From ac7e6d8c557531ac256dfa1ab7555dbeaaaeff89 Mon Sep 17 00:00:00 2001 From: Wenqi Mou Date: Tue, 17 Sep 2024 22:15:59 -0400 Subject: [PATCH] br: add access key/secrets fields for aws kms (#1269) --- pkg/encryptionpb/encryptionpb.pb.go | 451 +++++++++++++++++++++++----- proto/encryptionpb.proto | 8 +- scripts/proto.lock | 20 ++ 3 files changed, 401 insertions(+), 78 deletions(-) diff --git a/pkg/encryptionpb/encryptionpb.pb.go b/pkg/encryptionpb/encryptionpb.pb.go index 6f05c8956..bd4fd2eda 100644 --- a/pkg/encryptionpb/encryptionpb.pb.go +++ b/pkg/encryptionpb/encryptionpb.pb.go @@ -573,7 +573,9 @@ type MasterKeyKms struct { // optional, used to set up azure master key backend AzureKms *AzureKms `protobuf:"bytes,5,opt,name=azure_kms,json=azureKms,proto3" json:"azure_kms,omitempty"` // optional, used to set up gcp master key backend - GcpKms *GcpKms `protobuf:"bytes,6,opt,name=gcp_kms,json=gcpKms,proto3" json:"gcp_kms,omitempty"` + GcpKms *GcpKms `protobuf:"bytes,6,opt,name=gcp_kms,json=gcpKms,proto3" json:"gcp_kms,omitempty"` + // optional, used to set up aws master key backend + AwsKms *AwsKms `protobuf:"bytes,7,opt,name=aws_kms,json=awsKms,proto3" json:"aws_kms,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -654,6 +656,13 @@ func (m *MasterKeyKms) GetGcpKms() *GcpKms { return nil } +func (m *MasterKeyKms) GetAwsKms() *AwsKms { + if m != nil { + return m.AwsKms + } + return nil +} + type AzureKms struct { TenantId string `protobuf:"bytes,1,opt,name=tenant_id,json=tenantId,proto3" json:"tenant_id,omitempty"` ClientId string `protobuf:"bytes,2,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"` @@ -814,6 +823,61 @@ func (m *GcpKms) GetCredential() string { return "" } +type AwsKms struct { + AccessKey string `protobuf:"bytes,1,opt,name=access_key,json=accessKey,proto3" json:"access_key,omitempty"` + SecretAccessKey string `protobuf:"bytes,2,opt,name=secret_access_key,json=secretAccessKey,proto3" json:"secret_access_key,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *AwsKms) Reset() { *m = AwsKms{} } +func (m *AwsKms) String() string { return proto.CompactTextString(m) } +func (*AwsKms) ProtoMessage() {} +func (*AwsKms) Descriptor() ([]byte, []int) { + return fileDescriptor_a483860494a778a2, []int{11} +} +func (m *AwsKms) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *AwsKms) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_AwsKms.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *AwsKms) XXX_Merge(src proto.Message) { + xxx_messageInfo_AwsKms.Merge(m, src) +} +func (m *AwsKms) XXX_Size() int { + return m.Size() +} +func (m *AwsKms) XXX_DiscardUnknown() { + xxx_messageInfo_AwsKms.DiscardUnknown(m) +} + +var xxx_messageInfo_AwsKms proto.InternalMessageInfo + +func (m *AwsKms) GetAccessKey() string { + if m != nil { + return m.AccessKey + } + return "" +} + +func (m *AwsKms) GetSecretAccessKey() string { + if m != nil { + return m.SecretAccessKey + } + return "" +} + type EncryptedContent struct { // Metadata of the encrypted content. // Eg. IV, method and KMS key ID @@ -837,7 +901,7 @@ func (m *EncryptedContent) Reset() { *m = EncryptedContent{} } func (m *EncryptedContent) String() string { return proto.CompactTextString(m) } func (*EncryptedContent) ProtoMessage() {} func (*EncryptedContent) Descriptor() ([]byte, []int) { - return fileDescriptor_a483860494a778a2, []int{11} + return fileDescriptor_a483860494a778a2, []int{12} } func (m *EncryptedContent) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -921,7 +985,7 @@ func (m *FileEncryptionInfo) Reset() { *m = FileEncryptionInfo{} } func (m *FileEncryptionInfo) String() string { return proto.CompactTextString(m) } func (*FileEncryptionInfo) ProtoMessage() {} func (*FileEncryptionInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_a483860494a778a2, []int{12} + return fileDescriptor_a483860494a778a2, []int{13} } func (m *FileEncryptionInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1028,7 +1092,7 @@ func (m *PlainTextDataKey) Reset() { *m = PlainTextDataKey{} } func (m *PlainTextDataKey) String() string { return proto.CompactTextString(m) } func (*PlainTextDataKey) ProtoMessage() {} func (*PlainTextDataKey) Descriptor() ([]byte, []int) { - return fileDescriptor_a483860494a778a2, []int{13} + return fileDescriptor_a483860494a778a2, []int{14} } func (m *PlainTextDataKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1069,7 +1133,7 @@ func (m *MasterKeyBased) Reset() { *m = MasterKeyBased{} } func (m *MasterKeyBased) String() string { return proto.CompactTextString(m) } func (*MasterKeyBased) ProtoMessage() {} func (*MasterKeyBased) Descriptor() ([]byte, []int) { - return fileDescriptor_a483860494a778a2, []int{14} + return fileDescriptor_a483860494a778a2, []int{15} } func (m *MasterKeyBased) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1120,6 +1184,7 @@ func init() { proto.RegisterType((*MasterKeyKms)(nil), "encryptionpb.MasterKeyKms") proto.RegisterType((*AzureKms)(nil), "encryptionpb.AzureKms") proto.RegisterType((*GcpKms)(nil), "encryptionpb.GcpKms") + proto.RegisterType((*AwsKms)(nil), "encryptionpb.AwsKms") proto.RegisterType((*EncryptedContent)(nil), "encryptionpb.EncryptedContent") proto.RegisterMapType((map[string][]byte)(nil), "encryptionpb.EncryptedContent.MetadataEntry") proto.RegisterType((*FileEncryptionInfo)(nil), "encryptionpb.FileEncryptionInfo") @@ -1130,78 +1195,82 @@ func init() { func init() { proto.RegisterFile("encryptionpb.proto", fileDescriptor_a483860494a778a2) } var fileDescriptor_a483860494a778a2 = []byte{ - // 1135 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x56, 0x49, 0x6f, 0x23, 0x45, - 0x14, 0x76, 0x3b, 0xde, 0xfa, 0x79, 0xc1, 0x53, 0x64, 0xf1, 0x38, 0xc8, 0x58, 0x3d, 0x0c, 0x58, - 0x30, 0x63, 0x34, 0x1e, 0x08, 0x33, 0x20, 0x10, 0x49, 0x26, 0x60, 0xcb, 0xc4, 0x13, 0x75, 0x32, - 0x80, 0xc4, 0xa1, 0x55, 0xe9, 0x7e, 0xb1, 0x5b, 0x76, 0x77, 0x5b, 0xdd, 0x65, 0x27, 0xe6, 0x97, - 0xc0, 0x11, 0x4e, 0xfc, 0x05, 0xc4, 0x85, 0x23, 0x47, 0x2e, 0x48, 0x1c, 0x51, 0xb8, 0xf0, 0x33, - 0x50, 0x2d, 0x5e, 0x3a, 0x0b, 0x62, 0x4e, 0xae, 0xb7, 0x7c, 0xaf, 0xeb, 0x7d, 0x55, 0xef, 0x2b, - 0x03, 0x41, 0xdf, 