diff --git a/hack/unwanted-dependencies.json b/hack/unwanted-dependencies.json index 528a6d86c31..9df37fe7279 100644 --- a/hack/unwanted-dependencies.json +++ b/hack/unwanted-dependencies.json @@ -152,7 +152,6 @@ "k8s.io/apiserver", "k8s.io/client-go", "k8s.io/code-generator", - "k8s.io/externaljwt", "k8s.io/kms", "k8s.io/kube-aggregator", "k8s.io/kubelet", diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh index 27c792a9980..002dd26e037 100755 --- a/hack/update-codegen.sh +++ b/hack/update-codegen.sh @@ -1033,10 +1033,10 @@ function codegen::protobindings() { "staging/src/k8s.io/kubelet/pkg/apis/pluginregistration" "pkg/kubelet/pluginmanager/pluginwatcher/example_plugin_apis" - "staging/src/k8s.io/externaljwt/apis" ) local apis_using_protoc=( "staging/src/k8s.io/cri-api/pkg/apis/runtime" + "staging/src/k8s.io/externaljwt/apis" ) local apis=("${apis_using_gogo[@]}" "${apis_using_protoc[@]}") diff --git a/pkg/serviceaccount/externaljwt/plugin/testing/v1/externalsigner_mock.go b/pkg/serviceaccount/externaljwt/plugin/testing/v1/externalsigner_mock.go index d9b80c4ef63..d0549f1a3dc 100644 --- a/pkg/serviceaccount/externaljwt/plugin/testing/v1/externalsigner_mock.go +++ b/pkg/serviceaccount/externaljwt/plugin/testing/v1/externalsigner_mock.go @@ -35,7 +35,7 @@ import ( "google.golang.org/grpc" "google.golang.org/protobuf/types/known/timestamppb" - "k8s.io/externaljwt/apis/v1" + v1 "k8s.io/externaljwt/apis/v1" "k8s.io/klog/v2" ) @@ -57,6 +57,8 @@ type MockSigner struct { FetchError error MetadataError error errorLock sync.RWMutex + + v1.UnsafeExternalJWTSignerServer } type KeyT struct { diff --git a/staging/src/k8s.io/externaljwt/apis/v1/api.pb.go b/staging/src/k8s.io/externaljwt/apis/v1/api.pb.go index e09bbe3672b..d083ccbf55c 100644 --- a/staging/src/k8s.io/externaljwt/apis/v1/api.pb.go +++ b/staging/src/k8s.io/externaljwt/apis/v1/api.pb.go @@ -14,74 +14,95 @@ See the License for the specific language governing permissions and limitations under the License. */ -// Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: api.proto +// +//Copyright 2025 The Kubernetes Authors. +// +//Licensed under the Apache License, Version 2.0 (the "License"); +//you may not use this file except in compliance with the License. +//You may obtain a copy of the License at +// +//http://www.apache.org/licenses/LICENSE-2.0 +// +//Unless required by applicable law or agreed to in writing, software +//distributed under the License is distributed on an "AS IS" BASIS, +//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +//See the License for the specific language governing permissions and +//limitations under the License. + +// To regenerate api.pb.go run `hack/update-codegen.sh protobindings` + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.4 +// protoc v4.23.4 +// source: staging/src/k8s.io/externaljwt/apis/v1/api.proto package v1 import ( - context "context" - fmt "fmt" - proto "github.com/gogo/protobuf/proto" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" timestamppb "google.golang.org/protobuf/types/known/timestamppb" - math "math" + reflect "reflect" + sync "sync" + unsafe "unsafe" ) -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) type SignJWTRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` // URL-safe base64 wrapped payload to be signed. // Exactly as it appears in the second segment of the JWT - Claims string `protobuf:"bytes,1,opt,name=claims,proto3" json:"claims,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Claims string `protobuf:"bytes,1,opt,name=claims,proto3" json:"claims,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } -func (m *SignJWTRequest) Reset() { *m = SignJWTRequest{} } -func (m *SignJWTRequest) String() string { return proto.CompactTextString(m) } -func (*SignJWTRequest) ProtoMessage() {} +func (x *SignJWTRequest) Reset() { + *x = SignJWTRequest{} + mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *SignJWTRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SignJWTRequest) ProtoMessage() {} + +func (x *SignJWTRequest) ProtoReflect() protoreflect.Message { + mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SignJWTRequest.ProtoReflect.Descriptor instead. func (*SignJWTRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{0} -} -func (m *SignJWTRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_SignJWTRequest.Unmarshal(m, b) -} -func (m *SignJWTRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_SignJWTRequest.Marshal(b, m, deterministic) -} -func (m *SignJWTRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_SignJWTRequest.Merge(m, src) -} -func (m *SignJWTRequest) XXX_Size() int { - return xxx_messageInfo_SignJWTRequest.Size(m) -} -func (m *SignJWTRequest) XXX_DiscardUnknown() { - xxx_messageInfo_SignJWTRequest.DiscardUnknown(m) + return file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescGZIP(), []int{0} } -var xxx_messageInfo_SignJWTRequest proto.InternalMessageInfo - -func (m *SignJWTRequest) GetClaims() string { - if m != nil { - return m.Claims +func (x *SignJWTRequest) GetClaims() string { + if x != nil { + return x.Claims } return "" } type SignJWTResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` // header must contain only alg, kid, typ claims. // typ must be “JWT”. // kid must be non-empty, <=1024 characters, and its corresponding public key should not be excluded from OIDC discovery. @@ -91,140 +112,158 @@ type SignJWTResponse struct { Header string `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"` // The signature for the JWT. // Already wrapped in URL-safe base64, exactly as it appears in the final segment of the JWT. - Signature string `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Signature string `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } -func (m *SignJWTResponse) Reset() { *m = SignJWTResponse{} } -func (m *SignJWTResponse) String() string { return proto.CompactTextString(m) } -func (*SignJWTResponse) ProtoMessage() {} +func (x *SignJWTResponse) Reset() { + *x = SignJWTResponse{} + mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *SignJWTResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SignJWTResponse) ProtoMessage() {} + +func (x *SignJWTResponse) ProtoReflect() protoreflect.Message { + mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SignJWTResponse.ProtoReflect.Descriptor instead. func (*SignJWTResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{1} -} -func (m *SignJWTResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_SignJWTResponse.Unmarshal(m, b) -} -func (m *SignJWTResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_SignJWTResponse.Marshal(b, m, deterministic) -} -func (m *SignJWTResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_SignJWTResponse.Merge(m, src) -} -func (m *SignJWTResponse) XXX_Size() int { - return xxx_messageInfo_SignJWTResponse.Size(m) -} -func (m *SignJWTResponse) XXX_DiscardUnknown() { - xxx_messageInfo_SignJWTResponse.DiscardUnknown(m) + return file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescGZIP(), []int{1} } -var xxx_messageInfo_SignJWTResponse proto.InternalMessageInfo - -func (m *SignJWTResponse) GetHeader() string { - if m != nil { - return m.Header +func (x *SignJWTResponse) GetHeader() string { + if x != nil { + return x.Header } return "" } -func (m *SignJWTResponse) GetSignature() string { - if m != nil { - return m.Signature +func (x *SignJWTResponse) GetSignature() string { + if x != nil { + return x.Signature } return "" } type FetchKeysRequest struct { - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } -func (m *FetchKeysRequest) Reset() { *m = FetchKeysRequest{} } -func (m *FetchKeysRequest) String() string { return proto.CompactTextString(m) } -func (*FetchKeysRequest) ProtoMessage() {} +func (x *FetchKeysRequest) Reset() { + *x = FetchKeysRequest{} + mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *FetchKeysRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FetchKeysRequest) ProtoMessage() {} + +func (x *FetchKeysRequest) ProtoReflect() protoreflect.Message { + mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FetchKeysRequest.ProtoReflect.Descriptor instead. func (*FetchKeysRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{2} + return file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescGZIP(), []int{2} } -func (m *FetchKeysRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_FetchKeysRequest.Unmarshal(m, b) -} -func (m *FetchKeysRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_FetchKeysRequest.Marshal(b, m, deterministic) -} -func (m *FetchKeysRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_FetchKeysRequest.Merge(m, src) -} -func (m *FetchKeysRequest) XXX_Size() int { - return xxx_messageInfo_FetchKeysRequest.Size(m) -} -func (m *FetchKeysRequest) XXX_DiscardUnknown() { - xxx_messageInfo_FetchKeysRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_FetchKeysRequest proto.InternalMessageInfo type FetchKeysResponse struct { - Keys []*Key `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"` + state protoimpl.MessageState `protogen:"open.v1"` + Keys []*Key `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"` // The timestamp when this data was pulled from the authoritative source of // truth for verification keys. // kube-apiserver can export this from metrics, to enable end-to-end SLOs. DataTimestamp *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=data_timestamp,json=dataTimestamp,proto3" json:"data_timestamp,omitempty"` // refresh interval for verification keys to pick changes if any. // any value <= 0 is considered a misconfiguration. - RefreshHintSeconds int64 `protobuf:"varint,3,opt,name=refresh_hint_seconds,json=refreshHintSeconds,proto3" json:"refresh_hint_seconds,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + RefreshHintSeconds int64 `protobuf:"varint,3,opt,name=refresh_hint_seconds,json=refreshHintSeconds,proto3" json:"refresh_hint_seconds,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } -func (m *FetchKeysResponse) Reset() { *m = FetchKeysResponse{} } -func (m *FetchKeysResponse) String() string { return proto.CompactTextString(m) } -func (*FetchKeysResponse) ProtoMessage() {} +func (x *FetchKeysResponse) Reset() { + *x = FetchKeysResponse{} + mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *FetchKeysResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FetchKeysResponse) ProtoMessage() {} + +func (x *FetchKeysResponse) ProtoReflect() protoreflect.Message { + mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FetchKeysResponse.ProtoReflect.Descriptor instead. func (*FetchKeysResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{3} -} -func (m *FetchKeysResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_FetchKeysResponse.Unmarshal(m, b) -} -func (m *FetchKeysResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_FetchKeysResponse.Marshal(b, m, deterministic) -} -func (m *FetchKeysResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_FetchKeysResponse.Merge(m, src) -} -func (m *FetchKeysResponse) XXX_Size() int { - return xxx_messageInfo_FetchKeysResponse.Size(m) -} -func (m *FetchKeysResponse) XXX_DiscardUnknown() { - xxx_messageInfo_FetchKeysResponse.DiscardUnknown(m) + return