ceph-csi/vendor/k8s.io/kms/apis/v2/api.proto

/*
Copyright 2022 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

// To regenerate api.pb.go run `hack/update-codegen.sh protobindings`
syntax = "proto3";

package v2;
option go_package = "k8s.io/kms/apis/v2";

// This service defines the public APIs for remote KMS provider.
service KeyManagementService {
    // this API is meant to be polled
    rpc Status(StatusRequest) returns (StatusResponse) {}

    // Execute decryption operation in KMS provider.
    rpc Decrypt(DecryptRequest) returns (DecryptResponse) {}
    // Execute encryption operation in KMS provider.
    rpc Encrypt(EncryptRequest) returns (EncryptResponse) {}
}

message StatusRequest {}

message StatusResponse {
    // Version of the KMS plugin API.  Must match the configured .resources[].providers[].kms.apiVersion
    string version = 1;
    // Any value other than "ok" is failing healthz.  On failure, the associated API server healthz endpoint will contain this value as part of the error message.
    string healthz = 2;
    // the current write key, used to determine staleness of data updated via value.Transformer.TransformFromStorage.
    string key_id = 3;
}

message DecryptRequest {
    // The data to be decrypted.
    bytes ciphertext = 1;
    // UID is a unique identifier for the request.
    string uid = 2;
    // The keyID that was provided to the apiserver during encryption.
    // This represents the KMS KEK that was used to encrypt the data.
    string key_id = 3;
    // Additional metadata that was sent by the KMS plugin during encryption.
    map<string, bytes> annotations = 4;
}

message DecryptResponse {
    // The decrypted data.
    bytes plaintext = 1;
}

message EncryptRequest {
    // The data to be encrypted.
    bytes plaintext = 1;
    // UID is a unique identifier for the request.
    string uid = 2;
}

message EncryptResponse {
    // The encrypted data.
    bytes ciphertext = 1;
    // The KMS key ID used to encrypt the data. This must always refer to the KMS KEK and not any local KEKs that may be in use.
    // This can be used to inform staleness of data updated via value.Transformer.TransformFromStorage.
    string key_id = 2;
    // Additional metadata to be stored with the encrypted data.
    // This data is stored in plaintext in etcd. KMS plugin implementations are responsible for pre-encrypting any sensitive data.
    map<string, bytes> annotations = 3;
}
rebase: bump k8s.io/kubernetes from 1.26.2 to 1.27.2 Bumps [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes) from 1.26.2 to 1.27.2. - [Release notes](https://github.com/kubernetes/kubernetes/releases) - [Commits](https://github.com/kubernetes/kubernetes/compare/v1.26.2...v1.27.2) --- updated-dependencies: - dependency-name: k8s.io/kubernetes dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2023-05-29 21:03:29 +00:00			`/*`
			`Copyright 2022 The Kubernetes Authors.`

			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

rebase: update all k8s packages to 0.27.2 Signed-off-by: Niels de Vos <ndevos@ibm.com> 2023-06-01 16:58:10 +00:00			// To regenerate api.pb.go run `hack/update-codegen.sh protobindings`
rebase: bump k8s.io/kubernetes from 1.26.2 to 1.27.2 Bumps [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes) from 1.26.2 to 1.27.2. - [Release notes](https://github.com/kubernetes/kubernetes/releases) - [Commits](https://github.com/kubernetes/kubernetes/compare/v1.26.2...v1.27.2) --- updated-dependencies: - dependency-name: k8s.io/kubernetes dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2023-05-29 21:03:29 +00:00			`syntax = "proto3";`

rebase: update all k8s packages to 0.27.2 Signed-off-by: Niels de Vos <ndevos@ibm.com> 2023-06-01 16:58:10 +00:00			`package v2;`
			`option go_package = "k8s.io/kms/apis/v2";`
rebase: bump k8s.io/kubernetes from 1.26.2 to 1.27.2 Bumps [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes) from 1.26.2 to 1.27.2. - [Release notes](https://github.com/kubernetes/kubernetes/releases) - [Commits](https://github.com/kubernetes/kubernetes/compare/v1.26.2...v1.27.2) --- updated-dependencies: - dependency-name: k8s.io/kubernetes dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> 2023-05-29 21:03:29 +00:00
			`// This service defines the public APIs for remote KMS provider.`
			`service KeyManagementService {`
			`// this API is meant to be polled`
			`rpc Status(StatusRequest) returns (StatusResponse) {}`

			`// Execute decryption operation in KMS provider.`
			`rpc Decrypt(DecryptRequest) returns (DecryptResponse) {}`
			`// Execute encryption operation in KMS provider.`
			`rpc Encrypt(EncryptRequest) returns (EncryptResponse) {}`
			`}`

			`message StatusRequest {}`

			`message StatusResponse {`
			`// Version of the KMS plugin API. Must match the configured .resources[].providers[].kms.apiVersion`
			`string version = 1;`
			`// Any value other than "ok" is failing healthz. On failure, the associated API server healthz endpoint will contain this value as part of the error message.`
			`string healthz = 2;`
			`// the current write key, used to determine staleness of data updated via value.Transformer.TransformFromStorage.`
			`string key_id = 3;`
			`}`

			`message DecryptRequest {`
			`// The data to be decrypted.`
			`bytes ciphertext = 1;`
			`// UID is a unique identifier for the request.`
			`string uid = 2;`
			`// The keyID that was provided to the apiserver during encryption.`
			`// This represents the KMS KEK that was used to encrypt the data.`
			`string key_id = 3;`
			`// Additional metadata that was sent by the KMS plugin during encryption.`
			`map<string, bytes> annotations = 4;`
			`}`

			`message DecryptResponse {`
			`// The decrypted data.`
			`bytes plaintext = 1;`
			`}`

			`message EncryptRequest {`
			`// The data to be encrypted.`
			`bytes plaintext = 1;`
			`// UID is a unique identifier for the request.`
			`string uid = 2;`
			`}`

			`message EncryptResponse {`
			`// The encrypted data.`
			`bytes ciphertext = 1;`
			`// The KMS key ID used to encrypt the data. This must always refer to the KMS KEK and not any local KEKs that may be in use.`
			`// This can be used to inform staleness of data updated via value.Transformer.TransformFromStorage.`
			`string key_id = 2;`
			`// Additional metadata to be stored with the encrypted data.`
			`// This data is stored in plaintext in etcd. KMS plugin implementations are responsible for pre-encrypting any sensitive data.`
			`map<string, bytes> annotations = 3;`
			`}`