diff --git a/auth/login/login.go b/auth/login/login.go index 21c03524..1e78f071 100644 --- a/auth/login/login.go +++ b/auth/login/login.go @@ -67,9 +67,6 @@ func Login(ctx context.Context, opts ...Option) (token string, refreshToken stri if len(conf.Audience) > 0 { params.Set("audience", strings.Join(conf.Audience, ",")) } - if conf.IncludeUpstreamToken { - params.Set("include_upstream_token", "true") - } if conf.CreateRefreshToken { params.Set("create_refresh_token", "true") } diff --git a/auth/login/options.go b/auth/login/options.go index 86039c2d..9ec0f368 100644 --- a/auth/login/options.go +++ b/auth/login/options.go @@ -45,10 +45,6 @@ type config struct { // if the account is not found. SkipRegistration bool - // IncludeUpstreamToken tells the issuer to include the encrypted upstream token - // in the Chainguard token - IncludeUpstreamToken bool - // CreateRefreshToken tells the issuer to create a refresh token CreateRefreshToken bool @@ -171,12 +167,6 @@ func WithSkipRegistration() Option { } } -func WithIncludeUpstreamToken() Option { - return func(c *config) { - c.IncludeUpstreamToken = true - } -} - func WithCreateRefreshToken() Option { return func(c *config) { c.CreateRefreshToken = true diff --git a/events/apk/apk.go b/events/apk/apk.go new file mode 100644 index 00000000..b309881c --- /dev/null +++ b/events/apk/apk.go @@ -0,0 +1,56 @@ +/* +Copyright 2024 Chainguard, Inc. +SPDX-License-Identifier: Apache-2.0 +*/ + +package apk + +import "chainguard.dev/sdk/civil" + +const ( + // PushedEventType is the cloudevents event type for registry pushes + PushedEventType = "dev.chainguard.apk.push.v1" +) + +// PushEvent describes an APK being pushed to the registry. +type PushEvent struct { + // Repository identifies the repository being pushed + Repository string `json:"repository"` + + // GroupID identifies the UIDP of the APK repository (group) being pushed + RepoID string `json:"repo_id"` + + // Package holds the name of the package being pushed. + Package string `json:"package"` + + // Version holds the version of the package being pushed. + Version string `json:"version"` + + // Architecture holds the architecture of the package being pushed. + Architecture string `json:"architecture"` + + // Checksum holds the checksum of the package's control section as + // it would appear in an APKINDEX entry for the package. + Checksum string `json:"checksum"` + + // When holds when the push occurred. + When civil.DateTime `json:"when"` + + // Location holds the detected approximate location of the client who pushed. + // For example, "ColumbusOHUS" or "Minato City13JP". + Location string `json:"location"` + + // RemoteAddress holds the address of the client who pushed. + RemoteAddress string `json:"remote_address"` + + // UserAgent holds the user-agent of the client who pushed. + UserAgent string `json:"user_agent"` + + Error *Error `json:"error,omitempty"` +} + +type Error struct { + Status int `json:"status"` + Code string `json:"code"` + Message string `json:"message"` +} diff --git a/events/registry/registry.go b/events/registry/registry.go index ff4519f5..8fdcf691 100644 --- a/events/registry/registry.go +++ b/events/registry/registry.go @@ -52,6 +52,9 @@ type PullEvent struct { // For example, "ColumbusOHUS" or "Minato City13JP". Location string `json:"location"` + // RemoteAddress holds the address of the client who pulled. + RemoteAddress string `json:"remote_address"` + // UserAgent holds the user-agent of the client who pulled. UserAgent string `json:"user_agent"` @@ -84,6 +87,9 @@ type PushEvent struct { // For example, "ColumbusOHUS" or "Minato City13JP". Location string `json:"location"` + // RemoteAddress holds the address of the client who pushed. + RemoteAddress string `json:"remote_address"` + // UserAgent holds the user-agent of the client who pushed. UserAgent string `json:"user_agent"` diff --git a/go.mod b/go.mod index 111ebaa7..452d465f 100644 --- a/go.mod +++ b/go.mod @@ -3,9 +3,9 @@ module chainguard.dev/sdk go 1.22.3 require ( - chainguard.dev/go-grpc-kit v0.17.4 + chainguard.dev/go-grpc-kit v0.17.5 chainguard.dev/go-oidctest v0.3.1 - github.com/aws/aws-sdk-go-v2 v1.26.0 + github.com/aws/aws-sdk-go-v2 v1.27.0 github.com/bits-and-blooms/bitset v1.13.0 github.com/chainguard-dev/clog v1.3.1 github.com/cloudevents/sdk-go/v2 v2.15.2 @@ -17,7 +17,7 @@ require ( github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c github.com/russross/blackfriday/v2 v2.1.0 golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb - golang.org/x/oauth2 v0.20.0 + golang.org/x/oauth2 v0.21.0 google.golang.org/genproto/googleapis/api v0.0.0-20240520151616-dc85e6b867a5 google.golang.org/grpc v1.64.0 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0 @@ -26,7 +26,7 @@ require ( ) require ( - github.com/aws/smithy-go v1.20.1 // indirect + github.com/aws/smithy-go v1.20.2 // indirect github.com/aymerick/douceur v0.2.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect @@ -55,10 +55,10 @@ require ( go.opentelemetry.io/otel/trace v1.27.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.23.0 // indirect - golang.org/x/net v0.25.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/crypto v0.24.0 // indirect + golang.org/x/net v0.26.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 53a2ff3b..80c14706 100644 --- a/go.sum +++ b/go.sum @@ -1,13 +1,13 @@ -chainguard.dev/go-grpc-kit v0.17.4 h1:UppQ4LNJYYh1Kiby9/xWt6B4KtqCqpJv6Y7KIhmX8B0= -chainguard.dev/go-grpc-kit v0.17.4/go.mod h1:vQGcwZiX6jXwhyLPCZwVMvjITD+XcrSmQzuCTW/XcVc= +chainguard.dev/go-grpc-kit v0.17.5 h1:y0MHgqm3v0LKKQfxPJV57wkXxa8uMSpNTjhtHbNh1DY= +chainguard.dev/go-grpc-kit v0.17.5/go.mod h1:vQGcwZiX6jXwhyLPCZwVMvjITD+XcrSmQzuCTW/XcVc= chainguard.dev/go-oidctest v0.3.1 h1:Q1OvIVIcl+i0hqgmrXZLeDhSjtDjbnLEBASoTbhyuBY= chainguard.dev/go-oidctest v0.3.1/go.mod h1:TDN6MPJ6BEzWtorS9/dHzzGiaBpPRnRONv2SE0mqitU= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/aws/aws-sdk-go-v2 v1.26.0 h1:/Ce4OCiM3EkpW7Y+xUnfAFpchU78K7/Ug01sZni9PgA= -github.com/aws/aws-sdk-go-v2 v1.26.0/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I= -github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw= -github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= +github.com/aws/aws-sdk-go-v2 v1.27.0 h1:7bZWKoXhzI+mMR/HjdMx8ZCC5+6fY0lS5tr0bbgiLlo= +github.com/aws/aws-sdk-go-v2 v1.27.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= +github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= +github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk= github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= @@ -156,8 +156,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb h1:c0vyKkb6yr3KR7jEfJaOSv4lG7xPkbN6r52aJz1d8a8= golang.org/x/exp v0.0.0-20231206192017-f3f8817b8deb/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= @@ -182,11 +182,11 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= -golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -208,8 +208,8 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= @@ -221,8 +221,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/proto/capabilities/capabilities.go b/proto/capabilities/capabilities.go index ba0c2237..7a739d07 100644 --- a/proto/capabilities/capabilities.go +++ b/proto/capabilities/capabilities.go @@ -46,6 +46,19 @@ func Names() []string { return all } +func Deprecated(cap Capability) bool { + evd := cap.Descriptor().Values().ByNumber(cap.Number()) + if evd == nil { + return false + } + opt := evd.Options() + if opt == nil { + return false + } + evo := opt.(*descriptorpb.EnumValueOptions) + return evo.GetDeprecated() +} + func Stringify(cap Capability) (string, error) { evd := cap.Descriptor().Values().ByNumber(cap.Number()) if evd == nil { diff --git a/proto/capabilities/capabilities.pb.go b/proto/capabilities/capabilities.pb.go index f4a8520e..206d9d60 100644 --- a/proto/capabilities/capabilities.pb.go +++ b/proto/capabilities/capabilities.pb.go @@ -25,82 +25,106 @@ const ( type Capability int32 const ( - Capability_UNKNOWN Capability = 0 - Capability_CAP_IAM_GROUPS_CREATE Capability = 101 - Capability_CAP_IAM_GROUPS_UPDATE Capability = 102 - Capability_CAP_IAM_GROUPS_LIST Capability = 103 - Capability_CAP_IAM_GROUPS_DELETE Capability = 104 - Capability_CAP_IAM_GROUP_INVITES_CREATE Capability = 201 - Capability_CAP_IAM_GROUP_INVITES_LIST Capability = 203 - Capability_CAP_IAM_GROUP_INVITES_DELETE Capability = 204 - Capability_CAP_IAM_ROLES_CREATE Capability = 301 - Capability_CAP_IAM_ROLES_UPDATE Capability = 302 - Capability_CAP_IAM_ROLES_LIST Capability = 303 - Capability_CAP_IAM_ROLES_DELETE Capability = 304 - Capability_CAP_IAM_ROLE_BINDINGS_CREATE Capability = 401 - Capability_CAP_IAM_ROLE_BINDINGS_UPDATE Capability = 402 - Capability_CAP_IAM_ROLE_BINDINGS_LIST Capability = 403 - Capability_CAP_IAM_ROLE_BINDINGS_DELETE Capability = 404 - Capability_CAP_TENANT_CLUSTERS_CREATE Capability = 501 - Capability_CAP_TENANT_CLUSTERS_UPDATE Capability = 502 - Capability_CAP_TENANT_CLUSTERS_LIST Capability = 503 - Capability_CAP_TENANT_CLUSTERS_DELETE Capability = 504 - Capability_CAP_TENANT_CLUSTERS_DISCOVER Capability = 505 - Capability_CAP_TENANT_RECORDS_LIST Capability = 603 - Capability_CAP_TENANT_RECORD_CONTEXTS_LIST Capability = 613 - Capability_CAP_TENANT_RECORD_SIGNATURES_LIST Capability = 623 + Capability_UNKNOWN Capability = 0 + Capability_CAP_IAM_GROUPS_CREATE Capability = 101 + Capability_CAP_IAM_GROUPS_UPDATE Capability = 102 + Capability_CAP_IAM_GROUPS_LIST Capability = 103 + Capability_CAP_IAM_GROUPS_DELETE Capability = 104 + Capability_CAP_IAM_GROUP_INVITES_CREATE Capability = 201 + Capability_CAP_IAM_GROUP_INVITES_LIST Capability = 203 + Capability_CAP_IAM_GROUP_INVITES_DELETE Capability = 204 + Capability_CAP_IAM_ROLES_CREATE Capability = 301 + Capability_CAP_IAM_ROLES_UPDATE Capability = 302 + Capability_CAP_IAM_ROLES_LIST Capability = 303 + Capability_CAP_IAM_ROLES_DELETE Capability = 304 + Capability_CAP_IAM_ROLE_BINDINGS_CREATE Capability = 401 + Capability_CAP_IAM_ROLE_BINDINGS_UPDATE Capability = 402 + Capability_CAP_IAM_ROLE_BINDINGS_LIST Capability = 403 + Capability_CAP_IAM_ROLE_BINDINGS_DELETE Capability = 404 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_TENANT_CLUSTERS_CREATE Capability = 501 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_TENANT_CLUSTERS_UPDATE Capability = 502 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_TENANT_CLUSTERS_LIST Capability = 503 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_TENANT_CLUSTERS_DELETE Capability = 504 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_TENANT_CLUSTERS_DISCOVER Capability = 505 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_TENANT_RECORDS_LIST Capability = 603 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_TENANT_RECORD_CONTEXTS_LIST Capability = 613 + Capability_CAP_TENANT_RECORD_SIGNATURES_LIST Capability = 623 + // Deprecated: Marked as deprecated in capabilities.proto. Capability_CAP_TENANT_RECORD_POLICY_RESULTS_LIST Capability = 633 - Capability_CAP_TENANT_RISKS_LIST Capability = 640 - Capability_CAP_TENANT_SBOMS_LIST Capability = 650 - Capability_CAP_TENANT_VULN_REPORTS_LIST Capability = 