metal-stack
diff --git a/‎generate/generate.go‎
Lines changed: 9 additions & 30 deletions b/‎generate/generate.go‎
Lines changed: 9 additions & 30 deletions
diff --git a/‎go.mod‎
Lines changed: 7 additions & 7 deletions b/‎go.mod‎
Lines changed: 7 additions & 7 deletions
diff --git a/‎go.sum‎
Lines changed: 14 additions & 14 deletions b/‎go.sum‎
Lines changed: 14 additions & 14 deletions
diff --git a/‎go/tests/mocks/client/Adminv2.go‎
Lines changed: 46 additions & 0 deletions b/‎go/tests/mocks/client/Adminv2.go‎
Lines changed: 46 additions & 0 deletions
diff --git a/‎go/tests/validation/filesystem_test.go‎
Lines changed: 7 additions & 9 deletions b/‎go/tests/validation/filesystem_test.go‎
Lines changed: 7 additions & 9 deletions
diff --git a/‎go/tests/validation/firewall-rule_test.go‎
Lines changed: 5 additions & 5 deletions b/‎go/tests/validation/firewall-rule_test.go‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎go/tests/validation/image_test.go‎
Lines changed: 8 additions & 12 deletions b/‎go/tests/validation/image_test.go‎
Lines changed: 8 additions & 12 deletions
@@ -143,48 +143,27 @@ func servicePermissions(root string) (*permissions.ServicePermissions, error) {
 						}
 						auditable[methodName] = true
 						// Tenant
-						switch *methodOpt.IdentifierValue {
-						case v1.TenantRole_TENANT_ROLE_OWNER.String():
-							roles.Tenant[v1.TenantRole_TENANT_ROLE_OWNER.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_OWNER.String()], methodName)
-							visibility.Tenant[methodName] = true
-						case v1.TenantRole_TENANT_ROLE_EDITOR.String():
-							roles.Tenant[v1.TenantRole_TENANT_ROLE_EDITOR.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_EDITOR.String()], methodName)
-							visibility.Tenant[methodName] = true
-						case v1.TenantRole_TENANT_ROLE_VIEWER.String():
-							roles.Tenant[v1.TenantRole_TENANT_ROLE_VIEWER.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_VIEWER.String()], methodName)
-							visibility.Tenant[methodName] = true
-						case v1.TenantRole_TENANT_ROLE_GUEST.String():
-							roles.Tenant[v1.TenantRole_TENANT_ROLE_GUEST.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_GUEST.String()], methodName)
+						switch role := *methodOpt.IdentifierValue; role {
+						case v1.TenantRole_TENANT_ROLE_OWNER.String(), v1.TenantRole_TENANT_ROLE_EDITOR.String(), v1.TenantRole_TENANT_ROLE_VIEWER.String(), v1.TenantRole_TENANT_ROLE_GUEST.String():
+							roles.Tenant[role] = append(roles.Tenant[role], methodName)
 							visibility.Tenant[methodName] = true
 						case v1.TenantRole_TENANT_ROLE_UNSPECIFIED.String():
 							// noop
 						// Project
-						case v1.ProjectRole_PROJECT_ROLE_OWNER.String():
-							roles.Project[v1.ProjectRole_PROJECT_ROLE_OWNER.String()] = append(roles.Project[v1.ProjectRole_PROJECT_ROLE_OWNER.String()], methodName)
-							visibility.Project[methodName] = true
-						case v1.ProjectRole_PROJECT_ROLE_EDITOR.String():
+						case v1.ProjectRole_PROJECT_ROLE_OWNER.String(), v1.ProjectRole_PROJECT_ROLE_EDITOR.String(), v1.ProjectRole_PROJECT_ROLE_VIEWER.String():
+							roles.Project[role] = append(roles.Project[role], methodName)
 							visibility.Project[methodName] = true
-							roles.Project[v1.ProjectRole_PROJECT_ROLE_EDITOR.String()] = append(roles.Project[v1.ProjectRole_PROJECT_ROLE_EDITOR.String()], methodName)
-						case v1.ProjectRole_PROJECT_ROLE_VIEWER.String():
-							visibility.Project[methodName] = true
