Merge branch 'main' of https://github.com/metal-stack/api into vpn-service

Author: majst01

doc/index.html

@@ -7278,6 +7278,13 @@ <h3 id="metalstack.api.v2.MachineAllocationQuery">MachineAllocationQuery</h3>
                   <td><p>Labels for which this machine allocation should get filtered </p></td>
                 </tr>
 
+                <tr>
+                  <td>vpn</td>
+                  <td><a href="#metalstack.api.v2.MachineVPN">MachineVPN</a></td>
+                  <td>optional</td>
+                  <td><p>VPN query if this machine has a vpn configuration </p></td>
+                </tr>
+              
             </tbody>
           </table>
 

generate/generate.go

@@ -143,48 +143,27 @@ func servicePermissions(root string) (*permissions.ServicePermissions, error) {
 						}
 						auditable[methodName] = true
 						// Tenant
-						switch *methodOpt.IdentifierValue {
-						case v1.TenantRole_TENANT_ROLE_OWNER.String():
-							roles.Tenant[v1.TenantRole_TENANT_ROLE_OWNER.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_OWNER.String()], methodName)
-							visibility.Tenant[methodName] = true
-						case v1.TenantRole_TENANT_ROLE_EDITOR.String():
-							roles.Tenant[v1.TenantRole_TENANT_ROLE_EDITOR.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_EDITOR.String()], methodName)
-							visibility.Tenant[methodName] = true
-						case v1.TenantRole_TENANT_ROLE_VIEWER.String():
-							roles.Tenant[v1.TenantRole_TENANT_ROLE_VIEWER.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_VIEWER.String()], methodName)
-							visibility.Tenant[methodName] = true
-						case v1.TenantRole_TENANT_ROLE_GUEST.String():
-							roles.Tenant[v1.TenantRole_TENANT_ROLE_GUEST.String()] = append(roles.Tenant[v1.TenantRole_TENANT_ROLE_GUEST.String()], methodName)
+						switch role := *methodOpt.IdentifierValue; role {
+						case v1.TenantRole_TENANT_ROLE_OWNER.String(), v1.TenantRole_TENANT_ROLE_EDITOR.String(), v1.TenantRole_TENANT_ROLE_VIEWER.String(), v1.TenantRole_TENANT_ROLE_GUEST.String():
+							roles.Tenant[role] = append(roles.Tenant[role], methodName)
 							visibility.Tenant[methodName] = true
 						case v1.TenantRole_TENANT_ROLE_UNSPECIFIED.String():
 							// noop
 						// Project
-						case v1.ProjectRole_PROJECT_ROLE_OWNER.String():
-							roles.Project[v1.ProjectRole_PROJECT_ROLE_OWNER.String()] = append(roles.Project[v1.ProjectRole_PROJECT_ROLE_OWNER.String()], methodName)
-							visibility.Project[methodName] = true
-						case v1.ProjectRole_PROJECT_ROLE_EDITOR.String():
+						case v1.ProjectRole_PROJECT_ROLE_OWNER.String(), v1.ProjectRole_PROJECT_ROLE_EDITOR.String(), v1.ProjectRole_PROJECT_ROLE_VIEWER.String():
+							roles.Project[role] = append(roles.Project[role], methodName)
 							visibility.Project[methodName] = true
-							roles.Project[v1.ProjectRole_PROJECT_ROLE_EDITOR.String()] = append(roles.Project[v1.ProjectRole_PROJECT_ROLE_EDITOR.String()], methodName)
-						case v1.ProjectRole_PROJECT_ROLE_VIEWER.String():
-							visibility.Project[methodName] = true
-							roles.Project[v1.ProjectRole_PROJECT_ROLE_VIEWER.String()] = append(roles.Project[v1.ProjectRole_PROJECT_ROLE_VIEWER.String()], methodName)
 						case v1.ProjectRole_PROJECT_ROLE_UNSPECIFIED.String():
 							// noop
 						// Admin
-						case v1.AdminRole_ADMIN_ROLE_EDITOR.String():
-							roles.Admin[v1.AdminRole_ADMIN_ROLE_EDITOR.String()] = append(roles.Admin[v1.AdminRole_ADMIN_ROLE_EDITOR.String()], methodName)
-							visibility.Admin[methodName] = true
-						case v1.AdminRole_ADMIN_ROLE_VIEWER.String():
-							roles.Admin[v1.AdminRole_ADMIN_ROLE_VIEWER.String()] = append(roles.Admin[v1.AdminRole_ADMIN_ROLE_VIEWER.String()], methodName)
+						case v1.AdminRole_ADMIN_ROLE_EDITOR.String(), v1.AdminRole_ADMIN_ROLE_VIEWER.String():
+							roles.Admin[role] = append(roles.Admin[role], methodName)
 							visibility.Admin[methodName] = true
 						case v1.AdminRole_ADMIN_ROLE_UNSPECIFIED.String():
 							// noop
 						// Infra
-						case v1.InfraRole_INFRA_ROLE_EDITOR.String():
-							roles.Infra[v1.InfraRole_INFRA_ROLE_EDITOR.String()] = append(roles.Infra[v1.InfraRole_INFRA_ROLE_EDITOR.String()], methodName)
-							visibility.Infra[methodName] = true
-						case v1.InfraRole_INFRA_ROLE_VIEWER.String():
-							roles.Infra[v1.InfraRole_INFRA_ROLE_VIEWER.String()] = append(roles.Infra[v1.InfraRole_INFRA_ROLE_VIEWER.String()], methodName)
+						case v1.InfraRole_INFRA_ROLE_EDITOR.String(), v1.InfraRole_INFRA_ROLE_VIEWER.String():
+							roles.Infra[role] = append(roles.Infra[role], methodName)
 							visibility.Infra[methodName] = true
 						case v1.InfraRole_INFRA_ROLE_UNSPECIFIED.String():
 							// noop

