From b1291544079c3f5abf62cedafa68a5d4aafc3b9d Mon Sep 17 00:00:00 2001 From: Miguel Martinez Trivino Date: Sat, 27 May 2023 17:25:52 +0200 Subject: [PATCH 1/3] refactor(config): extract secret manager configuration Signed-off-by: Miguel Martinez Trivino --- Makefile | 11 +- app/artifact-cas/cmd/main.go | 86 +- app/artifact-cas/internal/conf/conf.pb.go | 623 +++----------- app/artifact-cas/internal/conf/conf.proto | 40 +- app/controlplane/cmd/main.go | 88 +- app/controlplane/internal/conf/conf.pb.go | 763 ++++-------------- .../internal/conf/conf.pb.validate.go | 691 ---------------- app/controlplane/internal/conf/conf.proto | 45 +- buf.work.yaml | 1 + internal/credentials/api/buf.gen.yaml | 5 + internal/credentials/api/buf.lock | 7 + internal/credentials/api/buf.yaml | 9 + .../credentials/api/credentials/v1/config.go | 106 +++ .../api/credentials/v1/config.pb.go | 546 +++++++++++++ .../api/credentials/v1/config.proto | 57 ++ 15 files changed, 987 insertions(+), 2091 deletions(-) create mode 100644 internal/credentials/api/buf.gen.yaml create mode 100644 internal/credentials/api/buf.lock create mode 100644 internal/credentials/api/buf.yaml create mode 100644 internal/credentials/api/credentials/v1/config.go create mode 100644 internal/credentials/api/credentials/v1/config.pb.go create mode 100644 internal/credentials/api/credentials/v1/config.proto diff --git a/Makefile b/Makefile index 3e434bf19..1844f9252 100644 --- a/Makefile +++ b/Makefile @@ -17,15 +17,22 @@ init: .PHONY: api # generate api proto -api: +api: make -C ./app/controlplane api make -C ./app/cli api make -C ./app/artifact-cas api +.PHONY: config +# generate config proto +config: + cd ./internal/credentials/api && buf generate + make -C ./app/controlplane config + make -C ./app/artifact-cas config + .PHONY: generate # generate -generate: +generate: config api go generate ./... .PHONY: all diff --git a/app/artifact-cas/cmd/main.go b/app/artifact-cas/cmd/main.go index 46b08b77c..80099dc18 100644 --- a/app/artifact-cas/cmd/main.go +++ b/app/artifact-cas/cmd/main.go @@ -16,16 +16,11 @@ package main import ( - "errors" "flag" - "fmt" "os" "time" - "github.com/chainloop-dev/chainloop/internal/credentials" - awssecrets "github.com/chainloop-dev/chainloop/internal/credentials/aws" - "github.com/chainloop-dev/chainloop/internal/credentials/gcp" - "github.com/chainloop-dev/chainloop/internal/credentials/vault" + credsConfig "github.com/chainloop-dev/chainloop/internal/credentials/api/credentials/v1" "github.com/getsentry/sentry-go" "github.com/chainloop-dev/chainloop/app/artifact-cas/internal/conf" @@ -108,7 +103,7 @@ func main() { panic(err) } - credentialsReader, err := newCredentialsReader(bc.GetCredentialsService(), logger) + credentialsReader, err := credsConfig.NewFromConfig(bc.GetCredentialsService(), logger) if err != nil { panic(err) } @@ -125,83 +120,6 @@ func main() { } } -func newCredentialsReader(conf *conf.Credentials, l log.Logger) (credentials.Reader, error) { - awsc, vaultc, gcpc := conf.GetAwsSecretManager(), conf.GetVault(), conf.GetGcpSecretManager() - if awsc == nil && vaultc == nil && gcpc == nil { - return nil, errors.New("no credentials manager configuration found") - } - - if awsc != nil { - return newAWSCredentialsManager(awsc, l) - } - - if gcpc != nil { - return newGCPCredentialsManager(gcpc, l) - } - - return newVaultCredentialsManager(vaultc, l) -} - -func newAWSCredentialsManager(conf *conf.Credentials_AWSSecretManager, l log.Logger) (*awssecrets.Manager, error) { - if conf == nil { - return nil, errors.New("incompleted configuration for AWS secret manager") - } - - opts := &awssecrets.NewManagerOpts{ - Region: conf.Region, - AccessKey: conf.GetCreds().GetAccessKey(), SecretKey: conf.GetCreds().GetSecretKey(), - Logger: l, - } - - m, err := awssecrets.NewManager(opts) - if err != nil { - return nil, fmt.Errorf("configuring the secrets manager: %w", err) - } - - _ = l.Log(log.LevelInfo, "msg", "secrets manager configured", "backend", "AWS secret manager") - - return m, nil -} - -func newVaultCredentialsManager(conf *conf.Credentials_Vault, l log.Logger) (*vault.Manager, error) { - if conf == nil { - return nil, errors.New("incompleted configuration for vault credentials manager") - } - - opts := &vault.NewManagerOpts{ - AuthToken: conf.Token, Address: conf.Address, - MountPath: conf.MountPath, Logger: l, - } - - m, err := vault.NewManager(opts) - if err != nil { - return nil, fmt.Errorf("configuring vault: %w", err) - } - - _ = l.Log(log.LevelInfo, "msg", "secrets manager configured", "backend", "Vault") - - return m, nil -} - -func newGCPCredentialsManager(conf *conf.Credentials_GCPSecretManager, l log.Logger) (*gcp.Manager, error) { - if conf == nil { - return nil, errors.New("uncompleted configuration for GCP secret manager") - } - - opts := &gcp.NewManagerOpts{ - ProjectID: conf.ProjectId, - ServiceAccountKey: conf.ServiceAccountKey, - Logger: l, - } - - m, err := gcp.NewManager(opts) - if err != nil { - return nil, fmt.Errorf("configuring the GCP secret manager: %w", err) - } - - return m, nil -} - func initSentry(c *conf.Bootstrap, logger log.Logger) (cleanupFunc func(), err error) { cleanupFunc = func() { sentry.Flush(2 * time.Second) diff --git a/app/artifact-cas/internal/conf/conf.pb.go b/app/artifact-cas/internal/conf/conf.pb.go index 99351484b..299e8c18a 100644 --- a/app/artifact-cas/internal/conf/conf.pb.go +++ b/app/artifact-cas/internal/conf/conf.pb.go @@ -22,6 +22,7 @@ package conf import ( + v1 "github.com/chainloop-dev/chainloop/internal/credentials/api/credentials/v1" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" durationpb "google.golang.org/protobuf/types/known/durationpb" @@ -44,7 +45,7 @@ type Bootstrap struct { Server *Server `protobuf:"bytes,1,opt,name=server,proto3" json:"server,omitempty"` Auth *Auth `protobuf:"bytes,2,opt,name=auth,proto3" json:"auth,omitempty"` Observability *Bootstrap_Observability `protobuf:"bytes,3,opt,name=observability,proto3" json:"observability,omitempty"` - CredentialsService *Credentials `protobuf:"bytes,4,opt,name=credentials_service,json=credentialsService,proto3" json:"credentials_service,omitempty"` + CredentialsService *v1.Credentials `protobuf:"bytes,4,opt,name=credentials_service,json=credentialsService,proto3" json:"credentials_service,omitempty"` } func (x *Bootstrap) Reset() { @@ -100,7 +101,7 @@ func (x *Bootstrap) GetObservability() *Bootstrap_Observability { return nil } -func (x *Bootstrap) GetCredentialsService() *Credentials { +func (x *Bootstrap) GetCredentialsService() *v1.Credentials { if x != nil { return x.CredentialsService } @@ -222,102 +223,6 @@ func (x *Auth) GetRobotAccountPublicKeyPath() string { return "" } -// Where the credentials to access the backends are stored -type Credentials struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Types that are assignable to Backend: - // - // *Credentials_AwsSecretManager - // *Credentials_Vault_ - // *Credentials_GcpSecretManager - Backend isCredentials_Backend `protobuf_oneof:"backend"` -} - -func (x *Credentials) Reset() { - *x = Credentials{} - if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Credentials) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Credentials) ProtoMessage() {} - -func (x *Credentials) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Credentials.ProtoReflect.Descriptor instead. -func (*Credentials) Descriptor() ([]byte, []int) { - return file_conf_proto_rawDescGZIP(), []int{3} -} - -func (m *Credentials) GetBackend() isCredentials_Backend { - if m != nil { - return m.Backend - } - return nil -} - -func (x *Credentials) GetAwsSecretManager() *Credentials_AWSSecretManager { - if x, ok := x.GetBackend().(*Credentials_AwsSecretManager); ok { - return x.AwsSecretManager - } - return nil -} - -func (x *Credentials) GetVault() *Credentials_Vault { - if x, ok := x.GetBackend().(*Credentials_Vault_); ok { - return x.Vault - } - return nil -} - -func (x *Credentials) GetGcpSecretManager() *Credentials_GCPSecretManager { - if x, ok := x.GetBackend().(*Credentials_GcpSecretManager); ok { - return x.GcpSecretManager - } - return nil -} - -type isCredentials_Backend interface { - isCredentials_Backend() -} - -type Credentials_AwsSecretManager struct { - AwsSecretManager *Credentials_AWSSecretManager `protobuf:"bytes,1,opt,name=aws_secret_manager,json=awsSecretManager,proto3,oneof"` -} - -type Credentials_Vault_ struct { - Vault *Credentials_Vault `protobuf:"bytes,2,opt,name=vault,proto3,oneof"` -} - -type Credentials_GcpSecretManager struct { - GcpSecretManager *Credentials_GCPSecretManager `protobuf:"bytes,3,opt,name=gcp_secret_manager,json=gcpSecretManager,proto3,oneof"` -} - -func (*Credentials_AwsSecretManager) isCredentials_Backend() {} - -func (*Credentials_Vault_) isCredentials_Backend() {} - -func (*Credentials_GcpSecretManager) isCredentials_Backend() {} - type Bootstrap_Observability struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -329,7 +234,7 @@ type Bootstrap_Observability struct { func (x *Bootstrap_Observability) Reset() { *x = Bootstrap_Observability{} if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[4] + mi := &file_conf_proto_msgTypes[3] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -342,7 +247,7 @@ func (x *Bootstrap_Observability) String() string { func (*Bootstrap_Observability) ProtoMessage() {} func (x *Bootstrap_Observability) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[4] + mi := &file_conf_proto_msgTypes[3] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -378,7 +283,7 @@ type Bootstrap_Observability_Sentry struct { func (x *Bootstrap_Observability_Sentry) Reset() { *x = Bootstrap_Observability_Sentry{} if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[5] + mi := &file_conf_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -391,7 +296,7 @@ func (x *Bootstrap_Observability_Sentry) String() string { func (*Bootstrap_Observability_Sentry) ProtoMessage() {} func (x *Bootstrap_Observability_Sentry) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[5] + mi := &file_conf_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -434,7 +339,7 @@ type Server_HTTP struct { func (x *Server_HTTP) Reset() { *x = Server_HTTP{} if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[6] + mi := &file_conf_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -447,7 +352,7 @@ func (x *Server_HTTP) String() string { func (*Server_HTTP) ProtoMessage() {} func (x *Server_HTTP) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[6] + mi := &file_conf_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -497,7 +402,7 @@ type Server_GRPC struct { func (x *Server_GRPC) Reset() { *x = Server_GRPC{} if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[7] + mi := &file_conf_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -510,7 +415,7 @@ func (x *Server_GRPC) String() string { func (*Server_GRPC) ProtoMessage() {} func (x *Server_GRPC) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[7] + mi := &file_conf_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -547,336 +452,67 @@ func (x *Server_GRPC) GetTimeout() *durationpb.Duration { return nil } -// Top level is deprecated now -type Credentials_AWSSecretManager struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Creds *Credentials_AWSSecretManager_Creds `protobuf:"bytes,1,opt,name=creds,proto3" json:"creds,omitempty"` - Region string `protobuf:"bytes,2,opt,name=region,proto3" json:"region,omitempty"` -} - -func (x *Credentials_AWSSecretManager) Reset() { - *x = Credentials_AWSSecretManager{} - if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Credentials_AWSSecretManager) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Credentials_AWSSecretManager) ProtoMessage() {} - -func (x *Credentials_AWSSecretManager) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Credentials_AWSSecretManager.ProtoReflect.Descriptor instead. -func (*Credentials_AWSSecretManager) Descriptor() ([]byte, []int) { - return file_conf_proto_rawDescGZIP(), []int{3, 0} -} - -func (x *Credentials_AWSSecretManager) GetCreds() *Credentials_AWSSecretManager_Creds { - if x != nil { - return x.Creds - } - return nil -} - -func (x *Credentials_AWSSecretManager) GetRegion() string { - if x != nil { - return x.Region - } - return "" -} - -type Credentials_Vault struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // TODO: Use application role auth instead - Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"` - // Instance address, including port - // i.e "http://127.0.0.1:8200" - Address string `protobuf:"bytes,2,opt,name=address,proto3" json:"address,omitempty"` - // mount path of the kv engine, default /secret - MountPath string `protobuf:"bytes,3,opt,name=mount_path,json=mountPath,proto3" json:"mount_path,omitempty"` -} - -func (x *Credentials_Vault) Reset() { - *x = Credentials_Vault{} - if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Credentials_Vault) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Credentials_Vault) ProtoMessage() {} - -func (x *Credentials_Vault) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Credentials_Vault.ProtoReflect.Descriptor instead. -func (*Credentials_Vault) Descriptor() ([]byte, []int) { - return file_conf_proto_rawDescGZIP(), []int{3, 1} -} - -func (x *Credentials_Vault) GetToken() string { - if x != nil { - return x.Token - } - return "" -} - -func (x *Credentials_Vault) GetAddress() string { - if x != nil { - return x.Address - } - return "" -} - -func (x *Credentials_Vault) GetMountPath() string { - if x != nil { - return x.MountPath - } - return "" -} - -type Credentials_GCPSecretManager struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // project number - ProjectId string `protobuf:"bytes,1,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"` - // service account key - ServiceAccountKey string `protobuf:"bytes,2,opt,name=service_account_key,json=serviceAccountKey,proto3" json:"service_account_key,omitempty"` -} - -func (x *Credentials_GCPSecretManager) Reset() { - *x = Credentials_GCPSecretManager{} - if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Credentials_GCPSecretManager) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Credentials_GCPSecretManager) ProtoMessage() {} - -func (x *Credentials_GCPSecretManager) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Credentials_GCPSecretManager.ProtoReflect.Descriptor instead. -func (*Credentials_GCPSecretManager) Descriptor() ([]byte, []int) { - return file_conf_proto_rawDescGZIP(), []int{3, 2} -} - -func (x *Credentials_GCPSecretManager) GetProjectId() string { - if x != nil { - return x.ProjectId - } - return "" -} - -func (x *Credentials_GCPSecretManager) GetServiceAccountKey() string { - if x != nil { - return x.ServiceAccountKey - } - return "" -} - -type Credentials_AWSSecretManager_Creds struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - AccessKey string `protobuf:"bytes,1,opt,name=access_key,json=accessKey,proto3" json:"access_key,omitempty"` - SecretKey string `protobuf:"bytes,2,opt,name=secret_key,json=secretKey,proto3" json:"secret_key,omitempty"` -} - -func (x *Credentials_AWSSecretManager_Creds) Reset() { - *x = Credentials_AWSSecretManager_Creds{} - if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Credentials_AWSSecretManager_Creds) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Credentials_AWSSecretManager_Creds) ProtoMessage() {} - -func (x *Credentials_AWSSecretManager_Creds) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Credentials_AWSSecretManager_Creds.ProtoReflect.Descriptor instead. -func (*Credentials_AWSSecretManager_Creds) Descriptor() ([]byte, []int) { - return file_conf_proto_rawDescGZIP(), []int{3, 0, 0} -} - -func (x *Credentials_AWSSecretManager_Creds) GetAccessKey() string { - if x != nil { - return x.AccessKey - } - return "" -} - -func (x *Credentials_AWSSecretManager_Creds) GetSecretKey() string { - if x != nil { - return x.SecretKey - } - return "" -} - var File_conf_proto protoreflect.FileDescriptor var file_conf_proto_rawDesc = []byte{ 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xcf, 0x02, 0x0a, - 0x09, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x12, 0x1f, 0x0a, 0x06, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x07, 0x2e, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x19, 0x0a, 0x04, 0x61, - 0x75, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x05, 0x2e, 0x41, 0x75, 0x74, 0x68, - 0x52, 0x04, 0x61, 0x75, 0x74, 0x68, 0x12, 0x3e, 0x0a, 0x0d, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, - 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, - 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x2e, 0x4f, 0x62, 0x73, 0x65, 0x72, 0x76, - 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x52, 0x0d, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x61, - 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x3d, 0x0a, 0x13, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x61, 0x6c, 0x73, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, - 0x73, 0x52, 0x12, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x1a, 0x86, 0x01, 0x0a, 0x0d, 0x4f, 0x62, 0x73, 0x65, 0x72, 0x76, - 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x37, 0x0a, 0x06, 0x73, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, - 0x72, 0x61, 0x70, 0x2e, 0x4f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, - 0x79, 0x2e, 0x53, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x73, 0x65, 0x6e, 0x74, 0x72, 0x79, - 0x1a, 0x3c, 0x0a, 0x06, 0x53, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x73, - 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x64, 0x73, 0x6e, 0x12, 0x20, 0x0a, 0x0b, - 0x65, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0b, 0x65, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x22, 0xd3, - 0x02, 0x0a, 0x06, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x20, 0x0a, 0x04, 0x68, 0x74, 0x74, - 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x04, 0x68, 0x74, 0x74, 0x70, 0x12, 0x20, 0x0a, 0x04, 0x67, - 0x72, 0x70, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x53, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x52, 0x04, 0x67, 0x72, 0x70, 0x63, 0x12, 0x2f, 0x0a, - 0x0c, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x18, 0x03, 0x20, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x63, 0x72, + 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2f, 0x76, 0x31, 0x2f, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xde, 0x02, 0x0a, 0x09, 0x42, 0x6f, + 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x12, 0x1f, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x07, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x19, 0x0a, 0x04, 0x61, 0x75, 0x74, 0x68, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x05, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x52, 0x04, 0x61, + 0x75, 0x74, 0x68, 0x12, 0x3e, 0x0a, 0x0d, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x61, 0x62, 0x69, + 0x6c, 0x69, 0x74, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x42, 0x6f, 0x6f, + 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x2e, 0x4f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x61, 0x62, 0x69, + 0x6c, 0x69, 0x74, 0x79, 0x52, 0x0d, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x61, 0x62, 0x69, 0x6c, + 0x69, 0x74, 0x79, 0x12, 0x4c, 0x0a, 