diff --git a/buf.lock b/buf.lock index d15a117..709ae02 100644 --- a/buf.lock +++ b/buf.lock @@ -2,5 +2,5 @@ version: v2 deps: - name: buf.build/bufbuild/protovalidate - commit: 80ab13bee0bf4272b6161a72bf7034e0 - digest: b5:1aa6a965be5d02d64e1d81954fa2e78ef9d1e33a0c30f92bc2626039006a94deb3a5b05f14ed8893f5c3ffce444ac008f7e968188ad225c4c29c813aa5f2daa1 + commit: 50325440f8f24053b047484a6bf60b76 + digest: b5:74cb6f5c0853c3c10aafc701614194bbd63326bdb8ef4068214454b8894b03ba4113e04b3a33a8321cdf05336e37db4dc14a5e2495db8462566914f36086ba31 diff --git a/cmd/protoc-gen-go-extension/main.go b/cmd/protoc-gen-go-extension/main.go index 33dd7a6..da6e412 100644 --- a/cmd/protoc-gen-go-extension/main.go +++ b/cmd/protoc-gen-go-extension/main.go @@ -99,7 +99,7 @@ func generateServiceBridges(g *protogen.GeneratedFile, serviceName, serviceFullN g.P() g.P("const (") if isPlugin { - g.P(" Type = ", strconv.Quote(serviceName)) + g.P(" Type = ", strconv.Quote(strings.TrimSuffix(serviceName, "Service"))) } g.P(" GRPCServiceFullName = ", strconv.Quote(serviceFullName)) g.P(")") diff --git a/internal/proto/service/init/v1/init.pb.go b/internal/proto/service/init/v1/init.pb.go index 9b50700..a0fe002 100644 --- a/internal/proto/service/init/v1/init.pb.go +++ b/internal/proto/service/init/v1/init.pb.go @@ -7,11 +7,10 @@ package initv1 import ( - reflect "reflect" - sync "sync" - protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" ) const ( diff --git a/internal/proto/service/init/v1/init_ext_service.pb.go b/internal/proto/service/init/v1/init_ext_service.pb.go index 2eb7c75..11b10a7 100644 --- a/internal/proto/service/init/v1/init_ext_service.pb.go +++ b/internal/proto/service/init/v1/init_ext_service.pb.go @@ -3,9 +3,8 @@ package initv1 import ( - grpc "google.golang.org/grpc" - api "github.com/openkcm/plugin-sdk/api" + grpc "google.golang.org/grpc" ) const ( diff --git a/internal/proto/service/init/v1/init_grpc.pb.go b/internal/proto/service/init/v1/init_grpc.pb.go index f4f4276..7fd786d 100644 --- a/internal/proto/service/init/v1/init_grpc.pb.go +++ b/internal/proto/service/init/v1/init_grpc.pb.go @@ -8,7 +8,6 @@ package initv1 import ( context "context" - grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" diff --git a/pkg/catalog/plugin.go b/pkg/catalog/plugin.go index 4343dca..e3dbc47 100644 --- a/pkg/catalog/plugin.go +++ b/pkg/catalog/plugin.go @@ -24,40 +24,21 @@ import ( type PluginConfigs []PluginConfig type PluginConfig struct { - // Name of the plugin - Name string - - // Type is the plugin type - Type string - - // Path is the path on disk to the plugin. - Path string - - // Args are the command line arguments to supply to the plugin - Args []string - - // Env is the environment variables to supply to the plugin - Env map[string]string - - // Checksum is the hex-encoded SHA256 hash of the plugin binary. - Checksum string - - Version uint32 - - DataSource DataSource - - YamlConfiguration string - - LogLevel string - - Disabled bool - - Logger *slog.Logger - + Name string `yaml:"name" json:"name"` + Type string `yaml:"type" json:"type"` + Path string `yaml:"path" json:"path"` + Args []string `yaml:"args" json:"args"` + Env map[string]string `yaml:"env" json:"env"` + Checksum string `yaml:"checksum" json:"checksum"` + Version uint32 `yaml:"version" json:"version"` + YamlConfiguration string `yaml:"yamlConfiguration" json:"yamlConfiguration"` + LogLevel string `yaml:"logLevel" json:"logLevel"` + Disabled bool `yaml:"disabled" json:"disabled"` + Tags []string `yaml:"tags" json:"tags"` + + Logger *slog.Logger + DataSource DataSource HostServices []api.ServiceServer - - // Tags are the metadata associated with a plugin these can be used to filter plugins later e.g. ['FeatureA'] on client side. - Tags []string } func (c *PluginConfig) IsExternal() bool { diff --git a/proto/plugin/cipher_wrapper/v1/cipher_wrapper.pb.go b/proto/plugin/cipher_wrapper/v1/cipher_wrapper.pb.go new file mode 100644 index 0000000..7346807 --- /dev/null +++ b/proto/plugin/cipher_wrapper/v1/cipher_wrapper.pb.go @@ -0,0 +1,491 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.11 +// protoc (unknown) +// source: plugin/cipher_wrapper/v1/cipher_wrapper.proto + +package cipher_wrapperv1 + +import ( + reflect "reflect" + sync "sync" + unsafe "unsafe" + + _ "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type KeyReference struct { + state protoimpl.MessageState `protogen:"open.v1"` + KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` + Version *string `protobuf:"bytes,2,opt,name=version,proto3,oneof" json:"version,omitempty"` + Properties map[string]string `protobuf:"bytes,3,rep,name=properties,proto3" json:"properties,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *KeyReference) Reset() { + *x = KeyReference{} + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *KeyReference) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KeyReference) ProtoMessage() {} + +func (x *KeyReference) ProtoReflect() protoreflect.Message { + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KeyReference.ProtoReflect.Descriptor instead. +func (*KeyReference) Descriptor() ([]byte, []int) { + return file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescGZIP(), []int{0} +} + +func (x *KeyReference) GetKeyId() string { + if x != nil { + return x.KeyId + } + return "" +} + +func (x *KeyReference) GetVersion() string { + if x != nil && x.Version != nil { + return *x.Version + } + return "" +} + +func (x *KeyReference) GetProperties() map[string]string { + if x != nil { + return x.Properties + } + return nil +} + +// WrapRequest contains the raw key material and the context needed to encrypt it. +type WrapRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + // OPTIONAL/REQUIRED: The structured definition of the key to use. + Key *KeyReference `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + // REQUIRED: The raw cryptographic material to be wrapped. + Plaintext []byte `protobuf:"bytes,2,opt,name=plaintext,proto3" json:"plaintext,omitempty"` + // OPTIONAL: Standard Additional Authenticated Data (AAD) byte buffer. + // Kept in proto because AAD often changes per request (e.g., binding to a specific Tenant ID). + Aad []byte `protobuf:"bytes,3,opt,name=aad,proto3,oneof" json:"aad,omitempty"` + // OPTIONAL: Initialization Vector (IV) or Nonce. + // Cryptographically dynamic, must remain in proto. + Iv []byte `protobuf:"bytes,4,opt,name=iv,proto3,oneof" json:"iv,omitempty"` + // OPTIONAL: Per-request dynamic context (if needed). + // Kept as an escape hatch for truly dynamic per-request overrides. + DynamicContext map[string]string `protobuf:"bytes,900,rep,name=dynamic_context,json=dynamicContext,proto3" json:"dynamic_context,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *WrapRequest) Reset() { + *x = WrapRequest{} + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *WrapRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WrapRequest) ProtoMessage() {} + +func (x *WrapRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WrapRequest.ProtoReflect.Descriptor instead. +func (*WrapRequest) Descriptor() ([]byte, []int) { + return file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescGZIP(), []int{1} +} + +func (x *WrapRequest) GetKey() *KeyReference { + if x != nil { + return x.Key + } + return nil +} + +func (x *WrapRequest) GetPlaintext() []byte { + if x != nil { + return x.Plaintext + } + return nil +} + +func (x *WrapRequest) GetAad() []byte { + if x != nil { + return x.Aad + } + return nil +} + +func (x *WrapRequest) GetIv() []byte { + if x != nil { + return x.Iv + } + return nil +} + +func (x *WrapRequest) GetDynamicContext() map[string]string { + if x != nil { + return x.DynamicContext + } + return nil +} + +// WrapResponse returns the provider-specific ciphertext and metadata. +type WrapResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + // REQUIRED: The opaque, vendor-specific ciphertext. + Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` + // OPTIONAL: The exact key version ID used during the operation. + // Some providers (like HSMs) do not have a concept of version IDs. + KeyVersionId *string `protobuf:"bytes,2,opt,name=key_version_id,json=keyVersionId,proto3,oneof" json:"key_version_id,omitempty"` + // OPTIONAL: The Initialization Vector generated by the provider. + // Returned only if the provider generated it and CMK needs to store it. + Iv []byte `protobuf:"bytes,3,opt,name=iv,proto3,oneof" json:"iv,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *WrapResponse) Reset() { + *x = WrapResponse{} + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *WrapResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WrapResponse) ProtoMessage() {} + +func (x *WrapResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WrapResponse.ProtoReflect.Descriptor instead. +func (*WrapResponse) Descriptor() ([]byte, []int) { + return file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescGZIP(), []int{2} +} + +func (x *WrapResponse) GetCiphertext() []byte { + if x != nil { + return x.Ciphertext + } + return nil +} + +func (x *WrapResponse) GetKeyVersionId() string { + if x != nil && x.KeyVersionId != nil { + return *x.KeyVersionId + } + return "" +} + +func (x *WrapResponse) GetIv() []byte { + if x != nil { + return x.Iv + } + return nil +} + +// UnwrapRequest contains the opaque ciphertext and the exact parameters +// originally used during the Wrap operation. +type UnwrapRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + // OPTIONAL/REQUIRED: The structured definition of the key to use. + Key *KeyReference `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + // REQUIRED: The opaque ciphertext retrieved from the CMK persistent storage. + Ciphertext []byte `protobuf:"bytes,2,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` + // OPTIONAL: Standard Additional Authenticated Data (AAD) byte buffer. + Aad []byte `protobuf:"bytes,3,opt,name=aad,proto3,oneof" json:"aad,omitempty"` + // OPTIONAL: Initialization Vector (IV) or Nonce. + // Must be provided if it was returned in the WrapResponse. + Iv []byte `protobuf:"bytes,4,opt,name=iv,proto3,oneof" json:"iv,omitempty"` + // OPTIONAL: Per-request dynamic context (if needed). + // Kept as an escape hatch for truly dynamic per-request overrides. + DynamicContext map[string]string `protobuf:"bytes,900,rep,name=dynamic_context,json=dynamicContext,proto3" json:"dynamic_context,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *UnwrapRequest) Reset() { + *x = UnwrapRequest{} + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *UnwrapRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UnwrapRequest) ProtoMessage() {} + +func (x *UnwrapRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UnwrapRequest.ProtoReflect.Descriptor instead. +func (*UnwrapRequest) Descriptor() ([]byte, []int) { + return file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescGZIP(), []int{3} +} + +func (x *UnwrapRequest) GetKey() *KeyReference { + if x != nil { + return x.Key + } + return nil +} + +func (x *UnwrapRequest) GetCiphertext() []byte { + if x != nil { + return x.Ciphertext + } + return nil +} + +func (x *UnwrapRequest) GetAad() []byte { + if x != nil { + return x.Aad + } + return nil +} + +func (x *UnwrapRequest) GetIv() []byte { + if x != nil { + return x.Iv + } + return nil +} + +func (x *UnwrapRequest) GetDynamicContext() map[string]string { + if x != nil { + return x.DynamicContext + } + return nil +} + +// UnwrapResponse returns the recovered raw cryptographic material. +type UnwrapResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + // REQUIRED: The recovered raw cryptographic material. + Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *UnwrapResponse) Reset() { + *x = UnwrapResponse{} + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *UnwrapResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UnwrapResponse) ProtoMessage() {} + +func (x *UnwrapResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UnwrapResponse.ProtoReflect.Descriptor instead. +func (*UnwrapResponse) Descriptor() ([]byte, []int) { + return file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescGZIP(), []int{4} +} + +func (x *UnwrapResponse) GetPlaintext() []byte { + if x != nil { + return x.Plaintext + } + return nil +} + +var File_plugin_cipher_wrapper_v1_cipher_wrapper_proto protoreflect.FileDescriptor + +const file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDesc = "" + + "\n" + + "-plugin/cipher_wrapper/v1/cipher_wrapper.proto\x12\x18plugin.cipher_wrapper.v1\x1a\x1bbuf/validate/validate.proto\"\xe7\x01\n" + + "\fKeyReference\x12\x15\n" + + "\x06key_id\x18\x01 \x01(\tR\x05keyId\x12\x1d\n" + + "\aversion\x18\x02 \x01(\tH\x00R\aversion\x88\x01\x01\x12V\n" + + "\n" + + "properties\x18\x03 \x03(\v26.plugin.cipher_wrapper.v1.KeyReference.PropertiesEntryR\n" + + "properties\x1a=\n" + + "\x0fPropertiesEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\n" + + "\n" + + "\b_version\"\xdc\x02\n" + + "\vWrapRequest\x12@\n" + + "\x03key\x18\x01 \x01(\v2&.plugin.cipher_wrapper.v1.KeyReferenceB\x06\xbaH\x03\xc8\x01\x01R\x03key\x12(\n" + + "\tplaintext\x18\x02 \x01(\fB\n" + + "\xbaH\a\xc8\x01\x01z\x02\x10\x01R\tplaintext\x12\x15\n" + + "\x03aad\x18\x03 \x01(\fH\x00R\x03aad\x88\x01\x01\x12\x13\n" + + "\x02iv\x18\x04 \x01(\fH\x01R\x02iv\x88\x01\x01\x12c\n" + + "\x0fdynamic_context\x18\x84\a \x03(\v29.plugin.cipher_wrapper.v1.WrapRequest.DynamicContextEntryR\x0edynamicContext\x1aA\n" + + "\x13DynamicContextEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\x06\n" + + "\x04_aadB\x05\n" + + "\x03_iv\"\x88\x01\n" + + "\fWrapResponse\x12\x1e\n" + + "\n" + + "ciphertext\x18\x01 \x01(\fR\n" + + "ciphertext\x12)\n" + + "\x0ekey_version_id\x18\x02 \x01(\tH\x00R\fkeyVersionId\x88\x01\x01\x12\x13\n" + + "\x02iv\x18\x03 \x01(\fH\x01R\x02iv\x88\x01\x01B\x11\n" + + "\x0f_key_version_idB\x05\n" + + "\x03_iv\"\xe2\x02\n" + + "\rUnwrapRequest\x12@\n" + + "\x03key\x18\x01 \x01(\v2&.plugin.cipher_wrapper.v1.KeyReferenceB\x06\xbaH\x03\xc8\x01\x01R\x03key\x12*\n" + + "\n" + + "ciphertext\x18\x02 \x01(\fB\n" + + "\xbaH\a\xc8\x01\x01z\x02\x10\x01R\n" + + "ciphertext\x12\x15\n" + + "\x03aad\x18\x03 \x01(\fH\x00R\x03aad\x88\x01\x01\x12\x13\n" + + "\x02iv\x18\x04 \x01(\fH\x01R\x02iv\x88\x01\x01\x12e\n" + + "\x0fdynamic_context\x18\x84\a \x03(\v2;.plugin.cipher_wrapper.v1.UnwrapRequest.DynamicContextEntryR\x0edynamicContext\x1aA\n" + + "\x13DynamicContextEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\x06\n" + + "\x04_aadB\x05\n" + + "\x03_iv\".\n" + + "\x0eUnwrapResponse\x12\x1c\n" + + "\tplaintext\x18\x01 \x01(\fR\tplaintext2\xc3\x01\n" + + "\rCipherWrapper\x12U\n" + + "\x04Wrap\x12%.plugin.cipher_wrapper.v1.WrapRequest\x1a&.plugin.cipher_wrapper.v1.WrapResponse\x12[\n" + + "\x06Unwrap\x12'.plugin.cipher_wrapper.v1.UnwrapRequest\x1a(.plugin.cipher_wrapper.v1.UnwrapResponseB\xff\x01\n" + + "\x1ccom.plugin.cipher_wrapper.v1B\x12CipherWrapperProtoP\x01ZMgithub.com/openkcm/plugin-sdk/proto/plugin/cipher_wrapper/v1;cipher_wrapperv1\xa2\x02\x03PCX\xaa\x02\x17Plugin.CipherWrapper.V1\xca\x02\x17Plugin\\CipherWrapper\\V1\xe2\x02#Plugin\\CipherWrapper\\V1\\GPBMetadata\xea\x02\x19Plugin::CipherWrapper::V1b\x06proto3" + +var ( + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescOnce sync.Once + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescData []byte +) + +func file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescGZIP() []byte { + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescOnce.Do(func() { + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDesc), len(file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDesc))) + }) + return file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDescData +} + +var file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes = make([]protoimpl.MessageInfo, 8) +var file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_goTypes = []any{ + (*KeyReference)(nil), // 0: plugin.cipher_wrapper.v1.KeyReference + (*WrapRequest)(nil), // 1: plugin.cipher_wrapper.v1.WrapRequest + (*WrapResponse)(nil), // 2: plugin.cipher_wrapper.v1.WrapResponse + (*UnwrapRequest)(nil), // 3: plugin.cipher_wrapper.v1.UnwrapRequest + (*UnwrapResponse)(nil), // 4: plugin.cipher_wrapper.v1.UnwrapResponse + nil, // 5: plugin.cipher_wrapper.v1.KeyReference.PropertiesEntry + nil, // 6: plugin.cipher_wrapper.v1.WrapRequest.DynamicContextEntry + nil, // 7: plugin.cipher_wrapper.v1.UnwrapRequest.DynamicContextEntry +} +var file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_depIdxs = []int32{ + 5, // 0: plugin.cipher_wrapper.v1.KeyReference.properties:type_name -> plugin.cipher_wrapper.v1.KeyReference.PropertiesEntry + 0, // 1: plugin.cipher_wrapper.v1.WrapRequest.key:type_name -> plugin.cipher_wrapper.v1.KeyReference + 6, // 2: plugin.cipher_wrapper.v1.WrapRequest.dynamic_context:type_name -> plugin.cipher_wrapper.v1.WrapRequest.DynamicContextEntry + 0, // 3: plugin.cipher_wrapper.v1.UnwrapRequest.key:type_name -> plugin.cipher_wrapper.v1.KeyReference + 7, // 4: plugin.cipher_wrapper.v1.UnwrapRequest.dynamic_context:type_name -> plugin.cipher_wrapper.v1.UnwrapRequest.DynamicContextEntry + 1, // 5: plugin.cipher_wrapper.v1.CipherWrapper.Wrap:input_type -> plugin.cipher_wrapper.v1.WrapRequest + 3, // 6: plugin.cipher_wrapper.v1.CipherWrapper.Unwrap:input_type -> plugin.cipher_wrapper.v1.UnwrapRequest + 2, // 7: plugin.cipher_wrapper.v1.CipherWrapper.Wrap:output_type -> plugin.cipher_wrapper.v1.WrapResponse + 4, // 8: plugin.cipher_wrapper.v1.CipherWrapper.Unwrap:output_type -> plugin.cipher_wrapper.v1.UnwrapResponse + 7, // [7:9] is the sub-list for method output_type + 5, // [5:7] is the sub-list for method input_type + 5, // [5:5] is the sub-list for extension type_name + 5, // [5:5] is the sub-list for extension extendee + 0, // [0:5] is the sub-list for field type_name +} + +func init() { file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_init() } +func file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_init() { + if File_plugin_cipher_wrapper_v1_cipher_wrapper_proto != nil { + return + } + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[0].OneofWrappers = []any{} + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[1].OneofWrappers = []any{} + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[2].OneofWrappers = []any{} + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes[3].OneofWrappers = []any{} + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDesc), len(file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_rawDesc)), + NumEnums: 0, + NumMessages: 8, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_goTypes, + DependencyIndexes: file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_depIdxs, + MessageInfos: file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_msgTypes, + }.Build() + File_plugin_cipher_wrapper_v1_cipher_wrapper_proto = out.File + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_goTypes = nil + file_plugin_cipher_wrapper_v1_cipher_wrapper_proto_depIdxs = nil +} diff --git a/proto/plugin/cipher_wrapper/v1/cipher_wrapper.pb.validate.go b/proto/plugin/cipher_wrapper/v1/cipher_wrapper.pb.validate.go new file mode 100644 index 0000000..88c88c1 --- /dev/null +++ b/proto/plugin/cipher_wrapper/v1/cipher_wrapper.pb.validate.go @@ -0,0 +1,635 @@ +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: plugin/cipher_wrapper/v1/cipher_wrapper.proto + +package cipher_wrapperv1 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on KeyReference with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *KeyReference) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on KeyReference with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in KeyReferenceMultiError, or +// nil if none found. +func (m *KeyReference) ValidateAll() error { + return m.validate(true) +} + +func (m *KeyReference) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for KeyId + + // no validation rules for Properties + + if m.Version != nil { + // no validation rules for Version + } + + if len(errors) > 0 { + return KeyReferenceMultiError(errors) + } + + return nil +} + +// KeyReferenceMultiError is an error wrapping multiple validation errors +// returned by KeyReference.ValidateAll() if the designated constraints aren't met. +type KeyReferenceMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m KeyReferenceMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m KeyReferenceMultiError) AllErrors() []error { return m } + +// KeyReferenceValidationError is the validation error returned by +// KeyReference.Validate if the designated constraints aren't met. +type KeyReferenceValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e KeyReferenceValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e KeyReferenceValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e KeyReferenceValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e KeyReferenceValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e KeyReferenceValidationError) ErrorName() string { return "KeyReferenceValidationError" } + +// Error satisfies the builtin error interface +func (e KeyReferenceValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sKeyReference.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = KeyReferenceValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = KeyReferenceValidationError{} + +// Validate checks the field values on WrapRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *WrapRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on WrapRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in WrapRequestMultiError, or +// nil if none found. +func (m *WrapRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *WrapRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetKey()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, WrapRequestValidationError{ + field: "Key", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, WrapRequestValidationError{ + field: "Key", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKey()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return WrapRequestValidationError{ + field: "Key", + reason: "embedded message failed validation", + cause: err, + } + } + } + + // no validation rules for Plaintext + + // no validation rules for DynamicContext + + if m.Aad != nil { + // no validation rules for Aad + } + + if m.Iv != nil { + // no validation rules for Iv + } + + if len(errors) > 0 { + return WrapRequestMultiError(errors) + } + + return nil +} + +// WrapRequestMultiError is an error wrapping multiple validation errors +// returned by WrapRequest.ValidateAll() if the designated constraints aren't met. +type WrapRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m WrapRequestMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m WrapRequestMultiError) AllErrors() []error { return m } + +// WrapRequestValidationError is the validation error returned by +// WrapRequest.Validate if the designated constraints aren't met. +type WrapRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e WrapRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e WrapRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e WrapRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e WrapRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e WrapRequestValidationError) ErrorName() string { return "WrapRequestValidationError" } + +// Error satisfies the builtin error interface +func (e WrapRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sWrapRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = WrapRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = WrapRequestValidationError{} + +// Validate checks the field values on WrapResponse with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *WrapResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on WrapResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in WrapResponseMultiError, or +// nil if none found. +func (m *WrapResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *WrapResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Ciphertext + + if m.KeyVersionId != nil { + // no validation rules for KeyVersionId + } + + if m.Iv != nil { + // no validation rules for Iv + } + + if len(errors) > 0 { + return WrapResponseMultiError(errors) + } + + return nil +} + +// WrapResponseMultiError is an error wrapping multiple validation errors +// returned by WrapResponse.ValidateAll() if the designated constraints aren't met. +type WrapResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m WrapResponseMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m WrapResponseMultiError) AllErrors() []error { return m } + +// WrapResponseValidationError is the validation error returned by +// WrapResponse.Validate if the designated constraints aren't met. +type WrapResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e WrapResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e WrapResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e WrapResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e WrapResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e WrapResponseValidationError) ErrorName() string { return "WrapResponseValidationError" } + +// Error satisfies the builtin error interface +func (e WrapResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sWrapResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = WrapResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = WrapResponseValidationError{} + +// Validate checks the field values on UnwrapRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *UnwrapRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on UnwrapRequest with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in UnwrapRequestMultiError, or +// nil if none found. +func (m *UnwrapRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *UnwrapRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetKey()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, UnwrapRequestValidationError{ + field: "Key", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, UnwrapRequestValidationError{ + field: "Key", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKey()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return UnwrapRequestValidationError{ + field: "Key", + reason: "embedded message failed validation", + cause: err, + } + } + } + + // no validation rules for Ciphertext + + // no validation rules for DynamicContext + + if m.Aad != nil { + // no validation rules for Aad + } + + if m.Iv != nil { + // no validation rules for Iv + } + + if len(errors) > 0 { + return UnwrapRequestMultiError(errors) + } + + return nil +} + +// UnwrapRequestMultiError is an error wrapping multiple validation errors +// returned by UnwrapRequest.ValidateAll() if the designated constraints +// aren't met. +type UnwrapRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m UnwrapRequestMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m UnwrapRequestMultiError) AllErrors() []error { return m } + +// UnwrapRequestValidationError is the validation error returned by +// UnwrapRequest.Validate if the designated constraints aren't met. +type UnwrapRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e UnwrapRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e UnwrapRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e UnwrapRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e UnwrapRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e UnwrapRequestValidationError) ErrorName() string { return "UnwrapRequestValidationError" } + +// Error satisfies the builtin error interface +func (e UnwrapRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sUnwrapRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = UnwrapRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = UnwrapRequestValidationError{} + +// Validate checks the field values on UnwrapResponse with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *UnwrapResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on UnwrapResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in UnwrapResponseMultiError, +// or nil if none found. +func (m *UnwrapResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *UnwrapResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Plaintext + + if len(errors) > 0 { + return UnwrapResponseMultiError(errors) + } + + return nil +} + +// UnwrapResponseMultiError is an error wrapping multiple validation errors +// returned by UnwrapResponse.ValidateAll() if the designated constraints +// aren't met. +type UnwrapResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m UnwrapResponseMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m UnwrapResponseMultiError) AllErrors() []error { return m } + +// UnwrapResponseValidationError is the validation error returned by +// UnwrapResponse.Validate if the designated constraints aren't met. +type UnwrapResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e UnwrapResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e UnwrapResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e UnwrapResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e UnwrapResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e UnwrapResponseValidationError) ErrorName() string { return "UnwrapResponseValidationError" } + +// Error satisfies the builtin error interface +func (e UnwrapResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sUnwrapResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = UnwrapResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = UnwrapResponseValidationError{} diff --git a/proto/plugin/cipher_wrapper/v1/cipher_wrapper.proto b/proto/plugin/cipher_wrapper/v1/cipher_wrapper.proto new file mode 100644 index 0000000..924d620 --- /dev/null +++ b/proto/plugin/cipher_wrapper/v1/cipher_wrapper.proto @@ -0,0 +1,92 @@ +syntax = "proto3"; + +package plugin.cipher_wrapper.v1; + +import "buf/validate/validate.proto"; + +// KeyWrapper defines the universal envelope encryption interface for CMK. +// It allows the core engine to delegate cryptographic wrapping and unwrapping +// to any external provider (AWS KMS, Google Cloud KMS, Azure Key Vault, +// HashiCorp Vault, or hardware HSMs via PKCS#11) over a local gRPC socket. +service CipherWrapper { + // Wrap encrypts the provided plaintext using the remote KMS provider. + rpc Wrap(WrapRequest) returns (WrapResponse); + + // Unwrap decrypts the provided ciphertext using the remote KMS provider, + // returning the raw plaintext key material. + rpc Unwrap(UnwrapRequest) returns (UnwrapResponse); +} + +message KeyReference { + string key_id = 1; + optional string version = 2; + map properties = 3; +} + +// WrapRequest contains the raw key material and the context needed to encrypt it. +message WrapRequest { + // OPTIONAL/REQUIRED: The structured definition of the key to use. + KeyReference key = 1 [(buf.validate.field).required = true]; + + // REQUIRED: The raw cryptographic material to be wrapped. + bytes plaintext = 2 [ + (buf.validate.field).required = true, + (buf.validate.field).bytes.min_len = 1 + ]; + + // OPTIONAL: Standard Additional Authenticated Data (AAD) byte buffer. + // Kept in proto because AAD often changes per request (e.g., binding to a specific Tenant ID). + optional bytes aad = 3; + + // OPTIONAL: Initialization Vector (IV) or Nonce. + // Cryptographically dynamic, must remain in proto. + optional bytes iv = 4; + + // OPTIONAL: Per-request dynamic context (if needed). + // Kept as an escape hatch for truly dynamic per-request overrides. + map dynamic_context = 900; +} + +// WrapResponse returns the provider-specific ciphertext and metadata. +message WrapResponse { + // REQUIRED: The opaque, vendor-specific ciphertext. + bytes ciphertext = 1; + + // OPTIONAL: The exact key version ID used during the operation. + // Some providers (like HSMs) do not have a concept of version IDs. + optional string key_version_id = 2; + + // OPTIONAL: The Initialization Vector generated by the provider. + // Returned only if the provider generated it and CMK needs to store it. + optional bytes iv = 3; +} + +// UnwrapRequest contains the opaque ciphertext and the exact parameters +// originally used during the Wrap operation. +message UnwrapRequest { + // OPTIONAL/REQUIRED: The structured definition of the key to use. + KeyReference key = 1 [(buf.validate.field).required = true]; + + // REQUIRED: The opaque ciphertext retrieved from the CMK persistent storage. + bytes ciphertext = 2 [ + (buf.validate.field).required = true, + (buf.validate.field).bytes.min_len = 1 + ]; + + // OPTIONAL: Standard Additional Authenticated Data (AAD) byte buffer. + optional bytes aad = 3; + + // OPTIONAL: Initialization Vector (IV) or Nonce. + // Must be provided if it was returned in the WrapResponse. + optional bytes iv = 4; + + // OPTIONAL: Per-request dynamic context (if needed). + // Kept as an escape hatch for truly dynamic per-request overrides. + map dynamic_context = 900; +} + +// UnwrapResponse returns the recovered raw cryptographic material. +message UnwrapResponse { + // REQUIRED: The recovered raw cryptographic material. + bytes plaintext = 1; +} diff --git a/proto/plugin/cipher_wrapper/v1/cipher_wrapper_ext_plugin.pb.go b/proto/plugin/cipher_wrapper/v1/cipher_wrapper_ext_plugin.pb.go new file mode 100644 index 0000000..eebbf6a --- /dev/null +++ b/proto/plugin/cipher_wrapper/v1/cipher_wrapper_ext_plugin.pb.go @@ -0,0 +1,56 @@ +// Code generated by protoc-gen-go-extension. DO NOT EDIT. + +package cipher_wrapperv1 + +import ( + grpc "google.golang.org/grpc" + + api "github.com/openkcm/plugin-sdk/api" +) + +const ( + Type = "CipherWrapper" + GRPCServiceFullName = "plugin.cipher_wrapper.v1.CipherWrapper" +) + +func CipherWrapperPluginServer(server CipherWrapperServer) api.PluginServer { + return cipherWrapperPluginServer{CipherWrapperServer: server} +} + +type cipherWrapperPluginServer struct { + CipherWrapperServer +} + +func (s cipherWrapperPluginServer) Type() string { + return Type +} + +func (s cipherWrapperPluginServer) GRPCServiceName() string { + return GRPCServiceFullName +} + +func (s cipherWrapperPluginServer) RegisterServer(server *grpc.Server) any { + RegisterCipherWrapperServer(server, s.CipherWrapperServer) + return s.CipherWrapperServer +} + +type CipherWrapperPluginClient struct { + CipherWrapperClient +} + +func (s