go.mod

@@ -3,8 +3,8 @@ module github.com/metal-stack/api
 go 1.25
 
 require (
-	buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20250912141014-52f32327d4b0.1
-	buf.build/go/protovalidate v1.0.1
+	buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20251209175733-2a1774d88802.1
+	buf.build/go/protovalidate v1.1.0
 	connectrpc.com/connect v1.19.1
 	github.com/bufbuild/protocompile v0.14.1
 	github.com/go-task/slim-sprig/v3 v3.0.0

go.sum

@@ -1,7 +1,7 @@
-buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20250912141014-52f32327d4b0.1 h1:31on4W/yPcV4nZHL4+UCiCvLPsMqe/vJcNg8Rci0scc=
-buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20250912141014-52f32327d4b0.1/go.mod h1:fUl8CEN/6ZAMk6bP8ahBJPUJw7rbp+j4x+wCcYi2IG4=
-buf.build/go/protovalidate v1.0.1 h1:Fwmf08OOUuKVeMvEnDmcKxQam4PJc/zFgvVX64BhTms=
-buf.build/go/protovalidate v1.0.1/go.mod h1:SoZmvk/3ZzOVg9YSkTdm4grMAByjf8zgZq4ZNaLZXoQ=
+buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20251209175733-2a1774d88802.1 h1:ZnX3qpF/pDiYrf+Q3p+/zCzZ5ELSpszy5hdVarDMSV4=
+buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.10-20251209175733-2a1774d88802.1/go.mod h1:fUl8CEN/6ZAMk6bP8ahBJPUJw7rbp+j4x+wCcYi2IG4=
+buf.build/go/protovalidate v1.1.0 h1:pQqEQRpOo4SqS60qkvmhLTTQU9JwzEvdyiqAtXa5SeY=
+buf.build/go/protovalidate v1.1.0/go.mod h1:bGZcPiAQDC3ErCHK3t74jSoJDFOs2JH3d7LWuTEIdss=
 cel.dev/expr v0.25.1 h1:1KrZg61W6TWSxuNZ37Xy49ps13NUovb66QLprthtwi4=
 cel.dev/expr v0.25.1/go.mod h1:hrXvqGP6G6gyx8UAHSHJ5RGk//1Oj5nXQ2NI02Nrsg4=
 connectrpc.com/connect v1.19.1 h1:R5M57z05+90EfEvCY1b7hBxDVOUl45PrtXtAV2fOC14=

