sdk/fidl/fuchsia.amber/amber.fidl - fuchsia - Git at Google

 // Copyright 2017 The Fuchsia Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 library fuchsia.amber;

 using fuchsia.pkg;
 using zx;

 struct OAuth2Config {
     string clientId;

     string clientSecret = "";

     string authUrl;
     string tokenUrl;
     vector<string> scopes;
     string deviceCodeUrl;
 };

 struct DeviceCode {
     string userCode;
     string verificationUrl;
     int64 expiresIn;
 };

 struct KeyConfig {
     /// Supported TUF key types. The only supported algorithm is ed25519.
     string type;

     /// The value of the key encoded in hex.
     string value;
 };

 struct TLSClientConfig {
     /// If insecureSkipTlsVerify is true, TLS will accept any certificate
     /// provided by the server. This should only be used for testing.
     bool insecureSkipVerify = false;

     /// The set of root certificate authorities that clients use when verifying
     /// server certificates. If the list is empty, TLS uses the host's root CA
     /// set.
     vector<string> rootCAs;
 };

 struct TransportConfig {
     /// If true, prevent re-use of TCP connections between HTTP requests.
     bool disableKeepAlives = false;

     /// The keep-alive period for an active network connection. A zero value
     /// means that we use the system default.
     int32 KeepAlive = 0;

     /// The maximum number of idle (keep-alive) connections across all hosts. A
     /// zero value means that we use the system default.
     int32 maxIdleConns = 0;

     /// The maximum number of idle (keep-alive) connections across for each
     /// host. A zero value means we use the system default.
     int32 maxIdleConnsPerHost = 0;

     /// The maximum amount of time to wait for a connection to complete in
     /// milliseconds. A zero value means we use the system default.
     int32 connectTimeout = 0;

     /// The deadline in milliseconds for a request to complete. A zero value
     /// means that we use the system default.
     int32 requestTimeout = 0;

     /// The maximum amount of time in milliseconds an idle (keep-alive)
     /// connection will remain idle before closing itself. A zero value means
     /// that we use the system default.
     int32 idleConnTimeout = 0;

     /// The amount of time to wait for a server's response headers. A zero value
     /// means that we use the system default.
     int32 responseHeaderTimeout = 0;

     /// The deadline in milliseconds to wait for a server's first response
     /// headers if the request has an "Expect: 100-continue" header. A zero
     /// value means that we use the system default.
     int32 expectContinueTimeout = 0;

     /// The deadline in milliseconds to wait for a TLS handshake. Zero means that we use the system
     /// default.
     int32 tlsHandshakeTimeout = 0;

     TLSClientConfig? tlsClientConfig;
 };

 struct StatusConfig {
     bool enabled;
 };

 struct SourceConfig {
     /// A unique identifier that distinquishes this source from others.
     string id;

     /// The canonical URL for the TUF repository.
     string repoUrl;

     /// Optionally download package blobs from this repository. If not
     /// specified, blobs will be fetched from `$repoUrl/blobs`.
     string blobRepoUrl = "";

     /// The rate limit indicates the number of requests per rateReriod,
     /// expressed in milliseconds. A limit or period of zero means there is no
     /// limit.
     uint64 rateLimit;

     /// The TUF metadata will be refreshed after it is ratePeriod seconds stale.
     int32 ratePeriod = 3600;

     /// A vector of public keys. These keys must match one of the trusted keys
     /// known to the system.
     vector<KeyConfig> rootKeys;

     TransportConfig? transportConfig;

     OAuth2Config? oauth2Config;

     StatusConfig? statusConfig;

     /// If true, the source supports the /auto SSE endpoint for live updates
     bool auto = false;

     BlobEncryptionKey? blobKey;
 };

 struct BlobEncryptionKey {
     array<uint8>:32 data;
 };

 enum Status {
     OK = 0;
     ERR = 1;
     ERR_NOT_FOUND = 2;
 };

 [Discoverable]
 protocol Control {
     /// simple no-op that can be used to test the connection
     DoTest(int32 input) -> (string output);

     /// Add a TUF source repository.
     AddSrc(SourceConfig source) -> (bool res);

     /// Remove a TUF source repository. SourceConfigs that were bundled when the
     /// system was built may be removed, but that funcionality may change in the
     /// future. See PKG-150.
     RemoveSrc(string id) -> (Status res);

     /// Get the list of URLs of the current set of sources
     ListSrcs() -> (vector<SourceConfig> srcs);

     /// Get a content blob identified by the given hashed Merkle root.
     /// This operation is asynchronous and provides no results.
     GetBlob(string merkle);

     PackagesActivated(vector<string> merkle);

