diff --git a/gen/proto/go/teleport/lib/vnet/v1/client_application_service.pb.go b/gen/proto/go/teleport/lib/vnet/v1/client_application_service.pb.go
new file mode 100644
index 0000000000000..3c903c7c897f7
--- /dev/null
+++ b/gen/proto/go/teleport/lib/vnet/v1/client_application_service.pb.go
@@ -0,0 +1,1252 @@
+// Teleport
+// Copyright (C) 2024 Gravitational, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+// Code generated by protoc-gen-go. DO NOT EDIT.
+// versions:
+// protoc-gen-go v1.36.3
+// protoc (unknown)
+// source: teleport/lib/vnet/v1/client_application_service.proto
+
+package vnetv1
+
+import (
+ types "github.com/gravitational/teleport/api/types"
+ protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+ protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+ reflect "reflect"
+ sync "sync"
+)
+
+const (
+ // Verify that this generated code is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
+ // Verify that runtime/protoimpl is sufficiently up-to-date.
+ _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
+)
+
+// Hash specifies a cryptographic hash function.
+type Hash int32
+
+const (
+ Hash_HASH_UNSPECIFIED Hash = 0
+ Hash_HASH_NONE Hash = 1
+ Hash_HASH_SHA256 Hash = 2
+)
+
+// Enum value maps for Hash.
+var (
+ Hash_name = map[int32]string{
+ 0: "HASH_UNSPECIFIED",
+ 1: "HASH_NONE",
+ 2: "HASH_SHA256",
+ }
+ Hash_value = map[string]int32{
+ "HASH_UNSPECIFIED": 0,
+ "HASH_NONE": 1,
+ "HASH_SHA256": 2,
+ }
+)
+
+func (x Hash) Enum() *Hash {
+ p := new(Hash)
+ *p = x
+ return p
+}
+
+func (x Hash) String() string {
+ return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (Hash) Descriptor() protoreflect.EnumDescriptor {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_enumTypes[0].Descriptor()
+}
+
+func (Hash) Type() protoreflect.EnumType {
+ return &file_teleport_lib_vnet_v1_client_application_service_proto_enumTypes[0]
+}
+
+func (x Hash) Number() protoreflect.EnumNumber {
+ return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use Hash.Descriptor instead.
+func (Hash) EnumDescriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{0}
+}
+
+// AuthenticateProcessRequest is a request for AuthenticateProcess.
+type AuthenticateProcessRequest struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ // version is the admin process version.
+ Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"`
+ // pipe_path is the path to a named pipe used for process authentication.
+ PipePath string `protobuf:"bytes,2,opt,name=pipe_path,json=pipePath,proto3" json:"pipe_path,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *AuthenticateProcessRequest) Reset() {
+ *x = AuthenticateProcessRequest{}
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[0]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *AuthenticateProcessRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AuthenticateProcessRequest) ProtoMessage() {}
+
+func (x *AuthenticateProcessRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[0]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use AuthenticateProcessRequest.ProtoReflect.Descriptor instead.
+func (*AuthenticateProcessRequest) Descriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{0}
+}
+
+func (x *AuthenticateProcessRequest) GetVersion() string {
+ if x != nil {
+ return x.Version
+ }
+ return ""
+}
+
+func (x *AuthenticateProcessRequest) GetPipePath() string {
+ if x != nil {
+ return x.PipePath
+ }
+ return ""
+}
+
+// AuthenticateProcessResponse is a response for AuthenticateProcess.
+type AuthenticateProcessResponse struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ // version is the client application version.
+ Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *AuthenticateProcessResponse) Reset() {
+ *x = AuthenticateProcessResponse{}
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[1]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *AuthenticateProcessResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AuthenticateProcessResponse) ProtoMessage() {}
+
+func (x *AuthenticateProcessResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[1]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use AuthenticateProcessResponse.ProtoReflect.Descriptor instead.
+func (*AuthenticateProcessResponse) Descriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{1}
+}
+
+func (x *AuthenticateProcessResponse) GetVersion() string {
+ if x != nil {
+ return x.Version
+ }
+ return ""
+}
+
+// PingRequest is a request for the Ping rpc.
+type PingRequest struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *PingRequest) Reset() {
+ *x = PingRequest{}
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[2]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *PingRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*PingRequest) ProtoMessage() {}
+
+func (x *PingRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[2]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use PingRequest.ProtoReflect.Descriptor instead.
+func (*PingRequest) Descriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{2}
+}
+
+// PingResponse is a response for the Ping rpc.
+type PingResponse struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *PingResponse) Reset() {
+ *x = PingResponse{}
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[3]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *PingResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*PingResponse) ProtoMessage() {}
+
+func (x *PingResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[3]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use PingResponse.ProtoReflect.Descriptor instead.
+func (*PingResponse) Descriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{3}
+}
+
+// ResolveAppInfoRequest is a request for ResolveAppInfo.
+type ResolveAppInfoRequest struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ // fqdn is the fully-qualified domain name of the app.
+ Fqdn string `protobuf:"bytes,1,opt,name=fqdn,proto3" json:"fqdn,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *ResolveAppInfoRequest) Reset() {
+ *x = ResolveAppInfoRequest{}
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[4]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *ResolveAppInfoRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResolveAppInfoRequest) ProtoMessage() {}
+
+func (x *ResolveAppInfoRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[4]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResolveAppInfoRequest.ProtoReflect.Descriptor instead.
+func (*ResolveAppInfoRequest) Descriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{4}
+}
+
+func (x *ResolveAppInfoRequest) GetFqdn() string {
+ if x != nil {
+ return x.Fqdn
+ }
+ return ""
+}
+
+// ResolveAppInfoResponse is a response for ResolveAppInfo.
+type ResolveAppInfoResponse struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ // app_info holds all necessary info for making connections to the resolved app.
+ AppInfo *AppInfo `protobuf:"bytes,1,opt,name=app_info,json=appInfo,proto3" json:"app_info,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *ResolveAppInfoResponse) Reset() {
+ *x = ResolveAppInfoResponse{}
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[5]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *ResolveAppInfoResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ResolveAppInfoResponse) ProtoMessage() {}
+
+func (x *ResolveAppInfoResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[5]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use ResolveAppInfoResponse.ProtoReflect.Descriptor instead.
+func (*ResolveAppInfoResponse) Descriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{5}
+}
+
+func (x *ResolveAppInfoResponse) GetAppInfo() *AppInfo {
+ if x != nil {
+ return x.AppInfo
+ }
+ return nil
+}
+
+// AppInfo holds all necessary info for making connections to VNet TCP apps.
+type AppInfo struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ // app_key uniquely identifies a TCP app (and optionally a port for multi-port
+ // TCP apps).
+ AppKey *AppKey `protobuf:"bytes,1,opt,name=app_key,json=appKey,proto3" json:"app_key,omitempty"`
+ // cluster is the name of the cluster in which the app is found.
+ // Iff the app is in a leaf cluster, this will match app_key.leaf_cluster.
+ Cluster string `protobuf:"bytes,2,opt,name=cluster,proto3" json:"cluster,omitempty"`
+ // app is the app spec.
+ App *types.AppV3 `protobuf:"bytes,3,opt,name=app,proto3" json:"app,omitempty"`
+ // ipv4_cidr_range is the CIDR range from which an IPv4 address should be
+ // assigned to the app.
+ Ipv4CidrRange string `protobuf:"bytes,4,opt,name=ipv4_cidr_range,json=ipv4CidrRange,proto3" json:"ipv4_cidr_range,omitempty"`
+ // dial_options holds options that should be used when dialing the root cluster
+ // of the app.
+ DialOptions *DialOptions `protobuf:"bytes,5,opt,name=dial_options,json=dialOptions,proto3" json:"dial_options,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *AppInfo) Reset() {
+ *x = AppInfo{}
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[6]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *AppInfo) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AppInfo) ProtoMessage() {}
+
+func (x *AppInfo) ProtoReflect() protoreflect.Message {
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[6]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use AppInfo.ProtoReflect.Descriptor instead.
