From 54e821e0e8265c1ef2bd227029ed4bd360653905 Mon Sep 17 00:00:00 2001 From: Andrew Harding Date: Tue, 7 Nov 2023 10:11:12 -0600 Subject: [PATCH] New SyncAuthorizedEntries RPC (#49) * New SyncAuthorizedEntries RPC Signed-off-by: Andrew Harding * Fix up comments Signed-off-by: Andrew Harding * more comments Signed-off-by: Andrew Harding --------- Signed-off-by: Andrew Harding --- proto/spire/api/server/entry/v1/entry.pb.go | 500 ++++++++++++++---- proto/spire/api/server/entry/v1/entry.proto | 56 ++ .../api/server/entry/v1/entry_grpc.pb.go | 105 +++- 3 files changed, 543 insertions(+), 118 deletions(-) diff --git a/proto/spire/api/server/entry/v1/entry.pb.go b/proto/spire/api/server/entry/v1/entry.pb.go index 86c5932..1376ba7 100644 --- a/proto/spire/api/server/entry/v1/entry.pb.go +++ b/proto/spire/api/server/entry/v1/entry.pb.go @@ -711,6 +711,196 @@ func (x *GetAuthorizedEntriesResponse) GetEntries() []*types.Entry { return nil } +type SyncAuthorizedEntriesRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // An output mask indicating which fields are set in the response. + OutputMask *types.EntryMask `protobuf:"bytes,1,opt,name=output_mask,json=outputMask,proto3" json:"output_mask,omitempty"` + // IDs of the entries to fetch in full. Sent by the client in response to + // a sparse entry. + Ids []string `protobuf:"bytes,2,rep,name=ids,proto3" json:"ids,omitempty"` +} + +func (x *SyncAuthorizedEntriesRequest) Reset() { + *x = SyncAuthorizedEntriesRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SyncAuthorizedEntriesRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SyncAuthorizedEntriesRequest) ProtoMessage() {} + +func (x *SyncAuthorizedEntriesRequest) ProtoReflect() protoreflect.Message { + mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[13] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SyncAuthorizedEntriesRequest.ProtoReflect.Descriptor instead. +func (*SyncAuthorizedEntriesRequest) Descriptor() ([]byte, []int) { + return file_spire_api_server_entry_v1_entry_proto_rawDescGZIP(), []int{13} +} + +func (x *SyncAuthorizedEntriesRequest) GetOutputMask() *types.EntryMask { + if x != nil { + return x.OutputMask + } + return nil +} + +func (x *SyncAuthorizedEntriesRequest) GetIds() []string { + if x != nil { + return x.Ids + } + return nil +} + +type SyncAuthorizedEntriesResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The revisions of the authorized entries. This field is set when the + // authorized entry list meets or exceeds the server-determined page size. + // Callers use it to determine which entries are new/updated that they then + // request on the stream. + // See SyncAuthorizedEntries for details. + EntryRevisions []*EntryRevision `protobuf:"bytes,1,rep,name=entry_revisions,json=entryRevisions,proto3" json:"entry_revisions,omitempty"` + // The authorized entries. This field is set either 1) on the initial + // response if the number of authorized entries is less than the page size + // or 2) in response to the caller requesting the entries after determining + // they need to details based on entry revisions provided in a previous + // response. + // See SyncAuthorizedEntries for details. + Entries []*types.Entry `protobuf:"bytes,2,rep,name=entries,proto3" json:"entries,omitempty"` + // Whether there are more entries to sync down in this response phase. + More bool `protobuf:"varint,3,opt,name=more,proto3" json:"more,omitempty"` +} + +func (x *SyncAuthorizedEntriesResponse) Reset() { + *x = SyncAuthorizedEntriesResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[14] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *SyncAuthorizedEntriesResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SyncAuthorizedEntriesResponse) ProtoMessage() {} + +func (x *SyncAuthorizedEntriesResponse) ProtoReflect() protoreflect.Message { + mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[14] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SyncAuthorizedEntriesResponse.ProtoReflect.Descriptor instead. +func (*SyncAuthorizedEntriesResponse) Descriptor() ([]byte, []int) { + return file_spire_api_server_entry_v1_entry_proto_rawDescGZIP(), []int{14} +} + +func (x *SyncAuthorizedEntriesResponse) GetEntryRevisions() []*EntryRevision { + if x != nil { + return x.EntryRevisions + } + return nil +} + +func (x *SyncAuthorizedEntriesResponse) GetEntries() []*types.Entry { + if x != nil { + return x.Entries + } + return nil +} + +func (x *SyncAuthorizedEntriesResponse) GetMore() bool { + if x != nil { + return x.More + } + return false +} + +type EntryRevision struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The entry ID. + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + // The entry revision number. + RevisionNumber int64 `protobuf:"varint,2,opt,name=revision_number,json=revisionNumber,proto3" json:"revision_number,omitempty"` +} + +func (x *EntryRevision) Reset() { + *x = EntryRevision{} + if protoimpl.UnsafeEnabled { + mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[15] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EntryRevision) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EntryRevision) ProtoMessage() {} + +func (x *EntryRevision) ProtoReflect() protoreflect.Message { + mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[15] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EntryRevision.ProtoReflect.Descriptor instead. +func (*EntryRevision) Descriptor() ([]byte, []int) { + return file_spire_api_server_entry_v1_entry_proto_rawDescGZIP(), []int{15} +} + +func (x *EntryRevision) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +func (x *EntryRevision) GetRevisionNumber() int64 { + if x != nil { + return x.RevisionNumber + } + return 0 +} + type ListEntriesRequest_Filter struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -726,7 +916,7 @@ type ListEntriesRequest_Filter struct { func (x *ListEntriesRequest_Filter) Reset() { *x = ListEntriesRequest_Filter{} if protoimpl.UnsafeEnabled { - mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[13] + mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[16] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -739,7 +929,7 @@ func (x *ListEntriesRequest_Filter) String() string { func (*ListEntriesRequest_Filter) ProtoMessage() {} func (x *ListEntriesRequest_Filter) ProtoReflect() protoreflect.Message { - mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[13] + mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[16] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -809,7 +999,7 @@ type BatchCreateEntryResponse_Result struct { func (x *BatchCreateEntryResponse_Result) Reset() { *x = BatchCreateEntryResponse_Result{} if protoimpl.UnsafeEnabled { - mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[14] + mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[17] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -822,7 +1012,7 @@ func (x *BatchCreateEntryResponse_Result) String() string { func (*BatchCreateEntryResponse_Result) ProtoMessage() {} func (x *BatchCreateEntryResponse_Result) ProtoReflect() protoreflect.Message { - mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[14] + mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[17] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -868,7 +1058,7 @@ type BatchUpdateEntryResponse_Result struct { func (x *BatchUpdateEntryResponse_Result) Reset() { *x = BatchUpdateEntryResponse_Result{} if protoimpl.UnsafeEnabled { - mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[15] + mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[18] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -881,7 +1071,7 @@ func (x *BatchUpdateEntryResponse_Result) String() string { func (*BatchUpdateEntryResponse_Result) ProtoMessage() {} func (x *BatchUpdateEntryResponse_Result) ProtoReflect() protoreflect.Message { - mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[15] + mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[18] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -925,7 +1115,7 @@ type BatchDeleteEntryResponse_Result struct { func (x *BatchDeleteEntryResponse_Result) Reset() { *x = BatchDeleteEntryResponse_Result{} if protoimpl.UnsafeEnabled { - mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[16] + mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[19] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -938,7 +1128,7 @@ func (x *BatchDeleteEntryResponse_Result) String() string { func (*BatchDeleteEntryResponse_Result) ProtoMessage() {} func (x *BatchDeleteEntryResponse_Result) ProtoReflect() protoreflect.Message { - mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[16] + mi := &file_spire_api_server_entry_v1_entry_proto_msgTypes[19] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1113,64 +1303,96 @@ var file_spire_api_server_entry_v1_entry_proto_rawDesc = []byte{ 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x30, 0x0a, 0x07, 0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x07, 0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x32, 0xb7, 0x06, 0x0a, 0x05, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x6f, 0x0a, 0x0c, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x69, - 0x65, 0x73, 0x12, 0x2e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x43, - 0x6f, 0x75, 0x6e, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x43, - 0x6f, 0x75, 0x6e, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x12, 0x6c, 0x0a, 0x0b, 0x4c, 0x69, 0x73, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x69, - 0x65, 0x73, 0x12, 0x2d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x4c, - 0x69, 0x73, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x2e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x4c, 0x69, - 0x73, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x12, 0x4e, 0x0a, 0x08, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x2a, 0x2e, - 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x73, 0x70, 0x69, 0x72, - 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x7b, 0x0a, 0x10, 0x42, 0x61, 0x74, 0x63, 0x68, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x32, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, + 0x07, 0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x22, 0x6d, 0x0a, 0x1c, 0x53, 0x79, 0x6e, 0x63, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, + 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3b, 0x0a, 0x0b, 0x6f, 0x75, 0x74, 0x70, + 0x75, 0x74, 0x5f, 0x6d, 0x61, 0x73, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, + 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x4d, 0x61, 0x73, 0x6b, 0x52, 0x0a, 