file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescGZIP(), []int{3} } -var xxx_messageInfo_FetchKeysResponse proto.InternalMessageInfo - -func (m *FetchKeysResponse) GetKeys() []*Key { - if m != nil { - return m.Keys +func (x *FetchKeysResponse) GetKeys() []*Key { + if x != nil { + return x.Keys } return nil } -func (m *FetchKeysResponse) GetDataTimestamp() *timestamppb.Timestamp { - if m != nil { - return m.DataTimestamp +func (x *FetchKeysResponse) GetDataTimestamp() *timestamppb.Timestamp { + if x != nil { + return x.DataTimestamp } return nil } -func (m *FetchKeysResponse) GetRefreshHintSeconds() int64 { - if m != nil { - return m.RefreshHintSeconds +func (x *FetchKeysResponse) GetRefreshHintSeconds() int64 { + if x != nil { + return x.RefreshHintSeconds } return 0 } type Key struct { + state protoimpl.MessageState `protogen:"open.v1"` // A unique identifier for this key. // Length must be <=1024. KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` @@ -235,88 +274,100 @@ type Key struct { // eg: supported keys for legacy tokens. // If set, key is used for verification but excluded from OIDC discovery docs. // if set, external signer should not use this key to sign a JWT. - ExcludeFromOidcDiscovery bool `protobuf:"varint,3,opt,name=exclude_from_oidc_discovery,json=excludeFromOidcDiscovery,proto3" json:"exclude_from_oidc_discovery,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + ExcludeFromOidcDiscovery bool `protobuf:"varint,3,opt,name=exclude_from_oidc_discovery,json=excludeFromOidcDiscovery,proto3" json:"exclude_from_oidc_discovery,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } -func (m *Key) Reset() { *m = Key{} } -func (m *Key) String() string { return proto.CompactTextString(m) } -func (*Key) ProtoMessage() {} +func (x *Key) Reset() { + *x = Key{} + mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Key) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Key) ProtoMessage() {} + +func (x *Key) ProtoReflect() protoreflect.Message { + mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Key.ProtoReflect.Descriptor instead. func (*Key) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{4} -} -func (m *Key) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Key.Unmarshal(m, b) -} -func (m *Key) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Key.Marshal(b, m, deterministic) -} -func (m *Key) XXX_Merge(src proto.Message) { - xxx_messageInfo_Key.Merge(m, src) -} -func (m *Key) XXX_Size() int { - return xxx_messageInfo_Key.Size(m) -} -func (m *Key) XXX_DiscardUnknown() { - xxx_messageInfo_Key.DiscardUnknown(m) + return file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescGZIP(), []int{4} } -var xxx_messageInfo_Key proto.InternalMessageInfo - -func (m *Key) GetKeyId() string { - if m != nil { - return m.KeyId +func (x *Key) GetKeyId() string { + if x != nil { + return x.KeyId } return "" } -func (m *Key) GetKey() []byte { - if m != nil { - return m.Key +func (x *Key) GetKey() []byte { + if x != nil { + return x.Key } return nil } -func (m *Key) GetExcludeFromOidcDiscovery() bool { - if m != nil { - return m.ExcludeFromOidcDiscovery +func (x *Key) GetExcludeFromOidcDiscovery() bool { + if x != nil { + return x.ExcludeFromOidcDiscovery } return false } type MetadataRequest struct { - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } -func (m *MetadataRequest) Reset() { *m = MetadataRequest{} } -func (m *MetadataRequest) String() string { return proto.CompactTextString(m) } -func (*MetadataRequest) ProtoMessage() {} +func (x *MetadataRequest) Reset() { + *x = MetadataRequest{} + mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *MetadataRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MetadataRequest) ProtoMessage() {} + +func (x *MetadataRequest) ProtoReflect() protoreflect.Message { + mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MetadataRequest.ProtoReflect.Descriptor instead. func (*MetadataRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{5} + return file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescGZIP(), []int{5} } -func (m *MetadataRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_MetadataRequest.Unmarshal(m, b) -} -func (m *MetadataRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_MetadataRequest.Marshal(b, m, deterministic) -} -func (m *MetadataRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_MetadataRequest.Merge(m, src) -} -func (m *MetadataRequest) XXX_Size() int { - return xxx_messageInfo_MetadataRequest.Size(m) -} -func (m *MetadataRequest) XXX_DiscardUnknown() { - xxx_messageInfo_MetadataRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_MetadataRequest proto.InternalMessageInfo type MetadataResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` // used by kube-apiserver for defaulting/validation of JWT lifetime while accounting for configuration flag values: // 1. `--service-account-max-token-expiration` // 2. `--service-account-extend-token-expiration` @@ -326,267 +377,165 @@ type MetadataResponse struct { // * If `--service-account-extend-token-expiration` is true, the extended expiration is `min(1 year, max_token_expiration_seconds)`. // // `max_token_expiration_seconds` must be at least 600s. - MaxTokenExpirationSeconds int64 `protobuf:"varint,1,opt,name=max_token_expiration_seconds,json=maxTokenExpirationSeconds,proto3" json:"max_token_expiration_seconds,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + MaxTokenExpirationSeconds int64 `protobuf:"varint,1,opt,name=max_token_expiration_seconds,json=maxTokenExpirationSeconds,proto3" json:"max_token_expiration_seconds,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } -func (m *MetadataResponse) Reset() { *m = MetadataResponse{} } -func (m *MetadataResponse) String() string { return proto.CompactTextString(m) } -func (*MetadataResponse) ProtoMessage() {} +func (x *MetadataResponse) Reset() { + *x = MetadataResponse{} + mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *MetadataResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MetadataResponse) ProtoMessage() {} + +func (x *MetadataResponse) ProtoReflect() protoreflect.Message { + mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[6] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MetadataResponse.ProtoReflect.Descriptor instead. func (*MetadataResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{6} -} -func (m *MetadataResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_MetadataResponse.Unmarshal(m, b) -} -func (m *MetadataResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_MetadataResponse.Marshal(b, m, deterministic) -} -func (m *MetadataResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_MetadataResponse.Merge(m, src) -} -func (m *MetadataResponse) XXX_Size() int { - return xxx_messageInfo_MetadataResponse.Size(m) -} -func (m *MetadataResponse) XXX_DiscardUnknown() { - xxx_messageInfo_MetadataResponse.DiscardUnknown(m) + return file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescGZIP(), []int{6} } -var xxx_messageInfo_MetadataResponse proto.InternalMessageInfo - -func (m *MetadataResponse) GetMaxTokenExpirationSeconds() int64 { - if m != nil { - return m.MaxTokenExpirationSeconds +func (x *MetadataResponse) GetMaxTokenExpirationSeconds() int64 { + if x != nil { + return x.MaxTokenExpirationSeconds } return 0 } -func init() { - proto.RegisterType((*SignJWTRequest)(nil), "v1.SignJWTRequest") - proto.RegisterType((*SignJWTResponse)(nil), "v1.SignJWTResponse") - proto.RegisterType((*FetchKeysRequest)(nil), "v1.FetchKeysRequest") - proto.RegisterType((*FetchKeysResponse)(nil), "v1.FetchKeysResponse") - proto.RegisterType((*Key)(nil), "v1.Key") - proto.RegisterType((*MetadataRequest)(nil), "v1.MetadataRequest") - proto.RegisterType((*MetadataResponse)(nil), "v1.MetadataResponse") +var File_staging_src_k8s_io_externaljwt_apis_v1_api_proto protoreflect.FileDescriptor + +var file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDesc = string([]byte{ + 0x0a, 0x30, 0x73, 0x74, 0x61, 0x67, 0x69, 0x6e, 0x67, 0x2f, 0x73, 0x72, 0x63, 0x2f, 0x6b, 0x38, + 0x73, 0x2e, 0x69, 0x6f, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x6a, 0x77, 0x74, + 0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x70, 0x69, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x12, 0x02, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, + 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x28, 0x0a, 0x0e, 0x53, 0x69, 0x67, 0x6e, 0x4a, + 0x57, 0x54, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x63, 0x6c, 0x61, + 0x69, 0x6d, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x63, 0x6c, 0x61, 0x69, 0x6d, + 0x73, 0x22, 0x47, 0x0a, 0x0f, 0x53, 0x69, 0x67, 0x6e, 0x4a, 0x57, 0x54, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, + 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22, 0x12, 0x0a, 0x10, 0x46, 0x65, + 0x74, 0x63, 0x68, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xa5, + 0x01, 0x0a, 0x11, 0x46, 0x65, 0x74, 0x63, 0x68, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1b, 0x0a, 0x04, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x07, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x04, 0x6b, 0x65, 0x79, + 0x73, 0x12, 0x41, 0x0a, 0x0e, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, + 0x61, 0x6d, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, + 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0d, 0x64, 0x61, 0x74, 0x61, 0x54, 0x69, 0x6d, 0x65, 0x73, + 0x74, 0x61, 0x6d, 0x70, 0x12, 0x30, 0x0a, 0x14, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, + 0x68, 0x69, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x03, 0x52, 0x12, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x48, 0x69, 0x6e, 0x74, 0x53, + 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x22, 0x6d, 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x15, 0x0a, + 0x06, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6b, + 0x65, 0x79, 0x49, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0c, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3d, 0x0a, 0x1b, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x64, + 0x65, 0x5f, 0x66, 0x72, 0x6f, 0x6d, 0x5f, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x64, 0x69, 0x73, 0x63, + 0x6f, 0x76, 0x65, 0x72, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x18, 0x65, 0x78, 0x63, + 0x6c, 0x75, 0x64, 0x65, 0x46, 0x72, 0x6f, 0x6d, 0x4f, 0x69, 0x64, 0x63, 0x44, 0x69, 0x73, 0x63, + 0x6f, 0x76, 0x65, 0x72, 0x79, 0x22, 0x11, 0x0a, 0x0f, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, + 0x61, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x53, 0x0a, 0x10, 0x4d, 0x65, 0x74, 0x61, + 0x64, 0x61, 0x74, 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x1c, + 0x6d, 0x61, 0x78, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x03, 0x52, 0x19, 0x6d, 0x61, 0x78, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x45, 0x78, 0x70, 0x69, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x32, 0xbb, 0x01, + 0x0a, 0x11, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x4a, 0x57, 0x54, 0x53, 0x69, 0x67, + 0x6e, 0x65, 0x72, 0x12, 0x31, 0x0a, 0x04, 0x53, 0x69, 0x67, 0x6e, 0x12, 0x12, 