+func (*AppInfo) Descriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{6}
+}
+
+func (x *AppInfo) GetAppKey() *AppKey {
+ if x != nil {
+ return x.AppKey
+ }
+ return nil
+}
+
+func (x *AppInfo) GetCluster() string {
+ if x != nil {
+ return x.Cluster
+ }
+ return ""
+}
+
+func (x *AppInfo) GetApp() *types.AppV3 {
+ if x != nil {
+ return x.App
+ }
+ return nil
+}
+
+func (x *AppInfo) GetIpv4CidrRange() string {
+ if x != nil {
+ return x.Ipv4CidrRange
+ }
+ return ""
+}
+
+func (x *AppInfo) GetDialOptions() *DialOptions {
+ if x != nil {
+ return x.DialOptions
+ }
+ return nil
+}
+
+// AppKey uniquely identifies a TCP app in a specific profile and cluster.
+type AppKey struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ // profile is the profile in which the app is found.
+ Profile string `protobuf:"bytes,1,opt,name=profile,proto3" json:"profile,omitempty"`
+ // leaf_cluster is the leaf cluster in which the app is found. If empty, the
+ // app is in the root cluster for the profile.
+ LeafCluster string `protobuf:"bytes,2,opt,name=leaf_cluster,json=leafCluster,proto3" json:"leaf_cluster,omitempty"`
+ // name is the name of the app.
+ Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *AppKey) Reset() {
+ *x = AppKey{}
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[7]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *AppKey) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*AppKey) ProtoMessage() {}
+
+func (x *AppKey) ProtoReflect() protoreflect.Message {
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[7]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use AppKey.ProtoReflect.Descriptor instead.
+func (*AppKey) Descriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{7}
+}
+
+func (x *AppKey) GetProfile() string {
+ if x != nil {
+ return x.Profile
+ }
+ return ""
+}
+
+func (x *AppKey) GetLeafCluster() string {
+ if x != nil {
+ return x.LeafCluster
+ }
+ return ""
+}
+
+func (x *AppKey) GetName() string {
+ if x != nil {
+ return x.Name
+ }
+ return ""
+}
+
+// DialOptions holds ALPN dial options for dialing apps.
+type DialOptions struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ // web_proxy_addr is the address to dial.
+ WebProxyAddr string `protobuf:"bytes,1,opt,name=web_proxy_addr,json=webProxyAddr,proto3" json:"web_proxy_addr,omitempty"`
+ // alpn_conn_upgrade_required specifies if ALPN connection upgrade is required.
+ AlpnConnUpgradeRequired bool `protobuf:"varint,2,opt,name=alpn_conn_upgrade_required,json=alpnConnUpgradeRequired,proto3" json:"alpn_conn_upgrade_required,omitempty"`
+ // sni is a ServerName value set for upstream TLS connection.
+ Sni string `protobuf:"bytes,3,opt,name=sni,proto3" json:"sni,omitempty"`
+ // insecure_skip_verify turns off verification for x509 upstream ALPN proxy service certificate.
+ InsecureSkipVerify bool `protobuf:"varint,4,opt,name=insecure_skip_verify,json=insecureSkipVerify,proto3" json:"insecure_skip_verify,omitempty"`
+ // root_cluster_ca_cert_pool overrides the x509 certificate pool used to verify the server.
+ RootClusterCaCertPool []byte `protobuf:"bytes,5,opt,name=root_cluster_ca_cert_pool,json=rootClusterCaCertPool,proto3" json:"root_cluster_ca_cert_pool,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *DialOptions) Reset() {
+ *x = DialOptions{}
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[8]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *DialOptions) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*DialOptions) ProtoMessage() {}
+
+func (x *DialOptions) ProtoReflect() protoreflect.Message {
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[8]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use DialOptions.ProtoReflect.Descriptor instead.
+func (*DialOptions) Descriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{8}
+}
+
+func (x *DialOptions) GetWebProxyAddr() string {
+ if x != nil {
+ return x.WebProxyAddr
+ }
+ return ""
+}
+
+func (x *DialOptions) GetAlpnConnUpgradeRequired() bool {
+ if x != nil {
+ return x.AlpnConnUpgradeRequired
+ }
+ return false
+}
+
+func (x *DialOptions) GetSni() string {
+ if x != nil {
+ return x.Sni
+ }
+ return ""
+}
+
+func (x *DialOptions) GetInsecureSkipVerify() bool {
+ if x != nil {
+ return x.InsecureSkipVerify
+ }
+ return false
+}
+
+func (x *DialOptions) GetRootClusterCaCertPool() []byte {
+ if x != nil {
+ return x.RootClusterCaCertPool
+ }
+ return nil
+}
+
+// ReissueAppCertRequest is a request for ReissueAppCert.
+type ReissueAppCertRequest struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ // app_info contains info about the app, every ReissueAppCertRequest must
+ // include an app_info as returned from ResolveAppInfo.
+ AppInfo *AppInfo `protobuf:"bytes,1,opt,name=app_info,json=appInfo,proto3" json:"app_info,omitempty"`
+ // target_port is the TCP port to issue the cert for.
+ TargetPort uint32 `protobuf:"varint,2,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *ReissueAppCertRequest) Reset() {
+ *x = ReissueAppCertRequest{}
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[9]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *ReissueAppCertRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ReissueAppCertRequest) ProtoMessage() {}
+
+func (x *ReissueAppCertRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[9]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use ReissueAppCertRequest.ProtoReflect.Descriptor instead.
+func (*ReissueAppCertRequest) Descriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{9}
+}
+
+func (x *ReissueAppCertRequest) GetAppInfo() *AppInfo {
+ if x != nil {
+ return x.AppInfo
+ }
+ return nil
+}
+
+func (x *ReissueAppCertRequest) GetTargetPort() uint32 {
+ if x != nil {
+ return x.TargetPort
+ }
+ return 0
+}
+
+// ReissueAppCertResponse is a response for ReissueAppCert.
+type ReissueAppCertResponse struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ // cert is the issued app certificate in x509 DER format.
+ Cert []byte `protobuf:"bytes,1,opt,name=cert,proto3" json:"cert,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *ReissueAppCertResponse) Reset() {
+ *x = ReissueAppCertResponse{}
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[10]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *ReissueAppCertResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*ReissueAppCertResponse) ProtoMessage() {}
+
+func (x *ReissueAppCertResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[10]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use ReissueAppCertResponse.ProtoReflect.Descriptor instead.
+func (*ReissueAppCertResponse) Descriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{10}
+}
+
+func (x *ReissueAppCertResponse) GetCert() []byte {
+ if x != nil {
+ return x.Cert
+ }
+ return nil
+}
+
+// SignForAppRequest is a request to sign data with a private key that the
+// server has cached for the (app_key, target_port) pair. The (app_key,
+// target_port) pair here must match a previous successful call to
+// ReissueAppCert. The private key used for the signature will match the subject
+// public key of the issued x509 certificate.
+type SignForAppRequest struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ // app_key uniquely identifies a TCP app, it must match the key of an app from
+ // a previous successful call to ReissueAppCert.
+ AppKey *AppKey `protobuf:"bytes,1,opt,name=app_key,json=appKey,proto3" json:"app_key,omitempty"`
+ // target_port identifies the TCP port of the app, it must match the
+ // target_port of a previous successful call to ReissueAppCert for an app
+ // matching AppKey.
+ TargetPort uint32 `protobuf:"varint,2,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"`
+ // digest is the bytes to sign.
+ Digest []byte `protobuf:"bytes,3,opt,name=digest,proto3" json:"digest,omitempty"`
+ // hash is the hash function used to compute digest.
+ Hash Hash `protobuf:"varint,4,opt,name=hash,proto3,enum=teleport.lib.vnet.v1.Hash" json:"hash,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *SignForAppRequest) Reset() {
+ *x = SignForAppRequest{}
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[11]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *SignForAppRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SignForAppRequest) ProtoMessage() {}
+
+func (x *SignForAppRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[11]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use SignForAppRequest.ProtoReflect.Descriptor instead.
+func (*SignForAppRequest) Descriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{11}
+}
+
+func (x *SignForAppRequest) GetAppKey() *AppKey {
+ if x != nil {
+ return x.AppKey
+ }
+ return nil
+}
+
+func (x *SignForAppRequest) GetTargetPort() uint32 {
+ if x != nil {
+ return x.TargetPort
+ }
+ return 0
+}
+
+func (x *SignForAppRequest) GetDigest() []byte {
+ if x != nil {
+ return x.Digest
+ }
+ return nil
+}
+
+func (x *SignForAppRequest) GetHash() Hash {
+ if x != nil {
+ return x.Hash
+ }
+ return Hash_HASH_UNSPECIFIED
+}
+
+// SignForAppResponse is a response for SignForApp.
