From f0cddba43093524b0bb34b28da8e21db779e0476 Mon Sep 17 00:00:00 2001 From: Chris Burkert Date: Thu, 30 Apr 2026 15:22:12 +0200 Subject: [PATCH 1/2] feat: add system locked status --- proto/kms/api/cmk/types/v1/status.pb.go | 14 ++++++++++++-- proto/kms/api/cmk/types/v1/status.proto | 8 ++++++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/proto/kms/api/cmk/types/v1/status.pb.go b/proto/kms/api/cmk/types/v1/status.pb.go index 3210995..2244d98 100644 --- a/proto/kms/api/cmk/types/v1/status.pb.go +++ b/proto/kms/api/cmk/types/v1/status.pb.go @@ -29,6 +29,13 @@ const ( Status_STATUS_PROCESSING Status = 2 Status_STATUS_TERMINATION_PENDING Status = 3 Status_STATUS_TERMINATED Status = 4 + // STATUS_LOCKED means that the L1 key is unavailable and therefore the data + // of the system can't be decrypted. This is because the key chain to decrypt + // the data encryption key is incomplete. + // A system transition into STATUS_LOCKED happens when the tenant is terminated + // from the blocked status. The system can only be reactivated by creating a new + // tenant, presenting the original L1 key material and mapping the system. + Status_STATUS_LOCKED Status = 5 ) // Enum value maps for Status. @@ -39,6 +46,7 @@ var ( 2: "STATUS_PROCESSING", 3: "STATUS_TERMINATION_PENDING", 4: "STATUS_TERMINATED", + 5: "STATUS_LOCKED", } Status_value = map[string]int32{ "STATUS_UNSPECIFIED": 0, @@ -46,6 +54,7 @@ var ( "STATUS_PROCESSING": 2, "STATUS_TERMINATION_PENDING": 3, "STATUS_TERMINATED": 4, + "STATUS_LOCKED": 5, } ) @@ -80,13 +89,14 @@ var File_kms_api_cmk_types_v1_status_proto protoreflect.FileDescriptor const file_kms_api_cmk_types_v1_status_proto_rawDesc = "" + "\n" + - "!kms/api/cmk/types/v1/status.proto\x12\x14kms.api.cmk.types.v1*\x84\x01\n" + + "!kms/api/cmk/types/v1/status.proto\x12\x14kms.api.cmk.types.v1*\x97\x01\n" + "\x06Status\x12\x16\n" + "\x12STATUS_UNSPECIFIED\x10\x00\x12\x14\n" + "\x10STATUS_AVAILABLE\x10\x01\x12\x15\n" + "\x11STATUS_PROCESSING\x10\x02\x12\x1e\n" + "\x1aSTATUS_TERMINATION_PENDING\x10\x03\x12\x15\n" + - "\x11STATUS_TERMINATED\x10\x04B?Z=github.com/openkcm/api-sdk/proto/kms/api/cmk/types/v1;typesv1b\x06proto3" + "\x11STATUS_TERMINATED\x10\x04\x12\x11\n" + + "\rSTATUS_LOCKED\x10\x05B?Z=github.com/openkcm/api-sdk/proto/kms/api/cmk/types/v1;typesv1b\x06proto3" var ( file_kms_api_cmk_types_v1_status_proto_rawDescOnce sync.Once diff --git a/proto/kms/api/cmk/types/v1/status.proto b/proto/kms/api/cmk/types/v1/status.proto index 28d21d0..8f69f7d 100644 --- a/proto/kms/api/cmk/types/v1/status.proto +++ b/proto/kms/api/cmk/types/v1/status.proto @@ -10,4 +10,12 @@ enum Status { STATUS_PROCESSING = 2; STATUS_TERMINATION_PENDING = 3; STATUS_TERMINATED = 4; + + // STATUS_LOCKED means that the L1 key is unavailable and therefore the data + // of the system can't be decrypted. This is because the key chain to decrypt + // the data encryption key is incomplete. + // A system transition into STATUS_LOCKED happens when the tenant is terminated + // from the blocked status. The system can only be reactivated by creating a new + // tenant, presenting the original L1 key material and mapping the system. + STATUS_LOCKED = 5; } From 0cc7140a27bd0bbc6f4f05af29e7959dbfaf0068 Mon Sep 17 00:00:00 2001 From: Chris Burkert Date: Mon, 4 May 2026 09:23:19 +0200 Subject: [PATCH 2/2] docs: improve the comment --- proto/kms/api/cmk/types/v1/status.pb.go | 7 ++++--- proto/kms/api/cmk/types/v1/status.proto | 7 ++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/proto/kms/api/cmk/types/v1/status.pb.go b/proto/kms/api/cmk/types/v1/status.pb.go index 2244d98..5ece609 100644 --- a/proto/kms/api/cmk/types/v1/status.pb.go +++ b/proto/kms/api/cmk/types/v1/status.pb.go @@ -32,9 +32,10 @@ const ( // STATUS_LOCKED means that the L1 key is unavailable and therefore the data // of the system can't be decrypted. This is because the key chain to decrypt // the data encryption key is incomplete. - // A system transition into STATUS_LOCKED happens when the tenant is terminated - // from the blocked status. The system can only be reactivated by creating a new - // tenant, presenting the original L1 key material and mapping the system. + // A system transition into STATUS_LOCKED can happen when the tenant is terminated + // from the blocked status. + // In such a case the system can only be reactivated by creating a new tenant, + // presenting the original L1 key material and mapping the system. Status_STATUS_LOCKED Status = 5 ) diff --git a/proto/kms/api/cmk/types/v1/status.proto b/proto/kms/api/cmk/types/v1/status.proto index 8f69f7d..a93ce97 100644 --- a/proto/kms/api/cmk/types/v1/status.proto +++ b/proto/kms/api/cmk/types/v1/status.proto @@ -14,8 +14,9 @@ enum Status { // STATUS_LOCKED means that the L1 key is unavailable and therefore the data // of the system can't be decrypted. This is because the key chain to decrypt // the data encryption key is incomplete. - // A system transition into STATUS_LOCKED happens when the tenant is terminated - // from the blocked status. The system can only be reactivated by creating a new - // tenant, presenting the original L1 key material and mapping the system. + // A system transition into STATUS_LOCKED can happen when the tenant is terminated + // from the blocked status. + // In such a case the system can only be reactivated by creating a new tenant, + // presenting the original L1 key material and mapping the system. STATUS_LOCKED = 5; }