From e05f3dc38e6956c8af0ffcd3f9c0c24c5cf2d295 Mon Sep 17 00:00:00 2001 From: marcushines <80116818+marcushines@users.noreply.github.com> Date: Mon, 4 Mar 2024 15:10:32 -0600 Subject: [PATCH 01/13] update bazel version (#165) --- .bazelversion | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.bazelversion b/.bazelversion index 09b254e..19b860c 100644 --- a/.bazelversion +++ b/.bazelversion @@ -1 +1 @@ -6.0.0 +6.4.0 From e08ebfe537e1603015291898e6d5e9abe1562a0b Mon Sep 17 00:00:00 2001 From: Marcus Hines Date: Mon, 4 Mar 2024 20:01:24 +0000 Subject: [PATCH 02/13] Update readme to use agreed upon profile name and clarify the expectation that only new profiles will be created to use other certs --- certz/README.md | 9 +++++---- certz/certz.proto | 3 ++- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/certz/README.md b/certz/README.md index 1c0956f..ce062c5 100644 --- a/certz/README.md +++ b/certz/README.md @@ -40,10 +40,9 @@ Certificate Authority chain of certificates (a.k.a. a CA trust bundle) and a set of Certificate Revocation Lists into a set that then can be assigned as a whole to a gRPC server. -There is at least one profile present on a target - the one that is used by -the gNxI server. Its ID is `gNxI` but when the `ssl_profile_id` field in the +There is always at least one profile present on a target - the `system_default_profile` which is vendor provided. This profile cannot be changed. If the use but when the `ssl_profile_id` field in the `RotateCertificateRequest` message is not set (or set to an empty string) it -also refers this SSL profile. +also refers this SSL profile. (This statement will be deprecated once all vendors standardize on the key name) Profiles existing on a target can be discovered using the `Certz.GetProfileList()` RPC. @@ -97,10 +96,12 @@ policy before accepting the connection. The system will always provide a default TLS profile that uses the IDevID cert. This profile will always be available and cannot be changed. It should use the name -"gNxI". +"system_default_profile". An attempt to change or delete this profile will return an error. +The system will start with this profile and either bootz or enrollz will be responsible for creating an alternate profile during device turnup if those workflows are used. + #### Create a SSL profile Call `Certz.AddProfile` RPC with the `ssl_profile_id` field specifying the ID diff --git a/certz/certz.proto b/certz/certz.proto index db882d9..d2cd7e9 100644 --- a/certz/certz.proto +++ b/certz/certz.proto @@ -41,7 +41,8 @@ option go_package = "github.com/openconfig/gnsi/cert"; // // Target (as seen from gNSI.certificate microservice point of view) // | -// +-+ SSL profile for gNXI; always present; ssl_profile_id := "gNxI" +// +-+ SSL profile for gNXI; always present and immutable; +// | ssl_profile_id := "system_default_profile" // | | // | +-+ certificate // | | +- certificate (with public key) From 718ee9102f4676e11485ff151e9caa4fa74f57e1 Mon Sep 17 00:00:00 2001 From: marcushines <80116818+marcushines@users.noreply.github.com> Date: Tue, 5 Mar 2024 13:03:12 -0600 Subject: [PATCH 03/13] Add ExistingEntity to allow copying Entities from existing profiles. (#168) this allows new profiles to utilize either system default or other profiles Entities such as trust bundle, CRLs, Auth policy, or certs. --- certz/README.md | 2 + certz/certz.pb.go | 578 +++++++++++++++++++++++++++++----------------- certz/certz.proto | 18 ++ 3 files changed, 392 insertions(+), 206 deletions(-) diff --git a/certz/README.md b/certz/README.md index ce062c5..3bf224a 100644 --- a/certz/README.md +++ b/certz/README.md @@ -106,6 +106,8 @@ The system will start with this profile and either bootz or enrollz will be resp Call `Certz.AddProfile` RPC with the `ssl_profile_id` field specifying the ID of the new SSL profile. +A new profile can choose to use existing artifacts from other profiles, via sending `Entity` messages with `ExistingEntity` set with the ssl_profile_id set to the source +profile to copy from. #### Delete a SSL profile diff --git a/certz/certz.pb.go b/certz/certz.pb.go index 3f39981..90d8001 100644 --- a/certz/certz.pb.go +++ b/certz/certz.pb.go @@ -220,6 +220,61 @@ func (CertificateEncoding) EnumDescriptor() ([]byte, []int) { return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP(), []int{2} } +type ExistingEntity_EntityType int32 + +const ( + ExistingEntity_ENTITY_TYPE_UNSPECIFIED ExistingEntity_EntityType = 0 + ExistingEntity_ENTITY_TYPE_CERTIFICATE_CHAIN ExistingEntity_EntityType = 1 + ExistingEntity_ENTITY_TYPE_TRUST_BUNDLE ExistingEntity_EntityType = 2 + ExistingEntity_ENTITY_TYPE_CERTIFICATE_REVOCATION_LIST_BUNDLE ExistingEntity_EntityType = 3 + ExistingEntity_ENTITY_TYPE_AUTHENTICATION_POLICY ExistingEntity_EntityType = 4 +) + +// Enum value maps for ExistingEntity_EntityType. +var ( + ExistingEntity_EntityType_name = map[int32]string{ + 0: "ENTITY_TYPE_UNSPECIFIED", + 1: "ENTITY_TYPE_CERTIFICATE_CHAIN", + 2: "ENTITY_TYPE_TRUST_BUNDLE", + 3: "ENTITY_TYPE_CERTIFICATE_REVOCATION_LIST_BUNDLE", + 4: "ENTITY_TYPE_AUTHENTICATION_POLICY", + } + ExistingEntity_EntityType_value = map[string]int32{ + "ENTITY_TYPE_UNSPECIFIED": 0, + "ENTITY_TYPE_CERTIFICATE_CHAIN": 1, + "ENTITY_TYPE_TRUST_BUNDLE": 2, + "ENTITY_TYPE_CERTIFICATE_REVOCATION_LIST_BUNDLE": 3, + "ENTITY_TYPE_AUTHENTICATION_POLICY": 4, + } +) + +func (x ExistingEntity_EntityType) Enum() *ExistingEntity_EntityType { + p := new(ExistingEntity_EntityType) + *p = x + return p +} + +func (x ExistingEntity_EntityType) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (ExistingEntity_EntityType) Descriptor() protoreflect.EnumDescriptor { + return file_github_com_openconfig_gnsi_certz_certz_proto_enumTypes[3].Descriptor() +} + +func (ExistingEntity_EntityType) Type() protoreflect.EnumType { + return &file_github_com_openconfig_gnsi_certz_certz_proto_enumTypes[3] +} + +func (x ExistingEntity_EntityType) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use ExistingEntity_EntityType.Descriptor instead. +func (ExistingEntity_EntityType) EnumDescriptor() ([]byte, []int) { + return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP(), []int{19, 0} +} + type RotateCertificateRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1309,6 +1364,7 @@ type Entity struct { // *Entity_TrustBundle // *Entity_CertificateRevocationListBundle // *Entity_AuthenticationPolicy + // *Entity_ExistingEntity Entity isEntity_Entity `protobuf_oneof:"entity"` } @@ -1393,6 +1449,13 @@ func (x *Entity) GetAuthenticationPolicy() *AuthenticationPolicy { return nil } +func (x *Entity) GetExistingEntity() *ExistingEntity { + if x, ok := x.GetEntity().(*Entity_ExistingEntity); ok { + return x.ExistingEntity + } + return nil +} + type isEntity_Entity interface { isEntity_Entity() } @@ -1413,6 +1476,10 @@ type Entity_AuthenticationPolicy struct { AuthenticationPolicy *AuthenticationPolicy `protobuf:"bytes,6,opt,name=authentication_policy,json=authenticationPolicy,proto3,oneof"` } +type Entity_ExistingEntity struct { + ExistingEntity *ExistingEntity `protobuf:"bytes,7,opt,name=existing_entity,json=existingEntity,proto3,oneof"` +} + func (*Entity_CertificateChain) isEntity_Entity() {} func (*Entity_TrustBundle) isEntity_Entity() {} @@ -1421,6 +1488,63 @@ func (*Entity_CertificateRevocationListBundle) isEntity_Entity() {} func (*Entity_AuthenticationPolicy) isEntity_Entity() {} +func (*Entity_ExistingEntity) isEntity_Entity() {} + +type ExistingEntity struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + SslProfileId string `protobuf:"bytes,1,opt,name=ssl_profile_id,json=sslProfileId,proto3" json:"ssl_profile_id,omitempty"` + EntityType ExistingEntity_EntityType `protobuf:"varint,2,opt,name=entity_type,json=entityType,proto3,enum=gnsi.certz.v1.ExistingEntity_EntityType" json:"entity_type,omitempty"` +} + +func (x *ExistingEntity) Reset() { + *x = ExistingEntity{} + if protoimpl.UnsafeEnabled { + mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[19] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ExistingEntity) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ExistingEntity) ProtoMessage() {} + +func (x *ExistingEntity) ProtoReflect() protoreflect.Message { + mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[19] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ExistingEntity.ProtoReflect.Descriptor instead. +func (*ExistingEntity) Descriptor() ([]byte, []int) { + return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP(), []int{19} +} + +func (x *ExistingEntity) GetSslProfileId() string { + if x != nil { + return x.SslProfileId + } + return "" +} + +func (x *ExistingEntity) GetEntityType() ExistingEntity_EntityType { + if x != nil { + return x.EntityType + } + return ExistingEntity_ENTITY_TYPE_UNSPECIFIED +} + type UploadRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1432,7 +1556,7 @@ type UploadRequest struct { func (x *UploadRequest) Reset() { *x = UploadRequest{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[19] + mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[20] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1445,7 +1569,7 @@ func (x *UploadRequest) String() string { func (*UploadRequest) ProtoMessage() {} func (x *UploadRequest) ProtoReflect() protoreflect.Message { - mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[19] + mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[20] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1458,7 +1582,7 @@ func (x *UploadRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use UploadRequest.ProtoReflect.Descriptor instead. func (*UploadRequest) Descriptor() ([]byte, []int) { - return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP(), []int{19} + return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP(), []int{20} } func (x *UploadRequest) GetEntities() []*Entity { @@ -1477,7 +1601,7 @@ type UploadResponse struct { func (x *UploadResponse) Reset() { *x = UploadResponse{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[20] + mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[21] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1490,7 +1614,7 @@ func (x *UploadResponse) String() string { func (*UploadResponse) ProtoMessage() {} func (x *UploadResponse) ProtoReflect() protoreflect.Message { - mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[20] + mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[21] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1503,7 +1627,7 @@ func (x *UploadResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use UploadResponse.ProtoReflect.Descriptor instead. func (*UploadResponse) Descriptor() ([]byte, []int) { - return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP(), []int{20} + return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP(), []int{21} } type CertificateSigningRequest struct { @@ -1519,7 +1643,7 @@ type CertificateSigningRequest struct { func (x *CertificateSigningRequest) Reset() { *x = CertificateSigningRequest{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[21] + mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[22] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1532,7 +1656,7 @@ func (x *CertificateSigningRequest) String() string { func (*CertificateSigningRequest) ProtoMessage() {} func (x *CertificateSigningRequest) ProtoReflect() protoreflect.Message { - mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[21] + mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[22] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1545,7 +1669,7 @@ func (x *CertificateSigningRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use CertificateSigningRequest.ProtoReflect.Descriptor instead. func (*CertificateSigningRequest) Descriptor() ([]byte, []int) { - return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP(), []int{21} + return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP(), []int{22} } func (x *CertificateSigningRequest) GetType() CertificateType { @@ -1580,7 +1704,7 @@ type GenerateCSRRequest struct { func (x *GenerateCSRRequest) Reset() { *x = GenerateCSRRequest{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[22] + mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[23] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1593,7 +1717,7 @@ func (x *GenerateCSRRequest) String() string { func (*GenerateCSRRequest) ProtoMessage() {} func (x *GenerateCSRRequest) ProtoReflect() protoreflect.Message { - mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[22] + mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[23] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1606,7 +1730,7 @@ func (x *GenerateCSRRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use GenerateCSRRequest.ProtoReflect.Descriptor instead. func (*GenerateCSRRequest) Descriptor() ([]byte, []int) { - return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP(), []int{22} + return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP(), []int{23} } func (x *GenerateCSRRequest) GetParams() *CSRParams { @@ -1627,7 +1751,7 @@ type GenerateCSRResponse struct { func (x *GenerateCSRResponse) Reset() { *x = GenerateCSRResponse{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[23] + mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[24] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1640,7 +1764,7 @@ func (x *GenerateCSRResponse) String() string { func (*GenerateCSRResponse) ProtoMessage() {} func (x *GenerateCSRResponse) ProtoReflect() protoreflect.Message { - mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[23] + mi := &file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[24] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1653,7 +1777,7 @@ func (x *GenerateCSRResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use GenerateCSRResponse.ProtoReflect.Descriptor instead. func (*GenerateCSRResponse) Descriptor() ([]byte, []int) { - return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP(), []int{23} + return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP(), []int{24} } func (x *GenerateCSRResponse) GetCertificateSigningRequest() *CertificateSigningRequest { @@ -1812,7 +1936,7 @@ var file_github_com_openconfig_gnsi_certz_certz_proto_rawDesc = []byte{ 0x72, 0x69, 0x61, 0x6c, 0x69, 0x7a, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x48, 0x00, 0x52, 0x0a, 0x73, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x69, 0x7a, - 0x65, 0x64, 0x42, 0x08, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0xbc, 0x03, 0x0a, + 0x65, 0x64, 0x42, 0x08, 0x0a, 0x06, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, 0x86, 0x04, 0x0a, 0x06, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x6f, 0x6e, 0x18, @@ -1840,170 +1964,195 @@ var file_github_com_openconfig_gnsi_certz_certz_proto_rawDesc = []byte{ 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x48, 0x00, 0x52, 0x14, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x42, 0x08, 0x0a, 0x06, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0x42, 0x0a, 0x0d, 0x55, - 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x31, 0x0a, 0x08, - 0x65, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, - 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x45, - 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x08, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, - 0x10, 0x0a, 0x0e, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x22, 0xcf, 0x01, 0x0a, 0x19, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, - 0x32, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1e, 0x2e, + 0x79, 0x12, 0x48, 0x0a, 0x0f, 0x65, 0x78, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x5f, 0x65, 0x6e, + 0x74, 0x69, 0x74, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6e, 0x73, + 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, + 0x69, 0x6e, 0x67, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x48, 0x00, 0x52, 0x0e, 0x65, 0x78, 0x69, + 0x73, 0x74, 0x69, 0x6e, 0x67, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x42, 0x08, 0x0a, 0x06, 0x65, + 0x6e, 0x74, 0x69, 0x74, 0x79, 0x22, 0xc9, 0x02, 0x0a, 0x0e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x69, + 0x6e, 0x67, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x24, 0x0a, 0x0e, 0x73, 0x73, 0x6c, 0x5f, + 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0c, 0x73, 0x73, 0x6c, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x49, 0x64, 0x12, 0x49, + 0x0a, 0x0b, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, + 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x78, 0x69, 0x73, 0x74, 0x69, 0x6e, 0x67, 0x45, 0x6e, 0x74, 0x69, + 0x74, 0x79, 0x2e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0a, 0x65, + 0x6e, 0x74, 0x69, 0x74, 0x79, 0x54, 0x79, 0x70, 0x65, 0x22, 0xc5, 0x01, 0x0a, 0x0a, 0x45, 0x6e, + 0x74, 0x69, 0x74, 0x79, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1b, 0x0a, 0x17, 0x45, 0x4e, 0x54, 0x49, + 0x54, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, + 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x21, 0x0a, 0x1d, 0x45, 0x4e, 0x54, 0x49, 0x54, 0x59, 0x5f, + 0x54, 0x59, 0x50, 0x45, 0x5f, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, + 0x5f, 0x43, 0x48, 0x41, 0x49, 0x4e, 0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x45, 0x4e, 0x54, 0x49, + 0x54, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x54, 0x52, 0x55, 0x53, 0x54, 0x5f, 0x42, 0x55, + 0x4e, 0x44, 0x4c, 0x45, 0x10, 0x02, 0x12, 0x32, 0x0a, 0x2e, 0x45, 0x4e, 0x54, 0x49, 0x54, 0x59, + 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, + 0x45, 0x5f, 0x52, 0x45, 0x56, 0x4f, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4c, 0x49, 0x53, + 0x54, 0x5f, 0x42, 0x55, 0x4e, 0x44, 0x4c, 0x45, 0x10, 0x03, 0x12, 0x25, 0x0a, 0x21, 0x45, 0x4e, + 0x54, 0x49, 0x54, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x41, 0x55, 0x54, 0x48, 0x45, 0x4e, + 0x54, 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x10, + 0x04, 0x22, 0x42, 0x0a, 0x0d, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x12, 0x31, 0x0a, 0x08, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x01, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, + 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x08, 0x65, 0x6e, 0x74, + 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, 0x10, 0x0a, 0x0e, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xcf, 0x01, 0x0a, 0x19, 0x43, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x32, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0e, 0x32, 0x1e, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, + 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x54, + 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x3e, 0x0a, 0x08, 0x65, 0x6e, 0x63, + 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x22, 0x2e, 0x67, 0x6e, + 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x52, + 0x08, 0x65, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x3e, 0x0a, 0x1b, 0x63, 0x65, 0x72, + 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, + 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x19, + 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x69, + 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x46, 0x0a, 0x12, 0x47, 0x65, 0x6e, + 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x53, 0x52, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, + 0x30, 0x0a, 0x06, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x18, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, + 0x43, 0x53, 0x52, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x52, 0x06, 0x70, 0x61, 0x72, 0x61, 0x6d, + 0x73, 0x22, 0x7f, 0x0a, 0x13, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x53, 0x52, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x68, 0x0a, 0x1b, 0x63, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, + 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, - 0x79, 0x70, 0x65, 0x12, 0x3e, 0x0a, 0x08, 0x65, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x22, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, - 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x45, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x08, 0x65, 0x6e, 0x63, 0x6f, 0x64, - 0x69, 0x6e, 0x67, 0x12, 0x3e, 0x0a, 0x1b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x19, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x22, 0x46, 0x0a, 0x12, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, - 0x53, 0x52, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x30, 0x0a, 0x06, 0x70, 0x61, 0x72, - 0x61, 0x6d, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x67, 0x6e, 0x73, 0x69, - 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x53, 0x52, 0x50, 0x61, 0x72, - 0x61, 0x6d, 0x73, 0x52, 0x06, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x22, 0x7f, 0x0a, 0x13, 0x47, - 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x53, 0x52, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x68, 0x0a, 0x1b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x65, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, - 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x52, 0x19, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x69, - 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2a, 0xcd, 0x0a, 0x0a, - 0x08, 0x43, 0x53, 0x52, 0x53, 0x75, 0x69, 0x74, 0x65, 0x12, 0x1f, 0x0a, 0x1b, 0x43, 0x53, 0x52, - 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x43, 0x49, 0x50, 0x48, 0x45, 0x52, 0x5f, 0x55, 0x4e, 0x53, - 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x41, 0x0a, 0x3d, 0x43, 0x53, - 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, - 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x49, - 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, - 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x01, 0x12, 0x41, 0x0a, - 0x3d, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, - 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30, 0x34, 0x38, - 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, - 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x02, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x19, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x65, 0x53, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x2a, 0xcd, 0x0a, 0x0a, 0x08, 0x43, 0x53, 0x52, 0x53, 0x75, 0x69, 0x74, 0x65, 0x12, + 0x1f, 0x0a, 0x1b, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x43, 0x49, 0x50, 0x48, + 0x45, 0x52, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x41, 0x0a, 0x3d, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, - 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x35, 0x31, - 0x32, 0x10, 0x03, 0x12, 0x41, 0x0a, 0x3d, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, + 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x32, 0x35, + 0x36, 0x10, 0x01, 0x12, 0x41, 0x0a, 0x3d, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52, 0x53, - 0x41, 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, + 0x41, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, - 0x5f, 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x41, 0x0a, 0x3d, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, + 0x5f, 0x33, 0x38, 0x34, 0x10, 0x02, 0x12, 0x41, 0x0a, 0x3d, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, - 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, + 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, - 0x41, 0x5f, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x05, 0x12, 0x41, 0x0a, 0x3d, 0x43, 0x53, 0x52, + 0x41, 0x5f, 0x32, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x03, 0x12, 0x41, 0x0a, 0x3d, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, - 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x06, 0x12, 0x41, 0x0a, 0x3d, + 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x04, 0x12, 0x41, 0x0a, 0x3d, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, - 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, + 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x33, 0x30, 0x37, 0x32, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, - 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x07, 0x12, + 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x05, 0x12, 0x41, 0x0a, 0x3d, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, - 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x34, 0x30, - 0x39, 0x36, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, - 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x33, 0x38, 0x34, - 0x10, 0x08, 0x12, 0x41, 0x0a, 0x3d, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, + 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x33, 0x30, + 0x37, 0x32, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, + 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x35, 0x31, 0x32, + 0x10, 0x06, 0x12, 0x41, 0x0a, 0x3d, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, - 0x35, 0x31, 0x32, 0x10, 0x09, 0x12, 0x49, 0x0a, 0x45, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, + 0x32, 0x35, 0x36, 0x10, 0x07, 0x12, 0x41, 0x0a, 0x3d, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, - 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x52, 0x49, 0x4d, 0x45, 0x32, 0x35, 0x36, 0x56, 0x31, - 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, - 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x0a, - 0x12, 0x49, 0x0a, 0x45, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, - 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, - 0x5f, 0x50, 0x52, 0x49, 0x4d, 0x45, 0x32, 0x35, 0x36, 0x56, 0x31, 0x5f, 0x53, 0x49, 0x47, 0x4e, + 0x52, 0x53, 0x41, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, + 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, + 0x5f, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x08, 0x12, 0x41, 0x0a, 0x3d, 0x43, 0x53, 0x52, 0x53, + 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, + 0x50, 0x45, 0x5f, 0x52, 0x53, 0x41, 0x5f, 0x34, 0x30, 0x39, 0x36, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, - 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x0b, 0x12, 0x49, 0x0a, 0x45, 0x43, + 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x09, 0x12, 0x49, 0x0a, 0x45, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x52, 0x49, 0x4d, 0x45, 0x32, 0x35, 0x36, 0x56, 0x31, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, - 0x5f, 0x35, 0x31, 0x32, 0x10, 0x0c, 0x12, 0x48, 0x0a, 0x44, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, + 0x5f, 0x32, 0x35, 0x36, 0x10, 0x0a, 0x12, 0x49, 0x0a, 0x45, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, + 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, + 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x50, 0x52, 0x49, 0x4d, 0x45, 0x32, 0x35, 0x36, 0x56, + 0x31, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, + 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x10, + 0x0b, 0x12, 0x49, 0x0a, 0x45, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, + 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, + 0x41, 0x5f, 0x50, 0x52, 0x49, 0x4d, 0x45, 0x32, 0x35, 0x36, 0x56, 0x31, 0x5f, 0x53, 0x49, 0x47, + 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, + 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x0c, 0x12, 0x48, 0x0a, 0x44, + 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, + 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43, + 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, + 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, + 0x5f, 0x32, 0x35, 0x36, 0x10, 0x0d, 0x12, 0x48, 0x0a, 0x44, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, - 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x0d, + 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x0e, 0x12, 0x48, 0x0a, 0x44, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, 0x38, 0x34, 0x52, 0x31, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, - 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x0e, 0x12, 0x48, 0x0a, 0x44, 0x43, 0x53, + 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x0f, 0x12, 0x48, 0x0a, 0x44, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, - 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x33, - 0x38, 0x34, 0x52, 0x31, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, - 