diff --git a/app/controlplane/api/controlplane/v1/workflow_run.pb.go b/app/controlplane/api/controlplane/v1/workflow_run.pb.go index d6a89e331..84aeb6494 100644 --- a/app/controlplane/api/controlplane/v1/workflow_run.pb.go +++ b/app/controlplane/api/controlplane/v1/workflow_run.pb.go @@ -1119,6 +1119,8 @@ type WorkflowRunServiceViewRequest struct { // *WorkflowRunServiceViewRequest_Id // *WorkflowRunServiceViewRequest_Digest Ref isWorkflowRunServiceViewRequest_Ref `protobuf_oneof:"ref"` + // run verification + Verify bool `protobuf:"varint,3,opt,name=verify,proto3" json:"verify,omitempty"` } func (x *WorkflowRunServiceViewRequest) Reset() { @@ -1174,6 +1176,13 @@ func (x *WorkflowRunServiceViewRequest) GetDigest() string { return "" } +func (x *WorkflowRunServiceViewRequest) GetVerify() bool { + if x != nil { + return x.Verify + } + return false +} + type isWorkflowRunServiceViewRequest_Ref interface { isWorkflowRunServiceViewRequest_Ref() } @@ -1506,6 +1515,8 @@ type WorkflowRunServiceViewResponse_Result struct { WorkflowRun *WorkflowRunItem `protobuf:"bytes,1,opt,name=workflow_run,json=workflowRun,proto3" json:"workflow_run,omitempty"` Attestation *AttestationItem `protobuf:"bytes,2,opt,name=attestation,proto3" json:"attestation,omitempty"` + // It will be nil if the verification is not possible (old or non-keyless attestations) + Verification *WorkflowRunServiceViewResponse_VerificationResult `protobuf:"bytes,3,opt,name=verification,proto3" json:"verification,omitempty"` } func (x *WorkflowRunServiceViewResponse_Result) Reset() { @@ -1554,6 +1565,70 @@ func (x *WorkflowRunServiceViewResponse_Result) GetAttestation() *AttestationIte return nil } +func (x *WorkflowRunServiceViewResponse_Result) GetVerification() *WorkflowRunServiceViewResponse_VerificationResult { + if x != nil { + return x.Verification + } + return nil +} + +type WorkflowRunServiceViewResponse_VerificationResult struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // if it can be verified this will hold the result of the verification + Verified bool `protobuf:"varint,1,opt,name=verified,proto3" json:"verified,omitempty"` + // why it couldn't be verified, or the failure reason + FailureReason string `protobuf:"bytes,2,opt,name=failure_reason,json=failureReason,proto3" json:"failure_reason,omitempty"` +} + +func (x *WorkflowRunServiceViewResponse_VerificationResult) Reset() { + *x = WorkflowRunServiceViewResponse_VerificationResult{} + if protoimpl.UnsafeEnabled { + mi := &file_controlplane_v1_workflow_run_proto_msgTypes[25] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WorkflowRunServiceViewResponse_VerificationResult) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WorkflowRunServiceViewResponse_VerificationResult) ProtoMessage() {} + +func (x *WorkflowRunServiceViewResponse_VerificationResult) ProtoReflect() protoreflect.Message { + mi := &file_controlplane_v1_workflow_run_proto_msgTypes[25] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WorkflowRunServiceViewResponse_VerificationResult.ProtoReflect.Descriptor instead. +func (*WorkflowRunServiceViewResponse_VerificationResult) Descriptor() ([]byte, []int) { + return file_controlplane_v1_workflow_run_proto_rawDescGZIP(), []int{18, 1} +} + +func (x *WorkflowRunServiceViewResponse_VerificationResult) GetVerified() bool { + if x != nil { + return x.Verified + } + return false +} + +func (x *WorkflowRunServiceViewResponse_VerificationResult) GetFailureReason() string { + if x != nil { + return x.FailureReason + } + return "" +} + type AttestationServiceGetUploadCredsResponse_Result struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1566,7 +1641,7 @@ type AttestationServiceGetUploadCredsResponse_Result struct { func (x *AttestationServiceGetUploadCredsResponse_Result) Reset() { *x = AttestationServiceGetUploadCredsResponse_Result{} if protoimpl.UnsafeEnabled { - mi := &file_controlplane_v1_workflow_run_proto_msgTypes[25] + mi := &file_controlplane_v1_workflow_run_proto_msgTypes[26] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1579,7 +1654,7 @@ func (x *AttestationServiceGetUploadCredsResponse_Result) String() string { func (*AttestationServiceGetUploadCredsResponse_Result) ProtoMessage() {} func (x *AttestationServiceGetUploadCredsResponse_Result) ProtoReflect() protoreflect.Message { - mi := &file_controlplane_v1_workflow_run_proto_msgTypes[25] + mi := &file_controlplane_v1_workflow_run_proto_msgTypes[26] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1839,131 +1914,145 @@ var file_controlplane_v1_workflow_run_proto_rawDesc = []byte{ 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x75, 0x72, 0x73, 0x6f, 0x72, 0x50, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x52, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x6c, - 0x0a, 0x1d, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x56, 0x69, 0x65, 0x77, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, - 0x1a, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, 0x05, - 0x72, 0x03, 0xb0, 0x01, 0x01, 0x48, 0x00, 0x52, 0x02, 0x69, 0x64, 0x12, 0x21, 0x0a, 0x06, 0x64, - 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xba, 0x48, 0x04, - 0x72, 0x02, 0x10, 0x01, 0x48, 0x00, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x42, 0x0c, - 0x0a, 0x03, 0x72, 0x65, 0x66, 0x12, 0x05, 0xba, 0x48, 0x02, 0x08, 0x01, 0x22, 0x84, 0x02, 0x0a, - 0x1e, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x53, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x56, 0x69, 0x65, 0x77, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, - 0x4e, 0x0a, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x36, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, - 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x56, 0x69, 0x65, 0x77, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x2e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x1a, - 0x91, 0x01, 0x0a, 0x06, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x43, 0x0a, 0x0c, 0x77, 0x6f, - 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x5f, 0x72, 0x75, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x20, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, - 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x49, 0x74, - 0x65, 0x6d, 0x52, 0x0b, 0x77, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x12, - 0x42, 0x0a, 0x0b, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, + 0x73, 0x65, 0x52, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x84, + 0x01, 0x0a, 0x1d, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x56, 0x69, 0x65, 0x77, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x12, 0x1a, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x08, 0xba, 0x48, + 0x05, 0x72, 0x03, 0xb0, 0x01, 0x01, 0x48, 0x00, 0x52, 0x02, 0x69, 0x64, 0x12, 0x21, 0x0a, 0x06, + 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xba, 0x48, + 0x04, 0x72, 0x02, 0x10, 0x01, 0x48, 0x00, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, + 0x16, 0x0a, 0x06, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x06, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x42, 0x0c, 0x0a, 0x03, 0x72, 0x65, 0x66, 0x12, 0x05, + 0xba, 0x48, 0x02, 0x08, 0x01, 0x22, 0xc5, 0x03, 0x0a, 0x1e, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, + 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x56, 0x69, 0x65, 0x77, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4e, 0x0a, 0x06, 0x72, 0x65, 0x73, 0x75, + 0x6c, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, + 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x66, + 0x6c, 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x56, 0x69, 0x65, + 0x77, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, + 0x52, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x1a, 0xf9, 0x01, 0x0a, 0x06, 0x52, 0x65, 0x73, + 0x75, 0x6c, 0x74, 0x12, 0x43, 0x0a, 0x0c, 0x77, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x5f, + 0x72, 0x75, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x63, 0x6f, 0x6e, 0x74, + 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, + 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x49, 0x74, 0x65, 0x6d, 0x52, 0x0b, 0x77, 0x6f, 0x72, + 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x12, 0x42, 0x0a, 0x0b, 0x61, 0x74, 0x74, 0x65, + 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, + 