Skip to content

support protobuf versioning #2458

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
wojcik91 merged 19 commits into from
Apr 9, 2026
Merged

support protobuf versioning #2458

Show file tree
Hide file tree
Changes from 18 commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
969c50c
update protos
wojcik91 Mar 25, 2026
ab2cbac
adjust protobuf imports for new proto structure
wojcik91 Mar 25, 2026
7671a49
update service name
wojcik91 Mar 25, 2026
53ce532
go back to a simpler approach
wojcik91 Mar 25, 2026
6696e0b
update protos
wojcik91 Mar 25, 2026
346b02f
fall back to v1 worker module
wojcik91 Mar 25, 2026
074c26d
Merge branch 'dev' into protobuf_versioning
wojcik91 Apr 7, 2026
20ba31c
update protobuf submodule
wojcik91 Apr 7, 2026
383dc6d
update imports for new client_types protobuf module
wojcik91 Apr 7, 2026
5345aeb
Merge branch 'dev' into protobuf_versioning
wojcik91 Apr 7, 2026
0dd0fda
update proto submodule
wojcik91 Apr 7, 2026
200c4e8
update imports for updated protos
wojcik91 Apr 8, 2026
ed40602
Merge branch 'dev' into protobuf_versioning
wojcik91 Apr 8, 2026
808864a
handle updated handshake type
wojcik91 Apr 8, 2026
ffb3915
formatting
wojcik91 Apr 8, 2026
31b7c64
handle proto naming updates
wojcik91 Apr 9, 2026
76b6ec3
Merge branch 'dev' into protobuf_versioning
wojcik91 Apr 9, 2026
973a8a7
update protobuf submodule
wojcik91 Apr 9, 2026
f0b5a06
replace raw integers with enum
wojcik91 Apr 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ parse_link_header = "0.4"
paste = "1.0"
pgp = { version = "0.19", default-features = false }
prost = "0.14"
prost-types = "0.14"
pulldown-cmark = "0.13"
# match version used by sqlx
rand = "0.8"
Expand Down
1 change: 1 addition & 0 deletions crates/defguard_core/src/enterprise/firewall/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -559,6 +559,7 @@ fn get_source_addrs(
None
}
}
IpVersion::Unspecified => None,
})
.collect();

Expand Down
5 changes: 4 additions & 1 deletion crates/defguard_core/src/enterprise/grpc/desktop_client_mfa.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
use defguard_common::{db::models::Settings, types::AuthFlowType};
use defguard_proto::proxy::{ClientMfaOidcAuthenticateRequest, DeviceInfo, MfaMethod};
use defguard_proto::{
client_types::MfaMethod,
proxy::{ClientMfaOidcAuthenticateRequest, DeviceInfo},
};
use openidconnect::{AuthorizationCode, Nonce};
use tonic::Status;

Expand Down
5 changes: 4 additions & 1 deletion crates/defguard_core/src/enterprise/grpc/polling.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,10 @@ use defguard_common::db::{
Id,
models::{Device, polling_token::PollingToken, user::User},
};
use defguard_proto::proxy::{DeviceInfo, InstanceInfoRequest, InstanceInfoResponse};
use defguard_proto::{
client_types::{InstanceInfoRequest, InstanceInfoResponse},
proxy::DeviceInfo,
};
use sqlx::PgPool;
use tonic::Status;

Expand Down
2 changes: 1 addition & 1 deletion crates/defguard_core/src/events.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ use defguard_common::db::{
gateway::Gateway, group::Group, oauth2client::OAuth2Client, proxy::Proxy,
},
};
use defguard_proto::proxy::MfaMethod;
use defguard_proto::client_types::MfaMethod;

use crate::{
db::WebHook,
Expand Down
2 changes: 1 addition & 1 deletion crates/defguard_core/src/grpc/client_version.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
use base64::{Engine, prelude::BASE64_STANDARD};
use defguard_proto::proxy::{ClientPlatformInfo, DeviceInfo};
use defguard_proto::{client_types::ClientPlatformInfo, proxy::DeviceInfo};
use prost::Message;
use semver::Version;

Expand Down
2 changes: 1 addition & 1 deletion crates/defguard_core/src/grpc/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -194,7 +194,7 @@ impl InstanceInfo {
}
}

impl From<InstanceInfo> for defguard_proto::proxy::InstanceInfo {
impl From<InstanceInfo> for defguard_proto::client_types::InstanceInfo {
fn from(instance: InstanceInfo) -> Self {
Self {
name: instance.name,
Expand Down
15 changes: 10 additions & 5 deletions crates/defguard_core/src/grpc/proxy/client_mfa.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,16 @@ use defguard_common::{
types::user_info::UserInfo,
};
use defguard_mail::templates::mfa_code_mail;
use defguard_proto::proxy::{
self, AwaitRemoteMfaFinishRequest, AwaitRemoteMfaFinishResponse, ClientMfaFinishRequest,
ClientMfaFinishResponse, ClientMfaStartRequest, ClientMfaStartResponse,
ClientMfaTokenValidationRequest, ClientMfaTokenValidationResponse, CoreResponse, MfaMethod,
core_response::Payload,
use defguard_proto::{
client_types::{
ClientMfaFinishRequest, ClientMfaFinishResponse, ClientMfaStartRequest,
ClientMfaStartResponse, MfaMethod,
},
proxy::{
self, AwaitRemoteMfaFinishRequest, AwaitRemoteMfaFinishResponse,
ClientMfaTokenValidationRequest, ClientMfaTokenValidationResponse, CoreResponse,
core_response::Payload,
},
};
use sqlx::{PgConnection, PgPool};
use thiserror::Error;
Expand Down
74 changes: 37 additions & 37 deletions crates/defguard_core/src/grpc/utils.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,12 @@ use defguard_common::{
},
},
};
use defguard_proto::proxy::{
DeviceConfig as ProtoDeviceConfig, DeviceConfigResponse, DeviceInfo,
LocationMfaMode as ProtoLocationMfaMode,
use defguard_proto::{
client_types::{
DeviceConfig as ProtoDeviceConfig, DeviceConfigResponse,
LocationMfaMode as ProtoLocationMfaMode,
},
proxy::DeviceInfo,
};
use sqlx::PgPool;
use tonic::Status;
Expand Down Expand Up @@ -94,33 +97,31 @@ pub async fn build_device_config_response(

