM" +) + +func LLMPluginServer(server LLMServer) api.PluginServer { + return lLMPluginServer{LLMServer: server} +} + +type lLMPluginServer struct { + LLMServer +} + +func (s lLMPluginServer) Type() string { + return Type +} + +func (s lLMPluginServer) GRPCServiceName() string { + return GRPCServiceFullName +} + +func (s lLMPluginServer) RegisterServer(server *grpc.Server) any { + RegisterLLMServer(server, s.LLMServer) + return s.LLMServer +} + +type LLMPluginClient struct { + LLMClient +} + +func (s LLMPluginClient) Type() string { + return Type +} + +func (c *LLMPluginClient) IsInitialized() bool { + return c.LLMClient != nil +} + +func (c *LLMPluginClient) GRPCServiceName() string { + return GRPCServiceFullName +} + +func (c *LLMPluginClient) InitClient(conn grpc.ClientConnInterface) any { + c.LLMClient = NewLLMClient(conn) + return c.LLMClient +} diff --git a/proto/plugin/llm/v1/llm_grpc.pb.go b/proto/plugin/llm/v1/llm_grpc.pb.go new file mode 100644 index 0000000..70ce9a4 --- /dev/null +++ b/proto/plugin/llm/v1/llm_grpc.pb.go @@ -0,0 +1,176 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.6.1 +// - protoc (unknown) +// source: plugin/llm/v1/llm.proto + +package llmv1 + +import ( + context "context" + + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + LLM_Enrich_FullMethodName = "/krypton.plugin.llm.v1.LLM/Enrich" + LLM_Answer_FullMethodName = "/krypton.plugin.llm.v1.LLM/Answer" +) + +// LLMClient is the client API for LLM service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +// +// LLM is the plugin interface for AI language-model backends used by the +// Advisor module. Only aggregate, privacy-safe statistics are ever transmitted — +// no key material, no key IDs, and no principal names. +type LLMClient interface { + // Enrich takes rule-engine findings (plain text, no sensitive data) and + // returns enriched descriptions and remediation steps. + Enrich(ctx context.Context, in *EnrichRequest, opts ...grpc.CallOption) (*EnrichResponse, error) + // Answer responds to a free-form question about key posture using only the + // supplied aggregate signals — no key material, no key IDs, no principal names. + Answer(ctx context.Context, in *AnswerRequest, opts ...grpc.CallOption) (*AnswerResponse, error) +} + +type lLMClient struct { + cc grpc.ClientConnInterface +} + +func NewLLMClient(cc grpc.ClientConnInterface) LLMClient { + return &lLMClient{cc} +} + +func (c *lLMClient) Enrich(ctx context.Context, in *EnrichRequest, opts ...grpc.CallOption) (*EnrichResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(EnrichResponse) + err := c.cc.Invoke(ctx, LLM_Enrich_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *lLMClient) Answer(ctx context.Context, in *AnswerRequest, opts ...grpc.CallOption) (*AnswerResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(AnswerResponse) + err := c.cc.Invoke(ctx, LLM_Answer_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +// LLMServer is the server API for LLM service. +// All implementations must embed UnimplementedLLMServer +// for forward compatibility. +// +// LLM is the plugin interface for AI language-model backends used by the +// Advisor module. Only aggregate, privacy-safe statistics are ever transmitted — +// no key material, no key IDs, and no principal names. +type LLMServer interface { + // Enrich takes rule-engine findings (plain text, no sensitive data) and + // returns enriched descriptions and remediation steps. + Enrich(context.Context, *EnrichRequest) (*EnrichResponse, error) + // Answer responds to a free-form question about key posture using only the + // supplied aggregate signals — no key material, no key IDs, no principal names. + Answer(context.Context, *AnswerRequest) (*AnswerResponse, error) + mustEmbedUnimplementedLLMServer() +} + +// UnimplementedLLMServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedLLMServer struct{} + +func (UnimplementedLLMServer) Enrich(context.Context, *EnrichRequest) (*EnrichResponse, error) { + return nil, status.Error(codes.Unimplemented, "method Enrich not implemented") +} +func (UnimplementedLLMServer) Answer(context.Context, *AnswerRequest) (*AnswerResponse, error) { + return nil, status.Error(codes.Unimplemented, "method Answer not implemented") +} +func (UnimplementedLLMServer) mustEmbedUnimplementedLLMServer() {} +func (UnimplementedLLMServer) testEmbeddedByValue() {} + +// UnsafeLLMServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to LLMServer will +// result in compilation errors. +type UnsafeLLMServer interface { + mustEmbedUnimplementedLLMServer() +} + +func RegisterLLMServer(s grpc.ServiceRegistrar, srv LLMServer) { + // If the following call panics, it indicates UnimplementedLLMServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&LLM_ServiceDesc, srv) +} + +func _LLM_Enrich_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(EnrichRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(LLMServer).Enrich(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: LLM_Enrich_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(LLMServer).Enrich(ctx, req.(*EnrichRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _LLM_Answer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(AnswerRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(LLMServer).Answer(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: LLM_Answer_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(LLMServer).Answer(ctx, req.(*AnswerRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// LLM_ServiceDesc is the grpc.ServiceDesc for LLM service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var LLM_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "krypton.plugin.llm.v1.LLM", + HandlerType: (*LLMServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Enrich", + Handler: _LLM_Enrich_Handler, + }, + { + MethodName: "Answer", + Handler: _LLM_Answer_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "plugin/llm/v1/llm.proto", +} diff --git a/proto/plugin/notification/v1/notification_ext_plugin.pb.go b/proto/plugin/notification/v1/notification_ext_plugin.pb.go index dd6783a..5e56ebd 100644 --- a/proto/plugin/notification/v1/notification_ext_plugin.pb.go +++ b/proto/plugin/notification/v1/notification_ext_plugin.pb.go @@ -9,7 +9,7 @@ import ( ) const ( - Type = "NotificationService" + Type = "Notification" GRPCServiceFullName = "plugin.notification.v1.NotificationService" ) diff --git a/proto/plugin/resources/v1/ast.pb.go b/proto/plugin/resources/v1/ast.pb.go new file mode 100644 index 0000000..d3fb9a8 --- /dev/null +++ b/proto/plugin/resources/v1/ast.pb.go @@ -0,0 +1,2227 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.11 +// protoc (unknown) +// source: plugin/resources/v1/ast.proto + +package reconcilerv1 + +import ( + reflect "reflect" + sync "sync" + unsafe "unsafe" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + structpb "google.golang.org/protobuf/types/known/structpb" + timestamppb "google.golang.org/protobuf/types/known/timestamppb" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// ExecutionPlan is the root of the AST returned by a plugin's Reconcile call. +// It describes every operation Krypton core must execute to drive the custom +// resource to its desired state. Core is the sole executor — the plugin never +// touches keys, state, or the database directly. +type ExecutionPlan struct { + state protoimpl.MessageState `protogen:"open.v1"` + // plan_id identifies this plan for tracing. Recommended: echo the operation ID. + PlanId string `protobuf:"bytes,1,opt,name=plan_id,json=planId,proto3" json:"plan_id,omitempty"` + // root is the root node of the execution tree. + Root *ASTNode `protobuf:"bytes,2,opt,name=root,proto3" json:"root,omitempty"` + // bindings are pre-declared variables available to every node in the plan. + // Use them to pass tenant_id, api_group, external IDs, or any other values + // the plugin resolved during planning and wants to thread through execution. + Bindings map[string]string `protobuf:"bytes,3,rep,name=bindings,proto3" json:"bindings,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ExecutionPlan) Reset() { + *x = ExecutionPlan{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ExecutionPlan) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ExecutionPlan) ProtoMessage() {} + +func (x *ExecutionPlan) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ExecutionPlan.ProtoReflect.Descriptor instead. +func (*ExecutionPlan) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{0} +} + +func (x *ExecutionPlan) GetPlanId() string { + if x != nil { + return x.PlanId + } + return "" +} + +func (x *ExecutionPlan) GetRoot() *ASTNode { + if x != nil { + return x.Root + } + return nil +} + +func (x *ExecutionPlan) GetBindings() map[string]string { + if x != nil { + return x.Bindings + } + return nil +} + +type ASTNode struct { + state protoimpl.MessageState `protogen:"open.v1"` + // node_id is an optional stable identifier used for checkpoint persistence. + // When set, the executor stores progress so retries resume from here. + // Must be stable across retries (use a semantic name, not a random UUID). + NodeId string `protobuf:"bytes,1,opt,name=node_id,json=nodeId,proto3" json:"node_id,omitempty"` + // label is a human-readable description surfaced in logs and audit events. + Label string `protobuf:"bytes,2,opt,name=label,proto3" json:"label,omitempty"` + // result_var, when non-empty, binds the primary string output of this node + // (typically a provisioned key ID) into the execution state so downstream + // nodes can reference it via ValueRef.var_ref. + ResultVar string `protobuf:"bytes,3,opt,name=result_var,json=resultVar,proto3" json:"result_var,omitempty"` + // Types that are valid to be assigned to Node: + // + // *ASTNode_Sequence + // *ASTNode_Parallel + // *ASTNode_Conditional + // *ASTNode_TryCatch + // *ASTNode_Checkpoint + // *ASTNode_Assert + // *ASTNode_KeySync + // *ASTNode_KeyDelete + // *ASTNode_KeyTransition + // *ASTNode_KeyRotate + // *ASTNode_KeySchedule + // *ASTNode_CredentialSync + // *ASTNode_CredentialDelete + // *ASTNode_Bind + // *ASTNode_Emit + Node isASTNode_Node `protobuf_oneof:"node"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ASTNode) Reset() { + *x = ASTNode{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ASTNode) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ASTNode) ProtoMessage() {} + +func (x *ASTNode) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ASTNode.ProtoReflect.Descriptor instead. +func (*ASTNode) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{1} +} + +func (x *ASTNode) GetNodeId() string { + if x != nil { + return x.NodeId + } + return "" +} + +func (x *ASTNode) GetLabel() string { + if x != nil { + return x.Label + } + return "" +} + +func (x *ASTNode) GetResultVar() string { + if x != nil { + return x.ResultVar + } + return "" +} + +func (x *ASTNode) GetNode() isASTNode_Node { + if x != nil { + return x.Node + } + return nil +} + +func (x *ASTNode) GetSequence() *SequenceNode { + if x != nil { + if x, ok := x.Node.(*ASTNode_Sequence); ok { + return x.Sequence + } + } + return nil +} + +func (x *ASTNode) GetParallel() *ParallelNode { + if x != nil { + if x, ok := x.Node.(*ASTNode_Parallel); ok { + return x.Parallel + } + } + return nil +} + +func (x *ASTNode) GetConditional() *ConditionalNode { + if x != nil { + if x, ok := x.Node.(*ASTNode_Conditional); ok { + return x.Conditional + } + } + return nil +} + +func (x *ASTNode) GetTryCatch() *TryCatchNode { + if x != nil { + if x, ok := x.Node.(*ASTNode_TryCatch); ok { + return x.TryCatch + } + } + return nil +} + +func (x *ASTNode) GetCheckpoint() *CheckpointNode { + if x != nil { + if x, ok := x.Node.(*ASTNode_Checkpoint); ok { + return x.Checkpoint + } + } + return nil +} + +func (x *ASTNode) GetAssert() *AssertNode { + if x != nil { + if x, ok := x.Node.(*ASTNode_Assert); ok { + return x.Assert + } + } + return nil +} + +func (x *ASTNode) GetKeySync() *KeySyncNode { + if x != nil { + if x, ok := x.Node.(*ASTNode_KeySync); ok { + return x.KeySync + } + } + return nil +} + +func (x *ASTNode) GetKeyDelete() *KeyDeleteNode { + if x != nil { + if x, ok := x.Node.(*ASTNode_KeyDelete); ok { + return x.KeyDelete + } + } + return nil +} + +func (x *ASTNode) GetKeyTransition() *KeyTransitionNode { + if x != nil { + if x, ok := x.Node.(*ASTNode_KeyTransition); ok { + return x.KeyTransition + } + } + return nil +} + +func (x *ASTNode) GetKeyRotate() *KeyRotateNode { + if x != nil { + if x, ok := x.Node.(*ASTNode_KeyRotate); ok { + return x.KeyRotate + } + } + return nil +} + +func (x *ASTNode) GetKeySchedule() *KeyScheduleNode { + if x != nil { + if x, ok := x.Node.(*ASTNode_KeySchedule); ok { + return x.KeySchedule + } + } + return nil +} + +func (x *ASTNode) GetCredentialSync() *CredentialSyncNode { + if x != nil { + if x, ok := x.Node.(*ASTNode_CredentialSync); ok { + return x.CredentialSync + } + } + return nil +} + +func (x *ASTNode) GetCredentialDelete() *CredentialDeleteNode { + if x != nil { + if x, ok := x.Node.(*ASTNode_CredentialDelete); ok { + return x.CredentialDelete + } + } + return nil +} + +func (x *ASTNode) GetBind() *BindNode { + if x != nil { + if x, ok := x.Node.(*ASTNode_Bind); ok { + return x.Bind + } + } + return nil +} + +func (x *ASTNode) GetEmit() *EmitNode { + if x != nil { + if x, ok := x.Node.(*ASTNode_Emit); ok { + return x.Emit + } + } + return nil +} + +type isASTNode_Node interface { + isASTNode_Node() +} + +type ASTNode_Sequence struct { + // ── Control flow ────────────────────────────────────────── + Sequence *SequenceNode `protobuf:"bytes,10,opt,name=sequence,proto3,oneof"` +} + +type ASTNode_Parallel struct { + Parallel *ParallelNode `protobuf:"bytes,11,opt,name=parallel,proto3,oneof"` +} + +type ASTNode_Conditional struct { + Conditional *ConditionalNode `protobuf:"bytes,12,opt,name=conditional,proto3,oneof"` +} + +type ASTNode_TryCatch struct { + TryCatch *TryCatchNode `protobuf:"bytes,13,opt,name=try_catch,json=tryCatch,proto3,oneof"` +} + +type ASTNode_Checkpoint struct { + // ── Checkpoint ──────────────────────────────────────────── + // Persists progress at this point; uses node_id as the checkpoint name. + Checkpoint *CheckpointNode `protobuf:"bytes,14,opt,name=checkpoint,proto3,oneof"` +} + +type ASTNode_Assert struct { + // ── Assertions / pre-conditions ─────────────────────────── + // Fails the plan with error_message if the predicate is false. + Assert *AssertNode `protobuf:"bytes,20,opt,name=assert,proto3,oneof"` +} + +type ASTNode_KeySync struct { + // ── Key lifecycle ───────────────────────────────────────── + KeySync *KeySyncNode `protobuf:"bytes,30,opt,name=key_sync,json=keySync,proto3,oneof"` // create or idempotently update +} + +type ASTNode_KeyDelete struct { + KeyDelete *KeyDeleteNode `protobuf:"bytes,31,opt,name=key_delete,json=keyDelete,proto3,oneof"` // destroy key material +} + +type ASTNode_KeyTransition struct { + KeyTransition *KeyTransitionNode `protobuf:"bytes,32,opt,name=key_transition,json=keyTransition,proto3,oneof"` // explicit lifecycle state change +} + +type ASTNode_KeyRotate struct { + KeyRotate *KeyRotateNode `protobuf:"bytes,33,opt,name=key_rotate,json=keyRotate,proto3,oneof"` // generate new key material (forced rotation) +} + +type ASTNode_KeySchedule struct { + KeySchedule *KeyScheduleNode `protobuf:"bytes,34,opt,name=key_schedule,json=keySchedule,proto3,oneof"` // set expiry / scheduled transition +} + +type ASTNode_CredentialSync struct { + // ── Credential lifecycle ─────────────────────────────────── + CredentialSync *CredentialSyncNode `protobuf:"bytes,40,opt,name=credential_sync,json=credentialSync,proto3,oneof"` +} + +type ASTNode_CredentialDelete struct { + CredentialDelete *CredentialDeleteNode `protobuf:"bytes,41,opt,name=credential_delete,json=credentialDelete,proto3,oneof"` +} + +type ASTNode_Bind struct { + // ── Utility ─────────────────────────────────────────────── + Bind *BindNode `protobuf:"bytes,60,opt,name=bind,proto3,oneof"` // set a variable in execution state +} + +type ASTNode_Emit struct { + Emit *EmitNode `protobuf:"bytes,61,opt,name=emit,proto3,oneof"` // write a custom audit event +} + +func (*ASTNode_Sequence) isASTNode_Node() {} + +func (*ASTNode_Parallel) isASTNode_Node() {} + +func (*ASTNode_Conditional) isASTNode_Node() {} + +func (*ASTNode_TryCatch) isASTNode_Node() {} + +func (*ASTNode_Checkpoint) isASTNode_Node() {} + +func (*ASTNode_Assert) isASTNode_Node() {} + +func (*ASTNode_KeySync) isASTNode_Node() {} + +func (*ASTNode_KeyDelete) isASTNode_Node() {} + +func (*ASTNode_KeyTransition) isASTNode_Node() {} + +func (*ASTNode_KeyRotate) isASTNode_Node() {} + +func (*ASTNode_KeySchedule) isASTNode_Node() {} + +func (*ASTNode_CredentialSync) isASTNode_Node() {} + +func (*ASTNode_CredentialDelete) isASTNode_Node() {} + +func (*ASTNode_Bind) isASTNode_Node() {} + +func (*ASTNode_Emit) isASTNode_Node() {} + +// SequenceNode runs steps in order; the first error aborts the remainder +// and triggers rollback of already-executed steps (same as Pipeline). +type SequenceNode struct { + state protoimpl.MessageState `protogen:"open.v1"` + Steps []*ASTNode `protobuf:"bytes,1,rep,name=steps,proto3" json:"steps,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *SequenceNode) Reset() { + *x = SequenceNode{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *SequenceNode) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SequenceNode) ProtoMessage() {} + +func (x *SequenceNode) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SequenceNode.ProtoReflect.Descriptor instead. +func (*SequenceNode) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{2} +} + +func (x *SequenceNode) GetSteps() []*ASTNode { + if x != nil { + return x.Steps + } + return nil +} + +// ParallelNode fans steps out concurrently. +// When fail_fast = true a single error cancels the remaining goroutines. +type ParallelNode struct { + state protoimpl.MessageState `protogen:"open.v1"` + Steps []*ASTNode `protobuf:"bytes,1,rep,name=steps,proto3" json:"steps,omitempty"` + FailFast bool `protobuf:"varint,2,opt,name=fail_fast,json=failFast,proto3" json:"fail_fast,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ParallelNode) Reset() { + *x = ParallelNode{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ParallelNode) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ParallelNode) ProtoMessage() {} + +func (x *ParallelNode) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ParallelNode.ProtoReflect.Descriptor instead. +func (*ParallelNode) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{3} +} + +func (x *ParallelNode) GetSteps() []*ASTNode { + if x != nil { + return x.Steps + } + return nil +} + +func (x *ParallelNode) GetFailFast() bool { + if x != nil { + return x.FailFast + } + return false +} + +// ConditionalNode evaluates a runtime predicate and executes exactly one branch. +type ConditionalNode struct { + state protoimpl.MessageState `protogen:"open.v1"` + Condition *Predicate `protobuf:"bytes,1,opt,name=condition,proto3" json:"condition,omitempty"` + ThenNode *ASTNode `protobuf:"bytes,2,opt,name=then_node,json=thenNode,proto3" json:"then_node,omitempty"` + ElseNode *ASTNode `protobuf:"bytes,3,opt,name=else_node,json=elseNode,proto3" json:"else_node,omitempty"` // optional — omit for pure guard + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ConditionalNode) Reset() { + *x = ConditionalNode{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ConditionalNode) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ConditionalNode) ProtoMessage() {} + +func (x *ConditionalNode) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ConditionalNode.ProtoReflect.Descriptor instead. +func (*ConditionalNode) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{4} +} + +func (x *ConditionalNode) GetCondition() *Predicate { + if x != nil { + return x.Condition + } + return nil +} + +func (x *ConditionalNode) GetThenNode() *ASTNode { + if x != nil { + return x.ThenNode + } + return nil +} + +func (x *ConditionalNode) GetElseNode() *ASTNode { + if x != nil { + return x.ElseNode + } + return nil +} + +// TryCatchNode executes try_node; on any error executes catch_node instead. +// Useful for compensating transactions and optional / best-effort steps. +type TryCatchNode struct { + state protoimpl.MessageState `protogen:"open.v1"` + TryNode *ASTNode `protobuf:"bytes,1,opt,name=try_node,json=tryNode,proto3" json:"try_node,omitempty"` + CatchNode *ASTNode `protobuf:"bytes,2,opt,name=catch_node,json=catchNode,proto3" json:"catch_node,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *TryCatchNode) Reset() { + *x = TryCatchNode{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *TryCatchNode) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TryCatchNode) ProtoMessage() {} + +func (x *TryCatchNode) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TryCatchNode.ProtoReflect.Descriptor instead. +func (*TryCatchNode) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{5} +} + +func (x *TryCatchNode) GetTryNode() *ASTNode { + if x != nil { + return x.TryNode + } + return nil +} + +func (x *TryCatchNode) GetCatchNode() *ASTNode { + if x != nil { + return x.CatchNode + } + return nil +} + +// CheckpointNode persists the current execution position so retries skip +// completed steps. Uses the parent ASTNode.node_id as the checkpoint name. +type CheckpointNode struct { + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *CheckpointNode) Reset() { + *x = CheckpointNode{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *CheckpointNode) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CheckpointNode) ProtoMessage() {} + +func (x *CheckpointNode) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[6] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CheckpointNode.ProtoReflect.Descriptor instead. +func (*CheckpointNode) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{6} +} + +type AssertNode struct { + state protoimpl.MessageState `protogen:"open.v1"` + Condition *Predicate `protobuf:"bytes,1,opt,name=condition,proto3" json:"condition,omitempty"` + ErrorMessage string `protobuf:"bytes,2,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *AssertNode) Reset() { + *x = AssertNode{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *AssertNode) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AssertNode) ProtoMessage() {} + +func (x *AssertNode) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[7] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AssertNode.ProtoReflect.Descriptor instead. +func (*AssertNode) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{7} +} + +func (x *AssertNode) GetCondition() *Predicate { + if x != nil { + return x.Condition + } + return nil +} + +func (x *AssertNode) GetErrorMessage() string { + if x != nil { + return x.ErrorMessage + } + return "" +} + +// Predicate is a composable boolean expression resolved against live Krypton +// state at execution time. Core owns all state reads; the plugin only declares +// what must be true. +type Predicate struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Types that are valid to be assigned to Expr: + // + // *Predicate_KeyExists + // *Predicate_KeyState + // *Predicate_TenantActive + // *Predicate_CredentialExists + // *Predicate_And + // *Predicate_Or + // *Predicate_Not + Expr isPredicate_Expr `protobuf_oneof:"expr"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Predicate) Reset() { + *x = Predicate{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Predicate) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Predicate) ProtoMessage() {} + +func (x *Predicate) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[8] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Predicate.ProtoReflect.Descriptor instead. +func (*Predicate) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{8} +} + +func (x *Predicate) GetExpr() isPredicate_Expr { + if x != nil { + return x.Expr + } + return nil +} + +func (x *Predicate) GetKeyExists() *KeyExistsPredicate { + if x != nil { + if x, ok := x.Expr.