diff --git a/docs/grpc/index.html b/docs/grpc/index.html index bffbf1f5d3..89f7852ece 100644 --- a/docs/grpc/index.html +++ b/docs/grpc/index.html @@ -7396,55 +7396,6 @@

KeyAccessServerRegist

Deprecated

- - CreatePublicKey - CreatePublicKeyRequest - CreatePublicKeyResponse -

- - - - GetPublicKey - GetPublicKeyRequest - GetPublicKeyResponse -

- - - - ListPublicKeys - ListPublicKeysRequest - ListPublicKeysResponse -

- - - - ListPublicKeyMapping - ListPublicKeyMappingRequest - ListPublicKeyMappingResponse -

- - - - UpdatePublicKey - UpdatePublicKeyRequest - UpdatePublicKeyResponse -

- - - - DeactivatePublicKey - DeactivatePublicKeyRequest - DeactivatePublicKeyResponse -

- - - - ActivatePublicKey - ActivatePublicKeyRequest - ActivatePublicKeyResponse -

- - diff --git a/docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json b/docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json index a3606167c4..c581d367e3 100644 --- a/docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json +++ b/docs/openapi/policy/kasregistry/key_access_server_registry.swagger.json @@ -287,38 +287,6 @@ } }, "definitions": { - "ListPublicKeyMappingResponseAssociation": { - "type": "object", - "properties": { - "id": { - "type": "string" - }, - "fqn": { - "type": "string" - } - } - }, - "ListPublicKeyMappingResponsePublicKeyMapping": { - "type": "object", - "properties": { - "kasId": { - "type": "string" - }, - "kasName": { - "type": "string" - }, - "kasUri": { - "type": "string" - }, - "publicKeys": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/kasregistryListPublicKeyMappingResponsePublicKey" - } - } - } - }, "commonMetadata": { "type": "object", "properties": { @@ -364,14 +332,6 @@ "default": "METADATA_UPDATE_ENUM_UNSPECIFIED", "title": "- METADATA_UPDATE_ENUM_UNSPECIFIED: unspecified update type\n - METADATA_UPDATE_ENUM_EXTEND: only update the fields that are provided\n - METADATA_UPDATE_ENUM_REPLACE: replace the entire metadata with the provided metadata" }, - "kasregistryActivatePublicKeyResponse": { - "type": "object", - "properties": { - "key": { - "$ref": "#/definitions/policyKey" - } - } - }, "kasregistryCreateKeyAccessServerRequest": { "type": "object", "properties": { @@ -401,22 +361,6 @@ } } }, - "kasregistryCreatePublicKeyResponse": { - "type": "object", - "properties": { - "key": { - "$ref": "#/definitions/policyKey" - } - } - }, - "kasregistryDeactivatePublicKeyResponse": { - "type": "object", - "properties": { - "key": { - "$ref": "#/definitions/policyKey" - } - } - }, "kasregistryDeleteKeyAccessServerResponse": { "type": "object", "properties": { @@ -433,14 +377,6 @@ } } }, - "kasregistryGetPublicKeyResponse": { - "type": "object", - "properties": { - "key": { - "$ref": "#/definitions/policyKey" - } - } - }, "kasregistryGrantedPolicyObject": { "type": "object", "properties": { @@ -514,65 +450,6 @@ } } }, - "kasregistryListPublicKeyMappingResponse": { - "type": "object", - "properties": { - "publicKeyMappings": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/ListPublicKeyMappingResponsePublicKeyMapping" - } - }, - "pagination": { - "$ref": "#/definitions/policyPageResponse" - } - } - }, - "kasregistryListPublicKeyMappingResponsePublicKey": { - "type": "object", - "properties": { - "key": { - "$ref": "#/definitions/policyKey" - }, - "values": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/ListPublicKeyMappingResponseAssociation" - } - }, - "definitions": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/ListPublicKeyMappingResponseAssociation" - } - }, - "namespaces": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/ListPublicKeyMappingResponseAssociation" - } - } - } - }, - "kasregistryListPublicKeysResponse": { - "type": "object", - "properties": { - "keys": { - "type": "array", - "items": { - "type": "object", - "$ref": "#/definitions/policyKey" - } - }, - "pagination": { - "$ref": "#/definitions/policyPageResponse" - } - } - }, "kasregistryUpdateKeyAccessServerResponse": { "type": "object", "properties": { @@ -581,14 +458,6 @@ } } }, - "kasregistryUpdatePublicKeyResponse": { - "type": "object", - "properties": { - "key": { - "$ref": "#/definitions/policyKey" - } - } - }, "policyKasPublicKey": { "type": "object", "properties": { @@ -632,31 +501,6 @@ }, "title": "Deprecated\nA list of known KAS public keys" }, - "policyKey": { - "type": "object", - "properties": { - "id": { - "type": "string", - "title": "the database record ID, not the key ID (`kid`)" - }, - "isActive": { - "type": "boolean" - }, - "wasMapped": { - "type": "boolean" - }, - "publicKey": { - "$ref": "#/definitions/policyKasPublicKey" - }, - "kas": { - "$ref": "#/definitions/policyKeyAccessServer" - }, - "metadata": { - "$ref": "#/definitions/commonMetadata", - "title": "Common metadata" - } - } - }, "policyKeyAccessServer": { "type": "object", "properties": { diff --git a/protocol/go/policy/kasregistry/kasregistryconnect/key_access_server_registry.connect.go b/protocol/go/policy/kasregistry/kasregistryconnect/key_access_server_registry.connect.go index 6565d42200..4e8ef5275a 100644 --- a/protocol/go/policy/kasregistry/kasregistryconnect/key_access_server_registry.connect.go +++ b/protocol/go/policy/kasregistry/kasregistryconnect/key_access_server_registry.connect.go @@ -52,27 +52,6 @@ const ( // KeyAccessServerRegistryServiceListKeyAccessServerGrantsProcedure is the fully-qualified name of // the KeyAccessServerRegistryService's ListKeyAccessServerGrants RPC. KeyAccessServerRegistryServiceListKeyAccessServerGrantsProcedure = "/policy.kasregistry.KeyAccessServerRegistryService/ListKeyAccessServerGrants" - // KeyAccessServerRegistryServiceCreatePublicKeyProcedure is the fully-qualified name of the - // KeyAccessServerRegistryService's CreatePublicKey RPC. - KeyAccessServerRegistryServiceCreatePublicKeyProcedure = "/policy.kasregistry.KeyAccessServerRegistryService/CreatePublicKey" - // KeyAccessServerRegistryServiceGetPublicKeyProcedure is the fully-qualified name of the - // KeyAccessServerRegistryService's GetPublicKey RPC. - KeyAccessServerRegistryServiceGetPublicKeyProcedure = "/policy.kasregistry.KeyAccessServerRegistryService/GetPublicKey" - // KeyAccessServerRegistryServiceListPublicKeysProcedure is the fully-qualified name of the - // KeyAccessServerRegistryService's ListPublicKeys RPC. - KeyAccessServerRegistryServiceListPublicKeysProcedure = "/policy.kasregistry.KeyAccessServerRegistryService/ListPublicKeys" - // KeyAccessServerRegistryServiceListPublicKeyMappingProcedure is the fully-qualified name of the - // KeyAccessServerRegistryService's ListPublicKeyMapping RPC. - KeyAccessServerRegistryServiceListPublicKeyMappingProcedure = "/policy.kasregistry.KeyAccessServerRegistryService/ListPublicKeyMapping" - // KeyAccessServerRegistryServiceUpdatePublicKeyProcedure is the fully-qualified name of the - // KeyAccessServerRegistryService's UpdatePublicKey RPC. - KeyAccessServerRegistryServiceUpdatePublicKeyProcedure = "/policy.kasregistry.KeyAccessServerRegistryService/UpdatePublicKey" - // KeyAccessServerRegistryServiceDeactivatePublicKeyProcedure is the fully-qualified name of the - // KeyAccessServerRegistryService's DeactivatePublicKey RPC. - KeyAccessServerRegistryServiceDeactivatePublicKeyProcedure = "/policy.kasregistry.KeyAccessServerRegistryService/DeactivatePublicKey" - // KeyAccessServerRegistryServiceActivatePublicKeyProcedure is the fully-qualified name of the - // KeyAccessServerRegistryService's ActivatePublicKey RPC. - KeyAccessServerRegistryServiceActivatePublicKeyProcedure = "/policy.kasregistry.KeyAccessServerRegistryService/ActivatePublicKey" ) // These variables are the protoreflect.Descriptor objects for the RPCs defined in this package. @@ -84,13 +63,6 @@ var ( keyAccessServerRegistryServiceUpdateKeyAccessServerMethodDescriptor = keyAccessServerRegistryServiceServiceDescriptor.Methods().ByName("UpdateKeyAccessServer") keyAccessServerRegistryServiceDeleteKeyAccessServerMethodDescriptor = keyAccessServerRegistryServiceServiceDescriptor.Methods().ByName("DeleteKeyAccessServer") keyAccessServerRegistryServiceListKeyAccessServerGrantsMethodDescriptor = keyAccessServerRegistryServiceServiceDescriptor.Methods().ByName("ListKeyAccessServerGrants") - keyAccessServerRegistryServiceCreatePublicKeyMethodDescriptor = keyAccessServerRegistryServiceServiceDescriptor.Methods().ByName("CreatePublicKey") - keyAccessServerRegistryServiceGetPublicKeyMethodDescriptor = keyAccessServerRegistryServiceServiceDescriptor.Methods().ByName("GetPublicKey") - keyAccessServerRegistryServiceListPublicKeysMethodDescriptor = keyAccessServerRegistryServiceServiceDescriptor.Methods().ByName("ListPublicKeys") - keyAccessServerRegistryServiceListPublicKeyMappingMethodDescriptor = keyAccessServerRegistryServiceServiceDescriptor.Methods().ByName("ListPublicKeyMapping") - keyAccessServerRegistryServiceUpdatePublicKeyMethodDescriptor = keyAccessServerRegistryServiceServiceDescriptor.Methods().ByName("UpdatePublicKey") - keyAccessServerRegistryServiceDeactivatePublicKeyMethodDescriptor = keyAccessServerRegistryServiceServiceDescriptor.Methods().ByName("DeactivatePublicKey") - keyAccessServerRegistryServiceActivatePublicKeyMethodDescriptor = keyAccessServerRegistryServiceServiceDescriptor.Methods().ByName("ActivatePublicKey") ) // KeyAccessServerRegistryServiceClient is a client for the @@ -103,13 +75,6 @@ type KeyAccessServerRegistryServiceClient interface { DeleteKeyAccessServer(context.Context, *connect.Request[kasregistry.DeleteKeyAccessServerRequest]) (*connect.Response[kasregistry.DeleteKeyAccessServerResponse], error) // Deprecated ListKeyAccessServerGrants(context.Context, *connect.Request[kasregistry.ListKeyAccessServerGrantsRequest]) (*connect.Response[kasregistry.ListKeyAccessServerGrantsResponse], error) - CreatePublicKey(context.Context, *connect.Request[kasregistry.CreatePublicKeyRequest]) (*connect.Response[kasregistry.CreatePublicKeyResponse], error) - GetPublicKey(context.Context, *connect.Request[kasregistry.GetPublicKeyRequest]) (*connect.Response[kasregistry.GetPublicKeyResponse], error) - ListPublicKeys(context.Context, *connect.Request[kasregistry.ListPublicKeysRequest]) (*connect.Response[kasregistry.ListPublicKeysResponse], error) - ListPublicKeyMapping(context.Context, *connect.Request[kasregistry.ListPublicKeyMappingRequest]) (*connect.Response[kasregistry.ListPublicKeyMappingResponse], error) - UpdatePublicKey(context.Context, *connect.Request[kasregistry.UpdatePublicKeyRequest]) (*connect.Response[kasregistry.UpdatePublicKeyResponse], error) - DeactivatePublicKey(context.Context, *connect.Request[kasregistry.DeactivatePublicKeyRequest]) (*connect.Response[kasregistry.DeactivatePublicKeyResponse], error) - ActivatePublicKey(context.Context, *connect.Request[kasregistry.ActivatePublicKeyRequest]) (*connect.Response[kasregistry.ActivatePublicKeyResponse], error) } // NewKeyAccessServerRegistryServiceClient constructs a client for the @@ -162,48 +127,6 @@ func NewKeyAccessServerRegistryServiceClient(httpClient connect.HTTPClient, base connect.WithIdempotency(connect.IdempotencyNoSideEffects), connect.WithClientOptions(opts...), ), - createPublicKey: connect.NewClient[kasregistry.CreatePublicKeyRequest, kasregistry.CreatePublicKeyResponse]( - httpClient, - baseURL+KeyAccessServerRegistryServiceCreatePublicKeyProcedure, - connect.WithSchema(keyAccessServerRegistryServiceCreatePublicKeyMethodDescriptor), - connect.WithClientOptions(opts...), - ), - getPublicKey: