diff --git a/BUILD b/BUILD index a096e2ebbb9..ef87e17ffa7 100644 --- a/BUILD +++ b/BUILD @@ -2831,6 +2831,26 @@ grpc_cc_library( ], ) +# Once upb code-gen issue is resolved, replace meshca_upb with this. +# meshca_upb_proto_library( +# name = "meshca_upb", +# deps = ["//src/proto/grpc/tls/provider/meshca:meshca_proto"], +# ) + +grpc_cc_library( + name = "meshca_upb", + srcs = [ + "src/core/ext/upb-generated/src/proto/grpc/tls/provider/meshca/meshca.upb.c", + ], + hdrs = [ + "src/core/ext/upb-generated/src/proto/grpc/tls/provider/meshca/meshca.upb.h", + ], + deps = [ + "google_api_upb", + ], + language = "c++", +) + # Once upb code-gen issue is resolved, replace alts_upb with this. # grpc_upb_proto_library( # name = "alts_upb", diff --git a/src/core/ext/upb-generated/src/proto/grpc/tls/provider/meshca/meshca.upb.c b/src/core/ext/upb-generated/src/proto/grpc/tls/provider/meshca/meshca.upb.c new file mode 100644 index 00000000000..5dc28cf857e --- /dev/null +++ b/src/core/ext/upb-generated/src/proto/grpc/tls/provider/meshca/meshca.upb.c @@ -0,0 +1,43 @@ +/* This file was generated by upbc (the upb compiler) from the input + * file: + * + * src/proto/grpc/tls/provider/meshca/meshca.proto + * + * Do not edit -- your changes will be discarded when the file is + * regenerated. */ + +#include +#include "upb/msg.h" +#include "src/proto/grpc/tls/provider/meshca/meshca.upb.h" +#include "google/protobuf/duration.upb.h" + +#include "upb/port_def.inc" + +static const upb_msglayout *const google_security_meshca_v1_MeshCertificateRequest_submsgs[1] = { + &google_protobuf_Duration_msginit, +}; + +static const upb_msglayout_field google_security_meshca_v1_MeshCertificateRequest__fields[3] = { + {1, UPB_SIZE(0, 0), 0, 0, 9, 1}, + {2, UPB_SIZE(8, 16), 0, 0, 9, 1}, + {3, UPB_SIZE(16, 32), 0, 0, 11, 1}, +}; + +const upb_msglayout google_security_meshca_v1_MeshCertificateRequest_msginit = { + &google_security_meshca_v1_MeshCertificateRequest_submsgs[0], + &google_security_meshca_v1_MeshCertificateRequest__fields[0], + UPB_SIZE(24, 48), 3, false, +}; + +static const upb_msglayout_field google_security_meshca_v1_MeshCertificateResponse__fields[1] = { + {1, UPB_SIZE(0, 0), 0, 0, 9, 3}, +}; + +const upb_msglayout google_security_meshca_v1_MeshCertificateResponse_msginit = { + NULL, + &google_security_meshca_v1_MeshCertificateResponse__fields[0], + UPB_SIZE(4, 8), 1, false, +}; + +#include "upb/port_undef.inc" + diff --git a/src/core/ext/upb-generated/src/proto/grpc/tls/provider/meshca/meshca.upb.h b/src/core/ext/upb-generated/src/proto/grpc/tls/provider/meshca/meshca.upb.h new file mode 100644 index 00000000000..ab2f7b95085 --- /dev/null +++ b/src/core/ext/upb-generated/src/proto/grpc/tls/provider/meshca/meshca.upb.h @@ -0,0 +1,103 @@ +/* This file was generated by upbc (the upb compiler) from the input + * file: + * + * src/proto/grpc/tls/provider/meshca/meshca.proto + * + * Do not edit -- your changes will be discarded when the file is + * regenerated. */ + +#ifndef SRC_PROTO_GRPC_TLS_PROVIDER_MESHCA_MESHCA_PROTO_UPB_H_ +#define SRC_PROTO_GRPC_TLS_PROVIDER_MESHCA_MESHCA_PROTO_UPB_H_ + +#include "upb/msg.h" +#include "upb/decode.h" +#include "upb/encode.h" + +#include "upb/port_def.inc" + +#ifdef __cplusplus +extern "C" { +#endif + +struct google_security_meshca_v1_MeshCertificateRequest; +struct google_security_meshca_v1_MeshCertificateResponse; +typedef struct google_security_meshca_v1_MeshCertificateRequest google_security_meshca_v1_MeshCertificateRequest; +typedef struct google_security_meshca_v1_MeshCertificateResponse google_security_meshca_v1_MeshCertificateResponse; +extern const upb_msglayout google_security_meshca_v1_MeshCertificateRequest_msginit; +extern const upb_msglayout google_security_meshca_v1_MeshCertificateResponse_msginit; +struct