github.com/grailbio/base@v0.0.11/security/ticket/ticket.vdl.go

// This file was auto-generated by the vanadium vdl tool.
// Package: ticket

//nolint:golint
package ticket

import (
	"fmt"

	v23 "v.io/v23"
	"v.io/v23/context"
	"v.io/v23/rpc"
	"v.io/v23/security/access"
	"v.io/v23/vdl"
)

var _ = initializeVDL() // Must be first; see initializeVDL comments for details.

// Type definitions
// ================

// TicketConfig Controls fields
type Control int

const (
	ControlPagerDutyId Control = iota
	ControlRationale
	ControlTicketId
)

// ControlAll holds all labels for Control.
var ControlAll = [...]Control{ControlPagerDutyId, ControlRationale, ControlTicketId}

// ControlFromString creates a Control from a string label.
//nolint:deadcode,unused
func ControlFromString(label string) (x Control, err error) {
	err = x.Set(label)
	return
}

// Set assigns label to x.
func (x *Control) Set(label string) error {
	switch label {
	case "PagerDutyId", "pagerdutyid":
		*x = ControlPagerDutyId
		return nil
	case "Rationale", "rationale":
		*x = ControlRationale
		return nil
	case "TicketId", "ticketid":
		*x = ControlTicketId
		return nil
	}
	*x = -1
	return fmt.Errorf("unknown label %q in ticket.Control", label)
}

// String returns the string label of x.
func (x Control) String() string {
	switch x {
	case ControlPagerDutyId:
		return "PagerDutyId"
	case ControlRationale:
		return "Rationale"
	case ControlTicketId:
		return "TicketId"
	}
	return ""
}

func (Control) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.Control"`
	Enum struct{ PagerDutyId, Rationale, TicketId string }
}) {
}

func (x Control) VDLIsZero() bool { //nolint:gocyclo
	return x == ControlPagerDutyId
}

func (x Control) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.WriteValueString(vdlTypeEnum1, x.String()); err != nil {
		return err
	}
	return nil
}

func (x *Control) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	switch value, err := dec.ReadValueString(); {
	case err != nil:
		return err
	default:
		if err := x.Set(value); err != nil {
			return err
		}
	}
	return nil
}

// AwsCredentials describes a set of (potentially temporary) AWS credentials.
type AwsCredentials struct {
	Region          string
	AccessKeyId     string
	SecretAccessKey string
	SessionToken    string
	// Expiration indicates the date on which the credentials expire.
	Expiration string
}

func (AwsCredentials) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.AwsCredentials"`
}) {
}

func (x AwsCredentials) VDLIsZero() bool { //nolint:gocyclo
	return x == AwsCredentials{}
}

func (x AwsCredentials) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct2); err != nil {
		return err
	}
	if x.Region != "" {
		if err := enc.NextFieldValueString(0, vdl.StringType, x.Region); err != nil {
			return err
		}
	}
	if x.AccessKeyId != "" {
		if err := enc.NextFieldValueString(1, vdl.StringType, x.AccessKeyId); err != nil {
			return err
		}
	}
	if x.SecretAccessKey != "" {
		if err := enc.NextFieldValueString(2, vdl.StringType, x.SecretAccessKey); err != nil {
			return err
		}
	}
	if x.SessionToken != "" {
		if err := enc.NextFieldValueString(3, vdl.StringType, x.SessionToken); err != nil {
			return err
		}
	}
	if x.Expiration != "" {
		if err := enc.NextFieldValueString(4, vdl.StringType, x.Expiration); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *AwsCredentials) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = AwsCredentials{}
	if err := dec.StartValue(vdlTypeStruct2); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct2 {
			index = vdlTypeStruct2.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Region = value
			}
		case 1:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.AccessKeyId = value
			}
		case 2:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.SecretAccessKey = value
			}
		case 3:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.SessionToken = value
			}
		case 4:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Expiration = value
			}
		}
	}
}

// AwsAssumeRoleBuilder describes the information required to obtain a temporary
// set of AWS credentials (which can be described using AwsCredentials) using
// the AssumeRole call from Security Token Service (STS).
type AwsAssumeRoleBuilder struct {
	Region string
	Role   string
	TtlSec int32
}

func (AwsAssumeRoleBuilder) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.AwsAssumeRoleBuilder"`
}) {
}

func (x AwsAssumeRoleBuilder) VDLIsZero() bool { //nolint:gocyclo
	return x == AwsAssumeRoleBuilder{}
}

func (x AwsAssumeRoleBuilder) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct3); err != nil {
		return err
	}
	if x.Region != "" {
		if err := enc.NextFieldValueString(0, vdl.StringType, x.Region); err != nil {
			return err
		}
	}
	if x.Role != "" {
		if err := enc.NextFieldValueString(1, vdl.StringType, x.Role); err != nil {
			return err
		}
	}
	if x.TtlSec != 0 {
		if err := enc.NextFieldValueInt(2, vdl.Int32Type, int64(x.TtlSec)); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *AwsAssumeRoleBuilder) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = AwsAssumeRoleBuilder{}
	if err := dec.StartValue(vdlTypeStruct3); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct3 {
			index = vdlTypeStruct3.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Region = value
			}
		case 1:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Role = value
			}
		case 2:
			switch value, err := dec.ReadValueInt(32); {
			case err != nil:
				return err
			default:
				x.TtlSec = int32(value)
			}
		}
	}
}