CipherWrapperPluginClient) Type() string { + return Type +} + +func (c *CipherWrapperPluginClient) IsInitialized() bool { + return c.CipherWrapperClient != nil +} + +func (c *CipherWrapperPluginClient) GRPCServiceName() string { + return GRPCServiceFullName +} + +func (c *CipherWrapperPluginClient) InitClient(conn grpc.ClientConnInterface) any { + c.CipherWrapperClient = NewCipherWrapperClient(conn) + return c.CipherWrapperClient +} diff --git a/proto/plugin/cipher_wrapper/v1/cipher_wrapper_grpc.pb.go b/proto/plugin/cipher_wrapper/v1/cipher_wrapper_grpc.pb.go new file mode 100644 index 0000000..197aeba --- /dev/null +++ b/proto/plugin/cipher_wrapper/v1/cipher_wrapper_grpc.pb.go @@ -0,0 +1,176 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.6.1 +// - protoc (unknown) +// source: plugin/cipher_wrapper/v1/cipher_wrapper.proto + +package cipher_wrapperv1 + +import ( + context "context" + + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + CipherWrapper_Wrap_FullMethodName = "/plugin.cipher_wrapper.v1.CipherWrapper/Wrap" + CipherWrapper_Unwrap_FullMethodName = "/plugin.cipher_wrapper.v1.CipherWrapper/Unwrap" +) + +// CipherWrapperClient is the client API for CipherWrapper service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +// +// KeyWrapper defines the universal envelope encryption interface for CMK. +// It allows the core engine to delegate cryptographic wrapping and unwrapping +// to any external provider (AWS KMS, Google Cloud KMS, Azure Key Vault, +// HashiCorp Vault, or hardware HSMs via PKCS#11) over a local gRPC socket. +type CipherWrapperClient interface { + // Wrap encrypts the provided plaintext using the remote KMS provider. + Wrap(ctx context.Context, in *WrapRequest, opts ...grpc.CallOption) (*WrapResponse, error) + // Unwrap decrypts the provided ciphertext using the remote KMS provider, + // returning the raw plaintext key material. + Unwrap(ctx context.Context, in *UnwrapRequest, opts ...grpc.CallOption) (*UnwrapResponse, error) +} + +type cipherWrapperClient struct { + cc grpc.ClientConnInterface +} + +func NewCipherWrapperClient(cc grpc.ClientConnInterface) CipherWrapperClient { + return &cipherWrapperClient{cc} +} + +func (c *cipherWrapperClient) Wrap(ctx context.Context, in *WrapRequest, opts ...grpc.CallOption) (*WrapResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(WrapResponse) + err := c.cc.Invoke(ctx, CipherWrapper_Wrap_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *cipherWrapperClient) Unwrap(ctx context.Context, in *UnwrapRequest, opts ...grpc.CallOption) (*UnwrapResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(UnwrapResponse) + err := c.cc.Invoke(ctx, CipherWrapper_Unwrap_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +// CipherWrapperServer is the server API for CipherWrapper service. +// All implementations must embed UnimplementedCipherWrapperServer +// for forward compatibility. +// +// KeyWrapper defines the universal envelope encryption interface for CMK. +// It allows the core engine to delegate cryptographic wrapping and unwrapping +// to any external provider (AWS KMS, Google Cloud KMS, Azure Key Vault, +// HashiCorp Vault, or hardware HSMs via PKCS#11) over a local gRPC socket. +type CipherWrapperServer interface { + // Wrap encrypts the provided plaintext using the remote KMS provider. + Wrap(context.Context, *WrapRequest) (*WrapResponse, error) + // Unwrap decrypts the provided ciphertext using the remote KMS provider, + // returning the raw plaintext key material. + Unwrap(context.Context, *UnwrapRequest) (*UnwrapResponse, error) + mustEmbedUnimplementedCipherWrapperServer() +} + +// UnimplementedCipherWrapperServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedCipherWrapperServer struct{} + +func (UnimplementedCipherWrapperServer) Wrap(context.Context, *WrapRequest) (*WrapResponse, error) { + return nil, status.Error(codes.Unimplemented, "method Wrap not implemented") +} +func (UnimplementedCipherWrapperServer) Unwrap(context.Context, *UnwrapRequest) (*UnwrapResponse, error) { + return nil, status.Error(codes.Unimplemented, "method Unwrap not implemented") +} +func (UnimplementedCipherWrapperServer) mustEmbedUnimplementedCipherWrapperServer() {} +func (UnimplementedCipherWrapperServer) testEmbeddedByValue() {} + +// UnsafeCipherWrapperServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to CipherWrapperServer will +// result in compilation errors. +type UnsafeCipherWrapperServer interface { + mustEmbedUnimplementedCipherWrapperServer() +} + +func RegisterCipherWrapperServer(s grpc.ServiceRegistrar, srv CipherWrapperServer) { + // If the following call panics, it indicates UnimplementedCipherWrapperServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&CipherWrapper_ServiceDesc, srv) +} + +func _CipherWrapper_Wrap_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(WrapRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CipherWrapperServer).Wrap(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: CipherWrapper_Wrap_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CipherWrapperServer).Wrap(ctx, req.(*WrapRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _CipherWrapper_Unwrap_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(UnwrapRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(CipherWrapperServer).Unwrap(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: CipherWrapper_Unwrap_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(CipherWrapperServer).Unwrap(ctx, req.(*UnwrapRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// CipherWrapper_ServiceDesc is the grpc.ServiceDesc for CipherWrapper service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var CipherWrapper_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "plugin.cipher_wrapper.v1.CipherWrapper", + HandlerType: (*CipherWrapperServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Wrap", + Handler: _CipherWrapper_Wrap_Handler, + }, + { + MethodName: "Unwrap", + Handler: _CipherWrapper_Unwrap_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "plugin/cipher_wrapper/v1/cipher_wrapper.proto", +} diff --git a/proto/plugin/key_material_storage/v1/key_material_storage.pb.go b/proto/plugin/key_material_storage/v1/key_material_storage.pb.go new file mode 100644 index 0000000..d57aa1a --- /dev/null +++ b/proto/plugin/key_material_storage/v1/key_material_storage.pb.go @@ -0,0 +1,910 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.11 +// protoc (unknown) +// source: plugin/key_material_storage/v1/key_material_storage.proto + +package key_material_storagev1 + +import ( + reflect "reflect" + sync "sync" + unsafe "unsafe" + + _ "buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go/buf/validate" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + timestamppb "google.golang.org/protobuf/types/known/timestamppb" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// KeyMaterial represents a single unit of stored data. +type KeyMaterial struct { + state protoimpl.MessageState `protogen:"open.v1"` + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"` + Algorithm string `protobuf:"bytes,3,opt,name=algorithm,proto3" json:"algorithm,omitempty"` + PreviousVersionId *string `protobuf:"bytes,4,opt,name=previous_version_id,json=previousVersionId,proto3,oneof" json:"previous_version_id,omitempty"` + Checksum *string `protobuf:"bytes,5,opt,name=checksum,proto3,oneof" json:"checksum,omitempty"` + CreatedAt *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"` + Tags map[string]string `protobuf:"bytes,7,rep,name=tags,proto3" json:"tags,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *KeyMaterial) Reset() { + *x = KeyMaterial{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *KeyMaterial) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*KeyMaterial) ProtoMessage() {} + +func (x *KeyMaterial) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use KeyMaterial.ProtoReflect.Descriptor instead. +func (*KeyMaterial) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{0} +} + +func (x *KeyMaterial) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +func (x *KeyMaterial) GetData() []byte { + if x != nil { + return x.Data + } + return nil +} + +func (x *KeyMaterial) GetAlgorithm() string { + if x != nil { + return x.Algorithm + } + return "" +} + +func (x *KeyMaterial) GetPreviousVersionId() string { + if x != nil && x.PreviousVersionId != nil { + return *x.PreviousVersionId + } + return "" +} + +func (x *KeyMaterial) GetChecksum() string { + if x != nil && x.Checksum != nil { + return *x.Checksum + } + return "" +} + +func (x *KeyMaterial) GetCreatedAt() *timestamppb.Timestamp { + if x != nil { + return x.CreatedAt + } + return nil +} + +func (x *KeyMaterial) GetTags() map[string]string { + if x != nil { + return x.Tags + } + return nil +} + +type Filter struct { + state protoimpl.MessageState `protogen:"open.v1"` + Id *Filter_StringMatch `protobuf:"bytes,1,opt,name=id,proto3,oneof" json:"id,omitempty"` + // Filter by cryptographic algorithm (e.g., "AES-256-GCM"). + Algorithm *string `protobuf:"bytes,2,opt,name=algorithm,proto3,oneof" json:"algorithm,omitempty"` + // Filter by metadata tags (e.g., {"env": "prod"}). + // Match is typically performed as "contains all". + Tags map[string]string `protobuf:"bytes,3,rep,name=tags,proto3" json:"tags,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + CreatedAt *Filter_TimeRange `protobuf:"bytes,4,opt,name=created_at,json=createdAt,proto3,oneof" json:"created_at,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Filter) Reset() { + *x = Filter{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Filter) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Filter) ProtoMessage() {} + +func (x *Filter) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Filter.ProtoReflect.Descriptor instead. +func (*Filter) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{1} +} + +func (x *Filter) GetId() *Filter_StringMatch { + if x != nil { + return x.Id + } + return nil +} + +func (x *Filter) GetAlgorithm() string { + if x != nil && x.Algorithm != nil { + return *x.Algorithm + } + return "" +} + +func (x *Filter) GetTags() map[string]string { + if x != nil { + return x.Tags + } + return nil +} + +func (x *Filter) GetCreatedAt() *Filter_TimeRange { + if x != nil { + return x.CreatedAt + } + return nil +} + +type ListIDsRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` + Filter *Filter `protobuf:"bytes,2,opt,name=filter,proto3,oneof" json:"filter,omitempty"` + // Pagination support + PageSize uint32 `protobuf:"varint,3,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` + PageToken string `protobuf:"bytes,4,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ListIDsRequest) Reset() { + *x = ListIDsRequest{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ListIDsRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListIDsRequest) ProtoMessage() {} + +func (x *ListIDsRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListIDsRequest.ProtoReflect.Descriptor instead. +func (*ListIDsRequest) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{2} +} + +func (x *ListIDsRequest) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *ListIDsRequest) GetFilter() *Filter { + if x != nil { + return x.Filter + } + return nil +} + +func (x *ListIDsRequest) GetPageSize() uint32 { + if x != nil { + return x.PageSize + } + return 0 +} + +func (x *ListIDsRequest) GetPageToken() string { + if x != nil { + return x.PageToken + } + return "" +} + +type ListIDsResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + Ids []string `protobuf:"bytes,1,rep,name=ids,proto3" json:"ids,omitempty"` + NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *ListIDsResponse) Reset() { + *x = ListIDsResponse{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ListIDsResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListIDsResponse) ProtoMessage() {} + +func (x *ListIDsResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListIDsResponse.ProtoReflect.Descriptor instead. +func (*ListIDsResponse) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{3} +} + +func (x *ListIDsResponse) GetIds() []string { + if x != nil { + return x.Ids + } + return nil +} + +func (x *ListIDsResponse) GetNextPageToken() string { + if x != nil { + return x.NextPageToken + } + return "" +} + +type StoreRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` + KeyMaterial *KeyMaterial `protobuf:"bytes,2,opt,name=key_material,json=keyMaterial,proto3" json:"key_material,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *StoreRequest) Reset() { + *x = StoreRequest{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *StoreRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*StoreRequest) ProtoMessage() {} + +func (x *StoreRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use StoreRequest.ProtoReflect.Descriptor instead. +func (*StoreRequest) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{4} +} + +func (x *StoreRequest) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *StoreRequest) GetKeyMaterial() *KeyMaterial { + if x != nil { + return x.KeyMaterial + } + return nil +} + +type StoreResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *StoreResponse) Reset() { + *x = StoreResponse{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *StoreResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*StoreResponse) ProtoMessage() {} + +func (x *StoreResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use StoreResponse.ProtoReflect.Descriptor instead. +func (*StoreResponse) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{5} +} + +type LoadRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` + Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *LoadRequest) Reset() { + *x = LoadRequest{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *LoadRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*LoadRequest) ProtoMessage() {} + +func (x *LoadRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[6] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use LoadRequest.ProtoReflect.Descriptor instead. +func (*LoadRequest) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{6} +} + +func (x *LoadRequest) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *LoadRequest) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +type LoadResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + KeyMaterial *KeyMaterial `protobuf:"bytes,1,opt,name=key_material,json=keyMaterial,proto3" json:"key_material,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *LoadResponse) Reset() { + *x = LoadResponse{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *LoadResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*LoadResponse) ProtoMessage() {} + +func (x *LoadResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[7] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use LoadResponse.ProtoReflect.Descriptor instead. +func (*LoadResponse) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{7} +} + +func (x *LoadResponse) GetKeyMaterial() *KeyMaterial { + if x != nil { + return x.KeyMaterial + } + return nil +} + +type DeleteRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` + Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *DeleteRequest) Reset() { + *x = DeleteRequest{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *DeleteRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteRequest) ProtoMessage() {} + +func (x *DeleteRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[8] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteRequest.ProtoReflect.Descriptor instead. +func (*DeleteRequest) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{8} +} + +func (x *DeleteRequest) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *DeleteRequest) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +type DeleteResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *DeleteResponse) Reset() { + *x = DeleteResponse{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *DeleteResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeleteResponse) ProtoMessage() {} + +func (x *DeleteResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[9] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeleteResponse.ProtoReflect.Descriptor instead. +func (*DeleteResponse) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{9} +} + +// Pattern-based matching for the primary Key ID. +type Filter_StringMatch struct { + state protoimpl.MessageState `protogen:"open.v1"` + // Types that are valid to be assigned to Type: + // + // *Filter_StringMatch_Prefix + // *Filter_StringMatch_Suffix + // *Filter_StringMatch_Contains + // *Filter_StringMatch_Exact + Type isFilter_StringMatch_Type `protobuf_oneof:"type"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Filter_StringMatch) Reset() { + *x = Filter_StringMatch{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Filter_StringMatch) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Filter_StringMatch) ProtoMessage() {} + +func (x *Filter_StringMatch) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[11] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Filter_StringMatch.ProtoReflect.Descriptor instead. +func (*Filter_StringMatch) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{1, 0} +} + +func (x *Filter_StringMatch) GetType() isFilter_StringMatch_Type { + if x != nil { + return x.Type + } + return nil +} + +func (x *Filter_StringMatch) GetPrefix() string { + if x != nil { + if x, ok := x.Type.