660 - Capability_CAP_TENANT_ATTESTATIONS_LIST Capability = 670 - Capability_CAP_IAM_ACCOUNT_ASSOCIATIONS_CREATE Capability = 701 - Capability_CAP_IAM_ACCOUNT_ASSOCIATIONS_UPDATE Capability = 702 - Capability_CAP_IAM_ACCOUNT_ASSOCIATIONS_LIST Capability = 703 - Capability_CAP_IAM_ACCOUNT_ASSOCIATIONS_DELETE Capability = 704 - Capability_CAP_IAM_POLICY_CREATE Capability = 801 - Capability_CAP_IAM_POLICY_UPDATE Capability = 802 - Capability_CAP_IAM_POLICY_LIST Capability = 803 - Capability_CAP_IAM_POLICY_DELETE Capability = 804 - Capability_CAP_IAM_IDENTITY_CREATE Capability = 901 - Capability_CAP_IAM_IDENTITY_UPDATE Capability = 902 - Capability_CAP_IAM_IDENTITY_LIST Capability = 903 - Capability_CAP_IAM_IDENTITY_DELETE Capability = 904 - Capability_CAP_TENANT_NODES_LIST Capability = 1003 - Capability_CAP_TENANT_NAMESPACES_LIST Capability = 1103 - Capability_CAP_TENANT_WORKLOADS_LIST Capability = 1203 - Capability_CAP_IAM_IDENTITY_PROVIDERS_CREATE Capability = 1301 - Capability_CAP_IAM_IDENTITY_PROVIDERS_UPDATE Capability = 1302 - Capability_CAP_IAM_IDENTITY_PROVIDERS_LIST Capability = 1303 - Capability_CAP_IAM_IDENTITY_PROVIDERS_DELETE Capability = 1304 - Capability_CAP_EVENTS_SUBSCRIPTION_CREATE Capability = 1501 - Capability_CAP_EVENTS_SUBSCRIPTION_UPDATE Capability = 1502 - Capability_CAP_EVENTS_SUBSCRIPTION_LIST Capability = 1503 - Capability_CAP_EVENTS_SUBSCRIPTION_DELETE Capability = 1504 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_TENANT_RISKS_LIST Capability = 640 + Capability_CAP_TENANT_SBOMS_LIST Capability = 650 + Capability_CAP_TENANT_VULN_REPORTS_LIST Capability = 660 + Capability_CAP_TENANT_ATTESTATIONS_LIST Capability = 670 + Capability_CAP_IAM_ACCOUNT_ASSOCIATIONS_CREATE Capability = 701 + Capability_CAP_IAM_ACCOUNT_ASSOCIATIONS_UPDATE Capability = 702 + Capability_CAP_IAM_ACCOUNT_ASSOCIATIONS_LIST Capability = 703 + Capability_CAP_IAM_ACCOUNT_ASSOCIATIONS_DELETE Capability = 704 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_IAM_POLICY_CREATE Capability = 801 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_IAM_POLICY_UPDATE Capability = 802 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_IAM_POLICY_LIST Capability = 803 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_IAM_POLICY_DELETE Capability = 804 + Capability_CAP_IAM_IDENTITY_CREATE Capability = 901 + Capability_CAP_IAM_IDENTITY_UPDATE Capability = 902 + Capability_CAP_IAM_IDENTITY_LIST Capability = 903 + Capability_CAP_IAM_IDENTITY_DELETE Capability = 904 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_TENANT_NODES_LIST Capability = 1003 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_TENANT_NAMESPACES_LIST Capability = 1103 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_TENANT_WORKLOADS_LIST Capability = 1203 + Capability_CAP_IAM_IDENTITY_PROVIDERS_CREATE Capability = 1301 + Capability_CAP_IAM_IDENTITY_PROVIDERS_UPDATE Capability = 1302 + Capability_CAP_IAM_IDENTITY_PROVIDERS_LIST Capability = 1303 + Capability_CAP_IAM_IDENTITY_PROVIDERS_DELETE Capability = 1304 + Capability_CAP_EVENTS_SUBSCRIPTION_CREATE Capability = 1501 + Capability_CAP_EVENTS_SUBSCRIPTION_UPDATE Capability = 1502 + Capability_CAP_EVENTS_SUBSCRIPTION_LIST Capability = 1503 + Capability_CAP_EVENTS_SUBSCRIPTION_DELETE Capability = 1504 // TODO(jason): Remove these coarse-grained capabilities after they're removed from the roles. - Capability_CAP_REGISTRY_PULL Capability = 1601 // Can read tags, blobs, manifests. - Capability_CAP_REGISTRY_PUSH Capability = 1602 // Can create and update tags, blobs, manifests. - Capability_CAP_REPO_CREATE Capability = 1603 - Capability_CAP_REPO_UPDATE Capability = 1604 - Capability_CAP_REPO_LIST Capability = 1605 - Capability_CAP_REPO_DELETE Capability = 1606 - Capability_CAP_MANIFEST_CREATE Capability = 1607 - Capability_CAP_MANIFEST_UPDATE Capability = 1608 - Capability_CAP_MANIFEST_LIST Capability = 1609 - Capability_CAP_MANIFEST_DELETE Capability = 1610 - Capability_CAP_TAG_CREATE Capability = 1611 - Capability_CAP_TAG_UPDATE Capability = 1612 - Capability_CAP_TAG_LIST Capability = 1613 - Capability_CAP_TAG_DELETE Capability = 1614 - Capability_CAP_MANIFEST_METADATA_LIST Capability = 1615 - Capability_CAP_APK_CREATE Capability = 1650 - Capability_CAP_APK_UPDATE Capability = 1651 - Capability_CAP_APK_LIST Capability = 1652 - Capability_CAP_APK_DELETE Capability = 1653 - Capability_CAP_SIGSTORE_CREATE Capability = 1701 - Capability_CAP_SIGSTORE_UPDATE Capability = 1702 - Capability_CAP_SIGSTORE_LIST Capability = 1703 - Capability_CAP_SIGSTORE_DELETE Capability = 1704 + // + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_REGISTRY_PULL Capability = 1601 // Can read tags, blobs, manifests. + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_REGISTRY_PUSH Capability = 1602 // Can create and update tags, blobs, manifests. + Capability_CAP_REPO_CREATE Capability = 1603 + Capability_CAP_REPO_UPDATE Capability = 1604 + Capability_CAP_REPO_LIST Capability = 1605 + Capability_CAP_REPO_DELETE Capability = 1606 + Capability_CAP_MANIFEST_CREATE Capability = 1607 + Capability_CAP_MANIFEST_UPDATE Capability = 1608 + Capability_CAP_MANIFEST_LIST Capability = 1609 + Capability_CAP_MANIFEST_DELETE Capability = 1610 + Capability_CAP_TAG_CREATE Capability = 1611 + Capability_CAP_TAG_UPDATE Capability = 1612 + Capability_CAP_TAG_LIST Capability = 1613 + Capability_CAP_TAG_DELETE Capability = 1614 + Capability_CAP_MANIFEST_METADATA_LIST Capability = 1615 + Capability_CAP_APK_CREATE Capability = 1650 + Capability_CAP_APK_UPDATE Capability = 1651 + Capability_CAP_APK_LIST Capability = 1652 + Capability_CAP_APK_DELETE Capability = 1653 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_SIGSTORE_CREATE Capability = 1701 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_SIGSTORE_UPDATE Capability = 1702 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_SIGSTORE_LIST Capability = 1703 + // Deprecated: Marked as deprecated in capabilities.proto. + Capability_CAP_SIGSTORE_DELETE Capability = 1704 + // Deprecated: Marked as deprecated in capabilities.proto. Capability_CAP_SIGSTORE_CERTIFICATE_CREATE Capability = 1705 // This is orthogonal enough that we should leave // it somewhat separate, so add new capabilities above. @@ -341,7 +365,7 @@ var file_capabilities_proto_rawDesc = []byte{ 0x2e, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x1a, 0x20, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2a, - 0x83, 0x23, 0x0a, 0x0a, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x0b, + 0xb1, 0x23, 0x0a, 0x0a, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, 0x57, 0x4e, 0x10, 0x00, 0x12, 0x33, 0x0a, 0x15, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, 0x47, 0x52, 0x4f, 0x55, 0x50, 0x53, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0x65, 0x1a, 0x18, 0xa8, 0xcb, 0x91, 0x4d, 0x01, 0x9a, 0xaf, 0xa8, @@ -397,117 +421,119 @@ var file_capabilities_proto_rawDesc = []byte{ 0x41, 0x4d, 0x5f, 0x52, 0x4f, 0x4c, 0x45, 0x5f, 0x42, 0x49, 0x4e, 0x44, 0x49, 0x4e, 0x47, 0x53, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x94, 0x03, 0x1a, 0x1f, 0xa8, 0xcb, 0x91, 0x4d, 0x0f, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x14, 0x72, 0x6f, 0x6c, 0x65, 0x5f, 0x62, 0x69, 0x6e, 0x64, - 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x3b, 0x0a, 0x1a, 0x43, + 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x3d, 0x0a, 0x1a, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x43, 0x4c, 0x55, 0x53, 0x54, 0x45, - 0x52, 0x53, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0xf5, 0x03, 0x1a, 0x1a, 0xa8, 0xcb, + 0x52, 0x53, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0xf5, 0x03, 0x1a, 0x1c, 0xa8, 0xcb, 0x91, 0x4d, 0x10, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, - 0x73, 0x2e, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x3b, 0x0a, 0x1a, 0x43, 0x41, 0x50, 0x5f, - 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x43, 0x4c, 0x55, 0x53, 0x54, 0x45, 0x52, 0x53, 0x5f, - 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0xf6, 0x03, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x11, - 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x2e, 0x75, - 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x37, 0x0a, 0x18, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, - 0x41, 0x4e, 0x54, 0x5f, 0x43, 0x4c, 0x55, 0x53, 0x54, 0x45, 0x52, 0x53, 0x5f, 0x4c, 0x49, 0x53, - 0x54, 0x10, 0xf7, 0x03, 0x1a, 0x18, 0xa8, 0xcb, 0x91, 0x4d, 0x12, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, - 0x0d, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x3b, - 0x0a, 0x1a, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x43, 0x4c, 0x55, - 0x53, 0x54, 0x45, 0x52, 0x53, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0xf8, 0x03, 0x1a, - 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x13, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x63, 0x6c, 0x75, 0x73, - 0x74, 0x65, 0x72, 0x73, 0x2e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x3f, 0x0a, 0x1c, 0x43, - 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x43, 0x4c, 0x55, 0x53, 0x54, 0x45, - 0x52, 0x53, 0x5f, 0x44, 0x49, 0x53, 0x43, 0x4f, 0x56, 0x45, 0x52, 0x10, 0xf9, 0x03, 0x1a, 0x1c, - 0xa8, 0xcb, 0x91, 0x4d, 0x33, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x11, 0x63, 0x6c, 0x75, 0x73, 0x74, - 0x65, 0x72, 0x73, 0x2e, 0x64, 0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x35, 0x0a, 0x17, - 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x52, 0x45, 0x43, 0x4f, 0x52, - 0x44, 0x53, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xdb, 0x04, 0x1a, 0x17, 0xa8, 0xcb, 0x91, 0x4d, - 0x14, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0c, 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x73, 0x2e, 0x6c, - 0x69, 0x73, 0x74, 0x12, 0x45, 0x0a, 0x1f, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, - 0x54, 0x5f, 0x52, 0x45, 0x43, 0x4f, 0x52, 0x44, 0x5f, 0x43, 0x4f, 0x4e, 0x54, 0x45, 0x58, 0x54, - 0x53, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xe5, 0x04, 0x1a, 0x1f, 0xa8, 0xcb, 0x91, 0x4d, 0x30, - 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x14, 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x5f, 0x63, 0x6f, 0x6e, - 0x74, 0x65, 0x78, 0x74, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x49, 0x0a, 0x21, 0x43, 0x41, - 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x52, 0x45, 0x43, 0x4f, 0x52, 0x44, 0x5f, - 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x53, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, - 0xef, 0x04, 0x1a, 0x21, 0xa8, 0xcb, 0x91, 0x4d, 0x31, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x16, 0x72, - 0x65, 0x63, 0x6f, 0x72, 0x64, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, - 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x51, 0x0a, 0x25, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, - 0x41, 0x4e, 0x54, 0x5f, 0x52, 0x45, 0x43, 0x4f, 0x52, 0x44, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, - 0x59, 0x5f, 0x52, 0x45, 0x53, 0x55, 0x4c, 0x54, 0x53, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xf9, - 0x04, 0x1a, 0x25, 0xa8, 0xcb, 0x91, 0x4d, 0x32, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x1a, 