connect.NewClient[kasregistry.GetPublicKeyRequest, kasregistry.GetPublicKeyResponse]( - httpClient, - baseURL+KeyAccessServerRegistryServiceGetPublicKeyProcedure, - connect.WithSchema(keyAccessServerRegistryServiceGetPublicKeyMethodDescriptor), - connect.WithClientOptions(opts...), - ), - listPublicKeys: connect.NewClient[kasregistry.ListPublicKeysRequest, kasregistry.ListPublicKeysResponse]( - httpClient, - baseURL+KeyAccessServerRegistryServiceListPublicKeysProcedure, - connect.WithSchema(keyAccessServerRegistryServiceListPublicKeysMethodDescriptor), - connect.WithClientOptions(opts...), - ), - listPublicKeyMapping: connect.NewClient[kasregistry.ListPublicKeyMappingRequest, kasregistry.ListPublicKeyMappingResponse]( - httpClient, - baseURL+KeyAccessServerRegistryServiceListPublicKeyMappingProcedure, - connect.WithSchema(keyAccessServerRegistryServiceListPublicKeyMappingMethodDescriptor), - connect.WithClientOptions(opts...), - ), - updatePublicKey: connect.NewClient[kasregistry.UpdatePublicKeyRequest, kasregistry.UpdatePublicKeyResponse]( - httpClient, - baseURL+KeyAccessServerRegistryServiceUpdatePublicKeyProcedure, - connect.WithSchema(keyAccessServerRegistryServiceUpdatePublicKeyMethodDescriptor), - connect.WithClientOptions(opts...), - ), - deactivatePublicKey: connect.NewClient[kasregistry.DeactivatePublicKeyRequest, kasregistry.DeactivatePublicKeyResponse]( - httpClient, - baseURL+KeyAccessServerRegistryServiceDeactivatePublicKeyProcedure, - connect.WithSchema(keyAccessServerRegistryServiceDeactivatePublicKeyMethodDescriptor), - connect.WithClientOptions(opts...), - ), - activatePublicKey: connect.NewClient[kasregistry.ActivatePublicKeyRequest, kasregistry.ActivatePublicKeyResponse]( - httpClient, - baseURL+KeyAccessServerRegistryServiceActivatePublicKeyProcedure, - connect.WithSchema(keyAccessServerRegistryServiceActivatePublicKeyMethodDescriptor), - connect.WithClientOptions(opts...), - ), } } @@ -215,13 +138,6 @@ type keyAccessServerRegistryServiceClient struct { updateKeyAccessServer *connect.Client[kasregistry.UpdateKeyAccessServerRequest, kasregistry.UpdateKeyAccessServerResponse] deleteKeyAccessServer *connect.Client[kasregistry.DeleteKeyAccessServerRequest, kasregistry.DeleteKeyAccessServerResponse] listKeyAccessServerGrants *connect.Client[kasregistry.ListKeyAccessServerGrantsRequest, kasregistry.ListKeyAccessServerGrantsResponse] - createPublicKey *connect.Client[kasregistry.CreatePublicKeyRequest, kasregistry.CreatePublicKeyResponse] - getPublicKey *connect.Client[kasregistry.GetPublicKeyRequest, kasregistry.GetPublicKeyResponse] - listPublicKeys *connect.Client[kasregistry.ListPublicKeysRequest, kasregistry.ListPublicKeysResponse] - listPublicKeyMapping *connect.Client[kasregistry.ListPublicKeyMappingRequest, kasregistry.ListPublicKeyMappingResponse] - updatePublicKey *connect.Client[kasregistry.UpdatePublicKeyRequest, kasregistry.UpdatePublicKeyResponse] - deactivatePublicKey *connect.Client[kasregistry.DeactivatePublicKeyRequest, kasregistry.DeactivatePublicKeyResponse] - activatePublicKey *connect.Client[kasregistry.ActivatePublicKeyRequest, kasregistry.ActivatePublicKeyResponse] } // ListKeyAccessServers calls @@ -259,42 +175,6 @@ func (c *keyAccessServerRegistryServiceClient) ListKeyAccessServerGrants(ctx con return c.listKeyAccessServerGrants.CallUnary(ctx, req) } -// CreatePublicKey calls policy.kasregistry.KeyAccessServerRegistryService.CreatePublicKey. -func (c *keyAccessServerRegistryServiceClient) CreatePublicKey(ctx context.Context, req *connect.Request[kasregistry.CreatePublicKeyRequest]) (*connect.Response[kasregistry.CreatePublicKeyResponse], error) { - return c.createPublicKey.CallUnary(ctx, req) -} - -// GetPublicKey calls policy.kasregistry.KeyAccessServerRegistryService.GetPublicKey. -func (c *keyAccessServerRegistryServiceClient) GetPublicKey(ctx context.Context, req *connect.Request[kasregistry.GetPublicKeyRequest]) (*connect.Response[kasregistry.GetPublicKeyResponse], error) { - return c.getPublicKey.CallUnary(ctx, req) -} - -// ListPublicKeys calls policy.kasregistry.KeyAccessServerRegistryService.ListPublicKeys. -func (c *keyAccessServerRegistryServiceClient) ListPublicKeys(ctx context.Context, req *connect.Request[kasregistry.ListPublicKeysRequest]) (*connect.Response[kasregistry.ListPublicKeysResponse], error) { - return c.listPublicKeys.CallUnary(ctx, req) -} - -// ListPublicKeyMapping calls -// policy.kasregistry.KeyAccessServerRegistryService.ListPublicKeyMapping. -func (c *keyAccessServerRegistryServiceClient) ListPublicKeyMapping(ctx context.Context, req *connect.Request[kasregistry.ListPublicKeyMappingRequest]) (*connect.Response[kasregistry.ListPublicKeyMappingResponse], error) { - return c.listPublicKeyMapping.CallUnary(ctx, req) -} - -// UpdatePublicKey calls policy.kasregistry.KeyAccessServerRegistryService.UpdatePublicKey. -func (c *keyAccessServerRegistryServiceClient) UpdatePublicKey(ctx context.Context, req *connect.Request[kasregistry.UpdatePublicKeyRequest]) (*connect.Response[kasregistry.UpdatePublicKeyResponse], error) { - return c.updatePublicKey.CallUnary(ctx, req) -} - -// DeactivatePublicKey calls policy.kasregistry.KeyAccessServerRegistryService.DeactivatePublicKey. -func (c *keyAccessServerRegistryServiceClient) DeactivatePublicKey(ctx context.Context, req *connect.Request[kasregistry.DeactivatePublicKeyRequest]) (*connect.Response[kasregistry.DeactivatePublicKeyResponse], error) { - return c.deactivatePublicKey.CallUnary(ctx, req) -} - -// ActivatePublicKey calls policy.kasregistry.KeyAccessServerRegistryService.ActivatePublicKey. -func (c *keyAccessServerRegistryServiceClient) ActivatePublicKey(ctx context.Context, req *connect.Request[kasregistry.ActivatePublicKeyRequest]) (*connect.Response[kasregistry.ActivatePublicKeyResponse], error) { - return c.activatePublicKey.CallUnary(ctx, req) -} - // KeyAccessServerRegistryServiceHandler is an implementation of the // policy.kasregistry.KeyAccessServerRegistryService service. type KeyAccessServerRegistryServiceHandler interface { @@ -305,13 +185,6 @@ type KeyAccessServerRegistryServiceHandler interface { DeleteKeyAccessServer(context.Context, *connect.Request[kasregistry.DeleteKeyAccessServerRequest]) (*connect.Response[kasregistry.DeleteKeyAccessServerResponse], error) // Deprecated ListKeyAccessServerGrants(context.Context, *connect.Request[kasregistry.ListKeyAccessServerGrantsRequest]) (*connect.Response[kasregistry.ListKeyAccessServerGrantsResponse], error) - CreatePublicKey(context.Context, *connect.Request[kasregistry.CreatePublicKeyRequest]) (*connect.Response[kasregistry.CreatePublicKeyResponse], error) - GetPublicKey(context.Context, *connect.Request[kasregistry.GetPublicKeyRequest]) (*connect.Response[kasregistry.GetPublicKeyResponse], error) - ListPublicKeys(context.Context, *connect.Request[kasregistry.ListPublicKeysRequest]) (*connect.Response[kasregistry.ListPublicKeysResponse], error) - ListPublicKeyMapping(context.Context, *connect.Request[kasregistry.ListPublicKeyMappingRequest]) (*connect.Response[kasregistry.ListPublicKeyMappingResponse], error) - UpdatePublicKey(context.Context, *connect.Request[kasregistry.UpdatePublicKeyRequest]) (*connect.Response[kasregistry.UpdatePublicKeyResponse], error) - DeactivatePublicKey(context.Context, *connect.Request[kasregistry.DeactivatePublicKeyRequest]) (*connect.Response[kasregistry.DeactivatePublicKeyResponse], error) - ActivatePublicKey(context.Context, *connect.Request[kasregistry.ActivatePublicKeyRequest]) (*connect.Response[kasregistry.ActivatePublicKeyResponse], error) } // NewKeyAccessServerRegistryServiceHandler builds an HTTP handler from the service implementation. @@ -359,48 +232,6 @@ func NewKeyAccessServerRegistryServiceHandler(svc KeyAccessServerRegistryService connect.WithIdempotency(connect.IdempotencyNoSideEffects), connect.WithHandlerOptions(opts...), ) - keyAccessServerRegistryServiceCreatePublicKeyHandler := connect.NewUnaryHandler( - KeyAccessServerRegistryServiceCreatePublicKeyProcedure, - svc.CreatePublicKey, - connect.WithSchema(keyAccessServerRegistryServiceCreatePublicKeyMethodDescriptor), - connect.WithHandlerOptions(opts...), - ) - keyAccessServerRegistryServiceGetPublicKeyHandler := connect.NewUnaryHandler( - KeyAccessServerRegistryServiceGetPublicKeyProcedure, - svc.GetPublicKey, - connect.WithSchema(keyAccessServerRegistryServiceGetPublicKeyMethodDescriptor), - connect.WithHandlerOptions(opts...), - ) - keyAccessServerRegistryServiceListPublicKeysHandler := connect.NewUnaryHandler( - KeyAccessServerRegistryServiceListPublicKeysProcedure, - svc.ListPublicKeys, - connect.WithSchema(keyAccessServerRegistryServiceListPublicKeysMethodDescriptor), - connect.WithHandlerOptions(opts...), - ) - keyAccessServerRegistryServiceListPublicKeyMappingHandler := connect.NewUnaryHandler( - KeyAccessServerRegistryServiceListPublicKeyMappingProcedure, - svc.ListPublicKeyMapping, - connect.WithSchema(keyAccessServerRegistryServiceListPublicKeyMappingMethodDescriptor), - connect.WithHandlerOptions(opts...), - ) - keyAccessServerRegistryServiceUpdatePublicKeyHandler := connect.NewUnaryHandler( - KeyAccessServerRegistryServiceUpdatePublicKeyProcedure, - svc.UpdatePublicKey, - connect.WithSchema(keyAccessServerRegistryServiceUpdatePublicKeyMethodDescriptor), - connect.WithHandlerOptions(opts...), - ) - keyAccessServerRegistryServiceDeactivatePublicKeyHandler := connect.NewUnaryHandler( - KeyAccessServerRegistryServiceDeactivatePublicKeyProcedure, - svc.DeactivatePublicKey, - connect.WithSchema(keyAccessServerRegistryServiceDeactivatePublicKeyMethodDescriptor), - connect.WithHandlerOptions(opts...), - ) - keyAccessServerRegistryServiceActivatePublicKeyHandler := connect.NewUnaryHandler( - KeyAccessServerRegistryServiceActivatePublicKeyProcedure, - svc.ActivatePublicKey, - connect.WithSchema(keyAccessServerRegistryServiceActivatePublicKeyMethodDescriptor), - connect.WithHandlerOptions(opts...), - ) return "/policy.kasregistry.KeyAccessServerRegistryService/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { switch r.URL.Path { case KeyAccessServerRegistryServiceListKeyAccessServersProcedure: @@ -415,20 +246,6 @@ func NewKeyAccessServerRegistryServiceHandler(svc KeyAccessServerRegistryService keyAccessServerRegistryServiceDeleteKeyAccessServerHandler.ServeHTTP(w, r) case KeyAccessServerRegistryServiceListKeyAccessServerGrantsProcedure: keyAccessServerRegistryServiceListKeyAccessServerGrantsHandler.ServeHTTP(w, r) - case KeyAccessServerRegistryServiceCreatePublicKeyProcedure: - keyAccessServerRegistryServiceCreatePublicKeyHandler.ServeHTTP(w, r) - case KeyAccessServerRegistryServiceGetPublicKeyProcedure: - keyAccessServerRegistryServiceGetPublicKeyHandler.ServeHTTP(w, r) - case KeyAccessServerRegistryServiceListPublicKeysProcedure: - keyAccessServerRegistryServiceListPublicKeysHandler.ServeHTTP(w, r) - case KeyAccessServerRegistryServiceListPublicKeyMappingProcedure: - keyAccessServerRegistryServiceListPublicKeyMappingHandler.ServeHTTP(w, r) - case KeyAccessServerRegistryServiceUpdatePublicKeyProcedure: - keyAccessServerRegistryServiceUpdatePublicKeyHandler.ServeHTTP(w, r) - case