diff --git a/Cargo.lock b/Cargo.lock index 7264156..35d9624 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -190,7 +190,7 @@ dependencies = [ [[package]] name = "dragonfly-api" -version = "2.0.166" +version = "2.0.167" dependencies = [ "prost", "prost-types", diff --git a/Cargo.toml b/Cargo.toml index dd97363..b6ae98f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "dragonfly-api" -version = "2.0.166" +version = "2.0.167" authors = ["Gaius "] edition = "2021" license = "Apache-2.0" diff --git a/build.rs b/build.rs index ce03347..3a218d1 100644 --- a/build.rs +++ b/build.rs @@ -2,8 +2,11 @@ fn main() -> Result<(), Box> { tonic_build::configure() .file_descriptor_set_path("src/descriptor.bin") .protoc_arg("--experimental_allow_proto3_optional") - .type_attribute(".", "#[derive(serde::Serialize, serde::Deserialize)]", ) - .type_attribute("scheduler.v2.AnnouncePeerRequest.request", "#[allow(clippy::large_enum_variant)]", ) + .type_attribute(".", "#[derive(serde::Serialize, serde::Deserialize)]") + .type_attribute( + "scheduler.v2.AnnouncePeerRequest.request", + "#[allow(clippy::large_enum_variant)]", + ) .extern_path(".google.protobuf.Timestamp", "::prost_wkt_types::Timestamp") .extern_path(".google.protobuf.Duration", "::prost_wkt_types::Duration") .out_dir("src") @@ -11,7 +14,6 @@ fn main() -> Result<(), Box> { &[ "proto/common.proto", "proto/errordetails.proto", - "proto/security.proto", "proto/dfdaemon.proto", "proto/manager.proto", "proto/scheduler.proto", diff --git a/hack/protoc.sh b/hack/protoc.sh index 799362c..0de0009 100755 --- a/hack/protoc.sh +++ b/hack/protoc.sh @@ -5,8 +5,7 @@ PROTO_PATH=pkg/apis LANGUAGE=go proto_modules="common/v1 common/v2 cdnsystem/v1 dfdaemon/v1 dfdaemon/v2 -errordetails/v1 errordetails/v2 manager/v1 manager/v2 scheduler/v1 scheduler/v2 -security/v1" +errordetails/v1 errordetails/v2 manager/v1 manager/v2 scheduler/v1 scheduler/v2" echo "generate protos..." diff --git a/pkg/apis/security/v1/security.pb.go b/pkg/apis/security/v1/security.pb.go deleted file mode 100644 index 071313b..0000000 --- a/pkg/apis/security/v1/security.pb.go +++ /dev/null @@ -1,264 +0,0 @@ -// -// Copyright 2022 The Dragonfly Authors -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// Code generated by protoc-gen-go. DO NOT EDIT. -// versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.6 -// source: pkg/apis/security/v1/security.proto - -package security - -import ( - _ "github.com/envoyproxy/protoc-gen-validate/validate" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" - protoimpl "google.golang.org/protobuf/runtime/protoimpl" - durationpb "google.golang.org/protobuf/types/known/durationpb" - reflect "reflect" - sync "sync" -) - -const ( - // Verify that this generated code is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) - // Verify that runtime/protoimpl is sufficiently up-to-date. - _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) -) - -// Certificate request type. -// Dragonfly supports peers authentication with Mutual TLS(mTLS) -// For mTLS, all peers need to request TLS certificates for communicating -// The server side may overwrite ant requested certificate filed based on its policies. -type CertificateRequest struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // ASN.1 DER form certificate request. - // The public key in the CSR is used to generate the certificate, - // and other fields in the generated certificate may be overwritten by the CA. - Csr []byte `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"` - // Optional: requested certificate validity period. - ValidityPeriod *durationpb.Duration `protobuf:"bytes,2,opt,name=validity_period,json=validityPeriod,proto3" json:"validity_period,omitempty"` -} - -func (x *CertificateRequest) Reset() { - *x = CertificateRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_pkg_apis_security_v1_security_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CertificateRequest) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CertificateRequest) ProtoMessage() {} - -func (x *CertificateRequest) ProtoReflect() protoreflect.Message { - mi := &file_pkg_apis_security_v1_security_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CertificateRequest.ProtoReflect.Descriptor