0x6f, 0x75, 0x74, 0x70, 0x75, + 0x74, 0x4d, 0x61, 0x73, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x69, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x03, 0x69, 0x64, 0x73, 0x22, 0xb8, 0x01, 0x0a, 0x1d, 0x53, 0x79, 0x6e, 0x63, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, + 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x51, 0x0a, 0x0f, 0x65, 0x6e, 0x74, + 0x72, 0x79, 0x5f, 0x72, 0x65, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x65, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x65, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x30, 0x0a, 0x07, + 0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x16, 0x2e, + 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x65, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x12, + 0x0a, 0x04, 0x6d, 0x6f, 0x72, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x6d, 0x6f, + 0x72, 0x65, 0x22, 0x48, 0x0a, 0x0d, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x65, 0x76, 0x69, 0x73, + 0x69, 0x6f, 0x6e, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x02, 0x69, 0x64, 0x12, 0x27, 0x0a, 0x0f, 0x72, 0x65, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x5f, + 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x0e, 0x72, 0x65, + 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x32, 0xc8, 0x07, 0x0a, + 0x05, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x6f, 0x0a, 0x0c, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x45, + 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x2e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, + 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, + 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, + 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, + 0x76, 0x31, 0x2e, 0x43, 0x6f, 0x75, 0x6e, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6c, 0x0a, 0x0b, 0x4c, 0x69, 0x73, 0x74, 0x45, + 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x2d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, + 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, + 0x76, 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, - 0x31, 0x2e, 0x42, 0x61, 0x74, 0x63, 0x68, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x33, 0x2e, 0x73, 0x70, 0x69, 0x72, + 0x31, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4e, 0x0a, 0x08, 0x47, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x2a, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, + 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, + 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x7b, 0x0a, 0x10, 0x42, 0x61, 0x74, 0x63, 0x68, 0x43, 0x72, + 0x65, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x32, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x61, 0x74, 0x63, 0x68, 0x43, 0x72, 0x65, 0x61, 0x74, - 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7b, - 0x0a, 0x10, 0x42, 0x61, 0x74, 0x63, 0x68, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x32, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x42, - 0x61, 0x74, 0x63, 0x68, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x33, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, + 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x33, 0x2e, + 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x61, 0x74, 0x63, 0x68, 0x43, + 0x72, 0x65, 0x61, 0x74, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x12, 0x7b, 0x0a, 0x10, 0x42, 0x61, 0x74, 0x63, 0x68, 0x55, 0x70, 0x64, 0x61, 0x74, + 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x32, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x61, 0x74, 0x63, 0x68, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7b, 0x0a, 0x10, 0x42, - 0x61, 0x74, 0x63, 0x68, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x32, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x61, 0x74, 0x63, - 0x68, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x33, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, + 0x74, 0x72, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x33, 0x2e, 0x73, 0x70, 0x69, + 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x61, 0x74, 0x63, 0x68, 0x55, 0x70, 0x64, 0x61, + 0x74, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, + 0x7b, 0x0a, 0x10, 0x42, 0x61, 0x74, 0x63, 0x68, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x32, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x61, 0x74, 0x63, 0x68, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x87, 0x01, 0x0a, 0x14, 0x47, 0x65, 0x74, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, - 0x73, 0x12, 0x36, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, - 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x69, - 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x37, 0x2e, 0x73, 0x70, 0x69, 0x72, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x33, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, + 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x2e, 0x76, 0x31, 0x2e, 0x42, 0x61, 0x74, 0x63, 0x68, 0x44, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x87, 0x01, 0x0a, + 0x14, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x45, 0x6e, + 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x36, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, + 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, + 