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x35, - 0x31, 0x32, 0x10, 0x0f, 0x12, 0x48, 0x0a, 0x44, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, + 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x35, + 0x32, 0x31, 0x52, 0x31, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, + 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x32, + 0x35, 0x36, 0x10, 0x10, 0x12, 0x48, 0x0a, 0x44, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x35, 0x32, 0x31, 0x52, 0x31, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, - 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x32, 0x35, 0x36, 0x10, 0x10, 0x12, 0x48, + 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x11, 0x12, 0x48, 0x0a, 0x44, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x35, 0x32, 0x31, 0x52, 0x31, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, - 0x5f, 0x32, 0x5f, 0x33, 0x38, 0x34, 0x10, 0x11, 0x12, 0x48, 0x0a, 0x44, 0x43, 0x53, 0x52, 0x53, + 0x5f, 0x32, 0x5f, 0x35, 0x31, 0x32, 0x10, 0x12, 0x12, 0x28, 0x0a, 0x24, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, - 0x50, 0x45, 0x5f, 0x45, 0x43, 0x44, 0x53, 0x41, 0x5f, 0x53, 0x45, 0x43, 0x50, 0x35, 0x32, 0x31, - 0x52, 0x31, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x41, 0x4c, 0x47, - 0x4f, 0x52, 0x49, 0x54, 0x48, 0x4d, 0x5f, 0x53, 0x48, 0x41, 0x5f, 0x32, 0x5f, 0x35, 0x31, 0x32, - 0x10, 0x12, 0x12, 0x28, 0x0a, 0x24, 0x43, 0x53, 0x52, 0x53, 0x55, 0x49, 0x54, 0x45, 0x5f, 0x58, - 0x35, 0x30, 0x39, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x45, 0x44, 0x44, - 0x53, 0x41, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x10, 0x13, 0x2a, 0x4e, 0x0a, 0x0f, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, - 0x20, 0x0a, 0x1c, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x5f, 0x54, - 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, - 0x00, 0x12, 0x19, 0x0a, 0x15, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, - 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, 0x10, 0x01, 0x2a, 0x95, 0x01, 0x0a, - 0x13, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x63, 0x6f, - 0x64, 0x69, 0x6e, 0x67, 0x12, 0x24, 0x0a, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, - 0x41, 0x54, 0x45, 0x5f, 0x45, 0x4e, 0x43, 0x4f, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x55, 0x4e, 0x53, - 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1c, 0x0a, 0x18, 0x43, 0x45, + 0x50, 0x45, 0x5f, 0x45, 0x44, 0x44, 0x53, 0x41, 0x5f, 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, + 0x10, 0x13, 0x2a, 0x4e, 0x0a, 0x0f, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x20, 0x0a, 0x1c, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, + 0x43, 0x41, 0x54, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, + 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x43, 0x45, 0x52, 0x54, 0x49, + 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x58, 0x35, 0x30, 0x39, + 0x10, 0x01, 0x2a, 0x95, 0x01, 0x0a, 0x13, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x65, 0x45, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x24, 0x0a, 0x20, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x5f, 0x45, 0x4e, 0x43, 0x4f, 0x44, 0x49, - 0x4e, 0x47, 0x5f, 0x50, 0x45, 0x4d, 0x10, 0x01, 0x12, 0x1c, 0x0a, 0x18, 0x43, 0x45, 0x52, 0x54, - 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x5f, 0x45, 0x4e, 0x43, 0x4f, 0x44, 0x49, 0x4e, 0x47, - 0x5f, 0x44, 0x45, 0x52, 0x10, 0x02, 0x12, 0x1c, 0x0a, 0x18, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, - 0x49, 0x43, 0x41, 0x54, 0x45, 0x5f, 0x45, 0x4e, 0x43, 0x4f, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x43, - 0x52, 0x54, 0x10, 0x03, 0x32, 0xd5, 0x03, 0x0a, 0x05, 0x43, 0x65, 0x72, 0x74, 0x7a, 0x12, 0x5f, - 0x0a, 0x06, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x12, 0x27, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, - 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x43, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x28, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, - 0x31, 0x2e, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x28, 0x01, 0x30, 0x01, 0x12, - 0x51, 0x0a, 0x0a, 0x41, 0x64, 0x64, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x20, 0x2e, - 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x64, - 0x64, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x21, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, - 0x41, 0x64, 0x64, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x5a, 0x0a, 0x0d, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x66, - 0x69, 0x6c, 0x65, 0x12, 0x23, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, - 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, - 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, - 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, - 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5d, - 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, - 0x12, 0x24, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, - 0x2e, 0x47, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, + 0x4e, 0x47, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, + 0x12, 0x1c, 0x0a, 0x18, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x5f, + 0x45, 0x4e, 0x43, 0x4f, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x50, 0x45, 0x4d, 0x10, 0x01, 0x12, 0x1c, + 0x0a, 0x18, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x5f, 0x45, 0x4e, + 0x43, 0x4f, 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x44, 0x45, 0x52, 0x10, 0x02, 0x12, 0x1c, 0x0a, 0x18, + 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x5f, 0x45, 0x4e, 0x43, 0x4f, + 0x44, 0x49, 0x4e, 0x47, 0x5f, 0x43, 0x52, 0x54, 0x10, 0x03, 0x32, 0xd5, 0x03, 0x0a, 0x05, 0x43, + 0x65, 0x72, 0x74, 0x7a, 0x12, 0x5f, 0x0a, 0x06, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x12, 0x27, + 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x52, + 0x6f, 0x74, 0x61, 0x74, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, + 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x28, 0x01, 0x30, 0x01, 0x12, 0x51, 0x0a, 0x0a, 0x41, 0x64, 0x64, 0x50, 0x72, 0x6f, 0x66, + 0x69, 0x6c, 0x65, 0x12, 0x20, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, + 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x64, 0x64, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, + 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x64, 0x64, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5a, 0x0a, 0x0d, 0x44, 0x65, 0x6c, 0x65, + 0x74, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x23, 0x2e, 0x67, 0x6e, 0x73, 0x69, + 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, + 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, + 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x44, + 0x65, 0x6c, 0x65, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5d, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, + 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x24, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, - 0x65, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5d, 0x0a, - 0x0e, 0x43, 0x61, 0x6e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x53, 0x52, 0x12, - 0x24, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, - 0x43, 0x61, 0x6e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x53, 0x52, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, + 0x65, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x67, + 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, + 0x50, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x12, 0x5d, 0x0a, 0x0e, 0x43, 0x61, 0x6e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, + 0x74, 0x65, 0x43, 0x53, 0x52, 0x12, 0x24, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x61, 0x6e, 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, - 0x65, 0x43, 0x53, 0x52, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x21, 0x5a, 0x1f, - 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x63, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x67, 0x6e, 0x73, 0x69, 0x2f, 0x63, 0x65, 0x72, 0x74, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x65, 0x43, 0x53, 0x52, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x25, 0x2e, 0x67, 0x6e, + 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x61, 0x6e, 0x47, + 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x65, 0x43, 0x53, 0x52, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x42, 0x21, 0x5a, 0x1f, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x67, 0x6e, 0x73, 0x69, + 0x2f, 0x63, 0x65, 0x72, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -2018,79 +2167,83 @@ func file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP() []byte { return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescData } -var file_github_com_openconfig_gnsi_certz_certz_proto_enumTypes = make([]protoimpl.EnumInfo, 3) -var file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes = make([]protoimpl.MessageInfo, 24) +var file_github_com_openconfig_gnsi_certz_certz_proto_enumTypes = make([]protoimpl.EnumInfo, 4) +var file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes = make([]protoimpl.MessageInfo, 25) var file_github_com_openconfig_gnsi_certz_certz_proto_goTypes = []interface{}{ (CSRSuite)(0), // 0: gnsi.certz.v1.CSRSuite (CertificateType)(0), // 1: gnsi.certz.v1.CertificateType (CertificateEncoding)(0), // 2: gnsi.certz.v1.CertificateEncoding - (*RotateCertificateRequest)(nil), // 3: gnsi.certz.v1.RotateCertificateRequest - (*RotateCertificateResponse)(nil), // 4: gnsi.certz.v1.RotateCertificateResponse - (*FinalizeRequest)(nil), // 5: gnsi.certz.v1.FinalizeRequest - (*AddProfileRequest)(nil), // 6: gnsi.certz.v1.AddProfileRequest - (*AddProfileResponse)(nil), // 7: gnsi.certz.v1.AddProfileResponse - (*DeleteProfileRequest)(nil), // 8: gnsi.certz.v1.DeleteProfileRequest - (*DeleteProfileResponse)(nil), // 9: gnsi.certz.v1.DeleteProfileResponse - (*GetProfileListRequest)(nil), // 10: gnsi.certz.v1.GetProfileListRequest - (*GetProfileListResponse)(nil), // 11: gnsi.certz.v1.GetProfileListResponse - (*V3ExtensionSAN)(nil), // 12: gnsi.certz.v1.V3ExtensionSAN - (*CSRParams)(nil), // 13: gnsi.certz.v1.CSRParams - (*CanGenerateCSRRequest)(nil), // 14: gnsi.certz.v1.CanGenerateCSRRequest - (*CanGenerateCSRResponse)(nil), // 15: gnsi.certz.v1.CanGenerateCSRResponse - (*CertificateChain)(nil), // 16: gnsi.certz.v1.CertificateChain - (*Certificate)(nil), // 17: gnsi.certz.v1.Certificate - (*CertificateRevocationList)(nil), // 18: gnsi.certz.v1.CertificateRevocationList - (*CertificateRevocationListBundle)(nil), // 19: gnsi.certz.v1.CertificateRevocationListBundle - (*AuthenticationPolicy)(nil), // 20: gnsi.certz.v1.AuthenticationPolicy - (*Entity)(nil), // 21: gnsi.certz.v1.Entity - (*UploadRequest)(nil), // 22: gnsi.certz.v1.UploadRequest - (*UploadResponse)(nil), // 23: gnsi.certz.v1.UploadResponse - (*CertificateSigningRequest)(nil), // 24: gnsi.certz.v1.CertificateSigningRequest - (*GenerateCSRRequest)(nil), // 25: gnsi.certz.v1.GenerateCSRRequest - (*GenerateCSRResponse)(nil), // 26: gnsi.certz.v1.GenerateCSRResponse - (*anypb.Any)(nil), // 27: google.protobuf.Any + (ExistingEntity_EntityType)(0), // 3: gnsi.certz.v1.ExistingEntity.EntityType + (*RotateCertificateRequest)(nil), // 4: gnsi.certz.v1.RotateCertificateRequest + (*RotateCertificateResponse)(nil), // 5: gnsi.certz.v1.RotateCertificateResponse + (*FinalizeRequest)(nil), // 6: gnsi.certz.v1.FinalizeRequest + (*AddProfileRequest)(nil), // 7: gnsi.certz.v1.AddProfileRequest + (*AddProfileResponse)(nil), // 8: gnsi.certz.v1.AddProfileResponse + (*DeleteProfileRequest)(nil), // 9: gnsi.certz.v1.DeleteProfileRequest + (*DeleteProfileResponse)(nil), // 10: gnsi.certz.v1.DeleteProfileResponse + (*GetProfileListRequest)(nil), // 11: gnsi.certz.v1.GetProfileListRequest + (*GetProfileListResponse)(nil), // 12: gnsi.certz.v1.GetProfileListResponse + (*V3ExtensionSAN)(nil), // 13: gnsi.certz.v1.V3ExtensionSAN + (*CSRParams)(nil), // 14: gnsi.certz.v1.CSRParams + (*CanGenerateCSRRequest)(nil), // 15: gnsi.certz.v1.CanGenerateCSRRequest + (*CanGenerateCSRResponse)(nil), // 16: gnsi.certz.v1.CanGenerateCSRResponse + (*CertificateChain)(nil), // 17: gnsi.certz.v1.CertificateChain + (*Certificate)(nil), // 18: gnsi.certz.v1.Certificate + (*CertificateRevocationList)(nil), // 19: gnsi.certz.v1.CertificateRevocationList + (*CertificateRevocationListBundle)(nil), // 20: gnsi.certz.v1.CertificateRevocationListBundle + (*AuthenticationPolicy)(nil), // 21: gnsi.certz.v1.AuthenticationPolicy + (*Entity)(nil), // 22: gnsi.certz.v1.Entity + (*ExistingEntity)(nil), // 23: gnsi.certz.v1.ExistingEntity + (*UploadRequest)(nil), // 24: gnsi.certz.v1.UploadRequest + (*UploadResponse)(nil), // 25: gnsi.certz.v1.UploadResponse + (*CertificateSigningRequest)(nil), // 26: gnsi.certz.v1.CertificateSigningRequest + (*GenerateCSRRequest)(nil), // 27: gnsi.certz.v1.GenerateCSRRequest + (*GenerateCSRResponse)(nil), // 28: gnsi.certz.v1.GenerateCSRResponse + (*anypb.Any)(nil), // 29: google.protobuf.Any } var file_github_com_openconfig_gnsi_certz_certz_proto_depIdxs = []int32{ - 25, // 0: gnsi.certz.v1.RotateCertificateRequest.generate_csr:type_name -> gnsi.certz.v1.GenerateCSRRequest - 22, // 1: gnsi.certz.v1.RotateCertificateRequest.certificates:type_name -> gnsi.certz.v1.UploadRequest - 5, // 2: gnsi.certz.v1.RotateCertificateRequest.finalize_rotation:type_name -> gnsi.certz.v1.FinalizeRequest - 26, // 3: gnsi.certz.v1.RotateCertificateResponse.generated_csr:type_name -> gnsi.certz.v1.GenerateCSRResponse - 23, // 4: gnsi.certz.v1.RotateCertificateResponse.certificates:type_name -> gnsi.certz.v1.UploadResponse + 27, // 0: gnsi.certz.v1.RotateCertificateRequest.generate_csr:type_name -> gnsi.certz.v1.GenerateCSRRequest + 24, // 1: gnsi.certz.v1.RotateCertificateRequest.certificates:type_name -> gnsi.certz.v1.UploadRequest + 6, // 2: gnsi.certz.v1.RotateCertificateRequest.finalize_rotation:type_name -> gnsi.certz.v1.FinalizeRequest + 28, // 3: gnsi.certz.v1.RotateCertificateResponse.generated_csr:type_name -> gnsi.certz.v1.GenerateCSRResponse + 25, // 4: gnsi.certz.v1.RotateCertificateResponse.certificates:type_name -> gnsi.certz.v1.UploadResponse 0, // 5: gnsi.certz.v1.CSRParams.csr_suite:type_name -> gnsi.certz.v1.CSRSuite - 12, // 6: gnsi.certz.v1.CSRParams.san:type_name -> gnsi.certz.v1.V3ExtensionSAN - 13, // 7: gnsi.certz.v1.CanGenerateCSRRequest.params:type_name -> gnsi.certz.v1.CSRParams - 17, // 8: gnsi.certz.v1.CertificateChain.certificate:type_name -> gnsi.certz.v1.Certificate - 16, // 9: gnsi.certz.v1.CertificateChain.parent:type_name -> gnsi.certz.v1.CertificateChain + 13, // 6: gnsi.certz.v1.CSRParams.san:type_name -> gnsi.certz.v1.V3ExtensionSAN + 14, // 7: gnsi.certz.v1.CanGenerateCSRRequest.params:type_name -> gnsi.certz.v1.CSRParams + 18, // 8: gnsi.certz.v1.CertificateChain.certificate:type_name -> gnsi.certz.v1.Certificate + 17, // 9: gnsi.certz.v1.CertificateChain.parent:type_name -> gnsi.certz.v1.CertificateChain 1, // 10: gnsi.certz.v1.Certificate.type:type_name -> gnsi.certz.v1.CertificateType 2, // 11: gnsi.certz.v1.Certificate.encoding:type_name -> gnsi.certz.v1.CertificateEncoding 1, // 12: gnsi.certz.v1.CertificateRevocationList.type:type_name -> gnsi.certz.v1.CertificateType 2, // 13: gnsi.certz.v1.CertificateRevocationList.encoding:type_name -> gnsi.certz.v1.CertificateEncoding - 18, // 14: gnsi.certz.v1.CertificateRevocationListBundle.certificate_revocation_lists:type_name -> gnsi.certz.v1.CertificateRevocationList - 27, // 15: gnsi.certz.v1.AuthenticationPolicy.serialized:type_name -> google.protobuf.Any - 16, // 16: gnsi.certz.v1.Entity.certificate_chain:type_name -> gnsi.certz.v1.CertificateChain - 16, // 17: gnsi.certz.v1.Entity.trust_bundle:type_name -> gnsi.certz.v1.CertificateChain - 19, // 18: gnsi.certz.v1.Entity.certificate_revocation_list_bundle:type_name -> gnsi.certz.v1.CertificateRevocationListBundle - 20, // 19: gnsi.certz.v1.Entity.authentication_policy:type_name -> gnsi.certz.v1.AuthenticationPolicy - 21, // 20: gnsi.certz.v1.UploadRequest.entities:type_name -> gnsi.certz.v1.Entity - 1, // 21: gnsi.certz.v1.CertificateSigningRequest.type:type_name -> gnsi.certz.v1.CertificateType - 2, // 22: gnsi.certz.v1.CertificateSigningRequest.encoding:type_name -> gnsi.certz.v1.CertificateEncoding - 13, // 23: gnsi.certz.v1.GenerateCSRRequest.params:type_name -> gnsi.certz.v1.CSRParams - 24, // 24: gnsi.certz.v1.GenerateCSRResponse.certificate_signing_request:type_name -> gnsi.certz.v1.CertificateSigningRequest - 3, // 25: gnsi.certz.v1.Certz.Rotate:input_type -> gnsi.certz.v1.RotateCertificateRequest - 6, // 26: gnsi.certz.v1.Certz.AddProfile:input_type -> gnsi.certz.v1.AddProfileRequest - 8, // 27: gnsi.certz.v1.Certz.DeleteProfile:input_type -> gnsi.certz.v1.DeleteProfileRequest - 10, // 28: gnsi.certz.v1.Certz.GetProfileList:input_type -> gnsi.certz.v1.GetProfileListRequest - 14, // 29: gnsi.certz.v1.Certz.CanGenerateCSR:input_type -> gnsi.certz.v1.CanGenerateCSRRequest - 4, // 30: gnsi.certz.v1.Certz.Rotate:output_type -> gnsi.certz.v1.RotateCertificateResponse - 7, // 31: gnsi.certz.v1.Certz.AddProfile:output_type -> gnsi.certz.v1.AddProfileResponse - 9, // 32: gnsi.certz.v1.Certz.DeleteProfile:output_type -> gnsi.certz.v1.DeleteProfileResponse - 11, // 33: gnsi.certz.v1.Certz.GetProfileList:output_type -> gnsi.certz.v1.GetProfileListResponse - 15, // 34: gnsi.certz.v1.Certz.CanGenerateCSR:output_type -> gnsi.certz.v1.CanGenerateCSRResponse - 30, // [30:35] is the sub-list for method output_type - 25, // [25:30] is the sub-list for method input_type - 25, // [25:25] is the sub-list for extension type_name - 25, // [25:25] is the sub-list for extension extendee - 0, // [0:25] is the sub-list for field type_name + 19, // 14: gnsi.certz.v1.CertificateRevocationListBundle.certificate_revocation_lists:type_name -> gnsi.certz.v1.CertificateRevocationList + 29, // 15: gnsi.certz.v1.AuthenticationPolicy.serialized:type_name -> google.protobuf.Any + 17, // 16: gnsi.certz.v1.Entity.certificate_chain:type_name -> gnsi.certz.v1.CertificateChain + 17, // 17: gnsi.certz.v1.Entity.trust_bundle:type_name -> gnsi.certz.v1.CertificateChain + 20, // 18: gnsi.certz.v1.Entity.certificate_revocation_list_bundle:type_name -> gnsi.certz.v1.CertificateRevocationListBundle + 21, // 19: gnsi.certz.v1.Entity.authentication_policy:type_name -> gnsi.certz.v1.AuthenticationPolicy + 23, // 20: gnsi.certz.v1.Entity.existing_entity:type_name -> gnsi.certz.v1.ExistingEntity + 3, // 21: gnsi.certz.v1.ExistingEntity.entity_type:type_name -> gnsi.certz.v1.ExistingEntity.EntityType + 22, // 22: gnsi.certz.v1.UploadRequest.entities:type_name -> gnsi.certz.v1.Entity + 1, // 23: gnsi.certz.v1.CertificateSigningRequest.type:type_name -> gnsi.certz.v1.CertificateType + 2, // 24: gnsi.certz.v1.CertificateSigningRequest.encoding:type_name -> gnsi.certz.v1.CertificateEncoding + 14, // 25: gnsi.certz.v1.GenerateCSRRequest.params:type_name -> gnsi.certz.v1.CSRParams + 26, // 26: gnsi.certz.v1.GenerateCSRResponse.certificate_signing_request:type_name -> gnsi.certz.v1.CertificateSigningRequest + 4, // 27: gnsi.certz.v1.Certz.Rotate:input_type -> gnsi.certz.v1.RotateCertificateRequest + 7, // 28: gnsi.certz.v1.Certz.AddProfile:input_type -> gnsi.certz.v1.AddProfileRequest + 9, // 29: gnsi.certz.v1.Certz.DeleteProfile:input_type -> gnsi.certz.v1.DeleteProfileRequest + 11, // 30: gnsi.certz.v1.Certz.GetProfileList:input_type -> gnsi.certz.v1.GetProfileListRequest + 15, // 31: gnsi.certz.v1.Certz.CanGenerateCSR:input_type -> gnsi.certz.v1.CanGenerateCSRRequest + 5, // 32: gnsi.certz.v1.Certz.Rotate:output_type -> gnsi.certz.v1.RotateCertificateResponse + 8, // 33: gnsi.certz.v1.Certz.AddProfile:output_type -> gnsi.certz.v1.AddProfileResponse + 10, // 34: gnsi.certz.v1.Certz.DeleteProfile:output_type -> gnsi.certz.v1.DeleteProfileResponse + 12, // 35: gnsi.certz.v1.Certz.GetProfileList:output_type -> gnsi.certz.v1.GetProfileListResponse + 16, // 36: gnsi.certz.v1.Certz.CanGenerateCSR:output_type -> gnsi.certz.v1.CanGenerateCSRResponse + 32, // [32:37] is the sub-list for method output_type + 27, // [27:32] is the sub-list for method input_type + 27, // [27:27] is the sub-list for extension type_name + 27, // [27:27] is the sub-list for extension extendee + 0, // [0:27] is the sub-list for field type_name } func init() { file_github_com_openconfig_gnsi_certz_certz_proto_init() } @@ -2328,7 +2481,7 @@ func file_github_com_openconfig_gnsi_certz_certz_proto_init() { } } file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UploadRequest); i { + switch v := v.(*ExistingEntity); i { case 0: return &v.state case 1: @@ -2340,7 +2493,7 @@ func file_github_com_openconfig_gnsi_certz_certz_proto_init() { } } file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*UploadResponse); i { + switch v := v.(*UploadRequest); i { case 0: return &v.state case 1: @@ -2352,7 +2505,7 @@ func file_github_com_openconfig_gnsi_certz_certz_proto_init() { } } file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CertificateSigningRequest); i { + switch v := v.(*UploadResponse); i { case 0: return &v.state case 1: @@ -2364,7 +2517,7 @@ func file_github_com_openconfig_gnsi_certz_certz_proto_init() { } } file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*GenerateCSRRequest); i { + switch v := v.(*CertificateSigningRequest); i { case 0: return &v.state case 1: @@ -2376,6 +2529,18 @@ func file_github_com_openconfig_gnsi_certz_certz_proto_init() { } } file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*GenerateCSRRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*GenerateCSRResponse); i { case 0: return &v.state @@ -2405,14 +2570,15 @@ func file_github_com_openconfig_gnsi_certz_certz_proto_init() { (*Entity_TrustBundle)(nil), (*Entity_CertificateRevocationListBundle)(nil), (*Entity_AuthenticationPolicy)(nil), + (*Entity_ExistingEntity)(nil), } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_github_com_openconfig_gnsi_certz_certz_proto_rawDesc, - NumEnums: 3, - NumMessages: 24, + NumEnums: 4, + NumMessages: 25, NumExtensions: 0, NumServices: 1, }, diff --git a/certz/certz.proto b/certz/certz.proto index d2cd7e9..92d122e 100644 --- a/certz/certz.proto +++ b/certz/certz.proto @@ -516,9 +516,27 @@ message Entity { CertificateChain trust_bundle = 4; CertificateRevocationListBundle certificate_revocation_list_bundle = 5; AuthenticationPolicy authentication_policy = 6; + ExistingEntity existing_entity = 7; } } +// ExistingEntity is used to use artifacts provided by another SSL policy. +// This operation will copy the entity from the provided policy and entity +// type into the policy defined in the Rotate Request. +// If the ssl profile doesn't exist an error will be returned. +message ExistingEntity { + enum EntityType { + ENTITY_TYPE_UNSPECIFIED = 0; + ENTITY_TYPE_CERTIFICATE_CHAIN = 1; + ENTITY_TYPE_TRUST_BUNDLE = 2; + ENTITY_TYPE_CERTIFICATE_REVOCATION_LIST_BUNDLE = 3; + ENTITY_TYPE_AUTHENTICATION_POLICY = 4; + } + + string ssl_profile_id = 1; + EntityType entity_type = 2; +} + // UploadRequest instructs the target to store the given entities (certificate, // and/or trust bundle and certificate revocation list bundle). // From cfdd2d9728192ac6f4dc6eb5e0a58bacde8c1146 Mon Sep 17 00:00:00 2001 From: Brian Neville <29639579+brianneville@users.noreply.github.com> Date: Wed, 6 Mar 2024 15:37:06 +0000 Subject: [PATCH 04/13] gnsi/pathz: clarify rotation behaviour for ongoing gNMI subscriptions (#143) * gnsi/pathz: clarify pathz interaction with gNMI subscriptions * gnsi/pathz: fix lint issue in index.md --- pathz/index.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pathz/index.md b/pathz/index.md index a1805ac..4265f1b 100644 --- a/pathz/index.md +++ b/pathz/index.md @@ -91,6 +91,13 @@ out the action. If the stream is disconnected prior to the Finalize message being sent, the proposed configuration is rolled back automatically. +### AuthorizationPolicy rotation and gNMI subscriptions + +When the pathz policy is rotated, ongoing gNMI subscriptions will be dropped. + +This forces gNMI clients to reconnect and ensures that all gNMI subscriptions +are proceeding using the most recent pathz policy. + ## Open Questions/Considerations None to date. From 0e73fed0f01ee55f3b558abc0fdc6a1df015359b Mon Sep 17 00:00:00 2001 From: Niranjan Mahabaleshwar <109181518+nmahabaleshwar@users.noreply.github.com> Date: Fri, 23 Feb 2024 15:37:09 -0800 Subject: [PATCH 05/13] Provide clarification on the field component_name --- acctz/acctz.proto | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/acctz/acctz.proto b/acctz/acctz.proto index 06df42a..59b1074 100644 --- a/acctz/acctz.proto +++ b/acctz/acctz.proto @@ -324,7 +324,14 @@ message RecordResponse { // accomplish the request on the system. repeated string task_ids = 7; - // Name of the component where the accounting record originated from + // Name of the component in a vendor system configuration where the accounting + // record originated from. This helps to indentify the source of the accouting + // record when multiple components can generate them. This is how the + // component is identified in the components hierarchy in the + // openconfig-platform model. + // For reference: /components/component[name="chassis0"] + // Eg: component_name = "linecard0" + // component_name = "chassis0" string component_name = 8; } From 7349d99c424b3b14203520b23dcd5bf8645cceef Mon Sep 17 00:00:00 2001 From: Brian Neville <29639579+brianneville@users.noreply.github.com> Date: Wed, 6 Mar 2024 18:51:10 +0000 Subject: [PATCH 06/13] acctz: update GrpcService payload field (#169) Udpate the payload field to be a string value. This is used instead of google.protobuf.Any as google.protobuf.Any cannot be unmarshalled into a known proto message type if it is truncated (as google.protobuf.Any is encoded). Also add a comment specifying that this value may be partially redacted in the case where we want to avoid leaking sensitive information from the device (such as private keys rotated via gNSI Certz or gNSI Credentialz). --- acctz/acctz.pb.go | 224 ++++++++++++++++++++++++++---------------- acctz/acctz.proto | 22 ++++- version/version.pb.go | 2 +- version/version.proto | 2 +- 4 files changed, 161 insertions(+), 89 deletions(-) diff --git a/acctz/acctz.pb.go b/acctz/acctz.pb.go index 3830e07..1a547dd 100755 --- a/acctz/acctz.pb.go +++ b/acctz/acctz.pb.go @@ -760,11 +760,16 @@ type GrpcService struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - ServiceType GrpcService_GrpcServiceType `protobuf:"varint,1,opt,name=service_type,json=serviceType,proto3,enum=gnsi.acctz.v1.GrpcService_GrpcServiceType" json:"service_type,omitempty"` - RpcName string `protobuf:"bytes,2,opt,name=rpc_name,json=rpcName,proto3" json:"rpc_name,omitempty"` - Payloads []*anypb.Any `protobuf:"bytes,3,rep,name=payloads,proto3" json:"payloads,omitempty"` - PayloadIstruncated bool `protobuf:"varint,5,opt,name=payload_istruncated,json=payloadIstruncated,proto3" json:"payload_istruncated,omitempty"` - Authz *AuthzDetail `protobuf:"bytes,6,opt,name=authz,proto3" json:"authz,omitempty"` + ServiceType GrpcService_GrpcServiceType `protobuf:"varint,1,opt,name=service_type,json=serviceType,proto3,enum=gnsi.acctz.v1.GrpcService_GrpcServiceType" json:"service_type,omitempty"` + RpcName string `protobuf:"bytes,2,opt,name=rpc_name,json=rpcName,proto3" json:"rpc_name,omitempty"` + // Deprecated: Marked as deprecated in github.com/openconfig/gnsi/acctz/acctz.proto. + Payloads []*anypb.Any `protobuf:"bytes,3,rep,name=payloads,proto3" json:"payloads,omitempty"` + PayloadIstruncated bool `protobuf:"varint,5,opt,name=payload_istruncated,json=payloadIstruncated,proto3" json:"payload_istruncated,omitempty"` + Authz *AuthzDetail `protobuf:"bytes,6,opt,name=authz,proto3" json:"authz,omitempty"` + // Types that are assignable to Payload: + // *GrpcService_ProtoVal + // *GrpcService_StringVal + Payload isGrpcService_Payload `protobuf_oneof:"payload"` } func (x *GrpcService) Reset() { @@ -813,6 +818,7 @@ func (x *GrpcService) GetRpcName() string { return "" } +// Deprecated: Marked as deprecated in github.com/openconfig/gnsi/acctz/acctz.proto. func (x *GrpcService) GetPayloads() []*anypb.Any { if x != nil { return x.Payloads @@ -834,6 +840,43 @@ func (x *GrpcService) GetAuthz() *AuthzDetail { return nil } +func (m *GrpcService) GetPayload() isGrpcService_Payload { + if m != nil { + return m.Payload + } + return nil +} + +func (x *GrpcService) GetProtoVal() *anypb.Any { + if x, ok := x.GetPayload().