diff --git a/bazel/ci/BUILD.bazel b/bazel/ci/BUILD.bazel index 1f1826b99..d7e2a121e 100644 --- a/bazel/ci/BUILD.bazel +++ b/bazel/ci/BUILD.bazel @@ -236,6 +236,27 @@ sh_template( template = "golangci.sh.in", ) +alias( + name = "com_github_bufbuild_buf", + actual = select({ + "@io_bazel_rules_go//go/platform:darwin_amd64": "@com_github_bufbuild_buf_darwin_amd64//:bin/buf", + "@io_bazel_rules_go//go/platform:darwin_arm64": "@com_github_bufbuild_buf_darwin_arm64//:bin/buf", + "@io_bazel_rules_go//go/platform:linux_amd64": "@com_github_bufbuild_buf_linux_amd64//:bin/buf", + "@io_bazel_rules_go//go/platform:linux_arm64": "@com_github_bufbuild_buf_linux_arm64//:bin/buf", + }), +) + +sh_template( + name = "buf_fmt", + data = [ + ":com_github_bufbuild_buf", + ], + substitutions = { + "@@BUF@@": "$(rootpath :com_github_bufbuild_buf)", + }, + template = "buf.sh.in", +) + multirun( name = "tidy", commands = [ @@ -246,6 +267,7 @@ multirun( ":gazelle_generate", ":buildifier_fix", ":terraform_fmt", + ":buf_fmt", ], jobs = 1, # execute sequentially visibility = ["//visibility:public"], diff --git a/bazel/ci/buf.sh.in b/bazel/ci/buf.sh.in new file mode 100644 index 000000000..89af1861b --- /dev/null +++ b/bazel/ci/buf.sh.in @@ -0,0 +1,25 @@ +#!/usr/bin/env bash + +lib=$(realpath @@BASE_LIB@@) || exit 1 +buf=$(realpath @@BUF@@) || exit 1 + +# shellcheck source=../sh/lib.bash +if ! source "${lib}"; then + echo "Error: could not find import" + exit 1 +fi + +cd "${BUILD_WORKSPACE_DIRECTORY}" || exit 1 + +readarray -t <<< "$(find "$(pwd)" -type f -name "*.proto")" +protos=("${MAPFILE[@]}") + +statuscode=0 + +echo "Formatting the following protobuf files with buf:" +for proto in "${protos[@]}"; do + echo " ${proto}" + ${buf} format -w "${proto}" || statuscode=$? +done + +exit "${statuscode}" diff --git a/bazel/toolchains/ci_deps.bzl b/bazel/toolchains/ci_deps.bzl index 95347d4d2..0e91ccbea 100644 --- a/bazel/toolchains/ci_deps.bzl +++ b/bazel/toolchains/ci_deps.bzl @@ -10,6 +10,7 @@ def ci_deps(): _gofumpt_deps() _tfsec_deps() _golangci_lint_deps() + _buf_deps() def _shellcheck_deps(): http_archive( @@ -213,3 +214,33 @@ def _golangci_lint_deps(): strip_prefix = "golangci-lint-1.51.2-darwin-arm64", sha256 = "36e69882205a0e42a63ad57ec3015639c11051e03f0beb9cf7949c6451408960", ) + +def _buf_deps(): + http_archive( + name = "com_github_bufbuild_buf_linux_amd64", + sha256 = "39b58126938e265a7dd60fc4716a4a43931896e62db3d69c704d7dd63d5889dd", + url = "https://github.com/bufbuild/buf/releases/download/v1.15.1/buf-Linux-x86_64.tar.gz", + strip_prefix = "buf", + build_file_content = """exports_files(["bin/buf"], visibility = ["//visibility:public"])""", + ) + http_archive( + name = "com_github_bufbuild_buf_linux_aarch64", + sha256 = "6c1e7258b79273c60085df8825a52a5ee306530e7327942c91ec84545cd2d40a", + url = "https://github.com/bufbuild/buf/releases/download/v1.15.1/buf-Linux-aarch64.tar.gz", + strip_prefix = "buf", + build_file_content = """exports_files(["bin/buf"], visibility = ["//visibility:public"])""", + ) + http_archive( + name = "com_github_bufbuild_buf_darwin_amd64", + sha256 = "6c1e7258b79273c60085df8825a52a5ee306530e7327942c91ec84545cd2d40a", + url = "https://github.com/bufbuild/buf/releases/download/v1.15.1/buf-Darwin-x86_64.tar.gz", + strip_prefix = "buf", + build_file_content = """exports_files(["bin/buf"], visibility = ["//visibility:public"])""", + ) + http_archive( + name = "com_github_bufbuild_buf_darwin_arm64", + sha256 = "6c1e7258b79273c60085df8825a52a5ee306530e7327942c91ec84545cd2d40a", + url = "https://github.com/bufbuild/buf/releases/download/v1.15.1/buf-Darwin-arm64.tar.gz", + strip_prefix = "buf", + build_file_content = """exports_files(["bin/buf"], visibility = ["//visibility:public"])""", + ) diff --git a/debugd/service/debugd.proto b/debugd/service/debugd.proto index 7cc9b1635..db9c3b896 100644 --- a/debugd/service/debugd.proto +++ b/debugd/service/debugd.proto @@ -1,87 +1,87 @@ syntax = "proto3"; -option go_package = "github.com/edgelesssys/constellation/v2/debugd/service"; - package debugd; +option go_package = "github.com/edgelesssys/constellation/v2/debugd/service"; + service Debugd { - rpc SetInfo (SetInfoRequest) returns (SetInfoResponse) {} - rpc