0x31, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x45, + 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x37, 0x2e, + 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x8e, 0x01, 0x0a, 0x15, 0x53, 0x79, 0x6e, 0x63, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, + 0x12, 0x37, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, + 0x63, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x69, + 0x65, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x38, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x7a, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x42, 0x49, 0x5a, 0x47, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, - 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x61, 0x70, - 0x69, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, - 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x65, 0x6e, 0x74, - 0x72, 0x79, 0x2f, 0x76, 0x31, 0x3b, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x76, 0x31, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x72, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x79, 0x6e, 0x63, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x7a, 0x65, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x49, 0x5a, 0x47, 0x67, 0x69, 0x74, 0x68, 0x75, + 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, + 0x72, 0x65, 0x2d, 0x61, 0x70, 0x69, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x2f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2f, 0x76, 0x31, 0x3b, 0x65, 0x6e, 0x74, 0x72, 0x79, + 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1185,7 +1407,7 @@ func file_spire_api_server_entry_v1_entry_proto_rawDescGZIP() []byte { return file_spire_api_server_entry_v1_entry_proto_rawDescData } -var file_spire_api_server_entry_v1_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 17) +var file_spire_api_server_entry_v1_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 20) var file_spire_api_server_entry_v1_entry_proto_goTypes = []interface{}{ (*CountEntriesRequest)(nil), // 0: spire.api.server.entry.v1.CountEntriesRequest (*CountEntriesResponse)(nil), // 1: spire.api.server.entry.v1.CountEntriesResponse @@ -1200,62 +1422,70 @@ var file_spire_api_server_entry_v1_entry_proto_goTypes = []interface{}{ (*BatchDeleteEntryResponse)(nil), // 10: spire.api.server.entry.v1.BatchDeleteEntryResponse (*GetAuthorizedEntriesRequest)(nil), // 11: spire.api.server.entry.v1.GetAuthorizedEntriesRequest (*GetAuthorizedEntriesResponse)(nil), // 12: spire.api.server.entry.v1.GetAuthorizedEntriesResponse - (*ListEntriesRequest_Filter)(nil), // 13: spire.api.server.entry.v1.ListEntriesRequest.Filter - (*BatchCreateEntryResponse_Result)(nil), // 14: spire.api.server.entry.v1.BatchCreateEntryResponse.Result - (*BatchUpdateEntryResponse_Result)(nil), // 15: spire.api.server.entry.v1.BatchUpdateEntryResponse.Result - (*BatchDeleteEntryResponse_Result)(nil), // 16: spire.api.server.entry.v1.BatchDeleteEntryResponse.Result - (*types.EntryMask)(nil), // 17: spire.api.types.EntryMask - (*types.Entry)(nil), // 18: spire.api.types.Entry - (*types.SPIFFEID)(nil), // 19: spire.api.types.SPIFFEID - (*types.SelectorMatch)(nil), // 20: spire.api.types.SelectorMatch - (*types.FederatesWithMatch)(nil), // 21: spire.api.types.FederatesWithMatch - (*wrapperspb.StringValue)(nil), // 22: google.protobuf.StringValue - (*types.Status)(nil), // 23: spire.api.types.Status + (*SyncAuthorizedEntriesRequest)(nil), // 13: spire.api.server.entry.v1.SyncAuthorizedEntriesRequest + (*SyncAuthorizedEntriesResponse)(nil), // 14: spire.api.server.entry.v1.SyncAuthorizedEntriesResponse + (*EntryRevision)(nil), // 15: spire.api.server.entry.v1.EntryRevision + (*ListEntriesRequest_Filter)(nil), // 16: spire.api.server.entry.v1.ListEntriesRequest.Filter + (*BatchCreateEntryResponse_Result)(nil), // 17: spire.api.server.entry.v1.BatchCreateEntryResponse.Result + (*BatchUpdateEntryResponse_Result)(nil), // 18: spire.api.server.entry.v1.BatchUpdateEntryResponse.Result + (*BatchDeleteEntryResponse_Result)(nil), // 19: spire.api.server.entry.v1.BatchDeleteEntryResponse.Result + (*types.EntryMask)(nil), // 20: spire.api.types.EntryMask + (*types.Entry)(nil), // 21: spire.api.types.Entry + (*types.SPIFFEID)(nil), // 22: spire.api.types.SPIFFEID + (*types.SelectorMatch)(nil), // 23: spire.api.types.SelectorMatch + (*types.FederatesWithMatch)(nil), // 24: spire.api.types.FederatesWithMatch + (*wrapperspb.StringValue)(nil), // 25: google.protobuf.StringValue + (*types.Status)(nil), // 26: spire.api.types.Status } var file_spire_api_server_entry_v1_entry_proto_depIdxs = []int32{ - 13, // 0: spire.api.server.entry.v1.ListEntriesRequest.filter:type_name -> spire.api.server.entry.v1.ListEntriesRequest.Filter - 17, // 1: spire.api.server.entry.v1.ListEntriesRequest.output_mask:type_name -> spire.api.types.EntryMask - 18, // 2: spire.api.server.entry.v1.ListEntriesResponse.entries:type_name -> spire.api.types.Entry - 17, // 3: spire.api.server.entry.v1.GetEntryRequest.output_mask:type_name -> spire.api.types.EntryMask - 18, // 4: spire.api.server.entry.v1.BatchCreateEntryRequest.entries:type_name -> spire.api.types.Entry - 17, // 5: spire.api.server.entry.v1.BatchCreateEntryRequest.output_mask:type_name -> spire.api.types.EntryMask - 14, // 6: spire.api.server.entry.v1.BatchCreateEntryResponse.results:type_name -> spire.api.server.entry.v1.BatchCreateEntryResponse.Result - 18, // 7: spire.api.server.entry.v1.BatchUpdateEntryRequest.entries:type_name -> spire.api.types.Entry - 17, // 8: spire.api.server.entry.v1.BatchUpdateEntryRequest.input_mask:type_name -> spire.api.types.EntryMask - 17, // 9: spire.api.server.entry.v1.BatchUpdateEntryRequest.output_mask:type_name -> spire.api.types.EntryMask - 15, // 10: spire.api.server.entry.v1.BatchUpdateEntryResponse.results:type_name -> spire.api.server.entry.v1.BatchUpdateEntryResponse.Result - 16, // 11: spire.api.server.entry.v1.BatchDeleteEntryResponse.results:type_name -> spire.api.server.entry.v1.BatchDeleteEntryResponse.Result - 17, // 12: spire.api.server.entry.v1.GetAuthorizedEntriesRequest.output_mask:type_name -> spire.api.types.EntryMask - 18, // 13: spire.api.server.entry.v1.GetAuthorizedEntriesResponse.entries:type_name -> spire.api.types.Entry - 19, // 14: spire.api.server.entry.v1.ListEntriesRequest.Filter.by_spiffe_id:type_name -> spire.api.types.SPIFFEID - 19, // 15: spire.api.server.entry.v1.ListEntriesRequest.Filter.by_parent_id:type_name -> spire.api.types.SPIFFEID - 20, // 16: spire.api.server.entry.v1.ListEntriesRequest.Filter.by_selectors:type_name -> spire.api.types.SelectorMatch - 21, // 17: spire.api.server.entry.v1.ListEntriesRequest.Filter.by_federates_with:type_name -> spire.api.types.FederatesWithMatch - 22, // 18: spire.api.server.entry.v1.ListEntriesRequest.Filter.by_hint:type_name -> google.protobuf.StringValue - 23, // 19: spire.api.server.entry.v1.BatchCreateEntryResponse.Result.status:type_name -> spire.api.types.Status - 18, // 20: spire.api.server.entry.v1.BatchCreateEntryResponse.Result.entry:type_name -> spire.api.types.Entry - 23, // 21: spire.api.server.entry.v1.BatchUpdateEntryResponse.Result.status:type_name -> spire.api.types.Status - 18, // 22: spire.api.server.entry.v1.BatchUpdateEntryResponse.Result.entry:type_name -> spire.api.types.Entry - 23, // 23: spire.api.server.entry.v1.BatchDeleteEntryResponse.Result.status:type_name -> spire.api.types.Status - 0, // 24: spire.api.server.entry.v1.Entry.CountEntries:input_type -> spire.api.server.entry.v1.CountEntriesRequest - 2, // 25: spire.api.server.entry.v1.Entry.ListEntries:input_type -> spire.api.server.entry.v1.ListEntriesRequest - 4, // 26: spire.api.server.entry.v1.Entry.GetEntry:input_type -> spire.api.server.entry.v1.GetEntryRequest - 5, // 27: spire.api.server.entry.v1.Entry.BatchCreateEntry:input_type -> spire.api.server.entry.v1.BatchCreateEntryRequest - 7, // 28: spire.api.server.entry.v1.Entry.BatchUpdateEntry:input_type -> spire.api.server.entry.v1.BatchUpdateEntryRequest - 9, // 29: spire.api.server.entry.v1.Entry.BatchDeleteEntry:input_type -> spire.api.server.entry.v1.BatchDeleteEntryRequest - 11, // 30: spire.api.server.entry.v1.Entry.GetAuthorizedEntries:input_type -> spire.api.server.entry.v1.GetAuthorizedEntriesRequest - 1, // 31: spire.api.server.entry.v1.Entry.CountEntries:output_type -> spire.api.server.entry.v1.CountEntriesResponse - 3, // 32: spire.api.server.entry.v1.Entry.ListEntries:output_type -> spire.api.server.entry.v1.ListEntriesResponse - 18, // 33: spire.api.server.entry.v1.Entry.GetEntry:output_type -> spire.api.types.Entry - 6, // 34: spire.api.server.entry.v1.Entry.BatchCreateEntry:output_type -> spire.api.server.entry.v1.BatchCreateEntryResponse - 8, // 35: spire.api.server.entry.v1.Entry.BatchUpdateEntry:output_type -> spire.api.server.entry.v1.BatchUpdateEntryResponse - 10, // 36: spire.api.server.entry.v1.Entry.BatchDeleteEntry:output_type -> spire.api.server.entry.v1.BatchDeleteEntryResponse - 12, // 37: spire.api.server.entry.v1.Entry.GetAuthorizedEntries:output_type -> spire.api.server.entry.v1.GetAuthorizedEntriesResponse - 31, // [31:38] is the sub-list for method output_type - 24, // [24:31] is the sub-list for method input_type - 24, // [24:24] is the sub-list for extension type_name - 24, // [24:24] is the sub-list for extension extendee - 0, // [0:24] is the sub-list for field type_name + 16, // 0: spire.api.server.entry.v1.ListEntriesRequest.filter:type_name -> spire.api.server.entry.v1.ListEntriesRequest.Filter + 20, // 1: spire.api.server.entry.v1.ListEntriesRequest.output_mask:type_name -> spire.api.types.EntryMask + 21, // 2: spire.api.server.entry.v1.ListEntriesResponse.entries:type_name -> spire.api.types.Entry + 20, // 3: spire.api.server.entry.v1.GetEntryRequest.output_mask:type_name -> spire.api.types.EntryMask + 21, // 4: spire.api.server.entry.v1.BatchCreateEntryRequest.entries:type_name -> spire.api.types.Entry + 20, // 5: spire.api.server.entry.v1.BatchCreateEntryRequest.output_mask:type_name -> spire.api.types.EntryMask + 17, // 6: spire.api.server.entry.v1.BatchCreateEntryResponse.results:type_name -> spire.api.server.entry.v1.BatchCreateEntryResponse.Result + 21, // 7: spire.api.server.entry.v1.BatchUpdateEntryRequest.entries:type_name -> spire.api.types.Entry + 20, // 8: spire.api.server.entry.v1.BatchUpdateEntryRequest.input_mask:type_name -> spire.api.types.EntryMask + 20, // 9: spire.api.server.entry.v1.BatchUpdateEntryRequest.output_mask:type_name -> spire.api.types.EntryMask + 18, // 10: spire.api.server.entry.v1.BatchUpdateEntryResponse.results:type_name -> spire.api.server.entry.v1.BatchUpdateEntryResponse.Result + 19, // 11: spire.api.server.entry.v1.BatchDeleteEntryResponse.results:type_name -> spire.api.server.entry.v1.BatchDeleteEntryResponse.Result + 20, // 12: spire.api.server.entry.v1.GetAuthorizedEntriesRequest.output_mask:type_name -> spire.api.types.EntryMask + 21, // 13: spire.api.server.entry.v1.GetAuthorizedEntriesResponse.entries:type_name -> spire.api.types.Entry + 20, // 14: spire.api.server.entry.v1.SyncAuthorizedEntriesRequest.output_mask:type_name -> spire.api.types.EntryMask + 15, // 15: spire.api.server.entry.v1.SyncAuthorizedEntriesResponse.entry_revisions:type_name -> spire.api.server.entry.v1.EntryRevision + 21, // 16: spire.api.server.entry.v1.SyncAuthorizedEntriesResponse.entries:type_name -> spire.api.types.Entry + 22, // 17: spire.api.server.entry.v1.ListEntriesRequest.Filter.by_spiffe_id:type_name -> spire.api.types.SPIFFEID + 22, // 18: spire.api.server.entry.v1.ListEntriesRequest.Filter.by_parent_id:type_name -> spire.api.types.SPIFFEID + 23, // 19: spire.api.server.entry.v1.ListEntriesRequest.Filter.by_selectors:type_name -> spire.api.types.SelectorMatch + 24, // 20: spire.api.server.entry.v1.ListEntriesRequest.Filter.by_federates_with:type_name -> spire.api.types.FederatesWithMatch + 25, // 21: spire.api.server.entry.v1.ListEntriesRequest.Filter.by_hint:type_name -> google.protobuf.StringValue + 26, // 22: spire.api.server.entry.v1.BatchCreateEntryResponse.Result.status:type_name -> spire.api.types.Status + 21, // 23: spire.api.server.entry.v1.BatchCreateEntryResponse.Result.entry:type_name -> spire.api.types.Entry + 26, // 24: spire.api.server.entry.v1.BatchUpdateEntryResponse.Result.status:type_name -> spire.api.types.Status + 21, // 25: spire.api.server.entry.v1.BatchUpdateEntryResponse.Result.entry:type_name -> spire.api.types.Entry + 26, // 26: spire.api.server.entry.v1.BatchDeleteEntryResponse.Result.status:type_name -> spire.api.types.Status + 0, // 27: spire.api.server.entry.v1.Entry.CountEntries:input_type -> spire.api.server.entry.v1.CountEntriesRequest + 2, // 28: spire.api.server.entry.v1.Entry.ListEntries:input_type -> spire.api.server.entry.v1.ListEntriesRequest + 4, // 29: spire.api.server.entry.v1.Entry.GetEntry:input_type -> spire.api.server.entry.v1.GetEntryRequest + 5, // 30: spire.api.server.entry.v1.Entry.BatchCreateEntry:input_type -> spire.api.server.entry.v1.BatchCreateEntryRequest + 7, // 31: spire.api.server.entry.v1.Entry.BatchUpdateEntry:input_type -> spire.api.server.entry.v1.BatchUpdateEntryRequest + 9, // 32: spire.api.server.entry.v1.Entry.BatchDeleteEntry:input_type -> spire.api.server.entry.v1.BatchDeleteEntryRequest + 11, // 33: spire.api.server.entry.v1.Entry.GetAuthorizedEntries:input_type -> spire.api.server.entry.v1.GetAuthorizedEntriesRequest + 13, // 34: spire.api.server.entry.v1.Entry.SyncAuthorizedEntries:input_type -> spire.api.server.entry.v1.SyncAuthorizedEntriesRequest + 1, // 35: spire.api.server.entry.v1.Entry.CountEntries:output_type -> spire.api.server.entry.v1.CountEntriesResponse + 3, // 36: spire.api.server.entry.v1.Entry.ListEntries:output_type -> spire.api.server.entry.v1.ListEntriesResponse + 21, // 37: spire.api.server.entry.v1.Entry.GetEntry:output_type -> spire.api.types.Entry + 6, // 38: spire.api.server.entry.v1.Entry.BatchCreateEntry:output_type -> spire.api.server.entry.v1.BatchCreateEntryResponse + 8, // 39: spire.api.server.entry.v1.Entry.BatchUpdateEntry:output_type -> spire.api.server.entry.v1.BatchUpdateEntryResponse + 10, // 40: spire.api.server.entry.v1.Entry.BatchDeleteEntry:output_type -> spire.api.server.entry.v1.BatchDeleteEntryResponse + 12, // 41: spire.api.server.entry.v1.Entry.GetAuthorizedEntries:output_type -> spire.api.server.entry.v1.GetAuthorizedEntriesResponse + 14, // 42: spire.api.server.entry.v1.Entry.SyncAuthorizedEntries:output_type -> spire.api.server.entry.v1.SyncAuthorizedEntriesResponse + 35, // [35:43] is the sub-list for method output_type + 27, // [27:35] is the sub-list for method input_type + 27, // [27:27] is the sub-list for extension type_name + 27, // [27:27] is the sub-list for extension extendee + 0, // [0:27] is the sub-list for field type_name } func init() { file_spire_api_server_entry_v1_entry_proto_init() } @@ -1421,7 +1651,7 @@ func file_spire_api_server_entry_v1_entry_proto_init() { } } file_spire_api_server_entry_v1_entry_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ListEntriesRequest_Filter); i { + switch v := v.(*SyncAuthorizedEntriesRequest); i { case 0: return &v.state case 1: @@ -1433,7 +1663,7 @@ func file_spire_api_server_entry_v1_entry_proto_init() { } } file_spire_api_server_entry_v1_entry_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*BatchCreateEntryResponse_Result); i { + switch v := v.(*SyncAuthorizedEntriesResponse); i { case 0: return &v.state case 1: @@ -1445,7 +1675,7 @@ func file_spire_api_server_entry_v1_entry_proto_init() { } } file_spire_api_server_entry_v1_entry_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*BatchUpdateEntryResponse_Result); i { + switch v := v.