0x72, 0x65, - 0x63, 0x6f, 0x72, 0x64, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5f, 0x72, 0x65, 0x73, 0x75, - 0x6c, 0x74, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x31, 0x0a, 0x15, 0x43, 0x41, 0x50, 0x5f, + 0x73, 0x2e, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x08, 0x01, 0x12, 0x3d, 0x0a, 0x1a, 0x43, 0x41, + 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x43, 0x4c, 0x55, 0x53, 0x54, 0x45, 0x52, + 0x53, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0xf6, 0x03, 0x1a, 0x1c, 0xa8, 0xcb, 0x91, + 0x4d, 0x11, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, + 0x2e, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x08, 0x01, 0x12, 0x39, 0x0a, 0x18, 0x43, 0x41, 0x50, + 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x43, 0x4c, 0x55, 0x53, 0x54, 0x45, 0x52, 0x53, + 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xf7, 0x03, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x12, 0x9a, + 0xaf, 0xa8, 0xd2, 0x05, 0x0d, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x2e, 0x6c, 0x69, + 0x73, 0x74, 0x08, 0x01, 0x12, 0x3d, 0x0a, 0x1a, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, + 0x4e, 0x54, 0x5f, 0x43, 0x4c, 0x55, 0x53, 0x54, 0x45, 0x52, 0x53, 0x5f, 0x44, 0x45, 0x4c, 0x45, + 0x54, 0x45, 0x10, 0xf8, 0x03, 0x1a, 0x1c, 0xa8, 0xcb, 0x91, 0x4d, 0x13, 0x9a, 0xaf, 0xa8, 0xd2, + 0x05, 0x0f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x2e, 0x64, 0x65, 0x6c, 0x65, 0x74, + 0x65, 0x08, 0x01, 0x12, 0x41, 0x0a, 0x1c, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, + 0x54, 0x5f, 0x43, 0x4c, 0x55, 0x53, 0x54, 0x45, 0x52, 0x53, 0x5f, 0x44, 0x49, 0x53, 0x43, 0x4f, + 0x56, 0x45, 0x52, 0x10, 0xf9, 0x03, 0x1a, 0x1e, 0xa8, 0xcb, 0x91, 0x4d, 0x33, 0x9a, 0xaf, 0xa8, + 0xd2, 0x05, 0x11, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x73, 0x2e, 0x64, 0x69, 0x73, 0x63, + 0x6f, 0x76, 0x65, 0x72, 0x08, 0x01, 0x12, 0x37, 0x0a, 0x17, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, + 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x52, 0x45, 0x43, 0x4f, 0x52, 0x44, 0x53, 0x5f, 0x4c, 0x49, 0x53, + 0x54, 0x10, 0xdb, 0x04, 0x1a, 0x19, 0xa8, 0xcb, 0x91, 0x4d, 0x14, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, + 0x0c, 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x08, 0x01, 0x12, + 0x47, 0x0a, 0x1f, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x52, 0x45, + 0x43, 0x4f, 0x52, 0x44, 0x5f, 0x43, 0x4f, 0x4e, 0x54, 0x45, 0x58, 0x54, 0x53, 0x5f, 0x4c, 0x49, + 0x53, 0x54, 0x10, 0xe5, 0x04, 0x1a, 0x21, 0xa8, 0xcb, 0x91, 0x4d, 0x30, 0x9a, 0xaf, 0xa8, 0xd2, + 0x05, 0x14, 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, + 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x08, 0x01, 0x12, 0x49, 0x0a, 0x21, 0x43, 0x41, 0x50, 0x5f, + 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x52, 0x45, 0x43, 0x4f, 0x52, 0x44, 0x5f, 0x53, 0x49, + 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x53, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xef, 0x04, + 0x1a, 0x21, 0xa8, 0xcb, 0x91, 0x4d, 0x31, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x16, 0x72, 0x65, 0x63, + 0x6f, 0x72, 0x64, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x2e, 0x6c, + 0x69, 0x73, 0x74, 0x12, 0x53, 0x0a, 0x25, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, + 0x54, 0x5f, 0x52, 0x45, 0x43, 0x4f, 0x52, 0x44, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, + 0x52, 0x45, 0x53, 0x55, 0x4c, 0x54, 0x53, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xf9, 0x04, 0x1a, + 0x27, 0xa8, 0xcb, 0x91, 0x4d, 0x32, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x1a, 0x72, 0x65, 0x63, 0x6f, + 0x72, 0x64, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5f, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, + 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x08, 0x01, 0x12, 0x33, 0x0a, 0x15, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x52, 0x49, 0x53, 0x4b, 0x53, 0x5f, 0x4c, 0x49, 0x53, - 0x54, 0x10, 0x80, 0x05, 0x1a, 0x15, 0xa8, 0xcb, 0x91, 0x4d, 0x44, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, - 0x0a, 0x72, 0x69, 0x73, 0x6b, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x31, 0x0a, 0x15, 0x43, - 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x53, 0x42, 0x4f, 0x4d, 0x53, 0x5f, - 0x4c, 0x49, 0x53, 0x54, 0x10, 0x8a, 0x05, 0x1a, 0x15, 0xa8, 0xcb, 0x91, 0x4d, 0x45, 0x9a, 0xaf, - 0xa8, 0xd2, 0x05, 0x0a, 0x73, 0x62, 0x6f, 0x6d, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x3f, - 0x0a, 0x1c, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x56, 0x55, 0x4c, - 0x4e, 0x5f, 0x52, 0x45, 0x50, 0x4f, 0x52, 0x54, 0x53, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0x94, - 0x05, 0x1a, 0x1c, 0xa8, 0xcb, 0x91, 0x4d, 0x46, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x11, 0x76, 0x75, - 0x6c, 0x6e, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, - 0x3f, 0x0a, 0x1c, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x41, 0x54, - 0x54, 0x45, 0x53, 0x54, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, - 0x9e, 0x05, 0x1a, 0x1c, 0xa8, 0xcb, 0x91, 0x4d, 0x47, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x11, 0x61, - 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, - 0x12, 0x50, 0x0a, 0x23, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, 0x41, 0x43, 0x43, 0x4f, - 0x55, 0x4e, 0x54, 0x5f, 0x41, 0x53, 0x53, 0x4f, 0x43, 0x49, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x53, - 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0xbd, 0x05, 0x1a, 0x26, 0xa8, 0xcb, 0x91, 0x4d, - 0x15, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x1b, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x61, - 0x73, 0x73, 0x6f, 0x63, 0x69, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x63, 0x72, 0x65, 0x61, - 0x74, 0x65, 0x12, 0x50, 0x0a, 0x23, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, 0x41, 0x43, - 0x43, 0x4f, 0x55, 0x4e, 0x54, 0x5f, 0x41, 0x53, 0x53, 0x4f, 0x43, 0x49, 0x41, 0x54, 0x49, 0x4f, - 0x4e, 0x53, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0xbe, 0x05, 0x1a, 0x26, 0xa8, 0xcb, - 0x91, 0x4d, 0x16, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x1b, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, - 0x5f, 0x61, 0x73, 0x73, 0x6f, 0x63, 0x69, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x75, 0x70, - 0x64, 0x61, 0x74, 0x65, 0x12, 0x4c, 0x0a, 0x21, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, - 0x41, 0x43, 0x43, 0x4f, 0x55, 0x4e, 0x54, 0x5f, 0x41, 0x53, 0x53, 0x4f, 0x43, 0x49, 0x41, 0x54, - 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xbf, 0x05, 0x1a, 0x24, 0xa8, 0xcb, - 0x91, 0x4d, 0x17, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x19, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, - 0x5f, 0x61, 0x73, 0x73, 0x6f, 0x63, 0x69, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x6c, 0x69, + 0x54, 0x10, 0x80, 0x05, 0x1a, 0x17, 0xa8, 0xcb, 0x91, 0x4d, 0x44, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, + 0x0a, 0x72, 0x69, 0x73, 0x6b, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x08, 0x01, 0x12, 0x31, 0x0a, + 0x15, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x53, 0x42, 0x4f, 0x4d, + 0x53, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0x8a, 0x05, 0x1a, 0x15, 0xa8, 0xcb, 0x91, 0x4d, 0x45, + 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0a, 0x73, 0x62, 0x6f, 0x6d, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, + 0x12, 0x3f, 0x0a, 0x1c, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x56, + 0x55, 0x4c, 0x4e, 0x5f, 0x52, 0x45, 0x50, 0x4f, 0x52, 0x54, 0x53, 0x5f, 0x4c, 0x49, 0x53, 0x54, + 0x10, 0x94, 0x05, 0x1a, 0x1c, 0xa8, 0xcb, 0x91, 0x4d, 0x46, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x11, + 0x76, 0x75, 0x6c, 0x6e, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x2e, 0x6c, 0x69, 0x73, + 0x74, 0x12, 0x3f, 0x0a, 0x1c, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, + 0x41, 0x54, 0x54, 0x45, 0x53, 0x54, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x4c, 0x49, 0x53, + 0x54, 0x10, 0x9e, 0x05, 0x1a, 0x1c, 0xa8, 0xcb, 0x91, 0x4d, 0x47, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, + 0x11, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x50, 0x0a, 0x23, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, 0x41, 0x43, 0x43, 0x4f, 0x55, 0x4e, 0x54, 0x5f, 0x41, 0x53, 0x53, 0x4f, 0x43, 0x49, 0x41, 0x54, 0x49, 0x4f, - 0x4e, 0x53, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0xc0, 0x05, 0x1a, 0x26, 0xa8, 0xcb, - 0x91, 0x4d, 0x18, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x1b, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, - 0x5f, 0x61, 0x73, 0x73, 0x6f, 0x63, 0x69, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x64, 0x65, - 0x6c, 0x65, 0x74, 0x65, 0x12, 0x34, 0x0a, 0x15, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, - 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0xa1, 0x06, - 0x1a, 0x18, 0xa8, 0xcb, 0x91, 0x4d, 0x19, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0d, 0x70, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x2e, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x34, 0x0a, 0x15, 0x43, 0x41, - 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x55, 0x50, 0x44, - 0x41, 0x54, 0x45, 0x10, 0xa2, 0x06, 0x1a, 0x18, 0xa8, 0xcb, 0x91, 0x4d, 0x1a, 0x9a, 0xaf, 0xa8, - 0xd2, 0x05, 0x0d, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, - 0x12, 0x30, 0x0a, 0x13, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, 0x50, 0x4f, 0x4c, 0x49, - 0x43, 0x59, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xa3, 0x06, 0x1a, 0x16, 0xa8, 0xcb, 0x91, 0x4d, - 0x1b, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0b, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6c, 0x69, - 0x73, 0x74, 0x12, 0x34, 0x0a, 0x15, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, 0x50, 0x4f, - 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0xa4, 0x06, 0x1a, 0x18, - 0xa8, 0xcb, 0x91, 0x4d, 0x1c, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0d, 0x70, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x2e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x38, 0x0a, 0x17, 0x43, 0x41, 0x50, 0x5f, - 0x49, 0x41, 0x4d, 0x5f, 0x49, 0x44, 0x45, 0x4e, 0x54, 0x49, 0x54, 0x59, 0x5f, 0x43, 0x52, 0x45, - 0x41, 0x54, 0x45, 0x10, 0x85, 0x07, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x1d, 0x9a, 0xaf, 0xa8, - 0xd2, 0x05, 0x0f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x63, 0x72, 0x65, 0x61, - 0x74, 0x65, 0x12, 0x38, 0x0a, 0x17, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, 0x49, 0x44, - 0x45, 0x4e, 0x54, 0x49, 0x54, 0x59, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0x86, 0x07, - 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x1e, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x69, 0x64, 0x65, - 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x34, 0x0a, 0x15, + 0x4e, 0x53, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0xbd, 0x05, 0x1a, 0x26, 0xa8, 0xcb, + 0x91, 0x4d, 0x15, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x1b, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, + 0x5f, 0x61, 0x73, 0x73, 0x6f, 0x63, 0x69, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x63, 0x72, + 0x65, 0x61, 0x74, 