0x0e, 0x67, 0x63, 0xe6, 0x06, 0xfe, 0xf8, 0xb4, 0x39, 0x0e, 0x03, 0x16, 0x90, - 0xc2, 0xaa, 0xaf, 0xba, 0xde, 0x0f, 0xfa, 0x81, 0x08, 0xbc, 0xcb, 0x57, 0x32, 0xa7, 0xfa, 0x4a, - 0x38, 0x89, 0x98, 0x58, 0x4a, 0x87, 0xf1, 0x01, 0x94, 0x0e, 0x16, 0xb0, 0x43, 0x64, 0x94, 0x6c, - 0x40, 0x66, 0x88, 0x33, 0xcb, 0x75, 0x2a, 0x5a, 0x5d, 0x6b, 0xa4, 0xcc, 0xf4, 0x10, 0x67, 0x1d, - 0x87, 0x94, 0x20, 0xe9, 0x4e, 0x2b, 0xc9, 0xba, 0xd6, 0x28, 0x98, 0x49, 0x77, 0x6a, 0xb8, 0x90, - 0xfb, 0xcc, 0x1d, 0x61, 0xc7, 0x3f, 0x0b, 0xfe, 0x27, 0x84, 0xec, 0x40, 0xc6, 0x43, 0x36, 0x08, - 0x9c, 0xca, 0x5a, 0x5d, 0x6b, 0x94, 0x5a, 0xb5, 0x66, 0xac, 0x8b, 0xd8, 0x3e, 0x06, 0x81, 0x63, - 0xaa, 0x6c, 0xe3, 0x07, 0x0d, 0x4a, 0xfc, 0x5b, 0xcf, 0x5c, 0x9b, 0x47, 0x69, 0x38, 0x23, 0x1f, - 0x43, 0xfa, 0xcc, 0x1d, 0x61, 0x54, 0xd1, 0xea, 0x6b, 0x8d, 0x7c, 0xeb, 0xad, 0x78, 0xa5, 0x78, - 0xb2, 0x30, 0xa3, 0x03, 0x9f, 0x85, 0x33, 0x53, 0xa2, 0xaa, 0x47, 0x00, 0x4b, 0x27, 0x29, 0xc3, - 0xda, 0x10, 0x67, 0x62, 0xef, 0xba, 0xc9, 0x97, 0xe4, 0x01, 0xa4, 0xa7, 0x74, 0x34, 0x41, 0xb1, - 0xf9, 0x7c, 0x6b, 0xf3, 0x7a, 0x79, 0xde, 0xb7, 0x29, 0x93, 0x3e, 0x4c, 0x3e, 0xd1, 0x8c, 0xef, - 0x35, 0xc8, 0x3e, 0xa3, 0x8c, 0x76, 0x31, 0x56, 0xaf, 0x20, 0xeb, 0x2d, 0x3b, 0x4f, 0xbe, 0x4c, - 0xe7, 0xe4, 0x1e, 0x14, 0xed, 0x10, 0x29, 0x8f, 0x58, 0xcc, 0xf5, 0x50, 0x10, 0x97, 0x32, 0x0b, - 0x73, 0xe7, 0x89, 0xeb, 0x21, 0x79, 0x1d, 0xf2, 0xe7, 0x34, 0xb2, 0xf0, 0x62, 0x1c, 0x44, 0xe8, - 0x54, 0x52, 0x75, 0xad, 0x91, 0x33, 0xe1, 0x9c, 0x46, 0x07, 0xd2, 0x63, 0xfc, 0xaa, 0x41, 0xb1, - 0x8b, 0xb3, 0x15, 0xfa, 0x9e, 0x42, 0x6a, 0x88, 0xb3, 0x39, 0x7b, 0xf7, 0xe3, 0xbb, 0x89, 0xa5, - 0x72, 0x4b, 0x71, 0x27, 0x20, 0xe4, 0x0d, 0x28, 0xd9, 0x93, 0x30, 0x44, 0x9f, 0x59, 0xea, 0xcc, - 0x93, 0x6a, 0x4f, 0xd2, 0xdb, 0xe5, 0x47, 0x5f, 0xed, 0x81, 0xbe, 0x00, 0xae, 0xf2, 0x91, 0x92, - 0x7c, 0xbc, 0x13, 0xe7, 0x77, 0x23, 0xbe, 0x01, 0xc5, 0xe3, 0x2a, 0xbd, 0xbf, 0x68, 0xa0, 0x1f, - 0xd2, 0x88, 0x61, 0xc8, 0x09, 0xfe, 0x14, 0xf4, 0xf1, 0x88, 0xba, 0x3e, 0xc3, 0x0b, 0x26, 0xca, - 0xe6, 0x5b, 0xf5, 0x78, 0x89, 0x45, 0xee, 0xd1, 0x3c, 0xaf, 0x9d, 0x30, 0x97, 0x20, 0xf2, 0x08, - 0x52, 0xfc, 0x26, 0xa8, 0xef, 0x6f, 0xdf, 0x02, 0xe6, 0x07, 0xdd, 0x4e, 0x98, 0x22, 0x95, 0x34, - 0x61, 0x6d, 0xe8, 0x45, 0xe2, 0x04, 0xf2, 0xad, 0xea, 0x2d, 0x88, 0xae, 0x17, 0xb5, 0x13, 0x26, - 0x4f, 0xdc, 0xd3, 0x21, 0x7b, 0x4a, 0xed, 0x21, 0xfa, 0x8e, 0xb1, 0x0e, 0xe4, 0xfa, 0x86, 0x8c, - 0x7b, 0x50, 0x8c, 0x7d, 0x89, 0x10, 0x48, 0x8d, 0x29, 0x1b, 0xa8, 0x8b, 0x28, 0xd6, 0xc6, 0x1f, - 0x1a, 0x14, 0x56, 0xab, 0x93, 0x4d, 0xc8, 0x4c, 0xd1, 0x77, 0x82, 0x50, 0xa5, 0x29, 0x6b, 0x65, - 0x06, 0x93, 0xc2, 0xaf, 0x66, 0x70, 0x13, 0x32, 0x21, 0xf6, 0xdd, 0xc0, 0x17, 0x1b, 0xd7, 0x4d, - 0x65, 0x91, 0x2a, 0xe4, 0xd0, 0x77, 0xc6, 0x81, 0xeb, 0x33, 0x71, 0x63, 0x74, 0x73, 0x61, 0x93, - 0xc7, 0xa0, 0xd3, 0x6f, 0x27, 0x21, 0x5a, 0xbc, 0xdf, 0xf4, 0x4d, 0x13, 0xb0, 0xcb, 0xc3, 0x5d, - 0x2f, 0x32, 0x73, 0x54, 0xad, 0xc8, 0x43, 0xc8, 0xf6, 0xed, 0xb1, 0x80, 0x64, 0x04, 0x64, 0x3d, - 0x0e, 0xf9, 0xdc, 0x1e, 0x73, 0x40, 0xa6, 0x2f, 