+type SignForAppResponse struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ // signature is the signature.
+ Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *SignForAppResponse) Reset() {
+ *x = SignForAppResponse{}
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[12]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *SignForAppResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*SignForAppResponse) ProtoMessage() {}
+
+func (x *SignForAppResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[12]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use SignForAppResponse.ProtoReflect.Descriptor instead.
+func (*SignForAppResponse) Descriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{12}
+}
+
+func (x *SignForAppResponse) GetSignature() []byte {
+ if x != nil {
+ return x.Signature
+ }
+ return nil
+}
+
+// OnNewConnectionRequest is a request for OnNewConnection.
+type OnNewConnectionRequest struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ // app_key identifies the app the connection is being made for.
+ AppKey *AppKey `protobuf:"bytes,1,opt,name=app_key,json=appKey,proto3" json:"app_key,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *OnNewConnectionRequest) Reset() {
+ *x = OnNewConnectionRequest{}
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[13]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *OnNewConnectionRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OnNewConnectionRequest) ProtoMessage() {}
+
+func (x *OnNewConnectionRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[13]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use OnNewConnectionRequest.ProtoReflect.Descriptor instead.
+func (*OnNewConnectionRequest) Descriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{13}
+}
+
+func (x *OnNewConnectionRequest) GetAppKey() *AppKey {
+ if x != nil {
+ return x.AppKey
+ }
+ return nil
+}
+
+// OnNewConnectionRequest is a response for OnNewConnection.
+type OnNewConnectionResponse struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *OnNewConnectionResponse) Reset() {
+ *x = OnNewConnectionResponse{}
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[14]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *OnNewConnectionResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OnNewConnectionResponse) ProtoMessage() {}
+
+func (x *OnNewConnectionResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[14]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use OnNewConnectionResponse.ProtoReflect.Descriptor instead.
+func (*OnNewConnectionResponse) Descriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{14}
+}
+
+// OnInvalidLocalPortRequest is a request for OnInvalidLocalPort.
+type OnInvalidLocalPortRequest struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ // app_info identifies the app the request was made for. AppInfo is used
+ // instaed of AppKey so that the application spec is included, which includes
+ // the TCP port ranges allowed for the app, which are ultimately included in
+ // the user error message.
+ AppInfo *AppInfo `protobuf:"bytes,1,opt,name=app_info,json=appInfo,proto3" json:"app_info,omitempty"`
+ // target_port is the invalid port the request was made for.
+ TargetPort uint32 `protobuf:"varint,2,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *OnInvalidLocalPortRequest) Reset() {
+ *x = OnInvalidLocalPortRequest{}
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[15]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *OnInvalidLocalPortRequest) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OnInvalidLocalPortRequest) ProtoMessage() {}
+
+func (x *OnInvalidLocalPortRequest) ProtoReflect() protoreflect.Message {
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[15]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use OnInvalidLocalPortRequest.ProtoReflect.Descriptor instead.
+func (*OnInvalidLocalPortRequest) Descriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{15}
+}
+
+func (x *OnInvalidLocalPortRequest) GetAppInfo() *AppInfo {
+ if x != nil {
+ return x.AppInfo
+ }
+ return nil
+}
+
+func (x *OnInvalidLocalPortRequest) GetTargetPort() uint32 {
+ if x != nil {
+ return x.TargetPort
+ }
+ return 0
+}
+
+// OnInvalidLocalPortResponse is a response for OnInvalidLocalPort.
+type OnInvalidLocalPortResponse struct {
+ state protoimpl.MessageState `protogen:"open.v1"`
+ unknownFields protoimpl.UnknownFields
+ sizeCache protoimpl.SizeCache
+}
+
+func (x *OnInvalidLocalPortResponse) Reset() {
+ *x = OnInvalidLocalPortResponse{}
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[16]
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ ms.StoreMessageInfo(mi)
+}
+
+func (x *OnInvalidLocalPortResponse) String() string {
+ return protoimpl.X.MessageStringOf(x)
+}
+
+func (*OnInvalidLocalPortResponse) ProtoMessage() {}
+
+func (x *OnInvalidLocalPortResponse) ProtoReflect() protoreflect.Message {
+ mi := &file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes[16]
+ if x != nil {
+ ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
+ if ms.LoadMessageInfo() == nil {
+ ms.StoreMessageInfo(mi)
+ }
+ return ms
+ }
+ return mi.MessageOf(x)
+}
+
+// Deprecated: Use OnInvalidLocalPortResponse.ProtoReflect.Descriptor instead.
+func (*OnInvalidLocalPortResponse) Descriptor() ([]byte, []int) {
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP(), []int{16}
+}
+
+var File_teleport_lib_vnet_v1_client_application_service_proto protoreflect.FileDescriptor
+
+var file_teleport_lib_vnet_v1_client_application_service_proto_rawDesc = []byte{
+ 0x0a, 0x35, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x6c, 0x69, 0x62, 0x2f, 0x76,
+ 0x6e, 0x65, 0x74, 0x2f, 0x76, 0x31, 0x2f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x61, 0x70,
+ 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63,
+ 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x14, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72,
+ 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x1a, 0x21, 0x74,
+ 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x6c, 0x65, 0x67, 0x61, 0x63, 0x79, 0x2f, 0x74,
+ 0x79, 0x70, 0x65, 0x73, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f,
+ 0x22, 0x53, 0x0a, 0x1a, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65,
+ 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18,
+ 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52,
+ 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x69, 0x70, 0x65,
+ 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x69, 0x70,
+ 0x65, 0x50, 0x61, 0x74, 0x68, 0x22, 0x37, 0x0a, 0x1b, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74,
+ 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x52, 0x65, 0x73, 0x70,
+ 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18,
+ 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x0d,
+ 0x0a, 0x0b, 0x50, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x0e, 0x0a,
+ 0x0c, 0x50, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x2b, 0x0a,
+ 0x15, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x41, 0x70, 0x70, 0x49, 0x6e, 0x66, 0x6f, 0x52,
+ 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x18, 0x01,
+ 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x71, 0x64, 0x6e, 0x22, 0x52, 0x0a, 0x16, 0x52, 0x65,
+ 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x41, 0x70, 0x70, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65, 0x73, 0x70,
+ 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x38, 0x0a, 0x08, 0x61, 0x70, 0x70, 0x5f, 0x69, 0x6e, 0x66, 0x6f,
+ 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72,
+ 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x70,
+ 0x70, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x07, 0x61, 0x70, 0x70, 0x49, 0x6e, 0x66, 0x6f, 0x22, 0xe8,
+ 0x01, 0x0a, 0x07, 0x41, 0x70, 0x70, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x35, 0x0a, 0x07, 0x61, 0x70,
+ 0x70, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x74, 0x65,
+ 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e,
+ 0x76, 0x31, 0x2e, 0x41, 0x70, 0x70, 0x4b, 0x65, 0x79, 0x52, 0x06, 0x61, 0x70, 0x70, 0x4b, 0x65,
+ 0x79, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01,
+ 0x28, 0x09, 0x52, 0x07, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x12, 0x1e, 0x0a, 0x03, 0x61,
+ 0x70, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x0c, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73,
+ 0x2e, 0x41, 0x70, 0x70, 0x56, 0x33, 0x52, 0x03, 0x61, 0x70, 0x70, 0x12, 0x26, 0x0a, 0x0f, 0x69,
+ 0x70, 0x76, 0x34, 0x5f, 0x63, 0x69, 0x64, 0x72, 0x5f, 0x72, 0x61, 0x6e, 0x67, 0x65, 0x18, 0x04,
+ 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x69, 0x70, 0x76, 0x34, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61,
+ 0x6e, 0x67, 0x65, 0x12, 0x44, 0x0a, 0x0c, 0x64, 0x69, 0x61, 0x6c, 0x5f, 0x6f, 0x70, 0x74, 0x69,
+ 0x6f, 0x6e, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x74, 0x65, 0x6c, 0x65,
+ 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x31,
