diff --git a/internal/bootstrap/serve_test.go b/internal/bootstrap/serve_test.go new file mode 100644 index 0000000..d5838b7 --- /dev/null +++ b/internal/bootstrap/serve_test.go @@ -0,0 +1,186 @@ +package bootstrap + +import ( + "context" + "errors" + "testing" + + "buf.build/go/protovalidate" + "github.com/hashicorp/go-hclog" + "github.com/stretchr/testify/assert" + "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + "google.golang.org/protobuf/proto" + + goplugin "github.com/hashicorp/go-plugin" + + pluginerrors "github.com/openkcm/plugin-sdk/api/plugin-errors" + pluginoption "github.com/openkcm/plugin-sdk/api/plugin-option" + initv1 "github.com/openkcm/plugin-sdk/internal/proto/service/init/v1" +) + +type mockValidator struct { + err error +} + +func (v *mockValidator) Validate(_ proto.Message, _ ...protovalidate.ValidationOption) error { + return v.err +} + +func cancelledTestConfig() *goplugin.ServeTestConfig { + // Create a context that is already cancelled to prevent the server from actually starting during tests. + ctx, cancel := context.WithCancel(context.Background()) + cancel() + return &goplugin.ServeTestConfig{Context: ctx} +} + +func TestServe_NoPluginServer(t *testing.T) { + err := Serve() + assert.ErrorIs(t, err, pluginerrors.ErrServerRequired) +} + +func TestServe_WithValidationEnabled(t *testing.T) { + mock := &pluginMock{typ: "test"} + + err := Serve( + pluginoption.WithPluginServer(mock), + pluginoption.EnableInputValidation(), + pluginoption.WithTestConfig(cancelledTestConfig()), + ) + assert.NoError(t, err) + + err = Serve( + pluginoption.WithPluginServer(mock), + pluginoption.EnableOutputValidation(), + pluginoption.WithTestConfig(cancelledTestConfig()), + ) + assert.NoError(t, err) +} + +func TestServe_WithValidationAndExistingServerOptions(t *testing.T) { + mock := &pluginMock{typ: "test"} + err := Serve( + pluginoption.WithPluginServer(mock), + pluginoption.SetServerOption(grpc.MaxRecvMsgSize(1024)), + pluginoption.EnableInputValidation(), + pluginoption.WithTestConfig(cancelledTestConfig()), + ) + assert.NoError(t, err) +} + +func TestHCServer_GRPCServer(t *testing.T) { + mock := &pluginMock{typ: "test"} + p := newHCPlugin(hclog.Default(), mock, nil) + srv := grpc.NewServer() + defer srv.Stop() + + err := p.GRPCServer(nil, srv) + assert.NoError(t, err) +} + +func TestCustomGRPCServer(t *testing.T) { + factory := customGRPCServer([]grpc.ServerOption{}) + srv := factory([]grpc.ServerOption{}) + assert.NotNil(t, srv) + srv.Stop() +} + +func TestNewHCPlugin(t *testing.T) { + mock := &pluginMock{typ: "test"} + p := newHCPlugin(hclog.Default(), mock, nil) + assert.NotNil(t, p) + assert.Len(t, p.servers, 1) +} + +func TestHCServer_GRPCClient(t *testing.T) { + p := &hcServer{} + result, err := p.GRPCClient(context.Background(), nil, nil) + assert.Nil(t, result) + assert.Error(t, err) +} + +func TestHCDialer_DialHost_CachedConn(t *testing.T) { + mock := &mockClientConn{} + d := &hcDialer{conn: mock} + + conn, err := d.DialHost(context.Background()) + assert.NoError(t, err) + assert.Equal(t, mock, conn) +} + +type mockClientConn struct { + grpc.ClientConnInterface +} + +func TestValidationUnaryInterceptor_SkipsNonProtoRequest(t *testing.T) { + v := &mockValidator{err: errors.New("should not be called")} + interceptor := ValidationUnaryInterceptor(v, true, false) + + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return "ok", nil + } + + // Non-proto value: validation is skipped, handler is called. + resp, err := interceptor(context.Background(), "not-a-proto", nil, handler) + assert.NoError(t, err) + assert.Equal(t, "ok", resp) +} + +func TestValidationUnaryInterceptor_HandlerError(t *testing.T) { + v := &mockValidator{} + interceptor := ValidationUnaryInterceptor(v, false, false) + + handlerErr := errors.New("handler failed") + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return nil, handlerErr + } + + _, err := interceptor(context.Background(), "req", nil, handler) + assert.ErrorIs(t, err, handlerErr) +} + +func TestValidationUnaryInterceptor_NoValidation(t *testing.T) { + v := &mockValidator{} + interceptor := ValidationUnaryInterceptor(v, false, false) + + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return "response", nil + } + + resp, err := interceptor(context.Background(), "req", nil, handler) + assert.NoError(t, err) + assert.Equal(t, "response", resp) +} + +func TestValidationUnaryInterceptor_RequestValidationFails(t *testing.T) { + v := &mockValidator{err: errors.New("bad request")} + interceptor := ValidationUnaryInterceptor(v, true, false) + + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return "ok", nil + } + + _, err := interceptor(context.Background(), &initv1.InitRequest{}, nil, handler) + assert.Error(t, err) + + st, ok := status.FromError(err) + assert.True(t, ok, "expected gRPC status error") + assert.Equal(t, codes.InvalidArgument, st.Code()) +} + +func TestValidationUnaryInterceptor_ResponseValidationFails(t *testing.T) { + v := &mockValidator{err: errors.New("bad response")} + interceptor := ValidationUnaryInterceptor(v, false, true) + + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return &initv1.InitRequest{}, nil + } + + _, err := interceptor(context.Background(), "req", nil, handler) + assert.Error(t, err) + + st, ok := status.FromError(err) + assert.True(t, ok, "expected gRPC status error") + assert.Equal(t, codes.Internal, st.Code()) +} diff --git a/proto/plugin/certificate_issuer/v1/certificate_issuer.pb.go b/proto/plugin/certificate_issuer/v1/certificate_issuer.pb.go index 1eb93e2..f27dd62 100644 --- a/proto/plugin/certificate_issuer/v1/certificate_issuer.pb.go +++ b/proto/plugin/certificate_issuer/v1/certificate_issuer.