0x2e, 0x76, 0x31, + 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x4a, 0x57, 0x54, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x13, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x4a, 0x57, 0x54, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x3a, 0x0a, 0x09, 0x46, 0x65, 0x74, 0x63, 0x68, 0x4b, + 0x65, 0x79, 0x73, 0x12, 0x14, 0x2e, 0x76, 0x31, 0x2e, 0x46, 0x65, 0x74, 0x63, 0x68, 0x4b, 0x65, + 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x76, 0x31, 0x2e, 0x46, + 0x65, 0x74, 0x63, 0x68, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x22, 0x00, 0x12, 0x37, 0x0a, 0x08, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x13, + 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, + 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x1c, 0x5a, 0x1a, 0x6b, + 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x6a, 0x77, + 0x74, 0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, +}) + +var ( + file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescOnce sync.Once + file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescData []byte +) + +func file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescGZIP() []byte { + file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescOnce.Do(func() { + file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDesc), len(file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDesc))) + }) + return file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescData } -func init() { proto.RegisterFile("api.proto", fileDescriptor_00212fb1f9d3bf1c) } - -var fileDescriptor_00212fb1f9d3bf1c = []byte{ - // 476 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x5c, 0x92, 0x51, 0x6f, 0xd3, 0x30, - 0x10, 0xc7, 0xc9, 0x32, 0xc6, 0x7a, 0x83, 0xad, 0x35, 0x1d, 0x2a, 0x59, 0x25, 0xa6, 0x3c, 0xf5, - 0x29, 0xa1, 0xe5, 0x01, 0x84, 0x84, 0x10, 0x88, 0x0d, 0x58, 0x85, 0x90, 0xd2, 0x4a, 0x93, 0x78, - 0x89, 0xbc, 0xe4, 0xda, 0x9a, 0x34, 0x71, 0xb0, 0xdd, 0x92, 0x7c, 0x20, 0x3e, 0x05, 0x5f, 0x0e, - 0x39, 0x71, 0x32, 0xda, 0x37, 0xfb, 0x7f, 0xff, 0xf3, 0xdd, 0xef, 0xce, 0xd0, 0xa1, 0x39, 0xf3, - 0x72, 0xc1, 0x15, 0x27, 0x07, 0xdb, 0xb1, 0xf3, 0x62, 0xc9, 0xf9, 0x72, 0x8d, 0x7e, 0xa5, 0xdc, - 0x6d, 0x16, 0xbe, 0x62, 0x29, 0x4a, 0x45, 0xd3, 0xbc, 0x36, 0xb9, 0x23, 0x38, 0x9d, 0xb1, 0x65, - 0x76, 0x73, 0x3b, 0x0f, 0xf0, 0xd7, 0x06, 0xa5, 0x22, 0xcf, 0xe0, 0x28, 0x5a, 0x53, 0x96, 0xca, - 0x81, 0x75, 0x69, 0x8d, 0x3a, 0x81, 0xb9, 0xb9, 0x9f, 0xe1, 0xac, 0x75, 0xca, 0x9c, 0x67, 0x12, - 0xb5, 0x75, 0x85, 0x34, 0x46, 0xd1, 0x58, 0xeb, 0x1b, 0x19, 0x42, 0x47, 0xb2, 0x65, 0x46, 0xd5, - 0x46, 0xe0, 0xe0, 0xa0, 0x0a, 0xdd, 0x0b, 0x2e, 0x81, 0xee, 0x35, 0xaa, 0x68, 0x35, 0xc5, 0x52, - 0x9a, 0xa2, 0xee, 0x1f, 0x0b, 0x7a, 0xff, 0x89, 0xe6, 0xfd, 0x0b, 0x38, 0x4c, 0xb0, 0xd4, 0x8d, - 0xd8, 0xa3, 0x93, 0xc9, 0x23, 0x6f, 0x3b, 0xf6, 0xa6, 0x58, 0x06, 0x95, 0x48, 0x3e, 0xc0, 0x69, - 0x4c, 0x15, 0x0d, 0x5b, 0xa2, 0xaa, 0xd2, 0xc9, 0xc4, 0xf1, 0x6a, 0x66, 0xaf, 0x61, 0xf6, 0xe6, - 0x8d, 0x23, 0x78, 0xa2, 0x33, 0xda, 0x2b, 0x79, 0x09, 0x7d, 0x81, 0x0b, 0x81, 0x72, 0x15, 0xae, - 0x58, 0xa6, 0x42, 0x89, 0x11, 0xcf, 0x62, 0x39, 0xb0, 0x2f, 0xad, 0x91, 0x1d, 0x10, 0x13, 0xfb, - 0xc2, 0x32, 0x35, 0xab, 0x23, 0x6e, 0x0a, 0xf6, 0x14, 0x4b, 0x72, 0x0e, 0x47, 0x09, 0x96, 0x21, - 0x8b, 0x0d, 0xf8, 0xc3, 0x04, 0xcb, 0xaf, 0x31, 0xe9, 0x82, 0x9d, 0x60, 0x59, 0xf5, 0xf1, 0x38, - 0xd0, 0x47, 0xf2, 0x0e, 0x2e, 0xb0, 0x88, 0xd6, 0x9b, 0x18, 0xc3, 0x85, 0xe0, 0x69, 0xc8, 0x59, - 0x1c, 0x85, 0x31, 0x93, 0x11, 0xdf, 0xa2, 0x28, 0xab, 0x42, 0xc7, 0xc1, 0xc0, 0x58, 0xae, 0x05, - 0x4f, 0xbf, 0xb3, 0x38, 0xfa, 0xd4, 0xc4, 0xdd, 0x1e, 0x9c, 0x7d, 0x43, 0x45, 0x75, 0xd7, 0xcd, - 0xa4, 0x66, 0xd0, 0xbd, 0x97, 0xcc, 0x9c, 0xde, 0xc3, 0x30, 0xa5, 0x45, 0xa8, 0x78, 0x82, 0x59, - 0x88, 0x45, 0xce, 0x04, 0x55, 0x8c, 0x67, 0x2d, 0x8f, 0x55, 0xf1, 0x3c, 0x4f, 0x69, 0x31, 0xd7, - 0x96, 0xab, 0xd6, 0x61, 0xb0, 0x26, 0x7f, 0x2d, 0xe8, 0x5d, 0x15, 0x0a, 0x45, 0x46, 0xd7, 0x37, - 0xb7, 0x73, 0xbd, 0x67, 0x14, 0x64, 0x0c, 0x87, 0xfa, 0x44, 0x88, 0x1e, 0xfc, 0xee, 0x2f, 0x71, - 0x9e, 0xee, 0x68, 0x75, 0x1f, 0xee, 0x03, 0xf2, 0x16, 0x3a, 0xed, 0x1a, 0x49, 0x5f, 0x7b, 0xf6, - 0x57, 0xed, 0x9c, 0xef, 0xa9, 0x6d, 0xee, 0x6b, 0x38, 0x6e, 0xc8, 0x48, 0xf5, 0xfc, 0x1e, 0xba, - 0xd3, 0xdf, 0x15, 0x9b, 0xc4, 0x8f, 0xc3, 0x1f, 0x4e, 0xf2, 0x46, 0x7a, 0x8c, 0xfb, 0x68, 0x18, - 0x7e, 0xfe, 0x56, 0x3e, 0xcd, 0x99, 0xf4, 0xb7, 0xe3, 0xbb, 0xa3, 0xea, 0x1f, 0xbc, 0xfa, 0x17, - 0x00, 0x00, 0xff, 0xff, 0xc2, 0x92, 0x25, 0x65, 0x1a, 0x03, 0x00, 0x00, +var file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes = make([]protoimpl.MessageInfo, 7) +var file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_goTypes = []any{ + (*SignJWTRequest)(nil), // 0: v1.SignJWTRequest + (*SignJWTResponse)(nil), // 1: v1.SignJWTResponse + (*FetchKeysRequest)(nil), // 2: v1.FetchKeysRequest + (*FetchKeysResponse)(nil), // 3: v1.FetchKeysResponse + (*Key)(nil), // 4: v1.Key + (*MetadataRequest)(nil), // 5: v1.MetadataRequest + (*MetadataResponse)(nil), // 6: v1.MetadataResponse + (*timestamppb.Timestamp)(nil), // 7: google.protobuf.Timestamp +} +var file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_depIdxs = []int32{ + 4, // 0: v1.FetchKeysResponse.keys:type_name -> v1.Key + 7, // 1: v1.FetchKeysResponse.data_timestamp:type_name -> google.protobuf.Timestamp + 0, // 2: v1.ExternalJWTSigner.Sign:input_type -> v1.SignJWTRequest + 2, // 3: v1.ExternalJWTSigner.FetchKeys:input_type -> v1.FetchKeysRequest + 5, // 4: v1.ExternalJWTSigner.Metadata:input_type -> v1.MetadataRequest + 1, // 5: v1.ExternalJWTSigner.Sign:output_type -> v1.SignJWTResponse + 3, // 6: v1.ExternalJWTSigner.FetchKeys:output_type -> v1.FetchKeysResponse + 6, // 7: v1.ExternalJWTSigner.Metadata:output_type -> v1.MetadataResponse + 5, // [5:8] is the sub-list for method output_type + 2, // [2:5] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name } -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConn - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion4 - -// ExternalJWTSignerClient is the client API for ExternalJWTSigner service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type ExternalJWTSignerClient interface { - // Sign takes a serialized JWT payload, and returns the serialized header and - // signature. The caller can then assemble the JWT from the header, payload, - // and signature. Signature can be generated by signing - // `base64url(header) + "." + base64url(payload)` with signing key. - // - // The plugin MUST set a key id in the returned JWT header. - Sign(ctx context.Context, in *SignJWTRequest, opts ...grpc.CallOption) (*SignJWTResponse, error) - // FetchKeys returns the set of public keys that are trusted to sign - // Kubernetes service account tokens. Kube-apiserver will call this RPC: - // - // * Every time it tries to validate a JWT from the service account issuer with an unknown key ID, and - // - // - Periodically, so it can serve reasonably-up-to-date keys from the OIDC - // JWKs endpoint. - FetchKeys(ctx context.Context, in *FetchKeysRequest, opts ...grpc.CallOption) (*FetchKeysResponse, error) - // Metadata is meant to be called once on startup. - // Enables sharing metadata with kube-apiserver (eg: the max token lifetime that signer supports) - Metadata(ctx context.Context, in *MetadataRequest, opts ...grpc.CallOption) (*MetadataResponse, error) -} - -type externalJWTSignerClient struct { - cc *grpc.ClientConn -} - -func NewExternalJWTSignerClient(cc *grpc.ClientConn) ExternalJWTSignerClient { - return &externalJWTSignerClient{cc} -} - -func (c *externalJWTSignerClient) Sign(ctx context.Context, in *SignJWTRequest, opts ...grpc.CallOption) (*SignJWTResponse, error) { - out := new(SignJWTResponse) - err := c.cc.Invoke(ctx, "/v1.ExternalJWTSigner/Sign", in, out, opts...) - if err != nil { - return nil, err +func init() { file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_init() } +func file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_init() { + if File_staging_src_k8s_io_externaljwt_apis_v1_api_proto != nil { + return } - return out, nil -} - -func (c *externalJWTSignerClient) FetchKeys(ctx context.Context, in *FetchKeysRequest, opts ...grpc.CallOption) (*FetchKeysResponse, error) { - out := new(FetchKeysResponse) - err := c.cc.Invoke(ctx, "/v1.ExternalJWTSigner/FetchKeys", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *externalJWTSignerClient) Metadata(ctx context.Context, in *MetadataRequest, opts ...grpc.CallOption) (*MetadataResponse, error) { - out := new(MetadataResponse) - err := c.cc.Invoke(ctx, "/v1.ExternalJWTSigner/Metadata", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// ExternalJWTSignerServer is the server API for ExternalJWTSigner service. -type ExternalJWTSignerServer interface { - // Sign takes a serialized JWT payload, and returns the serialized header and - // signature. The caller can then assemble the JWT from the header, payload, - // and signature. Signature can be generated by signing - // `base64url(header) + "." + base64url(payload)` with signing key. - // - // The plugin MUST set a key id in the returned JWT header. - Sign(context.Context, *SignJWTRequest) (*SignJWTResponse, error) - // FetchKeys returns the set of public keys that are trusted to sign - // Kubernetes service account tokens. Kube-apiserver will call this RPC: - // - // * Every time it tries to validate a JWT from the service account issuer with an unknown key ID, and - // - // - Periodically, so it can serve reasonably-up-to-date keys from the OIDC - // JWKs endpoint. - FetchKeys(context.Context, *FetchKeysRequest) (*FetchKeysResponse, error) - // Metadata is meant to be called once on startup. - // Enables sharing metadata with kube-apiserver (eg: the max token lifetime that signer supports) - Metadata(context.Context, *MetadataRequest) (*MetadataResponse, error) -} - -// UnimplementedExternalJWTSignerServer can be embedded to have forward compatible implementations. -type UnimplementedExternalJWTSignerServer struct { -} - -func (*UnimplementedExternalJWTSignerServer) Sign(ctx context.Context, req *SignJWTRequest) (*SignJWTResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Sign not implemented") -} -func (*UnimplementedExternalJWTSignerServer) FetchKeys(ctx context.Context, req *FetchKeysRequest) (*FetchKeysResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method FetchKeys not implemented") -} -func (*UnimplementedExternalJWTSignerServer) Metadata(ctx context.Context, req *MetadataRequest) (*MetadataResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Metadata not implemented") -} - -func RegisterExternalJWTSignerServer(s *grpc.Server, srv ExternalJWTSignerServer) { - s.RegisterService(&_ExternalJWTSigner_serviceDesc, srv) -} - -func _ExternalJWTSigner_Sign_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(SignJWTRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(ExternalJWTSignerServer).Sign(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/v1.ExternalJWTSigner/Sign", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ExternalJWTSignerServer).Sign(ctx, req.