From 372d671517f856ef73c34a95964e1809589d8fbb Mon Sep 17 00:00:00 2001
From: Joe Richey <joerichey@google.com>
Date: Wed, 22 Dec 2021 17:23:55 -0800
Subject: [PATCH 1/2] proto: Change RestartPolicy variants to use CamelCase

This is a backwards-incompatible change, which is fine because we
haven't released a version of go-tpm-tools containing `RestartPolicy`.
This change also means that the variants of RestartPolicy no longer
conform to the Protobuf style guide. An explanation for why we do this
is given in the comments in the `attest.proto` file.

Signed-off-by: Joe Richey <joerichey@google.com>
---
 cel/cos_tlv_test.go       |  2 +-
 proto/attest.proto        | 12 ++++++-----
 proto/attest/attest.pb.go | 44 ++++++++++++++++++++-------------------
 proto/tpm/tpm.pb.go       |  2 +-
 server/eventlog_test.go   |  4 ++--
 server/verify_test.go     |  4 ++--
 6 files changed, 36 insertions(+), 32 deletions(-)

diff --git a/cel/cos_tlv_test.go b/cel/cos_tlv_test.go
index a6bfcd2fb..98733fcd3 100644
--- a/cel/cos_tlv_test.go
+++ b/cel/cos_tlv_test.go
@@ -25,7 +25,7 @@ func TestCosEventlog(t *testing.T) {
 	}{
 		{ImageRefType, test.DebugPCR, []byte("docker.io/bazel/experimental/test:latest")},
 		{ImageDigestType, test.DebugPCR, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")},
-		{RestartPolicyType, test.DebugPCR, []byte(pb.RestartPolicy_NEVER.String())},
+		{RestartPolicyType, test.DebugPCR, []byte(pb.RestartPolicy_Never.String())},
 	}
 
 	for _, testEvent := range testEvents {
diff --git a/proto/attest.proto b/proto/attest.proto
index d16e21898..79f85fdd8 100644
--- a/proto/attest.proto
+++ b/proto/attest.proto
@@ -115,13 +115,15 @@ message SecureBootState {
 }
 
 // The container's restart policy.
-// See
+// See the following Kubernetes documentation for more details:
 // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
-// for more details.
+// Note that these enum variants do not conform to the standard Protocol Buffers
+// Style Guide so that RestartPolicy_name, RestartPolicy_value, and
+// RestartPolicy.String() match the values used by Kubernetes and others.
 enum RestartPolicy {
-  ALWAYS = 0;
-  ON_FAILURE = 1;
-  NEVER = 2;
+  Always = 0;
+  OnFailure = 1;
+  Never = 2;
 }
 
 message ContainerState {
diff --git a/proto/attest/attest.pb.go b/proto/attest/attest.pb.go
index 90fd03cfa..b22de661f 100644
--- a/proto/attest/attest.pb.go
+++ b/proto/attest/attest.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.17.3
+// 	protoc        v3.19.1
 // source: attest.proto
 
 package attest
@@ -125,28 +125,30 @@ func (WellKnownCertificate) EnumDescriptor() ([]byte, []int) {
 }
 
 // The container's restart policy.
-// See
+// See the following Kubernetes documentation for more details:
 // https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy
-// for more details.
+// Note that these enum variants do not conform to the standard Protocol Buffers
+// Style Guide so that RestartPolicy_name, RestartPolicy_value, and
+// RestartPolicy.String() match the values used by Kubernetes and others.
 type RestartPolicy int32
 
 const (
-	RestartPolicy_ALWAYS     RestartPolicy = 0
-	RestartPolicy_ON_FAILURE RestartPolicy = 1
-	RestartPolicy_NEVER      RestartPolicy = 2
+	RestartPolicy_Always    RestartPolicy = 0
+	RestartPolicy_OnFailure RestartPolicy = 1
+	RestartPolicy_Never     RestartPolicy = 2
 )
 