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, + 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x74, 0x65, 0x6d, 0x52, + 0x0b, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x66, 0x0a, 0x0c, + 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x42, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, + 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x75, 0x6e, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x56, 0x69, 0x65, 0x77, 0x52, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x0c, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x1a, 0x57, 0x0a, 0x12, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x76, 0x65, + 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x76, 0x65, + 0x72, 0x69, 0x66, 0x69, 0x65, 0x64, 0x12, 0x25, 0x0a, 0x0e, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, + 0x65, 0x5f, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, + 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x52, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x51, 0x0a, + 0x27, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x47, 0x65, 0x74, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x43, 0x72, 0x65, 0x64, + 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, 0x0a, 0x0f, 0x77, 0x6f, 0x72, 0x6b, + 0x66, 0x6c, 0x6f, 0x77, 0x5f, 0x72, 0x75, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0d, 0x77, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x49, 0x64, + 0x22, 0xdf, 0x01, 0x0a, 0x28, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x47, 0x65, 0x74, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, + 0x43, 0x72, 0x65, 0x64, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x58, 0x0a, + 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, + 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, + 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x47, 0x65, 0x74, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x43, 0x72, 0x65, 0x64, 0x73, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, + 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x1a, 0x59, 0x0a, 0x06, 0x52, 0x65, 0x73, 0x75, 0x6c, + 0x74, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x39, 0x0a, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x65, + 0x6e, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, + 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x43, 0x41, 0x53, 0x42, 0x61, + 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x49, 0x74, 0x65, 0x6d, 0x52, 0x07, 0x62, 0x61, 0x63, 0x6b, 0x65, + 0x6e, 0x64, 0x32, 0xd3, 0x07, 0x0a, 0x12, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x73, 0x0a, 0x14, 0x46, 0x69, 0x6e, + 0x64, 0x4f, 0x72, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, + 0x77, 0x12, 0x2c, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, + 0x2e, 0x76, 0x31, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x4f, 0x72, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, + 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x2d, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, + 0x31, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x4f, 0x72, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x57, 0x6f, + 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7c, + 0x0a, 0x0b, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x12, 0x35, 0x2e, + 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, + 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x36, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, + 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x74, + 0x72, 0x61, 0x63, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x67, 0x0a, 0x04, + 0x49, 0x6e, 0x69, 0x74, 0x12, 0x2e, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, + 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x69, 0x74, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, + 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, 0x6e, 0x69, 0x74, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6a, 0x0a, 0x05, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x12, 0x2f, + 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, + 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, + 0x30, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, + 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, + 0x76, 0x69, 0x63, 0x65, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x12, 0x85, 0x01, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x43, + 0x72, 0x65, 0x64, 0x73, 0x12, 0x38, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x49, 0x74, 0x65, 0x6d, 0x52, 0x0b, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x22, 0x51, 0x0a, 0x27, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x47, 0x65, 0x74, 0x55, 0x70, 0x6c, 0x6f, - 0x61, 0x64, 0x43, 0x72, 0x65, 0x64, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x26, - 0x0a, 0x0f, 0x77, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x5f, 0x72, 0x75, 0x6e, 0x5f, 0x69, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x77, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, - 0x77, 0x52, 0x75, 0x6e, 0x49, 0x64, 0x22, 0xdf, 0x01, 0x0a, 0x28, 0x41, 0x74, 0x74, 0x65, 0x73, - 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x47, 0x65, 0x74, - 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x43, 0x72, 0x65, 0x64, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x12, 0x58, 0x0a, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, - 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x47, 0x65, 0x74, 0x55, 0x70, 0x6c, 0x6f, 0x61, - 0x64, 0x43, 0x72, 0x65, 0x64, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x2e, 0x52, - 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x1a, 0x59, 0x0a, - 0x06, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x39, 0x0a, - 0x07, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, + 0x61, 0x64, 0x43, 0x72, 0x65, 0x64, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x39, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, - 0x2e, 0x43, 0x41, 0x53, 0x42, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x49, 0x74, 0x65, 0x6d, 0x52, - 0x07, 0x62, 0x61, 0x63, 0x6b, 0x65, 0x6e, 0x64, 0x32, 0xd3, 0x07, 0x0a, 0x12, 0x41, 0x74, 0x74, - 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, - 0x73, 0x0a, 0x14, 0x46, 0x69, 0x6e, 0x64, 0x4f, 0x72, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x57, - 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x12, 0x2c, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, - 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x4f, 0x72, - 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, - 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x46, 0x69, 0x6e, 0x64, 0x4f, 0x72, 0x43, 0x72, - 0x65, 0x61, 0x74, 0x65, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x7c, 0x0a, 0x0b, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x74, 0x72, - 0x61, 0x63, 0x74, 0x12, 0x35, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, + 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x47, 0x65, 0x74, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x43, 0x72, 0x65, 0x64, + 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6d, 0x0a, 0x06, 0x43, 0x61, 0x6e, + 0x63, 0x65, 0x6c, 0x12, 0x30, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x47, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x74, 0x72, - 0x61, 0x63, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x36, 0x2e, 0x63, 0x6f, 0x6e, - 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, - 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x47, - 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x67, 0x0a, 0x04, 0x49, 0x6e, 0x69, 0x74, 0x12, 0x2e, 0x2e, 0x63, 0x6f, 0x6e, - 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, - 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, - 0x6e, 0x69, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x63, 0x6f, 0x6e, - 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, - 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x49, - 0x6e, 0x69, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6a, 0x0a, 0x05, 0x53, - 0x74, 0x6f, 0x72, 0x65, 0x12, 0x2f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, - 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x30, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, + 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x85, 