// DEPRECATED(1.5): superseeded by location_mfa_mode
let mfa_enabled = network.location_mfa_mode == LocationMfaMode::Internal;
let config =
ProtoDeviceConfig {
config: Device::create_config(&network, &wireguard_network_device),
network_id: network.id,
network_name: network.name,
assigned_ip: wireguard_network_device.wireguard_ips.as_csv(),
endpoint: format!("{}:{}", network.endpoint, network.port),
pubkey: network.pubkey,
allowed_ips: network.allowed_ips.as_csv(),
dns: network.dns,
keepalive_interval: network.keepalive_interval,
#[allow(deprecated)]
mfa_enabled,
location_mfa_mode: Some(
<LocationMfaMode as Into<ProtoLocationMfaMode>>::into(
network.location_mfa_mode,
)
.into(),
),
service_location_mode:
Some(
<ServiceLocationMode as Into<
defguard_proto::proxy::ServiceLocationMode,
>>::into(network.service_location_mode)
.into(),
),
};
let config = ProtoDeviceConfig {
config: Device::create_config(&network, &wireguard_network_device),
network_id: network.id,
network_name: network.name,
assigned_ip: wireguard_network_device.wireguard_ips.as_csv(),
endpoint: format!("{}:{}", network.endpoint, network.port),
pubkey: network.pubkey,
allowed_ips: network.allowed_ips.as_csv(),
dns: network.dns,
keepalive_interval: network.keepalive_interval,
#[allow(deprecated)]
mfa_enabled,
location_mfa_mode: Some(
<LocationMfaMode as Into<ProtoLocationMfaMode>>::into(
network.location_mfa_mode,
)
.into(),
),
service_location_mode: Some(
<ServiceLocationMode as Into<
defguard_proto::client_types::ServiceLocationMode,
>>::into(network.service_location_mode)
.into(),
),
};
configs.push(config);
}
} else {
Expand Down Expand Up @@ -173,13 +174,12 @@ pub async fn build_device_config_response(
)
.into(),
),
service_location_mode:
Some(
<ServiceLocationMode as Into<
defguard_proto::proxy::ServiceLocationMode,
>>::into(network.service_location_mode)
.into(),
),
service_location_mode: Some(
<ServiceLocationMode as Into<
defguard_proto::client_types::ServiceLocationMode,
>>::into(network.service_location_mode)
.into(),
),
};
configs.push(config);
}
Expand Down
9 changes: 5 additions & 4 deletions crates/defguard_core/src/handlers/component_setup.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,11 @@ use defguard_common::{
types::proxy::ProxyControlMessage,
};
use defguard_proto::{
common::{CertificateInfo, DerPayload},
gateway::gateway_setup_client::GatewaySetupClient,
proxy::{
AcmeChallenge, AcmeLogs, AcmeStep, CertificateInfo, DerPayload, acme_issue_event,
proxy_client::ProxyClient, proxy_setup_client::ProxySetupClient,
AcmeChallenge, AcmeLogs, AcmeStep, acme_issue_event, proxy_client::ProxyClient,
proxy_setup_client::ProxySetupClient,
},
};
use defguard_version::{Version, client::ClientVersionInterceptor};
Expand Down Expand Up @@ -946,7 +947,7 @@ pub async fn setup_gateway_tls_stream(
};

let csr_response = match client
.get_csr(defguard_proto::gateway::CertificateInfo {
.get_csr(CertificateInfo {
cert_hostname: hostname.to_string(),
})
.await
Expand Down Expand Up @@ -1007,7 +1008,7 @@ pub async fn setup_gateway_tls_stream(
// Step 6: Configure TLS
yield Ok(flow.step(SetupStep::ConfiguringTls));

let response = defguard_proto::gateway::DerPayload {
let response = DerPayload {
der_data: cert.der().to_vec(),
};

Expand Down
2 changes: 1 addition & 1 deletion crates/defguard_core/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1046,7 +1046,7 @@ pub async fn gateway_config(
let mut config = Configuration::new(&location, peers, maybe_firewall_config);

// overwrite private key just in case
config.prvkey = "REDACTED".into();
config.private_key = "REDACTED".into();

Ok(config)
}
Expand Down
2 changes: 1 addition & 1 deletion crates/defguard_core/tests/integration/grpc/health.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ async fn worker_service_health_is_serving(_: PgPoolOptions, options: PgConnectOp

let response = client
.check(HealthCheckRequest {
service: "worker.WorkerService".into(),
service: "defguard.worker.v1.WorkerService".into(),
})
.await
.expect("health check should succeed")
Expand Down
1 change: 1 addition & 0 deletions crates/defguard_gateway_manager/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ defguard_version.workspace = true
anyhow.workspace = true
chrono.workspace = true
hyper-rustls.workspace = true
prost-types.workspace = true
reqwest.workspace = true
semver.workspace = true
serde_json.workspace = true
Expand Down
Loading
Loading