Skip to content

Commit

Permalink
pb-rust: JSON schema compilation source (#118)
Browse files Browse the repository at this point in the history 
* codegen: init schemafy

includes the modules  structure definitions
needed have full package prefixes, like

```rust
use sigstore_protobuf_specs::dev::sigstore::verification::v1::Input
```

Signed-off-by: Jack Leightcap <jack.leightcap@trailofbits.com>

* pb-rust: schemafy only Bundles

Signed-off-by: Jack Leightcap <jack.leightcap@trailofbits.com>

pb-rust: schemafy construction

Signed-off-by: Jack Leightcap <jack.leightcap@trailofbits.com>

* pb-rust: port prost unit tests

adapted from b7d905d

Signed-off-by: Jack Leightcap <jack.leightcap@trailofbits.com>

* pb-rust: bundle deserialize integration

Signed-off-by: Jack Leightcap <jack.leightcap@trailofbits.com>

* pb-rust: use camelCase consistently in schema/artifacts

Signed-off-by: Jack Leightcap <jack.leightcap@trailofbits.com>

* pb-rust: schema generation bugs

Signed-off-by: Jack Leightcap <jack.leightcap@trailofbits.com>

* pb-rust: re-enable test suite

Signed-off-by: Jack Leightcap <jack.leightcap@trailofbits.com>

---------

Signed-off-by: Jack Leightcap <jack.leightcap@trailofbits.com>
  • Loading branch information
@jleightcap
jleightcap authored Aug 7, 2023
1 parent ad8dfad commit 88fe2fb
Show file tree
Hide file tree
Showing 66 changed files with 4,098 additions and 11,261 deletions.
14 changes: 14 additions & 0 deletions .github/workflows/rust-build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,3 +47,17 @@ jobs:
- run: |
cd gen/pb-rust
cargo build --verbose
test:
runs-on: ubuntu-latest
strategy:
matrix:
toolchain:
- stable

steps:
- uses: actions/checkout@v3
- run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }}
- run: |
cd gen/pb-rust
cargo test --tests
23 changes: 13 additions & 10 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,6 @@ ruby: docker-image
--entrypoint bash ${PROTOC_IMAGE} \
-c "cd ./gen/pb-ruby && protoc -I/opt/include -I../../protos/ --ruby_out=lib ../../protos/*.proto"

rust: docker-image
@echo "Generating rust protobuf files"
docker run \
--platform linux/amd64 \
-v ${PWD}:/defs \
-e "RUST_BACKTRACE=1" \
--entrypoint bash ${PROTOC_IMAGE} \
-c "cd gen/pb-rust/codegen && cargo run && rm -rf target/"

jsonschema: docker-image-jsonschema
@echo "Generating JSON schema files"
docker run \
Expand All @@ -67,6 +58,18 @@ jsonschema: docker-image-jsonschema
${JSONSCHEMA_IMAGE} \
-c "cd defs/gen/jsonschema && ./jsonschema.sh -I ../../protos -I /googleapis/ --jsonschema_out=schemas ../../protos/*.proto"

gen/pb-rust/schemas: jsonschema
cp -r gen/jsonschema/schemas gen/pb-rust

rust: docker-image gen/pb-rust/schemas
@echo "Generating rust protobuf files"
docker run \
--platform linux/amd64 \
-v ${PWD}:/defs \
-e "RUST_BACKTRACE=1" \
--entrypoint bash ${PROTOC_IMAGE} \
-c "cd gen/pb-rust && cargo build"

# docker already does its own caching so we can attempt a build every time
.PHONY: docker-image
docker-image:
Expand All @@ -92,7 +95,7 @@ clean:
gen/pb-typescript/src/__generated__ \
gen/pb-python/sigstore_protobuf_specs/dev \
gen/pb-python/sigstore_protobuf_specs/io \
gen/pb-rust/codegen/target \
gen/pb-rust/schemas \
gen/pb-rust/target
docker rmi -f ${PROTOC_IMAGE}

