github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2026-02-22 07:03:28 +00:00
Code Issues Projects Releases Wiki Activity

Convert externaljwt from gogo to protoc

Browse Source 
Use standard protoc for the `externaljwt` package instead of gogo.

Part of https://github.com/kubernetes/kubernetes/issues/96564

Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
This commit is contained in:
Sascha Grunert
2025-07-07 10:27:46 +02:00
parent 7948fec34b
commit 841886df76
9 changed files with 1319 additions and 921 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hack/unwanted-dependencies.json
View File

@@ -152,7 +152,6 @@
"k8s.io/apiserver",
"k8s.io/client-go",
"k8s.io/code-generator",
"k8s.io/externaljwt",
"k8s.io/kms",
"k8s.io/kube-aggregator",
"k8s.io/kubelet",

2
hack/update-codegen.sh
View File

@@ -1033,10 +1033,10 @@ function codegen::protobindings() {
"staging/src/k8s.io/kubelet/pkg/apis/pluginregistration"
"pkg/kubelet/pluginmanager/pluginwatcher/example_plugin_apis"
"staging/src/k8s.io/externaljwt/apis"
)
local apis_using_protoc=(
"staging/src/k8s.io/cri-api/pkg/apis/runtime"
"staging/src/k8s.io/externaljwt/apis"
)
local apis=("${apis_using_gogo[@]}" "${apis_using_protoc[@]}")

4
pkg/serviceaccount/externaljwt/plugin/testing/v1/externalsigner_mock.go
View File

@@ -35,7 +35,7 @@ import (
"google.golang.org/grpc"
"google.golang.org/protobuf/types/known/timestamppb"
"k8s.io/externaljwt/apis/v1"
v1 "k8s.io/externaljwt/apis/v1"
"k8s.io/klog/v2"
)
@@ -57,6 +57,8 @@ type MockSigner struct {
FetchError error
MetadataError error
errorLock sync.RWMutex
v1.UnsafeExternalJWTSignerServer
}
type KeyT struct {