0x01, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x55, - 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x43, 0x72, 0x65, 0x64, 0x73, 0x12, 0x38, 0x2e, 0x63, 0x6f, 0x6e, + 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x76, 0x0a, 0x09, 0x47, 0x65, 0x74, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x33, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, + 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x47, 0x65, 0x74, 0x50, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x34, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x47, - 0x65, 0x74, 0x55, 0x70, 0x6c, 0x6f, 0x61, 0x64, 0x43, 0x72, 0x65, 0x64, 0x73, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x39, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, - 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x47, 0x65, 0x74, 0x55, 0x70, 0x6c, 0x6f, - 0x61, 0x64, 0x43, 0x72, 0x65, 0x64, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, - 0x6d, 0x0a, 0x06, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x12, 0x30, 0x2e, 0x63, 0x6f, 0x6e, 0x74, - 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, - 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x61, - 0x6e, 0x63, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, 0x63, 0x6f, - 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, - 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x76, - 0x0a, 0x09, 0x47, 0x65, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x33, 0x2e, 0x63, 0x6f, - 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, - 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x47, 0x65, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x34, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, - 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x47, 0x65, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x85, 0x01, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x38, 0x2e, 0x63, 0x6f, 0x6e, 0x74, - 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, - 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x47, 0x65, - 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x39, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, + 0x65, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x12, 0x85, 0x01, 0x0a, 0x0e, 0x47, 0x65, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x47, 0x72, + 0x6f, 0x75, 0x70, 0x12, 0x38, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x47, 0x65, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0xe6, - 0x01, 0x0a, 0x12, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x67, 0x0a, 0x04, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x2e, 0x2e, - 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, - 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, + 0x79, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x39, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, - 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x67, - 0x0a, 0x04, 0x56, 0x69, 0x65, 0x77, 0x12, 0x2e, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, - 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, - 0x77, 0x52, 0x75, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x56, 0x69, 0x65, 0x77, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, - 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, - 0x77, 0x52, 0x75, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x56, 0x69, 0x65, 0x77, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x4c, 0x5a, 0x4a, 0x67, 0x69, 0x74, 0x68, 0x75, - 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x6c, 0x6f, 0x6f, 0x70, 0x2d, - 0x64, 0x65, 0x76, 0x2f, 0x63, 0x68, 0x61, 0x69, 0x6e, 0x6c, 0x6f, 0x6f, 0x70, 0x2f, 0x61, 0x70, - 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x61, - 0x70, 0x69, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, - 0x76, 0x31, 0x3b, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x47, 0x65, 0x74, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x47, 0x72, 0x6f, 0x75, 0x70, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x32, 0xe6, 0x01, 0x0a, 0x12, 0x57, 0x6f, 0x72, + 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, + 0x67, 0x0a, 0x04, 0x4c, 0x69, 0x73, 0x74, 0x12, 0x2e, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, + 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, + 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4c, 0x69, 0x73, 0x74, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, + 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, + 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4c, 0x69, 0x73, 0x74, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x67, 0x0a, 0x04, 0x56, 0x69, 0x65, 0x77, + 0x12, 0x2e, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, + 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x56, 0x69, 0x65, 0x77, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x2f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2e, + 0x76, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x52, 0x75, 0x6e, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x56, 0x69, 0x65, 0x77, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x42, 0x4c, 0x5a, 0x4a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x63, 0x68, 0x61, 0x69, 0x6e, 0x6c, 0x6f, 0x6f, 0x70, 0x2d, 0x64, 0x65, 0x76, 0x2f, 0x63, 0x68, + 0x61, 0x69, 0x6e, 0x6c, 0x6f, 0x6f, 0x70, 0x2f, 0x61, 0x70, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x74, + 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x63, 0x6f, 0x6e, + 0x74, 0x72, 0x6f, 0x6c, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x76, 0x31, 0x3b, 0x76, 0x31, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1979,95 +2068,97 @@ func file_controlplane_v1_workflow_run_proto_rawDescGZIP() []byte { } var file_controlplane_v1_workflow_run_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_controlplane_v1_workflow_run_proto_msgTypes = make([]protoimpl.MessageInfo, 26) +var file_controlplane_v1_workflow_run_proto_msgTypes = make([]protoimpl.MessageInfo, 27) var file_controlplane_v1_workflow_run_proto_goTypes = []interface{}{ - (AttestationServiceCancelRequest_TriggerType)(0), // 0: controlplane.v1.AttestationServiceCancelRequest.TriggerType - (*FindOrCreateWorkflowRequest)(nil), // 1: controlplane.v1.FindOrCreateWorkflowRequest - (*FindOrCreateWorkflowResponse)(nil), // 2: controlplane.v1.FindOrCreateWorkflowResponse - (*AttestationServiceGetPolicyRequest)(nil), // 3: controlplane.v1.AttestationServiceGetPolicyRequest - (*AttestationServiceGetPolicyResponse)(nil), // 4: controlplane.v1.AttestationServiceGetPolicyResponse - (*RemotePolicyReference)(nil), // 5: controlplane.v1.RemotePolicyReference - (*AttestationServiceGetPolicyGroupRequest)(nil), // 6: controlplane.v1.AttestationServiceGetPolicyGroupRequest - (*AttestationServiceGetPolicyGroupResponse)(nil), // 7: controlplane.v1.AttestationServiceGetPolicyGroupResponse - (*AttestationServiceGetContractRequest)(nil), // 8: controlplane.v1.AttestationServiceGetContractRequest - (*AttestationServiceGetContractResponse)(nil), // 9: controlplane.v1.AttestationServiceGetContractResponse - (*AttestationServiceInitRequest)(nil), // 10: controlplane.v1.AttestationServiceInitRequest - (*AttestationServiceInitResponse)(nil), // 11: controlplane.v1.AttestationServiceInitResponse - (*AttestationServiceStoreRequest)(nil), // 12: controlplane.v1.AttestationServiceStoreRequest - (*AttestationServiceStoreResponse)(nil), // 13: controlplane.v1.AttestationServiceStoreResponse - (*AttestationServiceCancelRequest)(nil), // 14: controlplane.v1.AttestationServiceCancelRequest - (*AttestationServiceCancelResponse)(nil), // 15: controlplane.v1.AttestationServiceCancelResponse - (*WorkflowRunServiceListRequest)(nil), // 16: controlplane.v1.WorkflowRunServiceListRequest - (*WorkflowRunServiceListResponse)(nil), // 17: controlplane.v1.WorkflowRunServiceListResponse - (*WorkflowRunServiceViewRequest)(nil), // 18: controlplane.v1.WorkflowRunServiceViewRequest - (*WorkflowRunServiceViewResponse)(nil), // 19: controlplane.v1.WorkflowRunServiceViewResponse - (*AttestationServiceGetUploadCredsRequest)(nil), // 20: controlplane.v1.AttestationServiceGetUploadCredsRequest - (*AttestationServiceGetUploadCredsResponse)(nil), // 21: controlplane.v1.AttestationServiceGetUploadCredsResponse - (*AttestationServiceGetContractResponse_Result)(nil), // 