0x65, 0x12, 0x50, 0x0a, 0x23, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, + 0x41, 0x43, 0x43, 0x4f, 0x55, 0x4e, 0x54, 0x5f, 0x41, 0x53, 0x53, 0x4f, 0x43, 0x49, 0x41, 0x54, + 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0xbe, 0x05, 0x1a, 0x26, + 0xa8, 0xcb, 0x91, 0x4d, 0x16, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x1b, 0x61, 0x63, 0x63, 0x6f, 0x75, + 0x6e, 0x74, 0x5f, 0x61, 0x73, 0x73, 0x6f, 0x63, 0x69, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, + 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x4c, 0x0a, 0x21, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, + 0x4d, 0x5f, 0x41, 0x43, 0x43, 0x4f, 0x55, 0x4e, 0x54, 0x5f, 0x41, 0x53, 0x53, 0x4f, 0x43, 0x49, + 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xbf, 0x05, 0x1a, 0x24, + 0xa8, 0xcb, 0x91, 0x4d, 0x17, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x19, 0x61, 0x63, 0x63, 0x6f, 0x75, + 0x6e, 0x74, 0x5f, 0x61, 0x73, 0x73, 0x6f, 0x63, 0x69, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, + 0x6c, 0x69, 0x73, 0x74, 0x12, 0x50, 0x0a, 0x23, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, + 0x41, 0x43, 0x43, 0x4f, 0x55, 0x4e, 0x54, 0x5f, 0x41, 0x53, 0x53, 0x4f, 0x43, 0x49, 0x41, 0x54, + 0x49, 0x4f, 0x4e, 0x53, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0xc0, 0x05, 0x1a, 0x26, + 0xa8, 0xcb, 0x91, 0x4d, 0x18, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x1b, 0x61, 0x63, 0x63, 0x6f, 0x75, + 0x6e, 0x74, 0x5f, 0x61, 0x73, 0x73, 0x6f, 0x63, 0x69, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, + 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x36, 0x0a, 0x15, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, + 0x4d, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, + 0xa1, 0x06, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x19, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0d, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x08, 0x01, 0x12, 0x36, + 0x0a, 0x15, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, + 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0xa2, 0x06, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, + 0x1a, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0d, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x75, 0x70, + 0x64, 0x61, 0x74, 0x65, 0x08, 0x01, 0x12, 0x32, 0x0a, 0x13, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, + 0x4d, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xa3, 0x06, + 0x1a, 0x18, 0xa8, 0xcb, 0x91, 0x4d, 0x1b, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0b, 0x70, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x08, 0x01, 0x12, 0x36, 0x0a, 0x15, 0x43, 0x41, + 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, 0x50, 0x4f, 0x4c, 0x49, 0x43, 0x59, 0x5f, 0x44, 0x45, 0x4c, + 0x45, 0x54, 0x45, 0x10, 0xa4, 0x06, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x1c, 0x9a, 0xaf, 0xa8, + 0xd2, 0x05, 0x0d, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, + 0x08, 0x01, 0x12, 0x38, 0x0a, 0x17, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, 0x49, 0x44, + 0x45, 0x4e, 0x54, 0x49, 0x54, 0x59, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0x85, 0x07, + 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x1d, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x69, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x38, 0x0a, 0x17, + 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, 0x49, 0x44, 0x45, 0x4e, 0x54, 0x49, 0x54, 0x59, + 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0x86, 0x07, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, + 0x1e, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, + 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x34, 0x0a, 0x15, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, + 0x4d, 0x5f, 0x49, 0x44, 0x45, 0x4e, 0x54, 0x49, 0x54, 0x59, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, + 0x87, 0x07, 0x1a, 0x18, 0xa8, 0xcb, 0x91, 0x4d, 0x1f, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0d, 0x69, + 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x38, 0x0a, 0x17, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, 0x49, 0x44, 0x45, 0x4e, 0x54, 0x49, 0x54, 0x59, - 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0x87, 0x07, 0x1a, 0x18, 0xa8, 0xcb, 0x91, 0x4d, 0x1f, 0x9a, - 0xaf, 0xa8, 0xd2, 0x05, 0x0d, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x6c, 0x69, - 0x73, 0x74, 0x12, 0x38, 0x0a, 0x17, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, 0x49, 0x44, - 0x45, 0x4e, 0x54, 0x49, 0x54, 0x59, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x88, 0x07, - 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x20, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x69, 0x64, 0x65, - 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x31, 0x0a, 0x15, - 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x4e, 0x4f, 0x44, 0x45, 0x53, - 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xeb, 0x07, 0x1a, 0x15, 0xa8, 0xcb, 0x91, 0x4d, 0x21, 0x9a, - 0xaf, 0xa8, 0xd2, 0x05, 0x0a, 0x6e, 0x6f, 0x64, 0x65, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, - 0x3b, 0x0a, 0x1a, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x4e, 0x41, - 0x4d, 0x45, 0x53, 0x50, 0x41, 0x43, 0x45, 0x53, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xcf, 0x08, - 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x22, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x6e, 0x61, 0x6d, - 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x39, 0x0a, 0x19, - 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x57, 0x4f, 0x52, 0x4b, 0x4c, - 0x4f, 0x41, 0x44, 0x53, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xb3, 0x09, 0x1a, 0x19, 0xa8, 0xcb, - 0x91, 0x4d, 0x23, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0e, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x4c, 0x0a, 0x21, 0x43, 0x41, 0x50, 0x5f, 0x49, + 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0x88, 0x07, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, + 0x20, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x2e, + 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x33, 0x0a, 0x15, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x45, + 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x4e, 0x4f, 0x44, 0x45, 0x53, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, + 0xeb, 0x07, 0x1a, 0x17, 0xa8, 0xcb, 0x91, 0x4d, 0x21, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0a, 0x6e, + 0x6f, 0x64, 0x65, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x08, 0x01, 0x12, 0x3d, 0x0a, 0x1a, 0x43, + 0x41, 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x4e, 0x41, 0x4d, 0x45, 0x53, 0x50, + 0x41, 0x43, 0x45, 0x53, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xcf, 0x08, 0x1a, 0x1c, 0xa8, 0xcb, + 0x91, 0x4d, 0x22, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, + 0x63, 0x65, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x08, 0x01, 0x12, 0x3b, 0x0a, 0x19, 0x43, 0x41, + 0x50, 0x5f, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x54, 0x5f, 0x57, 0x4f, 0x52, 0x4b, 0x4c, 0x4f, 0x41, + 0x44, 0x53, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xb3, 0x09, 0x1a, 0x1b, 0xa8, 0xcb, 0x91, 0x4d, + 0x23, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0e, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x73, + 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x08, 0x01, 0x12, 0x4c, 0x0a, 0x21, 0x43, 0x41, 0x50, 0x5f, 0x49, 0x41, 0x4d, 0x5f, 0x49, 0x44, 0x45, 0x4e, 0x54, 0x49, 0x54, 0x59, 0x5f, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x44, 0x45, 0x52, 0x53, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0x95, 0x0a, 0x1a, 0x24, 0xa8, 0xcb, 0x91, 0x4d, 0x34, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x19, 0x69, 0x64, 0x65, 0x6e, @@ -544,97 +570,98 @@ var file_capabilities_proto_rawDesc = []byte{ 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0xe0, 0x0b, 0x1a, 0x1f, 0xa8, 0xcb, 0x91, 0x4d, 0x27, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x14, 0x73, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, - 0x30, 0x0a, 0x11, 0x43, 0x41, 0x50, 0x5f, 0x52, 0x45, 0x47, 0x49, 0x53, 0x54, 0x52, 0x59, 0x5f, - 0x50, 0x55, 0x4c, 0x4c, 0x10, 0xc1, 0x0c, 0x1a, 0x18, 0xa8, 0xcb, 0x91, 0x4d, 0x28, 0x9a, 0xaf, + 0x32, 0x0a, 0x11, 0x43, 0x41, 0x50, 0x5f, 0x52, 0x45, 0x47, 0x49, 0x53, 0x54, 0x52, 0x59, 0x5f, + 0x50, 0x55, 0x4c, 0x4c, 0x10, 0xc1, 0x0c, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x28, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0d, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x75, 0x6c, - 0x6c, 0x12, 0x30, 0x0a, 0x11, 0x43, 0x41, 0x50, 0x5f, 0x52, 0x45, 0x47, 0x49, 0x53, 0x54, 0x52, - 0x59, 0x5f, 0x50, 0x55, 0x53, 0x48, 0x10, 0xc2, 0x0c, 0x1a, 0x18, 0xa8, 0xcb, 0x91, 0x4d, 0x29, - 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0d, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x70, - 0x75, 0x73, 0x68, 0x12, 0x2c, 0x0a, 0x0f, 0x43, 0x41, 0x50, 0x5f, 0x52, 0x45, 0x50, 0x4f, 0x5f, - 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0xc3, 0x0c, 0x1a, 0x16, 0xa8, 0xcb, 0x91, 0x4d, 0x38, - 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0b, 0x72, 0x65, 0x70, 0x6f, 0x2e, 0x63, 0x72, 0x65, 0x61, 0x74, - 0x65, 0x12, 0x2c, 0x0a, 0x0f, 0x43, 0x41, 0x50, 0x5f, 0x52, 0x45, 0x50, 0x4f, 0x5f, 0x55, 0x50, - 0x44, 0x41, 0x54, 0x45, 0x10, 0xc4, 0x0c, 0x1a, 0x16, 0xa8, 0xcb, 0x91, 0x4d, 0x39, 0x9a, 0xaf, - 0xa8, 0xd2, 0x05, 0x0b, 0x72, 0x65, 0x70, 0x6f, 0x2e, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, - 0x28, 0x0a, 0x0d, 0x43, 0x41, 0x50, 0x5f, 0x52, 0x45, 0x50, 0x4f, 0x5f, 0x4c, 0x49, 0x53, 0x54, - 0x10, 0xc5, 0x0c, 0x1a, 0x14, 0xa8, 0xcb, 0x91, 0x4d, 0x3a, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x09, - 0x72, 0x65, 0x70, 0x6f, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x2c, 0x0a, 0x0f, 0x43, 0x41, 0x50, - 0x5f, 0x52, 0x45, 0x50, 0x4f, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0xc6, 0x0c, 0x1a, - 0x16, 0xa8, 0xcb, 0x91, 0x4d, 0x3b, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0b, 0x72, 0x65, 0x70, 0x6f, - 0x2e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x34, 0x0a, 0x13, 0x43, 0x41, 0x50, 0x5f, 0x4d, - 0x41, 0x4e, 0x49, 0x46, 0x45, 0x53, 0x54, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0xc7, - 0x0c, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x3c, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x6d, 0x61, - 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, 0x2e, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x34, 0x0a, - 0x13, 0x43, 0x41, 0x50, 0x5f, 0x4d, 0x41, 0x4e, 0x49, 0x46, 0x45, 0x53, 0x54, 0x5f, 0x55, 0x50, - 0x44, 0x41, 0x54, 0x45, 0x10, 0xc8, 0x0c, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x3d, 0x9a, 0xaf, - 0xa8, 0xd2, 0x05, 0x0f, 0x6d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, 0x2e, 0x75, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x12, 0x30, 0x0a, 0x11, 0x43, 0x41, 0x50, 0x5f, 0x4d, 0x41, 0x4e, 0x49, 0x46, - 0x45, 0x53, 0x54, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xc9, 0x0c, 0x1a, 0x18, 0xa8, 0xcb, 0x91, - 0x4d, 0x3e, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0d, 0x6d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, - 