GetInfo (GetInfoRequest) returns (GetInfoResponse) {} - rpc UploadFiles(stream FileTransferMessage) returns (UploadFilesResponse) {} - rpc DownloadFiles(DownloadFilesRequest) returns (stream FileTransferMessage) {} - rpc UploadSystemServiceUnits(UploadSystemdServiceUnitsRequest) returns (UploadSystemdServiceUnitsResponse) {} + rpc SetInfo(SetInfoRequest) returns (SetInfoResponse) {} + rpc GetInfo(GetInfoRequest) returns (GetInfoResponse) {} + rpc UploadFiles(stream FileTransferMessage) returns (UploadFilesResponse) {} + rpc DownloadFiles(DownloadFilesRequest) returns (stream FileTransferMessage) {} + rpc UploadSystemServiceUnits(UploadSystemdServiceUnitsRequest) returns (UploadSystemdServiceUnitsResponse) {} } message SetInfoRequest { - repeated Info info = 1; + repeated Info info = 1; } message SetInfoResponse { - SetInfoStatus status = 1; + SetInfoStatus status = 1; } enum SetInfoStatus { - SET_INFO_SUCCESS = 0; - SET_INFO_ALREADY_SET = 1; + SET_INFO_SUCCESS = 0; + SET_INFO_ALREADY_SET = 1; } message GetInfoRequest {} message GetInfoResponse { - repeated Info info = 1; + repeated Info info = 1; } message Info { - string key = 1; - string value = 2; + string key = 1; + string value = 2; } message DownloadFilesRequest {} message FileTransferMessage { - oneof kind { - FileTransferHeader header = 1; // start of transfer - Chunk chunk = 2; // file content as chunks - } + oneof kind { + FileTransferHeader header = 1; // start of transfer + Chunk chunk = 2; // file content as chunks + } } message FileTransferHeader { - string targetPath = 1; - uint32 mode = 3; - optional string overrideServiceUnit = 4; + string targetPath = 1; + uint32 mode = 3; + optional string overrideServiceUnit = 4; } message Chunk { - bytes content = 1; - bool last = 2; + bytes content = 1; + bool last = 2; } message UploadFilesResponse { - UploadFilesStatus status = 1; + UploadFilesStatus status = 1; } enum UploadFilesStatus { - UPLOAD_FILES_SUCCESS = 0; - UPLOAD_FILES_UPLOAD_FAILED = 1; - UPLOAD_FILES_ALREADY_STARTED = 2; - UPLOAD_FILES_ALREADY_FINISHED = 3; - UPLOAD_FILES_START_FAILED = 4; + UPLOAD_FILES_SUCCESS = 0; + UPLOAD_FILES_UPLOAD_FAILED = 1; + UPLOAD_FILES_ALREADY_STARTED = 2; + UPLOAD_FILES_ALREADY_FINISHED = 3; + UPLOAD_FILES_START_FAILED = 4; } message ServiceUnit { - string name = 1; - string contents = 2; + string name = 1; + string contents = 2; } message UploadSystemdServiceUnitsRequest { - repeated ServiceUnit units = 1; + repeated ServiceUnit units = 1; } message UploadSystemdServiceUnitsResponse { - UploadSystemdServiceUnitsStatus status = 1; + UploadSystemdServiceUnitsStatus status = 1; } enum UploadSystemdServiceUnitsStatus { - UPLOAD_SYSTEMD_SERVICE_UNITS_SUCCESS = 0; - UPLOAD_SYSTEMD_SERVICE_UNITS_FAILURE = 1; + UPLOAD_SYSTEMD_SERVICE_UNITS_SUCCESS = 0; + UPLOAD_SYSTEMD_SERVICE_UNITS_FAILURE = 1; } diff --git a/disk-mapper/recoverproto/recover.proto b/disk-mapper/recoverproto/recover.proto index b84dbc4e5..3ab6cc1d8 100644 --- a/disk-mapper/recoverproto/recover.proto +++ b/disk-mapper/recoverproto/recover.proto @@ -5,19 +5,19 @@ package recoverproto; option go_package = "github.com/edgelesssys/constellation/v2/disk-mapper/recoverproto"; service API { - // Recover sends the necessary information to the recoveryserver to initiate recovery of a node. - rpc Recover(RecoverMessage) returns (RecoverResponse) {} + // Recover sends the necessary information to the recoveryserver to initiate recovery of a node. + rpc Recover(RecoverMessage) returns (RecoverResponse) {} } message RecoverMessage { - // bytes state_disk_key = 1; removed - // bytes measurement_secret = 2; removed - // kms_uri is the URI of the KMS the recoveryserver should use to decrypt DEKs. - string kms_uri = 3; - // storage_uri is the URI of the storage location the recoveryserver should use to fetch DEKs. - string storage_uri = 4; + // bytes state_disk_key = 1; removed + // bytes measurement_secret = 2; removed + // kms_uri is the URI of the KMS the recoveryserver should use to decrypt DEKs. + string kms_uri = 3; + // storage_uri is the URI of the storage location the recoveryserver should use to fetch DEKs. + string storage_uri = 4; } message RecoverResponse { - // string disk_uuid = 1; removed + // string disk_uuid = 1; removed } diff --git a/joinservice/joinproto/join.proto b/joinservice/joinproto/join.proto index bb6c8609c..9328fd912 100644 --- a/joinservice/joinproto/join.proto +++ b/joinservice/joinproto/join.proto @@ -5,75 +5,74 @@ package join; option go_package = "github.com/edgelesssys/constellation/v2/joinservice/joinproto"; service API { - // IssueJoinTicket issues a join ticket for a new node. - rpc IssueJoinTicket(IssueJoinTicketRequest) returns (IssueJoinTicketResponse); - // IssueRejoinTicket issues a join ticket for a node that has previously joined the cluster. - rpc IssueRejoinTicket(IssueRejoinTicketRequest) returns (IssueRejoinTicketResponse); + // IssueJoinTicket issues a join ticket for a new node. + rpc IssueJoinTicket(IssueJoinTicketRequest) returns (IssueJoinTicketResponse); + // IssueRejoinTicket issues a join ticket for a node that has previously joined the cluster. + rpc IssueRejoinTicket(IssueRejoinTicketRequest) returns (IssueRejoinTicketResponse); } - message IssueJoinTicketRequest { - // disk_uuid is the UUID of a node's state disk. - string disk_uuid = 1; - // certificate_request is a certificate request for the node's kubelet certificate. - bytes certificate_request = 2; - // is_control_plane indicates whether the node is a control-plane node. - bool is_control_plane = 3; + // disk_uuid is the UUID of a node's state disk. + string disk_uuid = 1; + // certificate_request is a certificate request for the node's kubelet certificate. + bytes certificate_request = 2; + // is_control_plane indicates whether the node is a control-plane node. + bool is_control_plane = 3; } message IssueJoinTicketResponse { - // state_disk_key is the key used to encrypt the state disk. - bytes state_disk_key = 1; - // measurement_salt is a salt used to derive the node's ClusterID. - // This value is persisted on the state disk. - bytes measurement_salt = 2; - // measurement_secret is a secret used to derive the node's ClusterID. - // This value is NOT persisted on the state disk. - bytes measurement_secret = 3; - // kubelet_cert is the certificate to be used by the kubelet. - bytes kubelet_cert = 4; - // api_server_endpoint is the endpoint of Constellation's API server. - string api_server_endpoint = 5; - // token is the Kubernetes Join Token to be used by the node to join the cluster. - string token = 6; - // discovery_token_ca_cert_hash is a hash of the root certificate authority presented by the Kubernetes control-plane. - string discovery_token_ca_cert_hash = 7; - // control_plane_files is a list of control-plane certificates and keys. - repeated control_plane_cert_or_key control_plane_files = 8; - // kubernetes_version is the Kubernetes version to install on the node. - string kubernetes_version = 9; - // kubernetes_components is a list of components to install on the node. - repeated KubernetesComponent kubernetes_components = 10; + // state_disk_key is the key used to encrypt the state disk. + bytes state_disk_key = 1; + // measurement_salt is a salt used to derive the node's ClusterID. + // This value is persisted on the state disk. + bytes measurement_salt = 2; + // measurement_secret is a secret used to derive the node's ClusterID. + // This value is NOT persisted on the state disk. + bytes measurement_secret = 3; + // kubelet_cert is the certificate to be used by the kubelet. + bytes kubelet_cert = 4; + // api_server_endpoint is the endpoint of Constellation's API server. + string api_server_endpoint = 5; + // token is the Kubernetes Join Token to be used by the node to join the cluster. + string token = 6; + // discovery_token_ca_cert_hash is a hash of the root certificate authority presented by the Kubernetes control-plane. + string discovery_token_ca_cert_hash = 7; + // control_plane_files is a list of control-plane certificates and keys. + repeated control_plane_cert_or_key control_plane_files = 8; + // kubernetes_version is the Kubernetes version to install on the node. + string kubernetes_version = 9; + // kubernetes_components is a list of components to install on the node. + repeated KubernetesComponent kubernetes_components = 10; } message control_plane_cert_or_key { - // name of the certificate or key. - string