From 3d30ef2a2e495fc7ec36737588869b5a6b5ecdb1 Mon Sep 17 00:00:00 2001 From: Marcos Yacob Date: Fri, 5 Jul 2024 12:32:52 -0300 Subject: [PATCH 1/7] Add taint upstream authority RPC Signed-off-by: Marcos Yacob --- .../localauthority/v1/localauthority.pb.go | 335 +++++++++++++----- .../localauthority/v1/localauthority.proto | 32 +- .../v1/localauthority_grpc.pb.go | 68 +++- 3 files changed, 341 insertions(+), 94 deletions(-) diff --git a/proto/spire/api/server/localauthority/v1/localauthority.pb.go b/proto/spire/api/server/localauthority/v1/localauthority.pb.go index 0da7aba..058ae40 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority.pb.go +++ b/proto/spire/api/server/localauthority/v1/localauthority.pb.go @@ -889,6 +889,106 @@ func (x *TaintX509AuthorityResponse) GetTaintedAuthority() *AuthorityState { return nil } +type TaintX509UpstreamAuthorityRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Optional. The authority ID of an old X.509 upstream authority to taint. + // This is the X.509 Subject Key Identifier (or SKID) of the + // authority's CA certificate, which is calculated by doing a + // SHA-1 hash over the ASN.1 encoding of the public key. + // By default, the upstream authority used to sign the old local + // X.509 authority is used. + AuthorityId string `protobuf:"bytes,1,opt,name=authority_id,json=authorityId,proto3" json:"authority_id,omitempty"` +} + +func (x *TaintX509UpstreamAuthorityRequest) Reset() { + *x = TaintX509UpstreamAuthorityRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[18] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TaintX509UpstreamAuthorityRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TaintX509UpstreamAuthorityRequest) ProtoMessage() {} + +func (x *TaintX509UpstreamAuthorityRequest) ProtoReflect() protoreflect.Message { + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[18] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TaintX509UpstreamAuthorityRequest.ProtoReflect.Descriptor instead. +func (*TaintX509UpstreamAuthorityRequest) Descriptor() ([]byte, []int) { + return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{18} +} + +func (x *TaintX509UpstreamAuthorityRequest) GetAuthorityId() string { + if x != nil { + return x.AuthorityId + } + return "" +} + +type TaintX509UpstreamAuthorityResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + TaintedAuthority *AuthorityState `protobuf:"bytes,1,opt,name=tainted_authority,json=taintedAuthority,proto3" json:"tainted_authority,omitempty"` +} + +func (x *TaintX509UpstreamAuthorityResponse) Reset() { + *x = TaintX509UpstreamAuthorityResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[19] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TaintX509UpstreamAuthorityResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TaintX509UpstreamAuthorityResponse) ProtoMessage() {} + +func (x *TaintX509UpstreamAuthorityResponse) ProtoReflect() protoreflect.Message { + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[19] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TaintX509UpstreamAuthorityResponse.ProtoReflect.Descriptor instead. +func (*TaintX509UpstreamAuthorityResponse) Descriptor() ([]byte, []int) { + return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{19} +} + +func (x *TaintX509UpstreamAuthorityResponse) GetTaintedAuthority() *AuthorityState { + if x != nil { + return x.TaintedAuthority + } + return nil +} + type RevokeX509AuthorityRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -905,7 +1005,7 @@ type RevokeX509AuthorityRequest struct { func (x *RevokeX509AuthorityRequest) Reset() { *x = RevokeX509AuthorityRequest{} if protoimpl.UnsafeEnabled { - mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[18] + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[20] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -918,7 +1018,7 @@ func (x *RevokeX509AuthorityRequest) String() string { func (*RevokeX509AuthorityRequest) ProtoMessage() {} func (x *RevokeX509AuthorityRequest) ProtoReflect() protoreflect.Message { - mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[18] + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[20] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -931,7 +1031,7 @@ func (x *RevokeX509AuthorityRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use RevokeX509AuthorityRequest.ProtoReflect.Descriptor instead. func (*RevokeX509AuthorityRequest) Descriptor() ([]byte, []int) { - return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{18} + return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{20} } func (x *RevokeX509AuthorityRequest) GetAuthorityId() string { @@ -952,7 +1052,7 @@ type RevokeX509AuthorityResponse struct { func (x *RevokeX509AuthorityResponse) Reset() { *x = RevokeX509AuthorityResponse{} if protoimpl.UnsafeEnabled { - mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[19] + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[21] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -965,7 +1065,7 @@ func (x *RevokeX509AuthorityResponse) String() string { func (*RevokeX509AuthorityResponse) ProtoMessage() {} func (x *RevokeX509AuthorityResponse) ProtoReflect() protoreflect.Message { - mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[19] + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[21] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -978,7 +1078,7 @@ func (x *RevokeX509AuthorityResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use RevokeX509AuthorityResponse.ProtoReflect.Descriptor instead. func (*RevokeX509AuthorityResponse) Descriptor() ([]byte, []int) { - return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{19} + return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{21} } func (x *RevokeX509AuthorityResponse) GetRevokedAuthority() *AuthorityState { @@ -1002,7 +1102,7 @@ type AuthorityState struct { func (x *AuthorityState) Reset() { *x = AuthorityState{} if protoimpl.UnsafeEnabled { - mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[20] + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[22] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1015,7 +1115,7 @@ func (x *AuthorityState) String() string { func (*AuthorityState) ProtoMessage() {} func (x *AuthorityState) ProtoReflect() protoreflect.Message { - mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[20] + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[22] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1028,7 +1128,7 @@ func (x *AuthorityState) ProtoReflect() protoreflect.Message { // Deprecated: Use AuthorityState.ProtoReflect.Descriptor instead. func (*AuthorityState) Descriptor() ([]byte, []int) { - return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{20} + return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{22} } func (x *AuthorityState) GetAuthorityId() string { @@ -1171,6 +1271,19 @@ var file_spire_api_server_localauthority_v1_localauthority_proto_rawDesc = []byt 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x10, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x74, 0x79, 0x22, 0x46, 0x0a, 0x21, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, + 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0b, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x49, 0x64, 0x22, 0x85, 0x01, 0x0a, + 0x22, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, + 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x12, 0x5f, 0x0a, 0x11, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x5f, 0x61, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, + 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, + 0x74, 0x65, 0x52, 0x10, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, 0x3f, 0x0a, 0x1a, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x5f, @@ -1188,7 +1301,7 @@ var file_spire_api_server_localauthority_v1_localauthority_proto_rawDesc = []byt 0x72, 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x5f, 0x61, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, - 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x74, 0x32, 0x93, 0x0c, 0x0a, 0x0e, 0x4c, 0x6f, + 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x74, 0x32, 0xc1, 0x0d, 0x0a, 0x0e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x99, 0x01, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, @@ -1276,23 +1389,34 @@ var file_spire_api_server_localauthority_v1_localauthority_proto_rawDesc = []byt 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x96, 0x01, 0x0a, 0x13, 0x52, 0x65, 0x76, 0x6f, 0x6b, - 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3e, - 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3f, - 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, - 0x5b, 0x5a, 0x59, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, - 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x61, 0x70, 0x69, 0x2d, 0x73, - 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x61, - 0x70, 0x69, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x76, 0x31, 0x3b, 0x6c, 0x6f, 0x63, 0x61, - 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0xab, 0x01, 0x0a, 0x1a, 0x54, 0x61, 0x69, 0x6e, 0x74, + 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x45, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, + 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, + 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x46, 0x2e, 0x73, + 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, + 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, + 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, + 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x96, 0x01, 0x0a, 0x13, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, + 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3e, 0x2e, 0x73, + 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, + 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, + 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3f, 0x2e, 0x73, + 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, + 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, + 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x5b, 0x5a, + 0x59, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, + 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x61, 0x70, 0x69, 0x2d, 0x73, 0x64, 0x6b, + 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x61, 0x70, 0x69, + 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x76, 0x31, 0x3b, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x33, } var ( @@ -1307,70 +1431,75 @@ func file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP() return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescData } -var file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes = make([]protoimpl.MessageInfo, 21) +var file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes = make([]protoimpl.MessageInfo, 23) var file_spire_api_server_localauthority_v1_localauthority_proto_goTypes = []interface{}{ - (*GetJWTAuthorityStateRequest)(nil), // 0: spire.api.server.localauthority.v1.GetJWTAuthorityStateRequest - (*GetJWTAuthorityStateResponse)(nil), // 1: spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse - (*PrepareJWTAuthorityRequest)(nil), // 2: spire.api.server.localauthority.v1.PrepareJWTAuthorityRequest - (*PrepareJWTAuthorityResponse)(nil), // 3: spire.api.server.localauthority.v1.PrepareJWTAuthorityResponse - (*ActivateJWTAuthorityRequest)(nil), // 4: spire.api.server.localauthority.v1.ActivateJWTAuthorityRequest - (*ActivateJWTAuthorityResponse)(nil), // 5: spire.api.server.localauthority.v1.ActivateJWTAuthorityResponse - (*TaintJWTAuthorityRequest)(nil), // 6: spire.api.server.localauthority.v1.TaintJWTAuthorityRequest - (*TaintJWTAuthorityResponse)(nil), // 7: spire.api.server.localauthority.v1.TaintJWTAuthorityResponse - (*RevokeJWTAuthorityRequest)(nil), // 8: spire.api.server.localauthority.v1.RevokeJWTAuthorityRequest - (*RevokeJWTAuthorityResponse)(nil), // 9: spire.api.server.localauthority.v1.RevokeJWTAuthorityResponse - (*GetX509AuthorityStateRequest)(nil), // 10: spire.api.server.localauthority.v1.GetX509AuthorityStateRequest - (*GetX509AuthorityStateResponse)(nil), // 11: spire.api.server.localauthority.v1.GetX509AuthorityStateResponse - (*PrepareX509AuthorityRequest)(nil), // 12: spire.api.server.localauthority.v1.PrepareX509AuthorityRequest - (*PrepareX509AuthorityResponse)(nil), // 13: spire.api.server.localauthority.v1.PrepareX509AuthorityResponse - (*ActivateX509AuthorityRequest)(nil), // 14: spire.api.server.localauthority.v1.ActivateX509AuthorityRequest - (*ActivateX509AuthorityResponse)(nil), // 15: spire.api.server.localauthority.v1.ActivateX509AuthorityResponse - (*TaintX509AuthorityRequest)(nil), // 16: spire.api.server.localauthority.v1.TaintX509AuthorityRequest - (*TaintX509AuthorityResponse)(nil), // 17: spire.api.server.localauthority.v1.TaintX509AuthorityResponse - (*RevokeX509AuthorityRequest)(nil), // 18: spire.api.server.localauthority.v1.RevokeX509AuthorityRequest - (*RevokeX509AuthorityResponse)(nil), // 19: spire.api.server.localauthority.v1.RevokeX509AuthorityResponse - (*AuthorityState)(nil), // 20: spire.api.server.localauthority.v1.AuthorityState + (*GetJWTAuthorityStateRequest)(nil), // 0: spire.api.server.localauthority.v1.GetJWTAuthorityStateRequest + (*GetJWTAuthorityStateResponse)(nil), // 1: spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse + (*PrepareJWTAuthorityRequest)(nil), // 2: spire.api.server.localauthority.v1.PrepareJWTAuthorityRequest + (*PrepareJWTAuthorityResponse)(nil), // 3: spire.api.server.localauthority.v1.PrepareJWTAuthorityResponse + (*ActivateJWTAuthorityRequest)(nil), // 4: spire.api.server.localauthority.v1.ActivateJWTAuthorityRequest + (*ActivateJWTAuthorityResponse)(nil), // 5: spire.api.server.localauthority.v1.ActivateJWTAuthorityResponse + (*TaintJWTAuthorityRequest)(nil), // 6: spire.api.server.localauthority.v1.TaintJWTAuthorityRequest + (*TaintJWTAuthorityResponse)(nil), // 7: spire.api.server.localauthority.v1.TaintJWTAuthorityResponse + (*RevokeJWTAuthorityRequest)(nil), // 8: spire.api.server.localauthority.v1.RevokeJWTAuthorityRequest + (*RevokeJWTAuthorityResponse)(nil), // 9: spire.api.server.localauthority.v1.RevokeJWTAuthorityResponse + (*GetX509AuthorityStateRequest)(nil), // 10: spire.api.server.localauthority.v1.GetX509AuthorityStateRequest + (*GetX509AuthorityStateResponse)(nil), // 11: spire.api.server.localauthority.v1.GetX509AuthorityStateResponse + (*PrepareX509AuthorityRequest)(nil), // 12: spire.api.server.localauthority.v1.PrepareX509AuthorityRequest + (*PrepareX509AuthorityResponse)(nil), // 13: spire.api.server.localauthority.v1.PrepareX509AuthorityResponse + (*ActivateX509AuthorityRequest)(nil), // 14: spire.api.server.localauthority.v1.ActivateX509AuthorityRequest + (*ActivateX509AuthorityResponse)(nil), // 15: spire.api.server.localauthority.v1.ActivateX509AuthorityResponse + (*TaintX509AuthorityRequest)(nil), // 16: spire.api.server.localauthority.v1.TaintX509AuthorityRequest + (*TaintX509AuthorityResponse)(nil), // 17: spire.api.server.localauthority.v1.TaintX509AuthorityResponse + (*TaintX509UpstreamAuthorityRequest)(nil), // 18: spire.api.server.localauthority.v1.TaintX509UpstreamAuthorityRequest + (*TaintX509UpstreamAuthorityResponse)(nil), // 19: spire.api.server.localauthority.v1.TaintX509UpstreamAuthorityResponse + (*RevokeX509AuthorityRequest)(nil), // 20: spire.api.server.localauthority.v1.RevokeX509AuthorityRequest + (*RevokeX509AuthorityResponse)(nil), // 21: spire.api.server.localauthority.v1.RevokeX509AuthorityResponse + (*AuthorityState)(nil), // 22: spire.api.server.localauthority.v1.AuthorityState } var file_spire_api_server_localauthority_v1_localauthority_proto_depIdxs = []int32{ - 20, // 0: spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse.active:type_name -> spire.api.server.localauthority.v1.AuthorityState - 20, // 1: spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse.prepared:type_name -> spire.api.server.localauthority.v1.AuthorityState - 20, // 2: spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse.old:type_name -> spire.api.server.localauthority.v1.AuthorityState - 20, // 3: spire.api.server.localauthority.v1.PrepareJWTAuthorityResponse.prepared_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 20, // 4: spire.api.server.localauthority.v1.ActivateJWTAuthorityResponse.activated_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 20, // 5: spire.api.server.localauthority.v1.TaintJWTAuthorityResponse.tainted_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 20, // 6: spire.api.server.localauthority.v1.RevokeJWTAuthorityResponse.revoked_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 20, // 7: spire.api.server.localauthority.v1.GetX509AuthorityStateResponse.active:type_name -> spire.api.server.localauthority.v1.AuthorityState - 20, // 8: spire.api.server.localauthority.v1.GetX509AuthorityStateResponse.prepared:type_name -> spire.api.server.localauthority.v1.AuthorityState - 20, // 9: spire.api.server.localauthority.v1.GetX509AuthorityStateResponse.old:type_name -> spire.api.server.localauthority.v1.AuthorityState - 20, // 10: spire.api.server.localauthority.v1.PrepareX509AuthorityResponse.prepared_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 20, // 11: spire.api.server.localauthority.v1.ActivateX509AuthorityResponse.activated_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 20, // 12: spire.api.server.localauthority.v1.TaintX509AuthorityResponse.tainted_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 