0x13, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, + 0x6c, 0x73, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1b, 0x2e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x76, + 0x31, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x52, 0x12, 0x63, + 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x1a, 0x86, 0x01, 0x0a, 0x0d, 0x4f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x61, 0x62, 0x69, 0x6c, + 0x69, 0x74, 0x79, 0x12, 0x37, 0x0a, 0x06, 0x73, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x2e, + 0x4f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x2e, 0x53, 0x65, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x73, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x1a, 0x3c, 0x0a, 0x06, + 0x53, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x73, 0x6e, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x03, 0x64, 0x73, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x65, 0x6e, 0x76, 0x69, + 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x65, + 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x22, 0xd3, 0x02, 0x0a, 0x06, 0x53, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x20, 0x0a, 0x04, 0x68, 0x74, 0x74, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x48, 0x54, 0x54, - 0x50, 0x52, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x1a, 0x69, - 0x0a, 0x04, 0x48, 0x54, 0x54, 0x50, 0x12, 0x18, 0x0a, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x12, 0x12, 0x0a, 0x04, 0x61, 0x64, 0x64, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, - 0x61, 0x64, 0x64, 0x72, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x1a, 0x69, 0x0a, 0x04, 0x47, 0x52, 0x50, - 0x43, 0x12, 0x18, 0x0a, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x12, 0x0a, 0x04, 0x61, - 0x64, 0x64, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x61, 0x64, 0x64, 0x72, 0x12, - 0x33, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x74, 0x69, 0x6d, - 0x65, 0x6f, 0x75, 0x74, 0x22, 0x48, 0x0a, 0x04, 0x41, 0x75, 0x74, 0x68, 0x12, 0x40, 0x0a, 0x1d, - 0x72, 0x6f, 0x62, 0x6f, 0x74, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x70, 0x75, - 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x19, 0x72, 0x6f, 0x62, 0x6f, 0x74, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, - 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x74, 0x68, 0x22, 0xcc, - 0x04, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x12, 0x4d, - 0x0a, 0x12, 0x61, 0x77, 0x73, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x6d, 0x61, 0x6e, - 0x61, 0x67, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x43, 0x72, 0x65, - 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x41, 0x57, 0x53, 0x53, 0x65, 0x63, 0x72, - 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x48, 0x00, 0x52, 0x10, 0x61, 0x77, 0x73, - 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x12, 0x2a, 0x0a, - 0x05, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x43, - 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x56, 0x61, 0x75, 0x6c, 0x74, - 0x48, 0x00, 0x52, 0x05, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x4d, 0x0a, 0x12, 0x67, 0x63, 0x70, - 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, - 0x61, 0x6c, 0x73, 0x2e, 0x47, 0x43, 0x50, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, - 0x61, 0x67, 0x65, 0x72, 0x48, 0x00, 0x52, 0x10, 0x67, 0x63, 0x70, 0x53, 0x65, 0x63, 0x72, 0x65, - 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x1a, 0xac, 0x01, 0x0a, 0x10, 0x41, 0x57, 0x53, - 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x12, 0x39, 0x0a, - 0x05, 0x63, 0x72, 0x65, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x43, - 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x41, 0x57, 0x53, 0x53, 0x65, - 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x43, 0x72, 0x65, 0x64, - 0x73, 0x52, 0x05, 0x63, 0x72, 0x65, 0x64, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x67, 0x69, - 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, - 0x1a, 0x45, 0x0a, 0x05, 0x43, 0x72, 0x65, 0x64, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x61, 0x63, 0x63, - 0x65, 0x73, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x65, 0x63, 0x72, - 0x65, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x65, - 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x1a, 0x56, 0x0a, 0x05, 0x56, 0x61, 0x75, 0x6c, 0x74, - 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, - 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, - 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68, 0x1a, - 0x61, 0x0a, 0x10, 0x47, 0x43, 0x50, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, - 0x67, 0x65, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, - 0x49, 0x64, 0x12, 0x2e, 0x0a, 0x13, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, - 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x11, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x4b, - 0x65, 0x79, 0x42, 0x09, 0x0a, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x42, 0x48, 0x5a, - 0x46, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x68, 0x61, 0x69, - 0x6e, 0x6c, 0x6f, 0x6f, 0x70, 0x2d, 0x64, 0x65, 0x76, 0x2f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x6c, - 0x6f, 0x6f, 0x70, 0x2f, 0x61, 0x70, 0x70, 0x2f, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, - 0x2d, 0x63, 0x61, 0x73, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x63, 0x6f, - 0x6e, 0x66, 0x3b, 0x63, 0x6f, 0x6e, 0x66, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x50, 0x52, 0x04, 0x68, 0x74, 0x74, 0x70, 0x12, 0x20, 0x0a, 0x04, 0x67, 0x72, 0x70, 0x63, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x47, + 0x52, 0x50, 0x43, 0x52, 0x04, 0x67, 0x72, 0x70, 0x63, 0x12, 0x2f, 0x0a, 0x0c, 0x68, 0x74, 0x74, + 0x70, 0x5f, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x0c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x0b, 0x68, + 0x74, 0x74, 0x70, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x1a, 0x69, 0x0a, 0x04, 0x48, 0x54, + 0x54, 0x50, 0x12, 0x18, 0x0a, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x12, 0x0a, 0x04, + 0x61, 0x64, 0x64, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x61, 0x64, 0x64, 0x72, + 0x12, 0x33, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x74, 0x69, + 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x1a, 0x69, 0x0a, 0x04, 0x47, 0x52, 0x50, 0x43, 0x12, 0x18, 0x0a, + 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x12, 0x0a, 0x04, 0x61, 0x64, 0x64, 0x72, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x61, 0x64, 0x64, 0x72, 0x12, 0x33, 0x0a, 0x07, 0x74, + 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, + 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, + 0x22, 0x48, 0x0a, 0x04, 0x41, 0x75, 0x74, 0x68, 0x12, 0x40, 0x0a, 0x1d, 0x72, 0x6f, 0x62, 0x6f, + 0x74, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, + 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x19, 0x72, 0x6f, 0x62, 0x6f, 0x74, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x75, 0x62, + 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x74, 0x68, 0x42, 0x48, 0x5a, 0x46, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x6c, 0x6f, + 0x6f, 0x70, 0x2d, 0x64, 0x65, 0x76, 0x2f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x6c, 0x6f, 0x6f, 0x70, + 0x2f, 0x61, 0x70, 0x70, 0x2f, 0x61, 0x72, 0x74, 0x69, 0x66, 0x61, 0x63, 0x74, 0x2d, 0x63, 0x61, + 0x73, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x3b, + 0x63, 0x6f, 0x6e, 0x66, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -891,42 +527,34 @@ func file_conf_proto_rawDescGZIP() []byte { return file_conf_proto_rawDescData } -var file_conf_proto_msgTypes = make([]protoimpl.MessageInfo, 12) +var file_conf_proto_msgTypes = make([]protoimpl.MessageInfo, 7) var file_conf_proto_goTypes = []interface{}{ - (*Bootstrap)(nil), // 0: Bootstrap - (*Server)(nil), // 1: Server - (*Auth)(nil), // 2: Auth - (*Credentials)(nil), // 3: Credentials - (*Bootstrap_Observability)(nil), // 4: Bootstrap.Observability - (*Bootstrap_Observability_Sentry)(nil), // 5: Bootstrap.Observability.Sentry - (*Server_HTTP)(nil), // 6: Server.HTTP - (*Server_GRPC)(nil), // 7: Server.GRPC - (*Credentials_AWSSecretManager)(nil), // 8: Credentials.AWSSecretManager - (*Credentials_Vault)(nil), // 9: Credentials.Vault - (*Credentials_GCPSecretManager)(nil), // 10: Credentials.GCPSecretManager - (*Credentials_AWSSecretManager_Creds)(nil), // 11: Credentials.AWSSecretManager.Creds - (*durationpb.Duration)(nil), // 12: google.protobuf.Duration + (*Bootstrap)(nil), // 0: Bootstrap + (*Server)(nil), // 1: Server + (*Auth)(nil), // 2: Auth + (*Bootstrap_Observability)(nil), // 3: Bootstrap.Observability + (*Bootstrap_Observability_Sentry)(nil), // 4: Bootstrap.Observability.Sentry + (*Server_HTTP)(nil), // 5: Server.HTTP + (*Server_GRPC)(nil), // 6: Server.GRPC + (*v1.Credentials)(nil), // 7: credentials.v1.Credentials + (*durationpb.Duration)(nil), // 8: google.protobuf.Duration } var file_conf_proto_depIdxs = []int32{ 1, // 0: Bootstrap.server:type_name -> Server 2, // 1: Bootstrap.auth:type_name -> Auth - 4, // 2: Bootstrap.observability:type_name -> Bootstrap.Observability - 3, // 3: Bootstrap.credentials_service:type_name -> Credentials - 6, // 4: Server.http:type_name -> Server.HTTP - 7, // 5: Server.grpc:type_name -> Server.GRPC - 6, // 6: Server.http_metrics:type_name -> Server.HTTP - 8, // 7: Credentials.aws_secret_manager:type_name -> Credentials.AWSSecretManager - 9, // 8: Credentials.vault:type_name -> Credentials.Vault - 10, // 9: Credentials.gcp_secret_manager:type_name -> Credentials.GCPSecretManager - 5, // 10: Bootstrap.Observability.sentry:type_name -> Bootstrap.Observability.Sentry - 12, // 11: Server.HTTP.timeout:type_name -> google.protobuf.Duration - 12, // 12: Server.GRPC.timeout:type_name -> google.protobuf.Duration - 11, // 13: Credentials.AWSSecretManager.creds:type_name -> Credentials.AWSSecretManager.Creds - 14, // [14:14] is the sub-list for method output_type - 14, // [14:14] is the sub-list for method input_type - 14, // [14:14] is the sub-list for extension type_name - 14, // [14:14] is the sub-list for extension extendee - 0, // [0:14] is the sub-list for field type_name + 3, // 2: Bootstrap.observability:type_name -> Bootstrap.Observability + 7, // 3: Bootstrap.credentials_service:type_name -> credentials.v1.Credentials + 5, // 4: Server.http:type_name -> Server.HTTP + 6, // 5: Server.grpc:type_name -> Server.GRPC + 5, // 6: Server.http_metrics:type_name -> Server.HTTP + 4, // 7: Bootstrap.Observability.sentry:type_name -> Bootstrap.Observability.Sentry + 8, // 8: Server.HTTP.timeout:type_name -> google.protobuf.Duration + 8, // 9: Server.GRPC.timeout:type_name -> google.protobuf.Duration + 10, // [10:10] is the sub-list for method output_type + 10, // [10:10] is the sub-list for method input_type + 10, // [10:10] is the sub-list for extension type_name + 10, // [10:10] is the sub-list for extension extendee + 0, // [0:10] is the sub-list for field type_name } func init() { file_conf_proto_init() } @@ -972,18 +600,6 @@ func file_conf_proto_init() { } } file_conf_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Credentials); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_conf_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Bootstrap_Observability); i { case 0: return &v.state @@ -995,7 +611,7 @@ func file_conf_proto_init() { return nil } } - file_conf_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + file_conf_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Bootstrap_Observability_Sentry); i { case 0: return &v.state @@ -1007,7 +623,7 @@ func file_conf_proto_init() { return nil } } - file_conf_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + file_conf_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Server_HTTP); i { case 0: return &v.state @@ -1019,7 +635,7 @@ func file_conf_proto_init() { return nil } } - file_conf_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + file_conf_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Server_GRPC); i { case 0: return &v.state @@ -1031,59 +647,6 @@ func file_conf_proto_init() { return nil } } - file_conf_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Credentials_AWSSecretManager); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_conf_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Credentials_Vault); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_conf_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Credentials_GCPSecretManager); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_conf_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Credentials_AWSSecretManager_Creds); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_conf_proto_msgTypes[3].OneofWrappers = []interface{}{ - (*Credentials_AwsSecretManager)(nil), - (*Credentials_Vault_)(nil), - (*Credentials_GcpSecretManager)(nil), } type x struct{} out := protoimpl.TypeBuilder{ @@ -1091,7 +654,7 @@ func file_conf_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_conf_proto_rawDesc, NumEnums: 0, - NumMessages: 12, + NumMessages: 7, NumExtensions: 0, NumServices: 0, }, diff --git a/app/artifact-cas/internal/conf/conf.proto b/app/artifact-cas/internal/conf/conf.proto index 4a2d1e60d..b4f9e2ac7 100644 --- a/app/artifact-cas/internal/conf/conf.proto +++ b/app/artifact-cas/internal/conf/conf.proto @@ -18,12 +18,13 @@ syntax = "proto3"; option go_package = "github.com/chainloop-dev/chainloop/app/artifact-cas/internal/conf;conf"; import "google/protobuf/duration.proto"; +import "credentials/v1/config.proto"; message Bootstrap { Server server = 1; Auth auth = 2; Observability observability = 3; - Credentials credentials_service = 4; + credentials.v1.Credentials credentials_service = 4; message Observability { Sentry sentry = 1; @@ -60,40 +61,3 @@ message Auth { // This token in the context of chainloop has been crafted by the controlplane string robot_account_public_key_path = 1; } - -// Where the credentials to access the backends are stored -message Credentials { - oneof backend { - AWSSecretManager aws_secret_manager = 1; - Vault vault = 2; - GCPSecretManager gcp_secret_manager = 3; - } - - // Top level is deprecated now - message AWSSecretManager { - Creds creds = 1; - string region = 2; - - message Creds { - string access_key = 1; - string secret_key = 2; - } - } - - message Vault { - // TODO: Use application role auth instead - string token = 1; - // Instance address, including port - // i.e "http://127.0.0.1:8200" - string address = 2; - // mount path of the kv engine, default /secret - string mount_path = 3; - } - - message GCPSecretManager { - // project number - string project_id = 1; - // service account key - string service_account_key = 2; - } -} \ No newline at end of file diff --git a/app/controlplane/cmd/main.go b/app/controlplane/cmd/main.go index 3d3c71a2c..d14a1063e 100644 --- a/app/controlplane/cmd/main.go +++ b/app/controlplane/cmd/main.go @@ -17,8 +17,6 @@ package main import ( "context" - "errors" - "fmt" "os" "time" @@ -28,10 +26,7 @@ import ( "github.com/chainloop-dev/chainloop/app/controlplane/internal/biz" "github.com/chainloop-dev/chainloop/app/controlplane/internal/conf" "github.com/chainloop-dev/chainloop/app/controlplane/internal/server" - "github.com/chainloop-dev/chainloop/internal/credentials" - awssecrets "github.com/chainloop-dev/chainloop/internal/credentials/aws" - "github.com/chainloop-dev/chainloop/internal/credentials/gcp" - "github.com/chainloop-dev/chainloop/internal/credentials/vault" + credsConfig "github.com/chainloop-dev/chainloop/internal/credentials/api/credentials/v1" "github.com/chainloop-dev/chainloop/internal/servicelogger" "github.com/go-kratos/kratos/v2" @@ -105,7 +100,7 @@ func main() { panic(err) } - credsWriter, err := newCredentialsWriter(&bc, logger) + credsWriter, err := credsConfig.NewFromConfig(bc.GetCredentialsService(), logger) if err != nil { panic(err) } @@ -158,85 +153,6 @@ func maskArgs(keyvals []interface{}) { } } -func newCredentialsWriter(conf *conf.Bootstrap, l log.Logger) (credentials.ReaderWriter, error) { - if credsConfig := conf.GetCredentialsService(); credsConfig != nil { - if c := credsConfig.GetAwsSecretManager(); c != nil { - return newAWSCredentialsManager(c, l) - } - - if c := credsConfig.GetVault(); c != nil { - return newVaultCredentialsManager(c, l) - } - - if c := credsConfig.GetGcpSecretManager(); c != nil { - return newGCPCredentialsManager(c, l) - } - } - - return nil, errors.New("no credentials manager configured") -} - -func newAWSCredentialsManager(conf *conf.Credentials_AWSSecretManager, l log.Logger) (*awssecrets.Manager, error) { - if conf == nil { - return nil, errors.New("uncompleted configuration for AWS secret manager") - } - - opts := &awssecrets.NewManagerOpts{ - Region: conf.Region, SecretPrefix: conf.SecretPrefix, - AccessKey: conf.GetCreds().GetAccessKey(), SecretKey: conf.GetCreds().GetSecretKey(), - Logger: l, - } - - m, err := awssecrets.NewManager(opts) - if err != nil { - return nil, fmt.Errorf("configuring the secrets manager: %w", err) - } - - _ = l.Log(log.LevelInfo, "msg", "secrets manager configured", "backend", "AWS secret manager") - - return m, nil -} - -func newVaultCredentialsManager(conf *conf.Credentials_Vault, l log.Logger) (*vault.Manager, error) { - if conf == nil { - return nil, errors.New("uncompleted configuration for vault credentials manager") - } - - opts := &vault.NewManagerOpts{ - AuthToken: conf.Token, SecretPrefix: conf.SecretPrefix, Address: conf.Address, - MountPath: conf.MountPath, Logger: l, - } - - m, err := vault.NewManager(opts) - if err != nil { - return nil, fmt.Errorf("configuring vault: %w", err) - } - - _ = l.Log(log.LevelInfo, "msg", "secrets manager configured", "backend", "Vault") - - return m, nil -} - -func newGCPCredentialsManager(conf *conf.Credentials_GCPSecretManager, l log.Logger) (*gcp.Manager, error) { - if conf == nil { - return nil, errors.New("uncompleted configuration for GCP secret manager") - } - - opts := &gcp.NewManagerOpts{ - ProjectID: conf.ProjectId, - ServiceAccountKey: conf.ServiceAccountKey, - SecretPrefix: conf.SecretPrefix, - Logger: l, - } - - m, err := gcp.NewManager(opts) - if err != nil { - return nil, fmt.Errorf("configuring the GCP secret manager: %w", err) - } - - return m, nil -} - func initSentry(c *conf.Bootstrap, logger log.Logger) (cleanupFunc func(), err error) { cleanupFunc = func() { sentry.Flush(2 * time.Second) diff --git a/app/controlplane/internal/conf/conf.pb.go b/app/controlplane/internal/conf/conf.pb.go index a704f34f2..7f75bfafb 100644 --- a/app/controlplane/internal/conf/conf.pb.go +++ b/app/controlplane/internal/conf/conf.pb.go @@ -22,6 +22,7 @@ package conf import ( + v1 "github.com/chainloop-dev/chainloop/internal/credentials/api/credentials/v1" _ "github.com/envoyproxy/protoc-gen-validate/validate" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" @@ -46,7 +47,7 @@ type Bootstrap struct { Data *Data `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"` Auth *Auth `protobuf:"bytes,3,opt,name=auth,proto3" json:"auth,omitempty"` Observability *Bootstrap_Observability `protobuf:"bytes,4,opt,name=observability,proto3" json:"observability,omitempty"` - CredentialsService *Credentials `protobuf:"bytes,5,opt,name=credentials_service,json=credentialsService,proto3" json:"credentials_service,omitempty"` + CredentialsService *v1.Credentials `protobuf:"bytes,5,opt,name=credentials_service,json=credentialsService,proto3" json:"credentials_service,omitempty"` // CAS Server endpoint CasServer *Bootstrap_CASServer `protobuf:"bytes,6,opt,name=cas_server,json=casServer,proto3" json:"cas_server,omitempty"` } @@ -111,7 +112,7 @@ func (x *Bootstrap) GetObservability() *Bootstrap_Observability { return nil } -func (x *Bootstrap) GetCredentialsService() *Credentials { +func (x *Bootstrap) GetCredentialsService() *v1.Credentials { if x != nil { return x.CredentialsService } @@ -308,101 +309,6 @@ func (x *Auth) GetOidc() *Auth_OIDC { return nil } -type Credentials struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // Types that are assignable to Backend: - // - // *Credentials_AwsSecretManager - // *Credentials_Vault_ - // *Credentials_GcpSecretManager - Backend isCredentials_Backend `protobuf_oneof:"backend"` -} - -func (x *Credentials) Reset() { - *x = Credentials{} - if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Credentials) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Credentials) ProtoMessage() {} - -func (x *Credentials) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Credentials.ProtoReflect.Descriptor instead. -func (*Credentials) Descriptor() ([]byte, []int) { - return file_conf_proto_rawDescGZIP(), []int{4} -} - -func (m *Credentials) GetBackend() isCredentials_Backend { - if m != nil { - return m.Backend - } - return nil -} - -func (x *Credentials) GetAwsSecretManager() *Credentials_AWSSecretManager { - if x, ok := x.GetBackend().