instead. -func (*CertificateRequest) Descriptor() ([]byte, []int) { - return file_pkg_apis_security_v1_security_proto_rawDescGZIP(), []int{0} -} - -func (x *CertificateRequest) GetCsr() []byte { - if x != nil { - return x.Csr - } - return nil -} - -func (x *CertificateRequest) GetValidityPeriod() *durationpb.Duration { - if x != nil { - return x.ValidityPeriod - } - return nil -} - -// Certificate response type. -type CertificateResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // ASN.1 DER form certificate chain. - CertificateChain [][]byte `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"` -} - -func (x *CertificateResponse) Reset() { - *x = CertificateResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_pkg_apis_security_v1_security_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *CertificateResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*CertificateResponse) ProtoMessage() {} - -func (x *CertificateResponse) ProtoReflect() protoreflect.Message { - mi := &file_pkg_apis_security_v1_security_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use CertificateResponse.ProtoReflect.Descriptor instead. -func (*CertificateResponse) Descriptor() ([]byte, []int) { - return file_pkg_apis_security_v1_security_proto_rawDescGZIP(), []int{1} -} - -func (x *CertificateResponse) GetCertificateChain() [][]byte { - if x != nil { - return x.CertificateChain - } - return nil -} - -var File_pkg_apis_security_v1_security_proto protoreflect.FileDescriptor - -var file_pkg_apis_security_v1_security_proto_rawDesc = []byte{ - 0x0a, 0x23, 0x70, 0x6b, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x73, 0x65, 0x63, 0x75, 0x72, - 0x69, 0x74, 0x79, 0x2f, 0x76, 0x31, 0x2f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x1a, - 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x17, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, - 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x7d, 0x0a, 0x12, 0x43, 0x65, 0x72, 0x74, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x19, - 0x0a, 0x03, 0x63, 0x73, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x07, 0xfa, 0x42, 0x04, - 0x7a, 0x02, 0x10, 0x01, 0x52, 0x03, 0x63, 0x73, 0x72, 0x12, 0x4c, 0x0a, 0x0f, 0x76, 0x61, 0x6c, - 0x69, 0x64, 0x69, 0x74, 0x79, 0x5f, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x08, 0xfa, - 0x42, 0x05, 0xaa, 0x01, 0x02, 0x08, 0x01, 0x52, 0x0e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x69, 0x74, - 0x79, 0x50, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x22, 0x4c, 0x0a, 0x13, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x35, - 0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, - 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x92, 0x01, - 0x02, 0x08, 0x01, 0x52, 0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x43, 0x68, 0x61, 0x69, 0x6e, 0x32, 0x60, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x12, 0x51, 0x0a, 0x10, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1c, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, - 0x69, 0x74, 0x79, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, - 0x79, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x2d, 0x5a, 0x2b, 0x64, 0x37, 0x79, 0x2e, 0x69, - 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x32, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x61, 0x70, 0x69, - 0x73, 0x2f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x76, 0x31, 0x3b, 0x73, 0x65, - 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, -} - -var ( - file_pkg_apis_security_v1_security_proto_rawDescOnce sync.Once - file_pkg_apis_security_v1_security_proto_rawDescData = file_pkg_apis_security_v1_security_proto_rawDesc -) - -func file_pkg_apis_security_v1_security_proto_rawDescGZIP() []byte { - file_pkg_apis_security_v1_security_proto_rawDescOnce.Do(func() { - file_pkg_apis_security_v1_security_proto_rawDescData = protoimpl.X.CompressGZIP(file_pkg_apis_security_v1_security_proto_rawDescData) - }) - return file_pkg_apis_security_v1_security_proto_rawDescData -} - -var file_pkg_apis_security_v1_security_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_pkg_apis_security_v1_security_proto_goTypes = []interface{}{ - (*CertificateRequest)(nil), // 0: security.CertificateRequest - (*CertificateResponse)(nil), // 1: security.CertificateResponse - (*durationpb.Duration)(nil), // 2: google.protobuf.Duration -} -var file_pkg_apis_security_v1_security_proto_depIdxs = []int32{ - 2, // 0: security.CertificateRequest.validity_period:type_name -> google.protobuf.Duration - 0, // 1: security.Certificate.IssueCertificate:input_type -> security.CertificateRequest - 1, // 2: security.Certificate.IssueCertificate:output_type -> security.CertificateResponse - 2, // [2:3] is the sub-list for method output_type - 1, // [1:2] is the sub-list for method input_type - 1, // [1:1] is the sub-list for extension type_name - 1, // [1:1] is the sub-list for extension extendee - 0, // [0:1] is the sub-list for field type_name -} - -func init() { file_pkg_apis_security_v1_security_proto_init() } -func file_pkg_apis_security_v1_security_proto_init() { - if File_pkg_apis_security_v1_security_proto != nil { - return - } - if !protoimpl.UnsafeEnabled { - file_pkg_apis_security_v1_security_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CertificateRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_pkg_apis_security_v1_security_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CertificateResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - type x struct{} - out := protoimpl.TypeBuilder{ - File: protoimpl.DescBuilder{ - GoPackagePath: reflect.TypeOf(x{}).PkgPath(), - RawDescriptor: file_pkg_apis_security_v1_security_proto_rawDesc, - NumEnums: 0, - NumMessages: 2, - NumExtensions: 0, - NumServices: 1, - }, - GoTypes: file_pkg_apis_security_v1_security_proto_goTypes, - DependencyIndexes: file_pkg_apis_security_v1_security_proto_depIdxs, - MessageInfos: file_pkg_apis_security_v1_security_proto_msgTypes, - }.Build() - File_pkg_apis_security_v1_security_proto = out.File - file_pkg_apis_security_v1_security_proto_rawDesc = nil - file_pkg_apis_security_v1_security_proto_goTypes = nil - file_pkg_apis_security_v1_security_proto_depIdxs = nil -} diff --git a/pkg/apis/security/v1/security.pb.validate.go b/pkg/apis/security/v1/security.pb.validate.go deleted file mode 100644 index 3f0a772..0000000 --- a/pkg/apis/security/v1/security.pb.validate.go +++ /dev/null @@ -1,273 +0,0 @@ -// Code generated by protoc-gen-validate. DO NOT EDIT. -// source: pkg/apis/security/v1/security.proto - -package security - -import ( - "bytes" - "errors" - "fmt" - "net" - "net/mail" - "net/url" - "regexp" - "sort" - "strings" - "time" - "unicode/utf8" - - "google.golang.org/protobuf/types/known/anypb" -) - -// ensure the imports are used -var ( - _ = bytes.MinRead - _ = errors.New("") - _ = fmt.Print - _ = utf8.UTFMax - _ = (*regexp.Regexp)(nil) - _ = (*strings.Reader)(nil) - _ = net.IPv4len - _ = time.Duration(0) - _ = (*url.URL)(nil) - _ = (*mail.Address)(nil) - _ = anypb.Any{} - _ = sort.Sort -) - -// Validate checks the field values on CertificateRequest with the rules -// defined in the proto definition for this message. If any rules are -// violated, the first error encountered is returned, or nil if there are no violations. -func (m *CertificateRequest) Validate() error { - return m.validate(false) -} - -// ValidateAll checks the field values on CertificateRequest with the rules -// defined in the proto definition for this message. If any rules are -// violated, the result is a list of violation errors wrapped in -// CertificateRequestMultiError, or nil if none found. -func (m *CertificateRequest) ValidateAll() error { - return m.validate(true) -} - -func (m *CertificateRequest) validate(all bool) error { - if m == nil { - return nil - } - - var errors []error - - if len(m.GetCsr()) < 1 { - err := CertificateRequestValidationError{ - field: "Csr", - reason: "value length must be at least 1 bytes", - } - if !all { - return err - } - errors = append(errors, err) - } - - if m.GetValidityPeriod() == nil { - err := CertificateRequestValidationError{ - field: "ValidityPeriod", - reason: "value is required", - } - if !all { - return err - } - errors = append(errors, err) - } - - if len(errors) > 0 { - return CertificateRequestMultiError(errors) - } - - return nil -} - -// CertificateRequestMultiError is an error wrapping multiple validation errors -// returned by CertificateRequest.ValidateAll() if the