835
staging/src/k8s.io/externaljwt/apis/v1/api.pb.go
View File

@@ -14,74 +14,95 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: api.proto
//
//Copyright 2025 The Kubernetes Authors.
//
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
// To regenerate api.pb.go run `hack/update-codegen.sh protobindings`
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.36.4
// protoc v4.23.4
// source: staging/src/k8s.io/externaljwt/apis/v1/api.proto
package v1
import (
context "context"
fmt "fmt"
proto "github.com/gogo/protobuf/proto"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
math "math"
reflect "reflect"
sync "sync"
unsafe "unsafe"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
type SignJWTRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
// URL-safe base64 wrapped payload to be signed.
// Exactly as it appears in the second segment of the JWT
Claims string `protobuf:"bytes,1,opt,name=claims,proto3" json:"claims,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
Claims string `protobuf:"bytes,1,opt,name=claims,proto3" json:"claims,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (m *SignJWTRequest) Reset() { *m = SignJWTRequest{} }
func (m *SignJWTRequest) String() string { return proto.CompactTextString(m) }
func (*SignJWTRequest) ProtoMessage() {}
func (x *SignJWTRequest) Reset() {
*x = SignJWTRequest{}
mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *SignJWTRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SignJWTRequest) ProtoMessage() {}
func (x *SignJWTRequest) ProtoReflect() protoreflect.Message {
mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[0]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SignJWTRequest.ProtoReflect.Descriptor instead.
func (*SignJWTRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_00212fb1f9d3bf1c, []int{0}
}
func (m *SignJWTRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_SignJWTRequest.Unmarshal(m, b)
}
func (m *SignJWTRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_SignJWTRequest.Marshal(b, m, deterministic)
}
func (m *SignJWTRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_SignJWTRequest.Merge(m, src)
}
func (m *SignJWTRequest) XXX_Size() int {
return xxx_messageInfo_SignJWTRequest.Size(m)
}
func (m *SignJWTRequest) XXX_DiscardUnknown() {
xxx_messageInfo_SignJWTRequest.DiscardUnknown(m)
return file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescGZIP(), []int{0}
}
var xxx_messageInfo_SignJWTRequest proto.InternalMessageInfo
func (m *SignJWTRequest) GetClaims() string {
if m != nil {
return m.Claims
func (x *SignJWTRequest) GetClaims() string {
if x != nil {
return x.Claims
}
return ""
}
type SignJWTResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
// header must contain only alg, kid, typ claims.
// typ must be “JWT”.
// kid must be non-empty, <=1024 characters, and its corresponding public key should not be excluded from OIDC discovery.
@@ -91,140 +112,158 @@ type SignJWTResponse struct {
Header string `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"`
// The signature for the JWT.
// Already wrapped in URL-safe base64, exactly as it appears in the final segment of the JWT.
Signature string `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
Signature string `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (m *SignJWTResponse) Reset() { *m = SignJWTResponse{} }
func (m *SignJWTResponse) String() string { return proto.CompactTextString(m) }
func (*SignJWTResponse) ProtoMessage() {}
func (x *SignJWTResponse) Reset() {
*x = SignJWTResponse{}
mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *SignJWTResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SignJWTResponse) ProtoMessage() {}
func (x *SignJWTResponse) ProtoReflect() protoreflect.Message {
mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[1]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SignJWTResponse.ProtoReflect.Descriptor instead.
func (*SignJWTResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_00212fb1f9d3bf1c, []int{1}
}
func (m *SignJWTResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_SignJWTResponse.Unmarshal(m, b)
}
func (m *SignJWTResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_SignJWTResponse.Marshal(b, m, deterministic)
}
func (m *SignJWTResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_SignJWTResponse.Merge(m, src)
}
func (m *SignJWTResponse) XXX_Size() int {
return xxx_messageInfo_SignJWTResponse.Size(m)
}
func (m *SignJWTResponse) XXX_DiscardUnknown() {
xxx_messageInfo_SignJWTResponse.DiscardUnknown(m)
return file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescGZIP(), []int{1}
}
var xxx_messageInfo_SignJWTResponse proto.InternalMessageInfo
func (m *SignJWTResponse) GetHeader() string {
if m != nil {
return m.Header
func (x *SignJWTResponse) GetHeader() string {
if x != nil {
return x.Header
}
return ""
}
func (m *SignJWTResponse) GetSignature() string {
if m != nil {
return m.Signature
func (x *SignJWTResponse) GetSignature() string {
if x != nil {
return x.Signature
}
return ""
}
type FetchKeysRequest struct {
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (m *FetchKeysRequest) Reset() { *m = FetchKeysRequest{} }
func (m *FetchKeysRequest) String() string { return proto.CompactTextString(m) }
func (*FetchKeysRequest) ProtoMessage() {}
func (x *FetchKeysRequest) Reset() {
*x = FetchKeysRequest{}
mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *FetchKeysRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*FetchKeysRequest) ProtoMessage() {}
func (x *FetchKeysRequest) ProtoReflect() protoreflect.Message {
mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[2]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use FetchKeysRequest.ProtoReflect.Descriptor instead.
func (*FetchKeysRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_00212fb1f9d3bf1c, []int{2}
return file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescGZIP(), []int{2}
}
func (m *FetchKeysRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_FetchKeysRequest.Unmarshal(m, b)
}
func (m *FetchKeysRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_FetchKeysRequest.Marshal(b, m, deterministic)
}
func (m *FetchKeysRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_FetchKeysRequest.Merge(m, src)
}
func (m *FetchKeysRequest) XXX_Size() int {
return xxx_messageInfo_FetchKeysRequest.Size(m)
}
func (m *FetchKeysRequest) XXX_DiscardUnknown() {
xxx_messageInfo_FetchKeysRequest.DiscardUnknown(m)
}
var xxx_messageInfo_FetchKeysRequest proto.InternalMessageInfo
type FetchKeysResponse struct {
Keys []*Key `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"`
state protoimpl.MessageState `protogen:"open.v1"`
Keys []*Key `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"`
// The timestamp when this data was pulled from the authoritative source of
// truth for verification keys.
// kube-apiserver can export this from metrics, to enable end-to-end SLOs.
DataTimestamp *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=data_timestamp,json=dataTimestamp,proto3" json:"data_timestamp,omitempty"`
// refresh interval for verification keys to pick changes if any.
// any value <= 0 is considered a misconfiguration.
RefreshHintSeconds int64 `protobuf:"varint,3,opt,name=refresh_hint_seconds,json=refreshHintSeconds,proto3" json:"refresh_hint_seconds,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
RefreshHintSeconds int64 `protobuf:"varint,3,opt,name=refresh_hint_seconds,json=refreshHintSeconds,proto3" json:"refresh_hint_seconds,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (m *FetchKeysResponse) Reset() { *m = FetchKeysResponse{} }
func (m *FetchKeysResponse) String() string { return proto.CompactTextString(m) }
func (*FetchKeysResponse) ProtoMessage() {}
func (x *FetchKeysResponse) Reset() {
*x = FetchKeysResponse{}
mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *FetchKeysResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*FetchKeysResponse) ProtoMessage() {}
func (x *FetchKeysResponse) ProtoReflect() protoreflect.Message {
mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[3]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use FetchKeysResponse.ProtoReflect.Descriptor instead.
func (*FetchKeysResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_00212fb1f9d3bf1c, []int{3}
}
func (m *FetchKeysResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_FetchKeysResponse.Unmarshal(m, b)
}
func (m *FetchKeysResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_FetchKeysResponse.Marshal(b, m, deterministic)
}
func (m *FetchKeysResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_FetchKeysResponse.Merge(m, src)
}
func (m *FetchKeysResponse) XXX_Size() int {
return xxx_messageInfo_FetchKeysResponse.Size(m)
}
func (m *FetchKeysResponse) XXX_DiscardUnknown() {
xxx_messageInfo_FetchKeysResponse.DiscardUnknown(m)
return file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescGZIP(), []int{3}
}
var xxx_messageInfo_FetchKeysResponse proto.InternalMessageInfo
func (m *FetchKeysResponse) GetKeys() []*Key {
if m != nil {
return m.Keys
func (x *FetchKeysResponse) GetKeys() []*Key {
if x != nil {
return x.Keys
}
return nil
}
func (m *FetchKeysResponse) GetDataTimestamp() *timestamppb.Timestamp {
if m != nil {
return m.DataTimestamp
func (x *FetchKeysResponse) GetDataTimestamp() *timestamppb.Timestamp {
if x != nil {
return x.DataTimestamp
}
return nil
}
func (m *FetchKeysResponse) GetRefreshHintSeconds() int64 {
if m != nil {
return m.RefreshHintSeconds
func (x *FetchKeysResponse) GetRefreshHintSeconds() int64 {
if x != nil {
return x.RefreshHintSeconds
}
return 0
}
type Key struct {
state protoimpl.MessageState `protogen:"open.v1"`
// A unique identifier for this key.
// Length must be <=1024.
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
@@ -235,88 +274,100 @@ type Key struct {
// eg: supported keys for legacy tokens.
// If set, key is used for verification but excluded from OIDC discovery docs.
// if set, external signer should not use this key to sign a JWT.
ExcludeFromOidcDiscovery bool `protobuf:"varint,3,opt,name=exclude_from_oidc_discovery,json=excludeFromOidcDiscovery,proto3" json:"exclude_from_oidc_discovery,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
ExcludeFromOidcDiscovery bool `protobuf:"varint,3,opt,name=exclude_from_oidc_discovery,json=excludeFromOidcDiscovery,proto3" json:"exclude_from_oidc_discovery,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (m *Key) Reset() { *m = Key{} }
func (m *Key) String() string { return proto.CompactTextString(m) }
func (*Key) ProtoMessage() {}
func (x *Key) Reset() {
*x = Key{}
mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[4]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *Key) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*Key) ProtoMessage() {}
func (x *Key) ProtoReflect() protoreflect.Message {
mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[4]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use Key.ProtoReflect.Descriptor instead.
func (*Key) Descriptor() ([]byte, []int) {
return fileDescriptor_00212fb1f9d3bf1c, []int{4}
}
func (m *Key) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Key.Unmarshal(m, b)
}
func (m *Key) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_Key.Marshal(b, m, deterministic)
}
func (m *Key) XXX_Merge(src proto.Message) {
xxx_messageInfo_Key.Merge(m, src)
}
func (m *Key) XXX_Size() int {
return xxx_messageInfo_Key.Size(m)
}
func (m *Key) XXX_DiscardUnknown() {
xxx_messageInfo_Key.DiscardUnknown(m)
return file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescGZIP(), []int{4}
}
var xxx_messageInfo_Key proto.InternalMessageInfo
func (m *Key) GetKeyId() string {
if m != nil {
return m.KeyId
func (x *Key) GetKeyId() string {
if x != nil {
return x.KeyId
}
return ""
}
func (m *Key) GetKey() []byte {
if m != nil {
return m.Key
func (x *Key) GetKey() []byte {
if x != nil {
return x.Key
}
return nil
}
func (m *Key) GetExcludeFromOidcDiscovery() bool {
if m != nil {
return m.ExcludeFromOidcDiscovery
func (x *Key) GetExcludeFromOidcDiscovery() bool {
if x != nil {
return x.ExcludeFromOidcDiscovery
}
return false
}
type MetadataRequest struct {
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (m *MetadataRequest) Reset() { *m = MetadataRequest{} }
func (m *MetadataRequest) String() string { return proto.CompactTextString(m) }
func (*MetadataRequest) ProtoMessage() {}
func (x *MetadataRequest) Reset() {
*x = MetadataRequest{}
mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[5]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *MetadataRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*MetadataRequest) ProtoMessage() {}
func (x *MetadataRequest) ProtoReflect() protoreflect.Message {
mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[5]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use MetadataRequest.ProtoReflect.Descriptor instead.
func (*MetadataRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_00212fb1f9d3bf1c, []int{5}
return file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescGZIP(), []int{5}
}
func (m *MetadataRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MetadataRequest.Unmarshal(m, b)
}
func (m *MetadataRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_MetadataRequest.Marshal(b, m, deterministic)
}
func (m *MetadataRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_MetadataRequest.Merge(m, src)
}
func (m *MetadataRequest) XXX_Size() int {
return xxx_messageInfo_MetadataRequest.Size(m)
}
func (m *MetadataRequest) XXX_DiscardUnknown() {
xxx_messageInfo_MetadataRequest.DiscardUnknown(m)
}
var xxx_messageInfo_MetadataRequest proto.InternalMessageInfo
type MetadataResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
// used by kube-apiserver for defaulting/validation of JWT lifetime while accounting for configuration flag values:
// 1. `--service-account-max-token-expiration`
// 2. `--service-account-extend-token-expiration`
@@ -326,267 +377,165 @@ type MetadataResponse struct {
// * If `--service-account-extend-token-expiration` is true, the extended expiration is `min(1 year, max_token_expiration_seconds)`.
//
// `max_token_expiration_seconds` must be at least 600s.
MaxTokenExpirationSeconds int64 `protobuf:"varint,1,opt,name=max_token_expiration_seconds,json=maxTokenExpirationSeconds,proto3" json:"max_token_expiration_seconds,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
MaxTokenExpirationSeconds int64 `protobuf:"varint,1,opt,name=max_token_expiration_seconds,json=maxTokenExpirationSeconds,proto3" json:"max_token_expiration_seconds,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (m *MetadataResponse) Reset() { *m = MetadataResponse{} }
func (m *MetadataResponse) String() string { return proto.CompactTextString(m) }
func (*MetadataResponse) ProtoMessage() {}
func (x *MetadataResponse) Reset() {
*x = MetadataResponse{}
mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[6]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *MetadataResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*MetadataResponse) ProtoMessage() {}
func (x *MetadataResponse) ProtoReflect() protoreflect.Message {
mi := &file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes[6]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use MetadataResponse.ProtoReflect.Descriptor instead.
func (*MetadataResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_00212fb1f9d3bf1c, []int{6}
}
func (m *MetadataResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MetadataResponse.Unmarshal(m, b)
}
func (m *MetadataResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_MetadataResponse.Marshal(b, m, deterministic)
}
func (m *MetadataResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_MetadataResponse.Merge(m, src)
}
func (m *MetadataResponse) XXX_Size() int {
return xxx_messageInfo_MetadataResponse.Size(m)
}
func (m *MetadataResponse) XXX_DiscardUnknown() {
xxx_messageInfo_MetadataResponse.DiscardUnknown(m)
return file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescGZIP(), []int{6}
}
var xxx_messageInfo_MetadataResponse proto.InternalMessageInfo
func (m *MetadataResponse) GetMaxTokenExpirationSeconds() int64 {
if m != nil {
return m.MaxTokenExpirationSeconds
func (x *MetadataResponse) GetMaxTokenExpirationSeconds() int64 {
if x != nil {
return x.MaxTokenExpirationSeconds
}
return 0
}
func init() {
proto.RegisterType((*SignJWTRequest)(nil), "v1.SignJWTRequest")
proto.RegisterType((*SignJWTResponse)(nil), "v1.SignJWTResponse")
proto.RegisterType((*FetchKeysRequest)(nil), "v1.FetchKeysRequest")
proto.RegisterType((*FetchKeysResponse)(nil), "v1.FetchKeysResponse")
proto.RegisterType((*Key)(nil), "v1.Key")
proto.RegisterType((*MetadataRequest)(nil), "v1.MetadataRequest")
proto.RegisterType((*MetadataResponse)(nil), "v1.MetadataResponse")
var File_staging_src_k8s_io_externaljwt_apis_v1_api_proto protoreflect.FileDescriptor