+ 0x2e, 0x44, 0x69, 0x61, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x0b, 0x64, 0x69,
+ 0x61, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x59, 0x0a, 0x06, 0x41, 0x70, 0x70,
+ 0x4b, 0x65, 0x79, 0x12, 0x18, 0x0a, 0x07, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x01,
+ 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x70, 0x72, 0x6f, 0x66, 0x69, 0x6c, 0x65, 0x12, 0x21, 0x0a,
+ 0x0c, 0x6c, 0x65, 0x61, 0x66, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x18, 0x02, 0x20,
+ 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6c, 0x65, 0x61, 0x66, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72,
+ 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
+ 0x6e, 0x61, 0x6d, 0x65, 0x22, 0xee, 0x01, 0x0a, 0x0b, 0x44, 0x69, 0x61, 0x6c, 0x4f, 0x70, 0x74,
+ 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x24, 0x0a, 0x0e, 0x77, 0x65, 0x62, 0x5f, 0x70, 0x72, 0x6f, 0x78,
+ 0x79, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x77, 0x65,
+ 0x62, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x41, 0x64, 0x64, 0x72, 0x12, 0x3b, 0x0a, 0x1a, 0x61, 0x6c,
+ 0x70, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x5f, 0x75, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x5f,
+ 0x72, 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x17,
+ 0x61, 0x6c, 0x70, 0x6e, 0x43, 0x6f, 0x6e, 0x6e, 0x55, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x52,
+ 0x65, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, 0x03,
+ 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x12, 0x30, 0x0a, 0x14, 0x69, 0x6e, 0x73,
+ 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66,
+ 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x12, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72,
+ 0x65, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x38, 0x0a, 0x19, 0x72,
+ 0x6f, 0x6f, 0x74, 0x5f, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x63, 0x61, 0x5f, 0x63,
+ 0x65, 0x72, 0x74, 0x5f, 0x70, 0x6f, 0x6f, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x15,
+ 0x72, 0x6f, 0x6f, 0x74, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x43, 0x61, 0x43, 0x65, 0x72,
+ 0x74, 0x50, 0x6f, 0x6f, 0x6c, 0x22, 0x72, 0x0a, 0x15, 0x52, 0x65, 0x69, 0x73, 0x73, 0x75, 0x65,
+ 0x41, 0x70, 0x70, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x38,
+ 0x0a, 0x08, 0x61, 0x70, 0x70, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b,
+ 0x32, 0x1d, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e,
+ 0x76, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x70, 0x70, 0x49, 0x6e, 0x66, 0x6f, 0x52,
+ 0x07, 0x61, 0x70, 0x70, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67,
+ 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x74,
+ 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x22, 0x2c, 0x0a, 0x16, 0x52, 0x65, 0x69,
+ 0x73, 0x73, 0x75, 0x65, 0x41, 0x70, 0x70, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f,
+ 0x6e, 0x73, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28,
+ 0x0c, 0x52, 0x04, 0x63, 0x65, 0x72, 0x74, 0x22, 0xb3, 0x01, 0x0a, 0x11, 0x53, 0x69, 0x67, 0x6e,
+ 0x46, 0x6f, 0x72, 0x41, 0x70, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x35, 0x0a,
+ 0x07, 0x61, 0x70, 0x70, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c,
+ 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e,
+ 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x70, 0x70, 0x4b, 0x65, 0x79, 0x52, 0x06, 0x61, 0x70,
+ 0x70, 0x4b, 0x65, 0x79, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70,
+ 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65,
+ 0x74, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x18,
+ 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x12, 0x2e, 0x0a,
+ 0x04, 0x68, 0x61, 0x73, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x74, 0x65,
+ 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e,
+ 0x76, 0x31, 0x2e, 0x48, 0x61, 0x73, 0x68, 0x52, 0x04, 0x68, 0x61, 0x73, 0x68, 0x22, 0x32, 0x0a,
+ 0x12, 0x53, 0x69, 0x67, 0x6e, 0x46, 0x6f, 0x72, 0x41, 0x70, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f,
+ 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65,
+ 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72,
+ 0x65, 0x22, 0x4f, 0x0a, 0x16, 0x4f, 0x6e, 0x4e, 0x65, 0x77, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63,
+ 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x35, 0x0a, 0x07, 0x61,
+ 0x70, 0x70, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x74,
+ 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74,
+ 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x70, 0x70, 0x4b, 0x65, 0x79, 0x52, 0x06, 0x61, 0x70, 0x70, 0x4b,
+ 0x65, 0x79, 0x22, 0x19, 0x0a, 0x17, 0x4f, 0x6e, 0x4e, 0x65, 0x77, 0x43, 0x6f, 0x6e, 0x6e, 0x65,
+ 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x76, 0x0a,
+ 0x19, 0x4f, 0x6e, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50,
+ 0x6f, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x38, 0x0a, 0x08, 0x61, 0x70,
+ 0x70, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x74,
+ 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74,
+ 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x70, 0x70, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x07, 0x61, 0x70, 0x70,
+ 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70,
+ 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65,
+ 0x74, 0x50, 0x6f, 0x72, 0x74, 0x22, 0x1c, 0x0a, 0x1a, 0x4f, 0x6e, 0x49, 0x6e, 0x76, 0x61, 0x6c,
+ 0x69, 0x64, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f,
+ 0x6e, 0x73, 0x65, 0x2a, 0x3c, 0x0a, 0x04, 0x48, 0x61, 0x73, 0x68, 0x12, 0x14, 0x0a, 0x10, 0x48,
+ 0x41, 0x53, 0x48, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
+ 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x48, 0x41, 0x53, 0x48, 0x5f, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x01,
+ 0x12, 0x0f, 0x0a, 0x0b, 0x48, 0x41, 0x53, 0x48, 0x5f, 0x53, 0x48, 0x41, 0x32, 0x35, 0x36, 0x10,
+ 0x02, 0x32, 0x89, 0x06, 0x0a, 0x18, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x41, 0x70, 0x70, 0x6c,
+ 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x7a,
+ 0x0a, 0x13, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72,
+ 0x6f, 0x63, 0x65, 0x73, 0x73, 0x12, 0x30, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74,
+ 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41, 0x75, 0x74,
+ 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73,
+ 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x31, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f,
+ 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41,
+ 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x50, 0x72, 0x6f, 0x63, 0x65,
+ 0x73, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4d, 0x0a, 0x04, 0x50, 0x69,
+ 0x6e, 0x67, 0x12, 0x21, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69,
+ 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x69, 0x6e, 0x67, 0x52, 0x65,
+ 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x22, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74,
+ 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x69, 0x6e,
+ 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6b, 0x0a, 0x0e, 0x52, 0x65, 0x73,
+ 0x6f, 0x6c, 0x76, 0x65, 0x41, 0x70, 0x70, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x2b, 0x2e, 0x74, 0x65,
+ 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e,
+ 0x76, 0x31, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x41, 0x70, 0x70, 0x49, 0x6e, 0x66,
+ 0x6f, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70,
+ 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e,
+ 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x76, 0x65, 0x41, 0x70, 0x70, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x65,
+ 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6b, 0x0a, 0x0e, 0x52, 0x65, 0x69, 0x73, 0x73, 0x75,
+ 0x65, 0x41, 0x70, 0x70, 0x43, 0x65, 0x72, 0x74, 0x12, 0x2b, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70,
+ 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e,
+ 0x52, 0x65, 0x69, 0x73, 0x73, 0x75, 0x65, 0x41, 0x70, 0x70, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65,
+ 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74,
+ 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x52, 0x65, 0x69,
+ 0x73, 0x73, 0x75, 0x65, 0x41, 0x70, 0x70, 0x43, 0x65, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f,
+ 0x6e, 0x73, 0x65, 0x12, 0x5f, 0x0a, 0x0a, 0x53, 0x69, 0x67, 0x6e, 0x46, 0x6f, 0x72, 0x41, 0x70,
+ 0x70, 0x12, 0x27, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62,
+ 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x46, 0x6f, 0x72,
+ 0x41, 0x70, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x74, 0x65, 0x6c,
+ 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e, 0x76,
+ 0x31, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x46, 0x6f, 0x72, 0x41, 0x70, 0x70, 0x52, 0x65, 0x73, 0x70,
+ 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x6e, 0x0a, 0x0f, 0x4f, 0x6e, 0x4e, 0x65, 0x77, 0x43, 0x6f, 0x6e,
+ 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2c, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f,