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x34, 0x0a, 0x13, 0x43, 0x41, 0x50, 0x5f, 0x4d, 0x41, 0x4e, - 0x49, 0x46, 0x45, 0x53, 0x54, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0xca, 0x0c, 0x1a, - 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x3f, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x6d, 0x61, 0x6e, 0x69, - 0x66, 0x65, 0x73, 0x74, 0x2e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x2a, 0x0a, 0x0e, 0x43, - 0x41, 0x50, 0x5f, 0x54, 0x41, 0x47, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0xcb, 0x0c, - 0x1a, 0x15, 0xa8, 0xcb, 0x91, 0x4d, 0x40, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0a, 0x74, 0x61, 0x67, - 0x2e, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x0a, 0x0e, 0x43, 0x41, 0x50, 0x5f, 0x54, - 0x41, 0x47, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0xcc, 0x0c, 0x1a, 0x15, 0xa8, 0xcb, - 0x91, 0x4d, 0x41, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0a, 0x74, 0x61, 0x67, 0x2e, 0x75, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x12, 0x26, 0x0a, 0x0c, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x41, 0x47, 0x5f, 0x4c, - 0x49, 0x53, 0x54, 0x10, 0xcd, 0x0c, 0x1a, 0x13, 0xa8, 0xcb, 0x91, 0x4d, 0x42, 0x9a, 0xaf, 0xa8, - 0xd2, 0x05, 0x08, 0x74, 0x61, 0x67, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x2a, 0x0a, 0x0e, 0x43, - 0x41, 0x50, 0x5f, 0x54, 0x41, 0x47, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0xce, 0x0c, - 0x1a, 0x15, 0xa8, 0xcb, 0x91, 0x4d, 0x43, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0a, 0x74, 0x61, 0x67, - 0x2e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x42, 0x0a, 0x1a, 0x43, 0x41, 0x50, 0x5f, 0x4d, - 0x41, 0x4e, 0x49, 0x46, 0x45, 0x53, 0x54, 0x5f, 0x4d, 0x45, 0x54, 0x41, 0x44, 0x41, 0x54, 0x41, - 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xcf, 0x0c, 0x1a, 0x21, 0xa8, 0xcb, 0x91, 0x4d, 0x48, 0x9a, - 0xaf, 0xa8, 0xd2, 0x05, 0x16, 0x6d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, 0x2e, 0x6d, 0x65, - 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x2a, 0x0a, 0x0e, 0x43, - 0x41, 0x50, 0x5f, 0x41, 0x50, 0x4b, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0xf2, 0x0c, - 0x1a, 0x15, 0xa8, 0xcb, 0x91, 0x4d, 0x49, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0a, 0x61, 0x70, 0x6b, - 0x2e, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x0a, 0x0e, 0x43, 0x41, 0x50, 0x5f, 0x41, - 0x50, 0x4b, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0xf3, 0x0c, 0x1a, 0x15, 0xa8, 0xcb, - 0x91, 0x4d, 0x4a, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0a, 0x61, 0x70, 0x6b, 0x2e, 0x75, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x12, 0x26, 0x0a, 0x0c, 0x43, 0x41, 0x50, 0x5f, 0x41, 0x50, 0x4b, 0x5f, 0x4c, - 0x49, 0x53, 0x54, 0x10, 0xf4, 0x0c, 0x1a, 0x13, 0xa8, 0xcb, 0x91, 0x4d, 0x4b, 0x9a, 0xaf, 0xa8, - 0xd2, 0x05, 0x08, 0x61, 0x70, 0x6b, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x2a, 0x0a, 0x0e, 0x43, - 0x41, 0x50, 0x5f, 0x41, 0x50, 0x4b, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0xf5, 0x0c, - 0x1a, 0x15, 0xa8, 0xcb, 0x91, 0x4d, 0x4c, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0a, 0x61, 0x70, 0x6b, - 0x2e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x34, 0x0a, 0x13, 0x43, 0x41, 0x50, 0x5f, 0x53, - 0x49, 0x47, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0xa5, - 0x0d, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x2a, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x73, 0x69, - 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x34, 0x0a, - 0x13, 0x43, 0x41, 0x50, 0x5f, 0x53, 0x49, 0x47, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x5f, 0x55, 0x50, - 0x44, 0x41, 0x54, 0x45, 0x10, 0xa6, 0x0d, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x2b, 0x9a, 0xaf, - 0xa8, 0xd2, 0x05, 0x0f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x75, 0x70, 0x64, - 0x61, 0x74, 0x65, 0x12, 0x30, 0x0a, 0x11, 0x43, 0x41, 0x50, 0x5f, 0x53, 0x49, 0x47, 0x53, 0x54, - 0x4f, 0x52, 0x45, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xa7, 0x0d, 0x1a, 0x18, 0xa8, 0xcb, 0x91, - 0x4d, 0x2c, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0d, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, - 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x34, 0x0a, 0x13, 0x43, 0x41, 0x50, 0x5f, 0x53, 0x49, 0x47, - 0x53, 0x54, 0x4f, 0x52, 0x45, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0xa8, 0x0d, 0x1a, - 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x2d, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x73, 0x69, 0x67, 0x73, - 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x4c, 0x0a, 0x1f, 0x43, - 0x41, 0x50, 0x5f, 0x53, 0x49, 0x47, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x5f, 0x43, 0x45, 0x52, 0x54, - 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x45, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0xa9, - 0x0d, 0x1a, 0x26, 0xa8, 0xcb, 0x91, 0x4d, 0x2e, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x1b, 0x73, 0x69, - 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x2e, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x0a, 0x0e, 0x43, 0x41, 0x50, - 0x5f, 0x47, 0x55, 0x4c, 0x46, 0x53, 0x54, 0x52, 0x45, 0x41, 0x4d, 0x10, 0x90, 0x4e, 0x1a, 0x15, - 0xa8, 0xcb, 0x91, 0x4d, 0x2f, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0a, 0x67, 0x75, 0x6c, 0x66, 0x73, - 0x74, 0x72, 0x65, 0x61, 0x6d, 0x3a, 0x38, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x21, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x18, 0xf3, 0x85, 0xa5, 0x5a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x3a, - 0x36, 0x0a, 0x03, 0x62, 0x69, 0x74, 0x12, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, - 0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xb5, 0x99, 0xd2, 0x09, 0x20, 0x01, - 0x28, 0x0d, 0x52, 0x03, 0x62, 0x69, 0x74, 0x42, 0x5d, 0x0a, 0x1f, 0x64, 0x65, 0x76, 0x2e, 0x63, - 0x68, 0x61, 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x2e, 0x73, 0x64, 0x6b, 0x2e, 0x63, 0x61, - 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x42, 0x11, 0x43, 0x61, 0x70, 0x61, - 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, - 0x25, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x2e, 0x64, 0x65, 0x76, 0x2f, - 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, - 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6c, 0x08, 0x01, 0x12, 0x32, 0x0a, 0x11, 0x43, 0x41, 0x50, 0x5f, 0x52, 0x45, 0x47, 0x49, 0x53, + 0x54, 0x52, 0x59, 0x5f, 0x50, 0x55, 0x53, 0x48, 0x10, 0xc2, 0x0c, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, + 0x4d, 0x29, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0d, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, + 0x2e, 0x70, 0x75, 0x73, 0x68, 0x08, 0x01, 0x12, 0x2c, 0x0a, 0x0f, 0x43, 0x41, 0x50, 0x5f, 0x52, + 0x45, 0x50, 0x4f, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0xc3, 0x0c, 0x1a, 0x16, 0xa8, + 0xcb, 0x91, 0x4d, 0x38, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0b, 0x72, 0x65, 0x70, 0x6f, 0x2e, 0x63, + 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x2c, 0x0a, 0x0f, 0x43, 0x41, 0x50, 0x5f, 0x52, 0x45, 0x50, + 0x4f, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0xc4, 0x0c, 0x1a, 0x16, 0xa8, 0xcb, 0x91, + 0x4d, 0x39, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0b, 0x72, 0x65, 0x70, 0x6f, 0x2e, 0x75, 0x70, 0x64, + 0x61, 0x74, 0x65, 0x12, 0x28, 0x0a, 0x0d, 0x43, 0x41, 0x50, 0x5f, 0x52, 0x45, 0x50, 0x4f, 0x5f, + 0x4c, 0x49, 0x53, 0x54, 0x10, 0xc5, 0x0c, 0x1a, 0x14, 0xa8, 0xcb, 0x91, 0x4d, 0x3a, 0x9a, 0xaf, + 0xa8, 0xd2, 0x05, 0x09, 0x72, 0x65, 0x70, 0x6f, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x2c, 0x0a, + 0x0f, 0x43, 0x41, 0x50, 0x5f, 0x52, 0x45, 0x50, 0x4f, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, + 0x10, 0xc6, 0x0c, 0x1a, 0x16, 0xa8, 0xcb, 0x91, 0x4d, 0x3b, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0b, + 0x72, 0x65, 0x70, 0x6f, 0x2e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x34, 0x0a, 0x13, 0x43, + 0x41, 0x50, 0x5f, 0x4d, 0x41, 0x4e, 0x49, 0x46, 0x45, 0x53, 0x54, 0x5f, 0x43, 0x52, 0x45, 0x41, + 0x54, 0x45, 0x10, 0xc7, 0x0c, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x3c, 0x9a, 0xaf, 0xa8, 0xd2, + 0x05, 0x0f, 0x6d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, 0x2e, 0x63, 0x72, 0x65, 0x61, 0x74, + 0x65, 0x12, 0x34, 0x0a, 0x13, 0x43, 0x41, 0x50, 0x5f, 0x4d, 0x41, 0x4e, 0x49, 0x46, 0x45, 0x53, + 0x54, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0xc8, 0x0c, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, + 0x4d, 0x3d, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x6d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, + 0x2e, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x30, 0x0a, 0x11, 0x43, 0x41, 0x50, 0x5f, 0x4d, + 0x41, 0x4e, 0x49, 0x46, 0x45, 0x53, 0x54, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xc9, 0x0c, 0x1a, + 0x18, 0xa8, 0xcb, 0x91, 0x4d, 0x3e, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0d, 0x6d, 0x61, 0x6e, 0x69, + 0x66, 0x65, 0x73, 0x74, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, 0x34, 0x0a, 0x13, 0x43, 0x41, 0x50, + 0x5f, 0x4d, 0x41, 0x4e, 0x49, 0x46, 0x45, 0x53, 0x54, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, + 0x10, 0xca, 0x0c, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x3f, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, + 0x6d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, 0x74, 0x2e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, + 0x2a, 0x0a, 0x0e, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x41, 0x47, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, + 0x45, 0x10, 0xcb, 0x0c, 0x1a, 0x15, 0xa8, 0xcb, 0x91, 0x4d, 0x40, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, + 0x0a, 0x74, 0x61, 0x67, 0x2e, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x0a, 0x0e, 0x43, + 0x41, 0x50, 0x5f, 0x54, 0x41, 0x47, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0xcc, 0x0c, + 0x1a, 0x15, 0xa8, 0xcb, 0x91, 0x4d, 0x41, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0a, 0x74, 0x61, 0x67, + 0x2e, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x26, 0x0a, 0x0c, 0x43, 0x41, 0x50, 0x5f, 0x54, + 0x41, 0x47, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xcd, 0x0c, 0x1a, 0x13, 0xa8, 0xcb, 0x91, 0x4d, + 0x42, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x08, 0x74, 0x61, 0x67, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, + 0x2a, 0x0a, 0x0e, 0x43, 0x41, 0x50, 0x5f, 0x54, 0x41, 0x47, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, + 0x45, 0x10, 0xce, 0x0c, 0x1a, 0x15, 0xa8, 0xcb, 0x91, 0x4d, 0x43, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, + 0x0a, 0x74, 0x61, 0x67, 0x2e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x42, 0x0a, 0x1a, 0x43, + 0x41, 0x50, 0x5f, 0x4d, 0x41, 0x4e, 0x49, 0x46, 0x45, 0x53, 0x54, 0x5f, 0x4d, 0x45, 0x54, 0x41, + 0x44, 0x41, 0x54, 0x41, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xcf, 0x0c, 0x1a, 0x21, 0xa8, 0xcb, + 0x91, 0x4d, 0x48, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x16, 0x6d, 0x61, 0x6e, 0x69, 0x66, 0x65, 0x73, + 0x74, 0x2e, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, + 0x2a, 0x0a, 0x0e, 0x43, 0x41, 0x50, 