(*Filter_StringMatch_Prefix); ok { + return x.Prefix + } + } + return "" +} + +func (x *Filter_StringMatch) GetSuffix() string { + if x != nil { + if x, ok := x.Type.(*Filter_StringMatch_Suffix); ok { + return x.Suffix + } + } + return "" +} + +func (x *Filter_StringMatch) GetContains() string { + if x != nil { + if x, ok := x.Type.(*Filter_StringMatch_Contains); ok { + return x.Contains + } + } + return "" +} + +func (x *Filter_StringMatch) GetExact() string { + if x != nil { + if x, ok := x.Type.(*Filter_StringMatch_Exact); ok { + return x.Exact + } + } + return "" +} + +type isFilter_StringMatch_Type interface { + isFilter_StringMatch_Type() +} + +type Filter_StringMatch_Prefix struct { + Prefix string `protobuf:"bytes,1,opt,name=prefix,proto3,oneof"` +} + +type Filter_StringMatch_Suffix struct { + Suffix string `protobuf:"bytes,2,opt,name=suffix,proto3,oneof"` +} + +type Filter_StringMatch_Contains struct { + Contains string `protobuf:"bytes,3,opt,name=contains,proto3,oneof"` +} + +type Filter_StringMatch_Exact struct { + Exact string `protobuf:"bytes,4,opt,name=exact,proto3,oneof"` +} + +func (*Filter_StringMatch_Prefix) isFilter_StringMatch_Type() {} + +func (*Filter_StringMatch_Suffix) isFilter_StringMatch_Type() {} + +func (*Filter_StringMatch_Contains) isFilter_StringMatch_Type() {} + +func (*Filter_StringMatch_Exact) isFilter_StringMatch_Type() {} + +// Filter by the time the key was created. +type Filter_TimeRange struct { + state protoimpl.MessageState `protogen:"open.v1"` + From *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=from,proto3" json:"from,omitempty"` + To *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=to,proto3" json:"to,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *Filter_TimeRange) Reset() { + *x = Filter_TimeRange{} + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Filter_TimeRange) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Filter_TimeRange) ProtoMessage() {} + +func (x *Filter_TimeRange) ProtoReflect() protoreflect.Message { + mi := &file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[13] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Filter_TimeRange.ProtoReflect.Descriptor instead. +func (*Filter_TimeRange) Descriptor() ([]byte, []int) { + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP(), []int{1, 2} +} + +func (x *Filter_TimeRange) GetFrom() *timestamppb.Timestamp { + if x != nil { + return x.From + } + return nil +} + +func (x *Filter_TimeRange) GetTo() *timestamppb.Timestamp { + if x != nil { + return x.To + } + return nil +} + +var File_plugin_key_material_storage_v1_key_material_storage_proto protoreflect.FileDescriptor + +const file_plugin_key_material_storage_v1_key_material_storage_proto_rawDesc = "" + + "\n" + + "9plugin/key_material_storage/v1/key_material_storage.proto\x12\x1eplugin.key_material_storage.v1\x1a\x1bbuf/validate/validate.proto\x1a\x1fgoogle/protobuf/timestamp.proto\"\xa4\x03\n" + + "\vKeyMaterial\x12\x17\n" + + "\x02id\x18\x01 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\x02id\x12\x1b\n" + + "\x04data\x18\x02 \x01(\fB\a\xbaH\x04z\x02\x10\x01R\x04data\x12%\n" + + "\talgorithm\x18\x03 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\talgorithm\x123\n" + + "\x13previous_version_id\x18\x04 \x01(\tH\x00R\x11previousVersionId\x88\x01\x01\x12\x1f\n" + + "\bchecksum\x18\x05 \x01(\tH\x01R\bchecksum\x88\x01\x01\x129\n" + + "\n" + + "created_at\x18\x06 \x01(\v2\x1a.google.protobuf.TimestampR\tcreatedAt\x12I\n" + + "\x04tags\x18\a \x03(\v25.plugin.key_material_storage.v1.KeyMaterial.TagsEntryR\x04tags\x1a7\n" + + "\tTagsEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01B\x16\n" + + "\x14_previous_version_idB\v\n" + + "\t_checksum\"\xd7\x04\n" + + "\x06Filter\x12G\n" + + "\x02id\x18\x01 \x01(\v22.plugin.key_material_storage.v1.Filter.StringMatchH\x00R\x02id\x88\x01\x01\x12!\n" + + "\talgorithm\x18\x02 \x01(\tH\x01R\talgorithm\x88\x01\x01\x12D\n" + + "\x04tags\x18\x03 \x03(\v20.plugin.key_material_storage.v1.Filter.TagsEntryR\x04tags\x12T\n" + + "\n" + + "created_at\x18\x04 \x01(\v20.plugin.key_material_storage.v1.Filter.TimeRangeH\x02R\tcreatedAt\x88\x01\x01\x1a\x7f\n" + + "\vStringMatch\x12\x18\n" + + "\x06prefix\x18\x01 \x01(\tH\x00R\x06prefix\x12\x18\n" + + "\x06suffix\x18\x02 \x01(\tH\x00R\x06suffix\x12\x1c\n" + + "\bcontains\x18\x03 \x01(\tH\x00R\bcontains\x12\x16\n" + + "\x05exact\x18\x04 \x01(\tH\x00R\x05exactB\x06\n" + + "\x04type\x1a7\n" + + "\tTagsEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01\x1ag\n" + + "\tTimeRange\x12.\n" + + "\x04from\x18\x01 \x01(\v2\x1a.google.protobuf.TimestampR\x04from\x12*\n" + + "\x02to\x18\x02 \x01(\v2\x1a.google.protobuf.TimestampR\x02toB\x05\n" + + "\x03_idB\f\n" + + "\n" + + "_algorithmB\r\n" + + "\v_created_at\"\xc3\x01\n" + + "\x0eListIDsRequest\x12%\n" + + "\tnamespace\x18\x01 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\tnamespace\x12C\n" + + "\x06filter\x18\x02 \x01(\v2&.plugin.key_material_storage.v1.FilterH\x00R\x06filter\x88\x01\x01\x12\x1b\n" + + "\tpage_size\x18\x03 \x01(\rR\bpageSize\x12\x1d\n" + + "\n" + + "page_token\x18\x04 \x01(\tR\tpageTokenB\t\n" + + "\a_filter\"K\n" + + "\x0fListIDsResponse\x12\x10\n" + + "\x03ids\x18\x01 \x03(\tR\x03ids\x12&\n" + + "\x0fnext_page_token\x18\x02 \x01(\tR\rnextPageToken\"\x8d\x01\n" + + "\fStoreRequest\x12%\n" + + "\tnamespace\x18\x01 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\tnamespace\x12V\n" + + "\fkey_material\x18\x02 \x01(\v2+.plugin.key_material_storage.v1.KeyMaterialB\x06\xbaH\x03\xc8\x01\x01R\vkeyMaterial\"\x0f\n" + + "\rStoreResponse\"M\n" + + "\vLoadRequest\x12%\n" + + "\tnamespace\x18\x01 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\tnamespace\x12\x17\n" + + "\x02id\x18\x02 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\x02id\"^\n" + + "\fLoadResponse\x12N\n" + + "\fkey_material\x18\x01 \x01(\v2+.plugin.key_material_storage.v1.KeyMaterialR\vkeyMaterial\"O\n" + + "\rDeleteRequest\x12%\n" + + "\tnamespace\x18\x01 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\tnamespace\x12\x17\n" + + "\x02id\x18\x02 \x01(\tB\a\xbaH\x04r\x02\x10\x01R\x02id\"\x10\n" + + "\x0eDeleteResponse2\xb4\x03\n" + + "\x12KeyMaterialStorage\x12d\n" + + "\x05Store\x12,.plugin.key_material_storage.v1.StoreRequest\x1a-.plugin.key_material_storage.v1.StoreResponse\x12a\n" + + "\x04Load\x12+.plugin.key_material_storage.v1.LoadRequest\x1a,.plugin.key_material_storage.v1.LoadResponse\x12g\n" + + "\x06Delete\x12-.plugin.key_material_storage.v1.DeleteRequest\x1a..plugin.key_material_storage.v1.DeleteResponse\x12l\n" + + "\aListIDs\x12..plugin.key_material_storage.v1.ListIDsRequest\x1a/.plugin.key_material_storage.v1.ListIDsResponse0\x01B\xaa\x02\n" + + "\"com.plugin.key_material_storage.v1B\x17KeyMaterialStorageProtoP\x01ZYgithub.com/openkcm/plugin-sdk/proto/plugin/key_material_storage/v1;key_material_storagev1\xa2\x02\x03PKX\xaa\x02\x1cPlugin.KeyMaterialStorage.V1\xca\x02\x1cPlugin\\KeyMaterialStorage\\V1\xe2\x02(Plugin\\KeyMaterialStorage\\V1\\GPBMetadata\xea\x02\x1ePlugin::KeyMaterialStorage::V1b\x06proto3" + +var ( + file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescOnce sync.Once + file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescData []byte +) + +func file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescGZIP() []byte { + file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescOnce.Do(func() { + file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_plugin_key_material_storage_v1_key_material_storage_proto_rawDesc), len(file_plugin_key_material_storage_v1_key_material_storage_proto_rawDesc))) + }) + return file_plugin_key_material_storage_v1_key_material_storage_proto_rawDescData +} + +var file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes = make([]protoimpl.MessageInfo, 14) +var file_plugin_key_material_storage_v1_key_material_storage_proto_goTypes = []any{ + (*KeyMaterial)(nil), // 0: plugin.key_material_storage.v1.KeyMaterial + (*Filter)(nil), // 1: plugin.key_material_storage.v1.Filter + (*ListIDsRequest)(nil), // 2: plugin.key_material_storage.v1.ListIDsRequest + (*ListIDsResponse)(nil), // 3: plugin.key_material_storage.v1.ListIDsResponse + (*StoreRequest)(nil), // 4: plugin.key_material_storage.v1.StoreRequest + (*StoreResponse)(nil), // 5: plugin.key_material_storage.v1.StoreResponse + (*LoadRequest)(nil), // 6: plugin.key_material_storage.v1.LoadRequest + (*LoadResponse)(nil), // 7: plugin.key_material_storage.v1.LoadResponse + (*DeleteRequest)(nil), // 8: plugin.key_material_storage.v1.DeleteRequest + (*DeleteResponse)(nil), // 9: plugin.key_material_storage.v1.DeleteResponse + nil, // 10: plugin.key_material_storage.v1.KeyMaterial.TagsEntry + (*Filter_StringMatch)(nil), // 11: plugin.key_material_storage.v1.Filter.StringMatch + nil, // 12: plugin.key_material_storage.v1.Filter.TagsEntry + (*Filter_TimeRange)(nil), // 13: plugin.key_material_storage.v1.Filter.TimeRange + (*timestamppb.Timestamp)(nil), // 14: google.protobuf.Timestamp +} +var file_plugin_key_material_storage_v1_key_material_storage_proto_depIdxs = []int32{ + 14, // 0: plugin.key_material_storage.v1.KeyMaterial.created_at:type_name -> google.protobuf.Timestamp + 10, // 1: plugin.key_material_storage.v1.KeyMaterial.tags:type_name -> plugin.key_material_storage.v1.KeyMaterial.TagsEntry + 11, // 2: plugin.key_material_storage.v1.Filter.id:type_name -> plugin.key_material_storage.v1.Filter.StringMatch + 12, // 3: plugin.key_material_storage.v1.Filter.tags:type_name -> plugin.key_material_storage.v1.Filter.TagsEntry + 13, // 4: plugin.key_material_storage.v1.Filter.created_at:type_name -> plugin.key_material_storage.v1.Filter.TimeRange + 1, // 5: plugin.key_material_storage.v1.ListIDsRequest.filter:type_name -> plugin.key_material_storage.v1.Filter + 0, // 6: plugin.key_material_storage.v1.StoreRequest.key_material:type_name -> plugin.key_material_storage.v1.KeyMaterial + 0, // 7: plugin.key_material_storage.v1.LoadResponse.key_material:type_name -> plugin.key_material_storage.v1.KeyMaterial + 14, // 8: plugin.key_material_storage.v1.Filter.TimeRange.from:type_name -> google.protobuf.Timestamp + 14, // 9: plugin.key_material_storage.v1.Filter.TimeRange.to:type_name -> google.protobuf.Timestamp + 4, // 10: plugin.key_material_storage.v1.KeyMaterialStorage.Store:input_type -> plugin.key_material_storage.v1.StoreRequest + 6, // 11: plugin.key_material_storage.v1.KeyMaterialStorage.Load:input_type -> plugin.key_material_storage.v1.LoadRequest + 8, // 12: plugin.key_material_storage.v1.KeyMaterialStorage.Delete:input_type -> plugin.key_material_storage.v1.DeleteRequest + 2, // 13: plugin.key_material_storage.v1.KeyMaterialStorage.ListIDs:input_type -> plugin.key_material_storage.v1.ListIDsRequest + 5, // 14: plugin.key_material_storage.v1.KeyMaterialStorage.Store:output_type -> plugin.key_material_storage.v1.StoreResponse + 7, // 15: plugin.key_material_storage.v1.KeyMaterialStorage.Load:output_type -> plugin.key_material_storage.v1.LoadResponse + 9, // 16: plugin.key_material_storage.v1.KeyMaterialStorage.Delete:output_type -> plugin.key_material_storage.v1.DeleteResponse + 3, // 17: plugin.key_material_storage.v1.KeyMaterialStorage.ListIDs:output_type -> plugin.key_material_storage.v1.ListIDsResponse + 14, // [14:18] is the sub-list for method output_type + 10, // [10:14] is the sub-list for method input_type + 10, // [10:10] is the sub-list for extension type_name + 10, // [10:10] is the sub-list for extension extendee + 0, // [0:10] is the sub-list for field type_name +} + +func init() { file_plugin_key_material_storage_v1_key_material_storage_proto_init() } +func file_plugin_key_material_storage_v1_key_material_storage_proto_init() { + if File_plugin_key_material_storage_v1_key_material_storage_proto != nil { + return + } + file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[0].OneofWrappers = []any{} + file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[1].OneofWrappers = []any{} + file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[2].OneofWrappers = []any{} + file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes[11].OneofWrappers = []any{ + (*Filter_StringMatch_Prefix)(nil), + (*Filter_StringMatch_Suffix)(nil), + (*Filter_StringMatch_Contains)(nil), + (*Filter_StringMatch_Exact)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_plugin_key_material_storage_v1_key_material_storage_proto_rawDesc), len(file_plugin_key_material_storage_v1_key_material_storage_proto_rawDesc)), + NumEnums: 0, + NumMessages: 14, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_plugin_key_material_storage_v1_key_material_storage_proto_goTypes, + DependencyIndexes: file_plugin_key_material_storage_v1_key_material_storage_proto_depIdxs, + MessageInfos: file_plugin_key_material_storage_v1_key_material_storage_proto_msgTypes, + }.Build() + File_plugin_key_material_storage_v1_key_material_storage_proto = out.File + file_plugin_key_material_storage_v1_key_material_storage_proto_goTypes = nil + file_plugin_key_material_storage_v1_key_material_storage_proto_depIdxs = nil +} diff --git a/proto/plugin/key_material_storage/v1/key_material_storage.pb.validate.go b/proto/plugin/key_material_storage/v1/key_material_storage.pb.validate.go new file mode 100644 index 0000000..40394cd --- /dev/null +++ b/proto/plugin/key_material_storage/v1/key_material_storage.pb.validate.go @@ -0,0 +1,1569 @@ +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: plugin/key_material_storage/v1/key_material_storage.proto + +package key_material_storagev1 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on KeyMaterial with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *KeyMaterial) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on KeyMaterial with the rules defined in +// the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in KeyMaterialMultiError, or +// nil if none found. +func (m *KeyMaterial) ValidateAll() error { + return m.validate(true) +} + +func (m *KeyMaterial) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Id + + // no validation rules for Data + + // no validation rules for Algorithm + + if all { + switch v := interface{}(m.GetCreatedAt()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, KeyMaterialValidationError{ + field: "CreatedAt", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, KeyMaterialValidationError{ + field: "CreatedAt", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetCreatedAt()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return KeyMaterialValidationError{ + field: "CreatedAt", + reason: "embedded message failed validation", + cause: err, + } + } + } + + // no validation rules for Tags + + if m.PreviousVersionId != nil { + // no validation rules for PreviousVersionId + } + + if m.Checksum != nil { + // no validation rules for Checksum + } + + if len(errors) > 0 { + return KeyMaterialMultiError(errors) + } + + return nil +} + +// KeyMaterialMultiError is an error wrapping multiple validation errors +// returned by KeyMaterial.ValidateAll() if the designated constraints aren't met. +type KeyMaterialMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m KeyMaterialMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m KeyMaterialMultiError) AllErrors() []error { return m } + +// KeyMaterialValidationError is the validation error returned by +// KeyMaterial.Validate if the designated constraints aren't met. +type KeyMaterialValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e KeyMaterialValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e KeyMaterialValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e KeyMaterialValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e KeyMaterialValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e KeyMaterialValidationError) ErrorName() string { return "KeyMaterialValidationError" } + +// Error satisfies the builtin error interface +func (e KeyMaterialValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sKeyMaterial.