22: controlplane.v1.AttestationServiceGetContractResponse.Result - (*AttestationServiceInitResponse_Result)(nil), // 23: controlplane.v1.AttestationServiceInitResponse.Result - (*AttestationServiceStoreResponse_Result)(nil), // 24: controlplane.v1.AttestationServiceStoreResponse.Result - (*WorkflowRunServiceViewResponse_Result)(nil), // 25: controlplane.v1.WorkflowRunServiceViewResponse.Result - (*AttestationServiceGetUploadCredsResponse_Result)(nil), // 26: controlplane.v1.AttestationServiceGetUploadCredsResponse.Result - (*WorkflowItem)(nil), // 27: controlplane.v1.WorkflowItem - (*v1.Policy)(nil), // 28: workflowcontract.v1.Policy - (*v1.PolicyGroup)(nil), // 29: workflowcontract.v1.PolicyGroup - (v1.CraftingSchema_Runner_RunnerType)(0), // 30: workflowcontract.v1.CraftingSchema.Runner.RunnerType - (RunStatus)(0), // 31: controlplane.v1.RunStatus - (*CursorPaginationRequest)(nil), // 32: controlplane.v1.CursorPaginationRequest - (*WorkflowRunItem)(nil), // 33: controlplane.v1.WorkflowRunItem - (*CursorPaginationResponse)(nil), // 34: controlplane.v1.CursorPaginationResponse - (*WorkflowContractVersionItem)(nil), // 35: controlplane.v1.WorkflowContractVersionItem - (*AttestationItem)(nil), // 36: controlplane.v1.AttestationItem - (*CASBackendItem)(nil), // 37: controlplane.v1.CASBackendItem + (AttestationServiceCancelRequest_TriggerType)(0), // 0: controlplane.v1.AttestationServiceCancelRequest.TriggerType + (*FindOrCreateWorkflowRequest)(nil), // 1: controlplane.v1.FindOrCreateWorkflowRequest + (*FindOrCreateWorkflowResponse)(nil), // 2: controlplane.v1.FindOrCreateWorkflowResponse + (*AttestationServiceGetPolicyRequest)(nil), // 3: controlplane.v1.AttestationServiceGetPolicyRequest + (*AttestationServiceGetPolicyResponse)(nil), // 4: controlplane.v1.AttestationServiceGetPolicyResponse + (*RemotePolicyReference)(nil), // 5: controlplane.v1.RemotePolicyReference + (*AttestationServiceGetPolicyGroupRequest)(nil), // 6: controlplane.v1.AttestationServiceGetPolicyGroupRequest + (*AttestationServiceGetPolicyGroupResponse)(nil), // 7: controlplane.v1.AttestationServiceGetPolicyGroupResponse + (*AttestationServiceGetContractRequest)(nil), // 8: controlplane.v1.AttestationServiceGetContractRequest + (*AttestationServiceGetContractResponse)(nil), // 9: controlplane.v1.AttestationServiceGetContractResponse + (*AttestationServiceInitRequest)(nil), // 10: controlplane.v1.AttestationServiceInitRequest + (*AttestationServiceInitResponse)(nil), // 11: controlplane.v1.AttestationServiceInitResponse + (*AttestationServiceStoreRequest)(nil), // 12: controlplane.v1.AttestationServiceStoreRequest + (*AttestationServiceStoreResponse)(nil), // 13: controlplane.v1.AttestationServiceStoreResponse + (*AttestationServiceCancelRequest)(nil), // 14: controlplane.v1.AttestationServiceCancelRequest + (*AttestationServiceCancelResponse)(nil), // 15: controlplane.v1.AttestationServiceCancelResponse + (*WorkflowRunServiceListRequest)(nil), // 16: controlplane.v1.WorkflowRunServiceListRequest + (*WorkflowRunServiceListResponse)(nil), // 17: controlplane.v1.WorkflowRunServiceListResponse + (*WorkflowRunServiceViewRequest)(nil), // 18: controlplane.v1.WorkflowRunServiceViewRequest + (*WorkflowRunServiceViewResponse)(nil), // 19: controlplane.v1.WorkflowRunServiceViewResponse + (*AttestationServiceGetUploadCredsRequest)(nil), // 20: controlplane.v1.AttestationServiceGetUploadCredsRequest + (*AttestationServiceGetUploadCredsResponse)(nil), // 21: controlplane.v1.AttestationServiceGetUploadCredsResponse + (*AttestationServiceGetContractResponse_Result)(nil), // 22: controlplane.v1.AttestationServiceGetContractResponse.Result + (*AttestationServiceInitResponse_Result)(nil), // 23: controlplane.v1.AttestationServiceInitResponse.Result + (*AttestationServiceStoreResponse_Result)(nil), // 24: controlplane.v1.AttestationServiceStoreResponse.Result + (*WorkflowRunServiceViewResponse_Result)(nil), // 25: controlplane.v1.WorkflowRunServiceViewResponse.Result + (*WorkflowRunServiceViewResponse_VerificationResult)(nil), // 26: controlplane.v1.WorkflowRunServiceViewResponse.VerificationResult + (*AttestationServiceGetUploadCredsResponse_Result)(nil), // 27: controlplane.v1.AttestationServiceGetUploadCredsResponse.Result + (*WorkflowItem)(nil), // 28: controlplane.v1.WorkflowItem + (*v1.Policy)(nil), // 29: workflowcontract.v1.Policy + (*v1.PolicyGroup)(nil), // 30: workflowcontract.v1.PolicyGroup + (v1.CraftingSchema_Runner_RunnerType)(0), // 31: workflowcontract.v1.CraftingSchema.Runner.RunnerType + (RunStatus)(0), // 32: controlplane.v1.RunStatus + (*CursorPaginationRequest)(nil), // 33: controlplane.v1.CursorPaginationRequest + (*WorkflowRunItem)(nil), // 34: controlplane.v1.WorkflowRunItem + (*CursorPaginationResponse)(nil), // 35: controlplane.v1.CursorPaginationResponse + (*WorkflowContractVersionItem)(nil), // 36: controlplane.v1.WorkflowContractVersionItem + (*AttestationItem)(nil), // 37: controlplane.v1.AttestationItem + (*CASBackendItem)(nil), // 38: controlplane.v1.CASBackendItem } var file_controlplane_v1_workflow_run_proto_depIdxs = []int32{ - 27, // 0: controlplane.v1.FindOrCreateWorkflowResponse.result:type_name -> controlplane.v1.WorkflowItem - 28, // 1: controlplane.v1.AttestationServiceGetPolicyResponse.policy:type_name -> workflowcontract.v1.Policy + 28, // 0: controlplane.v1.FindOrCreateWorkflowResponse.result:type_name -> controlplane.v1.WorkflowItem + 29, // 1: controlplane.v1.AttestationServiceGetPolicyResponse.policy:type_name -> workflowcontract.v1.Policy 5, // 2: controlplane.v1.AttestationServiceGetPolicyResponse.reference:type_name -> controlplane.v1.RemotePolicyReference - 29, // 3: controlplane.v1.AttestationServiceGetPolicyGroupResponse.group:type_name -> workflowcontract.v1.PolicyGroup + 30, // 3: controlplane.v1.AttestationServiceGetPolicyGroupResponse.group:type_name -> workflowcontract.v1.PolicyGroup 5, // 4: controlplane.v1.AttestationServiceGetPolicyGroupResponse.reference:type_name -> controlplane.v1.RemotePolicyReference 22, // 5: controlplane.v1.AttestationServiceGetContractResponse.result:type_name -> controlplane.v1.AttestationServiceGetContractResponse.Result - 30, // 6: controlplane.v1.AttestationServiceInitRequest.runner:type_name -> workflowcontract.v1.CraftingSchema.Runner.RunnerType + 31, // 6: controlplane.v1.AttestationServiceInitRequest.runner:type_name -> workflowcontract.v1.CraftingSchema.Runner.RunnerType 23, // 7: controlplane.v1.AttestationServiceInitResponse.result:type_name -> controlplane.v1.AttestationServiceInitResponse.Result 24, // 8: controlplane.v1.AttestationServiceStoreResponse.result:type_name -> controlplane.v1.AttestationServiceStoreResponse.Result 0, // 9: controlplane.v1.AttestationServiceCancelRequest.trigger:type_name -> controlplane.v1.AttestationServiceCancelRequest.TriggerType - 31, // 10: controlplane.v1.WorkflowRunServiceListRequest.status:type_name -> controlplane.v1.RunStatus - 32, // 11: controlplane.v1.WorkflowRunServiceListRequest.pagination:type_name -> controlplane.v1.CursorPaginationRequest - 33, // 12: controlplane.v1.WorkflowRunServiceListResponse.result:type_name -> controlplane.v1.WorkflowRunItem - 34, // 13: controlplane.v1.WorkflowRunServiceListResponse.pagination:type_name -> controlplane.v1.CursorPaginationResponse + 32, // 10: controlplane.v1.WorkflowRunServiceListRequest.status:type_name -> controlplane.v1.RunStatus + 33, // 11: controlplane.v1.WorkflowRunServiceListRequest.pagination:type_name -> controlplane.v1.CursorPaginationRequest + 34, // 12: controlplane.v1.WorkflowRunServiceListResponse.result:type_name -> controlplane.v1.WorkflowRunItem + 35, // 13: controlplane.v1.WorkflowRunServiceListResponse.pagination:type_name -> controlplane.v1.CursorPaginationResponse 25, // 14: controlplane.v1.WorkflowRunServiceViewResponse.result:type_name -> controlplane.v1.WorkflowRunServiceViewResponse.Result - 26, // 15: controlplane.v1.AttestationServiceGetUploadCredsResponse.result:type_name -> controlplane.v1.AttestationServiceGetUploadCredsResponse.Result - 27, // 16: controlplane.v1.AttestationServiceGetContractResponse.Result.workflow:type_name -> controlplane.v1.WorkflowItem - 35, // 17: controlplane.v1.AttestationServiceGetContractResponse.Result.contract:type_name -> controlplane.v1.WorkflowContractVersionItem - 33, // 18: controlplane.v1.AttestationServiceInitResponse.Result.workflow_run:type_name -> controlplane.v1.WorkflowRunItem - 33, // 19: controlplane.v1.WorkflowRunServiceViewResponse.Result.workflow_run:type_name -> controlplane.v1.WorkflowRunItem - 36, // 20: controlplane.v1.WorkflowRunServiceViewResponse.Result.attestation:type_name -> controlplane.v1.AttestationItem - 37, // 21: controlplane.v1.AttestationServiceGetUploadCredsResponse.Result.backend:type_name -> controlplane.v1.CASBackendItem - 1, // 22: controlplane.v1.AttestationService.FindOrCreateWorkflow:input_type -> controlplane.v1.FindOrCreateWorkflowRequest - 8, // 23: controlplane.v1.AttestationService.GetContract:input_type -> controlplane.v1.AttestationServiceGetContractRequest - 10, // 24: controlplane.v1.AttestationService.Init:input_type -> controlplane.v1.AttestationServiceInitRequest - 12, // 25: controlplane.v1.AttestationService.Store:input_type -> controlplane.v1.AttestationServiceStoreRequest - 20, // 26: controlplane.v1.AttestationService.GetUploadCreds:input_type -> controlplane.v1.AttestationServiceGetUploadCredsRequest - 14, // 27: controlplane.v1.AttestationService.Cancel:input_type -> controlplane.v1.AttestationServiceCancelRequest - 3, // 28: controlplane.v1.AttestationService.GetPolicy:input_type -> controlplane.v1.AttestationServiceGetPolicyRequest - 6, // 29: controlplane.v1.AttestationService.GetPolicyGroup:input_type -> controlplane.v1.AttestationServiceGetPolicyGroupRequest - 16, // 30: controlplane.v1.WorkflowRunService.List:input_type -> controlplane.v1.WorkflowRunServiceListRequest - 18, // 31: controlplane.v1.WorkflowRunService.View:input_type -> controlplane.v1.WorkflowRunServiceViewRequest - 2, // 32: controlplane.v1.AttestationService.FindOrCreateWorkflow:output_type -> controlplane.v1.FindOrCreateWorkflowResponse - 9, // 33: controlplane.v1.AttestationService.GetContract:output_type -> controlplane.v1.AttestationServiceGetContractResponse - 11, // 34: controlplane.v1.AttestationService.Init:output_type -> controlplane.v1.AttestationServiceInitResponse - 13, // 35: controlplane.v1.AttestationService.Store:output_type -> controlplane.v1.AttestationServiceStoreResponse - 21, // 36: controlplane.v1.AttestationService.GetUploadCreds:output_type -> controlplane.v1.AttestationServiceGetUploadCredsResponse - 15, // 37: controlplane.v1.AttestationService.Cancel:output_type -> controlplane.v1.AttestationServiceCancelResponse - 4, // 38: controlplane.v1.AttestationService.GetPolicy:output_type -> controlplane.v1.AttestationServiceGetPolicyResponse - 7, // 39: controlplane.v1.AttestationService.GetPolicyGroup:output_type -> controlplane.v1.AttestationServiceGetPolicyGroupResponse - 17, // 40: controlplane.v1.WorkflowRunService.List:output_type -> controlplane.v1.WorkflowRunServiceListResponse - 19, // 41: controlplane.v1.WorkflowRunService.View:output_type -> controlplane.v1.WorkflowRunServiceViewResponse - 32, // [32:42] is the sub-list for method output_type - 22, // [22:32] is the sub-list for method input_type - 22, // [22:22] is the sub-list for extension type_name - 22, // [22:22] is the sub-list for extension extendee - 0, // [0:22] is the sub-list for field type_name + 27, // 15: controlplane.v1.AttestationServiceGetUploadCredsResponse.result:type_name -> controlplane.v1.AttestationServiceGetUploadCredsResponse.Result + 28, // 16: controlplane.v1.AttestationServiceGetContractResponse.Result.workflow:type_name -> controlplane.v1.WorkflowItem + 36, // 17: controlplane.v1.AttestationServiceGetContractResponse.Result.contract:type_name -> controlplane.v1.WorkflowContractVersionItem + 34, // 18: controlplane.v1.AttestationServiceInitResponse.Result.workflow_run:type_name -> controlplane.v1.WorkflowRunItem + 34, // 19: controlplane.v1.WorkflowRunServiceViewResponse.Result.workflow_run:type_name -> controlplane.v1.WorkflowRunItem + 37, // 20: controlplane.v1.WorkflowRunServiceViewResponse.Result.attestation:type_name -> controlplane.v1.AttestationItem + 26, // 21: controlplane.v1.WorkflowRunServiceViewResponse.Result.verification:type_name -> controlplane.v1.WorkflowRunServiceViewResponse.VerificationResult + 38, // 22: controlplane.v1.AttestationServiceGetUploadCredsResponse.Result.backend:type_name -> controlplane.v1.CASBackendItem + 1, // 23: controlplane.v1.AttestationService.FindOrCreateWorkflow:input_type -> controlplane.v1.FindOrCreateWorkflowRequest + 8, // 24: controlplane.v1.AttestationService.GetContract:input_type -> controlplane.v1.AttestationServiceGetContractRequest + 10, // 25: controlplane.v1.AttestationService.Init:input_type -> controlplane.v1.AttestationServiceInitRequest + 12, // 26: controlplane.v1.AttestationService.Store:input_type -> controlplane.v1.AttestationServiceStoreRequest + 20, // 27: controlplane.v1.AttestationService.GetUploadCreds:input_type -> controlplane.v1.AttestationServiceGetUploadCredsRequest + 14, // 28: controlplane.v1.AttestationService.Cancel:input_type -> controlplane.v1.AttestationServiceCancelRequest + 3, // 29: controlplane.v1.AttestationService.GetPolicy:input_type -> controlplane.v1.AttestationServiceGetPolicyRequest + 6, // 30: controlplane.v1.AttestationService.GetPolicyGroup:input_type -> controlplane.v1.AttestationServiceGetPolicyGroupRequest + 16, // 31: controlplane.v1.WorkflowRunService.List:input_type -> controlplane.v1.WorkflowRunServiceListRequest + 18, // 32: controlplane.v1.WorkflowRunService.View:input_type -> controlplane.v1.WorkflowRunServiceViewRequest + 2, // 33: controlplane.v1.AttestationService.FindOrCreateWorkflow:output_type -> controlplane.v1.FindOrCreateWorkflowResponse + 9, // 34: controlplane.v1.AttestationService.GetContract:output_type -> controlplane.v1.AttestationServiceGetContractResponse + 11, // 35: controlplane.v1.AttestationService.Init:output_type -> controlplane.v1.AttestationServiceInitResponse + 13, // 36: controlplane.v1.AttestationService.Store:output_type -> controlplane.v1.AttestationServiceStoreResponse + 21, // 37: controlplane.v1.AttestationService.GetUploadCreds:output_type -> controlplane.v1.AttestationServiceGetUploadCredsResponse + 15, // 38: controlplane.v1.AttestationService.Cancel:output_type -> controlplane.v1.AttestationServiceCancelResponse + 4, // 39: controlplane.v1.AttestationService.GetPolicy:output_type -> controlplane.v1.AttestationServiceGetPolicyResponse + 7, // 40: controlplane.v1.AttestationService.GetPolicyGroup:output_type -> controlplane.v1.AttestationServiceGetPolicyGroupResponse + 17, // 41: controlplane.v1.WorkflowRunService.List:output_type -> controlplane.v1.WorkflowRunServiceListResponse + 19, // 42: controlplane.v1.WorkflowRunService.View:output_type -> controlplane.v1.WorkflowRunServiceViewResponse + 33, // [33:43] is the sub-list for method output_type + 23, // [23:33] is the sub-list for method input_type + 23, // [23:23] is the sub-list for extension type_name + 23, // [23:23] is the sub-list for extension extendee + 0, // [0:23] is the sub-list for field type_name } func init() { file_controlplane_v1_workflow_run_proto_init() } @@ -2379,6 +2470,18 @@ func file_controlplane_v1_workflow_run_proto_init() { } } file_controlplane_v1_workflow_run_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WorkflowRunServiceViewResponse_VerificationResult); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_controlplane_v1_workflow_run_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*AttestationServiceGetUploadCredsResponse_Result); i { case 0: return &v.state @@ -2402,7 +2505,7 @@ func file_controlplane_v1_workflow_run_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_controlplane_v1_workflow_run_proto_rawDesc, NumEnums: 1, - NumMessages: 26, + NumMessages: 27, NumExtensions: 0, NumServices: 2, }, diff --git a/app/controlplane/api/controlplane/v1/workflow_run.proto b/app/controlplane/api/controlplane/v1/workflow_run.proto index 0c555d35d..3c72f4712 100644 --- a/app/controlplane/api/controlplane/v1/workflow_run.proto +++ b/app/controlplane/api/controlplane/v1/workflow_run.proto @@ -215,6 +215,8 @@ message WorkflowRunServiceViewRequest { string id = 1 [(buf.validate.field).string.uuid = true]; string digest = 2 [(buf.validate.field).string = {min_len: 1}]; } + // run verification + bool verify = 3; } message WorkflowRunServiceViewResponse { @@ -223,6 +225,15 @@ message