(*Credentials_AwsSecretManager); ok { - return x.AwsSecretManager - } - return nil -} - -func (x *Credentials) GetVault() *Credentials_Vault { - if x, ok := x.GetBackend().(*Credentials_Vault_); ok { - return x.Vault - } - return nil -} - -func (x *Credentials) GetGcpSecretManager() *Credentials_GCPSecretManager { - if x, ok := x.GetBackend().(*Credentials_GcpSecretManager); ok { - return x.GcpSecretManager - } - return nil -} - -type isCredentials_Backend interface { - isCredentials_Backend() -} - -type Credentials_AwsSecretManager struct { - AwsSecretManager *Credentials_AWSSecretManager `protobuf:"bytes,1,opt,name=aws_secret_manager,json=awsSecretManager,proto3,oneof"` -} - -type Credentials_Vault_ struct { - Vault *Credentials_Vault `protobuf:"bytes,2,opt,name=vault,proto3,oneof"` -} - -type Credentials_GcpSecretManager struct { - GcpSecretManager *Credentials_GCPSecretManager `protobuf:"bytes,3,opt,name=gcp_secret_manager,json=gcpSecretManager,proto3,oneof"` -} - -func (*Credentials_AwsSecretManager) isCredentials_Backend() {} - -func (*Credentials_Vault_) isCredentials_Backend() {} - -func (*Credentials_GcpSecretManager) isCredentials_Backend() {} - type Bootstrap_Observability struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -414,7 +320,7 @@ type Bootstrap_Observability struct { func (x *Bootstrap_Observability) Reset() { *x = Bootstrap_Observability{} if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[5] + mi := &file_conf_proto_msgTypes[4] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -427,7 +333,7 @@ func (x *Bootstrap_Observability) String() string { func (*Bootstrap_Observability) ProtoMessage() {} func (x *Bootstrap_Observability) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[5] + mi := &file_conf_proto_msgTypes[4] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -464,7 +370,7 @@ type Bootstrap_CASServer struct { func (x *Bootstrap_CASServer) Reset() { *x = Bootstrap_CASServer{} if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[6] + mi := &file_conf_proto_msgTypes[5] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -477,7 +383,7 @@ func (x *Bootstrap_CASServer) String() string { func (*Bootstrap_CASServer) ProtoMessage() {} func (x *Bootstrap_CASServer) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[6] + mi := &file_conf_proto_msgTypes[5] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -519,7 +425,7 @@ type Bootstrap_Observability_Sentry struct { func (x *Bootstrap_Observability_Sentry) Reset() { *x = Bootstrap_Observability_Sentry{} if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[7] + mi := &file_conf_proto_msgTypes[6] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -532,7 +438,7 @@ func (x *Bootstrap_Observability_Sentry) String() string { func (*Bootstrap_Observability_Sentry) ProtoMessage() {} func (x *Bootstrap_Observability_Sentry) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[7] + mi := &file_conf_proto_msgTypes[6] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -578,7 +484,7 @@ type Server_HTTP struct { func (x *Server_HTTP) Reset() { *x = Server_HTTP{} if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[8] + mi := &file_conf_proto_msgTypes[7] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -591,7 +497,7 @@ func (x *Server_HTTP) String() string { func (*Server_HTTP) ProtoMessage() {} func (x *Server_HTTP) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[8] + mi := &file_conf_proto_msgTypes[7] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -648,7 +554,7 @@ type Server_GRPC struct { func (x *Server_GRPC) Reset() { *x = Server_GRPC{} if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[9] + mi := &file_conf_proto_msgTypes[8] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -661,7 +567,7 @@ func (x *Server_GRPC) String() string { func (*Server_GRPC) ProtoMessage() {} func (x *Server_GRPC) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[9] + mi := &file_conf_proto_msgTypes[8] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -710,7 +616,7 @@ type Data_Database struct { func (x *Data_Database) Reset() { *x = Data_Database{} if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[10] + mi := &file_conf_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -723,7 +629,7 @@ func (x *Data_Database) String() string { func (*Data_Database) ProtoMessage() {} func (x *Data_Database) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[10] + mi := &file_conf_proto_msgTypes[9] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -767,7 +673,7 @@ type Auth_OIDC struct { func (x *Auth_OIDC) Reset() { *x = Auth_OIDC{} if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[11] + mi := &file_conf_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -780,7 +686,7 @@ func (x *Auth_OIDC) String() string { func (*Auth_OIDC) ProtoMessage() {} func (x *Auth_OIDC) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[11] + mi := &file_conf_proto_msgTypes[10] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -824,268 +730,6 @@ func (x *Auth_OIDC) GetRedirectUrlScheme() string { return "" } -// Top level is deprecated now -type Credentials_AWSSecretManager struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Creds *Credentials_AWSSecretManager_Creds `protobuf:"bytes,1,opt,name=creds,proto3" json:"creds,omitempty"` - Region string `protobuf:"bytes,2,opt,name=region,proto3" json:"region,omitempty"` - // Secret prefix to be prepended during secret write - SecretPrefix string `protobuf:"bytes,3,opt,name=secret_prefix,json=secretPrefix,proto3" json:"secret_prefix,omitempty"` -} - -func (x *Credentials_AWSSecretManager) Reset() { - *x = Credentials_AWSSecretManager{} - if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Credentials_AWSSecretManager) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Credentials_AWSSecretManager) ProtoMessage() {} - -func (x *Credentials_AWSSecretManager) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Credentials_AWSSecretManager.ProtoReflect.Descriptor instead. -func (*Credentials_AWSSecretManager) Descriptor() ([]byte, []int) { - return file_conf_proto_rawDescGZIP(), []int{4, 0} -} - -func (x *Credentials_AWSSecretManager) GetCreds() *Credentials_AWSSecretManager_Creds { - if x != nil { - return x.Creds - } - return nil -} - -func (x *Credentials_AWSSecretManager) GetRegion() string { - if x != nil { - return x.Region - } - return "" -} - -func (x *Credentials_AWSSecretManager) GetSecretPrefix() string { - if x != nil { - return x.SecretPrefix - } - return "" -} - -type Credentials_Vault struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // TODO: Use application role auth instead - Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"` - // Instance address, including port - // i.e "http://127.0.0.1:8200" - Address string `protobuf:"bytes,2,opt,name=address,proto3" json:"address,omitempty"` - // mount path of the kv engine, default /secret - MountPath string `protobuf:"bytes,3,opt,name=mount_path,json=mountPath,proto3" json:"mount_path,omitempty"` - // Secret prefix to be prepended during secret write - SecretPrefix string `protobuf:"bytes,4,opt,name=secret_prefix,json=secretPrefix,proto3" json:"secret_prefix,omitempty"` -} - -func (x *Credentials_Vault) Reset() { - *x = Credentials_Vault{} - if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Credentials_Vault) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Credentials_Vault) ProtoMessage() {} - -func (x *Credentials_Vault) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Credentials_Vault.ProtoReflect.Descriptor instead. -func (*Credentials_Vault) Descriptor() ([]byte, []int) { - return file_conf_proto_rawDescGZIP(), []int{4, 1} -} - -func (x *Credentials_Vault) GetToken() string { - if x != nil { - return x.Token - } - return "" -} - -func (x *Credentials_Vault) GetAddress() string { - if x != nil { - return x.Address - } - return "" -} - -func (x *Credentials_Vault) GetMountPath() string { - if x != nil { - return x.MountPath - } - return "" -} - -func (x *Credentials_Vault) GetSecretPrefix() string { - if x != nil { - return x.SecretPrefix - } - return "" -} - -type Credentials_GCPSecretManager struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // project number - ProjectId string `protobuf:"bytes,1,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"` - // service account key - ServiceAccountKey string `protobuf:"bytes,2,opt,name=service_account_key,json=serviceAccountKey,proto3" json:"service_account_key,omitempty"` - // Secret prefix to be prepended during secret write - SecretPrefix string `protobuf:"bytes,3,opt,name=secret_prefix,json=secretPrefix,proto3" json:"secret_prefix,omitempty"` -} - -func (x *Credentials_GCPSecretManager) Reset() { - *x = Credentials_GCPSecretManager{} - if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Credentials_GCPSecretManager) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Credentials_GCPSecretManager) ProtoMessage() {} - -func (x *Credentials_GCPSecretManager) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[14] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Credentials_GCPSecretManager.ProtoReflect.Descriptor instead. -func (*Credentials_GCPSecretManager) Descriptor() ([]byte, []int) { - return file_conf_proto_rawDescGZIP(), []int{4, 2} -} - -func (x *Credentials_GCPSecretManager) GetProjectId() string { - if x != nil { - return x.ProjectId - } - return "" -} - -func (x *Credentials_GCPSecretManager) GetServiceAccountKey() string { - if x != nil { - return x.ServiceAccountKey - } - return "" -} - -func (x *Credentials_GCPSecretManager) GetSecretPrefix() string { - if x != nil { - return x.SecretPrefix - } - return "" -} - -type Credentials_AWSSecretManager_Creds struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - AccessKey string `protobuf:"bytes,1,opt,name=access_key,json=accessKey,proto3" json:"access_key,omitempty"` - SecretKey string `protobuf:"bytes,2,opt,name=secret_key,json=secretKey,proto3" json:"secret_key,omitempty"` -} - -func (x *Credentials_AWSSecretManager_Creds) Reset() { - *x = Credentials_AWSSecretManager_Creds{} - if protoimpl.UnsafeEnabled { - mi := &file_conf_proto_msgTypes[15] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Credentials_AWSSecretManager_Creds) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Credentials_AWSSecretManager_Creds) ProtoMessage() {} - -func (x *Credentials_AWSSecretManager_Creds) ProtoReflect() protoreflect.Message { - mi := &file_conf_proto_msgTypes[15] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Credentials_AWSSecretManager_Creds.ProtoReflect.Descriptor instead. -func (*Credentials_AWSSecretManager_Creds) Descriptor() ([]byte, []int) { - return file_conf_proto_rawDescGZIP(), []int{4, 0, 0} -} - -func (x *Credentials_AWSSecretManager_Creds) GetAccessKey() string { - if x != nil { - return x.AccessKey - } - return "" -} - -func (x *Credentials_AWSSecretManager_Creds) GetSecretKey() string { - if x != nil { - return x.SecretKey - } - return "" -} - var File_conf_proto protoreflect.FileDescriptor var file_conf_proto_rawDesc = []byte{ @@ -1093,141 +737,99 @@ var file_conf_proto_rawDesc = []byte{ 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf4, 0x03, 0x0a, 0x09, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, - 0x72, 0x61, 0x70, 0x12, 0x1f, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x07, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x06, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x12, 0x19, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x05, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x12, - 0x19, 0x0a, 0x04, 0x61, 0x75, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x05, 0x2e, - 0x41, 0x75, 0x74, 0x68, 0x52, 0x04, 0x61, 0x75, 0x74, 0x68, 0x12, 0x3e, 0x0a, 0x0d, 0x6f, 0x62, - 0x73, 0x65, 0x72, 0x76, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x18, 0x2e, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x2e, 0x4f, 0x62, - 0x73, 0x65, 0x72, 0x76, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x52, 0x0d, 0x6f, 0x62, 0x73, - 0x65, 0x72, 0x76, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x3d, 0x0a, 0x13, 0x63, 0x72, - 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x61, 0x6c, 0x73, 0x52, 0x12, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, - 0x6c, 0x73, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x33, 0x0a, 0x0a, 0x63, 0x61, 0x73, - 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, - 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x2e, 0x43, 0x41, 0x53, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x52, 0x09, 0x63, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x1a, 0x86, - 0x01, 0x0a, 0x0d, 0x4f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, - 0x12, 0x37, 0x0a, 0x06, 0x73, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1f, 0x2e, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x2e, 0x4f, 0x62, 0x73, - 0x65, 0x72, 0x76, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x2e, 0x53, 0x65, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x06, 0x73, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x1a, 0x3c, 0x0a, 0x06, 0x53, 0x65, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x64, 0x73, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x64, 0x73, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x65, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, - 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x65, 0x6e, 0x76, 0x69, - 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, 0x1a, 0x53, 0x0a, 0x09, 0x43, 0x41, 0x53, 0x53, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x12, 0x2a, 0x0a, 0x04, 0x67, 0x72, 0x70, 0x63, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x47, 0x52, 0x50, 0x43, - 0x42, 0x08, 0xfa, 0x42, 0x05, 0x8a, 0x01, 0x02, 0x10, 0x01, 0x52, 0x04, 0x67, 0x72, 0x70, 0x63, - 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x08, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x22, 0x80, 0x03, 0x0a, - 0x06, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x20, 0x0a, 0x04, 0x68, 0x74, 0x74, 0x70, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x48, - 0x54, 0x54, 0x50, 0x52, 0x04, 0x68, 0x74, 0x74, 0x70, 0x12, 0x20, 0x0a, 0x04, 0x67, 0x72, 0x70, - 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x2e, 0x47, 0x52, 0x50, 0x43, 0x52, 0x04, 0x67, 0x72, 0x70, 0x63, 0x12, 0x2f, 0x0a, 0x0c, 0x68, - 0x74, 0x74, 0x70, 0x5f, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, + 0x6c, 0x73, 0x2f, 0x76, 0x31, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x22, 0x83, 0x04, 0x0a, 0x09, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, + 0x12, 0x1f, 0x0a, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x07, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x06, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x12, 0x19, 0x0a, 0x04, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x05, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x52, 0x04, 0x64, 0x61, 0x74, 0x61, 0x12, 0x19, 0x0a, 0x04, + 0x61, 0x75, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x05, 0x2e, 0x41, 0x75, 0x74, + 0x68, 0x52, 0x04, 0x61, 0x75, 0x74, 0x68, 0x12, 0x3e, 0x0a, 0x0d, 0x6f, 0x62, 0x73, 0x65, 0x72, + 0x76, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, + 0x2e, 0x42, 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x2e, 0x4f, 0x62, 0x73, 0x65, 0x72, + 0x76, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x52, 0x0d, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, + 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x4c, 0x0a, 0x13, 0x63, 0x72, 0x65, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, + 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, + 0x73, 0x52, 0x12, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x33, 0x0a, 0x0a, 0x63, 0x61, 0x73, 0x5f, 0x73, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x42, 0x6f, 0x6f, 0x74, + 0x73, 0x74, 0x72, 0x61, 0x70, 0x2e, 0x43, 0x41, 0x53, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, + 0x09, 0x63, 0x61, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x1a, 0x86, 0x01, 0x0a, 0x0d, 0x4f, + 0x62, 0x73, 0x65, 0x72, 0x76, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x37, 0x0a, 0x06, + 0x73, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x42, + 0x6f, 0x6f, 0x74, 0x73, 0x74, 0x72, 0x61, 0x70, 0x2e, 0x4f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x61, + 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x2e, 0x53, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x73, + 0x65, 0x6e, 0x74, 0x72, 0x79, 0x1a, 0x3c, 0x0a, 0x06, 0x53, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x64, 0x73, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x64, 0x73, + 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x65, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, 0x65, 0x6e, 0x74, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x65, 0x6e, 0x76, 0x69, 0x72, 0x6f, 0x6e, 0x6d, + 0x65, 0x6e, 0x74, 0x1a, 0x53, 0x0a, 0x09, 0x43, 0x41, 0x53, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x12, 0x2a, 0x0a, 0x04, 0x67, 0x72, 0x70, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, + 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x47, 0x52, 0x50, 0x43, 0x42, 0x08, 0xfa, 0x42, + 0x05, 0x8a, 0x01, 0x02, 0x10, 0x01, 0x52, 0x04, 0x67, 0x72, 0x70, 0x63, 0x12, 0x1a, 0x0a, 0x08, + 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, + 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x22, 0x80, 0x03, 0x0a, 0x06, 0x53, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x12, 0x20, 0x0a, 0x04, 0x68, 0x74, 0x74, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, - 0x0b, 0x68, 0x74, 0x74, 0x70, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x1a, 0x8c, 0x01, 0x0a, - 0x04, 0x48, 0x54, 0x54, 0x50, 0x12, 0x18, 0x0a, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, - 