-							roles.Project[v1.ProjectRole_PROJECT_ROLE_VIEWER.String()] = append(roles.Project[v1.ProjectRole_PROJECT_ROLE_VIEWER.String()], methodName)
 						case v1.ProjectRole_PROJECT_ROLE_UNSPECIFIED.String():
 							// noop
 						// Admin
-						case v1.AdminRole_ADMIN_ROLE_EDITOR.String():
-							roles.Admin[v1.AdminRole_ADMIN_ROLE_EDITOR.String()] = append(roles.Admin[v1.AdminRole_ADMIN_ROLE_EDITOR.String()], methodName)
-							visibility.Admin[methodName] = true
-						case v1.AdminRole_ADMIN_ROLE_VIEWER.String():
-							roles.Admin[v1.AdminRole_ADMIN_ROLE_VIEWER.String()] = append(roles.Admin[v1.AdminRole_ADMIN_ROLE_VIEWER.String()], methodName)
+						case v1.AdminRole_ADMIN_ROLE_EDITOR.String(), v1.AdminRole_ADMIN_ROLE_VIEWER.String():
+							roles.Admin[role] = append(roles.Admin[role], methodName)
 							visibility.Admin[methodName] = true
 						case v1.AdminRole_ADMIN_ROLE_UNSPECIFIED.String():
 							// noop
 						// Infra
-						case v1.InfraRole_INFRA_ROLE_EDITOR.String():
-							roles.Infra[v1.InfraRole_INFRA_ROLE_EDITOR.String()] = append(roles.Infra[v1.InfraRole_INFRA_ROLE_EDITOR.String()], methodName)
-							visibility.Infra[methodName] = true
-						case v1.InfraRole_INFRA_ROLE_VIEWER.String():
-							roles.Infra[v1.InfraRole_INFRA_ROLE_VIEWER.String()] = append(roles.Infra[v1.InfraRole_INFRA_ROLE_VIEWER.String()], methodName)
+						case v1.InfraRole_INFRA_ROLE_EDITOR.String(), v1.InfraRole_INFRA_ROLE_VIEWER.String():
+							roles.Infra[role] = append(roles.Infra[role], methodName)
 							visibility.Infra[methodName] = true
 						case v1.InfraRole_INFRA_ROLE_UNSPECIFIED.String():
 							// noop
 
@@ -3,8 +3,8 @@ module github.com/metal-stack/api
 go 1.25
 
 require (
-	buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20250912141014-52f32327d4b0.1
-	buf.build/go/protovalidate v1.0.1
+	buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20251209175733-2a1774d88802.1
+	buf.build/go/protovalidate v1.1.0
 	connectrpc.com/connect v1.19.1
 	github.com/bufbuild/protocompile v0.14.1
 	github.com/go-task/slim-sprig/v3 v3.0.0
@@ -20,16 +20,16 @@ require (
 	github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/google/cel-go v0.26.1 // indirect
-	github.com/klauspost/compress v1.18.1 // indirect
+	github.com/klauspost/compress v1.18.2 // indirect
 	github.com/kr/pretty v0.3.1 // indirect
 	github.com/minio/minlz v1.0.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/stoewer/go-strcase v1.3.1 // indirect
 	github.com/stretchr/objx v0.5.3 // indirect
-	golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6 // indirect
-	golang.org/x/text v0.31.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20251111163417-95abcf5c77ba // indirect
+	golang.org/x/exp v0.0.0-20251209150349-8475f28825e9 // indirect
+	golang.org/x/text v0.32.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
@@ -1,7 +1,7 @@
-buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20250912141014-52f32327d4b0.1 h1:31on4W/yPcV4nZHL4+UCiCvLPsMqe/vJcNg8Rci0scc=
-buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20250912141014-52f32327d4b0.1/go.mod h1:fUl8CEN/6ZAMk6bP8ahBJPUJw7rbp+j4x+wCcYi2IG4=
-buf.build/go/protovalidate v1.0.1 h1:Fwmf08OOUuKVeMvEnDmcKxQam4PJc/zFgvVX64BhTms=
-buf.build/go/protovalidate v1.0.1/go.mod h1:SoZmvk/3ZzOVg9YSkTdm4grMAByjf8zgZq4ZNaLZXoQ=
+buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20251209175733-2a1774d88802.1 h1:ZnX3qpF/pDiYrf+Q3p+/zCzZ5ELSpszy5hdVarDMSV4=
+buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20251209175733-2a1774d88802.1/go.mod h1:fUl8CEN/6ZAMk6bP8ahBJPUJw7rbp+j4x+wCcYi2IG4=