var file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDesc = string([]byte{
0x0a, 0x30, 0x73, 0x74, 0x61, 0x67, 0x69, 0x6e, 0x67, 0x2f, 0x73, 0x72, 0x63, 0x2f, 0x6b, 0x38,
0x73, 0x2e, 0x69, 0x6f, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x6a, 0x77, 0x74,
0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x2f, 0x61, 0x70, 0x69, 0x2e, 0x70, 0x72, 0x6f,
0x74, 0x6f, 0x12, 0x02, 0x76, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70,
0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d,
0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x28, 0x0a, 0x0e, 0x53, 0x69, 0x67, 0x6e, 0x4a,
0x57, 0x54, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x63, 0x6c, 0x61,
0x69, 0x6d, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x63, 0x6c, 0x61, 0x69, 0x6d,
0x73, 0x22, 0x47, 0x0a, 0x0f, 0x53, 0x69, 0x67, 0x6e, 0x4a, 0x57, 0x54, 0x52, 0x65, 0x73, 0x70,
0x6f, 0x6e, 0x73, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01,
0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09,
0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22, 0x12, 0x0a, 0x10, 0x46, 0x65,
0x74, 0x63, 0x68, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xa5,
0x01, 0x0a, 0x11, 0x46, 0x65, 0x74, 0x63, 0x68, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x73, 0x70,
0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1b, 0x0a, 0x04, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03,
0x28, 0x0b, 0x32, 0x07, 0x2e, 0x76, 0x31, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x04, 0x6b, 0x65, 0x79,
0x73, 0x12, 0x41, 0x0a, 0x0e, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74,
0x61, 0x6d, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67,
0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65,
0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0d, 0x64, 0x61, 0x74, 0x61, 0x54, 0x69, 0x6d, 0x65, 0x73,
0x74, 0x61, 0x6d, 0x70, 0x12, 0x30, 0x0a, 0x14, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f,
0x68, 0x69, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x03, 0x20, 0x01,
0x28, 0x03, 0x52, 0x12, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x48, 0x69, 0x6e, 0x74, 0x53,
0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x22, 0x6d, 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x15, 0x0a,
0x06, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6b,
0x65, 0x79, 0x49, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28,
0x0c, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3d, 0x0a, 0x1b, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x64,
0x65, 0x5f, 0x66, 0x72, 0x6f, 0x6d, 0x5f, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x64, 0x69, 0x73, 0x63,
0x6f, 0x76, 0x65, 0x72, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x18, 0x65, 0x78, 0x63,
0x6c, 0x75, 0x64, 0x65, 0x46, 0x72, 0x6f, 0x6d, 0x4f, 0x69, 0x64, 0x63, 0x44, 0x69, 0x73, 0x63,
0x6f, 0x76, 0x65, 0x72, 0x79, 0x22, 0x11, 0x0a, 0x0f, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74,
0x61, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x53, 0x0a, 0x10, 0x4d, 0x65, 0x74, 0x61,
0x64, 0x61, 0x74, 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x1c,
0x6d, 0x61, 0x78, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x61,
0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x01, 0x20, 0x01,
0x28, 0x03, 0x52, 0x19, 0x6d, 0x61, 0x78, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x45, 0x78, 0x70, 0x69,
0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x32, 0xbb, 0x01,
0x0a, 0x11, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x4a, 0x57, 0x54, 0x53, 0x69, 0x67,
0x6e, 0x65, 0x72, 0x12, 0x31, 0x0a, 0x04, 0x53, 0x69, 0x67, 0x6e, 0x12, 0x12, 0x2e, 0x76, 0x31,
0x2e, 0x53, 0x69, 0x67, 0x6e, 0x4a, 0x57, 0x54, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a,
0x13, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x4a, 0x57, 0x54, 0x52, 0x65, 0x73, 0x70,
0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x3a, 0x0a, 0x09, 0x46, 0x65, 0x74, 0x63, 0x68, 0x4b,
0x65, 0x79, 0x73, 0x12, 0x14, 0x2e, 0x76, 0x31, 0x2e, 0x46, 0x65, 0x74, 0x63, 0x68, 0x4b, 0x65,
0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x76, 0x31, 0x2e, 0x46,
0x65, 0x74, 0x63, 0x68, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
0x22, 0x00, 0x12, 0x37, 0x0a, 0x08, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x13,
0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x1a, 0x14, 0x2e, 0x76, 0x31, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74,
0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x1c, 0x5a, 0x1a, 0x6b,
0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x6a, 0x77,
0x74, 0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x33,
})
var (
file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescOnce sync.Once
file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescData []byte
)
func file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescGZIP() []byte {
file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescOnce.Do(func() {
file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDesc), len(file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDesc)))
})
return file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDescData
}
func init() { proto.RegisterFile("api.proto", fileDescriptor_00212fb1f9d3bf1c) }
var fileDescriptor_00212fb1f9d3bf1c = []byte{
// 476 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x5c, 0x92, 0x51, 0x6f, 0xd3, 0x30,
0x10, 0xc7, 0xc9, 0x32, 0xc6, 0x7a, 0x83, 0xad, 0x35, 0x1d, 0x2a, 0x59, 0x25, 0xa6, 0x3c, 0xf5,
0x29, 0xa1, 0xe5, 0x01, 0x84, 0x84, 0x10, 0x88, 0x0d, 0x58, 0x85, 0x90, 0xd2, 0x4a, 0x93, 0x78,
0x89, 0xbc, 0xe4, 0xda, 0x9a, 0x34, 0x71, 0xb0, 0xdd, 0x92, 0x7c, 0x20, 0x3e, 0x05, 0x5f, 0x0e,
0x39, 0x71, 0x32, 0xda, 0x37, 0xfb, 0x7f, 0xff, 0xf3, 0xdd, 0xef, 0xce, 0xd0, 0xa1, 0x39, 0xf3,
0x72, 0xc1, 0x15, 0x27, 0x07, 0xdb, 0xb1, 0xf3, 0x62, 0xc9, 0xf9, 0x72, 0x8d, 0x7e, 0xa5, 0xdc,
0x6d, 0x16, 0xbe, 0x62, 0x29, 0x4a, 0x45, 0xd3, 0xbc, 0x36, 0xb9, 0x23, 0x38, 0x9d, 0xb1, 0x65,
0x76, 0x73, 0x3b, 0x0f, 0xf0, 0xd7, 0x06, 0xa5, 0x22, 0xcf, 0xe0, 0x28, 0x5a, 0x53, 0x96, 0xca,
0x81, 0x75, 0x69, 0x8d, 0x3a, 0x81, 0xb9, 0xb9, 0x9f, 0xe1, 0xac, 0x75, 0xca, 0x9c, 0x67, 0x12,
0xb5, 0x75, 0x85, 0x34, 0x46, 0xd1, 0x58, 0xeb, 0x1b, 0x19, 0x42, 0x47, 0xb2, 0x65, 0x46, 0xd5,
0x46, 0xe0, 0xe0, 0xa0, 0x0a, 0xdd, 0x0b, 0x2e, 0x81, 0xee, 0x35, 0xaa, 0x68, 0x35, 0xc5, 0x52,
0x9a, 0xa2, 0xee, 0x1f, 0x0b, 0x7a, 0xff, 0x89, 0xe6, 0xfd, 0x0b, 0x38, 0x4c, 0xb0, 0xd4, 0x8d,
0xd8, 0xa3, 0x93, 0xc9, 0x23, 0x6f, 0x3b, 0xf6, 0xa6, 0x58, 0x06, 0x95, 0x48, 0x3e, 0xc0, 0x69,
0x4c, 0x15, 0x0d, 0x5b, 0xa2, 0xaa, 0xd2, 0xc9, 0xc4, 0xf1, 0x6a, 0x66, 0xaf, 0x61, 0xf6, 0xe6,
0x8d, 0x23, 0x78, 0xa2, 0x33, 0xda, 0x2b, 0x79, 0x09, 0x7d, 0x81, 0x0b, 0x81, 0x72, 0x15, 0xae,
0x58, 0xa6, 0x42, 0x89, 0x11, 0xcf, 0x62, 0x39, 0xb0, 0x2f, 0xad, 0x91, 0x1d, 0x10, 0x13, 0xfb,
0xc2, 0x32, 0x35, 0xab, 0x23, 0x6e, 0x0a, 0xf6, 0x14, 0x4b, 0x72, 0x0e, 0x47, 0x09, 0x96, 0x21,
0x8b, 0x0d, 0xf8, 0xc3, 0x04, 0xcb, 0xaf, 0x31, 0xe9, 0x82, 0x9d, 0x60, 0x59, 0xf5, 0xf1, 0x38,
0xd0, 0x47, 0xf2, 0x0e, 0x2e, 0xb0, 0x88, 0xd6, 0x9b, 0x18, 0xc3, 0x85, 0xe0, 0x69, 0xc8, 0x59,
0x1c, 0x85, 0x31, 0x93, 0x11, 0xdf, 0xa2, 0x28, 0xab, 0x42, 0xc7, 0xc1, 0xc0, 0x58, 0xae, 0x05,
0x4f, 0xbf, 0xb3, 0x38, 0xfa, 0xd4, 0xc4, 0xdd, 0x1e, 0x9c, 0x7d, 0x43, 0x45, 0x75, 0xd7, 0xcd,
0xa4, 0x66, 0xd0, 0xbd, 0x97, 0xcc, 0x9c, 0xde, 0xc3, 0x30, 0xa5, 0x45, 0xa8, 0x78, 0x82, 0x59,
0x88, 0x45, 0xce, 0x04, 0x55, 0x8c, 0x67, 0x2d, 0x8f, 0x55, 0xf1, 0x3c, 0x4f, 0x69, 0x31, 0xd7,
0x96, 0xab, 0xd6, 0x61, 0xb0, 0x26, 0x7f, 0x2d, 0xe8, 0x5d, 0x15, 0x0a, 0x45, 0x46, 0xd7, 0x37,
0xb7, 0x73, 0xbd, 0x67, 0x14, 0x64, 0x0c, 0x87, 0xfa, 0x44, 0x88, 0x1e, 0xfc, 0xee, 0x2f, 0x71,
0x9e, 0xee, 0x68, 0x75, 0x1f, 0xee, 0x03, 0xf2, 0x16, 0x3a, 0xed, 0x1a, 0x49, 0x5f, 0x7b, 0xf6,
0x57, 0xed, 0x9c, 0xef, 0xa9, 0x6d, 0xee, 0x6b, 0x38, 0x6e, 0xc8, 0x48, 0xf5, 0xfc, 0x1e, 0xba,
0xd3, 0xdf, 0x15, 0x9b, 0xc4, 0x8f, 0xc3, 0x1f, 0x4e, 0xf2, 0x46, 0x7a, 0x8c, 0xfb, 0x68, 0x18,
0x7e, 0xfe, 0x56, 0x3e, 0xcd, 0x99, 0xf4, 0xb7, 0xe3, 0xbb, 0xa3, 0xea, 0x1f, 0xbc, 0xfa, 0x17,
0x00, 0x00, 0xff, 0xff, 0xc2, 0x92, 0x25, 0x65, 0x1a, 0x03, 0x00, 0x00,
var file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes = make([]protoimpl.MessageInfo, 7)
var file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_goTypes = []any{
(*SignJWTRequest)(nil), // 0: v1.SignJWTRequest
(*SignJWTResponse)(nil), // 1: v1.SignJWTResponse
(*FetchKeysRequest)(nil), // 2: v1.FetchKeysRequest
(*FetchKeysResponse)(nil), // 3: v1.FetchKeysResponse
(*Key)(nil), // 4: v1.Key
(*MetadataRequest)(nil), // 5: v1.MetadataRequest
(*MetadataResponse)(nil), // 6: v1.MetadataResponse
(*timestamppb.Timestamp)(nil), // 7: google.protobuf.Timestamp
}
var file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_depIdxs = []int32{
4, // 0: v1.FetchKeysResponse.keys:type_name -> v1.Key
7, // 1: v1.FetchKeysResponse.data_timestamp:type_name -> google.protobuf.Timestamp
0, // 2: v1.ExternalJWTSigner.Sign:input_type -> v1.SignJWTRequest
2, // 3: v1.ExternalJWTSigner.FetchKeys:input_type -> v1.FetchKeysRequest
5, // 4: v1.ExternalJWTSigner.Metadata:input_type -> v1.MetadataRequest
1, // 5: v1.ExternalJWTSigner.Sign:output_type -> v1.SignJWTResponse
3, // 6: v1.ExternalJWTSigner.FetchKeys:output_type -> v1.FetchKeysResponse
6, // 7: v1.ExternalJWTSigner.Metadata:output_type -> v1.MetadataResponse
5, // [5:8] is the sub-list for method output_type
2, // [2:5] is the sub-list for method input_type
2, // [2:2] is the sub-list for extension type_name
2, // [2:2] is the sub-list for extension extendee
0, // [0:2] is the sub-list for field type_name
}
// Reference imports to suppress errors if they are not otherwise used.
var _ context.Context
var _ grpc.ClientConn
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
const _ = grpc.SupportPackageIsVersion4
// ExternalJWTSignerClient is the client API for ExternalJWTSigner service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
type ExternalJWTSignerClient interface {
// Sign takes a serialized JWT payload, and returns the serialized header and
// signature. The caller can then assemble the JWT from the header, payload,
// and signature. Signature can be generated by signing
// `base64url(header) + "." + base64url(payload)` with signing key.
//
// The plugin MUST set a key id in the returned JWT header.
Sign(ctx context.Context, in *SignJWTRequest, opts ...grpc.CallOption) (*SignJWTResponse, error)
// FetchKeys returns the set of public keys that are trusted to sign
// Kubernetes service account tokens. Kube-apiserver will call this RPC:
//
// * Every time it tries to validate a JWT from the service account issuer with an unknown key ID, and
//
// - Periodically, so it can serve reasonably-up-to-date keys from the OIDC
// JWKs endpoint.
FetchKeys(ctx context.Context, in *FetchKeysRequest, opts ...grpc.CallOption) (*FetchKeysResponse, error)
// Metadata is meant to be called once on startup.
// Enables sharing metadata with kube-apiserver (eg: the max token lifetime that signer supports)
Metadata(ctx context.Context, in *MetadataRequest, opts ...grpc.CallOption) (*MetadataResponse, error)
}
type externalJWTSignerClient struct {
cc *grpc.ClientConn
}
func NewExternalJWTSignerClient(cc *grpc.ClientConn) ExternalJWTSignerClient {
return &externalJWTSignerClient{cc}
}
func (c *externalJWTSignerClient) Sign(ctx context.Context, in *SignJWTRequest, opts ...grpc.CallOption) (*SignJWTResponse, error) {
out := new(SignJWTResponse)
err := c.cc.Invoke(ctx, "/v1.ExternalJWTSigner/Sign", in, out, opts...)
if err != nil {
return nil, err
func init() { file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_init() }
func file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_init() {
if File_staging_src_k8s_io_externaljwt_apis_v1_api_proto != nil {
return
}
return out, nil
}
func (c *externalJWTSignerClient) FetchKeys(ctx context.Context, in *FetchKeysRequest, opts ...grpc.CallOption) (*FetchKeysResponse, error) {
out := new(FetchKeysResponse)
err := c.cc.Invoke(ctx, "/v1.ExternalJWTSigner/FetchKeys", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *externalJWTSignerClient) Metadata(ctx context.Context, in *MetadataRequest, opts ...grpc.CallOption) (*MetadataResponse, error) {
out := new(MetadataResponse)
err := c.cc.Invoke(ctx, "/v1.ExternalJWTSigner/Metadata", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// ExternalJWTSignerServer is the server API for ExternalJWTSigner service.
type ExternalJWTSignerServer interface {
// Sign takes a serialized JWT payload, and returns the serialized header and
// signature. The caller can then assemble the JWT from the header, payload,
// and signature. Signature can be generated by signing
// `base64url(header) + "." + base64url(payload)` with signing key.
//
// The plugin MUST set a key id in the returned JWT header.
Sign(context.Context, *SignJWTRequest) (*SignJWTResponse, error)
// FetchKeys returns the set of public keys that are trusted to sign
// Kubernetes service account tokens. Kube-apiserver will call this RPC:
//
// * Every time it tries to validate a JWT from the service account issuer with an unknown key ID, and
//
// - Periodically, so it can serve reasonably-up-to-date keys from the OIDC
// JWKs endpoint.
FetchKeys(context.Context, *FetchKeysRequest) (*FetchKeysResponse, error)
// Metadata is meant to be called once on startup.
// Enables sharing metadata with kube-apiserver (eg: the max token lifetime that signer supports)
Metadata(context.Context, *MetadataRequest) (*MetadataResponse, error)
}
// UnimplementedExternalJWTSignerServer can be embedded to have forward compatible implementations.
type UnimplementedExternalJWTSignerServer struct {
}
func (*UnimplementedExternalJWTSignerServer) Sign(ctx context.Context, req *SignJWTRequest) (*SignJWTResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Sign not implemented")
}
func (*UnimplementedExternalJWTSignerServer) FetchKeys(ctx context.Context, req *FetchKeysRequest) (*FetchKeysResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method FetchKeys not implemented")
}
func (*UnimplementedExternalJWTSignerServer) Metadata(ctx context.Context, req *MetadataRequest) (*MetadataResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Metadata not implemented")
}
func RegisterExternalJWTSignerServer(s *grpc.Server, srv ExternalJWTSignerServer) {
s.RegisterService(&_ExternalJWTSigner_serviceDesc, srv)
}
func _ExternalJWTSigner_Sign_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(SignJWTRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(ExternalJWTSignerServer).Sign(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/v1.ExternalJWTSigner/Sign",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(ExternalJWTSignerServer).Sign(ctx, req.(*SignJWTRequest))
}
return interceptor(ctx, in, info, handler)
}
func _ExternalJWTSigner_FetchKeys_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(FetchKeysRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(ExternalJWTSignerServer).FetchKeys(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/v1.ExternalJWTSigner/FetchKeys",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(ExternalJWTSignerServer).FetchKeys(ctx, req.(*FetchKeysRequest))
}
return interceptor(ctx, in, info, handler)
}
func _ExternalJWTSigner_Metadata_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(MetadataRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(ExternalJWTSignerServer).Metadata(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/v1.ExternalJWTSigner/Metadata",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(ExternalJWTSignerServer).Metadata(ctx, req.(*MetadataRequest))
}
return interceptor(ctx, in, info, handler)
}
var _ExternalJWTSigner_serviceDesc = grpc.ServiceDesc{
ServiceName: "v1.ExternalJWTSigner",
HandlerType: (*ExternalJWTSignerServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "Sign",
Handler: _ExternalJWTSigner_Sign_Handler,
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: unsafe.Slice(unsafe.StringData(file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDesc), len(file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_rawDesc)),
NumEnums: 0,
NumMessages: 7,
NumExtensions: 0,
NumServices: 1,
},
{
MethodName: "FetchKeys",
Handler: _ExternalJWTSigner_FetchKeys_Handler,
},
{
MethodName: "Metadata",
Handler: _ExternalJWTSigner_Metadata_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "api.proto",
GoTypes: file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_goTypes,
DependencyIndexes: file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_depIdxs,
MessageInfos: file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_msgTypes,
}.Build()
File_staging_src_k8s_io_externaljwt_apis_v1_api_proto = out.File
file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_goTypes = nil
file_staging_src_k8s_io_externaljwt_apis_v1_api_proto_depIdxs = nil
}