+ 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x4f,
+ 0x6e, 0x4e, 0x65, 0x77, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65,
+ 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74,
+ 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x4f, 0x6e, 0x4e,
+ 0x65, 0x77, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70,
+ 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x77, 0x0a, 0x12, 0x4f, 0x6e, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69,
+ 0x64, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x2f, 0x2e, 0x74, 0x65, 0x6c,
+ 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e, 0x76,
+ 0x31, 0x2e, 0x4f, 0x6e, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x4c, 0x6f, 0x63, 0x61, 0x6c,
+ 0x50, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x30, 0x2e, 0x74, 0x65,
+ 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x6c, 0x69, 0x62, 0x2e, 0x76, 0x6e, 0x65, 0x74, 0x2e,
+ 0x76, 0x31, 0x2e, 0x4f, 0x6e, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x4c, 0x6f, 0x63, 0x61,
+ 0x6c, 0x50, 0x6f, 0x72, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x4c, 0x5a,
+ 0x4a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x72, 0x61, 0x76,
+ 0x69, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x2f, 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f,
+ 0x72, 0x74, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x2f,
+ 0x74, 0x65, 0x6c, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2f, 0x6c, 0x69, 0x62, 0x2f, 0x76, 0x6e, 0x65,
+ 0x74, 0x2f, 0x76, 0x31, 0x3b, 0x76, 0x6e, 0x65, 0x74, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f,
+ 0x74, 0x6f, 0x33,
+}
+
+var (
+ file_teleport_lib_vnet_v1_client_application_service_proto_rawDescOnce sync.Once
+ file_teleport_lib_vnet_v1_client_application_service_proto_rawDescData = file_teleport_lib_vnet_v1_client_application_service_proto_rawDesc
+)
+
+func file_teleport_lib_vnet_v1_client_application_service_proto_rawDescGZIP() []byte {
+ file_teleport_lib_vnet_v1_client_application_service_proto_rawDescOnce.Do(func() {
+ file_teleport_lib_vnet_v1_client_application_service_proto_rawDescData = protoimpl.X.CompressGZIP(file_teleport_lib_vnet_v1_client_application_service_proto_rawDescData)
+ })
+ return file_teleport_lib_vnet_v1_client_application_service_proto_rawDescData
+}
+
+var file_teleport_lib_vnet_v1_client_application_service_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes = make([]protoimpl.MessageInfo, 17)
+var file_teleport_lib_vnet_v1_client_application_service_proto_goTypes = []any{
+ (Hash)(0), // 0: teleport.lib.vnet.v1.Hash
+ (*AuthenticateProcessRequest)(nil), // 1: teleport.lib.vnet.v1.AuthenticateProcessRequest
+ (*AuthenticateProcessResponse)(nil), // 2: teleport.lib.vnet.v1.AuthenticateProcessResponse
+ (*PingRequest)(nil), // 3: teleport.lib.vnet.v1.PingRequest
+ (*PingResponse)(nil), // 4: teleport.lib.vnet.v1.PingResponse
+ (*ResolveAppInfoRequest)(nil), // 5: teleport.lib.vnet.v1.ResolveAppInfoRequest
+ (*ResolveAppInfoResponse)(nil), // 6: teleport.lib.vnet.v1.ResolveAppInfoResponse
+ (*AppInfo)(nil), // 7: teleport.lib.vnet.v1.AppInfo
+ (*AppKey)(nil), // 8: teleport.lib.vnet.v1.AppKey
+ (*DialOptions)(nil), // 9: teleport.lib.vnet.v1.DialOptions
+ (*ReissueAppCertRequest)(nil), // 10: teleport.lib.vnet.v1.ReissueAppCertRequest
+ (*ReissueAppCertResponse)(nil), // 11: teleport.lib.vnet.v1.ReissueAppCertResponse
+ (*SignForAppRequest)(nil), // 12: teleport.lib.vnet.v1.SignForAppRequest
+ (*SignForAppResponse)(nil), // 13: teleport.lib.vnet.v1.SignForAppResponse
+ (*OnNewConnectionRequest)(nil), // 14: teleport.lib.vnet.v1.OnNewConnectionRequest
+ (*OnNewConnectionResponse)(nil), // 15: teleport.lib.vnet.v1.OnNewConnectionResponse
+ (*OnInvalidLocalPortRequest)(nil), // 16: teleport.lib.vnet.v1.OnInvalidLocalPortRequest
+ (*OnInvalidLocalPortResponse)(nil), // 17: teleport.lib.vnet.v1.OnInvalidLocalPortResponse
+ (*types.AppV3)(nil), // 18: types.AppV3
+}
+var file_teleport_lib_vnet_v1_client_application_service_proto_depIdxs = []int32{
+ 7, // 0: teleport.lib.vnet.v1.ResolveAppInfoResponse.app_info:type_name -> teleport.lib.vnet.v1.AppInfo
+ 8, // 1: teleport.lib.vnet.v1.AppInfo.app_key:type_name -> teleport.lib.vnet.v1.AppKey
+ 18, // 2: teleport.lib.vnet.v1.AppInfo.app:type_name -> types.AppV3
+ 9, // 3: teleport.lib.vnet.v1.AppInfo.dial_options:type_name -> teleport.lib.vnet.v1.DialOptions
+ 7, // 4: teleport.lib.vnet.v1.ReissueAppCertRequest.app_info:type_name -> teleport.lib.vnet.v1.AppInfo
+ 8, // 5: teleport.lib.vnet.v1.SignForAppRequest.app_key:type_name -> teleport.lib.vnet.v1.AppKey
+ 0, // 6: teleport.lib.vnet.v1.SignForAppRequest.hash:type_name -> teleport.lib.vnet.v1.Hash
+ 8, // 7: teleport.lib.vnet.v1.OnNewConnectionRequest.app_key:type_name -> teleport.lib.vnet.v1.AppKey
+ 7, // 8: teleport.lib.vnet.v1.OnInvalidLocalPortRequest.app_info:type_name -> teleport.lib.vnet.v1.AppInfo
+ 1, // 9: teleport.lib.vnet.v1.ClientApplicationService.AuthenticateProcess:input_type -> teleport.lib.vnet.v1.AuthenticateProcessRequest
+ 3, // 10: teleport.lib.vnet.v1.ClientApplicationService.Ping:input_type -> teleport.lib.vnet.v1.PingRequest
+ 5, // 11: teleport.lib.vnet.v1.ClientApplicationService.ResolveAppInfo:input_type -> teleport.lib.vnet.v1.ResolveAppInfoRequest
+ 10, // 12: teleport.lib.vnet.v1.ClientApplicationService.ReissueAppCert:input_type -> teleport.lib.vnet.v1.ReissueAppCertRequest
+ 12, // 13: teleport.lib.vnet.v1.ClientApplicationService.SignForApp:input_type -> teleport.lib.vnet.v1.SignForAppRequest
+ 14, // 14: teleport.lib.vnet.v1.ClientApplicationService.OnNewConnection:input_type -> teleport.lib.vnet.v1.OnNewConnectionRequest
+ 16, // 15: teleport.lib.vnet.v1.ClientApplicationService.OnInvalidLocalPort:input_type -> teleport.lib.vnet.v1.OnInvalidLocalPortRequest
+ 2, // 16: teleport.lib.vnet.v1.ClientApplicationService.AuthenticateProcess:output_type -> teleport.lib.vnet.v1.AuthenticateProcessResponse
+ 4, // 17: teleport.lib.vnet.v1.ClientApplicationService.Ping:output_type -> teleport.lib.vnet.v1.PingResponse
+ 6, // 18: teleport.lib.vnet.v1.ClientApplicationService.ResolveAppInfo:output_type -> teleport.lib.vnet.v1.ResolveAppInfoResponse
+ 11, // 19: teleport.lib.vnet.v1.ClientApplicationService.ReissueAppCert:output_type -> teleport.lib.vnet.v1.ReissueAppCertResponse
+ 13, // 20: teleport.lib.vnet.v1.ClientApplicationService.SignForApp:output_type -> teleport.lib.vnet.v1.SignForAppResponse
+ 15, // 21: teleport.lib.vnet.v1.ClientApplicationService.OnNewConnection:output_type -> teleport.lib.vnet.v1.OnNewConnectionResponse
+ 17, // 22: teleport.lib.vnet.v1.ClientApplicationService.OnInvalidLocalPort:output_type -> teleport.lib.vnet.v1.OnInvalidLocalPortResponse
+ 16, // [16:23] is the sub-list for method output_type
+ 9, // [9:16] is the sub-list for method input_type
+ 9, // [9:9] is the sub-list for extension type_name
+ 9, // [9:9] is the sub-list for extension extendee
+ 0, // [0:9] is the sub-list for field type_name
+}
+
+func init() { file_teleport_lib_vnet_v1_client_application_service_proto_init() }
+func file_teleport_lib_vnet_v1_client_application_service_proto_init() {
+ if File_teleport_lib_vnet_v1_client_application_service_proto != nil {
+ return
+ }
+ type x struct{}
+ out := protoimpl.TypeBuilder{
+ File: protoimpl.DescBuilder{
+ GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
+ RawDescriptor: file_teleport_lib_vnet_v1_client_application_service_proto_rawDesc,
+ NumEnums: 1,
+ NumMessages: 17,
+ NumExtensions: 0,
+ NumServices: 1,
+ },
+ GoTypes: file_teleport_lib_vnet_v1_client_application_service_proto_goTypes,
+ DependencyIndexes: file_teleport_lib_vnet_v1_client_application_service_proto_depIdxs,
+ EnumInfos: file_teleport_lib_vnet_v1_client_application_service_proto_enumTypes,
+ MessageInfos: file_teleport_lib_vnet_v1_client_application_service_proto_msgTypes,
+ }.Build()
+ File_teleport_lib_vnet_v1_client_application_service_proto = out.File
+ file_teleport_lib_vnet_v1_client_application_service_proto_rawDesc = nil
+ file_teleport_lib_vnet_v1_client_application_service_proto_goTypes = nil
+ file_teleport_lib_vnet_v1_client_application_service_proto_depIdxs = nil
+}
diff --git a/gen/proto/go/teleport/lib/vnet/v1/client_application_service_grpc.pb.go b/gen/proto/go/teleport/lib/vnet/v1/client_application_service_grpc.pb.go
new file mode 100644
index 0000000000000..f13966d0a5205
--- /dev/null
+++ b/gen/proto/go/teleport/lib/vnet/v1/client_application_service_grpc.pb.go
@@ -0,0 +1,402 @@
+// Teleport
+// Copyright (C) 2024 Gravitational, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+// versions:
+// - protoc-gen-go-grpc v1.5.1
+// - protoc (unknown)
+// source: teleport/lib/vnet/v1/client_application_service.proto
+
+package vnetv1
+
+import (
+ context "context"
+ grpc "google.golang.org/grpc"
+ codes "google.golang.org/grpc/codes"
+ status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.64.0 or later.