0x5f, 0x41, 0x50, 0x4b, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, + 0x45, 0x10, 0xf2, 0x0c, 0x1a, 0x15, 0xa8, 0xcb, 0x91, 0x4d, 0x49, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, + 0x0a, 0x61, 0x70, 0x6b, 0x2e, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x0a, 0x0e, 0x43, + 0x41, 0x50, 0x5f, 0x41, 0x50, 0x4b, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0xf3, 0x0c, + 0x1a, 0x15, 0xa8, 0xcb, 0x91, 0x4d, 0x4a, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0a, 0x61, 0x70, 0x6b, + 0x2e, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x12, 0x26, 0x0a, 0x0c, 0x43, 0x41, 0x50, 0x5f, 0x41, + 0x50, 0x4b, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0xf4, 0x0c, 0x1a, 0x13, 0xa8, 0xcb, 0x91, 0x4d, + 0x4b, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x08, 0x61, 0x70, 0x6b, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x12, + 0x2a, 0x0a, 0x0e, 0x43, 0x41, 0x50, 0x5f, 0x41, 0x50, 0x4b, 0x5f, 0x44, 0x45, 0x4c, 0x45, 0x54, + 0x45, 0x10, 0xf5, 0x0c, 0x1a, 0x15, 0xa8, 0xcb, 0x91, 0x4d, 0x4c, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, + 0x0a, 0x61, 0x70, 0x6b, 0x2e, 0x64, 0x65, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x36, 0x0a, 0x13, 0x43, + 0x41, 0x50, 0x5f, 0x53, 0x49, 0x47, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x5f, 0x43, 0x52, 0x45, 0x41, + 0x54, 0x45, 0x10, 0xa5, 0x0d, 0x1a, 0x1c, 0xa8, 0xcb, 0x91, 0x4d, 0x2a, 0x9a, 0xaf, 0xa8, 0xd2, + 0x05, 0x0f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x63, 0x72, 0x65, 0x61, 0x74, + 0x65, 0x08, 0x01, 0x12, 0x36, 0x0a, 0x13, 0x43, 0x41, 0x50, 0x5f, 0x53, 0x49, 0x47, 0x53, 0x54, + 0x4f, 0x52, 0x45, 0x5f, 0x55, 0x50, 0x44, 0x41, 0x54, 0x45, 0x10, 0xa6, 0x0d, 0x1a, 0x1c, 0xa8, + 0xcb, 0x91, 0x4d, 0x2b, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, + 0x72, 0x65, 0x2e, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x08, 0x01, 0x12, 0x32, 0x0a, 0x11, 0x43, + 0x41, 0x50, 0x5f, 0x53, 0x49, 0x47, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x5f, 0x4c, 0x49, 0x53, 0x54, + 0x10, 0xa7, 0x0d, 0x1a, 0x1a, 0xa8, 0xcb, 0x91, 0x4d, 0x2c, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0d, + 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x08, 0x01, 0x12, + 0x36, 0x0a, 0x13, 0x43, 0x41, 0x50, 0x5f, 0x53, 0x49, 0x47, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x5f, + 0x44, 0x45, 0x4c, 0x45, 0x54, 0x45, 0x10, 0xa8, 0x0d, 0x1a, 0x1c, 0xa8, 0xcb, 0x91, 0x4d, 0x2d, + 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0f, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x2e, 0x64, + 0x65, 0x6c, 0x65, 0x74, 0x65, 0x08, 0x01, 0x12, 0x4e, 0x0a, 0x1f, 0x43, 0x41, 0x50, 0x5f, 0x53, + 0x49, 0x47, 0x53, 0x54, 0x4f, 0x52, 0x45, 0x5f, 0x43, 0x45, 0x52, 0x54, 0x49, 0x46, 0x49, 0x43, + 0x41, 0x54, 0x45, 0x5f, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0xa9, 0x0d, 0x1a, 0x28, 0xa8, + 0xcb, 0x91, 0x4d, 0x2e, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x1b, 0x73, 0x69, 0x67, 0x73, 0x74, 0x6f, + 0x72, 0x65, 0x2e, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x2e, 0x63, + 0x72, 0x65, 0x61, 0x74, 0x65, 0x08, 0x01, 0x12, 0x2a, 0x0a, 0x0e, 0x43, 0x41, 0x50, 0x5f, 0x47, + 0x55, 0x4c, 0x46, 0x53, 0x54, 0x52, 0x45, 0x41, 0x4d, 0x10, 0x90, 0x4e, 0x1a, 0x15, 0xa8, 0xcb, + 0x91, 0x4d, 0x2f, 0x9a, 0xaf, 0xa8, 0xd2, 0x05, 0x0a, 0x67, 0x75, 0x6c, 0x66, 0x73, 0x74, 0x72, + 0x65, 0x61, 0x6d, 0x3a, 0x38, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x21, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, + 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xf3, + 0x85, 0xa5, 0x5a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x3a, 0x36, 0x0a, + 0x03, 0x62, 0x69, 0x74, 0x12, 0x21, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6e, 0x75, 0x6d, 0x56, 0x61, 0x6c, 0x75, 0x65, + 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xb5, 0x99, 0xd2, 0x09, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x03, 0x62, 0x69, 0x74, 0x42, 0x5d, 0x0a, 0x1f, 0x64, 0x65, 0x76, 0x2e, 0x63, 0x68, 0x61, + 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x2e, 0x73, 0x64, 0x6b, 0x2e, 0x63, 0x61, 0x70, 0x61, + 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x42, 0x11, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, + 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x25, 0x63, + 0x68, 0x61, 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x2e, 0x64, 0x65, 0x76, 0x2f, 0x73, 0x64, + 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, + 0x74, 0x69, 0x65, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proto/capabilities/capabilities.proto b/proto/capabilities/capabilities.proto index cfc35cb0..4721d29a 100644 --- a/proto/capabilities/capabilities.proto +++ b/proto/capabilities/capabilities.proto @@ -42,18 +42,18 @@ enum Capability { CAP_IAM_ROLE_BINDINGS_LIST = 403 [(name) = "role_bindings.list", (bit) = 14]; CAP_IAM_ROLE_BINDINGS_DELETE = 404 [(name) = "role_bindings.delete", (bit) = 15]; - CAP_TENANT_CLUSTERS_CREATE = 501 [(name) = "clusters.create", (bit) = 16]; - CAP_TENANT_CLUSTERS_UPDATE = 502 [(name) = "clusters.update", (bit) = 17]; - CAP_TENANT_CLUSTERS_LIST = 503 [(name) = "clusters.list", (bit) = 18]; - CAP_TENANT_CLUSTERS_DELETE = 504 [(name) = "clusters.delete", (bit) = 19]; - CAP_TENANT_CLUSTERS_DISCOVER = 505 [(name) = "clusters.discover", (bit) = 51]; - - CAP_TENANT_RECORDS_LIST = 603 [(name) = "records.list", (bit) = 20]; - CAP_TENANT_RECORD_CONTEXTS_LIST = 613 [(name) = "record_contexts.list", (bit) = 48]; + CAP_TENANT_CLUSTERS_CREATE = 501 [(name) = "clusters.create", (bit) = 16, deprecated = true]; + CAP_TENANT_CLUSTERS_UPDATE = 502 [(name) = "clusters.update", (bit) = 17, deprecated = true]; + CAP_TENANT_CLUSTERS_LIST = 503 [(name) = "clusters.list", (bit) = 18, deprecated = true]; + CAP_TENANT_CLUSTERS_DELETE = 504 [(name) = "clusters.delete", (bit) = 19, deprecated = true]; + CAP_TENANT_CLUSTERS_DISCOVER = 505 [(name) = "clusters.discover", (bit) = 51, deprecated = true]; + + CAP_TENANT_RECORDS_LIST = 603 [(name) = "records.list", (bit) = 20, deprecated = true]; + CAP_TENANT_RECORD_CONTEXTS_LIST = 613 [(name) = "record_contexts.list", (bit) = 48, deprecated = true]; CAP_TENANT_RECORD_SIGNATURES_LIST = 623 [(name) = "record_signatures.list", (bit) = 49]; - CAP_TENANT_RECORD_POLICY_RESULTS_LIST = 633 [(name) = "record_policy_results.list", (bit) = 50]; + CAP_TENANT_RECORD_POLICY_RESULTS_LIST = 633 [(name) = "record_policy_results.list", (bit) = 50, deprecated = true]; - CAP_TENANT_RISKS_LIST = 640 [(name) = "risks.list", (bit) = 68]; + CAP_TENANT_RISKS_LIST = 640 [(name) = "risks.list", (bit) = 68, deprecated = true]; CAP_TENANT_SBOMS_LIST = 650 [(name) = "sboms.list", (bit) = 69]; @@ -66,26 +66,26 @@ enum Capability { CAP_IAM_ACCOUNT_ASSOCIATIONS_LIST = 703 [(name) = "account_associations.list", (bit) = 23]; CAP_IAM_ACCOUNT_ASSOCIATIONS_DELETE = 704 [(name) = "account_associations.delete", (bit) = 24]; - CAP_IAM_POLICY_CREATE = 801 [(name) = "policy.create", (bit) = 25]; - CAP_IAM_POLICY_UPDATE = 802 [(name) = "policy.update", (bit) = 26]; - CAP_IAM_POLICY_LIST = 803 [(name) = "policy.list", (bit) = 27]; - CAP_IAM_POLICY_DELETE = 804 [(name) = "policy.delete", (bit) = 28]; + CAP_IAM_POLICY_CREATE = 801 [(name) = "policy.create", (bit) = 25, deprecated = true]; + CAP_IAM_POLICY_UPDATE = 802 [(name) = "policy.update", (bit) = 26, deprecated = true]; + CAP_IAM_POLICY_LIST = 803 [(name) = "policy.list", (bit) = 27, deprecated = true]; + CAP_IAM_POLICY_DELETE = 804 [(name) = "policy.delete", (bit) = 28, deprecated = true]; CAP_IAM_IDENTITY_CREATE = 901 [(name) = "identity.create", (bit) = 29]; CAP_IAM_IDENTITY_UPDATE = 902 [(name) = "identity.update", (bit) = 30]; CAP_IAM_IDENTITY_LIST = 903 [(name) = "identity.list", (bit) = 31]; CAP_IAM_IDENTITY_DELETE = 904 [(name) = "identity.delete", (bit) = 32]; - CAP_TENANT_NODES_LIST = 1003 [(name) = "nodes.list", (bit) = 33]; + CAP_TENANT_NODES_LIST = 1003 [(name) = "nodes.list", (bit) = 33, deprecated = true]; - CAP_TENANT_NAMESPACES_LIST = 1103 [(name) = "namespaces.list", (bit) = 34]; + CAP_TENANT_NAMESPACES_LIST = 1103 [(name) = "namespaces.list", (bit) = 34, deprecated = true]; - CAP_TENANT_WORKLOADS_LIST = 1203 [(name) = "workloads.list", (bit) = 35]; + CAP_TENANT_WORKLOADS_LIST = 1203 [(name) = "workloads.list", (bit) = 35, deprecated = true]; CAP_IAM_IDENTITY_PROVIDERS_CREATE = 1301 [(name) = "identity_providers.create", (bit) = 52]; CAP_IAM_IDENTITY_PROVIDERS_UPDATE = 1302 [(name) = "identity_providers.update", (bit) = 53]; - CAP_IAM_IDENTITY_PROVIDERS_LIST = 1303 [(name) = "identity_providers.list", (bit) = 54]; + CAP_IAM_IDENTITY_PROVIDERS_LIST = 1303 [(name) = "identity_providers.list", (bit) = 54]; CAP_IAM_IDENTITY_PROVIDERS_DELETE = 1304 [(name) = "identity_providers.delete", (bit) = 55]; // Events @@ -98,8 +98,8 @@ enum Capability { // Registry // TODO(jason): Remove these coarse-grained capabilities after they're removed from the roles. - CAP_REGISTRY_PULL = 1601 [(name) = "registry.pull", (bit) = 40]; // Can read tags, blobs, manifests. - CAP_REGISTRY_PUSH = 1602 [(name) = "registry.push", (bit) = 41]; // Can create and update tags, blobs, manifests. + CAP_REGISTRY_PULL = 1601 [(name) = "registry.pull", (bit) = 40, deprecated = true]; // Can read tags, blobs, manifests. + CAP_REGISTRY_PUSH = 1602 [(name) = "registry.push", (bit) = 41, deprecated = true]; // Can create and update tags, blobs, manifests. CAP_REPO_CREATE = 1603 [(name) = "repo.create", (bit) = 56]; CAP_REPO_UPDATE = 1604 [(name) = "repo.update", (bit) = 57]; @@ -125,12 +125,12 @@ enum Capability { // Sigstore-aas - CAP_SIGSTORE_CREATE = 1701 [(name) = "sigstore.create", (bit) = 42]; - CAP_SIGSTORE_UPDATE = 1702 [(name) = "sigstore.update", (bit) = 43]; - CAP_SIGSTORE_LIST = 1703 [(name) = "sigstore.list", (bit) = 44]; - CAP_SIGSTORE_DELETE = 1704 [(name) = "sigstore.delete", (bit) = 45]; + CAP_SIGSTORE_CREATE = 1701 [(name) = "sigstore.create", (bit) = 42, deprecated = true]; + CAP_SIGSTORE_UPDATE = 1702 [(name) = "sigstore.update", (bit) = 43, deprecated = true]; + CAP_SIGSTORE_LIST = 1703 [(name) = "sigstore.list", (bit) = 44, deprecated = true]; + CAP_SIGSTORE_DELETE = 1704 [(name) = "sigstore.delete", (bit) = 45, deprecated = true]; - CAP_SIGSTORE_CERTIFICATE_CREATE = 1705 [(name) = "sigstore.certificate.create", (bit) = 46]; + CAP_SIGSTORE_CERTIFICATE_CREATE = 1705 [(name) = "sigstore.certificate.create", (bit) = 46, deprecated = true]; // This is orthogonal enough that we should leave // it somewhat separate, so add new capabilities above. diff --git a/proto/capabilities/capabilities_test.go b/proto/capabilities/capabilities_test.go index 8d230dcb..f6c37ad0 100644 --- a/proto/capabilities/capabilities_test.go +++ b/proto/capabilities/capabilities_test.go @@ -52,6 +52,32 @@ func TestStringify(t *testing.T) { } } +func TestDeprecated(t *testing.T) { + tests := []struct { + name string + capability Capability + want bool + }{{ + name: "is deprecated", + capability: Capability_CAP_TENANT_CLUSTERS_CREATE, + want: true, + }, { + name: "not deprecated", + capability: Capability_CAP_IAM_GROUPS_CREATE, + want: false, + }} + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + got := Deprecated(test.capability) + + if got != test.want { + t.Errorf("Depcrecated() mismatch for %s: want=%t, got=%t", test.capability, test.want, got) + } + }) + } +} + func TestRoundTrip(t *testing.T) { for cap := range Capability_name { scap, _ := Stringify(Capability(cap)) diff --git a/proto/capabilities/roles.go b/proto/capabilities/roles.go index daf2072e..7f682afd 100644 --- a/proto/capabilities/roles.go +++ b/proto/capabilities/roles.go @@ -20,24 +20,12 @@ var ( Capability_CAP_IAM_GROUPS_LIST, Capability_CAP_IAM_ROLE_BINDINGS_LIST, Capability_CAP_IAM_ROLES_LIST, - Capability_CAP_IAM_POLICY_LIST, Capability_CAP_IAM_IDENTITY_LIST, Capability_CAP_IAM_IDENTITY_PROVIDERS_LIST, - Capability_CAP_TENANT_CLUSTERS_DISCOVER, - Capability_CAP_TENANT_CLUSTERS_LIST, - Capability_CAP_TENANT_NAMESPACES_LIST, - Capability_CAP_TENANT_NODES_LIST, - Capability_CAP_TENANT_RECORDS_LIST, - Capability_CAP_TENANT_RECORD_CONTEXTS_LIST, Capability_CAP_TENANT_RECORD_SIGNATURES_LIST, - Capability_CAP_TENANT_RECORD_POLICY_RESULTS_LIST, - Capability_CAP_TENANT_RISKS_LIST, Capability_CAP_TENANT_SBOMS_LIST, Capability_CAP_TENANT_VULN_REPORTS_LIST, - Capability_CAP_TENANT_WORKLOADS_LIST, - - Capability_CAP_SIGSTORE_LIST, }, // Viewers can also list repos and tags, and pull images. RegistryPullCaps...), APKPullCaps...)) @@ -47,15 +35,6 @@ var ( Capability_CAP_EVENTS_SUBSCRIPTION_CREATE, Capability_CAP_EVENTS_SUBSCRIPTION_DELETE, Capability_CAP_EVENTS_SUBSCRIPTION_UPDATE, - - Capability_CAP_TENANT_CLUSTERS_CREATE, - Capability_CAP_TENANT_CLUSTERS_UPDATE, - Capability_CAP_TENANT_CLUSTERS_DELETE, - - Capability_CAP_SIGSTORE_CERTIFICATE_CREATE, - Capability_CAP_SIGSTORE_CREATE, - Capability_CAP_SIGSTORE_DELETE, - Capability_CAP_SIGSTORE_UPDATE, }, ViewerCaps...)) // ownerCaps includes all capabilities possible by a user. @@ -71,10 +50,6 @@ var ( Capability_CAP_IAM_GROUPS_DELETE, Capability_CAP_IAM_GROUPS_UPDATE, - Capability_CAP_IAM_POLICY_CREATE, - Capability_CAP_IAM_POLICY_UPDATE, - Capability_CAP_IAM_POLICY_DELETE, - Capability_CAP_IAM_IDENTITY_CREATE, Capability_CAP_IAM_IDENTITY_DELETE, Capability_CAP_IAM_IDENTITY_UPDATE, @@ -147,20 +122,6 @@ var ( Capability_CAP_APK_CREATE, Capability_CAP_APK_DELETE, }, APKPullCaps...)) - - SigningViewerCaps = sortCaps([]Capability{ - Capability_CAP_SIGSTORE_LIST, - }) - - SigningCertRequesterCaps = sortCaps(append([]Capability{ - Capability_CAP_SIGSTORE_CERTIFICATE_CREATE, - }, SigningViewerCaps...)) - - SigningEditorCaps = sortCaps(append([]Capability{ - Capability_CAP_SIGSTORE_CREATE, - Capability_CAP_SIGSTORE_DELETE, - Capability_CAP_SIGSTORE_UPDATE, - }, SigningCertRequesterCaps...)) ) func sortCaps(caps []Capability) []Capability { diff --git a/proto/platform/iam/v1/test/mock_identities.go b/proto/platform/iam/v1/test/mock_identities.go index acea986d..ffc89597 100644 --- a/proto/platform/iam/v1/test/mock_identities.go +++ b/proto/platform/iam/v1/test/mock_identities.go @@ -28,9 +28,10 @@ type MockIdentitiesClient struct { } type IdentityOnCreate struct { - Given *iam.CreateIdentityRequest - Created *iam.Identity - Error error + Given *iam.CreateIdentityRequest + Created *iam.Identity + Error error + IgnoreFields cmp.Option } type IdentityOnUpdate struct { @@ -58,7 +59,7 @@ type IdentityOnLookup struct { func (m MockIdentitiesClient) Create(_ context.Context, given *iam.CreateIdentityRequest, _ ...grpc.CallOption) (*iam.Identity, error) { for _, o := range m.OnCreate { - if cmp.Equal(o.Given, given, protocmp.Transform()) { + if cmp.Equal(o.Given, given, protocmp.Transform(), o.IgnoreFields) { return o.Created, o.Error } } diff --git a/proto/platform/oidc/v1/oidc.platform.pb.go b/proto/platform/oidc/v1/oidc.platform.pb.go index 9b2888c5..ee266e21 100644 --- a/proto/platform/oidc/v1/oidc.platform.pb.go +++ b/proto/platform/oidc/v1/oidc.platform.pb.go @@ -92,12 +92,9 @@ type ExchangeRequest struct { Aud []string `protobuf:"bytes,1,rep,name=aud,proto3" json:"aud,omitempty"` Scope string `protobuf:"bytes,2,opt,name=scope,proto3" json:"scope,omitempty"` - Cluster string `protobuf:"bytes,3,opt,name=cluster,proto3" json:"cluster,omitempty"` Identity string `protobuf:"bytes,4,opt,name=identity,proto3" json:"identity,omitempty"` // List of capabilities to request for the token. Cap []string `protobuf:"bytes,5,rep,name=cap,proto3" json:"cap,omitempty"` - // Whether or not to include the upstream token in the response - IncludeUpstreamToken bool `protobuf:"varint,6,opt,name=include_upstream_token,json=includeUpstreamToken,proto3" json:"include_upstream_token,omitempty"` } func (x *ExchangeRequest) Reset() { @@ -146,13 +143,6 @@ func (x *ExchangeRequest) GetScope() string { return "" } -func (x *ExchangeRequest) GetCluster() string { - if x != nil { - return x.Cluster - } - return "" -} - func (x *ExchangeRequest) GetIdentity() string { if x != nil { return x.Identity @@ -167,13 +157,6 @@ func (x *ExchangeRequest) GetCap() []string { return nil } -func (x *ExchangeRequest) GetIncludeUpstreamToken() bool { - if x != nil { - return x.IncludeUpstreamToken - } - return false -} - type RawToken struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -295,59 +278,57 @@ var file_oidc_platform_proto_rawDesc = []byte{ 0x12, 0x39, 0x0a, 0x03, 0x63, 0x61, 0x70, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x42, 0x27, 0xfa, 0x41, 0x24, 0x0a, 0x22, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x2e, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x2f, 0x43, 0x61, 0x70, 0x61, - 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x52, 0x03, 0x63, 0x61, 0x70, 0x22, 0xe0, 0x01, 0x0a, 0x0f, + 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x52, 0x03, 0x63, 0x61, 0x70, 0x22, 0xbd, 0x01, 0x0a, 0x0f, 0x45, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x61, 0x75, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x03, 0x61, 0x75, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6c, 0x75, 0x73, 0x74, - 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, - 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x39, 0x0a, - 0x03, 0x63, 0x61, 0x70, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x42, 0x27, 0xfa, 0x41, 0x24, 0x0a, - 0x22, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x2e, 0x63, 0x61, 0x70, 0x61, - 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x2f, 0x43, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, - 0x69, 0x74, 0x79, 0x52, 0x03, 0x63, 0x61, 0x70, 0x12, 0x34, 0x0a, 0x16, 0x69, 0x6e, 0x63, 0x6c, - 0x75, 0x64, 0x65, 0x5f, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x74, 0x6f, 0x6b, - 0x65, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x14, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x64, - 0x65, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x20, - 0x0a, 0x08, 0x52, 0x61, 0x77, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, - 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, - 0x22, 0x8e, 0x01, 0x0a, 0x09, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x50, 0x61, 0x69, 0x72, 0x12, 0x38, - 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, - 0x63, 0x68, 0x61, 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x2e, 0x70, 0x6c, 0x61, 0x74, 0x66, - 0x6f, 0x72, 0x6d, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x52, 0x61, 0x77, 0x54, 0x6f, 0x6b, 0x65, - 0x6e, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x47, 0x0a, 0x0d, 0x72, 0x65, 0x66, 0x72, - 0x65, 0x73, 0x68, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x52, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, + 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x69, 0x64, 0x65, 0x6e, 0x74, + 0x69, 0x74, 0x79, 0x12, 0x39, 0x0a, 0x03, 0x63, 0x61, 0x70, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, + 0x42, 0x27, 0xfa, 0x41, 0x24, 0x0a, 0x22, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, + 0x64, 0x2e, 0x63, 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x2f, 0x43, + 0x61, 0x70, 0x61, 0x62, 0x69, 0x6c, 0x69, 0x74, 0x79, 0x52, 0x03, 0x63, 0x61, 0x70, 0x4a, 0x04, + 0x08, 0x03, 0x10, 0x04, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x07, 0x63, 0x6c, 0x75, 0x73, + 0x74, 0x65, 0x72, 0x52, 0x16, 0x69, 0x6e, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x5f, 0x75, 0x70, 0x73, + 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x20, 0x0a, 0x08, 0x52, + 0x61, 0x77, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x8e, 0x01, + 0x0a, 0x09, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x50, 0x61, 0x69, 0x72, 0x12, 0x38, 0x0a, 0x05, 0x74, + 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x63, 0x68, 0x61, + 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x2e, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, + 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x52, 0x61, 0x77, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x05, + 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x47, 0x0a, 0x0d, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, + 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x63, + 0x68, 0x61, 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x2e, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, + 0x72, 0x6d, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x52, 0x61, 0x77, 0x54, 0x6f, 0x6b, 0x65, 0x6e, + 0x52, 0x0c, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x32, 0xb4, + 0x02, 0x0a, 0x14, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x54, 0x6f, 0x6b, 0x65, 0x6e, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x81, 0x01, 0x0a, 0x08, 0x45, 0x78, 0x63, 0x68, + 0x61, 0x6e, 0x67, 0x65, 0x12, 0x29, 0x2e, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, + 0x64, 0x2e, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, + 0x45, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x2e, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x52, 0x61, 0x77, 0x54, 0x6f, - 0x6b, 0x65, 0x6e, 0x52, 0x0c, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x54, 0x6f, 0x6b, 0x65, - 0x6e, 0x32, 0xb4, 0x02, 0x0a, 0x14, 0x53, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x54, 0x6f, - 0x6b, 0x65, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x81, 0x01, 0x0a, 0x08, 0x45, - 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x29, 0x2e, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x67, - 0x75, 0x61, 0x72, 0x64, 0x2e, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2e, 0x6f, 0x69, - 0x64, 0x63, 0x2e, 0x45, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x2e, - 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x52, 0x61, - 0x77, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x26, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x20, 0x5a, 0x0f, - 0x12, 0x0d, 0x2f, 0x73, 0x74, 0x73, 0x2f, 0x65, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x22, - 0x0d, 0x2f, 0x73, 0x74, 0x73, 0x2f, 0x65, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x97, - 0x01, 0x0a, 0x14, 0x45, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x65, 0x66, 0x72, 0x65, - 0x73, 0x68, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x35, 0x2e, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x67, - 0x75, 0x61, 0x72, 0x64, 0x2e, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2e, 