KeyAccessServerRegistryServiceDeactivatePublicKeyProcedure: - keyAccessServerRegistryServiceDeactivatePublicKeyHandler.ServeHTTP(w, r) - case KeyAccessServerRegistryServiceActivatePublicKeyProcedure: - keyAccessServerRegistryServiceActivatePublicKeyHandler.ServeHTTP(w, r) default: http.NotFound(w, r) } @@ -461,31 +278,3 @@ func (UnimplementedKeyAccessServerRegistryServiceHandler) DeleteKeyAccessServer( func (UnimplementedKeyAccessServerRegistryServiceHandler) ListKeyAccessServerGrants(context.Context, *connect.Request[kasregistry.ListKeyAccessServerGrantsRequest]) (*connect.Response[kasregistry.ListKeyAccessServerGrantsResponse], error) { return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServerGrants is not implemented")) } - -func (UnimplementedKeyAccessServerRegistryServiceHandler) CreatePublicKey(context.Context, *connect.Request[kasregistry.CreatePublicKeyRequest]) (*connect.Response[kasregistry.CreatePublicKeyResponse], error) { - return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.kasregistry.KeyAccessServerRegistryService.CreatePublicKey is not implemented")) -} - -func (UnimplementedKeyAccessServerRegistryServiceHandler) GetPublicKey(context.Context, *connect.Request[kasregistry.GetPublicKeyRequest]) (*connect.Response[kasregistry.GetPublicKeyResponse], error) { - return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.kasregistry.KeyAccessServerRegistryService.GetPublicKey is not implemented")) -} - -func (UnimplementedKeyAccessServerRegistryServiceHandler) ListPublicKeys(context.Context, *connect.Request[kasregistry.ListPublicKeysRequest]) (*connect.Response[kasregistry.ListPublicKeysResponse], error) { - return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.kasregistry.KeyAccessServerRegistryService.ListPublicKeys is not implemented")) -} - -func (UnimplementedKeyAccessServerRegistryServiceHandler) ListPublicKeyMapping(context.Context, *connect.Request[kasregistry.ListPublicKeyMappingRequest]) (*connect.Response[kasregistry.ListPublicKeyMappingResponse], error) { - return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.kasregistry.KeyAccessServerRegistryService.ListPublicKeyMapping is not implemented")) -} - -func (UnimplementedKeyAccessServerRegistryServiceHandler) UpdatePublicKey(context.Context, *connect.Request[kasregistry.UpdatePublicKeyRequest]) (*connect.Response[kasregistry.UpdatePublicKeyResponse], error) { - return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.kasregistry.KeyAccessServerRegistryService.UpdatePublicKey is not implemented")) -} - -func (UnimplementedKeyAccessServerRegistryServiceHandler) DeactivatePublicKey(context.Context, *connect.Request[kasregistry.DeactivatePublicKeyRequest]) (*connect.Response[kasregistry.DeactivatePublicKeyResponse], error) { - return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.kasregistry.KeyAccessServerRegistryService.DeactivatePublicKey is not implemented")) -} - -func (UnimplementedKeyAccessServerRegistryServiceHandler) ActivatePublicKey(context.Context, *connect.Request[kasregistry.ActivatePublicKeyRequest]) (*connect.Response[kasregistry.ActivatePublicKeyResponse], error) { - return nil, connect.NewError(connect.CodeUnimplemented, errors.New("policy.kasregistry.KeyAccessServerRegistryService.ActivatePublicKey is not implemented")) -} diff --git a/protocol/go/policy/kasregistry/key_access_server_registry.pb.go b/protocol/go/policy/kasregistry/key_access_server_registry.pb.go index fd54fee6a7..08a5d6ad45 100644 --- a/protocol/go/policy/kasregistry/key_access_server_registry.pb.go +++ b/protocol/go/policy/kasregistry/key_access_server_registry.pb.go @@ -2389,7 +2389,7 @@ var file_policy_kasregistry_key_access_server_registry_proto_rawDesc = []byte{ 0x12, 0x34, 0x0a, 0x0a, 0x70, 0x61, 0x67, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x61, 0x67, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x0a, 0x70, 0x61, 0x67, 0x69, - 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0x84, 0x0e, 0x0a, 0x1e, 0x4b, 0x65, 0x79, 0x41, 0x63, + 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x32, 0xed, 0x07, 0x0a, 0x1e, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x99, 0x01, 0x0a, 0x14, 0x4c, 0x69, 0x73, 0x74, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, @@ -2452,71 +2452,21 @@ var file_policy_kasregistry_key_access_server_registry_proto_rawDesc = []byte{ 0x72, 0x47, 0x72, 0x61, 0x6e, 0x74, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x25, 0x82, 0xd3, 0xe4, 0x93, 0x02, 0x1c, 0x12, 0x1a, 0x2f, 0x6b, 0x65, 0x79, 0x2d, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x2d, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x2f, 0x67, 0x72, 0x61, - 0x6e, 0x74, 0x73, 0x90, 0x02, 0x01, 0x12, 0x6c, 0x0a, 0x0f, 0x43, 0x72, 0x65, 0x61, 0x74, 0x65, - 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x2a, 0x2e, 0x70, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x43, - 0x72, 0x65, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, - 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x43, 0x72, 0x65, 0x61, 0x74, - 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x22, 0x00, 0x12, 0x63, 0x0a, 0x0c, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, - 0x63, 0x4b, 0x65, 0x79, 0x12, 0x27, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, - 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, - 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, - 0x72, 0x79, 0x2e, 0x47, 0x65, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x69, 0x0a, 0x0e, 0x4c, 0x69, 0x73, - 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x73, 0x12, 0x29, 0x2e, 0x70, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, - 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x73, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2a, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, - 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, - 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x22, 0x00, 0x12, 0x7b, 0x0a, 0x14, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x75, 0x62, 0x6c, - 0x69, 0x63, 0x4b, 0x65, 0x79, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x2f, 0x2e, 0x70, - 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x4d, - 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x30, 0x2e, - 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, - 0x72, 0x79, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, - 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, - 0x00, 0x12, 0x6c, 0x0a, 0x0f, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, - 0x63, 0x4b, 0x65, 0x79, 0x12, 0x2a, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, - 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, - 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x2b, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, - 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62, 0x6c, - 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, - 0x78, 0x0a, 0x13, 0x44, 0x65, 0x61, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62, - 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x2e, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, - 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x44, 0x65, 0x61, 0x63, - 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2f, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, - 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x2e, 0x44, 0x65, 0x61, 0x63, - 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x72, 0x0a, 0x11, 0x41, 0x63, 0x74, - 0x69, 0x76, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x2c, - 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, - 0x74, 0x72, 0x79, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62, 0x6c, - 0x69, 0x63, 0x4b, 0x65, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x70, + 0x6e, 0x74, 0x73, 0x90, 0x02, 0x01, 0x42, 0xdb, 0x01, 0x0a, 0x16, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x79, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x76, 0x61, 0x74, 0x65, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, - 0x4b, 0x65, 0x79, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0xdb, 0x01, - 0x0a, 0x16, 0x63, 0x6f, 0x6d, 0x2e, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x6b, 0x61, 0x73, - 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x42, 0x1c, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, - 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, - 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, - 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, - 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, - 0x6f, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2f, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, - 0x73, 0x74, 0x72, 0x79, 0xa2, 0x02, 0x03, 0x50, 0x4b, 0x58, 0xaa, 0x02, 0x12, 0x50, 0x6f, 0x6c, - 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0xca, - 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, - 0x73, 0x74, 0x72, 0x79, 0xe2, 0x02, 0x1e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x4b, 0x61, - 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, - 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x13, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x3a, 0x3a, - 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x79, 0x42, 0x1c, 0x4b, 0x65, 0x79, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x53, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x52, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, + 0x01, 0x5a, 0x3a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6f, 0x70, + 0x65, 0x6e, 0x74, 0x64, 0x66, 0x2f, 0x70, 0x6c, 0x61, 0x74, 0x66, 0x6f, 0x72, 0x6d, 0x2f, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2f, 0x67, 0x6f, 0x2f, 0x70, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x2f, 0x6b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0xa2, 0x02, 0x03, + 0x50, 0x4b, 0x58, 0xaa, 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4b, 0x61, 0x73, + 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0xca, 0x02, 0x12, 0x50, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x5c, 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x72, 0x79, 0xe2, 0x02, 0x1e, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x5c, 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, + 0x72, 0x79, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, + 0x13, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x3a, 0x3a, 0x4b, 0x61, 0x73, 0x72, 0x65, 0x67, 0x69, + 0x73, 0x74, 0x72, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -2619,28 +2569,14 @@ var file_policy_kasregistry_key_access_server_registry_proto_depIdxs = []int32{ 6, // 42: policy.kasregistry.KeyAccessServerRegistryService.UpdateKeyAccessServer:input_type -> policy.kasregistry.UpdateKeyAccessServerRequest 8, // 43: policy.kasregistry.KeyAccessServerRegistryService.DeleteKeyAccessServer:input_type -> policy.kasregistry.DeleteKeyAccessServerRequest 26, // 44: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServerGrants:input_type -> policy.kasregistry.ListKeyAccessServerGrantsRequest - 12, // 45: policy.kasregistry.KeyAccessServerRegistryService.CreatePublicKey:input_type -> policy.kasregistry.CreatePublicKeyRequest - 14, // 46: policy.kasregistry.KeyAccessServerRegistryService.GetPublicKey:input_type -> policy.kasregistry.GetPublicKeyRequest - 16, // 47: policy.kasregistry.KeyAccessServerRegistryService.ListPublicKeys:input_type -> policy.kasregistry.ListPublicKeysRequest - 18, // 48: policy.kasregistry.KeyAccessServerRegistryService.ListPublicKeyMapping:input_type -> policy.kasregistry.ListPublicKeyMappingRequest - 20, // 49: policy.kasregistry.KeyAccessServerRegistryService.UpdatePublicKey:input_type -> policy.kasregistry.UpdatePublicKeyRequest - 22, // 50: policy.kasregistry.KeyAccessServerRegistryService.DeactivatePublicKey:input_type -> policy.kasregistry.DeactivatePublicKeyRequest - 24, // 51: policy.kasregistry.KeyAccessServerRegistryService.ActivatePublicKey:input_type -> policy.kasregistry.ActivatePublicKeyRequest - 3, // 52: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServers:output_type -> policy.kasregistry.ListKeyAccessServersResponse - 1, // 53: policy.kasregistry.KeyAccessServerRegistryService.GetKeyAccessServer:output_type -> policy.kasregistry.GetKeyAccessServerResponse - 5, // 54: policy.kasregistry.KeyAccessServerRegistryService.CreateKeyAccessServer:output_type -> policy.kasregistry.CreateKeyAccessServerResponse - 7, // 55: policy.kasregistry.KeyAccessServerRegistryService.UpdateKeyAccessServer:output_type -> policy.kasregistry.UpdateKeyAccessServerResponse - 9, // 56: policy.kasregistry.KeyAccessServerRegistryService.DeleteKeyAccessServer:output_type -> policy.kasregistry.DeleteKeyAccessServerResponse - 27, // 57: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServerGrants:output_type -> policy.kasregistry.ListKeyAccessServerGrantsResponse - 13, // 58: policy.kasregistry.KeyAccessServerRegistryService.CreatePublicKey:output_type -> policy.kasregistry.CreatePublicKeyResponse - 15, // 59: policy.kasregistry.KeyAccessServerRegistryService.GetPublicKey:output_type -> policy.kasregistry.GetPublicKeyResponse - 17, // 60: policy.kasregistry.KeyAccessServerRegistryService.ListPublicKeys:output_type -> policy.kasregistry.ListPublicKeysResponse - 19, // 61: policy.kasregistry.KeyAccessServerRegistryService.ListPublicKeyMapping:output_type -> policy.kasregistry.ListPublicKeyMappingResponse - 21, // 62: policy.kasregistry.KeyAccessServerRegistryService.UpdatePublicKey:output_type -> policy.kasregistry.UpdatePublicKeyResponse - 23, // 63: policy.kasregistry.KeyAccessServerRegistryService.DeactivatePublicKey:output_type -> policy.kasregistry.DeactivatePublicKeyResponse - 25, // 64: policy.kasregistry.KeyAccessServerRegistryService.ActivatePublicKey:output_type -> policy.kasregistry.ActivatePublicKeyResponse - 52, // [52:65] is the sub-list for method output_type - 39, // [39:52] is the sub-list for method input_type + 3, // 45: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServers:output_type -> policy.kasregistry.ListKeyAccessServersResponse + 1, // 46: policy.kasregistry.KeyAccessServerRegistryService.GetKeyAccessServer:output_type -> policy.kasregistry.GetKeyAccessServerResponse + 5, // 47: policy.kasregistry.KeyAccessServerRegistryService.CreateKeyAccessServer:output_type -> policy.kasregistry.CreateKeyAccessServerResponse + 7, // 48: policy.kasregistry.KeyAccessServerRegistryService.UpdateKeyAccessServer:output_type -> policy.kasregistry.UpdateKeyAccessServerResponse + 9, // 49: policy.kasregistry.KeyAccessServerRegistryService.DeleteKeyAccessServer:output_type -> policy.kasregistry.DeleteKeyAccessServerResponse + 27, // 50: policy.kasregistry.KeyAccessServerRegistryService.ListKeyAccessServerGrants:output_type -> policy.kasregistry.ListKeyAccessServerGrantsResponse + 45, // [45:51] is the sub-list for method output_type + 39, // [39:45] is the sub-list for method input_type 39, // [39:39] is the sub-list for extension type_name 39, // [39:39] is the sub-list for extension extendee 0, // [0:39] is the sub-list for field type_name diff --git a/protocol/go/policy/kasregistry/key_access_server_registry_grpc.pb.go b/protocol/go/policy/kasregistry/key_access_server_registry_grpc.pb.go index 3204f5def6..d63ab62eed 100644 --- a/protocol/go/policy/kasregistry/key_access_server_registry_grpc.pb.go +++ b/protocol/go/policy/kasregistry/key_access_server_registry_grpc.pb.go @@ -25,13 +25,6 @@ const ( KeyAccessServerRegistryService_UpdateKeyAccessServer_FullMethodName = "/policy.kasregistry.KeyAccessServerRegistryService/UpdateKeyAccessServer" KeyAccessServerRegistryService_DeleteKeyAccessServer_FullMethodName = "/policy.kasregistry.KeyAccessServerRegistryService/DeleteKeyAccessServer" KeyAccessServerRegistryService_ListKeyAccessServerGrants_FullMethodName = "/policy.kasregistry.KeyAccessServerRegistryService/ListKeyAccessServerGrants" - KeyAccessServerRegistryService_CreatePublicKey_FullMethodName = "/policy.kasregistry.KeyAccessServerRegistryService/CreatePublicKey" - KeyAccessServerRegistryService_GetPublicKey_FullMethodName = "/policy.kasregistry.KeyAccessServerRegistryService/GetPublicKey" - KeyAccessServerRegistryService_ListPublicKeys_FullMethodName = "/policy.kasregistry.KeyAccessServerRegistryService/ListPublicKeys" - KeyAccessServerRegistryService_ListPublicKeyMapping_FullMethodName = "/policy.kasregistry.KeyAccessServerRegistryService/ListPublicKeyMapping" - KeyAccessServerRegistryService_UpdatePublicKey_FullMethodName = "/policy.kasregistry.KeyAccessServerRegistryService/UpdatePublicKey" - KeyAccessServerRegistryService_DeactivatePublicKey_FullMethodName = "/policy.kasregistry.KeyAccessServerRegistryService/DeactivatePublicKey" - KeyAccessServerRegistryService_ActivatePublicKey_FullMethodName = "/policy.kasregistry.KeyAccessServerRegistryService/ActivatePublicKey" ) // KeyAccessServerRegistryServiceClient is the client API for KeyAccessServerRegistryService service. @@ -45,13 +38,6 @@ type KeyAccessServerRegistryServiceClient interface { DeleteKeyAccessServer(ctx context.Context, in *DeleteKeyAccessServerRequest, opts ...grpc.CallOption) (*DeleteKeyAccessServerResponse, error) // Deprecated ListKeyAccessServerGrants(ctx context.Context, in *ListKeyAccessServerGrantsRequest, opts ...grpc.CallOption) (*ListKeyAccessServerGrantsResponse, error) - CreatePublicKey(ctx context.Context, in *CreatePublicKeyRequest, opts ...grpc.CallOption) (*CreatePublicKeyResponse, error) - GetPublicKey(ctx context.Context, in *GetPublicKeyRequest, opts ...grpc.CallOption) (*GetPublicKeyResponse, error) - ListPublicKeys(ctx context.Context, in *ListPublicKeysRequest, opts ...grpc.CallOption) (*ListPublicKeysResponse, error) - ListPublicKeyMapping(ctx context.Context, in *ListPublicKeyMappingRequest, opts ...grpc.CallOption) (*ListPublicKeyMappingResponse, error) - UpdatePublicKey(ctx context.Context, in *UpdatePublicKeyRequest, opts ...grpc.CallOption) (*UpdatePublicKeyResponse, error) - DeactivatePublicKey(ctx context.Context, in *DeactivatePublicKeyRequest, opts ...grpc.CallOption) (*DeactivatePublicKeyResponse, error) - ActivatePublicKey(ctx context.Context, in *ActivatePublicKeyRequest, opts ...grpc.CallOption) (*ActivatePublicKeyResponse, error) } type keyAccessServerRegistryServiceClient struct { @@ -116,69 +102,6 @@ func (c *keyAccessServerRegistryServiceClient) ListKeyAccessServerGrants(ctx con return out, nil } -func (c *keyAccessServerRegistryServiceClient) CreatePublicKey(ctx context.Context, in *CreatePublicKeyRequest, opts ...grpc.CallOption) (*CreatePublicKeyResponse, error) { - out := new(CreatePublicKeyResponse) - err := c.cc.Invoke(ctx, KeyAccessServerRegistryService_CreatePublicKey_FullMethodName, in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *keyAccessServerRegistryServiceClient) GetPublicKey(ctx context.Context, in *GetPublicKeyRequest, opts ...grpc.CallOption) (*GetPublicKeyResponse, error) { - out := new(GetPublicKeyResponse) - err := c.cc.Invoke(ctx, KeyAccessServerRegistryService_GetPublicKey_FullMethodName, in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *keyAccessServerRegistryServiceClient) ListPublicKeys(ctx context.Context, in *ListPublicKeysRequest, opts ...grpc.CallOption) (*ListPublicKeysResponse, error) { - out := new(ListPublicKeysResponse) - err := c.cc.Invoke(ctx, KeyAccessServerRegistryService_ListPublicKeys_FullMethodName, in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *keyAccessServerRegistryServiceClient) ListPublicKeyMapping(ctx context.Context, in *ListPublicKeyMappingRequest, opts ...grpc.CallOption) (*ListPublicKeyMappingResponse, error) { - out := new(ListPublicKeyMappingResponse) - err := c.cc.Invoke(ctx, KeyAccessServerRegistryService_ListPublicKeyMapping_FullMethodName, in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *keyAccessServerRegistryServiceClient) UpdatePublicKey(ctx context.Context, in *UpdatePublicKeyRequest, opts ...grpc.CallOption) (*UpdatePublicKeyResponse, error) { - out := new(UpdatePublicKeyResponse) - err := c.cc.Invoke(ctx, KeyAccessServerRegistryService_UpdatePublicKey_FullMethodName, in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *keyAccessServerRegistryServiceClient) DeactivatePublicKey(ctx context.Context, in *DeactivatePublicKeyRequest, opts ...grpc.CallOption) (*DeactivatePublicKeyResponse, error) { - out := new(DeactivatePublicKeyResponse) - err := c.cc.Invoke(ctx, KeyAccessServerRegistryService_DeactivatePublicKey_FullMethodName, in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *keyAccessServerRegistryServiceClient) ActivatePublicKey(ctx context.Context, in *ActivatePublicKeyRequest, opts ...grpc.CallOption) (*ActivatePublicKeyResponse, error) { - out := new(ActivatePublicKeyResponse) - err := c.cc.Invoke(ctx, KeyAccessServerRegistryService_ActivatePublicKey_FullMethodName, in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - // KeyAccessServerRegistryServiceServer is the server API for KeyAccessServerRegistryService service. // All implementations must embed UnimplementedKeyAccessServerRegistryServiceServer // for forward compatibility @@ -190,13 +113,6 @@ type KeyAccessServerRegistryServiceServer interface { DeleteKeyAccessServer(context.Context, *DeleteKeyAccessServerRequest) (*DeleteKeyAccessServerResponse, error) // Deprecated ListKeyAccessServerGrants(context.Context, *ListKeyAccessServerGrantsRequest) (*ListKeyAccessServerGrantsResponse, error) - CreatePublicKey(context.Context, *CreatePublicKeyRequest) (*CreatePublicKeyResponse, error) - GetPublicKey(context.Context, *GetPublicKeyRequest) (*GetPublicKeyResponse, error) - ListPublicKeys(context.Context, *ListPublicKeysRequest) (*ListPublicKeysResponse, error) - ListPublicKeyMapping(context.Context, *ListPublicKeyMappingRequest) (*ListPublicKeyMappingResponse, error) - UpdatePublicKey(context.Context, *UpdatePublicKeyRequest) (*UpdatePublicKeyResponse, error) - DeactivatePublicKey(context.Context, *DeactivatePublicKeyRequest) (*DeactivatePublicKeyResponse, error) - ActivatePublicKey(context.Context, *ActivatePublicKeyRequest) (*ActivatePublicKeyResponse, error) mustEmbedUnimplementedKeyAccessServerRegistryServiceServer() } @@ -222,27 +138,6 @@ func (UnimplementedKeyAccessServerRegistryServiceServer) DeleteKeyAccessServer(c func (UnimplementedKeyAccessServerRegistryServiceServer) ListKeyAccessServerGrants(context.Context, *ListKeyAccessServerGrantsRequest) (*ListKeyAccessServerGrantsResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method ListKeyAccessServerGrants not implemented") } -func (UnimplementedKeyAccessServerRegistryServiceServer) CreatePublicKey(context.Context, *CreatePublicKeyRequest) (*CreatePublicKeyResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreatePublicKey not implemented") -} -func (UnimplementedKeyAccessServerRegistryServiceServer) GetPublicKey(context.Context, *GetPublicKeyRequest) (*GetPublicKeyResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method GetPublicKey not implemented") -} -func (UnimplementedKeyAccessServerRegistryServiceServer) ListPublicKeys(context.Context, *ListPublicKeysRequest) (*ListPublicKeysResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method ListPublicKeys not implemented") -} -func (UnimplementedKeyAccessServerRegistryServiceServer) ListPublicKeyMapping(context.Context, *ListPublicKeyMappingRequest) (*ListPublicKeyMappingResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method ListPublicKeyMapping not implemented") -} -func (UnimplementedKeyAccessServerRegistryServiceServer) UpdatePublicKey(context.Context, *UpdatePublicKeyRequest) (*UpdatePublicKeyResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method UpdatePublicKey not implemented") -} -func (UnimplementedKeyAccessServerRegistryServiceServer) DeactivatePublicKey(context.Context, *DeactivatePublicKeyRequest) (*DeactivatePublicKeyResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method DeactivatePublicKey not implemented") -} -func (UnimplementedKeyAccessServerRegistryServiceServer) ActivatePublicKey(context.Context, *ActivatePublicKeyRequest) (*ActivatePublicKeyResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method ActivatePublicKey not implemented") -} func (UnimplementedKeyAccessServerRegistryServiceServer) mustEmbedUnimplementedKeyAccessServerRegistryServiceServer() { } @@ -365,132 +260,6 @@ func _KeyAccessServerRegistryService_ListKeyAccessServerGrants_Handler(srv inter return interceptor(ctx, in, info, handler) } -func _KeyAccessServerRegistryService_CreatePublicKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CreatePublicKeyRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(KeyAccessServerRegistryServiceServer).CreatePublicKey(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: KeyAccessServerRegistryService_CreatePublicKey_FullMethodName, - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(KeyAccessServerRegistryServiceServer).CreatePublicKey(ctx, req.(*CreatePublicKeyRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _KeyAccessServerRegistryService_GetPublicKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(GetPublicKeyRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(KeyAccessServerRegistryServiceServer).GetPublicKey(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: KeyAccessServerRegistryService_GetPublicKey_FullMethodName, - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(KeyAccessServerRegistryServiceServer).GetPublicKey(ctx, req.(*GetPublicKeyRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _KeyAccessServerRegistryService_ListPublicKeys_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ListPublicKeysRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(KeyAccessServerRegistryServiceServer).ListPublicKeys(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: KeyAccessServerRegistryService_ListPublicKeys_FullMethodName, - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(KeyAccessServerRegistryServiceServer).ListPublicKeys(ctx, req.(*ListPublicKeysRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _KeyAccessServerRegistryService_ListPublicKeyMapping_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ListPublicKeyMappingRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(KeyAccessServerRegistryServiceServer).ListPublicKeyMapping(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: KeyAccessServerRegistryService_ListPublicKeyMapping_FullMethodName, - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(KeyAccessServerRegistryServiceServer).ListPublicKeyMapping(ctx, req.(*ListPublicKeyMappingRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _KeyAccessServerRegistryService_UpdatePublicKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(UpdatePublicKeyRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(KeyAccessServerRegistryServiceServer).UpdatePublicKey(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: KeyAccessServerRegistryService_UpdatePublicKey_FullMethodName, - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(KeyAccessServerRegistryServiceServer).UpdatePublicKey(ctx, req.(*UpdatePublicKeyRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _KeyAccessServerRegistryService_DeactivatePublicKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(DeactivatePublicKeyRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(KeyAccessServerRegistryServiceServer).DeactivatePublicKey(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: KeyAccessServerRegistryService_DeactivatePublicKey_FullMethodName, - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(KeyAccessServerRegistryServiceServer).DeactivatePublicKey(ctx, req.(*DeactivatePublicKeyRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _KeyAccessServerRegistryService_ActivatePublicKey_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ActivatePublicKeyRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(KeyAccessServerRegistryServiceServer).ActivatePublicKey(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: KeyAccessServerRegistryService_ActivatePublicKey_FullMethodName, - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(KeyAccessServerRegistryServiceServer).ActivatePublicKey(ctx, req.(*ActivatePublicKeyRequest)) - } - return interceptor(ctx, in, info, handler) -} - // KeyAccessServerRegistryService_ServiceDesc is the grpc.ServiceDesc for KeyAccessServerRegistryService service. // It's only intended for direct use with grpc.RegisterService, // and not to be introspected or modified (even as a copy) @@ -522,34 +291,6 @@ var KeyAccessServerRegistryService_ServiceDesc = grpc.ServiceDesc{ MethodName: "ListKeyAccessServerGrants", Handler: _KeyAccessServerRegistryService_ListKeyAccessServerGrants_Handler, }, - { - MethodName: "CreatePublicKey", - Handler: _KeyAccessServerRegistryService_CreatePublicKey_Handler, - }, - { - MethodName: "GetPublicKey", - Handler: _KeyAccessServerRegistryService_GetPublicKey_Handler, - }, - { - MethodName: "ListPublicKeys", - Handler: _KeyAccessServerRegistryService_ListPublicKeys_Handler, - }, - { - MethodName: "ListPublicKeyMapping", - Handler: _KeyAccessServerRegistryService_ListPublicKeyMapping_Handler, - }, - { - MethodName: "UpdatePublicKey", - Handler: _KeyAccessServerRegistryService_UpdatePublicKey_Handler, - }, - { - MethodName: "DeactivatePublicKey", - Handler: _KeyAccessServerRegistryService_DeactivatePublicKey_Handler, - }, - { - MethodName: "ActivatePublicKey", - Handler: _KeyAccessServerRegistryService_ActivatePublicKey_Handler, - }, }, Streams: []grpc.StreamDesc{}, Metadata: "policy/kasregistry/key_access_server_registry.proto", diff --git a/service/policy/attributes/attributes.go b/service/policy/attributes/attributes.go index 7e5e65ab88..4ceaa4d4b9 100644 --- a/service/policy/attributes/attributes.go +++ b/service/policy/attributes/attributes.go @@ -410,36 +410,18 @@ func (s *AttributesService) RemoveKeyAccessServerFromValue(ctx context.Context, return connect.NewResponse(rsp), nil } -func (s *AttributesService) AssignKeyToAttribute(ctx context.Context, req *connect.Request[attributes.AssignKeyToAttributeRequest]) (*connect.Response[attributes.AssignKeyToAttributeResponse], error) { - err := s.dbClient.AssignPublicKeyToAttribute(ctx, req.Msg.GetAttributeKey()) - if err != nil { - return nil, db.StatusifyError(err, db.ErrTextCreationFailed, slog.String("attributeKey", req.Msg.GetAttributeKey().String())) - } - return connect.NewResponse(&attributes.AssignKeyToAttributeResponse{}), nil +func (s *AttributesService) AssignKeyToAttribute(context.Context, *connect.Request[attributes.AssignKeyToAttributeRequest]) (*connect.Response[attributes.AssignKeyToAttributeResponse], error) { + return nil, connect.NewError(connect.CodeUnimplemented, nil) } -func (s *AttributesService) RemoveKeyFromAttribute(ctx context.Context, req *connect.Request[attributes.RemoveKeyFromAttributeRequest]) (*connect.Response[attributes.RemoveKeyFromAttributeResponse], error) { - k, err := s.dbClient.RemovePublicKeyFromAttribute(ctx, req.Msg.GetAttributeKey()) - if err != nil { - return nil, db.StatusifyError(err, db.ErrTextDeletionFailed, slog.String("attributeKey", req.Msg.GetAttributeKey().String())) - } - return connect.NewResponse(&attributes.RemoveKeyFromAttributeResponse{ - AttributeKey: k, - }), nil +func (s *AttributesService) RemoveKeyFromAttribute(context.Context, *connect.Request[attributes.RemoveKeyFromAttributeRequest]) (*connect.Response[attributes.RemoveKeyFromAttributeResponse], error) { + return nil, connect.NewError(connect.CodeUnimplemented, nil) } -func (s *AttributesService) AssignKeyToValue(ctx context.Context, req *connect.Request[attributes.AssignKeyToValueRequest]) (*connect.Response[attributes.AssignKeyToValueResponse], error) { - err := s.dbClient.AssignPublicKeyToValue(ctx, req.Msg.GetValueKey()) - if err != nil { - return nil, db.StatusifyError(err, db.ErrTextCreationFailed, slog.String("attributeValueKey", req.Msg.GetValueKey().String())) - } - return connect.NewResponse(&attributes.AssignKeyToValueResponse{}), nil +func (s *AttributesService) AssignKeyToValue(context.Context, *connect.Request[attributes.AssignKeyToValueRequest]) (*connect.Response[attributes.AssignKeyToValueResponse], error) { + return nil, connect.NewError(connect.CodeUnimplemented, nil) } -func (s *AttributesService) RemoveKeyFromValue(ctx context.Context, req *connect.Request[attributes.RemoveKeyFromValueRequest]) (*connect.Response[attributes.RemoveKeyFromValueResponse], error) { - _, err := s.dbClient.RemovePublicKeyFromValue(ctx, req.Msg.GetValueKey()) - if err != nil { - return nil, db.StatusifyError(err, db.ErrTextDeletionFailed, slog.String("attributeValueKey", req.Msg.GetValueKey().String())) - } - return connect.NewResponse(&attributes.RemoveKeyFromValueResponse{}), nil +func (s *AttributesService) RemoveKeyFromValue(context.Context, *connect.Request[attributes.RemoveKeyFromValueRequest]) (*connect.Response[attributes.RemoveKeyFromValueResponse], error) { + return nil, connect.NewError(connect.CodeUnimplemented, nil) } diff --git a/service/policy/kasregistry/key_access_server_registry.go b/service/policy/kasregistry/key_access_server_registry.go index c13596c9dc..4cf19a2554 100644 --- a/service/policy/kasregistry/key_access_server_registry.go +++ b/service/policy/kasregistry/key_access_server_registry.go @@ -2,11 +2,6 @@ package kasregistry import ( "context" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rsa" - "crypto/x509" - "encoding/pem" "errors" "log/slog" @@ -192,184 +187,3 @@ func (s KeyAccessServerRegistry) ListKeyAccessServerGrants(ctx context.Context, return connect.NewResponse(rsp), nil } - -func (s KeyAccessServerRegistry) CreatePublicKey(ctx context.Context, req *connect.Request[kasr.CreatePublicKeyRequest]) (*connect.Response[kasr.CreatePublicKeyResponse], error) { - auditParams := audit.PolicyEventParams{ - ActionType: audit.ActionTypeCreate, - ObjectType: audit.ObjectTypePublicKey, - } - - // Verify the key matches the algorithm - if err := verifyKeyAlg(req.Msg.GetKey().GetPem(), req.Msg.GetKey().GetAlg()); err != nil { - s.logger.Audit.PolicyCRUDFailure(ctx, auditParams) - return nil, connect.NewError(connect.CodeInvalidArgument, err) - } - - resp, err := s.dbClient.CreatePublicKey(ctx, req.Msg) - if err != nil { - s.logger.Audit.PolicyCRUDFailure(ctx, auditParams) - s.logger.ErrorContext(ctx, "failed to create key", slog.Any("key", err.Error())) - return nil, db.StatusifyError(err, db.ErrTextCreationFailed) - } - - auditParams.ObjectID = resp.GetKey().GetId() - auditParams.Original = resp.GetKey() - s.logger.Audit.PolicyCRUDSuccess(ctx, auditParams) - - return connect.NewResponse(resp), nil -} - -// Helper function to get curve from algorithm -func getCurveFromAlg(alg policy.KasPublicKeyAlgEnum) (elliptic.Curve, error) { - switch alg { //nolint:exhaustive // covers ec cases - case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1: - return elliptic.P256(), nil - case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1: - return elliptic.P384(), nil - case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1: - return elliptic.P521(), nil - default: - return nil, ErrUnsupportedCurve - } -} - -// Verify the key matches the algorithm -func verifyKeyAlg(key string, alg policy.KasPublicKeyAlgEnum) error { - block, _ := pem.Decode([]byte(key)) - if block == nil { - return ErrFailedToDecodePEM - } - pubKey, err := x509.ParsePKIXPublicKey(block.Bytes) - if err != nil { - return ErrFailedToParsePublicKey - } - - switch alg { //nolint:exhaustive // covers all cases - case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048, - policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096: - - rsaKey, ok := pubKey.(*rsa.PublicKey) - if !ok { - return ErrKeyAlgMismatch - } - - expectedSize := 0 - switch alg { //nolint:exhaustive // only covers rsa - case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048: - expectedSize = 256 // 2048 bits - case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096: - expectedSize = 512 // 4096 bits - } - - if rsaKey.Size() != expectedSize { // 2048 bits = 256 bytes - return ErrInvalidRSAKeySize - } - case policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1, - policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1, - policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1: - - ecKey, ok := pubKey.(*ecdsa.PublicKey) - if !ok { - return ErrKeyAlgMismatch - } - - expectedCurve, err := getCurveFromAlg(alg) - if err != nil { - return err - } - - if ecKey.Curve != expectedCurve { - return ErrInvalidECKeyCurve - } - default: - return ErrUnsupportedKeyAlg - } - return nil -} - -func (s KeyAccessServerRegistry) GetPublicKey(ctx context.Context, req *connect.Request[kasr.GetPublicKeyRequest]) (*connect.Response[kasr.GetPublicKeyResponse], error) { - resp, err := s.dbClient.GetPublicKey(ctx, req.Msg) - if err != nil { - return nil, db.StatusifyError(err, db.ErrTextGetRetrievalFailed) - } - - return connect.NewResponse(resp), nil -} - -func (s KeyAccessServerRegistry) ListPublicKeys(ctx context.Context, req *connect.Request[kasr.ListPublicKeysRequest]) (*connect.Response[kasr.ListPublicKeysResponse], error) { - resp, err := s.dbClient.ListPublicKeys(ctx, req.Msg) - if err != nil { - return nil, db.StatusifyError(err, db.ErrTextListRetrievalFailed) - } - return connect.NewResponse(resp), nil -} - -func (s KeyAccessServerRegistry) ListPublicKeyMapping(ctx context.Context, req *connect.Request[kasr.ListPublicKeyMappingRequest]) (*connect.Response[kasr.ListPublicKeyMappingResponse], error) { - resp, err := s.dbClient.ListPublicKeyMappings(ctx, req.Msg) - if err != nil { - return nil, db.StatusifyError(err, db.ErrTextListRetrievalFailed) - } - return connect.NewResponse(resp), nil -} - -func (s KeyAccessServerRegistry) UpdatePublicKey(ctx context.Context, req *connect.Request[kasr.UpdatePublicKeyRequest]) (*connect.Response[kasr.UpdatePublicKeyResponse], error) { - auditParams := audit.PolicyEventParams{ - ActionType: audit.ActionTypeUpdate, - ObjectType: audit.ObjectTypePublicKey, - ObjectID: req.Msg.GetId(), - } - - original, err := s.dbClient.GetPublicKey(ctx, &kasr.GetPublicKeyRequest{ - Identifier: &kasr.GetPublicKeyRequest_Id{ - Id: req.Msg.GetId(), - }, - }) - if err != nil { - s.logger.Audit.PolicyCRUDFailure(ctx, auditParams) - return nil, db.StatusifyError(err, db.ErrTextGetRetrievalFailed) - } - - resp, err := s.dbClient.UpdatePublicKey(ctx, req.Msg) - if err != nil { - s.logger.Audit.PolicyCRUDFailure(ctx, auditParams) - return nil, db.StatusifyError(err, db.ErrTextUpdateFailed) - } - - auditParams.Original = original - auditParams.Updated = resp.GetKey() - s.logger.Audit.PolicyCRUDSuccess(ctx, auditParams) - - return connect.NewResponse(resp), nil -} - -func (s KeyAccessServerRegistry) DeactivatePublicKey(ctx context.Context, req *connect.Request[kasr.DeactivatePublicKeyRequest]) (*connect.Response[kasr.DeactivatePublicKeyResponse], error) { - auditParams := audit.PolicyEventParams{ - ActionType: audit.ActionTypeUpdate, - ObjectType: audit.ObjectTypePublicKey, - ObjectID: req.Msg.GetId(), - } - - resp, err := s.dbClient.DeactivatePublicKey(ctx, req.Msg) - if err != nil { - s.logger.Audit.PolicyCRUDFailure(ctx, auditParams) - return nil, db.StatusifyError(err, db.ErrTextDeletionFailed) - } - s.logger.Audit.PolicyCRUDSuccess(ctx, auditParams) - return connect.NewResponse(resp), nil -} - -func (s KeyAccessServerRegistry) ActivatePublicKey(ctx context.Context, req *connect.Request[kasr.ActivatePublicKeyRequest]) (*connect.Response[kasr.ActivatePublicKeyResponse], error) { - auditParams := audit.PolicyEventParams{ - ActionType: audit.ActionTypeUpdate, - ObjectType: audit.ObjectTypePublicKey, - ObjectID: req.Msg.GetId(), - } - - resp, err := s.dbClient.ActivatePublicKey(ctx, req.Msg) - if err != nil { - s.logger.Audit.PolicyCRUDFailure(ctx, auditParams) - return nil, db.StatusifyError(err, db.ErrTextUpdateFailed) - } - s.logger.Audit.PolicyCRUDSuccess(ctx, auditParams) - return connect.NewResponse(resp), nil -} diff --git a/service/policy/kasregistry/key_access_server_registry.proto b/service/policy/kasregistry/key_access_server_registry.proto index e1a1bef3e6..f61ab3f8ba 100644 --- a/service/policy/kasregistry/key_access_server_registry.proto +++ b/service/policy/kasregistry/key_access_server_registry.proto @@ -11,14 +11,14 @@ import "policy/selectors.proto"; message GetKeyAccessServerRequest { // Temporary message level validation until we remove the deprecated id field option (buf.validate.message).cel = { - id: "exclusive_fields", - expression: "!(has(this.id) && (has(this.kas_id) || has(this.uri) || has(this.name)))", + id: "exclusive_fields" + expression: "!(has(this.id) && (has(this.kas_id) || has(this.uri) || has(this.name)))" message: "Either use deprecated 'id' field or one of 'kas_id' or 'uri', but not both" }; option (buf.validate.message).cel = { - id: "required_fields", - expression: "has(this.id) || has(this.kas_id) || has(this.uri) || has(this.name)", + id: "required_fields" + expression: "has(this.id) || has(this.kas_id) || has(this.uri) || has(this.name)" message: "Either id or one of kas_id or uri must be set" }; @@ -26,26 +26,22 @@ message GetKeyAccessServerRequest { string id = 1 [ deprecated = true, (buf.validate.field).ignore = IGNORE_IF_DEFAULT_VALUE, - (buf.validate.field).string.uuid= true - ];; + (buf.validate.field).string.uuid = true + ]; oneof identifier { // option (buf.validate.oneof).required = true; // TODO: enable this when we remove the deprecated field - string kas_id = 2 [ - (buf.validate.field).string.uuid = true - ]; - string name = 3 [ - (buf.validate.field).string.min_len = 1 - ]; - string uri = 4 [ - (buf.validate.field).string = { - min_len : 1 - uri : true - } - ]; + string kas_id = 2 [(buf.validate.field).string.uuid = true]; + string name = 3 [(buf.validate.field).string.min_len = 1]; + string uri = 4 [(buf.validate.field).string = { + min_len: 1 + uri: true + }]; } } -message GetKeyAccessServerResponse { KeyAccessServer key_access_server = 1; } +message GetKeyAccessServerResponse { + KeyAccessServer key_access_server = 1; +} message ListKeyAccessServersRequest { // Optional @@ -62,50 +58,56 @@ message ListKeyAccessServersResponse { message CreateKeyAccessServerRequest { // Required - string uri = 1 [ (buf.validate.field).cel = { - id : "uri_format", - message : "URI must be a valid URL (e.g., 'https://demo.com/') followed by " - "additional segments. Each segment must start and end with an " - "alphanumeric character, can contain hyphens, alphanumeric " - "characters, and slashes.", - expression : "this.isUri()" - } ]; + string uri = 1 [(buf.validate.field).cel = { + id: "uri_format" + message: + "URI must be a valid URL (e.g., 'https://demo.com/') followed by " + "additional segments. Each segment must start and end with an " + "alphanumeric character, can contain hyphens, alphanumeric " + "characters, and slashes." + expression: "this.isUri()" + }]; // Required - PublicKey public_key = 2 [ (buf.validate.field).required = true ]; + PublicKey public_key = 2 [(buf.validate.field).required = true]; // Optional string name = 20 [ (buf.validate.field).required = false, (buf.validate.field).string.max_len = 253, (buf.validate.field).cel = { - id : "kas_name_format", - message : "Registered KAS name must be an alphanumeric string, allowing " - "hyphens, and underscores but not as the first or last " - "character. The stored KAS name will be normalized to lower " - "case.", - expression : "size(this) > 0 ? " - "this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$')" - " : true" + id: "kas_name_format" + message: + "Registered KAS name must be an alphanumeric string, allowing " + "hyphens, and underscores but not as the first or last " + "character. The stored KAS name will be normalized to lower " + "case." + expression: + "size(this) > 0 ? " + "this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$')" + " : true" } ]; // Common metadata common.MetadataMutable metadata = 100; } -message CreateKeyAccessServerResponse { KeyAccessServer key_access_server = 1; } +message CreateKeyAccessServerResponse { + KeyAccessServer key_access_server = 1; +} message UpdateKeyAccessServerRequest { // Required - string id = 1 [ (buf.validate.field).string.uuid = true ]; + string id = 1 [(buf.validate.field).string.uuid = true]; // Optional - string uri = 2 [ (buf.validate.field).cel = { - id : "optional_uri_format", - message : "Optional URI must be a valid URL (e.g., 'https://demo.com/') " - "followed by additional segments. Each segment must start and " - "end with an alphanumeric character, can contain hyphens, " - "alphanumeric characters, and slashes.", - expression : "size(this) == 0 || this.isUri()", - } ]; + string uri = 2 [(buf.validate.field).cel = { + id: "optional_uri_format" + message: + "Optional URI must be a valid URL (e.g., 'https://demo.com/') " + "followed by additional segments. Each segment must start and " + "end with an alphanumeric character, can contain hyphens, " + "alphanumeric characters, and slashes." + expression: "size(this) == 0 || this.isUri()" + }]; // Optional PublicKey public_key = 3; // Optional @@ -113,13 +115,15 @@ message UpdateKeyAccessServerRequest { (buf.validate.field).required = false, (buf.validate.field).string.max_len = 