+const _ = grpc.SupportPackageIsVersion9
+
+const (
+ ClientApplicationService_AuthenticateProcess_FullMethodName = "/teleport.lib.vnet.v1.ClientApplicationService/AuthenticateProcess"
+ ClientApplicationService_Ping_FullMethodName = "/teleport.lib.vnet.v1.ClientApplicationService/Ping"
+ ClientApplicationService_ResolveAppInfo_FullMethodName = "/teleport.lib.vnet.v1.ClientApplicationService/ResolveAppInfo"
+ ClientApplicationService_ReissueAppCert_FullMethodName = "/teleport.lib.vnet.v1.ClientApplicationService/ReissueAppCert"
+ ClientApplicationService_SignForApp_FullMethodName = "/teleport.lib.vnet.v1.ClientApplicationService/SignForApp"
+ ClientApplicationService_OnNewConnection_FullMethodName = "/teleport.lib.vnet.v1.ClientApplicationService/OnNewConnection"
+ ClientApplicationService_OnInvalidLocalPort_FullMethodName = "/teleport.lib.vnet.v1.ClientApplicationService/OnInvalidLocalPort"
+)
+
+// ClientApplicationServiceClient is the client API for ClientApplicationService service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+//
+// ClientApplicationService is a service the VNet client applications provide to
+// the VNet admin process to facilate app queries, certificate issuance,
+// metrics, error reporting, and signatures.
+type ClientApplicationServiceClient interface {
+ // AuthenticateProcess mutually authenticates client applicates to the admin
+ // service.
+ AuthenticateProcess(ctx context.Context, in *AuthenticateProcessRequest, opts ...grpc.CallOption) (*AuthenticateProcessResponse, error)
+ // Ping is used by the admin process to regularly poll that the client
+ // application is still running.
+ Ping(ctx context.Context, in *PingRequest, opts ...grpc.CallOption) (*PingResponse, error)
+ // ResolveAppInfo returns info for the given app fqdn, or an error if the app
+ // is not present in any logged-in cluster.
+ ResolveAppInfo(ctx context.Context, in *ResolveAppInfoRequest, opts ...grpc.CallOption) (*ResolveAppInfoResponse, error)
+ // ReissueAppCert issues a new app cert.
+ ReissueAppCert(ctx context.Context, in *ReissueAppCertRequest, opts ...grpc.CallOption) (*ReissueAppCertResponse, error)
+ // SignForApp issues a signature with the private key associated with an x509
+ // certificate previously issued for a requested app.
+ SignForApp(ctx context.Context, in *SignForAppRequest, opts ...grpc.CallOption) (*SignForAppResponse, error)
+ // OnNewConnection gets called whenever a new connection is about to be
+ // established through VNet for observability.
+ OnNewConnection(ctx context.Context, in *OnNewConnectionRequest, opts ...grpc.CallOption) (*OnNewConnectionResponse, error)
+ // OnInvalidLocalPort gets called before VNet refuses to handle a connection
+ // to a multi-port TCP app because the provided port does not match any of the
+ // TCP ports in the app spec.
+ OnInvalidLocalPort(ctx context.Context, in *OnInvalidLocalPortRequest, opts ...grpc.CallOption) (*OnInvalidLocalPortResponse, error)
+}
+
+type clientApplicationServiceClient struct {
+ cc grpc.ClientConnInterface
+}
+
+func NewClientApplicationServiceClient(cc grpc.ClientConnInterface) ClientApplicationServiceClient {
+ return &clientApplicationServiceClient{cc}
+}
+
+func (c *clientApplicationServiceClient) AuthenticateProcess(ctx context.Context, in *AuthenticateProcessRequest, opts ...grpc.CallOption) (*AuthenticateProcessResponse, error) {
+ cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+ out := new(AuthenticateProcessResponse)
+ err := c.cc.Invoke(ctx, ClientApplicationService_AuthenticateProcess_FullMethodName, in, out, cOpts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+func (c *clientApplicationServiceClient) Ping(ctx context.Context, in *PingRequest, opts ...grpc.CallOption) (*PingResponse, error) {
+ cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+ out := new(PingResponse)
+ err := c.cc.Invoke(ctx, ClientApplicationService_Ping_FullMethodName, in, out, cOpts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+func (c *clientApplicationServiceClient) ResolveAppInfo(ctx context.Context, in *ResolveAppInfoRequest, opts ...grpc.CallOption) (*ResolveAppInfoResponse, error) {
+ cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+ out := new(ResolveAppInfoResponse)
+ err := c.cc.Invoke(ctx, ClientApplicationService_ResolveAppInfo_FullMethodName, in, out, cOpts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+func (c *clientApplicationServiceClient) ReissueAppCert(ctx context.Context, in *ReissueAppCertRequest, opts ...grpc.CallOption) (*ReissueAppCertResponse, error) {
+ cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+ out := new(ReissueAppCertResponse)
+ err := c.cc.Invoke(ctx, ClientApplicationService_ReissueAppCert_FullMethodName, in, out, cOpts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+func (c *clientApplicationServiceClient) SignForApp(ctx context.Context, in *SignForAppRequest, opts ...grpc.CallOption) (*SignForAppResponse, error) {
+ cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+ out := new(SignForAppResponse)
+ err := c.cc.Invoke(ctx, ClientApplicationService_SignForApp_FullMethodName, in, out, cOpts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+func (c *clientApplicationServiceClient) OnNewConnection(ctx context.Context, in *OnNewConnectionRequest, opts ...grpc.CallOption) (*OnNewConnectionResponse, error) {
+ cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+ out := new(OnNewConnectionResponse)
+ err := c.cc.Invoke(ctx, ClientApplicationService_OnNewConnection_FullMethodName, in, out, cOpts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+func (c *clientApplicationServiceClient) OnInvalidLocalPort(ctx context.Context, in *OnInvalidLocalPortRequest, opts ...grpc.CallOption) (*OnInvalidLocalPortResponse, error) {
+ cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...)