+buf.build/go/protovalidate v1.1.0 h1:pQqEQRpOo4SqS60qkvmhLTTQU9JwzEvdyiqAtXa5SeY=
+buf.build/go/protovalidate v1.1.0/go.mod h1:bGZcPiAQDC3ErCHK3t74jSoJDFOs2JH3d7LWuTEIdss=
 cel.dev/expr v0.25.1 h1:1KrZg61W6TWSxuNZ37Xy49ps13NUovb66QLprthtwi4=
 cel.dev/expr v0.25.1/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4=
 connectrpc.com/connect v1.19.1 h1:R5M57z05+90EfEvCY1b7hBxDVOUl45PrtXtAV2fOC14=
@@ -24,8 +24,8 @@ github.com/google/cel-go v0.26.1 h1:iPbVVEdkhTX++hpe3lzSk7D3G3QSYqLGoHOcEio+UXQ=
 github.com/google/cel-go v0.26.1/go.mod h1:A9O8OU9rdvrK5MQyrqfIxo1a0u4g3sF8KB6PUIaryMM=
 github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
-github.com/klauspost/compress v1.18.1 h1:bcSGx7UbpBqMChDtsF28Lw6v/G94LPrrbMbdC3JH2co=
-github.com/klauspost/compress v1.18.1/go.mod h1:ZQFFVG+MdnR0P+l6wpXgIL4NTtwiKIdBnrBd8Nrxr+0=
+github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk=
+github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
 github.com/klauspost/connect-compress/v2 v2.1.0 h1:8fM8QrVeHT69e5VVSh4yjDaQASYIvOp2uMZq7nVLj2U=
 github.com/klauspost/connect-compress/v2 v2.1.0/go.mod h1:Ayurh2wscMMx3AwdGGVL+ylSR5316WfApREDgsqHyH8=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
@@ -56,14 +56,14 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
-golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6 h1:zfMcR1Cs4KNuomFFgGefv5N0czO2XZpUbxGUy8i8ug0=
-golang.org/x/exp v0.0.0-20251113190631-e25ba8c21ef6/go.mod h1:46edojNIoXTNOhySWIWdix628clX9ODXwPsQuG6hsK0=
-golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
-golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
-google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba h1:B14OtaXuMaCQsl2deSvNkyPKIzq3BjfxQp8d00QyWx4=
-google.golang.org/genproto/googleapis/api v0.0.0-20251111163417-95abcf5c77ba/go.mod h1:G5IanEx8/PgI9w6CFcYQf7jMtHQhZruvfM1i3qOqk5U=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251111163417-95abcf5c77ba h1:UKgtfRM7Yh93Sya0Fo8ZzhDP4qBckrrxEr2oF5UIVb8=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20251111163417-95abcf5c77ba/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
+golang.org/x/exp v0.0.0-20251209150349-8475f28825e9 h1:MDfG8Cvcqlt9XXrmEiD4epKn7VJHZO84hejP9Jmp0MM=
+golang.org/x/exp v0.0.0-20251209150349-8475f28825e9/go.mod h1:EPRbTFwzwjXj9NpYyyrvenVh9Y+GFeEvMNh7Xuz7xgU=
+golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU=
+golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls=
+google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk=
 google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
 google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 
@@ -25,19 +25,18 @@ func TestValidateFilesystem(t *testing.T) {
 				Device: "/",
 			},
 			wantErr: true,
-			wantErrorMessage: `validation error:
- - device: value length must be at least 2 characters [string.min_len]
- - format: value is required [required]`,
+			wantErrorMessage: `validation errors:
+ - device: value length must be at least 2 characters
+ - format: value is required`,
 		},
 		{
 			name: "Invalid Filesystem, device to short, format invalid",
 			msg: &apiv2.Filesystem{
 				Device: "/dev/sda3",
 				Format: apiv2.Format(99),
 			},
-			wantErr: true,
-			wantErrorMessage: `validation error:
- - format: value must be one of the defined enum values [enum.defined_only]`,
+			wantErr:          true,
+			wantErrorMessage: `validation error: format: value must be one of the defined enum values`,