(*Predicate_KeyExists); ok { + return x.KeyExists + } + } + return nil +} + +func (x *Predicate) GetKeyState() *KeyStatePredicate { + if x != nil { + if x, ok := x.Expr.(*Predicate_KeyState); ok { + return x.KeyState + } + } + return nil +} + +func (x *Predicate) GetTenantActive() *TenantActivePredicate { + if x != nil { + if x, ok := x.Expr.(*Predicate_TenantActive); ok { + return x.TenantActive + } + } + return nil +} + +func (x *Predicate) GetCredentialExists() *CredentialExistsPredicate { + if x != nil { + if x, ok := x.Expr.(*Predicate_CredentialExists); ok { + return x.CredentialExists + } + } + return nil +} + +func (x *Predicate) GetAnd() *AndPredicate { + if x != nil { + if x, ok := x.Expr.(*Predicate_And); ok { + return x.And + } + } + return nil +} + +func (x *Predicate) GetOr() *OrPredicate { + if x != nil { + if x, ok := x.Expr.(*Predicate_Or); ok { + return x.Or + } + } + return nil +} + +func (x *Predicate) GetNot() *NotPredicate { + if x != nil { + if x, ok := x.Expr.(*Predicate_Not); ok { + return x.Not + } + } + return nil +} + +type isPredicate_Expr interface { + isPredicate_Expr() +} + +type Predicate_KeyExists struct { + KeyExists *KeyExistsPredicate `protobuf:"bytes,1,opt,name=key_exists,json=keyExists,proto3,oneof"` +} + +type Predicate_KeyState struct { + KeyState *KeyStatePredicate `protobuf:"bytes,2,opt,name=key_state,json=keyState,proto3,oneof"` +} + +type Predicate_TenantActive struct { + TenantActive *TenantActivePredicate `protobuf:"bytes,3,opt,name=tenant_active,json=tenantActive,proto3,oneof"` +} + +type Predicate_CredentialExists struct { + CredentialExists *CredentialExistsPredicate `protobuf:"bytes,4,opt,name=credential_exists,json=credentialExists,proto3,oneof"` +} + +type Predicate_And struct { + // Logical combinators + And *AndPredicate `protobuf:"bytes,10,opt,name=and,proto3,oneof"` +} + +type Predicate_Or struct { + Or *OrPredicate `protobuf:"bytes,11,opt,name=or,proto3,oneof"` +} + +type Predicate_Not struct { + Not *NotPredicate `protobuf:"bytes,12,opt,name=not,proto3,oneof"` +} + +func (*Predicate_KeyExists) isPredicate_Expr() {} + +func (*Predicate_KeyState) isPredicate_Expr() {} + +func (*Predicate_TenantActive) isPredicate_Expr() {} + +func (*Predicate_CredentialExists) isPredicate_Expr() {} + +func (*Predicate_And) isPredicate_Expr() {} + +func (*Predicate_Or) isPredicate_Expr() {} + +func (*Predicate_Not) isPredicate_Expr() {} + +type KeyExistsPredicate struct { + state protoimpl.MessageState `protogen:"open.v1"` + Tier *ValueRef `protobuf:"bytes,1,opt,name=tier,proto3" json:"tier,omitempty"` + KeyName *ValueRef `protobuf:"bytes,2,opt,name=key_name,json=keyName,proto3" json:"key_name,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *KeyExistsPredicate) Reset() { + *x = KeyExistsPredicate{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *KeyExistsPredicate) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KeyExistsPredicate) ProtoMessage() {} + +func (x *KeyExistsPredicate) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[9] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KeyExistsPredicate.ProtoReflect.Descriptor instead. +func (*KeyExistsPredicate) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{9} +} + +func (x *KeyExistsPredicate) GetTier() *ValueRef { + if x != nil { + return x.Tier + } + return nil +} + +func (x *KeyExistsPredicate) GetKeyName() *ValueRef { + if x != nil { + return x.KeyName + } + return nil +} + +type KeyStatePredicate struct { + state protoimpl.MessageState `protogen:"open.v1"` + Tier *ValueRef `protobuf:"bytes,1,opt,name=tier,proto3" json:"tier,omitempty"` + KeyName *ValueRef `protobuf:"bytes,2,opt,name=key_name,json=keyName,proto3" json:"key_name,omitempty"` + // allowed_states is an OR list — matches if the key is in ANY of these states. + // Valid values: PRE_ACTIVATION, ACTIVE, SUSPENDED, DEACTIVATED, COMPROMISED, + // + // PENDING_DESTROYING, DESTROYED. + AllowedStates []string `protobuf:"bytes,3,rep,name=allowed_states,json=allowedStates,proto3" json:"allowed_states,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *KeyStatePredicate) Reset() { + *x = KeyStatePredicate{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *KeyStatePredicate) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KeyStatePredicate) ProtoMessage() {} + +func (x *KeyStatePredicate) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[10] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KeyStatePredicate.ProtoReflect.Descriptor instead. +func (*KeyStatePredicate) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{10} +} + +func (x *KeyStatePredicate) GetTier() *ValueRef { + if x != nil { + return x.Tier + } + return nil +} + +func (x *KeyStatePredicate) GetKeyName() *ValueRef { + if x != nil { + return x.KeyName + } + return nil +} + +func (x *KeyStatePredicate) GetAllowedStates() []string { + if x != nil { + return x.AllowedStates + } + return nil +} + +type TenantActivePredicate struct { + state protoimpl.MessageState `protogen:"open.v1"` + TenantId *ValueRef `protobuf:"bytes,1,opt,name=tenant_id,json=tenantId,proto3" json:"tenant_id,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *TenantActivePredicate) Reset() { + *x = TenantActivePredicate{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *TenantActivePredicate) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TenantActivePredicate) ProtoMessage() {} + +func (x *TenantActivePredicate) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[11] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TenantActivePredicate.ProtoReflect.Descriptor instead. +func (*TenantActivePredicate) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{11} +} + +func (x *TenantActivePredicate) GetTenantId() *ValueRef { + if x != nil { + return x.TenantId + } + return nil +} + +type CredentialExistsPredicate struct { + state protoimpl.MessageState `protogen:"open.v1"` + Name *ValueRef `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *CredentialExistsPredicate) Reset() { + *x = CredentialExistsPredicate{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *CredentialExistsPredicate) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CredentialExistsPredicate) ProtoMessage() {} + +func (x *CredentialExistsPredicate) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[12] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CredentialExistsPredicate.ProtoReflect.Descriptor instead. +func (*CredentialExistsPredicate) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{12} +} + +func (x *CredentialExistsPredicate) GetName() *ValueRef { + if x != nil { + return x.Name + } + return nil +} + +type AndPredicate struct { + state protoimpl.MessageState `protogen:"open.v1"` + Terms []*Predicate `protobuf:"bytes,1,rep,name=terms,proto3" json:"terms,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *AndPredicate) Reset() { + *x = AndPredicate{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *AndPredicate) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AndPredicate) ProtoMessage() {} + +func (x *AndPredicate) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[13] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AndPredicate.ProtoReflect.Descriptor instead. +func (*AndPredicate) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{13} +} + +func (x *AndPredicate) GetTerms() []*Predicate { + if x != nil { + return x.Terms + } + return nil +} + +type OrPredicate struct { + state protoimpl.MessageState `protogen:"open.v1"` + Terms []*Predicate `protobuf:"bytes,1,rep,name=terms,proto3" json:"terms,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *OrPredicate) Reset() { + *x = OrPredicate{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[14] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *OrPredicate) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*OrPredicate) ProtoMessage() {} + +func (x *OrPredicate) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[14] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use OrPredicate.ProtoReflect.Descriptor instead. +func (*OrPredicate) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{14} +} + +func (x *OrPredicate) GetTerms() []*Predicate { + if x != nil { + return x.Terms + } + return nil +} + +type NotPredicate struct { + state protoimpl.MessageState `protogen:"open.v1"` + Term *Predicate `protobuf:"bytes,1,opt,name=term,proto3" json:"term,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *NotPredicate) Reset() { + *x = NotPredicate{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[15] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *NotPredicate) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*NotPredicate) ProtoMessage() {} + +func (x *NotPredicate) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[15] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use NotPredicate.ProtoReflect.Descriptor instead. +func (*NotPredicate) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{15} +} + +func (x *NotPredicate) GetTerm() *Predicate { + if x != nil { + return x.Term + } + return nil +} + +// ValueRef resolves to a string at runtime. +// Use literal for constants known at plan time. +// Use var_ref to read a value set by a previous node's result_var or by +// ExecutionPlan.bindings. +type ValueRef struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Types that are valid to be assigned to Kind: + // + // *ValueRef_Literal + // *ValueRef_VarRef + Kind isValueRef_Kind `protobuf_oneof:"kind"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ValueRef) Reset() { + *x = ValueRef{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[16] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ValueRef) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ValueRef) ProtoMessage() {} + +func (x *ValueRef) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[16] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ValueRef.ProtoReflect.Descriptor instead. +func (*ValueRef) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{16} +} + +func (x *ValueRef) GetKind() isValueRef_Kind { + if x != nil { + return x.Kind + } + return nil +} + +func (x *ValueRef) GetLiteral() string { + if x != nil { + if x, ok := x.Kind.(*ValueRef_Literal); ok { + return x.Literal + } + } + return "" +} + +func (x *ValueRef) GetVarRef() string { + if x != nil { + if x, ok := x.Kind.(*ValueRef_VarRef); ok { + return x.VarRef + } + } + return "" +} + +type isValueRef_Kind interface { + isValueRef_Kind() +} + +type ValueRef_Literal struct { + Literal string `protobuf:"bytes,1,opt,name=literal,proto3,oneof"` +} + +type ValueRef_VarRef struct { + VarRef string `protobuf:"bytes,2,opt,name=var_ref,json=varRef,proto3,oneof"` +} + +func (*ValueRef_Literal) isValueRef_Kind() {} + +func (*ValueRef_VarRef) isValueRef_Kind() {} + +// KeySyncNode provisions a key at the given tier, or is a no-op if the key +// already exists (idempotent). Core wraps the key under parent_key using the +// configured tier hierarchy. On success, result_var receives the key ULID. +type KeySyncNode struct { + state protoimpl.MessageState `protogen:"open.v1"` + // tier is the Krypton tier name as declared in key-hierarchy config, + // e.g. "l2-domain", "l3-service", "l4-data". + Tier *ValueRef `protobuf:"bytes,1,opt,name=tier,proto3" json:"tier,omitempty"` + // key_name is the logical name scoped to the tenant. + KeyName *ValueRef `protobuf:"bytes,2,opt,name=key_name,json=keyName,proto3" json:"key_name,omitempty"` + // parent_key is the name of the wrapping key one tier above. + // Required for all tiers except L1 root keys. + ParentKey *ValueRef `protobuf:"bytes,3,opt,name=parent_key,json=parentKey,proto3" json:"parent_key,omitempty"` + // schedule, when set, is applied immediately after provisioning. + Schedule *KeyScheduleSpec `protobuf:"bytes,4,opt,name=schedule,proto3" json:"schedule,omitempty"` + // metadata is attached to the key record after successful provisioning. + Metadata map[string]string `protobuf:"bytes,5,rep,name=metadata,proto3" json:"metadata,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *KeySyncNode) Reset() { + *x = KeySyncNode{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[17] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *KeySyncNode) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KeySyncNode) ProtoMessage() {} + +func (x *KeySyncNode) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[17] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KeySyncNode.ProtoReflect.Descriptor instead. +func (*KeySyncNode) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{17} +} + +func (x *KeySyncNode) GetTier() *ValueRef { + if x != nil { + return x.Tier + } + return nil +} + +func (x *KeySyncNode) GetKeyName() *ValueRef { + if x != nil { + return x.KeyName + } + return nil +} + +func (x *KeySyncNode) GetParentKey() *ValueRef { + if x != nil { + return x.ParentKey + } + return nil +} + +func (x *KeySyncNode) GetSchedule() *KeyScheduleSpec { + if x != nil { + return x.Schedule + } + return nil +} + +func (x *KeySyncNode) GetMetadata() map[string]string { + if x != nil { + return x.Metadata + } + return nil +} + +// KeyDeleteNode destroys key material and all version lineages. +// Core enforces that no child keys exist before allowing deletion. +type KeyDeleteNode struct { + state protoimpl.MessageState `protogen:"open.v1"` + Tier *ValueRef `protobuf:"bytes,1,opt,name=tier,proto3" json:"tier,omitempty"` + KeyName *ValueRef `protobuf:"bytes,2,opt,name=key_name,json=keyName,proto3" json:"key_name,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *KeyDeleteNode) Reset() { + *x = KeyDeleteNode{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[18] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *KeyDeleteNode) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KeyDeleteNode) ProtoMessage() {} + +func (x *KeyDeleteNode) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[18] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KeyDeleteNode.ProtoReflect.Descriptor instead. +func (*KeyDeleteNode) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{18} +} + +func (x *KeyDeleteNode) GetTier() *ValueRef { + if x != nil { + return x.Tier + } + return nil +} + +func (x *KeyDeleteNode) GetKeyName() *ValueRef { + if x != nil { + return x.KeyName + } + return nil +} + +// KeyTransitionNode explicitly moves a key to a target lifecycle state. +// Valid target_state values: PRE_ACTIVATION, ACTIVE, SUSPENDED, DEACTIVATED, +// +// COMPROMISED, PENDING_DESTROYING, DESTROYED. +type KeyTransitionNode struct { + state protoimpl.MessageState `protogen:"open.v1"` + Tier *ValueRef `protobuf:"bytes,1,opt,name=tier,proto3" json:"tier,omitempty"` + KeyName *ValueRef `protobuf:"bytes,2,opt,name=key_name,json=keyName,proto3" json:"key_name,omitempty"` + TargetState string `protobuf:"bytes,3,opt,name=target_state,json=targetState,proto3" json:"target_state,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *KeyTransitionNode) Reset() { + *x = KeyTransitionNode{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[19] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *KeyTransitionNode) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KeyTransitionNode) ProtoMessage() {} + +func (x *KeyTransitionNode) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[19] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KeyTransitionNode.ProtoReflect.Descriptor instead. +func (*KeyTransitionNode) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{19} +} + +func (x *KeyTransitionNode) GetTier() *ValueRef { + if x != nil { + return x.Tier + } + return nil +} + +func (x *KeyTransitionNode) GetKeyName() *ValueRef { + if x != nil { + return x.KeyName + } + return nil +} + +func (x *KeyTransitionNode) GetTargetState() string { + if x != nil { + return x.TargetState + } + return "" +} + +// KeyRotateNode generates new key material under the same logical key name +// (forced rotation — bypasses the idempotency guard in ProvisionKey). +// On success, result_var receives the new key ULID. +type KeyRotateNode struct { + state protoimpl.MessageState `protogen:"open.v1"` + Tier *ValueRef `protobuf:"bytes,1,opt,name=tier,proto3" json:"tier,omitempty"` + KeyName *ValueRef `protobuf:"bytes,2,opt,name=key_name,json=keyName,proto3" json:"key_name,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *KeyRotateNode) Reset() { + *x = KeyRotateNode{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[20] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *KeyRotateNode) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KeyRotateNode) ProtoMessage() {} + +func (x *KeyRotateNode) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[20] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KeyRotateNode.ProtoReflect.Descriptor instead. +func (*KeyRotateNode) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{20} +} + +func (x *KeyRotateNode) GetTier() *ValueRef { + if x != nil { + return x.Tier + } + return nil +} + +func (x *KeyRotateNode) GetKeyName() *ValueRef { + if x != nil { + return x.KeyName + } + return nil +} + +// KeyScheduleNode updates the scheduled lifecycle transition for an existing key. +type KeyScheduleNode struct { + state protoimpl.MessageState `protogen:"open.v1"` + Tier *ValueRef `protobuf:"bytes,1,opt,name=tier,proto3" json:"tier,omitempty"` + KeyName *ValueRef `protobuf:"bytes,2,opt,name=key_name,json=keyName,proto3" json:"key_name,omitempty"` + Schedule *KeyScheduleSpec `protobuf:"bytes,3,opt,name=schedule,proto3" json:"schedule,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *KeyScheduleNode) Reset() { + *x = KeyScheduleNode{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[21] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *KeyScheduleNode) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KeyScheduleNode) ProtoMessage() {} + +func (x *KeyScheduleNode) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[21] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KeyScheduleNode.ProtoReflect.Descriptor instead. +func (*KeyScheduleNode) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{21} +} + +func (x *KeyScheduleNode) GetTier() *ValueRef { + if x != nil { + return x.Tier + } + return nil +} + +func (x *KeyScheduleNode) GetKeyName() *ValueRef { + if x != nil { + return x.KeyName + } + return nil +} + +func (x *KeyScheduleNode) GetSchedule() *KeyScheduleSpec { + if x != nil { + return x.Schedule + } + return nil +} + +// KeyScheduleSpec carries timing parameters for a scheduled state transition. +// All fields are optional — set only the ones you need. +type KeyScheduleSpec struct { + state protoimpl.MessageState `protogen:"open.v1"` + ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=expires_at,json=expiresAt,proto3,oneof" json:"expires_at,omitempty"` + ScheduledTransitionAt *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=scheduled_transition_at,json=scheduledTransitionAt,proto3,oneof" json:"scheduled_transition_at,omitempty"` + // transition_to is the target KeyState when scheduled_transition_at fires. + TransitionTo *string `protobuf:"bytes,3,opt,name=transition_to,json=transitionTo,proto3,oneof" json:"transition_to,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *KeyScheduleSpec) Reset() { + *x = KeyScheduleSpec{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[22] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *KeyScheduleSpec) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KeyScheduleSpec) ProtoMessage() {} + +func (x *KeyScheduleSpec) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[22] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KeyScheduleSpec.ProtoReflect.Descriptor instead. +func (*KeyScheduleSpec) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{22} +} + +func (x *KeyScheduleSpec) GetExpiresAt() *timestamppb.Timestamp { + if x != nil { + return x.ExpiresAt + } + return nil +} + +func (x *KeyScheduleSpec) GetScheduledTransitionAt() *timestamppb.Timestamp { + if x != nil { + return x.ScheduledTransitionAt + } + return nil +} + +func (x *KeyScheduleSpec) GetTransitionTo() string { + if x != nil && x.TransitionTo != nil { + return *x.TransitionTo + } + return "" +} + +// CredentialSyncNode creates or updates a credential. +// spec is the full credential payload; core encrypts it using the tenant keyring. +type CredentialSyncNode struct { + state protoimpl.MessageState `protogen:"open.v1"` + Name *ValueRef `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + Type *ValueRef `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"` + Spec *structpb.Struct `protobuf:"bytes,3,opt,name=spec,proto3" json:"spec,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *CredentialSyncNode) Reset() { + *x = CredentialSyncNode{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[23] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *CredentialSyncNode) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CredentialSyncNode) ProtoMessage() {} + +func (x *CredentialSyncNode) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[23] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CredentialSyncNode.ProtoReflect.Descriptor instead. +func (*CredentialSyncNode) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{23} +} + +func (x *CredentialSyncNode) GetName() *ValueRef { + if x != nil { + return x.Name + } + return nil +} + +func (x *CredentialSyncNode) GetType() *ValueRef { + if x != nil { + return x.Type + } + return nil +} + +func (x *CredentialSyncNode) GetSpec() *structpb.Struct { + if x != nil { + return x.Spec + } + return nil +} + +// CredentialDeleteNode removes a credential record. +type CredentialDeleteNode struct { + state protoimpl.MessageState `protogen:"open.v1"` + Name *ValueRef `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *CredentialDeleteNode) Reset() { + *x = CredentialDeleteNode{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[24] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *CredentialDeleteNode) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CredentialDeleteNode) ProtoMessage() {} + +func (x *CredentialDeleteNode) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[24] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CredentialDeleteNode.ProtoReflect.Descriptor instead. +func (*CredentialDeleteNode) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{24} +} + +func (x *CredentialDeleteNode) GetName() *ValueRef { + if x != nil { + return x.Name + } + return nil +} + +// BindNode sets a named variable in the execution state. +// Useful for deriving values from existing bindings before referencing them. +type BindNode struct { + state protoimpl.MessageState `protogen:"open.v1"` + VarName string `protobuf:"bytes,1,opt,name=var_name,json=varName,proto3" json:"var_name,omitempty"` + Value *ValueRef `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *BindNode) Reset() { + *x = BindNode{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[25] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *BindNode) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*BindNode) ProtoMessage() {} + +func (x *BindNode) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[25] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use BindNode.ProtoReflect.Descriptor instead. +func (*BindNode) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{25} +} + +func (x *BindNode) GetVarName() string { + if x != nil { + return x.VarName + } + return "" +} + +func (x *BindNode) GetValue() *ValueRef { + if x != nil { + return x.Value + } + return nil +} + +// EmitNode writes a structured event to Krypton's audit trail. +type EmitNode struct { + state protoimpl.MessageState `protogen:"open.v1"` + EventType string `protobuf:"bytes,1,opt,name=event_type,json=eventType,proto3" json:"event_type,omitempty"` + Attributes map[string]string `protobuf:"bytes,2,rep,name=attributes,proto3" json:"attributes,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EmitNode) Reset() { + *x = EmitNode{} + mi := &file_plugin_resources_v1_ast_proto_msgTypes[26] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EmitNode) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EmitNode) ProtoMessage() {} + +func (x *EmitNode) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_ast_proto_msgTypes[26] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EmitNode.ProtoReflect.Descriptor instead. +func (*EmitNode) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_ast_proto_rawDescGZIP(), []int{26} +} + +func (x *EmitNode) GetEventType() string { + if x != nil { + return x.EventType + } + return "" +} + +func (x *EmitNode) GetAttributes() map[string]string { + if x != nil { + return x.Attributes + } + return nil +} + +var File_plugin_resources_v1_ast_proto protoreflect.FileDescriptor + +const file_plugin_resources_v1_ast_proto_rawDesc = "" + + "\n" + + "\x1dplugin/resources/v1/ast.proto\x12\x1fkrypton.resources.reconciler.v1\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xfd\x01\n" + + "\rExecutionPlan\x12\x17\n" + + "\aplan_id\x18\x01 \x01(\tR\x06planId\x12<\n" + + "\x04root\x18\x02 \x01(\v2(.krypton.resources.reconciler.v1.ASTNodeR\x04root\x12X\n" + + "\bbindings\x18\x03 \x03(\v2<.krypton.resources.reconciler.v1.ExecutionPlan.BindingsEntryR\bbindings\x1a;\n" + + "\rBindingsEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01\"\xa0\n" + + "\n" + + "\aASTNode\x12\x17\n" + + "\anode_id\x18\x01 \x01(\tR\x06nodeId\x12\x14\n" + + "\x05label\x18\x02 \x01(\tR\x05label\x12\x1d\n" + + "\n" + + "result_var\x18\x03 \x01(\tR\tresultVar\x12K\n" + + "\bsequence\x18\n" + + " \x01(\v2-.krypton.resources.reconciler.v1.SequenceNodeH\x00R\bsequence\x12K\n" + + "\bparallel\x18\v \x01(\v2-.krypton.resources.reconciler.v1.ParallelNodeH\x00R\bparallel\x12T\n" + + "\vconditional\x18\f \x01(\v20.krypton.resources.reconciler.v1.ConditionalNodeH\x00R\vconditional\x12L\n" + + "\ttry_catch\x18\r \x01(\v2-.krypton.resources.reconciler.v1.TryCatchNodeH\x00R\btryCatch\x12Q\n" + + "\n" + + "checkpoint\x18\x0e \x01(\v2/.krypton.resources.reconciler.v1.CheckpointNodeH\x00R\n" + + "checkpoint\x12E\n" + + "\x06assert\x18\x14 \x01(\v2+.krypton.resources.reconciler.v1.AssertNodeH\x00R\x06assert\x12I\n" + + "\bkey_sync\x18\x1e \x01(\v2,.krypton.resources.reconciler.v1.KeySyncNodeH\x00R\akeySync\x12O\n" + + "\n" + + "key_delete\x18\x1f \x01(\v2..krypton.resources.reconciler.v1.KeyDeleteNodeH\x00R\tkeyDelete\x12[\n" + + "\x0ekey_transition\x18 \x01(\v22.krypton.resources.reconciler.v1.KeyTransitionNodeH\x00R\rkeyTransition\x12O\n" + + "\n" + + "key_rotate\x18! \x01(\v2..krypton.resources.reconciler.v1.KeyRotateNodeH\x00R\tkeyRotate\x12U\n" + + "\fkey_schedule\x18\" \x01(\v20.krypton.resources.reconciler.v1.KeyScheduleNodeH\x00R\vkeySchedule\x12^\n" + + "\x0fcredential_sync\x18( \x01(\v23.krypton.resources.reconciler.v1.CredentialSyncNodeH\x00R\x0ecredentialSync\x12d\n" + + "\x11credential_delete\x18) \x01(\v25.krypton.resources.reconciler.v1.CredentialDeleteNodeH\x00R\x10credentialDelete\x12?\n" + + "\x04bind\x18< \x01(\v2).krypton.resources.reconciler.v1.BindNodeH\x00R\x04bind\x12?\n" + + "\x04emit\x18= \x01(\v2).krypton.resources.reconciler.v1.EmitNodeH\x00R\x04emitB\x06\n" + + "\x04node\"N\n" + + "\fSequenceNode\x12>\n" + + "\x05steps\x18\x01 \x03(\v2(.krypton.resources.reconciler.v1.ASTNodeR\x05steps\"k\n" + + "\fParallelNode\x12>\n" + + "\x05steps\x18\x01 \x03(\v2(.krypton.resources.reconciler.v1.ASTNodeR\x05steps\x12\x1b\n" + + "\tfail_fast\x18\x02 \x01(\bR\bfailFast\"\xe9\x01\n" + + "\x0fConditionalNode\x12H\n" + + "\tcondition\x18\x01 \x01(\v2*.krypton.resources.reconciler.v1.PredicateR\tcondition\x12E\n" + + "\tthen_node\x18\x02 \x01(\v2(.krypton.resources.reconciler.v1.ASTNodeR\bthenNode\x12E\n" + + "\telse_node\x18\x03 \x01(\v2(.krypton.resources.reconciler.v1.ASTNodeR\belseNode\"\x9c\x01\n" + + "\fTryCatchNode\x12C\n" + + "\btry_node\x18\x01 \x01(\v2(.krypton.resources.reconciler.v1.ASTNodeR\atryNode\x12G\n" + + "\n" + + "catch_node\x18\x02 \x01(\v2(.krypton.resources.reconciler.v1.ASTNodeR\tcatchNode\"\x10\n" + + "\x0eCheckpointNode\"{\n" + + "\n" + + "AssertNode\x12H\n" + + "\tcondition\x18\x01 \x01(\v2*.krypton.resources.reconciler.v1.PredicateR\tcondition\x12#\n" + + "\rerror_message\x18\x02 \x01(\tR\ferrorMessage\"\xcc\x04\n" + + "\tPredicate\x12T\n" + + "\n" + + "key_exists\x18\x01 \x01(\v23.krypton.resources.reconciler.v1.KeyExistsPredicateH\x00R\tkeyExists\x12Q\n" + + "\tkey_state\x18\x02 \x01(\v22.krypton.resources.reconciler.v1.KeyStatePredicateH\x00R\bkeyState\x12]\n" + + "\rtenant_active\x18\x03 \x01(\v26.krypton.resources.reconciler.v1.TenantActivePredicateH\x00R\ftenantActive\x12i\n" + + "\x11credential_exists\x18\x04 \x01(\v2:.krypton.resources.reconciler.v1.CredentialExistsPredicateH\x00R\x10credentialExists\x12A\n" + + "\x03and\x18\n" + + " \x01(\v2-.krypton.resources.reconciler.v1.AndPredicateH\x00R\x03and\x12>\n" + + "\x02or\x18\v \x01(\v2,.krypton.resources.reconciler.v1.OrPredicateH\x00R\x02or\x12A\n" + + "\x03not\x18\f \x01(\v2-.krypton.resources.reconciler.v1.NotPredicateH\x00R\x03notB\x06\n" + + "\x04expr\"\x99\x01\n" + + "\x12KeyExistsPredicate\x12=\n" + + "\x04tier\x18\x01 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\x04tier\x12D\n" + + "\bkey_name\x18\x02 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\akeyName\"\xbf\x01\n" + + "\x11KeyStatePredicate\x12=\n" + + "\x04tier\x18\x01 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\x04tier\x12D\n" + + "\bkey_name\x18\x02 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\akeyName\x12%\n" + + "\x0eallowed_states\x18\x03 \x03(\tR\rallowedStates\"_\n" + + "\x15TenantActivePredicate\x12F\n" + + "\ttenant_id\x18\x01 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\btenantId\"Z\n" + + "\x19CredentialExistsPredicate\x12=\n" + + "\x04name\x18\x01 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\x04name\"P\n" + + "\fAndPredicate\x12@\n" + + "\x05terms\x18\x01 \x03(\v2*.krypton.resources.reconciler.v1.PredicateR\x05terms\"O\n" + + "\vOrPredicate\x12@\n" + + "\x05terms\x18\x01 \x03(\v2*.krypton.resources.reconciler.v1.PredicateR\x05terms\"N\n" + + "\fNotPredicate\x12>\n" + + "\x04term\x18\x01 \x01(\v2*.krypton.resources.reconciler.v1.PredicateR\x04term\"I\n" + + "\bValueRef\x12\x1a\n" + + "\aliteral\x18\x01 \x01(\tH\x00R\aliteral\x12\x19\n" + + "\avar_ref\x18\x02 \x01(\tH\x00R\x06varRefB\x06\n" + + "\x04kind\"\xbf\x03\n" + + "\vKeySyncNode\x12=\n" + + "\x04tier\x18\x01 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\x04tier\x12D\n" + + "\bkey_name\x18\x02 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\akeyName\x12H\n" + + "\n" + + "parent_key\x18\x03 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\tparentKey\x12L\n" + + "\bschedule\x18\x04 \x01(\v20.krypton.resources.reconciler.v1.KeyScheduleSpecR\bschedule\x12V\n" + + "\bmetadata\x18\x05 \x03(\v2:.krypton.resources.reconciler.v1.KeySyncNode.MetadataEntryR\bmetadata\x1a;\n" + + "\rMetadataEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01\"\x94\x01\n" + + "\rKeyDeleteNode\x12=\n" + + "\x04tier\x18\x01 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\x04tier\x12D\n" + + "\bkey_name\x18\x02 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\akeyName\"\xbb\x01\n" + + "\x11KeyTransitionNode\x12=\n" + + "\x04tier\x18\x01 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\x04tier\x12D\n" + + "\bkey_name\x18\x02 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\akeyName\x12!\n" + + "\ftarget_state\x18\x03 \x01(\tR\vtargetState\"\x94\x01\n" + + "\rKeyRotateNode\x12=\n" + + "\x04tier\x18\x01 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\x04tier\x12D\n" + + "\bkey_name\x18\x02 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\akeyName\"\xe4\x01\n" + + "\x0fKeyScheduleNode\x12=\n" + + "\x04tier\x18\x01 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\x04tier\x12D\n" + + "\bkey_name\x18\x02 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\akeyName\x12L\n" + + "\bschedule\x18\x03 \x01(\v20.krypton.resources.reconciler.v1.KeyScheduleSpecR\bschedule\"\x91\x02\n" + + "\x0fKeyScheduleSpec\x12>\n" + + "\n" + + "expires_at\x18\x01 \x01(\v2\x1a.google.protobuf.TimestampH\x00R\texpiresAt\x88\x01\x01\x12W\n" + + "\x17scheduled_transition_at\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampH\x01R\x15scheduledTransitionAt\x88\x01\x01\x12(\n" + + "\rtransition_to\x18\x03 \x01(\tH\x02R\ftransitionTo\x88\x01\x01B\r\n" + + "\v_expires_atB\x1a\n" + + "\x18_scheduled_transition_atB\x10\n" + + "\x0e_transition_to\"\xbf\x01\n" + + "\x12CredentialSyncNode\x12=\n" + + "\x04name\x18\x01 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\x04name\x12=\n" + + "\x04type\x18\x02 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\x04type\x12+\n" + + "\x04spec\x18\x03 \x01(\v2\x17.google.protobuf.StructR\x04spec\"U\n" + + "\x14CredentialDeleteNode\x12=\n" + + "\x04name\x18\x01 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\x04name\"f\n" + + "\bBindNode\x12\x19\n" + + "\bvar_name\x18\x01 \x01(\tR\avarName\x12?\n" + + "\x05value\x18\x02 \x01(\v2).krypton.resources.reconciler.v1.ValueRefR\x05value\"\xc3\x01\n" + + "\bEmitNode\x12\x1d\n" + + "\n" + + "event_type\x18\x01 \x01(\tR\teventType\x12Y\n" + + "\n" + + "attributes\x18\x02 \x03(\v29.krypton.resources.reconciler.v1.EmitNode.AttributesEntryR\n" + + "attributes\x1a=\n" + + "\x0fAttributesEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\x94\x02\n" + + "#com.krypton.resources.reconciler.v1B\bAstProtoP\x01ZDgithub.com/openkcm/plugin-sdk/proto/plugin/resources/v1;reconcilerv1\xa2\x02\x03KRR\xaa\x02\x1fKrypton.Resources.Reconciler.V1\xca\x02\x1fKrypton\\Resources\\Reconciler\\V1\xe2\x02+Krypton\\Resources\\Reconciler\\V1\\GPBMetadata\xea\x02\"Krypton::Resources::Reconciler::V1b\x06proto3" + +var ( + file_plugin_resources_v1_ast_proto_rawDescOnce sync.Once + file_plugin_resources_v1_ast_proto_rawDescData []byte +) + +func file_plugin_resources_v1_ast_proto_rawDescGZIP() []byte { + file_plugin_resources_v1_ast_proto_rawDescOnce.Do(func() { + file_plugin_resources_v1_ast_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_plugin_resources_v1_ast_proto_rawDesc), len(file_plugin_resources_v1_ast_proto_rawDesc))) + }) + return file_plugin_resources_v1_ast_proto_rawDescData +} + +var file_plugin_resources_v1_ast_proto_msgTypes = make([]protoimpl.MessageInfo, 30) +var file_plugin_resources_v1_ast_proto_goTypes = []any{ + (*ExecutionPlan)(nil), // 0: krypton.resources.reconciler.v1.ExecutionPlan + (*ASTNode)(nil), // 1: krypton.resources.reconciler.v1.ASTNode + (*SequenceNode)(nil), // 2: krypton.resources.reconciler.v1.SequenceNode + (*ParallelNode)(nil), // 3: krypton.resources.reconciler.v1.ParallelNode + (*ConditionalNode)(nil), // 4: krypton.resources.reconciler.v1.ConditionalNode + (*TryCatchNode)(nil), // 5: krypton.resources.reconciler.v1.TryCatchNode + (*CheckpointNode)(nil), // 6: krypton.resources.reconciler.v1.CheckpointNode + (*AssertNode)(nil), // 7: krypton.resources.reconciler.v1.AssertNode + (*Predicate)(nil), // 8: krypton.resources.reconciler.v1.Predicate + (*KeyExistsPredicate)(nil), // 9: krypton.resources.reconciler.v1.KeyExistsPredicate + (*KeyStatePredicate)(nil), // 10: krypton.resources.reconciler.v1.KeyStatePredicate + (*TenantActivePredicate)(nil), // 11: krypton.resources.reconciler.v1.TenantActivePredicate + (*CredentialExistsPredicate)(nil), // 12: krypton.resources.reconciler.v1.CredentialExistsPredicate + (*AndPredicate)(nil), // 13: krypton.resources.reconciler.v1.AndPredicate + (*OrPredicate)(nil), // 14: krypton.resources.reconciler.v1.OrPredicate + (*NotPredicate)(nil), // 15: krypton.resources.reconciler.v1.NotPredicate + (*ValueRef)(nil), // 16: krypton.resources.reconciler.v1.ValueRef + (*KeySyncNode)(nil), // 17: krypton.resources.reconciler.v1.KeySyncNode + (*KeyDeleteNode)(nil), // 18: krypton.resources.reconciler.v1.KeyDeleteNode + (*KeyTransitionNode)(nil), // 19: krypton.resources.reconciler.v1.KeyTransitionNode + (*KeyRotateNode)(nil), // 20: krypton.resources.reconciler.v1.KeyRotateNode + (*KeyScheduleNode)(nil), // 21: krypton.resources.reconciler.v1.KeyScheduleNode + (*KeyScheduleSpec)(nil), // 22: krypton.resources.reconciler.v1.KeyScheduleSpec + (*CredentialSyncNode)(nil), // 23: krypton.resources.reconciler.v1.CredentialSyncNode + (*CredentialDeleteNode)(nil), // 24: krypton.resources.reconciler.v1.CredentialDeleteNode + (*BindNode)(nil), // 25: krypton.resources.reconciler.v1.BindNode + (*EmitNode)(nil), // 26: krypton.resources.reconciler.v1.EmitNode + nil, // 27: krypton.resources.reconciler.v1.ExecutionPlan.BindingsEntry + nil, // 28: krypton.resources.reconciler.v1.KeySyncNode.MetadataEntry + nil, // 29: krypton.resources.reconciler.v1.EmitNode.AttributesEntry + (*timestamppb.Timestamp)(nil), // 30: google.protobuf.Timestamp + (*structpb.Struct)(nil), // 31: google.protobuf.Struct +} +var file_plugin_resources_v1_ast_proto_depIdxs = []int32{ + 1, // 0: krypton.resources.reconciler.v1.ExecutionPlan.root:type_name -> krypton.resources.reconciler.v1.ASTNode + 27, // 1: krypton.resources.reconciler.v1.ExecutionPlan.bindings:type_name -> krypton.resources.reconciler.v1.ExecutionPlan.BindingsEntry + 2, // 2: krypton.resources.reconciler.v1.ASTNode.sequence:type_name -> krypton.resources.reconciler.v1.SequenceNode + 3, // 3: krypton.resources.reconciler.v1.ASTNode.parallel:type_name -> krypton.resources.reconciler.v1.ParallelNode + 4, // 4: krypton.resources.reconciler.v1.ASTNode.conditional:type_name -> krypton.resources.reconciler.v1.ConditionalNode + 5, // 5: krypton.resources.reconciler.v1.ASTNode.try_catch:type_name -> krypton.resources.reconciler.v1.TryCatchNode + 6, // 6: krypton.resources.reconciler.v1.ASTNode.checkpoint:type_name -> krypton.resources.reconciler.v1.CheckpointNode + 7, // 7: krypton.resources.reconciler.v1.ASTNode.assert:type_name -> krypton.resources.reconciler.v1.AssertNode + 17, // 8: krypton.resources.reconciler.v1.ASTNode.key_sync:type_name -> krypton.resources.reconciler.v1.KeySyncNode + 18, // 9: krypton.resources.reconciler.v1.ASTNode.key_delete:type_name -> krypton.resources.reconciler.v1.KeyDeleteNode + 19, // 10: krypton.resources.reconciler.v1.ASTNode.key_transition:type_name -> krypton.resources.reconciler.v1.KeyTransitionNode + 20, // 11: krypton.resources.reconciler.v1.ASTNode.key_rotate:type_name -> krypton.resources.reconciler.v1.KeyRotateNode + 21, // 12: krypton.resources.reconciler.v1.ASTNode.key_schedule:type_name -> krypton.resources.reconciler.v1.KeyScheduleNode + 23, // 13: krypton.resources.reconciler.v1.ASTNode.credential_sync:type_name -> krypton.resources.reconciler.v1.CredentialSyncNode + 24, // 14: krypton.resources.reconciler.v1.ASTNode.credential_delete:type_name -> krypton.resources.reconciler.v1.CredentialDeleteNode + 25, // 15: krypton.resources.reconciler.v1.ASTNode.bind:type_name -> krypton.resources.reconciler.v1.BindNode + 26, // 16: krypton.resources.reconciler.v1.ASTNode.emit:type_name -> krypton.resources.reconciler.v1.EmitNode + 1, // 17: krypton.resources.reconciler.v1.SequenceNode.steps:type_name -> krypton.resources.reconciler.v1.ASTNode + 1, // 18: krypton.resources.reconciler.v1.ParallelNode.steps:type_name -> krypton.resources.reconciler.v1.ASTNode + 8, // 19: krypton.resources.reconciler.v1.ConditionalNode.condition:type_name -> krypton.resources.reconciler.v1.Predicate + 1, // 20: krypton.resources.reconciler.v1.ConditionalNode.then_node:type_name -> krypton.resources.reconciler.v1.ASTNode + 1, // 21: krypton.resources.reconciler.v1.ConditionalNode.else_node:type_name -> krypton.resources.reconciler.v1.ASTNode + 1, // 22: krypton.resources.reconciler.v1.TryCatchNode.try_node:type_name -> krypton.resources.reconciler.v1.ASTNode + 1, // 23: krypton.resources.reconciler.v1.TryCatchNode.catch_node:type_name -> krypton.resources.reconciler.v1.ASTNode + 8, // 24: krypton.resources.reconciler.v1.AssertNode.condition:type_name -> krypton.resources.reconciler.v1.Predicate + 9, // 25: krypton.resources.reconciler.v1.Predicate.key_exists:type_name -> krypton.resources.reconciler.v1.KeyExistsPredicate + 10, // 26: krypton.resources.reconciler.v1.Predicate.key_state:type_name -> krypton.resources.reconciler.v1.KeyStatePredicate + 11, // 27: krypton.resources.reconciler.v1.Predicate.tenant_active:type_name -> krypton.resources.reconciler.v1.TenantActivePredicate + 12, // 28: krypton.resources.reconciler.v1.Predicate.credential_exists:type_name -> krypton.resources.reconciler.v1.CredentialExistsPredicate + 13, // 29: krypton.resources.reconciler.v1.Predicate.and:type_name -> krypton.resources.reconciler.v1.AndPredicate + 14, // 30: krypton.resources.reconciler.v1.Predicate.or:type_name -> krypton.resources.reconciler.v1.OrPredicate + 15, // 31: krypton.resources.reconciler.v1.Predicate.not:type_name -> krypton.resources.reconciler.v1.NotPredicate + 16, // 32: krypton.resources.reconciler.v1.KeyExistsPredicate.tier:type_name -> krypton.resources.reconciler.v1.ValueRef + 16, // 33: krypton.resources.reconciler.v1.KeyExistsPredicate.key_name:type_name -> krypton.resources.reconciler.v1.ValueRef + 16, // 34: krypton.resources.reconciler.v1.KeyStatePredicate.tier:type_name -> krypton.resources.reconciler.v1.ValueRef + 16, // 35: krypton.resources.reconciler.v1.KeyStatePredicate.key_name:type_name -> krypton.resources.reconciler.v1.ValueRef + 16, // 36: krypton.resources.reconciler.v1.TenantActivePredicate.tenant_id:type_name -> krypton.resources.reconciler.v1.ValueRef + 16, // 37: krypton.resources.reconciler.v1.CredentialExistsPredicate.name:type_name -> krypton.resources.reconciler.v1.ValueRef + 8, // 38: krypton.resources.reconciler.v1.AndPredicate.terms:type_name -> krypton.resources.reconciler.v1.Predicate + 8, // 39: krypton.resources.reconciler.v1.OrPredicate.terms:type_name -> krypton.resources.reconciler.v1.Predicate + 8, // 40: krypton.resources.reconciler.v1.NotPredicate.term:type_name -> krypton.resources.reconciler.v1.Predicate + 16, // 41: krypton.resources.reconciler.v1.KeySyncNode.tier:type_name -> krypton.resources.reconciler.v1.ValueRef + 16, // 42: krypton.resources.reconciler.v1.KeySyncNode.key_name:type_name -> krypton.resources.reconciler.v1.ValueRef + 16, // 43: krypton.resources.reconciler.v1.KeySyncNode.parent_key:type_name -> krypton.resources.reconciler.v1.ValueRef + 22, // 44: krypton.resources.reconciler.v1.KeySyncNode.schedule:type_name -> krypton.resources.reconciler.v1.KeyScheduleSpec + 28, // 45: krypton.resources.reconciler.v1.KeySyncNode.metadata:type_name -> krypton.resources.reconciler.v1.KeySyncNode.MetadataEntry + 16, // 46: krypton.resources.reconciler.v1.KeyDeleteNode.tier:type_name -> krypton.resources.reconciler.v1.ValueRef + 16, // 47: krypton.resources.reconciler.v1.KeyDeleteNode.key_name:type_name -> krypton.resources.reconciler.v1.ValueRef + 16, // 48: krypton.resources.reconciler.v1.KeyTransitionNode.tier:type_name -> krypton.resources.reconciler.v1.ValueRef + 16, // 49: krypton.resources.reconciler.v1.KeyTransitionNode.key_name:type_name -> krypton.resources.reconciler.v1.ValueRef + 16, // 50: krypton.resources.reconciler.v1.KeyRotateNode.tier:type_name -> krypton.resources.reconciler.v1.ValueRef + 