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v7.34.1 +// protoc v7.35.0 // source: plugin/certificate_issuer/v1/certificate_issuer.proto package certificate_issuerv1 diff --git a/proto/plugin/certificate_issuer/v1/certificate_issuer_grpc.pb.go b/proto/plugin/certificate_issuer/v1/certificate_issuer_grpc.pb.go index ea9f9aa..4864ba5 100644 --- a/proto/plugin/certificate_issuer/v1/certificate_issuer_grpc.pb.go +++ b/proto/plugin/certificate_issuer/v1/certificate_issuer_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.6.1 -// - protoc v7.34.1 +// - protoc-gen-go-grpc v1.6.2 +// - protoc v7.35.0 // source: plugin/certificate_issuer/v1/certificate_issuer.proto package certificate_issuerv1 diff --git a/proto/plugin/identity_management/v1/identity_management.pb.go b/proto/plugin/identity_management/v1/identity_management.pb.go index d5ecc10..1a0562d 100644 --- a/proto/plugin/identity_management/v1/identity_management.pb.go +++ b/proto/plugin/identity_management/v1/identity_management.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v7.34.1 +// protoc v7.35.0 // source: plugin/identity_management/v1/identity_management.proto package identity_managementv1 diff --git a/proto/plugin/identity_management/v1/identity_management_grpc.pb.go b/proto/plugin/identity_management/v1/identity_management_grpc.pb.go index 5b30e6b..456c787 100644 --- a/proto/plugin/identity_management/v1/identity_management_grpc.pb.go +++ b/proto/plugin/identity_management/v1/identity_management_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.6.1 -// - protoc v7.34.1 +// - protoc-gen-go-grpc v1.6.2 +// - protoc v7.35.0 // source: plugin/identity_management/v1/identity_management.proto package identity_managementv1 diff --git a/proto/plugin/keystore/common/v1/common.pb.go b/proto/plugin/keystore/common/v1/common.pb.go index 59a84fe..b222bf6 100644 --- a/proto/plugin/keystore/common/v1/common.pb.go +++ b/proto/plugin/keystore/common/v1/common.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v7.34.1 +// protoc v7.35.0 // source: plugin/keystore/common/v1/common.proto package commonv1 diff --git a/proto/plugin/keystore/management/v1/management.pb.go b/proto/plugin/keystore/management/v1/management.pb.go index 454dd2f..eadfe4b 100644 --- a/proto/plugin/keystore/management/v1/management.pb.go +++ b/proto/plugin/keystore/management/v1/management.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v7.34.1 +// protoc v7.35.0 // source: plugin/keystore/management/v1/management.proto package managementv1 @@ -23,6 +23,123 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) +// SupportedRegion represents a region where the keystore can be created or accessed. +type SupportedRegion struct { + state protoimpl.MessageState `protogen:"open.v1"` + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + TechnicalName string `protobuf:"bytes,2,opt,name=technical_name,json=technicalName,proto3" json:"technical_name,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *SupportedRegion) Reset() { + *x = SupportedRegion{} + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *SupportedRegion) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SupportedRegion) ProtoMessage() {} + +func (x *SupportedRegion) ProtoReflect() protoreflect.Message { + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SupportedRegion.ProtoReflect.Descriptor instead. +func (*SupportedRegion) Descriptor() ([]byte, []int) { + return file_plugin_keystore_management_v1_management_proto_rawDescGZIP(), []int{0} +} + +func (x *SupportedRegion) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *SupportedRegion) GetTechnicalName() string { + if x != nil { + return x.TechnicalName + } + return "" +} + +// ManagementConfig represents the configuration details for the management role of a keystore instance. +type ManagementConfig struct { + state protoimpl.MessageState `protogen:"open.v1"` + LocalityId string `protobuf:"bytes,1,opt,name=locality_id,json=localityId,proto3" json:"locality_id,omitempty"` + CommonName string `protobuf:"bytes,2,opt,name=common_name,json=commonName,proto3" json:"common_name,omitempty"` + AccessData *v1.KeystoreInstanceConfig `protobuf:"bytes,3,opt,name=access_data,json=accessData,proto3" json:"access_data,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ManagementConfig) Reset() { + *x = ManagementConfig{} + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ManagementConfig) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ManagementConfig) ProtoMessage() {} + +func (x *ManagementConfig) ProtoReflect() protoreflect.Message { + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ManagementConfig.ProtoReflect.Descriptor instead. +func (*ManagementConfig) Descriptor() ([]byte, []int) { + return file_plugin_keystore_management_v1_management_proto_rawDescGZIP(), []int{1} +} + +func (x *ManagementConfig) GetLocalityId() string { + if x != nil { + return x.LocalityId + } + return "" +} + +func (x *ManagementConfig) GetCommonName() string { + if x != nil { + return x.CommonName + } + return "" +} + +func (x *ManagementConfig) GetAccessData() *v1.KeystoreInstanceConfig { + if x != nil { + return x.AccessData + } + return nil +} + +// CreateKeystoreRequest represents the request to create a new keystore instance. +// The values field contains the necessary parameters for creating the keystore, +// which can vary depending on the implementation and requirements of the keystore provider. type CreateKeystoreRequest struct { state protoimpl.MessageState `protogen:"open.v1"` Values *structpb.Struct `protobuf:"bytes,1,opt,name=values,proto3" json:"values,omitempty"` @@ -32,7 +149,7 @@ type CreateKeystoreRequest struct { func (x *CreateKeystoreRequest) Reset() { *x = CreateKeystoreRequest{} - mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[0] + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[2] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -44,7 +161,7 @@ func (x *CreateKeystoreRequest) String() string { func (*CreateKeystoreRequest) ProtoMessage() {} func (x *CreateKeystoreRequest) ProtoReflect() protoreflect.Message { - mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[0] + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[2] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -57,7 +174,7 @@ func (x *CreateKeystoreRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use CreateKeystoreRequest.ProtoReflect.Descriptor instead. func (*CreateKeystoreRequest) Descriptor() ([]byte, []int) { - return file_plugin_keystore_management_v1_management_proto_rawDescGZIP(), []int{0} + return file_plugin_keystore_management_v1_management_proto_rawDescGZIP(), []int{2} } func (x *CreateKeystoreRequest) GetValues() *structpb.Struct { @@ -67,16 +184,23 @@ func (x *CreateKeystoreRequest) GetValues() *structpb.Struct { return nil } +// CreateKeystoreResponse represents the response after creating a new keystore instance. +// - The config field (deprecated) contains the configuration details of the created keystore instance, +// including fields: locality_id, common_name, management_access_data, and supported_regions. type CreateKeystoreResponse struct { - state protoimpl.MessageState `protogen:"open.v1"` - Config *v1.KeystoreInstanceConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"` - unknownFields protoimpl.UnknownFields - sizeCache protoimpl.SizeCache + state protoimpl.MessageState `protogen:"open.v1"` + // Deprecated: Marked as deprecated in plugin/keystore/management/v1/management.proto. + Config *v1.KeystoreInstanceConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"` + RoleManagementConfig *ManagementConfig `protobuf:"bytes,2,opt,name=role_management_config,json=roleManagementConfig,proto3" json:"role_management_config,omitempty"` + KeyManagementConfig *ManagementConfig `protobuf:"bytes,3,opt,name=key_management_config,json=keyManagementConfig,proto3" json:"key_management_config,omitempty"` + SupportedRegions []*SupportedRegion `protobuf:"bytes,4,rep,name=supported_regions,json=supportedRegions,proto3" json:"supported_regions,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } func (x *CreateKeystoreResponse) Reset() { *x = CreateKeystoreResponse{} - mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[1] + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -88,7 +212,7 @@ func (x *CreateKeystoreResponse) String() string { func (*CreateKeystoreResponse) ProtoMessage() {} func (x *CreateKeystoreResponse) ProtoReflect() protoreflect.Message { - mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[1] + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[3] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -101,9 +225,10 @@ func (x *CreateKeystoreResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use CreateKeystoreResponse.ProtoReflect.Descriptor instead. func (*CreateKeystoreResponse) Descriptor() ([]byte, []int) { - return file_plugin_keystore_management_v1_management_proto_rawDescGZIP(), []int{1} + return file_plugin_keystore_management_v1_management_proto_rawDescGZIP(), []int{3} } +// Deprecated: Marked as deprecated in plugin/keystore/management/v1/management.proto. func (x *CreateKeystoreResponse) GetConfig() *v1.KeystoreInstanceConfig { if x != nil { return x.Config @@ -111,6 +236,27 @@ func (x *CreateKeystoreResponse) GetConfig() *v1.KeystoreInstanceConfig { return nil } +func (x *CreateKeystoreResponse) GetRoleManagementConfig() *ManagementConfig { + if x != nil { + return x.RoleManagementConfig + } + return nil +} + +func (x *CreateKeystoreResponse) GetKeyManagementConfig() *ManagementConfig { + if x != nil { + return x.KeyManagementConfig + } + return nil +} + +func (x *CreateKeystoreResponse) GetSupportedRegions() []*SupportedRegion { + if x != nil { + return x.SupportedRegions + } + return nil +} + type DeleteKeystoreRequest struct { state protoimpl.MessageState `protogen:"open.v1"` Config *v1.KeystoreInstanceConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"` @@ -120,7 +266,7 @@ type DeleteKeystoreRequest struct { func (x *DeleteKeystoreRequest) Reset() { *x = DeleteKeystoreRequest{} - mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[2] + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -132,7 +278,7 @@ func (x *DeleteKeystoreRequest) String() string { func (*DeleteKeystoreRequest) ProtoMessage() {} func (x *DeleteKeystoreRequest) ProtoReflect() protoreflect.Message { - mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[2] + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[4] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -145,7 +291,7 @@ func (x *DeleteKeystoreRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use DeleteKeystoreRequest.ProtoReflect.Descriptor instead. func (*DeleteKeystoreRequest) Descriptor() ([]byte, []int) { - return file_plugin_keystore_management_v1_management_proto_rawDescGZIP(), []int{2} + return file_plugin_keystore_management_v1_management_proto_rawDescGZIP(), []int{4} } func (x *DeleteKeystoreRequest) GetConfig() *v1.KeystoreInstanceConfig { @@ -163,7 +309,7 @@ type DeleteKeystoreResponse struct { func (x *DeleteKeystoreResponse) Reset() { *x = DeleteKeystoreResponse{} - mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[3] + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -175,7 +321,7 @@ func (x *DeleteKeystoreResponse) String() string { func (*DeleteKeystoreResponse) ProtoMessage() {} func (x *DeleteKeystoreResponse) ProtoReflect() protoreflect.Message { - mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[3] + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[5] if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -188,24 +334,257 @@ func (x *DeleteKeystoreResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use DeleteKeystoreResponse.ProtoReflect.Descriptor instead. func (*DeleteKeystoreResponse) Descriptor() ([]byte, []int) { - return file_plugin_keystore_management_v1_management_proto_rawDescGZIP(), []int{3} + return file_plugin_keystore_management_v1_management_proto_rawDescGZIP(), []int{5} +} + +// GrantTrustRequest represents the request to grant