(*EntryRevision); i { case 0: return &v.state case 1: @@ -1457,6 +1687,42 @@ func file_spire_api_server_entry_v1_entry_proto_init() { } } file_spire_api_server_entry_v1_entry_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ListEntriesRequest_Filter); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_spire_api_server_entry_v1_entry_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*BatchCreateEntryResponse_Result); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_spire_api_server_entry_v1_entry_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*BatchUpdateEntryResponse_Result); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_spire_api_server_entry_v1_entry_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*BatchDeleteEntryResponse_Result); i { case 0: return &v.state @@ -1475,7 +1741,7 @@ func file_spire_api_server_entry_v1_entry_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_spire_api_server_entry_v1_entry_proto_rawDesc, NumEnums: 0, - NumMessages: 17, + NumMessages: 20, NumExtensions: 0, NumServices: 1, }, diff --git a/proto/spire/api/server/entry/v1/entry.proto b/proto/spire/api/server/entry/v1/entry.proto index 3584174..aab4f13 100644 --- a/proto/spire/api/server/entry/v1/entry.proto +++ b/proto/spire/api/server/entry/v1/entry.proto @@ -46,6 +46,25 @@ service Entry { // The caller must present an active agent X509-SVID. See the Agent // AttestAgent/RenewAgent RPCs. rpc GetAuthorizedEntries(GetAuthorizedEntriesRequest) returns (GetAuthorizedEntriesResponse); + + // Syncs authorized entries down to the caller. The caller controls which + // entries the server sends down full details for. The flow is as follows: + // 1. Caller opens up sync stream + // 2. Server determines authorized entries for caller: + // - If there are less entries than a server-determined page size, go to (5). + // - Otherwise, go to (3). + // 3. Server pages entry revisions to the caller (contains the entry ID and + // revision number). The "more" flag set for all pages but the last so + // that the caller knows when the server is done. + // 4. Client determines which entries are new or updated (based on revision + // number) and asks for them by sending a request with the IDs. + // 5. Server pages down entries to the caller for each ID identified in (4) + // or every entry in (2) if the number of entries was less than the + // server-determined page size. The "more" flag set for all pages but + // the last so that the caller knows when the server is done. + // 6. Steps (4) and (5) are repeated until the caller has synced down the + // details for all new/updated entries and closes the stream. + rpc SyncAuthorizedEntries(stream SyncAuthorizedEntriesRequest) returns (stream SyncAuthorizedEntriesResponse); } message CountEntriesRequest { @@ -176,3 +195,40 @@ message GetAuthorizedEntriesResponse { // The authorized entries. repeated spire.api.types.Entry entries = 1; } + +message SyncAuthorizedEntriesRequest { + // An output mask indicating which fields are set in the response. + spire.api.types.EntryMask output_mask = 1; + + // IDs of the entries to fetch in full. Sent by the client in response to + // a sparse entry. + repeated string ids = 2; +} + +message SyncAuthorizedEntriesResponse { + // The revisions of the authorized entries. This field is set when the + // authorized entry list meets or exceeds the server-determined page size. + // Callers use it to determine which entries are new/updated that they then + // request on the stream. + // See SyncAuthorizedEntries for details. + repeated EntryRevision entry_revisions = 1; + + // The authorized entries. This field is set either 1) on the initial + // response if the number of authorized entries is less than the page size + // or 2) in response to the caller requesting the entries after determining + // they need to details based on entry revisions provided in a previous + // response. + // See SyncAuthorizedEntries for details. + repeated spire.api.types.Entry entries = 2; + + // Whether there are more entries to sync down in this response phase. + bool more = 3; +} + +message EntryRevision { + // The entry ID. + string id = 1; + + // The entry revision number. + int64 revision_number = 2; +} diff --git a/proto/spire/api/server/entry/v1/entry_grpc.pb.go b/proto/spire/api/server/entry/v1/entry_grpc.pb.go index d0f6b9d..bc692fe 100644 --- a/proto/spire/api/server/entry/v1/entry_grpc.pb.go +++ b/proto/spire/api/server/entry/v1/entry_grpc.pb.go @@ -47,6 +47,24 @@ type EntryClient interface { // The caller must present an active agent X509-SVID. See the Agent // AttestAgent/RenewAgent RPCs. GetAuthorizedEntries(ctx context.Context, in *GetAuthorizedEntriesRequest, opts ...grpc.CallOption) (*GetAuthorizedEntriesResponse, error) + // Syncs authorized entries down to the caller. The caller controls which + // entries the server sends down full details for. The flow is as follows: + // 1. Caller opens up sync stream + // 2. Server determines authorized entries for caller: + // - If there are less entries than a server-determined page size, go to (5). + // - Otherwise, go to (3). + // 3. Server pages entry revisions to the caller (contains the entry ID and + // revision number). The "more" flag set for all pages but the last so + // that the caller knows when the server is done. + // 4. Client determines which entries are new or updated (based on revision + // number) and asks for them by sending a request with the IDs. + // 5. Server pages down entries to the caller for each ID