264
staging/src/k8s.io/externaljwt/apis/v1/api_grpc.pb.go Normal file
View File

@@ -0,0 +1,264 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
//
//Copyright 2025 The Kubernetes Authors.
//
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
// To regenerate api.pb.go run `hack/update-codegen.sh protobindings`
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
// - protoc-gen-go-grpc v1.5.1
// - protoc v4.23.4
// source: staging/src/k8s.io/externaljwt/apis/v1/api.proto
package v1
import (
context "context"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
)
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
// Requires gRPC-Go v1.64.0 or later.
const _ = grpc.SupportPackageIsVersion9
const (
ExternalJWTSigner_Sign_FullMethodName = "/v1.ExternalJWTSigner/Sign"
ExternalJWTSigner_FetchKeys_FullMethodName = "/v1.ExternalJWTSigner/FetchKeys"
ExternalJWTSigner_Metadata_FullMethodName = "/v1.ExternalJWTSigner/Metadata"
)
// ExternalJWTSignerClient is the client API for ExternalJWTSigner service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
//
// This service is served by a process on a local Unix Domain Socket.
type ExternalJWTSignerClient interface {
// Sign takes a serialized JWT payload, and returns the serialized header and
// signature. The caller can then assemble the JWT from the header, payload,
// and signature. Signature can be generated by signing
// `base64url(header) + "." + base64url(payload)` with signing key.
//
// The plugin MUST set a key id in the returned JWT header.
Sign(ctx context.Context, in *SignJWTRequest, opts ...grpc.CallOption) (*SignJWTResponse, error)
// FetchKeys returns the set of public keys that are trusted to sign
// Kubernetes service account tokens. Kube-apiserver will call this RPC:
//
// * Every time it tries to validate a JWT from the service account issuer with an unknown key ID, and
//
// - Periodically, so it can serve reasonably-up-to-date keys from the OIDC
// JWKs endpoint.
FetchKeys(ctx context.Context, in *FetchKeysRequest, opts ...grpc.CallOption) (*FetchKeysResponse, error)
// Metadata is meant to be called once on startup.
// Enables sharing metadata with kube-apiserver (eg: the max token lifetime that signer supports)
Metadata(ctx context.Context, in *MetadataRequest, opts ...grpc.CallOption) (*MetadataResponse, error)
}
type externalJWTSignerClient struct {
cc grpc.ClientConnInterface
}
func NewExternalJWTSignerClient(cc grpc.ClientConnInterface) ExternalJWTSignerClient {
return &externalJWTSignerClient{cc}
}
func (c *externalJWTSignerClient) Sign(ctx context.Context, in *SignJWTRequest, opts ...grpc.CallOption) (*SignJWTResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(SignJWTResponse)
err := c.cc.Invoke(ctx, ExternalJWTSigner_Sign_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *externalJWTSignerClient) FetchKeys(ctx context.Context, in *FetchKeysRequest, opts ...grpc.CallOption) (*FetchKeysResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(FetchKeysResponse)
err := c.cc.Invoke(ctx, ExternalJWTSigner_FetchKeys_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *externalJWTSignerClient) Metadata(ctx context.Context, in *MetadataRequest, opts ...grpc.CallOption) (*MetadataResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(MetadataResponse)
err := c.cc.Invoke(ctx, ExternalJWTSigner_Metadata_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
// ExternalJWTSignerServer is the server API for ExternalJWTSigner service.
// All implementations must embed UnimplementedExternalJWTSignerServer
// for forward compatibility.
//
// This service is served by a process on a local Unix Domain Socket.
type ExternalJWTSignerServer interface {
// Sign takes a serialized JWT payload, and returns the serialized header and
// signature. The caller can then assemble the JWT from the header, payload,
// and signature. Signature can be generated by signing
// `base64url(header) + "." + base64url(payload)` with signing key.
//
// The plugin MUST set a key id in the returned JWT header.
Sign(context.Context, *SignJWTRequest) (*SignJWTResponse, error)
// FetchKeys returns the set of public keys that are trusted to sign
// Kubernetes service account tokens. Kube-apiserver will call this RPC:
//
// * Every time it tries to validate a JWT from the service account issuer with an unknown key ID, and
//
// - Periodically, so it can serve reasonably-up-to-date keys from the OIDC
// JWKs endpoint.
FetchKeys(context.Context, *FetchKeysRequest) (*FetchKeysResponse, error)
// Metadata is meant to be called once on startup.
// Enables sharing metadata with kube-apiserver (eg: the max token lifetime that signer supports)
Metadata(context.Context, *MetadataRequest) (*MetadataResponse, error)
mustEmbedUnimplementedExternalJWTSignerServer()
}
// UnimplementedExternalJWTSignerServer must be embedded to have
// forward compatible implementations.
//
// NOTE: this should be embedded by value instead of pointer to avoid a nil
// pointer dereference when methods are called.
type UnimplementedExternalJWTSignerServer struct{}
func (UnimplementedExternalJWTSignerServer) Sign(context.Context, *SignJWTRequest) (*SignJWTResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Sign not implemented")
}
func (UnimplementedExternalJWTSignerServer) FetchKeys(context.Context, *FetchKeysRequest) (*FetchKeysResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method FetchKeys not implemented")
}
func (UnimplementedExternalJWTSignerServer) Metadata(context.Context, *MetadataRequest) (*MetadataResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Metadata not implemented")
}
func (UnimplementedExternalJWTSignerServer) mustEmbedUnimplementedExternalJWTSignerServer() {}
func (UnimplementedExternalJWTSignerServer) testEmbeddedByValue() {}
// UnsafeExternalJWTSignerServer may be embedded to opt out of forward compatibility for this service.
// Use of this interface is not recommended, as added methods to ExternalJWTSignerServer will
// result in compilation errors.
type UnsafeExternalJWTSignerServer interface {
mustEmbedUnimplementedExternalJWTSignerServer()
}
func RegisterExternalJWTSignerServer(s grpc.ServiceRegistrar, srv ExternalJWTSignerServer) {
// If the following call pancis, it indicates UnimplementedExternalJWTSignerServer was
// embedded by pointer and is nil. This will cause panics if an
// unimplemented method is ever invoked, so we test this at initialization
// time to prevent it from happening at runtime later due to I/O.
if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
t.testEmbeddedByValue()
}
s.RegisterService(&ExternalJWTSigner_ServiceDesc, srv)
}
func _ExternalJWTSigner_Sign_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(SignJWTRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(ExternalJWTSignerServer).Sign(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: ExternalJWTSigner_Sign_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(ExternalJWTSignerServer).Sign(ctx, req.(*SignJWTRequest))
}
return interceptor(ctx, in, info, handler)
}
func _ExternalJWTSigner_FetchKeys_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(FetchKeysRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(ExternalJWTSignerServer).FetchKeys(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: ExternalJWTSigner_FetchKeys_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(ExternalJWTSignerServer).FetchKeys(ctx, req.(*FetchKeysRequest))
}
return interceptor(ctx, in, info, handler)
}
func _ExternalJWTSigner_Metadata_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(MetadataRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(ExternalJWTSignerServer).Metadata(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: ExternalJWTSigner_Metadata_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(ExternalJWTSignerServer).Metadata(ctx, req.(*MetadataRequest))
}
return interceptor(ctx, in, info, handler)
}
// ExternalJWTSigner_ServiceDesc is the grpc.ServiceDesc for ExternalJWTSigner service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
var ExternalJWTSigner_ServiceDesc = grpc.ServiceDesc{
ServiceName: "v1.ExternalJWTSigner",
HandlerType: (*ExternalJWTSignerServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "Sign",
Handler: _ExternalJWTSigner_Sign_Handler,
},
{
MethodName: "FetchKeys",
Handler: _ExternalJWTSigner_FetchKeys_Handler,
},
{
MethodName: "Metadata",
Handler: _ExternalJWTSigner_Metadata_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "staging/src/k8s.io/externaljwt/apis/v1/api.proto",
}

