diff --git a/Makefile b/Makefile index a36807d..49e363c 100644 --- a/Makefile +++ b/Makefile @@ -26,3 +26,4 @@ clean-deps: $(MAKE) -C reclaimspace $@ $(MAKE) -C replication $@ $(MAKE) -C volumegroup $@ + $(MAKE) -C encryptionkeyrotation $@ diff --git a/encryptionkeyrotation/Makefile b/encryptionkeyrotation/Makefile new file mode 100644 index 0000000..7d004c9 --- /dev/null +++ b/encryptionkeyrotation/Makefile @@ -0,0 +1,20 @@ +# Copyright 2024 The csi-addons Authors. All rights reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +PROTO := encryptionkeyrotation.proto +PROTO_SOURCE := README.md + +all: install-deps $(PROTO) build + +include ../release-tools/build.make diff --git a/encryptionkeyrotation/README.md b/encryptionkeyrotation/README.md new file mode 100644 index 0000000..6fd24a7 --- /dev/null +++ b/encryptionkeyrotation/README.md @@ -0,0 +1,95 @@ +# CSI Addons Operation: EncryptionKeyRotation + +## Terminology + +| Term | Definition | +| -------- | ------------------------------------------------------------------------------------- | +| VolumeID | The identifier of the volume generated by the plugin. | +| CO | Container Orchestration system that communicates with plugins using CSI service RPCs. | +| SP | Storage Provider, the vendor of a CSI plugin implementation. | +| RPC | [Remote Procedure Call](https://en.wikipedia.org/wiki/Remote_procedure_call). | + +## Objective + +Define an extension to the CSI specification that will enable storage vendors +(SP) to develop controllers/plugins that can rotate the Encryption Keys (KEK) +of existing volumes that are encrypted. + +### Goals in MVP + +The new extension will define a procedure that + +- can be called for existing encrypted volumes +- functions for Block mode volumes +- interacts with the Node-Plugin +- makes it possible for the SP to rotate encrpytion keys on volumes + +### Non-Goals in MVP + +- Rotating encrpytion keys for inactive volumes + +## Solution Overview + +This specification defines an interface along with the minimum operational and +packaging recommendations for a storage provider (SP) to implement a key rotate operation for volumes. The interface declares the RPCs that a plugin +MUST expose. + +## RPC Interface + +- **Node Service**: The Node plugin MAY implement this RPC. + +```protobuf +syntax = "proto3"; +package encryptionkeyrotation; + +import "github.com/container-storage-interface/spec/lib/go/csi/csi.proto"; +import "google/protobuf/descriptor.proto"; + +option go_package = "github.com/csi-addons/spec/lib/go/encryptionkeyrotation"; + +// EncryptionKeyRotationController holds the RPC method for running +// key rotation operation on the volume. +service EncryptionKeyRotationController { + // EncryptionKeyRotate is a procedure that is called on the CSI Nodeplugin + rpc EncryptionKeyRotate(EncryptionKeyRotateRequest) + returns (EncryptionKeyRotateResponse){} +} +``` + +### EncryptionKeyRotateRequest + +```protobuf +// EncryptionKeyRotateRequest contains the information needed to identify +// the volume by the SP and access any backend services so that the key can be +// rotated. +message EncryptionKeyRotateRequest { + // The ID of the volume for which the key is to be rotated. This field is REQUIRED. + string volume_id = 1; + + // Plugin specific parameters passed in as opaque key-value pairs. + map parameters = 2; + + // Secrets required by the plugin to complete the request. + map secrets = 3 [(csi.v1.csi_secret) = true]; +} +``` + +### EncryptionKeyRotateResponse + +```protobuf +// EncryptionKeyRotateResponse holds the information about the result of the +// EncryptionKeyRotateRequest call. +message EncryptionKeyRotateResponse { + +} +``` + +### Error Schemes + +| Condition | gRPC Code | Description | Recovery Behavior | +| ---------------------------- | ------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| Missing required field | 3 INVALID_ARGUMENT | Indicates that a required field is missing from the request. | Caller MUST fix the request by adding the missing required field before retrying. | +| Volume does not exist | 5 NOT_FOUND | Indicates that a volume corresponding to the specified `volume_id` does