20, // 13: spire.api.server.localauthority.v1.RevokeX509AuthorityResponse.revoked_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 0, // 14: spire.api.server.localauthority.v1.LocalAuthority.GetJWTAuthorityState:input_type -> spire.api.server.localauthority.v1.GetJWTAuthorityStateRequest - 2, // 15: spire.api.server.localauthority.v1.LocalAuthority.PrepareJWTAuthority:input_type -> spire.api.server.localauthority.v1.PrepareJWTAuthorityRequest - 4, // 16: spire.api.server.localauthority.v1.LocalAuthority.ActivateJWTAuthority:input_type -> spire.api.server.localauthority.v1.ActivateJWTAuthorityRequest - 6, // 17: spire.api.server.localauthority.v1.LocalAuthority.TaintJWTAuthority:input_type -> spire.api.server.localauthority.v1.TaintJWTAuthorityRequest - 8, // 18: spire.api.server.localauthority.v1.LocalAuthority.RevokeJWTAuthority:input_type -> spire.api.server.localauthority.v1.RevokeJWTAuthorityRequest - 10, // 19: spire.api.server.localauthority.v1.LocalAuthority.GetX509AuthorityState:input_type -> spire.api.server.localauthority.v1.GetX509AuthorityStateRequest - 12, // 20: spire.api.server.localauthority.v1.LocalAuthority.PrepareX509Authority:input_type -> spire.api.server.localauthority.v1.PrepareX509AuthorityRequest - 14, // 21: spire.api.server.localauthority.v1.LocalAuthority.ActivateX509Authority:input_type -> spire.api.server.localauthority.v1.ActivateX509AuthorityRequest - 16, // 22: spire.api.server.localauthority.v1.LocalAuthority.TaintX509Authority:input_type -> spire.api.server.localauthority.v1.TaintX509AuthorityRequest - 18, // 23: spire.api.server.localauthority.v1.LocalAuthority.RevokeX509Authority:input_type -> spire.api.server.localauthority.v1.RevokeX509AuthorityRequest - 1, // 24: spire.api.server.localauthority.v1.LocalAuthority.GetJWTAuthorityState:output_type -> spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse - 3, // 25: spire.api.server.localauthority.v1.LocalAuthority.PrepareJWTAuthority:output_type -> spire.api.server.localauthority.v1.PrepareJWTAuthorityResponse - 5, // 26: spire.api.server.localauthority.v1.LocalAuthority.ActivateJWTAuthority:output_type -> spire.api.server.localauthority.v1.ActivateJWTAuthorityResponse - 7, // 27: spire.api.server.localauthority.v1.LocalAuthority.TaintJWTAuthority:output_type -> spire.api.server.localauthority.v1.TaintJWTAuthorityResponse - 9, // 28: spire.api.server.localauthority.v1.LocalAuthority.RevokeJWTAuthority:output_type -> spire.api.server.localauthority.v1.RevokeJWTAuthorityResponse - 11, // 29: spire.api.server.localauthority.v1.LocalAuthority.GetX509AuthorityState:output_type -> spire.api.server.localauthority.v1.GetX509AuthorityStateResponse - 13, // 30: spire.api.server.localauthority.v1.LocalAuthority.PrepareX509Authority:output_type -> spire.api.server.localauthority.v1.PrepareX509AuthorityResponse - 15, // 31: spire.api.server.localauthority.v1.LocalAuthority.ActivateX509Authority:output_type -> spire.api.server.localauthority.v1.ActivateX509AuthorityResponse - 17, // 32: spire.api.server.localauthority.v1.LocalAuthority.TaintX509Authority:output_type -> spire.api.server.localauthority.v1.TaintX509AuthorityResponse - 19, // 33: spire.api.server.localauthority.v1.LocalAuthority.RevokeX509Authority:output_type -> spire.api.server.localauthority.v1.RevokeX509AuthorityResponse - 24, // [24:34] is the sub-list for method output_type - 14, // [14:24] is the sub-list for method input_type - 14, // [14:14] is the sub-list for extension type_name - 14, // [14:14] is the sub-list for extension extendee - 0, // [0:14] is the sub-list for field type_name + 22, // 0: spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse.active:type_name -> spire.api.server.localauthority.v1.AuthorityState + 22, // 1: spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse.prepared:type_name -> spire.api.server.localauthority.v1.AuthorityState + 22, // 2: spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse.old:type_name -> spire.api.server.localauthority.v1.AuthorityState + 22, // 3: spire.api.server.localauthority.v1.PrepareJWTAuthorityResponse.prepared_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 22, // 4: spire.api.server.localauthority.v1.ActivateJWTAuthorityResponse.activated_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 22, // 5: spire.api.server.localauthority.v1.TaintJWTAuthorityResponse.tainted_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 22, // 6: spire.api.server.localauthority.v1.RevokeJWTAuthorityResponse.revoked_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 22, // 7: spire.api.server.localauthority.v1.GetX509AuthorityStateResponse.active:type_name -> spire.api.server.localauthority.v1.AuthorityState + 22, // 8: spire.api.server.localauthority.v1.GetX509AuthorityStateResponse.prepared:type_name -> spire.api.server.localauthority.v1.AuthorityState + 22, // 9: spire.api.server.localauthority.v1.GetX509AuthorityStateResponse.old:type_name -> spire.api.server.localauthority.v1.AuthorityState + 22, // 10: spire.api.server.localauthority.v1.PrepareX509AuthorityResponse.prepared_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 22, // 11: spire.api.server.localauthority.v1.ActivateX509AuthorityResponse.activated_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 22, // 12: spire.api.server.localauthority.v1.TaintX509AuthorityResponse.tainted_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 22, // 13: spire.api.server.localauthority.v1.TaintX509UpstreamAuthorityResponse.tainted_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 22, // 14: spire.api.server.localauthority.v1.RevokeX509AuthorityResponse.revoked_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 0, // 15: spire.api.server.localauthority.v1.LocalAuthority.GetJWTAuthorityState:input_type -> spire.api.server.localauthority.v1.GetJWTAuthorityStateRequest + 2, // 16: spire.api.server.localauthority.v1.LocalAuthority.PrepareJWTAuthority:input_type -> spire.api.server.localauthority.v1.PrepareJWTAuthorityRequest + 4, // 17: spire.api.server.localauthority.v1.LocalAuthority.ActivateJWTAuthority:input_type -> spire.api.server.localauthority.v1.ActivateJWTAuthorityRequest + 6, // 18: spire.api.server.localauthority.v1.LocalAuthority.TaintJWTAuthority:input_type -> spire.api.server.localauthority.v1.TaintJWTAuthorityRequest + 8, // 19: spire.api.server.localauthority.v1.LocalAuthority.RevokeJWTAuthority:input_type -> spire.api.server.localauthority.v1.RevokeJWTAuthorityRequest + 10, // 20: spire.api.server.localauthority.v1.LocalAuthority.GetX509AuthorityState:input_type -> spire.api.server.localauthority.v1.GetX509AuthorityStateRequest + 12, // 21: spire.api.server.localauthority.v1.LocalAuthority.PrepareX509Authority:input_type -> spire.api.server.localauthority.v1.PrepareX509AuthorityRequest + 14, // 22: spire.api.server.localauthority.v1.LocalAuthority.ActivateX509Authority:input_type -> spire.api.server.localauthority.v1.ActivateX509AuthorityRequest + 16, // 23: spire.api.server.localauthority.v1.LocalAuthority.TaintX509Authority:input_type -> spire.api.server.localauthority.v1.TaintX509AuthorityRequest + 18, // 24: spire.api.server.localauthority.v1.LocalAuthority.TaintX509UpstreamAuthority:input_type -> spire.api.server.localauthority.v1.TaintX509UpstreamAuthorityRequest + 20, // 25: spire.api.server.localauthority.v1.LocalAuthority.RevokeX509Authority:input_type -> spire.api.server.localauthority.v1.RevokeX509AuthorityRequest + 1, // 26: spire.api.server.localauthority.v1.LocalAuthority.GetJWTAuthorityState:output_type -> spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse + 3, // 27: spire.api.server.localauthority.v1.LocalAuthority.PrepareJWTAuthority:output_type -> spire.api.server.localauthority.v1.PrepareJWTAuthorityResponse + 5, // 28: spire.api.server.localauthority.v1.LocalAuthority.ActivateJWTAuthority:output_type -> spire.api.server.localauthority.v1.ActivateJWTAuthorityResponse + 7, // 29: spire.api.server.localauthority.v1.LocalAuthority.TaintJWTAuthority:output_type -> spire.api.server.localauthority.v1.TaintJWTAuthorityResponse + 9, // 30: spire.api.server.localauthority.v1.LocalAuthority.RevokeJWTAuthority:output_type -> spire.api.server.localauthority.v1.RevokeJWTAuthorityResponse + 11, // 31: spire.api.server.localauthority.v1.LocalAuthority.GetX509AuthorityState:output_type -> spire.api.server.localauthority.v1.GetX509AuthorityStateResponse + 13, // 32: spire.api.server.localauthority.v1.LocalAuthority.PrepareX509Authority:output_type -> spire.api.server.localauthority.v1.PrepareX509AuthorityResponse + 15, // 33: spire.api.server.localauthority.v1.LocalAuthority.ActivateX509Authority:output_type -> spire.api.server.localauthority.v1.ActivateX509AuthorityResponse + 17, // 34: spire.api.server.localauthority.v1.LocalAuthority.TaintX509Authority:output_type -> spire.api.server.localauthority.v1.TaintX509AuthorityResponse + 19, // 35: spire.api.server.localauthority.v1.LocalAuthority.TaintX509UpstreamAuthority:output_type -> spire.api.server.localauthority.v1.TaintX509UpstreamAuthorityResponse + 21, // 36: spire.api.server.localauthority.v1.LocalAuthority.RevokeX509Authority:output_type -> spire.api.server.localauthority.v1.RevokeX509AuthorityResponse + 26, // [26:37] is the sub-list for method output_type + 15, // [15:26] is the sub-list for method input_type + 15, // [15:15] is the sub-list for extension type_name + 15, // [15:15] is the sub-list for extension extendee + 0, // [0:15] is the sub-list for field type_name } func init() { file_spire_api_server_localauthority_v1_localauthority_proto_init() } @@ -1596,7 +1725,7 @@ func file_spire_api_server_localauthority_v1_localauthority_proto_init() { } } file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RevokeX509AuthorityRequest); i { + switch v := v.(*TaintX509UpstreamAuthorityRequest); i { case 0: return &v.state case 1: @@ -1608,7 +1737,7 @@ func file_spire_api_server_localauthority_v1_localauthority_proto_init() { } } file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RevokeX509AuthorityResponse); i { + switch v := v.(*TaintX509UpstreamAuthorityResponse); i { case 0: return &v.state case 1: @@ -1620,6 +1749,30 @@ func file_spire_api_server_localauthority_v1_localauthority_proto_init() { } } file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RevokeX509AuthorityRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RevokeX509AuthorityResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AuthorityState); i { case 0: return &v.state @@ -1638,7 +1791,7 @@ func file_spire_api_server_localauthority_v1_localauthority_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_spire_api_server_localauthority_v1_localauthority_proto_rawDesc, NumEnums: 0, - NumMessages: 21, + NumMessages: 23, NumExtensions: 0, NumServices: 1, }, diff --git a/proto/spire/api/server/localauthority/v1/localauthority.proto b/proto/spire/api/server/localauthority/v1/localauthority.proto index df29792..db120d0 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority.proto +++ b/proto/spire/api/server/localauthority/v1/localauthority.proto @@ -62,13 +62,29 @@ service LocalAuthority { // will perform proactive rotations of any key material related to // the tainted authority. The result of this action will be observed // cluster-wide. - // It can receive the public key of an old X.509 authority. + // It can receive the authority ID of an old X.509 authority. + // + // If upstream authority is configured, local authorities can not be tainted, + // a FailedPrecondition error will be returned. // // If a previously active X.509 authority does not exist (e.g. if one // has been prepared but not activated yet), a FailedPrecondition // error will be returned. rpc TaintX509Authority(TaintX509AuthorityRequest) returns (TaintX509AuthorityResponse); + // TaintX509UpstreamAuthority marks the provided upstream authority as + // being tainted. SPIRE Agents observing an authority to be tainted + // will perform proactive rotations of any key material related to + // the tainted authority. The result of this action will be observed + // cluster-wide. + // It is important to change active upstream authority before taiting it, + // and taint will force the rotation of any bundle that is using the old upstream authority. + // It can receive the authority ID of an old X.509 authority. + // + // If a X.509 upstream authority does not exist or it is active, a FailedPrecondition + // error will be returned. + rpc TaintX509UpstreamAuthority(TaintX509UpstreamAuthorityRequest) returns (TaintX509UpstreamAuthorityResponse); + // RevokeX509Authority revokes the previously active X.509 authority by // removing it from the bundle and propagating this update throughout // the cluster. @@ -179,6 +195,20 @@ message TaintX509AuthorityResponse { AuthorityState tainted_authority = 1; } +message TaintX509UpstreamAuthorityRequest { + // Optional. The authority ID of an old X.509 upstream authority to taint. + // This is the X.509 Subject Key Identifier (or SKID) of the + // authority's CA certificate, which is calculated by doing a + // SHA-1 hash over the ASN.1 encoding of the public key. + // By default, the upstream authority used to sign the old local + // X.509 authority is used. + string authority_id = 1; +} + +message TaintX509UpstreamAuthorityResponse { + AuthorityState tainted_authority = 1; +} + message RevokeX509AuthorityRequest { // Optional. The authority ID of the local X.509 authority to revoke. // This is the X.509 Subject Key Identifier (or SKID) of the diff --git a/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go b/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go index 739ee0e..8fce8bf 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go +++ b/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go @@ -66,12 +66,27 @@ type LocalAuthorityClient interface { // will perform proactive rotations of any key material related to // the tainted authority. The result of this action will be observed // cluster-wide. - // It can receive the public key of an old X.509 authority. + // It can receive the authority ID of an old X.509 authority. + // + // If upstream authority is configured, local authorities can not be tainted, + // a FailedPrecondition error will be returned. // // If a previously active X.509 authority does not exist (e.g. if one // has been prepared but not activated yet), a FailedPrecondition // error will be returned. TaintX509Authority(ctx context.Context, in *TaintX509AuthorityRequest, opts ...grpc.CallOption) (*TaintX509AuthorityResponse, error) + // TaintX509UpstreamAuthority marks the provided upstream authority as + // being tainted. SPIRE Agents observing an authority to be tainted + // will perform proactive rotations of any key material related to + // the tainted authority. The result of this action will be observed + // cluster-wide. + // It is important to change active upstream authority before taiting it, + // and taint will force the rotation of any bundle that is using the old upstream authority. + // It can receive the authority ID of an old X.509 authority. + // + // If a X.509 upstream authority does not exist or it is active, a FailedPrecondition + // error will be returned. + TaintX509UpstreamAuthority(ctx context.Context, in *TaintX509UpstreamAuthorityRequest, opts ...grpc.CallOption) (*TaintX509UpstreamAuthorityResponse, error) // RevokeX509Authority revokes the previously active X.509 authority by // removing it from the bundle and propagating this update throughout // the cluster. @@ -172,6 +187,15 @@ func (c *localAuthorityClient) TaintX509Authority(ctx context.Context, in *Taint return out, nil } +func (c *localAuthorityClient) TaintX509UpstreamAuthority(ctx context.Context, in *TaintX509UpstreamAuthorityRequest, opts ...grpc.CallOption) (*TaintX509UpstreamAuthorityResponse, error) { + out := new(TaintX509UpstreamAuthorityResponse) + err := c.cc.Invoke(ctx, "/spire.api.server.localauthority.v1.LocalAuthority/TaintX509UpstreamAuthority", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + func (c *localAuthorityClient) RevokeX509Authority(ctx context.Context, in *RevokeX509AuthorityRequest, opts ...grpc.CallOption) (*RevokeX509AuthorityResponse, error) { out := new(RevokeX509AuthorityResponse) err := c.cc.Invoke(ctx, "/spire.api.server.localauthority.v1.LocalAuthority/RevokeX509Authority", in, out, opts...) @@ -234,12 +258,27 @@ type LocalAuthorityServer interface { // will perform proactive rotations of any key material related to // the tainted authority. The result of this action will be observed // cluster-wide. - // It can receive the public key of an old X.509 authority. + // It can receive the authority ID of an old X.509 authority. + // + // If upstream authority is configured, local authorities can not be tainted, + // a FailedPrecondition error will be returned. // // If a previously active X.509 authority does not exist (e.g. if one // has been prepared but not activated yet), a FailedPrecondition // error will be returned. TaintX509Authority(context.Context, *TaintX509AuthorityRequest) (*TaintX509AuthorityResponse, error) + // TaintX509UpstreamAuthority marks the provided upstream authority as + // being tainted. SPIRE Agents observing an authority to be tainted + // will perform proactive rotations of any key material related to + // the tainted authority. The result of this action will be observed + // cluster-wide. + // It is important to change active upstream authority before taiting it, + // and taint will force the rotation of any bundle that is using the old upstream authority. + // It can receive the authority ID of an old X.509 authority. + // + // If a X.509 upstream authority does not exist or it is active, a FailedPrecondition + // error will be returned. + TaintX509UpstreamAuthority(context.Context, *TaintX509UpstreamAuthorityRequest) (*TaintX509UpstreamAuthorityResponse, error) // RevokeX509Authority revokes the previously active X.509 authority by // removing it from the bundle and propagating this update throughout // the cluster. @@ -283,6 +322,9 @@ func (UnimplementedLocalAuthorityServer) ActivateX509Authority(context.Context, func (UnimplementedLocalAuthorityServer) TaintX509Authority(context.Context, *TaintX509AuthorityRequest) (*TaintX509AuthorityResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method TaintX509Authority not implemented") } +func (UnimplementedLocalAuthorityServer) TaintX509UpstreamAuthority(context.Context, *TaintX509UpstreamAuthorityRequest) (*TaintX509UpstreamAuthorityResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method TaintX509UpstreamAuthority not implemented") +} func (UnimplementedLocalAuthorityServer) RevokeX509Authority(context.Context, *RevokeX509AuthorityRequest) (*RevokeX509AuthorityResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method RevokeX509Authority not implemented") } @@ -461,6 +503,24 @@ func _LocalAuthority_TaintX509Authority_Handler(srv interface{}, ctx context.Con return interceptor(ctx, in, info, handler) } +func _LocalAuthority_TaintX509UpstreamAuthority_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(TaintX509UpstreamAuthorityRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(LocalAuthorityServer).TaintX509UpstreamAuthority(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/spire.api.server.localauthority.v1.LocalAuthority/TaintX509UpstreamAuthority", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(LocalAuthorityServer).TaintX509UpstreamAuthority(ctx, req.