identified in (4) + // or every entry in (2) if the number of entries was less than the + // server-determined page size. The "more" flag set for all pages but + // the last so that the caller knows when the server is done. + // 6. Steps (4) and (5) are repeated until the caller has synced down the + // details for all new/updated entries and closes the stream. + SyncAuthorizedEntries(ctx context.Context, opts ...grpc.CallOption) (Entry_SyncAuthorizedEntriesClient, error) } type entryClient struct { @@ -120,6 +138,37 @@ func (c *entryClient) GetAuthorizedEntries(ctx context.Context, in *GetAuthorize return out, nil } +func (c *entryClient) SyncAuthorizedEntries(ctx context.Context, opts ...grpc.CallOption) (Entry_SyncAuthorizedEntriesClient, error) { + stream, err := c.cc.NewStream(ctx, &_Entry_serviceDesc.Streams[0], "/spire.api.server.entry.v1.Entry/SyncAuthorizedEntries", opts...) + if err != nil { + return nil, err + } + x := &entrySyncAuthorizedEntriesClient{stream} + return x, nil +} + +type Entry_SyncAuthorizedEntriesClient interface { + Send(*SyncAuthorizedEntriesRequest) error + Recv() (*SyncAuthorizedEntriesResponse, error) + grpc.ClientStream +} + +type entrySyncAuthorizedEntriesClient struct { + grpc.ClientStream +} + +func (x *entrySyncAuthorizedEntriesClient) Send(m *SyncAuthorizedEntriesRequest) error { + return x.ClientStream.SendMsg(m) +} + +func (x *entrySyncAuthorizedEntriesClient) Recv() (*SyncAuthorizedEntriesResponse, error) { + m := new(SyncAuthorizedEntriesResponse) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + // EntryServer is the server API for Entry service. // All implementations must embed UnimplementedEntryServer // for forward compatibility @@ -153,6 +202,24 @@ type EntryServer interface { // The caller must present an active agent X509-SVID. See the Agent // AttestAgent/RenewAgent RPCs. GetAuthorizedEntries(context.Context, *GetAuthorizedEntriesRequest) (*GetAuthorizedEntriesResponse, error) + // Syncs authorized entries down to the caller. The caller controls which + // entries the server sends down full details for. The flow is as follows: + // 1. Caller opens up sync stream + // 2. Server determines authorized entries for caller: + // - If there are less entries than a server-determined page size, go to (5). + // - Otherwise, go to (3). + // 3. Server pages entry revisions to the caller (contains the entry ID and + // revision number). The "more" flag set for all pages but the last so + // that the caller knows when the server is done. + // 4. Client determines which entries are new or updated (based on revision + // number) and asks for them by sending a request with the IDs. + // 5. Server pages down entries to the caller for each ID identified in (4) + // or every entry in (2) if the number of entries was less than the + // server-determined page size. The "more" flag set for all pages but + // the last so that the caller knows when the server is done. + // 6. Steps (4) and (5) are repeated until the caller has synced down the + // details for all new/updated entries and closes the stream. + SyncAuthorizedEntries(Entry_SyncAuthorizedEntriesServer) error mustEmbedUnimplementedEntryServer() } @@ -181,6 +248,9 @@ func (UnimplementedEntryServer) BatchDeleteEntry(context.Context, *BatchDeleteEn func (UnimplementedEntryServer) GetAuthorizedEntries(context.Context, *GetAuthorizedEntriesRequest) (*GetAuthorizedEntriesResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method GetAuthorizedEntries not implemented") } +func (UnimplementedEntryServer) SyncAuthorizedEntries(Entry_SyncAuthorizedEntriesServer) error { + return status.Errorf(codes.Unimplemented, "method SyncAuthorizedEntries not implemented") +} func (UnimplementedEntryServer) mustEmbedUnimplementedEntryServer() {} // UnsafeEntryServer may be embedded to opt out of forward compatibility for this service. @@ -320,6 +390,32 @@ func _Entry_GetAuthorizedEntries_Handler(srv interface{}, ctx context.Context, d return interceptor(ctx, in, info, handler) } +func _Entry_SyncAuthorizedEntries_Handler(srv interface{}, stream grpc.ServerStream) error { + return srv.(EntryServer).SyncAuthorizedEntries(&entrySyncAuthorizedEntriesServer{stream}) +} + +type Entry_SyncAuthorizedEntriesServer interface { + Send(*SyncAuthorizedEntriesResponse) error + Recv() (*SyncAuthorizedEntriesRequest, error) + grpc.ServerStream +} + +type entrySyncAuthorizedEntriesServer struct { + grpc.ServerStream +} + +func (x *entrySyncAuthorizedEntriesServer) Send(m *SyncAuthorizedEntriesResponse) error { + return x.ServerStream.SendMsg(m) +} + +func (x *entrySyncAuthorizedEntriesServer) Recv() (*SyncAuthorizedEntriesRequest, error) { + m := new(SyncAuthorizedEntriesRequest) + if err := x.ServerStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + var _Entry_serviceDesc = grpc.ServiceDesc{ ServiceName: "spire.api.server.entry.v1.Entry", HandlerType: (*EntryServer)(nil), @@ -353,6 +449,13 @@ var _Entry_serviceDesc = grpc.ServiceDesc{ Handler: _Entry_GetAuthorizedEntries_Handler, }, }, - Streams: []grpc.StreamDesc{}, + Streams: []grpc.StreamDesc{ + { + StreamName: "SyncAuthorizedEntries", + Handler: _Entry_SyncAuthorizedEntries_Handler, + ServerStreams: true, + ClientStreams: true, + }, + }, Metadata: "spire/api/server/entry/v1/entry.proto", }