839
staging/src/k8s.io/externaljwt/apis/v1alpha1/api.pb.go
View File

@@ -14,74 +14,95 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: api.proto
//
//Copyright 2024 The Kubernetes Authors.
//
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
// To regenerate api.pb.go run `hack/update-codegen.sh protobindings`
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.36.4
// protoc v4.23.4
// source: staging/src/k8s.io/externaljwt/apis/v1alpha1/api.proto
package v1alpha1
import (
context "context"
fmt "fmt"
proto "github.com/gogo/protobuf/proto"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
timestamppb "google.golang.org/protobuf/types/known/timestamppb"
math "math"
reflect "reflect"
sync "sync"
unsafe "unsafe"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
type SignJWTRequest struct {
state protoimpl.MessageState `protogen:"open.v1"`
// URL-safe base64 wrapped payload to be signed.
// Exactly as it appears in the second segment of the JWT
Claims string `protobuf:"bytes,1,opt,name=claims,proto3" json:"claims,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
Claims string `protobuf:"bytes,1,opt,name=claims,proto3" json:"claims,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (m *SignJWTRequest) Reset() { *m = SignJWTRequest{} }
func (m *SignJWTRequest) String() string { return proto.CompactTextString(m) }
func (*SignJWTRequest) ProtoMessage() {}
func (x *SignJWTRequest) Reset() {
*x = SignJWTRequest{}
mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *SignJWTRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SignJWTRequest) ProtoMessage() {}
func (x *SignJWTRequest) ProtoReflect() protoreflect.Message {
mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[0]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SignJWTRequest.ProtoReflect.Descriptor instead.
func (*SignJWTRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_00212fb1f9d3bf1c, []int{0}
}
func (m *SignJWTRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_SignJWTRequest.Unmarshal(m, b)
}
func (m *SignJWTRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_SignJWTRequest.Marshal(b, m, deterministic)
}
func (m *SignJWTRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_SignJWTRequest.Merge(m, src)
}
func (m *SignJWTRequest) XXX_Size() int {
return xxx_messageInfo_SignJWTRequest.Size(m)
}
func (m *SignJWTRequest) XXX_DiscardUnknown() {
xxx_messageInfo_SignJWTRequest.DiscardUnknown(m)
return file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescGZIP(), []int{0}
}
var xxx_messageInfo_SignJWTRequest proto.InternalMessageInfo
func (m *SignJWTRequest) GetClaims() string {
if m != nil {
return m.Claims
func (x *SignJWTRequest) GetClaims() string {
if x != nil {
return x.Claims
}
return ""
}
type SignJWTResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
// header must contain only alg, kid, typ claims.
// typ must be “JWT”.
// kid must be non-empty, <=1024 characters, and its corresponding public key should not be excluded from OIDC discovery.
@@ -91,140 +112,158 @@ type SignJWTResponse struct {
Header string `protobuf:"bytes,1,opt,name=header,proto3" json:"header,omitempty"`
// The signature for the JWT.
// Already wrapped in URL-safe base64, exactly as it appears in the final segment of the JWT.
Signature string `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
Signature string `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (m *SignJWTResponse) Reset() { *m = SignJWTResponse{} }
func (m *SignJWTResponse) String() string { return proto.CompactTextString(m) }
func (*SignJWTResponse) ProtoMessage() {}
func (x *SignJWTResponse) Reset() {
*x = SignJWTResponse{}
mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *SignJWTResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SignJWTResponse) ProtoMessage() {}
func (x *SignJWTResponse) ProtoReflect() protoreflect.Message {
mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[1]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SignJWTResponse.ProtoReflect.Descriptor instead.
func (*SignJWTResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_00212fb1f9d3bf1c, []int{1}
}
func (m *SignJWTResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_SignJWTResponse.Unmarshal(m, b)
}
func (m *SignJWTResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_SignJWTResponse.Marshal(b, m, deterministic)
}
func (m *SignJWTResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_SignJWTResponse.Merge(m, src)
}
func (m *SignJWTResponse) XXX_Size() int {
return xxx_messageInfo_SignJWTResponse.Size(m)
}
func (m *SignJWTResponse) XXX_DiscardUnknown() {
xxx_messageInfo_SignJWTResponse.DiscardUnknown(m)
return file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescGZIP(), []int{1}
}
var xxx_messageInfo_SignJWTResponse proto.InternalMessageInfo
func (m *SignJWTResponse) GetHeader() string {
if m != nil {
return m.Header
func (x *SignJWTResponse) GetHeader() string {
if x != nil {
return x.Header
}
return ""
}
func (m *SignJWTResponse) GetSignature() string {
if m != nil {
return m.Signature
func (x *SignJWTResponse) GetSignature() string {
if x != nil {
return x.Signature
}
return ""
}
type FetchKeysRequest struct {
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (m *FetchKeysRequest) Reset() { *m = FetchKeysRequest{} }
func (m *FetchKeysRequest) String() string { return proto.CompactTextString(m) }
func (*FetchKeysRequest) ProtoMessage() {}
func (x *FetchKeysRequest) Reset() {
*x = FetchKeysRequest{}
mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *FetchKeysRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*FetchKeysRequest) ProtoMessage() {}
func (x *FetchKeysRequest) ProtoReflect() protoreflect.Message {
mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[2]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use FetchKeysRequest.ProtoReflect.Descriptor instead.
func (*FetchKeysRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_00212fb1f9d3bf1c, []int{2}
return file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescGZIP(), []int{2}
}
func (m *FetchKeysRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_FetchKeysRequest.Unmarshal(m, b)
}
func (m *FetchKeysRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_FetchKeysRequest.Marshal(b, m, deterministic)
}
func (m *FetchKeysRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_FetchKeysRequest.Merge(m, src)
}
func (m *FetchKeysRequest) XXX_Size() int {
return xxx_messageInfo_FetchKeysRequest.Size(m)
}
func (m *FetchKeysRequest) XXX_DiscardUnknown() {
xxx_messageInfo_FetchKeysRequest.DiscardUnknown(m)
}
var xxx_messageInfo_FetchKeysRequest proto.InternalMessageInfo
type FetchKeysResponse struct {
Keys []*Key `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"`
state protoimpl.MessageState `protogen:"open.v1"`
Keys []*Key `protobuf:"bytes,1,rep,name=keys,proto3" json:"keys,omitempty"`
// The timestamp when this data was pulled from the authoritative source of
// truth for verification keys.
// kube-apiserver can export this from metrics, to enable end-to-end SLOs.
DataTimestamp *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=data_timestamp,json=dataTimestamp,proto3" json:"data_timestamp,omitempty"`
// refresh interval for verification keys to pick changes if any.
// any value <= 0 is considered a misconfiguration.
RefreshHintSeconds int64 `protobuf:"varint,3,opt,name=refresh_hint_seconds,json=refreshHintSeconds,proto3" json:"refresh_hint_seconds,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
RefreshHintSeconds int64 `protobuf:"varint,3,opt,name=refresh_hint_seconds,json=refreshHintSeconds,proto3" json:"refresh_hint_seconds,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (m *FetchKeysResponse) Reset() { *m = FetchKeysResponse{} }
func (m *FetchKeysResponse) String() string { return proto.CompactTextString(m) }
func (*FetchKeysResponse) ProtoMessage() {}
func (x *FetchKeysResponse) Reset() {
*x = FetchKeysResponse{}
mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *FetchKeysResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*FetchKeysResponse) ProtoMessage() {}
func (x *FetchKeysResponse) ProtoReflect() protoreflect.Message {
mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[3]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use FetchKeysResponse.ProtoReflect.Descriptor instead.
func (*FetchKeysResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_00212fb1f9d3bf1c, []int{3}
}
func (m *FetchKeysResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_FetchKeysResponse.Unmarshal(m, b)
}
func (m *FetchKeysResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_FetchKeysResponse.Marshal(b, m, deterministic)
}
func (m *FetchKeysResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_FetchKeysResponse.Merge(m, src)
}
func (m *FetchKeysResponse) XXX_Size() int {
return xxx_messageInfo_FetchKeysResponse.Size(m)
}
func (m *FetchKeysResponse) XXX_DiscardUnknown() {
xxx_messageInfo_FetchKeysResponse.DiscardUnknown(m)
return file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescGZIP(), []int{3}
}
var xxx_messageInfo_FetchKeysResponse proto.InternalMessageInfo
func (m *FetchKeysResponse) GetKeys() []*Key {
if m != nil {
return m.Keys
func (x *FetchKeysResponse) GetKeys() []*Key {
if x != nil {
return x.Keys
}
return nil
}
func (m *FetchKeysResponse) GetDataTimestamp() *timestamppb.Timestamp {
if m != nil {
return m.DataTimestamp
func (x *FetchKeysResponse) GetDataTimestamp() *timestamppb.Timestamp {
if x != nil {
return x.DataTimestamp
}
return nil
}
func (m *FetchKeysResponse) GetRefreshHintSeconds() int64 {
if m != nil {
return m.RefreshHintSeconds
func (x *FetchKeysResponse) GetRefreshHintSeconds() int64 {
if x != nil {
return x.RefreshHintSeconds
}
return 0
}
type Key struct {
state protoimpl.MessageState `protogen:"open.v1"`
// A unique identifier for this key.
// Length must be <=1024.
KeyId string `protobuf:"bytes,1,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
@@ -235,88 +274,100 @@ type Key struct {
// eg: supported keys for legacy tokens.
// If set, key is used for verification but excluded from OIDC discovery docs.
// if set, external signer should not use this key to sign a JWT.
ExcludeFromOidcDiscovery bool `protobuf:"varint,3,opt,name=exclude_from_oidc_discovery,json=excludeFromOidcDiscovery,proto3" json:"exclude_from_oidc_discovery,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
ExcludeFromOidcDiscovery bool `protobuf:"varint,3,opt,name=exclude_from_oidc_discovery,json=excludeFromOidcDiscovery,proto3" json:"exclude_from_oidc_discovery,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (m *Key) Reset() { *m = Key{} }
func (m *Key) String() string { return proto.CompactTextString(m) }
func (*Key) ProtoMessage() {}
func (x *Key) Reset() {
*x = Key{}
mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[4]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *Key) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*Key) ProtoMessage() {}
func (x *Key) ProtoReflect() protoreflect.Message {
mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[4]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use Key.ProtoReflect.Descriptor instead.
func (*Key) Descriptor() ([]byte, []int) {
return fileDescriptor_00212fb1f9d3bf1c, []int{4}
}
func (m *Key) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_Key.Unmarshal(m, b)
}
func (m *Key) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_Key.Marshal(b, m, deterministic)
}
func (m *Key) XXX_Merge(src proto.Message) {
xxx_messageInfo_Key.Merge(m, src)
}
func (m *Key) XXX_Size() int {
return xxx_messageInfo_Key.Size(m)
}
func (m *Key) XXX_DiscardUnknown() {
