From 2cfec1d391013d2e4b62982ee2c671c715b03d1c Mon Sep 17 00:00:00 2001 From: black-dragon74 Date: Thu, 23 May 2024 16:34:53 +0530 Subject: [PATCH] Add Spec for EncryptionKeyRotation This patch adds specification for EncryptionKeyRotation operation of CSI addons. Signed-off-by: Niraj Yadav --- Makefile | 1 + encryptionkeyrotation/Makefile | 20 + encryptionkeyrotation/README.md | 106 +++++ .../encryptionkeyrotation.proto | 45 +++ identity/README.md | 22 + identity/identity.proto | 22 + .../encryptionkeyrotation.pb.go | 299 ++++++++++++++ .../encryptionkeyrotation_grpc.pb.go | 116 ++++++ lib/go/identity/identity.pb.go | 382 ++++++++++++------ 9 files changed, 898 insertions(+), 115 deletions(-) create mode 100644 encryptionkeyrotation/Makefile create mode 100644 encryptionkeyrotation/README.md create mode 100644 encryptionkeyrotation/encryptionkeyrotation.proto create mode 100644 lib/go/encryptionkeyrotation/encryptionkeyrotation.pb.go create mode 100644 lib/go/encryptionkeyrotation/encryptionkeyrotation_grpc.pb.go diff --git a/Makefile b/Makefile index a36807d..201d42c 100644 --- a/Makefile +++ b/Makefile @@ -21,6 +21,7 @@ clean-deps: rm -rf bin dist github.com google %: + $(MAKE) -C encryptionkeyrotation $@ $(MAKE) -C fence $@ $(MAKE) -C identity $@ $(MAKE) -C reclaimspace $@ diff --git a/encryptionkeyrotation/Makefile b/encryptionkeyrotation/Makefile new file mode 100644 index 0000000..7d004c9 --- /dev/null +++ b/encryptionkeyrotation/Makefile @@ -0,0 +1,20 @@ +# Copyright 2024 The csi-addons Authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +PROTO := encryptionkeyrotation.proto +PROTO_SOURCE := README.md + +all: install-deps $(PROTO) build + +include ../release-tools/build.make diff --git a/encryptionkeyrotation/README.md b/encryptionkeyrotation/README.md new file mode 100644 index 0000000..40c7141 --- /dev/null +++ b/encryptionkeyrotation/README.md @@ -0,0 +1,106 @@ +# CSI Addons Operation: EncryptionKeyRotation + +## Terminology + +| Term | Definition | +| -------- | ------------------------------------------------------------------------------------- | +| VolumeID | The identifier of the volume generated by the plugin. | +| CO | Container Orchestration system that communicates with plugins using CSI service RPCs. | +| SP | Storage Provider, the vendor of a CSI plugin implementation. | +| RPC | [Remote Procedure Call](https://en.wikipedia.org/wiki/Remote_procedure_call). | + +## Objective + +Define an extension to the CSI specification that will enable storage vendors +(SP) to develop controllers/plugins that can rotate the Key Encryption Keys (KEK) +of existing volumes that are encrypted. + +### Goals in MVP + +The new extension will define a procedure that + +- can be called for existing encrypted volumes +- functions for Block and filesystem access mode volumes +- interacts with the NodePlugin +- makes it possible for the SP to rotate encrpytion keys on volumes + +### Non-Goals in MVP + +- Rotating encrpytion keys for inactive volumes + +## Solution Overview + +This specification defines an interface along with the minimum operational and +packaging recommendations for a storage provider (SP) to implement a key rotate operation for volumes. The interface declares the RPCs that a plugin +MUST expose. + +## RPC Interface + +- **EncryptionKeyRotate Service**: Either NodePlugin or ControllerPlugin MAY implement this RPC. + +```protobuf +syntax = "proto3"; +package encryptionkeyrotation; + +import "github.com/container-storage-interface/spec/lib/go/csi/csi.proto"; +import "google/protobuf/descriptor.proto"; + +option go_package = "github.com/csi-addons/spec/lib/go/encryptionkeyrotation"; + +// EncryptionKeyRotationController holds the RPC method for running +// key rotation operation on the volume. +service EncryptionKeyRotationController { + // EncryptionKeyRotate is a procedure that is called + // on the CSI ControllerPlugin or NodePlugin + rpc EncryptionKeyRotate(EncryptionKeyRotateRequest) + returns (EncryptionKeyRotateResponse){} +} +``` + +### EncryptionKeyRotateRequest + +```protobuf +// EncryptionKeyRotateRequest contains the information needed to identify +// the volume by the SP and access any backend services so that the key can be +// rotated. +message EncryptionKeyRotateRequest { + // The ID of the volume for which the key is to be rotated. + // This field is required + string volume_id = 1; + + // The path where the volume is available. + // This field is OPTIONAL + // Useful if you are implementing the RPC on CSI Driver NodePlugin + string volume_path = 2; + + // Provide the encryption key to be set + // This field is OPTIONAL + string encryption_key = 3 [(csi.v1.csi_secret) = true]; + + // Plugin specific parameters passed in as opaque key-value pairs. + map parameters = 4; + + // Secrets required by the plugin to complete the request. + map secrets = 5 [(csi.v1.csi_secret) = true]; +} +``` + +### EncryptionKeyRotateResponse + +```protobuf +// EncryptionKeyRotateResponse holds the information about the result of the +// EncryptionKeyRotateRequest call. +message EncryptionKeyRotateResponse { + +} +``` + +### Error Schemes + +| Condition | gRPC Code | Description | Recovery Behavior | +| ---------------------------- | ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Missing required field | 3 INVALID_ARGUMENT | Indicates that a required field is missing from the request. | Caller MUST fix the request by adding the missing required field before retrying. | +| Volume does not exist | 5 NOT_FOUND | Indicates that a volume corresponding to the specified `volume_id` does not exist. | Caller MUST verify that the `volume_id` is correct and that the volume is accessible and has not been deleted before retrying with exponential back off. | +| Operation pending for volume | 10 ABORTED | Indicates that there is already an operation pending for the specified `volume_id`. In general the CSI-Addons CO plugin is responsible for ensuring that there is no more than one call "in-flight" per `volume_id` at a given time. However, in some circumstances, the CSI-Addons CO plugin MAY lose state (for example when the it crashes and restarts), and MAY issue multiple calls simultaneously for the same `volume_id`. The CSI driver, SHOULD handle this as gracefully as possible, and MAY return this error code to reject secondary calls. | Caller SHOULD ensure that there are no other calls pending for the specified `volume_id`, and then retry with exponential back off. | +| Not authenticated | 16 UNAUTHENTICATED | The invoked RPC does not carry secrets that are valid for authentication. | Caller SHALL either fix the secrets provided in the RPC, or otherwise regalvanize said secrets such that they will pass authentication