(*SignJWTRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _ExternalJWTSigner_FetchKeys_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(FetchKeysRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(ExternalJWTSignerServer).FetchKeys(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/v1.ExternalJWTSigner/FetchKeys", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ExternalJWTSignerServer).FetchKeys(ctx, req.(*FetchKeysRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _ExternalJWTSigner_Metadata_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(MetadataRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(ExternalJWTSignerServer).Metadata(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/v1.ExternalJWTSigner/Metadata", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ExternalJWTSignerServer).Metadata(ctx, req.(*MetadataRequest)) - } - return interceptor(ctx, in, info, handler) -} - -var _ExternalJWTSigner_serviceDesc = grpc.ServiceDesc{ - ServiceName: "v1.ExternalJWTSigner", - HandlerType: (*ExternalJWTSignerServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "Sign", - Handler: _ExternalJWTSigner_Sign_Handler, + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDesc), len(file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDesc)), + NumEnums: 0, + NumMessages: 7, + NumExtensions: 0, + NumServices: 1, }, - { - MethodName: "FetchKeys", - Handler: _ExternalJWTSigner_FetchKeys_Handler, - }, - { - MethodName: "Metadata", - Handler: _ExternalJWTSigner_Metadata_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "api.proto", + GoTypes: file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_goTypes, + DependencyIndexes: file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_depIdxs, + MessageInfos: file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes, + }.Build() + File_staging_src_k8s_io_externaljwt_apis_v1_api_proto = out.File + file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_goTypes = nil + file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_depIdxs = nil } diff --git a/staging/src/k8s.io/externaljwt/apis/v1/api_grpc.pb.go b/staging/src/k8s.io/externaljwt/apis/v1/api_grpc.pb.go new file mode 100644 index 00000000000..1138343a514 --- /dev/null +++ b/staging/src/k8s.io/externaljwt/apis/v1/api_grpc.pb.go @@ -0,0 +1,264 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +//Copyright 2025 The Kubernetes Authors. +// +//Licensed under the Apache License, Version 2.0 (the "License"); +//you may not use this file except in compliance with the License. +//You may obtain a copy of the License at +// +//http://www.apache.org/licenses/LICENSE-2.0 +// +//Unless required by applicable law or agreed to in writing, software +//distributed under the License is distributed on an "AS IS" BASIS, +//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +//See the License for the specific language governing permissions and +//limitations under the License. + +// To regenerate api.pb.go run `hack/update-codegen.sh protobindings` + +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v4.23.4 +// source: staging/src/k8s.io/externaljwt/apis/v1/api.proto + +package v1 + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + ExternalJWTSigner_Sign_FullMethodName = "/v1.ExternalJWTSigner/Sign" + ExternalJWTSigner_FetchKeys_FullMethodName = "/v1.ExternalJWTSigner/FetchKeys" + ExternalJWTSigner_Metadata_FullMethodName = "/v1.ExternalJWTSigner/Metadata" +) + +// ExternalJWTSignerClient is the client API for ExternalJWTSigner service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +// +// This service is served by a process on a local Unix Domain Socket. +type ExternalJWTSignerClient interface { + // Sign takes a serialized JWT payload, and returns the serialized header and + // signature. The caller can then assemble the JWT from the header, payload, + // and signature. Signature can be generated by signing + // `base64url(header) + "." + base64url(payload)` with signing key. + // + // The plugin MUST set a key id in the returned JWT header. + Sign(ctx context.Context, in *SignJWTRequest, opts ...grpc.CallOption) (*SignJWTResponse, error) + // FetchKeys returns the set of public keys that are trusted to sign + // Kubernetes service account tokens. Kube-apiserver will call this RPC: + // + // * Every time it tries to validate a JWT from the service account issuer with an unknown key ID, and + // + // - Periodically, so it can serve reasonably-up-to-date keys from the OIDC + // JWKs endpoint. + FetchKeys(ctx context.Context, in *FetchKeysRequest, opts ...grpc.CallOption) (*FetchKeysResponse, error) + // Metadata is meant to be called once on startup. + // Enables sharing metadata with kube-apiserver (eg: the max token lifetime that signer supports) + Metadata(ctx context.Context, in *MetadataRequest, opts ...grpc.CallOption) (*MetadataResponse, error) +} + +type externalJWTSignerClient struct { + cc grpc.ClientConnInterface +} + +func NewExternalJWTSignerClient(cc grpc.ClientConnInterface) ExternalJWTSignerClient { + return &externalJWTSignerClient{cc} +} + +func (c *externalJWTSignerClient) Sign(ctx context.Context, in *SignJWTRequest, opts ...grpc.CallOption) (*SignJWTResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(SignJWTResponse) + err := c.cc.Invoke(ctx, ExternalJWTSigner_Sign_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *externalJWTSignerClient) FetchKeys(ctx context.Context, in *FetchKeysRequest, opts ...grpc.CallOption) (*FetchKeysResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(FetchKeysResponse) + err := c.cc.Invoke(ctx, ExternalJWTSigner_FetchKeys_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *externalJWTSignerClient) Metadata(ctx context.Context, in *MetadataRequest, opts ...grpc.CallOption) (*MetadataResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(MetadataResponse) + err := c.cc.Invoke(ctx, ExternalJWTSigner_Metadata_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +// ExternalJWTSignerServer is the server API for ExternalJWTSigner service. +// All implementations must embed UnimplementedExternalJWTSignerServer +// for forward compatibility. +// +// This service is served by a process on a local Unix Domain Socket. +type ExternalJWTSignerServer interface { + // Sign takes a serialized JWT payload, and returns the serialized header and + // signature. The caller can then assemble the JWT from the header, payload, + // and signature. Signature can be generated by signing + // `base64url(header) + "." + base64url(payload)` with signing key. + // + // The plugin MUST set a key id in the returned JWT header. + Sign(context.Context, *SignJWTRequest) (*SignJWTResponse, error) + // FetchKeys returns the set of public keys that are trusted to sign + // Kubernetes service account tokens. Kube-apiserver will call this RPC: + // + // * Every time it tries to validate a JWT from the service account issuer with an unknown key ID, and + // + // - Periodically, so it can serve reasonably-up-to-date keys from the OIDC + // JWKs endpoint. + FetchKeys(context.Context, *FetchKeysRequest) (*FetchKeysResponse, error) + // Metadata is meant to be called once on startup. + // Enables sharing metadata with kube-apiserver (eg: the max token lifetime that signer supports) + Metadata(context.Context, *MetadataRequest) (*MetadataResponse, error) + mustEmbedUnimplementedExternalJWTSignerServer() +} + +// UnimplementedExternalJWTSignerServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedExternalJWTSignerServer struct{} + +func (UnimplementedExternalJWTSignerServer) Sign(context.Context, *SignJWTRequest) (*SignJWTResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Sign not implemented") +} +func (UnimplementedExternalJWTSignerServer) FetchKeys(context.Context, *FetchKeysRequest) (*FetchKeysResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method FetchKeys not implemented") +} +func (UnimplementedExternalJWTSignerServer) Metadata(context.Context, *MetadataRequest) (*MetadataResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Metadata not implemented") +} +func (UnimplementedExternalJWTSignerServer) mustEmbedUnimplementedExternalJWTSignerServer() {} +func (UnimplementedExternalJWTSignerServer) testEmbeddedByValue() {} + +// UnsafeExternalJWTSignerServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to ExternalJWTSignerServer will +// result in compilation errors. +type UnsafeExternalJWTSignerServer interface { + mustEmbedUnimplementedExternalJWTSignerServer() +} + +func RegisterExternalJWTSignerServer(s grpc.ServiceRegistrar, srv ExternalJWTSignerServer) { + // If the following call pancis, it indicates UnimplementedExternalJWTSignerServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&ExternalJWTSigner_ServiceDesc, srv) +} + +func _ExternalJWTSigner_Sign_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(SignJWTRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ExternalJWTSignerServer).Sign(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: ExternalJWTSigner_Sign_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ExternalJWTSignerServer).Sign(ctx, req.(*SignJWTRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _ExternalJWTSigner_FetchKeys_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(FetchKeysRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ExternalJWTSignerServer).FetchKeys(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: ExternalJWTSigner_FetchKeys_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ExternalJWTSignerServer).FetchKeys(ctx, req.(*FetchKeysRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _ExternalJWTSigner_Metadata_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(MetadataRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ExternalJWTSignerServer).Metadata(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: ExternalJWTSigner_Metadata_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ExternalJWTSignerServer).Metadata(ctx, req.