0x7e, 0x8d, 0x7f, 0x92, 0x90, 0x9b, 0x57, 0x21, - 0xdb, 0xa0, 0x33, 0xf4, 0xa9, 0xcf, 0xe6, 0x12, 0xa2, 0x9b, 0x39, 0xe9, 0xe8, 0x38, 0x3c, 0x68, - 0x8f, 0x5c, 0x94, 0x41, 0xd9, 0x5b, 0x4e, 0x3a, 0x3a, 0x72, 0x40, 0x64, 0x30, 0x42, 0x3b, 0x44, - 0xa6, 0xba, 0x2c, 0x48, 0xe7, 0xb1, 0xf0, 0x11, 0x03, 0x8a, 0x9c, 0x9a, 0x29, 0x9d, 0x8c, 0x98, - 0x35, 0x09, 0x47, 0xaa, 0xe1, 0xfc, 0x10, 0x67, 0x5f, 0x72, 0xdf, 0x8b, 0x70, 0x44, 0xee, 0x42, - 0x6e, 0x10, 0x79, 0x96, 0x4f, 0x3d, 0x14, 0x2d, 0xeb, 0x66, 0x76, 0x10, 0x79, 0x3d, 0xea, 0x21, - 0xd9, 0x02, 0xbe, 0x14, 0xc0, 0x8c, 0xe4, 0x70, 0x10, 0x79, 0x1c, 0xf3, 0x10, 0x88, 0xfa, 0xb8, - 0x8d, 0x21, 0x73, 0xcf, 0x5c, 0x9b, 0x32, 0xac, 0x64, 0x45, 0xce, 0x1d, 0x19, 0xd9, 0x5f, 0x06, - 0xc8, 0x0e, 0x6c, 0x5d, 0x4f, 0xb7, 0xc4, 0x89, 0xe7, 0x04, 0x66, 0xe3, 0x1a, 0xe6, 0x88, 0xb2, - 0x01, 0xf9, 0x04, 0xb6, 0x6f, 0xc4, 0x45, 0xd1, 0x79, 0x10, 0x3a, 0x15, 0x5d, 0x60, 0xef, 0xde, - 0x80, 0x95, 0x09, 0x46, 0x03, 0x32, 0x92, 0x7c, 0x52, 0x03, 0xb0, 0x43, 0x74, 0xd0, 0x67, 0x2e, - 0x1d, 0x29, 0xa2, 0x57, 0x3c, 0xc6, 0x8f, 0x49, 0x28, 0x2b, 0x2d, 0x42, 0x67, 0x3f, 0xf0, 0x19, - 0xfa, 0x8c, 0xb4, 0x21, 0xe7, 0x21, 0xa3, 0x0e, 0x65, 0x54, 0xe9, 0xc5, 0x83, 0x1b, 0xd5, 0x6b, - 0x81, 0x68, 0x1e, 0xaa, 0x74, 0x29, 0x1b, 0x0b, 0x34, 0xa9, 0x40, 0xd6, 0x96, 0x29, 0xea, 0x51, - 0x98, 0x9b, 0x64, 0x07, 0xc0, 0x13, 0x97, 0x9c, 0x6b, 0x8a, 0x1a, 0xb1, 0xad, 0x5b, 0x46, 0xcc, - 0xd4, 0xbd, 0x85, 0x10, 0xc8, 0x17, 0x26, 0xb5, 0x78, 0x61, 0xee, 0x43, 0xc9, 0x76, 0xc7, 0x03, - 0x0c, 0xf9, 0x80, 0x89, 0x5a, 0x69, 0x11, 0x2b, 0x2e, 0xbd, 0x5d, 0x9c, 0x55, 0x3f, 0x82, 0x62, - 0x6c, 0x8f, 0x37, 0xbc, 0x00, 0xeb, 0xab, 0x0a, 0x55, 0x58, 0x95, 0xa2, 0x9f, 0x93, 0x40, 0xf8, - 0xb8, 0x2e, 0x45, 0x5b, 0xbc, 0x81, 0xcf, 0xe1, 0x55, 0x21, 0x2f, 0x96, 0xf8, 0x34, 0x2f, 0x6d, - 0xcd, 0x4b, 0xe6, 0xaf, 0xea, 0xbd, 0xd0, 0x80, 0x13, 0xbc, 0x60, 0x4a, 0xe9, 0xda, 0x09, 0xb3, - 0x3c, 0xbe, 0xe2, 0x23, 0x6d, 0x28, 0x2f, 0x39, 0xb1, 0x4e, 0x29, 0xd7, 0x76, 0x29, 0x57, 0xaf, - 0xdd, 0xc2, 0xcc, 0x1e, 0xcf, 0x69, 0x27, 0xcc, 0x92, 0x17, 0xf3, 0x90, 0x2e, 0xdc, 0x59, 0x02, - 0xac, 0x97, 0x7a, 0x82, 0xcb, 0x78, 0xc5, 0xc3, 0xa7, 0x81, 0xcb, 0xa1, 0xb5, 0xe0, 0x3d, 0xc3, - 0xcd, 0xce, 0x94, 0x2b, 0x8a, 0x3d, 0x40, 0x7b, 0x18, 0x4d, 0x3c, 0xc5, 0xfa, 0xc2, 0xde, 0xcb, - 0x40, 0xca, 0x0b, 0x1c, 0x34, 0x08, 0x94, 0xaf, 0xf6, 0x6e, 0x78, 0x50, 0x8a, 0x77, 0x40, 0xbe, - 0x81, 0xea, 0x9c, 0x3f, 0x0b, 0xe7, 0x97, 0xcb, 0x9a, 0x5f, 0x1d, 0x79, 0x07, 0x6b, 0xff, 0x7d, - 0x07, 0xcd, 0x2d, 0x47, 0x96, 0xbf, 0x1a, 0x78, 0x7b, 0xb8, 0xb8, 0xe2, 0xcb, 0x9e, 0xf2, 0x90, - 0x7d, 0xd1, 0xeb, 0xf6, 0x9e, 0x7f, 0xd5, 0x2b, 0x27, 0x48, 0x11, 0xf4, 0xa3, 0x2f, 0x76, 0x3b, - 0xbd, 0x93, 0x83, 0xaf, 0x4f, 0xca, 0x1a, 0x29, 0x01, 0xec, 0x1e, 0x1c, 0x3f, 0x6a, 0x3d, 0xb1, - 0xf6, 0x4f, 0xcc, 0x72, 0x72, 0x6e, 0x3f, 0x6d, 0x09, 0x7b, 0x4d, 0xd9, 0xad, 0xf7, 0x77, 0x84, - 0x9d, 0xe2, 0xb5, 0x8e, 0x0f, 0xdf, 0x13, 0x46, 0x7a, 0xef, 0xcd, 0x3f, 0x7f, 0xca, 0x69, 0xbf, - 0x5d, 0xd6, 0xb4, 0xdf, 0x2f, 0x6b, 0xda, 0x5f, 0x97, 0x35, 0xed, 0xbb, 0xbf, 