by the Plugin for the attempted RPC, after which point the caller MAY retry the attempted RPC. | +| Error is Unknown | 2 UNKNOWN | Indicates that a unknown error is generated | Caller MUST study the logs before retrying | diff --git a/encryptionkeyrotation/encryptionkeyrotation.proto b/encryptionkeyrotation/encryptionkeyrotation.proto new file mode 100644 index 0000000..a6ed11f --- /dev/null +++ b/encryptionkeyrotation/encryptionkeyrotation.proto @@ -0,0 +1,45 @@ +// Code generated by make; DO NOT EDIT. +syntax = "proto3"; +package encryptionkeyrotation; + +import "github.com/container-storage-interface/spec/lib/go/csi/csi.proto"; +import "google/protobuf/descriptor.proto"; + +option go_package = "github.com/csi-addons/spec/lib/go/encryptionkeyrotation"; + +// EncryptionKeyRotationController holds the RPC method for running +// key rotation operation on the volume. +service EncryptionKeyRotationController { + // EncryptionKeyRotate is a procedure that is called + // on the CSI ControllerPlugin or NodePlugin + rpc EncryptionKeyRotate(EncryptionKeyRotateRequest) + returns (EncryptionKeyRotateResponse){} +} +// EncryptionKeyRotateRequest contains the information needed to identify +// the volume by the SP and access any backend services so that the key can be +// rotated. +message EncryptionKeyRotateRequest { + // The ID of the volume for which the key is to be rotated. + // This field is required + string volume_id = 1; + + // The path where the volume is available. + // This field is OPTIONAL + // Useful if you are implementing the RPC on CSI Driver NodePlugin + string volume_path = 2; + + // Provide the encryption key to be set + // This field is OPTIONAL + string encryption_key = 3 [(csi.v1.csi_secret) = true]; + + // Plugin specific parameters passed in as opaque key-value pairs. + map parameters = 4; + + // Secrets required by the plugin to complete the request. + map secrets = 5 [(csi.v1.csi_secret) = true]; +} +// EncryptionKeyRotateResponse holds the information about the result of the +// EncryptionKeyRotateRequest call. +message EncryptionKeyRotateResponse { + +} diff --git a/identity/README.md b/identity/README.md index 6b95642..e5e7d62 100644 --- a/identity/README.md +++ b/identity/README.md @@ -300,6 +300,26 @@ message Capability { Type type = 1; } + // EncryptionKeyRotation contains the features of the EncryptionKeyRotation + // operation that the CSI driver supports. + message EncryptionKeyRotation { + // Type describes a CSI Encryption Service that CSI driver can support. + enum Type { + // UNKNOWN indicates that the CSI driver does not support the + // EncryptionKeyRotation operation in the current mode. + // The CSI-Addons CO plugin will most likely ignore this node + // for the EncryptionKeyRotation operation. + UNKNOWN = 0; + // ENCRYPTIONKEYROTATION indicates that the CSI driver provides + // RPCs for an EncryptionKeyRotation operation. + // The presence of this capability determines whether the CSI-Addons CO + // plugin can invoke RPCs for rotating the encryption key. + ENCRYPTIONKEYROTATION = 1; + } + // type contains the Type of CSI Service that the CSI driver supports. + Type type = 1; + } + // Additional CSI-Addons operations will need to be added here. oneof type { @@ -313,6 +333,8 @@ message Capability { VolumeReplication volume_replication = 4; // VolumeGroup operation capabilities. VolumeGroup volume_group = 5; + // EncryptionKeyRotation operation capabilities. + EncryptionKeyRotation encryption_key_rotation = 6; // Additional CSI-Addons operations need to be appended to this list. } diff --git a/identity/identity.proto b/identity/identity.proto index 3837d13..7ba3a81 100644 --- a/identity/identity.proto +++ b/identity/identity.proto @@ -200,6 +200,26 @@ message Capability { Type type = 1; } + // EncryptionKeyRotation contains the features of the EncryptionKeyRotation + // operation that the CSI driver supports. + message EncryptionKeyRotation { + // Type describes a CSI Encryption Service that CSI driver can support. + enum Type { + // UNKNOWN indicates that the CSI driver does not support the + // EncryptionKeyRotation operation in the current mode. + // The CSI-Addons CO plugin will most likely ignore this node + // for the EncryptionKeyRotation operation. + UNKNOWN = 0; + // ENCRYPTIONKEYROTATION indicates that the CSI driver provides + // RPCs for an EncryptionKeyRotation operation. + // The presence of this capability determines whether the CSI-Addons CO + // plugin can invoke RPCs for rotating the encryption key. + ENCRYPTIONKEYROTATION = 1; + } + // type contains the Type of CSI Service that the CSI driver supports. + Type type = 1; + } + // Additional CSI-Addons operations will need to be added here. oneof type { @@ -213,6 +233,8 @@ message Capability { VolumeReplication volume_replication = 4; // VolumeGroup operation capabilities. VolumeGroup volume_group = 5; + // EncryptionKeyRotation operation capabilities. + EncryptionKeyRotation encryption_key_rotation = 6; // Additional CSI-Addons operations need to be appended to this list. } diff --git a/lib/go/encryptionkeyrotation/encryptionkeyrotation.pb.go b/lib/go/encryptionkeyrotation/encryptionkeyrotation.pb.go new file mode 100644 index 0000000..3bc0fdf --- /dev/null +++ b/lib/go/encryptionkeyrotation/encryptionkeyrotation.pb.go @@ -0,0 +1,299 @@ +// Code generated by make; DO NOT EDIT. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.20.2 +// source: encryptionkeyrotation/encryptionkeyrotation.proto + +package encryptionkeyrotation + +import ( + _ "github.com/container-storage-interface/spec/lib/go/csi" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + _ "google.golang.org/protobuf/types/descriptorpb" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// EncryptionKeyRotateRequest contains the information needed to identify +// the volume by the SP and access any backend services so that the key can be +// rotated. +type EncryptionKeyRotateRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The ID of the volume for which the key is to be rotated. + // This field is required + VolumeId string `protobuf:"bytes,1,opt,name=volume_id,json=volumeId,proto3" json:"volume_id,omitempty"` + // The path where the volume is available. + // This field is OPTIONAL + // Useful if you are implementing the RPC on CSI Driver NodePlugin + VolumePath string `protobuf:"bytes,2,opt,name=volume_path,json=volumePath,proto3" json:"volume_path,omitempty"` + // Provide the encryption key to be set + // This field is OPTIONAL + EncryptionKey string `protobuf:"bytes,3,opt,name=encryption_key,json=encryptionKey,proto3" json:"encryption_key,omitempty"` + // Plugin specific parameters passed in as opaque key-value pairs. + Parameters map[string]string `protobuf:"bytes,4,rep,name=parameters,proto3" json:"parameters,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Secrets required by the plugin to complete the request. + Secrets map[string]string `protobuf:"bytes,5,rep,name=secrets,proto3" json:"secrets,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` +} + +func (x *EncryptionKeyRotateRequest) Reset() { + *x = EncryptionKeyRotateRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EncryptionKeyRotateRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EncryptionKeyRotateRequest) ProtoMessage() {} + +func (x *EncryptionKeyRotateRequest) ProtoReflect() protoreflect.Message { + mi := &file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EncryptionKeyRotateRequest.ProtoReflect.Descriptor instead. +func (*EncryptionKeyRotateRequest) Descriptor() ([]byte, []int) { + return file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescGZIP(), []int{0} +} + +func (x *EncryptionKeyRotateRequest) GetVolumeId() string { + if x != nil { + return x.VolumeId + } + return "" +} + +func (x *EncryptionKeyRotateRequest) GetVolumePath() string { + if x != nil { + return x.VolumePath + } + return "" +} + +func (x *EncryptionKeyRotateRequest) GetEncryptionKey() string { + if x != nil { + return x.EncryptionKey + } + return "" +} + +func (x *EncryptionKeyRotateRequest) GetParameters() map[string]string { + if x != nil { + return x.Parameters + } + return nil +} + +func (x *EncryptionKeyRotateRequest) GetSecrets() map[string]string { + if x != nil { + return x.Secrets + } + return nil +} + +// EncryptionKeyRotateResponse holds the information about the result of the +// EncryptionKeyRotateRequest call. +type EncryptionKeyRotateResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *EncryptionKeyRotateResponse) Reset() { + *x = EncryptionKeyRotateResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EncryptionKeyRotateResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EncryptionKeyRotateResponse) ProtoMessage() {} + +func (x *EncryptionKeyRotateResponse) ProtoReflect() protoreflect.Message { + mi := &file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EncryptionKeyRotateResponse.ProtoReflect.Descriptor instead. +func (*EncryptionKeyRotateResponse) Descriptor() ([]byte, []int) { + return file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescGZIP(), []int{1} +} + +var File_encryptionkeyrotation_encryptionkeyrotation_proto protoreflect.FileDescriptor + +var file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDesc = []byte{ + 0x0a, 0x31, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, 0x65, 0x79, 0x72, + 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x6b, 0x65, 0x79, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, + 0x65, 0x79, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x40, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, + 0x2d, 0x73, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x2d, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, + 0x63, 0x65, 0x2f, 0x73, 0x70, 0x65, 0x63, 0x2f, 0x6c, 0x69, 0x62, 0x2f, 0x67, 0x6f, 0x2f, 0x63, + 0x73, 0x69, 0x2f, 0x63, 0x73, 0x69, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, + 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xc3, + 0x03, 0x0a, 0x1a, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, + 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1b, 0x0a, + 0x09, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x49, 0x64, 0x12, 0x1f, 0x0a, 0x0b, 0x76, 0x6f, + 0x6c, 0x75, 0x6d, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0a, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x50, 0x61, 0x74, 0x68, 0x12, 0x2a, 0x0a, 0x0e, 0x65, + 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x42, 0x03, 0x98, 0x42, 0x01, 0x52, 0x0d, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x12, 0x61, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, + 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x65, 0x6e, + 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, 0x65, 0x79, 0x72, 0x6f, 0x74, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, + 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x50, + 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0a, + 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x5d, 0x0a, 0x07, 0x73, 0x65, + 0x63, 0x72, 0x65, 0x74, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x65, 0x6e, + 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, 0x65, 0x79, 0x72, 0x6f, 0x74, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, + 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x53, + 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x03, 0x98, 0x42, 0x01, + 0x52, 0x07, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x1a, 0x3d, 0x0a, 0x0f, 0x50, 0x61, 0x72, + 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, + 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x3a, 0x0a, 0x0c, 0x53, 0x65, 0x63, 0x72, + 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x3a, 0x02, 0x38, 0x01, 0x22, 0x1d, 0x0a, 0x1b, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x32, 0xa1, 0x01, 0x0a, 0x1f, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, 0x6e, + 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x12, 0x7e, 0x0a, 0x13, 0x45, 0x6e, 0x63, 0x72, 0x79, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x12, 0x31, + 0x2e, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, 0x65, 0x79, 0x72, 0x6f, + 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x32, 0x2e, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, 0x65, + 0x79, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x39, 0x5a, 0x37, 0x67, 0x69, 0x74, 0x68, 0x75, + 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x73, 0x69, 0x2d, 0x61, 0x64, 0x64, 0x6f, 0x6e, 0x73, + 0x2f, 0x73, 0x70, 0x65, 0x63, 0x2f, 0x6c, 0x69, 0x62, 0x2f, 0x67, 0x6f, 0x2f, 0x65, 0x6e, 0x63, + 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, 0x65, 0x79, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescOnce sync.Once + file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescData = file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDesc +) + +func file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescGZIP() []byte { + file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescOnce.Do(func() { + file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescData = protoimpl.X.CompressGZIP(file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescData) + }) + return file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescData +} + +var file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_encryptionkeyrotation_encryptionkeyrotation_proto_goTypes = []interface{}{ + (*EncryptionKeyRotateRequest)(nil), // 0: encryptionkeyrotation.EncryptionKeyRotateRequest + (*EncryptionKeyRotateResponse)(nil), // 1: encryptionkeyrotation.EncryptionKeyRotateResponse + nil, // 2: encryptionkeyrotation.EncryptionKeyRotateRequest.ParametersEntry + nil, // 3: encryptionkeyrotation.EncryptionKeyRotateRequest.SecretsEntry +} +var file_encryptionkeyrotation_encryptionkeyrotation_proto_depIdxs = []int32{ + 2, // 0: encryptionkeyrotation.EncryptionKeyRotateRequest.parameters:type_name -> encryptionkeyrotation.EncryptionKeyRotateRequest.ParametersEntry + 3, // 1: encryptionkeyrotation.EncryptionKeyRotateRequest.secrets:type_name -> encryptionkeyrotation.EncryptionKeyRotateRequest.SecretsEntry + 0, // 2: encryptionkeyrotation.EncryptionKeyRotationController.EncryptionKeyRotate:input_type -> encryptionkeyrotation.EncryptionKeyRotateRequest + 1, // 3: encryptionkeyrotation.EncryptionKeyRotationController.EncryptionKeyRotate:output_type -> encryptionkeyrotation.EncryptionKeyRotateResponse + 3, // [3:4] is the sub-list for method output_type + 2, // [2:3] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_encryptionkeyrotation_encryptionkeyrotation_proto_init() } +func file_encryptionkeyrotation_encryptionkeyrotation_proto_init() { + if File_encryptionkeyrotation_encryptionkeyrotation_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EncryptionKeyRotateRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EncryptionKeyRotateResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDesc, + NumEnums: 0, + NumMessages: 4, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_encryptionkeyrotation_encryptionkeyrotation_proto_goTypes, + DependencyIndexes: file_encryptionkeyrotation_encryptionkeyrotation_proto_depIdxs, + MessageInfos: file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes, + }.Build() + File_encryptionkeyrotation_encryptionkeyrotation_proto = out.File + file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDesc = nil + file_encryptionkeyrotation_encryptionkeyrotation_proto_goTypes = nil + file_encryptionkeyrotation_encryptionkeyrotation_proto_depIdxs = nil +} diff --git a/lib/go/encryptionkeyrotation/encryptionkeyrotation_grpc.pb.go b/lib/go/encryptionkeyrotation/encryptionkeyrotation_grpc.pb.go new file mode 100644 index 0000000..63f2afe --- /dev/null +++ b/lib/go/encryptionkeyrotation/encryptionkeyrotation_grpc.pb.go @@ -0,0 +1,116 @@ +// Code generated by make; DO NOT EDIT. + +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.3.0 +// - protoc v3.20.2 +// source: encryptionkeyrotation/encryptionkeyrotation.proto + +package encryptionkeyrotation + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +const ( + EncryptionKeyRotationController_EncryptionKeyRotate_FullMethodName = "/encryptionkeyrotation.EncryptionKeyRotationController/EncryptionKeyRotate" +) + +// EncryptionKeyRotationControllerClient is the client API for EncryptionKeyRotationController service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type EncryptionKeyRotationControllerClient interface { + // EncryptionKeyRotate is a procedure that is called + // on the CSI ControllerPlugin or NodePlugin + EncryptionKeyRotate(ctx context.Context, in *EncryptionKeyRotateRequest, opts ...grpc.CallOption) (*EncryptionKeyRotateResponse, error) +} + +type encryptionKeyRotationControllerClient struct { + cc grpc.ClientConnInterface +} + +func NewEncryptionKeyRotationControllerClient(cc grpc.ClientConnInterface) EncryptionKeyRotationControllerClient { + return &encryptionKeyRotationControllerClient{cc} +} + +func (c *encryptionKeyRotationControllerClient) EncryptionKeyRotate(ctx context.Context, in *EncryptionKeyRotateRequest, opts ...grpc.CallOption) (*EncryptionKeyRotateResponse, error) { + out := new(EncryptionKeyRotateResponse) + err := c.cc.Invoke(ctx, EncryptionKeyRotationController_EncryptionKeyRotate_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// EncryptionKeyRotationControllerServer is the server API for EncryptionKeyRotationController service. +// All implementations must embed UnimplementedEncryptionKeyRotationControllerServer +// for forward compatibility +type EncryptionKeyRotationControllerServer interface { + // EncryptionKeyRotate is a procedure that is called + // on the CSI ControllerPlugin or NodePlugin + EncryptionKeyRotate(context.Context, *EncryptionKeyRotateRequest) (*EncryptionKeyRotateResponse, error) + mustEmbedUnimplementedEncryptionKeyRotationControllerServer() +} + +// UnimplementedEncryptionKeyRotationControllerServer must be embedded to have forward compatible implementations. +type UnimplementedEncryptionKeyRotationControllerServer struct { +} + +func (UnimplementedEncryptionKeyRotationControllerServer) EncryptionKeyRotate(context.Context, *EncryptionKeyRotateRequest) (*EncryptionKeyRotateResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method EncryptionKeyRotate not implemented") +} +func (UnimplementedEncryptionKeyRotationControllerServer) mustEmbedUnimplementedEncryptionKeyRotationControllerServer() { +} + +// UnsafeEncryptionKeyRotationControllerServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to EncryptionKeyRotationControllerServer will +// result in compilation errors. +type UnsafeEncryptionKeyRotationControllerServer interface { + mustEmbedUnimplementedEncryptionKeyRotationControllerServer() +} + +func RegisterEncryptionKeyRotationControllerServer(s grpc.ServiceRegistrar, srv EncryptionKeyRotationControllerServer) { + s.RegisterService(&EncryptionKeyRotationController_ServiceDesc, srv) +} + +func _EncryptionKeyRotationController_EncryptionKeyRotate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(EncryptionKeyRotateRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(EncryptionKeyRotationControllerServer).EncryptionKeyRotate(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: EncryptionKeyRotationController_EncryptionKeyRotate_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(EncryptionKeyRotationControllerServer).EncryptionKeyRotate(ctx, req.