Expand Down
4 changes: 2 additions & 2 deletions gen/jsonschema/jsonschema.sh
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
!/bin/sh
#!/bin/sh

set -u
set -e

protoc --plugin=/root/go/bin/protoc-gen-jsonschema \
--jsonschema_opt=disallow_additional_properties \
--jsonschema_opt=enforce_oneof \
--jsonschema_opt=enums_as_strings \
--jsonschema_opt=enums_as_strings_only \
--jsonschema_opt=file_extension=schema.json \
--jsonschema_opt=json_fieldnames \
"$@"
34 changes: 4 additions & 30 deletions gen/jsonschema/schemas/ArtifactVerificationOptions.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,30 +103,15 @@
"keyDetails": {
"enum": [
"PUBLIC_KEY_DETAILS_UNSPECIFIED",
0,
"PKCS1_RSA_PKCS1V5",
1,
"PKCS1_RSA_PSS",
2,
"PKIX_RSA_PKCS1V5",
3,
"PKIX_RSA_PSS",
4,
"PKIX_ECDSA_P256_SHA_256",
5,
"PKIX_ECDSA_P256_HMAC_SHA_256",
6,
"PKIX_ED25519",
7
],
"oneOf": [
{
"type": "string"
},
{
"type": "integer"
}
"PKIX_ED25519"
],
"type": "string",
"title": "Public Key Details",
"description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)."
},
Expand Down Expand Up @@ -157,22 +142,11 @@
"type": {
"enum": [
"SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED",
0,
"EMAIL",
1,
"URI",
2,
"OTHER_NAME",
3
],
"oneOf": [
{
"type": "string"
},
{
"type": "integer"
}
"OTHER_NAME"
],
"type": "string",
"title": "Subject Alternative Name Type"
},
"regexp": {
Expand Down
13 changes: 2 additions & 11 deletions gen/jsonschema/schemas/Bundle.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,18 +101,9 @@
"algorithm": {
"enum": [
"HASH_ALGORITHM_UNSPECIFIED",
0,
"SHA2_256",
1
],
"oneOf": [
{
"type": "string"
},
{
"type": "integer"
}
"SHA2_256"
],
"type": "string",
"title": "This package defines commonly used message types within the Sigstore\n community.",
"description": "This package defines commonly used message types within the Sigstore community. Only a subset of the secure hash standard algorithms are supported. See \u003chttps://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf\u003e for more details. UNSPECIFIED SHOULD not be used, primary reason for inclusion is to force any proto JSON serialization to emit the used hash algorithm, as default option is to *omit* the default value of an enum (which is the first value, represented by '0'."
},
Expand Down
15 changes: 2 additions & 13 deletions gen/jsonschema/schemas/CertificateIdentities.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -52,22 +52,11 @@
"type": {
"enum": [
"SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED",
0,
"EMAIL",
1,
"URI",
2,
"OTHER_NAME",
3
],
"oneOf": [
{
"type": "string"
},
{
"type": "integer"
}
"OTHER_NAME"
],
"type": "string",
"title": "Subject Alternative Name Type"
},
"regexp": {
Expand Down
15 changes: 2 additions & 13 deletions gen/jsonschema/schemas/CertificateIdentity.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,22 +62,11 @@
"type": {
"enum": [
"SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED",
0,
"EMAIL",
1,
"URI",
2,
"OTHER_NAME",
3
],
"oneOf": [
{
"type": "string"
},
{
"type": "integer"
}
"OTHER_NAME"
],
"type": "string",
"title": "Subject Alternative Name Type"
},
"regexp": {
Expand Down
13 changes: 2 additions & 11 deletions gen/jsonschema/schemas/HashOutput.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,9 @@
"algorithm": {
"enum": [
"HASH_ALGORITHM_UNSPECIFIED",
0,
"SHA2_256",
1
],
"oneOf": [
{
"type": "string"
},
{
"type": "integer"
}
"SHA2_256"
],
"type": "string",
"title": "This package defines commonly used message types within the Sigstore\n community.",
"description": "This package defines commonly used message types within the Sigstore community. Only a subset of the secure hash standard algorithms are supported. See \u003chttps://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf\u003e for more details. UNSPECIFIED SHOULD not be used, primary reason for inclusion is to force any proto JSON serialization to emit the used hash algorithm, as default option is to *omit* the default value of an enum (which is the first value, represented by '0'."
},
Expand Down
60 changes: 8 additions & 52 deletions gen/jsonschema/schemas/Input.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,18 +147,9 @@
"algorithm": {