16, // 51: krypton.resources.reconciler.v1.KeyRotateNode.key_name:type_name -> krypton.resources.reconciler.v1.ValueRef + 16, // 52: krypton.resources.reconciler.v1.KeyScheduleNode.tier:type_name -> krypton.resources.reconciler.v1.ValueRef + 16, // 53: krypton.resources.reconciler.v1.KeyScheduleNode.key_name:type_name -> krypton.resources.reconciler.v1.ValueRef + 22, // 54: krypton.resources.reconciler.v1.KeyScheduleNode.schedule:type_name -> krypton.resources.reconciler.v1.KeyScheduleSpec + 30, // 55: krypton.resources.reconciler.v1.KeyScheduleSpec.expires_at:type_name -> google.protobuf.Timestamp + 30, // 56: krypton.resources.reconciler.v1.KeyScheduleSpec.scheduled_transition_at:type_name -> google.protobuf.Timestamp + 16, // 57: krypton.resources.reconciler.v1.CredentialSyncNode.name:type_name -> krypton.resources.reconciler.v1.ValueRef + 16, // 58: krypton.resources.reconciler.v1.CredentialSyncNode.type:type_name -> krypton.resources.reconciler.v1.ValueRef + 31, // 59: krypton.resources.reconciler.v1.CredentialSyncNode.spec:type_name -> google.protobuf.Struct + 16, // 60: krypton.resources.reconciler.v1.CredentialDeleteNode.name:type_name -> krypton.resources.reconciler.v1.ValueRef + 16, // 61: krypton.resources.reconciler.v1.BindNode.value:type_name -> krypton.resources.reconciler.v1.ValueRef + 29, // 62: krypton.resources.reconciler.v1.EmitNode.attributes:type_name -> krypton.resources.reconciler.v1.EmitNode.AttributesEntry + 63, // [63:63] is the sub-list for method output_type + 63, // [63:63] is the sub-list for method input_type + 63, // [63:63] is the sub-list for extension type_name + 63, // [63:63] is the sub-list for extension extendee + 0, // [0:63] is the sub-list for field type_name +} + +func init() { file_plugin_resources_v1_ast_proto_init() } +func file_plugin_resources_v1_ast_proto_init() { + if File_plugin_resources_v1_ast_proto != nil { + return + } + file_plugin_resources_v1_ast_proto_msgTypes[1].OneofWrappers = []any{ + (*ASTNode_Sequence)(nil), + (*ASTNode_Parallel)(nil), + (*ASTNode_Conditional)(nil), + (*ASTNode_TryCatch)(nil), + (*ASTNode_Checkpoint)(nil), + (*ASTNode_Assert)(nil), + (*ASTNode_KeySync)(nil), + (*ASTNode_KeyDelete)(nil), + (*ASTNode_KeyTransition)(nil), + (*ASTNode_KeyRotate)(nil), + (*ASTNode_KeySchedule)(nil), + (*ASTNode_CredentialSync)(nil), + (*ASTNode_CredentialDelete)(nil), + (*ASTNode_Bind)(nil), + (*ASTNode_Emit)(nil), + } + file_plugin_resources_v1_ast_proto_msgTypes[8].OneofWrappers = []any{ + (*Predicate_KeyExists)(nil), + (*Predicate_KeyState)(nil), + (*Predicate_TenantActive)(nil), + (*Predicate_CredentialExists)(nil), + (*Predicate_And)(nil), + (*Predicate_Or)(nil), + (*Predicate_Not)(nil), + } + file_plugin_resources_v1_ast_proto_msgTypes[16].OneofWrappers = []any{ + (*ValueRef_Literal)(nil), + (*ValueRef_VarRef)(nil), + } + file_plugin_resources_v1_ast_proto_msgTypes[22].OneofWrappers = []any{} + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_plugin_resources_v1_ast_proto_rawDesc), len(file_plugin_resources_v1_ast_proto_rawDesc)), + NumEnums: 0, + NumMessages: 30, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_plugin_resources_v1_ast_proto_goTypes, + DependencyIndexes: file_plugin_resources_v1_ast_proto_depIdxs, + MessageInfos: file_plugin_resources_v1_ast_proto_msgTypes, + }.Build() + File_plugin_resources_v1_ast_proto = out.File + file_plugin_resources_v1_ast_proto_goTypes = nil + file_plugin_resources_v1_ast_proto_depIdxs = nil +} diff --git a/proto/plugin/resources/v1/ast.pb.validate.go b/proto/plugin/resources/v1/ast.pb.validate.go new file mode 100644 index 0000000..7d873d4 --- /dev/null +++ b/proto/plugin/resources/v1/ast.pb.validate.go @@ -0,0 +1,4835 @@ +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: plugin/resources/v1/ast.proto + +package reconcilerv1 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on ExecutionPlan with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *ExecutionPlan) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on ExecutionPlan with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in ExecutionPlanMultiError, or +// nil if none found. +func (m *ExecutionPlan) ValidateAll() error { + return m.validate(true) +} + +func (m *ExecutionPlan) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for PlanId + + if all { + switch v := interface{}(m.GetRoot()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ExecutionPlanValidationError{ + field: "Root", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ExecutionPlanValidationError{ + field: "Root", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetRoot()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ExecutionPlanValidationError{ + field: "Root", + reason: "embedded message failed validation", + cause: err, + } + } + } + + // no validation rules for Bindings + + if len(errors) > 0 { + return ExecutionPlanMultiError(errors) + } + + return nil +} + +// ExecutionPlanMultiError is an error wrapping multiple validation errors +// returned by ExecutionPlan.ValidateAll() if the designated constraints +// aren't met. +type ExecutionPlanMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m ExecutionPlanMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m ExecutionPlanMultiError) AllErrors() []error { return m } + +// ExecutionPlanValidationError is the validation error returned by +// ExecutionPlan.Validate if the designated constraints aren't met. +type ExecutionPlanValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e ExecutionPlanValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e ExecutionPlanValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e ExecutionPlanValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e ExecutionPlanValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e ExecutionPlanValidationError) ErrorName() string { return "ExecutionPlanValidationError" } + +// Error satisfies the builtin error interface +func (e ExecutionPlanValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sExecutionPlan.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = ExecutionPlanValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = ExecutionPlanValidationError{} + +// Validate checks the field values on ASTNode with the rules defined in the +// proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *ASTNode) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on ASTNode with the rules defined in the +// proto definition for this message. If any rules are violated, the result is +// a list of violation errors wrapped in ASTNodeMultiError, or nil if none found. +func (m *ASTNode) ValidateAll() error { + return m.validate(true) +} + +func (m *ASTNode) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for NodeId + + // no validation rules for Label + + // no validation rules for ResultVar + + switch v := m.Node.(type) { + case *ASTNode_Sequence: + if v == nil { + err := ASTNodeValidationError{ + field: "Node", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetSequence()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "Sequence", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "Sequence", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetSequence()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ASTNodeValidationError{ + field: "Sequence", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *ASTNode_Parallel: + if v == nil { + err := ASTNodeValidationError{ + field: "Node", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetParallel()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "Parallel", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "Parallel", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetParallel()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ASTNodeValidationError{ + field: "Parallel", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *ASTNode_Conditional: + if v == nil { + err := ASTNodeValidationError{ + field: "Node", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetConditional()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "Conditional", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "Conditional", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetConditional()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ASTNodeValidationError{ + field: "Conditional", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *ASTNode_TryCatch: + if v == nil { + err := ASTNodeValidationError{ + field: "Node", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetTryCatch()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "TryCatch", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "TryCatch", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetTryCatch()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ASTNodeValidationError{ + field: "TryCatch", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *ASTNode_Checkpoint: + if v == nil { + err := ASTNodeValidationError{ + field: "Node", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetCheckpoint()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "Checkpoint", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "Checkpoint", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetCheckpoint()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ASTNodeValidationError{ + field: "Checkpoint", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *ASTNode_Assert: + if v == nil { + err := ASTNodeValidationError{ + field: "Node", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetAssert()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "Assert", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "Assert", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetAssert()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ASTNodeValidationError{ + field: "Assert", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *ASTNode_KeySync: + if v == nil { + err := ASTNodeValidationError{ + field: "Node", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetKeySync()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "KeySync", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "KeySync", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeySync()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ASTNodeValidationError{ + field: "KeySync", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *ASTNode_KeyDelete: + if v == nil { + err := ASTNodeValidationError{ + field: "Node", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetKeyDelete()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "KeyDelete", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "KeyDelete", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeyDelete()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ASTNodeValidationError{ + field: "KeyDelete", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *ASTNode_KeyTransition: + if v == nil { + err := ASTNodeValidationError{ + field: "Node", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetKeyTransition()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "KeyTransition", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "KeyTransition", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeyTransition()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ASTNodeValidationError{ + field: "KeyTransition", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *ASTNode_KeyRotate: + if v == nil { + err := ASTNodeValidationError{ + field: "Node", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetKeyRotate()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "KeyRotate", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "KeyRotate", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeyRotate()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ASTNodeValidationError{ + field: "KeyRotate", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *ASTNode_KeySchedule: + if v == nil { + err := ASTNodeValidationError{ + field: "Node", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetKeySchedule()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "KeySchedule", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "KeySchedule", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeySchedule()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ASTNodeValidationError{ + field: "KeySchedule", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *ASTNode_CredentialSync: + if v == nil { + err := ASTNodeValidationError{ + field: "Node", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetCredentialSync()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "CredentialSync", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "CredentialSync", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetCredentialSync()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ASTNodeValidationError{ + field: "CredentialSync", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *ASTNode_CredentialDelete: + if v == nil { + err := ASTNodeValidationError{ + field: "Node", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetCredentialDelete()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "CredentialDelete", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "CredentialDelete", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetCredentialDelete()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ASTNodeValidationError{ + field: "CredentialDelete", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *ASTNode_Bind: + if v == nil { + err := ASTNodeValidationError{ + field: "Node", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetBind()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "Bind", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "Bind", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetBind()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ASTNodeValidationError{ + field: "Bind", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *ASTNode_Emit: + if v == nil { + err := ASTNodeValidationError{ + field: "Node", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetEmit()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "Emit", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ASTNodeValidationError{ + field: "Emit", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetEmit()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ASTNodeValidationError{ + field: "Emit", + reason: "embedded message failed validation", + cause: err, + } + } + } + + default: + _ = v // ensures v is used + } + + if len(errors) > 0 { + return ASTNodeMultiError(errors) + } + + return nil +} + +// ASTNodeMultiError is an error wrapping multiple validation errors returned +// by ASTNode.ValidateAll() if the designated constraints aren't met. +type ASTNodeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m ASTNodeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m ASTNodeMultiError) AllErrors() []error { return m } + +// ASTNodeValidationError is the validation error returned by ASTNode.Validate +// if the designated constraints aren't met. +type ASTNodeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e ASTNodeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e ASTNodeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e ASTNodeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e ASTNodeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e ASTNodeValidationError) ErrorName() string { return "ASTNodeValidationError" } + +// Error satisfies the builtin error interface +func (e ASTNodeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sASTNode.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = ASTNodeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = ASTNodeValidationError{} + +// Validate checks the field values on SequenceNode with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *SequenceNode) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on SequenceNode with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in SequenceNodeMultiError, or +// nil if none found. +func (m *SequenceNode) ValidateAll() error { + return m.validate(true) +} + +func (m *SequenceNode) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + for idx, item := range m.GetSteps() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, SequenceNodeValidationError{ + field: fmt.Sprintf("Steps[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, SequenceNodeValidationError{ + field: fmt.Sprintf("Steps[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return SequenceNodeValidationError{ + field: fmt.Sprintf("Steps[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return SequenceNodeMultiError(errors) + } + + return nil +} + +// SequenceNodeMultiError is an error wrapping multiple validation errors +// returned by SequenceNode.ValidateAll() if the designated constraints aren't met. +type SequenceNodeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m SequenceNodeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m SequenceNodeMultiError) AllErrors() []error { return m } + +// SequenceNodeValidationError is the validation error returned by +// SequenceNode.Validate if the designated constraints aren't met. +type SequenceNodeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e SequenceNodeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e SequenceNodeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e SequenceNodeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e SequenceNodeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e SequenceNodeValidationError) ErrorName() string { return "SequenceNodeValidationError" } + +// Error satisfies the builtin error interface +func (e SequenceNodeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sSequenceNode.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = SequenceNodeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = SequenceNodeValidationError{} + +// Validate checks the field values on ParallelNode with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *ParallelNode) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on ParallelNode with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in ParallelNodeMultiError, or +// nil if none found. +func (m *ParallelNode) ValidateAll() error { + return m.validate(true) +} + +func (m *ParallelNode) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + for idx, item := range m.GetSteps() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ParallelNodeValidationError{ + field: fmt.Sprintf("Steps[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ParallelNodeValidationError{ + field: fmt.Sprintf("Steps[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ParallelNodeValidationError{ + field: fmt.Sprintf("Steps[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + // no validation rules for FailFast + + if len(errors) > 0 { + return ParallelNodeMultiError(errors) + } + + return nil +} + +// ParallelNodeMultiError is an error wrapping multiple validation errors +// returned by ParallelNode.ValidateAll() if the designated constraints aren't met. +type ParallelNodeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m ParallelNodeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m ParallelNodeMultiError) AllErrors() []error { return m } + +// ParallelNodeValidationError is the validation error returned by +// ParallelNode.Validate if the designated constraints aren't met. +type ParallelNodeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e ParallelNodeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e ParallelNodeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e ParallelNodeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e ParallelNodeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e ParallelNodeValidationError) ErrorName() string { return "ParallelNodeValidationError" } + +// Error satisfies the builtin error interface +func (e ParallelNodeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sParallelNode.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = ParallelNodeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = ParallelNodeValidationError{} + +// Validate checks the field values on ConditionalNode with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *ConditionalNode) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on ConditionalNode with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// ConditionalNodeMultiError, or nil if none found. +func (m *ConditionalNode) ValidateAll() error { + return m.validate(true) +} + +func (m *ConditionalNode) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetCondition()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ConditionalNodeValidationError{ + field: "Condition", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ConditionalNodeValidationError{ + field: "Condition", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetCondition()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ConditionalNodeValidationError{ + field: "Condition", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetThenNode()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ConditionalNodeValidationError{ + field: "ThenNode", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ConditionalNodeValidationError{ + field: "ThenNode", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetThenNode()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ConditionalNodeValidationError{ + field: "ThenNode", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetElseNode()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ConditionalNodeValidationError{ + field: "ElseNode", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ConditionalNodeValidationError{ + field: "ElseNode", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetElseNode()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ConditionalNodeValidationError{ + field: "ElseNode", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return ConditionalNodeMultiError(errors) + } + + return nil +} + +// ConditionalNodeMultiError is an error wrapping multiple validation errors +// returned by ConditionalNode.ValidateAll() if the designated constraints +// aren't met. +type ConditionalNodeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m ConditionalNodeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m ConditionalNodeMultiError) AllErrors() []error { return m } + +// ConditionalNodeValidationError is the validation error returned by +// ConditionalNode.Validate if the designated constraints aren't met. +type ConditionalNodeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e ConditionalNodeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e ConditionalNodeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e ConditionalNodeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e ConditionalNodeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e ConditionalNodeValidationError) ErrorName() string { return "ConditionalNodeValidationError" } + +// Error satisfies the builtin error interface +func (e ConditionalNodeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sConditionalNode.