     /// Get an update for the package identified by 'name' which has the
     /// provided version. If no version is supplied, the latest available
     /// version of that package will be retrieved. The package data is sent to
     /// PackageFS which then stores the package in BlobFS. This method returns
     /// a channel that will provide the ultimate results. The channel will become
     /// readable when the update is complete. If at that time the User0 signal is
     /// set on the channel, the result is an error string that may be read from
     /// the channel, otherwise the result is success, and the new merkleroot can
     /// be read from the channel.
     GetUpdateComplete(string name, string? version, string? merkle)
         -> (handle<channel> rplyChan);

     CheckForSystemUpdate() -> (bool res);

     /// Log into the source specified by the source id. Returns the oauth2
     /// device flow code if the source is configured for authentication, or null
     /// if not.
     Login(string sourceId) -> (DeviceCode? device);

     SetSrcEnabled(string id, bool enabled) -> (Status res);

     /// Trigger a garbage collection.
     GC();

     /// Sent when a blob fails to write, causing one or more package installs to
     /// permanently fail.
     PackagesFailed(vector<string> merkle, zx.status error, string blob_merkle);

     /// Opens a TUF repository specified by the provided RepositoryConfig.
     /// The repository will stay open for the life of the OpenedRepository
     /// channel.
     ///
     /// Packages in the opened repository can be accessed via
     /// OpenedRepository.GetUpdateComplete, but will not appear in calls to
     /// the global GetUpdateComplete, above.
     OpenRepository(fuchsia.pkg.RepositoryConfig config, request<OpenedRepository> repo) -> (zx.status result);
 };

 protocol OpenedRepository {
     /// Get an update for the package identified by 'name' which has the
     /// provided variant. The package data is sent to PackageFS which then
     /// stores the package in BlobFS. This method provides a FetchResult that
     /// will send the ultimate results.
     GetUpdateComplete(string name, string? variant, string? merkle, request<FetchResult> result);

     /// Finds the merkle hash for the package identified by 'name' which has the
     /// provided variant. Does not install the package or fetch any blobs.
     MerkleFor(string name, string? variant) -> (zx.status status, string message, string merkle, int64 size);
 };

 /// A protocol providing results for a OpenedRepository.GetUpdateComplete call.
 /// Only one event will be sent before the channel is closed.
 protocol FetchResult {
     /// Sent when the package is successfully installed and available for use.
     -> OnSuccess(string merkle);
     /// Sent when the package fails to install for some reason.
     -> OnError(zx.status result, string message);
 };
	// Copyright 2017 The Fuchsia Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	library fuchsia.amber;

	using fuchsia.pkg;
	using zx;

	struct OAuth2Config {
	string clientId;

	string clientSecret = "";

	string authUrl;
	string tokenUrl;
	vector<string> scopes;
	string deviceCodeUrl;
	};

	struct DeviceCode {
	string userCode;
	string verificationUrl;
	int64 expiresIn;
	};

	struct KeyConfig {
	/// Supported TUF key types. The only supported algorithm is ed25519.
	string type;

	/// The value of the key encoded in hex.
	string value;
	};

	struct TLSClientConfig {
	/// If insecureSkipTlsVerify is true, TLS will accept any certificate
	/// provided by the server. This should only be used for testing.
	bool insecureSkipVerify = false;

	/// The set of root certificate authorities that clients use when verifying
	/// server certificates. If the list is empty, TLS uses the host's root CA
	/// set.
	vector<string> rootCAs;
	};

	struct TransportConfig {
	/// If true, prevent re-use of TCP connections between HTTP requests.
	bool disableKeepAlives = false;

	/// The keep-alive period for an active network connection. A zero value
	/// means that we use the system default.
	int32 KeepAlive = 0;

	/// The maximum number of idle (keep-alive) connections across all hosts. A
	/// zero value means that we use the system default.
	int32 maxIdleConns = 0;

	/// The maximum number of idle (keep-alive) connections across for each
	/// host. A zero value means we use the system default.
	int32 maxIdleConnsPerHost = 0;

	/// The maximum amount of time to wait for a connection to complete in
	/// milliseconds. A zero value means we use the system default.
	int32 connectTimeout = 0;

	/// The deadline in milliseconds for a request to complete. A zero value
	/// means that we use the system default.
	int32 requestTimeout = 0;

	/// The maximum amount of time in milliseconds an idle (keep-alive)
	/// connection will remain idle before closing itself. A zero value means
	/// that we use the system default.
	int32 idleConnTimeout = 0;

	/// The amount of time to wait for a server's response headers. A zero value
	/// means that we use the system default.
	int32 responseHeaderTimeout = 0;

	/// The deadline in milliseconds to wait for a server's first response
	/// headers if the request has an "Expect: 100-continue" header. A zero
	/// value means that we use the system default.
	int32 expectContinueTimeout = 0;