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = KeyMaterialValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = KeyMaterialValidationError{} + +// Validate checks the field values on Filter with the rules defined in the +// proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *Filter) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on Filter with the rules defined in the +// proto definition for this message. If any rules are violated, the result is +// a list of violation errors wrapped in FilterMultiError, or nil if none found. +func (m *Filter) ValidateAll() error { + return m.validate(true) +} + +func (m *Filter) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Tags + + if m.Id != nil { + + if all { + switch v := interface{}(m.GetId()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, FilterValidationError{ + field: "Id", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, FilterValidationError{ + field: "Id", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetId()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return FilterValidationError{ + field: "Id", + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if m.Algorithm != nil { + // no validation rules for Algorithm + } + + if m.CreatedAt != nil { + + if all { + switch v := interface{}(m.GetCreatedAt()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, FilterValidationError{ + field: "CreatedAt", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, FilterValidationError{ + field: "CreatedAt", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetCreatedAt()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return FilterValidationError{ + field: "CreatedAt", + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return FilterMultiError(errors) + } + + return nil +} + +// FilterMultiError is an error wrapping multiple validation errors returned by +// Filter.ValidateAll() if the designated constraints aren't met. +type FilterMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m FilterMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m FilterMultiError) AllErrors() []error { return m } + +// FilterValidationError is the validation error returned by Filter.Validate if +// the designated constraints aren't met. +type FilterValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e FilterValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e FilterValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e FilterValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e FilterValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e FilterValidationError) ErrorName() string { return "FilterValidationError" } + +// Error satisfies the builtin error interface +func (e FilterValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sFilter.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = FilterValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = FilterValidationError{} + +// Validate checks the field values on ListIDsRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *ListIDsRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on ListIDsRequest with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in ListIDsRequestMultiError, +// or nil if none found. +func (m *ListIDsRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *ListIDsRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Namespace + + // no validation rules for PageSize + + // no validation rules for PageToken + + if m.Filter != nil { + + if all { + switch v := interface{}(m.GetFilter()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, ListIDsRequestValidationError{ + field: "Filter", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, ListIDsRequestValidationError{ + field: "Filter", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetFilter()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return ListIDsRequestValidationError{ + field: "Filter", + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return ListIDsRequestMultiError(errors) + } + + return nil +} + +// ListIDsRequestMultiError is an error wrapping multiple validation errors +// returned by ListIDsRequest.ValidateAll() if the designated constraints +// aren't met. +type ListIDsRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m ListIDsRequestMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m ListIDsRequestMultiError) AllErrors() []error { return m } + +// ListIDsRequestValidationError is the validation error returned by +// ListIDsRequest.Validate if the designated constraints aren't met. +type ListIDsRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e ListIDsRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e ListIDsRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e ListIDsRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e ListIDsRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e ListIDsRequestValidationError) ErrorName() string { return "ListIDsRequestValidationError" } + +// Error satisfies the builtin error interface +func (e ListIDsRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sListIDsRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = ListIDsRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = ListIDsRequestValidationError{} + +// Validate checks the field values on ListIDsResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *ListIDsResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on ListIDsResponse with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// ListIDsResponseMultiError, or nil if none found. +func (m *ListIDsResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *ListIDsResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for NextPageToken + + if len(errors) > 0 { + return ListIDsResponseMultiError(errors) + } + + return nil +} + +// ListIDsResponseMultiError is an error wrapping multiple validation errors +// returned by ListIDsResponse.ValidateAll() if the designated constraints +// aren't met. +type ListIDsResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m ListIDsResponseMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m ListIDsResponseMultiError) AllErrors() []error { return m } + +// ListIDsResponseValidationError is the validation error returned by +// ListIDsResponse.Validate if the designated constraints aren't met. +type ListIDsResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e ListIDsResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e ListIDsResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e ListIDsResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e ListIDsResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e ListIDsResponseValidationError) ErrorName() string { return "ListIDsResponseValidationError" } + +// Error satisfies the builtin error interface +func (e ListIDsResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sListIDsResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = ListIDsResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = ListIDsResponseValidationError{} + +// Validate checks the field values on StoreRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *StoreRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on StoreRequest with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in StoreRequestMultiError, or +// nil if none found. +func (m *StoreRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *StoreRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Namespace + + if all { + switch v := interface{}(m.GetKeyMaterial()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, StoreRequestValidationError{ + field: "KeyMaterial", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, StoreRequestValidationError{ + field: "KeyMaterial", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeyMaterial()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return StoreRequestValidationError{ + field: "KeyMaterial", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return StoreRequestMultiError(errors) + } + + return nil +} + +// StoreRequestMultiError is an error wrapping multiple validation errors +// returned by StoreRequest.ValidateAll() if the designated constraints aren't met. +type StoreRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m StoreRequestMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m StoreRequestMultiError) AllErrors() []error { return m } + +// StoreRequestValidationError is the validation error returned by +// StoreRequest.Validate if the designated constraints aren't met. +type StoreRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e StoreRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e StoreRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e StoreRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e StoreRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e StoreRequestValidationError) ErrorName() string { return "StoreRequestValidationError" } + +// Error satisfies the builtin error interface +func (e StoreRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sStoreRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = StoreRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = StoreRequestValidationError{} + +// Validate checks the field values on StoreResponse with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *StoreResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on StoreResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in StoreResponseMultiError, or +// nil if none found. +func (m *StoreResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *StoreResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if len(errors) > 0 { + return StoreResponseMultiError(errors) + } + + return nil +} + +// StoreResponseMultiError is an error wrapping multiple validation errors +// returned by StoreResponse.ValidateAll() if the designated constraints +// aren't met. +type StoreResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m StoreResponseMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m StoreResponseMultiError) AllErrors() []error { return m } + +// StoreResponseValidationError is the validation error returned by +// StoreResponse.Validate if the designated constraints aren't met. +type StoreResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e StoreResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e StoreResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e StoreResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e StoreResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e StoreResponseValidationError) ErrorName() string { return "StoreResponseValidationError" } + +// Error satisfies the builtin error interface +func (e StoreResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sStoreResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = StoreResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = StoreResponseValidationError{} + +// Validate checks the field values on LoadRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *LoadRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on LoadRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in LoadRequestMultiError, or +// nil if none found. +func (m *LoadRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *LoadRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Namespace + + // no validation rules for Id + + if len(errors) > 0 { + return LoadRequestMultiError(errors) + } + + return nil +} + +// LoadRequestMultiError is an error wrapping multiple validation errors +// returned by LoadRequest.ValidateAll() if the designated constraints aren't met. +type LoadRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m LoadRequestMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m LoadRequestMultiError) AllErrors() []error { return m } + +// LoadRequestValidationError is the validation error returned by +// LoadRequest.Validate if the designated constraints aren't met. +type LoadRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e LoadRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e LoadRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e LoadRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e LoadRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e LoadRequestValidationError) ErrorName() string { return "LoadRequestValidationError" } + +// Error satisfies the builtin error interface +func (e LoadRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sLoadRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = LoadRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = LoadRequestValidationError{} + +// Validate checks the field values on LoadResponse with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *LoadResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on LoadResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in LoadResponseMultiError, or +// nil if none found. +func (m *LoadResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *LoadResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetKeyMaterial()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, LoadResponseValidationError{ + field: "KeyMaterial", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, LoadResponseValidationError{ + field: "KeyMaterial", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetKeyMaterial()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return LoadResponseValidationError{ + field: "KeyMaterial", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return LoadResponseMultiError(errors) + } + + return nil +} + +// LoadResponseMultiError is an error wrapping multiple validation errors +// returned by LoadResponse.ValidateAll() if the designated constraints aren't met. +type LoadResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m LoadResponseMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m LoadResponseMultiError) AllErrors() []error { return m } + +// LoadResponseValidationError is the validation error returned by +// LoadResponse.Validate if the designated constraints aren't met. +type LoadResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e LoadResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e LoadResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e LoadResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e LoadResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e LoadResponseValidationError) ErrorName() string { return "LoadResponseValidationError" } + +// Error satisfies the builtin error interface +func (e LoadResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sLoadResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = LoadResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = LoadResponseValidationError{} + +// Validate checks the field values on DeleteRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *DeleteRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on DeleteRequest with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in DeleteRequestMultiError, or +// nil if none found. +func (m *DeleteRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *DeleteRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Namespace + + // no validation rules for Id + + if len(errors) > 0 { + return DeleteRequestMultiError(errors) + } + + return nil +} + +// DeleteRequestMultiError is an error wrapping multiple validation errors +// returned by DeleteRequest.ValidateAll() if the designated constraints +// aren't met. +type DeleteRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m DeleteRequestMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m DeleteRequestMultiError) AllErrors() []error { return m } + +// DeleteRequestValidationError is the validation error returned by +// DeleteRequest.Validate if the designated constraints aren't met. +type DeleteRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e DeleteRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e DeleteRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e DeleteRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e DeleteRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e DeleteRequestValidationError) ErrorName() string { return "DeleteRequestValidationError" } + +// Error satisfies the builtin error interface +func (e DeleteRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sDeleteRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = DeleteRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = DeleteRequestValidationError{} + +// Validate checks the field values on DeleteResponse with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *DeleteResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on DeleteResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in DeleteResponseMultiError, +// or nil if none found. +func (m *DeleteResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *DeleteResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if len(errors) > 0 { + return DeleteResponseMultiError(errors) + } + + return nil +} + +// DeleteResponseMultiError is an error wrapping multiple validation errors +// returned by DeleteResponse.ValidateAll() if the designated constraints +// aren't met. +type DeleteResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m DeleteResponseMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m DeleteResponseMultiError) AllErrors() []error { return m } + +// DeleteResponseValidationError is the validation error returned by +// DeleteResponse.Validate if the designated constraints aren't met. +type DeleteResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e DeleteResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e DeleteResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e DeleteResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e DeleteResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e DeleteResponseValidationError) ErrorName() string { return "DeleteResponseValidationError" } + +// Error satisfies the builtin error interface +func (e DeleteResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sDeleteResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = DeleteResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = DeleteResponseValidationError{} + +// Validate checks the field values on Filter_StringMatch with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *Filter_StringMatch) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on Filter_StringMatch with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// Filter_StringMatchMultiError, or nil if none found. +func (m *Filter_StringMatch) ValidateAll() error { + return m.validate(true) +} + +func (m *Filter_StringMatch) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + switch v := m.Type.