designated constraints -// aren't met. -type CertificateRequestMultiError []error - -// Error returns a concatenation of all the error messages it wraps. -func (m CertificateRequestMultiError) Error() string { - var msgs []string - for _, err := range m { - msgs = append(msgs, err.Error()) - } - return strings.Join(msgs, "; ") -} - -// AllErrors returns a list of validation violation errors. -func (m CertificateRequestMultiError) AllErrors() []error { return m } - -// CertificateRequestValidationError is the validation error returned by -// CertificateRequest.Validate if the designated constraints aren't met. -type CertificateRequestValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e CertificateRequestValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e CertificateRequestValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e CertificateRequestValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e CertificateRequestValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e CertificateRequestValidationError) ErrorName() string { - return "CertificateRequestValidationError" -} - -// Error satisfies the builtin error interface -func (e CertificateRequestValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sCertificateRequest.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = CertificateRequestValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = CertificateRequestValidationError{} - -// Validate checks the field values on CertificateResponse with the rules -// defined in the proto definition for this message. If any rules are -// violated, the first error encountered is returned, or nil if there are no violations. -func (m *CertificateResponse) Validate() error { - return m.validate(false) -} - -// ValidateAll checks the field values on CertificateResponse with the rules -// defined in the proto definition for this message. If any rules are -// violated, the result is a list of violation errors wrapped in -// CertificateResponseMultiError, or nil if none found. -func (m *CertificateResponse) ValidateAll() error { - return m.validate(true) -} - -func (m *CertificateResponse) validate(all bool) error { - if m == nil { - return nil - } - - var errors []error - - if len(m.GetCertificateChain()) < 1 { - err := CertificateResponseValidationError{ - field: "CertificateChain", - reason: "value must contain at least 1 item(s)", - } - if !all { - return err - } - errors = append(errors, err) - } - - if len(errors) > 0 { - return CertificateResponseMultiError(errors) - } - - return nil -} - -// CertificateResponseMultiError is an error wrapping multiple validation -// errors returned by CertificateResponse.ValidateAll() if the designated -// constraints aren't met. -type CertificateResponseMultiError []error - -// Error returns a concatenation of all the error messages it wraps. -func (m CertificateResponseMultiError) Error() string { - var msgs []string - for _, err := range m { - msgs = append(msgs, err.Error()) - } - return strings.Join(msgs, "; ") -} - -// AllErrors returns a list of validation violation errors. -func (m CertificateResponseMultiError) AllErrors() []error { return m } - -// CertificateResponseValidationError is the validation error returned by -// CertificateResponse.Validate if the designated constraints aren't met. -type CertificateResponseValidationError struct { - field string - reason string - cause error - key bool -} - -// Field function returns field value. -func (e CertificateResponseValidationError) Field() string { return e.field } - -// Reason function returns reason value. -func (e CertificateResponseValidationError) Reason() string { return e.reason } - -// Cause function returns cause value. -func (e CertificateResponseValidationError) Cause() error { return e.cause } - -// Key function returns key value. -func (e CertificateResponseValidationError) Key() bool { return e.key } - -// ErrorName returns error name. -func (e CertificateResponseValidationError) ErrorName() string { - return "CertificateResponseValidationError" -} - -// Error satisfies the builtin error interface -func (e CertificateResponseValidationError) Error() string { - cause := "" - if e.cause != nil { - cause = fmt.Sprintf(" | caused by: %v", e.cause) - } - - key := "" - if e.key { - key = "key for " - } - - return fmt.Sprintf( - "invalid %sCertificateResponse.