(*EncryptionKeyRotateRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// EncryptionKeyRotationController_ServiceDesc is the grpc.ServiceDesc for EncryptionKeyRotationController service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var EncryptionKeyRotationController_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "encryptionkeyrotation.EncryptionKeyRotationController", + HandlerType: (*EncryptionKeyRotationControllerServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "EncryptionKeyRotate", + Handler: _EncryptionKeyRotationController_EncryptionKeyRotate_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "encryptionkeyrotation/encryptionkeyrotation.proto", +} diff --git a/lib/go/identity/identity.pb.go b/lib/go/identity/identity.pb.go index a2d9c9f..bc102c7 100644 --- a/lib/go/identity/identity.pb.go +++ b/lib/go/identity/identity.pb.go @@ -345,6 +345,61 @@ func (Capability_VolumeGroup_Type) EnumDescriptor() ([]byte, []int) { return file_identity_identity_proto_rawDescGZIP(), []int{4, 4, 0} } +// Type describes a CSI Encryption Service that CSI driver can support. +type Capability_EncryptionKeyRotation_Type int32 + +const ( + // UNKNOWN indicates that the CSI driver does not support the + // EncryptionKeyRotation operation in the current mode. + // The CSI-Addons CO plugin will most likely ignore this node + // for the EncryptionKeyRotation operation. + Capability_EncryptionKeyRotation_UNKNOWN Capability_EncryptionKeyRotation_Type = 0 + // ENCRYPTIONKEYROTATION indicates that the CSI driver provides + // RPCs for an EncryptionKeyRotation operation. + // The presence of this capability determines whether the CSI-Addons CO + // plugin can invoke RPCs for rotating the encryption key. + Capability_EncryptionKeyRotation_ENCRYPTIONKEYROTATION Capability_EncryptionKeyRotation_Type = 1 +) + +// Enum value maps for Capability_EncryptionKeyRotation_Type. +var ( + Capability_EncryptionKeyRotation_Type_name = map[int32]string{ + 0: "UNKNOWN", + 1: "ENCRYPTIONKEYROTATION", + } + Capability_EncryptionKeyRotation_Type_value = map[string]int32{ + "UNKNOWN": 0, + "ENCRYPTIONKEYROTATION": 1, + } +) + +func (x Capability_EncryptionKeyRotation_Type) Enum() *Capability_EncryptionKeyRotation_Type { + p := new(Capability_EncryptionKeyRotation_Type) + *p = x + return p +} + +func (x Capability_EncryptionKeyRotation_Type) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (Capability_EncryptionKeyRotation_Type) Descriptor() protoreflect.EnumDescriptor { + return file_identity_identity_proto_enumTypes[5].Descriptor() +} + +func (Capability_EncryptionKeyRotation_Type) Type() protoreflect.EnumType { + return &file_identity_identity_proto_enumTypes[5] +} + +func (x Capability_EncryptionKeyRotation_Type) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use Capability_EncryptionKeyRotation_Type.Descriptor instead. +func (Capability_EncryptionKeyRotation_Type) EnumDescriptor() ([]byte, []int) { + return file_identity_identity_proto_rawDescGZIP(), []int{4, 5, 0} +} + // GetIdentityRequest is sent by the CSI-Addons CO plugin to obtain the // drivername, version and optional details from the CSI-driver. type GetIdentityRequest struct { @@ -561,6 +616,7 @@ type Capability struct { // *Capability_NetworkFence_ // *Capability_VolumeReplication_ // *Capability_VolumeGroup_ + // *Capability_EncryptionKeyRotation_ Type isCapability_Type `protobuf_oneof:"type"` } @@ -638,6 +694,13 @@ func (x *Capability) GetVolumeGroup() *Capability_VolumeGroup { return nil } +func (x *Capability) GetEncryptionKeyRotation() *Capability_EncryptionKeyRotation { + if x, ok := x.GetType().(*Capability_EncryptionKeyRotation_); ok { + return x.EncryptionKeyRotation + } + return nil +} + type isCapability_Type interface { isCapability_Type() } @@ -667,6 +730,11 @@ type Capability_VolumeGroup_ struct { VolumeGroup *Capability_VolumeGroup `protobuf:"bytes,5,opt,name=volume_group,json=volumeGroup,proto3,oneof"` } +type Capability_EncryptionKeyRotation_ struct { + // EncryptionKeyRotation operation capabilities. + EncryptionKeyRotation *Capability_EncryptionKeyRotation `protobuf:"bytes,6,opt,name=encryption_key_rotation,json=encryptionKeyRotation,proto3,oneof"` +} + func (*Capability_Service_) isCapability_Type() {} func (*Capability_ReclaimSpace_) isCapability_Type() {} @@ -677,6 +745,8 @@ func (*Capability_VolumeReplication_) isCapability_Type() {} func (*Capability_VolumeGroup_) isCapability_Type() {} +func (*Capability_EncryptionKeyRotation_) isCapability_Type() {} + // ProbeRequest is sent to the CSI-driver to confirm that it can respond to // requests from the CSI-Addons CO plugin. type ProbeRequest struct { @@ -1034,6 +1104,56 @@ func (x *Capability_VolumeGroup) GetType() Capability_VolumeGroup_Type { return Capability_VolumeGroup_UNKNOWN } +// EncryptionKeyRotation contains the features of the EncryptionKeyRotation +// operation that the CSI driver supports. +type Capability_EncryptionKeyRotation struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // type contains the Type of CSI Service that the CSI driver supports. + Type Capability_EncryptionKeyRotation_Type `protobuf:"varint,1,opt,name=type,proto3,enum=identity.Capability_EncryptionKeyRotation_Type" json:"type,omitempty"` +} + +func (x *Capability_EncryptionKeyRotation) Reset() { + *x = Capability_EncryptionKeyRotation{} + if protoimpl.UnsafeEnabled { + mi := &file_identity_identity_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Capability_EncryptionKeyRotation) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Capability_EncryptionKeyRotation) ProtoMessage() {} + +func (x *Capability_EncryptionKeyRotation) ProtoReflect() protoreflect.Message { + mi := &file_identity_identity_proto_msgTypes[13] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Capability_EncryptionKeyRotation.ProtoReflect.Descriptor instead. +func (*Capability_EncryptionKeyRotation) Descriptor() ([]byte, []int) { + return file_identity_identity_proto_rawDescGZIP(), []int{4, 5} +} + +func (x *Capability_EncryptionKeyRotation) GetType() Capability_EncryptionKeyRotation_Type { + if x != nil { + return x.Type + } + return Capability_EncryptionKeyRotation_UNKNOWN +} + var File_identity_identity_proto protoreflect.FileDescriptor var file_identity_identity_proto_rawDesc = []byte{ @@ -1063,7 +1183,7 @@ var file_identity_identity_proto_rawDesc = []byte{ 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x52, 0x0c, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, - 0x73, 0x22, 0xfc, 0x08, 0x0a, 0x0a, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, + 0x73, 0x22, 0xf1, 0x0a, 0x0a, 0x0a, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x38, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x48, @@ -1086,77 +1206,92 @@ var file_identity_identity_proto_rawDesc = []byte{ 0x65, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x48, - 0x00, 0x52, 0x0b, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x1a, 0x7f, - 0x0a, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x35, 0x0a, 0x04, 0x74, 0x79, 0x70, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, - 0x74, 0x79, 0x2e, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x2e, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, - 0x22, 0x3d, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, - 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x43, 0x4f, 0x4e, 0x54, 0x52, 0x4f, 0x4c, - 0x4c, 0x45, 0x52, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x10, 0x01, 0x12, 0x10, 0x0a, - 0x0c, 