(type) { + case *Filter_StringMatch_Prefix: + if v == nil { + err := Filter_StringMatchValidationError{ + field: "Type", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + // no validation rules for Prefix + case *Filter_StringMatch_Suffix: + if v == nil { + err := Filter_StringMatchValidationError{ + field: "Type", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + // no validation rules for Suffix + case *Filter_StringMatch_Contains: + if v == nil { + err := Filter_StringMatchValidationError{ + field: "Type", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + // no validation rules for Contains + case *Filter_StringMatch_Exact: + if v == nil { + err := Filter_StringMatchValidationError{ + field: "Type", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + // no validation rules for Exact + default: + _ = v // ensures v is used + } + + if len(errors) > 0 { + return Filter_StringMatchMultiError(errors) + } + + return nil +} + +// Filter_StringMatchMultiError is an error wrapping multiple validation errors +// returned by Filter_StringMatch.ValidateAll() if the designated constraints +// aren't met. +type Filter_StringMatchMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m Filter_StringMatchMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m Filter_StringMatchMultiError) AllErrors() []error { return m } + +// Filter_StringMatchValidationError is the validation error returned by +// Filter_StringMatch.Validate if the designated constraints aren't met. +type Filter_StringMatchValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e Filter_StringMatchValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e Filter_StringMatchValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e Filter_StringMatchValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e Filter_StringMatchValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e Filter_StringMatchValidationError) ErrorName() string { + return "Filter_StringMatchValidationError" +} + +// Error satisfies the builtin error interface +func (e Filter_StringMatchValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sFilter_StringMatch.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = Filter_StringMatchValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = Filter_StringMatchValidationError{} + +// Validate checks the field values on Filter_TimeRange with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *Filter_TimeRange) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on Filter_TimeRange with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// Filter_TimeRangeMultiError, or nil if none found. +func (m *Filter_TimeRange) ValidateAll() error { + return m.validate(true) +} + +func (m *Filter_TimeRange) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetFrom()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, Filter_TimeRangeValidationError{ + field: "From", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, Filter_TimeRangeValidationError{ + field: "From", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetFrom()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return Filter_TimeRangeValidationError{ + field: "From", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetTo()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, Filter_TimeRangeValidationError{ + field: "To", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, Filter_TimeRangeValidationError{ + field: "To", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetTo()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return Filter_TimeRangeValidationError{ + field: "To", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return Filter_TimeRangeMultiError(errors) + } + + return nil +} + +// Filter_TimeRangeMultiError is an error wrapping multiple validation errors +// returned by Filter_TimeRange.ValidateAll() if the designated constraints +// aren't met. +type Filter_TimeRangeMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m Filter_TimeRangeMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m Filter_TimeRangeMultiError) AllErrors() []error { return m } + +// Filter_TimeRangeValidationError is the validation error returned by +// Filter_TimeRange.Validate if the designated constraints aren't met. +type Filter_TimeRangeValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e Filter_TimeRangeValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e Filter_TimeRangeValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e Filter_TimeRangeValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e Filter_TimeRangeValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e Filter_TimeRangeValidationError) ErrorName() string { return "Filter_TimeRangeValidationError" } + +// Error satisfies the builtin error interface +func (e Filter_TimeRangeValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sFilter_TimeRange.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = Filter_TimeRangeValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = Filter_TimeRangeValidationError{} diff --git a/proto/plugin/key_material_storage/v1/key_material_storage.proto b/proto/plugin/key_material_storage/v1/key_material_storage.proto new file mode 100644 index 0000000..1ce3d51 --- /dev/null +++ b/proto/plugin/key_material_storage/v1/key_material_storage.proto @@ -0,0 +1,97 @@ +syntax = "proto3"; + +package plugin.key_material_storage.v1; + +import "buf/validate/validate.proto"; +import "google/protobuf/timestamp.proto"; + +// KeyMaterialStorage defines the universal interface for persisting and +// retrieving opaque blobs of data, typically wrapped key material. +service KeyMaterialStorage { + rpc Store(StoreRequest) returns (StoreResponse); + rpc Load(LoadRequest) returns (LoadResponse); + rpc Delete(DeleteRequest) returns (DeleteResponse); + + // ListIDs returns batches of IDs matching the criteria. + rpc ListIDs(ListIDsRequest) returns (stream ListIDsResponse); +} + +// KeyMaterial represents a single unit of stored data. +message KeyMaterial { + string id = 1 [(buf.validate.field).string.min_len = 1]; + bytes data = 2 [(buf.validate.field).bytes.min_len = 1]; + string algorithm = 3 [(buf.validate.field).string.min_len = 1]; + + optional string previous_version_id = 4; + optional string checksum = 5; + google.protobuf.Timestamp created_at = 6; + map tags = 7; +} + +// --- Filter Refactor --- + +message Filter { + // Pattern-based matching for the primary Key ID. + message StringMatch { + oneof type { + string prefix = 1; + string suffix = 2; + string contains = 3; + string exact = 4; + } + } + optional StringMatch id = 1; + + // Filter by cryptographic algorithm (e.g., "AES-256-GCM"). + optional string algorithm = 2; + + // Filter by metadata tags (e.g., {"env": "prod"}). + // Match is typically performed as "contains all". + map tags = 3; + + // Filter by the time the key was created. + message TimeRange { + google.protobuf.Timestamp from = 1; + google.protobuf.Timestamp to = 2; + } + optional TimeRange created_at = 4; +} + +// --- RPC Messages --- + +message ListIDsRequest { + string namespace = 1 [(buf.validate.field).string.min_len = 1]; + optional Filter filter = 2; + + // Pagination support + uint32 page_size = 3; + string page_token = 4; +} + +message ListIDsResponse { + repeated string ids = 1; + string next_page_token = 2; +} + +message StoreRequest { + string namespace = 1 [(buf.validate.field).string.min_len = 1]; + KeyMaterial key_material = 2 [(buf.validate.field).required = true]; +} + +message StoreResponse {} + +message LoadRequest { + string namespace = 1 [(buf.validate.field).string.min_len = 1]; + string id = 2 [(buf.validate.field).string.min_len = 1]; +} + +message LoadResponse { + KeyMaterial key_material = 1; +} + +message DeleteRequest { + string namespace = 1 [(buf.validate.field).string.min_len = 1]; + string id = 2 [(buf.validate.field).string.min_len = 1]; +} + +message DeleteResponse {} diff --git a/proto/plugin/key_material_storage/v1/key_material_storage_ext_plugin.pb.go b/proto/plugin/key_material_storage/v1/key_material_storage_ext_plugin.pb.go new file mode 100644 index 0000000..9f108c7 --- /dev/null +++ b/proto/plugin/key_material_storage/v1/key_material_storage_ext_plugin.pb.go @@ -0,0 +1,56 @@ +// Code generated by protoc-gen-go-extension. DO NOT EDIT. + +package key_material_storagev1 + +import ( + grpc "google.golang.org/grpc" + + api "github.com/openkcm/plugin-sdk/api" +) + +const ( + Type = "KeyMaterialStorage" + GRPCServiceFullName = "plugin.key_material_storage.v1.KeyMaterialStorage" +) + +func KeyMaterialStoragePluginServer(server KeyMaterialStorageServer) api.PluginServer { + return keyMaterialStoragePluginServer{KeyMaterialStorageServer: server} +} + +type keyMaterialStoragePluginServer struct { + KeyMaterialStorageServer +} + +func (s keyMaterialStoragePluginServer) Type() string { + return Type +} + +func (s keyMaterialStoragePluginServer) GRPCServiceName() string { + return GRPCServiceFullName +} + +func (s keyMaterialStoragePluginServer) RegisterServer(server *grpc.Server) any { + RegisterKeyMaterialStorageServer(server, s.KeyMaterialStorageServer) + return s.KeyMaterialStorageServer +} + +type KeyMaterialStoragePluginClient struct { + KeyMaterialStorageClient +} + +func (s KeyMaterialStoragePluginClient) Type() string { + return Type +} + +func (c *KeyMaterialStoragePluginClient) IsInitialized() bool { + return c.KeyMaterialStorageClient != nil +} + +func (c *KeyMaterialStoragePluginClient) GRPCServiceName() string { + return GRPCServiceFullName +} + +func (c *KeyMaterialStoragePluginClient) InitClient(conn grpc.ClientConnInterface) any { + c.KeyMaterialStorageClient = NewKeyMaterialStorageClient(conn) + return c.KeyMaterialStorageClient +} diff --git a/proto/plugin/key_material_storage/v1/key_material_storage_grpc.pb.go b/proto/plugin/key_material_storage/v1/key_material_storage_grpc.pb.go new file mode 100644 index 0000000..eb7193e --- /dev/null +++ b/proto/plugin/key_material_storage/v1/key_material_storage_grpc.pb.go @@ -0,0 +1,248 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.6.1 +// - protoc (unknown) +// source: plugin/key_material_storage/v1/key_material_storage.proto + +package key_material_storagev1 + +import ( + context "context" + + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + KeyMaterialStorage_Store_FullMethodName = "/plugin.key_material_storage.v1.KeyMaterialStorage/Store" + KeyMaterialStorage_Load_FullMethodName = "/plugin.key_material_storage.v1.KeyMaterialStorage/Load" + KeyMaterialStorage_Delete_FullMethodName = "/plugin.key_material_storage.v1.KeyMaterialStorage/Delete" + KeyMaterialStorage_ListIDs_FullMethodName = "/plugin.key_material_storage.v1.KeyMaterialStorage/ListIDs" +) + +// KeyMaterialStorageClient is the client API for KeyMaterialStorage service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +// +// KeyMaterialStorage defines the universal interface for persisting and +// retrieving opaque blobs of data, typically wrapped key material. +type KeyMaterialStorageClient interface { + Store(ctx context.Context, in *StoreRequest, opts ...grpc.CallOption) (*StoreResponse, error) + Load(ctx context.Context, in *LoadRequest, opts ...grpc.CallOption) (*LoadResponse, error) + Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*DeleteResponse, error) + // ListIDs returns batches of IDs matching the criteria. + ListIDs(ctx context.Context, in *ListIDsRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[ListIDsResponse], error) +} + +type keyMaterialStorageClient struct { + cc grpc.ClientConnInterface +} + +func NewKeyMaterialStorageClient(cc grpc.ClientConnInterface) KeyMaterialStorageClient { + return &keyMaterialStorageClient{cc} +} + +func (c *keyMaterialStorageClient) Store(ctx context.Context, in *StoreRequest, opts ...grpc.CallOption) (*StoreResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(StoreResponse) + err := c.cc.Invoke(ctx, KeyMaterialStorage_Store_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *keyMaterialStorageClient) Load(ctx context.Context, in *LoadRequest, opts ...grpc.CallOption) (*LoadResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(LoadResponse) + err := c.cc.Invoke(ctx, KeyMaterialStorage_Load_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *keyMaterialStorageClient) Delete(ctx context.Context, in *DeleteRequest, opts ...grpc.CallOption) (*DeleteResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(DeleteResponse) + err := c.cc.Invoke(ctx, KeyMaterialStorage_Delete_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *keyMaterialStorageClient) ListIDs(ctx context.Context, in *ListIDsRequest, opts ...grpc.CallOption) (grpc.ServerStreamingClient[ListIDsResponse], error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + stream, err := c.cc.NewStream(ctx, &KeyMaterialStorage_ServiceDesc.Streams[0], KeyMaterialStorage_ListIDs_FullMethodName, cOpts...) + if err != nil { + return nil, err + } + x := &grpc.GenericClientStream[ListIDsRequest, ListIDsResponse]{ClientStream: stream} + if err := x.ClientStream.SendMsg(in); err != nil { + return nil, err + } + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + return x, nil +} + +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type KeyMaterialStorage_ListIDsClient = grpc.ServerStreamingClient[ListIDsResponse] + +// KeyMaterialStorageServer is the server API for KeyMaterialStorage service. +// All implementations must embed UnimplementedKeyMaterialStorageServer +// for forward compatibility. +// +// KeyMaterialStorage defines the universal interface for persisting and +// retrieving opaque blobs of data, typically wrapped key material. +type KeyMaterialStorageServer interface { + Store(context.Context, *StoreRequest) (*StoreResponse, error) + Load(context.Context, *LoadRequest) (*LoadResponse, error) + Delete(context.Context, *DeleteRequest) (*DeleteResponse, error) + // ListIDs returns batches of IDs matching the criteria. + ListIDs(*ListIDsRequest, grpc.ServerStreamingServer[ListIDsResponse]) error + mustEmbedUnimplementedKeyMaterialStorageServer() +} + +// UnimplementedKeyMaterialStorageServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedKeyMaterialStorageServer struct{} + +func (UnimplementedKeyMaterialStorageServer) Store(context.Context, *StoreRequest) (*StoreResponse, error) { + return nil, status.Error(codes.Unimplemented, "method Store not implemented") +} +func (UnimplementedKeyMaterialStorageServer) Load(context.Context, *LoadRequest) (*LoadResponse, error) { + return nil, status.Error(codes.Unimplemented, "method Load not implemented") +} +func (UnimplementedKeyMaterialStorageServer) Delete(context.Context, *DeleteRequest) (*DeleteResponse, error) { + return nil, status.Error(codes.Unimplemented, "method Delete not implemented") +} +func (UnimplementedKeyMaterialStorageServer) ListIDs(*ListIDsRequest, grpc.ServerStreamingServer[ListIDsResponse]) error { + return status.Error(codes.Unimplemented, "method ListIDs not implemented") +} +func (UnimplementedKeyMaterialStorageServer) mustEmbedUnimplementedKeyMaterialStorageServer() {} +func (UnimplementedKeyMaterialStorageServer) testEmbeddedByValue() {} + +// UnsafeKeyMaterialStorageServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to KeyMaterialStorageServer will +// result in compilation errors. +type UnsafeKeyMaterialStorageServer interface { + mustEmbedUnimplementedKeyMaterialStorageServer() +} + +func RegisterKeyMaterialStorageServer(s grpc.ServiceRegistrar, srv KeyMaterialStorageServer) { + // If the following call panics, it indicates UnimplementedKeyMaterialStorageServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&KeyMaterialStorage_ServiceDesc, srv) +} + +func _KeyMaterialStorage_Store_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(StoreRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KeyMaterialStorageServer).Store(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KeyMaterialStorage_Store_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KeyMaterialStorageServer).Store(ctx, req.(*StoreRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _KeyMaterialStorage_Load_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(LoadRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KeyMaterialStorageServer).Load(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KeyMaterialStorage_Load_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KeyMaterialStorageServer).Load(ctx, req.(*LoadRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _KeyMaterialStorage_Delete_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(DeleteRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(KeyMaterialStorageServer).Delete(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: KeyMaterialStorage_Delete_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(KeyMaterialStorageServer).Delete(ctx, req.