0x6b, 0x09, 0x28, - 0x07, 0x61, 0xbf, 0xc9, 0xdc, 0xe1, 0xb4, 0x39, 0x9c, 0x8a, 0x7f, 0x61, 0xa7, 0x19, 0xf1, 0xf3, - 0xf8, 0xdf, 0x00, 0x00, 0x00, 0xff, 0xff, 0xc5, 0x62, 0x5d, 0xc5, 0xd7, 0x09, 0x00, 0x00, + // 1190 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x56, 0xcf, 0x92, 0xdb, 0xc4, + 0x13, 0xb6, 0xb4, 0xb6, 0x6c, 0xb5, 0xff, 0xc4, 0x99, 0xdf, 0x26, 0xeb, 0x38, 0x3f, 0x8c, 0x4b, + 0x21, 0xe0, 0x0a, 0x89, 0xa9, 0x38, 0xb0, 0x24, 0x50, 0x50, 0xec, 0x26, 0x0b, 0x76, 0x99, 0x75, + 0xb6, 0xb4, 0x1b, 0xa0, 0x8a, 0x83, 0x6a, 0x56, 0xea, 0xd8, 0x2a, 0x5b, 0x92, 0x4b, 0x1a, 0x7b, + 0x63, 0xce, 0x3c, 0x04, 0x1c, 0xe1, 0xc4, 0x2b, 0x50, 0x5c, 0x38, 0x72, 0xe4, 0xc8, 0x91, 0x0a, + 0x17, 0x1e, 0x83, 0x9a, 0x19, 0x59, 0xb6, 0x76, 0xbd, 0x14, 0x39, 0x69, 0xba, 0xfb, 0xfb, 0x7a, + 0x66, 0xbe, 0x99, 0xee, 0x11, 0x10, 0xf4, 0xed, 0x70, 0x31, 0x65, 0x6e, 0xe0, 0x4f, 0x4f, 0xdb, + 0xd3, 0x30, 0x60, 0x01, 0x29, 0xad, 0xfb, 0xea, 0xdb, 0xc3, 0x60, 0x18, 0x88, 0xc0, 0x3b, 0x7c, + 0x24, 0x31, 0xf5, 0x2b, 0xe1, 0x2c, 0x62, 0x62, 0x28, 0x1d, 0xc6, 0xfb, 0x50, 0x39, 0x48, 0x68, + 0x87, 0xc8, 0x28, 0xb9, 0x06, 0xda, 0x18, 0x17, 0x96, 0xeb, 0xd4, 0x94, 0xa6, 0xd2, 0xca, 0x9a, + 0xb9, 0x31, 0x2e, 0x7a, 0x0e, 0xa9, 0x80, 0xea, 0xce, 0x6b, 0x6a, 0x53, 0x69, 0x95, 0x4c, 0xd5, + 0x9d, 0x1b, 0x2e, 0x14, 0x3e, 0x75, 0x27, 0xd8, 0xf3, 0x9f, 0x07, 0xff, 0x91, 0x42, 0x76, 0x41, + 0xf3, 0x90, 0x8d, 0x02, 0xa7, 0xb6, 0xd5, 0x54, 0x5a, 0x95, 0x4e, 0xa3, 0x9d, 0xda, 0x45, 0x6a, + 0x1d, 0xa3, 0xc0, 0x31, 0x63, 0xb4, 0xf1, 0x83, 0x02, 0x15, 0x3e, 0xd7, 0x13, 0xd7, 0xe6, 0x51, + 0x1a, 0x2e, 0xc8, 0x47, 0x90, 0x7b, 0xee, 0x4e, 0x30, 0xaa, 0x29, 0xcd, 0xad, 0x56, 0xb1, 0xf3, + 0x56, 0x3a, 0x53, 0x1a, 0x2c, 0xcc, 0xe8, 0xc0, 0x67, 0xe1, 0xc2, 0x94, 0xac, 0xfa, 0x11, 0xc0, + 0xca, 0x49, 0xaa, 0xb0, 0x35, 0xc6, 0x85, 0x58, 0xbb, 0x6e, 0xf2, 0x21, 0xb9, 0x0b, 0xb9, 0x39, + 0x9d, 0xcc, 0x50, 0x2c, 0xbe, 0xd8, 0xb9, 0x7e, 0x31, 0x3d, 0xdf, 0xb7, 0x29, 0x41, 0x1f, 0xa8, + 0x0f, 0x15, 0xe3, 0x7b, 0x05, 0xf2, 0x4f, 0x28, 0xa3, 0x7d, 0x4c, 0xe5, 0x2b, 0xc9, 0x7c, 0xab, + 0x9d, 0xab, 0xaf, 0xb2, 0x73, 0x72, 0x0b, 0xca, 0x76, 0x88, 0x94, 0x47, 0x2c, 0xe6, 0x7a, 0x28, + 0x84, 0xcb, 0x9a, 0xa5, 0xa5, 0xf3, 0xc4, 0xf5, 0x90, 0xbc, 0x0e, 0xc5, 0x33, 0x1a, 0x59, 0xf8, + 0x62, 0x1a, 0x44, 0xe8, 0xd4, 0xb2, 0x4d, 0xa5, 0x55, 0x30, 0xe1, 0x8c, 0x46, 0x07, 0xd2, 0x63, + 0xfc, 0xaa, 0x40, 0xb9, 0x8f, 0x8b, 0x35, 0xf9, 0x1e, 0x41, 0x76, 0x8c, 0x8b, 0xa5, 0x7a, 0xb7, + 0xd3, 0xab, 0x49, 0x41, 0xb9, 0x15, 0x6b, 0x27, 0x28, 0xe4, 0x0d, 0xa8, 0xd8, 0xb3, 0x30, 0x44, + 0x9f, 0x59, 0xf1, 0x99, 0xab, 0xf1, 0x9a, 0xa4, 0xb7, 0xcf, 0x8f, 0xbe, 0x3e, 0x00, 0x3d, 0x21, + 0xae, 0xeb, 0x91, 0x95, 0x7a, 0xbc, 0x9d, 0xd6, 0xf7, 0x5a, 0x7a, 0x01, 0xb1, 0x8e, 0xeb, 0xf2, + 0xfe, 0xa2, 0x80, 0x7e, 0x48, 0x23, 0x86, 0x21, 0x17, 0xf8, 0x13, 0xd0, 0xa7, 0x13, 0xea, 0xfa, + 0x0c, 0x5f, 0x30, 0x91, 0xb6, 0xd8, 0x69, 0xa6, 0x53, 0x24, 0xd8, 0xa3, 0x25, 0xae, 0x9b, 0x31, + 0x57, 0x24, 0x72, 0x1f, 0xb2, 0xfc, 0x26, 0xc4, 0xf3, 0xdf, 0xbc, 0x84, 0xcc, 0x0f, 0xba, 0x9b, + 0x31, 0x05, 0x94, 0xb4, 