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = ConditionalNodeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = ConditionalNodeValidationError{} + +// Validate checks the field values on TryCatchNode with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *TryCatchNode) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on TryCatchNode with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in TryCatchNodeMultiError, or +// nil if none found. +func (m *TryCatchNode) ValidateAll() error { + return m.validate(true) +} + +func (m *TryCatchNode) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetTryNode()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, TryCatchNodeValidationError{ + field: "TryNode", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, TryCatchNodeValidationError{ + field: "TryNode", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetTryNode()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return TryCatchNodeValidationError{ + field: "TryNode", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetCatchNode()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, TryCatchNodeValidationError{ + field: "CatchNode", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, TryCatchNodeValidationError{ + field: "CatchNode", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetCatchNode()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return TryCatchNodeValidationError{ + field: "CatchNode", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return TryCatchNodeMultiError(errors) + } + + return nil +} + +// TryCatchNodeMultiError is an error wrapping multiple validation errors +// returned by TryCatchNode.ValidateAll() if the designated constraints aren't met. +type TryCatchNodeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m TryCatchNodeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m TryCatchNodeMultiError) AllErrors() []error { return m } + +// TryCatchNodeValidationError is the validation error returned by +// TryCatchNode.Validate if the designated constraints aren't met. +type TryCatchNodeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e TryCatchNodeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e TryCatchNodeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e TryCatchNodeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e TryCatchNodeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e TryCatchNodeValidationError) ErrorName() string { return "TryCatchNodeValidationError" } + +// Error satisfies the builtin error interface +func (e TryCatchNodeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sTryCatchNode.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = TryCatchNodeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = TryCatchNodeValidationError{} + +// Validate checks the field values on CheckpointNode with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *CheckpointNode) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on CheckpointNode with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in CheckpointNodeMultiError, +// or nil if none found. +func (m *CheckpointNode) ValidateAll() error { + return m.validate(true) +} + +func (m *CheckpointNode) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if len(errors) > 0 { + return CheckpointNodeMultiError(errors) + } + + return nil +} + +// CheckpointNodeMultiError is an error wrapping multiple validation errors +// returned by CheckpointNode.ValidateAll() if the designated constraints +// aren't met. +type CheckpointNodeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m CheckpointNodeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m CheckpointNodeMultiError) AllErrors() []error { return m } + +// CheckpointNodeValidationError is the validation error returned by +// CheckpointNode.Validate if the designated constraints aren't met. +type CheckpointNodeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e CheckpointNodeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e CheckpointNodeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e CheckpointNodeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e CheckpointNodeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e CheckpointNodeValidationError) ErrorName() string { return "CheckpointNodeValidationError" } + +// Error satisfies the builtin error interface +func (e CheckpointNodeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sCheckpointNode.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = CheckpointNodeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = CheckpointNodeValidationError{} + +// Validate checks the field values on AssertNode with the rules defined in the +// proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *AssertNode) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on AssertNode with the rules defined in +// the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in AssertNodeMultiError, or +// nil if none found. +func (m *AssertNode) ValidateAll() error { + return m.validate(true) +} + +func (m *AssertNode) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetCondition()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, AssertNodeValidationError{ + field: "Condition", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, AssertNodeValidationError{ + field: "Condition", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetCondition()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return AssertNodeValidationError{ + field: "Condition", + reason: "embedded message failed validation", + cause: err, + } + } + } + + // no validation rules for ErrorMessage + + if len(errors) > 0 { + return AssertNodeMultiError(errors) + } + + return nil +} + +// AssertNodeMultiError is an error wrapping multiple validation errors +// returned by AssertNode.ValidateAll() if the designated constraints aren't met. +type AssertNodeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m AssertNodeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m AssertNodeMultiError) AllErrors() []error { return m } + +// AssertNodeValidationError is the validation error returned by +// AssertNode.Validate if the designated constraints aren't met. +type AssertNodeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e AssertNodeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e AssertNodeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e AssertNodeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e AssertNodeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e AssertNodeValidationError) ErrorName() string { return "AssertNodeValidationError" } + +// Error satisfies the builtin error interface +func (e AssertNodeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sAssertNode.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = AssertNodeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = AssertNodeValidationError{} + +// Validate checks the field values on Predicate with the rules defined in the +// proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *Predicate) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on Predicate with the rules defined in +// the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in PredicateMultiError, or nil +// if none found. +func (m *Predicate) ValidateAll() error { + return m.validate(true) +} + +func (m *Predicate) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + switch v := m.Expr.(type) { + case *Predicate_KeyExists: + if v == nil { + err := PredicateValidationError{ + field: "Expr", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetKeyExists()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, PredicateValidationError{ + field: "KeyExists", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, PredicateValidationError{ + field: "KeyExists", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeyExists()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return PredicateValidationError{ + field: "KeyExists", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *Predicate_KeyState: + if v == nil { + err := PredicateValidationError{ + field: "Expr", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetKeyState()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, PredicateValidationError{ + field: "KeyState", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, PredicateValidationError{ + field: "KeyState", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeyState()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return PredicateValidationError{ + field: "KeyState", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *Predicate_TenantActive: + if v == nil { + err := PredicateValidationError{ + field: "Expr", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetTenantActive()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, PredicateValidationError{ + field: "TenantActive", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, PredicateValidationError{ + field: "TenantActive", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetTenantActive()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return PredicateValidationError{ + field: "TenantActive", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *Predicate_CredentialExists: + if v == nil { + err := PredicateValidationError{ + field: "Expr", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetCredentialExists()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, PredicateValidationError{ + field: "CredentialExists", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, PredicateValidationError{ + field: "CredentialExists", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetCredentialExists()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return PredicateValidationError{ + field: "CredentialExists", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *Predicate_And: + if v == nil { + err := PredicateValidationError{ + field: "Expr", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetAnd()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, PredicateValidationError{ + field: "And", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, PredicateValidationError{ + field: "And", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetAnd()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return PredicateValidationError{ + field: "And", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *Predicate_Or: + if v == nil { + err := PredicateValidationError{ + field: "Expr", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetOr()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, PredicateValidationError{ + field: "Or", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, PredicateValidationError{ + field: "Or", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetOr()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return PredicateValidationError{ + field: "Or", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *Predicate_Not: + if v == nil { + err := PredicateValidationError{ + field: "Expr", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetNot()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, PredicateValidationError{ + field: "Not", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, PredicateValidationError{ + field: "Not", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetNot()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return PredicateValidationError{ + field: "Not", + reason: "embedded message failed validation", + cause: err, + } + } + } + + default: + _ = v // ensures v is used + } + + if len(errors) > 0 { + return PredicateMultiError(errors) + } + + return nil +} + +// PredicateMultiError is an error wrapping multiple validation errors returned +// by Predicate.ValidateAll() if the designated constraints aren't met. +type PredicateMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m PredicateMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m PredicateMultiError) AllErrors() []error { return m } + +// PredicateValidationError is the validation error returned by +// Predicate.Validate if the designated constraints aren't met. +type PredicateValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e PredicateValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e PredicateValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e PredicateValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e PredicateValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e PredicateValidationError) ErrorName() string { return "PredicateValidationError" } + +// Error satisfies the builtin error interface +func (e PredicateValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sPredicate.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = PredicateValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = PredicateValidationError{} + +// Validate checks the field values on KeyExistsPredicate with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *KeyExistsPredicate) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on KeyExistsPredicate with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// KeyExistsPredicateMultiError, or nil if none found. +func (m *KeyExistsPredicate) ValidateAll() error { + return m.validate(true) +} + +func (m *KeyExistsPredicate) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetTier()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeyExistsPredicateValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeyExistsPredicateValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetTier()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeyExistsPredicateValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetKeyName()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeyExistsPredicateValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeyExistsPredicateValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeyName()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeyExistsPredicateValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return KeyExistsPredicateMultiError(errors) + } + + return nil +} + +// KeyExistsPredicateMultiError is an error wrapping multiple validation errors +// returned by KeyExistsPredicate.ValidateAll() if the designated constraints +// aren't met. +type KeyExistsPredicateMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m KeyExistsPredicateMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m KeyExistsPredicateMultiError) AllErrors() []error { return m } + +// KeyExistsPredicateValidationError is the validation error returned by +// KeyExistsPredicate.Validate if the designated constraints aren't met. +type KeyExistsPredicateValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e KeyExistsPredicateValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e KeyExistsPredicateValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e KeyExistsPredicateValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e KeyExistsPredicateValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e KeyExistsPredicateValidationError) ErrorName() string { + return "KeyExistsPredicateValidationError" +} + +// Error satisfies the builtin error interface +func (e KeyExistsPredicateValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sKeyExistsPredicate.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = KeyExistsPredicateValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = KeyExistsPredicateValidationError{} + +// Validate checks the field values on KeyStatePredicate with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *KeyStatePredicate) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on KeyStatePredicate with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// KeyStatePredicateMultiError, or nil if none found. +func (m *KeyStatePredicate) ValidateAll() error { + return m.validate(true) +} + +func (m *KeyStatePredicate) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetTier()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeyStatePredicateValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeyStatePredicateValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetTier()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeyStatePredicateValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetKeyName()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeyStatePredicateValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeyStatePredicateValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeyName()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeyStatePredicateValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return KeyStatePredicateMultiError(errors) + } + + return nil +} + +// KeyStatePredicateMultiError is an error wrapping multiple validation errors +// returned by KeyStatePredicate.ValidateAll() if the designated constraints +// aren't met. +type KeyStatePredicateMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m KeyStatePredicateMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m KeyStatePredicateMultiError) AllErrors() []error { return m } + +// KeyStatePredicateValidationError is the validation error returned by +// KeyStatePredicate.Validate if the designated constraints aren't met. +type KeyStatePredicateValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e KeyStatePredicateValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e KeyStatePredicateValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e KeyStatePredicateValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e KeyStatePredicateValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e KeyStatePredicateValidationError) ErrorName() string { + return "KeyStatePredicateValidationError" +} + +// Error satisfies the builtin error interface +func (e KeyStatePredicateValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sKeyStatePredicate.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = KeyStatePredicateValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = KeyStatePredicateValidationError{} + +// Validate checks the field values on TenantActivePredicate with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *TenantActivePredicate) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on TenantActivePredicate with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// TenantActivePredicateMultiError, or nil if none found. +func (m *TenantActivePredicate) ValidateAll() error { + return m.validate(true) +} + +func (m *TenantActivePredicate) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetTenantId()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, TenantActivePredicateValidationError{ + field: "TenantId", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, TenantActivePredicateValidationError{ + field: "TenantId", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetTenantId()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return TenantActivePredicateValidationError{ + field: "TenantId", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return TenantActivePredicateMultiError(errors) + } + + return nil +} + +// TenantActivePredicateMultiError is an error wrapping multiple validation +// errors returned by TenantActivePredicate.ValidateAll() if the designated +// constraints aren't met. +type TenantActivePredicateMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m TenantActivePredicateMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m TenantActivePredicateMultiError) AllErrors() []error { return m } + +// TenantActivePredicateValidationError is the validation error returned by +// TenantActivePredicate.Validate if the designated constraints aren't met. +type TenantActivePredicateValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e TenantActivePredicateValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e TenantActivePredicateValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e TenantActivePredicateValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e TenantActivePredicateValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e TenantActivePredicateValidationError) ErrorName() string { + return "TenantActivePredicateValidationError" +} + +// Error satisfies the builtin error interface +func (e TenantActivePredicateValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sTenantActivePredicate.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = TenantActivePredicateValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = TenantActivePredicateValidationError{} + +// Validate checks the field values on CredentialExistsPredicate with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *CredentialExistsPredicate) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on CredentialExistsPredicate with the +// rules defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// CredentialExistsPredicateMultiError, or nil if none found. +func (m *CredentialExistsPredicate) ValidateAll() error { + return m.validate(true) +} + +func (m *CredentialExistsPredicate) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetName()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, CredentialExistsPredicateValidationError{ + field: "Name", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, CredentialExistsPredicateValidationError{ + field: "Name", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetName()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return CredentialExistsPredicateValidationError{ + field: "Name", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return CredentialExistsPredicateMultiError(errors) + } + + return nil +} + +// CredentialExistsPredicateMultiError is an error wrapping multiple validation +// errors returned by CredentialExistsPredicate.ValidateAll() if the +// designated constraints aren't met. +type CredentialExistsPredicateMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m CredentialExistsPredicateMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m CredentialExistsPredicateMultiError) AllErrors() []error { return m } + +// CredentialExistsPredicateValidationError is the validation error returned by +// CredentialExistsPredicate.Validate if the designated constraints aren't met. +type CredentialExistsPredicateValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e CredentialExistsPredicateValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e CredentialExistsPredicateValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e CredentialExistsPredicateValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e CredentialExistsPredicateValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e CredentialExistsPredicateValidationError) ErrorName() string { + return "CredentialExistsPredicateValidationError" +} + +// Error satisfies the builtin error interface +func (e CredentialExistsPredicateValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sCredentialExistsPredicate.