(*TaintX509UpstreamAuthorityRequest)) + } + return interceptor(ctx, in, info, handler) +} + func _LocalAuthority_RevokeX509Authority_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { in := new(RevokeX509AuthorityRequest) if err := dec(in); err != nil { @@ -519,6 +579,10 @@ var _LocalAuthority_serviceDesc = grpc.ServiceDesc{ MethodName: "TaintX509Authority", Handler: _LocalAuthority_TaintX509Authority_Handler, }, + { + MethodName: "TaintX509UpstreamAuthority", + Handler: _LocalAuthority_TaintX509UpstreamAuthority_Handler, + }, { MethodName: "RevokeX509Authority", Handler: _LocalAuthority_RevokeX509Authority_Handler, From 9f4ef5d7c1be75061eeae86c7010eda9071de13a Mon Sep 17 00:00:00 2001 From: Marcos Yacob Date: Fri, 5 Jul 2024 14:09:28 -0300 Subject: [PATCH 2/7] refacor to use public keys... Signed-off-by: Marcos Yacob --- .../localauthority/v1/localauthority.pb.go | 336 ++++++++---------- .../localauthority/v1/localauthority.proto | 15 +- .../v1/localauthority_grpc.pb.go | 10 +- 3 files changed, 168 insertions(+), 193 deletions(-) diff --git a/proto/spire/api/server/localauthority/v1/localauthority.pb.go b/proto/spire/api/server/localauthority/v1/localauthority.pb.go index 058ae40..fc01f99 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority.pb.go +++ b/proto/spire/api/server/localauthority/v1/localauthority.pb.go @@ -894,13 +894,8 @@ type TaintX509UpstreamAuthorityRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // Optional. The authority ID of an old X.509 upstream authority to taint. - // This is the X.509 Subject Key Identifier (or SKID) of the - // authority's CA certificate, which is calculated by doing a - // SHA-1 hash over the ASN.1 encoding of the public key. - // By default, the upstream authority used to sign the old local - // X.509 authority is used. - AuthorityId string `protobuf:"bytes,1,opt,name=authority_id,json=authorityId,proto3" json:"authority_id,omitempty"` + // The upstream authority's public key, PKIX encoded + PublicKey []byte `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` } func (x *TaintX509UpstreamAuthorityRequest) Reset() { @@ -935,19 +930,17 @@ func (*TaintX509UpstreamAuthorityRequest) Descriptor() ([]byte, []int) { return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{18} } -func (x *TaintX509UpstreamAuthorityRequest) GetAuthorityId() string { +func (x *TaintX509UpstreamAuthorityRequest) GetPublicKey() []byte { if x != nil { - return x.AuthorityId + return x.PublicKey } - return "" + return nil } type TaintX509UpstreamAuthorityResponse struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - - TaintedAuthority *AuthorityState `protobuf:"bytes,1,opt,name=tainted_authority,json=taintedAuthority,proto3" json:"tainted_authority,omitempty"` } func (x *TaintX509UpstreamAuthorityResponse) Reset() { @@ -982,13 +975,6 @@ func (*TaintX509UpstreamAuthorityResponse) Descriptor() ([]byte, []int) { return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{19} } -func (x *TaintX509UpstreamAuthorityResponse) GetTaintedAuthority() *AuthorityState { - if x != nil { - return x.TaintedAuthority - } - return nil -} - type RevokeX509AuthorityRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1271,152 +1257,145 @@ var file_spire_api_server_localauthority_v1_localauthority_proto_rawDesc = []byt 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x10, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x22, 0x46, 0x0a, 0x21, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, + 0x72, 0x69, 0x74, 0x79, 0x22, 0x42, 0x0a, 0x21, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0b, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x49, 0x64, 0x22, 0x85, 0x01, 0x0a, - 0x22, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, - 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x12, 0x5f, 0x0a, 0x11, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x5f, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, - 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, - 0x74, 0x65, 0x52, 0x10, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x22, 0x3f, 0x0a, 0x1a, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, - 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x5f, - 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x49, 0x64, 0x22, 0x7e, 0x0a, 0x1b, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, - 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5f, 0x0a, 0x11, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x5f, - 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x32, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, + 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x75, 0x62, + 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x70, + 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x22, 0x24, 0x0a, 0x22, 0x54, 0x61, 0x69, 0x6e, + 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3f, + 0x0a, 0x1a, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x0c, + 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0b, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x49, 0x64, 0x22, + 0x7e, 0x0a, 0x1b, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5f, + 0x0a, 0x11, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x73, 0x70, 0x69, 0x72, + 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, + 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x10, 0x72, + 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, + 0x52, 0x0a, 0x0e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, + 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x69, + 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x5f, + 0x61, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, + 0x73, 0x41, 0x74, 0x32, 0xc1, 0x0d, 0x0a, 0x0e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x99, 0x01, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x4a, 0x57, + 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, + 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, - 0x61, 0x74, 0x65, 0x52, 0x10, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, 0x52, 0x0a, 0x0e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x65, 0x78, - 0x70, 0x69, 0x72, 0x65, 0x73, 0x5f, 0x61, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, - 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x74, 0x32, 0xc1, 0x0d, 0x0a, 0x0e, 0x4c, 0x6f, - 0x63, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x99, 0x01, 0x0a, - 0x14, 0x47, 0x65, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x4a, 0x57, - 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x4a, - 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x96, 0x01, 0x0a, 0x13, 0x50, 0x72, 0x65, - 0x70, 0x61, 0x72, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x12, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, + 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x4a, 0x57, 0x54, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x4a, 0x57, 0x54, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x12, 0x99, 0x01, 0x0a, 0x14, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4a, 0x57, - 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3f, 0x2e, 0x73, 0x70, 0x69, + 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x12, 0x96, 0x01, 0x0a, 0x13, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x4a, 0x57, + 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3e, 0x2e, 0x73, 0x70, 0x69, + 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, + 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, + 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, + 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x99, 0x01, 0x0a, 0x14, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x40, 0x2e, 0x73, 0x70, + 0x72, 0x69, 0x74, 0x79, 0x12, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, + 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, + 0x74, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, + 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, + 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x90, 0x01, 0x0a, 0x11, 0x54, 0x61, 0x69, 0x6e, + 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3c, 0x2e, + 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, + 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, - 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x90, 0x01, - 0x0a, 0x11, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x12, 0x3c, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x4a, 0x57, - 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x3d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, + 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x93, 0x01, 0x0a, 0x12, 0x52, + 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, + 0x79, 0x12, 0x3d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x4a, 0x57, 0x54, 0x41, + 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x4a, 0x57, 0x54, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x93, 0x01, 0x0a, 0x12, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, + 0x12, 0x9c, 0x01, 0x0a, 0x15, 0x47, 0x65, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x40, 0x2e, 0x73, 0x70, 0x69, + 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, + 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, + 0x47, 0x65, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x41, 0x2e, 0x73, + 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, + 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, + 0x31, 0x2e, 0x47, 0x65, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, + 0x99, 0x01, 0x0a, 0x14, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, + 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, + 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, + 0x65, 0x70, 0x61, 0x72, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, + 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, + 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, + 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x9c, 0x01, 0x0a, 0x15, + 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, + 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, + 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x41, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, - 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, - 0x6f, 0x6b, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, - 0x6b, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x9c, 0x01, 0x0a, 0x15, 0x47, 0x65, 0x74, 0x58, 0x35, - 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, - 0x12, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, + 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x63, 0x74, + 0x69, 0x76, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x93, 0x01, 0x0a, 0x12, 0x54, + 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, + 0x79, 0x12, 0x3d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x41, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x99, 0x01, 0x0a, 0x14, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, - 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3f, - 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, - 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x58, 0x35, 0x30, 0x39, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x12, 0x9c, 0x01, 0x0a, 0x15, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x58, 0x35, - 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x40, 0x2e, 0x73, 0x70, - 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, - 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, - 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x41, 0x2e, - 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, - 0x76, 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, + 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x93, 0x01, 0x0a, 0x12, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, - 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, - 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, + 0x12, 0xab, 0x01, 0x0a, 0x1a, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, + 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, + 0x45, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, + 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, + 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x46, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, - 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0xab, 0x01, 0x0a, 0x1a, 0x54, 0x61, 0x69, 0x6e, 0x74, - 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x45, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, - 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x46, 0x2e, 0x73, - 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, - 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, - 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, - 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x96, 0x01, 0x0a, 0x13, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, - 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3e, 0x2e, 0x73, - 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, - 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, - 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3f, 0x2e, 0x73, - 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, - 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, - 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x5b, 0x5a, - 0x59, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, - 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x61, 0x70, 0x69, 0x2d, 0x73, 0x64, 0x6b, - 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x61, 0x70, 0x69, - 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x76, 0x31, 0x3b, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, + 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x96, + 0x01, 0x0a, 0x13, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, + 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, + 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, + 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, + 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x5b, 0x5a, 0x59, 0x67, 0x69, 0x74, 0x68, 0x75, + 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, + 0x72, 0x65, 0x2d, 0x61, 0x70, 0x69, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x2f, 0x76, 0x31, 0x3b, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1471,35 +1450,34 @@ var file_spire_api_server_localauthority_v1_localauthority_proto_depIdxs = []int 22, // 10: spire.api.server.localauthority.v1.PrepareX509AuthorityResponse.prepared_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState 22, // 11: spire.api.server.localauthority.v1.ActivateX509AuthorityResponse.activated_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState 22, // 12: spire.api.server.localauthority.v1.TaintX509AuthorityResponse.tainted_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 22, // 13: spire.api.server.localauthority.v1.TaintX509UpstreamAuthorityResponse.tainted_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 22, // 14: spire.api.server.localauthority.v1.RevokeX509AuthorityResponse.revoked_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 0, // 15: spire.api.server.localauthority.v1.LocalAuthority.GetJWTAuthorityState:input_type -> spire.api.server.localauthority.v1.GetJWTAuthorityStateRequest - 2, // 16: spire.api.server.localauthority.v1.LocalAuthority.PrepareJWTAuthority:input_type -> spire.api.server.localauthority.v1.PrepareJWTAuthorityRequest - 4, // 17: spire.api.server.localauthority.v1.LocalAuthority.ActivateJWTAuthority:input_type -> spire.api.server.localauthority.v1.ActivateJWTAuthorityRequest - 6, // 18: spire.api.server.localauthority.v1.LocalAuthority.TaintJWTAuthority:input_type -> spire.api.server.localauthority.v1.TaintJWTAuthorityRequest - 8, // 19: spire.api.server.localauthority.v1.LocalAuthority.RevokeJWTAuthority:input_type -> spire.api.server.localauthority.v1.RevokeJWTAuthorityRequest - 10, // 20: spire.api.server.localauthority.v1.LocalAuthority.GetX509AuthorityState:input_type -> spire.api.server.localauthority.v1.GetX509AuthorityStateRequest - 12, // 21: spire.api.server.localauthority.v1.LocalAuthority.PrepareX509Authority:input_type -> spire.api.server.localauthority.v1.PrepareX509AuthorityRequest - 14, // 22: spire.api.server.localauthority.v1.LocalAuthority.ActivateX509Authority:input_type -> spire.api.server.localauthority.v1.ActivateX509AuthorityRequest - 16, // 23: spire.api.server.localauthority.v1.LocalAuthority.TaintX509Authority:input_type -> spire.api.server.localauthority.v1.TaintX509AuthorityRequest - 18, // 24: spire.api.server.localauthority.v1.LocalAuthority.TaintX509UpstreamAuthority:input_type -> spire.api.server.localauthority.v1.TaintX509UpstreamAuthorityRequest - 20, // 25: spire.api.server.localauthority.v1.LocalAuthority.RevokeX509Authority:input_type -> spire.api.server.localauthority.v1.RevokeX509AuthorityRequest - 1, // 26: spire.api.server.localauthority.v1.LocalAuthority.GetJWTAuthorityState:output_type -> spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse - 3, // 27: spire.api.server.localauthority.v1.LocalAuthority.PrepareJWTAuthority:output_type -> spire.api.server.localauthority.v1.PrepareJWTAuthorityResponse - 5, // 28: spire.api.server.localauthority.v1.LocalAuthority.ActivateJWTAuthority:output_type -> spire.api.server.localauthority.v1.ActivateJWTAuthorityResponse - 7, // 29: spire.api.server.localauthority.v1.LocalAuthority.TaintJWTAuthority:output_type -> spire.api.server.localauthority.v1.TaintJWTAuthorityResponse - 9, // 30: spire.api.server.localauthority.v1.LocalAuthority.RevokeJWTAuthority:output_type -> spire.api.server.localauthority.v1.RevokeJWTAuthorityResponse - 11, // 31: spire.api.server.localauthority.v1.LocalAuthority.GetX509AuthorityState:output_type -> spire.api.server.localauthority.v1.GetX509AuthorityStateResponse - 13, // 32: spire.api.server.localauthority.v1.LocalAuthority.PrepareX509Authority:output_type -> spire.api.server.localauthority.v1.PrepareX509AuthorityResponse - 15, // 33: spire.api.server.localauthority.v1.LocalAuthority.ActivateX509Authority:output_type -> spire.api.server.localauthority.v1.ActivateX509AuthorityResponse - 17, // 34: spire.api.server.localauthority.v1.LocalAuthority.TaintX509Authority:output_type -> spire.api.server.localauthority.v1.TaintX509AuthorityResponse - 19, // 35: spire.api.server.localauthority.v1.LocalAuthority.TaintX509UpstreamAuthority:output_type -> spire.api.server.localauthority.v1.TaintX509UpstreamAuthorityResponse - 21, // 36: spire.api.server.localauthority.v1.LocalAuthority.RevokeX509Authority:output_type -> spire.api.server.localauthority.v1.RevokeX509AuthorityResponse - 26, // [26:37] is the sub-list for method output_type - 15, // [15:26] is the sub-list for method input_type - 15, // [15:15] is the sub-list for extension type_name - 15, // [15:15] is the sub-list for extension extendee - 0, // [0:15] is the sub-list for field type_name + 22, // 13: spire.api.server.localauthority.v1.RevokeX509AuthorityResponse.revoked_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 0, // 14: spire.api.server.localauthority.v1.LocalAuthority.GetJWTAuthorityState:input_type -> spire.api.server.localauthority.v1.GetJWTAuthorityStateRequest + 2, // 15: spire.api.server.localauthority.v1.LocalAuthority.PrepareJWTAuthority:input_type -> spire.api.server.localauthority.v1.PrepareJWTAuthorityRequest + 4, // 16: spire.api.server.localauthority.v1.LocalAuthority.ActivateJWTAuthority:input_type -> spire.api.server.localauthority.v1.ActivateJWTAuthorityRequest + 6, // 17: spire.api.server.localauthority.v1.LocalAuthority.TaintJWTAuthority:input_type -> spire.api.server.localauthority.v1.TaintJWTAuthorityRequest + 8, // 18: spire.api.server.localauthority.v1.LocalAuthority.RevokeJWTAuthority:input_type -> spire.api.server.localauthority.v1.RevokeJWTAuthorityRequest + 10, // 19: spire.api.server.localauthority.v1.LocalAuthority.GetX509AuthorityState:input_type -> spire.api.server.localauthority.v1.GetX509AuthorityStateRequest + 12, // 20: spire.api.server.localauthority.v1.LocalAuthority.PrepareX509Authority:input_type -> spire.api.server.localauthority.v1.PrepareX509AuthorityRequest + 14, // 21: spire.api.server.localauthority.v1.LocalAuthority.ActivateX509Authority:input_type -> spire.api.server.localauthority.v1.ActivateX509AuthorityRequest + 16, // 22: spire.api.server.localauthority.v1.LocalAuthority.TaintX509Authority:input_type -> spire.api.server.localauthority.v1.TaintX509AuthorityRequest + 18, // 23: spire.api.server.localauthority.v1.LocalAuthority.TaintX509UpstreamAuthority:input_type -> spire.api.server.localauthority.v1.TaintX509UpstreamAuthorityRequest + 20, // 24: spire.api.server.localauthority.v1.LocalAuthority.RevokeX509Authority:input_type -> spire.api.server.localauthority.v1.RevokeX509AuthorityRequest + 1, // 25: spire.api.server.localauthority.v1.LocalAuthority.GetJWTAuthorityState:output_type -> spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse + 3, // 26: spire.api.server.localauthority.v1.LocalAuthority.PrepareJWTAuthority:output_type -> spire.api.server.localauthority.v1.PrepareJWTAuthorityResponse + 5, // 27: spire.api.server.localauthority.v1.LocalAuthority.ActivateJWTAuthority:output_type -> spire.api.server.localauthority.v1.ActivateJWTAuthorityResponse + 7, // 28: spire.api.server.localauthority.v1.LocalAuthority.TaintJWTAuthority:output_type -> spire.api.server.localauthority.v1.TaintJWTAuthorityResponse + 9, // 29: spire.api.server.localauthority.v1.LocalAuthority.RevokeJWTAuthority:output_type -> spire.api.server.localauthority.v1.RevokeJWTAuthorityResponse + 11, // 30: spire.api.server.localauthority.v1.LocalAuthority.GetX509AuthorityState:output_type -> spire.api.server.localauthority.v1.GetX509AuthorityStateResponse + 13, // 31: spire.api.server.localauthority.v1.LocalAuthority.PrepareX509Authority:output_type -> spire.api.server.localauthority.v1.PrepareX509AuthorityResponse + 15, // 32: spire.api.server.localauthority.v1.LocalAuthority.ActivateX509Authority:output_type -> spire.api.server.localauthority.v1.ActivateX509AuthorityResponse + 17, // 33: spire.api.server.localauthority.v1.LocalAuthority.TaintX509Authority:output_type -> spire.api.server.localauthority.v1.TaintX509AuthorityResponse + 19, // 34: spire.api.server.localauthority.v1.LocalAuthority.TaintX509UpstreamAuthority:output_type -> spire.api.server.localauthority.v1.TaintX509UpstreamAuthorityResponse + 21, // 35: spire.api.server.localauthority.v1.LocalAuthority.RevokeX509Authority:output_type -> spire.api.server.localauthority.v1.RevokeX509AuthorityResponse + 25, // [25:36] is the sub-list for method output_type + 14, // [14:25] is the sub-list for method input_type + 14, // [14:14] is the sub-list for extension type_name + 14, // [14:14] is the sub-list for extension extendee + 0, // [0:14] is the sub-list for field type_name } func init() { file_spire_api_server_localauthority_v1_localauthority_proto_init() } diff --git a/proto/spire/api/server/localauthority/v1/localauthority.proto b/proto/spire/api/server/localauthority/v1/localauthority.proto index db120d0..257bb9d 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority.proto +++ b/proto/spire/api/server/localauthority/v1/localauthority.proto @@ -78,8 +78,9 @@ service LocalAuthority { // the tainted authority. The result of this action will be observed // cluster-wide. // It is important to change active upstream authority before taiting it, - // and taint will force the rotation of any bundle that is using the old upstream authority. - // It can receive the authority ID of an old X.509 authority. + // since taint will force the rotation of any bundle that is using + // the old upstream authority. + // It can receive the public key of an old X.509 authority. // // If a X.509 upstream authority does not exist or it is active, a FailedPrecondition // error will be returned. @@ -196,17 +197,11 @@ message TaintX509AuthorityResponse { } message TaintX509UpstreamAuthorityRequest { - // Optional. The authority ID of an old X.509 upstream authority to taint. - // This is the X.509 Subject Key Identifier (or SKID) of the - // authority's CA certificate, which is calculated by doing a - // SHA-1 hash over the ASN.1 encoding of the public key. - // By default, the upstream authority used to sign the old local - // X.509 authority is used. - string authority_id = 1; + // The upstream authority's public key, PKIX encoded + bytes public_key = 1; } message TaintX509UpstreamAuthorityResponse { - AuthorityState tainted_authority = 1; } message RevokeX509AuthorityRequest { diff --git a/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go b/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go index 8fce8bf..7f84574 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go +++ b/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go @@ -81,8 +81,9 @@ type LocalAuthorityClient interface { // the tainted authority. The result of this action will be observed // cluster-wide. // It is important to change active upstream authority before taiting it, - // and taint will force the rotation of any bundle that is using the old upstream authority. - // It can receive the authority ID of an old X.509 authority. + // since taint will force the rotation of any bundle that is using + // the old upstream authority. + // It can receive the public key of an old X.509 authority. // // If a X.509 upstream authority does not exist or it is active, a FailedPrecondition // error will be returned. @@ -273,8 +274,9 @@ type LocalAuthorityServer interface { // the tainted authority. The result of this action will be observed // cluster-wide. // It is important to change active upstream authority before taiting it, - // and taint will force the rotation of any bundle that is using the old upstream authority. - // It can receive the authority ID of an old X.509 authority. + // since taint will force the rotation of any bundle that is using + // the old upstream authority. + // It can receive the public key of an old X.509 authority. // // If a X.509 upstream authority does not exist or it is active, a FailedPrecondition // error will be returned. From bb46a791f8fe26d3a05394f348c3f980b7464414 Mon Sep 17 00:00:00 2001 From: Marcos Yacob Date: Fri, 19 Jul 2024 12:13:56 -0300 Subject: [PATCH 3/7] update to use skid Signed-off-by: Marcos Yacob --- .../localauthority/v1/localauthority.pb.go | 262 +++++++++--------- .../localauthority/v1/localauthority.proto | 7 +- .../v1/localauthority_grpc.pb.go | 4 +- 3 files changed, 138 insertions(+), 135 deletions(-) diff --git a/proto/spire/api/server/localauthority/v1/localauthority.pb.go b/proto/spire/api/server/localauthority/v1/localauthority.pb.go index fc01f99..e6d223e 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority.pb.go +++ b/proto/spire/api/server/localauthority/v1/localauthority.pb.go @@ -894,8 +894,9 @@ type TaintX509UpstreamAuthorityRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // The upstream authority's public key, PKIX encoded - PublicKey []byte `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` + // This is the X.509 Subject Key Identifier (or SKID) of the + // authority's CA certificate of the upstream X.509 authority to taint. + SubjectKeyId string `protobuf:"bytes,1,opt,name=subject_key_id,json=subjectKeyId,proto3" json:"subject_key_id,omitempty"` } func (x *TaintX509UpstreamAuthorityRequest) Reset() { @@ -930,11 +931,11 @@ func (*TaintX509UpstreamAuthorityRequest) Descriptor() ([]byte, []int) { return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{18} } -func (x *TaintX509UpstreamAuthorityRequest) GetPublicKey() []byte { +func (x *TaintX509UpstreamAuthorityRequest) GetSubjectKeyId() string { if x != nil { - return x.PublicKey + return x.SubjectKeyId } - return nil + return "" } type TaintX509UpstreamAuthorityResponse struct { @@ -1257,145 +1258,146 @@ var file_spire_api_server_localauthority_v1_localauthority_proto_rawDesc = []byt 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x10, 0x74, 0x61, 0x69, 0x6e, 0x74, 0x65, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x22, 0x42, 0x0a, 0x21, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, + 0x72, 0x69, 0x74, 0x79, 0x22, 0x49, 0x0a, 0x21, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x70, - 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x22, 0x24, 0x0a, 0x22, 0x54, 0x61, 0x69, 0x6e, - 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3f, - 0x0a, 0x1a, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x0c, - 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x0b, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x49, 0x64, 0x22, - 0x7e, 0x0a, 0x1b, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5f, - 0x0a, 0x11, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x73, 0x70, 0x69, 0x72, - 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, - 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x10, 0x72, - 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, - 0x52, 0x0a, 0x0e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, - 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x69, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x5f, - 0x61, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, - 0x73, 0x41, 0x74, 0x32, 0xc1, 0x0d, 0x0a, 0x0e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x99, 0x01, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x4a, 0x57, - 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, - 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, + 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x24, 0x0a, 0x0e, 0x73, 0x75, 0x62, + 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0c, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x22, + 0x24, 0x0a, 0x22, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, + 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3f, 0x0a, 0x1a, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, + 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x74, 0x79, 0x49, 0x64, 0x22, 0x7e, 0x0a, 0x1b, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, + 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5f, 0x0a, 0x11, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, + 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x32, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x96, 0x01, 0x0a, 0x13, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x4a, 0x57, - 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3e, 0x2e, 0x73, 0x70, 0x69, - 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, - 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, - 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3f, 0x2e, 0x73, 0x70, 0x69, - 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, - 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, - 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x99, 0x01, 0x0a, 0x14, - 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x12, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, - 0x74, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, - 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x90, 0x01, 0x0a, 0x11, 0x54, 0x61, 0x69, 0x6e, - 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3c, 0x2e, - 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, - 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3d, 0x2e, 0x73, 0x70, + 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, + 0x74, 0x61, 0x74, 0x65, 0x52, 0x10, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, 0x52, 0x0a, 0x0e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, + 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x65, + 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x5f, 0x61, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, + 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x74, 0x32, 0xc1, 0x0d, 0x0a, 0x0e, 0x4c, + 0x6f, 0x63, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x99, 0x01, + 0x0a, 0x14, 0x47, 0x65, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, + 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, + 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x4a, + 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, + 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, + 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, + 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, + 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x96, 0x01, 0x0a, 0x13, 0x50, 0x72, + 0x65, 0x70, 0x61, 0x72, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, + 0x79, 0x12, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x4a, 0x57, + 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x4a, 0x57, + 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x12, 0x99, 0x01, 0x0a, 0x14, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4a, + 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, - 