0x4e, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, 0x45, 0x10, 0x02, 0x1a, - 0x78, 0x0a, 0x0c, 0x52, 0x65, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x53, 0x70, 0x61, 0x63, 0x65, 0x12, + 0x00, 0x52, 0x0b, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x64, + 0x0a, 0x17, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6b, 0x65, 0x79, + 0x5f, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x2a, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x43, 0x61, 0x70, 0x61, 0x62, + 0x69, 0x6c, 0x69, 0x74, 0x79, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x15, 0x65, + 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x7f, 0x0a, 0x07, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, + 0x35, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21, 0x2e, + 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, + 0x69, 0x74, 0x79, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x54, 0x79, 0x70, 0x65, + 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0x3d, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, + 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x43, + 0x4f, 0x4e, 0x54, 0x52, 0x4f, 0x4c, 0x4c, 0x45, 0x52, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x49, 0x43, + 0x45, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x4e, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x45, 0x52, 0x56, + 0x49, 0x43, 0x45, 0x10, 0x02, 0x1a, 0x78, 0x0a, 0x0c, 0x52, 0x65, 0x63, 0x6c, 0x61, 0x69, 0x6d, + 0x53, 0x70, 0x61, 0x63, 0x65, 0x12, 0x3a, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x43, + 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x2e, 0x52, 0x65, 0x63, 0x6c, 0x61, 0x69, + 0x6d, 0x53, 0x70, 0x61, 0x63, 0x65, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x22, 0x2c, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, + 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x4f, 0x46, 0x46, 0x4c, 0x49, 0x4e, + 0x45, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4f, 0x4e, 0x4c, 0x49, 0x4e, 0x45, 0x10, 0x02, 0x1a, + 0x72, 0x0a, 0x0c, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x46, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x3a, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, - 0x69, 0x74, 0x79, 0x2e, 0x52, 0x65, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x53, 0x70, 0x61, 0x63, 0x65, - 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0x2c, 0x0a, 0x04, 0x54, + 0x69, 0x74, 0x79, 0x2e, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x46, 0x65, 0x6e, 0x63, 0x65, + 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0x26, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, - 0x12, 0x0b, 0x0a, 0x07, 0x4f, 0x46, 0x46, 0x4c, 0x49, 0x4e, 0x45, 0x10, 0x01, 0x12, 0x0a, 0x0a, - 0x06, 0x4f, 0x4e, 0x4c, 0x49, 0x4e, 0x45, 0x10, 0x02, 0x1a, 0x72, 0x0a, 0x0c, 0x4e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x46, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x3a, 0x0a, 0x04, 0x74, 0x79, 0x70, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, - 0x74, 0x79, 0x2e, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x2e, 0x4e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x46, 0x65, 0x6e, 0x63, 0x65, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0x26, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, - 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x4e, 0x45, - 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x5f, 0x46, 0x45, 0x4e, 0x43, 0x45, 0x10, 0x01, 0x1a, 0x81, 0x01, - 0x0a, 0x11, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x3f, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x2b, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x43, 0x61, 0x70, - 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x52, 0x65, - 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, - 0x74, 0x79, 0x70, 0x65, 0x22, 0x2b, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, - 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x16, 0x0a, 0x12, 0x56, 0x4f, 0x4c, - 0x55, 0x4d, 0x45, 0x5f, 0x52, 0x45, 0x50, 0x4c, 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, - 0x01, 0x1a, 0x84, 0x02, 0x0a, 0x0b, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x47, 0x72, 0x6f, 0x75, - 0x70, 0x12, 0x39, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, - 0x25, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x43, 0x61, 0x70, 0x61, 0x62, - 0x69, 0x6c, 0x69, 0x74, 0x79, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x47, 0x72, 0x6f, 0x75, - 0x70, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0xb9, 0x01, 0x0a, + 0x12, 0x11, 0x0a, 0x0d, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x5f, 0x46, 0x45, 0x4e, 0x43, + 0x45, 0x10, 0x01, 0x1a, 0x81, 0x01, 0x0a, 0x11, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x52, 0x65, + 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3f, 0x0a, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, + 0x74, 0x79, 0x2e, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x2e, 0x56, 0x6f, + 0x6c, 0x75, 0x6d, 0x65, 0x52, 0x65, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, + 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0x2b, 0x0a, 0x04, 0x54, 0x79, + 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, + 0x16, 0x0a, 0x12, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x52, 0x45, 0x50, 0x4c, 0x49, 0x43, + 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x01, 0x1a, 0x84, 0x02, 0x0a, 0x0b, 0x56, 0x6f, 0x6c, 0x75, + 0x6d, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x39, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x25, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, + 0x2e, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x2e, 0x56, 0x6f, 0x6c, 0x75, + 0x6d, 0x65, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, + 0x70, 0x65, 0x22, 0xb9, 0x01, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, + 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x56, 0x4f, 0x4c, 0x55, + 0x4d, 0x45, 0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, 0x01, 0x12, 0x24, 0x0a, 0x20, 0x4c, 0x49, + 0x4d, 0x49, 0x54, 0x5f, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x4f, 0x5f, 0x4f, 0x4e, + 0x45, 0x5f, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, 0x02, + 0x12, 0x25, 0x0a, 0x21, 0x44, 0x4f, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x41, 0x4c, 0x4c, 0x4f, 0x57, + 0x5f, 0x56, 0x47, 0x5f, 0x54, 0x4f, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x5f, 0x56, 0x4f, + 0x4c, 0x55, 0x4d, 0x45, 0x53, 0x10, 0x03, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x4f, 0x44, 0x49, 0x46, + 0x59, 0x5f, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, 0x04, + 0x12, 0x14, 0x0a, 0x10, 0x47, 0x45, 0x54, 0x5f, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x47, + 0x52, 0x4f, 