0x12, 0x0a, 0x04, 0x61, 0x64, 0x64, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x61, - 0x64, 0x64, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, - 0x75, 0x72, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x65, 0x78, 0x74, 0x65, 0x72, - 0x6e, 0x61, 0x6c, 0x55, 0x72, 0x6c, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, - 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x04, 0x68, 0x74, 0x74, 0x70, 0x12, 0x20, 0x0a, 0x04, 0x67, 0x72, 0x70, 0x63, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x47, 0x52, 0x50, + 0x43, 0x52, 0x04, 0x67, 0x72, 0x70, 0x63, 0x12, 0x2f, 0x0a, 0x0c, 0x68, 0x74, 0x74, 0x70, 0x5f, + 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, + 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x0b, 0x68, 0x74, 0x74, + 0x70, 0x4d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x1a, 0x8c, 0x01, 0x0a, 0x04, 0x48, 0x54, 0x54, + 0x50, 0x12, 0x18, 0x0a, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x12, 0x0a, 0x04, 0x61, + 0x64, 0x64, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x61, 0x64, 0x64, 0x72, 0x12, + 0x21, 0x0a, 0x0c, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x75, 0x72, 0x6c, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x55, + 0x72, 0x6c, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, + 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x1a, 0x72, 0x0a, 0x04, 0x47, 0x52, 0x50, 0x43, 0x12, + 0x18, 0x0a, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x1b, 0x0a, 0x04, 0x61, 0x64, 0x64, + 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72, 0x02, 0x10, 0x01, + 0x52, 0x04, 0x61, 0x64, 0x64, 0x72, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, + 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x1a, 0x72, 0x0a, 0x04, 0x47, - 0x52, 0x50, 0x43, 0x12, 0x18, 0x0a, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x12, 0x1b, 0x0a, - 0x04, 0x61, 0x64, 0x64, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, - 0x72, 0x02, 0x10, 0x01, 0x52, 0x04, 0x61, 0x64, 0x64, 0x72, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x69, - 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, - 0x6e, 0x0a, 0x04, 0x44, 0x61, 0x74, 0x61, 0x12, 0x2a, 0x0a, 0x08, 0x64, 0x61, 0x74, 0x61, 0x62, - 0x61, 0x73, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x44, 0x61, 0x74, 0x61, - 0x2e, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x08, 0x64, 0x61, 0x74, 0x61, 0x62, - 0x61, 0x73, 0x65, 0x1a, 0x3a, 0x0a, 0x08, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x12, - 0x16, 0x0a, 0x06, 0x64, 0x72, 0x69, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x06, 0x64, 0x72, 0x69, 0x76, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x22, - 0xde, 0x02, 0x0a, 0x04, 0x41, 0x75, 0x74, 0x68, 0x12, 0x39, 0x0a, 0x19, 0x67, 0x65, 0x6e, 0x65, - 0x72, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x6a, 0x77, 0x73, 0x5f, 0x68, 0x6d, 0x61, 0x63, 0x5f, 0x73, - 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x67, 0x65, 0x6e, - 0x65, 0x72, 0x61, 0x74, 0x65, 0x64, 0x4a, 0x77, 0x73, 0x48, 0x6d, 0x61, 0x63, 0x53, 0x65, 0x63, - 0x72, 0x65, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6c, 0x69, 0x73, - 0x74, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4c, 0x69, - 0x73, 0x74, 0x12, 0x49, 0x0a, 0x22, 0x63, 0x61, 0x73, 0x5f, 0x72, 0x6f, 0x62, 0x6f, 0x74, 0x5f, - 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, - 0x6b, 0x65, 0x79, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1d, - 0x63, 0x61, 0x73, 0x52, 0x6f, 0x62, 0x6f, 0x74, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x50, - 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x74, 0x68, 0x12, 0x1e, 0x0a, - 0x04, 0x6f, 0x69, 0x64, 0x63, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x41, 0x75, - 0x74, 0x68, 0x2e, 0x4f, 0x49, 0x44, 0x43, 0x52, 0x04, 0x6f, 0x69, 0x64, 0x63, 0x1a, 0x90, 0x01, - 0x0a, 0x04, 0x4f, 0x49, 0x44, 0x43, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x1b, - 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x23, 0x0a, 0x0d, 0x63, - 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0c, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, - 0x12, 0x2e, 0x0a, 0x13, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x75, 0x72, 0x6c, - 0x5f, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x72, - 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x55, 0x72, 0x6c, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x65, - 0x22, 0xbc, 0x05, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, - 0x12, 0x4d, 0x0a, 0x12, 0x61, 0x77, 0x73, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x6d, - 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x43, - 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x41, 0x57, 0x53, 0x53, 0x65, - 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x48, 0x00, 0x52, 0x10, 0x61, - 0x77, 0x73, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x12, - 0x2a, 0x0a, 0x05, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, - 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x56, 0x61, 0x75, - 0x6c, 0x74, 0x48, 0x00, 0x52, 0x05, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x4d, 0x0a, 0x12, 0x67, - 0x63, 0x70, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, - 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x47, 0x43, 0x50, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, - 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x48, 0x00, 0x52, 0x10, 0x67, 0x63, 0x70, 0x53, 0x65, 0x63, - 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x1a, 0xd1, 0x01, 0x0a, 0x10, 0x41, - 0x57, 0x53, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x12, - 0x39, 0x0a, 0x05, 0x63, 0x72, 0x65, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, - 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x41, 0x57, 0x53, - 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x43, 0x72, - 0x65, 0x64, 0x73, 0x52, 0x05, 0x63, 0x72, 0x65, 0x64, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, - 0x67, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x67, 0x69, - 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x70, 0x72, 0x65, - 0x66, 0x69, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x73, 0x65, 0x63, 0x72, 0x65, - 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x1a, 0x45, 0x0a, 0x05, 0x43, 0x72, 0x65, 0x64, 0x73, - 0x12, 0x1d, 0x0a, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, 0x12, - 0x1d, 0x0a, 0x0a, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, 0x1a, 0x7b, - 0x0a, 0x05, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x18, 0x0a, - 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, - 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x6f, 0x75, 0x6e, 0x74, - 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6d, 0x6f, 0x75, - 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68, 0x12, 0x23, 0x0a, 0x0d, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, - 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x73, - 0x65, 0x63, 0x72, 0x65, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x1a, 0x86, 0x01, 0x0a, 0x10, - 0x47, 0x43, 0x50, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, - 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, - 0x2e, 0x0a, 0x13, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, - 0x6e, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x73, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x4b, 0x65, 0x79, 0x12, - 0x23, 0x0a, 0x0d, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x50, 0x72, - 0x65, 0x66, 0x69, 0x78, 0x42, 0x09, 0x0a, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x42, - 0x48, 0x5a, 0x46, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x68, - 0x61, 0x69, 0x6e, 0x6c, 0x6f, 0x6f, 0x70, 0x2d, 0x64, 0x65, 0x76, 0x2f, 0x63, 0x68, 0x61, 0x69, - 0x6e, 0x6c, 0x6f, 0x6f, 0x70, 0x2f, 0x61, 0x70, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, - 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, - 0x63, 0x6f, 0x6e, 0x66, 0x3b, 0x63, 0x6f, 0x6e, 0x66, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x6f, 0x6e, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x22, 0x6e, 0x0a, 0x04, 0x44, + 0x61, 0x74, 0x61, 0x12, 0x2a, 0x0a, 0x08, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0e, 0x2e, 0x44, 0x61, 0x74, 0x61, 0x2e, 0x44, 0x61, 0x74, + 0x61, 0x62, 0x61, 0x73, 0x65, 0x52, 0x08, 0x64, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x1a, + 0x3a, 0x0a, 0x08, 0x44, 0x61, 0x74, 0x61, 0x62, 0x61, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x64, + 0x72, 0x69, 0x76, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, 0x72, 0x69, + 0x76, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x22, 0xde, 0x02, 0x0a, 0x04, + 0x41, 0x75, 0x74, 0x68, 0x12, 0x39, 0x0a, 0x19, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, + 0x64, 0x5f, 0x6a, 0x77, 0x73, 0x5f, 0x68, 0x6d, 0x61, 0x63, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, + 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, + 0x65, 0x64, 0x4a, 0x77, 0x73, 0x48, 0x6d, 0x61, 0x63, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x12, + 0x1d, 0x0a, 0x0a, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x18, 0x03, 0x20, + 0x03, 0x28, 0x09, 0x52, 0x09, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x49, + 0x0a, 0x22, 0x63, 0x61, 0x73, 0x5f, 0x72, 0x6f, 0x62, 0x6f, 0x74, 0x5f, 0x61, 0x63, 0x63, 0x6f, + 0x75, 0x6e, 0x74, 0x5f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, + 0x70, 0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1d, 0x63, 0x61, 0x73, 0x52, + 0x6f, 0x62, 0x6f, 0x74, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x72, 0x69, 0x76, 0x61, + 0x74, 0x65, 0x4b, 0x65, 0x79, 0x50, 0x61, 0x74, 0x68, 0x12, 0x1e, 0x0a, 0x04, 0x6f, 0x69, 0x64, + 0x63, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0a, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x2e, 0x4f, + 0x49, 0x44, 0x43, 0x52, 0x04, 0x6f, 0x69, 0x64, 0x63, 0x1a, 0x90, 0x01, 0x0a, 0x04, 0x4f, 0x49, + 0x44, 0x43, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6c, + 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, + 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x6c, 0x69, 0x65, 0x6e, + 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, + 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x12, 0x2e, 0x0a, 0x13, + 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x75, 0x72, 0x6c, 0x5f, 0x73, 0x63, 0x68, + 0x65, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x72, 0x65, 0x64, 0x69, 0x72, + 0x65, 0x63, 0x74, 0x55, 0x72, 0x6c, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x42, 0x48, 0x5a, 0x46, + 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x68, 0x61, 0x69, 0x6e, + 0x6c, 0x6f, 0x6f, 0x70, 0x2d, 0x64, 0x65, 0x76, 0x2f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x6c, 0x6f, + 0x6f, 0x70, 0x2f, 0x61, 0x70, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, + 0x61, 0x6e, 0x65, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x63, 0x6f, 0x6e, + 0x66, 0x3b, 0x63, 0x6f, 0x6e, 0x66, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1242,51 +844,43 @@ func file_conf_proto_rawDescGZIP() []byte { return file_conf_proto_rawDescData } -var file_conf_proto_msgTypes = make([]protoimpl.MessageInfo, 16) +var file_conf_proto_msgTypes = make([]protoimpl.MessageInfo, 11) var file_conf_proto_goTypes = []interface{}{ - (*Bootstrap)(nil), // 0: Bootstrap - (*Server)(nil), // 1: Server - (*Data)(nil), // 2: Data - (*Auth)(nil), // 3: Auth - (*Credentials)(nil), // 4: Credentials - (*Bootstrap_Observability)(nil), // 5: Bootstrap.Observability - (*Bootstrap_CASServer)(nil), // 6: Bootstrap.CASServer - (*Bootstrap_Observability_Sentry)(nil), // 7: Bootstrap.Observability.Sentry - (*Server_HTTP)(nil), // 8: Server.HTTP - (*Server_GRPC)(nil), // 9: Server.GRPC - (*Data_Database)(nil), // 10: Data.Database - (*Auth_OIDC)(nil), // 11: Auth.OIDC - (*Credentials_AWSSecretManager)(nil), // 12: Credentials.AWSSecretManager - (*Credentials_Vault)(nil), // 13: Credentials.Vault - (*Credentials_GCPSecretManager)(nil), // 14: Credentials.GCPSecretManager - (*Credentials_AWSSecretManager_Creds)(nil), // 15: Credentials.AWSSecretManager.Creds - (*durationpb.Duration)(nil), // 16: google.protobuf.Duration + (*Bootstrap)(nil), // 0: Bootstrap + (*Server)(nil), // 1: Server + (*Data)(nil), // 2: Data + (*Auth)(nil), // 3: Auth + (*Bootstrap_Observability)(nil), // 4: Bootstrap.Observability + (*Bootstrap_CASServer)(nil), // 5: Bootstrap.CASServer + (*Bootstrap_Observability_Sentry)(nil), // 6: Bootstrap.Observability.Sentry + (*Server_HTTP)(nil), // 7: Server.HTTP + (*Server_GRPC)(nil), // 8: Server.GRPC + (*Data_Database)(nil), // 9: Data.Database + (*Auth_OIDC)(nil), // 10: Auth.OIDC + (*v1.Credentials)(nil), // 11: credentials.v1.Credentials + (*durationpb.Duration)(nil), // 12: google.protobuf.Duration } var file_conf_proto_depIdxs = []int32{ 1, // 0: Bootstrap.server:type_name -> Server 2, // 1: Bootstrap.data:type_name -> Data 3, // 2: Bootstrap.auth:type_name -> Auth - 5, // 3: Bootstrap.observability:type_name -> Bootstrap.Observability - 4, // 4: Bootstrap.credentials_service:type_name -> Credentials - 6, // 5: Bootstrap.cas_server:type_name -> Bootstrap.CASServer - 8, // 6: Server.http:type_name -> Server.HTTP - 9, // 7: Server.grpc:type_name -> Server.GRPC - 8, // 8: Server.http_metrics:type_name -> Server.HTTP - 10, // 9: Data.database:type_name -> Data.Database - 11, // 10: Auth.oidc:type_name -> Auth.OIDC - 12, // 11: Credentials.aws_secret_manager:type_name -> Credentials.AWSSecretManager - 13, // 12: Credentials.vault:type_name -> Credentials.Vault - 14, // 13: Credentials.gcp_secret_manager:type_name -> Credentials.GCPSecretManager - 7, // 14: Bootstrap.Observability.sentry:type_name -> Bootstrap.Observability.Sentry - 9, // 15: Bootstrap.CASServer.grpc:type_name -> Server.GRPC - 16, // 16: Server.HTTP.timeout:type_name -> google.protobuf.Duration - 16, // 17: Server.GRPC.timeout:type_name -> google.protobuf.Duration - 15, // 18: Credentials.AWSSecretManager.creds:type_name -> Credentials.AWSSecretManager.Creds - 19, // [19:19] is the sub-list for method output_type - 19, // [19:19] is the sub-list for method input_type - 19, // [19:19] is the sub-list for extension type_name - 19, // [19:19] is the sub-list for extension extendee - 0, // [0:19] is the sub-list for field type_name + 4, // 3: Bootstrap.observability:type_name -> Bootstrap.Observability + 11, // 4: Bootstrap.credentials_service:type_name -> credentials.v1.Credentials + 5, // 5: Bootstrap.cas_server:type_name -> Bootstrap.CASServer + 7, // 6: Server.http:type_name -> Server.HTTP + 8, // 7: Server.grpc:type_name -> Server.GRPC + 7, // 8: Server.http_metrics:type_name -> Server.HTTP + 9, // 9: Data.database:type_name -> Data.Database + 10, // 10: Auth.oidc:type_name -> Auth.OIDC + 6, // 11: Bootstrap.Observability.sentry:type_name -> Bootstrap.Observability.Sentry + 8, // 12: Bootstrap.CASServer.grpc:type_name -> Server.GRPC + 12, // 13: Server.HTTP.timeout:type_name -> google.protobuf.Duration + 12, // 14: Server.GRPC.timeout:type_name -> google.protobuf.Duration + 15, // [15:15] is the sub-list for method output_type + 15, // [15:15] is the sub-list for method input_type + 15, // [15:15] is the sub-list for extension type_name + 15, // [15:15] is the sub-list for extension extendee + 0, // [0:15] is the sub-list for field type_name } func init() { file_conf_proto_init() } @@ -1344,18 +938,6 @@ func file_conf_proto_init() { } } file_conf_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Credentials); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_conf_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Bootstrap_Observability); i { case 0: return &v.state @@ -1367,7 +949,7 @@ func file_conf_proto_init() { return nil } } - file_conf_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + file_conf_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Bootstrap_CASServer); i { case 0: return &v.state @@ -1379,7 +961,7 @@ func file_conf_proto_init() { return nil } } - file_conf_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + file_conf_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Bootstrap_Observability_Sentry); i { case 0: return &v.state @@ -1391,7 +973,7 @@ func file_conf_proto_init() { return nil } } - file_conf_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + file_conf_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Server_HTTP); i { case 0: return &v.state @@ -1403,7 +985,7 @@ func file_conf_proto_init() { return nil } } - file_conf_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + file_conf_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Server_GRPC); i { case 0: return &v.state @@ -1415,7 +997,7 @@ func file_conf_proto_init() { return nil } } - file_conf_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { + file_conf_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Data_Database); i { case 0: return &v.state @@ -1427,7 +1009,7 @@ func file_conf_proto_init() { return nil } } - file_conf_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { + file_conf_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Auth_OIDC); i { case 0: return &v.state @@ -1439,59 +1021,6 @@ func file_conf_proto_init() { return nil } } - file_conf_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Credentials_AWSSecretManager); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_conf_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Credentials_Vault); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_conf_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Credentials_GCPSecretManager); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_conf_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Credentials_AWSSecretManager_Creds); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_conf_proto_msgTypes[4].OneofWrappers = []interface{}{ - (*Credentials_AwsSecretManager)(nil), - (*Credentials_Vault_)(nil), - (*Credentials_GcpSecretManager)(nil), } type x struct{} out := protoimpl.TypeBuilder{ @@ -1499,7 +1028,7 @@ func file_conf_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_conf_proto_rawDesc, NumEnums: 0, - NumMessages: 16, + NumMessages: 11, NumExtensions: 0, NumServices: 0, }, diff --git a/app/controlplane/internal/conf/conf.pb.validate.go b/app/controlplane/internal/conf/conf.pb.validate.go index 375d376fd..e57cd8289 100644 --- a/app/controlplane/internal/conf/conf.pb.validate.go +++ b/app/controlplane/internal/conf/conf.pb.validate.go @@ -751,233 +751,6 @@ var _ interface { ErrorName() string } = AuthValidationError{} -// Validate checks the field values on Credentials with the rules defined in -// the proto definition for this message. If any rules are violated, the first -// error encountered is returned, or nil if there are no violations. -func (m *Credentials) Validate() error { - return m.validate(false) -} - -// ValidateAll checks the field values on Credentials with the rules defined in -// the proto definition for this message. If any rules are violated, the -// result is a list of violation errors wrapped in CredentialsMultiError, or -// nil if none found. -func (m *Credentials) ValidateAll() error { - return m.validate(true) -} - -func (m *Credentials) validate(all bool) error { - if m == nil { - return nil - } - - var errors []error - - switch v := m.Backend.