WorkflowRunServiceViewResponse { message Result { WorkflowRunItem workflow_run = 1; AttestationItem attestation = 2; + // It will be nil if the verification is not possible (old or non-keyless attestations) + VerificationResult verification = 3; + } + + message VerificationResult { + // if it can be verified this will hold the result of the verification + bool verified = 1; + // why it couldn't be verified, or the failure reason + string failure_reason = 2; } } diff --git a/app/controlplane/api/gen/frontend/controlplane/v1/workflow_run.ts b/app/controlplane/api/gen/frontend/controlplane/v1/workflow_run.ts index 2f7e48fd2..4762c494d 100644 --- a/app/controlplane/api/gen/frontend/controlplane/v1/workflow_run.ts +++ b/app/controlplane/api/gen/frontend/controlplane/v1/workflow_run.ts @@ -207,7 +207,11 @@ export interface WorkflowRunServiceListResponse { export interface WorkflowRunServiceViewRequest { id?: string | undefined; - digest?: string | undefined; + digest?: + | string + | undefined; + /** run verification */ + verify: boolean; } export interface WorkflowRunServiceViewResponse { @@ -217,6 +221,15 @@ export interface WorkflowRunServiceViewResponse { export interface WorkflowRunServiceViewResponse_Result { workflowRun?: WorkflowRunItem; attestation?: AttestationItem; + /** It will be nil if the verification is not possible (old or non-keyless attestations) */ + verification?: WorkflowRunServiceViewResponse_VerificationResult; +} + +export interface WorkflowRunServiceViewResponse_VerificationResult { + /** if it can be verified this will hold the result of the verification */ + verified: boolean; + /** why it couldn't be verified, or the failure reason */ + failureReason: string; } export interface AttestationServiceGetUploadCredsRequest { @@ -1851,7 +1864,7 @@ export const WorkflowRunServiceListResponse = { }; function createBaseWorkflowRunServiceViewRequest(): WorkflowRunServiceViewRequest { - return { id: undefined, digest: undefined }; + return { id: undefined, digest: undefined, verify: false }; } export const WorkflowRunServiceViewRequest = { @@ -1862,6 +1875,9 @@ export const WorkflowRunServiceViewRequest = { if (message.digest !== undefined) { writer.uint32(18).string(message.digest); } + if (message.verify === true) { + writer.uint32(24).bool(message.verify); + } return writer; }, @@ -1886,6 +1902,13 @@ export const WorkflowRunServiceViewRequest = { message.digest = reader.string(); continue; + case 3: + if (tag !== 24) { + break; + } + + message.verify = reader.bool(); + continue; } if ((tag & 7) === 4 || tag === 0) { break; @@ -1899,6 +1922,7 @@ export const WorkflowRunServiceViewRequest = { return { id: isSet(object.id) ? String(object.id) : undefined, digest: isSet(object.digest) ? String(object.digest) : undefined, + verify: isSet(object.verify) ? Boolean(object.verify) : false, }; }, @@ -1906,6 +1930,7 @@ export const WorkflowRunServiceViewRequest = { const obj: any = {}; message.id !== undefined && (obj.id = message.id); message.digest !== undefined && (obj.digest = message.digest); + message.verify !== undefined && (obj.verify = message.verify); return obj; }, @@ -1919,6 +1944,7 @@ export const WorkflowRunServiceViewRequest = { const message = createBaseWorkflowRunServiceViewRequest(); message.id = object.id ?? undefined; message.digest = object.digest ?? undefined; + message.verify = object.verify ?? false; return message; }, }; @@ -1985,7 +2011,7 @@ export const WorkflowRunServiceViewResponse = { }; function createBaseWorkflowRunServiceViewResponse_Result(): WorkflowRunServiceViewResponse_Result { - return { workflowRun: undefined, attestation: undefined }; + return { workflowRun: undefined, attestation: undefined, verification: undefined }; } export const WorkflowRunServiceViewResponse_Result = { @@ -1996,6 +2022,9 @@ export const WorkflowRunServiceViewResponse_Result = { if (message.attestation !== undefined) { AttestationItem.encode(message.attestation, writer.uint32(18).fork()).ldelim(); } + if (message.verification !== undefined) { + WorkflowRunServiceViewResponse_VerificationResult.encode(message.verification, writer.uint32(26).fork()).ldelim(); + } return writer; }, @@ -2020,6 +2049,13 @@ export const WorkflowRunServiceViewResponse_Result = { message.attestation = AttestationItem.decode(reader, reader.uint32()); continue; + case 3: + if (tag !== 26) { + break; + } + + message.verification = WorkflowRunServiceViewResponse_VerificationResult.decode(reader, reader.uint32()); + continue; } if ((tag & 7) === 4 || tag === 0) { break; @@ -2033,6 +2069,9 @@ export const WorkflowRunServiceViewResponse_Result = { return { workflowRun: isSet(object.workflowRun) ? WorkflowRunItem.fromJSON(object.workflowRun) : undefined, attestation: isSet(object.attestation) ? AttestationItem.fromJSON(object.attestation) : undefined, + verification: isSet(object.verification) + ? WorkflowRunServiceViewResponse_VerificationResult.fromJSON(object.verification) + : undefined, }; }, @@ -2042,6 +2081,9 @@ export const WorkflowRunServiceViewResponse_Result = { (obj.workflowRun = message.workflowRun ? WorkflowRunItem.toJSON(message.workflowRun) : undefined); message.attestation !== undefined && (obj.attestation = message.attestation ? AttestationItem.toJSON(message.attestation) : undefined); + message.verification !== undefined && (obj.verification = message.verification + ? WorkflowRunServiceViewResponse_VerificationResult.toJSON(message.verification) + : undefined); return obj; }, @@ -2061,6 +2103,87 @@ export const WorkflowRunServiceViewResponse_Result = { message.attestation = (object.attestation !== undefined && object.attestation !== null) ? AttestationItem.fromPartial(object.attestation) : undefined; + message.verification = (object.verification !== undefined && object.verification !== null) + ? WorkflowRunServiceViewResponse_VerificationResult.fromPartial(object.verification) + : undefined; + return message; + }, +}; + +function createBaseWorkflowRunServiceViewResponse_VerificationResult(): WorkflowRunServiceViewResponse_VerificationResult { + return { verified: false, failureReason: "" }; +} + +export const WorkflowRunServiceViewResponse_VerificationResult = { + encode( + message: WorkflowRunServiceViewResponse_VerificationResult, + writer: _m0.Writer = _m0.Writer.create(), + ): _m0.Writer { + if (message.verified === true) { + writer.uint32(8).bool(message.verified); + } + if (message.failureReason !== "") { + writer.uint32(18).string(message.failureReason); + } + return writer; + }, + + decode(input: _m0.Reader | Uint8Array, length?: number): WorkflowRunServiceViewResponse_VerificationResult { + const reader = input instanceof _m0.Reader ? input : _m0.Reader.create(input); + let end = length === undefined ? reader.len : reader.pos + length; + const message = createBaseWorkflowRunServiceViewResponse_VerificationResult(); + while (reader.pos < end) { + const tag = reader.uint32(); + switch (tag >>> 3) { + case 1: + if (tag !== 8) { + break; + } + + message.verified = reader.bool(); + continue; + case 2: + if (tag !== 18) { + break; + } + + message.failureReason = reader.string(); + continue; + } + if ((tag & 7) === 4 || tag === 0) { + break; + } + reader.skipType(tag & 7); + } + return message; + }, + + fromJSON(object: any): WorkflowRunServiceViewResponse_VerificationResult { + return { + verified: isSet(object.verified) ? Boolean(object.verified) : false, + failureReason: isSet(object.failureReason) ? String(object.failureReason) : "", + }; + }, + + toJSON(message: WorkflowRunServiceViewResponse_VerificationResult): unknown { + const obj: any = {}; + message.verified !== undefined && (obj.verified = message.verified); + message.failureReason !