(*GrpcService_ProtoVal); ok { + return x.ProtoVal + } + return nil +} + +func (x *GrpcService) GetStringVal() string { + if x, ok := x.GetPayload().(*GrpcService_StringVal); ok { + return x.StringVal + } + return "" +} + +type isGrpcService_Payload interface { + isGrpcService_Payload() +} + +type GrpcService_ProtoVal struct { + ProtoVal *anypb.Any `protobuf:"bytes,7,opt,name=proto_val,json=protoVal,proto3,oneof"` +} + +type GrpcService_StringVal struct { + StringVal string `protobuf:"bytes,8,opt,name=string_val,json=stringVal,proto3,oneof"` +} + +func (*GrpcService_ProtoVal) isGrpcService_Payload() {} + +func (*GrpcService_StringVal) isGrpcService_Payload() {} + type RecordResponse struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1132,7 +1175,7 @@ var file_github_com_openconfig_gnsi_acctz_acctz_proto_rawDesc = []byte{ 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x52, 0x45, 0x53, 0x54, 0x43, 0x4f, 0x4e, 0x46, 0x10, 0x04, 0x12, 0x1c, 0x0a, 0x18, 0x43, 0x4d, 0x44, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x4e, - 0x45, 0x54, 0x43, 0x4f, 0x4e, 0x46, 0x10, 0x05, 0x22, 0xd0, 0x03, 0x0a, 0x0b, 0x47, 0x72, 0x70, + 0x45, 0x54, 0x43, 0x4f, 0x4e, 0x46, 0x10, 0x05, 0x22, 0xb5, 0x04, 0x0a, 0x0b, 0x47, 0x72, 0x70, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x4d, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x63, 0x63, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x47, @@ -1140,73 +1183,79 @@ var file_github_com_openconfig_gnsi_acctz_acctz_proto_rawDesc = []byte{ 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x72, 0x70, 0x63, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72, 0x70, 0x63, 0x4e, 0x61, - 0x6d, 0x65, 0x12, 0x30, 0x0a, 0x08, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x18, 0x03, + 0x6d, 0x65, 0x12, 0x34, 0x0a, 0x08, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x08, 0x70, 0x61, 0x79, 0x6c, - 0x6f, 0x61, 0x64, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x5f, - 0x69, 0x73, 0x74, 0x72, 0x75, 0x6e, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x12, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x49, 0x73, 0x74, 0x72, 0x75, 0x6e, - 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x30, 0x0a, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x18, 0x06, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x63, 0x63, 0x74, - 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x44, 0x65, 0x74, 0x61, 0x69, 0x6c, - 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x22, 0xc1, 0x01, 0x0a, 0x0f, 0x47, 0x72, 0x70, 0x63, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x21, 0x0a, 0x1d, 0x47, - 0x52, 0x50, 0x43, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, - 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1a, - 0x0a, 0x16, 0x47, 0x52, 0x50, 0x43, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x54, - 0x59, 0x50, 0x45, 0x5f, 0x47, 0x4e, 0x4d, 0x49, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x47, 0x52, - 0x50, 0x43, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, - 0x47, 0x4e, 0x4f, 0x49, 0x10, 0x02, 0x12, 0x1a, 0x0a, 0x16, 0x47, 0x52, 0x50, 0x43, 0x5f, 0x53, - 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x4e, 0x53, 0x49, - 0x10, 0x03, 0x12, 0x1b, 0x0a, 0x17, 0x47, 0x52, 0x50, 0x43, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, - 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x52, 0x49, 0x42, 0x49, 0x10, 0x04, 0x12, - 0x1a, 0x0a, 0x16, 0x47, 0x52, 0x50, 0x43, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, - 0x54, 0x59, 0x50, 0x45, 0x5f, 0x50, 0x34, 0x52, 0x54, 0x10, 0x05, 0x22, 0x92, 0x03, 0x0a, 0x0e, - 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3d, - 0x0a, 0x0c, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x63, 0x63, 0x74, - 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, - 0x52, 0x0b, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x38, 0x0a, - 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, - 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x2f, 0x0a, 0x13, 0x68, 0x69, 0x73, 0x74, 0x6f, - 0x72, 0x79, 0x5f, 0x69, 0x73, 0x74, 0x72, 0x75, 0x6e, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x68, 0x69, 0x73, 0x74, 0x6f, 0x72, 0x79, 0x49, 0x73, 0x74, - 0x72, 0x75, 0x6e, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x40, 0x0a, 0x0b, 0x63, 0x6d, 0x64, 0x5f, - 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, - 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x63, 0x63, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x6f, - 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, 0x00, 0x52, 0x0a, - 0x63, 0x6d, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x3f, 0x0a, 0x0c, 0x67, 0x72, - 0x70, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1a, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x63, 0x63, 0x74, 0x7a, 0x2e, 0x76, 0x31, - 0x2e, 0x47, 0x72, 0x70, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, 0x00, 0x52, 0x0b, - 0x67, 0x72, 0x70, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x74, - 0x61, 0x73, 0x6b, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x74, - 0x61, 0x73, 0x6b, 0x49, 0x64, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, - 0x65, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, - 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x42, 0x11, 0x0a, - 0x0f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x22, 0x49, 0x0a, 0x0d, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, - 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x32, 0x5b, 0x0a, 0x05, 0x41, - 0x63, 0x63, 0x74, 0x7a, 0x12, 0x52, 0x0a, 0x0f, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x53, 0x75, - 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x12, 0x1c, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, - 0x63, 0x63, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x63, 0x63, - 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x28, 0x01, 0x30, 0x01, 0x32, 0x5f, 0x0a, 0x0b, 0x41, 0x63, 0x63, 0x74, - 0x7a, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x50, 0x0a, 0x0f, 0x52, 0x65, 0x63, 0x6f, 0x72, - 0x64, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x12, 0x1c, 0x2e, 0x67, 0x6e, 0x73, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x42, 0x02, 0x18, 0x01, 0x52, 0x08, + 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x70, 0x61, 0x79, 0x6c, + 0x6f, 0x61, 0x64, 0x5f, 0x69, 0x73, 0x74, 0x72, 0x75, 0x6e, 0x63, 0x61, 0x74, 0x65, 0x64, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, 0x49, 0x73, + 0x74, 0x72, 0x75, 0x6e, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x30, 0x0a, 0x05, 0x61, 0x75, 0x74, + 0x68, 0x7a, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, + 0x61, 0x63, 0x63, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x7a, 0x44, 0x65, + 0x74, 0x61, 0x69, 0x6c, 0x52, 0x05, 0x61, 0x75, 0x74, 0x68, 0x7a, 0x12, 0x33, 0x0a, 0x09, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x41, 0x6e, 0x79, 0x48, 0x00, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x56, 0x61, 0x6c, + 0x12, 0x1f, 0x0a, 0x0a, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x76, 0x61, 0x6c, 0x18, 0x08, + 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x09, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x56, 0x61, + 0x6c, 0x22, 0xc1, 0x01, 0x0a, 0x0f, 0x47, 0x72, 0x70, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x21, 0x0a, 0x1d, 0x47, 0x52, 0x50, 0x43, 0x5f, 0x53, 0x45, + 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, + 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x47, 0x52, 0x50, 0x43, + 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x4e, + 0x4d, 0x49, 0x10, 0x01, 0x12, 0x1a, 0x0a, 0x16, 0x47, 0x52, 0x50, 0x43, 0x5f, 0x53, 0x45, 0x52, + 0x56, 0x49, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x4e, 0x4f, 0x49, 0x10, 0x02, + 0x12, 0x1a, 0x0a, 0x16, 0x47, 0x52, 0x50, 0x43, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, + 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x47, 0x4e, 0x53, 0x49, 0x10, 0x03, 0x12, 0x1b, 0x0a, 0x17, + 0x47, 0x52, 0x50, 0x43, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, + 0x45, 0x5f, 0x47, 0x52, 0x49, 0x42, 0x49, 0x10, 0x04, 0x12, 0x1a, 0x0a, 0x16, 0x47, 0x52, 0x50, + 0x43, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x50, + 0x34, 0x52, 0x54, 0x10, 0x05, 0x42, 0x09, 0x0a, 0x07, 0x70, 0x61, 0x79, 0x6c, 0x6f, 0x61, 0x64, + 0x22, 0x92, 0x03, 0x0a, 0x0e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x12, 0x3d, 0x0a, 0x0c, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, + 0x6e, 0x66, 0x6f, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6e, 0x73, 0x69, + 0x2e, 0x61, 0x63, 0x63, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, + 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0b, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x6e, + 0x66, 0x6f, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, + 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x2f, 0x0a, 0x13, + 0x68, 0x69, 0x73, 0x74, 0x6f, 0x72, 0x79, 0x5f, 0x69, 0x73, 0x74, 0x72, 0x75, 0x6e, 0x63, 0x61, + 0x74, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x68, 0x69, 0x73, 0x74, 0x6f, + 0x72, 0x79, 0x49, 0x73, 0x74, 0x72, 0x75, 0x6e, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x40, 0x0a, + 0x0b, 0x63, 0x6d, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x63, 0x63, 0x74, 0x7a, 0x2e, + 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x48, 0x00, 0x52, 0x0a, 0x63, 0x6d, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, + 0x3f, 0x0a, 0x0c, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x63, 0x63, + 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x72, 0x70, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x48, 0x00, 0x52, 0x0b, 0x67, 0x72, 0x70, 0x63, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x12, 0x19, 0x0a, 0x08, 0x74, 0x61, 0x73, 0x6b, 0x5f, 0x69, 0x64, 0x73, 0x18, 0x07, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x07, 0x74, 0x61, 0x73, 0x6b, 0x49, 0x64, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x63, + 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0d, 0x63, 0x6f, 0x6d, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x4e, 0x61, + 0x6d, 0x65, 0x42, 0x11, 0x0a, 0x0f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x72, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x49, 0x0a, 0x0d, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, + 0x61, 0x6d, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, + 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, + 0x32, 0x5b, 0x0a, 0x05, 0x41, 0x63, 0x63, 0x74, 0x7a, 0x12, 0x52, 0x0a, 0x0f, 0x52, 0x65, 0x63, + 0x6f, 0x72, 0x64, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x12, 0x1c, 0x2e, 0x67, + 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x63, 0x63, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x63, + 0x6f, 0x72, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x63, 0x63, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x63, 0x6f, 0x72, - 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, - 0x61, 0x63, 0x63, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x42, 0x22, 0x5a, 0x20, 0x67, 0x69, 0x74, - 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x63, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x2f, 0x67, 0x6e, 0x73, 0x69, 0x2f, 0x61, 0x63, 0x63, 0x74, 0x7a, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x28, 0x01, 0x30, 0x01, 0x32, 0x5f, 0x0a, + 0x0b, 0x41, 0x63, 0x63, 0x74, 0x7a, 0x53, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x12, 0x50, 0x0a, 0x0f, + 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x12, + 0x1c, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x63, 0x63, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, + 0x52, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, + 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x61, 0x63, 0x63, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, + 0x63, 0x6f, 0x72, 0x64, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x30, 0x01, 0x42, 0x22, + 0x5a, 0x20, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, + 0x6e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x67, 0x6e, 0x73, 0x69, 0x2f, 0x61, 0x63, 0x63, + 0x74, 0x7a, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1253,20 +1302,21 @@ var file_github_com_openconfig_gnsi_acctz_acctz_proto_depIdxs = []int32{ 5, // 8: gnsi.acctz.v1.GrpcService.service_type:type_name -> gnsi.acctz.v1.GrpcService.GrpcServiceType 14, // 9: gnsi.acctz.v1.GrpcService.payloads:type_name -> google.protobuf.Any 9, // 10: gnsi.acctz.v1.GrpcService.authz:type_name -> gnsi.acctz.v1.AuthzDetail - 6, // 11: gnsi.acctz.v1.RecordResponse.session_info:type_name -> gnsi.acctz.v1.SessionInfo - 15, // 12: gnsi.acctz.v1.RecordResponse.timestamp:type_name -> google.protobuf.Timestamp - 10, // 13: gnsi.acctz.v1.RecordResponse.cmd_service:type_name -> gnsi.acctz.v1.CommandService - 11, // 14: gnsi.acctz.v1.RecordResponse.grpc_service:type_name -> gnsi.acctz.v1.GrpcService - 15, // 15: gnsi.acctz.v1.RecordRequest.timestamp:type_name -> google.protobuf.Timestamp - 13, // 16: gnsi.acctz.v1.Acctz.RecordSubscribe:input_type -> gnsi.acctz.v1.RecordRequest - 13, // 17: gnsi.acctz.v1.AcctzStream.RecordSubscribe:input_type -> gnsi.acctz.v1.RecordRequest - 12, // 18: gnsi.acctz.v1.Acctz.RecordSubscribe:output_type -> gnsi.acctz.v1.RecordResponse - 12, // 19: gnsi.acctz.v1.AcctzStream.RecordSubscribe:output_type -> gnsi.acctz.v1.RecordResponse - 18, // [18:20] is the sub-list for method output_type - 16, // [16:18] is the sub-list for method input_type - 16, // [16:16] is the sub-list for extension type_name - 16, // [16:16] is the sub-list for extension extendee - 