name = 1; - // data of the certificate or key. - bytes data = 2; + // name of the certificate or key. + string name = 1; + // data of the certificate or key. + bytes data = 2; } message IssueRejoinTicketRequest { - // disk_uuid is the UUID of a node's state disk. - string disk_uuid = 1; + // disk_uuid is the UUID of a node's state disk. + string disk_uuid = 1; } message IssueRejoinTicketResponse { - // state_disk_key is the key to decrypt the state disk. - bytes state_disk_key = 1; - // measurement_secret is a secret used to derive the node's ClusterID. - // This value is NOT persisted on the state disk. - bytes measurement_secret = 2; + // state_disk_key is the key to decrypt the state disk. + bytes state_disk_key = 1; + // measurement_secret is a secret used to derive the node's ClusterID. + // This value is NOT persisted on the state disk. + bytes measurement_secret = 2; } // Discuss if we want to import the init proto instead of duplicating it message KubernetesComponent { - // url to download the component from. - string url = 1; - // hash of the component. - string hash = 2; - // install_path is the path to install the component to. - string install_path = 3; - // extract indicates whether the component is an archive and needs to be extracted. - bool extract = 4; - } + // url to download the component from. + string url = 1; + // hash of the component. + string hash = 2; + // install_path is the path to install the component to. + string install_path = 3; + // extract indicates whether the component is an archive and needs to be extracted. + bool extract = 4; +} diff --git a/keyservice/keyserviceproto/keyservice.proto b/keyservice/keyserviceproto/keyservice.proto index 1c03b5eef..d2ce62ffc 100644 --- a/keyservice/keyserviceproto/keyservice.proto +++ b/keyservice/keyserviceproto/keyservice.proto @@ -5,14 +5,14 @@ package kms; option go_package = "github.com/edgelesssys/constellation/v2/keyservice/keyserviceproto"; service API { - rpc GetDataKey(GetDataKeyRequest) returns (GetDataKeyResponse); + rpc GetDataKey(GetDataKeyRequest) returns (GetDataKeyResponse); } message GetDataKeyRequest { - string data_key_id = 1; - uint32 length = 2; + string data_key_id = 1; + uint32 length = 2; } message GetDataKeyResponse { - bytes data_key = 1; + bytes data_key = 1; } diff --git a/upgrade-agent/upgradeproto/upgrade.proto b/upgrade-agent/upgradeproto/upgrade.proto index e07db1a75..3236effdd 100644 --- a/upgrade-agent/upgradeproto/upgrade.proto +++ b/upgrade-agent/upgradeproto/upgrade.proto @@ -5,14 +5,13 @@ package upgrade; option go_package = "github.com/edgelesssys/constellation/v2/upgrade-agent/upgradeproto"; service Update { - rpc ExecuteUpdate(ExecuteUpdateRequest) returns (ExecuteUpdateResponse); + rpc ExecuteUpdate(ExecuteUpdateRequest) returns (ExecuteUpdateResponse); } message ExecuteUpdateRequest { - string kubeadm_url = 1; - string kubeadm_hash = 2; - string wanted_kubernetes_version = 3; + string kubeadm_url = 1; + string kubeadm_hash = 2; + string wanted_kubernetes_version = 3; } -message ExecuteUpdateResponse { -} +message ExecuteUpdateResponse {} diff --git a/verify/verifyproto/verify.proto b/verify/verifyproto/verify.proto index bafb0c298..e0d51c135 100644 --- a/verify/verifyproto/verify.proto +++ b/verify/verifyproto/verify.proto @@ -5,17 +5,17 @@ package verify; option go_package = "github.com/edgelesssys/constellation/v2/verify/verifyproto"; service API { - // GetAttestation returns an attestation for the given user data and nonce. - rpc GetAttestation(GetAttestationRequest) returns (GetAttestationResponse); + // GetAttestation returns an attestation for the given user data and nonce. + rpc GetAttestation(GetAttestationRequest) returns (GetAttestationResponse); } message GetAttestationRequest { - // bytes user_data = 1; removed - // nonce is a random nonce to prevent replay attacks. - bytes nonce = 2; + // bytes user_data = 1; removed + // nonce is a random nonce to prevent replay attacks. + bytes nonce = 2; } message GetAttestationResponse { - // attestation is the attestation for the given user data and nonce. - bytes attestation = 1; + // attestation is the attestation for the given user data and nonce. + bytes attestation = 1; }