== undefined && (obj.failureReason = message.failureReason); + return obj; + }, + + create, I>>( + base?: I, + ): WorkflowRunServiceViewResponse_VerificationResult { + return WorkflowRunServiceViewResponse_VerificationResult.fromPartial(base ?? {}); + }, + + fromPartial, I>>( + object: I, + ): WorkflowRunServiceViewResponse_VerificationResult { + const message = createBaseWorkflowRunServiceViewResponse_VerificationResult(); + message.verified = object.verified ?? false; + message.failureReason = object.failureReason ?? ""; return message; }, }; diff --git a/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewRequest.jsonschema.json b/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewRequest.jsonschema.json index 1bd0753ac..e6b258477 100644 --- a/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewRequest.jsonschema.json +++ b/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewRequest.jsonschema.json @@ -10,6 +10,10 @@ "id": { "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$", "type": "string" + }, + "verify": { + "description": "run verification", + "type": "boolean" } }, "title": "Workflow Run Service View Request", diff --git a/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewRequest.schema.json b/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewRequest.schema.json index a2f10a885..b24148478 100644 --- a/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewRequest.schema.json +++ b/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewRequest.schema.json @@ -10,6 +10,10 @@ "id": { "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$", "type": "string" + }, + "verify": { + "description": "run verification", + "type": "boolean" } }, "title": "Workflow Run Service View Request", diff --git a/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewResponse.Result.jsonschema.json b/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewResponse.Result.jsonschema.json index 626ddacfd..25165803e 100644 --- a/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewResponse.Result.jsonschema.json +++ b/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewResponse.Result.jsonschema.json @@ -11,6 +11,10 @@ "attestation": { "$ref": "controlplane.v1.AttestationItem.jsonschema.json" }, + "verification": { + "$ref": "controlplane.v1.WorkflowRunServiceViewResponse.VerificationResult.jsonschema.json", + "description": "It will be nil if the verification is not possible (old or non-keyless attestations)" + }, "workflowRun": { "$ref": "controlplane.v1.WorkflowRunItem.jsonschema.json" } diff --git a/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewResponse.Result.schema.json b/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewResponse.Result.schema.json index bac201536..0f9fd92b4 100644 --- a/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewResponse.Result.schema.json +++ b/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewResponse.Result.schema.json @@ -11,6 +11,10 @@ "attestation": { "$ref": "controlplane.v1.AttestationItem.schema.json" }, + "verification": { + "$ref": "controlplane.v1.WorkflowRunServiceViewResponse.VerificationResult.schema.json", + "description": "It will be nil if the verification is not possible (old or non-keyless attestations)" + }, "workflow_run": { "$ref": "controlplane.v1.WorkflowRunItem.schema.json" } diff --git a/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewResponse.VerificationResult.jsonschema.json b/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewResponse.VerificationResult.jsonschema.json new file mode 100644 index 000000000..4ca52a914 --- /dev/null +++ b/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewResponse.VerificationResult.jsonschema.json @@ -0,0 +1,23 @@ +{ + "$id": "controlplane.v1.WorkflowRunServiceViewResponse.VerificationResult.jsonschema.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", + "additionalProperties": false, + "patternProperties": { + "^(failure_reason)$": { + "description": "why it couldn't be verified, or the failure reason", + "type": "string" + } + }, + "properties": { + "failureReason": { + "description": "why it couldn't be verified, or the failure reason", + "type": "string" + }, + "verified": { + "description": "if it can be verified this will hold the result of the verification", + "type": "boolean" + } + }, + "title": "Verification Result", + "type": "object" +} diff --git a/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewResponse.VerificationResult.schema.json b/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewResponse.VerificationResult.schema.json new file mode 100644 index 000000000..c1712bb83 --- /dev/null +++ b/app/controlplane/api/gen/jsonschema/controlplane.v1.WorkflowRunServiceViewResponse.VerificationResult.schema.json @@ -0,0 +1,23 @@ +{ + "$id": "controlplane.v1.WorkflowRunServiceViewResponse.VerificationResult.schema.json", + "$schema": "https://json-schema.org/draft/2020-12/schema", + "additionalProperties": false, + "patternProperties": { + "^(failureReason)$": { + "description": "why it couldn't be verified, or the failure reason", + "type": "string" + } + }, + "properties": { + "failure_reason": { + "description": "why it couldn't be verified, or the failure reason", + "type": "string" + }, + "verified": { + "description": "if it can be verified this will hold the result of the verification", + "type": "boolean" + } + }, + "title": "Verification Result", + "type": "object" +} diff --git a/app/controlplane/cmd/wire_gen.go b/app/controlplane/cmd/wire_gen.go index eec0f2fb0..2aa75e8c7 100644 --- a/app/controlplane/cmd/wire_gen.go +++ b/app/controlplane/cmd/wire_gen.go @@ -141,7 +141,14 @@ func wireApp(bootstrap *conf.Bootstrap, readerWriter credentials.ReaderWriter, l } robotAccountService := service.NewRobotAccountService(robotAccountUseCase, v5...) workflowRunRepo := data.NewWorkflowRunRepo(dataData, logger) - workflowRunUseCase, err := biz.NewWorkflowRunUseCase(workflowRunRepo, workflowRepo, logger) + v6 := bootstrap.CertificateAuthorities + certificateAuthorities, err := newSigningCAs(v6, logger) + if err != nil { + cleanup() + return nil, nil, err + } + signingUseCase := biz.NewChainloopSigningUseCase(certificateAuthorities) + workflowRunUseCase, err := biz.NewWorkflowRunUseCase(workflowRunRepo, workflowRepo, signingUseCase, logger) if err != nil { cleanup() return nil, nil, err @@ -158,14 +165,14 @@ func wireApp(bootstrap *conf.Bootstrap, readerWriter credentials.ReaderWriter, l fanOutDispatcher := dispatcher.New(integrationUseCase, workflowUseCase, workflowRunUseCase, readerWriter, casClientUseCase, availablePlugins, logger) casMappingRepo := data.NewCASMappingRepo(dataData, casBackendRepo, logger) casMappingUseCase := biz.NewCASMappingUseCase(casMappingRepo, membershipRepo, logger) - v6 := bootstrap.PrometheusIntegration + v7 := bootstrap.PrometheusIntegration orgMetricsRepo := data.NewOrgMetricsRepo(dataData, logger) orgMetricsUseCase, err := biz.NewOrgMetricsUseCase(orgMetricsRepo, organizationRepo, workflowUseCase, logger) if err != nil { cleanup() return nil, nil, err } - prometheusUseCase := biz.NewPrometheusUseCase(v6, organizationUseCase, orgMetricsUseCase, logger) + prometheusUseCase := biz.NewPrometheusUseCase(v7, organizationUseCase, orgMetricsUseCase, logger) projectVersionRepo := data.NewProjectVersionRepo(dataData, logger) projectVersionUseCase := biz.NewProjectVersionUseCase(projectVersionRepo, logger) newAttestationServiceOpts := &service.NewAttestationServiceOpts{ @@ -215,13 +222,6 @@ func wireApp(bootstrap *conf.Bootstrap, readerWriter credentials.ReaderWriter, l } attestationStateService := service.NewAttestationStateService(newAttestationStateServiceOpt) userService := service.NewUserService(membershipUseCase, organizationUseCase, v5...) - v7 := bootstrap.CertificateAuthorities - certificateAuthorities, err := newSigningCAs(v7, logger) - if err != nil { - cleanup() - return nil, nil, err - } - signingUseCase := biz.NewChainloopSigningUseCase(certificateAuthorities) signingService := service.NewSigningService(signingUseCase, v5...) prometheusService := service.NewPrometheusService(organizationUseCase, prometheusUseCase, v5...) validator, err := newProtoValidator() diff --git a/app/controlplane/internal/service/workflowrun.go b/app/controlplane/internal/service/workflowrun.go index becce8667..c9b6aee79 100644 --- a/app/controlplane/internal/service/workflowrun.go +++ b/app/controlplane/internal/service/workflowrun.go @@ -144,6 +144,16 @@ func (s *WorkflowRunService) View(ctx context.Context, req *pb.WorkflowRunServic return nil, errors.BadRequest("invalid", "id or digest required") } + var verificationResult *pb.WorkflowRunServiceViewResponse_VerificationResult + if req.Verify { + // it might be nil if it doesn't apply + vr, err := s.wrUseCase.Verify(ctx, run) + if err != nil { + return nil, handleUseCaseErr(err, s.log) + } + verificationResult = bizVerificationToPb(vr) + } + attestation, err := bizAttestationToPb(run.Attestation) if err != nil { return nil, handleUseCaseErr(err, s.log) @@ -159,13 +169,24 @@ func (s *WorkflowRunService) View(ctx context.Context, req *pb.WorkflowRunServic wr.ContractVersion = bizWorkFlowContractVersionToPb(contractAndVersion.Version) wr.ContractVersion.ContractName = contractAndVersion.Contract.Name res := &pb.WorkflowRunServiceViewResponse_Result{ - WorkflowRun: wr, - Attestation: attestation, + WorkflowRun: wr, + Attestation: attestation, + Verification: verificationResult, } return &pb.WorkflowRunServiceViewResponse{Result: res}, nil } +func bizVerificationToPb(vr *biz.VerificationResult) *pb.WorkflowRunServiceViewResponse_VerificationResult { + if vr == nil { + return nil + } + return &pb.WorkflowRunServiceViewResponse_VerificationResult{ + Verified: vr.Result, + FailureReason: vr.FailureReason, + } +} + func bizRunnerToPb(runner string) craftingpb.CraftingSchema_Runner_RunnerType { runnerType := craftingpb.CraftingSchema_Runner_RunnerType_value[runner] return craftingpb.CraftingSchema_Runner_RunnerType(runnerType) diff --git a/app/controlplane/pkg/biz/testhelpers/wire.go b/app/controlplane/pkg/biz/testhelpers/wire.go index 529413e1e..412242d21 100644 --- a/app/controlplane/pkg/biz/testhelpers/wire.go +++ b/app/controlplane/pkg/biz/testhelpers/wire.go @@ -27,6 +27,7 @@ import ( "github.com/chainloop-dev/chainloop/app/controlplane/pkg/auditor" "github.com/chainloop-dev/chainloop/app/controlplane/pkg/authz" "github.com/chainloop-dev/chainloop/app/controlplane/pkg/biz" + "github.com/chainloop-dev/chainloop/app/controlplane/pkg/ca" config "github.com/chainloop-dev/chainloop/app/controlplane/pkg/conf/controlplane/config/v1" "github.com/chainloop-dev/chainloop/app/controlplane/pkg/data" "github.com/chainloop-dev/chainloop/app/controlplane/pkg/policies" @@ -59,6 +60,7 @@ func WireTestData(*TestDatabase, *testing.T, log.Logger, credentials.ReaderWrite auditor.NewAuditLogPublisher, NewCASBackendConfig, NewCASServerOptions, + newSigningCAs, ), ) } @@ -67,3 +69,7 @@ func WireTestData(*TestDatabase, *testing.T, log.Logger, credentials.ReaderWrite func newNatsConnection() (*nats.Conn, error) { return nil, nil } + +func newSigningCAs() (*ca.CertificateAuthorities, error) { + return nil, nil +} diff --git a/app/controlplane/pkg/biz/testhelpers/wire_gen.go b/app/controlplane/pkg/biz/testhelpers/wire_gen.go index 070f036df..1fdca4d73 100644 --- a/app/controlplane/pkg/biz/testhelpers/wire_gen.go +++ b/app/controlplane/pkg/biz/testhelpers/wire_gen.go @@ -11,6 +11,7 @@ import ( "github.com/chainloop-dev/chainloop/app/controlplane/pkg/auditor" "github.com/chainloop-dev/chainloop/app/controlplane/pkg/authz" "github.com/chainloop-dev/chainloop/app/controlplane/pkg/biz" + "github.com/chainloop-dev/chainloop/app/controlplane/pkg/ca" "github.com/chainloop-dev/chainloop/app/controlplane/pkg/conf/controlplane/config/v1" "github.com/chainloop-dev/chainloop/app/controlplane/pkg/data" "github.com/chainloop-dev/chainloop/app/controlplane/pkg/policies" @@ -82,7 +83,13 @@ func WireTestData(testDatabase *TestDatabase, t *testing.T, logger log.Logger, r projectsRepo := data.NewProjectsRepo(dataData, logger) workflowUseCase := biz.NewWorkflowUsecase(workflowRepo, projectsRepo, workflowContractUseCase, auditorUseCase, logger) workflowRunRepo := data.NewWorkflowRunRepo(dataData, logger) - workflowRunUseCase, err := biz.NewWorkflowRunUseCase(workflowRunRepo, workflowRepo, logger) + certificateAuthorities, err := newSigningCAs() + if err != nil { + cleanup() + return nil, nil, err + } + signingUseCase := biz.NewChainloopSigningUseCase(certificateAuthorities) + workflowRunUseCase, err := biz.NewWorkflowRunUseCase(workflowRunRepo, workflowRepo, signingUseCase, logger) if err != nil { cleanup() return nil, nil, err @@ -192,3 +199,7 @@ var ( func newNatsConnection() (*nats.Conn, error) { return nil, nil } + +func newSigningCAs() (*ca.CertificateAuthorities, error) { + return nil, nil +} diff --git a/app/controlplane/pkg/biz/workflowrun.go b/app/controlplane/pkg/biz/workflowrun.go index 4a50df2ca..6c75a9548 100644 --- a/app/controlplane/pkg/biz/workflowrun.go +++ b/app/controlplane/pkg/biz/workflowrun.go @@ -18,16 +18,20 @@ package biz import ( "bytes" "context" + "crypto/x509" "errors" "fmt" "io" + "strings" "time" "github.com/chainloop-dev/chainloop/app/controlplane/pkg/pagination" "github.com/chainloop-dev/chainloop/pkg/attestation" "github.com/chainloop-dev/chainloop/pkg/attestation/renderer/chainloop" + "github.com/chainloop-dev/chainloop/pkg/attestation/verifier" "github.com/secure-systems-lab/go-securesystemslib/dsse" protobundle "github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1" + "github.com/sigstore/sigstore/pkg/cryptoutils" "google.golang.org/protobuf/encoding/protojson" schemaapi "github.com/chainloop-dev/chainloop/app/controlplane/api/workflowcontract/v1" @@ -93,16 +97,19 @@ type WorkflowRunUseCase struct { wfRunRepo WorkflowRunRepo wfRepo WorkflowRepo logger *log.Helper + + signingUseCase *SigningUseCase } -func NewWorkflowRunUseCase(wfrRepo WorkflowRunRepo, wfRepo WorkflowRepo, logger log.Logger) (*WorkflowRunUseCase, error) { +func NewWorkflowRunUseCase(wfrRepo WorkflowRunRepo, wfRepo WorkflowRepo, suc *SigningUseCase, logger log.Logger) (*WorkflowRunUseCase, error) { if logger == nil { logger = log.NewStdLogger(io.Discard) } return &WorkflowRunUseCase{ wfRunRepo: wfrRepo, wfRepo: wfRepo, - logger: log.NewHelper(logger), + signingUseCase: suc, + logger: log.NewHelper(logger), }, nil } @@ -388,6 +395,50 @@ func (uc *WorkflowRunUseCase) GetByIDInOrg(ctx context.Context, orgID, runID str return wfRun, nil } +type VerificationResult struct { + Result bool + FailureReason string +} + +func (uc *WorkflowRunUseCase) Verify(ctx context.Context, run *WorkflowRun) (*VerificationResult, error) { + tr, err := uc.signingUseCase.GetTrustedRoot(ctx) + if err != nil { + if IsErrNotImplemented(err) { + // Verification cannot be done, skipping + return nil, nil + } + return nil, fmt.Errorf("getting trusted root: %w", err) + } + verifierRoots, err := trustedRootBizToVerifier(tr) + if err != nil { + return nil, fmt.Errorf("parsing roots: %w", err) + } + err = verifier.VerifyBundle(ctx, run.Attestation.Bundle, verifierRoots) + if err != nil { + // if no verification material found, it's not verifiable + if errors.Is(err, verifier.ErrMissingVerificationMaterial) { + return nil, nil + } + + return &VerificationResult{Result: false, FailureReason: err.Error()}, nil + } + return &VerificationResult{Result: true}, nil +} + +func trustedRootBizToVerifier(biztr *TrustedRoot) (*verifier.TrustedRoot, error) { + tr := &verifier.TrustedRoot{Keys: make(map[string][]*x509.Certificate)} + for k, v := range biztr.Keys { + for _, c := range v { + cert, err := cryptoutils.LoadCertificatesFromPEM(strings.NewReader(c)) + if err != nil { + return nil, fmt.Errorf("loading certificate from PEM: %w", err) + } + tr.Keys[k] = append(tr.Keys[k], cert[0]) + } + } + return tr, nil +} + func (uc *WorkflowRunUseCase) GetByDigestInOrgOrPublic(ctx context.Context, orgID, digest string) (*WorkflowRun, error) { orgUUID, err := uuid.Parse(orgID) if err != nil { diff --git a/app/controlplane/pkg/biz/workflowrun_test.go b/app/controlplane/pkg/biz/workflowrun_test.go index cd73a580a..d3bca70be 100644 --- a/app/controlplane/pkg/biz/workflowrun_test.go +++ b/app/controlplane/pkg/biz/workflowrun_test.go @@ -53,7 +53,7 @@ type workflowrunTestSuite struct { func (s *workflowrunTestSuite) SetupTest() { s.repo = repoM.NewWorkflowRunRepo(s.T()) - uc, err := biz.NewWorkflowRunUseCase(s.repo, nil, nil) + uc, err := biz.NewWorkflowRunUseCase(s.repo, nil, nil, nil) require.NoError(s.T(), err) s.useCase = uc s.validID = uuid.New() diff --git a/pkg/attestation/verifier/verifier.go b/pkg/attestation/verifier/verifier.go index d8942a90d..f1ea4af4c 100644 --- a/pkg/attestation/verifier/verifier.go +++ b/pkg/attestation/verifier/verifier.go @@ -39,6 +39,10 @@ type TrustedRoot struct { var ErrMissingVerificationMaterial = errors.New("missing material") func VerifyBundle(ctx context.Context, bundleBytes []byte, tr *TrustedRoot) error { + if bundleBytes == nil { + return ErrMissingVerificationMaterial + } + bundle := new(protobundle.Bundle) // unmarshal and validate if err := protojson.Unmarshal(bundleBytes, bundle); err != nil {