0x61, 0x6b, 0xec, 0x45, 0xe2, 0x04, 0x8a, 0x9d, 0xfa, 0x25, 0x8c, 0xbe, + 0x17, 0x75, 0x33, 0x26, 0x07, 0xee, 0xeb, 0x90, 0x3f, 0xa5, 0xf6, 0x18, 0x7d, 0xc7, 0xd8, 0x06, + 0x72, 0x71, 0x41, 0xc6, 0x2d, 0x28, 0xa7, 0x66, 0x22, 0x04, 0xb2, 0x53, 0xca, 0x46, 0xf1, 0x45, + 0x14, 0x63, 0xe3, 0x5b, 0x15, 0x4a, 0xeb, 0xd9, 0xc9, 0x75, 0xd0, 0xe6, 0xe8, 0x3b, 0x41, 0x18, + 0xc3, 0x62, 0x6b, 0xad, 0x06, 0x55, 0xe1, 0x8f, 0x6b, 0xf0, 0x3a, 0x68, 0x21, 0x0e, 0xdd, 0xc0, + 0x17, 0x0b, 0xd7, 0xcd, 0xd8, 0x22, 0x75, 0x28, 0xa0, 0xef, 0x4c, 0x03, 0xd7, 0x67, 0xe2, 0xc6, + 0xe8, 0x66, 0x62, 0x93, 0x07, 0xa0, 0xd3, 0x6f, 0x66, 0x21, 0x5a, 0x7c, 0xbf, 0xb9, 0x4d, 0x15, + 0xb0, 0xc7, 0xc3, 0x7d, 0x2f, 0x32, 0x0b, 0x34, 0x1e, 0x91, 0x7b, 0x90, 0x1f, 0xda, 0x53, 0x41, + 0xd1, 0x04, 0x65, 0x3b, 0x4d, 0xf9, 0xcc, 0x9e, 0x72, 0x82, 0x36, 0x14, 0x5f, 0x0e, 0xa7, 0x67, + 0x91, 0x80, 0xe7, 0x37, 0xc1, 0xf7, 0xce, 0x22, 0x01, 0xa7, 0xe2, 0x6b, 0xfc, 0xad, 0x42, 0x61, + 0x39, 0x29, 0xb9, 0x09, 0x3a, 0x43, 0x9f, 0xfa, 0x6c, 0xd9, 0x71, 0x74, 0xb3, 0x20, 0x1d, 0x3d, + 0x87, 0x07, 0xed, 0x89, 0x8b, 0x32, 0x28, 0xa5, 0x28, 0x48, 0x47, 0x4f, 0xd6, 0x93, 0x0c, 0x46, + 0x68, 0x87, 0xc8, 0x62, 0x51, 0x4a, 0xd2, 0x79, 0x2c, 0x7c, 0xc4, 0x80, 0x32, 0x57, 0x72, 0x4e, + 0x67, 0x13, 0x66, 0xcd, 0xc2, 0x49, 0xac, 0x4f, 0x71, 0x8c, 0x8b, 0x2f, 0xb8, 0xef, 0x59, 0x38, + 0x21, 0x37, 0xa0, 0x30, 0x8a, 0x3c, 0xcb, 0xa7, 0x1e, 0x0a, 0x85, 0x74, 0x33, 0x3f, 0x8a, 0xbc, + 0x01, 0xf5, 0x90, 0xec, 0x00, 0x1f, 0x0a, 0xa2, 0x26, 0x25, 0x1f, 0x45, 0x1e, 0xe7, 0xdc, 0x03, + 0x12, 0x4f, 0x6e, 0x63, 0xc8, 0xdc, 0xe7, 0xae, 0x4d, 0x19, 0x8a, 0xdd, 0xeb, 0xe6, 0x55, 0x19, + 0x79, 0xbc, 0x0a, 0x90, 0x5d, 0xd8, 0xb9, 0x08, 0xb7, 0xc4, 0x05, 0x29, 0x08, 0xce, 0xb5, 0x0b, + 0x9c, 0x23, 0xca, 0x46, 0xe4, 0x63, 0xb8, 0xb9, 0x91, 0x17, 0x45, 0x67, 0x41, 0xe8, 0xd4, 0x74, + 0xc1, 0xbd, 0xb1, 0x81, 0x2b, 0x01, 0x46, 0x0b, 0x34, 0x79, 0x56, 0xa4, 0x01, 0x60, 0x87, 0xe8, + 0xa0, 0xcf, 0x5c, 0x3a, 0x89, 0x85, 0x5e, 0xf3, 0x18, 0xc7, 0xa0, 0xc9, 0x63, 0x22, 0xaf, 0x01, + 0x50, 0xdb, 0xc6, 0x28, 0xb2, 0x56, 0x8d, 0x54, 0x97, 0x1e, 0x5e, 0xaf, 0x77, 0xe0, 0xaa, 0xd4, + 0xdb, 0x5a, 0x43, 0xc9, 0xb3, 0xb9, 0x22, 0x03, 0x7b, 0x4b, 0xac, 0xf1, 0xa3, 0x0a, 0xd5, 0xb8, + 0x1f, 0xa2, 0xf3, 0x38, 0xf0, 0x19, 0xfa, 0x8c, 0x74, 0xa1, 0xe0, 0x21, 0xa3, 0x0e, 0x65, 0x34, + 0xee, 0x59, 0x77, 0x37, 0x76, 0xd0, 0x84, 0xd1, 0x3e, 0x8c, 0xe1, 0xb2, 0x75, 0x25, 0x6c, 0x52, + 0x83, 0xbc, 0x2d, 0x21, 0xf1, 0xc3, 0xb4, 0x34, 0xc9, 0x2e, 0x80, 0x27, 0x0a, 0x4d, 0xac, 0x4e, + 0x96, 0xf9, 0xce, 0x25, 0x65, 0x6e, 0xea, 0x5e, 0xd2, 0x8c, 0xe4, 0x2b, 0x97, 0x4d, 0x5e, 0xb9, + 0xdb, 0x50, 0xb1, 0xdd, 0xe9, 0x08, 0x43, 0x5e, 0xe4, 0x22, 0x57, 0x4e, 0xc4, 0xca, 0x2b, 0x6f, + 0x1f, 0x17, 0xf5, 0x0f, 0xa1, 0x9c, 0x5a, 0xe3, 0x86, 0x57, 0x68, 0x7b, 0xbd, 0x4b, 0x96, 0xd6, + 0xdb, 0xe1, 0xcf, 0x2a, 0x10, 0xde, 0x32, 0x56, 0x0f, 0x87, 0x78, 0x87, 0x9f, 0xc2, 0xff, 0x44, + 0x8b, 0xb3, 0xc4, 0xd4, 0x3c, 0x75, 0x72, 0x1e, 0xc5, 0xf3, 0x6f, 0x8e, 0xe8, 0x43, 0x27, 0xf8, + 0x82, 0xc5, 0xdd, 0xb6, 0x9b, 0x31, 0xab, 0xd3, 0x73, 