not exist. | Caller MUST verify that the `volume_id` is correct and that the volume is accessible and has not been deleted before retrying with exponential back off. | +| Operation pending for volume | 10 ABORTED | Indicates that there is already an operation pending for the specified `volume_id`. In general the CSI-Addons CO plugin is responsible for ensuring that there is no more than one call "in-flight" per `volume_id` at a given time. However, in some circumstances, the CSI-Addons CO plugin MAY lose state (for example when the it crashes and restarts), and MAY issue multiple calls simultaneously for the same `volume_id`. The CSI-driver, SHOULD handle this as gracefully as possible, and MAY return this error code to reject secondary calls. | Caller SHOULD ensure that there are no other calls pending for the specified `volume_id`, and then retry with exponential back off. | +| Not authenticated | 16 UNAUTHENTICATED | The invoked RPC does not carry secrets that are valid for authentication. | Caller SHALL either fix the secrets provided in the RPC, or otherwise regalvanize said secrets such that they will pass authentication by the Plugin for the attempted RPC, after which point the caller MAY retry the attempted RPC. | +| Error is Unknown | 2 UNKNOWN | Indicates that a unknown error is generated | Caller MUST study the logs before retrying | diff --git a/encryptionkeyrotation/encryptionkeyrotation.proto b/encryptionkeyrotation/encryptionkeyrotation.proto new file mode 100644 index 0000000..7bfeb29 --- /dev/null +++ b/encryptionkeyrotation/encryptionkeyrotation.proto @@ -0,0 +1,34 @@ +// Code generated by make; DO NOT EDIT. +syntax = "proto3"; +package encryptionkeyrotation; + +import "github.com/container-storage-interface/spec/lib/go/csi/csi.proto"; +import "google/protobuf/descriptor.proto"; + +option go_package = "github.com/csi-addons/spec/lib/go/encryptionkeyrotation"; + +// EncryptionKeyRotationController holds the RPC method for running +// key rotation operation on the volume. +service EncryptionKeyRotationController { + // EncryptionKeyRotate is a procedure that is called on the CSI Nodeplugin + rpc EncryptionKeyRotate(EncryptionKeyRotateRequest) + returns (EncryptionKeyRotateResponse){} +} +// EncryptionKeyRotateRequest contains the information needed to identify +// the volume by the SP and access any backend services so that the key can be +// rotated. +message EncryptionKeyRotateRequest { + // The ID of the volume for which the key is to be rotated. This field is REQUIRED. + string volume_id = 1; + + // Plugin specific parameters passed in as opaque key-value pairs. + map parameters = 2; + + // Secrets required by the plugin to complete the request. + map secrets = 3 [(csi.v1.csi_secret) = true]; +} +// EncryptionKeyRotateResponse holds the information about the result of the +// EncryptionKeyRotateRequest call. +message EncryptionKeyRotateResponse { + +} diff --git a/lib/go/encryptionkeyrotation/encryptionkeyrotation.pb.go b/lib/go/encryptionkeyrotation/encryptionkeyrotation.pb.go new file mode 100644 index 0000000..a7ead36 --- /dev/null +++ b/lib/go/encryptionkeyrotation/encryptionkeyrotation.pb.go @@ -0,0 +1,272 @@ +// Code generated by make; DO NOT EDIT. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.20.3 +// source: encryptionkeyrotation/encryptionkeyrotation.proto + +package encryptionkeyrotation + +import ( + _ "github.com/container-storage-interface/spec/lib/go/csi" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + _ "google.golang.org/protobuf/types/descriptorpb" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// EncryptionKeyRotateRequest contains the information needed to identify +// the volume by the SP and access any backend services so that the key can be +// rotated. +type EncryptionKeyRotateRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The ID of the volume for which the key is to be rotated. This field is REQUIRED. + VolumeId string `protobuf:"bytes,1,opt,name=volume_id,json=volumeId,proto3" json:"volume_id,omitempty"` + // Plugin specific parameters passed in as opaque key-value pairs. + Parameters map[string]string `protobuf:"bytes,2,rep,name=parameters,proto3" json:"parameters,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Secrets required by the plugin to complete the request. + Secrets map[string]string `protobuf:"bytes,3,rep,name=secrets,proto3" json:"secrets,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` +} + +func (x *EncryptionKeyRotateRequest) Reset() { + *x = EncryptionKeyRotateRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EncryptionKeyRotateRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EncryptionKeyRotateRequest) ProtoMessage() {} + +func (x *EncryptionKeyRotateRequest) ProtoReflect() protoreflect.Message { + mi := &file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EncryptionKeyRotateRequest.ProtoReflect.Descriptor instead. +func (*EncryptionKeyRotateRequest) Descriptor() ([]byte, []int) { + return file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescGZIP(), []int{0} +} + +func (x *EncryptionKeyRotateRequest) GetVolumeId() string { + if x != nil { + return x.VolumeId + } + return "" +} + +func (x *EncryptionKeyRotateRequest) GetParameters() map[string]string { + if x != nil { + return x.Parameters + } + return nil +} + +func (x *EncryptionKeyRotateRequest) GetSecrets() map[string]string { + if x != nil { + return x.Secrets + } + return nil +} + +// EncryptionKeyRotateResponse holds the information about the result of the +// EncryptionKeyRotateRequest call. +type EncryptionKeyRotateResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *EncryptionKeyRotateResponse) Reset() { + *x = EncryptionKeyRotateResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *EncryptionKeyRotateResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*EncryptionKeyRotateResponse) ProtoMessage() {} + +func (x *EncryptionKeyRotateResponse) ProtoReflect() protoreflect.Message { + mi := &file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use EncryptionKeyRotateResponse.ProtoReflect.Descriptor instead. +func (*EncryptionKeyRotateResponse) Descriptor() ([]byte, []int) { + return file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescGZIP(), []int{1} +} + +var File_encryptionkeyrotation_encryptionkeyrotation_proto protoreflect.FileDescriptor + +var file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDesc = []byte{ + 0x0a, 0x31, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, 0x65, 0x79, 0x72, + 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x6b, 0x65, 0x79, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, + 0x65, 0x79, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x40, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, + 0x2d, 0x73, 0x74, 0x6f, 0x72, 0x61, 0x67, 0x65, 0x2d, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, + 0x63, 0x65, 0x2f, 0x73, 0x70, 0x65, 0x63, 0x2f, 0x6c, 0x69, 0x62, 0x2f, 0x67, 0x6f, 0x2f, 0x63, + 0x73, 0x69, 0x2f, 0x63, 0x73, 0x69, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x20, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, + 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf6, + 0x02, 0x0a, 0x1a, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, + 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1b, 0x0a, + 0x09, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x08, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x49, 0x64, 0x12, 0x61, 0x0a, 0x0a, 0x70, 0x61, + 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x41, + 0x2e, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, 0x65, 0x79, 0x72, 0x6f, + 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x2e, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x5d, 0x0a, + 0x07, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, + 0x2e, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, 0x65, 0x79, 0x72, 0x6f, + 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x03, + 0x98, 0x42, 0x01, 0x52, 0x07, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x1a, 0x3d, 0x0a, 0x0f, + 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x3a, 0x0a, 0x0c, 0x53, + 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, + 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x1d, 0x0a, 0x1b, 0x45, 0x6e, 0x63, 0x72, 