(type) { - case *Credentials_AwsSecretManager: - if v == nil { - err := CredentialsValidationError{ - field: "Backend", - reason: "oneof value cannot be a typed-nil", - } - if !all { - return err - } - errors = append(errors, err) - } - - if all { - switch v := interface{}(m.GetAwsSecretManager()).(type) { - case interface{ ValidateAll() error }: - if err := v.ValidateAll(); err != nil { - errors = append(errors, CredentialsValidationError{ - field: "AwsSecretManager", - reason: "embedded message failed validation", - cause: err, - }) - } - case interface{ Validate() error }: - if err := v.Validate(); err != nil { - errors = append(errors, CredentialsValidationError{ - field: "AwsSecretManager", - reason: "embedded message failed validation", - cause: err, - }) - } - } - } else if v, ok := interface{}(m.GetAwsSecretManager()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return CredentialsValidationError{ - field: "AwsSecretManager", - reason: "embedded message failed validation", - cause: err, - } - } - } - - case *Credentials_Vault_: - if v == nil { - err := CredentialsValidationError{ - field: "Backend", - reason: "oneof value cannot be a typed-nil", - } - if !all { - return err - } - errors = append(errors, err) - } - - if all { - switch v := interface{}(m.GetVault()).(type) { - case interface{ ValidateAll() error }: - if err := v.ValidateAll(); err != nil { - errors = append(errors, CredentialsValidationError{ - field: "Vault", - reason: "embedded message failed validation", - cause: err, - }) - } - case interface{ Validate() error }: - if err := v.Validate(); err != nil { - errors = append(errors, CredentialsValidationError{ - field: "Vault", - reason: "embedded message failed validation", - cause: err, - }) - } - } - } else if v, ok := interface{}(m.GetVault()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return CredentialsValidationError{ - field: "Vault", - reason: "embedded message failed validation", - cause: err, - } - } - } - - case *Credentials_GcpSecretManager: - if v == nil { - err := CredentialsValidationError{ - field: "Backend", - reason: "oneof value cannot be a typed-nil", - } - if !all { - return err - } - errors = append(errors, err) - } - - if all { - switch v := interface{}(m.GetGcpSecretManager()).(type) { - case interface{ ValidateAll() error }: - if err := v.ValidateAll(); err != nil { - errors = append(errors, CredentialsValidationError{ - field: "GcpSecretManager", - reason: "embedded message failed validation", - cause: err, - }) - } - case interface{ Validate() error }: - if err := v.Validate(); err != nil { - errors = append(errors, CredentialsValidationError{ - field: "GcpSecretManager", - reason: "embedded message failed validation", - cause: err, - }) - } - } - } else if v, ok := interface{}(m.GetGcpSecretManager()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return CredentialsValidationError{ - field: "GcpSecretManager", - reason: "embedded message failed validation", - cause: err, - } - } - } - - default: - _ = v // ensures v is used - } - - if len(errors) > 0 { - return CredentialsMultiError(errors) - } - - return nil -} - -// CredentialsMultiError is an error wrapping multiple validation errors -// returned by Credentials.ValidateAll() if the designated constraints aren't met. -type CredentialsMultiError []error - -// Error returns a concatenation of all the error messages it wraps. -func (m CredentialsMultiError) Error() string { - var msgs []string - for _, err := range m { - msgs = append(msgs, err.Error()) - } - return strings.Join(msgs, "; ") -} - -// AllErrors returns a list of validation violation errors. -func (m CredentialsMultiError) AllErrors() []error { return m } - -// CredentialsValidationError is the validation error returned by -// Credentials.Validate if the designated constraints aren't met. -type CredentialsValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e CredentialsValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e CredentialsValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e CredentialsValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e CredentialsValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e CredentialsValidationError) ErrorName() string { return "CredentialsValidationError" } - -// Error satisfies the builtin error interface -func (e CredentialsValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sCredentials.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = CredentialsValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = CredentialsValidationError{} - // Validate checks the field values on Bootstrap_Observability with the rules // defined in the proto definition for this message. If any rules are // violated, the first error encountered is returned, or nil if there are no violations. @@ -1845,467 +1618,3 @@ var _ interface { Cause() error ErrorName() string } = Auth_OIDCValidationError{} - -// Validate checks the field values on Credentials_AWSSecretManager with the -// rules defined in the proto definition for this message. If any rules are -// violated, the first error encountered is returned, or nil if there are no violations. -func (m *Credentials_AWSSecretManager) Validate() error { - return m.validate(false) -} - -// ValidateAll checks the field values on Credentials_AWSSecretManager with the -// rules defined in the proto definition for this message. If any rules are -// violated, the result is a list of violation errors wrapped in -// Credentials_AWSSecretManagerMultiError, or nil if none found. -func (m *Credentials_AWSSecretManager) ValidateAll() error { - return m.validate(true) -} - -func (m *Credentials_AWSSecretManager) validate(all bool) error { - if m == nil { - return nil - } - - var errors []error - - if all { - switch v := interface{}(m.GetCreds()).(type) { - case interface{ ValidateAll() error }: - if err := v.ValidateAll(); err != nil { - errors = append(errors, Credentials_AWSSecretManagerValidationError{ - field: "Creds", - reason: "embedded message failed validation", - cause: err, - }) - } - case interface{ Validate() error }: - if err := v.Validate(); err != nil { - errors = append(errors, Credentials_AWSSecretManagerValidationError{ - field: "Creds", - reason: "embedded message failed validation", - cause: err, - }) - } - } - } else if v, ok := interface{}(m.GetCreds()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return Credentials_AWSSecretManagerValidationError{ - field: "Creds", - reason: "embedded message failed validation", - cause: err, - } - } - } - - // no validation rules for Region - - // no validation rules for SecretPrefix - - if len(errors) > 0 { - return Credentials_AWSSecretManagerMultiError(errors) - } - - return nil -} - -// Credentials_AWSSecretManagerMultiError is an error wrapping multiple -// validation errors returned by Credentials_AWSSecretManager.ValidateAll() if -// the designated constraints aren't met. -type Credentials_AWSSecretManagerMultiError []error - -// Error returns a concatenation of all the error messages it wraps. -func (m Credentials_AWSSecretManagerMultiError) Error() string { - var msgs []string - for _, err := range m { - msgs = append(msgs, err.Error()) - } - return strings.Join(msgs, "; ") -} - -// AllErrors returns a list of validation violation errors. -func (m Credentials_AWSSecretManagerMultiError) AllErrors() []error { return m } - -// Credentials_AWSSecretManagerValidationError is the validation error returned -// by Credentials_AWSSecretManager.Validate if the designated constraints -// aren't met. -type Credentials_AWSSecretManagerValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e Credentials_AWSSecretManagerValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e Credentials_AWSSecretManagerValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e Credentials_AWSSecretManagerValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e Credentials_AWSSecretManagerValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e Credentials_AWSSecretManagerValidationError) ErrorName() string { - return "Credentials_AWSSecretManagerValidationError" -} - -// Error satisfies the builtin error interface -func (e Credentials_AWSSecretManagerValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sCredentials_AWSSecretManager.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = Credentials_AWSSecretManagerValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = Credentials_AWSSecretManagerValidationError{} - -// Validate checks the field values on Credentials_Vault with the rules defined -// in the proto definition for this message. If any rules are violated, the -// first error encountered is returned, or nil if there are no violations. -func (m *Credentials_Vault) Validate() error { - return m.validate(false) -} - -// ValidateAll checks the field values on Credentials_Vault with the rules -// defined in the proto definition for this message. If any rules are -// violated, the result is a list of violation errors wrapped in -// Credentials_VaultMultiError, or nil if none found. -func (m *Credentials_Vault) ValidateAll() error { - return m.validate(true) -} - -func (m *Credentials_Vault) validate(all bool) error { - if m == nil { - return nil - } - - var errors []error - - // no validation rules for Token - - // no validation rules for Address - - // no validation rules for MountPath - - // no validation rules for SecretPrefix - - if len(errors) > 0 { - return Credentials_VaultMultiError(errors) - } - - return nil -} - -// Credentials_VaultMultiError is an error wrapping multiple validation errors -// returned by Credentials_Vault.ValidateAll() if the designated constraints -// aren't met. -type Credentials_VaultMultiError []error - -// Error returns a concatenation of all the error messages it wraps. -func (m Credentials_VaultMultiError) Error() string { - var msgs []string - for _, err := range m { - msgs = append(msgs, err.Error()) - } - return strings.Join(msgs, "; ") -} - -// AllErrors returns a list of validation violation errors. -func (m Credentials_VaultMultiError) AllErrors() []error { return m } - -// Credentials_VaultValidationError is the validation error returned by -// Credentials_Vault.Validate if the designated constraints aren't met. -type Credentials_VaultValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e Credentials_VaultValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e Credentials_VaultValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e Credentials_VaultValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e Credentials_VaultValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e Credentials_VaultValidationError) ErrorName() string { - return "Credentials_VaultValidationError" -} - -// Error satisfies the builtin error interface -func (e Credentials_VaultValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sCredentials_Vault.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = Credentials_VaultValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = Credentials_VaultValidationError{} - -// Validate checks the field values on Credentials_GCPSecretManager with the -// rules defined in the proto definition for this message. If any rules are -// violated, the first error encountered is returned, or nil if there are no violations. -func (m *Credentials_GCPSecretManager) Validate() error { - return m.validate(false) -} - -// ValidateAll checks the field values on Credentials_GCPSecretManager with the -// rules defined in the proto definition for this message. If any rules are -// violated, the result is a list of violation errors wrapped in -// Credentials_GCPSecretManagerMultiError, or nil if none found. -func (m *Credentials_GCPSecretManager) ValidateAll() error { - return m.validate(true) -} - -func (m *Credentials_GCPSecretManager) validate(all bool) error { - if m == nil { - return nil - } - - var errors []error - - // no validation rules for ProjectId - - // no validation rules for ServiceAccountKey - - // no validation rules for SecretPrefix - - if len(errors) > 0 { - return Credentials_GCPSecretManagerMultiError(errors) - } - - return nil -} - -// Credentials_GCPSecretManagerMultiError is an error wrapping multiple -// validation errors returned by Credentials_GCPSecretManager.ValidateAll() if -// the designated constraints aren't met. -type Credentials_GCPSecretManagerMultiError []error - -// Error returns a concatenation of all the error messages it wraps. -func (m Credentials_GCPSecretManagerMultiError) Error() string { - var msgs []string - for _, err := range m { - msgs = append(msgs, err.Error()) - } - return strings.Join(msgs, "; ") -} - -// AllErrors returns a list of validation violation errors. -func (m Credentials_GCPSecretManagerMultiError) AllErrors() []error { return m } - -// Credentials_GCPSecretManagerValidationError is the validation error returned -// by Credentials_GCPSecretManager.Validate if the designated constraints -// aren't met. -type Credentials_GCPSecretManagerValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e Credentials_GCPSecretManagerValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e Credentials_GCPSecretManagerValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e Credentials_GCPSecretManagerValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e Credentials_GCPSecretManagerValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e Credentials_GCPSecretManagerValidationError) ErrorName() string { - return "Credentials_GCPSecretManagerValidationError" -} - -// Error satisfies the builtin error interface -func (e Credentials_GCPSecretManagerValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sCredentials_GCPSecretManager.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = Credentials_GCPSecretManagerValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = Credentials_GCPSecretManagerValidationError{} - -// Validate checks the field values on Credentials_AWSSecretManager_Creds with -// the rules defined in the proto definition for this message. If any rules -// are violated, the first error encountered is returned, or nil if there are -// no violations. -func (m *Credentials_AWSSecretManager_Creds) Validate() error { - return m.validate(false) -} - -// ValidateAll checks the field values on Credentials_AWSSecretManager_Creds -// with the rules defined in the proto definition for this message. If any -// rules are violated, the result is a list of violation errors wrapped in -// Credentials_AWSSecretManager_CredsMultiError, or nil if none found. -func (m *Credentials_AWSSecretManager_Creds) ValidateAll() error { - return m.validate(true) -} - -func (m *Credentials_AWSSecretManager_Creds) validate(all bool) error { - if m == nil { - return nil - } - - var errors []error - - // no validation rules for AccessKey - - // no validation rules for SecretKey - - if len(errors) > 0 { - return Credentials_AWSSecretManager_CredsMultiError(errors) - } - - return nil -} - -// Credentials_AWSSecretManager_CredsMultiError is an error wrapping multiple -// validation errors returned by -// Credentials_AWSSecretManager_Creds.ValidateAll() if the designated -// constraints aren't met. -type Credentials_AWSSecretManager_CredsMultiError []error - -// Error returns a concatenation of all the error messages it wraps. -func (m Credentials_AWSSecretManager_CredsMultiError) Error() string { - var msgs []string - for _, err := range m { - msgs = append(msgs, err.Error()) - } - return strings.Join(msgs, "; ") -} - -// AllErrors returns a list of validation violation errors. -func (m Credentials_AWSSecretManager_CredsMultiError) AllErrors() []error { return m } - -// Credentials_AWSSecretManager_CredsValidationError is the validation error -// returned by Credentials_AWSSecretManager_Creds.Validate if the designated -// constraints aren't met. -type Credentials_AWSSecretManager_CredsValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e Credentials_AWSSecretManager_CredsValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e Credentials_AWSSecretManager_CredsValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e Credentials_AWSSecretManager_CredsValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e Credentials_AWSSecretManager_CredsValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e Credentials_AWSSecretManager_CredsValidationError) ErrorName() string { - return "Credentials_AWSSecretManager_CredsValidationError" -} - -// Error satisfies the builtin error interface -func (e Credentials_AWSSecretManager_CredsValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sCredentials_AWSSecretManager_Creds.