0, // [0:16] is the sub-list for field type_name + 14, // 11: gnsi.acctz.v1.GrpcService.proto_val:type_name -> google.protobuf.Any + 6, // 12: gnsi.acctz.v1.RecordResponse.session_info:type_name -> gnsi.acctz.v1.SessionInfo + 15, // 13: gnsi.acctz.v1.RecordResponse.timestamp:type_name -> google.protobuf.Timestamp + 10, // 14: gnsi.acctz.v1.RecordResponse.cmd_service:type_name -> gnsi.acctz.v1.CommandService + 11, // 15: gnsi.acctz.v1.RecordResponse.grpc_service:type_name -> gnsi.acctz.v1.GrpcService + 15, // 16: gnsi.acctz.v1.RecordRequest.timestamp:type_name -> google.protobuf.Timestamp + 13, // 17: gnsi.acctz.v1.Acctz.RecordSubscribe:input_type -> gnsi.acctz.v1.RecordRequest + 13, // 18: gnsi.acctz.v1.AcctzStream.RecordSubscribe:input_type -> gnsi.acctz.v1.RecordRequest + 12, // 19: gnsi.acctz.v1.Acctz.RecordSubscribe:output_type -> gnsi.acctz.v1.RecordResponse + 12, // 20: gnsi.acctz.v1.AcctzStream.RecordSubscribe:output_type -> gnsi.acctz.v1.RecordResponse + 19, // [19:21] is the sub-list for method output_type + 17, // [17:19] is the sub-list for method input_type + 17, // [17:17] is the sub-list for extension type_name + 17, // [17:17] is the sub-list for extension extendee + 0, // [0:17] is the sub-list for field type_name } func init() { file_github_com_openconfig_gnsi_acctz_acctz_proto_init() } @@ -1372,6 +1422,10 @@ func file_github_com_openconfig_gnsi_acctz_acctz_proto_init() { } } } + file_github_com_openconfig_gnsi_acctz_acctz_proto_msgTypes[5].OneofWrappers = []interface{}{ + (*GrpcService_ProtoVal)(nil), + (*GrpcService_StringVal)(nil), + } file_github_com_openconfig_gnsi_acctz_acctz_proto_msgTypes[6].OneofWrappers = []interface{}{ (*RecordResponse_CmdService)(nil), (*RecordResponse_GrpcService)(nil), diff --git a/acctz/acctz.proto b/acctz/acctz.proto index 59b1074..c0b6be9 100644 --- a/acctz/acctz.proto +++ b/acctz/acctz.proto @@ -284,14 +284,32 @@ message GrpcService { // A string of bytes that are gRPC encoded. Best to decode using // PROTO_ANY. - repeated google.protobuf.Any payloads = 3; + // Deprecated in favour of using the payload field. + // A warning when using this field: if a google.protobuf.Any value + // is truncated, then it will not be possible for the client to + // unmarshal this value upon receiving. + repeated google.protobuf.Any payloads = 3 [deprecated=true]; - // True, if truncation of payloads occurs due to an implementation + // True, if truncation of payload occurs due to an implementation // limitation in the originating service, any middleware, or the receiver. bool payload_istruncated = 5; // Authorization details AuthzDetail authz = 6; + + // the payload of the RPC, as either a string or proto-encoded. + // Note that this may be partially redacted to avoid leaking + // sensitive info (e.g. private keys rotated via certz/credentialz) + oneof payload { + // the payload in proto form. + // (suitable for small messages which don't require truncation) + // This can be unmarshalled by the acctz client. + google.protobuf.Any proto_val = 7; + + // A string describing the payload of the RPC. + // This may be truncated. + string string_val = 8; + } } // An accounting record message is generated everytime the user types a diff --git a/version/version.pb.go b/version/version.pb.go index 9af86d8..8a9dc35 100644 --- a/version/version.pb.go +++ b/version/version.pb.go @@ -29,7 +29,7 @@ var file_github_com_openconfig_gnsi_version_version_proto_rawDesc = []byte{ 0x74, 0x6f, 0x12, 0x04, 0x67, 0x6e, 0x73, 0x69, 0x1a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x67, 0x6e, 0x6f, 0x69, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x42, 0x2c, 0xd2, 0x3e, 0x05, 0x31, 0x2e, 0x36, 0x2e, 0x31, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x42, 0x2c, 0xd2, 0x3e, 0x05, 0x31, 0x2e, 0x36, 0x2e, 0x32, 0x5a, 0x22, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x67, 0x6e, 0x73, 0x69, 0x2f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, diff --git a/version/version.proto b/version/version.proto index 4b9a523..a14070a 100644 --- a/version/version.proto +++ b/version/version.proto @@ -20,5 +20,5 @@ package gnsi; import "github.com/openconfig/gnoi/types/types.proto"; -option (gnoi.types.gnoi_version) = "1.6.1"; +option (gnoi.types.gnoi_version) = "1.6.2"; option go_package = "github.com/openconfig/gnsi/version"; From 1996bef75e54512d49cb811a10e503db297aaba8 Mon Sep 17 00:00:00 2001 From: Brian Neville <29639579+brianneville@users.noreply.github.com> Date: Wed, 6 Mar 2024 21:24:32 +0000 Subject: [PATCH 07/13] certz: clarify usage of entity_type field (#170) clarify that we should return an error if the entity_type field matches the type of an entity already being rotated in the same UploadRequest. I.e. the artifact being rotated should either be uploaded in the UploadRequest _or_ it should be copied from an existing ssl profile, but not both. --- certz/README.md | 4 ++-- certz/certz.proto | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/certz/README.md b/certz/README.md index 3bf224a..61257ca 100644 --- a/certz/README.md +++ b/certz/README.md @@ -106,8 +106,8 @@ The system will start with this profile and either bootz or enrollz will be resp Call `Certz.AddProfile` RPC with the `ssl_profile_id` field specifying the ID of the new SSL profile. -A new profile can choose to use existing artifacts from other profiles, via sending `Entity` messages with `ExistingEntity` set with the ssl_profile_id set to the source -profile to copy from. +A new profile can choose to use existing artifacts from other profiles, via sending `Entity` messages with `ExistingEntity` set with the `ssl_profile_id` set to the source +profile to copy from, and the `entity_type` field set to the type of entity to be copied. #### Delete a SSL profile diff --git a/certz/certz.proto b/certz/certz.proto index 92d122e..2d46924 100644 --- a/certz/certz.proto +++ b/certz/certz.proto @@ -523,7 +523,11 @@ message Entity { // ExistingEntity is used to use artifacts provided by another SSL policy. // This operation will copy the entity from the provided policy and entity // type into the policy defined in the Rotate Request. -// If the ssl profile doesn't exist an error will be returned. +// If the ssl profile doesn't exist a NotFound error will be returned. +// If the entity type to copy is already being provided in the same +// UploadRequest then an InvalidArgument error will be returned. +// (e.g. EntityType == ENTITY_TYPE_TRUST_BUNDLE cannot be used +// if the UploadRequest contains a trust_bundle entity already) message ExistingEntity { enum EntityType { ENTITY_TYPE_UNSPECIFIED = 0; From 66f8d3623a2caceab18a039f706d36fa99e416b8 Mon Sep 17 00:00:00 2001 From: Niranjan Mahabaleshwar <109181518+nmahabaleshwar@users.noreply.github.com> Date: Thu, 7 Mar 2024 16:21:40 -0800 Subject: [PATCH 08/13] Add detailed scenarios on when history_istruncated is set to True --- acctz/acctz.proto | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/acctz/acctz.proto b/acctz/acctz.proto index c0b6be9..f1d2905 100644 --- a/acctz/acctz.proto +++ b/acctz/acctz.proto @@ -322,14 +322,25 @@ message RecordResponse { // since the unix epoch (Jan 1, 1970 00:00:00 UTC). google.protobuf.Timestamp timestamp = 2; - // True, if the server's history does not include a message with the given - // RecordRequest.timestamp or an older record, indicating that history - // truncation has occurred relative to the timestamp reference point and - // records might have been missed. - // If RecordRequest.timestamp was not equal to a previously received - // RecordResponse.timestamp received, instead randomly chosen, the Collector - // can not know if it missed records. - // If RecordRequest.timestamp = 0, this must be false. + // True, if the server’s history is missing records prior to the time + // specified in the timestamp of the RecordResponse message. This can happen + // in the below scenarios, + // 1. A client connects and sends RecordRequest(timestamp=t1). If the server + // does not have all records after time t1, the first RecordResponse it + // sends will have this field as True. Subsequent RecordResponses + // may have this field as false. + // 2. A client connects and sends RecordResponse(timestamp=t1) where t1 is + // earlier than the uptime of the switch. In such scenarios, the first + // RecordResponse will have this field as True. Subsequent RecordResponses + // may have this field as false. + // 3. A client has an active stream where it's getting RecordResponse messages + // from the server. The server detects that some events were not accounted + // for, the next RecordResponse message it sends to the client will have + // this field as True. Subsequent RecordResponses may have this field as + // false. + // If timestamp=0 in the RecordRequest message, the first RecordResponse + // response message will have this field as False irrespective of history + // truncation. Subsequent RecordResponses may have this field as false. bool history_istruncated = 3; // Service request details of the accounting record. From e2d330ca6d6b1c549d5418b2f79d57c60d62037d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Mar 2024 22:45:17 +0000 Subject: [PATCH 09/13] Bump google.golang.org/protobuf from 1.30.0 to 1.33.0 Bumps google.golang.org/protobuf from 1.30.0 to 1.33.0. --- updated-dependencies: - dependency-name: google.golang.org/protobuf dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0da75a6..e786121 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,7 @@ require ( github.com/openconfig/gnmi v0.0.0-20220617175856-41246b1b3507 github.com/openconfig/gnoi v0.0.0-20220809151450-6bddacd72ef8 google.golang.org/grpc v1.56.3 - google.golang.org/protobuf v1.30.0 + google.golang.org/protobuf v1.33.0 ) require ( diff --git a/go.sum b/go.sum index 989119d..3f36af2 100644 --- a/go.sum +++ b/go.sum @@ -135,8 +135,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= -google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= From d03ace187697e02a303da658be1a626ee44e2965 Mon Sep 17 00:00:00 2001 From: heas Date: Thu, 14 Mar 2024 11:56:06 -0700 Subject: [PATCH 10/13] Fix pasto in acctz yang variable description --- acctz/gnsi-acctz.yang | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acctz/gnsi-acctz.yang b/acctz/gnsi-acctz.yang index 752628e..a958f40 100644 --- a/acctz/gnsi-acctz.yang +++ b/acctz/gnsi-acctz.yang @@ -130,7 +130,7 @@ module gnsi-acctz { leaf RecordResponses { type oc-yang:counter64; description - "The total number of RecordRequest RPCs that have been sent."; + "The total number of RecordResponse RPCs that have been sent."; } } From 614a55983e30b90cf77563736e45e75ab7f996a7 Mon Sep 17 00:00:00 2001 From: heas Date: Thu, 14 Mar 2024 13:32:48 -0700 Subject: [PATCH 11/13] Remove client-counters.IdleTimeouts from the yang model; the timeout mechanism has been removed. Also, change a UTF apostrophe to ascii. --- acctz/acctz.proto | 2 +- acctz/gnsi-acctz.yang | 14 ++++---------- 2 files changed, 5 insertions(+), 11 deletions(-) diff --git a/acctz/acctz.proto b/acctz/acctz.proto index f1d2905..138bbe8 100644 --- a/acctz/acctz.proto +++ b/acctz/acctz.proto @@ -322,7 +322,7 @@ message RecordResponse { // since the unix epoch (Jan 1, 1970 00:00:00 UTC). google.protobuf.Timestamp timestamp = 2; - // True, if the server’s history is missing records prior to the time + // True, if the server's history is missing records prior to the time // specified in the timestamp of the RecordResponse message. This can happen // in the below scenarios, // 1. A client connects and sends RecordRequest(timestamp=t1). If the server diff --git a/acctz/gnsi-acctz.yang b/acctz/gnsi-acctz.yang index a958f40..7db98ba 100644 --- a/acctz/gnsi-acctz.yang +++ b/acctz/gnsi-acctz.yang @@ -111,16 +111,10 @@ module gnsi-acctz { leaf history_istruncated { type oc-yang:counter64; description - "The total number of times that a RecordRequest resulted in - a RecordResponse being marked history_istruncated. ie: a - request was made for a timestamp that did not exist in the - history."; - } - leaf IdleTimeouts { - type oc-yang:counter64; - description - "The total number of times that a client was disconnected - due to missing keepalives (ie: RecordRequests)."; + "The total number of times that a RecordResponse were marked + with history_istruncated true. ie: a request was made for a + timestamp that did not exist in the history or another + qualifying event as documented in acctz.prot."; } leaf RecordRequests { type oc-yang:counter64; From ac2e6d0cf1887387309bdffd5d88465a64fde38c Mon Sep 17 00:00:00 2001 From: Brian Neville <29639579+brianneville@users.noreply.github.com> Date: Mon, 18 Mar 2024 15:06:12 +0000 Subject: [PATCH 12/13] certz: support specifying cert/key by enum (#172) * certz: support specifying cert/key by enum use oneofs and enums to specify the source of the certificate and private keys for keys/certs which are already present on the device. In particular this is relevant in the case of attestz, where OIDevID and IDevID certs and keys may be stored in the TPM, see https://github.com/openconfig/attestz/pull/36/ * bump version * address comments * clarify private key encoding and KEY_SOURCE_GENERATED --- certz/certz.pb.go | 381 +++++++++++++++++++++++++++++++++--------- certz/certz.proto | 46 ++++- version/version.pb.go | 2 +- version/version.proto | 2 +- 4 files changed, 348 insertions(+), 83 deletions(-) diff --git a/certz/certz.pb.go b/certz/certz.pb.go index 90d8001..eb15808 100644 --- a/certz/certz.pb.go +++ b/certz/certz.pb.go @@ -220,6 +220,104 @@ func (CertificateEncoding) EnumDescriptor() ([]byte, []int) { return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP(), []int{2} } +type Certificate_CertSource int32 + +const ( + Certificate_CERT_SOURCE_UNSPECIFIED Certificate_CertSource = 0 + Certificate_CERT_SOURCE_OIDEVID Certificate_CertSource = 1 + Certificate_CERT_SOURCE_IDEVID Certificate_CertSource = 2 +) + +// Enum value maps for Certificate_CertSource. +var ( + Certificate_CertSource_name = map[int32]string{ + 0: "CERT_SOURCE_UNSPECIFIED", + 