0x79, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0xa1, 0x01, 0x0a, 0x1f, 0x45, 0x6e, 0x63, 0x72, 0x79, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x6c, 0x65, 0x72, 0x12, 0x7e, 0x0a, 0x13, 0x45, 0x6e, + 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, + 0x65, 0x12, 0x31, 0x2e, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, 0x65, + 0x79, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x63, 0x72, 0x79, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x32, 0x2e, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x6b, 0x65, 0x79, 0x72, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x45, 0x6e, 0x63, + 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x4b, 0x65, 0x79, 0x52, 0x6f, 0x74, 0x61, 0x74, 0x65, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x39, 0x5a, 0x37, 0x67, 0x69, + 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x73, 0x69, 0x2d, 0x61, 0x64, 0x64, + 0x6f, 0x6e, 0x73, 0x2f, 0x73, 0x70, 0x65, 0x63, 0x2f, 0x6c, 0x69, 0x62, 0x2f, 0x67, 0x6f, 0x2f, + 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x6b, 0x65, 0x79, 0x72, 0x6f, 0x74, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescOnce sync.Once + file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescData = file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDesc +) + +func file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescGZIP() []byte { + file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescOnce.Do(func() { + file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescData = protoimpl.X.CompressGZIP(file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescData) + }) + return file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDescData +} + +var file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_encryptionkeyrotation_encryptionkeyrotation_proto_goTypes = []interface{}{ + (*EncryptionKeyRotateRequest)(nil), // 0: encryptionkeyrotation.EncryptionKeyRotateRequest + (*EncryptionKeyRotateResponse)(nil), // 1: encryptionkeyrotation.EncryptionKeyRotateResponse + nil, // 2: encryptionkeyrotation.EncryptionKeyRotateRequest.ParametersEntry + nil, // 3: encryptionkeyrotation.EncryptionKeyRotateRequest.SecretsEntry +} +var file_encryptionkeyrotation_encryptionkeyrotation_proto_depIdxs = []int32{ + 2, // 0: encryptionkeyrotation.EncryptionKeyRotateRequest.parameters:type_name -> encryptionkeyrotation.EncryptionKeyRotateRequest.ParametersEntry + 3, // 1: encryptionkeyrotation.EncryptionKeyRotateRequest.secrets:type_name -> encryptionkeyrotation.EncryptionKeyRotateRequest.SecretsEntry + 0, // 2: encryptionkeyrotation.EncryptionKeyRotationController.EncryptionKeyRotate:input_type -> encryptionkeyrotation.EncryptionKeyRotateRequest + 1, // 3: encryptionkeyrotation.EncryptionKeyRotationController.EncryptionKeyRotate:output_type -> encryptionkeyrotation.EncryptionKeyRotateResponse + 3, // [3:4] is the sub-list for method output_type + 2, // [2:3] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_encryptionkeyrotation_encryptionkeyrotation_proto_init() } +func file_encryptionkeyrotation_encryptionkeyrotation_proto_init() { + if File_encryptionkeyrotation_encryptionkeyrotation_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EncryptionKeyRotateRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*EncryptionKeyRotateResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDesc, + NumEnums: 0, + NumMessages: 4, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_encryptionkeyrotation_encryptionkeyrotation_proto_goTypes, + DependencyIndexes: file_encryptionkeyrotation_encryptionkeyrotation_proto_depIdxs, + MessageInfos: file_encryptionkeyrotation_encryptionkeyrotation_proto_msgTypes, + }.Build() + File_encryptionkeyrotation_encryptionkeyrotation_proto = out.File + file_encryptionkeyrotation_encryptionkeyrotation_proto_rawDesc = nil + file_encryptionkeyrotation_encryptionkeyrotation_proto_goTypes = nil + file_encryptionkeyrotation_encryptionkeyrotation_proto_depIdxs = nil +} diff --git a/lib/go/encryptionkeyrotation/encryptionkeyrotation_grpc.pb.go b/lib/go/encryptionkeyrotation/encryptionkeyrotation_grpc.pb.go new file mode 100644 index 0000000..4ac0220 --- /dev/null +++ b/lib/go/encryptionkeyrotation/encryptionkeyrotation_grpc.pb.go @@ -0,0 +1,108 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.2.0 +// - protoc v3.20.3 +// source: encryptionkeyrotation/encryptionkeyrotation.proto + +package encryptionkeyrotation + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +// EncryptionKeyRotationControllerClient is the client API for EncryptionKeyRotationController service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type EncryptionKeyRotationControllerClient interface { + // EncryptionKeyRotate is a procedure that is called on the CSI Nodeplugin + EncryptionKeyRotate(ctx context.Context, in *EncryptionKeyRotateRequest, opts ...grpc.CallOption) (*EncryptionKeyRotateResponse, error) +} + +type encryptionKeyRotationControllerClient struct { + cc grpc.ClientConnInterface +} + +func NewEncryptionKeyRotationControllerClient(cc grpc.ClientConnInterface) EncryptionKeyRotationControllerClient { + return &encryptionKeyRotationControllerClient{cc} +} + +func (c *encryptionKeyRotationControllerClient) EncryptionKeyRotate(ctx context.Context, in *EncryptionKeyRotateRequest, opts ...grpc.CallOption) (*EncryptionKeyRotateResponse, error) { + out := new(EncryptionKeyRotateResponse) + err := c.cc.Invoke(ctx, "/encryptionkeyrotation.EncryptionKeyRotationController/EncryptionKeyRotate", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// EncryptionKeyRotationControllerServer is the server API for EncryptionKeyRotationController service. +// All implementations must embed UnimplementedEncryptionKeyRotationControllerServer +// for forward compatibility +type EncryptionKeyRotationControllerServer interface { + // EncryptionKeyRotate is a procedure that is called on the CSI Nodeplugin + EncryptionKeyRotate(context.Context, *EncryptionKeyRotateRequest) (*EncryptionKeyRotateResponse, error) + mustEmbedUnimplementedEncryptionKeyRotationControllerServer() +} + +// UnimplementedEncryptionKeyRotationControllerServer must be embedded to have forward compatible implementations. +type UnimplementedEncryptionKeyRotationControllerServer struct { +} + +func (UnimplementedEncryptionKeyRotationControllerServer) EncryptionKeyRotate(context.Context, *EncryptionKeyRotateRequest) (*EncryptionKeyRotateResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method EncryptionKeyRotate not implemented") +} +func (UnimplementedEncryptionKeyRotationControllerServer) mustEmbedUnimplementedEncryptionKeyRotationControllerServer() { +} + +// UnsafeEncryptionKeyRotationControllerServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to EncryptionKeyRotationControllerServer will +// result in compilation errors. +type UnsafeEncryptionKeyRotationControllerServer interface { + mustEmbedUnimplementedEncryptionKeyRotationControllerServer() +} + +func RegisterEncryptionKeyRotationControllerServer(s grpc.ServiceRegistrar, srv EncryptionKeyRotationControllerServer) { + s.RegisterService(&EncryptionKeyRotationController_ServiceDesc, srv) +} + +func _EncryptionKeyRotationController_EncryptionKeyRotate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(EncryptionKeyRotateRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(EncryptionKeyRotationControllerServer).EncryptionKeyRotate(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/encryptionkeyrotation.EncryptionKeyRotationController/EncryptionKeyRotate", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(EncryptionKeyRotationControllerServer).EncryptionKeyRotate(ctx, req.(*EncryptionKeyRotateRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// EncryptionKeyRotationController_ServiceDesc is the grpc.ServiceDesc for EncryptionKeyRotationController service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var EncryptionKeyRotationController_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "encryptionkeyrotation.EncryptionKeyRotationController", + HandlerType: (*EncryptionKeyRotationControllerServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "EncryptionKeyRotate", + Handler: _EncryptionKeyRotationController_EncryptionKeyRotate_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "encryptionkeyrotation/encryptionkeyrotation.proto", +}