(*DeleteRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _KeyMaterialStorage_ListIDs_Handler(srv interface{}, stream grpc.ServerStream) error { + m := new(ListIDsRequest) + if err := stream.RecvMsg(m); err != nil { + return err + } + return srv.(KeyMaterialStorageServer).ListIDs(m, &grpc.GenericServerStream[ListIDsRequest, ListIDsResponse]{ServerStream: stream}) +} + +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type KeyMaterialStorage_ListIDsServer = grpc.ServerStreamingServer[ListIDsResponse] + +// KeyMaterialStorage_ServiceDesc is the grpc.ServiceDesc for KeyMaterialStorage service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var KeyMaterialStorage_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "plugin.key_material_storage.v1.KeyMaterialStorage", + HandlerType: (*KeyMaterialStorageServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Store", + Handler: _KeyMaterialStorage_Store_Handler, + }, + { + MethodName: "Load", + Handler: _KeyMaterialStorage_Load_Handler, + }, + { + MethodName: "Delete", + Handler: _KeyMaterialStorage_Delete_Handler, + }, + }, + Streams: []grpc.StreamDesc{ + { + StreamName: "ListIDs", + Handler: _KeyMaterialStorage_ListIDs_Handler, + ServerStreams: true, + }, + }, + Metadata: "plugin/key_material_storage/v1/key_material_storage.proto", +} diff --git a/proto/plugin/llm/v1/llm.pb.go b/proto/plugin/llm/v1/llm.pb.go new file mode 100644 index 0000000..297015f --- /dev/null +++ b/proto/plugin/llm/v1/llm.pb.go @@ -0,0 +1,438 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.11 +// protoc (unknown) +// source: plugin/llm/v1/llm.proto + +package llmv1 + +import ( + reflect "reflect" + sync "sync" + unsafe "unsafe" + + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// FindingSummary is a single rule-engine finding passed to the LLM for enrichment. +// Only aggregate metrics are included — never key material or key IDs. +type FindingSummary struct { + state protoimpl.MessageState `protogen:"open.v1"` + Category string `protobuf:"bytes,1,opt,name=category,proto3" json:"category,omitempty"` + Severity string `protobuf:"bytes,2,opt,name=severity,proto3" json:"severity,omitempty"` + Title string `protobuf:"bytes,3,opt,name=title,proto3" json:"title,omitempty"` + Description string `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"` + // aggregate_metadata contains counts and names only (e.g. algorithm="AES-256", count="12"). + AggregateMetadata map[string]string `protobuf:"bytes,5,rep,name=aggregate_metadata,json=aggregateMetadata,proto3" json:"aggregate_metadata,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *FindingSummary) Reset() { + *x = FindingSummary{} + mi := &file_plugin_llm_v1_llm_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *FindingSummary) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FindingSummary) ProtoMessage() {} + +func (x *FindingSummary) ProtoReflect() protoreflect.Message { + mi := &file_plugin_llm_v1_llm_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FindingSummary.ProtoReflect.Descriptor instead. +func (*FindingSummary) Descriptor() ([]byte, []int) { + return file_plugin_llm_v1_llm_proto_rawDescGZIP(), []int{0} +} + +func (x *FindingSummary) GetCategory() string { + if x != nil { + return x.Category + } + return "" +} + +func (x *FindingSummary) GetSeverity() string { + if x != nil { + return x.Severity + } + return "" +} + +func (x *FindingSummary) GetTitle() string { + if x != nil { + return x.Title + } + return "" +} + +func (x *FindingSummary) GetDescription() string { + if x != nil { + return x.Description + } + return "" +} + +func (x *FindingSummary) GetAggregateMetadata() map[string]string { + if x != nil { + return x.AggregateMetadata + } + return nil +} + +// EnrichedFinding contains LLM-enhanced descriptions for a single finding. +type EnrichedFinding struct { + state protoimpl.MessageState `protogen:"open.v1"` + EnrichedDescription string `protobuf:"bytes,1,opt,name=enriched_description,json=enrichedDescription,proto3" json:"enriched_description,omitempty"` + EnrichedRemediation string `protobuf:"bytes,2,opt,name=enriched_remediation,json=enrichedRemediation,proto3" json:"enriched_remediation,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EnrichedFinding) Reset() { + *x = EnrichedFinding{} + mi := &file_plugin_llm_v1_llm_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnrichedFinding) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnrichedFinding) ProtoMessage() {} + +func (x *EnrichedFinding) ProtoReflect() protoreflect.Message { + mi := &file_plugin_llm_v1_llm_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnrichedFinding.ProtoReflect.Descriptor instead. +func (*EnrichedFinding) Descriptor() ([]byte, []int) { + return file_plugin_llm_v1_llm_proto_rawDescGZIP(), []int{1} +} + +func (x *EnrichedFinding) GetEnrichedDescription() string { + if x != nil { + return x.EnrichedDescription + } + return "" +} + +func (x *EnrichedFinding) GetEnrichedRemediation() string { + if x != nil { + return x.EnrichedRemediation + } + return "" +} + +type EnrichRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Findings []*FindingSummary `protobuf:"bytes,1,rep,name=findings,proto3" json:"findings,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EnrichRequest) Reset() { + *x = EnrichRequest{} + mi := &file_plugin_llm_v1_llm_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnrichRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnrichRequest) ProtoMessage() {} + +func (x *EnrichRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_llm_v1_llm_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnrichRequest.ProtoReflect.Descriptor instead. +func (*EnrichRequest) Descriptor() ([]byte, []int) { + return file_plugin_llm_v1_llm_proto_rawDescGZIP(), []int{2} +} + +func (x *EnrichRequest) GetFindings() []*FindingSummary { + if x != nil { + return x.Findings + } + return nil +} + +type EnrichResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + Enriched []*EnrichedFinding `protobuf:"bytes,1,rep,name=enriched,proto3" json:"enriched,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *EnrichResponse) Reset() { + *x = EnrichResponse{} + mi := &file_plugin_llm_v1_llm_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *EnrichResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EnrichResponse) ProtoMessage() {} + +func (x *EnrichResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_llm_v1_llm_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EnrichResponse.ProtoReflect.Descriptor instead. +func (*EnrichResponse) Descriptor() ([]byte, []int) { + return file_plugin_llm_v1_llm_proto_rawDescGZIP(), []int{3} +} + +func (x *EnrichResponse) GetEnriched() []*EnrichedFinding { + if x != nil { + return x.Enriched + } + return nil +} + +// AnswerRequest carries a free-form question and aggregate context signals. +// context_signals must contain only counts and names — never key material. +type AnswerRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` + Question string `protobuf:"bytes,1,opt,name=question,proto3" json:"question,omitempty"` + ContextSignals map[string]string `protobuf:"bytes,2,rep,name=context_signals,json=contextSignals,proto3" json:"context_signals,omitempty" protobuf_key:"bytes,1,opt,name=key" protobuf_val:"bytes,2,opt,name=value"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *AnswerRequest) Reset() { + *x = AnswerRequest{} + mi := &file_plugin_llm_v1_llm_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *AnswerRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AnswerRequest) ProtoMessage() {} + +func (x *AnswerRequest) ProtoReflect() protoreflect.Message { + mi := &file_plugin_llm_v1_llm_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AnswerRequest.ProtoReflect.Descriptor instead. +func (*AnswerRequest) Descriptor() ([]byte, []int) { + return file_plugin_llm_v1_llm_proto_rawDescGZIP(), []int{4} +} + +func (x *AnswerRequest) GetQuestion() string { + if x != nil { + return x.Question + } + return "" +} + +func (x *AnswerRequest) GetContextSignals() map[string]string { + if x != nil { + return x.ContextSignals + } + return nil +} + +type AnswerResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` + Answer string `protobuf:"bytes,1,opt,name=answer,proto3" json:"answer,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache +} + +func (x *AnswerResponse) Reset() { + *x = AnswerResponse{} + mi := &file_plugin_llm_v1_llm_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *AnswerResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AnswerResponse) ProtoMessage() {} + +func (x *AnswerResponse) ProtoReflect() protoreflect.Message { + mi := &file_plugin_llm_v1_llm_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AnswerResponse.ProtoReflect.Descriptor instead. +func (*AnswerResponse) Descriptor() ([]byte, []int) { + return file_plugin_llm_v1_llm_proto_rawDescGZIP(), []int{5} +} + +func (x *AnswerResponse) GetAnswer() string { + if x != nil { + return x.Answer + } + return "" +} + +var File_plugin_llm_v1_llm_proto protoreflect.FileDescriptor + +const file_plugin_llm_v1_llm_proto_rawDesc = "" + + "\n" + + "\x17plugin/llm/v1/llm.proto\x12\rplugin.llm.v1\"\xab\x02\n" + + "\x0eFindingSummary\x12\x1a\n" + + "\bcategory\x18\x01 \x01(\tR\bcategory\x12\x1a\n" + + "\bseverity\x18\x02 \x01(\tR\bseverity\x12\x14\n" + + "\x05title\x18\x03 \x01(\tR\x05title\x12 \n" + + "\vdescription\x18\x04 \x01(\tR\vdescription\x12c\n" + + "\x12aggregate_metadata\x18\x05 \x03(\v24.plugin.llm.v1.FindingSummary.AggregateMetadataEntryR\x11aggregateMetadata\x1aD\n" + + "\x16AggregateMetadataEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01\"w\n" + + "\x0fEnrichedFinding\x121\n" + + "\x14enriched_description\x18\x01 \x01(\tR\x13enrichedDescription\x121\n" + + "\x14enriched_remediation\x18\x02 \x01(\tR\x13enrichedRemediation\"J\n" + + "\rEnrichRequest\x129\n" + + "\bfindings\x18\x01 \x03(\v2\x1d.plugin.llm.v1.FindingSummaryR\bfindings\"L\n" + + "\x0eEnrichResponse\x12:\n" + + "\benriched\x18\x01 \x03(\v2\x1e.plugin.llm.v1.EnrichedFindingR\benriched\"\xc9\x01\n" + + "\rAnswerRequest\x12\x1a\n" + + "\bquestion\x18\x01 \x01(\tR\bquestion\x12Y\n" + + "\x0fcontext_signals\x18\x02 \x03(\v20.plugin.llm.v1.AnswerRequest.ContextSignalsEntryR\x0econtextSignals\x1aA\n" + + "\x13ContextSignalsEntry\x12\x10\n" + + "\x03key\x18\x01 \x01(\tR\x03key\x12\x14\n" + + "\x05value\x18\x02 \x01(\tR\x05value:\x028\x01\"(\n" + + "\x0eAnswerResponse\x12\x16\n" + + "\x06answer\x18\x01 \x01(\tR\x06answer2\x93\x01\n" + + "\x03LLM\x12E\n" + + "\x06Enrich\x12\x1c.plugin.llm.v1.EnrichRequest\x1a\x1d.plugin.llm.v1.EnrichResponse\x12E\n" + + "\x06Answer\x12\x1c.plugin.llm.v1.AnswerRequest\x1a\x1d.plugin.llm.v1.AnswerResponseB\xac\x01\n" + + "\x11com.plugin.llm.v1B\bLlmProtoP\x01Z7github.com/openkcm/plugin-sdk/proto/plugin/llm/v1;llmv1\xa2\x02\x03PLX\xaa\x02\rPlugin.Llm.V1\xca\x02\rPlugin\\Llm\\V1\xe2\x02\x19Plugin\\Llm\\V1\\GPBMetadata\xea\x02\x0fPlugin::Llm::V1b\x06proto3" + +var ( + file_plugin_llm_v1_llm_proto_rawDescOnce sync.Once + file_plugin_llm_v1_llm_proto_rawDescData []byte +) + +func file_plugin_llm_v1_llm_proto_rawDescGZIP() []byte { + file_plugin_llm_v1_llm_proto_rawDescOnce.Do(func() { + file_plugin_llm_v1_llm_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_plugin_llm_v1_llm_proto_rawDesc), len(file_plugin_llm_v1_llm_proto_rawDesc))) + }) + return file_plugin_llm_v1_llm_proto_rawDescData +} + +var file_plugin_llm_v1_llm_proto_msgTypes = make([]protoimpl.MessageInfo, 8) +var file_plugin_llm_v1_llm_proto_goTypes = []any{ + (*FindingSummary)(nil), // 0: plugin.llm.v1.FindingSummary + (*EnrichedFinding)(nil), // 1: plugin.llm.v1.EnrichedFinding + (*EnrichRequest)(nil), // 2: plugin.llm.v1.EnrichRequest + (*EnrichResponse)(nil), // 3: plugin.llm.v1.EnrichResponse + (*AnswerRequest)(nil), // 4: plugin.llm.v1.AnswerRequest + (*AnswerResponse)(nil), // 5: plugin.llm.v1.AnswerResponse + nil, // 6: plugin.llm.v1.FindingSummary.AggregateMetadataEntry + nil, // 7: plugin.llm.v1.AnswerRequest.ContextSignalsEntry +} +var file_plugin_llm_v1_llm_proto_depIdxs = []int32{ + 6, // 0: plugin.llm.v1.FindingSummary.aggregate_metadata:type_name -> plugin.llm.v1.FindingSummary.AggregateMetadataEntry + 0, // 1: plugin.llm.v1.EnrichRequest.findings:type_name -> plugin.llm.v1.FindingSummary + 1, // 2: plugin.llm.v1.EnrichResponse.enriched:type_name -> plugin.llm.v1.EnrichedFinding + 7, // 3: plugin.llm.v1.AnswerRequest.context_signals:type_name -> plugin.llm.v1.AnswerRequest.ContextSignalsEntry + 2, // 4: plugin.llm.v1.LLM.Enrich:input_type -> plugin.llm.v1.EnrichRequest + 4, // 5: plugin.llm.v1.LLM.Answer:input_type -> plugin.llm.v1.AnswerRequest + 3, // 6: plugin.llm.v1.LLM.Enrich:output_type -> plugin.llm.v1.EnrichResponse + 5, // 7: plugin.llm.v1.LLM.Answer:output_type -> plugin.llm.v1.AnswerResponse + 6, // [6:8] is the sub-list for method output_type + 4, // [4:6] is the sub-list for method input_type + 4, // [4:4] is the sub-list for extension type_name + 4, // [4:4] is the sub-list for extension extendee + 0, // [0:4] is the sub-list for field type_name +} + +func init() { file_plugin_llm_v1_llm_proto_init() } +func file_plugin_llm_v1_llm_proto_init() { + if File_plugin_llm_v1_llm_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_plugin_llm_v1_llm_proto_rawDesc), len(file_plugin_llm_v1_llm_proto_rawDesc)), + NumEnums: 0, + NumMessages: 8, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_plugin_llm_v1_llm_proto_goTypes, + DependencyIndexes: file_plugin_llm_v1_llm_proto_depIdxs, + MessageInfos: file_plugin_llm_v1_llm_proto_msgTypes, + }.Build() + File_plugin_llm_v1_llm_proto = out.File + file_plugin_llm_v1_llm_proto_goTypes = nil + file_plugin_llm_v1_llm_proto_depIdxs = nil +} diff --git a/proto/plugin/llm/v1/llm.pb.validate.go b/proto/plugin/llm/v1/llm.pb.validate.go new file mode 100644 index 0000000..bfe21ac --- /dev/null +++ b/proto/plugin/llm/v1/llm.pb.validate.go @@ -0,0 +1,724 @@ +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: plugin/llm/v1/llm.proto + +package llmv1 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on FindingSummary with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *FindingSummary) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on FindingSummary with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in FindingSummaryMultiError, +// or nil if none found. +func (m *FindingSummary) ValidateAll() error { + return m.validate(true) +} + +func (m *FindingSummary) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Category + + // no validation rules for Severity + + // no validation rules for Title + + // no validation rules for Description + + // no validation rules for AggregateMetadata + + if len(errors) > 0 { + return FindingSummaryMultiError(errors) + } + + return nil +} + +// FindingSummaryMultiError is an error wrapping multiple validation errors +// returned by FindingSummary.ValidateAll() if the designated constraints +// aren't met. +type FindingSummaryMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m FindingSummaryMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m FindingSummaryMultiError) AllErrors() []error { return m } + +// FindingSummaryValidationError is the validation error returned by +// FindingSummary.Validate if the designated constraints aren't met. +type FindingSummaryValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e FindingSummaryValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e FindingSummaryValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e FindingSummaryValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e FindingSummaryValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e FindingSummaryValidationError) ErrorName() string { return "FindingSummaryValidationError" } + +// Error satisfies the builtin error interface +func (e FindingSummaryValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sFindingSummary.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = FindingSummaryValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = FindingSummaryValidationError{} + +// Validate checks the field values on EnrichedFinding with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *EnrichedFinding) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on EnrichedFinding with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// EnrichedFindingMultiError, or nil if none found. +func (m *EnrichedFinding) ValidateAll() error { + return m.validate(true) +} + +func (m *EnrichedFinding) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for EnrichedDescription + + // no validation rules for EnrichedRemediation + + if len(errors) > 0 { + return EnrichedFindingMultiError(errors) + } + + return nil +} + +// EnrichedFindingMultiError is an error wrapping multiple validation errors +// returned by EnrichedFinding.ValidateAll() if the designated constraints +// aren't met. +type EnrichedFindingMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m EnrichedFindingMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m EnrichedFindingMultiError) AllErrors() []error { return m } + +// EnrichedFindingValidationError is the validation error returned by +// EnrichedFinding.Validate if the designated constraints aren't met. +type EnrichedFindingValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e EnrichedFindingValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e EnrichedFindingValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e EnrichedFindingValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e EnrichedFindingValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e EnrichedFindingValidationError) ErrorName() string { return "EnrichedFindingValidationError" } + +// Error satisfies the builtin error interface +func (e EnrichedFindingValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sEnrichedFinding.