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x93, 0x01, 0x0a, 0x12, 0x52, - 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x12, 0x3d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x4a, 0x57, 0x54, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x4a, 0x57, 0x54, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x9c, 0x01, 0x0a, 0x15, 0x47, 0x65, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x40, 0x2e, 0x73, 0x70, 0x69, - 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, - 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, - 0x47, 0x65, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x41, 0x2e, 0x73, + 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, - 0x31, 0x2e, 0x47, 0x65, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, - 0x99, 0x01, 0x0a, 0x14, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, + 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x90, + 0x01, 0x0a, 0x11, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x74, 0x79, 0x12, 0x3c, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, + 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x4a, + 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x3d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x4a, 0x57, 0x54, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x12, 0x93, 0x01, 0x0a, 0x12, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x4a, 0x57, 0x54, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, - 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, - 0x65, 0x70, 0x61, 0x72, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, - 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, - 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, - 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x9c, 0x01, 0x0a, 0x15, - 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, - 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x41, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, + 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, + 0x76, 0x6f, 0x6b, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, - 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x63, 0x74, - 0x69, 0x76, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x93, 0x01, 0x0a, 0x12, 0x54, - 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x12, 0x3d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, + 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, + 0x6f, 0x6b, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x9c, 0x01, 0x0a, 0x15, 0x47, 0x65, 0x74, 0x58, + 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, + 0x65, 0x12, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, + 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x41, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, + 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x58, 0x35, 0x30, 0x39, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x99, 0x01, 0x0a, 0x14, 0x50, 0x72, 0x65, 0x70, 0x61, + 0x72, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, + 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, + 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, + 0x1a, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0xab, 0x01, 0x0a, 0x1a, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, - 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, - 0x45, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, - 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x46, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, + 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x58, 0x35, 0x30, + 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x12, 0x9c, 0x01, 0x0a, 0x15, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x58, + 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x40, 0x2e, 0x73, + 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, + 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, + 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x41, + 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x12, 0x93, 0x01, 0x0a, 0x12, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, + 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, + 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, + 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, + 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, + 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, + 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0xab, 0x01, 0x0a, 0x1a, 0x54, 0x61, 0x69, 0x6e, + 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x45, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x96, - 0x01, 0x0a, 0x13, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, - 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, - 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x5b, 0x5a, 0x59, 0x67, 0x69, 0x74, 0x68, 0x75, - 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, - 0x72, 0x65, 0x2d, 0x61, 0x70, 0x69, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x2f, 0x76, 0x31, 0x3b, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x46, 0x2e, + 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, + 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, + 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x96, 0x01, 0x0a, 0x13, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, + 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3e, 0x2e, + 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, + 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3f, 0x2e, + 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, + 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x5b, + 0x5a, 0x59, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, + 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x61, 0x70, 0x69, 0x2d, 0x73, 0x64, + 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x61, 0x70, + 0x69, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x76, 0x31, 0x3b, 0x6c, 0x6f, 0x63, 0x61, 0x6c, + 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( diff --git a/proto/spire/api/server/localauthority/v1/localauthority.proto b/proto/spire/api/server/localauthority/v1/localauthority.proto index 257bb9d..f9c76bd 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority.proto +++ b/proto/spire/api/server/localauthority/v1/localauthority.proto @@ -80,7 +80,7 @@ service LocalAuthority { // It is important to change active upstream authority before taiting it, // since taint will force the rotation of any bundle that is using // the old upstream authority. - // It can receive the public key of an old X.509 authority. + // It receive the X.509 Subject Key Identifier (or SKID) of an old X.509 authority. // // If a X.509 upstream authority does not exist or it is active, a FailedPrecondition // error will be returned. @@ -197,8 +197,9 @@ message TaintX509AuthorityResponse { } message TaintX509UpstreamAuthorityRequest { - // The upstream authority's public key, PKIX encoded - bytes public_key = 1; + // This is the X.509 Subject Key Identifier (or SKID) of the + // authority's CA certificate of the upstream X.509 authority to taint. + string subject_key_id = 1; } message TaintX509UpstreamAuthorityResponse { diff --git a/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go b/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go index 7f84574..8d7a9f1 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go +++ b/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go @@ -83,7 +83,7 @@ type LocalAuthorityClient interface { // It is important to change active upstream authority before taiting it, // since taint will force the rotation of any bundle that is using // the old upstream authority. - // It can receive the public key of an old X.509 authority. + // It receive the X.509 Subject Key Identifier (or SKID) of an old X.509 authority. // // If a X.509 upstream authority does not exist or it is active, a FailedPrecondition // error will be returned. @@ -276,7 +276,7 @@ type LocalAuthorityServer interface { // It is important to change active upstream authority before taiting it, // since taint will force the rotation of any bundle that is using // the old upstream authority. - // It can receive the public key of an old X.509 authority. + // It receive the X.509 Subject Key Identifier (or SKID) of an old X.509 authority. // // If a X.509 upstream authority does not exist or it is active, a FailedPrecondition // error will be returned. From a8822df66066c484adb4ab28b66683a086228883 Mon Sep 17 00:00:00 2001 From: Marcos Yacob Date: Fri, 2 Aug 2024 10:37:58 -0300 Subject: [PATCH 4/7] Add revoke upstream authority Signed-off-by: Marcos Yacob --- .../localauthority/v1/localauthority.pb.go | 507 +++++++++++------- .../localauthority/v1/localauthority.proto | 19 + .../v1/localauthority_grpc.pb.go | 50 ++ 3 files changed, 389 insertions(+), 187 deletions(-) diff --git a/proto/spire/api/server/localauthority/v1/localauthority.pb.go b/proto/spire/api/server/localauthority/v1/localauthority.pb.go index e6d223e..d7b4257 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority.pb.go +++ b/proto/spire/api/server/localauthority/v1/localauthority.pb.go @@ -976,6 +976,93 @@ func (*TaintX509UpstreamAuthorityResponse) Descriptor() ([]byte, []int) { return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{19} } +type RevokeX509UpstreamAuthorityRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // This is the X.509 Subject Key Identifier (or SKID) of the + // authority's CA certificate of the upstream X.509 authority to revoke. + SubjectKeyId string `protobuf:"bytes,1,opt,name=subject_key_id,json=subjectKeyId,proto3" json:"subject_key_id,omitempty"` +} + +func (x *RevokeX509UpstreamAuthorityRequest) Reset() { + *x = RevokeX509UpstreamAuthorityRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[20] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RevokeX509UpstreamAuthorityRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RevokeX509UpstreamAuthorityRequest) ProtoMessage() {} + +func (x *RevokeX509UpstreamAuthorityRequest) ProtoReflect() protoreflect.Message { + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[20] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RevokeX509UpstreamAuthorityRequest.ProtoReflect.Descriptor instead. +func (*RevokeX509UpstreamAuthorityRequest) Descriptor() ([]byte, []int) { + return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{20} +} + +func (x *RevokeX509UpstreamAuthorityRequest) GetSubjectKeyId() string { + if x != nil { + return x.SubjectKeyId + } + return "" +} + +type RevokeX509UpstreamAuthorityResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *RevokeX509UpstreamAuthorityResponse) Reset() { + *x = RevokeX509UpstreamAuthorityResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[21] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RevokeX509UpstreamAuthorityResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RevokeX509UpstreamAuthorityResponse) ProtoMessage() {} + +func (x *RevokeX509UpstreamAuthorityResponse) ProtoReflect() protoreflect.Message { + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[21] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RevokeX509UpstreamAuthorityResponse.ProtoReflect.Descriptor instead. +func (*RevokeX509UpstreamAuthorityResponse) Descriptor() ([]byte, []int) { + return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{21} +} + type RevokeX509AuthorityRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -992,7 +1079,7 @@ type RevokeX509AuthorityRequest struct { func (x *RevokeX509AuthorityRequest) Reset() { *x = RevokeX509AuthorityRequest{} if protoimpl.UnsafeEnabled { - mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[20] + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[22] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1005,7 +1092,7 @@ func (x *RevokeX509AuthorityRequest) String() string { func (*RevokeX509AuthorityRequest) ProtoMessage() {} func (x *RevokeX509AuthorityRequest) ProtoReflect() protoreflect.Message { - mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[20] + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[22] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1018,7 +1105,7 @@ func (x *RevokeX509AuthorityRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use RevokeX509AuthorityRequest.ProtoReflect.Descriptor instead. func (*RevokeX509AuthorityRequest) Descriptor() ([]byte, []int) { - return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{20} + return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{22} } func (x *RevokeX509AuthorityRequest) GetAuthorityId() string { @@ -1039,7 +1126,7 @@ type RevokeX509AuthorityResponse struct { func (x *RevokeX509AuthorityResponse) Reset() { *x = RevokeX509AuthorityResponse{} if protoimpl.UnsafeEnabled { - mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[21] + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[23] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1052,7 +1139,7 @@ func (x *RevokeX509AuthorityResponse) String() string { func (*RevokeX509AuthorityResponse) ProtoMessage() {} func (x *RevokeX509AuthorityResponse) ProtoReflect() protoreflect.Message { - mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[21] + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[23] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1065,7 +1152,7 @@ func (x *RevokeX509AuthorityResponse) ProtoReflect() protoreflect.Message { // Deprecated: Use RevokeX509AuthorityResponse.ProtoReflect.Descriptor instead. func (*RevokeX509AuthorityResponse) Descriptor() ([]byte, []int) { - return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{21} + return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{23} } func (x *RevokeX509AuthorityResponse) GetRevokedAuthority() *AuthorityState { @@ -1089,7 +1176,7 @@ type AuthorityState struct { func (x *AuthorityState) Reset() { *x = AuthorityState{} if protoimpl.UnsafeEnabled { - mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[22] + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[24] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1102,7 +1189,7 @@ func (x *AuthorityState) String() string { func (*AuthorityState) ProtoMessage() {} func (x *AuthorityState) ProtoReflect() protoreflect.Message { - mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[22] + mi := &file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[24] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1115,7 +1202,7 @@ func (x *AuthorityState) ProtoReflect() protoreflect.Message { // Deprecated: Use AuthorityState.ProtoReflect.Descriptor instead. func (*AuthorityState) Descriptor() ([]byte, []int) { - return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{22} + return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP(), []int{24} } func (x *AuthorityState) GetAuthorityId() string { @@ -1265,139 +1352,157 @@ var file_spire_api_server_localauthority_v1_localauthority_proto_rawDesc = []byt 0x09, 0x52, 0x0c, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4b, 0x65, 0x79, 0x49, 0x64, 0x22, 0x24, 0x0a, 0x22, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3f, 0x0a, 0x1a, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, - 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x49, 0x64, 0x22, 0x7e, 0x0a, 0x1b, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, - 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5f, 0x0a, 0x11, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, - 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x32, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, - 0x74, 0x61, 0x74, 0x65, 0x52, 0x10, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, 0x52, 0x0a, 0x0e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, - 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x65, - 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x5f, 0x61, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x03, 0x52, - 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x74, 0x32, 0xc1, 0x0d, 0x0a, 0x0e, 0x4c, - 0x6f, 0x63, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x99, 0x01, - 0x0a, 0x14, 0x47, 0x65, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x4a, - 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x4a, 0x0a, 0x22, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, + 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x24, 0x0a, 0x0e, 0x73, + 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0c, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4b, 0x65, 0x79, 0x49, + 0x64, 0x22, 0x25, 0x0a, 0x23, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x55, + 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x3f, 0x0a, 0x1a, 0x52, 0x65, 0x76, 0x6f, + 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x49, 0x64, 0x22, 0x7e, 0x0a, 0x1b, 0x52, 0x65, 0x76, + 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5f, 0x0a, 0x11, 0x72, 0x65, 0x76, 0x6f, + 0x6b, 0x65, 0x64, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, + 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, + 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x10, 0x72, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x64, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x22, 0x52, 0x0a, 0x0e, 0x41, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x61, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0b, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x49, 0x64, 0x12, 0x1d, + 0x0a, 0x0a, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x5f, 0x61, 