0x55, 0x50, 0x10, 0x05, 0x12, 0x16, 0x0a, 0x12, 0x4c, 0x49, 0x53, 0x54, 0x5f, 0x56, + 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x53, 0x10, 0x06, 0x1a, 0x8c, + 0x01, 0x0a, 0x15, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, + 0x52, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x43, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2f, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, + 0x79, 0x2e, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x2e, 0x45, 0x6e, 0x63, + 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0x2e, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, - 0x10, 0x00, 0x12, 0x10, 0x0a, 0x0c, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x47, 0x52, 0x4f, - 0x55, 0x50, 0x10, 0x01, 0x12, 0x24, 0x0a, 0x20, 0x4c, 0x49, 0x4d, 0x49, 0x54, 0x5f, 0x56, 0x4f, - 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x54, 0x4f, 0x5f, 0x4f, 0x4e, 0x45, 0x5f, 0x56, 0x4f, 0x4c, 0x55, - 0x4d, 0x45, 0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, 0x02, 0x12, 0x25, 0x0a, 0x21, 0x44, 0x4f, - 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x41, 0x4c, 0x4c, 0x4f, 0x57, 0x5f, 0x56, 0x47, 0x5f, 0x54, 0x4f, - 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x5f, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x53, 0x10, - 0x03, 0x12, 0x17, 0x0a, 0x13, 0x4d, 0x4f, 0x44, 0x49, 0x46, 0x59, 0x5f, 0x56, 0x4f, 0x4c, 0x55, - 0x4d, 0x45, 0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, 0x04, 0x12, 0x14, 0x0a, 0x10, 0x47, 0x45, - 0x54, 0x5f, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x10, 0x05, - 0x12, 0x16, 0x0a, 0x12, 0x4c, 0x49, 0x53, 0x54, 0x5f, 0x56, 0x4f, 0x4c, 0x55, 0x4d, 0x45, 0x5f, - 0x47, 0x52, 0x4f, 0x55, 0x50, 0x53, 0x10, 0x06, 0x42, 0x06, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, - 0x22, 0x0e, 0x0a, 0x0c, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x22, 0x41, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x12, 0x30, 0x0a, 0x05, 0x72, 0x65, 0x61, 0x64, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, 0x72, 0x65, - 0x61, 0x64, 0x79, 0x32, 0xee, 0x01, 0x0a, 0x08, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, - 0x12, 0x4c, 0x0a, 0x0b, 0x47, 0x65, 0x74, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, - 0x1c, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x49, 0x64, - 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1d, 0x2e, - 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x49, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x58, - 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, - 0x73, 0x12, 0x20, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x47, 0x65, 0x74, - 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x47, - 0x65, 0x74, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x3a, 0x0a, 0x05, 0x50, 0x72, 0x6f, 0x62, - 0x65, 0x12, 0x16, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x50, 0x72, 0x6f, - 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, 0x2e, 0x69, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x74, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x22, 0x00, 0x42, 0x0c, 0x5a, 0x0a, 0x2e, 0x3b, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, - 0x74, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x45, 0x4e, 0x43, 0x52, 0x59, 0x50, 0x54, 0x49, 0x4f, 0x4e, + 0x4b, 0x45, 0x59, 0x52, 0x4f, 0x54, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x01, 0x42, 0x06, 0x0a, + 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0x0e, 0x0a, 0x0c, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x41, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x30, 0x0a, 0x05, 0x72, 0x65, 0x61, 0x64, 0x79, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, + 0x65, 0x52, 0x05, 0x72, 0x65, 0x61, 0x64, 0x79, 0x32, 0xee, 0x01, 0x0a, 0x08, 0x49, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x4c, 0x0a, 0x0b, 0x47, 0x65, 0x74, 0x49, 0x64, 0x65, 0x6e, + 0x74, 0x69, 0x74, 0x79, 0x12, 0x1c, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, + 0x47, 0x65, 0x74, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x1d, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x47, 0x65, + 0x74, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x22, 0x00, 0x12, 0x58, 0x0a, 0x0f, 0x47, 0x65, 0x74, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, + 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x12, 0x20, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, + 0x79, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, + 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, + 0x69, 0x74, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, + 0x69, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x3a, 0x0a, + 0x05, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x16, 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, + 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x17, + 0x2e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x0c, 0x5a, 0x0a, 0x2e, 0x3b, 0x69, + 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1171,54 +1306,58 @@ func file_identity_identity_proto_rawDescGZIP() []byte { return file_identity_identity_proto_rawDescData } -var file_identity_identity_proto_enumTypes = make([]protoimpl.EnumInfo, 5) -var file_identity_identity_proto_msgTypes = make([]protoimpl.MessageInfo, 13) +var file_identity_identity_proto_enumTypes = make([]protoimpl.EnumInfo, 6) +var file_identity_identity_proto_msgTypes = make([]protoimpl.MessageInfo, 14) var file_identity_identity_proto_goTypes = []interface{}{ - (Capability_Service_Type)(0), // 0: identity.Capability.Service.Type - (Capability_ReclaimSpace_Type)(0), // 1: identity.Capability.ReclaimSpace.Type - (Capability_NetworkFence_Type)(0), // 2: identity.Capability.NetworkFence.Type - (Capability_VolumeReplication_Type)(0), // 3: identity.Capability.VolumeReplication.Type - (Capability_VolumeGroup_Type)(0), // 4: identity.Capability.VolumeGroup.Type - (*GetIdentityRequest)(nil), // 5: identity.GetIdentityRequest - (*GetIdentityResponse)(nil), // 6: identity.GetIdentityResponse - (*GetCapabilitiesRequest)(nil), // 7: identity.GetCapabilitiesRequest - (*GetCapabilitiesResponse)(nil), // 8: identity.GetCapabilitiesResponse - (*Capability)(nil), // 9: identity.Capability - (*ProbeRequest)(nil), // 10: identity.ProbeRequest - (*ProbeResponse)(nil), // 11: identity.ProbeResponse - nil, // 12: identity.GetIdentityResponse.ManifestEntry - (*Capability_Service)(nil), // 13: identity.Capability.Service - (*Capability_ReclaimSpace)(nil), // 14: identity.Capability.ReclaimSpace - (*Capability_NetworkFence)(nil), // 15: identity.Capability.NetworkFence - (*Capability_VolumeReplication)(nil), // 16: identity.Capability.VolumeReplication - (*Capability_VolumeGroup)(nil), // 17: identity.Capability.VolumeGroup - (*wrapperspb.BoolValue)(nil), // 18: google.protobuf.BoolValue + (Capability_Service_Type)(0), // 0: identity.Capability.Service.Type + (Capability_ReclaimSpace_Type)(0), // 1: identity.Capability.ReclaimSpace.Type + (Capability_NetworkFence_Type)(0), // 2: identity.Capability.NetworkFence.Type + (Capability_VolumeReplication_Type)(0), // 3: identity.Capability.VolumeReplication.Type + (Capability_VolumeGroup_Type)(0), // 4: identity.Capability.VolumeGroup.Type + (Capability_EncryptionKeyRotation_Type)(0), // 5: identity.Capability.EncryptionKeyRotation.Type + (*GetIdentityRequest)(nil), // 6: identity.GetIdentityRequest + (*GetIdentityResponse)(nil), // 7: identity.GetIdentityResponse + (*GetCapabilitiesRequest)(nil), // 8: identity.GetCapabilitiesRequest + (*GetCapabilitiesResponse)(nil), // 9: identity.GetCapabilitiesResponse + (*Capability)(nil), // 10: identity.Capability + (*ProbeRequest)(nil), // 11: identity.ProbeRequest + (*ProbeResponse)(nil), // 12: identity.ProbeResponse + nil, // 13: identity.GetIdentityResponse.ManifestEntry + (*Capability_Service)(nil), // 14: identity.Capability.Service + (*Capability_ReclaimSpace)(nil), // 15: identity.Capability.ReclaimSpace + (*Capability_NetworkFence)(nil), // 16: identity.Capability.NetworkFence + (*Capability_VolumeReplication)(nil), // 17: identity.Capability.VolumeReplication + (*Capability_VolumeGroup)(nil), // 18: identity.Capability.VolumeGroup + (*Capability_EncryptionKeyRotation)(nil), // 19: identity.Capability.EncryptionKeyRotation + (*wrapperspb.BoolValue)(nil), // 20: google.protobuf.BoolValue } var file_identity_identity_proto_depIdxs = []int32{ - 12, // 0: identity.GetIdentityResponse.manifest:type_name -> identity.GetIdentityResponse.ManifestEntry - 9, // 1: identity.GetCapabilitiesResponse.capabilities:type_name -> identity.Capability - 13, // 2: identity.Capability.service:type_name -> identity.Capability.Service - 14, // 3: identity.Capability.reclaim_space:type_name -> identity.Capability.ReclaimSpace - 15, // 4: identity.Capability.network_fence:type_name -> identity.Capability.NetworkFence - 16, // 5: identity.Capability.volume_replication:type_name -> identity.Capability.VolumeReplication - 17, // 6: identity.Capability.volume_group:type_name -> identity.Capability.VolumeGroup - 18, // 7: identity.ProbeResponse.ready:type_name -> google.protobuf.BoolValue - 0, // 8: identity.Capability.Service.type:type_name -> identity.Capability.Service.Type - 1, // 9: identity.Capability.ReclaimSpace.type:type_name -> identity.Capability.ReclaimSpace.Type - 2, // 10: identity.Capability.NetworkFence.type:type_name -> identity.Capability.NetworkFence.Type - 3, // 11: identity.Capability.VolumeReplication.type:type_name -> identity.Capability.VolumeReplication.Type - 4, // 12: identity.Capability.VolumeGroup.type:type_name -> identity.Capability.VolumeGroup.Type - 5, // 13: identity.Identity.GetIdentity:input_type -> identity.GetIdentityRequest - 7, // 14: identity.Identity.GetCapabilities:input_type -> identity.GetCapabilitiesRequest - 10, // 15: identity.Identity.Probe:input_type -> identity.ProbeRequest - 6, // 16: identity.Identity.GetIdentity:output_type -> identity.GetIdentityResponse - 8, // 17: identity.Identity.GetCapabilities:output_type -> identity.GetCapabilitiesResponse - 11, // 18: identity.Identity.Probe:output_type -> identity.ProbeResponse - 16, // [16:19] is the sub-list for method output_type - 13, // [13:16] is the sub-list for method input_type - 13, // [13:13] is the sub-list for extension type_name - 13, // [13:13] is the sub-list for extension extendee - 0, // [0:13] is the sub-list for field type_name + 13, // 0: identity.GetIdentityResponse.manifest:type_name -> identity.GetIdentityResponse.ManifestEntry + 10, // 1: identity.GetCapabilitiesResponse.capabilities:type_name -> identity.Capability + 14, // 2: identity.Capability.service:type_name -> identity.Capability.Service + 15, // 3: identity.Capability.reclaim_space:type_name -> identity.Capability.ReclaimSpace + 16, // 4: identity.Capability.network_fence:type_name -> identity.Capability.NetworkFence + 17, // 5: identity.Capability.volume_replication:type_name -> identity.Capability.VolumeReplication + 18, // 6: identity.Capability.volume_group:type_name -> identity.Capability.VolumeGroup + 19, // 7: identity.Capability.encryption_key_rotation:type_name -> identity.Capability.EncryptionKeyRotation + 20, // 8: identity.ProbeResponse.ready:type_name -> google.protobuf.BoolValue + 0, // 9: identity.Capability.Service.type:type_name -> identity.Capability.Service.Type + 1, // 10: identity.Capability.ReclaimSpace.type:type_name -> identity.Capability.ReclaimSpace.Type + 2, // 11: identity.Capability.NetworkFence.type:type_name -> identity.Capability.NetworkFence.Type + 3, // 12: identity.Capability.VolumeReplication.type:type_name -> identity.Capability.VolumeReplication.Type + 4, // 13: identity.Capability.VolumeGroup.type:type_name -> identity.Capability.VolumeGroup.Type + 5, // 14: identity.Capability.EncryptionKeyRotation.type:type_name -> identity.Capability.EncryptionKeyRotation.Type + 6, // 15: identity.Identity.GetIdentity:input_type -> identity.GetIdentityRequest + 8, // 16: identity.Identity.GetCapabilities:input_type -> identity.GetCapabilitiesRequest + 11, // 17: identity.Identity.Probe:input_type -> identity.ProbeRequest + 7, // 18: identity.Identity.GetIdentity:output_type -> identity.GetIdentityResponse + 9, // 19: identity.Identity.GetCapabilities:output_type -> identity.GetCapabilitiesResponse + 12, // 20: identity.Identity.Probe:output_type -> identity.ProbeResponse + 18, // [18:21] is the sub-list for method output_type + 15, // [15:18] is the sub-list for method input_type + 15, // [15:15] is the sub-list for extension type_name + 15, // [15:15] is the sub-list for extension extendee + 0, // [0:15] is the sub-list for field type_name } func init() { file_identity_identity_proto_init() } @@ -1371,6 +1510,18 @@ func file_identity_identity_proto_init() { return nil } } + file_identity_identity_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Capability_EncryptionKeyRotation); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } file_identity_identity_proto_msgTypes[4].OneofWrappers = []interface{}{ (*Capability_Service_)(nil), @@ -1378,14 +1529,15 @@ func file_identity_identity_proto_init() { (*Capability_NetworkFence_)(nil), (*Capability_VolumeReplication_)(nil), (*Capability_VolumeGroup_)(nil), + (*Capability_EncryptionKeyRotation_)(nil), } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_identity_identity_proto_rawDesc, - NumEnums: 5, - NumMessages: 13, + NumEnums: 6, + NumMessages: 14, NumExtensions: 0, NumServices: 1, },