253, (buf.validate.field).cel = { - id : "kas_name_format", - message : "Registered KAS name must be an alphanumeric string, allowing " - "hyphens, and underscores but not as the first or last " - "character. The stored KAS name will be normalized to lower " - "case.", - expression : "size(this) == 0 || " - "this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$')" + id: "kas_name_format" + message: + "Registered KAS name must be an alphanumeric string, allowing " + "hyphens, and underscores but not as the first or last " + "character. The stored KAS name will be normalized to lower " + "case." + expression: + "size(this) == 0 || " + "this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$')" } ]; @@ -128,13 +132,17 @@ message UpdateKeyAccessServerRequest { common.MetadataMutable metadata = 100; common.MetadataUpdateEnum metadata_update_behavior = 101; } -message UpdateKeyAccessServerResponse { KeyAccessServer key_access_server = 1; } +message UpdateKeyAccessServerResponse { + KeyAccessServer key_access_server = 1; +} message DeleteKeyAccessServerRequest { // Required - string id = 1 [ (buf.validate.field).string.uuid = true ]; + string id = 1 [(buf.validate.field).string.uuid = true]; +} +message DeleteKeyAccessServerResponse { + KeyAccessServer key_access_server = 1; } -message DeleteKeyAccessServerResponse { KeyAccessServer key_access_server = 1; } // Can be namespace, attribute definition, or value message GrantedPolicyObject { @@ -151,59 +159,53 @@ message KeyAccessServerGrants { } /* - KEY MANAGEMENT + KEY MANAGEMENT */ message CreatePublicKeyRequest { // Required - string kas_id = 1 [ (buf.validate.field).string.uuid = true ]; + string kas_id = 1 [(buf.validate.field).string.uuid = true]; // Required - KasPublicKey key = 2 [ - (buf.validate.field).required = true - ]; + KasPublicKey key = 2 [(buf.validate.field).required = true]; - // Common metadata + // Common metadata common.MetadataMutable metadata = 100; } -message CreatePublicKeyResponse { Key key = 1; } +message CreatePublicKeyResponse { + Key key = 1; +} -message GetPublicKeyRequest { +message GetPublicKeyRequest { oneof identifier { - string id = 1 [ - (buf.validate.field).string.uuid = true - ]; + string id = 1 [(buf.validate.field).string.uuid = true]; } } -message GetPublicKeyResponse { Key key = 1; } +message GetPublicKeyResponse { + Key key = 1; +} message ListPublicKeysRequest { oneof kas_filter { // Optional - string kas_id = 1 [ - (buf.validate.field).string.uuid = true - ]; + string kas_id = 1 [(buf.validate.field).string.uuid = true]; // Optional - string kas_name = 2 [ - (buf.validate.field).string.min_len = 1 - ]; + string kas_name = 2 [(buf.validate.field).string.min_len = 1]; // Optional - string kas_uri = 3 [ - (buf.validate.field).string = { - min_len : 1 - uri : true - } - ]; + string kas_uri = 3 [(buf.validate.field).string = { + min_len: 1 + uri: true + }]; } // Optional policy.PageRequest pagination = 10; } -message ListPublicKeysResponse { - repeated Key keys = 1; +message ListPublicKeysResponse { + repeated Key keys = 1; policy.PageResponse pagination = 10; } @@ -211,20 +213,14 @@ message ListPublicKeysResponse { message ListPublicKeyMappingRequest { oneof kas_filter { // Optional - string kas_id = 1 [ - (buf.validate.field).string.uuid = true - ]; + string kas_id = 1 [(buf.validate.field).string.uuid = true]; // Optional - string kas_name = 2 [ - (buf.validate.field).string.min_len = 1 - ]; + string kas_name = 2 [(buf.validate.field).string.min_len = 1]; // Optional - string kas_uri = 3 [ - (buf.validate.field).string = { - min_len : 1 - uri : true - } - ]; + string kas_uri = 3 [(buf.validate.field).string = { + min_len: 1 + uri: true + }]; } // Optional Public Key ID @@ -232,7 +228,7 @@ message ListPublicKeyMappingRequest { (buf.validate.field).string.uuid = true, (buf.validate.field).ignore = IGNORE_IF_DEFAULT_VALUE ]; - + // Optional policy.PageRequest pagination = 10; } @@ -249,7 +245,6 @@ message ListPublicKeyMappingResponse { repeated Association values = 6; repeated Association definitions = 7; repeated Association namespaces = 8; - } message Association { string id = 1; @@ -257,15 +252,13 @@ message ListPublicKeyMappingResponse { } repeated PublicKeyMapping public_key_mappings = 1; - + policy.PageResponse pagination = 10; } message UpdatePublicKeyRequest { // Required - string id = 1 [ - (buf.validate.field).string.uuid = true - ]; + string id = 1 [(buf.validate.field).string.uuid = true]; // Optional // Common metadata @@ -273,23 +266,25 @@ message UpdatePublicKeyRequest { common.MetadataUpdateEnum metadata_update_behavior = 101; } -message UpdatePublicKeyResponse { Key key = 1;} +message UpdatePublicKeyResponse { + Key key = 1; +} -message DeactivatePublicKeyRequest { - string id = 1 [ - (buf.validate.field).string.uuid = true - ]; +message DeactivatePublicKeyRequest { + string id = 1 [(buf.validate.field).string.uuid = true]; } -message DeactivatePublicKeyResponse { Key key = 1; } +message DeactivatePublicKeyResponse { + Key key = 1; +} -message ActivatePublicKeyRequest { - string id = 1 [ - (buf.validate.field).string.uuid = true - ]; +message ActivatePublicKeyRequest { + string id = 1 [(buf.validate.field).string.uuid = true]; } -message ActivatePublicKeyResponse { Key key = 1; } +message ActivatePublicKeyResponse { + Key key = 1; +} // Deprecated in favor of ListPublicKeyMapping // TODO: optional validation below should be through a custom validator, which @@ -304,25 +299,27 @@ message ListKeyAccessServerGrantsRequest { // Filter LIST by ID of a registered Key Access Server. // If neither is provided, grants from all registered KASs to policy attribute // objects are returned. - string kas_id = 1 [ (buf.validate.field).cel = { - id : "optional_uuid_format", - message : "Optional field must be a valid UUID", - expression : "size(this) == 0 || " - "this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[" - "0-9a-fA-F]{4}-[0-9a-fA-F]{12}')" - } ]; + string kas_id = 1 [(buf.validate.field).cel = { + id: "optional_uuid_format" + message: "Optional field must be a valid UUID" + expression: + "size(this) == 0 || " + "this.matches('[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[" + "0-9a-fA-F]{4}-[0-9a-fA-F]{12}')" + }]; // Optional // Filter LIST by URI of a registered Key Access Server. // If none is provided, grants from all registered KASs to policy attribute // objects are returned. - string kas_uri = 2 [ (buf.validate.field).cel = { - id : "optional_uri_format", - message : "Optional URI must be a valid URL (e.g., 'https://demo.com/') " - "followed by additional segments. Each segment must start and " - "end with an alphanumeric character, can contain hyphens, " - "alphanumeric characters, and slashes.", - expression : "size(this) == 0 || this.isUri()" - } ]; + string kas_uri = 2 [(buf.validate.field).cel = { + id: "optional_uri_format" + message: + "Optional URI must be a valid URL (e.g., 'https://demo.com/') " + "followed by additional segments. Each segment must start and " + "end with an alphanumeric character, can contain hyphens, " + "alphanumeric characters, and slashes." + expression: "size(this) == 0 || this.isUri()" + }]; // Optional // Filter LIST by name of a registered Key Access Server. // If none are provided, grants from all registered KASs to policy attribute @@ -331,13 +328,15 @@ message ListKeyAccessServerGrantsRequest { (buf.validate.field).required = false, (buf.validate.field).string.max_len = 253, (buf.validate.field).cel = { - id : "kas_name_format", - message : "Registered KAS name must be an alphanumeric string, allowing " - "hyphens, and underscores but not as the first or last " - "character. The stored KAS name will be normalized to lower " - "case.", - expression : "size(this) == 0 || " - "this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$')" + id: "kas_name_format" + message: + "Registered KAS name must be an alphanumeric string, allowing " + "hyphens, and underscores but not as the first or last " + "character. The stored KAS name will be normalized to lower " + "case." + expression: + "size(this) == 0 || " + "this.matches('^[a-zA-Z0-9](?:[a-zA-Z0-9_-]*[a-zA-Z0-9])?$')" } ]; @@ -353,66 +352,37 @@ message ListKeyAccessServerGrantsResponse { } service KeyAccessServerRegistryService { - rpc ListKeyAccessServers(ListKeyAccessServersRequest) - returns (ListKeyAccessServersResponse) { - option (google.api.http) = { - get : "/key-access-servers" - }; + rpc ListKeyAccessServers(ListKeyAccessServersRequest) returns (ListKeyAccessServersResponse) { + option (google.api.http) = {get: "/key-access-servers"}; option idempotency_level = NO_SIDE_EFFECTS; } - rpc GetKeyAccessServer(GetKeyAccessServerRequest) - returns (GetKeyAccessServerResponse) { - option (google.api.http) = { - get : "/key-access-servers/{id}" - }; + rpc GetKeyAccessServer(GetKeyAccessServerRequest) returns (GetKeyAccessServerResponse) { + option (google.api.http) = {get: "/key-access-servers/{id}"}; option idempotency_level = NO_SIDE_EFFECTS; } - rpc CreateKeyAccessServer(CreateKeyAccessServerRequest) - returns (CreateKeyAccessServerResponse) { + rpc CreateKeyAccessServer(CreateKeyAccessServerRequest) returns (CreateKeyAccessServerResponse) { option (google.api.http) = { - post : "/key-access-servers" - body : "*" + post: "/key-access-servers" + body: "*" }; } - rpc UpdateKeyAccessServer(UpdateKeyAccessServerRequest) - returns (UpdateKeyAccessServerResponse) { + rpc UpdateKeyAccessServer(UpdateKeyAccessServerRequest) returns (UpdateKeyAccessServerResponse) { option (google.api.http) = { - patch : "/key-access-servers/{id}" - body : "*" + patch: "/key-access-servers/{id}" + body: "*" }; } - rpc DeleteKeyAccessServer(DeleteKeyAccessServerRequest) - returns (DeleteKeyAccessServerResponse) { - option (google.api.http) = { - delete : "/key-access-servers/{id}" - }; + rpc DeleteKeyAccessServer(DeleteKeyAccessServerRequest) returns (DeleteKeyAccessServerResponse) { + option (google.api.http) = {delete: "/key-access-servers/{id}"}; } // Deprecated - rpc ListKeyAccessServerGrants(ListKeyAccessServerGrantsRequest) - returns (ListKeyAccessServerGrantsResponse) { - option (google.api.http) = { - get : "/key-access-servers/grants" - }; + rpc ListKeyAccessServerGrants(ListKeyAccessServerGrantsRequest) returns (ListKeyAccessServerGrantsResponse) { + option (google.api.http) = {get: "/key-access-servers/grants"}; option idempotency_level = NO_SIDE_EFFECTS; } - - rpc CreatePublicKey(CreatePublicKeyRequest) returns (CreatePublicKeyResponse) {} - - rpc GetPublicKey(GetPublicKeyRequest) returns (GetPublicKeyResponse) {} - - rpc ListPublicKeys(ListPublicKeysRequest) returns (ListPublicKeysResponse) {} - - rpc ListPublicKeyMapping(ListPublicKeyMappingRequest) returns (ListPublicKeyMappingResponse) {} - - rpc UpdatePublicKey(UpdatePublicKeyRequest) returns (UpdatePublicKeyResponse) {} - - rpc DeactivatePublicKey(DeactivatePublicKeyRequest) returns (DeactivatePublicKeyResponse) {} - - rpc ActivatePublicKey(ActivatePublicKeyRequest) returns (ActivatePublicKeyResponse) {} - } diff --git a/service/policy/kasregistry/key_access_server_registry_test.go b/service/policy/kasregistry/key_access_server_registry_test.go index 0a4f7b4ef7..602cfb9abc 100644 --- a/service/policy/kasregistry/key_access_server_registry_test.go +++ b/service/policy/kasregistry/key_access_server_registry_test.go @@ -595,142 +595,6 @@ func Test_UpdateKeyAccessServer_ShouldRequireID(t *testing.T) { require.Error(t, err, "ID should be required") } -func Test_Verify_Public_Keys(t *testing.T) { - keys := []struct { - key string - kid string - alg policy.KasPublicKeyAlgEnum - expectedErr error - description string - name string - }{ - { - key: "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsdI4JGPwMm4od4yxKiKZKq+d+AQQ\ntaDueUULEOdYQxL0IGmWRYGvyQ7nB+gZuB0DxbVjzZttqYIOIVYPfUV94g==\n-----END PUBLIC KEY-----\n", - kid: "ec256", - alg: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1, - expectedErr: nil, - description: "EC256 Key and Alg match", - name: "ec256", - }, - { - key: "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsdI4JGPwMm4od4yxKiKZKq+d+AQQ\ntaDueUULEOdYQxL0IGmWRYGvyQ7nB+gZuB0DxbVjzZttqYIOIVYPfUV94g==\n-----END PUBLIC KEY-----\n", - kid: "ec256-bad", - alg: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1, - expectedErr: ErrInvalidECKeyCurve, - description: "EC256 Curve mismatch", - name: "bad ec256", - }, - { - key: "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEsdI4JGPwMm4od4yxKiKZKq+d+AQQ\ntaDueUULEOdYQxL0IGmWRYGvyQ7nB+gZuB0DxbVjzZttqYIOIVYPfUV94g==\n-----END PUBLIC KEY-----\n", - kid: "ec256-bad-rsa", - alg: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048, - expectedErr: ErrKeyAlgMismatch, - description: "EC256 Key Submitted as RSA", - name: "bad ec256 rsa", - }, - { - key: "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEsNHDYFiXZ4rppZ3A2f02mCSZAFR9NyHx\nz/68UxN+yuQuVKzxk8GdS7ty0+zhGRUbw2WZQk9Pehrp9eA56j1MN5c9gQiIm0PF\nHxQD4Fl2ipIA2KS3j/wIp/Ue96HzQGcX\n-----END PUBLIC KEY-----\n", - kid: "ec384", - alg: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP384R1, - expectedErr: nil, - description: "EC384 Key and Alg match", - name: "ec384", - }, - { - key: "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEsNHDYFiXZ4rppZ3A2f02mCSZAFR9NyHx\nz/68UxN+yuQuVKzxk8GdS7ty0+zhGRUbw2WZQk9Pehrp9eA56j1MN5c9gQiIm0PF\nHxQD4Fl2ipIA2KS3j/wIp/Ue96HzQGcX\n-----END PUBLIC KEY-----\n", - kid: "ec384-bad", - alg: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1, - expectedErr: ErrInvalidECKeyCurve, - description: "EC384 Key and Alg mismatch", - name: "bad ec384", - }, - { - key: "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEsNHDYFiXZ4rppZ3A2f02mCSZAFR9NyHx\nz/68UxN+yuQuVKzxk8GdS7ty0+zhGRUbw2WZQk9Pehrp9eA56j1MN5c9gQiIm0PF\nHxQD4Fl2ipIA2KS3j/wIp/Ue96HzQGcX\n-----END PUBLIC KEY-----\n", - kid: "ec384-bad-rsa", - alg: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048, - expectedErr: ErrKeyAlgMismatch, - description: "EC384 Key Submitted as RSA", - name: "bad ec384 rsa", - }, - { - key: "-----BEGIN PUBLIC KEY-----\nMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAGvC9aOQpUifTgBQ+aSFm1fn2m5Fb\nOv5Xc+qrT1LcHlX2vYPVfKVsqkjb0dg6LrrKWB6+UuS44y0GDAMln1KPfnkBb2+b\n6gLkYlAUpLV7RtyzBSktmLOkViGauYlR+9gKT2B5+hiL8lsLeh7khj6XEL+CVVgS\nswYGVPb345XuIdrvhBs=\n-----END PUBLIC KEY-----\n", - kid: "ec", - alg: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP521R1, - expectedErr: nil, - description: "EC521 Key and Alg match", - name: "ec521", - }, - { - key: "-----BEGIN PUBLIC KEY-----\nMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAGvC9aOQpUifTgBQ+aSFm1fn2m5Fb\nOv5Xc+qrT1LcHlX2vYPVfKVsqkjb0dg6LrrKWB6+UuS44y0GDAMln1KPfnkBb2+b\n6gLkYlAUpLV7RtyzBSktmLOkViGauYlR+9gKT2B5+hiL8lsLeh7khj6XEL+CVVgS\nswYGVPb345XuIdrvhBs=\n-----END PUBLIC KEY-----\n", - kid: "ec521-bad", - alg: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1, - expectedErr: ErrInvalidECKeyCurve, - description: "EC384 Curve mismatch", - name: "bad ec521", - }, - { - key: "-----BEGIN PUBLIC KEY-----\nMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQAGvC9aOQpUifTgBQ+aSFm1fn2m5Fb\nOv5Xc+qrT1LcHlX2vYPVfKVsqkjb0dg6LrrKWB6+UuS44y0GDAMln1KPfnkBb2+b\n6gLkYlAUpLV7RtyzBSktmLOkViGauYlR+9gKT2B5+hiL8lsLeh7khj6XEL+CVVgS\nswYGVPb345XuIdrvhBs=\n-----END PUBLIC KEY-----\n", - kid: "ec521-bad-rsa", - alg: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048, - expectedErr: ErrKeyAlgMismatch, - description: "EC384 Key Submitted as RSA", - name: "bad ec521 rsa", - }, - { - key: "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTa+bW/aJRwmR2O6s2Op\nTobrMdMJE1NSnEF89C4+wn8R4bQ6uanY1Xd7/w3ffRoINqUDaL4PYgHuCInQB58d\nMbBE2qhDIoLdtr6XfThkLYarmjynkNRTN8d/UBu+85C7lMnjxxKxbhFEX/5Py43G\nvNontQhYaL4Ar8RfkXmXQjJIRZGJo1bvdXvhQeZtb4zckKwhS3xl3SV+gD1Tgujt\nO74cfkUZAzieED5aK4eZMCsF2kl47CdcoUvVsKWHGXRL9W/lb6HNE7Bx1Re12uma\nhX6wpexS7W1oW2LBeVdCi1Hb18W86Sud3Xw4ZDe0VlvmwUi3hwapJvpFyspI51Eb\nPwIDAQAB\n-----END PUBLIC KEY-----\n", - kid: "rsa2048", - alg: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048, - expectedErr: nil, - description: "RSA2048 Key and Alg match", - name: "rsa2048", - }, - { - key: "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTa+bW/aJRwmR2O6s2Op\nTobrMdMJE1NSnEF89C4+wn8R4bQ6uanY1Xd7/w3ffRoINqUDaL4PYgHuCInQB58d\nMbBE2qhDIoLdtr6XfThkLYarmjynkNRTN8d/UBu+85C7lMnjxxKxbhFEX/5Py43G\nvNontQhYaL4Ar8RfkXmXQjJIRZGJo1bvdXvhQeZtb4zckKwhS3xl3SV+gD1Tgujt\nO74cfkUZAzieED5aK4eZMCsF2kl47CdcoUvVsKWHGXRL9W/lb6HNE7Bx1Re12uma\nhX6wpexS7W1oW2LBeVdCi1Hb18W86Sud3Xw4ZDe0VlvmwUi3hwapJvpFyspI51Eb\nPwIDAQAB\n-----END PUBLIC KEY-----\n", - kid: "rsa2048-bad", - alg: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096, - expectedErr: ErrInvalidRSAKeySize, - description: "RSA2048 Key and Alg mismatch", - name: "bad rsa2048", - }, - { - key: "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTa+bW/aJRwmR2O6s2Op\nTobrMdMJE1NSnEF89C4+wn8R4bQ6uanY1Xd7/w3ffRoINqUDaL4PYgHuCInQB58d\nMbBE2qhDIoLdtr6XfThkLYarmjynkNRTN8d/UBu+85C7lMnjxxKxbhFEX/5Py43G\nvNontQhYaL4Ar8RfkXmXQjJIRZGJo1bvdXvhQeZtb4zckKwhS3xl3SV+gD1Tgujt\nO74cfkUZAzieED5aK4eZMCsF2kl47CdcoUvVsKWHGXRL9W/lb6HNE7Bx1Re12uma\nhX6wpexS7W1oW2LBeVdCi1Hb18W86Sud3Xw4ZDe0VlvmwUi3hwapJvpFyspI51Eb\nPwIDAQAB\n-----END PUBLIC KEY-----\n", - kid: "rsa2048-bad-ec", - alg: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1, - expectedErr: ErrKeyAlgMismatch, - description: "RSA2048 Key Submitted as EC", - name: "bad rsa2048 ec", - }, - { - key: "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkrbxePKjeQccK2dVr6BO\nKpqolI6w6pi2l6M++za6e1YCvgv8vM2T4qh6OjoWawAE5K4CkOOdOhVme39GbglL\neSF1i09oHYJIj94IdNgzWj8GL9NGrZZgQ8qNcW7mtyGRz62/j//dblu4RF4/qTOe\nrDtr5lL7+IfvVvbhzoPRRDfmqnlnSpbfddSsCoeZy9FS+J/hyVueF4dTWuILb/NF\nhawqAK33Eq8Mm7dhjZ1yffbgN6lS18LIuOMb2Q2M+DSm17yqQRr5ofiIs/IzDPFJ\nw1nyRRqGdlhng6tl02xahCbdlBKkeTxvGwupGdDq5vpcPDgQdYaR+G+dBmXGejtE\nirGbZkg0T77Cj9eMOisD/WUFeKCAej8I4IbGrkWQu3IsMqCn6mHAaDc6a6+WhRDr\nOuMns+LNpzrPxQ8GIWsD6R/xTqRzCIMu1nu9wWtl2bW4mFWiUHmTqseaQNwS2tWc\nh5IrrnN49yG25+dv/X0kq452mYmxMAJHMgG+T0N9Qsdd1xKmEoMHXcE5bMBpj4u/\n5LtCHsSeYco0IUV3MzZ6bIE4hSSbIsDNH8cNmGOBt1l9G63Dkjr4mfuIN/a7Z10q\ngVpzDW2hazOqWnunyLvOUpEuGwYgLdxG2DQt6dNSVY2g7IHgGCxfL/arBs+IIMka\ny3ZIHmrZC2Ym0+77srhrCLsCAwEAAQ==\n-----END PUBLIC KEY-----\n", - kid: "rsa4096", - alg: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_4096, - expectedErr: nil, - description: "RSA4096 Key and Alg match", - name: "rsa4096", - }, - { - key: "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkrbxePKjeQccK2dVr6BO\nKpqolI6w6pi2l6M++za6e1YCvgv8vM2T4qh6OjoWawAE5K4CkOOdOhVme39GbglL\neSF1i09oHYJIj94IdNgzWj8GL9NGrZZgQ8qNcW7mtyGRz62/j//dblu4RF4/qTOe\nrDtr5lL7+IfvVvbhzoPRRDfmqnlnSpbfddSsCoeZy9FS+J/hyVueF4dTWuILb/NF\nhawqAK33Eq8Mm7dhjZ1yffbgN6lS18LIuOMb2Q2M+DSm17yqQRr5ofiIs/IzDPFJ\nw1nyRRqGdlhng6tl02xahCbdlBKkeTxvGwupGdDq5vpcPDgQdYaR+G+dBmXGejtE\nirGbZkg0T77Cj9eMOisD/WUFeKCAej8I4IbGrkWQu3IsMqCn6mHAaDc6a6+WhRDr\nOuMns+LNpzrPxQ8GIWsD6R/xTqRzCIMu1nu9wWtl2bW4mFWiUHmTqseaQNwS2tWc\nh5IrrnN49yG25+dv/X0kq452mYmxMAJHMgG+T0N9Qsdd1xKmEoMHXcE5bMBpj4u/\n5LtCHsSeYco0IUV3MzZ6bIE4hSSbIsDNH8cNmGOBt1l9G63Dkjr4mfuIN/a7Z10q\ngVpzDW2hazOqWnunyLvOUpEuGwYgLdxG2DQt6dNSVY2g7IHgGCxfL/arBs+IIMka\ny3ZIHmrZC2Ym0+77srhrCLsCAwEAAQ==\n-----END PUBLIC KEY-----\n", - kid: "rsa4096-bad", - alg: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_RSA_2048, - expectedErr: ErrInvalidRSAKeySize, - description: "RSA4096 Key and Alg mismatch", - name: "bad rsa4096", - }, - { - key: "-----BEGIN PUBLIC KEY-----\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkrbxePKjeQccK2dVr6BO\nKpqolI6w6pi2l6M++za6e1YCvgv8vM2T4qh6OjoWawAE5K4CkOOdOhVme39GbglL\neSF1i09oHYJIj94IdNgzWj8GL9NGrZZgQ8qNcW7mtyGRz62/j//dblu4RF4/qTOe\nrDtr5lL7+IfvVvbhzoPRRDfmqnlnSpbfddSsCoeZy9FS+J/hyVueF4dTWuILb/NF\nhawqAK33Eq8Mm7dhjZ1yffbgN6lS18LIuOMb2Q2M+DSm17yqQRr5ofiIs/IzDPFJ\nw1nyRRqGdlhng6tl02xahCbdlBKkeTxvGwupGdDq5vpcPDgQdYaR+G+dBmXGejtE\nirGbZkg0T77Cj9eMOisD/WUFeKCAej8I4IbGrkWQu3IsMqCn6mHAaDc6a6+WhRDr\nOuMns+LNpzrPxQ8GIWsD6R/xTqRzCIMu1nu9wWtl2bW4mFWiUHmTqseaQNwS2tWc\nh5IrrnN49yG25+dv/X0kq452mYmxMAJHMgG+T0N9Qsdd1xKmEoMHXcE5bMBpj4u/\n5LtCHsSeYco0IUV3MzZ6bIE4hSSbIsDNH8cNmGOBt1l9G63Dkjr4mfuIN/a7Z10q\ngVpzDW2hazOqWnunyLvOUpEuGwYgLdxG2DQt6dNSVY2g7IHgGCxfL/arBs+IIMka\ny3ZIHmrZC2Ym0+77srhrCLsCAwEAAQ==\n-----END PUBLIC KEY-----\n", - kid: "rsa4096-bad-ec", - alg: policy.KasPublicKeyAlgEnum_KAS_PUBLIC_KEY_ALG_ENUM_EC_SECP256R1, - expectedErr: ErrKeyAlgMismatch, - description: "RSA4096 Key Submitted as EC", - name: "bad rsa4096 ec", - }, - } - for _, key := range keys { - err := verifyKeyAlg(key.key, key.alg) - require.Equal(t, key.expectedErr, err, key.description) - } -} - func Test_ListPublicKey_Validation(t *testing.T) { testCases := []struct { name string diff --git a/service/policy/namespaces/namespaces.go b/service/policy/namespaces/namespaces.go index 4fe43cacab..e857908efa 100644 --- a/service/policy/namespaces/namespaces.go +++ b/service/policy/namespaces/namespaces.go @@ -240,20 +240,10 @@ func (ns NamespacesService) RemoveKeyAccessServerFromNamespace(ctx context.Conte return connect.NewResponse(rsp), nil } -func (ns NamespacesService) AssignKeyToNamespace(ctx context.Context, req *connect.Request[namespaces.AssignKeyToNamespaceRequest]) (*connect.Response[namespaces.AssignKeyToNamespaceResponse], error) { - err := ns.dbClient.AssignPublicKeyToNamespace(ctx, req.Msg.GetNamespaceKey()) - if err != nil { - return nil, db.StatusifyError(err, db.ErrTextCreationFailed, slog.String("namespaceKey", req.Msg.GetNamespaceKey().String())) - } - return connect.NewResponse(&namespaces.AssignKeyToNamespaceResponse{}), nil +func (ns NamespacesService) AssignKeyToNamespace(context.Context, *connect.Request[namespaces.AssignKeyToNamespaceRequest]) (*connect.Response[namespaces.AssignKeyToNamespaceResponse], error) { + return nil, connect.NewError(connect.CodeUnimplemented, nil) } -func (ns NamespacesService) RemoveKeyFromNamespace(ctx context.Context, req *connect.Request[namespaces.RemoveKeyFromNamespaceRequest]) (*connect.Response[namespaces.RemoveKeyFromNamespaceResponse], error) { - k, err := ns.dbClient.RemovePublicKeyFromNamespace(ctx, req.Msg.GetNamespaceKey()) - if err != nil { - return nil, db.StatusifyError(err, db.ErrTextDeletionFailed, slog.String("namespaceKey", req.Msg.GetNamespaceKey().String())) - } - return connect.NewResponse(&namespaces.RemoveKeyFromNamespaceResponse{ - NamespaceKey: k, - }), nil +func (ns NamespacesService) RemoveKeyFromNamespace(context.Context, *connect.Request[namespaces.RemoveKeyFromNamespaceRequest]) (*connect.Response[namespaces.RemoveKeyFromNamespaceResponse], error) { + return nil, connect.NewError(connect.CodeUnimplemented, nil) }