0x74, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x03, 0x52, 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x74, 0x32, 0xf2, 0x0e, + 0x0a, 0x0e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x12, 0x99, 0x01, 0x0a, 0x14, 0x47, 0x65, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, + 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, + 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, + 0x65, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, + 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x40, 0x2e, 0x73, 0x70, 0x69, + 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, + 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, + 0x47, 0x65, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, + 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x96, 0x01, 0x0a, + 0x13, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x74, 0x79, 0x12, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, + 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, + 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, + 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, + 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x99, 0x01, 0x0a, 0x14, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, + 0x74, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3f, + 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x41, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, + 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x12, 0x90, 0x01, 0x0a, 0x11, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3c, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, - 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, - 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, - 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x96, 0x01, 0x0a, 0x13, 0x50, 0x72, - 0x65, 0x70, 0x61, 0x72, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x12, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x4a, 0x57, - 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x1a, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x4a, 0x57, - 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x99, 0x01, 0x0a, 0x14, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4a, - 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3f, 0x2e, 0x73, 0x70, + 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, + 0x6e, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, + 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, + 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x93, 0x01, 0x0a, 0x12, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x4a, + 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, - 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x40, 0x2e, 0x73, - 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, - 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, - 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x90, - 0x01, 0x0a, 0x11, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x12, 0x3c, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, + 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3e, 0x2e, 0x73, 0x70, 0x69, + 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, + 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, + 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x9c, 0x01, 0x0a, 0x15, 0x47, + 0x65, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, + 0x74, 0x61, 0x74, 0x65, 0x12, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x4a, - 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x3d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x4a, 0x57, 0x54, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x12, 0x93, 0x01, 0x0a, 0x12, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x4a, 0x57, 0x54, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, - 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, - 0x76, 0x6f, 0x6b, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, - 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, - 0x6f, 0x6b, 0x65, 0x4a, 0x57, 0x54, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x9c, 0x01, 0x0a, 0x15, 0x47, 0x65, 0x74, 0x58, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x58, 0x35, 0x30, + 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x41, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, + 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, + 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, - 0x65, 0x12, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x41, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, + 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x99, 0x01, 0x0a, 0x14, 0x50, 0x72, + 0x65, 0x70, 0x61, 0x72, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x12, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, + 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x58, + 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x1a, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, - 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x47, 0x65, 0x74, 0x58, 0x35, 0x30, 0x39, - 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x99, 0x01, 0x0a, 0x14, 0x50, 0x72, 0x65, 0x70, 0x61, - 0x72, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, - 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, + 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, + 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x9c, 0x01, 0x0a, 0x15, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, + 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, + 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x58, 0x35, 0x30, 0x39, + 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, + 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x1a, 0x41, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x58, + 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x93, 0x01, 0x0a, 0x12, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, + 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3d, 0x2e, 0x73, 0x70, + 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, + 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, + 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3e, 0x2e, 0x73, 0x70, 0x69, + 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, + 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, + 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0xab, 0x01, 0x0a, 0x1a, 0x54, + 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x45, 0x2e, 0x73, 0x70, 0x69, 0x72, + 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, + 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, + 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x40, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, + 0x1a, 0x46, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, - 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x72, 0x65, 0x70, 0x61, 0x72, 0x65, 0x58, 0x35, 0x30, - 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x9c, 0x01, 0x0a, 0x15, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x58, - 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x40, 0x2e, 0x73, - 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, - 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, - 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x41, - 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x58, 0x35, 0x30, 0x39, + 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, + 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x96, 0x01, 0x0a, 0x13, 0x52, 0x65, 0x76, + 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x12, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, + 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x3f, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x12, 0x93, 0x01, 0x0a, 0x12, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3d, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, - 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, - 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3e, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, - 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, - 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, - 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0xab, 0x01, 0x0a, 0x1a, 0x54, 0x61, 0x69, 0x6e, - 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x45, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, - 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, - 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x46, 0x2e, - 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, - 0x76, 0x31, 0x2e, 0x54, 0x61, 0x69, 0x6e, 0x74, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, - 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x96, 0x01, 0x0a, 0x13, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, - 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x3e, 0x2e, - 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, - 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x3f, 0x2e, - 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, - 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x41, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x5b, - 0x5a, 0x59, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x70, 0x69, - 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x61, 0x70, 0x69, 0x2d, 0x73, 0x64, - 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2f, 0x61, 0x70, - 0x69, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x76, 0x31, 0x3b, 0x6c, 0x6f, 0x63, 0x61, 0x6c, - 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x65, 0x12, 0xae, 0x01, 0x0a, 0x1b, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, + 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, + 0x79, 0x12, 0x46, 0x2e, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, + 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, + 0x74, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x47, 0x2e, 0x73, 0x70, 0x69, 0x72, + 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2e, 0x6c, 0x6f, 0x63, + 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x76, 0x31, 0x2e, 0x52, + 0x65, 0x76, 0x6f, 0x6b, 0x65, 0x58, 0x35, 0x30, 0x39, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, + 0x6d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x42, 0x5b, 0x5a, 0x59, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x73, 0x70, 0x69, 0x66, 0x66, 0x65, 0x2f, 0x73, 0x70, 0x69, 0x72, 0x65, 0x2d, 0x61, 0x70, + 0x69, 0x2d, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x73, 0x70, 0x69, 0x72, + 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x2f, 0x6c, 0x6f, 0x63, + 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x76, 0x31, 0x3b, 0x6c, + 0x6f, 0x63, 0x61, 0x6c, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x76, 0x31, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1412,47 +1517,49 @@ func file_spire_api_server_localauthority_v1_localauthority_proto_rawDescGZIP() return file_spire_api_server_localauthority_v1_localauthority_proto_rawDescData } -var file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes = make([]protoimpl.MessageInfo, 23) +var file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes = make([]protoimpl.MessageInfo, 25) var file_spire_api_server_localauthority_v1_localauthority_proto_goTypes = []interface{}{ - (*GetJWTAuthorityStateRequest)(nil), // 0: spire.api.server.localauthority.v1.GetJWTAuthorityStateRequest - (*GetJWTAuthorityStateResponse)(nil), // 1: spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse - (*PrepareJWTAuthorityRequest)(nil), // 2: spire.api.server.localauthority.v1.PrepareJWTAuthorityRequest - (*PrepareJWTAuthorityResponse)(nil), // 3: spire.api.server.localauthority.v1.PrepareJWTAuthorityResponse - (*ActivateJWTAuthorityRequest)(nil), // 4: spire.api.server.localauthority.v1.ActivateJWTAuthorityRequest - (*ActivateJWTAuthorityResponse)(nil), // 5: spire.api.server.localauthority.v1.ActivateJWTAuthorityResponse - (*TaintJWTAuthorityRequest)(nil), // 6: spire.api.server.localauthority.v1.TaintJWTAuthorityRequest - (*TaintJWTAuthorityResponse)(nil), // 7: spire.api.server.localauthority.v1.TaintJWTAuthorityResponse - (*RevokeJWTAuthorityRequest)(nil), // 8: spire.api.server.localauthority.v1.RevokeJWTAuthorityRequest - (*RevokeJWTAuthorityResponse)(nil), // 9: spire.api.server.localauthority.v1.RevokeJWTAuthorityResponse - (*GetX509AuthorityStateRequest)(nil), // 10: spire.api.server.localauthority.v1.GetX509AuthorityStateRequest - (*GetX509AuthorityStateResponse)(nil), // 11: spire.api.server.localauthority.v1.GetX509AuthorityStateResponse - (*PrepareX509AuthorityRequest)(nil), // 12: spire.api.server.localauthority.v1.PrepareX509AuthorityRequest - (*PrepareX509AuthorityResponse)(nil), // 13: spire.api.server.localauthority.v1.PrepareX509AuthorityResponse - (*ActivateX509AuthorityRequest)(nil), // 14: spire.api.server.localauthority.v1.ActivateX509AuthorityRequest - (*ActivateX509AuthorityResponse)(nil), // 15: spire.api.server.localauthority.v1.ActivateX509AuthorityResponse - (*TaintX509AuthorityRequest)(nil), // 16: spire.api.server.localauthority.v1.TaintX509AuthorityRequest - (*TaintX509AuthorityResponse)(nil), // 17: spire.api.server.localauthority.v1.TaintX509AuthorityResponse - (*TaintX509UpstreamAuthorityRequest)(nil), // 18: spire.api.server.localauthority.v1.TaintX509UpstreamAuthorityRequest - (*TaintX509UpstreamAuthorityResponse)(nil), // 19: spire.api.server.localauthority.v1.TaintX509UpstreamAuthorityResponse - (*RevokeX509AuthorityRequest)(nil), // 20: spire.api.server.localauthority.v1.RevokeX509AuthorityRequest - (*RevokeX509AuthorityResponse)(nil), // 21: spire.api.server.localauthority.v1.RevokeX509AuthorityResponse - (*AuthorityState)(nil), // 22: spire.api.server.localauthority.v1.AuthorityState + (*GetJWTAuthorityStateRequest)(nil), // 0: spire.api.server.localauthority.v1.GetJWTAuthorityStateRequest + (*GetJWTAuthorityStateResponse)(nil), // 1: spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse + (*PrepareJWTAuthorityRequest)(nil), // 2: spire.api.server.localauthority.v1.PrepareJWTAuthorityRequest + (*PrepareJWTAuthorityResponse)(nil), // 3: spire.api.server.localauthority.v1.PrepareJWTAuthorityResponse + (*ActivateJWTAuthorityRequest)(nil), // 4: spire.api.server.localauthority.v1.ActivateJWTAuthorityRequest + (*ActivateJWTAuthorityResponse)(nil), // 5: spire.api.server.localauthority.v1.ActivateJWTAuthorityResponse + (*TaintJWTAuthorityRequest)(nil), // 6: spire.api.server.localauthority.v1.TaintJWTAuthorityRequest + (*TaintJWTAuthorityResponse)(nil), // 7: spire.api.server.localauthority.v1.TaintJWTAuthorityResponse + (*RevokeJWTAuthorityRequest)(nil), // 8: spire.api.server.localauthority.v1.RevokeJWTAuthorityRequest + (*RevokeJWTAuthorityResponse)(nil), // 9: spire.api.server.localauthority.v1.RevokeJWTAuthorityResponse + (*GetX509AuthorityStateRequest)(nil), // 10: spire.api.server.localauthority.v1.GetX509AuthorityStateRequest + (*GetX509AuthorityStateResponse)(nil), // 11: spire.api.server.localauthority.v1.GetX509AuthorityStateResponse + (*PrepareX509AuthorityRequest)(nil), // 12: spire.api.server.localauthority.v1.PrepareX509AuthorityRequest + (*PrepareX509AuthorityResponse)(nil), // 13: spire.api.server.localauthority.v1.PrepareX509AuthorityResponse + (*ActivateX509AuthorityRequest)(nil), // 14: spire.api.server.localauthority.v1.ActivateX509AuthorityRequest + (*ActivateX509AuthorityResponse)(nil), // 15: spire.api.server.localauthority.v1.ActivateX509AuthorityResponse + (*TaintX509AuthorityRequest)(nil), // 16: spire.api.server.localauthority.v1.TaintX509AuthorityRequest + (*TaintX509AuthorityResponse)(nil), // 17: spire.api.server.localauthority.v1.TaintX509AuthorityResponse + (*TaintX509UpstreamAuthorityRequest)(nil), // 18: spire.api.server.localauthority.v1.TaintX509UpstreamAuthorityRequest + (*TaintX509UpstreamAuthorityResponse)(nil), // 19: spire.api.server.localauthority.v1.TaintX509UpstreamAuthorityResponse + (*RevokeX509UpstreamAuthorityRequest)(nil), // 20: spire.api.server.localauthority.v1.RevokeX509UpstreamAuthorityRequest + (*RevokeX509UpstreamAuthorityResponse)(nil), // 21: spire.api.server.localauthority.v1.RevokeX509UpstreamAuthorityResponse + (*RevokeX509AuthorityRequest)(nil), // 22: spire.api.server.localauthority.v1.RevokeX509AuthorityRequest + (*RevokeX509AuthorityResponse)(nil), // 23: spire.api.server.localauthority.v1.RevokeX509AuthorityResponse + (*AuthorityState)(nil), // 24: spire.api.server.localauthority.v1.AuthorityState } var file_spire_api_server_localauthority_v1_localauthority_proto_depIdxs = []int32{ - 22, // 0: spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse.active:type_name -> spire.api.server.localauthority.v1.AuthorityState - 22, // 1: spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse.prepared:type_name -> spire.api.server.localauthority.v1.AuthorityState - 22, // 2: spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse.old:type_name -> spire.api.server.localauthority.v1.AuthorityState - 22, // 3: spire.api.server.localauthority.v1.PrepareJWTAuthorityResponse.prepared_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 22, // 4: spire.api.server.localauthority.v1.ActivateJWTAuthorityResponse.activated_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 22, // 5: spire.api.server.localauthority.v1.TaintJWTAuthorityResponse.tainted_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 22, // 6: spire.api.server.localauthority.v1.RevokeJWTAuthorityResponse.revoked_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 