"enum": [
"HASH_ALGORITHM_UNSPECIFIED",
0,
"SHA2_256",
1
],
"oneOf": [
{
"type": "string"
},
{
"type": "integer"
}
"SHA2_256"
],
"type": "string",
"title": "This package defines commonly used message types within the Sigstore\n community.",
"description": "This package defines commonly used message types within the Sigstore community. Only a subset of the secure hash standard algorithms are supported. See \u003chttps://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf\u003e for more details. UNSPECIFIED SHOULD not be used, primary reason for inclusion is to force any proto JSON serialization to emit the used hash algorithm, as default option is to *omit* the default value of an enum (which is the first value, represented by '0'."
},
Expand Down Expand Up @@ -249,30 +240,15 @@
"keyDetails": {
"enum": [
"PUBLIC_KEY_DETAILS_UNSPECIFIED",
0,
"PKCS1_RSA_PKCS1V5",
1,
"PKCS1_RSA_PSS",
2,
"PKIX_RSA_PKCS1V5",
3,
"PKIX_RSA_PSS",
4,
"PKIX_ECDSA_P256_SHA_256",
5,
"PKIX_ECDSA_P256_HMAC_SHA_256",
6,
"PKIX_ED25519",
7
],
"oneOf": [
{
"type": "string"
},
{
"type": "integer"
}
"PKIX_ED25519"
],
"type": "string",
"title": "Public Key Details",
"description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)."
},
Expand Down Expand Up @@ -329,22 +305,11 @@
"type": {
"enum": [
"SUBJECT_ALTERNATIVE_NAME_TYPE_UNSPECIFIED",
0,
"EMAIL",
1,
"URI",
2,
"OTHER_NAME",
3
],
"oneOf": [
{
"type": "string"
},
{
"type": "integer"
}
"OTHER_NAME"
],
"type": "string",
"title": "Subject Alternative Name Type"
},
"regexp": {
Expand Down Expand Up @@ -578,18 +543,9 @@
"hashAlgorithm": {
"enum": [
"HASH_ALGORITHM_UNSPECIFIED",
0,
"SHA2_256",
1
],
"oneOf": [
{
"type": "string"
},
{
"type": "integer"
}
"SHA2_256"
],
"type": "string",
"title": "This package defines commonly used message types within the Sigstore\n community.",
"description": "This package defines commonly used message types within the Sigstore community. Only a subset of the secure hash standard algorithms are supported. See \u003chttps://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf\u003e for more details. UNSPECIFIED SHOULD not be used, primary reason for inclusion is to force any proto JSON serialization to emit the used hash algorithm, as default option is to *omit* the default value of an enum (which is the first value, represented by '0'."
},
Expand Down
13 changes: 2 additions & 11 deletions gen/jsonschema/schemas/MessageSignature.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,18 +26,9 @@
"algorithm": {
"enum": [
"HASH_ALGORITHM_UNSPECIFIED",
0,
"SHA2_256",
1
],
"oneOf": [
{
"type": "string"
},
{
"type": "integer"
}
"SHA2_256"
],
"type": "string",
"title": "This package defines commonly used message types within the Sigstore\n community.",
"description": "This package defines commonly used message types within the Sigstore community. Only a subset of the secure hash standard algorithms are supported. See \u003chttps://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf\u003e for more details. UNSPECIFIED SHOULD not be used, primary reason for inclusion is to force any proto JSON serialization to emit the used hash algorithm, as default option is to *omit* the default value of an enum (which is the first value, represented by '0'."
},
Expand Down
19 changes: 2 additions & 17 deletions gen/jsonschema/schemas/PublicKey.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,30 +13,15 @@
"keyDetails": {
"enum": [
"PUBLIC_KEY_DETAILS_UNSPECIFIED",
0,
"PKCS1_RSA_PKCS1V5",
1,
"PKCS1_RSA_PSS",
2,
"PKIX_RSA_PKCS1V5",
3,
"PKIX_RSA_PSS",
4,
"PKIX_ECDSA_P256_SHA_256",
5,
"PKIX_ECDSA_P256_HMAC_SHA_256",
6,
"PKIX_ED25519",
7
],
"oneOf": [
{
"type": "string"
},
{
"type": "integer"
}
"PKIX_ED25519"
],
"type": "string",
"title": "Public Key Details",
"description": "Details of a specific public key, capturing the the key encoding method, and signature algorithm. To avoid the possibility of contradicting formats such as PKCS1 with ED25519 the valid permutations are listed as a linear set instead of a cartesian set (i.e one combined variable instead of two, one for encoding and one for the signature algorithm)."
},
Expand Down
Loading

0 comments on commit 88fe2fb

Please sign in to comment.