%s: %s%s", - key, - e.field, - e.reason, - cause) -} - -var _ error = CertificateResponseValidationError{} - -var _ interface { - Field() string - Reason() string - Key() bool - Cause() error - ErrorName() string -} = CertificateResponseValidationError{} diff --git a/pkg/apis/security/v1/security.proto b/pkg/apis/security/v1/security.proto deleted file mode 100644 index 0126a3e..0000000 --- a/pkg/apis/security/v1/security.proto +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Copyright 2022 The Dragonfly Authors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -syntax = "proto3"; - -package security; - -import "google/protobuf/duration.proto"; -import "validate/validate.proto"; - -option go_package = "d7y.io/api/v2/pkg/apis/security/v1;security"; - -// Refer: https://github.com/istio/api/blob/master/security/v1alpha1/ca.proto -// Istio defines similar api for signing certificate, but it's not applicable in Dragonfly. - -// Certificate request type. -// Dragonfly supports peers authentication with Mutual TLS(mTLS) -// For mTLS, all peers need to request TLS certificates for communicating -// The server side may overwrite ant requested certificate filed based on its policies. -message CertificateRequest { - // ASN.1 DER form certificate request. - // The public key in the CSR is used to generate the certificate, - // and other fields in the generated certificate may be overwritten by the CA. - bytes csr = 1 [(validate.rules).bytes.min_len = 1]; - // Optional: requested certificate validity period. - google.protobuf.Duration validity_period = 2 [(validate.rules).duration.required = true]; -} - -// Certificate response type. -message CertificateResponse { - // ASN.1 DER form certificate chain. - repeated bytes certificate_chain = 1 [(validate.rules).repeated.min_items = 1]; -} - -// Service for managing certificates issued by the CA. -service Certificate { - // Using provided CSR, returns a signed certificate. - rpc IssueCertificate(CertificateRequest) - returns (CertificateResponse) { - } -} diff --git a/pkg/apis/security/v1/security_grpc.pb.go b/pkg/apis/security/v1/security_grpc.pb.go deleted file mode 100644 index cd4cc74..0000000 --- a/pkg/apis/security/v1/security_grpc.pb.go +++ /dev/null @@ -1,105 +0,0 @@ -// Code generated by protoc-gen-go-grpc. DO NOT EDIT. -// versions: -// - protoc-gen-go-grpc v1.2.0 -// - protoc v3.21.6 -// source: pkg/apis/security/v1/security.proto - -package security - -import ( - context "context" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" -) - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 - -// CertificateClient is the client API for Certificate service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. -type CertificateClient interface { - // Using provided CSR, returns a signed certificate. - IssueCertificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error) -} - -type certificateClient struct { - cc grpc.ClientConnInterface -} - -func NewCertificateClient(cc grpc.ClientConnInterface) CertificateClient { - return &certificateClient{cc} -} - -func (c *certificateClient) IssueCertificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error) { - out := new(CertificateResponse) - err := c.cc.Invoke(ctx, "/security.Certificate/IssueCertificate", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// CertificateServer is the server API for Certificate service. -// All implementations should embed UnimplementedCertificateServer -// for forward compatibility -type CertificateServer interface { - // Using provided CSR, returns a signed certificate. - IssueCertificate(context.Context, *CertificateRequest) (*CertificateResponse, error) -} - -// UnimplementedCertificateServer should be embedded to have forward compatible implementations. -type UnimplementedCertificateServer struct { -} - -func (UnimplementedCertificateServer) IssueCertificate(context.Context, *CertificateRequest) (*CertificateResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method IssueCertificate not implemented") -} - -// UnsafeCertificateServer may be embedded to opt out of forward compatibility for this service. -// Use of this interface