trust to a client certificate subject pattern +// for accessing a keystore instance from the crypto layer. +// - The config field contains the authentication configuration of the role management role for the keystore instance, +// which is used to authenticate the request to grant trust. +// - The subject field contains the client certificate subject to grant trust to +// - The region field specifies the logical region for which the trust is being granted +type GrantTrustRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Config *v1.KeystoreInstanceConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"` + Subject string `protobuf:"bytes,2,opt,name=subject,proto3" json:"subject,omitempty"` + Region string `protobuf:"bytes,3,opt,name=region,proto3" json:"region,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *GrantTrustRequest) Reset() { + *x = GrantTrustRequest{} + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *GrantTrustRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GrantTrustRequest) ProtoMessage() {} + +func (x *GrantTrustRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[6] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GrantTrustRequest.ProtoReflect.Descriptor instead. +func (*GrantTrustRequest) Descriptor() ([]byte, []int) { + return file_plugin_keystore_management_v1_management_proto_rawDescGZIP(), []int{6} +} + +func (x *GrantTrustRequest) GetConfig() *v1.KeystoreInstanceConfig { + if x != nil { + return x.Config + } + return nil +} + +func (x *GrantTrustRequest) GetSubject() string { + if x != nil { + return x.Subject + } + return "" +} + +func (x *GrantTrustRequest) GetRegion() string { + if x != nil { + return x.Region + } + return "" +} + +// GrantTrustResponse represents the response after granting trust to a client certificate subject pattern +// for accessing a keystore instance. Returns the access data of the configured trust +type GrantTrustResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + AccessData *structpb.Struct `protobuf:"bytes,1,opt,name=access_data,json=accessData,proto3" json:"access_data,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *GrantTrustResponse) Reset() { + *x = GrantTrustResponse{} + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *GrantTrustResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GrantTrustResponse) ProtoMessage() {} + +func (x *GrantTrustResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[7] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GrantTrustResponse.ProtoReflect.Descriptor instead. +func (*GrantTrustResponse) Descriptor() ([]byte, []int) { + return file_plugin_keystore_management_v1_management_proto_rawDescGZIP(), []int{7} +} + +func (x *GrantTrustResponse) GetAccessData() *structpb.Struct { + if x != nil { + return x.AccessData + } + return nil +} + +// RemoveTrustRequest represents the request to remove trust for a client certificate subject pattern +// to revoke access to a keystore instance. +// - The config field contains the authentication configuration of the role management role for the keystore instance, +// which is used to authenticate the request to remove trust. +// - The access_data field contains the access data of the trust to be removed +type RemoveTrustRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Config *v1.KeystoreInstanceConfig `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"` + AccessData *structpb.Struct `protobuf:"bytes,2,opt,name=access_data,json=accessData,proto3" json:"access_data,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *RemoveTrustRequest) Reset() { + *x = RemoveTrustRequest{} + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *RemoveTrustRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RemoveTrustRequest) ProtoMessage() {} + +func (x *RemoveTrustRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[8] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RemoveTrustRequest.ProtoReflect.Descriptor instead. +func (*RemoveTrustRequest) Descriptor() ([]byte, []int) { + return file_plugin_keystore_management_v1_management_proto_rawDescGZIP(), []int{8} +} + +func (x *RemoveTrustRequest) GetConfig() *v1.KeystoreInstanceConfig { + if x != nil { + return x.Config + } + return nil +} + +func (x *RemoveTrustRequest) GetAccessData() *structpb.Struct { + if x != nil { + return x.AccessData + } + return nil +} + +type RemoveTrustResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *RemoveTrustResponse) Reset() { + *x = RemoveTrustResponse{} + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *RemoveTrustResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RemoveTrustResponse) ProtoMessage() {} + +func (x *RemoveTrustResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_keystore_management_v1_management_proto_msgTypes[9] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RemoveTrustResponse.ProtoReflect.Descriptor instead. +func (*RemoveTrustResponse) Descriptor() ([]byte, []int) { + return file_plugin_keystore_management_v1_management_proto_rawDescGZIP(), []int{9} } var File_plugin_keystore_management_v1_management_proto protoreflect.FileDescriptor const file_plugin_keystore_management_v1_management_proto_rawDesc = "" + "\n" + - ".plugin/keystore/management/v1/management.proto\x12\x1dplugin.keystore.management.v1\x1a\x1cgoogle/protobuf/struct.proto\x1a&plugin/keystore/common/v1/common.proto\"H\n" + + ".plugin/keystore/management/v1/management.proto\x12\x1dplugin.keystore.management.v1\x1a\x1cgoogle/protobuf/struct.proto\x1a&plugin/keystore/common/v1/common.proto\"L\n" + + "\x0fSupportedRegion\x12\x12\n" + + "\x04name\x18\x01 \x01(\tR\x04name\x12%\n" + + "\x0etechnical_name\x18\x02 \x01(\tR\rtechnicalName\"\xa8\x01\n" + + "\x10ManagementConfig\x12\x1f\n" + + "\vlocality_id\x18\x01 \x01(\tR\n" + + "localityId\x12\x1f\n" + + "\vcommon_name\x18\x02 \x01(\tR\n" + + "commonName\x12R\n" + + "\vaccess_data\x18\x03 \x01(\v21.plugin.keystore.common.v1.KeystoreInstanceConfigR\n" + + "accessData\"H\n" + "\x15CreateKeystoreRequest\x12/\n" + - "\x06values\x18\x01 \x01(\v2\x17.google.protobuf.StructR\x06values\"c\n" + - "\x16CreateKeystoreResponse\x12I\n" + - "\x06config\x18\x01 \x01(\v21.plugin.keystore.common.v1.KeystoreInstanceConfigR\x06config\"b\n" + + "\x06values\x18\x01 \x01(\v2\x17.google.protobuf.StructR\x06values\"\x90\x03\n" + + "\x16CreateKeystoreResponse\x12M\n" + + "\x06config\x18\x01 \x01(\v21.plugin.keystore.common.v1.KeystoreInstanceConfigB\x02\x18\x01R\x06config\x12e\n" + + "\x16role_management_config\x18\x02 \x01(\v2/.plugin.keystore.management.v1.ManagementConfigR\x14roleManagementConfig\x12c\n" + + "\x15key_management_config\x18\x03 \x01(\v2/.plugin.keystore.management.v1.ManagementConfigR\x13keyManagementConfig\x12[\n" + + "\x11supported_regions\x18\x04 \x03(\v2..plugin.keystore.management.v1.SupportedRegionR\x10supportedRegions\"b\n" + "\x15DeleteKeystoreRequest\x12I\n" + "\x06config\x18\x01 \x01(\v21.plugin.keystore.common.v1.KeystoreInstanceConfigR\x06config\"\x18\n" + - "\x16DeleteKeystoreResponse2\x90\x02\n" + + "\x16DeleteKeystoreResponse\"\x90\x01\n" + + "\x11GrantTrustRequest\x12I\n" + + "\x06config\x18\x01 \x01(\v21.plugin.keystore.common.v1.KeystoreInstanceConfigR\x06config\x12\x18\n" + + "\asubject\x18\x02 \x01(\tR\asubject\x12\x16\n" + + "\x06region\x18\x03 \x01(\tR\x06region\"N\n" + + "\x12GrantTrustResponse\x128\n" + + "\vaccess_data\x18\x01 \x01(\v2\x17.google.protobuf.StructR\n" + + "accessData\"\x99\x01\n" + + "\x12RemoveTrustRequest\x12I\n" + + "\x06config\x18\x01 \x01(\v21.plugin.keystore.common.v1.KeystoreInstanceConfigR\x06config\x128\n" + + "\vaccess_data\x18\x02 \x01(\v2\x17.google.protobuf.StructR\n" + + "accessData\"\x15\n" + + "\x13RemoveTrustResponse2\xf9\x03\n" + "\x10KeystoreProvider\x12}\n" + "\x0eCreateKeystore\x124.plugin.keystore.management.v1.CreateKeystoreRequest\x1a5.plugin.keystore.management.v1.CreateKeystoreResponse\x12}\n" + - "\x0eDeleteKeystore\x124.plugin.keystore.management.v1.DeleteKeystoreRequest\x1a5.plugin.keystore.management.v1.DeleteKeystoreResponseBPZNgithub.com/openkcm/plugin-sdk/proto/plugin/keystore/management/v1;managementv1b\x06proto3" + "\x0eDeleteKeystore\x124.plugin.keystore.management.v1.DeleteKeystoreRequest\x1a5.plugin.keystore.management.v1.DeleteKeystoreResponse\x12q\n" + + "\n" + + "GrantTrust\x120.plugin.keystore.management.v1.GrantTrustRequest\x1a1.plugin.keystore.management.v1.GrantTrustResponse\x12t\n" + + "\vRemoveTrust\x121.plugin.keystore.management.v1.RemoveTrustRequest\x1a2.plugin.keystore.management.v1.RemoveTrustResponseBPZNgithub.com/openkcm/plugin-sdk/proto/plugin/keystore/management/v1;managementv1b\x06proto3" var ( file_plugin_keystore_management_v1_management_proto_rawDescOnce sync.Once @@ -219,28 +598,46 @@ func file_plugin_keystore_management_v1_management_proto_rawDescGZIP() []byte { return file_plugin_keystore_management_v1_management_proto_rawDescData } -var file_plugin_keystore_management_v1_management_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_plugin_keystore_management_v1_management_proto_msgTypes = make([]protoimpl.MessageInfo, 10) var file_plugin_keystore_management_v1_management_proto_goTypes = []any{ - (*CreateKeystoreRequest)(nil), // 0: plugin.keystore.management.v1.CreateKeystoreRequest - (*CreateKeystoreResponse)(nil), // 1: plugin.keystore.management.v1.CreateKeystoreResponse - (*DeleteKeystoreRequest)(nil), // 2: plugin.keystore.management.v1.DeleteKeystoreRequest - (*DeleteKeystoreResponse)(nil), // 3: plugin.keystore.management.v1.DeleteKeystoreResponse - (*structpb.Struct)(nil), // 4: google.protobuf.Struct - (*v1.KeystoreInstanceConfig)(nil), // 5: plugin.keystore.common.v1.KeystoreInstanceConfig + (*SupportedRegion)(nil), // 0: plugin.keystore.management.v1.SupportedRegion + (*ManagementConfig)(nil), // 1: plugin.keystore.management.v1.ManagementConfig + (*CreateKeystoreRequest)(nil), // 2: plugin.keystore.management.v1.CreateKeystoreRequest + (*CreateKeystoreResponse)(nil), // 3: plugin.keystore.management.v1.CreateKeystoreResponse + (*DeleteKeystoreRequest)(nil), // 4: plugin.keystore.management.v1.DeleteKeystoreRequest + (*DeleteKeystoreResponse)(nil), // 5: plugin.keystore.management.v1.DeleteKeystoreResponse + (*GrantTrustRequest)(nil), // 6: plugin.keystore.management.v1.GrantTrustRequest + (*GrantTrustResponse)(nil), // 7: plugin.keystore.management.v1.GrantTrustResponse + (*RemoveTrustRequest)(nil), // 8: plugin.keystore.management.v1.RemoveTrustRequest + (*RemoveTrustResponse)(nil), // 9: plugin.keystore.management.v1.RemoveTrustResponse + (*v1.KeystoreInstanceConfig)(nil), // 10: plugin.keystore.common.v1.KeystoreInstanceConfig + (*structpb.Struct)(nil), // 11: google.protobuf.Struct } var file_plugin_keystore_management_v1_management_proto_depIdxs = []int32{ - 4, // 0: plugin.keystore.management.v1.CreateKeystoreRequest.values:type_name -> google.protobuf.Struct - 5, // 1: plugin.keystore.management.v1.CreateKeystoreResponse.config:type_name -> plugin.keystore.common.v1.KeystoreInstanceConfig - 5, // 2: plugin.keystore.management.v1.DeleteKeystoreRequest.config:type_name -> plugin.keystore.common.v1.KeystoreInstanceConfig - 0, // 3: plugin.keystore.management.v1.KeystoreProvider.CreateKeystore:input_type -> plugin.keystore.management.v1.CreateKeystoreRequest - 2, // 4: plugin.keystore.management.v1.KeystoreProvider.DeleteKeystore:input_type -> plugin.keystore.management.v1.DeleteKeystoreRequest - 1, // 5: plugin.keystore.management.v1.KeystoreProvider.CreateKeystore:output_type -> plugin.keystore.management.v1.CreateKeystoreResponse - 3, // 6: plugin.keystore.management.v1.KeystoreProvider.DeleteKeystore:output_type -> plugin.keystore.management.v1.DeleteKeystoreResponse - 5, // [5:7] is the sub-list for method output_type - 3, // [3:5] is the sub-list for method input_type - 3, // [3:3] is the sub-list for extension