xxx_messageInfo_Key.DiscardUnknown(m)
return file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescGZIP(), []int{4}
}
var xxx_messageInfo_Key proto.InternalMessageInfo
func (m *Key) GetKeyId() string {
if m != nil {
return m.KeyId
func (x *Key) GetKeyId() string {
if x != nil {
return x.KeyId
}
return ""
}
func (m *Key) GetKey() []byte {
if m != nil {
return m.Key
func (x *Key) GetKey() []byte {
if x != nil {
return x.Key
}
return nil
}
func (m *Key) GetExcludeFromOidcDiscovery() bool {
if m != nil {
return m.ExcludeFromOidcDiscovery
func (x *Key) GetExcludeFromOidcDiscovery() bool {
if x != nil {
return x.ExcludeFromOidcDiscovery
}
return false
}
type MetadataRequest struct {
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
state protoimpl.MessageState `protogen:"open.v1"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (m *MetadataRequest) Reset() { *m = MetadataRequest{} }
func (m *MetadataRequest) String() string { return proto.CompactTextString(m) }
func (*MetadataRequest) ProtoMessage() {}
func (x *MetadataRequest) Reset() {
*x = MetadataRequest{}
mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[5]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *MetadataRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*MetadataRequest) ProtoMessage() {}
func (x *MetadataRequest) ProtoReflect() protoreflect.Message {
mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[5]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use MetadataRequest.ProtoReflect.Descriptor instead.
func (*MetadataRequest) Descriptor() ([]byte, []int) {
return fileDescriptor_00212fb1f9d3bf1c, []int{5}
return file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescGZIP(), []int{5}
}
func (m *MetadataRequest) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MetadataRequest.Unmarshal(m, b)
}
func (m *MetadataRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_MetadataRequest.Marshal(b, m, deterministic)
}
func (m *MetadataRequest) XXX_Merge(src proto.Message) {
xxx_messageInfo_MetadataRequest.Merge(m, src)
}
func (m *MetadataRequest) XXX_Size() int {
return xxx_messageInfo_MetadataRequest.Size(m)
}
func (m *MetadataRequest) XXX_DiscardUnknown() {
xxx_messageInfo_MetadataRequest.DiscardUnknown(m)
}
var xxx_messageInfo_MetadataRequest proto.InternalMessageInfo
type MetadataResponse struct {
state protoimpl.MessageState `protogen:"open.v1"`
// used by kube-apiserver for defaulting/validation of JWT lifetime while accounting for configuration flag values:
// 1. `--service-account-max-token-expiration`
// 2. `--service-account-extend-token-expiration`
@@ -326,268 +377,168 @@ type MetadataResponse struct {
// * If `--service-account-extend-token-expiration` is true, the extended expiration is `min(1 year, max_token_expiration_seconds)`.
//
// `max_token_expiration_seconds` must be at least 600s.
MaxTokenExpirationSeconds int64 `protobuf:"varint,1,opt,name=max_token_expiration_seconds,json=maxTokenExpirationSeconds,proto3" json:"max_token_expiration_seconds,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
MaxTokenExpirationSeconds int64 `protobuf:"varint,1,opt,name=max_token_expiration_seconds,json=maxTokenExpirationSeconds,proto3" json:"max_token_expiration_seconds,omitempty"`
unknownFields protoimpl.UnknownFields
sizeCache protoimpl.SizeCache
}
func (m *MetadataResponse) Reset() { *m = MetadataResponse{} }
func (m *MetadataResponse) String() string { return proto.CompactTextString(m) }
func (*MetadataResponse) ProtoMessage() {}
func (x *MetadataResponse) Reset() {
*x = MetadataResponse{}
mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[6]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
func (x *MetadataResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*MetadataResponse) ProtoMessage() {}
func (x *MetadataResponse) ProtoReflect() protoreflect.Message {
mi := &file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes[6]
if x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use MetadataResponse.ProtoReflect.Descriptor instead.
func (*MetadataResponse) Descriptor() ([]byte, []int) {
return fileDescriptor_00212fb1f9d3bf1c, []int{6}
}
func (m *MetadataResponse) XXX_Unmarshal(b []byte) error {
return xxx_messageInfo_MetadataResponse.Unmarshal(m, b)
}
func (m *MetadataResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
return xxx_messageInfo_MetadataResponse.Marshal(b, m, deterministic)
}
func (m *MetadataResponse) XXX_Merge(src proto.Message) {
xxx_messageInfo_MetadataResponse.Merge(m, src)
}
func (m *MetadataResponse) XXX_Size() int {
return xxx_messageInfo_MetadataResponse.Size(m)
}
func (m *MetadataResponse) XXX_DiscardUnknown() {
xxx_messageInfo_MetadataResponse.DiscardUnknown(m)
return file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescGZIP(), []int{6}
}
var xxx_messageInfo_MetadataResponse proto.InternalMessageInfo
func (m *MetadataResponse) GetMaxTokenExpirationSeconds() int64 {
if m != nil {
return m.MaxTokenExpirationSeconds
func (x *MetadataResponse) GetMaxTokenExpirationSeconds() int64 {
if x != nil {
return x.MaxTokenExpirationSeconds
}
return 0
}
func init() {
proto.RegisterType((*SignJWTRequest)(nil), "v1alpha1.SignJWTRequest")
proto.RegisterType((*SignJWTResponse)(nil), "v1alpha1.SignJWTResponse")
proto.RegisterType((*FetchKeysRequest)(nil), "v1alpha1.FetchKeysRequest")
proto.RegisterType((*FetchKeysResponse)(nil), "v1alpha1.FetchKeysResponse")
proto.RegisterType((*Key)(nil), "v1alpha1.Key")
proto.RegisterType((*MetadataRequest)(nil), "v1alpha1.MetadataRequest")
proto.RegisterType((*MetadataResponse)(nil), "v1alpha1.MetadataResponse")
var File_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto protoreflect.FileDescriptor
var file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDesc = string([]byte{
0x0a, 0x36, 0x73, 0x74, 0x61, 0x67, 0x69, 0x6e, 0x67, 0x2f, 0x73, 0x72, 0x63, 0x2f, 0x6b, 0x38,
0x73, 0x2e, 0x69, 0x6f, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x6a, 0x77, 0x74,
0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x61,
0x70, 0x69, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x08, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
0x61, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f,
0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72,
0x6f, 0x74, 0x6f, 0x22, 0x28, 0x0a, 0x0e, 0x53, 0x69, 0x67, 0x6e, 0x4a, 0x57, 0x54, 0x52, 0x65,
0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x18,
0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x22, 0x47, 0x0a,
0x0f, 0x53, 0x69, 0x67, 0x6e, 0x4a, 0x57, 0x54, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
0x12, 0x16, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e,
0x61, 0x74, 0x75, 0x72, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x73, 0x69, 0x67,
0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x22, 0x12, 0x0a, 0x10, 0x46, 0x65, 0x74, 0x63, 0x68, 0x4b,
0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xab, 0x01, 0x0a, 0x11, 0x46,
0x65, 0x74, 0x63, 0x68, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65,
0x12, 0x21, 0x0a, 0x04, 0x6b, 0x65, 0x79, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x0d,
0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x04, 0x6b,
0x65, 0x79, 0x73, 0x12, 0x41, 0x0a, 0x0e, 0x64, 0x61, 0x74, 0x61, 0x5f, 0x74, 0x69, 0x6d, 0x65,
0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f,
0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69,
0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0d, 0x64, 0x61, 0x74, 0x61, 0x54, 0x69, 0x6d,
0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x30, 0x0a, 0x14, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73,
0x68, 0x5f, 0x68, 0x69, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x03,
0x20, 0x01, 0x28, 0x03, 0x52, 0x12, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x48, 0x69, 0x6e,
0x74, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x22, 0x6d, 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x12,
0x15, 0x0a, 0x06, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
0x05, 0x6b, 0x65, 0x79, 0x49, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20,
0x01, 0x28, 0x0c, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3d, 0x0a, 0x1b, 0x65, 0x78, 0x63, 0x6c,
0x75, 0x64, 0x65, 0x5f, 0x66, 0x72, 0x6f, 0x6d, 0x5f, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x64, 0x69,
0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x18, 0x65,
0x78, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x46, 0x72, 0x6f, 0x6d, 0x4f, 0x69, 0x64, 0x63, 0x44, 0x69,
0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79, 0x22, 0x11, 0x0a, 0x0f, 0x4d, 0x65, 0x74, 0x61, 0x64,
0x61, 0x74, 0x61, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x53, 0x0a, 0x10, 0x4d, 0x65,
0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f,
0x0a, 0x1c, 0x6d, 0x61, 0x78, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x65, 0x78, 0x70, 0x69,
0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x01,
0x20, 0x01, 0x28, 0x03, 0x52, 0x19, 0x6d, 0x61, 0x78, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x45, 0x78,
0x70, 0x69, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x32,
0xdf, 0x01, 0x0a, 0x11, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x4a, 0x57, 0x54, 0x53,
0x69, 0x67, 0x6e, 0x65, 0x72, 0x12, 0x3d, 0x0a, 0x04, 0x53, 0x69, 0x67, 0x6e, 0x12, 0x18, 0x2e,
0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x4a, 0x57, 0x54,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x19, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68,
0x61, 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x4a, 0x57, 0x54, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
0x73, 0x65, 0x22, 0x00, 0x12, 0x46, 0x0a, 0x09, 0x46, 0x65, 0x74, 0x63, 0x68, 0x4b, 0x65, 0x79,
0x73, 0x12, 0x1a, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x46, 0x65, 0x74,
0x63, 0x68, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1b, 0x2e,
0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x46, 0x65, 0x74, 0x63, 0x68, 0x4b, 0x65,
0x79, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x43, 0x0a, 0x08,
0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x19, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70,
0x68, 0x61, 0x31, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x1a, 0x1a, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x4d,
0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22,
0x00, 0x42, 0x22, 0x5a, 0x20, 0x6b, 0x38, 0x73, 0x2e, 0x69, 0x6f, 0x2f, 0x65, 0x78, 0x74, 0x65,
0x72, 0x6e, 0x61, 0x6c, 0x6a, 0x77, 0x74, 0x2f, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x61,
0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
})
var (
file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescOnce sync.Once
file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescData []byte
)
func file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescGZIP() []byte {
file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescOnce.Do(func() {
file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescData = protoimpl.X.CompressGZIP(unsafe.Slice(unsafe.StringData(file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDesc), len(file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDesc)))
})
return file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDescData
}
func init() { proto.RegisterFile("api.proto", fileDescriptor_00212fb1f9d3bf1c) }
var fileDescriptor_00212fb1f9d3bf1c = []byte{
// 483 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x6c, 0x92, 0xcd, 0x6e, 0xd3, 0x40,
0x10, 0xc7, 0x31, 0x29, 0x51, 0x32, 0xa5, 0x6d, 0xb2, 0x02, 0xe4, 0xba, 0x95, 0x08, 0x3e, 0xe5,