is not recommended, as added methods to CertificateServer will -// result in compilation errors. -type UnsafeCertificateServer interface { - mustEmbedUnimplementedCertificateServer() -} - -func RegisterCertificateServer(s grpc.ServiceRegistrar, srv CertificateServer) { - s.RegisterService(&Certificate_ServiceDesc, srv) -} - -func _Certificate_IssueCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CertificateRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CertificateServer).IssueCertificate(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/security.Certificate/IssueCertificate", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CertificateServer).IssueCertificate(ctx, req.(*CertificateRequest)) - } - return interceptor(ctx, in, info, handler) -} - -// Certificate_ServiceDesc is the grpc.ServiceDesc for Certificate service. -// It's only intended for direct use with grpc.RegisterService, -// and not to be introspected or modified (even as a copy) -var Certificate_ServiceDesc = grpc.ServiceDesc{ - ServiceName: "security.Certificate", - HandlerType: (*CertificateServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "IssueCertificate", - Handler: _Certificate_IssueCertificate_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "pkg/apis/security/v1/security.proto", -} diff --git a/proto/security.proto b/proto/security.proto deleted file mode 100644 index 72064e0..0000000 --- a/proto/security.proto +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright 2022 The Dragonfly Authors - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -syntax = "proto3"; - -package security; - -import "google/protobuf/duration.proto"; - -// Refer: https://github.com/istio/api/blob/master/security/v1alpha1/ca.proto -// Istio defines similar api for signing certificate, but it's not applicable in Dragonfly. - -// Certificate request type. -// Dragonfly supports peers authentication with Mutual TLS(mTLS) -// For mTLS, all peers need to request TLS certificates for communicating -// The server side may overwrite ant requested certificate filed based on its policies. -message CertificateRequest { - // ASN.1 DER form certificate request. - // The public key in the CSR is used to generate the certificate, - // and other fields in the generated certificate may be overwritten by the CA. - bytes csr = 1; - // Optional: requested certificate validity period. - google.protobuf.Duration validity_period = 2; -} - -// Certificate response type. -message CertificateResponse { - // ASN.1 DER form certificate chain. - repeated bytes certificate_chain = 1; -} - -// Service for managing certificates issued by the CA. -service Certificate { - // Using provided CSR, returns a signed certificate. - rpc IssueCertificate(CertificateRequest) - returns (CertificateResponse) { - } -} diff --git a/src/descriptor.bin b/src/descriptor.bin index 9ae609b..c50399c 100644 Binary files a/src/descriptor.bin and b/src/descriptor.bin differ diff --git a/src/lib.rs b/src/lib.rs index 78d213f..467bada 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -28,7 +28,5 @@ pub mod scheduler { pub mod v2; } -pub mod security; - // FILE_DESCRIPTOR_SET is the serialized FileDescriptorSet of the proto files. pub const FILE_DESCRIPTOR_SET: &[u8] = include_bytes!("descriptor.bin"); diff --git a/src/security.rs b/src/security.rs deleted file mode 100644 index 834170e..0000000 --- a/src/security.rs +++ /dev/null @@ -1,315 +0,0 @@ -// This file is @generated by prost-build. -/// Certificate request type. -/// Dragonfly supports peers authentication with Mutual TLS(mTLS) -/// For mTLS, all peers need to request TLS certificates for communicating -/// The server side may overwrite ant requested certificate filed based on its policies. -#[derive(serde::Serialize, serde::Deserialize)] -#[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] -pub struct CertificateRequest { - /// ASN.1 DER form certificate request. - /// The public key in the CSR is used to generate the certificate, - /// and other fields in the generated certificate may be overwritten by the CA. - #[prost(bytes = "vec", tag = "1")] - pub csr: ::prost::alloc::vec::Vec, - /// Optional: requested certificate validity period. - #[prost(message, optional, tag = "2")] - pub