0x3e, 0xd2, 0x85, 0xea, 0x4a, 0x13, 0xeb, + 0x94, 0xf2, 0xf7, 0x45, 0xb6, 0xcc, 0xff, 0x5f, 0xa2, 0xcc, 0x3e, 0xc7, 0x74, 0x33, 0x66, 0xc5, + 0x4b, 0x79, 0x48, 0x1f, 0xae, 0xae, 0x08, 0xd6, 0x2b, 0xfd, 0x06, 0x54, 0xf1, 0x9c, 0x87, 0x97, + 0x18, 0x6f, 0xc9, 0x56, 0xa2, 0xbb, 0xc6, 0xcd, 0xde, 0x9c, 0x77, 0x35, 0x7b, 0x84, 0xf6, 0x38, + 0x9a, 0x79, 0xb1, 0xea, 0x89, 0xbd, 0xaf, 0x41, 0xd6, 0x0b, 0x1c, 0x34, 0x08, 0x54, 0xcf, 0xef, + 0xdd, 0xf0, 0xa0, 0x92, 0xde, 0x01, 0xf9, 0x1a, 0xea, 0x4b, 0xfd, 0x2c, 0x5c, 0x5e, 0x2e, 0x6b, + 0x79, 0x75, 0xe4, 0x1d, 0x6c, 0xfc, 0xfb, 0x1d, 0x34, 0x77, 0x1c, 0x99, 0xfe, 0x7c, 0xe0, 0xce, + 0x38, 0xb9, 0xe2, 0xab, 0x3d, 0x15, 0x21, 0xff, 0x6c, 0xd0, 0x1f, 0x3c, 0xfd, 0x72, 0x50, 0xcd, + 0x90, 0x32, 0xe8, 0x47, 0x9f, 0xef, 0xf5, 0x06, 0x27, 0x07, 0x5f, 0x9d, 0x54, 0x15, 0x52, 0x01, + 0xd8, 0x3b, 0x38, 0xbe, 0xdf, 0x79, 0x68, 0x3d, 0x3e, 0x31, 0xab, 0xea, 0xd2, 0x7e, 0xd4, 0x11, + 0xf6, 0x56, 0x6c, 0x77, 0xde, 0xdb, 0x15, 0x76, 0x96, 0xe7, 0x3a, 0x3e, 0x7c, 0x57, 0x18, 0xb9, + 0xfd, 0x37, 0xff, 0xf8, 0xa9, 0xa0, 0xfc, 0xf6, 0xb2, 0xa1, 0xfc, 0xfe, 0xb2, 0xa1, 0xfc, 0xf9, + 0xb2, 0xa1, 0x7c, 0xf7, 0x57, 0x23, 0x03, 0xd5, 0x20, 0x1c, 0xb6, 0x99, 0x3b, 0x9e, 0xb7, 0xc7, + 0x73, 0xf1, 0x27, 0x78, 0xaa, 0x89, 0xcf, 0x83, 0x7f, 0x02, 0x00, 0x00, 0xff, 0xff, 0xf6, 0x2c, + 0xa1, 0xd2, 0x5b, 0x0a, 0x00, 0x00, } func (m *EncryptionMeta) Marshal() (dAtA []byte, err error) { @@ -1634,6 +1703,18 @@ func (m *MasterKeyKms) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.AwsKms != nil { + { + size, err := m.AwsKms.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintEncryptionpb(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x3a + } if m.GcpKms != nil { { size, err := m.GcpKms.MarshalToSizedBuffer(dAtA[:i]) @@ -1813,6 +1894,47 @@ func (m *GcpKms) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } +func (m *AwsKms) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *AwsKms) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AwsKms) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.SecretAccessKey) > 0 { + i -= len(m.SecretAccessKey) + copy(dAtA[i:], m.SecretAccessKey) + i = encodeVarintEncryptionpb(dAtA, i, uint64(len(m.SecretAccessKey))) + i-- + dAtA[i] = 0x12 + } + if len(m.AccessKey) > 0 { + i -= len(m.AccessKey) + copy(dAtA[i:], m.AccessKey) + i = encodeVarintEncryptionpb(dAtA, i, uint64(len(m.AccessKey))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + func (m *EncryptedContent) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -2298,6 +2420,10 @@ func (m *MasterKeyKms) Size() (n int) { l = m.GcpKms.Size() n += 1 + l + sovEncryptionpb(uint64(l)) } + if m.AwsKms != nil { + l = m.AwsKms.Size() + n += 1 + l + sovEncryptionpb(uint64(l)) + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -2368,6 +2494,26 @@ func (m *GcpKms) Size() (n int) { return n } +func (m *AwsKms) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.AccessKey) + if l > 0 { + n += 1 + l + sovEncryptionpb(uint64(l)) + } + l = len(m.SecretAccessKey) + if l > 0 { + n += 1 + l + sovEncryptionpb(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func (m *EncryptedContent) Size() (n int) { if m == nil { return 0 @@ -3748,6 +3894,42 @@ func (m *MasterKeyKms) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 7: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AwsKms", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEncryptionpb + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthEncryptionpb + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthEncryptionpb + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.AwsKms == nil { + m.AwsKms = &AwsKms{} + } + if err := m.AwsKms.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipEncryptionpb(dAtA[iNdEx:]) @@ -4192,6 +4374,121 @@ func (m *GcpKms) Unmarshal(dAtA []byte) error { } return nil } +func (m *AwsKms) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEncryptionpb + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: AwsKms: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: AwsKms: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field AccessKey", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEncryptionpb + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEncryptionpb + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEncryptionpb + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.AccessKey = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SecretAccessKey", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowEncryptionpb + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthEncryptionpb + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthEncryptionpb + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SecretAccessKey = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipEncryptionpb(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthEncryptionpb + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *EncryptedContent) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/proto/encryptionpb.proto b/proto/encryptionpb.proto index af03b9d66..a5af3f84c 100644 --- a/proto/encryptionpb.proto +++ b/proto/encryptionpb.proto @@ -100,7 +100,8 @@ message MasterKeyKms { AzureKms azure_kms = 5; // optional, used to set up gcp master key backend GcpKms gcp_kms = 6; - + // optional, used to set up aws master key backend + AwsKms aws_kms = 7; } message AzureKms { @@ -122,6 +123,11 @@ message GcpKms { string credential = 1; } +message AwsKms { + string access_key = 1; + string secret_access_key = 2; +} + message EncryptedContent { // Metadata of the encrypted content. // Eg. IV, method and KMS key ID diff --git a/scripts/proto.lock b/scripts/proto.lock index ebb86d492..b50a5a8dc 100644 --- a/scripts/proto.lock +++ b/scripts/proto.lock @@ -5498,6 +5498,11 @@ "id": 6, "name": "gcp_kms", "type": "GcpKms" + }, + { + "id": 7, + "name": "aws_kms", + "type": "AwsKms" } ] }, @@ -5561,6 +5566,21 @@ } ] }, + { + "name": "AwsKms", + "fields": [ + { + "id": 1, + "name": "access_key", + "type": "string" + }, + { + "id": 2, + "name": "secret_access_key", + "type": "string" + } + ] + }, { "name": "EncryptedContent", "fields": [