0x64, 0xd3, 0x70, 0xe1, 0x52, 0x21, 0x3e, 0x1a, 0xa0, 0x11, 0x42, 0x72, 0x22, 0x55, 0xe2, 0x62,
0x6d, 0xed, 0x49, 0xbc, 0xf8, 0x63, 0xcd, 0xee, 0xa6, 0xd8, 0xcf, 0xc4, 0x43, 0xf1, 0x2a, 0xc8,
0x1f, 0xeb, 0x94, 0x2a, 0xb7, 0xdd, 0xf9, 0xff, 0x77, 0x66, 0x7e, 0xb3, 0x03, 0x43, 0x9a, 0x33,
0x27, 0x17, 0x5c, 0x71, 0x32, 0xb8, 0xbb, 0xa0, 0x49, 0x1e, 0xd1, 0x0b, 0xeb, 0xe5, 0x86, 0xf3,
0x4d, 0x82, 0x6e, 0x1d, 0xbf, 0xdd, 0xae, 0x5d, 0xc5, 0x52, 0x94, 0x8a, 0xa6, 0x79, 0x63, 0xb5,
0xa7, 0x70, 0xbc, 0x64, 0x9b, 0xec, 0xfa, 0x66, 0xe5, 0xe1, 0xaf, 0x2d, 0x4a, 0x45, 0x5e, 0x40,
0x3f, 0x48, 0x28, 0x4b, 0xa5, 0x69, 0x4c, 0x8c, 0xe9, 0xd0, 0x6b, 0x6f, 0xf6, 0x67, 0x38, 0xe9,
0x9c, 0x32, 0xe7, 0x99, 0xc4, 0xca, 0x1a, 0x21, 0x0d, 0x51, 0x68, 0x6b, 0x73, 0x23, 0xe7, 0x30,
0x94, 0x6c, 0x93, 0x51, 0xb5, 0x15, 0x68, 0x3e, 0xae, 0xa5, 0x5d, 0xc0, 0x26, 0x30, 0x9a, 0xa3,
0x0a, 0xa2, 0x05, 0x96, 0xb2, 0x2d, 0x6a, 0xff, 0x31, 0x60, 0x7c, 0x2f, 0xd8, 0xe6, 0x7f, 0x05,
0x07, 0x31, 0x96, 0x55, 0x23, 0xbd, 0xe9, 0xe1, 0xec, 0xc8, 0xd1, 0x58, 0xce, 0x02, 0x4b, 0xaf,
0x96, 0xc8, 0x7b, 0x38, 0x0e, 0xa9, 0xa2, 0x7e, 0xc7, 0x55, 0xd7, 0x3b, 0x9c, 0x59, 0x4e, 0x43,
0xee, 0x68, 0x72, 0x67, 0xa5, 0x1d, 0xde, 0x51, 0xf5, 0xa2, 0xbb, 0x92, 0xd7, 0xf0, 0x4c, 0xe0,
0x5a, 0xa0, 0x8c, 0xfc, 0x88, 0x65, 0xca, 0x97, 0x18, 0xf0, 0x2c, 0x94, 0x66, 0x6f, 0x62, 0x4c,
0x7b, 0x1e, 0x69, 0xb5, 0x2f, 0x2c, 0x53, 0xcb, 0x46, 0xb1, 0x53, 0xe8, 0x2d, 0xb0, 0x24, 0xcf,
0xa1, 0x1f, 0x63, 0xe9, 0xb3, 0xb0, 0xc5, 0x7f, 0x12, 0x63, 0xf9, 0x35, 0x24, 0x23, 0xe8, 0xc5,
0x58, 0xd6, 0x7d, 0x3c, 0xf5, 0xaa, 0x23, 0xb9, 0x84, 0x33, 0x2c, 0x82, 0x64, 0x1b, 0xa2, 0xbf,
0x16, 0x3c, 0xf5, 0x39, 0x0b, 0x03, 0x3f, 0x64, 0x32, 0xe0, 0x77, 0x28, 0xca, 0xba, 0xd0, 0xc0,
0x33, 0x5b, 0xcb, 0x5c, 0xf0, 0xf4, 0x3b, 0x0b, 0x83, 0x4f, 0x5a, 0xb7, 0xc7, 0x70, 0xf2, 0x0d,
0x15, 0xad, 0xba, 0xd6, 0xf3, 0x5a, 0xc2, 0x68, 0x17, 0x6a, 0xa7, 0xf5, 0x0e, 0xce, 0x53, 0x5a,
0xf8, 0x8a, 0xc7, 0x98, 0xf9, 0x58, 0xe4, 0x4c, 0x50, 0xc5, 0x78, 0xd6, 0xf1, 0x18, 0x35, 0xcf,
0x69, 0x4a, 0x8b, 0x55, 0x65, 0xb9, 0xea, 0x1c, 0x2d, 0xd6, 0xec, 0xaf, 0x01, 0xe3, 0xab, 0x42,
0xa1, 0xc8, 0x68, 0x72, 0x7d, 0xb3, 0xaa, 0x7e, 0x1b, 0x05, 0xb9, 0x84, 0x83, 0xea, 0x44, 0xcc,
0xdd, 0xf8, 0xff, 0xdf, 0x18, 0xeb, 0x74, 0x8f, 0xd2, 0xf4, 0x64, 0x3f, 0x22, 0x73, 0x18, 0x76,
0x1f, 0x4b, 0xac, 0x9d, 0xf3, 0xe1, 0x0a, 0x58, 0x67, 0x7b, 0xb5, 0x2e, 0xcf, 0x47, 0x18, 0x68,
0x62, 0x72, 0xaf, 0xe0, 0x83, 0xc1, 0x58, 0xd6, 0x3e, 0x49, 0x27, 0xf9, 0x60, 0xff, 0x98, 0xc4,
0x6f, 0xa5, 0xc3, 0xb8, 0x8b, 0x2d, 0xe7, 0xcf, 0xdf, 0xca, 0xa5, 0x39, 0x93, 0xae, 0x7e, 0x76,
0xdb, 0xaf, 0x37, 0xe6, 0xcd, 0xbf, 0x00, 0x00, 0x00, 0xff, 0xff, 0x90, 0x1b, 0xfb, 0x90, 0x50,
0x03, 0x00, 0x00,
var file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes = make([]protoimpl.MessageInfo, 7)
var file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_goTypes = []any{
(*SignJWTRequest)(nil), // 0: v1alpha1.SignJWTRequest
(*SignJWTResponse)(nil), // 1: v1alpha1.SignJWTResponse
(*FetchKeysRequest)(nil), // 2: v1alpha1.FetchKeysRequest
(*FetchKeysResponse)(nil), // 3: v1alpha1.FetchKeysResponse
(*Key)(nil), // 4: v1alpha1.Key
(*MetadataRequest)(nil), // 5: v1alpha1.MetadataRequest
(*MetadataResponse)(nil), // 6: v1alpha1.MetadataResponse
(*timestamppb.Timestamp)(nil), // 7: google.protobuf.Timestamp
}
var file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_depIdxs = []int32{
4, // 0: v1alpha1.FetchKeysResponse.keys:type_name -> v1alpha1.Key
7, // 1: v1alpha1.FetchKeysResponse.data_timestamp:type_name -> google.protobuf.Timestamp
0, // 2: v1alpha1.ExternalJWTSigner.Sign:input_type -> v1alpha1.SignJWTRequest
2, // 3: v1alpha1.ExternalJWTSigner.FetchKeys:input_type -> v1alpha1.FetchKeysRequest
5, // 4: v1alpha1.ExternalJWTSigner.Metadata:input_type -> v1alpha1.MetadataRequest
1, // 5: v1alpha1.ExternalJWTSigner.Sign:output_type -> v1alpha1.SignJWTResponse
3, // 6: v1alpha1.ExternalJWTSigner.FetchKeys:output_type -> v1alpha1.FetchKeysResponse
6, // 7: v1alpha1.ExternalJWTSigner.Metadata:output_type -> v1alpha1.MetadataResponse
5, // [5:8] is the sub-list for method output_type
2, // [2:5] is the sub-list for method input_type
2, // [2:2] is the sub-list for extension type_name
2, // [2:2] is the sub-list for extension extendee
0, // [0:2] is the sub-list for field type_name
}
// Reference imports to suppress errors if they are not otherwise used.
var _ context.Context
var _ grpc.ClientConn
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
const _ = grpc.SupportPackageIsVersion4
// ExternalJWTSignerClient is the client API for ExternalJWTSigner service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
type ExternalJWTSignerClient interface {
// Sign takes a serialized JWT payload, and returns the serialized header and
// signature. The caller can then assemble the JWT from the header, payload,
// and signature. Signature can be generated by signing
// `base64url(header) + "." + base64url(payload)` with signing key.
//
// The plugin MUST set a key id in the returned JWT header.
Sign(ctx context.Context, in *SignJWTRequest, opts ...grpc.CallOption) (*SignJWTResponse, error)
// FetchKeys returns the set of public keys that are trusted to sign
// Kubernetes service account tokens. Kube-apiserver will call this RPC:
//
// * Every time it tries to validate a JWT from the service account issuer with an unknown key ID, and
//
// - Periodically, so it can serve reasonably-up-to-date keys from the OIDC
// JWKs endpoint.
FetchKeys(ctx context.Context, in *FetchKeysRequest, opts ...grpc.CallOption) (*FetchKeysResponse, error)
// Metadata is meant to be called once on startup.
// Enables sharing metadata with kube-apiserver (eg: the max token lifetime that signer supports)
Metadata(ctx context.Context, in *MetadataRequest, opts ...grpc.CallOption) (*MetadataResponse, error)
}
type externalJWTSignerClient struct {
cc *grpc.ClientConn
}
func NewExternalJWTSignerClient(cc *grpc.ClientConn) ExternalJWTSignerClient {
return &externalJWTSignerClient{cc}
}
func (c *externalJWTSignerClient) Sign(ctx context.Context, in *SignJWTRequest, opts ...grpc.CallOption) (*SignJWTResponse, error) {
out := new(SignJWTResponse)
err := c.cc.Invoke(ctx, "/v1alpha1.ExternalJWTSigner/Sign", in, out, opts...)
if err != nil {
return nil, err
func init() { file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_init() }
func file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_init() {
if File_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto != nil {
return
}
return out, nil
}
func (c *externalJWTSignerClient) FetchKeys(ctx context.Context, in *FetchKeysRequest, opts ...grpc.CallOption) (*FetchKeysResponse, error) {
out := new(FetchKeysResponse)
err := c.cc.Invoke(ctx, "/v1alpha1.ExternalJWTSigner/FetchKeys", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *externalJWTSignerClient) Metadata(ctx context.Context, in *MetadataRequest, opts ...grpc.CallOption) (*MetadataResponse, error) {
out := new(MetadataResponse)
err := c.cc.Invoke(ctx, "/v1alpha1.ExternalJWTSigner/Metadata", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// ExternalJWTSignerServer is the server API for ExternalJWTSigner service.
type ExternalJWTSignerServer interface {
// Sign takes a serialized JWT payload, and returns the serialized header and
// signature. The caller can then assemble the JWT from the header, payload,
// and signature. Signature can be generated by signing
// `base64url(header) + "." + base64url(payload)` with signing key.
//
// The plugin MUST set a key id in the returned JWT header.
Sign(context.Context, *SignJWTRequest) (*SignJWTResponse, error)
// FetchKeys returns the set of public keys that are trusted to sign
// Kubernetes service account tokens. Kube-apiserver will call this RPC:
//
// * Every time it tries to validate a JWT from the service account issuer with an unknown key ID, and
//
// - Periodically, so it can serve reasonably-up-to-date keys from the OIDC
// JWKs endpoint.
FetchKeys(context.Context, *FetchKeysRequest) (*FetchKeysResponse, error)
// Metadata is meant to be called once on startup.
// Enables sharing metadata with kube-apiserver (eg: the max token lifetime that signer supports)
Metadata(context.Context, *MetadataRequest) (*MetadataResponse, error)
}
// UnimplementedExternalJWTSignerServer can be embedded to have forward compatible implementations.
type UnimplementedExternalJWTSignerServer struct {
}
func (*UnimplementedExternalJWTSignerServer) Sign(ctx context.Context, req *SignJWTRequest) (*SignJWTResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Sign not implemented")
}
func (*UnimplementedExternalJWTSignerServer) FetchKeys(ctx context.Context, req *FetchKeysRequest) (*FetchKeysResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method FetchKeys not implemented")
}
func (*UnimplementedExternalJWTSignerServer) Metadata(ctx context.Context, req *MetadataRequest) (*MetadataResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Metadata not implemented")
}
func RegisterExternalJWTSignerServer(s *grpc.Server, srv ExternalJWTSignerServer) {
s.RegisterService(&_ExternalJWTSigner_serviceDesc, srv)
}
func _ExternalJWTSigner_Sign_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(SignJWTRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(ExternalJWTSignerServer).Sign(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/v1alpha1.ExternalJWTSigner/Sign",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(ExternalJWTSignerServer).Sign(ctx, req.(*SignJWTRequest))
}
return interceptor(ctx, in, info, handler)
}
func _ExternalJWTSigner_FetchKeys_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(FetchKeysRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(ExternalJWTSignerServer).FetchKeys(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/v1alpha1.ExternalJWTSigner/FetchKeys",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(ExternalJWTSignerServer).FetchKeys(ctx, req.(*FetchKeysRequest))
}
return interceptor(ctx, in, info, handler)
}
func _ExternalJWTSigner_Metadata_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(MetadataRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(ExternalJWTSignerServer).Metadata(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/v1alpha1.ExternalJWTSigner/Metadata",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(ExternalJWTSignerServer).Metadata(ctx, req.(*MetadataRequest))
}
return interceptor(ctx, in, info, handler)
}
var _ExternalJWTSigner_serviceDesc = grpc.ServiceDesc{
ServiceName: "v1alpha1.ExternalJWTSigner",
HandlerType: (*ExternalJWTSignerServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "Sign",
Handler: _ExternalJWTSigner_Sign_Handler,
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: unsafe.Slice(unsafe.StringData(file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDesc), len(file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_rawDesc)),
NumEnums: 0,
NumMessages: 7,
NumExtensions: 0,
NumServices: 1,
},
{
MethodName: "FetchKeys",
Handler: _ExternalJWTSigner_FetchKeys_Handler,
},
{
MethodName: "Metadata",
Handler: _ExternalJWTSigner_Metadata_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "api.proto",
GoTypes: file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_goTypes,
DependencyIndexes: file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_depIdxs,
MessageInfos: file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_msgTypes,
}.Build()
File_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto = out.File
file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_goTypes = nil
file_staging_src_k8s_io_externaljwt_apis_v1alpha1_api_proto_depIdxs = nil
}