google_protobuf_Duration; +extern const upb_msglayout google_protobuf_Duration_msginit; + + +/* google.security.meshca.v1.MeshCertificateRequest */ + +UPB_INLINE google_security_meshca_v1_MeshCertificateRequest *google_security_meshca_v1_MeshCertificateRequest_new(upb_arena *arena) { + return (google_security_meshca_v1_MeshCertificateRequest *)_upb_msg_new(&google_security_meshca_v1_MeshCertificateRequest_msginit, arena); +} +UPB_INLINE google_security_meshca_v1_MeshCertificateRequest *google_security_meshca_v1_MeshCertificateRequest_parse(const char *buf, size_t size, + upb_arena *arena) { + google_security_meshca_v1_MeshCertificateRequest *ret = google_security_meshca_v1_MeshCertificateRequest_new(arena); + return (ret && upb_decode(buf, size, ret, &google_security_meshca_v1_MeshCertificateRequest_msginit, arena)) ? ret : NULL; +} +UPB_INLINE char *google_security_meshca_v1_MeshCertificateRequest_serialize(const google_security_meshca_v1_MeshCertificateRequest *msg, upb_arena *arena, size_t *len) { + return upb_encode(msg, &google_security_meshca_v1_MeshCertificateRequest_msginit, arena, len); +} + +UPB_INLINE upb_strview google_security_meshca_v1_MeshCertificateRequest_request_id(const google_security_meshca_v1_MeshCertificateRequest *msg) { return *UPB_PTR_AT(msg, UPB_SIZE(0, 0), upb_strview); } +UPB_INLINE upb_strview google_security_meshca_v1_MeshCertificateRequest_csr(const google_security_meshca_v1_MeshCertificateRequest *msg) { return *UPB_PTR_AT(msg, UPB_SIZE(8, 16), upb_strview); } +UPB_INLINE bool google_security_meshca_v1_MeshCertificateRequest_has_validity(const google_security_meshca_v1_MeshCertificateRequest *msg) { return _upb_has_submsg_nohasbit(msg, UPB_SIZE(16, 32)); } +UPB_INLINE const struct google_protobuf_Duration* google_security_meshca_v1_MeshCertificateRequest_validity(const google_security_meshca_v1_MeshCertificateRequest *msg) { return *UPB_PTR_AT(msg, UPB_SIZE(16, 32), const struct google_protobuf_Duration*); } + +UPB_INLINE void google_security_meshca_v1_MeshCertificateRequest_set_request_id(google_security_meshca_v1_MeshCertificateRequest *msg, upb_strview value) { + *UPB_PTR_AT(msg, UPB_SIZE(0, 0), upb_strview) = value; +} +UPB_INLINE void google_security_meshca_v1_MeshCertificateRequest_set_csr(google_security_meshca_v1_MeshCertificateRequest *msg, upb_strview value) { + *UPB_PTR_AT(msg, UPB_SIZE(8, 16), upb_strview) = value; +} +UPB_INLINE void google_security_meshca_v1_MeshCertificateRequest_set_validity(google_security_meshca_v1_MeshCertificateRequest *msg, struct google_protobuf_Duration* value) { + *UPB_PTR_AT(msg, UPB_SIZE(16, 32), struct google_protobuf_Duration*) = value; +} +UPB_INLINE struct google_protobuf_Duration* google_security_meshca_v1_MeshCertificateRequest_mutable_validity(google_security_meshca_v1_MeshCertificateRequest *msg, upb_arena *arena) { + struct google_protobuf_Duration* sub = (struct google_protobuf_Duration*)google_security_meshca_v1_MeshCertificateRequest_validity(msg); + if (sub == NULL) { + sub = (struct google_protobuf_Duration*)_upb_msg_new(&google_protobuf_Duration_msginit, arena); + if (!sub) return NULL; + google_security_meshca_v1_MeshCertificateRequest_set_validity(msg, sub); + } + return sub; +} + +/* google.security.meshca.v1.MeshCertificateResponse */ + +UPB_INLINE google_security_meshca_v1_MeshCertificateResponse *google_security_meshca_v1_MeshCertificateResponse_new(upb_arena *arena) { + return (google_security_meshca_v1_MeshCertificateResponse *)_upb_msg_new(&google_security_meshca_v1_MeshCertificateResponse_msginit, arena); +} +UPB_INLINE google_security_meshca_v1_MeshCertificateResponse *google_security_meshca_v1_MeshCertificateResponse_parse(const char *buf, size_t size, + upb_arena *arena) { + google_security_meshca_v1_MeshCertificateResponse *ret = google_security_meshca_v1_MeshCertificateResponse_new(arena); + return (ret && upb_decode(buf, size, ret, &google_security_meshca_v1_MeshCertificateResponse_msginit, arena)) ? ret : NULL; +} +UPB_INLINE char *google_security_meshca_v1_MeshCertificateResponse_serialize(const google_security_meshca_v1_MeshCertificateResponse *msg, upb_arena *arena, size_t *len) { + return upb_encode(msg, &google_security_meshca_v1_MeshCertificateResponse_msginit, arena, len); +} + +UPB_INLINE upb_strview const* google_security_meshca_v1_MeshCertificateResponse_cert_chain(const google_security_meshca_v1_MeshCertificateResponse *msg, size_t *len) { return (upb_strview const*)_upb_array_accessor(msg, UPB_SIZE(0, 0), len); } + +UPB_INLINE upb_strview* google_security_meshca_v1_MeshCertificateResponse_mutable_cert_chain(google_security_meshca_v1_MeshCertificateResponse *msg, size_t *len) { + return (upb_strview*)_upb_array_mutable_accessor(msg, UPB_SIZE(0, 0), len); +} +UPB_INLINE upb_strview* google_security_meshca_v1_MeshCertificateResponse_resize_cert_chain(google_security_meshca_v1_MeshCertificateResponse *msg, size_t len, upb_arena *arena) { + return (upb_strview*)_upb_array_resize_accessor(msg, UPB_SIZE(0, 0), len, UPB_TYPE_STRING, arena); +} +UPB_INLINE bool google_security_meshca_v1_MeshCertificateResponse_add_cert_chain(google_security_meshca_v1_MeshCertificateResponse *msg, upb_strview val, upb_arena *arena) { + return _upb_array_append_accessor(msg, UPB_SIZE(0, 0), UPB_SIZE(8, 16), UPB_TYPE_STRING, &val, + arena); +} + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#include "upb/port_undef.inc" + +#endif /* SRC_PROTO_GRPC_TLS_PROVIDER_MESHCA_MESHCA_PROTO_UPB_H_ */ diff --git a/src/proto/grpc/tls/provider/meshca/meshca.proto b/src/proto/grpc/tls/provider/meshca/meshca.proto new file mode 100644 index 00000000000..90afde2b7fc --- /dev/null +++ b/src/proto/grpc/tls/provider/meshca/meshca.proto @@ -0,0 +1,52 @@ +// Copyright 2019 Istio Authors. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package google.security.meshca.v1; + +import "google/protobuf/duration.proto"; + +option java_multiple_files = true; +option java_outer_classname = "MeshCaProto"; +option java_package = "com.google.security.meshca.v1"; + +// Certificate request message. +message MeshCertificateRequest { + // The request ID must be a valid UUID with the exception that zero UUID is + // not supported (00000000-0000-0000-0000-000000000000). + string request_id = 1; + // PEM-encoded certificate request. + string csr = 2; + // Optional: requested certificate validity period. + google.protobuf.Duration validity = 3; + // Reserved 4 +} + +// Certificate response message. +message MeshCertificateResponse { + // PEM-encoded certificate chain. + // Leaf cert is element '0'. Root cert is element 'n'. + repeated string cert_chain = 1; +} + +// Service for managing certificates issued by the CSM CA. +service MeshCertificateService { + // Using provided CSR, returns a signed certificate that represents a GCP + // service account identity. + rpc CreateCertificate(MeshCertificateRequest) + returns (MeshCertificateResponse) { + } +} + diff --git a/tools/codegen/core/gen_upb_api.sh b/tools/codegen/core/gen_upb_api.sh index 4927ae6bcc2..fd6b6fa6c71 100755 --- a/tools/codegen/core/gen_upb_api.sh +++ b/tools/codegen/core/gen_upb_api.sh @@ -106,6 +106,7 @@ proto_files=( \ "src/proto/grpc/gcp/transport_security_common.proto" \ "src/proto/grpc/health/v1/health.proto" \ "src/proto/grpc/lb/v1/load_balancer.proto" \ + "src/proto/grpc/tls/provider/meshca/meshca.proto" \ "udpa/data/orca/v1/orca_load_report.proto" \ "udpa/annotations/migrate.proto" \ "udpa/annotations/sensitive.proto" \