gen, protos: multiple tlogs and tsas

Signed-off-by: William Woodruff <[email protected]>
sigstore · Mar 26, 2024 · 1478df1 · 1478df1
1 parent d7222cd
commit 1478df1
Show file tree

Hide file tree

Showing 9 changed files with 105 additions and 84 deletions.
diff --git a/gen/jsonschema/schemas/ClientTrustConfig.schema.json b/gen/jsonschema/schemas/ClientTrustConfig.schema.json
@@ -192,13 +192,19 @@
                     "type": "string",
                     "description": "A URL to an OpenID Connect identity provider. This URL **MUST** be the \"base\" URL for the OIDC IdP, which clients should perform well-known OpenID Connect discovery against."
                 },
-                "tlogUrl": {
-                    "type": "string",
-                    "description": "A URL to a Rekor-compatible transparency log. This URL **MUST** be the \"base\" URL for the transparency log, which clients should construct appropriate API endpoints on top of."
+                "tlogUrls": {
+                    "items": {
+                        "type": "string"
+                    },
+                    "type": "array",
+                    "description": "One or more URLs to Rekor-compatible transparency log. Each URL **MUST** be the \"base\" URL for the transparency log, which clients should construct appropriate API endpoints on top of."
                 },
-                "tsaUrl": {
-                    "type": "string",
-                    "description": "A URL to an RFC 3161 Time Stamping Authority (TSA). This URL **MUST** be the **full** URL for the TSA, meaning that it should be suitable for submitting Time Stamp Requests (TSRs) to via HTTP, per RFC 3161."
+                "tsaUrls": {
+                    "items": {
+                        "type": "string"
+                    },
+                    "type": "array",
+                    "description": "One ore more URLs to RFC 3161 Time Stamping Authority (TSA). Each URL **MUST** be the **full** URL for the TSA, meaning that it should be suitable for submitting Time Stamp Requests (TSRs) to via HTTP, per RFC 3161."
                 }
             },
             "additionalProperties": false,

diff --git a/gen/jsonschema/schemas/SigningConfig.schema.json b/gen/jsonschema/schemas/SigningConfig.schema.json
@@ -12,13 +12,19 @@
                     "type": "string",
                     "description": "A URL to an OpenID Connect identity provider. This URL **MUST** be the \"base\" URL for the OIDC IdP, which clients should perform well-known OpenID Connect discovery against."
                 },
-                "tlogUrl": {
-                    "type": "string",
-                    "description": "A URL to a Rekor-compatible transparency log. This URL **MUST** be the \"base\" URL for the transparency log, which clients should construct appropriate API endpoints on top of."
+                "tlogUrls": {
+                    "items": {
+                        "type": "string"
+                    },
+                    "type": "array",
+                    "description": "One or more URLs to Rekor-compatible transparency log. Each URL **MUST** be the \"base\" URL for the transparency log, which clients should construct appropriate API endpoints on top of."
                 },
-                "tsaUrl": {
-                    "type": "string",
-                    "description": "A URL to an RFC 3161 Time Stamping Authority (TSA). This URL **MUST** be the **full** URL for the TSA, meaning that it should be suitable for submitting Time Stamp Requests (TSRs) to via HTTP, per RFC 3161."
+                "tsaUrls": {
+                    "items": {
+                        "type": "string"
+                    },
+                    "type": "array",
+                    "description": "One ore more URLs to RFC 3161 Time Stamping Authority (TSA). Each URL **MUST** be the **full** URL for the TSA, meaning that it should be suitable for submitting Time Stamp Requests (TSRs) to via HTTP, per RFC 3161."
                 }
             },
             "additionalProperties": false,

diff --git a/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go b/gen/pb-go/trustroot/v1/sigstore_trustroot.pb.go
diff --git a/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py b/gen/pb-python/sigstore_protobuf_specs/dev/sigstore/trustroot/v1/__init__.py
diff --git a/gen/pb-ruby/lib/sigstore_trustroot_pb.rb b/gen/pb-ruby/lib/sigstore_trustroot_pb.rb
diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs b/gen/pb-rust/sigstore-protobuf-specs/src/generated/dev.sigstore.trustroot.v1.rs
@@ -162,19 +162,19 @@ pub struct SigningConfig {
     /// should perform well-known OpenID Connect discovery against.
     #[prost(string, tag = "2")]
     pub oidc_url: ::prost::alloc::string::String,
-    /// A URL to a Rekor-compatible transparency log.
+    /// One or more URLs to Rekor-compatible transparency log.
     ///
-    /// This URL **MUST** be the "base" URL for the transparency log,
+    /// Each URL **MUST** be the "base" URL for the transparency log,
     /// which clients should construct appropriate API endpoints on top of.
-    #[prost(string, tag = "3")]
-    pub tlog_url: ::prost::alloc::string::String,
-    /// A URL to an RFC 3161 Time Stamping Authority (TSA).
+    #[prost(string, repeated, tag = "3")]
+    pub tlog_urls: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
+    /// One ore more URLs to RFC 3161 Time Stamping Authority (TSA).
     ///
-    /// This URL **MUST** be the **full** URL for the TSA, meaning that it
+    /// Each URL **MUST** be the **full** URL for the TSA, meaning that it
     /// should be suitable for submitting Time Stamp Requests (TSRs) to
     /// via HTTP, per RFC 3161.
-    #[prost(string, tag = "4")]
-    pub tsa_url: ::prost::alloc::string::String,
+    #[prost(string, repeated, tag = "4")]
+    pub tsa_urls: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
 }
 /// ClientTrustConfig describes the complete state needed by a client
 /// to perform both signing and verification operations against a particular

diff --git a/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin b/gen/pb-rust/sigstore-protobuf-specs/src/generated/file_descriptor_set.bin
diff --git a/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts b/gen/pb-typescript/src/__generated__/sigstore_trustroot.ts
diff --git a/protos/sigstore_trustroot.proto b/protos/sigstore_trustroot.proto
@@ -141,18 +141,18 @@ message SigningConfig {
         // should perform well-known OpenID Connect discovery against.
         string oidc_url = 2;
 
-        // A URL to a Rekor-compatible transparency log.
+        // One or more URLs to Rekor-compatible transparency log.
         //
-        // This URL **MUST** be the "base" URL for the transparency log,
+        // Each URL **MUST** be the "base" URL for the transparency log,
         // which clients should construct appropriate API endpoints on top of.
-        string tlog_url = 3;
+        repeated string tlog_urls = 3;
 
-        // A URL to an RFC 3161 Time Stamping Authority (TSA).
+        // One ore more URLs to RFC 3161 Time Stamping Authority (TSA).
         //
-        // This URL **MUST** be the **full** URL for the TSA, meaning that it
+        // Each URL **MUST** be the **full** URL for the TSA, meaning that it
         // should be suitable for submitting Time Stamp Requests (TSRs) to
         // via HTTP, per RFC 3161.
-        string tsa_url = 4;
+        repeated string tsa_urls = 4;
 }
 
 // ClientTrustConfig describes the complete state needed by a client