(*MetadataRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// ExternalJWTSigner_ServiceDesc is the grpc.ServiceDesc for ExternalJWTSigner service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var ExternalJWTSigner_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "v1.ExternalJWTSigner", + HandlerType: (*ExternalJWTSignerServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Sign", + Handler: _ExternalJWTSigner_Sign_Handler, + }, + { + MethodName: "FetchKeys", + Handler: _ExternalJWTSigner_FetchKeys_Handler, + }, + { + MethodName: "Metadata", + Handler: _ExternalJWTSigner_Metadata_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "staging/src/k8s.io/externaljwt/apis/v1/api.proto", +} diff --git a/staging/src/k8s.io/externaljwt/apis/v1alpha1/api.pb.go b/staging/src/k8s.io/externaljwt/apis/v1alpha1/api.pb.go index e7aae9c671e..e273d91cc18 100644 --- a/staging/src/k8s.io/externaljwt/apis/v1alpha1/api.pb.go +++ b/staging/src/k8s.io/externaljwt/apis/v1alpha1/api.pb.go @@ -14,74 +14,95 @@ See the License for the specific language governing permissions and limitations under the License. */ -// Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: api.proto +// +//Copyright 2024 The Kubernetes Authors. +// +//Licensed under the Apache License, Version 2.0 (the "License"); +//you may not use this file except in compliance with the License. +//You may obtain a copy of the License at +// +//http://www.apache.org/licenses/LICENSE-2.0 +// +//Unless required by applicable law or agreed to in writing, software +//distributed under the License is distributed on an "AS IS" BASIS, +//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +//See the License for the specific language governing permissions and +//limitations under the License. + +// To regenerate api.pb.go run `hack/update-codegen.sh protobindings` + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.36.4 +// protoc v4.23.4 +// source: staging/src/k8s.io/externaljwt/apis/v1alpha1/api.proto package v1alpha1 import ( - context "context" - fmt "fmt" - proto "github.com/gogo/protobuf/proto" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" timestamppb "google.golang.org/protobuf/types/known/timestamppb" - math "math" + reflect "reflect" + sync "sync" + unsafe "unsafe" ) -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) type SignJWTRequest struct { + state protoimpl.MessageState `protogen:"open.v1"` // URL-safe base64 wrapped payload to be signed. // Exactly as it appears in the second segment of the JWT - Claims string `protobuf:"bytes,1,opt,name=claims,proto3" json:"claims,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Claims string `protobuf:"bytes,1,opt,name=claims,proto3" json:"claims,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } -func (m *SignJWTRequest) Reset() { *m = SignJWTRequest{} } -func (m *SignJWTRequest) String() string { return proto.CompactTextString(m) } -func (*SignJWTRequest) ProtoMessage() {} +func (x *SignJWTRequest) Reset() { + *x = SignJWTRequest{} + mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *SignJWTRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SignJWTRequest) ProtoMessage() {} + +func (x *SignJWTRequest) ProtoReflect() protoreflect.Message { + mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SignJWTRequest.ProtoReflect.Descriptor instead. func (*SignJWTRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{0} -} -func (m *SignJWTRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_SignJWTRequest.Unmarshal(m, b) -} -func (m *SignJWTRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_SignJWTRequest.Marshal(b, m, deterministic) -} -func (m *SignJWTRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_SignJWTRequest.Merge(m, src) -} -func (m *SignJWTRequest) XXX_Size() int { - return xxx_messageInfo_SignJWTRequest.Size(m) -} -func (m *SignJWTRequest) XXX_DiscardUnknown() { - xxx_messageInfo_SignJWTRequest.DiscardUnknown(m) + return file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescGZIP(), []int{0} } -var xxx_messageInfo_SignJWTRequest proto.InternalMessageInfo - -func (m *SignJWTRequest) GetClaims() string { - if m != nil { - return m.Claims +func (x *SignJWTRequest) GetClaims() string { + if x != nil { + return x.Claims } return "" } type SignJWTResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` // header must contain only alg, kid, typ claims. // typ must be “JWT”. // kid must be non-empty, <=1024 characters, and its corresponding public key should not be excluded from OIDC discovery. @@ -91,140 +112,158 @@ type SignJWTResponse struct { Header string `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"` // The signature for the JWT. // Already wrapped in URL-safe base64, exactly as it appears in the final segment of the JWT. - Signature string `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Signature string `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } -func (m *SignJWTResponse) Reset() { *m = SignJWTResponse{} } -func (m *SignJWTResponse) String() string { return proto.CompactTextString(m) } -func (*SignJWTResponse) ProtoMessage() {} +func (x *SignJWTResponse) Reset() { + *x = SignJWTResponse{} + mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *SignJWTResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SignJWTResponse) ProtoMessage() {} + +func (x *SignJWTResponse) ProtoReflect() protoreflect.Message { + mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SignJWTResponse.ProtoReflect.Descriptor instead. func (*SignJWTResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{1} -} -func (m *SignJWTResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_SignJWTResponse.Unmarshal(m, b) -} -func (m *SignJWTResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_SignJWTResponse.Marshal(b, m, deterministic) -} -func (m *SignJWTResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_SignJWTResponse.Merge(m, src) -} -func (m *SignJWTResponse) XXX_Size() int { - return xxx_messageInfo_SignJWTResponse.Size(m) -} -func (m *SignJWTResponse) XXX_DiscardUnknown() { - xxx_messageInfo_SignJWTResponse.DiscardUnknown(m) + return file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescGZIP(), []int{1} } -var xxx_messageInfo_SignJWTResponse proto.InternalMessageInfo - -func (m *SignJWTResponse) GetHeader() string { - if m != nil { - return m.Header +func (x *SignJWTResponse) GetHeader() string { + if x != nil { + return x.Header } return "" } -func (m *SignJWTResponse) GetSignature() string { - if m != nil { - return m.Signature +func (x *SignJWTResponse) GetSignature() string { + if x != nil { + return x.Signature } return "" } type FetchKeysRequest struct { - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } -func (m *FetchKeysRequest) Reset() { *m = FetchKeysRequest{} } -func (m *FetchKeysRequest) String() string { return proto.CompactTextString(m) } -func (*FetchKeysRequest) ProtoMessage() {} +func (x *FetchKeysRequest) Reset() { + *x = FetchKeysRequest{} + mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *FetchKeysRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FetchKeysRequest) ProtoMessage() {} + +func (x *FetchKeysRequest) ProtoReflect() protoreflect.Message { + mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FetchKeysRequest.ProtoReflect.Descriptor instead. func (*FetchKeysRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{2} + return file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescGZIP(), []int{2} } -func (m *FetchKeysRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_FetchKeysRequest.Unmarshal(m, b) -} -func (m *FetchKeysRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_FetchKeysRequest.Marshal(b, m, deterministic) -} -func (m *FetchKeysRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_FetchKeysRequest.Merge(m, src) -} -func (m *FetchKeysRequest) XXX_Size() int { - return xxx_messageInfo_FetchKeysRequest.Size(m) -} -func (m *FetchKeysRequest) XXX_DiscardUnknown() { - xxx_messageInfo_FetchKeysRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_FetchKeysRequest proto.InternalMessageInfo type FetchKeysResponse struct { - Keys []*Key `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"` + state protoimpl.MessageState `protogen:"open.v1"` + Keys []*Key `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"` // The timestamp when this data was pulled from the authoritative source of // truth for verification keys. // kube-apiserver can export this from metrics, to enable end-to-end SLOs. DataTimestamp *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=data_timestamp,json=dataTimestamp,proto3" json:"data_timestamp,omitempty"` // refresh interval for verification keys to pick changes if any. // any value <= 0 is considered a misconfiguration. - RefreshHintSeconds int64 `protobuf:"varint,3,opt,name=refresh_hint_seconds,json=refreshHintSeconds,proto3" json:"refresh_hint_seconds,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + RefreshHintSeconds int64 `protobuf:"varint,3,opt,name=refresh_hint_seconds,json=refreshHintSeconds,proto3" json:"refresh_hint_seconds,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } -func (m *FetchKeysResponse) Reset() { *m = FetchKeysResponse{} } -func (m *FetchKeysResponse) String() string { return proto.CompactTextString(m) } -func (*FetchKeysResponse) ProtoMessage() {} +func (x *FetchKeysResponse) Reset() { + *x = FetchKeysResponse{} + mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *FetchKeysResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*FetchKeysResponse) ProtoMessage() {} + +func (x *FetchKeysResponse) ProtoReflect() protoreflect.Message { + mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use FetchKeysResponse.ProtoReflect.Descriptor instead. func (*FetchKeysResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{3} -} -func (m *FetchKeysResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_FetchKeysResponse.Unmarshal(m, b) -} -func (m *FetchKeysResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_FetchKeysResponse.Marshal(b, m, deterministic) -} -func (m *FetchKeysResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_FetchKeysResponse.Merge(m, src) -} -func (m *FetchKeysResponse) XXX_Size() int { - return xxx_messageInfo_FetchKeysResponse.Size(m) -} -func (m *FetchKeysResponse) XXX_DiscardUnknown() { - xxx_messageInfo_FetchKeysResponse.DiscardUnknown(m) + return file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescGZIP(), []int{3} } -var xxx_messageInfo_FetchKeysResponse proto.InternalMessageInfo - -func (m *FetchKeysResponse) GetKeys() []*Key { - if m != nil { - return m.Keys +func (x *FetchKeysResponse) GetKeys() []*Key { + if x != nil { + return x.Keys } return nil } -func (m *FetchKeysResponse) GetDataTimestamp() *timestamppb.Timestamp { - if m != nil { - return m.DataTimestamp +func (x *FetchKeysResponse) GetDataTimestamp() *timestamppb.Timestamp { + if x != nil { + return x.DataTimestamp } return nil } -func (m *FetchKeysResponse) GetRefreshHintSeconds() int64 { - if m != nil { - return m.RefreshHintSeconds +func (x *FetchKeysResponse) GetRefreshHintSeconds() int64 { + if x != nil { + return x.RefreshHintSeconds } return 0 } type Key struct { + state protoimpl.MessageState `protogen:"open.v1"` // A unique identifier for this key. // Length must be <=1024. KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` @@ -235,88 +274,100 @@ type Key struct { // eg: supported keys for legacy tokens. // If set, key is used for verification but excluded from OIDC discovery docs. // if set, external signer should not use this key to sign a JWT. - ExcludeFromOidcDiscovery bool `protobuf:"varint,3,opt,name=exclude_from_oidc_discovery,json=excludeFromOidcDiscovery,proto3" json:"exclude_from_oidc_discovery,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + ExcludeFromOidcDiscovery bool `protobuf:"varint,3,opt,name=exclude_from_oidc_discovery,json=excludeFromOidcDiscovery,proto3" json:"exclude_from_oidc_discovery,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } -func (m *Key) Reset() { *m = Key{} } -func (m *Key) String() string { return proto.CompactTextString(m) } -func (*Key) ProtoMessage() {} +func (x *Key) Reset() { + *x = Key{} + mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *Key) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Key) ProtoMessage() {} + +func (x *Key) ProtoReflect() protoreflect.Message { + mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Key.ProtoReflect.Descriptor