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = Credentials_AWSSecretManager_CredsValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = Credentials_AWSSecretManager_CredsValidationError{} diff --git a/app/controlplane/internal/conf/conf.proto b/app/controlplane/internal/conf/conf.proto index 9304d6300..cd452fcd6 100644 --- a/app/controlplane/internal/conf/conf.proto +++ b/app/controlplane/internal/conf/conf.proto @@ -19,13 +19,14 @@ option go_package = "github.com/chainloop-dev/chainloop/app/controlplane/interna import "google/protobuf/duration.proto"; import "validate/validate.proto"; +import "credentials/v1/config.proto"; message Bootstrap { Server server = 1; Data data = 2; Auth auth = 3; Observability observability = 4; - Credentials credentials_service = 5; + credentials.v1.Credentials credentials_service = 5; // CAS Server endpoint CASServer cas_server = 6; @@ -90,45 +91,3 @@ message Auth { string redirect_url_scheme = 4; } } - -message Credentials { - oneof backend { - AWSSecretManager aws_secret_manager = 1; - Vault vault = 2; - GCPSecretManager gcp_secret_manager = 3; - } - - // Top level is deprecated now - message AWSSecretManager { - Creds creds = 1; - string region = 2; - // Secret prefix to be prepended during secret write - string secret_prefix = 3; - - message Creds { - string access_key = 1; - string secret_key = 2; - } - } - - message Vault { - // TODO: Use application role auth instead - string token = 1; - // Instance address, including port - // i.e "http://127.0.0.1:8200" - string address = 2; - // mount path of the kv engine, default /secret - string mount_path = 3; - // Secret prefix to be prepended during secret write - string secret_prefix = 4; - } - - message GCPSecretManager { - // project number - string project_id = 1; - // service account key - string service_account_key = 2; - // Secret prefix to be prepended during secret write - string secret_prefix = 3; - } -} \ No newline at end of file diff --git a/buf.work.yaml b/buf.work.yaml index 9f3518ba3..c25c53dc1 100644 --- a/buf.work.yaml +++ b/buf.work.yaml @@ -3,3 +3,4 @@ directories: - app/cli/api - app/controlplane/api - app/artifact-cas/api + - internal/credentials/api diff --git a/internal/credentials/api/buf.gen.yaml b/internal/credentials/api/buf.gen.yaml new file mode 100644 index 000000000..404d2d082 --- /dev/null +++ b/internal/credentials/api/buf.gen.yaml @@ -0,0 +1,5 @@ +version: v1 +plugins: + - name: go + out: . + opt: paths=source_relative diff --git a/internal/credentials/api/buf.lock b/internal/credentials/api/buf.lock new file mode 100644 index 000000000..c3e490630 --- /dev/null +++ b/internal/credentials/api/buf.lock @@ -0,0 +1,7 @@ +# Generated by buf. DO NOT EDIT. +version: v1 +deps: + - remote: buf.build + owner: googleapis + repository: googleapis + commit: cc916c31859748a68fd229a3c8d7a2e8 diff --git a/internal/credentials/api/buf.yaml b/internal/credentials/api/buf.yaml new file mode 100644 index 000000000..31171d32d --- /dev/null +++ b/internal/credentials/api/buf.yaml @@ -0,0 +1,9 @@ +version: v1 +breaking: + use: + - FILE +deps: + - buf.build/googleapis/googleapis +lint: + use: + - DEFAULT \ No newline at end of file diff --git a/internal/credentials/api/credentials/v1/config.go b/internal/credentials/api/credentials/v1/config.go new file mode 100644 index 000000000..d2498d0c1 --- /dev/null +++ b/internal/credentials/api/credentials/v1/config.go @@ -0,0 +1,106 @@ +// +// Copyright 2023 The Chainloop Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1 + +import ( + "errors" + "fmt" + + "github.com/chainloop-dev/chainloop/internal/credentials" + "github.com/chainloop-dev/chainloop/internal/credentials/aws" + "github.com/chainloop-dev/chainloop/internal/credentials/gcp" + "github.com/chainloop-dev/chainloop/internal/credentials/vault" + "github.com/go-kratos/kratos/v2/log" +) + +func NewFromConfig(conf *Credentials, l log.Logger) (credentials.ReaderWriter, error) { + awsc, vaultc, gcpc := conf.GetAwsSecretManager(), conf.GetVault(), conf.GetGcpSecretManager() + if awsc == nil && vaultc == nil && gcpc == nil { + return nil, errors.New("no credentials manager configuration found") + } + + if awsc != nil { + return newAWSCredentialsManager(awsc, l) + } + + if gcpc != nil { + return newGCPCredentialsManager(gcpc, l) + } + + return newVaultCredentialsManager(vaultc, l) +} + +func newAWSCredentialsManager(conf *Credentials_AWSSecretManager, l log.Logger) (*aws.Manager, error) { + if conf == nil { + return nil, errors.New("uncompleted configuration for AWS secret manager") + } + + opts := &aws.NewManagerOpts{ + Region: conf.Region, + AccessKey: conf.GetCreds().GetAccessKey(), SecretKey: conf.GetCreds().GetSecretKey(), + Logger: l, + } + + m, err := aws.NewManager(opts) + if err != nil { + return nil, fmt.Errorf("configuring the secrets manager: %w", err) + } + + _ = l.Log(log.LevelInfo, "msg", "secrets manager configured", "backend", "AWS secret manager") + + return m, nil +} + +func newVaultCredentialsManager(conf *Credentials_Vault, l log.Logger) (*vault.Manager, error) { + if conf == nil { + return nil, errors.New("uncompleted configuration for vault credentials manager") + } + + opts := &vault.NewManagerOpts{ + AuthToken: conf.Token, Address: conf.Address, + MountPath: conf.MountPath, Logger: l, + } + + m, err := vault.NewManager(opts) + if err != nil { + return nil, fmt.Errorf("configuring vault: %w", err) + } + + _ = l.Log(log.LevelInfo, "msg", "secrets manager configured", "backend", "Vault") + + return m, nil +} + +func newGCPCredentialsManager(conf *Credentials_GCPSecretManager, l log.Logger) (*gcp.Manager, error) { + if conf == nil { + return nil, errors.New("uncompleted configuration for GCP secret manager") + } + + opts := &gcp.NewManagerOpts{ + ProjectID: conf.ProjectId, + ServiceAccountKey: conf.ServiceAccountKey, + Logger: l, + } + + m, err := gcp.NewManager(opts) + if err != nil { + return nil, fmt.Errorf("configuring the GCP secret manager: %w", err) + } + + _ = l.Log(log.LevelInfo, "msg", "secrets manager configured", "backend", "GCP secret manager") + + return m, nil +} diff --git a/internal/credentials/api/credentials/v1/config.pb.go b/internal/credentials/api/credentials/v1/config.pb.go new file mode 100644 index 000000000..44671b318 --- /dev/null +++ b/internal/credentials/api/credentials/v1/config.pb.go @@ -0,0 +1,546 @@ +// +// Copyright 2023 The Chainloop Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.30.0 +// protoc (unknown) +// source: credentials/v1/config.proto + +package v1 + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// Where the credentials to access the backends are stored +type Credentials struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Types that are assignable to Backend: + // + // *Credentials_AwsSecretManager + // *Credentials_Vault_ + // *Credentials_GcpSecretManager + Backend isCredentials_Backend `protobuf_oneof:"backend"` +} + +func (x *Credentials) Reset() { + *x = Credentials{} + if protoimpl.UnsafeEnabled { + mi := &file_credentials_v1_config_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Credentials) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Credentials) ProtoMessage() {} + +func (x *Credentials) ProtoReflect() protoreflect.Message { + mi := &file_credentials_v1_config_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Credentials.ProtoReflect.Descriptor instead. +func (*Credentials) Descriptor() ([]byte, []int) { + return file_credentials_v1_config_proto_rawDescGZIP(), []int{0} +} + +func (m *Credentials) GetBackend() isCredentials_Backend { + if m != nil { + return m.Backend + } + return nil +} + +func (x *Credentials) GetAwsSecretManager() *Credentials_AWSSecretManager { + if x, ok := x.GetBackend().(*Credentials_AwsSecretManager); ok { + return x.AwsSecretManager + } + return nil +} + +func (x *Credentials) GetVault() *Credentials_Vault { + if x, ok := x.GetBackend().(*Credentials_Vault_); ok { + return x.Vault + } + return nil +} + +func (x *Credentials) GetGcpSecretManager() *Credentials_GCPSecretManager { + if x, ok := x.GetBackend().(*Credentials_GcpSecretManager); ok { + return x.GcpSecretManager + } + return nil +} + +type isCredentials_Backend interface { + isCredentials_Backend() +} + +type Credentials_AwsSecretManager struct { + AwsSecretManager *Credentials_AWSSecretManager `protobuf:"bytes,1,opt,name=aws_secret_manager,json=awsSecretManager,proto3,oneof"` +} + +type Credentials_Vault_ struct { + Vault *Credentials_Vault `protobuf:"bytes,2,opt,name=vault,proto3,oneof"` +} + +type Credentials_GcpSecretManager struct { + GcpSecretManager *Credentials_GCPSecretManager `protobuf:"bytes,3,opt,name=gcp_secret_manager,json=gcpSecretManager,proto3,oneof"` +} + +func (*Credentials_AwsSecretManager) isCredentials_Backend() {} + +func (*Credentials_Vault_) isCredentials_Backend() {} + +func (*Credentials_GcpSecretManager) isCredentials_Backend() {} + +// Top level is deprecated now +type Credentials_AWSSecretManager struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Creds *Credentials_AWSSecretManager_Creds `protobuf:"bytes,1,opt,name=creds,proto3" json:"creds,omitempty"` + Region string `protobuf:"bytes,2,opt,name=region,proto3" json:"region,omitempty"` +} + +func (x *Credentials_AWSSecretManager) Reset() { + *x = Credentials_AWSSecretManager{} + if protoimpl.UnsafeEnabled { + mi := &file_credentials_v1_config_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Credentials_AWSSecretManager) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Credentials_AWSSecretManager) ProtoMessage() {} + +func (x *Credentials_AWSSecretManager) ProtoReflect() protoreflect.Message { + mi := &file_credentials_v1_config_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Credentials_AWSSecretManager.ProtoReflect.Descriptor instead. +func (*Credentials_AWSSecretManager) Descriptor() ([]byte, []int) { + return file_credentials_v1_config_proto_rawDescGZIP(), []int{0, 0} +} + +func (x *Credentials_AWSSecretManager) GetCreds() *Credentials_AWSSecretManager_Creds { + if x != nil { + return x.Creds + } + return nil +} + +func (x *Credentials_AWSSecretManager) GetRegion() string { + if x != nil { + return x.Region + } + return "" +} + +type Credentials_Vault struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // TODO: Use application role auth instead + Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"` + // Instance address, including port + // i.e "http://127.0.0.1:8200" + Address string `protobuf:"bytes,2,opt,name=address,proto3" json:"address,omitempty"` + // mount path of the kv engine, default /secret + MountPath string `protobuf:"bytes,3,opt,name=mount_path,json=mountPath,proto3" json:"mount_path,omitempty"` +} + +func (x *Credentials_Vault) Reset() { + *x = Credentials_Vault{} + if protoimpl.UnsafeEnabled { + mi := &file_credentials_v1_config_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Credentials_Vault) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Credentials_Vault) ProtoMessage() {} + +func (x *Credentials_Vault) ProtoReflect() protoreflect.Message { + mi := &file_credentials_v1_config_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Credentials_Vault.ProtoReflect.Descriptor instead. +func (*Credentials_Vault) Descriptor() ([]byte, []int) { + return file_credentials_v1_config_proto_rawDescGZIP(), []int{0, 1} +} + +func (x *Credentials_Vault) GetToken() string { + if x != nil { + return x.Token + } + return "" +} + +func (x *Credentials_Vault) GetAddress() string { + if x != nil { + return x.Address + } + return "" +} + +func (x *Credentials_Vault) GetMountPath() string { + if x != nil { + return x.MountPath + } + return "" +} + +type Credentials_GCPSecretManager struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // project number + ProjectId string `protobuf:"bytes,1,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"` + // service account key + ServiceAccountKey string `protobuf:"bytes,2,opt,name=service_account_key,json=serviceAccountKey,proto3" json:"service_account_key,omitempty"` +} + +func (x *Credentials_GCPSecretManager) Reset() { + *x = Credentials_GCPSecretManager{} + if protoimpl.UnsafeEnabled { + mi := &file_credentials_v1_config_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Credentials_GCPSecretManager) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Credentials_GCPSecretManager) ProtoMessage() {} + +func (x *Credentials_GCPSecretManager) ProtoReflect() protoreflect.Message { + mi := &file_credentials_v1_config_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Credentials_GCPSecretManager.ProtoReflect.Descriptor instead. +func (*Credentials_GCPSecretManager) Descriptor() ([]byte, []int) { + return file_credentials_v1_config_proto_rawDescGZIP(), []int{0, 2} +} + +func (x *Credentials_GCPSecretManager) GetProjectId() string { + if x != nil { + return x.ProjectId + } + return "" +} + +func (x *Credentials_GCPSecretManager) GetServiceAccountKey() string { + if x != nil { + return x.ServiceAccountKey + } + return "" +} + +type Credentials_AWSSecretManager_Creds struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + AccessKey string `protobuf:"bytes,1,opt,name=access_key,json=accessKey,proto3" json:"access_key,omitempty"` + SecretKey string `protobuf:"bytes,2,opt,name=secret_key,json=secretKey,proto3" json:"secret_key,omitempty"` +} + +func (x *Credentials_AWSSecretManager_Creds) Reset() { + *x = Credentials_AWSSecretManager_Creds{} + if protoimpl.UnsafeEnabled { + mi := &file_credentials_v1_config_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Credentials_AWSSecretManager_Creds) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Credentials_AWSSecretManager_Creds) ProtoMessage() {} + +func (x *Credentials_AWSSecretManager_Creds) ProtoReflect() protoreflect.Message { + mi := &file_credentials_v1_config_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Credentials_AWSSecretManager_Creds.ProtoReflect.Descriptor instead. +func (*Credentials_AWSSecretManager_Creds) Descriptor() ([]byte, []int) { + return file_credentials_v1_config_proto_rawDescGZIP(), []int{0, 0, 0} +} + +func (x *Credentials_AWSSecretManager_Creds) GetAccessKey() string { + if x != nil { + return x.AccessKey + } + return "" +} + +func (x *Credentials_AWSSecretManager_Creds) GetSecretKey() string { + if x != nil { + return x.SecretKey + } + return "" +} + +var File_credentials_v1_config_proto protoreflect.FileDescriptor + +var file_credentials_v1_config_proto_rawDesc = []byte{ + 0x0a, 0x1b, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2f, 0x76, 0x31, + 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0e, 0x63, + 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x22, 0x88, 0x05, + 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x12, 0x5c, 0x0a, + 0x12, 0x61, 0x77, 0x73, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x6d, 0x61, 0x6e, 0x61, + 0x67, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x63, 0x72, 0x65, 0x64, + 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x41, 0x57, 0x53, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, + 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x48, 0x00, 0x52, 0x10, 0x61, 0x77, 0x73, 0x53, 0x65, + 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x12, 0x39, 0x0a, 0x05, 0x76, + 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x63, 0x72, 0x65, + 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x64, + 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x48, 0x00, 0x52, + 0x05, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x5c, 0x0a, 0x12, 0x67, 0x63, 0x70, 0x5f, 0x73, 0x65, + 0x63, 0x72, 0x65, 0x74, 0x5f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, + 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, + 0x47, 0x43, 0x50, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, + 0x48, 0x00, 0x52, 0x10, 0x67, 0x63, 0x70, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, + 0x61, 0x67, 0x65, 0x72, 0x1a, 0xbb, 0x01, 0x0a, 0x10, 0x41, 0x57, 0x53, 0x53, 0x65, 0x63, 0x72, + 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x12, 0x48, 0x0a, 0x05, 0x63, 0x72, 0x65, + 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x63, 0x72, 0x65, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, + 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x41, 0x57, 0x53, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, + 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x73, 0x52, 0x05, 0x63, 0x72, + 0x65, 0x64, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x1a, 0x45, 0x0a, 0x05, 0x43, + 0x72, 0x65, 0x64, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6b, + 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x4b, 0x65, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x6b, 0x65, + 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, + 0x65, 0x79, 0x1a, 0x56, 0x0a, 0x05, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x74, + 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, + 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, + 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68, 0x1a, 0x61, 0x0a, 0x10, 0x47, 0x43, + 0x50, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x12, 0x1d, + 0x0a, 0x0a, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x09, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x2e, 0x0a, + 0x13, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, + 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x4b, 0x65, 0x79, 0x42, 0x09, 0x0a, + 0x07, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x42, 0x4f, 0x5a, 0x4d, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x6c, 0x6f, 0x6f, 0x70, + 0x2d, 0x64, 0x65, 0x76, 0x2f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x6c, 0x6f, 0x6f, 0x70, 0x2f, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, + 0x61, 0x6c, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, + 0x61, 0x6c, 0x73, 0x2f, 0x76, 0x31, 0x3b, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, +} + +var ( + file_credentials_v1_config_proto_rawDescOnce sync.Once + file_credentials_v1_config_proto_rawDescData = file_credentials_v1_config_proto_rawDesc +) + +func file_credentials_v1_config_proto_rawDescGZIP() []byte { + file_credentials_v1_config_proto_rawDescOnce.Do(func() { + file_credentials_v1_config_proto_rawDescData = protoimpl.X.CompressGZIP(file_credentials_v1_config_proto_rawDescData) + }) + return file_credentials_v1_config_proto_rawDescData +} + +var file_credentials_v1_config_proto_msgTypes = make([]protoimpl.MessageInfo, 5) +var file_credentials_v1_config_proto_goTypes = []interface{}{ + (*Credentials)(nil), // 0: credentials.v1.Credentials + (*Credentials_AWSSecretManager)(nil), // 1: credentials.v1.Credentials.AWSSecretManager + (*Credentials_Vault)(nil), // 2: credentials.v1.Credentials.Vault + (*Credentials_GCPSecretManager)(nil), // 3: credentials.v1.Credentials.GCPSecretManager + (*Credentials_AWSSecretManager_Creds)(nil), // 4: credentials.v1.Credentials.AWSSecretManager.Creds +} +var file_credentials_v1_config_proto_depIdxs = []int32{ + 1, // 0: credentials.v1.Credentials.aws_secret_manager:type_name -> credentials.v1.Credentials.AWSSecretManager + 2, // 1: credentials.v1.Credentials.vault:type_name -> credentials.v1.Credentials.Vault + 3, // 2: credentials.v1.Credentials.gcp_secret_manager:type_name -> credentials.v1.Credentials.GCPSecretManager + 4, // 3: credentials.v1.Credentials.AWSSecretManager.creds:type_name -> credentials.v1.Credentials.AWSSecretManager.Creds + 4, // [4:4] is the sub-list for method output_type + 4, // [4:4] is the sub-list for method input_type + 4, // [4:4] is the sub-list for extension type_name + 4, // [4:4] is the sub-list for extension extendee + 0, // [0:4] is the sub-list for field type_name +} + +func init() { file_credentials_v1_config_proto_init() } +func file_credentials_v1_config_proto_init() { + if File_credentials_v1_config_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_credentials_v1_config_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Credentials); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_credentials_v1_config_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Credentials_AWSSecretManager); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_credentials_v1_config_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Credentials_Vault); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_credentials_v1_config_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Credentials_GCPSecretManager); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_credentials_v1_config_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Credentials_AWSSecretManager_Creds); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + file_credentials_v1_config_proto_msgTypes[0].OneofWrappers = []interface{}{ + (*Credentials_AwsSecretManager)(nil), + (*Credentials_Vault_)(nil), + (*Credentials_GcpSecretManager)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_credentials_v1_config_proto_rawDesc, + NumEnums: 0, + NumMessages: 5, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_credentials_v1_config_proto_goTypes, + DependencyIndexes: file_credentials_v1_config_proto_depIdxs, + MessageInfos: file_credentials_v1_config_proto_msgTypes, + }.Build() + File_credentials_v1_config_proto = out.File + file_credentials_v1_config_proto_rawDesc = nil + file_credentials_v1_config_proto_goTypes = nil + file_credentials_v1_config_proto_depIdxs = nil +} diff --git a/internal/credentials/api/credentials/v1/config.proto b/internal/credentials/api/credentials/v1/config.proto new file mode 100644 index 000000000..0cfa1aa4d --- /dev/null +++ b/internal/credentials/api/credentials/v1/config.proto @@ -0,0 +1,57 @@ +// +// Copyright 2023 The Chainloop Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package credentials.v1; + +option go_package = "github.com/chainloop-dev/chainloop/internal/credentials/api/credentials/v1;v1"; + +// Where the credentials to access the backends are stored +message Credentials { + oneof backend { + AWSSecretManager aws_secret_manager = 1; + Vault vault = 2; + GCPSecretManager gcp_secret_manager = 3; + } + + // Top level is deprecated now + message