type_name - 3, // [3:3] is the sub-list for extension extendee - 0, // [0:3] is the sub-list for field type_name + 10, // 0: plugin.keystore.management.v1.ManagementConfig.access_data:type_name -> plugin.keystore.common.v1.KeystoreInstanceConfig + 11, // 1: plugin.keystore.management.v1.CreateKeystoreRequest.values:type_name -> google.protobuf.Struct + 10, // 2: plugin.keystore.management.v1.CreateKeystoreResponse.config:type_name -> plugin.keystore.common.v1.KeystoreInstanceConfig + 1, // 3: plugin.keystore.management.v1.CreateKeystoreResponse.role_management_config:type_name -> plugin.keystore.management.v1.ManagementConfig + 1, // 4: plugin.keystore.management.v1.CreateKeystoreResponse.key_management_config:type_name -> plugin.keystore.management.v1.ManagementConfig + 0, // 5: plugin.keystore.management.v1.CreateKeystoreResponse.supported_regions:type_name -> plugin.keystore.management.v1.SupportedRegion + 10, // 6: plugin.keystore.management.v1.DeleteKeystoreRequest.config:type_name -> plugin.keystore.common.v1.KeystoreInstanceConfig + 10, // 7: plugin.keystore.management.v1.GrantTrustRequest.config:type_name -> plugin.keystore.common.v1.KeystoreInstanceConfig + 11, // 8: plugin.keystore.management.v1.GrantTrustResponse.access_data:type_name -> google.protobuf.Struct + 10, // 9: plugin.keystore.management.v1.RemoveTrustRequest.config:type_name -> plugin.keystore.common.v1.KeystoreInstanceConfig + 11, // 10: plugin.keystore.management.v1.RemoveTrustRequest.access_data:type_name -> google.protobuf.Struct + 2, // 11: plugin.keystore.management.v1.KeystoreProvider.CreateKeystore:input_type -> plugin.keystore.management.v1.CreateKeystoreRequest + 4, // 12: plugin.keystore.management.v1.KeystoreProvider.DeleteKeystore:input_type -> plugin.keystore.management.v1.DeleteKeystoreRequest + 6, // 13: plugin.keystore.management.v1.KeystoreProvider.GrantTrust:input_type -> plugin.keystore.management.v1.GrantTrustRequest + 8, // 14: plugin.keystore.management.v1.KeystoreProvider.RemoveTrust:input_type -> plugin.keystore.management.v1.RemoveTrustRequest + 3, // 15: plugin.keystore.management.v1.KeystoreProvider.CreateKeystore:output_type -> plugin.keystore.management.v1.CreateKeystoreResponse + 5, // 16: plugin.keystore.management.v1.KeystoreProvider.DeleteKeystore:output_type -> plugin.keystore.management.v1.DeleteKeystoreResponse + 7, // 17: plugin.keystore.management.v1.KeystoreProvider.GrantTrust:output_type -> plugin.keystore.management.v1.GrantTrustResponse + 9, // 18: plugin.keystore.management.v1.KeystoreProvider.RemoveTrust:output_type -> plugin.keystore.management.v1.RemoveTrustResponse + 15, // [15:19] is the sub-list for method output_type + 11, // [11:15] is the sub-list for method input_type + 11, // [11:11] is the sub-list for extension type_name + 11, // [11:11] is the sub-list for extension extendee + 0, // [0:11] is the sub-list for field type_name } func init() { file_plugin_keystore_management_v1_management_proto_init() } @@ -254,7 +651,7 @@ func file_plugin_keystore_management_v1_management_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: unsafe.Slice(unsafe.StringData(file_plugin_keystore_management_v1_management_proto_rawDesc), len(file_plugin_keystore_management_v1_management_proto_rawDesc)), NumEnums: 0, - NumMessages: 4, + NumMessages: 10, NumExtensions: 0, NumServices: 1, }, diff --git a/proto/plugin/keystore/management/v1/management.proto b/proto/plugin/keystore/management/v1/management.proto index 8d5c770..7aa2166 100644 --- a/proto/plugin/keystore/management/v1/management.proto +++ b/proto/plugin/keystore/management/v1/management.proto @@ -7,16 +7,44 @@ import "plugin/keystore/common/v1/common.proto"; option go_package = "github.com/openkcm/plugin-sdk/proto/plugin/keystore/management/v1;managementv1"; service KeystoreProvider { + // Create a new keystore instance rpc CreateKeystore(CreateKeystoreRequest) returns (CreateKeystoreResponse); + // Delete an existing keystore instance rpc DeleteKeystore(DeleteKeystoreRequest) returns (DeleteKeystoreResponse); + // Grant trust to a client certificate subject pattern for accessing the keystore instance + rpc GrantTrust(GrantTrustRequest) returns (GrantTrustResponse); + // Remove trust for a client certificate subject pattern to revoke access to the keystore instance + rpc RemoveTrust(RemoveTrustRequest) returns (RemoveTrustResponse); } +// SupportedRegion represents a region where the keystore can be created or accessed. +message SupportedRegion { + string name = 1; + string technical_name = 2; +} + +// ManagementConfig represents the configuration details for the management role of a keystore instance. +message ManagementConfig { + string locality_id = 1; + string common_name = 2; + plugin.keystore.common.v1.KeystoreInstanceConfig access_data = 3; +} + +// CreateKeystoreRequest represents the request to create a new keystore instance. +// The values field contains the necessary parameters for creating the keystore, +// which can vary depending on the implementation and requirements of the keystore provider. message CreateKeystoreRequest { google.protobuf.Struct values = 1; } +// CreateKeystoreResponse represents the response after creating a new keystore instance. +// - The config field (deprecated) contains the configuration details of the created keystore instance, +// including fields: locality_id, common_name, management_access_data, and supported_regions. message CreateKeystoreResponse { - plugin.keystore.common.v1.KeystoreInstanceConfig config = 1; + plugin.keystore.common.v1.KeystoreInstanceConfig config = 1 [deprecated = true]; + ManagementConfig role_management_config = 2; + ManagementConfig key_management_config = 3; + repeated SupportedRegion supported_regions = 4; } message DeleteKeystoreRequest { @@ -24,3 +52,33 @@ message DeleteKeystoreRequest { } message DeleteKeystoreResponse {} + +// GrantTrustRequest represents the request to grant