+ out := new(OnInvalidLocalPortResponse)
+ err := c.cc.Invoke(ctx, ClientApplicationService_OnInvalidLocalPort_FullMethodName, in, out, cOpts...)
+ if err != nil {
+ return nil, err
+ }
+ return out, nil
+}
+
+// ClientApplicationServiceServer is the server API for ClientApplicationService service.
+// All implementations must embed UnimplementedClientApplicationServiceServer
+// for forward compatibility.
+//
+// ClientApplicationService is a service the VNet client applications provide to
+// the VNet admin process to facilate app queries, certificate issuance,
+// metrics, error reporting, and signatures.
+type ClientApplicationServiceServer interface {
+ // AuthenticateProcess mutually authenticates client applicates to the admin
+ // service.
+ AuthenticateProcess(context.Context, *AuthenticateProcessRequest) (*AuthenticateProcessResponse, error)
+ // Ping is used by the admin process to regularly poll that the client
+ // application is still running.
+ Ping(context.Context, *PingRequest) (*PingResponse, error)
+ // ResolveAppInfo returns info for the given app fqdn, or an error if the app
+ // is not present in any logged-in cluster.
+ ResolveAppInfo(context.Context, *ResolveAppInfoRequest) (*ResolveAppInfoResponse, error)
+ // ReissueAppCert issues a new app cert.
+ ReissueAppCert(context.Context, *ReissueAppCertRequest) (*ReissueAppCertResponse, error)
+ // SignForApp issues a signature with the private key associated with an x509
+ // certificate previously issued for a requested app.
+ SignForApp(context.Context, *SignForAppRequest) (*SignForAppResponse, error)
+ // OnNewConnection gets called whenever a new connection is about to be
+ // established through VNet for observability.
+ OnNewConnection(context.Context, *OnNewConnectionRequest) (*OnNewConnectionResponse, error)
+ // OnInvalidLocalPort gets called before VNet refuses to handle a connection
+ // to a multi-port TCP app because the provided port does not match any of the
+ // TCP ports in the app spec.
+ OnInvalidLocalPort(context.Context, *OnInvalidLocalPortRequest) (*OnInvalidLocalPortResponse, error)
+ mustEmbedUnimplementedClientApplicationServiceServer()
+}
+
+// UnimplementedClientApplicationServiceServer must be embedded to have
+// forward compatible implementations.
+//
+// NOTE: this should be embedded by value instead of pointer to avoid a nil
+// pointer dereference when methods are called.
+type UnimplementedClientApplicationServiceServer struct{}
+
+func (UnimplementedClientApplicationServiceServer) AuthenticateProcess(context.Context, *AuthenticateProcessRequest) (*AuthenticateProcessResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method AuthenticateProcess not implemented")
+}
+func (UnimplementedClientApplicationServiceServer) Ping(context.Context, *PingRequest) (*PingResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method Ping not implemented")
+}
+func (UnimplementedClientApplicationServiceServer) ResolveAppInfo(context.Context, *ResolveAppInfoRequest) (*ResolveAppInfoResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method ResolveAppInfo not implemented")
+}
+func (UnimplementedClientApplicationServiceServer) ReissueAppCert(context.Context, *ReissueAppCertRequest) (*ReissueAppCertResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method ReissueAppCert not implemented")
+}
+func (UnimplementedClientApplicationServiceServer) SignForApp(context.Context, *SignForAppRequest) (*SignForAppResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method SignForApp not implemented")
+}
+func (UnimplementedClientApplicationServiceServer) OnNewConnection(context.Context, *OnNewConnectionRequest) (*OnNewConnectionResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method OnNewConnection not implemented")
+}
+func (UnimplementedClientApplicationServiceServer) OnInvalidLocalPort(context.Context, *OnInvalidLocalPortRequest) (*OnInvalidLocalPortResponse, error) {
+ return nil, status.Errorf(codes.Unimplemented, "method OnInvalidLocalPort not implemented")
+}
+func (UnimplementedClientApplicationServiceServer) mustEmbedUnimplementedClientApplicationServiceServer() {
+}
+func (UnimplementedClientApplicationServiceServer) testEmbeddedByValue() {}
+
+// UnsafeClientApplicationServiceServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to ClientApplicationServiceServer will
+// result in compilation errors.
+type UnsafeClientApplicationServiceServer interface {
+ mustEmbedUnimplementedClientApplicationServiceServer()
+}
+
+func RegisterClientApplicationServiceServer(s grpc.ServiceRegistrar, srv ClientApplicationServiceServer) {
+ // If the following call pancis, it indicates UnimplementedClientApplicationServiceServer was
+ // embedded by pointer and is nil. This will cause panics if an
+ // unimplemented method is ever invoked, so we test this at initialization
+ // time to prevent it from happening at runtime later due to I/O.
+ if t, ok := srv.(interface{ testEmbeddedByValue() }); ok {
+ t.testEmbeddedByValue()
+ }
+ s.RegisterService(&ClientApplicationService_ServiceDesc, srv)
+}
+
+func _ClientApplicationService_AuthenticateProcess_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(AuthenticateProcessRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(ClientApplicationServiceServer).AuthenticateProcess(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: ClientApplicationService_AuthenticateProcess_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(ClientApplicationServiceServer).AuthenticateProcess(ctx, req.(*AuthenticateProcessRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+func _ClientApplicationService_Ping_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(PingRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(ClientApplicationServiceServer).Ping(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: ClientApplicationService_Ping_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(ClientApplicationServiceServer).Ping(ctx, req.(*PingRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+func _ClientApplicationService_ResolveAppInfo_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(ResolveAppInfoRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(ClientApplicationServiceServer).ResolveAppInfo(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: ClientApplicationService_ResolveAppInfo_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(ClientApplicationServiceServer).ResolveAppInfo(ctx, req.(*ResolveAppInfoRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+func _ClientApplicationService_ReissueAppCert_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(ReissueAppCertRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(ClientApplicationServiceServer).ReissueAppCert(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: ClientApplicationService_ReissueAppCert_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(ClientApplicationServiceServer).ReissueAppCert(ctx, req.(*ReissueAppCertRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+func _ClientApplicationService_SignForApp_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(SignForAppRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(ClientApplicationServiceServer).SignForApp(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: ClientApplicationService_SignForApp_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(ClientApplicationServiceServer).SignForApp(ctx, req.(*SignForAppRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+func _ClientApplicationService_OnNewConnection_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(OnNewConnectionRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(ClientApplicationServiceServer).OnNewConnection(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: ClientApplicationService_OnNewConnection_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(ClientApplicationServiceServer).OnNewConnection(ctx, req.(*OnNewConnectionRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+func _ClientApplicationService_OnInvalidLocalPort_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+ in := new(OnInvalidLocalPortRequest)
+ if err := dec(in); err != nil {
+ return nil, err
+ }
+ if interceptor == nil {
+ return srv.(ClientApplicationServiceServer).OnInvalidLocalPort(ctx, in)
+ }
+ info := &grpc.UnaryServerInfo{
+ Server: srv,
+ FullMethod: ClientApplicationService_OnInvalidLocalPort_FullMethodName,
+ }
+ handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+ return srv.(ClientApplicationServiceServer).OnInvalidLocalPort(ctx, req.(*OnInvalidLocalPortRequest))
+ }
+ return interceptor(ctx, in, info, handler)
+}
+
+// ClientApplicationService_ServiceDesc is the grpc.ServiceDesc for ClientApplicationService service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var ClientApplicationService_ServiceDesc = grpc.ServiceDesc{
+ ServiceName: "teleport.lib.vnet.v1.ClientApplicationService",
+ HandlerType: (*ClientApplicationServiceServer)(nil),
+ Methods: []grpc.MethodDesc{
+ {
+ MethodName: "AuthenticateProcess",
+ Handler: _ClientApplicationService_AuthenticateProcess_Handler,
+ },
+ {
+ MethodName: "Ping",
+ Handler: _ClientApplicationService_Ping_Handler,
+ },
+ {
+ MethodName: "ResolveAppInfo",
+ Handler: _ClientApplicationService_ResolveAppInfo_Handler,
+ },
+ {
+ MethodName: "ReissueAppCert",
+ Handler: _ClientApplicationService_ReissueAppCert_Handler,
+ },
+ {
+ MethodName: "SignForApp",
+ Handler: _ClientApplicationService_SignForApp_Handler,
+ },
+ {
+ MethodName: "OnNewConnection",
+ Handler: _ClientApplicationService_OnNewConnection_Handler,
+ },
+ {
+ MethodName: "OnInvalidLocalPort",
+ Handler: _ClientApplicationService_OnInvalidLocalPort_Handler,
+ },
+ },
+ Streams: []grpc.StreamDesc{},
+ Metadata: "teleport/lib/vnet/v1/client_application_service.proto",
+}
diff --git a/proto/teleport/lib/vnet/v1/client_application_service.proto b/proto/teleport/lib/vnet/v1/client_application_service.proto
new file mode 100644
index 0000000000000..5a40c9d8dd54c
--- /dev/null
+++ b/proto/teleport/lib/vnet/v1/client_application_service.proto
@@ -0,0 +1,195 @@
+// Teleport
+// Copyright (C) 2024 Gravitational, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program. If not, see .