 		},
 		{
 			name: "Valid FilesystemLayout minimal config",
@@ -62,9 +61,8 @@ func TestValidateFilesystem(t *testing.T) {
 				Name:        proto.String("c"),
 				Description: proto.String("c1-large"),
 			},
-			wantErr: true,
-			wantErrorMessage: `validation error:
- - name: must be within 2 and 128 characters [string.is_name]`},
+			wantErr:          true,
+			wantErrorMessage: `validation error: name: must be within 2 and 128 characters`},
 	}
 
 	validateProtos(t, tests)
 
@@ -17,10 +17,10 @@ func TestValidateFirewallRules(t *testing.T) {
 				Comment:  "a rule",
 			},
 			wantErr: true,
-			wantErrorMessage: `validation error:
- - protocol: value must be one of the defined enum values [enum.defined_only]
- - ports[0]: value must be less than or equal to 65532 [uint32.lte]
- - to: given prefixes must be valid [repeated.prefixes]`,
+			wantErrorMessage: `validation errors:
+ - protocol: value must be one of the defined enum values
+ - ports[0]: value must be less than or equal to 65532
+ - to: given prefixes must be valid`,
 		},
 		{
 			name: "Invalid Rule with invalid comment",
@@ -31,7 +31,7 @@ func TestValidateFirewallRules(t *testing.T) {
 				Comment:  "a # invalid 3 rule",
 			},
 			wantErr:          true,
-			wantErrorMessage: "validation error:\n - comment: value does not match regex pattern `^[a-z_ -]*$` [string.pattern]",
+			wantErrorMessage: "validation error: comment: value does not match regex pattern `^[a-z_ -]*$`",
 		},
 	}
 
 
@@ -27,9 +27,8 @@ func TestValidateImage(t *testing.T) {
 				Url:      "not-a-uri",
 				Features: []apiv2.ImageFeature{apiv2.ImageFeature_IMAGE_FEATURE_MACHINE},
 			},
-			wantErr: true,
-			wantErrorMessage: `validation error:
- - url: given uri must be valid [string.uri]`,
+			wantErr:          true,
+			wantErrorMessage: `validation error: url: given uri must be valid`,
 		},
 		{
 			name: "Invalid Image, no features",
@@ -38,9 +37,8 @@ func TestValidateImage(t *testing.T) {
 				Url:      "http://download.org/debian:12.0",
 				Features: []apiv2.ImageFeature{3},
 			},
-			wantErr: true,
-			wantErrorMessage: `validation error:
- - features[0]: value must be one of the defined enum values [enum.defined_only]`,
+			wantErr:          true,
+			wantErrorMessage: `validation error: features[0]: value must be one of the defined enum values`,
 		},
 		{
 			name: "Valid ImageUpdate minimal config",
@@ -62,9 +60,8 @@ func TestValidateImage(t *testing.T) {
 				Features:       []apiv2.ImageFeature{apiv2.ImageFeature_IMAGE_FEATURE_MACHINE, apiv2.ImageFeature_IMAGE_FEATURE_MACHINE},
 				Classification: apiv2.ImageClassification_IMAGE_CLASSIFICATION_PREVIEW,
 			},
-			wantErr: true,
-			wantErrorMessage: `validation error:
- - features: repeated value must contain unique items [repeated.unique]`,
+			wantErr:          true,
+			wantErrorMessage: `validation error: features: repeated value must contain unique items`,
 		},
 		{
 			name: "InValid ImageUpdate invalid Features",
@@ -75,9 +72,8 @@ func TestValidateImage(t *testing.T) {
 				Features:       []apiv2.ImageFeature{apiv2.ImageFeature_IMAGE_FEATURE_MACHINE, 3},
 				Classification: apiv2.ImageClassification_IMAGE_CLASSIFICATION_PREVIEW,
 			},
-			wantErr: true,
-			wantErrorMessage: `validation error:
- - features[1]: value must be one of the defined enum values [enum.defined_only]`,
+			wantErr:          true,
+			wantErrorMessage: `validation error: features[1]: value must be one of the defined enum values`,
 		},
 	}