trust to a client certificate subject pattern +// for accessing a keystore instance from the crypto layer. +// - The config field contains the authentication configuration of the role management role for the keystore instance, +// which is used to authenticate the request to grant trust. +// - The subject field contains the client certificate subject to grant trust to +// - The region field specifies the logical region for which the trust is being granted +message GrantTrustRequest { + plugin.keystore.common.v1.KeystoreInstanceConfig config = 1; + string subject = 2; + string region = 3; +} + +// GrantTrustResponse represents the response after granting trust to a client certificate subject pattern +// for accessing a keystore instance. Returns the access data of the configured trust +message GrantTrustResponse { + google.protobuf.Struct access_data = 1; +} + +// RemoveTrustRequest represents the request to remove trust for a client certificate subject pattern +// to revoke access to a keystore instance. +// - The config field contains the authentication configuration of the role management role for the keystore instance, +// which is used to authenticate the request to remove trust. +// - The access_data field contains the access data of the trust to be removed +message RemoveTrustRequest { + plugin.keystore.common.v1.KeystoreInstanceConfig config = 1; + google.protobuf.Struct access_data = 2; +} + +message RemoveTrustResponse {} diff --git a/proto/plugin/keystore/management/v1/management_grpc.pb.go b/proto/plugin/keystore/management/v1/management_grpc.pb.go index 5bfe5a1..632eb45 100644 --- a/proto/plugin/keystore/management/v1/management_grpc.pb.go +++ b/proto/plugin/keystore/management/v1/management_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.6.1 -// - protoc v7.34.1 +// - protoc-gen-go-grpc v1.6.2 +// - protoc v7.35.0 // source: plugin/keystore/management/v1/management.proto package managementv1 @@ -21,14 +21,22 @@ const _ = grpc.SupportPackageIsVersion9 const ( KeystoreProvider_CreateKeystore_FullMethodName = "/plugin.keystore.management.v1.KeystoreProvider/CreateKeystore" KeystoreProvider_DeleteKeystore_FullMethodName = "/plugin.keystore.management.v1.KeystoreProvider/DeleteKeystore" + KeystoreProvider_GrantTrust_FullMethodName = "/plugin.keystore.management.v1.KeystoreProvider/GrantTrust" + KeystoreProvider_RemoveTrust_FullMethodName = "/plugin.keystore.management.v1.KeystoreProvider/RemoveTrust" ) // KeystoreProviderClient is the client API for KeystoreProvider service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. type KeystoreProviderClient interface { + // Create a new keystore instance CreateKeystore(ctx context.Context, in *CreateKeystoreRequest, opts ...grpc.CallOption) (*CreateKeystoreResponse, error) + // Delete an existing keystore instance DeleteKeystore(ctx context.Context, in *DeleteKeystoreRequest, opts ...grpc.CallOption) (*DeleteKeystoreResponse, error) + // Grant trust to a client certificate subject pattern for accessing the keystore instance + GrantTrust(ctx context.Context, in *GrantTrustRequest, opts ...grpc.CallOption) (*GrantTrustResponse, error) + // Remove trust for a client certificate subject pattern to revoke access to the keystore instance + RemoveTrust(ctx context.Context, in *RemoveTrustRequest, opts ...grpc.CallOption) (*RemoveTrustResponse, error) } type keystoreProviderClient struct { @@ -59,12 +67,38 @@ func (c *keystoreProviderClient) DeleteKeystore(ctx context.Context, in *DeleteK return out, nil } +func (c *keystoreProviderClient) GrantTrust(ctx context.Context, in *GrantTrustRequest, opts ...grpc.CallOption) (*GrantTrustResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(GrantTrustResponse) + err := c.cc.Invoke(ctx, KeystoreProvider_GrantTrust_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *keystoreProviderClient) RemoveTrust(ctx context.Context, in *RemoveTrustRequest, opts ...grpc.CallOption) (*RemoveTrustResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(RemoveTrustResponse) + err := c.cc.Invoke(ctx, KeystoreProvider_RemoveTrust_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + // KeystoreProviderServer is the server API for KeystoreProvider service. // All implementations must embed UnimplementedKeystoreProviderServer // for forward compatibility. type KeystoreProviderServer interface { + // Create a new keystore instance CreateKeystore(context.Context, *CreateKeystoreRequest) (*CreateKeystoreResponse, error) + // Delete an existing keystore instance DeleteKeystore(context.Context, *DeleteKeystoreRequest) (*DeleteKeystoreResponse, error) + // Grant trust to a client certificate subject pattern for accessing the keystore instance + GrantTrust(context.Context, *GrantTrustRequest) (*GrantTrustResponse, error) + // Remove trust for a client certificate subject pattern to revoke access to the keystore instance + RemoveTrust(context.Context, *RemoveTrustRequest) (*RemoveTrustResponse, error) mustEmbedUnimplementedKeystoreProviderServer() } @@ -81,6 +115,12 @@ func (UnimplementedKeystoreProviderServer) CreateKeystore(context.Context, *Crea func (UnimplementedKeystoreProviderServer) DeleteKeystore(context.Context, *DeleteKeystoreRequest) (*DeleteKeystoreResponse, error) { return nil, status.Error(codes.Unimplemented, "method DeleteKeystore not implemented") } +func (UnimplementedKeystoreProviderServer) GrantTrust(context.Context, *GrantTrustRequest) (*GrantTrustResponse, error) { + return nil, status.Error(codes.Unimplemented, "method GrantTrust not implemented") +} +func (UnimplementedKeystoreProviderServer) RemoveTrust(context.Context, *RemoveTrustRequest) (*RemoveTrustResponse, error) { + return nil, status.Error(codes.Unimplemented, "method RemoveTrust not implemented") +} func (UnimplementedKeystoreProviderServer) mustEmbedUnimplementedKeystoreProviderServer() {} func (UnimplementedKeystoreProviderServer) testEmbeddedByValue() {} @@ -138,6 +178,42 @@ func _KeystoreProvider_DeleteKeystore_Handler(srv interface{}, ctx context.Conte return interceptor(ctx, in, info, handler) } +func _KeystoreProvider_GrantTrust_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(GrantTrustRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KeystoreProviderServer).GrantTrust(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KeystoreProvider_GrantTrust_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KeystoreProviderServer).GrantTrust(ctx, req.