instead. func (*Key) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{4} -} -func (m *Key) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Key.Unmarshal(m, b) -} -func (m *Key) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Key.Marshal(b, m, deterministic) -} -func (m *Key) XXX_Merge(src proto.Message) { - xxx_messageInfo_Key.Merge(m, src) -} -func (m *Key) XXX_Size() int { - return xxx_messageInfo_Key.Size(m) -} -func (m *Key) XXX_DiscardUnknown() { - xxx_messageInfo_Key.DiscardUnknown(m) + return file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescGZIP(), []int{4} } -var xxx_messageInfo_Key proto.InternalMessageInfo - -func (m *Key) GetKeyId() string { - if m != nil { - return m.KeyId +func (x *Key) GetKeyId() string { + if x != nil { + return x.KeyId } return "" } -func (m *Key) GetKey() []byte { - if m != nil { - return m.Key +func (x *Key) GetKey() []byte { + if x != nil { + return x.Key } return nil } -func (m *Key) GetExcludeFromOidcDiscovery() bool { - if m != nil { - return m.ExcludeFromOidcDiscovery +func (x *Key) GetExcludeFromOidcDiscovery() bool { + if x != nil { + return x.ExcludeFromOidcDiscovery } return false } type MetadataRequest struct { - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + state protoimpl.MessageState `protogen:"open.v1"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } -func (m *MetadataRequest) Reset() { *m = MetadataRequest{} } -func (m *MetadataRequest) String() string { return proto.CompactTextString(m) } -func (*MetadataRequest) ProtoMessage() {} +func (x *MetadataRequest) Reset() { + *x = MetadataRequest{} + mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *MetadataRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MetadataRequest) ProtoMessage() {} + +func (x *MetadataRequest) ProtoReflect() protoreflect.Message { + mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MetadataRequest.ProtoReflect.Descriptor instead. func (*MetadataRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{5} + return file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescGZIP(), []int{5} } -func (m *MetadataRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_MetadataRequest.Unmarshal(m, b) -} -func (m *MetadataRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_MetadataRequest.Marshal(b, m, deterministic) -} -func (m *MetadataRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_MetadataRequest.Merge(m, src) -} -func (m *MetadataRequest) XXX_Size() int { - return xxx_messageInfo_MetadataRequest.Size(m) -} -func (m *MetadataRequest) XXX_DiscardUnknown() { - xxx_messageInfo_MetadataRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_MetadataRequest proto.InternalMessageInfo type MetadataResponse struct { + state protoimpl.MessageState `protogen:"open.v1"` // used by kube-apiserver for defaulting/validation of JWT lifetime while accounting for configuration flag values: // 1. `--service-account-max-token-expiration` // 2. `--service-account-extend-token-expiration` @@ -326,268 +377,168 @@ type MetadataResponse struct { // * If `--service-account-extend-token-expiration` is true, the extended expiration is `min(1 year, max_token_expiration_seconds)`. // // `max_token_expiration_seconds` must be at least 600s. - MaxTokenExpirationSeconds int64 `protobuf:"varint,1,opt,name=max_token_expiration_seconds,json=maxTokenExpirationSeconds,proto3" json:"max_token_expiration_seconds,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + MaxTokenExpirationSeconds int64 `protobuf:"varint,1,opt,name=max_token_expiration_seconds,json=maxTokenExpirationSeconds,proto3" json:"max_token_expiration_seconds,omitempty"` + unknownFields protoimpl.UnknownFields + sizeCache protoimpl.SizeCache } -func (m *MetadataResponse) Reset() { *m = MetadataResponse{} } -func (m *MetadataResponse) String() string { return proto.CompactTextString(m) } -func (*MetadataResponse) ProtoMessage() {} +func (x *MetadataResponse) Reset() { + *x = MetadataResponse{} + mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *MetadataResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*MetadataResponse) ProtoMessage() {} + +func (x *MetadataResponse) ProtoReflect() protoreflect.Message { + mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[6] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use MetadataResponse.ProtoReflect.Descriptor instead. func (*MetadataResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_00212fb1f9d3bf1c, []int{6} -} -func (m *MetadataResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_MetadataResponse.Unmarshal(m, b) -} -func (m *MetadataResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_MetadataResponse.Marshal(b, m, deterministic) -} -func (m *MetadataResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_MetadataResponse.Merge(m, src) -} -func (m *MetadataResponse) XXX_Size() int { - return xxx_messageInfo_MetadataResponse.Size(m) -} -func (m *MetadataResponse) XXX_DiscardUnknown() { - xxx_messageInfo_MetadataResponse.DiscardUnknown(m) + return file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescGZIP(), []int{6} } -var xxx_messageInfo_MetadataResponse proto.InternalMessageInfo - -func (m *MetadataResponse) GetMaxTokenExpirationSeconds() int64 { - if m != nil { - return m.MaxTokenExpirationSeconds +func (x *MetadataResponse) GetMaxTokenExpirationSeconds() int64 { + if x != nil { + return x.MaxTokenExpirationSeconds } return 0 } -func init() { - proto.RegisterType((*SignJWTRequest)(nil), "v1alpha1.SignJWTRequest") - proto.RegisterType((*SignJWTResponse)(nil), "v1alpha1.SignJWTResponse") - proto.RegisterType((*FetchKeysRequest)(nil), "v1alpha1.FetchKeysRequest") - proto.RegisterType((*FetchKeysResponse)(nil), "v1alpha1.FetchKeysResponse") - proto.RegisterType((*Key)(nil), "v1alpha1.Key") - proto.RegisterType((*MetadataRequest)(nil), "v1alpha1.MetadataRequest") - proto.RegisterType((*MetadataResponse)(nil), "v1alpha1.MetadataResponse") +var File_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto protoreflect.FileDescriptor + +var file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDesc = string([]byte{ + 0x0a, 0x36, 0x73, 0x74, 0x61, 0x67, 0x69, 0x6e, 0x67, 0x2f, 0x73, 0x72, 0x63, 0x2f, 0x6b, 0x38, + 0x73, 0x2e, 0x69, 0x6f, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x6a, 0x77, 0x74, + 0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x61, + 0x70, 0x69, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x22, 0x28, 0x0a, 0x0e, 0x53, 0x69, 0x67, 0x6e, 0x4a, 0x57, 0x54, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x22, 0x47, 0x0a, + 0x0f, 0x53, 0x69, 0x67, 0x6e, 0x4a, 0x57, 0x54, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x12, 0x16, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, + 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x69, 0x67, + 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22, 0x12, 0x0a, 0x10, 0x46, 0x65, 0x74, 0x63, 0x68, 0x4b, + 0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xab, 0x01, 0x0a, 0x11, 0x46, + 0x65, 0x74, 0x63, 0x68, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x12, 0x21, 0x0a, 0x04, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x04, 0x6b, + 0x65, 0x79, 0x73, 0x12, 0x41, 0x0a, 0x0e, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x74, 0x69, 0x6d, 0x65, + 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, + 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0d, 0x64, 0x61, 0x74, 0x61, 0x54, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x30, 0x0a, 0x14, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, + 0x68, 0x5f, 0x68, 0x69, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x03, 0x52, 0x12, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x48, 0x69, 0x6e, + 0x74, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x22, 0x6d, 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x12, + 0x15, 0x0a, 0x06, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x05, 0x6b, 0x65, 0x79, 0x49, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0c, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3d, 0x0a, 0x1b, 0x65, 0x78, 0x63, 0x6c, + 0x75, 0x64, 0x65, 0x5f, 0x66, 0x72, 0x6f, 0x6d, 0x5f, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x64, 0x69, + 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x18, 0x65, + 0x78, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x46, 0x72, 0x6f, 0x6d, 0x4f, 0x69, 0x64, 0x63, 0x44, 0x69, + 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x22, 0x11, 0x0a, 0x0f, 0x4d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x53, 0x0a, 0x10, 0x4d, 0x65, + 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, + 0x0a, 0x1c, 0x6d, 0x61, 0x78, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x65, 0x78, 0x70, 0x69, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x03, 0x52, 0x19, 0x6d, 0x61, 0x78, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x45, 0x78, + 0x70, 0x69, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x32, + 0xdf, 0x01, 0x0a, 0x11, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x4a, 0x57, 0x54, 0x53, + 0x69, 0x67, 0x6e, 0x65, 0x72, 0x12, 0x3d, 0x0a, 0x04, 0x53, 0x69, 0x67, 0x6e, 0x12, 0x18, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x4a, 0x57, 0x54, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x4a, 0x57, 0x54, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x09, 0x46, 0x65, 0x74, 0x63, 0x68, 0x4b, 0x65, 0x79, + 0x73, 0x12, 0x1a, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x46, 0x65, 0x74, + 0x63, 0x68, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x46, 0x65, 0x74, 0x63, 0x68, 0x4b, 0x65, + 0x79, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x43, 0x0a, 0x08, + 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x19, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d, + 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, + 0x00, 0x42, 0x22, 0x5a, 0x20, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2f, 0x65, 0x78, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x6a, 0x77, 0x74, 0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +}) + +var ( + file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescOnce sync.Once + file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescData []byte +) + +func file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescGZIP() []byte { + file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescOnce.Do(func() { + file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDesc), len(file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDesc))) + }) + return file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescData } -func init() { proto.RegisterFile("api.proto", fileDescriptor_00212fb1f9d3bf1c) } - -var fileDescriptor_00212fb1f9d3bf1c = []byte{ - // 483 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x92, 0xcd, 0x6e, 0xd3, 0x40, - 0x10, 0xc7, 0x31, 0x29, 0x51, 0x32, 0xa5, 0x6d, 0xb2, 0x02, 0xe4, 0xba, 0x95, 0x08, 0x3e, 0xe5, - 0x64, 0xd3, 0x70, 0xe1, 0x52, 0x21, 0x3e, 0x1a, 0xa0, 0x11, 0x42, 0x72, 0x22, 0x55, 0xe2, 0x62, - 0x6d, 0xed, 0x49, 0xbc, 0xf8, 0x63, 0xcd, 0xee, 0xa6, 0xd8, 0xcf, 0xc4, 0x43, 0xf1, 0x2a, 0xc8, - 0x1f, 0xeb, 0x94, 0x2a, 0xb7, 0xdd, 0xf9, 0xff, 0x77, 0x66, 0x7e, 