refactor: security proto (#12)

Signed-off-by: Gaius <gaius.qi@gmail.com>
2022-09-01 11:47:25 +08:00 · 2022-09-01 11:47:25 +08:00 · be1c6f61d6
parent dbdf68a889
commit be1c6f61d6
3 changed files with 84 additions and 41 deletions
--- a/pkg/apis/security/v1/security.pb.go
+++ b/pkg/apis/security/v1/security.pb.go
@ -23,11 +23,13 @@ package v1

 import (
 	context "context"
+	_ "github.com/envoyproxy/protoc-gen-validate/validate"
 	grpc "google.golang.org/grpc"
 	codes "google.golang.org/grpc/codes"
 	status "google.golang.org/grpc/status"
 	protoreflect "google.golang.org/protobuf/reflect/protoreflect"
 	protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+	durationpb "google.golang.org/protobuf/types/known/durationpb"
 	reflect "reflect"
 	sync "sync"
 )
@ -52,8 +54,8 @@ type CertificateRequest struct {
 	// The public key in the CSR is used to generate the certificate,
 	// and other fields in the generated certificate may be overwritten by the CA.
 	Csr string `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"`
-	// Optional: requested certificate validity period, in seconds.
-	ValidityDuration int64 `protobuf:"varint,2,opt,name=validity_duration,json=validityDuration,proto3" json:"validity_duration,omitempty"`
+	// Optional: requested certificate validity period.
+	ValidityPeriod *durationpb.Duration `protobuf:"bytes,2,opt,name=validity_period,json=validityPeriod,proto3" json:"validity_period,omitempty"`
 }

 func (x *CertificateRequest) Reset() {
@ -95,11 +97,11 @@ func (x *CertificateRequest) GetCsr() string {
 	return ""
 }

-func (x *CertificateRequest) GetValidityDuration() int64 {
+func (x *CertificateRequest) GetValidityPeriod() *durationpb.Duration {
 	if x != nil {
-		return x.ValidityDuration
+		return x.ValidityPeriod
 	}
-	return 0
+	return nil
 }

 // Certificate response type.
@ -109,7 +111,7 @@ type CertificateResponse struct {
 	unknownFields protoimpl.UnknownFields

 	// PEM-encoded certificate chain.
-	CertificateChain []string `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
+	CertificateChain [][]byte `protobuf:"bytes,1,rep,name=certificate_chain,json=certificateChain,proto3" json:"certificate_chain,omitempty"`
 }

 func (x *CertificateResponse) Reset() {
@ -144,7 +146,7 @@ func (*CertificateResponse) Descriptor() ([]byte, []int) {
 	return file_pkg_apis_security_v1_security_proto_rawDescGZIP(), []int{1}
 }

-func (x *CertificateResponse) GetCertificateChain() []string {
+func (x *CertificateResponse) GetCertificateChain() [][]byte {
 	if x != nil {
 		return x.CertificateChain
 	}
@ -156,26 +158,33 @@ var File_pkg_apis_security_v1_security_proto protoreflect.FileDescriptor
 var file_pkg_apis_security_v1_security_proto_rawDesc = []byte{
 	0x0a, 0x23, 0x70, 0x6b, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x73, 0x65, 0x63, 0x75, 0x72,
 	0x69, 0x74, 0x79, 0x2f, 0x76, 0x31, 0x2f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x22,
-	0x53, 0x0a, 0x12, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65,
-	0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x63, 0x73, 0x72, 0x18, 0x01, 0x20, 0x01,
-	0x28, 0x09, 0x52, 0x03, 0x63, 0x73, 0x72, 0x12, 0x2b, 0x0a, 0x11, 0x76, 0x61, 0x6c, 0x69, 0x64,
-	0x69, 0x74, 0x79, 0x5f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01,
-	0x28, 0x03, 0x52, 0x10, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x69, 0x74, 0x79, 0x44, 0x75, 0x72, 0x61,
-	0x74, 0x69, 0x6f, 0x6e, 0x22, 0x42, 0x0a, 0x13, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2b, 0x0a, 0x11, 0x63,
-	0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68, 0x61, 0x69, 0x6e,
-	0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
-	0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x32, 0x67, 0x0a, 0x12, 0x43, 0x65, 0x72, 0x74,
-	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x51,
-	0x0a, 0x10, 0x49, 0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61,
-	0x74, 0x65, 0x12, 0x1c, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x43, 0x65,
-	0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
-	0x1a, 0x1d, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x43, 0x65, 0x72, 0x74,
-	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
-	0x00, 0x42, 0x21, 0x5a, 0x1f, 0x64, 0x37, 0x79, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f,
-	0x70, 0x6b, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74,
-	0x79, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x1a,
+	0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+	0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a,
+	0x17, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61,
+	0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x7d, 0x0a, 0x12, 0x43, 0x65, 0x72, 0x74,
+	0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x19,
+	0x0a, 0x03, 0x63, 0x73, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04,
+	0x72, 0x02, 0x10, 0x01, 0x52, 0x03, 0x63, 0x73, 0x72, 0x12, 0x4c, 0x0a, 0x0f, 0x76, 0x61, 0x6c,
+	0x69, 0x64, 0x69, 0x74, 0x79, 0x5f, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x18, 0x02, 0x20, 0x01,
+	0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x08, 0xfa,
+	0x42, 0x05, 0xaa, 0x01, 0x02, 0x08, 0x01, 0x52, 0x0e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x69, 0x74,
+	0x79, 0x50, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x22, 0x4c, 0x0a, 0x13, 0x43, 0x65, 0x72, 0x74, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x35,
+	0x0a, 0x11, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x68,
+	0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0c, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x92, 0x01,
+	0x02, 0x08, 0x01, 0x52, 0x10, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65,
+	0x43, 0x68, 0x61, 0x69, 0x6e, 0x32, 0x67, 0x0a, 0x12, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x65, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x51, 0x0a, 0x10, 0x49,
+	0x73, 0x73, 0x75, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12,
+	0x1c, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69,
+	0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e,
+	0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+	0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x21,
+	0x5a, 0x1f, 0x64, 0x37, 0x79, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x70, 0x6b, 0x67,
+	0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x76,
+	0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }

 var (
@ -194,15 +203,17 @@ var file_pkg_apis_security_v1_security_proto_msgTypes = make([]protoimpl.Message
 var file_pkg_apis_security_v1_security_proto_goTypes = []interface{}{
 	(*CertificateRequest)(nil),  // 0: security.CertificateRequest
 	(*CertificateResponse)(nil), // 1: security.CertificateResponse
+	(*durationpb.Duration)(nil), // 2: google.protobuf.Duration
 }
 var file_pkg_apis_security_v1_security_proto_depIdxs = []int32{
-	0, // 0: security.CertificateService.IssueCertificate:input_type -> security.CertificateRequest
-	1, // 1: security.CertificateService.IssueCertificate:output_type -> security.CertificateResponse
-	1, // [1:2] is the sub-list for method output_type
-	0, // [0:1] is the sub-list for method input_type
-	0, // [0:0] is the sub-list for extension type_name
-	0, // [0:0] is the sub-list for extension extendee
-	0, // [0:0] is the sub-list for field type_name
+	2, // 0: security.CertificateRequest.validity_period:type_name -> google.protobuf.Duration
+	0, // 1: security.CertificateService.IssueCertificate:input_type -> security.CertificateRequest
+	1, // 2: security.CertificateService.IssueCertificate:output_type -> security.CertificateResponse
+	2, // [2:3] is the sub-list for method output_type
+	1, // [1:2] is the sub-list for method input_type
+	1, // [1:1] is the sub-list for extension type_name
+	1, // [1:1] is the sub-list for extension extendee
+	0, // [0:1] is the sub-list for field type_name
 }

 func init() { file_pkg_apis_security_v1_security_proto_init() }
--- a/pkg/apis/security/v1/security.pb.validate.go
+++ b/pkg/apis/security/v1/security.pb.validate.go
@ -57,9 +57,27 @@ func (m *CertificateRequest) validate(all bool) error {

 	var errors []error

-	// no validation rules for Csr
+	if utf8.RuneCountInString(m.GetCsr()) < 1 {
+		err := CertificateRequestValidationError{
+			field:  "Csr",
+			reason: "value length must be at least 1 runes",
+		}
+		if !all {
+			return err
+		}
+		errors = append(errors, err)
+	}

-	// no validation rules for ValidityDuration
+	if m.GetValidityPeriod() == nil {
+		err := CertificateRequestValidationError{
+			field:  "ValidityPeriod",
+			reason: "value is required",
+		}
+		if !all {
+			return err
+		}
+		errors = append(errors, err)
+	}

 	if len(errors) > 0 {
 		return CertificateRequestMultiError(errors)
@ -163,6 +181,17 @@ func (m *CertificateResponse) validate(all bool) error {

 	var errors []error

+	if len(m.GetCertificateChain()) < 1 {
+		err := CertificateResponseValidationError{
+			field:  "CertificateChain",
+			reason: "value must contain at least 1 item(s)",
+		}
+		if !all {
+			return err
+		}
+		errors = append(errors, err)
+	}
+
 	if len(errors) > 0 {
 		return CertificateResponseMultiError(errors)
 	}
--- a/pkg/apis/security/v1/security.proto
+++ b/pkg/apis/security/v1/security.proto
@ -18,6 +18,9 @@ syntax = "proto3";

 package security;

+import "google/protobuf/duration.proto";
+import "validate/validate.proto";
+
 option go_package = "d7y.io/api/pkg/apis/security/v1";

 // Refer: https://github.com/istio/api/blob/master/security/v1alpha1/ca.proto
@ -31,15 +34,15 @@ message CertificateRequest {
  // PEM-encoded certificate request.
  // The public key in the CSR is used to generate the certificate,
  // and other fields in the generated certificate may be overwritten by the CA.
-  string csr = 1;
-  // Optional: requested certificate validity period, in seconds.
-  int64 validity_duration = 2;
+  string csr = 1 [(validate.rules).string.min_len = 1];
+  // Optional: requested certificate validity period.
+  google.protobuf.Duration validity_period = 2 [(validate.rules).duration.required = true];
 }

 // Certificate response type.
 message CertificateResponse {
  // PEM-encoded certificate chain.
-  repeated string certificate_chain = 1;
+  repeated bytes certificate_chain = 1 [(validate.rules).repeated.min_items = 1];
 }

 // Service for managing certificates issued by the CA.
@ -48,4 +51,4 @@ service CertificateService {
  rpc IssueCertificate(CertificateRequest)
      returns (CertificateResponse) {
  }
-}
+}