 // Enum value maps for RestartPolicy.
 var (
 	RestartPolicy_name = map[int32]string{
-		0: "ALWAYS",
-		1: "ON_FAILURE",
-		2: "NEVER",
+		0: "Always",
+		1: "OnFailure",
+		2: "Never",
 	}
 	RestartPolicy_value = map[string]int32{
-		"ALWAYS":     0,
-		"ON_FAILURE": 1,
-		"NEVER":      2,
+		"Always":    0,
+		"OnFailure": 1,
+		"Never":     2,
 	}
 )
 
@@ -829,7 +831,7 @@ func (x *ContainerState) GetRestartPolicy() RestartPolicy {
 	if x != nil {
 		return x.RestartPolicy
 	}
-	return RestartPolicy_ALWAYS
+	return RestartPolicy_Always
 }
 
 func (x *ContainerState) GetImageId() string {
@@ -1344,14 +1346,14 @@ var file_attest_proto_rawDesc = []byte{
 	0x4f, 0x57, 0x53, 0x5f, 0x50, 0x52, 0x4f, 0x44, 0x5f, 0x50, 0x43, 0x41, 0x5f, 0x32, 0x30, 0x31,
 	0x31, 0x10, 0x01, 0x12, 0x1f, 0x0a, 0x1b, 0x4d, 0x53, 0x5f, 0x54, 0x48, 0x49, 0x52, 0x44, 0x5f,
 	0x50, 0x41, 0x52, 0x54, 0x59, 0x5f, 0x55, 0x45, 0x46, 0x49, 0x5f, 0x43, 0x41, 0x5f, 0x32, 0x30,
-	0x31, 0x31, 0x10, 0x02, 0x2a, 0x36, 0x0a, 0x0d, 0x52, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x50,
-	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x4c, 0x57, 0x41, 0x59, 0x53, 0x10,
-	0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x4f, 0x4e, 0x5f, 0x46, 0x41, 0x49, 0x4c, 0x55, 0x52, 0x45, 0x10,
-	0x01, 0x12, 0x09, 0x0a, 0x05, 0x4e, 0x45, 0x56, 0x45, 0x52, 0x10, 0x02, 0x42, 0x2d, 0x5a, 0x2b,
-	0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
-	0x65, 0x2f, 0x67, 0x6f, 0x2d, 0x74, 0x70, 0x6d, 0x2d, 0x74, 0x6f, 0x6f, 0x6c, 0x73, 0x2f, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f,
-	0x74, 0x6f, 0x33,
+	0x31, 0x31, 0x10, 0x02, 0x2a, 0x35, 0x0a, 0x0d, 0x52, 0x65, 0x73, 0x74, 0x61, 0x72, 0x74, 0x50,
+	0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0a, 0x0a, 0x06, 0x41, 0x6c, 0x77, 0x61, 0x79, 0x73, 0x10,
+	0x00, 0x12, 0x0d, 0x0a, 0x09, 0x4f, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x10, 0x01,
+	0x12, 0x09, 0x0a, 0x05, 0x4e, 0x65, 0x76, 0x65, 0x72, 0x10, 0x02, 0x42, 0x2d, 0x5a, 0x2b, 0x67,
+	0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65,
+	0x2f, 0x67, 0x6f, 0x2d, 0x74, 0x70, 0x6d, 0x2d, 0x74, 0x6f, 0x6f, 0x6c, 0x73, 0x2f, 0x70, 0x72,
+	0x6f, 0x74, 0x6f, 0x2f, 0x61, 0x74, 0x74, 0x65, 0x73, 0x74, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
+	0x6f, 0x33,
 }
 
 var (
diff --git a/proto/tpm/tpm.pb.go b/proto/tpm/tpm.pb.go
index dd71194e1..4bbf46f0a 100644
--- a/proto/tpm/tpm.pb.go
+++ b/proto/tpm/tpm.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
 // 	protoc-gen-go v1.27.1
-// 	protoc        v3.17.3
+// 	protoc        v3.19.1
 // source: tpm.proto
 