0xb3, 0x03, 0x43, 0x9a, 0x33, - 0x27, 0x17, 0x5c, 0x71, 0x32, 0xb8, 0xbb, 0xa0, 0x49, 0x1e, 0xd1, 0x0b, 0xeb, 0xe5, 0x86, 0xf3, - 0x4d, 0x82, 0x6e, 0x1d, 0xbf, 0xdd, 0xae, 0x5d, 0xc5, 0x52, 0x94, 0x8a, 0xa6, 0x79, 0x63, 0xb5, - 0xa7, 0x70, 0xbc, 0x64, 0x9b, 0xec, 0xfa, 0x66, 0xe5, 0xe1, 0xaf, 0x2d, 0x4a, 0x45, 0x5e, 0x40, - 0x3f, 0x48, 0x28, 0x4b, 0xa5, 0x69, 0x4c, 0x8c, 0xe9, 0xd0, 0x6b, 0x6f, 0xf6, 0x67, 0x38, 0xe9, - 0x9c, 0x32, 0xe7, 0x99, 0xc4, 0xca, 0x1a, 0x21, 0x0d, 0x51, 0x68, 0x6b, 0x73, 0x23, 0xe7, 0x30, - 0x94, 0x6c, 0x93, 0x51, 0xb5, 0x15, 0x68, 0x3e, 0xae, 0xa5, 0x5d, 0xc0, 0x26, 0x30, 0x9a, 0xa3, - 0x0a, 0xa2, 0x05, 0x96, 0xb2, 0x2d, 0x6a, 0xff, 0x31, 0x60, 0x7c, 0x2f, 0xd8, 0xe6, 0x7f, 0x05, - 0x07, 0x31, 0x96, 0x55, 0x23, 0xbd, 0xe9, 0xe1, 0xec, 0xc8, 0xd1, 0x58, 0xce, 0x02, 0x4b, 0xaf, - 0x96, 0xc8, 0x7b, 0x38, 0x0e, 0xa9, 0xa2, 0x7e, 0xc7, 0x55, 0xd7, 0x3b, 0x9c, 0x59, 0x4e, 0x43, - 0xee, 0x68, 0x72, 0x67, 0xa5, 0x1d, 0xde, 0x51, 0xf5, 0xa2, 0xbb, 0x92, 0xd7, 0xf0, 0x4c, 0xe0, - 0x5a, 0xa0, 0x8c, 0xfc, 0x88, 0x65, 0xca, 0x97, 0x18, 0xf0, 0x2c, 0x94, 0x66, 0x6f, 0x62, 0x4c, - 0x7b, 0x1e, 0x69, 0xb5, 0x2f, 0x2c, 0x53, 0xcb, 0x46, 0xb1, 0x53, 0xe8, 0x2d, 0xb0, 0x24, 0xcf, - 0xa1, 0x1f, 0x63, 0xe9, 0xb3, 0xb0, 0xc5, 0x7f, 0x12, 0x63, 0xf9, 0x35, 0x24, 0x23, 0xe8, 0xc5, - 0x58, 0xd6, 0x7d, 0x3c, 0xf5, 0xaa, 0x23, 0xb9, 0x84, 0x33, 0x2c, 0x82, 0x64, 0x1b, 0xa2, 0xbf, - 0x16, 0x3c, 0xf5, 0x39, 0x0b, 0x03, 0x3f, 0x64, 0x32, 0xe0, 0x77, 0x28, 0xca, 0xba, 0xd0, 0xc0, - 0x33, 0x5b, 0xcb, 0x5c, 0xf0, 0xf4, 0x3b, 0x0b, 0x83, 0x4f, 0x5a, 0xb7, 0xc7, 0x70, 0xf2, 0x0d, - 0x15, 0xad, 0xba, 0xd6, 0xf3, 0x5a, 0xc2, 0x68, 0x17, 0x6a, 0xa7, 0xf5, 0x0e, 0xce, 0x53, 0x5a, - 0xf8, 0x8a, 0xc7, 0x98, 0xf9, 0x58, 0xe4, 0x4c, 0x50, 0xc5, 0x78, 0xd6, 0xf1, 0x18, 0x35, 0xcf, - 0x69, 0x4a, 0x8b, 0x55, 0x65, 0xb9, 0xea, 0x1c, 0x2d, 0xd6, 0xec, 0xaf, 0x01, 0xe3, 0xab, 0x42, - 0xa1, 0xc8, 0x68, 0x72, 0x7d, 0xb3, 0xaa, 0x7e, 0x1b, 0x05, 0xb9, 0x84, 0x83, 0xea, 0x44, 0xcc, - 0xdd, 0xf8, 0xff, 0xdf, 0x18, 0xeb, 0x74, 0x8f, 0xd2, 0xf4, 0x64, 0x3f, 0x22, 0x73, 0x18, 0x76, - 0x1f, 0x4b, 0xac, 0x9d, 0xf3, 0xe1, 0x0a, 0x58, 0x67, 0x7b, 0xb5, 0x2e, 0xcf, 0x47, 0x18, 0x68, - 0x62, 0x72, 0xaf, 0xe0, 0x83, 0xc1, 0x58, 0xd6, 0x3e, 0x49, 0x27, 0xf9, 0x60, 0xff, 0x98, 0xc4, - 0x6f, 0xa5, 0xc3, 0xb8, 0x8b, 0x2d, 0xe7, 0xcf, 0xdf, 0xca, 0xa5, 0x39, 0x93, 0xae, 0x7e, 0x76, - 0xdb, 0xaf, 0x37, 0xe6, 0xcd, 0xbf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x90, 0x1b, 0xfb, 0x90, 0x50, - 0x03, 0x00, 0x00, +var file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes = make([]protoimpl.MessageInfo, 7) +var file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_goTypes = []any{ + (*SignJWTRequest)(nil), // 0: v1alpha1.SignJWTRequest + (*SignJWTResponse)(nil), // 1: v1alpha1.SignJWTResponse + (*FetchKeysRequest)(nil), // 2: v1alpha1.FetchKeysRequest + (*FetchKeysResponse)(nil), // 3: v1alpha1.FetchKeysResponse + (*Key)(nil), // 4: v1alpha1.Key + (*MetadataRequest)(nil), // 5: v1alpha1.MetadataRequest + (*MetadataResponse)(nil), // 6: v1alpha1.MetadataResponse + (*timestamppb.Timestamp)(nil), // 7: google.protobuf.Timestamp +} +var file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_depIdxs = []int32{ + 4, // 0: v1alpha1.FetchKeysResponse.keys:type_name -> v1alpha1.Key + 7, // 1: v1alpha1.FetchKeysResponse.data_timestamp:type_name -> google.protobuf.Timestamp + 0, // 2: v1alpha1.ExternalJWTSigner.Sign:input_type -> v1alpha1.SignJWTRequest + 2, // 3: v1alpha1.ExternalJWTSigner.FetchKeys:input_type -> v1alpha1.FetchKeysRequest + 5, // 4: v1alpha1.ExternalJWTSigner.Metadata:input_type -> v1alpha1.MetadataRequest + 1, // 5: v1alpha1.ExternalJWTSigner.Sign:output_type -> v1alpha1.SignJWTResponse + 3, // 6: v1alpha1.ExternalJWTSigner.FetchKeys:output_type -> v1alpha1.FetchKeysResponse + 6, // 7: v1alpha1.ExternalJWTSigner.Metadata:output_type -> v1alpha1.MetadataResponse + 5, // [5:8] is the sub-list for method output_type + 2, // [2:5] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name } -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConn - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion4 - -// ExternalJWTSignerClient is the client API for ExternalJWTSigner service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type ExternalJWTSignerClient interface { - // Sign takes a serialized JWT payload, and returns the serialized header and - // signature. The caller can then assemble the JWT from the header, payload, - // and signature. Signature can be generated by signing - // `base64url(header) + "." + base64url(payload)` with signing key. - // - // The plugin MUST set a key id in the returned JWT header. - Sign(ctx context.Context, in *SignJWTRequest, opts ...grpc.CallOption) (*SignJWTResponse, error) - // FetchKeys returns the set of public keys that are trusted to sign - // Kubernetes service account tokens. Kube-apiserver will call this RPC: - // - // * Every time it tries to validate a JWT from the service account issuer with an unknown key ID, and - // - // - Periodically, so it can serve reasonably-up-to-date keys from the OIDC - // JWKs endpoint. - FetchKeys(ctx context.Context, in *FetchKeysRequest, opts ...grpc.CallOption) (*FetchKeysResponse, error) - // Metadata is meant to be called once on startup. - // Enables sharing metadata with kube-apiserver (eg: the max token lifetime that signer supports) - Metadata(ctx context.Context, in *MetadataRequest, opts ...grpc.CallOption) (*MetadataResponse, error) -} - -type externalJWTSignerClient struct { - cc *grpc.ClientConn -} - -func NewExternalJWTSignerClient(cc *grpc.ClientConn) ExternalJWTSignerClient { - return &externalJWTSignerClient{cc} -} - -func (c *externalJWTSignerClient) Sign(ctx context.Context, in *SignJWTRequest, opts ...grpc.CallOption) (*SignJWTResponse, error) { - out := new(SignJWTResponse) - err := c.cc.Invoke(ctx, "/v1alpha1.ExternalJWTSigner/Sign", in, out, opts...) - if err != nil { - return nil, err +func init() { file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_init() } +func file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_init() { + if File_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto != nil { + return } - return out, nil -} - -func (c *externalJWTSignerClient) FetchKeys(ctx context.Context, in *FetchKeysRequest, opts ...grpc.CallOption) (*FetchKeysResponse, error) { - out := new(FetchKeysResponse) - err := c.cc.Invoke(ctx, "/v1alpha1.ExternalJWTSigner/FetchKeys", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *externalJWTSignerClient) Metadata(ctx context.Context, in *MetadataRequest, opts ...grpc.CallOption) (*MetadataResponse, error) { - out := new(MetadataResponse) - err := c.cc.Invoke(ctx, "/v1alpha1.ExternalJWTSigner/Metadata", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// ExternalJWTSignerServer is the server API for ExternalJWTSigner service. -type ExternalJWTSignerServer interface { - // Sign takes a serialized JWT payload, and returns the serialized header and - // signature. The caller can then assemble the JWT from the header, payload, - // and signature. Signature can be generated by signing - // `base64url(header) + "." + base64url(payload)` with signing key. - // - // The plugin MUST set a key id in the returned JWT header. - Sign(context.Context, *SignJWTRequest) (*SignJWTResponse, error) - // FetchKeys returns the set of public keys that are trusted to sign - // Kubernetes service account tokens. Kube-apiserver will call this RPC: - // - // * Every time it tries to validate a JWT from the service account issuer with an unknown key ID, and - // - // - Periodically, so it can serve reasonably-up-to-date keys from the OIDC - // JWKs endpoint. - FetchKeys(context.Context, *FetchKeysRequest) (*FetchKeysResponse, error) - // Metadata is meant to be called once on startup. - // Enables sharing metadata with kube-apiserver (eg: the max token lifetime that signer supports) - Metadata(context.Context, *MetadataRequest) (*MetadataResponse, error) -} - -// UnimplementedExternalJWTSignerServer can be embedded to have forward compatible implementations. -type UnimplementedExternalJWTSignerServer struct { -} - -func (*UnimplementedExternalJWTSignerServer) Sign(ctx context.Context, req *SignJWTRequest) (*SignJWTResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Sign not implemented") -} -func (*UnimplementedExternalJWTSignerServer) FetchKeys(ctx context.Context, req *FetchKeysRequest) (*FetchKeysResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method FetchKeys not implemented") -} -func (*UnimplementedExternalJWTSignerServer) Metadata(ctx context.Context, req *MetadataRequest) (*MetadataResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Metadata not implemented") -} - -func RegisterExternalJWTSignerServer(s *grpc.Server, srv ExternalJWTSignerServer) { - s.RegisterService(&_ExternalJWTSigner_serviceDesc, srv) -} - -func _ExternalJWTSigner_Sign_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(SignJWTRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(ExternalJWTSignerServer).Sign(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/v1alpha1.ExternalJWTSigner/Sign", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ExternalJWTSignerServer).Sign(ctx, req.(*SignJWTRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _ExternalJWTSigner_FetchKeys_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(FetchKeysRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(ExternalJWTSignerServer).FetchKeys(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/v1alpha1.ExternalJWTSigner/FetchKeys", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ExternalJWTSignerServer).FetchKeys(ctx, req.(*FetchKeysRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _ExternalJWTSigner_Metadata_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(MetadataRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(ExternalJWTSignerServer).Metadata(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/v1alpha1.ExternalJWTSigner/Metadata", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ExternalJWTSignerServer).Metadata(ctx, req.