AWSSecretManager { + Creds creds = 1; + string region = 2; + + message Creds { + string access_key = 1; + string secret_key = 2; + } + } + + message Vault { + // TODO: Use application role auth instead + string token = 1; + // Instance address, including port + // i.e "http://127.0.0.1:8200" + string address = 2; + // mount path of the kv engine, default /secret + string mount_path = 3; + } + + message GCPSecretManager { + // project number + string project_id = 1; + // service account key + string service_account_key = 2; + } +} \ No newline at end of file From 3061080a6669f8073ac8c8b27d66632907d1cbc5 Mon Sep 17 00:00:00 2001 From: Miguel Martinez Trivino Date: Mon, 29 May 2023 13:07:29 +0200 Subject: [PATCH 2/3] add tests Signed-off-by: Miguel Martinez Trivino --- app/artifact-cas/internal/conf/buf.lock | 6 +- app/artifact-cas/internal/conf/buf.yaml | 1 + internal/credentials/api/buf.gen.yaml | 3 + internal/credentials/api/buf.lock | 4 + internal/credentials/api/buf.yaml | 1 + .../credentials/api/credentials/v1/config.go | 28 +- .../api/credentials/v1/config.pb.go | 96 ++- .../api/credentials/v1/config.pb.validate.go | 800 ++++++++++++++++++ .../api/credentials/v1/config.proto | 24 +- .../api/credentials/v1/config_test.go | 283 +++++++ 10 files changed, 1177 insertions(+), 69 deletions(-) create mode 100644 internal/credentials/api/credentials/v1/config.pb.validate.go create mode 100644 internal/credentials/api/credentials/v1/config_test.go diff --git a/app/artifact-cas/internal/conf/buf.lock b/app/artifact-cas/internal/conf/buf.lock index 19abf63fb..1c48ca578 100644 --- a/app/artifact-cas/internal/conf/buf.lock +++ b/app/artifact-cas/internal/conf/buf.lock @@ -1,7 +1,11 @@ # Generated by buf. DO NOT EDIT. version: v1 deps: + - remote: buf.build + owner: envoyproxy + repository: protoc-gen-validate + commit: 45685e052c7e406b9fbd441fc7a568a5 - remote: buf.build owner: googleapis repository: googleapis - commit: 75b4300737fb4efca0831636be94e517 + commit: cc916c31859748a68fd229a3c8d7a2e8 diff --git a/app/artifact-cas/internal/conf/buf.yaml b/app/artifact-cas/internal/conf/buf.yaml index a3603933a..03c592800 100644 --- a/app/artifact-cas/internal/conf/buf.yaml +++ b/app/artifact-cas/internal/conf/buf.yaml @@ -4,6 +4,7 @@ breaking: - FILE deps: - buf.build/googleapis/googleapis + - buf.build/envoyproxy/protoc-gen-validate:45685e052c7e406b9fbd441fc7a568a5 lint: use: - DEFAULT diff --git a/internal/credentials/api/buf.gen.yaml b/internal/credentials/api/buf.gen.yaml index 404d2d082..56cf82d83 100644 --- a/internal/credentials/api/buf.gen.yaml +++ b/internal/credentials/api/buf.gen.yaml @@ -3,3 +3,6 @@ plugins: - name: go out: . opt: paths=source_relative + - name: validate + out: . + opt: paths=source_relative,lang=go diff --git a/internal/credentials/api/buf.lock b/internal/credentials/api/buf.lock index c3e490630..1c48ca578 100644 --- a/internal/credentials/api/buf.lock +++ b/internal/credentials/api/buf.lock @@ -1,6 +1,10 @@ # Generated by buf. DO NOT EDIT. version: v1 deps: + - remote: buf.build + owner: envoyproxy + repository: protoc-gen-validate + commit: 45685e052c7e406b9fbd441fc7a568a5 - remote: buf.build owner: googleapis repository: googleapis diff --git a/internal/credentials/api/buf.yaml b/internal/credentials/api/buf.yaml index 31171d32d..db50368af 100644 --- a/internal/credentials/api/buf.yaml +++ b/internal/credentials/api/buf.yaml @@ -4,6 +4,7 @@ breaking: - FILE deps: - buf.build/googleapis/googleapis + - buf.build/envoyproxy/protoc-gen-validate:45685e052c7e406b9fbd441fc7a568a5 lint: use: - DEFAULT \ No newline at end of file diff --git a/internal/credentials/api/credentials/v1/config.go b/internal/credentials/api/credentials/v1/config.go index d2498d0c1..bb47f2e05 100644 --- a/internal/credentials/api/credentials/v1/config.go +++ b/internal/credentials/api/credentials/v1/config.go @@ -18,6 +18,7 @@ package v1 import ( "errors" "fmt" + "io" "github.com/chainloop-dev/chainloop/internal/credentials" "github.com/chainloop-dev/chainloop/internal/credentials/aws" @@ -27,25 +28,28 @@ import ( ) func NewFromConfig(conf *Credentials, l log.Logger) (credentials.ReaderWriter, error) { - awsc, vaultc, gcpc := conf.GetAwsSecretManager(), conf.GetVault(), conf.GetGcpSecretManager() - if awsc == nil && vaultc == nil && gcpc == nil { - return nil, errors.New("no credentials manager configuration found") + if l == nil { + l = log.NewStdLogger(io.Discard) } - if awsc != nil { + if awsc := conf.GetAwsSecretManager(); awsc != nil { return newAWSCredentialsManager(awsc, l) } - if gcpc != nil { + if gcpc := conf.GetGcpSecretManager(); gcpc != nil { return newGCPCredentialsManager(gcpc, l) } - return newVaultCredentialsManager(vaultc, l) + if vaultc := conf.GetVault(); vaultc != nil { + return newVaultCredentialsManager(vaultc, l) + } + + return nil, errors.New("no credentials manager configuration found") } func newAWSCredentialsManager(conf *Credentials_AWSSecretManager, l log.Logger) (*aws.Manager, error) { - if conf == nil { - return nil, errors.New("uncompleted configuration for AWS secret manager") + if err := conf.ValidateAll(); err != nil { + return nil, fmt.Errorf("uncompleted configuration for AWS secret manager: %w", err) } opts := &aws.NewManagerOpts{ @@ -65,8 +69,8 @@ func newAWSCredentialsManager(conf *Credentials_AWSSecretManager, l log.Logger) } func newVaultCredentialsManager(conf *Credentials_Vault, l log.Logger) (*vault.Manager, error) { - if conf == nil { - return nil, errors.New("uncompleted configuration for vault credentials manager") + if err := conf.ValidateAll(); err != nil { + return nil, fmt.Errorf("uncompleted configuration for Vault secret manager: %w", err) } opts := &vault.NewManagerOpts{ @@ -85,8 +89,8 @@ func newVaultCredentialsManager(conf *Credentials_Vault, l log.Logger) (*vault.M } func newGCPCredentialsManager(conf *Credentials_GCPSecretManager, l log.Logger) (*gcp.Manager, error) { - if conf == nil { - return nil, errors.New("uncompleted configuration for GCP secret manager") + if err := conf.ValidateAll(); err != nil { + return nil, fmt.Errorf("uncompleted configuration for GCP secret manager: %w", err) } opts := &gcp.NewManagerOpts{ diff --git a/internal/credentials/api/credentials/v1/config.pb.go b/internal/credentials/api/credentials/v1/config.pb.go index 44671b318..162930978 100644 --- a/internal/credentials/api/credentials/v1/config.pb.go +++ b/internal/credentials/api/credentials/v1/config.pb.go @@ -22,6 +22,7 @@ package v1 import ( + _ "github.com/envoyproxy/protoc-gen-validate/validate" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" reflect "reflect" @@ -261,7 +262,7 @@ type Credentials_GCPSecretManager struct { // project number ProjectId string `protobuf:"bytes,1,opt,name=project_id,json=projectId,proto3" json:"project_id,omitempty"` - // service account key + // path to service account key in json format ServiceAccountKey string `protobuf:"bytes,2,opt,name=service_account_key,json=serviceAccountKey,proto3" json:"service_account_key,omitempty"` } @@ -371,54 +372,59 @@ var File_credentials_v1_config_proto protoreflect.FileDescriptor var file_credentials_v1_config_proto_rawDesc = []byte{ 0x0a, 0x1b, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2f, 0x76, 0x31, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0e, 0x63, - 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x22, 0x88, 0x05, - 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x12, 0x5c, 0x0a, - 0x12, 0x61, 0x77, 0x73, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x6d, 0x61, 0x6e, 0x61, - 0x67, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x63, 0x72, 0x65, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, - 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x41, 0x57, 0x53, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, - 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x48, 0x00, 0x52, 0x10, 0x61, 0x77, 0x73, 0x53, 0x65, - 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x12, 0x39, 0x0a, 0x05, 0x76, - 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x63, 0x72, 0x65, - 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x48, 0x00, 0x52, - 0x05, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x5c, 0x0a, 0x12, 0x67, 0x63, 0x70, 0x5f, 0x73, 0x65, - 0x63, 0x72, 0x65, 0x74, 0x5f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, + 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x1a, 0x17, 0x76, + 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xcd, 0x05, 0x0a, 0x0b, 0x43, 0x72, 0x65, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x12, 0x5c, 0x0a, 0x12, 0x61, 0x77, 0x73, 0x5f, 0x73, 0x65, + 0x63, 0x72, 0x65, 0x74, 0x5f, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, - 0x47, 0x43, 0x50, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, - 0x48, 0x00, 0x52, 0x10, 0x67, 0x63, 0x70, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, - 0x61, 0x67, 0x65, 0x72, 0x1a, 0xbb, 0x01, 0x0a, 0x10, 0x41, 0x57, 0x53, 0x53, 0x65, 0x63, 0x72, - 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x12, 0x48, 0x0a, 0x05, 0x63, 0x72, 0x65, - 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x63, 0x72, 0x65, 0x64, 0x65, - 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x41, 0x57, 0x53, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, - 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x73, 0x52, 0x05, 0x63, 0x72, - 0x65, 0x64, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x1a, 0x45, 0x0a, 0x05, 0x43, - 0x72, 0x65, 0x64, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6b, - 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, - 0x4b, 0x65, 0x79, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x6b, 0x65, - 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, - 0x65, 0x79, 0x1a, 0x56, 0x0a, 0x05, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x74, - 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, - 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, + 0x41, 0x57, 0x53, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, + 0x48, 0x00, 0x52, 0x10, 0x61, 0x77, 0x73, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, + 0x61, 0x67, 0x65, 0x72, 0x12, 0x39, 0x0a, 0x05, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, + 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, + 0x2e, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x48, 0x00, 0x52, 0x05, 0x76, 0x61, 0x75, 0x6c, 0x74, 0x12, + 0x5c, 0x0a, 0x12, 0x67, 0x63, 0x70, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x6d, 0x61, + 0x6e, 0x61, 0x67, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x63, 0x72, + 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, + 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x47, 0x43, 0x50, 0x53, 0x65, 0x63, 0x72, + 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x48, 0x00, 0x52, 0x10, 0x67, 0x63, 0x70, + 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x1a, 0xe0, 0x01, + 0x0a, 0x10, 0x41, 0x57, 0x53, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, + 0x65, 0x72, 0x12, 0x52, 0x0a, 0x05, 0x63, 0x72, 0x65, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x32, 0x2e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, + 0x76, 0x31, 0x2e, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x41, + 0x57, 0x53, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x2e, + 0x43, 0x72, 0x65, 0x64, 0x73, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x8a, 0x01, 0x02, 0x10, 0x01, 0x52, + 0x05, 0x63, 0x72, 0x65, 0x64, 0x73, 0x12, 0x1f, 0x0a, 0x06, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72, 0x02, 0x10, 0x01, 0x52, + 0x06, 0x72, 0x65, 0x67, 0x69, 0x6f, 0x6e, 0x1a, 0x57, 0x0a, 0x05, 0x43, 0x72, 0x65, 0x64, 0x73, + 0x12, 0x26, 0x0a, 0x0a, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72, 0x02, 0x10, 0x01, 0x52, 0x09, 0x61, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x26, 0x0a, 0x0a, 0x73, 0x65, 0x63, 0x72, + 0x65, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, + 0x04, 0x72, 0x02, 0x10, 0x01, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4b, 0x65, 0x79, + 0x1a, 0x68, 0x0a, 0x05, 0x56, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x1d, 0x0a, 0x05, 0x74, 0x6f, 0x6b, + 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72, 0x02, 0x10, + 0x01, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x21, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, + 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72, 0x02, + 0x10, 0x01, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x1d, 0x0a, 0x0a, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68, 0x1a, 0x61, 0x0a, 0x10, 0x47, 0x43, - 0x50, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x12, 0x1d, + 0x09, 0x6d, 0x6f, 0x75, 0x6e, 0x74, 0x50, 0x61, 0x74, 0x68, 0x1a, 0x6a, 0x0a, 0x10, 0x47, 0x43, + 0x50, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x12, 0x26, 0x0a, 0x0a, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x09, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x2e, 0x0a, - 0x13, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, - 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x4b, 0x65, 0x79, 0x42, 0x09, 0x0a, - 0x07, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x42, 0x4f, 0x5a, 0x4d, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x6c, 0x6f, 0x6f, 0x70, - 0x2d, 0x64, 0x65, 0x76, 0x2f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x6c, 0x6f, 0x6f, 0x70, 0x2f, 0x69, - 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, - 0x61, 0x6c, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, - 0x61, 0x6c, 0x73, 0x2f, 0x76, 0x31, 0x3b, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72, 0x02, 0x10, 0x01, 0x52, 0x09, 0x70, 0x72, 0x6f, + 0x6a, 0x65, 0x63, 0x74, 0x49, 0x64, 0x12, 0x2e, 0x0a, 0x13, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, + 0x75, 0x6e, 0x74, 0x4b, 0x65, 0x79, 0x42, 0x0e, 0x0a, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, + 0x64, 0x12, 0x03, 0xf8, 0x42, 0x01, 0x42, 0x4f, 0x5a, 0x4d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x6c, 0x6f, 0x6f, 0x70, 0x2d, 0x64, + 0x65, 0x76, 0x2f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x6c, 0x6f, 0x6f, 0x70, 0x2f, 0x69, 0x6e, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, + 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, + 0x73, 0x2f, 0x76, 0x31, 0x3b, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/internal/credentials/api/credentials/v1/config.pb.validate.go b/internal/credentials/api/credentials/v1/config.pb.validate.go new file mode 100644 index 000000000..cba6996f8 --- /dev/null +++ b/internal/credentials/api/credentials/v1/config.pb.validate.go @@ -0,0 +1,800 @@ +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: credentials/v1/config.proto + +package v1 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on Credentials with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *Credentials) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on Credentials with the rules defined in +// the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in CredentialsMultiError, or +// nil if none found. +func (m *Credentials) ValidateAll() error { + return m.validate(true) +} + +func (m *Credentials) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + oneofBackendPresent := false + switch v := m.Backend.(type) { + case *Credentials_AwsSecretManager: + if v == nil { + err := CredentialsValidationError{ + field: "Backend", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + oneofBackendPresent = true + + if all { + switch v := interface{}(m.GetAwsSecretManager()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, CredentialsValidationError{ + field: "AwsSecretManager", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, CredentialsValidationError{ + field: "AwsSecretManager", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetAwsSecretManager()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return CredentialsValidationError{ + field: "AwsSecretManager", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *Credentials_Vault_: + if v == nil { + err := CredentialsValidationError{ + field: "Backend", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + oneofBackendPresent = true + + if all { + switch v := interface{}(m.GetVault()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, CredentialsValidationError{ + field: "Vault", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, CredentialsValidationError{ + field: "Vault", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetVault()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return CredentialsValidationError{ + field: "Vault", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *Credentials_GcpSecretManager: + if v == nil { + err := CredentialsValidationError{ + field: "Backend", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + oneofBackendPresent = true + + if all { + switch v := interface{}(m.GetGcpSecretManager()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, CredentialsValidationError{ + field: "GcpSecretManager", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, CredentialsValidationError{ + field: "GcpSecretManager", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetGcpSecretManager()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return CredentialsValidationError{ + field: "GcpSecretManager", + reason: "embedded message failed validation", + cause: err, + } + } + } + + default: + _ = v // ensures v is used + } + if !oneofBackendPresent { + err := CredentialsValidationError{ + field: "Backend", + reason: "value is required", + } + if !all { + return err + } + errors = append(errors, err) + } + + if len(errors) > 0 { + return CredentialsMultiError(errors) + } + + return nil +} + +// CredentialsMultiError is an error wrapping multiple validation errors +// returned by Credentials.ValidateAll() if the designated constraints aren't met. +type CredentialsMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m CredentialsMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m CredentialsMultiError) AllErrors() []error { return m } + +// CredentialsValidationError is the validation error returned by +// Credentials.Validate if the designated constraints aren't met. +type CredentialsValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e CredentialsValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e CredentialsValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e CredentialsValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e CredentialsValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e CredentialsValidationError) ErrorName() string { return "CredentialsValidationError" } + +// Error satisfies the builtin error interface +func (e CredentialsValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sCredentials.