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = CredentialExistsPredicateValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = CredentialExistsPredicateValidationError{} + +// Validate checks the field values on AndPredicate with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *AndPredicate) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on AndPredicate with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in AndPredicateMultiError, or +// nil if none found. +func (m *AndPredicate) ValidateAll() error { + return m.validate(true) +} + +func (m *AndPredicate) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + for idx, item := range m.GetTerms() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, AndPredicateValidationError{ + field: fmt.Sprintf("Terms[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, AndPredicateValidationError{ + field: fmt.Sprintf("Terms[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return AndPredicateValidationError{ + field: fmt.Sprintf("Terms[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return AndPredicateMultiError(errors) + } + + return nil +} + +// AndPredicateMultiError is an error wrapping multiple validation errors +// returned by AndPredicate.ValidateAll() if the designated constraints aren't met. +type AndPredicateMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m AndPredicateMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m AndPredicateMultiError) AllErrors() []error { return m } + +// AndPredicateValidationError is the validation error returned by +// AndPredicate.Validate if the designated constraints aren't met. +type AndPredicateValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e AndPredicateValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e AndPredicateValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e AndPredicateValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e AndPredicateValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e AndPredicateValidationError) ErrorName() string { return "AndPredicateValidationError" } + +// Error satisfies the builtin error interface +func (e AndPredicateValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sAndPredicate.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = AndPredicateValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = AndPredicateValidationError{} + +// Validate checks the field values on OrPredicate with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *OrPredicate) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on OrPredicate with the rules defined in +// the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in OrPredicateMultiError, or +// nil if none found. +func (m *OrPredicate) ValidateAll() error { + return m.validate(true) +} + +func (m *OrPredicate) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + for idx, item := range m.GetTerms() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, OrPredicateValidationError{ + field: fmt.Sprintf("Terms[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, OrPredicateValidationError{ + field: fmt.Sprintf("Terms[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return OrPredicateValidationError{ + field: fmt.Sprintf("Terms[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return OrPredicateMultiError(errors) + } + + return nil +} + +// OrPredicateMultiError is an error wrapping multiple validation errors +// returned by OrPredicate.ValidateAll() if the designated constraints aren't met. +type OrPredicateMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m OrPredicateMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m OrPredicateMultiError) AllErrors() []error { return m } + +// OrPredicateValidationError is the validation error returned by +// OrPredicate.Validate if the designated constraints aren't met. +type OrPredicateValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e OrPredicateValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e OrPredicateValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e OrPredicateValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e OrPredicateValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e OrPredicateValidationError) ErrorName() string { return "OrPredicateValidationError" } + +// Error satisfies the builtin error interface +func (e OrPredicateValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sOrPredicate.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = OrPredicateValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = OrPredicateValidationError{} + +// Validate checks the field values on NotPredicate with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *NotPredicate) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on NotPredicate with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in NotPredicateMultiError, or +// nil if none found. +func (m *NotPredicate) ValidateAll() error { + return m.validate(true) +} + +func (m *NotPredicate) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetTerm()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, NotPredicateValidationError{ + field: "Term", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, NotPredicateValidationError{ + field: "Term", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetTerm()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return NotPredicateValidationError{ + field: "Term", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return NotPredicateMultiError(errors) + } + + return nil +} + +// NotPredicateMultiError is an error wrapping multiple validation errors +// returned by NotPredicate.ValidateAll() if the designated constraints aren't met. +type NotPredicateMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m NotPredicateMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m NotPredicateMultiError) AllErrors() []error { return m } + +// NotPredicateValidationError is the validation error returned by +// NotPredicate.Validate if the designated constraints aren't met. +type NotPredicateValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e NotPredicateValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e NotPredicateValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e NotPredicateValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e NotPredicateValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e NotPredicateValidationError) ErrorName() string { return "NotPredicateValidationError" } + +// Error satisfies the builtin error interface +func (e NotPredicateValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sNotPredicate.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = NotPredicateValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = NotPredicateValidationError{} + +// Validate checks the field values on ValueRef with the rules defined in the +// proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *ValueRef) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on ValueRef with the rules defined in +// the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in ValueRefMultiError, or nil +// if none found. +func (m *ValueRef) ValidateAll() error { + return m.validate(true) +} + +func (m *ValueRef) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + switch v := m.Kind.(type) { + case *ValueRef_Literal: + if v == nil { + err := ValueRefValidationError{ + field: "Kind", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + // no validation rules for Literal + case *ValueRef_VarRef: + if v == nil { + err := ValueRefValidationError{ + field: "Kind", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + // no validation rules for VarRef + default: + _ = v // ensures v is used + } + + if len(errors) > 0 { + return ValueRefMultiError(errors) + } + + return nil +} + +// ValueRefMultiError is an error wrapping multiple validation errors returned +// by ValueRef.ValidateAll() if the designated constraints aren't met. +type ValueRefMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m ValueRefMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m ValueRefMultiError) AllErrors() []error { return m } + +// ValueRefValidationError is the validation error returned by +// ValueRef.Validate if the designated constraints aren't met. +type ValueRefValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e ValueRefValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e ValueRefValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e ValueRefValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e ValueRefValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e ValueRefValidationError) ErrorName() string { return "ValueRefValidationError" } + +// Error satisfies the builtin error interface +func (e ValueRefValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sValueRef.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = ValueRefValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = ValueRefValidationError{} + +// Validate checks the field values on KeySyncNode with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *KeySyncNode) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on KeySyncNode with the rules defined in +// the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in KeySyncNodeMultiError, or +// nil if none found. +func (m *KeySyncNode) ValidateAll() error { + return m.validate(true) +} + +func (m *KeySyncNode) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetTier()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeySyncNodeValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeySyncNodeValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetTier()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeySyncNodeValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetKeyName()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeySyncNodeValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeySyncNodeValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeyName()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeySyncNodeValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetParentKey()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeySyncNodeValidationError{ + field: "ParentKey", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeySyncNodeValidationError{ + field: "ParentKey", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetParentKey()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeySyncNodeValidationError{ + field: "ParentKey", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetSchedule()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeySyncNodeValidationError{ + field: "Schedule", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeySyncNodeValidationError{ + field: "Schedule", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetSchedule()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeySyncNodeValidationError{ + field: "Schedule", + reason: "embedded message failed validation", + cause: err, + } + } + } + + // no validation rules for Metadata + + if len(errors) > 0 { + return KeySyncNodeMultiError(errors) + } + + return nil +} + +// KeySyncNodeMultiError is an error wrapping multiple validation errors +// returned by KeySyncNode.ValidateAll() if the designated constraints aren't met. +type KeySyncNodeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m KeySyncNodeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m KeySyncNodeMultiError) AllErrors() []error { return m } + +// KeySyncNodeValidationError is the validation error returned by +// KeySyncNode.Validate if the designated constraints aren't met. +type KeySyncNodeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e KeySyncNodeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e KeySyncNodeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e KeySyncNodeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e KeySyncNodeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e KeySyncNodeValidationError) ErrorName() string { return "KeySyncNodeValidationError" } + +// Error satisfies the builtin error interface +func (e KeySyncNodeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sKeySyncNode.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = KeySyncNodeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = KeySyncNodeValidationError{} + +// Validate checks the field values on KeyDeleteNode with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *KeyDeleteNode) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on KeyDeleteNode with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in KeyDeleteNodeMultiError, or +// nil if none found. +func (m *KeyDeleteNode) ValidateAll() error { + return m.validate(true) +} + +func (m *KeyDeleteNode) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetTier()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeyDeleteNodeValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeyDeleteNodeValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetTier()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeyDeleteNodeValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetKeyName()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeyDeleteNodeValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeyDeleteNodeValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeyName()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeyDeleteNodeValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return KeyDeleteNodeMultiError(errors) + } + + return nil +} + +// KeyDeleteNodeMultiError is an error wrapping multiple validation errors +// returned by KeyDeleteNode.ValidateAll() if the designated constraints +// aren't met. +type KeyDeleteNodeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m KeyDeleteNodeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m KeyDeleteNodeMultiError) AllErrors() []error { return m } + +// KeyDeleteNodeValidationError is the validation error returned by +// KeyDeleteNode.Validate if the designated constraints aren't met. +type KeyDeleteNodeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e KeyDeleteNodeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e KeyDeleteNodeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e KeyDeleteNodeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e KeyDeleteNodeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e KeyDeleteNodeValidationError) ErrorName() string { return "KeyDeleteNodeValidationError" } + +// Error satisfies the builtin error interface +func (e KeyDeleteNodeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sKeyDeleteNode.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = KeyDeleteNodeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = KeyDeleteNodeValidationError{} + +// Validate checks the field values on KeyTransitionNode with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *KeyTransitionNode) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on KeyTransitionNode with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// KeyTransitionNodeMultiError, or nil if none found. +func (m *KeyTransitionNode) ValidateAll() error { + return m.validate(true) +} + +func (m *KeyTransitionNode) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetTier()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeyTransitionNodeValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeyTransitionNodeValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetTier()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeyTransitionNodeValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetKeyName()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeyTransitionNodeValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeyTransitionNodeValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeyName()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeyTransitionNodeValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + } + } + } + + // no validation rules for TargetState + + if len(errors) > 0 { + return KeyTransitionNodeMultiError(errors) + } + + return nil +} + +// KeyTransitionNodeMultiError is an error wrapping multiple validation errors +// returned by KeyTransitionNode.ValidateAll() if the designated constraints +// aren't met. +type KeyTransitionNodeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m KeyTransitionNodeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m KeyTransitionNodeMultiError) AllErrors() []error { return m } + +// KeyTransitionNodeValidationError is the validation error returned by +// KeyTransitionNode.Validate if the designated constraints aren't met. +type KeyTransitionNodeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e KeyTransitionNodeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e KeyTransitionNodeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e KeyTransitionNodeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e KeyTransitionNodeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e KeyTransitionNodeValidationError) ErrorName() string { + return "KeyTransitionNodeValidationError" +} + +// Error satisfies the builtin error interface +func (e KeyTransitionNodeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sKeyTransitionNode.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = KeyTransitionNodeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = KeyTransitionNodeValidationError{} + +// Validate checks the field values on KeyRotateNode with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *KeyRotateNode) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on KeyRotateNode with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in KeyRotateNodeMultiError, or +// nil if none found. +func (m *KeyRotateNode) ValidateAll() error { + return m.validate(true) +} + +func (m *KeyRotateNode) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetTier()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeyRotateNodeValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeyRotateNodeValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetTier()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeyRotateNodeValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetKeyName()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeyRotateNodeValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeyRotateNodeValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeyName()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeyRotateNodeValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return KeyRotateNodeMultiError(errors) + } + + return nil +} + +// KeyRotateNodeMultiError is an error wrapping multiple validation errors +// returned by KeyRotateNode.ValidateAll() if the designated constraints +// aren't met. +type KeyRotateNodeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m KeyRotateNodeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m KeyRotateNodeMultiError) AllErrors() []error { return m } + +// KeyRotateNodeValidationError is the validation error returned by +// KeyRotateNode.Validate if the designated constraints aren't met. +type KeyRotateNodeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e KeyRotateNodeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e KeyRotateNodeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e KeyRotateNodeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e KeyRotateNodeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e KeyRotateNodeValidationError) ErrorName() string { return "KeyRotateNodeValidationError" } + +// Error satisfies the builtin error interface +func (e KeyRotateNodeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sKeyRotateNode.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = KeyRotateNodeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = KeyRotateNodeValidationError{} + +// Validate checks the field values on KeyScheduleNode with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *KeyScheduleNode) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on KeyScheduleNode with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// KeyScheduleNodeMultiError, or nil if none found. +func (m *KeyScheduleNode) ValidateAll() error { + return m.validate(true) +} + +func (m *KeyScheduleNode) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetTier()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeyScheduleNodeValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeyScheduleNodeValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetTier()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeyScheduleNodeValidationError{ + field: "Tier", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetKeyName()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeyScheduleNodeValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeyScheduleNodeValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeyName()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeyScheduleNodeValidationError{ + field: "KeyName", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetSchedule()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeyScheduleNodeValidationError{ + field: "Schedule", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeyScheduleNodeValidationError{ + field: "Schedule", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetSchedule()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeyScheduleNodeValidationError{ + field: "Schedule", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return KeyScheduleNodeMultiError(errors) + } + + return nil +} + +// KeyScheduleNodeMultiError is an error wrapping multiple validation errors +// returned by KeyScheduleNode.ValidateAll() if the designated constraints +// aren't met. +type KeyScheduleNodeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m KeyScheduleNodeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m KeyScheduleNodeMultiError) AllErrors() []error { return m } + +// KeyScheduleNodeValidationError is the validation error returned by +// KeyScheduleNode.Validate if the designated constraints aren't met. +type KeyScheduleNodeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e KeyScheduleNodeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e KeyScheduleNodeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e KeyScheduleNodeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e KeyScheduleNodeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e KeyScheduleNodeValidationError) ErrorName() string { return "KeyScheduleNodeValidationError" } + +// Error satisfies the builtin error interface +func (e KeyScheduleNodeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sKeyScheduleNode.