1: "CERT_SOURCE_OIDEVID", + 2: "CERT_SOURCE_IDEVID", + } + Certificate_CertSource_value = map[string]int32{ + "CERT_SOURCE_UNSPECIFIED": 0, + "CERT_SOURCE_OIDEVID": 1, + "CERT_SOURCE_IDEVID": 2, + } +) + +func (x Certificate_CertSource) Enum() *Certificate_CertSource { + p := new(Certificate_CertSource) + *p = x + return p +} + +func (x Certificate_CertSource) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (Certificate_CertSource) Descriptor() protoreflect.EnumDescriptor { + return file_github_com_openconfig_gnsi_certz_certz_proto_enumTypes[3].Descriptor() +} + +func (Certificate_CertSource) Type() protoreflect.EnumType { + return &file_github_com_openconfig_gnsi_certz_certz_proto_enumTypes[3] +} + +func (x Certificate_CertSource) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use Certificate_CertSource.Descriptor instead. +func (Certificate_CertSource) EnumDescriptor() ([]byte, []int) { + return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP(), []int{14, 0} +} + +type Certificate_KeySource int32 + +const ( + Certificate_KEY_SOURCE_UNSPECIFIED Certificate_KeySource = 0 + Certificate_KEY_SOURCE_IDEVID_TPM Certificate_KeySource = 1 + Certificate_KEY_SOURCE_GENERATED Certificate_KeySource = 2 +) + +// Enum value maps for Certificate_KeySource. +var ( + Certificate_KeySource_name = map[int32]string{ + 0: "KEY_SOURCE_UNSPECIFIED", + 1: "KEY_SOURCE_IDEVID_TPM", + 2: "KEY_SOURCE_GENERATED", + } + Certificate_KeySource_value = map[string]int32{ + "KEY_SOURCE_UNSPECIFIED": 0, + "KEY_SOURCE_IDEVID_TPM": 1, + "KEY_SOURCE_GENERATED": 2, + } +) + +func (x Certificate_KeySource) Enum() *Certificate_KeySource { + p := new(Certificate_KeySource) + *p = x + return p +} + +func (x Certificate_KeySource) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (Certificate_KeySource) Descriptor() protoreflect.EnumDescriptor { + return file_github_com_openconfig_gnsi_certz_certz_proto_enumTypes[4].Descriptor() +} + +func (Certificate_KeySource) Type() protoreflect.EnumType { + return &file_github_com_openconfig_gnsi_certz_certz_proto_enumTypes[4] +} + +func (x Certificate_KeySource) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use Certificate_KeySource.Descriptor instead. +func (Certificate_KeySource) EnumDescriptor() ([]byte, []int) { + return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP(), []int{14, 1} +} + type ExistingEntity_EntityType int32 const ( @@ -259,11 +357,11 @@ func (x ExistingEntity_EntityType) String() string { } func (ExistingEntity_EntityType) Descriptor() protoreflect.EnumDescriptor { - return file_github_com_openconfig_gnsi_certz_certz_proto_enumTypes[3].Descriptor() + return file_github_com_openconfig_gnsi_certz_certz_proto_enumTypes[5].Descriptor() } func (ExistingEntity_EntityType) Type() protoreflect.EnumType { - return &file_github_com_openconfig_gnsi_certz_certz_proto_enumTypes[3] + return &file_github_com_openconfig_gnsi_certz_certz_proto_enumTypes[5] } func (x ExistingEntity_EntityType) Number() protoreflect.EnumNumber { @@ -1102,10 +1200,20 @@ type Certificate struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Type CertificateType `protobuf:"varint,1,opt,name=type,proto3,enum=gnsi.certz.v1.CertificateType" json:"type,omitempty"` - Encoding CertificateEncoding `protobuf:"varint,2,opt,name=encoding,proto3,enum=gnsi.certz.v1.CertificateEncoding" json:"encoding,omitempty"` - Certificate []byte `protobuf:"bytes,3,opt,name=certificate,proto3" json:"certificate,omitempty"` - PrivateKey []byte `protobuf:"bytes,4,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` + Type CertificateType `protobuf:"varint,1,opt,name=type,proto3,enum=gnsi.certz.v1.CertificateType" json:"type,omitempty"` + Encoding CertificateEncoding `protobuf:"varint,2,opt,name=encoding,proto3,enum=gnsi.certz.v1.CertificateEncoding" json:"encoding,omitempty"` + // Deprecated: Marked as deprecated in github.com/openconfig/gnsi/certz/certz.proto. + Certificate []byte `protobuf:"bytes,3,opt,name=certificate,proto3" json:"certificate,omitempty"` + // Deprecated: Marked as deprecated in github.com/openconfig/gnsi/certz/certz.proto. + PrivateKey []byte `protobuf:"bytes,4,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` + // Types that are assignable to CertificateType: + // *Certificate_RawCertificate + // *Certificate_CertSource_ + CertificateType isCertificate_CertificateType `protobuf_oneof:"certificate_type"` + // Types that are assignable to PrivateKeyType: + // *Certificate_RawPrivateKey + // *Certificate_KeySource_ + PrivateKeyType isCertificate_PrivateKeyType `protobuf_oneof:"private_key_type"` } func (x *Certificate) Reset() { @@ -1154,6 +1262,7 @@ func (x *Certificate) GetEncoding() CertificateEncoding { return CertificateEncoding_CERTIFICATE_ENCODING_UNSPECIFIED } +// Deprecated: Marked as deprecated in github.com/openconfig/gnsi/certz/certz.proto. func (x *Certificate) GetCertificate() []byte { if x != nil { return x.Certificate @@ -1161,6 +1270,7 @@ func (x *Certificate) GetCertificate() []byte { return nil } +// Deprecated: Marked as deprecated in github.com/openconfig/gnsi/certz/certz.proto. func (x *Certificate) GetPrivateKey() []byte { if x != nil { return x.PrivateKey @@ -1168,6 +1278,80 @@ func (x *Certificate) GetPrivateKey() []byte { return nil } +func (m *Certificate) GetCertificateType() isCertificate_CertificateType { + if m != nil { + return m.CertificateType + } + return nil +} + +func (x *Certificate) GetRawCertificate() []byte { + if x, ok := x.GetCertificateType().(*Certificate_RawCertificate); ok { + return x.RawCertificate + } + return nil +} + +func (x *Certificate) GetCertSource() Certificate_CertSource { + if x, ok := x.GetCertificateType().(*Certificate_CertSource_); ok { + return x.CertSource + } + return Certificate_CERT_SOURCE_UNSPECIFIED +} + +func (m *Certificate) GetPrivateKeyType() isCertificate_PrivateKeyType { + if m != nil { + return m.PrivateKeyType + } + return nil +} + +func (x *Certificate) GetRawPrivateKey() []byte { + if x, ok := x.GetPrivateKeyType().(*Certificate_RawPrivateKey); ok { + return x.RawPrivateKey + } + return nil +} + +func (x *Certificate) GetKeySource() Certificate_KeySource { + if x, ok := x.GetPrivateKeyType().(*Certificate_KeySource_); ok { + return x.KeySource + } + return Certificate_KEY_SOURCE_UNSPECIFIED +} + +type isCertificate_CertificateType interface { + isCertificate_CertificateType() +} + +type Certificate_RawCertificate struct { + RawCertificate []byte `protobuf:"bytes,5,opt,name=raw_certificate,json=rawCertificate,proto3,oneof"` +} + +type Certificate_CertSource_ struct { + CertSource Certificate_CertSource `protobuf:"varint,6,opt,name=cert_source,json=certSource,proto3,enum=gnsi.certz.v1.Certificate_CertSource,oneof"` +} + +func (*Certificate_RawCertificate) isCertificate_CertificateType() {} + +func (*Certificate_CertSource_) isCertificate_CertificateType() {} + +type isCertificate_PrivateKeyType interface { + isCertificate_PrivateKeyType() +} + +type Certificate_RawPrivateKey struct { + RawPrivateKey []byte `protobuf:"bytes,7,opt,name=raw_private_key,json=rawPrivateKey,proto3,oneof"` +} + +type Certificate_KeySource_ struct { + KeySource Certificate_KeySource `protobuf:"varint,8,opt,name=key_source,json=keySource,proto3,enum=gnsi.certz.v1.Certificate_KeySource,oneof"` +} + +func (*Certificate_RawPrivateKey) isCertificate_PrivateKeyType() {} + +func (*Certificate_KeySource_) isCertificate_PrivateKeyType() {} + type CertificateRevocationList struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1895,7 +2079,7 @@ var file_github_com_openconfig_gnsi_certz_certz_proto_rawDesc = []byte{ 0x12, 0x37, 0x0a, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x43, 0x68, 0x61, 0x69, - 0x6e, 0x52, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x22, 0xc4, 0x01, 0x0a, 0x0b, 0x43, 0x65, + 0x6e, 0x52, 0x06, 0x70, 0x61, 0x72, 0x65, 0x6e, 0x74, 0x22, 0x94, 0x05, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x32, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1e, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, @@ -1903,11 +2087,40 @@ var file_github_com_openconfig_gnsi_certz_certz_proto_rawDesc = []byte{ 0x08, 0x65, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x22, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x63, 0x6f, 0x64, - 0x69, 0x6e, 0x67, 0x52, 0x08, 0x65, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x20, 0x0a, + 0x69, 0x6e, 0x67, 0x52, 0x08, 0x65, 0x6e, 0x63, 0x6f, 0x64, 0x69, 0x6e, 0x67, 0x12, 0x24, 0x0a, 0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0c, 0x52, 0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, - 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, + 0x28, 0x0c, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x12, 0x23, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, + 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0a, 0x70, 0x72, + 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x29, 0x0a, 0x0f, 0x72, 0x61, 0x77, 0x5f, + 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x0c, 0x48, 0x00, 0x52, 0x0e, 0x72, 0x61, 0x77, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x12, 0x48, 0x0a, 0x0b, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x25, 0x2e, 0x67, 0x6e, 0x73, 0x69, 0x2e, + 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x65, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x48, + 0x00, 0x52, 0x0a, 0x63, 0x65, 0x72, 0x74, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x28, 0x0a, + 0x0f, 0x72, 0x61, 0x77, 0x5f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, + 0x18, 0x07, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x01, 0x52, 0x0d, 0x72, 0x61, 0x77, 0x50, 0x72, 0x69, + 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x45, 0x0a, 0x0a, 0x6b, 0x65, 0x79, 0x5f, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6e, + 0x73, 0x69, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x7a, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x4b, 0x65, 0x79, 0x53, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x48, 0x01, 0x52, 0x09, 0x6b, 0x65, 0x79, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x22, 0x5a, + 0x0a, 0x0a, 0x43, 0x65, 0x72, 0x74, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x1b, 0x0a, 0x17, + 0x43, 0x45, 0x52, 0x54, 0x5f, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, + 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x17, 0x0a, 0x13, 0x43, 0x45, 0x52, + 0x54, 0x5f, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x4f, 0x49, 0x44, 0x45, 0x56, 0x49, 0x44, + 0x10, 0x01, 0x12, 0x16, 0x0a, 0x12, 0x43, 0x45, 0x52, 0x54, 0x5f, 0x53, 0x4f, 0x55, 0x52, 0x43, + 0x45, 0x5f, 0x49, 0x44, 0x45, 0x56, 0x49, 0x44, 0x10, 0x02, 0x22, 0x5c, 0x0a, 0x09, 0x4b, 0x65, + 0x79, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x4b, 0x45, 0x59, 0x5f, 0x53, + 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, + 0x44, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x4f, 0x55, 0x52, 0x43, + 0x45, 0x5f, 0x49, 0x44, 0x45, 0x56, 0x49, 0x44, 0x5f, 0x54, 0x50, 0x4d, 0x10, 0x01, 0x12, 0x18, + 0x0a, 0x14, 0x4b, 0x45, 0x59, 0x5f, 0x53, 0x4f, 0x55, 0x52, 0x43, 0x45, 0x5f, 0x47, 0x45, 0x4e, + 0x45, 0x52, 0x41, 0x54, 0x45, 0x44, 0x10, 0x02, 0x42, 0x12, 0x0a, 0x10, 0x63, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x42, 0x12, 0x0a, 0x10, + 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x22, 0xdf, 0x01, 0x0a, 0x19, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x52, 0x65, 0x76, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x32, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1e, 0x2e, 0x67, @@ -2167,83 +2380,87 @@ func file_github_com_openconfig_gnsi_certz_certz_proto_rawDescGZIP() []byte { return file_github_com_openconfig_gnsi_certz_certz_proto_rawDescData } -var file_github_com_openconfig_gnsi_certz_certz_proto_enumTypes = make([]protoimpl.EnumInfo, 4) +var file_github_com_openconfig_gnsi_certz_certz_proto_enumTypes = make([]protoimpl.EnumInfo, 6) var file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes = make([]protoimpl.MessageInfo, 25) var file_github_com_openconfig_gnsi_certz_certz_proto_goTypes = []interface{}{ (CSRSuite)(0), // 0: gnsi.certz.v1.CSRSuite (CertificateType)(0), // 1: gnsi.certz.v1.CertificateType (CertificateEncoding)(0), // 2: gnsi.certz.v1.CertificateEncoding - (ExistingEntity_EntityType)(0), // 3: gnsi.certz.v1.ExistingEntity.EntityType - (*RotateCertificateRequest)(nil), // 4: gnsi.certz.v1.RotateCertificateRequest - (*RotateCertificateResponse)(nil), // 5: gnsi.certz.v1.RotateCertificateResponse - (*FinalizeRequest)(nil), // 6: gnsi.certz.v1.FinalizeRequest - (*AddProfileRequest)(nil), // 7: gnsi.certz.v1.AddProfileRequest - (*AddProfileResponse)(nil), // 8: gnsi.certz.v1.AddProfileResponse - (*DeleteProfileRequest)(nil), // 9: gnsi.certz.v1.DeleteProfileRequest - (*DeleteProfileResponse)(nil), // 10: gnsi.certz.v1.DeleteProfileResponse - (*GetProfileListRequest)(nil), // 11: gnsi.certz.v1.GetProfileListRequest - (*GetProfileListResponse)(nil), // 12: gnsi.certz.v1.GetProfileListResponse - (*V3ExtensionSAN)(nil), // 13: gnsi.certz.v1.V3ExtensionSAN - (*CSRParams)(nil), // 14: gnsi.certz.v1.CSRParams - (*CanGenerateCSRRequest)(nil), // 15: gnsi.certz.v1.CanGenerateCSRRequest - (*CanGenerateCSRResponse)(nil), // 16: gnsi.certz.v1.CanGenerateCSRResponse - (*CertificateChain)(nil), // 17: gnsi.certz.v1.CertificateChain - (*Certificate)(nil), // 18: gnsi.certz.v1.Certificate - (*CertificateRevocationList)(nil), // 19: gnsi.certz.v1.CertificateRevocationList - (*CertificateRevocationListBundle)(nil), // 20: gnsi.certz.v1.CertificateRevocationListBundle - (*AuthenticationPolicy)(nil), // 21: gnsi.certz.v1.AuthenticationPolicy - (*Entity)(nil), // 22: gnsi.certz.v1.Entity - (*ExistingEntity)(nil), // 23: gnsi.certz.v1.ExistingEntity - (*UploadRequest)(nil), // 24: gnsi.certz.v1.UploadRequest - (*UploadResponse)(nil), // 25: gnsi.certz.v1.UploadResponse - (*CertificateSigningRequest)(nil), // 26: gnsi.certz.v1.CertificateSigningRequest - (*GenerateCSRRequest)(nil), // 27: gnsi.certz.v1.GenerateCSRRequest - (*GenerateCSRResponse)(nil), // 28: gnsi.certz.v1.GenerateCSRResponse - (*anypb.Any)(nil), // 29: google.protobuf.Any + (Certificate_CertSource)(0), // 3: gnsi.certz.v1.Certificate.CertSource + (Certificate_KeySource)(0), // 4: gnsi.certz.v1.Certificate.KeySource + (ExistingEntity_EntityType)(0), // 5: gnsi.certz.v1.ExistingEntity.EntityType + (*RotateCertificateRequest)(nil), // 6: gnsi.certz.v1.RotateCertificateRequest + (*RotateCertificateResponse)(nil), // 7: gnsi.certz.v1.RotateCertificateResponse + (*FinalizeRequest)(nil), // 8: gnsi.certz.v1.FinalizeRequest + (*AddProfileRequest)(nil), // 9: gnsi.certz.v1.AddProfileRequest + (*AddProfileResponse)(nil), // 10: gnsi.certz.v1.AddProfileResponse + (*DeleteProfileRequest)(nil), // 11: gnsi.certz.v1.DeleteProfileRequest + (*DeleteProfileResponse)(nil), // 12: gnsi.certz.v1.DeleteProfileResponse + (*GetProfileListRequest)(nil), // 13: gnsi.certz.v1.GetProfileListRequest + (*GetProfileListResponse)(nil), // 14: gnsi.certz.v1.GetProfileListResponse + (*V3ExtensionSAN)(nil), // 15: gnsi.certz.v1.V3ExtensionSAN + (*CSRParams)(nil), // 16: gnsi.certz.v1.CSRParams + (*CanGenerateCSRRequest)(nil), // 17: gnsi.certz.v1.CanGenerateCSRRequest + (*CanGenerateCSRResponse)(nil), // 18: gnsi.certz.v1.CanGenerateCSRResponse + (*CertificateChain)(nil), // 19: gnsi.certz.v1.CertificateChain + (*Certificate)(nil), // 20: gnsi.certz.v1.Certificate + (*CertificateRevocationList)(nil), // 21: gnsi.certz.v1.CertificateRevocationList + (*CertificateRevocationListBundle)(nil), // 22: gnsi.certz.v1.CertificateRevocationListBundle + (*AuthenticationPolicy)(nil), // 23: gnsi.certz.v1.AuthenticationPolicy + (*Entity)(nil), // 24: gnsi.certz.v1.Entity + (*ExistingEntity)(nil), // 25: gnsi.certz.v1.ExistingEntity + (*UploadRequest)(nil), // 26: gnsi.certz.v1.UploadRequest + (*UploadResponse)(nil), // 27: gnsi.certz.v1.UploadResponse + (*CertificateSigningRequest)(nil), // 28: gnsi.certz.v1.CertificateSigningRequest + (*GenerateCSRRequest)(nil), // 29: gnsi.certz.v1.GenerateCSRRequest + (*GenerateCSRResponse)(nil), // 30: gnsi.certz.v1.GenerateCSRResponse + (*anypb.Any)(nil), // 31: google.protobuf.Any } var file_github_com_openconfig_gnsi_certz_certz_proto_depIdxs = []int32{ - 27, // 0: gnsi.certz.v1.RotateCertificateRequest.generate_csr:type_name -> gnsi.certz.v1.GenerateCSRRequest - 24, // 1: gnsi.certz.v1.RotateCertificateRequest.certificates:type_name -> gnsi.certz.v1.UploadRequest - 6, // 2: gnsi.certz.v1.RotateCertificateRequest.finalize_rotation:type_name -> gnsi.certz.v1.FinalizeRequest - 28, // 3: gnsi.certz.v1.RotateCertificateResponse.generated_csr:type_name -> gnsi.certz.v1.GenerateCSRResponse - 25, // 4: gnsi.certz.v1.RotateCertificateResponse.certificates:type_name -> gnsi.certz.v1.UploadResponse + 29, // 0: gnsi.certz.v1.RotateCertificateRequest.generate_csr:type_name -> gnsi.certz.v1.GenerateCSRRequest + 26, // 1: gnsi.certz.v1.RotateCertificateRequest.certificates:type_name -> gnsi.certz.v1.UploadRequest + 8, // 2: gnsi.certz.v1.RotateCertificateRequest.finalize_rotation:type_name -> gnsi.certz.v1.FinalizeRequest + 30, // 3: gnsi.certz.v1.RotateCertificateResponse.generated_csr:type_name -> gnsi.certz.v1.GenerateCSRResponse + 27, // 4: gnsi.certz.v1.RotateCertificateResponse.certificates:type_name -> gnsi.certz.v1.UploadResponse 0, // 5: gnsi.certz.v1.CSRParams.csr_suite:type_name -> gnsi.certz.v1.CSRSuite - 13, // 6: gnsi.certz.v1.CSRParams.san:type_name -> gnsi.certz.v1.V3ExtensionSAN - 14, // 7: gnsi.certz.v1.CanGenerateCSRRequest.params:type_name -> gnsi.certz.v1.CSRParams - 18, // 8: gnsi.certz.v1.CertificateChain.certificate:type_name -> gnsi.certz.v1.Certificate - 17, // 9: gnsi.certz.v1.CertificateChain.parent:type_name -> gnsi.certz.v1.CertificateChain + 15, // 6: gnsi.certz.v1.CSRParams.san:type_name -> gnsi.certz.v1.V3ExtensionSAN + 16, // 7: gnsi.certz.v1.CanGenerateCSRRequest.params:type_name -> gnsi.certz.v1.CSRParams + 20, // 8: gnsi.certz.v1.CertificateChain.certificate:type_name -> gnsi.certz.v1.Certificate + 19, // 9: gnsi.certz.v1.CertificateChain.parent:type_name -> gnsi.certz.v1.CertificateChain 1, // 10: gnsi.certz.v1.Certificate.type:type_name -> gnsi.certz.v1.CertificateType 2, // 11: gnsi.certz.v1.Certificate.encoding:type_name -> gnsi.certz.v1.CertificateEncoding - 1, // 12: gnsi.certz.v1.CertificateRevocationList.type:type_name -> gnsi.certz.v1.CertificateType - 2, // 13: gnsi.certz.v1.CertificateRevocationList.encoding:type_name -> gnsi.certz.v1.CertificateEncoding - 19, // 14: gnsi.certz.v1.CertificateRevocationListBundle.certificate_revocation_lists:type_name -> gnsi.certz.v1.CertificateRevocationList - 29, // 15: gnsi.certz.v1.AuthenticationPolicy.serialized:type_name -> google.protobuf.Any - 17, // 16: gnsi.certz.v1.Entity.certificate_chain:type_name -> gnsi.certz.v1.CertificateChain - 17, // 17: gnsi.certz.v1.Entity.trust_bundle:type_name -> gnsi.certz.v1.CertificateChain - 20, // 18: gnsi.certz.v1.Entity.certificate_revocation_list_bundle:type_name -> gnsi.certz.v1.CertificateRevocationListBundle - 21, // 19: gnsi.certz.v1.Entity.authentication_policy:type_name -> gnsi.certz.v1.AuthenticationPolicy - 23, // 20: gnsi.certz.v1.Entity.existing_entity:type_name -> gnsi.certz.v1.ExistingEntity - 3, // 21: gnsi.certz.v1.ExistingEntity.entity_type:type_name -> gnsi.certz.v1.ExistingEntity.EntityType - 22, // 22: gnsi.certz.v1.UploadRequest.entities:type_name -> gnsi.certz.v1.Entity - 1, // 23: gnsi.certz.v1.CertificateSigningRequest.type:type_name -> gnsi.certz.v1.CertificateType - 2, // 24: gnsi.certz.v1.CertificateSigningRequest.encoding:type_name -> gnsi.certz.v1.CertificateEncoding - 14, // 25: gnsi.certz.v1.GenerateCSRRequest.params:type_name -> gnsi.certz.v1.CSRParams - 26, // 26: gnsi.certz.v1.GenerateCSRResponse.certificate_signing_request:type_name -> gnsi.certz.v1.CertificateSigningRequest - 4, // 27: gnsi.certz.v1.Certz.Rotate:input_type -> gnsi.certz.v1.RotateCertificateRequest - 7, // 28: gnsi.certz.v1.Certz.AddProfile:input_type -> gnsi.certz.v1.AddProfileRequest - 9, // 29: gnsi.certz.v1.Certz.DeleteProfile:input_type -> gnsi.certz.v1.DeleteProfileRequest - 11, // 30: gnsi.certz.v1.Certz.GetProfileList:input_type -> gnsi.certz.v1.GetProfileListRequest - 15, // 31: gnsi.certz.v1.Certz.CanGenerateCSR:input_type -> gnsi.certz.v1.CanGenerateCSRRequest - 5, // 32: gnsi.certz.v1.Certz.Rotate:output_type -> gnsi.certz.v1.RotateCertificateResponse - 8, // 33: gnsi.certz.v1.Certz.AddProfile:output_type -> gnsi.certz.v1.AddProfileResponse - 10, // 34: gnsi.certz.v1.Certz.DeleteProfile:output_type -> gnsi.certz.v1.DeleteProfileResponse - 12, // 35: gnsi.certz.v1.Certz.GetProfileList:output_type -> gnsi.certz.v1.GetProfileListResponse - 16, // 36: gnsi.certz.v1.Certz.CanGenerateCSR:output_type -> gnsi.certz.v1.CanGenerateCSRResponse - 32, // [32:37] is the sub-list for method output_type - 27, // [27:32] is the sub-list for method input_type - 27, // [27:27] is the sub-list for extension type_name - 27, // [27:27] is the sub-list for extension extendee - 0, // [0:27] is the sub-list for field type_name + 3, // 12: gnsi.certz.v1.Certificate.cert_source:type_name -> gnsi.certz.v1.Certificate.CertSource + 4, // 13: gnsi.certz.v1.Certificate.key_source:type_name -> gnsi.certz.v1.Certificate.KeySource + 1, // 14: gnsi.certz.v1.CertificateRevocationList.type:type_name -> gnsi.certz.v1.CertificateType + 2, // 15: gnsi.certz.v1.CertificateRevocationList.encoding:type_name -> gnsi.certz.v1.CertificateEncoding + 21, // 16: gnsi.certz.v1.CertificateRevocationListBundle.certificate_revocation_lists:type_name -> gnsi.certz.v1.CertificateRevocationList + 31, // 17: gnsi.certz.v1.AuthenticationPolicy.serialized:type_name -> google.protobuf.Any + 19, // 18: gnsi.certz.v1.Entity.certificate_chain:type_name -> gnsi.certz.v1.CertificateChain + 19, // 19: gnsi.certz.v1.Entity.trust_bundle:type_name -> gnsi.certz.v1.CertificateChain + 22, // 20: gnsi.certz.v1.Entity.certificate_revocation_list_bundle:type_name -> gnsi.certz.v1.CertificateRevocationListBundle + 23, // 21: gnsi.certz.v1.Entity.authentication_policy:type_name -> gnsi.certz.v1.AuthenticationPolicy + 25, // 22: gnsi.certz.v1.Entity.existing_entity:type_name -> gnsi.certz.v1.ExistingEntity + 5, // 23: gnsi.certz.v1.ExistingEntity.entity_type:type_name -> gnsi.certz.v1.ExistingEntity.EntityType + 24, // 24: gnsi.certz.v1.UploadRequest.entities:type_name -> gnsi.certz.v1.Entity + 1, // 25: gnsi.certz.v1.CertificateSigningRequest.type:type_name -> gnsi.certz.v1.CertificateType + 2, // 26: gnsi.certz.v1.CertificateSigningRequest.encoding:type_name -> gnsi.certz.v1.CertificateEncoding + 16, // 27: gnsi.certz.v1.GenerateCSRRequest.params:type_name -> gnsi.certz.v1.CSRParams + 28, // 28: gnsi.certz.v1.GenerateCSRResponse.certificate_signing_request:type_name -> gnsi.certz.v1.CertificateSigningRequest + 6, // 29: gnsi.certz.v1.Certz.Rotate:input_type -> gnsi.certz.v1.RotateCertificateRequest + 9, // 30: gnsi.certz.v1.Certz.AddProfile:input_type -> gnsi.certz.v1.AddProfileRequest + 11, // 31: gnsi.certz.v1.Certz.DeleteProfile:input_type -> gnsi.certz.v1.DeleteProfileRequest + 13, // 32: gnsi.certz.v1.Certz.GetProfileList:input_type -> gnsi.certz.v1.GetProfileListRequest + 17, // 33: gnsi.certz.v1.Certz.CanGenerateCSR:input_type -> gnsi.certz.v1.CanGenerateCSRRequest + 7, // 34: gnsi.certz.v1.Certz.Rotate:output_type -> gnsi.certz.v1.RotateCertificateResponse + 10, // 35: gnsi.certz.v1.Certz.AddProfile:output_type -> gnsi.certz.v1.AddProfileResponse + 12, // 36: gnsi.certz.v1.Certz.DeleteProfile:output_type -> gnsi.certz.v1.DeleteProfileResponse + 14, // 37: gnsi.certz.v1.Certz.GetProfileList:output_type -> gnsi.certz.v1.GetProfileListResponse + 18, // 38: gnsi.certz.v1.Certz.CanGenerateCSR:output_type -> gnsi.certz.v1.CanGenerateCSRResponse + 34, // [34:39] is the sub-list for method output_type + 29, // [29:34] is the sub-list for method input_type + 29, // [29:29] is the sub-list for extension type_name + 29, // [29:29] is the sub-list for extension extendee + 0, // [0:29] is the sub-list for field type_name } func init() { file_github_com_openconfig_gnsi_certz_certz_proto_init() } @@ -2562,6 +2779,12 @@ func file_github_com_openconfig_gnsi_certz_certz_proto_init() { (*RotateCertificateResponse_GeneratedCsr)(nil), (*RotateCertificateResponse_Certificates)(nil), } + file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[14].OneofWrappers = []interface{}{ + (*Certificate_RawCertificate)(nil), + (*Certificate_CertSource_)(nil), + (*Certificate_RawPrivateKey)(nil), + (*Certificate_KeySource_)(nil), + } file_github_com_openconfig_gnsi_certz_certz_proto_msgTypes[17].OneofWrappers = []interface{}{ (*AuthenticationPolicy_Serialized)(nil), } @@ -2577,7 +2800,7 @@ func file_github_com_openconfig_gnsi_certz_certz_proto_init() { File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_github_com_openconfig_gnsi_certz_certz_proto_rawDesc, - NumEnums: 4, + NumEnums: 6, NumMessages: 25, NumExtensions: 0, NumServices: 1, diff --git a/certz/certz.proto b/certz/certz.proto index 2d46924..bbea880 100644 --- a/certz/certz.proto +++ b/certz/certz.proto @@ -453,11 +453,53 @@ message Certificate { // Actual certificate. // The exact encoding depends upon the type of certificate. // for X509, this should be a PEM encoded Certificate. - bytes certificate = 3; + // Deprecated in favour of certificate_type + bytes certificate = 3 [deprecated=true]; // Optional. + // PEM encoded private key. // Not needed if the device knows the private key or does not have to know it. - bytes private_key = 4; + // Deprecated in favour of private_key_type + bytes private_key = 4 [deprecated=true]; + + enum CertSource { + CERT_SOURCE_UNSPECIFIED = 0; + + // certificates present on the device already + CERT_SOURCE_OIDEVID = 1; + CERT_SOURCE_IDEVID = 2; + } + + oneof certificate_type { + // Actual certificate + // The exact encoding depends upon the type of certificate. + // for X509, this should be a PEM encoded Certificate. + bytes raw_certificate = 5; + + // specify an alternative source for the certificate + CertSource cert_source = 6; + } + + enum KeySource { + // KEY_SOURCE_UNSPECIFIED can be used in the case where the + // certificate does not need a private key (e.g. trusted certs) + KEY_SOURCE_UNSPECIFIED = 0; + + // key is IDevID key stored in TPM + KEY_SOURCE_IDEVID_TPM = 1; + + // key was generated with a CSR as part of the current Rotate RPC + KEY_SOURCE_GENERATED = 2; + } + + oneof private_key_type { + // PEM encoded private key + bytes raw_private_key = 7; + + // specify an alternative source for the private key + // or use KEY_SOURCE_UNSPECIFIED if no key is needed + KeySource key_source = 8; + } } // A certificate revocation list (CRL) diff --git a/version/version.pb.go b/version/version.pb.go index 8a9dc35..7b2cf69 100644 --- a/version/version.pb.go +++ b/version/version.pb.go @@ -29,7 +29,7 @@ var file_github_com_openconfig_gnsi_version_version_proto_rawDesc = []byte{ 0x74, 0x6f, 0x12, 0x04, 0x67, 0x6e, 0x73, 0x69, 0x1a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x67, 0x6e, 0x6f, 0x69, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x42, 0x2c, 0xd2, 0x3e, 0x05, 0x31, 0x2e, 0x36, 0x2e, 0x32, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x42, 0x2c, 0xd2, 0x3e, 0x05, 0x31, 0x2e, 0x36, 0x2e, 0x33, 0x5a, 0x22, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x67, 0x6e, 0x73, 0x69, 0x2f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, diff --git a/version/version.proto b/version/version.proto index a14070a..6c0f320 100644 --- a/version/version.proto +++ b/version/version.proto @@ -20,5 +20,5 @@ package gnsi; import "github.com/openconfig/gnoi/types/types.proto"; -option (gnoi.types.gnoi_version) = "1.6.2"; +option (gnoi.types.gnoi_version) = "1.6.3"; option go_package = "github.com/openconfig/gnsi/version"; From 63b01d6783042b32ad1dd07a44efd51fc9010940 Mon Sep 17 00:00:00 2001 From: haussli Date: Mon, 18 Mar 2024 08:06:41 -0700 Subject: [PATCH 13/13] Fix pasto in acctz yang variable description (#174)