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = CredentialsValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = CredentialsValidationError{} + +// Validate checks the field values on Credentials_AWSSecretManager with the +// rules defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *Credentials_AWSSecretManager) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on Credentials_AWSSecretManager with the +// rules defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// Credentials_AWSSecretManagerMultiError, or nil if none found. +func (m *Credentials_AWSSecretManager) ValidateAll() error { + return m.validate(true) +} + +func (m *Credentials_AWSSecretManager) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if m.GetCreds() == nil { + err := Credentials_AWSSecretManagerValidationError{ + field: "Creds", + reason: "value is required", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetCreds()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, Credentials_AWSSecretManagerValidationError{ + field: "Creds", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, Credentials_AWSSecretManagerValidationError{ + field: "Creds", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetCreds()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return Credentials_AWSSecretManagerValidationError{ + field: "Creds", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if utf8.RuneCountInString(m.GetRegion()) < 1 { + err := Credentials_AWSSecretManagerValidationError{ + field: "Region", + reason: "value length must be at least 1 runes", + } + if !all { + return err + } + errors = append(errors, err) + } + + if len(errors) > 0 { + return Credentials_AWSSecretManagerMultiError(errors) + } + + return nil +} + +// Credentials_AWSSecretManagerMultiError is an error wrapping multiple +// validation errors returned by Credentials_AWSSecretManager.ValidateAll() if +// the designated constraints aren't met. +type Credentials_AWSSecretManagerMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m Credentials_AWSSecretManagerMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m Credentials_AWSSecretManagerMultiError) AllErrors() []error { return m } + +// Credentials_AWSSecretManagerValidationError is the validation error returned +// by Credentials_AWSSecretManager.Validate if the designated constraints +// aren't met. +type Credentials_AWSSecretManagerValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e Credentials_AWSSecretManagerValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e Credentials_AWSSecretManagerValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e Credentials_AWSSecretManagerValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e Credentials_AWSSecretManagerValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e Credentials_AWSSecretManagerValidationError) ErrorName() string { + return "Credentials_AWSSecretManagerValidationError" +} + +// Error satisfies the builtin error interface +func (e Credentials_AWSSecretManagerValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sCredentials_AWSSecretManager.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = Credentials_AWSSecretManagerValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = Credentials_AWSSecretManagerValidationError{} + +// Validate checks the field values on Credentials_Vault with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *Credentials_Vault) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on Credentials_Vault with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// Credentials_VaultMultiError, or nil if none found. +func (m *Credentials_Vault) ValidateAll() error { + return m.validate(true) +} + +func (m *Credentials_Vault) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if utf8.RuneCountInString(m.GetToken()) < 1 { + err := Credentials_VaultValidationError{ + field: "Token", + reason: "value length must be at least 1 runes", + } + if !all { + return err + } + errors = append(errors, err) + } + + if utf8.RuneCountInString(m.GetAddress()) < 1 { + err := Credentials_VaultValidationError{ + field: "Address", + reason: "value length must be at least 1 runes", + } + if !all { + return err + } + errors = append(errors, err) + } + + // no validation rules for MountPath + + if len(errors) > 0 { + return Credentials_VaultMultiError(errors) + } + + return nil +} + +// Credentials_VaultMultiError is an error wrapping multiple validation errors +// returned by Credentials_Vault.ValidateAll() if the designated constraints +// aren't met. +type Credentials_VaultMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m Credentials_VaultMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m Credentials_VaultMultiError) AllErrors() []error { return m } + +// Credentials_VaultValidationError is the validation error returned by +// Credentials_Vault.Validate if the designated constraints aren't met. +type Credentials_VaultValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e Credentials_VaultValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e Credentials_VaultValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e Credentials_VaultValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e Credentials_VaultValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e Credentials_VaultValidationError) ErrorName() string { + return "Credentials_VaultValidationError" +} + +// Error satisfies the builtin error interface +func (e Credentials_VaultValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sCredentials_Vault.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = Credentials_VaultValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = Credentials_VaultValidationError{} + +// Validate checks the field values on Credentials_GCPSecretManager with the +// rules defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *Credentials_GCPSecretManager) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on Credentials_GCPSecretManager with the +// rules defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// Credentials_GCPSecretManagerMultiError, or nil if none found. +func (m *Credentials_GCPSecretManager) ValidateAll() error { + return m.validate(true) +} + +func (m *Credentials_GCPSecretManager) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if utf8.RuneCountInString(m.GetProjectId()) < 1 { + err := Credentials_GCPSecretManagerValidationError{ + field: "ProjectId", + reason: "value length must be at least 1 runes", + } + if !all { + return err + } + errors = append(errors, err) + } + + // no validation rules for ServiceAccountKey + + if len(errors) > 0 { + return Credentials_GCPSecretManagerMultiError(errors) + } + + return nil +} + +// Credentials_GCPSecretManagerMultiError is an error wrapping multiple +// validation errors returned by Credentials_GCPSecretManager.ValidateAll() if +// the designated constraints aren't met. +type Credentials_GCPSecretManagerMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m Credentials_GCPSecretManagerMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m Credentials_GCPSecretManagerMultiError) AllErrors() []error { return m } + +// Credentials_GCPSecretManagerValidationError is the validation error returned +// by Credentials_GCPSecretManager.Validate if the designated constraints +// aren't met. +type Credentials_GCPSecretManagerValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e Credentials_GCPSecretManagerValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e Credentials_GCPSecretManagerValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e Credentials_GCPSecretManagerValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e Credentials_GCPSecretManagerValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e Credentials_GCPSecretManagerValidationError) ErrorName() string { + return "Credentials_GCPSecretManagerValidationError" +} + +// Error satisfies the builtin error interface +func (e Credentials_GCPSecretManagerValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sCredentials_GCPSecretManager.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = Credentials_GCPSecretManagerValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = Credentials_GCPSecretManagerValidationError{} + +// Validate checks the field values on Credentials_AWSSecretManager_Creds with +// the rules defined in the proto definition for this message. If any rules +// are violated, the first error encountered is returned, or nil if there are +// no violations. +func (m *Credentials_AWSSecretManager_Creds) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on Credentials_AWSSecretManager_Creds +// with the rules defined in the proto definition for this message. If any +// rules are violated, the result is a list of violation errors wrapped in +// Credentials_AWSSecretManager_CredsMultiError, or nil if none found. +func (m *Credentials_AWSSecretManager_Creds) ValidateAll() error { + return m.validate(true) +} + +func (m *Credentials_AWSSecretManager_Creds) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if utf8.RuneCountInString(m.GetAccessKey()) < 1 { + err := Credentials_AWSSecretManager_CredsValidationError{ + field: "AccessKey", + reason: "value length must be at least 1 runes", + } + if !all { + return err + } + errors = append(errors, err) + } + + if utf8.RuneCountInString(m.GetSecretKey()) < 1 { + err := Credentials_AWSSecretManager_CredsValidationError{ + field: "SecretKey", + reason: "value length must be at least 1 runes", + } + if !all { + return err + } + errors = append(errors, err) + } + + if len(errors) > 0 { + return Credentials_AWSSecretManager_CredsMultiError(errors) + } + + return nil +} + +// Credentials_AWSSecretManager_CredsMultiError is an error wrapping multiple +// validation errors returned by +// Credentials_AWSSecretManager_Creds.ValidateAll() if the designated +// constraints aren't met. +type Credentials_AWSSecretManager_CredsMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m Credentials_AWSSecretManager_CredsMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m Credentials_AWSSecretManager_CredsMultiError) AllErrors() []error { return m } + +// Credentials_AWSSecretManager_CredsValidationError is the validation error +// returned by Credentials_AWSSecretManager_Creds.Validate if the designated +// constraints aren't met. +type Credentials_AWSSecretManager_CredsValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e Credentials_AWSSecretManager_CredsValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e Credentials_AWSSecretManager_CredsValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e Credentials_AWSSecretManager_CredsValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e Credentials_AWSSecretManager_CredsValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e Credentials_AWSSecretManager_CredsValidationError) ErrorName() string { + return "Credentials_AWSSecretManager_CredsValidationError" +} + +// Error satisfies the builtin error interface +func (e Credentials_AWSSecretManager_CredsValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sCredentials_AWSSecretManager_Creds.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = Credentials_AWSSecretManager_CredsValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = Credentials_AWSSecretManager_CredsValidationError{} diff --git a/internal/credentials/api/credentials/v1/config.proto b/internal/credentials/api/credentials/v1/config.proto index 0cfa1aa4d..3968b6e45 100644 --- a/internal/credentials/api/credentials/v1/config.proto +++ b/internal/credentials/api/credentials/v1/config.proto @@ -14,14 +14,16 @@ // limitations under the License. syntax = "proto3"; - package credentials.v1; - option go_package = "github.com/chainloop-dev/chainloop/internal/credentials/api/credentials/v1;v1"; +import "validate/validate.proto"; + // Where the credentials to access the backends are stored message Credentials { oneof backend { + option (validate.required) = true; + AWSSecretManager aws_secret_manager = 1; Vault vault = 2; GCPSecretManager gcp_secret_manager = 3; @@ -29,29 +31,29 @@ message Credentials { // Top level is deprecated now message AWSSecretManager { - Creds creds = 1; - string region = 2; + Creds creds = 1 [(validate.rules).message.required = true]; + string region = 2 [(validate.rules).string.min_len = 1]; message Creds { - string access_key = 1; - string secret_key = 2; + string access_key = 1 [(validate.rules).string.min_len = 1]; + string secret_key = 2 [(validate.rules).string.min_len = 1]; } } message Vault { // TODO: Use application role auth instead - string token = 1; + string token = 1 [(validate.rules).string.min_len = 1]; // Instance address, including port // i.e "http://127.0.0.1:8200" - string address = 2; + string address = 2 [(validate.rules).string.min_len = 1]; // mount path of the kv engine, default /secret string mount_path = 3; } message GCPSecretManager { // project number - string project_id = 1; - // service account key - string service_account_key = 2; + string project_id = 1 [(validate.rules).string.min_len = 1]; + // path to service account key in json format + string service_account_key = 2; } } \ No newline at end of file diff --git a/internal/credentials/api/credentials/v1/config_test.go b/internal/credentials/api/credentials/v1/config_test.go new file mode 100644 index 000000000..dfdd16444 --- /dev/null +++ b/internal/credentials/api/credentials/v1/config_test.go @@ -0,0 +1,283 @@ +// +// Copyright 2023 The Chainloop Authors. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v1_test + +import ( + "context" + "fmt" + "os" + "testing" + "time" + + v1 "github.com/chainloop-dev/chainloop/internal/credentials/api/credentials/v1" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/stretchr/testify/suite" + "github.com/testcontainers/testcontainers-go" + "github.com/testcontainers/testcontainers-go/wait" +) + +var validAWSConfig = &v1.Credentials{ + Backend: &v1.Credentials_AwsSecretManager{ + AwsSecretManager: &v1.Credentials_AWSSecretManager{ + Region: "us-east-1", + Creds: &v1.Credentials_AWSSecretManager_Creds{AccessKey: "ak", SecretKey: "sk"}, + }, + }, +} + +var validGCPConfig = &v1.Credentials{ + Backend: &v1.Credentials_GcpSecretManager{ + GcpSecretManager: &v1.Credentials_GCPSecretManager{ + ProjectId: "project", + ServiceAccountKey: "../../../gcp/testdata/test_gcp_key.json", + }, + }, +} + +func validVaultConfig(s *testSuite) *v1.Credentials { + return &v1.Credentials{ + Backend: &v1.Credentials_Vault_{ + Vault: &v1.Credentials_Vault{ + Token: "notasecret", + Address: s.connectionString, + }, + }, + } +} + +func (s *testSuite) TestNewFromConfig() { + testCases := []struct { + name string + conf *v1.Credentials + wantErr bool + }{ + { + name: "no credentials manager configuration provided", + conf: nil, + wantErr: true, + }, + { + name: "empty credentials manager configuration", + conf: &v1.Credentials{}, + wantErr: true, + }, + { + name: "[AWS] valid configuration", + conf: validAWSConfig, + wantErr: false, + }, + { + name: "[AWS] missing region", + conf: &v1.Credentials{ + Backend: &v1.Credentials_AwsSecretManager{ + AwsSecretManager: &v1.Credentials_AWSSecretManager{ + Creds: &v1.Credentials_AWSSecretManager_Creds{AccessKey: "ak", SecretKey: "sk"}, + }, + }, + }, + wantErr: true, + }, + { + name: "[AWS] missing credentials", + conf: &v1.Credentials{ + Backend: &v1.Credentials_AwsSecretManager{ + AwsSecretManager: &v1.Credentials_AWSSecretManager{ + Region: "us-east-1", + }, + }, + }, + wantErr: true, + }, + { + name: "[AWS] missing AWS access key", + conf: &v1.Credentials{ + Backend: &v1.Credentials_AwsSecretManager{ + AwsSecretManager: &v1.Credentials_AWSSecretManager{ + Region: "us-east-1", + Creds: &v1.Credentials_AWSSecretManager_Creds{SecretKey: "sk"}, + }, + }, + }, + wantErr: true, + }, + { + name: "[AWS] missing AWS secret key", + conf: &v1.Credentials{ + Backend: &v1.Credentials_AwsSecretManager{ + AwsSecretManager: &v1.Credentials_AWSSecretManager{ + Region: "us-east-1", + Creds: &v1.Credentials_AWSSecretManager_Creds{AccessKey: "ak"}, + }, + }, + }, + wantErr: true, + }, + { + name: "[GCP] Valid configuration", + conf: validGCPConfig, + wantErr: false, + }, + { + name: "[GCP] missing project ID", + conf: &v1.Credentials{ + Backend: &v1.Credentials_GcpSecretManager{ + GcpSecretManager: &v1.Credentials_GCPSecretManager{ + ServiceAccountKey: "../../../gcp/testdata/test_gcp_key.json", + }, + }, + }, + wantErr: true, + }, + { + name: "[GCP] missing key path", + conf: &v1.Credentials{ + Backend: &v1.Credentials_GcpSecretManager{ + GcpSecretManager: &v1.Credentials_GCPSecretManager{ + ProjectId: "project", + }, + }, + }, + wantErr: true, + }, + { + name: "[GCP] invalid key path", + conf: &v1.Credentials{ + Backend: &v1.Credentials_GcpSecretManager{ + GcpSecretManager: &v1.Credentials_GCPSecretManager{ + ProjectId: "project", + ServiceAccountKey: "does-exist.json", + }, + }, + }, + wantErr: true, + }, + { + name: "[Vault] valid configuration", + conf: validVaultConfig(s), + wantErr: false, + }, + { + name: "[Vault] missing token", + conf: &v1.Credentials{ + Backend: &v1.Credentials_Vault_{ + Vault: &v1.Credentials_Vault{ + Address: s.connectionString, + }, + }, + }, + wantErr: true, + }, + { + name: "[Vault] missing address", + conf: &v1.Credentials{ + Backend: &v1.Credentials_Vault_{ + Vault: &v1.Credentials_Vault{ + Token: "notasecret", + }, + }, + }, + wantErr: true, + }, + { + name: "[Vault] invalid address", + conf: &v1.Credentials{ + Backend: &v1.Credentials_Vault_{ + Vault: &v1.Credentials_Vault{ + Token: "notasecret", + Address: "http://non-existing:5000", + }, + }, + }, + wantErr: true, + }, + } + + for _, tc := range testCases { + s.Run(tc.name, func() { + _, err := v1.NewFromConfig(tc.conf, nil) + if tc.wantErr { + assert.Error(s.T(), err) + } else { + assert.NoError(s.T(), err) + } + }) + } +} + +type testSuite struct { + suite.Suite + vault *vaultInstance + connectionString string +} + +// Create a vault instance for the test suite that gets created and tear down for each test +func newVaultInstance(t *testing.T) *vaultInstance { + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) + defer cancel() + + req := testcontainers.ContainerRequest{ + Image: "vault:1.12.3", + ExposedPorts: []string{"8200/tcp"}, + AutoRemove: true, + Env: map[string]string{ + "VAULT_DEV_ROOT_TOKEN_ID": "notasecret", + }, + WaitingFor: wait.ForHTTP("/v1/sys/health").WithPort("8200/tcp"), + } + + instance, err := testcontainers.GenericContainer(ctx, testcontainers.GenericContainerRequest{ + ContainerRequest: req, + Started: true, + }) + + require.NoError(t, err) + return &vaultInstance{instance} +} + +func (db *vaultInstance) ConnectionString(t *testing.T) string { + ctx, cancel := context.WithTimeout(context.Background(), time.Minute) + defer cancel() + p, err := db.instance.MappedPort(ctx, "8200") + assert.NoError(t, err) + + return fmt.Sprintf("http://0.0.0.0:%d", p.Int()) +} + +type vaultInstance struct { + instance testcontainers.Container +} + +func (s *testSuite) SetupSuite() { + if os.Getenv("SKIP_INTEGRATION") == "true" { + s.T().Skip() + } +} + +// Run before each test +func (s *testSuite) SetupTest() { + s.vault = newVaultInstance(s.T()) + s.connectionString = s.vault.ConnectionString(s.T()) +} + +func (s *testSuite) TearDownTest() { + assert.NoError(s.T(), s.vault.instance.Terminate(context.Background())) +} + +// Run the tests +func TestVaultIntegration(t *testing.T) { + suite.Run(t, new(testSuite)) +} From fca65882eb0fdcdf65d7fa58a9cf967b6a0df140 Mon Sep 17 00:00:00 2001 From: Miguel Martinez Trivino Date: Mon, 29 May 2023 13:32:26 +0200 Subject: [PATCH 3/3] chore: remove blank line Signed-off-by: Miguel Martinez Trivino --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 1844f9252..55545c15e 100644 --- a/Makefile +++ b/Makefile @@ -17,7 +17,7 @@ init: .PHONY: api # generate api proto -api: +api: make -C ./app/controlplane api make -C ./app/cli api make -C ./app/artifact-cas api