264
staging/src/k8s.io/externaljwt/apis/v1alpha1/api_grpc.pb.go Normal file
View File

@@ -0,0 +1,264 @@
/*
Copyright The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
//
//Copyright 2024 The Kubernetes Authors.
//
//Licensed under the Apache License, Version 2.0 (the "License");
//you may not use this file except in compliance with the License.
//You may obtain a copy of the License at
//
//http://www.apache.org/licenses/LICENSE-2.0
//
//Unless required by applicable law or agreed to in writing, software
//distributed under the License is distributed on an "AS IS" BASIS,
//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
//See the License for the specific language governing permissions and
//limitations under the License.
// To regenerate api.pb.go run `hack/update-codegen.sh protobindings`
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
// - protoc-gen-go-grpc v1.5.1
// - protoc v4.23.4
// source: staging/src/k8s.io/externaljwt/apis/v1alpha1/api.proto
package v1alpha1
import (
context "context"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
)
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
// Requires gRPC-Go v1.64.0 or later.
const _ = grpc.SupportPackageIsVersion9
const (
ExternalJWTSigner_Sign_FullMethodName = "/v1alpha1.ExternalJWTSigner/Sign"
ExternalJWTSigner_FetchKeys_FullMethodName = "/v1alpha1.ExternalJWTSigner/FetchKeys"
ExternalJWTSigner_Metadata_FullMethodName = "/v1alpha1.ExternalJWTSigner/Metadata"
)
// ExternalJWTSignerClient is the client API for ExternalJWTSigner service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
//
// This service is served by a process on a local Unix Domain Socket.
type ExternalJWTSignerClient interface {
// Sign takes a serialized JWT payload, and returns the serialized header and
// signature. The caller can then assemble the JWT from the header, payload,
// and signature. Signature can be generated by signing
// `base64url(header) + "." + base64url(payload)` with signing key.
//
// The plugin MUST set a key id in the returned JWT header.
Sign(ctx context.Context, in *SignJWTRequest, opts ...grpc.CallOption) (*SignJWTResponse, error)
// FetchKeys returns the set of public keys that are trusted to sign
// Kubernetes service account tokens. Kube-apiserver will call this RPC:
//
// * Every time it tries to validate a JWT from the service account issuer with an unknown key ID, and
//
// - Periodically, so it can serve reasonably-up-to-date keys from the OIDC
// JWKs endpoint.
FetchKeys(ctx context.Context, in *FetchKeysRequest, opts ...grpc.CallOption) (*FetchKeysResponse, error)
// Metadata is meant to be called once on startup.
// Enables sharing metadata with kube-apiserver (eg: the max token lifetime that signer supports)
Metadata(ctx context.Context, in *MetadataRequest, opts ...grpc.CallOption) (*MetadataResponse, error)
}
type externalJWTSignerClient struct {
cc grpc.ClientConnInterface
}
func NewExternalJWTSignerClient(cc grpc.ClientConnInterface) ExternalJWTSignerClient {
return &externalJWTSignerClient{cc}
}
func (c *externalJWTSignerClient) Sign(ctx context.Context, in *SignJWTRequest, opts ...grpc.CallOption) (*SignJWTResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(SignJWTResponse)
err := c.cc.Invoke(ctx, ExternalJWTSigner_Sign_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *externalJWTSignerClient) FetchKeys(ctx context.Context, in *FetchKeysRequest, opts ...grpc.CallOption) (*FetchKeysResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(FetchKeysResponse)
err := c.cc.Invoke(ctx, ExternalJWTSigner_FetchKeys_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *externalJWTSignerClient) Metadata(ctx context.Context, in *MetadataRequest, opts ...grpc.CallOption) (*MetadataResponse, error) {
cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
out := new(MetadataResponse)
err := c.cc.Invoke(ctx, ExternalJWTSigner_Metadata_FullMethodName, in, out, cOpts...)
if err != nil {
return nil, err
}
return out, nil
}
// ExternalJWTSignerServer is the server API for ExternalJWTSigner service.
// All implementations must embed UnimplementedExternalJWTSignerServer
// for forward compatibility.
//
// This service is served by a process on a local Unix Domain Socket.
type ExternalJWTSignerServer interface {
// Sign takes a serialized JWT payload, and returns the serialized header and
// signature. The caller can then assemble the JWT from the header, payload,
// and signature. Signature can be generated by signing
// `base64url(header) + "." + base64url(payload)` with signing key.
//
// The plugin MUST set a key id in the returned JWT header.
Sign(context.Context, *SignJWTRequest) (*SignJWTResponse, error)
// FetchKeys returns the set of public keys that are trusted to sign
// Kubernetes service account tokens. Kube-apiserver will call this RPC:
//
// * Every time it tries to validate a JWT from the service account issuer with an unknown key ID, and
//
// - Periodically, so it can serve reasonably-up-to-date keys from the OIDC
// JWKs endpoint.
FetchKeys(context.Context, *FetchKeysRequest) (*FetchKeysResponse, error)
// Metadata is meant to be called once on startup.
// Enables sharing metadata with kube-apiserver (eg: the max token lifetime that signer supports)
Metadata(context.Context, *MetadataRequest) (*MetadataResponse, error)
mustEmbedUnimplementedExternalJWTSignerServer()
}
// UnimplementedExternalJWTSignerServer must be embedded to have
// forward compatible implementations.
//
// NOTE: this should be embedded by value instead of pointer to avoid a nil
// pointer dereference when methods are called.
type UnimplementedExternalJWTSignerServer struct{}
func (UnimplementedExternalJWTSignerServer) Sign(context.Context, *SignJWTRequest) (*SignJWTResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Sign not implemented")
}
func (UnimplementedExternalJWTSignerServer) FetchKeys(context.Context, *FetchKeysRequest) (*FetchKeysResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method FetchKeys not implemented")
}
func (UnimplementedExternalJWTSignerServer) Metadata(context.Context, *MetadataRequest) (*MetadataResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Metadata not implemented")
}
func (UnimplementedExternalJWTSignerServer) mustEmbedUnimplementedExternalJWTSignerServer() {}
func (UnimplementedExternalJWTSignerServer) testEmbeddedByValue() {}
// UnsafeExternalJWTSignerServer may be embedded to opt out of forward compatibility for this service.
// Use of this interface is not recommended, as added methods to ExternalJWTSignerServer will
// result in compilation errors.
type UnsafeExternalJWTSignerServer interface {
mustEmbedUnimplementedExternalJWTSignerServer()
}
func RegisterExternalJWTSignerServer(s grpc.ServiceRegistrar, srv ExternalJWTSignerServer) {
// If the following call pancis, it indicates UnimplementedExternalJWTSignerServer was
// embedded by pointer and is nil. This will cause panics if an
// unimplemented method is ever invoked, so we test this at initialization
// time to prevent it from happening at runtime later due to I/O.
if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
t.testEmbeddedByValue()
}
s.RegisterService(&ExternalJWTSigner_ServiceDesc, srv)
}
func _ExternalJWTSigner_Sign_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(SignJWTRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(ExternalJWTSignerServer).Sign(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: ExternalJWTSigner_Sign_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(ExternalJWTSignerServer).Sign(ctx, req.(*SignJWTRequest))
}
return interceptor(ctx, in, info, handler)
}
func _ExternalJWTSigner_FetchKeys_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(FetchKeysRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(ExternalJWTSignerServer).FetchKeys(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: ExternalJWTSigner_FetchKeys_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(ExternalJWTSignerServer).FetchKeys(ctx, req.(*FetchKeysRequest))
}
return interceptor(ctx, in, info, handler)
}
func _ExternalJWTSigner_Metadata_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(MetadataRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(ExternalJWTSignerServer).Metadata(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: ExternalJWTSigner_Metadata_FullMethodName,
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(ExternalJWTSignerServer).Metadata(ctx, req.(*MetadataRequest))
}
return interceptor(ctx, in, info, handler)
}
// ExternalJWTSigner_ServiceDesc is the grpc.ServiceDesc for ExternalJWTSigner service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
var ExternalJWTSigner_ServiceDesc = grpc.ServiceDesc{
ServiceName: "v1alpha1.ExternalJWTSigner",
HandlerType: (*ExternalJWTSignerServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "Sign",
Handler: _ExternalJWTSigner_Sign_Handler,
},
{
MethodName: "FetchKeys",
Handler: _ExternalJWTSigner_FetchKeys_Handler,
},
{
MethodName: "Metadata",
Handler: _ExternalJWTSigner_Metadata_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "staging/src/k8s.io/externaljwt/apis/v1alpha1/api.proto",
}

1
staging/src/k8s.io/externaljwt/go.mod
View File

@@ -7,7 +7,6 @@ go 1.24.0
godebug default=go1.24
require (
github.com/gogo/protobuf v1.3.2
google.golang.org/grpc v1.72.1
google.golang.org/protobuf v1.36.5
)

30
staging/src/k8s.io/externaljwt/go.sum generated
View File

@@ -13,8 +13,6 @@ github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang/glog v1.2.4/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
@@ -22,15 +20,11 @@ github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/spiffe/go-spiffe/v2 v2.5.0/go.mod h1:P+NxobPc6wXhVtINNtFjNWGBTreew1GBUCwT2wPmb7g=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/zeebo/errs v1.4.0/go.mod h1:sgbWHsvVuTPHcqJJGQ1WhI5KbWlHYz+2+2C/LSEtCw4=
go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
@@ -45,43 +39,19 @@ go.opentelemetry.io/otel/sdk/metric v1.34.0 h1:5CeK9ujjbFVL5c1PhLuStg1wxA7vQv7ce
go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w=
go.opentelemetry.io/otel/trace v1.35.0 h1:dPpEfJu1sDIqruz7BHFG3c7528f6ddfSWfFDVt/xgMs=
go.opentelemetry.io/otel/trace v1.35.0/go.mod h1:WUk7DtFp1Aw2MkvqGdwiXYDZZNvA/1J8o6xRXLrIkyc=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
golang.org/x/oauth2 v0.26.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/genproto/googleapis/api v0.0.0-20250218202821-56aae31c358a/go.mod h1:3kWAYMk1I75K4vykHtKt2ycnOgpA6974V7bREqbsenU=
google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb h1:TLPQVbx1GJ8VKZxz52VAxl1EBgKXXbTiU9Fc5fZeLn4=
google.golang.org/genproto/googleapis/rpc v0.0.0-20250303144028-a0af3efb3deb/go.mod h1:LuRYeWDFV6WOn90g357N17oMCaxpgCnbi/44qJvDn2I=