validity_period: ::core::option::Option<::prost_wkt_types::Duration>, -} -/// Certificate response type. -#[derive(serde::Serialize, serde::Deserialize)] -#[allow(clippy::derive_partial_eq_without_eq)] -#[derive(Clone, PartialEq, ::prost::Message)] -pub struct CertificateResponse { - /// ASN.1 DER form certificate chain. - #[prost(bytes = "vec", repeated, tag = "1")] - pub certificate_chain: ::prost::alloc::vec::Vec<::prost::alloc::vec::Vec>, -} -/// Generated client implementations. -pub mod certificate_client { - #![allow(unused_variables, dead_code, missing_docs, clippy::let_unit_value)] - use tonic::codegen::*; - use tonic::codegen::http::Uri; - /// Service for managing certificates issued by the CA. - #[derive(Debug, Clone)] - pub struct CertificateClient { - inner: tonic::client::Grpc, - } - impl CertificateClient { - /// Attempt to create a new client by connecting to a given endpoint. - pub async fn connect(dst: D) -> Result - where - D: TryInto, - D::Error: Into, - { - let conn = tonic::transport::Endpoint::new(dst)?.connect().await?; - Ok(Self::new(conn)) - } - } - impl CertificateClient - where - T: tonic::client::GrpcService, - T::Error: Into, - T::ResponseBody: Body + std::marker::Send + 'static, - ::Error: Into + std::marker::Send, - { - pub fn new(inner: T) -> Self { - let inner = tonic::client::Grpc::new(inner); - Self { inner } - } - pub fn with_origin(inner: T, origin: Uri) -> Self { - let inner = tonic::client::Grpc::with_origin(inner, origin); - Self { inner } - } - pub fn with_interceptor( - inner: T, - interceptor: F, - ) -> CertificateClient> - where - F: tonic::service::Interceptor, - T::ResponseBody: Default, - T: tonic::codegen::Service< - http::Request, - Response = http::Response< - >::ResponseBody, - >, - >, - , - >>::Error: Into + std::marker::Send + std::marker::Sync, - { - CertificateClient::new(InterceptedService::new(inner, interceptor)) - } - /// Compress requests with the given encoding. - /// - /// This requires the server to support it otherwise it might respond with an - /// error. - #[must_use] - pub fn send_compressed(mut self, encoding: CompressionEncoding) -> Self { - self.inner = self.inner.send_compressed(encoding); - self - } - /// Enable decompressing responses. - #[must_use] - pub fn accept_compressed(mut self, encoding: CompressionEncoding) -> Self { - self.inner = self.inner.accept_compressed(encoding); - self - } - /// Limits the maximum size of a decoded message. - /// - /// Default: `4MB` - #[must_use] - pub fn max_decoding_message_size(mut self, limit: usize) -> Self { - self.inner = self.inner.max_decoding_message_size(limit); - self - } - /// Limits the maximum size of an encoded message. - /// - /// Default: `usize::MAX` - #[must_use] - pub fn max_encoding_message_size(mut self, limit: usize) -> Self { - self.inner = self.inner.max_encoding_message_size(limit); - self - } - /// Using provided CSR, returns a signed certificate. - pub async fn issue_certificate( - &mut self, - request: impl tonic::IntoRequest, - ) -> std::result::Result< - tonic::Response, - tonic::Status, - > { - self.inner - .ready() - .await - .map_err(|e| { - tonic::Status::new( - tonic::Code::Unknown, - format!("Service was not ready: {}", e.into()), - ) - })?; - let codec = tonic::codec::ProstCodec::default(); - let path = http::uri::PathAndQuery::from_static( - "/security.Certificate/IssueCertificate", - ); - let mut req = request.into_request(); - req.extensions_mut() - .insert(GrpcMethod::new("security.Certificate", "IssueCertificate")); - self.inner.unary(req, path, codec).await - } - } -} -/// Generated server implementations. -pub mod certificate_server { - #![allow(unused_variables, dead_code, missing_docs, clippy::let_unit_value)] - use tonic::codegen::*; - /// Generated trait containing gRPC methods that should be implemented for use with CertificateServer. - #[async_trait] - pub trait Certificate: std::marker::Send + std::marker::Sync + 'static { - /// Using provided CSR, returns a signed certificate. - async fn issue_certificate( - &self, - request: tonic::Request, - ) -> std::result::Result< - tonic::Response, - tonic::Status, - >; - } - /// Service for managing certificates issued by the CA. - #[derive(Debug)] - pub struct