	/// The deadline in milliseconds to wait for a TLS handshake. Zero means that we use the system
	/// default.
	int32 tlsHandshakeTimeout = 0;

	TLSClientConfig? tlsClientConfig;
	};

	struct StatusConfig {
	bool enabled;
	};

	struct SourceConfig {
	/// A unique identifier that distinquishes this source from others.
	string id;

	/// The canonical URL for the TUF repository.
	string repoUrl;

	/// Optionally download package blobs from this repository. If not
	/// specified, blobs will be fetched from `$repoUrl/blobs`.
	string blobRepoUrl = "";

	/// The rate limit indicates the number of requests per rateReriod,
	/// expressed in milliseconds. A limit or period of zero means there is no
	/// limit.
	uint64 rateLimit;

	/// The TUF metadata will be refreshed after it is ratePeriod seconds stale.
	int32 ratePeriod = 3600;

	/// A vector of public keys. These keys must match one of the trusted keys
	/// known to the system.
	vector<KeyConfig> rootKeys;

	TransportConfig? transportConfig;

	OAuth2Config? oauth2Config;

	StatusConfig? statusConfig;

	/// If true, the source supports the /auto SSE endpoint for live updates
	bool auto = false;

	BlobEncryptionKey? blobKey;
	};

	struct BlobEncryptionKey {
	array<uint8>:32 data;
	};

	enum Status {
	OK = 0;
	ERR = 1;
	ERR_NOT_FOUND = 2;
	};

	[Discoverable]
	protocol Control {
	/// simple no-op that can be used to test the connection
	DoTest(int32 input) -> (string output);

	/// Add a TUF source repository.
	AddSrc(SourceConfig source) -> (bool res);

	/// Remove a TUF source repository. SourceConfigs that were bundled when the
	/// system was built may be removed, but that funcionality may change in the
	/// future. See PKG-150.
	RemoveSrc(string id) -> (Status res);

	/// Get the list of URLs of the current set of sources
	ListSrcs() -> (vector<SourceConfig> srcs);

	/// Get a content blob identified by the given hashed Merkle root.
	/// This operation is asynchronous and provides no results.
	GetBlob(string merkle);

	PackagesActivated(vector<string> merkle);

	/// Get an update for the package identified by 'name' which has the
	/// provided version. If no version is supplied, the latest available
	/// version of that package will be retrieved. The package data is sent to
	/// PackageFS which then stores the package in BlobFS. This method returns
	/// a channel that will provide the ultimate results. The channel will become
	/// readable when the update is complete. If at that time the User0 signal is
	/// set on the channel, the result is an error string that may be read from
	/// the channel, otherwise the result is success, and the new merkleroot can
	/// be read from the channel.
	GetUpdateComplete(string name, string? version, string? merkle)
	-> (handle<channel> rplyChan);

	CheckForSystemUpdate() -> (bool res);

	/// Log into the source specified by the source id. Returns the oauth2
	/// device flow code if the source is configured for authentication, or null
	/// if not.
	Login(string sourceId) -> (DeviceCode? device);

	SetSrcEnabled(string id, bool enabled) -> (Status res);

	/// Trigger a garbage collection.
	GC();

	/// Sent when a blob fails to write, causing one or more package installs to
	/// permanently fail.
	PackagesFailed(vector<string> merkle, zx.status error, string blob_merkle);

	/// Opens a TUF repository specified by the provided RepositoryConfig.
	/// The repository will stay open for the life of the OpenedRepository
	/// channel.
	///
	/// Packages in the opened repository can be accessed via
	/// OpenedRepository.GetUpdateComplete, but will not appear in calls to
	/// the global GetUpdateComplete, above.
	OpenRepository(fuchsia.pkg.RepositoryConfig config, request<OpenedRepository> repo) -> (zx.status result);
	};

	protocol OpenedRepository {
	/// Get an update for the package identified by 'name' which has the
	/// provided variant. The package data is sent to PackageFS which then
	/// stores the package in BlobFS. This method provides a FetchResult that
	/// will send the ultimate results.
	GetUpdateComplete(string name, string? variant, string? merkle, request<FetchResult> result);

	/// Finds the merkle hash for the package identified by 'name' which has the
	/// provided variant. Does not install the package or fetch any blobs.
	MerkleFor(string name, string? variant) -> (zx.status status, string message, string merkle, int64 size);
	};

	/// A protocol providing results for a OpenedRepository.GetUpdateComplete call.
	/// Only one event will be sent before the channel is closed.
	protocol FetchResult {
	/// Sent when the package is successfully installed and available for use.
	-> OnSuccess(string merkle);
	/// Sent when the package fails to install for some reason.
	-> OnError(zx.status result, string message);
	};