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = KeyScheduleNodeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = KeyScheduleNodeValidationError{} + +// Validate checks the field values on KeyScheduleSpec with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *KeyScheduleSpec) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on KeyScheduleSpec with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// KeyScheduleSpecMultiError, or nil if none found. +func (m *KeyScheduleSpec) ValidateAll() error { + return m.validate(true) +} + +func (m *KeyScheduleSpec) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if m.ExpiresAt != nil { + + if all { + switch v := interface{}(m.GetExpiresAt()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeyScheduleSpecValidationError{ + field: "ExpiresAt", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeyScheduleSpecValidationError{ + field: "ExpiresAt", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetExpiresAt()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeyScheduleSpecValidationError{ + field: "ExpiresAt", + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if m.ScheduledTransitionAt != nil { + + if all { + switch v := interface{}(m.GetScheduledTransitionAt()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeyScheduleSpecValidationError{ + field: "ScheduledTransitionAt", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeyScheduleSpecValidationError{ + field: "ScheduledTransitionAt", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetScheduledTransitionAt()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeyScheduleSpecValidationError{ + field: "ScheduledTransitionAt", + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if m.TransitionTo != nil { + // no validation rules for TransitionTo + } + + if len(errors) > 0 { + return KeyScheduleSpecMultiError(errors) + } + + return nil +} + +// KeyScheduleSpecMultiError is an error wrapping multiple validation errors +// returned by KeyScheduleSpec.ValidateAll() if the designated constraints +// aren't met. +type KeyScheduleSpecMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m KeyScheduleSpecMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m KeyScheduleSpecMultiError) AllErrors() []error { return m } + +// KeyScheduleSpecValidationError is the validation error returned by +// KeyScheduleSpec.Validate if the designated constraints aren't met. +type KeyScheduleSpecValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e KeyScheduleSpecValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e KeyScheduleSpecValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e KeyScheduleSpecValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e KeyScheduleSpecValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e KeyScheduleSpecValidationError) ErrorName() string { return "KeyScheduleSpecValidationError" } + +// Error satisfies the builtin error interface +func (e KeyScheduleSpecValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sKeyScheduleSpec.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = KeyScheduleSpecValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = KeyScheduleSpecValidationError{} + +// Validate checks the field values on CredentialSyncNode with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *CredentialSyncNode) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on CredentialSyncNode with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// CredentialSyncNodeMultiError, or nil if none found. +func (m *CredentialSyncNode) ValidateAll() error { + return m.validate(true) +} + +func (m *CredentialSyncNode) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetName()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, CredentialSyncNodeValidationError{ + field: "Name", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, CredentialSyncNodeValidationError{ + field: "Name", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetName()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return CredentialSyncNodeValidationError{ + field: "Name", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetType()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, CredentialSyncNodeValidationError{ + field: "Type", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, CredentialSyncNodeValidationError{ + field: "Type", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetType()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return CredentialSyncNodeValidationError{ + field: "Type", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetSpec()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, CredentialSyncNodeValidationError{ + field: "Spec", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, CredentialSyncNodeValidationError{ + field: "Spec", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetSpec()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return CredentialSyncNodeValidationError{ + field: "Spec", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return CredentialSyncNodeMultiError(errors) + } + + return nil +} + +// CredentialSyncNodeMultiError is an error wrapping multiple validation errors +// returned by CredentialSyncNode.ValidateAll() if the designated constraints +// aren't met. +type CredentialSyncNodeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m CredentialSyncNodeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m CredentialSyncNodeMultiError) AllErrors() []error { return m } + +// CredentialSyncNodeValidationError is the validation error returned by +// CredentialSyncNode.Validate if the designated constraints aren't met. +type CredentialSyncNodeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e CredentialSyncNodeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e CredentialSyncNodeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e CredentialSyncNodeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e CredentialSyncNodeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e CredentialSyncNodeValidationError) ErrorName() string { + return "CredentialSyncNodeValidationError" +} + +// Error satisfies the builtin error interface +func (e CredentialSyncNodeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sCredentialSyncNode.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = CredentialSyncNodeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = CredentialSyncNodeValidationError{} + +// Validate checks the field values on CredentialDeleteNode with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *CredentialDeleteNode) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on CredentialDeleteNode with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// CredentialDeleteNodeMultiError, or nil if none found. +func (m *CredentialDeleteNode) ValidateAll() error { + return m.validate(true) +} + +func (m *CredentialDeleteNode) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetName()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, CredentialDeleteNodeValidationError{ + field: "Name", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, CredentialDeleteNodeValidationError{ + field: "Name", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetName()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return CredentialDeleteNodeValidationError{ + field: "Name", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return CredentialDeleteNodeMultiError(errors) + } + + return nil +} + +// CredentialDeleteNodeMultiError is an error wrapping multiple validation +// errors returned by CredentialDeleteNode.ValidateAll() if the designated +// constraints aren't met. +type CredentialDeleteNodeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m CredentialDeleteNodeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m CredentialDeleteNodeMultiError) AllErrors() []error { return m } + +// CredentialDeleteNodeValidationError is the validation error returned by +// CredentialDeleteNode.Validate if the designated constraints aren't met. +type CredentialDeleteNodeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e CredentialDeleteNodeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e CredentialDeleteNodeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e CredentialDeleteNodeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e CredentialDeleteNodeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e CredentialDeleteNodeValidationError) ErrorName() string { + return "CredentialDeleteNodeValidationError" +} + +// Error satisfies the builtin error interface +func (e CredentialDeleteNodeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sCredentialDeleteNode.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = CredentialDeleteNodeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = CredentialDeleteNodeValidationError{} + +// Validate checks the field values on BindNode with the rules defined in the +// proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *BindNode) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on BindNode with the rules defined in +// the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in BindNodeMultiError, or nil +// if none found. +func (m *BindNode) ValidateAll() error { + return m.validate(true) +} + +func (m *BindNode) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for VarName + + if all { + switch v := interface{}(m.GetValue()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, BindNodeValidationError{ + field: "Value", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, BindNodeValidationError{ + field: "Value", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetValue()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return BindNodeValidationError{ + field: "Value", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return BindNodeMultiError(errors) + } + + return nil +} + +// BindNodeMultiError is an error wrapping multiple validation errors returned +// by BindNode.ValidateAll() if the designated constraints aren't met. +type BindNodeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m BindNodeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m BindNodeMultiError) AllErrors() []error { return m } + +// BindNodeValidationError is the validation error returned by +// BindNode.Validate if the designated constraints aren't met. +type BindNodeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e BindNodeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e BindNodeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e BindNodeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e BindNodeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e BindNodeValidationError) ErrorName() string { return "BindNodeValidationError" } + +// Error satisfies the builtin error interface +func (e BindNodeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sBindNode.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = BindNodeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = BindNodeValidationError{} + +// Validate checks the field values on EmitNode with the rules defined in the +// proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *EmitNode) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on EmitNode with the rules defined in +// the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in EmitNodeMultiError, or nil +// if none found. +func (m *EmitNode) ValidateAll() error { + return m.validate(true) +} + +func (m *EmitNode) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for EventType + + // no validation rules for Attributes + + if len(errors) > 0 { + return EmitNodeMultiError(errors) + } + + return nil +} + +// EmitNodeMultiError is an error wrapping multiple validation errors returned +// by EmitNode.ValidateAll() if the designated constraints aren't met. +type EmitNodeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m EmitNodeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m EmitNodeMultiError) AllErrors() []error { return m } + +// EmitNodeValidationError is the validation error returned by +// EmitNode.Validate if the designated constraints aren't met. +type EmitNodeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e EmitNodeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e EmitNodeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e EmitNodeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e EmitNodeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e EmitNodeValidationError) ErrorName() string { return "EmitNodeValidationError" } + +// Error satisfies the builtin error interface +func (e EmitNodeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sEmitNode.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = EmitNodeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = EmitNodeValidationError{} diff --git a/proto/plugin/resources/v1/ast.proto b/proto/plugin/resources/v1/ast.proto new file mode 100644 index 0000000..876c7e5 --- /dev/null +++ b/proto/plugin/resources/v1/ast.proto @@ -0,0 +1,271 @@ +syntax = "proto3"; + +package krypton.resources.reconciler.v1; + +import "google/protobuf/struct.proto"; +import "google/protobuf/timestamp.proto"; + +// ExecutionPlan is the root of the AST returned by a plugin's Reconcile call. +// It describes every operation Krypton core must execute to drive the custom +// resource to its desired state. Core is the sole executor — the plugin never +// touches keys, state, or the database directly. +message ExecutionPlan { + // plan_id identifies this plan for tracing. Recommended: echo the operation ID. + string plan_id = 1; + + // root is the root node of the execution tree. + ASTNode root = 2; + + // bindings are pre-declared variables available to every node in the plan. + // Use them to pass tenant_id, api_group, external IDs, or any other values + // the plugin resolved during planning and wants to thread through execution. + map bindings = 3; +} + +// ───────────────────────────────────────────────────────────── +// Core node type — every element of the AST is an ASTNode. +// ───────────────────────────────────────────────────────────── + +message ASTNode { + // node_id is an optional stable identifier used for checkpoint persistence. + // When set, the executor stores progress so retries resume from here. + // Must be stable across retries (use a semantic name, not a random UUID). + string node_id = 1; + + // label is a human-readable description surfaced in logs and audit events. + string label = 2; + + // result_var, when non-empty, binds the primary string output of this node + // (typically a provisioned key ID) into the execution state so downstream + // nodes can reference it via ValueRef.var_ref. + string result_var = 3; + + oneof node { + // ── Control flow ────────────────────────────────────────── + SequenceNode sequence = 10; + ParallelNode parallel = 11; + ConditionalNode conditional = 12; + TryCatchNode try_catch = 13; + + // ── Checkpoint ──────────────────────────────────────────── + // Persists progress at this point; uses node_id as the checkpoint name. + CheckpointNode checkpoint = 14; + + // ── Assertions / pre-conditions ─────────────────────────── + // Fails the plan with error_message if the predicate is false. + AssertNode assert = 20; + + // ── Key lifecycle ───────────────────────────────────────── + KeySyncNode key_sync = 30; // create or idempotently update + KeyDeleteNode key_delete = 31; // destroy key material + KeyTransitionNode key_transition = 32; // explicit lifecycle state change + KeyRotateNode key_rotate = 33; // generate new key material (forced rotation) + KeyScheduleNode key_schedule = 34; // set expiry / scheduled transition + + // ── Credential lifecycle ─────────────────────────────────── + CredentialSyncNode credential_sync = 40; + CredentialDeleteNode credential_delete = 41; + + // ── Utility ─────────────────────────────────────────────── + BindNode bind = 60; // set a variable in execution state + EmitNode emit = 61; // write a custom audit event + } +} + +// ───────────────────────────────────────────────────────────── +// Control flow +// ───────────────────────────────────────────────────────────── + +// SequenceNode runs steps in order; the first error aborts the remainder +// and triggers rollback of already-executed steps (same as Pipeline). +message SequenceNode { + repeated ASTNode steps = 1; +} + +// ParallelNode fans steps out concurrently. +// When fail_fast = true a single error cancels the remaining goroutines. +message ParallelNode { + repeated ASTNode steps = 1; + bool fail_fast = 2; +} + +// ConditionalNode evaluates a runtime predicate and executes exactly one branch. +message ConditionalNode { + Predicate condition = 1; + ASTNode then_node = 2; + ASTNode else_node = 3; // optional — omit for pure guard +} + +// TryCatchNode executes try_node; on any error executes catch_node instead. +// Useful for compensating transactions and optional / best-effort steps. +message TryCatchNode { + ASTNode try_node = 1; + ASTNode catch_node = 2; +} + +// CheckpointNode persists the current execution position so retries skip +// completed steps. Uses the parent ASTNode.node_id as the checkpoint name. +message CheckpointNode {} + +// ───────────────────────────────────────────────────────────── +// Assertions +// ───────────────────────────────────────────────────────────── + +message AssertNode { + Predicate condition = 1; + string error_message = 2; +} + +// Predicate is a composable boolean expression resolved against live Krypton +// state at execution time. Core owns all state reads; the plugin only declares +// what must be true. +message Predicate { + oneof expr { + KeyExistsPredicate key_exists = 1; + KeyStatePredicate key_state = 2; + TenantActivePredicate tenant_active = 3; + CredentialExistsPredicate credential_exists = 4; + + // Logical combinators + AndPredicate and = 10; + OrPredicate or = 11; + NotPredicate not = 12; + } +} + +message KeyExistsPredicate { + ValueRef tier = 1; + ValueRef key_name = 2; +} + +message KeyStatePredicate { + ValueRef tier = 1; + ValueRef key_name = 2; + // allowed_states is an OR list — matches if the key is in ANY of these states. + // Valid values: PRE_ACTIVATION, ACTIVE, SUSPENDED, DEACTIVATED, COMPROMISED, + // PENDING_DESTROYING, DESTROYED. + repeated string allowed_states = 3; +} + +message TenantActivePredicate { + ValueRef tenant_id = 1; +} + +message CredentialExistsPredicate { + ValueRef name = 1; +} + +message AndPredicate { repeated Predicate terms = 1; } +message OrPredicate { repeated Predicate terms = 1; } +message NotPredicate { Predicate term = 1; } + +// ───────────────────────────────────────────────────────────── +// Value references +// ───────────────────────────────────────────────────────────── + +// ValueRef resolves to a string at runtime. +// Use literal for constants known at plan time. +// Use var_ref to read a value set by a previous node's result_var or by +// ExecutionPlan.bindings. +message ValueRef { + oneof kind { + string literal = 1; + string var_ref = 2; + } +} + +// ───────────────────────────────────────────────────────────── +// Key lifecycle nodes +// ───────────────────────────────────────────────────────────── + +// KeySyncNode provisions a key at the given tier, or is a no-op if the key +// already exists (idempotent). Core wraps the key under parent_key using the +// configured tier hierarchy. On success, result_var receives the key ULID. +message KeySyncNode { + // tier is the Krypton tier name as declared in key-hierarchy config, + // e.g. "l2-domain", "l3-service", "l4-data". + ValueRef tier = 1; + // key_name is the logical name scoped to the tenant. + ValueRef key_name = 2; + // parent_key is the name of the wrapping key one tier above. + // Required for all tiers except L1 root keys. + ValueRef parent_key = 3; + // schedule, when set, is applied immediately after provisioning. + KeyScheduleSpec schedule = 4; + // metadata is attached to the key record after successful provisioning. + map metadata = 5; +} + +// KeyDeleteNode destroys key material and all version lineages. +// Core enforces that no child keys exist before allowing deletion. +message KeyDeleteNode { + ValueRef tier = 1; + ValueRef key_name = 2; +} + +// KeyTransitionNode explicitly moves a key to a target lifecycle state. +// Valid target_state values: PRE_ACTIVATION, ACTIVE, SUSPENDED, DEACTIVATED, +// COMPROMISED, PENDING_DESTROYING, DESTROYED. +message KeyTransitionNode { + ValueRef tier = 1; + ValueRef key_name = 2; + string target_state = 3; +} + +// KeyRotateNode generates new key material under the same logical key name +// (forced rotation — bypasses the idempotency guard in ProvisionKey). +// On success, result_var receives the new key ULID. +message KeyRotateNode { + ValueRef tier = 1; + ValueRef key_name = 2; +} + +// KeyScheduleNode updates the scheduled lifecycle transition for an existing key. +message KeyScheduleNode { + ValueRef tier = 1; + ValueRef key_name = 2; + KeyScheduleSpec schedule = 3; +} + +// KeyScheduleSpec carries timing parameters for a scheduled state transition. +// All fields are optional — set only the ones you need. +message KeyScheduleSpec { + optional google.protobuf.Timestamp expires_at = 1; + optional google.protobuf.Timestamp scheduled_transition_at = 2; + // transition_to is the target KeyState when scheduled_transition_at fires. + optional string transition_to = 