CertificateServer { - inner: Arc, - accept_compression_encodings: EnabledCompressionEncodings, - send_compression_encodings: EnabledCompressionEncodings, - max_decoding_message_size: Option, - max_encoding_message_size: Option, - } - impl CertificateServer { - pub fn new(inner: T) -> Self { - Self::from_arc(Arc::new(inner)) - } - pub fn from_arc(inner: Arc) -> Self { - Self { - inner, - accept_compression_encodings: Default::default(), - send_compression_encodings: Default::default(), - max_decoding_message_size: None, - max_encoding_message_size: None, - } - } - pub fn with_interceptor( - inner: T, - interceptor: F, - ) -> InterceptedService - where - F: tonic::service::Interceptor, - { - InterceptedService::new(Self::new(inner), interceptor) - } - /// Enable decompressing requests with the given encoding. - #[must_use] - pub fn accept_compressed(mut self, encoding: CompressionEncoding) -> Self { - self.accept_compression_encodings.enable(encoding); - self - } - /// Compress responses with the given encoding, if the client supports it. - #[must_use] - pub fn send_compressed(mut self, encoding: CompressionEncoding) -> Self { - self.send_compression_encodings.enable(encoding); - self - } - /// Limits the maximum size of a decoded message. - /// - /// Default: `4MB` - #[must_use] - pub fn max_decoding_message_size(mut self, limit: usize) -> Self { - self.max_decoding_message_size = Some(limit); - self - } - /// Limits the maximum size of an encoded message. - /// - /// Default: `usize::MAX` - #[must_use] - pub fn max_encoding_message_size(mut self, limit: usize) -> Self { - self.max_encoding_message_size = Some(limit); - self - } - } - impl tonic::codegen::Service> for CertificateServer - where - T: Certificate, - B: Body + std::marker::Send + 'static, - B::Error: Into + std::marker::Send + 'static, - { - type Response = http::Response; - type Error = std::convert::Infallible; - type Future = BoxFuture; - fn poll_ready( - &mut self, - _cx: &mut Context<'_>, - ) -> Poll> { - Poll::Ready(Ok(())) - } - fn call(&mut self, req: http::Request) -> Self::Future { - match req.uri().path() { - "/security.Certificate/IssueCertificate" => { - #[allow(non_camel_case_types)] - struct IssueCertificateSvc(pub Arc); - impl< - T: Certificate, - > tonic::server::UnaryService - for IssueCertificateSvc { - type Response = super::CertificateResponse; - type Future = BoxFuture< - tonic::Response, - tonic::Status, - >; - fn call( - &mut self, - request: tonic::Request, - ) -> Self::Future { - let inner = Arc::clone(&self.0); - let fut = async move { - ::issue_certificate(&inner, request).await - }; - Box::pin(fut) - } - } - let accept_compression_encodings = self.accept_compression_encodings; - let send_compression_encodings = self.send_compression_encodings; - let max_decoding_message_size = self.max_decoding_message_size; - let max_encoding_message_size = self.max_encoding_message_size; - let inner = self.inner.clone(); - let fut = async move { - let method = IssueCertificateSvc(inner); - let codec = tonic::codec::ProstCodec::default(); - let mut grpc = tonic::server::Grpc::new(codec) - .apply_compression_config( - accept_compression_encodings, - send_compression_encodings, - ) - .apply_max_message_size_config( - max_decoding_message_size, - max_encoding_message_size, - ); - let res = grpc.unary(method, req).await; - Ok(res) - }; - Box::pin(fut) - } - _ => { - Box::pin(async move { - Ok( - http::Response::builder() - .status(200) - .header("grpc-status", tonic::Code::Unimplemented as i32) - .header( - http::header::CONTENT_TYPE, - tonic::metadata::GRPC_CONTENT_TYPE, - ) - .body(empty_body()) - .unwrap(), - ) - }) - } - } - } - } - impl Clone for CertificateServer { - fn clone(&self) -> Self { - let inner = self.inner.clone(); - Self { - inner, - accept_compression_encodings: self.accept_compression_encodings, - send_compression_encodings: self.send_compression_encodings, - max_decoding_message_size: self.max_decoding_message_size, - max_encoding_message_size: self.max_encoding_message_size, - } - } - } - /// Generated gRPC service name - pub const SERVICE_NAME: &str = "security.Certificate"; - impl tonic::server::NamedService for CertificateServer { - const NAME: &'static str = SERVICE_NAME; - } -}