22, // 7: spire.api.server.localauthority.v1.GetX509AuthorityStateResponse.active:type_name -> spire.api.server.localauthority.v1.AuthorityState - 22, // 8: spire.api.server.localauthority.v1.GetX509AuthorityStateResponse.prepared:type_name -> spire.api.server.localauthority.v1.AuthorityState - 22, // 9: spire.api.server.localauthority.v1.GetX509AuthorityStateResponse.old:type_name -> spire.api.server.localauthority.v1.AuthorityState - 22, // 10: spire.api.server.localauthority.v1.PrepareX509AuthorityResponse.prepared_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 22, // 11: spire.api.server.localauthority.v1.ActivateX509AuthorityResponse.activated_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 22, // 12: spire.api.server.localauthority.v1.TaintX509AuthorityResponse.tainted_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState - 22, // 13: spire.api.server.localauthority.v1.RevokeX509AuthorityResponse.revoked_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 24, // 0: spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse.active:type_name -> spire.api.server.localauthority.v1.AuthorityState + 24, // 1: spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse.prepared:type_name -> spire.api.server.localauthority.v1.AuthorityState + 24, // 2: spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse.old:type_name -> spire.api.server.localauthority.v1.AuthorityState + 24, // 3: spire.api.server.localauthority.v1.PrepareJWTAuthorityResponse.prepared_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 24, // 4: spire.api.server.localauthority.v1.ActivateJWTAuthorityResponse.activated_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 24, // 5: spire.api.server.localauthority.v1.TaintJWTAuthorityResponse.tainted_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 24, // 6: spire.api.server.localauthority.v1.RevokeJWTAuthorityResponse.revoked_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 24, // 7: spire.api.server.localauthority.v1.GetX509AuthorityStateResponse.active:type_name -> spire.api.server.localauthority.v1.AuthorityState + 24, // 8: spire.api.server.localauthority.v1.GetX509AuthorityStateResponse.prepared:type_name -> spire.api.server.localauthority.v1.AuthorityState + 24, // 9: spire.api.server.localauthority.v1.GetX509AuthorityStateResponse.old:type_name -> spire.api.server.localauthority.v1.AuthorityState + 24, // 10: spire.api.server.localauthority.v1.PrepareX509AuthorityResponse.prepared_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 24, // 11: spire.api.server.localauthority.v1.ActivateX509AuthorityResponse.activated_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 24, // 12: spire.api.server.localauthority.v1.TaintX509AuthorityResponse.tainted_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState + 24, // 13: spire.api.server.localauthority.v1.RevokeX509AuthorityResponse.revoked_authority:type_name -> spire.api.server.localauthority.v1.AuthorityState 0, // 14: spire.api.server.localauthority.v1.LocalAuthority.GetJWTAuthorityState:input_type -> spire.api.server.localauthority.v1.GetJWTAuthorityStateRequest 2, // 15: spire.api.server.localauthority.v1.LocalAuthority.PrepareJWTAuthority:input_type -> spire.api.server.localauthority.v1.PrepareJWTAuthorityRequest 4, // 16: spire.api.server.localauthority.v1.LocalAuthority.ActivateJWTAuthority:input_type -> spire.api.server.localauthority.v1.ActivateJWTAuthorityRequest @@ -1463,20 +1570,22 @@ var file_spire_api_server_localauthority_v1_localauthority_proto_depIdxs = []int 14, // 21: spire.api.server.localauthority.v1.LocalAuthority.ActivateX509Authority:input_type -> spire.api.server.localauthority.v1.ActivateX509AuthorityRequest 16, // 22: spire.api.server.localauthority.v1.LocalAuthority.TaintX509Authority:input_type -> spire.api.server.localauthority.v1.TaintX509AuthorityRequest 18, // 23: spire.api.server.localauthority.v1.LocalAuthority.TaintX509UpstreamAuthority:input_type -> spire.api.server.localauthority.v1.TaintX509UpstreamAuthorityRequest - 20, // 24: spire.api.server.localauthority.v1.LocalAuthority.RevokeX509Authority:input_type -> spire.api.server.localauthority.v1.RevokeX509AuthorityRequest - 1, // 25: spire.api.server.localauthority.v1.LocalAuthority.GetJWTAuthorityState:output_type -> spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse - 3, // 26: spire.api.server.localauthority.v1.LocalAuthority.PrepareJWTAuthority:output_type -> spire.api.server.localauthority.v1.PrepareJWTAuthorityResponse - 5, // 27: spire.api.server.localauthority.v1.LocalAuthority.ActivateJWTAuthority:output_type -> spire.api.server.localauthority.v1.ActivateJWTAuthorityResponse - 7, // 28: spire.api.server.localauthority.v1.LocalAuthority.TaintJWTAuthority:output_type -> spire.api.server.localauthority.v1.TaintJWTAuthorityResponse - 9, // 29: spire.api.server.localauthority.v1.LocalAuthority.RevokeJWTAuthority:output_type -> spire.api.server.localauthority.v1.RevokeJWTAuthorityResponse - 11, // 30: spire.api.server.localauthority.v1.LocalAuthority.GetX509AuthorityState:output_type -> spire.api.server.localauthority.v1.GetX509AuthorityStateResponse - 13, // 31: spire.api.server.localauthority.v1.LocalAuthority.PrepareX509Authority:output_type -> spire.api.server.localauthority.v1.PrepareX509AuthorityResponse - 15, // 32: spire.api.server.localauthority.v1.LocalAuthority.ActivateX509Authority:output_type -> spire.api.server.localauthority.v1.ActivateX509AuthorityResponse - 17, // 33: spire.api.server.localauthority.v1.LocalAuthority.TaintX509Authority:output_type -> spire.api.server.localauthority.v1.TaintX509AuthorityResponse - 19, // 34: spire.api.server.localauthority.v1.LocalAuthority.TaintX509UpstreamAuthority:output_type -> spire.api.server.localauthority.v1.TaintX509UpstreamAuthorityResponse - 21, // 35: spire.api.server.localauthority.v1.LocalAuthority.RevokeX509Authority:output_type -> spire.api.server.localauthority.v1.RevokeX509AuthorityResponse - 25, // [25:36] is the sub-list for method output_type - 14, // [14:25] is the sub-list for method input_type + 22, // 24: spire.api.server.localauthority.v1.LocalAuthority.RevokeX509Authority:input_type -> spire.api.server.localauthority.v1.RevokeX509AuthorityRequest + 20, // 25: spire.api.server.localauthority.v1.LocalAuthority.RevokeX509UpstreamAuthority:input_type -> spire.api.server.localauthority.v1.RevokeX509UpstreamAuthorityRequest + 1, // 26: spire.api.server.localauthority.v1.LocalAuthority.GetJWTAuthorityState:output_type -> spire.api.server.localauthority.v1.GetJWTAuthorityStateResponse + 3, // 27: spire.api.server.localauthority.v1.LocalAuthority.PrepareJWTAuthority:output_type -> spire.api.server.localauthority.v1.PrepareJWTAuthorityResponse + 5, // 28: spire.api.server.localauthority.v1.LocalAuthority.ActivateJWTAuthority:output_type -> spire.api.server.localauthority.v1.ActivateJWTAuthorityResponse + 7, // 29: spire.api.server.localauthority.v1.LocalAuthority.TaintJWTAuthority:output_type -> spire.api.server.localauthority.v1.TaintJWTAuthorityResponse + 9, // 30: spire.api.server.localauthority.v1.LocalAuthority.RevokeJWTAuthority:output_type -> spire.api.server.localauthority.v1.RevokeJWTAuthorityResponse + 11, // 31: spire.api.server.localauthority.v1.LocalAuthority.GetX509AuthorityState:output_type -> spire.api.server.localauthority.v1.GetX509AuthorityStateResponse + 13, // 32: spire.api.server.localauthority.v1.LocalAuthority.PrepareX509Authority:output_type -> spire.api.server.localauthority.v1.PrepareX509AuthorityResponse + 15, // 33: spire.api.server.localauthority.v1.LocalAuthority.ActivateX509Authority:output_type -> spire.api.server.localauthority.v1.ActivateX509AuthorityResponse + 17, // 34: spire.api.server.localauthority.v1.LocalAuthority.TaintX509Authority:output_type -> spire.api.server.localauthority.v1.TaintX509AuthorityResponse + 19, // 35: spire.api.server.localauthority.v1.LocalAuthority.TaintX509UpstreamAuthority:output_type -> spire.api.server.localauthority.v1.TaintX509UpstreamAuthorityResponse + 23, // 36: spire.api.server.localauthority.v1.LocalAuthority.RevokeX509Authority:output_type -> spire.api.server.localauthority.v1.RevokeX509AuthorityResponse + 21, // 37: spire.api.server.localauthority.v1.LocalAuthority.RevokeX509UpstreamAuthority:output_type -> spire.api.server.localauthority.v1.RevokeX509UpstreamAuthorityResponse + 26, // [26:38] is the sub-list for method output_type + 14, // [14:26] is the sub-list for method input_type 14, // [14:14] is the sub-list for extension type_name 14, // [14:14] is the sub-list for extension extendee 0, // [0:14] is the sub-list for field type_name @@ -1729,7 +1838,7 @@ func file_spire_api_server_localauthority_v1_localauthority_proto_init() { } } file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RevokeX509AuthorityRequest); i { + switch v := v.(*RevokeX509UpstreamAuthorityRequest); i { case 0: return &v.state case 1: @@ -1741,7 +1850,7 @@ func file_spire_api_server_localauthority_v1_localauthority_proto_init() { } } file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RevokeX509AuthorityResponse); i { + switch v := v.(*RevokeX509UpstreamAuthorityResponse); i { case 0: return &v.state case 1: @@ -1753,6 +1862,30 @@ func file_spire_api_server_localauthority_v1_localauthority_proto_init() { } } file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RevokeX509AuthorityRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*RevokeX509AuthorityResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_spire_api_server_localauthority_v1_localauthority_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AuthorityState); i { case 0: return &v.state @@ -1771,7 +1904,7 @@ func file_spire_api_server_localauthority_v1_localauthority_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_spire_api_server_localauthority_v1_localauthority_proto_rawDesc, NumEnums: 0, - NumMessages: 23, + NumMessages: 25, NumExtensions: 0, NumServices: 1, }, diff --git a/proto/spire/api/server/localauthority/v1/localauthority.proto b/proto/spire/api/server/localauthority/v1/localauthority.proto index f9c76bd..384abb4 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority.proto +++ b/proto/spire/api/server/localauthority/v1/localauthority.proto @@ -95,6 +95,15 @@ service LocalAuthority { // has been prepared but not activated yet), a FailedPrecondition // error will be returned. rpc RevokeX509Authority(RevokeX509AuthorityRequest) returns (RevokeX509AuthorityResponse); + + // RevokeX509UpstreamAuthority revokes the previously active X.509 upstream authority by + // removing it from the bundle and propagating this update throughout + // the cluster. + // It receive the subject key ID an old X.509 upstream authority. + // + // If a previously active X.509 upstream authority does not exist, a FailedPrecondition + // error will be returned. + rpc RevokeX509UpstreamAuthority(RevokeX509UpstreamAuthorityRequest) returns (RevokeX509UpstreamAuthorityResponse); } message GetJWTAuthorityStateRequest {} @@ -205,6 +214,15 @@ message TaintX509UpstreamAuthorityRequest { message TaintX509UpstreamAuthorityResponse { } +message RevokeX509UpstreamAuthorityRequest { + // This is the X.509 Subject Key Identifier (or SKID) of the + // authority's CA certificate of the upstream X.509 authority to revoke. + string subject_key_id = 1; +} + +message RevokeX509UpstreamAuthorityResponse { +} + message RevokeX509AuthorityRequest { // Optional. The authority ID of the local X.509 authority to revoke. // This is the X.509 Subject Key Identifier (or SKID) of the @@ -218,6 +236,7 @@ message RevokeX509AuthorityResponse { AuthorityState revoked_authority = 1; } + message AuthorityState { // The authority ID. string authority_id = 1; diff --git a/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go b/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go index 8d7a9f1..0efb71a 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go +++ b/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go @@ -97,6 +97,14 @@ type LocalAuthorityClient interface { // has been prepared but not activated yet), a FailedPrecondition // error will be returned. RevokeX509Authority(ctx context.Context, in *RevokeX509AuthorityRequest, opts ...grpc.CallOption) (*RevokeX509AuthorityResponse, error) + // RevokeX509UpstreamAuthority revokes the previously active X.509 upstream authority by + // removing it from the bundle and propagating this update throughout + // the cluster. + // It receive the subject key ID an old X.509 upstream authority. + // + // If a previously active X.509 upstream authority does not exist, a FailedPrecondition + // error will be returned. + RevokeX509UpstreamAuthority(ctx context.Context, in *RevokeX509UpstreamAuthorityRequest, opts ...grpc.CallOption) (*RevokeX509UpstreamAuthorityResponse, error) } type localAuthorityClient struct { @@ -206,6 +214,15 @@ func (c *localAuthorityClient) RevokeX509Authority(ctx context.Context, in *Revo return out, nil } +func (c *localAuthorityClient) RevokeX509UpstreamAuthority(ctx context.Context, in *RevokeX509UpstreamAuthorityRequest, opts ...grpc.CallOption) (*RevokeX509UpstreamAuthorityResponse, error) { + out := new(RevokeX509UpstreamAuthorityResponse) + err := c.cc.Invoke(ctx, "/spire.api.server.localauthority.v1.LocalAuthority/RevokeX509UpstreamAuthority", in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + // LocalAuthorityServer is the server API for LocalAuthority service. // All implementations must embed UnimplementedLocalAuthorityServer // for forward compatibility @@ -290,6 +307,14 @@ type LocalAuthorityServer interface { // has been prepared but not activated yet), a FailedPrecondition // error will be returned. RevokeX509Authority(context.Context, *RevokeX509AuthorityRequest) (*RevokeX509AuthorityResponse, error) + // RevokeX509UpstreamAuthority revokes the previously active X.509 upstream authority by + // removing it from the bundle and propagating this update throughout + // the cluster. + // It receive the subject key ID an old X.509 upstream authority. + // + // If a previously active X.509 upstream authority does not exist, a FailedPrecondition + // error will be returned. + RevokeX509UpstreamAuthority(context.Context, *RevokeX509UpstreamAuthorityRequest) (*RevokeX509UpstreamAuthorityResponse, error) mustEmbedUnimplementedLocalAuthorityServer() } @@ -330,6 +355,9 @@ func (UnimplementedLocalAuthorityServer) TaintX509UpstreamAuthority(context.Cont func (UnimplementedLocalAuthorityServer) RevokeX509Authority(context.Context, *RevokeX509AuthorityRequest) (*RevokeX509AuthorityResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method RevokeX509Authority not implemented") } +func (UnimplementedLocalAuthorityServer) RevokeX509UpstreamAuthority(context.Context, *RevokeX509UpstreamAuthorityRequest) (*RevokeX509UpstreamAuthorityResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method RevokeX509UpstreamAuthority not implemented") +} func (UnimplementedLocalAuthorityServer) mustEmbedUnimplementedLocalAuthorityServer() {} // UnsafeLocalAuthorityServer may be embedded to opt out of forward compatibility for this service. @@ -541,6 +569,24 @@ func _LocalAuthority_RevokeX509Authority_Handler(srv interface{}, ctx context.Co return interceptor(ctx, in, info, handler) } +func _LocalAuthority_RevokeX509UpstreamAuthority_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(RevokeX509UpstreamAuthorityRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(LocalAuthorityServer).RevokeX509UpstreamAuthority(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: "/spire.api.server.localauthority.v1.LocalAuthority/RevokeX509UpstreamAuthority", + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(LocalAuthorityServer).RevokeX509UpstreamAuthority(ctx, req.