3; +} + +// ───────────────────────────────────────────────────────────── +// Credential lifecycle nodes +// ───────────────────────────────────────────────────────────── + +// CredentialSyncNode creates or updates a credential. +// spec is the full credential payload; core encrypts it using the tenant keyring. +message CredentialSyncNode { + ValueRef name = 1; + ValueRef type = 2; + google.protobuf.Struct spec = 3; +} + +// CredentialDeleteNode removes a credential record. +message CredentialDeleteNode { + ValueRef name = 1; +} + +// ───────────────────────────────────────────────────────────── +// Utility nodes +// ───────────────────────────────────────────────────────────── + +// BindNode sets a named variable in the execution state. +// Useful for deriving values from existing bindings before referencing them. +message BindNode { + string var_name = 1; + ValueRef value = 2; +} + +// EmitNode writes a structured event to Krypton's audit trail. +message EmitNode { + string event_type = 1; + map attributes = 2; +} diff --git a/proto/plugin/resources/v1/reconciler.pb.go b/proto/plugin/resources/v1/reconciler.pb.go new file mode 100644 index 0000000..abac27b --- /dev/null +++ b/proto/plugin/resources/v1/reconciler.pb.go @@ -0,0 +1,244 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.11 +// protoc (unknown) +// source: plugin/resources/v1/reconciler.proto + +package reconcilerv1 + +import ( + reflect "reflect" + sync "sync" + unsafe "unsafe" + + _ "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// ReconcileRequest carries everything the plugin needs to plan operations for +// this resource. resource_payload is opaque to core and decoded only by the plugin. +type ReconcileRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + // api_group identifies the resource type family, e.g. "mycompany.kms/v1". + ApiGroup string `protobuf:"bytes,1,opt,name=api_group,json=apiGroup,proto3" json:"api_group,omitempty"` + Kind string `protobuf:"bytes,2,opt,name=kind,proto3" json:"kind,omitempty"` + Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` + // resource_payload is the JSON-encoded extension_key Struct from the original + // SyncResourceRequest. Core passes it unchanged; the plugin owns the schema. + ResourcePayload []byte `protobuf:"bytes,4,opt,name=resource_payload,json=resourcePayload,proto3" json:"resource_payload,omitempty"` + // action is the operation requested: "SYNC" or "DELETE". + Action string `protobuf:"bytes,5,opt,name=action,proto3" json:"action,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ReconcileRequest) Reset() { + *x = ReconcileRequest{} + mi := &file_plugin_resources_v1_reconciler_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ReconcileRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ReconcileRequest) ProtoMessage() {} + +func (x *ReconcileRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_reconciler_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ReconcileRequest.ProtoReflect.Descriptor instead. +func (*ReconcileRequest) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_reconciler_proto_rawDescGZIP(), []int{0} +} + +func (x *ReconcileRequest) GetApiGroup() string { + if x != nil { + return x.ApiGroup + } + return "" +} + +func (x *ReconcileRequest) GetKind() string { + if x != nil { + return x.Kind + } + return "" +} + +func (x *ReconcileRequest) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *ReconcileRequest) GetResourcePayload() []byte { + if x != nil { + return x.ResourcePayload + } + return nil +} + +func (x *ReconcileRequest) GetAction() string { + if x != nil { + return x.Action + } + return "" +} + +// ReconcileResponse is returned by the plugin and contains the execution plan. +// Core decodes execution_plan as a JSON-encoded ast.ExecutionPlan and executes it. +type ReconcileResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + // error_message non-empty means planning failed. + // transient_error = true → worker requeues up to max retries. + // transient_error = false → worker marks operation as terminally failed. + ErrorMessage string `protobuf:"bytes,1,opt,name=error_message,json=errorMessage,proto3" json:"error_message,omitempty"` + TransientError bool `protobuf:"varint,2,opt,name=transient_error,json=transientError,proto3" json:"transient_error,omitempty"` + // execution_plan is a JSON-encoded ast.ExecutionPlan (see + // internal/modules/resource-reconciler/controller/ast). Empty means no-op. + ExecutionPlan []byte `protobuf:"bytes,3,opt,name=execution_plan,json=executionPlan,proto3" json:"execution_plan,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ReconcileResponse) Reset() { + *x = ReconcileResponse{} + mi := &file_plugin_resources_v1_reconciler_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ReconcileResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ReconcileResponse) ProtoMessage() {} + +func (x *ReconcileResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_resources_v1_reconciler_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ReconcileResponse.ProtoReflect.Descriptor instead. +func (*ReconcileResponse) Descriptor() ([]byte, []int) { + return file_plugin_resources_v1_reconciler_proto_rawDescGZIP(), []int{1} +} + +func (x *ReconcileResponse) GetErrorMessage() string { + if x != nil { + return x.ErrorMessage + } + return "" +} + +func (x *ReconcileResponse) GetTransientError() bool { + if x != nil { + return x.TransientError + } + return false +} + +func (x *ReconcileResponse) GetExecutionPlan() []byte { + if x != nil { + return x.ExecutionPlan + } + return nil +} + +var File_plugin_resources_v1_reconciler_proto protoreflect.FileDescriptor + +const file_plugin_resources_v1_reconciler_proto_rawDesc = "" + + "\n" + + "$plugin/resources/v1/reconciler.proto\x12\x1fkrypton.resources.reconciler.v1\x1a\x1bbuf/validate/validate.proto\"\xc2\x01\n" + + "\x10ReconcileRequest\x12#\n" + + "\tapi_group\x18\x01 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\bapiGroup\x12\x1a\n" + + "\x04kind\x18\x02 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x04kind\x12\x1a\n" + + "\x04name\x18\x03 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x04name\x121\n" + + "\x10resource_payload\x18\x04 \x01(\fB\x06\xbaH\x03\xc8\x01\x01R\x0fresourcePayload\x12\x1e\n" + + "\x06action\x18\x05 \x01(\tB\x06\xbaH\x03\xc8\x01\x01R\x06action\"\x88\x01\n" + + "\x11ReconcileResponse\x12#\n" + + "\rerror_message\x18\x01 \x01(\tR\ferrorMessage\x12'\n" + + "\x0ftransient_error\x18\x02 \x01(\bR\x0etransientError\x12%\n" + + "\x0eexecution_plan\x18\x03 \x01(\fR\rexecutionPlan2\x80\x01\n" + + "\n" + + "Reconciler\x12r\n" + + "\tReconcile\x121.krypton.resources.reconciler.v1.ReconcileRequest\x1a2.krypton.resources.reconciler.v1.ReconcileResponseB\x9b\x02\n" + + "#com.krypton.resources.reconciler.v1B\x0fReconcilerProtoP\x01ZDgithub.com/openkcm/plugin-sdk/proto/plugin/resources/v1;reconcilerv1\xa2\x02\x03KRR\xaa\x02\x1fKrypton.Resources.Reconciler.V1\xca\x02\x1fKrypton\\Resources\\Reconciler\\V1\xe2\x02+Krypton\\Resources\\Reconciler\\V1\\GPBMetadata\xea\x02\"Krypton::Resources::Reconciler::V1b\x06proto3" + +var ( + file_plugin_resources_v1_reconciler_proto_rawDescOnce sync.Once + file_plugin_resources_v1_reconciler_proto_rawDescData []byte +) + +func file_plugin_resources_v1_reconciler_proto_rawDescGZIP() []byte { + file_plugin_resources_v1_reconciler_proto_rawDescOnce.Do(func() { + file_plugin_resources_v1_reconciler_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_plugin_resources_v1_reconciler_proto_rawDesc), len(file_plugin_resources_v1_reconciler_proto_rawDesc))) + }) + return file_plugin_resources_v1_reconciler_proto_rawDescData +} + +var file_plugin_resources_v1_reconciler_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_plugin_resources_v1_reconciler_proto_goTypes = []any{ + (*ReconcileRequest)(nil), // 0: krypton.resources.reconciler.v1.ReconcileRequest + (*ReconcileResponse)(nil), // 1: krypton.resources.reconciler.v1.ReconcileResponse +} +var file_plugin_resources_v1_reconciler_proto_depIdxs = []int32{ + 0, // 0: krypton.resources.reconciler.v1.Reconciler.Reconcile:input_type -> krypton.resources.reconciler.v1.ReconcileRequest + 1, // 1: krypton.resources.reconciler.v1.Reconciler.Reconcile:output_type -> krypton.resources.reconciler.v1.ReconcileResponse + 1, // [1:2] is the sub-list for method output_type + 0, // [0:1] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_plugin_resources_v1_reconciler_proto_init() } +func file_plugin_resources_v1_reconciler_proto_init() { + if File_plugin_resources_v1_reconciler_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_plugin_resources_v1_reconciler_proto_rawDesc), len(file_plugin_resources_v1_reconciler_proto_rawDesc)), + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_plugin_resources_v1_reconciler_proto_goTypes, + DependencyIndexes: file_plugin_resources_v1_reconciler_proto_depIdxs, + MessageInfos: file_plugin_resources_v1_reconciler_proto_msgTypes, + }.Build() + File_plugin_resources_v1_reconciler_proto = out.File + file_plugin_resources_v1_reconciler_proto_goTypes = nil + file_plugin_resources_v1_reconciler_proto_depIdxs = nil +} diff --git a/proto/plugin/resources/v1/reconciler.pb.validate.go b/proto/plugin/resources/v1/reconciler.pb.validate.go new file mode 100644 index 0000000..882a210 --- /dev/null +++ b/proto/plugin/resources/v1/reconciler.pb.validate.go @@ -0,0 +1,254 @@ +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: plugin/resources/v1/reconciler.proto + +package reconcilerv1 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on ReconcileRequest with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *ReconcileRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on ReconcileRequest with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// ReconcileRequestMultiError, or nil if none found. +func (m *ReconcileRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *ReconcileRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for ApiGroup + + // no validation rules for Kind + + // no validation rules for Name + + // no validation rules for ResourcePayload + + // no validation rules for Action + + if len(errors) > 0 { + return ReconcileRequestMultiError(errors) + } + + return nil +} + +// ReconcileRequestMultiError is an error wrapping multiple validation errors +// returned by ReconcileRequest.ValidateAll() if the designated constraints +// aren't met. +type ReconcileRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m ReconcileRequestMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m ReconcileRequestMultiError) AllErrors() []error { return m } + +// ReconcileRequestValidationError is the validation error returned by +// ReconcileRequest.Validate if the designated constraints aren't met. +type ReconcileRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e ReconcileRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e ReconcileRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e ReconcileRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e ReconcileRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e ReconcileRequestValidationError) ErrorName() string { return "ReconcileRequestValidationError" } + +// Error satisfies the builtin error interface +func (e ReconcileRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sReconcileRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = ReconcileRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = ReconcileRequestValidationError{} + +// Validate checks the field values on ReconcileResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *ReconcileResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on ReconcileResponse with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// ReconcileResponseMultiError, or nil if none found. +func (m *ReconcileResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *ReconcileResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for ErrorMessage + + // no validation rules for TransientError + + // no validation rules for ExecutionPlan + + if len(errors) > 0 { + return ReconcileResponseMultiError(errors) + } + + return nil +} + +// ReconcileResponseMultiError is an error wrapping multiple validation errors +// returned by ReconcileResponse.ValidateAll() if the designated constraints +// aren't met. +type ReconcileResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m ReconcileResponseMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m ReconcileResponseMultiError) AllErrors() []error { return m } + +// ReconcileResponseValidationError is the validation error returned by +// ReconcileResponse.Validate if the designated constraints aren't met. +type ReconcileResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e ReconcileResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e ReconcileResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e ReconcileResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e ReconcileResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e ReconcileResponseValidationError) ErrorName() string { + return "ReconcileResponseValidationError" +} + +// Error satisfies the builtin error interface +func (e ReconcileResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sReconcileResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = ReconcileResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = ReconcileResponseValidationError{} diff --git a/proto/plugin/resources/v1/reconciler.proto b/proto/plugin/resources/v1/reconciler.proto new file mode 100644 index 0000000..636bdd4 --- /dev/null +++ b/proto/plugin/resources/v1/reconciler.proto @@ -0,0 +1,50 @@ +syntax = "proto3"; + +package krypton.resources.reconciler.v1; + +import "buf/validate/validate.proto"; + + +// Reconciler is the gRPC contract between Krypton core and an external +// reconciler plugin. Core is the client; the plugin binary is the server. +// +// The plugin receives the raw extension payload for a custom resource kind +// and returns an ExecutionPlan (AST) describing every key operation Krypton +// must perform. The plugin never touches keys or state directly — it only +// declares intent via the JSON-encoded AST. Core is the sole executor. +service Reconciler { + rpc Reconcile(ReconcileRequest) returns (ReconcileResponse); +} + +// ReconcileRequest carries everything the plugin needs to plan operations for +// this resource. resource_payload is opaque to core and decoded only by the plugin. +message ReconcileRequest { + // api_group identifies the resource type family, e.g. "mycompany.kms/v1". + string api_group = 1 [(buf.validate.field).required = true]; + + string kind = 2 [(buf.validate.field).required = true]; + + string name = 3 [(buf.validate.field).required = true]; + + // resource_payload is the JSON-encoded extension_key Struct from the original + // SyncResourceRequest. Core passes it unchanged; the plugin owns the schema. + bytes resource_payload = 4 [(buf.validate.field).required = true]; + + // action is the operation requested: "SYNC" or "DELETE". + string action = 5 [(buf.validate.field).required = true]; +} + +// ReconcileResponse is returned by the plugin and contains the execution plan. +// Core decodes execution_plan as a JSON-encoded ast.ExecutionPlan and executes it. +message ReconcileResponse { + // error_message non-empty means planning failed. + // transient_error = true → worker requeues up to max retries. + // transient_error = false → worker marks operation as terminally failed. + string error_message = 1; + bool transient_error = 2; + + // execution_plan is a JSON-encoded ast.ExecutionPlan (see + // internal/modules/resource-reconciler/controller/ast). Empty means no-op. + bytes execution_plan = 3; +} + diff --git a/proto/plugin/resources/v1/reconciler_ext_plugin.pb.go b/proto/plugin/resources/v1/reconciler_ext_plugin.pb.go new file mode 100644 index 0000000..351d4ae --- /dev/null +++ b/proto/plugin/resources/v1/reconciler_ext_plugin.pb.go @@ -0,0 +1,56 @@ +// Code generated by protoc-gen-go-extension. DO NOT EDIT. + +package reconcilerv1 + +import ( + grpc "google.golang.org/grpc" + + api "github.com/openkcm/plugin-sdk/api" +) + +const ( + Type = "Reconciler" + GRPCServiceFullName = "krypton.resources.reconciler.v1.Reconciler" +) + +func ReconcilerPluginServer(server ReconcilerServer) api.PluginServer { + return reconcilerPluginServer{ReconcilerServer: server} +} + +type reconcilerPluginServer struct { + ReconcilerServer +} + +func (s reconcilerPluginServer) Type() string { + return Type +} + +func (s reconcilerPluginServer) GRPCServiceName() string { + return GRPCServiceFullName +} + +func (s reconcilerPluginServer) RegisterServer(server *grpc.Server) any { + RegisterReconcilerServer(server, s.ReconcilerServer) + return s.ReconcilerServer +} + +type ReconcilerPluginClient struct { + ReconcilerClient +} + +func (s ReconcilerPluginClient) Type() string { + return Type +} + +func (c *ReconcilerPluginClient) IsInitialized() bool { + return c.ReconcilerClient != nil +} + +func (c *ReconcilerPluginClient) GRPCServiceName() string { + return GRPCServiceFullName +} + +func (c *ReconcilerPluginClient) InitClient(conn grpc.ClientConnInterface) any { + c.ReconcilerClient = NewReconcilerClient(conn) + return c.ReconcilerClient +} diff --git a/proto/plugin/resources/v1/reconciler_grpc.pb.go b/proto/plugin/resources/v1/reconciler_grpc.pb.go new file mode 100644 index 0000000..9a6c02e --- /dev/null +++ b/proto/plugin/resources/v1/reconciler_grpc.pb.go @@ -0,0 +1,138 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.6.1 +// - protoc (unknown) +// source: plugin/resources/v1/reconciler.proto + +package reconcilerv1 + +import ( + context "context" + + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + Reconciler_Reconcile_FullMethodName = "/krypton.resources.reconciler.v1.Reconciler/Reconcile" +) + +// ReconcilerClient is the client API for Reconciler service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +// +// Reconciler is the gRPC contract between Krypton core and an external +// reconciler plugin. Core is the client; the plugin binary is the server. +// +// The plugin receives the raw extension payload for a custom resource kind +// and returns an ExecutionPlan (AST) describing every key operation Krypton +// must perform. The plugin never touches keys or state directly — it only +// declares intent via the JSON-encoded AST. Core is the sole executor. +type ReconcilerClient interface { + Reconcile(ctx context.Context, in *ReconcileRequest, opts ...grpc.CallOption) (*ReconcileResponse, error) +} + +type reconcilerClient struct { + cc grpc.ClientConnInterface +} + +func NewReconcilerClient(cc grpc.ClientConnInterface) ReconcilerClient { + return &reconcilerClient{cc} +} + +func (c *reconcilerClient) Reconcile(ctx context.Context, in *ReconcileRequest, opts ...grpc.CallOption) (*ReconcileResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(ReconcileResponse) + err := c.cc.Invoke(ctx, Reconciler_Reconcile_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +// ReconcilerServer is the server API for Reconciler service. +// All implementations must embed UnimplementedReconcilerServer +// for forward compatibility. +// +// Reconciler is the gRPC contract between Krypton core and an external +// reconciler plugin. Core is the client; the plugin binary is the server. +// +// The plugin receives the raw extension payload for a custom resource kind +// and returns an ExecutionPlan (AST) describing every key operation Krypton +// must perform. The plugin never touches keys or state directly — it only +// declares intent via the JSON-encoded AST. Core is the sole executor. +type ReconcilerServer interface { + Reconcile(context.Context, *ReconcileRequest) (*ReconcileResponse, error) + mustEmbedUnimplementedReconcilerServer() +} + +// UnimplementedReconcilerServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedReconcilerServer struct{} + +func (UnimplementedReconcilerServer) Reconcile(context.Context, *ReconcileRequest) (*ReconcileResponse, error) { + return nil, status.Error(codes.Unimplemented, "method Reconcile not implemented") +} +func (UnimplementedReconcilerServer) mustEmbedUnimplementedReconcilerServer() {} +func (UnimplementedReconcilerServer) testEmbeddedByValue() {} + +// UnsafeReconcilerServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to ReconcilerServer will +// result in compilation errors. +type UnsafeReconcilerServer interface { + mustEmbedUnimplementedReconcilerServer() +} + +func RegisterReconcilerServer(s grpc.ServiceRegistrar, srv ReconcilerServer) { + // If the following call panics, it indicates UnimplementedReconcilerServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&Reconciler_ServiceDesc, srv) +} + +func _Reconciler_Reconcile_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(ReconcileRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ReconcilerServer).Reconcile(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: Reconciler_Reconcile_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ReconcilerServer).Reconcile(ctx, req.(*ReconcileRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// Reconciler_ServiceDesc is the grpc.ServiceDesc for Reconciler service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var Reconciler_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "krypton.resources.reconciler.v1.Reconciler", + HandlerType: (*ReconcilerServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Reconcile", + Handler: _Reconciler_Reconcile_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "plugin/resources/v1/reconciler.proto", +} diff --git a/proto/plugin/systeminformation/v1/systeminformation_ext_plugin.pb.go b/proto/plugin/systeminformation/v1/systeminformation_ext_plugin.pb.go index b2cb7a4..ed262bd 100644 --- a/proto/plugin/systeminformation/v1/systeminformation_ext_plugin.pb.go +++ b/proto/plugin/systeminformation/v1/systeminformation_ext_plugin.pb.go @@ -9,7 +9,7 @@ import ( ) const ( - Type = "SystemInformationService" + Type = "SystemInformation" GRPCServiceFullName = "plugin.systeminformation.v1.SystemInformationService" ) diff --git a/proto/plugin/test/v1/test_ext_plugin.pb.go b/proto/plugin/test/v1/test_ext_plugin.pb.go index c51e1b9..bac0b2f 100644 --- a/proto/plugin/test/v1/test_ext_plugin.pb.go +++ b/proto/plugin/test/v1/test_ext_plugin.pb.go @@ -9,7 +9,7 @@ import ( ) const ( - Type = "TestService" + Type = "Test" GRPCServiceFullName = "plugin.test.v1.TestService" )