0x6f, 0x69, - 0x64, 0x63, 0x2e, 0x45, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x65, 0x66, 0x72, 0x65, - 0x73, 0x68, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x23, - 0x2e, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x2e, 0x70, 0x6c, 0x61, 0x74, - 0x66, 0x6f, 0x72, 0x6d, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x50, - 0x61, 0x69, 0x72, 0x22, 0x23, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1d, 0x22, 0x1b, 0x2f, 0x73, 0x74, - 0x73, 0x2f, 0x65, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x5f, 0x72, 0x65, 0x66, 0x72, 0x65, - 0x73, 0x68, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x42, 0x65, 0x0a, 0x23, 0x64, 0x65, 0x76, 0x2e, - 0x63, 0x68, 0x61, 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x2e, 0x73, 0x64, 0x6b, 0x2e, 0x70, - 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x76, 0x31, 0x42, - 0x11, 0x50, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x4f, 0x49, 0x44, 0x43, 0x50, 0x72, 0x6f, - 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x29, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, 0x64, - 0x2e, 0x64, 0x65, 0x76, 0x2f, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, - 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x6f, 0x69, 0x64, 0x63, 0x2f, 0x76, 0x31, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6b, 0x65, 0x6e, 0x22, 0x26, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x20, 0x5a, 0x0f, 0x12, 0x0d, 0x2f, + 0x73, 0x74, 0x73, 0x2f, 0x65, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x22, 0x0d, 0x2f, 0x73, + 0x74, 0x73, 0x2f, 0x65, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x12, 0x97, 0x01, 0x0a, 0x14, + 0x45, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x54, + 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x35, 0x2e, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, + 0x64, 0x2e, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, + 0x45, 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x52, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x54, + 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x23, 0x2e, 0x63, 0x68, + 0x61, 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x2e, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, + 0x6d, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x50, 0x61, 0x69, 0x72, + 0x22, 0x23, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1d, 0x22, 0x1b, 0x2f, 0x73, 0x74, 0x73, 0x2f, 0x65, + 0x78, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x5f, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, + 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x42, 0x65, 0x0a, 0x23, 0x64, 0x65, 0x76, 0x2e, 0x63, 0x68, 0x61, + 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x2e, 0x73, 0x64, 0x6b, 0x2e, 0x70, 0x6c, 0x61, 0x74, + 0x66, 0x6f, 0x72, 0x6d, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x76, 0x31, 0x42, 0x11, 0x50, 0x6c, + 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x4f, 0x49, 0x44, 0x43, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, + 0x01, 0x5a, 0x29, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x67, 0x75, 0x61, 0x72, 0x64, 0x2e, 0x64, 0x65, + 0x76, 0x2f, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x70, 0x6c, 0x61, 0x74, + 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x6f, 0x69, 0x64, 0x63, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/proto/platform/oidc/v1/oidc.platform.proto b/proto/platform/oidc/v1/oidc.platform.proto index df9442b3..cd877db9 100644 --- a/proto/platform/oidc/v1/oidc.platform.proto +++ b/proto/platform/oidc/v1/oidc.platform.proto @@ -40,7 +40,11 @@ message ExchangeRefreshTokenRequest { message ExchangeRequest { repeated string aud = 1; string scope = 2; - string cluster = 3; + + // `cluster` field was deprecated and removed. + reserved 3; + reserved "cluster"; + string identity = 4; // List of capabilities to request for the token. @@ -48,8 +52,9 @@ message ExchangeRequest { type: "chainguard.capabilities/Capability" }]; - // Whether or not to include the upstream token in the response - bool include_upstream_token = 6; + // `include_upstream_token` field was deprecated and removed. + reserved 6; + reserved "include_upstream_token"; } message RawToken { diff --git a/sts/sts.go b/sts/sts.go index b18619fd..94b90861 100644 --- a/sts/sts.go +++ b/sts/sts.go @@ -75,15 +75,13 @@ type impl struct { } type options struct { - issuer string - audience string - cluster string - userAgent string - scope string - capabilities []string - identity string - includeUpstreamToken bool - http1Downgrade bool + issuer string + audience string + userAgent string + scope string + capabilities []string + identity string + http1Downgrade bool } var _ Exchanger = (*impl)(nil) @@ -105,12 +103,10 @@ func (i *impl) Exchange(ctx context.Context, token string, opts ...ExchangerOpti defer c.Close() resp, err := c.STS().Exchange(ctx, &oidc.ExchangeRequest{ - Aud: []string{o.audience}, - Scope: o.scope, - Cluster: o.cluster, - Identity: o.identity, - IncludeUpstreamToken: o.includeUpstreamToken, - Cap: o.capabilities, + Aud: []string{o.audience}, + Scope: o.scope, + Identity: o.identity, + Cap: o.capabilities, }) if err != nil { return "", err @@ -153,15 +149,6 @@ func WithUserAgent(agent string) ExchangerOption { } } -// WithCluster sets the cluster parameter sent by the Exchanger. -// -// Only one of cluster or scope may be set. -func WithCluster(cluster string) ExchangerOption { - return func(i *options) { - i.cluster = cluster - } -} - // WithScope sets the scope parameter sent by the Exchanger. // // Only one of cluster or scope may be set. @@ -186,14 +173,6 @@ func WithIdentity(uid string) ExchangerOption { } } -// WithIncludeUpstreamToken requests that the upstream token be included in the returned -// STS token. -func WithIncludeUpstreamToken() ExchangerOption { - return func(i *options) { - i.includeUpstreamToken = true - } -} - // WithHTTP1Downgrade signals Exchange to use HTTP1DowngradeExchanger in the STS exchange. func WithHTTP1Downgrade() ExchangerOption { return func(i *options) { @@ -279,12 +258,10 @@ func (i *HTTP1DowngradeExchanger) Exchange(ctx context.Context, token string, op opt(&o) } in := &oidc.ExchangeRequest{ - Aud: []string{o.audience}, - Scope: o.scope, - Cluster: o.cluster, - Identity: o.identity, - IncludeUpstreamToken: o.includeUpstreamToken, - Cap: o.capabilities, + Aud: []string{o.audience}, + Scope: o.scope, + Identity: o.identity, + Cap: o.capabilities, } out := new(oidc.RawToken) if err := i.doHTTP1(ctx, token, "/sts/exchange", in, out, o); err != nil { diff --git a/sts/sts_test.go b/sts/sts_test.go index ab3226cd..abc893cc 100644 --- a/sts/sts_test.go +++ b/sts/sts_test.go @@ -64,7 +64,7 @@ func TestRefresh(t *testing.T) { issuer: "bar", audience: "baz", exchangeOpts: []ExchangerOption{ - WithCapabilities("registry.push"), + WithCapabilities("groups.list"), WithScope("derp"), }, clientMock: test.MockOIDCClient{ @@ -72,7 +72,7 @@ func TestRefresh(t *testing.T) { OnGetAccessToken: []test.STSOnGetAccessToken{{ Given: &oidc.ExchangeRefreshTokenRequest{ Aud: []string{"baz"}, - Cap: []string{"registry.push"}, + Cap: []string{"groups.list"}, Scope: "derp", }, Exchanged: &oidc.TokenPair{ @@ -151,7 +151,7 @@ func TestImplExchange(t *testing.T) { issuer: "bar", audience: "baz", newOpts: []ExchangerOption{ - WithCapabilities("registry.push"), + WithCapabilities("groups.list"), WithScope("derp"), }, clientMock: test.MockOIDCClient{ @@ -159,7 +159,7 @@ func TestImplExchange(t *testing.T) { OnExchange: []test.STSOnExchange{{ Given: &oidc.ExchangeRequest{ Aud: []string{"baz"}, - Cap: []string{"registry.push"}, + Cap: []string{"groups.list"}, Scope: "derp", }, Exchanged: &oidc.RawToken{Token: "token!"}, @@ -172,7 +172,7 @@ func TestImplExchange(t *testing.T) { issuer: "bar", audience: "baz", exchangeOpts: []ExchangerOption{ - WithCapabilities("registry.push"), + WithCapabilities("groups.list"), WithScope("derp"), }, clientMock: test.MockOIDCClient{ @@ -180,7 +180,7 @@ func TestImplExchange(t *testing.T) { OnExchange: []test.STSOnExchange{{ Given: &oidc.ExchangeRequest{ Aud: []string{"baz"}, - Cap: []string{"registry.push"}, + Cap: []string{"groups.list"}, Scope: "derp", }, Exchanged: &oidc.RawToken{Token: "token!"}, @@ -208,44 +208,6 @@ func TestImplExchange(t *testing.T) { }, want: "token foo", }, - "include upstream": { - issuer: "bar", - audience: "baz", - exchangeOpts: []ExchangerOption{ - WithIncludeUpstreamToken(), - }, - clientMock: test.MockOIDCClient{ - STSClient: test.MockSTSClient{ - OnExchange: []test.STSOnExchange{{ - Given: &oidc.ExchangeRequest{ - Aud: []string{"baz"}, - IncludeUpstreamToken: true, - }, - Exchanged: &oidc.RawToken{Token: "tokenz"}, - }}, - }, - }, - want: "tokenz", - }, - "cluster": { - issuer: "bar", - audience: "baz", - exchangeOpts: []ExchangerOption{ - WithCluster("kind i presume"), - }, - clientMock: test.MockOIDCClient{ - STSClient: test.MockSTSClient{ - OnExchange: []test.STSOnExchange{{ - Given: &oidc.ExchangeRequest{ - Aud: []string{"baz"}, - Cluster: "kind i presume", - }, - Exchanged: &oidc.RawToken{Token: "tokenz"}, - }}, - }, - }, - want: "tokenz", - }, } for name, test := range tests { @@ -309,7 +271,7 @@ func TestExchange(t *testing.T) { issuer: "bar", audience: "baz", exchangeOpts: []ExchangerOption{ - WithCapabilities("registry.push"), + WithCapabilities("groups.list"), WithScope("derp"), }, clientMock: test.MockOIDCClient{ @@ -317,7 +279,7 @@ func TestExchange(t *testing.T) { OnExchange: []test.STSOnExchange{{ Given: &oidc.ExchangeRequest{ Aud: []string{"baz"}, - Cap: []string{"registry.push"}, + Cap: []string{"groups.list"}, Scope: "derp", }, Exchanged: &oidc.RawToken{Token: "token!"}, @@ -330,7 +292,7 @@ func TestExchange(t *testing.T) { issuer: "bar", audience: "baz", exchangeOpts: []ExchangerOption{ - WithCapabilities("registry.push"), + WithCapabilities("groups.list"), WithScope("derp"), }, clientMock: test.MockOIDCClient{ @@ -338,7 +300,7 @@ func TestExchange(t *testing.T) { OnExchange: []test.STSOnExchange{{ Given: &oidc.ExchangeRequest{ Aud: []string{"baz"}, - Cap: []string{"registry.push"}, + Cap: []string{"groups.list"}, Scope: "derp", }, Exchanged: &oidc.RawToken{Token: "token!"}, @@ -366,44 +328,6 @@ func TestExchange(t *testing.T) { }, want: "token foo", }, - "include upstream": { - issuer: "bar", - audience: "baz", - exchangeOpts: []ExchangerOption{ - WithIncludeUpstreamToken(), - }, - clientMock: test.MockOIDCClient{ - STSClient: test.MockSTSClient{ - OnExchange: []test.STSOnExchange{{ - Given: &oidc.ExchangeRequest{ - Aud: []string{"baz"}, - IncludeUpstreamToken: true, - }, - Exchanged: &oidc.RawToken{Token: "tokenz"}, - }}, - }, - }, - want: "tokenz", - }, - "cluster": { - issuer: "bar", - audience: "baz", - exchangeOpts: []ExchangerOption{ - WithCluster("kind i presume"), - }, - clientMock: test.MockOIDCClient{ - STSClient: test.MockSTSClient{ - OnExchange: []test.STSOnExchange{{ - Given: &oidc.ExchangeRequest{ - Aud: []string{"baz"}, - Cluster: "kind i presume", - }, - Exchanged: &oidc.RawToken{Token: "tokenz"}, - }}, - }, - }, - want: "tokenz", - }, } for name, test := range tests {