go/metalstack/api/v2/machine.pb.go

@@ -25,19 +25,18 @@ func TestValidateFilesystem(t *testing.T) {
 				Device: "/",
 			},
 			wantErr: true,
-			wantErrorMessage: `validation error:
- - device: value length must be at least 2 characters [string.min_len]
- - format: value is required [required]`,
+			wantErrorMessage: `validation errors:
+ - device: value length must be at least 2 characters
+ - format: value is required`,
 		},
 		{
 			name: "Invalid Filesystem, device to short, format invalid",
 			msg: &apiv2.Filesystem{
 				Device: "/dev/sda3",
 				Format: apiv2.Format(99),
 			},
-			wantErr: true,
-			wantErrorMessage: `validation error:
- - format: value must be one of the defined enum values [enum.defined_only]`,
+			wantErr:          true,
+			wantErrorMessage: `validation error: format: value must be one of the defined enum values`,
 		},
 		{
 			name: "Valid FilesystemLayout minimal config",
@@ -62,9 +61,8 @@ func TestValidateFilesystem(t *testing.T) {
 				Name:        proto.String("c"),
 				Description: proto.String("c1-large"),
 			},
-			wantErr: true,
-			wantErrorMessage: `validation error:
- - name: must be within 2 and 128 characters [string.is_name]`},
+			wantErr:          true,
+			wantErrorMessage: `validation error: name: must be within 2 and 128 characters`},
 	}
 
 	validateProtos(t, tests)

go/tests/mocks/client/Adminv2.go

@@ -17,10 +17,10 @@ func TestValidateFirewallRules(t *testing.T) {
 				Comment:  "a rule",
 			},
 			wantErr: true,
-			wantErrorMessage: `validation error:
- - protocol: value must be one of the defined enum values [enum.defined_only]
- - ports[0]: value must be less than or equal to 65532 [uint32.lte]
- - to: given prefixes must be valid [repeated.prefixes]`,
+			wantErrorMessage: `validation errors:
+ - protocol: value must be one of the defined enum values
+ - ports[0]: value must be less than or equal to 65532
+ - to: given prefixes must be valid`,
 		},
 		{
 			name: "Invalid Rule with invalid comment",
@@ -31,7 +31,7 @@ func TestValidateFirewallRules(t *testing.T) {
 				Comment:  "a # invalid 3 rule",
 			},
 			wantErr:          true,
-			wantErrorMessage: "validation error:\n - comment: value does not match regex pattern `^[a-z_ -]*$` [string.pattern]",
+			wantErrorMessage: "validation error: comment: value does not match regex pattern `^[a-z_ -]*$`",
 		},
 	}
 

go/tests/validation/filesystem_test.go

@@ -27,9 +27,8 @@ func TestValidateImage(t *testing.T) {
 				Url:      "not-a-uri",
 				Features: []apiv2.ImageFeature{apiv2.ImageFeature_IMAGE_FEATURE_MACHINE},
 			},
-			wantErr: true,
-			wantErrorMessage: `validation error:
- - url: given uri must be valid [string.uri]`,
+			wantErr:          true,
+			wantErrorMessage: `validation error: url: given uri must be valid`,
 		},
 		{
 			name: "Invalid Image, no features",
@@ -38,9 +37,8 @@ func TestValidateImage(t *testing.T) {
 				Url:      "http://download.org/debian:12.0",
 				Features: []apiv2.ImageFeature{3},
 			},
-			wantErr: true,
-			wantErrorMessage: `validation error:
- - features[0]: value must be one of the defined enum values [enum.defined_only]`,
+			wantErr:          true,
+			wantErrorMessage: `validation error: features[0]: value must be one of the defined enum values`,
 		},
 		{
 			name: "Valid ImageUpdate minimal config",
@@ -62,9 +60,8 @@ func TestValidateImage(t *testing.T) {
 				Features:       []apiv2.ImageFeature{apiv2.ImageFeature_IMAGE_FEATURE_MACHINE, apiv2.ImageFeature_IMAGE_FEATURE_MACHINE},
 				Classification: apiv2.ImageClassification_IMAGE_CLASSIFICATION_PREVIEW,
 			},
-			wantErr: true,
-			wantErrorMessage: `validation error:
- - features: repeated value must contain unique items [repeated.unique]`,
+			wantErr:          true,
+			wantErrorMessage: `validation error: features: repeated value must contain unique items`,
 		},
 		{
 			name: "InValid ImageUpdate invalid Features",
@@ -75,9 +72,8 @@ func TestValidateImage(t *testing.T) {
 				Features:       []apiv2.ImageFeature{apiv2.ImageFeature_IMAGE_FEATURE_MACHINE, 3},
 				Classification: apiv2.ImageClassification_IMAGE_CLASSIFICATION_PREVIEW,
 			},
-			wantErr: true,
-			wantErrorMessage: `validation error:
- - features[1]: value must be one of the defined enum values [enum.defined_only]`,
+			wantErr:          true,
+			wantErrorMessage: `validation error: features[1]: value must be one of the defined enum values`,
 		},
 	}