+
+syntax = "proto3";
+
+package teleport.lib.vnet.v1;
+
+import "teleport/legacy/types/types.proto";
+
+option go_package = "github.com/gravitational/teleport/gen/proto/go/teleport/lib/vnet/v1;vnetv1";
+
+// ClientApplicationService is a service the VNet client applications provide to
+// the VNet admin process to facilate app queries, certificate issuance,
+// metrics, error reporting, and signatures.
+service ClientApplicationService {
+ // AuthenticateProcess mutually authenticates client applicates to the admin
+ // service.
+ rpc AuthenticateProcess(AuthenticateProcessRequest) returns (AuthenticateProcessResponse);
+ // Ping is used by the admin process to regularly poll that the client
+ // application is still running.
+ rpc Ping(PingRequest) returns (PingResponse);
+ // ResolveAppInfo returns info for the given app fqdn, or an error if the app
+ // is not present in any logged-in cluster.
+ rpc ResolveAppInfo(ResolveAppInfoRequest) returns (ResolveAppInfoResponse);
+ // ReissueAppCert issues a new app cert.
+ rpc ReissueAppCert(ReissueAppCertRequest) returns (ReissueAppCertResponse);
+ // SignForApp issues a signature with the private key associated with an x509
+ // certificate previously issued for a requested app.
+ rpc SignForApp(SignForAppRequest) returns (SignForAppResponse);
+ // OnNewConnection gets called whenever a new connection is about to be
+ // established through VNet for observability.
+ rpc OnNewConnection(OnNewConnectionRequest) returns (OnNewConnectionResponse);
+ // OnInvalidLocalPort gets called before VNet refuses to handle a connection
+ // to a multi-port TCP app because the provided port does not match any of the
+ // TCP ports in the app spec.
+ rpc OnInvalidLocalPort(OnInvalidLocalPortRequest) returns (OnInvalidLocalPortResponse);
+}
+
+// AuthenticateProcessRequest is a request for AuthenticateProcess.
+message AuthenticateProcessRequest {
+ // version is the admin process version.
+ string version = 1;
+ // pipe_path is the path to a named pipe used for process authentication.
+ string pipe_path = 2;
+}
+
+// AuthenticateProcessResponse is a response for AuthenticateProcess.
+message AuthenticateProcessResponse {
+ // version is the client application version.
+ string version = 1;
+}
+
+// PingRequest is a request for the Ping rpc.
+message PingRequest {}
+
+// PingResponse is a response for the Ping rpc.
+message PingResponse {}
+
+// ResolveAppInfoRequest is a request for ResolveAppInfo.
+message ResolveAppInfoRequest {
+ // fqdn is the fully-qualified domain name of the app.
+ string fqdn = 1;
+}
+
+// ResolveAppInfoResponse is a response for ResolveAppInfo.
+message ResolveAppInfoResponse {
+ // app_info holds all necessary info for making connections to the resolved app.
+ AppInfo app_info = 1;
+}
+
+// AppInfo holds all necessary info for making connections to VNet TCP apps.
+message AppInfo {
+ // app_key uniquely identifies a TCP app (and optionally a port for multi-port
+ // TCP apps).
+ AppKey app_key = 1;
+ // cluster is the name of the cluster in which the app is found.
+ // Iff the app is in a leaf cluster, this will match app_key.leaf_cluster.
+ string cluster = 2;
+ // app is the app spec.
+ types.AppV3 app = 3;
+ // ipv4_cidr_range is the CIDR range from which an IPv4 address should be
+ // assigned to the app.
+ string ipv4_cidr_range = 4;
+ // dial_options holds options that should be used when dialing the root cluster
+ // of the app.
+ DialOptions dial_options = 5;
+}
+
+// AppKey uniquely identifies a TCP app in a specific profile and cluster.
+message AppKey {
+ // profile is the profile in which the app is found.
+ string profile = 1;
+ // leaf_cluster is the leaf cluster in which the app is found. If empty, the
+ // app is in the root cluster for the profile.
+ string leaf_cluster = 2;
+ // name is the name of the app.
+ string name = 3;
+}
+
+// DialOptions holds ALPN dial options for dialing apps.
+message DialOptions {
+ // web_proxy_addr is the address to dial.
+ string web_proxy_addr = 1;
+ // alpn_conn_upgrade_required specifies if ALPN connection upgrade is required.
+ bool alpn_conn_upgrade_required = 2;
+ // sni is a ServerName value set for upstream TLS connection.
+ string sni = 3;
+ // insecure_skip_verify turns off verification for x509 upstream ALPN proxy service certificate.
+ bool insecure_skip_verify = 4;
+ // root_cluster_ca_cert_pool overrides the x509 certificate pool used to verify the server.
+ bytes root_cluster_ca_cert_pool = 5;
+}
+
+// ReissueAppCertRequest is a request for ReissueAppCert.
+message ReissueAppCertRequest {
+ // app_info contains info about the app, every ReissueAppCertRequest must
+ // include an app_info as returned from ResolveAppInfo.
+ AppInfo app_info = 1;
+ // target_port is the TCP port to issue the cert for.
+ uint32 target_port = 2;
+}
+
+// ReissueAppCertResponse is a response for ReissueAppCert.
+message ReissueAppCertResponse {
+ // cert is the issued app certificate in x509 DER format.
+ bytes cert = 1;
+}
+
+// SignForAppRequest is a request to sign data with a private key that the
+// server has cached for the (app_key, target_port) pair. The (app_key,
+// target_port) pair here must match a previous successful call to
+// ReissueAppCert. The private key used for the signature will match the subject
+// public key of the issued x509 certificate.
+message SignForAppRequest {
+ // app_key uniquely identifies a TCP app, it must match the key of an app from
+ // a previous successful call to ReissueAppCert.
+ AppKey app_key = 1;
+ // target_port identifies the TCP port of the app, it must match the
+ // target_port of a previous successful call to ReissueAppCert for an app
+ // matching AppKey.
+ uint32 target_port = 2;
+ // digest is the bytes to sign.
+ bytes digest = 3;
+ // hash is the hash function used to compute digest.
+ Hash hash = 4;
+}
+
+// Hash specifies a cryptographic hash function.
+enum Hash {
+ HASH_UNSPECIFIED = 0;
+ HASH_NONE = 1;
+ HASH_SHA256 = 2;
+}
+
+// SignForAppResponse is a response for SignForApp.
+message SignForAppResponse {
+ // signature is the signature.
+ bytes signature = 1;
+}
+
+// OnNewConnectionRequest is a request for OnNewConnection.
+message OnNewConnectionRequest {
+ // app_key identifies the app the connection is being made for.
+ AppKey app_key = 1;
+}
+
+// OnNewConnectionRequest is a response for OnNewConnection.
+message OnNewConnectionResponse {}
+
+// OnInvalidLocalPortRequest is a request for OnInvalidLocalPort.
+message OnInvalidLocalPortRequest {
+ // app_info identifies the app the request was made for. AppInfo is used
+ // instaed of AppKey so that the application spec is included, which includes
+ // the TCP port ranges allowed for the app, which are ultimately included in
+ // the user error message.
+ AppInfo app_info = 1;
+ // target_port is the invalid port the request was made for.
+ uint32 target_port = 2;
+}
+
+// OnInvalidLocalPortResponse is a response for OnInvalidLocalPort.
+message OnInvalidLocalPortResponse {}