(*RevokeX509UpstreamAuthorityRequest)) + } + return interceptor(ctx, in, info, handler) +} + var _LocalAuthority_serviceDesc = grpc.ServiceDesc{ ServiceName: "spire.api.server.localauthority.v1.LocalAuthority", HandlerType: (*LocalAuthorityServer)(nil), @@ -589,6 +635,10 @@ var _LocalAuthority_serviceDesc = grpc.ServiceDesc{ MethodName: "RevokeX509Authority", Handler: _LocalAuthority_RevokeX509Authority_Handler, }, + { + MethodName: "RevokeX509UpstreamAuthority", + Handler: _LocalAuthority_RevokeX509UpstreamAuthority_Handler, + }, }, Streams: []grpc.StreamDesc{}, Metadata: "spire/api/server/localauthority/v1/localauthority.proto", From 796ea0d0e49c2659ee562eb73c1fe65ba9975b9b Mon Sep 17 00:00:00 2001 From: Marcos Yacob Date: Tue, 6 Aug 2024 16:23:16 -0300 Subject: [PATCH 5/7] PR changes Signed-off-by: Marcos Yacob --- .../localauthority/v1/localauthority.proto | 10 +++++----- .../v1/localauthority_grpc.pb.go | 18 ++++++++++-------- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/proto/spire/api/server/localauthority/v1/localauthority.proto b/proto/spire/api/server/localauthority/v1/localauthority.proto index 384abb4..f134b50 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority.proto +++ b/proto/spire/api/server/localauthority/v1/localauthority.proto @@ -78,11 +78,11 @@ service LocalAuthority { // the tainted authority. The result of this action will be observed // cluster-wide. // It is important to change active upstream authority before taiting it, - // since taint will force the rotation of any bundle that is using + // since tainting will force the rotation of any bundle that is using // the old upstream authority. - // It receive the X.509 Subject Key Identifier (or SKID) of an old X.509 authority. + // It receives the X.509 Subject Key Identifier (or SKID) of an old X.509 authority. // - // If a X.509 upstream authority does not exist or it is active, a FailedPrecondition + // If an X.509 upstream authority does not exist or it is active, a FailedPrecondition // error will be returned. rpc TaintX509UpstreamAuthority(TaintX509UpstreamAuthorityRequest) returns (TaintX509UpstreamAuthorityResponse); @@ -99,7 +99,8 @@ service LocalAuthority { // RevokeX509UpstreamAuthority revokes the previously active X.509 upstream authority by // removing it from the bundle and propagating this update throughout // the cluster. - // It receive the subject key ID an old X.509 upstream authority. + // It receives the subject key ID of the authority's CA certificate of the + // upstream X.509 authority to revoke. // // If a previously active X.509 upstream authority does not exist, a FailedPrecondition // error will be returned. @@ -236,7 +237,6 @@ message RevokeX509AuthorityResponse { AuthorityState revoked_authority = 1; } - message AuthorityState { // The authority ID. string authority_id = 1; diff --git a/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go b/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go index 0efb71a..dcf9c34 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go +++ b/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go @@ -81,11 +81,11 @@ type LocalAuthorityClient interface { // the tainted authority. The result of this action will be observed // cluster-wide. // It is important to change active upstream authority before taiting it, - // since taint will force the rotation of any bundle that is using + // since tainting will force the rotation of any bundle that is using // the old upstream authority. - // It receive the X.509 Subject Key Identifier (or SKID) of an old X.509 authority. + // It receives the X.509 Subject Key Identifier (or SKID) of an old X.509 authority. // - // If a X.509 upstream authority does not exist or it is active, a FailedPrecondition + // If an X.509 upstream authority does not exist or it is active, a FailedPrecondition // error will be returned. TaintX509UpstreamAuthority(ctx context.Context, in *TaintX509UpstreamAuthorityRequest, opts ...grpc.CallOption) (*TaintX509UpstreamAuthorityResponse, error) // RevokeX509Authority revokes the previously active X.509 authority by @@ -100,7 +100,8 @@ type LocalAuthorityClient interface { // RevokeX509UpstreamAuthority revokes the previously active X.509 upstream authority by // removing it from the bundle and propagating this update throughout // the cluster. - // It receive the subject key ID an old X.509 upstream authority. + // It receives the subject key ID of the authority's CA certificate of the + // upstream X.509 authority to revoke. // // If a previously active X.509 upstream authority does not exist, a FailedPrecondition // error will be returned. @@ -291,11 +292,11 @@ type LocalAuthorityServer interface { // the tainted authority. The result of this action will be observed // cluster-wide. // It is important to change active upstream authority before taiting it, - // since taint will force the rotation of any bundle that is using + // since tainting will force the rotation of any bundle that is using // the old upstream authority. - // It receive the X.509 Subject Key Identifier (or SKID) of an old X.509 authority. + // It receives the X.509 Subject Key Identifier (or SKID) of an old X.509 authority. // - // If a X.509 upstream authority does not exist or it is active, a FailedPrecondition + // If an X.509 upstream authority does not exist or it is active, a FailedPrecondition // error will be returned. TaintX509UpstreamAuthority(context.Context, *TaintX509UpstreamAuthorityRequest) (*TaintX509UpstreamAuthorityResponse, error) // RevokeX509Authority revokes the previously active X.509 authority by @@ -310,7 +311,8 @@ type LocalAuthorityServer interface { // RevokeX509UpstreamAuthority revokes the previously active X.509 upstream authority by // removing it from the bundle and propagating this update throughout // the cluster. - // It receive the subject key ID an old X.509 upstream authority. + // It receives the subject key ID of the authority's CA certificate of the + // upstream X.509 authority to revoke. // // If a previously active X.509 upstream authority does not exist, a FailedPrecondition // error will be returned. From 940ef72a6444288440b1ce3dbff2ee51666f2fb3 Mon Sep 17 00:00:00 2001 From: Marcos Yacob Date: Wed, 7 Aug 2024 10:25:08 -0300 Subject: [PATCH 6/7] More PR changes Signed-off-by: Marcos Yacob --- .../localauthority/v1/localauthority.proto | 21 +++++----- .../v1/localauthority_grpc.pb.go | 38 ++++++++++--------- 2 files changed, 31 insertions(+), 28 deletions(-) diff --git a/proto/spire/api/server/localauthority/v1/localauthority.proto b/proto/spire/api/server/localauthority/v1/localauthority.proto index f134b50..d1ec235 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority.proto +++ b/proto/spire/api/server/localauthority/v1/localauthority.proto @@ -64,8 +64,8 @@ service LocalAuthority { // cluster-wide. // It can receive the authority ID of an old X.509 authority. // - // If upstream authority is configured, local authorities can not be tainted, - // a FailedPrecondition error will be returned. + // If an upstream authority is configured then local authorities cannot be tainted, + // and a FailedPrecondition error will be returned. // // If a previously active X.509 authority does not exist (e.g. if one // has been prepared but not activated yet), a FailedPrecondition @@ -73,17 +73,18 @@ service LocalAuthority { rpc TaintX509Authority(TaintX509AuthorityRequest) returns (TaintX509AuthorityResponse); // TaintX509UpstreamAuthority marks the provided upstream authority as - // being tainted. SPIRE Agents observing an authority to be tainted + // being tainted. SPIRE Agents observing a tainted authority to be tainted // will perform proactive rotations of any key material related to // the tainted authority. The result of this action will be observed // cluster-wide. - // It is important to change active upstream authority before taiting it, - // since tainting will force the rotation of any bundle that is using + // It is important to change to a new active upstream authority before tainting the old one, + // since tainting will force the rotation of any bundle that is using // the old upstream authority. - // It receives the X.509 Subject Key Identifier (or SKID) of an old X.509 authority. + // The X.509 authority to taint is identified using the provided X.509 Subject Key + // Identifier (or SKID) of the old X.509 authority. // - // If an X.509 upstream authority does not exist or it is active, a FailedPrecondition - // error will be returned. + // If an X.509 upstream authority is not configured, or the identified upstream + // X.509 authority is active, a FailedPrecondition error will be returned. rpc TaintX509UpstreamAuthority(TaintX509UpstreamAuthorityRequest) returns (TaintX509UpstreamAuthorityResponse); // RevokeX509Authority revokes the previously active X.509 authority by @@ -99,8 +100,8 @@ service LocalAuthority { // RevokeX509UpstreamAuthority revokes the previously active X.509 upstream authority by // removing it from the bundle and propagating this update throughout // the cluster. - // It receives the subject key ID of the authority's CA certificate of the - // upstream X.509 authority to revoke. + // The X.509 authority to revoke is identified using the provided subject key ID of + // the authority's CA certificate. // // If a previously active X.509 upstream authority does not exist, a FailedPrecondition // error will be returned. diff --git a/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go b/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go index dcf9c34..d2b9551 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go +++ b/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go @@ -68,25 +68,26 @@ type LocalAuthorityClient interface { // cluster-wide. // It can receive the authority ID of an old X.509 authority. // - // If upstream authority is configured, local authorities can not be tainted, - // a FailedPrecondition error will be returned. + // If an upstream authority is configured then local authorities cannot be tainted, + // and a FailedPrecondition error will be returned. // // If a previously active X.509 authority does not exist (e.g. if one // has been prepared but not activated yet), a FailedPrecondition // error will be returned. TaintX509Authority(ctx context.Context, in *TaintX509AuthorityRequest, opts ...grpc.CallOption) (*TaintX509AuthorityResponse, error) // TaintX509UpstreamAuthority marks the provided upstream authority as - // being tainted. SPIRE Agents observing an authority to be tainted + // being tainted. SPIRE Agents observing a tainted authority to be tainted // will perform proactive rotations of any key material related to // the tainted authority. The result of this action will be observed // cluster-wide. - // It is important to change active upstream authority before taiting it, + // It is important to change to a new active upstream authority before tainting the old one, // since tainting will force the rotation of any bundle that is using // the old upstream authority. - // It receives the X.509 Subject Key Identifier (or SKID) of an old X.509 authority. + // The X.509 authority to taint is identified using the provided X.509 Subject Key + // Identifier (or SKID) of the old X.509 authority. // - // If an X.509 upstream authority does not exist or it is active, a FailedPrecondition - // error will be returned. + // If an X.509 upstream authority is not configured, or the identified upstream + // X.509 authority is active, a FailedPrecondition error will be returned. TaintX509UpstreamAuthority(ctx context.Context, in *TaintX509UpstreamAuthorityRequest, opts ...grpc.CallOption) (*TaintX509UpstreamAuthorityResponse, error) // RevokeX509Authority revokes the previously active X.509 authority by // removing it from the bundle and propagating this update throughout @@ -100,8 +101,8 @@ type LocalAuthorityClient interface { // RevokeX509UpstreamAuthority revokes the previously active X.509 upstream authority by // removing it from the bundle and propagating this update throughout // the cluster. - // It receives the subject key ID of the authority's CA certificate of the - // upstream X.509 authority to revoke. + // The X.509 authority to revoke is identified using the provided subject key ID of + // the authority's CA certificate. // // If a previously active X.509 upstream authority does not exist, a FailedPrecondition // error will be returned. @@ -279,25 +280,26 @@ type LocalAuthorityServer interface { // cluster-wide. // It can receive the authority ID of an old X.509 authority. // - // If upstream authority is configured, local authorities can not be tainted, - // a FailedPrecondition error will be returned. + // If an upstream authority is configured then local authorities cannot be tainted, + // and a FailedPrecondition error will be returned. // // If a previously active X.509 authority does not exist (e.g. if one // has been prepared but not activated yet), a FailedPrecondition // error will be returned. TaintX509Authority(context.Context, *TaintX509AuthorityRequest) (*TaintX509AuthorityResponse, error) // TaintX509UpstreamAuthority marks the provided upstream authority as - // being tainted. SPIRE Agents observing an authority to be tainted + // being tainted. SPIRE Agents observing a tainted authority to be tainted // will perform proactive rotations of any key material related to // the tainted authority. The result of this action will be observed // cluster-wide. - // It is important to change active upstream authority before taiting it, + // It is important to change to a new active upstream authority before tainting the old one, // since tainting will force the rotation of any bundle that is using // the old upstream authority. - // It receives the X.509 Subject Key Identifier (or SKID) of an old X.509 authority. + // The X.509 authority to taint is identified using the provided X.509 Subject Key + // Identifier (or SKID) of the old X.509 authority. // - // If an X.509 upstream authority does not exist or it is active, a FailedPrecondition - // error will be returned. + // If an X.509 upstream authority is not configured, or the identified upstream + // X.509 authority is active, a FailedPrecondition error will be returned. TaintX509UpstreamAuthority(context.Context, *TaintX509UpstreamAuthorityRequest) (*TaintX509UpstreamAuthorityResponse, error) // RevokeX509Authority revokes the previously active X.509 authority by // removing it from the bundle and propagating this update throughout @@ -311,8 +313,8 @@ type LocalAuthorityServer interface { // RevokeX509UpstreamAuthority revokes the previously active X.509 upstream authority by // removing it from the bundle and propagating this update throughout // the cluster. - // It receives the subject key ID of the authority's CA certificate of the - // upstream X.509 authority to revoke. + // The X.509 authority to revoke is identified using the provided subject key ID of + // the authority's CA certificate. // // If a previously active X.509 upstream authority does not exist, a FailedPrecondition // error will be returned. From 7c5a48a67b9b3c67e1aee4d5a95d68aa9af6580c Mon Sep 17 00:00:00 2001 From: Marcos Yacob Date: Wed, 7 Aug 2024 14:31:39 -0300 Subject: [PATCH 7/7] PR changes Signed-off-by: Marcos Yacob --- .../api/server/localauthority/v1/localauthority.proto | 4 ++-- .../server/localauthority/v1/localauthority_grpc.pb.go | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/proto/spire/api/server/localauthority/v1/localauthority.proto b/proto/spire/api/server/localauthority/v1/localauthority.proto index d1ec235..1c088d9 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority.proto +++ b/proto/spire/api/server/localauthority/v1/localauthority.proto @@ -62,7 +62,7 @@ service LocalAuthority { // will perform proactive rotations of any key material related to // the tainted authority. The result of this action will be observed // cluster-wide. - // It can receive the authority ID of an old X.509 authority. + // The X.509 authority to taint is identified using the provided X.509 Subject Key // // If an upstream authority is configured then local authorities cannot be tainted, // and a FailedPrecondition error will be returned. @@ -73,7 +73,7 @@ service LocalAuthority { rpc TaintX509Authority(TaintX509AuthorityRequest) returns (TaintX509AuthorityResponse); // TaintX509UpstreamAuthority marks the provided upstream authority as - // being tainted. SPIRE Agents observing a tainted authority to be tainted + // being tainted. SPIRE Agents observing a tainted authority // will perform proactive rotations of any key material related to // the tainted authority. The result of this action will be observed // cluster-wide. diff --git a/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go b/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go index d2b9551..5acc241 100644 --- a/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go +++ b/proto/spire/api/server/localauthority/v1/localauthority_grpc.pb.go @@ -66,7 +66,7 @@ type LocalAuthorityClient interface { // will perform proactive rotations of any key material related to // the tainted authority. The result of this action will be observed // cluster-wide. - // It can receive the authority ID of an old X.509 authority. + // The X.509 authority to taint is identified using the provided X.509 Subject Key // // If an upstream authority is configured then local authorities cannot be tainted, // and a FailedPrecondition error will be returned. @@ -76,7 +76,7 @@ type LocalAuthorityClient interface { // error will be returned. TaintX509Authority(ctx context.Context, in *TaintX509AuthorityRequest, opts ...grpc.CallOption) (*TaintX509AuthorityResponse, error) // TaintX509UpstreamAuthority marks the provided upstream authority as - // being tainted. SPIRE Agents observing a tainted authority to be tainted + // being tainted. SPIRE Agents observing a tainted authority // will perform proactive rotations of any key material related to // the tainted authority. The result of this action will be observed // cluster-wide. @@ -278,7 +278,7 @@ type LocalAuthorityServer interface { // will perform proactive rotations of any key material related to // the tainted authority. The result of this action will be observed // cluster-wide. - // It can receive the authority ID of an old X.509 authority. + // The X.509 authority to taint is identified using the provided X.509 Subject Key // // If an upstream authority is configured then local authorities cannot be tainted, // and a FailedPrecondition error will be returned. @@ -288,7 +288,7 @@ type LocalAuthorityServer interface { // error will be returned. TaintX509Authority(context.Context, *TaintX509AuthorityRequest) (*TaintX509AuthorityResponse, error) // TaintX509UpstreamAuthority marks the provided upstream authority as - // being tainted. SPIRE Agents observing a tainted authority to be tainted + // being tainted. SPIRE Agents observing a tainted authority // will perform proactive rotations of any key material related to // the tainted authority. The result of this action will be observed // cluster-wide.