(*MetadataRequest)) - } - return interceptor(ctx, in, info, handler) -} - -var _ExternalJWTSigner_serviceDesc = grpc.ServiceDesc{ - ServiceName: "v1alpha1.ExternalJWTSigner", - HandlerType: (*ExternalJWTSignerServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "Sign", - Handler: _ExternalJWTSigner_Sign_Handler, + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: unsafe.Slice(unsafe.StringData(file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDesc), len(file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDesc)), + NumEnums: 0, + NumMessages: 7, + NumExtensions: 0, + NumServices: 1, }, - { - MethodName: "FetchKeys", - Handler: _ExternalJWTSigner_FetchKeys_Handler, - }, - { - MethodName: "Metadata", - Handler: _ExternalJWTSigner_Metadata_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "api.proto", + GoTypes: file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_goTypes, + DependencyIndexes: file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_depIdxs, + MessageInfos: file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes, + }.Build() + File_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto = out.File + file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_goTypes = nil + file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_depIdxs = nil } diff --git a/staging/src/k8s.io/externaljwt/apis/v1alpha1/api_grpc.pb.go b/staging/src/k8s.io/externaljwt/apis/v1alpha1/api_grpc.pb.go new file mode 100644 index 00000000000..0e1706736ee --- /dev/null +++ b/staging/src/k8s.io/externaljwt/apis/v1alpha1/api_grpc.pb.go @@ -0,0 +1,264 @@ +/* +Copyright The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +//Copyright 2024 The Kubernetes Authors. +// +//Licensed under the Apache License, Version 2.0 (the "License"); +//you may not use this file except in compliance with the License. +//You may obtain a copy of the License at +// +//http://www.apache.org/licenses/LICENSE-2.0 +// +//Unless required by applicable law or agreed to in writing, software +//distributed under the License is distributed on an "AS IS" BASIS, +//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +//See the License for the specific language governing permissions and +//limitations under the License. + +// To regenerate api.pb.go run `hack/update-codegen.sh protobindings` + +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.5.1 +// - protoc v4.23.4 +// source: staging/src/k8s.io/externaljwt/apis/v1alpha1/api.proto + +package v1alpha1 + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 + +const ( + ExternalJWTSigner_Sign_FullMethodName = "/v1alpha1.ExternalJWTSigner/Sign" + ExternalJWTSigner_FetchKeys_FullMethodName = "/v1alpha1.ExternalJWTSigner/FetchKeys" + ExternalJWTSigner_Metadata_FullMethodName = "/v1alpha1.ExternalJWTSigner/Metadata" +) + +// ExternalJWTSignerClient is the client API for ExternalJWTSigner service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +// +// This service is served by a process on a local Unix Domain Socket. +type ExternalJWTSignerClient interface { + // Sign takes a serialized JWT payload, and returns the serialized header and + // signature. The caller can then assemble the JWT from the header, payload, + // and signature. Signature can be generated by signing + // `base64url(header) + "." + base64url(payload)` with signing key. + // + // The plugin MUST set a key id in the returned JWT header. + Sign(ctx context.Context, in *SignJWTRequest, opts ...grpc.CallOption) (*SignJWTResponse, error) + // FetchKeys returns the set of public keys that are trusted to sign + // Kubernetes service account tokens. Kube-apiserver will call this RPC: + // + // * Every time it tries to validate a JWT from the service account issuer with an unknown key ID, and + // + // - Periodically, so it can serve reasonably-up-to-date keys from the OIDC + // JWKs endpoint. + FetchKeys(ctx context.Context, in *FetchKeysRequest, opts ...grpc.CallOption) (*FetchKeysResponse, error) + // Metadata is meant to be called once on startup. + // Enables sharing metadata with kube-apiserver (eg: the max token lifetime that signer supports) + Metadata(ctx context.Context, in *MetadataRequest, opts ...grpc.CallOption) (*MetadataResponse, error) +} + +type externalJWTSignerClient struct { + cc grpc.ClientConnInterface +} + +func NewExternalJWTSignerClient(cc grpc.ClientConnInterface) ExternalJWTSignerClient { + return &externalJWTSignerClient{cc} +} + +func (c *externalJWTSignerClient) Sign(ctx context.Context, in *SignJWTRequest, opts ...grpc.CallOption) (*SignJWTResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(SignJWTResponse) + err := c.cc.Invoke(ctx, ExternalJWTSigner_Sign_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *externalJWTSignerClient) FetchKeys(ctx context.Context, in *FetchKeysRequest, opts ...grpc.CallOption) (*FetchKeysResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(FetchKeysResponse) + err := c.cc.Invoke(ctx, ExternalJWTSigner_FetchKeys_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +func (c *externalJWTSignerClient) Metadata(ctx context.Context, in *MetadataRequest, opts ...grpc.CallOption) (*MetadataResponse, error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + out := new(MetadataResponse) + err := c.cc.Invoke(ctx, ExternalJWTSigner_Metadata_FullMethodName, in, out, cOpts...) + if err != nil { + return nil, err + } + return out, nil +} + +// ExternalJWTSignerServer is the server API for ExternalJWTSigner service. +// All implementations must embed UnimplementedExternalJWTSignerServer +// for forward compatibility. +// +// This service is served by a process on a local Unix Domain Socket. +type ExternalJWTSignerServer interface { + // Sign takes a serialized JWT payload, and returns the serialized header and + // signature. The caller can then assemble the JWT from the header, payload, + // and signature. Signature can be generated by signing + // `base64url(header) + "." + base64url(payload)` with signing key. + // + // The plugin MUST set a key id in the returned JWT header. + Sign(context.Context, *SignJWTRequest) (*SignJWTResponse, error) + // FetchKeys returns the set of public keys that are trusted to sign + // Kubernetes service account tokens. Kube-apiserver will call this RPC: + // + // * Every time it tries to validate a JWT from the service account issuer with an unknown key ID, and + // + // - Periodically, so it can serve reasonably-up-to-date keys from the OIDC + // JWKs endpoint. + FetchKeys(context.Context, *FetchKeysRequest) (*FetchKeysResponse, error) + // Metadata is meant to be called once on startup. + // Enables sharing metadata with kube-apiserver (eg: the max token lifetime that signer supports) + Metadata(context.Context, *MetadataRequest) (*MetadataResponse, error) + mustEmbedUnimplementedExternalJWTSignerServer() +} + +// UnimplementedExternalJWTSignerServer must be embedded to have +// forward compatible implementations. +// +// NOTE: this should be embedded by value instead of pointer to avoid a nil +// pointer dereference when methods are called. +type UnimplementedExternalJWTSignerServer struct{} + +func (UnimplementedExternalJWTSignerServer) Sign(context.Context, *SignJWTRequest) (*SignJWTResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Sign not implemented") +} +func (UnimplementedExternalJWTSignerServer) FetchKeys(context.Context, *FetchKeysRequest) (*FetchKeysResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method FetchKeys not implemented") +} +func (UnimplementedExternalJWTSignerServer) Metadata(context.Context, *MetadataRequest) (*MetadataResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Metadata not implemented") +} +func (UnimplementedExternalJWTSignerServer) mustEmbedUnimplementedExternalJWTSignerServer() {} +func (UnimplementedExternalJWTSignerServer) testEmbeddedByValue() {} + +// UnsafeExternalJWTSignerServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to ExternalJWTSignerServer will +// result in compilation errors. +type UnsafeExternalJWTSignerServer interface { + mustEmbedUnimplementedExternalJWTSignerServer() +} + +func RegisterExternalJWTSignerServer(s grpc.ServiceRegistrar, srv ExternalJWTSignerServer) { + // If the following call pancis, it indicates UnimplementedExternalJWTSignerServer was + // embedded by pointer and is nil. This will cause panics if an + // unimplemented method is ever invoked, so we test this at initialization + // time to prevent it from happening at runtime later due to I/O. + if t, ok := srv.(interface{ testEmbeddedByValue() }); ok { + t.testEmbeddedByValue() + } + s.RegisterService(&ExternalJWTSigner_ServiceDesc, srv) +} + +func _ExternalJWTSigner_Sign_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(SignJWTRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ExternalJWTSignerServer).Sign(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: ExternalJWTSigner_Sign_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ExternalJWTSignerServer).Sign(ctx, req.(*SignJWTRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _ExternalJWTSigner_FetchKeys_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(FetchKeysRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ExternalJWTSignerServer).FetchKeys(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: ExternalJWTSigner_FetchKeys_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ExternalJWTSignerServer).FetchKeys(ctx, req.(*FetchKeysRequest)) + } + return interceptor(ctx, in, info, handler) +} + +func _ExternalJWTSigner_Metadata_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(MetadataRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(ExternalJWTSignerServer).Metadata(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: ExternalJWTSigner_Metadata_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(ExternalJWTSignerServer).Metadata(ctx, req.(*MetadataRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// ExternalJWTSigner_ServiceDesc is the grpc.ServiceDesc for ExternalJWTSigner service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var ExternalJWTSigner_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "v1alpha1.ExternalJWTSigner", + HandlerType: (*ExternalJWTSignerServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Sign", + Handler: _ExternalJWTSigner_Sign_Handler, + }, + { + MethodName: "FetchKeys", + Handler: _ExternalJWTSigner_FetchKeys_Handler, + }, + { + MethodName: "Metadata", + Handler: _ExternalJWTSigner_Metadata_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "staging/src/k8s.io/externaljwt/apis/v1alpha1/api.proto", +} diff --git a/staging/src/k8s.io/externaljwt/go.mod b/staging/src/k8s.io/externaljwt/go.mod index 4ccad433415..a2abf23d3ad 100644 --- a/staging/src/k8s.io/externaljwt/go.mod +++ b/staging/src/k8s.io/externaljwt/go.mod @@ -7,7 +7,6 @@ go 1.24.0 godebug default=go1.24 require ( - github.com/gogo/protobuf v1.3.2 google.golang.org/grpc v1.72.1 google.golang.org/protobuf v1.36.5 ) diff --git a/staging/src/k8s.io/externaljwt/go.sum b/staging/src/k8s.io/externaljwt/go.sum index 178b897c03f..23a5e563872 100644 --- a/staging/src/k8s.io/externaljwt/go.sum +++ b/staging/src/k8s.io/externaljwt/go.sum @@ -13,8 +13,6 @@ github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v1.2.4/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= @@ -22,15 +20,11 @@ github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/spiffe/go-spiffe/v2 v2.5.0/go.mod h1:P+NxobPc6wXhVtINNtFjNWGBTreew1GBUCwT2wPmb7g= github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/zeebo/errs v1.4.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4= go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= @@ -45,43 +39,19 @@ go.opentelemetry.io/otel/sdk/metric v1.34.0 h1:5CeK9ujjbFVL5c1PhLuStg1wxA7vQv7ce go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w= go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs= go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8= golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a/go.mod h1:3kWAYMk1I75K4vykHtKt2ycnOgpA6974V7bREqbsenU= google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb h1:TLPQVbx1GJ8VKZxz52VAxl1EBgKXXbTiU9Fc5fZeLn4= google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I=