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = EnrichedFindingValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = EnrichedFindingValidationError{} + +// Validate checks the field values on EnrichRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *EnrichRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on EnrichRequest with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in EnrichRequestMultiError, or +// nil if none found. +func (m *EnrichRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *EnrichRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + for idx, item := range m.GetFindings() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, EnrichRequestValidationError{ + field: fmt.Sprintf("Findings[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, EnrichRequestValidationError{ + field: fmt.Sprintf("Findings[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return EnrichRequestValidationError{ + field: fmt.Sprintf("Findings[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return EnrichRequestMultiError(errors) + } + + return nil +} + +// EnrichRequestMultiError is an error wrapping multiple validation errors +// returned by EnrichRequest.ValidateAll() if the designated constraints +// aren't met. +type EnrichRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m EnrichRequestMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m EnrichRequestMultiError) AllErrors() []error { return m } + +// EnrichRequestValidationError is the validation error returned by +// EnrichRequest.Validate if the designated constraints aren't met. +type EnrichRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e EnrichRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e EnrichRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e EnrichRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e EnrichRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e EnrichRequestValidationError) ErrorName() string { return "EnrichRequestValidationError" } + +// Error satisfies the builtin error interface +func (e EnrichRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sEnrichRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = EnrichRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = EnrichRequestValidationError{} + +// Validate checks the field values on EnrichResponse with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *EnrichResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on EnrichResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in EnrichResponseMultiError, +// or nil if none found. +func (m *EnrichResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *EnrichResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + for idx, item := range m.GetEnriched() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, EnrichResponseValidationError{ + field: fmt.Sprintf("Enriched[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, EnrichResponseValidationError{ + field: fmt.Sprintf("Enriched[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return EnrichResponseValidationError{ + field: fmt.Sprintf("Enriched[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return EnrichResponseMultiError(errors) + } + + return nil +} + +// EnrichResponseMultiError is an error wrapping multiple validation errors +// returned by EnrichResponse.ValidateAll() if the designated constraints +// aren't met. +type EnrichResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m EnrichResponseMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m EnrichResponseMultiError) AllErrors() []error { return m } + +// EnrichResponseValidationError is the validation error returned by +// EnrichResponse.Validate if the designated constraints aren't met. +type EnrichResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e EnrichResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e EnrichResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e EnrichResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e EnrichResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e EnrichResponseValidationError) ErrorName() string { return "EnrichResponseValidationError" } + +// Error satisfies the builtin error interface +func (e EnrichResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sEnrichResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = EnrichResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = EnrichResponseValidationError{} + +// Validate checks the field values on AnswerRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *AnswerRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on AnswerRequest with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in AnswerRequestMultiError, or +// nil if none found. +func (m *AnswerRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *AnswerRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Question + + // no validation rules for ContextSignals + + if len(errors) > 0 { + return AnswerRequestMultiError(errors) + } + + return nil +} + +// AnswerRequestMultiError is an error wrapping multiple validation errors +// returned by AnswerRequest.ValidateAll() if the designated constraints +// aren't met. +type AnswerRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m AnswerRequestMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m AnswerRequestMultiError) AllErrors() []error { return m } + +// AnswerRequestValidationError is the validation error returned by +// AnswerRequest.Validate if the designated constraints aren't met. +type AnswerRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e AnswerRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e AnswerRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e AnswerRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e AnswerRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e AnswerRequestValidationError) ErrorName() string { return "AnswerRequestValidationError" } + +// Error satisfies the builtin error interface +func (e AnswerRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sAnswerRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = AnswerRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = AnswerRequestValidationError{} + +// Validate checks the field values on AnswerResponse with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *AnswerResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on AnswerResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in AnswerResponseMultiError, +// or nil if none found. +func (m *AnswerResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *AnswerResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Answer + + if len(errors) > 0 { + return AnswerResponseMultiError(errors) + } + + return nil +} + +// AnswerResponseMultiError is an error wrapping multiple validation errors +// returned by AnswerResponse.ValidateAll() if the designated constraints +// aren't met. +type AnswerResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m AnswerResponseMultiError) Error() string { + msgs := make([]string, 0, len(m)) + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m AnswerResponseMultiError) AllErrors() []error { return m } + +// AnswerResponseValidationError is the validation error returned by +// AnswerResponse.Validate if the designated constraints aren't met. +type AnswerResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e AnswerResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e AnswerResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e AnswerResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e AnswerResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e AnswerResponseValidationError) ErrorName() string { return "AnswerResponseValidationError" } + +// Error satisfies the builtin error interface +func (e AnswerResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sAnswerResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = AnswerResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = AnswerResponseValidationError{} diff --git a/proto/plugin/llm/v1/llm.proto b/proto/plugin/llm/v1/llm.proto new file mode 100644 index 0000000..a4d28a4 --- /dev/null +++ b/proto/plugin/llm/v1/llm.proto @@ -0,0 +1,54 @@ +syntax = "proto3"; + +package plugin.llm.v1; + +option go_package = "github.com/nnicora/krypton/proto/plugin/llm/v1;llmv1"; + +// LLM is the plugin interface for AI language-model backends used by the +// Advisor module. Only aggregate, privacy-safe statistics are ever transmitted — +// no key material, no key IDs, and no principal names. +service LLM { + // Enrich takes rule-engine findings (plain text, no sensitive data) and + // returns enriched descriptions and remediation steps. + rpc Enrich(EnrichRequest) returns (EnrichResponse); + + // Answer responds to a free-form question about key posture using only the + // supplied aggregate signals — no key material, no key IDs, no principal names. + rpc Answer(AnswerRequest) returns (AnswerResponse); +} + +// FindingSummary is a single rule-engine finding passed to the LLM for enrichment. +// Only aggregate metrics are included — never key material or key IDs. +message FindingSummary { + string category = 1; + string severity = 2; + string title = 3; + string description = 4; + // aggregate_metadata contains counts and names only (e.g. algorithm="AES-256", count="12"). + map aggregate_metadata = 5; +} + +// EnrichedFinding contains LLM-enhanced descriptions for a single finding. +message EnrichedFinding { + string enriched_description = 1; + string enriched_remediation = 2; +} + +message EnrichRequest { + repeated FindingSummary findings = 1; +} + +message EnrichResponse { + repeated EnrichedFinding enriched = 1; +} + +// AnswerRequest carries a free-form question and aggregate context signals. +// context_signals must contain only counts and names — never key material. +message AnswerRequest { + string question = 1; + map context_signals = 2; +} + +message AnswerResponse { + string answer = 1; +} diff --git a/proto/plugin/llm/v1/llm_ext_plugin.pb.go b/proto/plugin/llm/v1/llm_ext_plugin.pb.go new file mode 100644 index 0000000..867144f --- /dev/null +++ b/proto/plugin/llm/v1/llm_ext_plugin.pb.go @@ -0,0 +1,56 @@ +// Code generated by protoc-gen-go-extension. DO NOT EDIT. + +package llmv1 + +import ( + grpc "google.golang.org/grpc" + + api "github.com/openkcm/plugin-sdk/api" +) + +const ( + Type = "LLM" + GRPCServiceFullName = "plugin.llm.v1.LLM" +) + +func LLMPluginServer(server LLMServer) api.PluginServer { + return lLMPluginServer{LLMServer: server} +} + +type lLMPluginServer struct { + LLMServer +} + +func (s lLMPluginServer) Type() string { + return Type +} + +func (s lLMPluginServer) GRPCServiceName() string { + return GRPCServiceFullName +} + +func (s lLMPluginServer) RegisterServer(server *grpc.Server) any { + RegisterLLMServer(server, s.LLMServer) + return s.LLMServer +} + +type LLMPluginClient struct { + LLMClient +} + +func (s LLMPluginClient) Type() string { + return Type +} + +func (c *LLMPluginClient) IsInitialized() bool { + return c.LLMClient != nil +} + +func (c *LLMPluginClient) GRPCServiceName() string { + return GRPCServiceFullName +} + +func (c *LLMPluginClient) InitClient(conn grpc.ClientConnInterface) any { + c.LLMClient = NewLLMClient(conn) + return c.LLMClient +} diff --git a/proto/plugin/llm/v1/llm_grpc.pb.go b/proto/plugin/llm/v1/llm_grpc.pb.go new file mode 100644 index 0000000..e10fb70 --- /dev/null +++ b/proto/plugin/llm/v1/llm_grpc.pb.go @@ -0,0 +1,176 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.6.1 +// - protoc (unknown) +// source: plugin/llm/v1/llm.proto + +package llmv1 + +import ( + context "context" + + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + LLM_Enrich_FullMethodName = "/plugin.llm.v1.LLM/Enrich" + LLM_Answer_FullMethodName = "/plugin.llm.v1.LLM/Answer" +) + +// LLMClient is the client API for LLM service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +// +// LLM is the plugin interface for AI language-model backends used by the +// Advisor module. Only aggregate, privacy-safe statistics are ever transmitted — +// no key material, no key IDs, and no principal names. +type LLMClient interface { + // Enrich takes rule-engine findings (plain text, no sensitive data) and + // returns enriched descriptions and remediation steps. + Enrich(ctx context.Context, in *EnrichRequest, opts ...grpc.CallOption) (*EnrichResponse, error) + // Answer responds to a free-form question about key posture using only the + // supplied aggregate signals — no key material, no key IDs, no principal names. + Answer(ctx context.Context, in *AnswerRequest, opts ...grpc.CallOption) (*AnswerResponse, error) +} + +type lLMClient struct { + cc grpc.ClientConnInterface +} + +func NewLLMClient(cc grpc.ClientConnInterface) LLMClient { + return &lLMClient{cc} +} + +func (c *lLMClient) Enrich(ctx context.Context, in *EnrichRequest, opts ...grpc.CallOption) (*EnrichResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(EnrichResponse) + err := c.cc.Invoke(ctx, LLM_Enrich_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *lLMClient) Answer(ctx context.Context, in *AnswerRequest, opts ...grpc.CallOption) (*AnswerResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(AnswerResponse) + err := c.cc.Invoke(ctx, LLM_Answer_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +// LLMServer is the server API for LLM service. +// All implementations must embed UnimplementedLLMServer +// for forward compatibility. +// +// LLM is the plugin interface for AI language-model backends used by the +// Advisor module. Only aggregate, privacy-safe statistics are ever transmitted — +// no key material, no key IDs, and no principal names. +type LLMServer interface { + // Enrich takes rule-engine findings (plain text, no sensitive data) and + // returns enriched descriptions and remediation steps. + Enrich(context.Context, *EnrichRequest) (*EnrichResponse, error) + // Answer responds to a free-form question about key posture using only the + // supplied aggregate signals — no key material, no key IDs, no principal names. + Answer(context.Context, *AnswerRequest) (*AnswerResponse, error) + mustEmbedUnimplementedLLMServer() +} + +// UnimplementedLLMServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedLLMServer struct{} + +func (UnimplementedLLMServer) Enrich(context.Context, *EnrichRequest) (*EnrichResponse, error) { + return nil, status.Error(codes.Unimplemented, "method Enrich not implemented") +} +func (UnimplementedLLMServer) Answer(context.Context, *AnswerRequest) (*AnswerResponse, error) { + return nil, status.Error(codes.Unimplemented, "method Answer not implemented") +} +func (UnimplementedLLMServer) mustEmbedUnimplementedLLMServer() {} +func (UnimplementedLLMServer) testEmbeddedByValue() {} + +// UnsafeLLMServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to LLMServer will +// result in compilation errors. +type UnsafeLLMServer interface { + mustEmbedUnimplementedLLMServer() +} + +func RegisterLLMServer(s grpc.ServiceRegistrar, srv LLMServer) { + // If the following call panics, it indicates UnimplementedLLMServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&LLM_ServiceDesc, srv) +} + +func _LLM_Enrich_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(EnrichRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(LLMServer).Enrich(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: LLM_Enrich_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(LLMServer).Enrich(ctx, req.(*EnrichRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _LLM_Answer_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(AnswerRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(LLMServer).Answer(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: LLM_Answer_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(LLMServer).Answer(ctx, req.(*AnswerRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// LLM_ServiceDesc is the grpc.ServiceDesc for LLM service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var LLM_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "plugin.llm.v1.LLM", + HandlerType: (*LLMServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Enrich", + Handler: _LLM_Enrich_Handler, + }, + { + MethodName: "Answer", + Handler: _LLM_Answer_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "plugin/llm/v1/llm.proto", +}