(*GrantTrustRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _KeystoreProvider_RemoveTrust_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RemoveTrustRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KeystoreProviderServer).RemoveTrust(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KeystoreProvider_RemoveTrust_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KeystoreProviderServer).RemoveTrust(ctx, req.(*RemoveTrustRequest)) + } + return interceptor(ctx, in, info, handler) +} + // KeystoreProvider_ServiceDesc is the grpc.ServiceDesc for KeystoreProvider service. // It's only intended for direct use with grpc.RegisterService, // and not to be introspected or modified (even as a copy) @@ -153,6 +229,14 @@ var KeystoreProvider_ServiceDesc = grpc.ServiceDesc{ MethodName: "DeleteKeystore", Handler: _KeystoreProvider_DeleteKeystore_Handler, }, + { + MethodName: "GrantTrust", + Handler: _KeystoreProvider_GrantTrust_Handler, + }, + { + MethodName: "RemoveTrust", + Handler: _KeystoreProvider_RemoveTrust_Handler, + }, }, Streams: []grpc.StreamDesc{}, Metadata: "plugin/keystore/management/v1/management.proto", diff --git a/proto/plugin/keystore/operations/v1/operations.pb.go b/proto/plugin/keystore/operations/v1/operations.pb.go index 7f72bf9..2c2ef58 100644 --- a/proto/plugin/keystore/operations/v1/operations.pb.go +++ b/proto/plugin/keystore/operations/v1/operations.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v7.34.1 +// protoc v7.35.0 // source: plugin/keystore/operations/v1/operations.proto package operationsv1 diff --git a/proto/plugin/keystore/operations/v1/operations_grpc.pb.go b/proto/plugin/keystore/operations/v1/operations_grpc.pb.go index 1e5bf0c..acd684d 100644 --- a/proto/plugin/keystore/operations/v1/operations_grpc.pb.go +++ b/proto/plugin/keystore/operations/v1/operations_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.6.1 -// - protoc v7.34.1 +// - protoc-gen-go-grpc v1.6.2 +// - protoc v7.35.0 // source: plugin/keystore/operations/v1/operations.proto package operationsv1 diff --git a/proto/plugin/notification/v1/notification.pb.go b/proto/plugin/notification/v1/notification.pb.go index d309a2a..ad4b3c8 100644 --- a/proto/plugin/notification/v1/notification.pb.go +++ b/proto/plugin/notification/v1/notification.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v7.34.1 +// protoc v7.35.0 // source: plugin/notification/v1/notification.proto package notificationv1 diff --git a/proto/plugin/notification/v1/notification_grpc.pb.go b/proto/plugin/notification/v1/notification_grpc.pb.go index f77dc5e..b3efedc 100644 --- a/proto/plugin/notification/v1/notification_grpc.pb.go +++ b/proto/plugin/notification/v1/notification_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.6.1 -// - protoc v7.34.1 +// - protoc-gen-go-grpc v1.6.2 +// - protoc v7.35.0 // source: plugin/notification/v1/notification.proto package notificationv1 diff --git a/proto/plugin/systeminformation/v1/systeminformation.pb.go b/proto/plugin/systeminformation/v1/systeminformation.pb.go index 4a83f91..959a346 100644 --- a/proto/plugin/systeminformation/v1/systeminformation.pb.go +++ b/proto/plugin/systeminformation/v1/systeminformation.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v7.34.1 +// protoc v7.35.0 // source: plugin/systeminformation/v1/systeminformation.proto package systeminformationv1 diff --git a/proto/plugin/systeminformation/v1/systeminformation_grpc.pb.go b/proto/plugin/systeminformation/v1/systeminformation_grpc.pb.go index 97d174d..a852e29 100644 --- a/proto/plugin/systeminformation/v1/systeminformation_grpc.pb.go +++ b/proto/plugin/systeminformation/v1/systeminformation_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.6.1 -// - protoc v7.34.1 +// - protoc-gen-go-grpc v1.6.2 +// - protoc v7.35.0 // source: plugin/systeminformation/v1/systeminformation.proto package systeminformationv1 diff --git a/proto/plugin/test/v1/test.pb.go b/proto/plugin/test/v1/test.pb.go index 7c22b42..4d1ce77 100644 --- a/proto/plugin/test/v1/test.pb.go +++ b/proto/plugin/test/v1/test.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v7.34.1 +// protoc v7.35.0 // source: plugin/test/v1/test.proto package testv1 diff --git a/proto/plugin/test/v1/test_grpc.pb.go b/proto/plugin/test/v1/test_grpc.pb.go index 509ef1c..91e3be3 100644 --- a/proto/plugin/test/v1/test_grpc.pb.go +++ b/proto/plugin/test/v1/test_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.6.1 -// - protoc v7.34.1 +// - protoc-gen-go-grpc v1.6.2 +// - protoc v7.35.0 // source: plugin/test/v1/test.proto package testv1 diff --git a/proto/service/common/config/v1/config.pb.go b/proto/service/common/config/v1/config.pb.go index f96e484..a97bb7a 100644 --- a/proto/service/common/config/v1/config.pb.go +++ b/proto/service/common/config/v1/config.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.36.11 -// protoc v7.34.1 +// protoc v7.35.0 // source: service/common/config/v1/config.proto package configv1 diff --git a/proto/service/common/config/v1/config_grpc.pb.go b/proto/service/common/config/v1/config_grpc.pb.go index 70692a1..9782be9 100644 --- a/proto/service/common/config/v1/config_grpc.pb.go +++ b/proto/service/common/config/v1/config_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.6.1 -// - protoc v7.34.1 +// - protoc-gen-go-grpc v1.6.2 +// - protoc v7.35.0 // source: service/common/config/v1/config.proto package configv1