 package tpm
diff --git a/server/eventlog_test.go b/server/eventlog_test.go
index 577d20ea0..a3b192f65 100644
--- a/server/eventlog_test.go
+++ b/server/eventlog_test.go
@@ -428,13 +428,13 @@ func TestParsingCELEventLog(t *testing.T) {
 	}{
 		{cel.ImageRefType, test.DebugPCR, []byte("docker.io/bazel/experimental/test:latest")},
 		{cel.ImageDigestType, test.DebugPCR, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")},
-		{cel.RestartPolicyType, test.DebugPCR, []byte(attestpb.RestartPolicy_ALWAYS.String())},
+		{cel.RestartPolicyType, test.DebugPCR, []byte(attestpb.RestartPolicy_Always.String())},
 	}
 
 	want := attestpb.ContainerState{
 		ImageReference: string(testCELEvents[0].eventPayload),
 		ImageDigest:    string(testCELEvents[1].eventPayload),
-		RestartPolicy:  attestpb.RestartPolicy_ALWAYS}
+		RestartPolicy:  attestpb.RestartPolicy_Always}
 	for _, testEvent := range testCELEvents {
 		cos := cel.CosTlv{EventType: testEvent.cosNestedEventType, EventContent: testEvent.eventPayload}
 		if err := coscel.AppendEvent(tpm, testEvent.pcr, hashAlgoList, cos); err != nil {
diff --git a/server/verify_test.go b/server/verify_test.go
index 52e7599a0..926a4d8ef 100644
--- a/server/verify_test.go
+++ b/server/verify_test.go
@@ -307,7 +307,7 @@ func TestVerifyAttestationWithCEL(t *testing.T) {
 	}{
 		{cel.ImageRefType, test.DebugPCR, []byte("docker.io/bazel/experimental/test:latest")},
 		{cel.ImageDigestType, test.DebugPCR, []byte("sha256:781d8dfdd92118436bd914442c8339e653b83f6bf3c1a7a98efcfb7c4fed7483")},
-		{cel.RestartPolicyType, test.DebugPCR, []byte(attestpb.RestartPolicy_NEVER.String())},
+		{cel.RestartPolicyType, test.DebugPCR, []byte(attestpb.RestartPolicy_Never.String())},
 	}
 	hashAlgoList := []crypto.Hash{crypto.SHA256, crypto.SHA1, crypto.SHA512}
 	for _, testEvent := range testEvents {
@@ -340,7 +340,7 @@ func TestVerifyAttestationWithCEL(t *testing.T) {
 	want := attestpb.ContainerState{
 		ImageReference: string(testEvents[0].eventPayload),
 		ImageDigest:    string(testEvents[1].eventPayload),
-		RestartPolicy:  attestpb.RestartPolicy_NEVER}
+		RestartPolicy:  attestpb.RestartPolicy_Never}
 	if diff := cmp.Diff(state.Cos.Container, &want, protocmp.Transform()); diff != "" {
 		t.Errorf("unexpected difference:\n%v", diff)
 	}

From fdb4141cac2b8d72910a96fbab12c330a2c7b75b Mon Sep 17 00:00:00 2001
From: Joe Richey <joerichey@google.com>
Date: Wed, 22 Dec 2021 18:16:06 -0800
Subject: [PATCH 2/2] ci: Update protoc version to 3.19.1

Signed-off-by: Joe Richey <joerichey@google.com>
---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ca0467609..c1d01fdb6 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -47,7 +47,7 @@ jobs:
       uses: arduino/setup-protoc@v1
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
-        version: '3.17.3'
+        version: '3.19.1'
     - name: Install protoc-gen-go
       run: go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.27.1
     - name: Check Protobuf Generation