// AwsSessionBuilder describes the information required to obtain a temporary
// set of AWS credentials (described using AwsCredentials) then using
// the GetSessionToken call from Security Token Service (STS).
type AwsSessionBuilder struct {
	AwsCredentials AwsCredentials
	// TTL in seconds for the generated AWS credential from 900-129600.
	TtlSec int32
}

func (AwsSessionBuilder) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.AwsSessionBuilder"`
}) {
}

func (x AwsSessionBuilder) VDLIsZero() bool { //nolint:gocyclo
	return x == AwsSessionBuilder{}
}

func (x AwsSessionBuilder) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct4); err != nil {
		return err
	}
	if x.AwsCredentials != (AwsCredentials{}) {
		if err := enc.NextField(0); err != nil {
			return err
		}
		if err := x.AwsCredentials.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.TtlSec != 0 {
		if err := enc.NextFieldValueInt(1, vdl.Int32Type, int64(x.TtlSec)); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *AwsSessionBuilder) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = AwsSessionBuilder{}
	if err := dec.StartValue(vdlTypeStruct4); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct4 {
			index = vdlTypeStruct4.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			if err := x.AwsCredentials.VDLRead(dec); err != nil {
				return err
			}
		case 1:
			switch value, err := dec.ReadValueInt(32); {
			case err != nil:
				return err
			default:
				x.TtlSec = int32(value)
			}
		}
	}
}

// TlsCertAuthorityBuilder describes a Certification Authority capable to
// generate a particular cert.
type TlsCertAuthorityBuilder struct {
	// PEM-encoded certificate and private key of the Certificate Authority.
	Authority string
	// TTL for the generated cert.
	TtlSec int32
	// Common Name of the generated cert.
	CommonName string
	// Subject Alternate Name list.
	// Note: x509 spec says if SAN is set, CN is usually ignored.
	//       Include CN in SAN list if you want the CN to be verified.
	San []string
}

func (TlsCertAuthorityBuilder) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.TlsCertAuthorityBuilder"`
}) {
}

func (x TlsCertAuthorityBuilder) VDLIsZero() bool { //nolint:gocyclo
	if x.Authority != "" {
		return false
	}
	if x.TtlSec != 0 {
		return false
	}
	if x.CommonName != "" {
		return false
	}
	if len(x.San) != 0 {
		return false
	}
	return true
}

func (x TlsCertAuthorityBuilder) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct5); err != nil {
		return err
	}
	if x.Authority != "" {
		if err := enc.NextFieldValueString(0, vdl.StringType, x.Authority); err != nil {
			return err
		}
	}
	if x.TtlSec != 0 {
		if err := enc.NextFieldValueInt(1, vdl.Int32Type, int64(x.TtlSec)); err != nil {
			return err
		}
	}
	if x.CommonName != "" {
		if err := enc.NextFieldValueString(2, vdl.StringType, x.CommonName); err != nil {
			return err
		}
	}
	if len(x.San) != 0 {
		if err := enc.NextField(3); err != nil {
			return err
		}
		if err := vdlWriteAnonList1(enc, x.San); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func vdlWriteAnonList1(enc vdl.Encoder, x []string) error {
	if err := enc.StartValue(vdlTypeList6); err != nil {
		return err
	}
	if err := enc.SetLenHint(len(x)); err != nil {
		return err
	}
	for _, elem := range x {
		if err := enc.NextEntryValueString(vdl.StringType, elem); err != nil {
			return err
		}
	}
	if err := enc.NextEntry(true); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *TlsCertAuthorityBuilder) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = TlsCertAuthorityBuilder{}
	if err := dec.StartValue(vdlTypeStruct5); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct5 {
			index = vdlTypeStruct5.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Authority = value
			}
		case 1:
			switch value, err := dec.ReadValueInt(32); {
			case err != nil:
				return err
			default:
				x.TtlSec = int32(value)
			}
		case 2:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.CommonName = value
			}
		case 3:
			if err := vdlReadAnonList1(dec, &x.San); err != nil {
				return err
			}
		}
	}
}

func vdlReadAnonList1(dec vdl.Decoder, x *[]string) error {
	if err := dec.StartValue(vdlTypeList6); err != nil {
		return err
	}
	if len := dec.LenHint(); len > 0 {
		*x = make([]string, 0, len)
	} else {
		*x = nil
	}
	for {
		switch done, elem, err := dec.NextEntryValueString(); {
		case err != nil:
			return err
		case done:
			return dec.FinishValue()
		default:
			*x = append(*x, elem)
		}
	}
}

type SshCertAuthorityBuilder struct {
	// ssh-encoded private key of the Certificate Authority.
	CaPrivateKey string
	// ssh-encoded Certificate
	CaCertificate string
	// ssh-encoded Public key that will be signed to create the certificate.
	PublicKey string
	// Additional SSH Cert options like
	//    permit-X11-forwarding
	//    permit-agent-forwarding
	//    permit-port-forwarding
	//    permit-pty
	//    permit-user-rc
	ExtensionsOptions []string
	// Additional SSH Options that are required to be valid/accepted
	CriticalOptions []string
	// The Usernames that this key can connect as - defaults as
	//   ubuntu
	//   core
	//   ec2-user
	Principals []string
	// TTL for the generated cert - user cert < 60 ; host cert < 2628000 (5 years)
	TtlMin int32
}

func (SshCertAuthorityBuilder) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.SshCertAuthorityBuilder"`
}) {
}

func (x SshCertAuthorityBuilder) VDLIsZero() bool { //nolint:gocyclo
	if x.CaPrivateKey != "" {
		return false
	}
	if x.CaCertificate != "" {
		return false
	}
	if x.PublicKey != "" {
		return false
	}
	if len(x.ExtensionsOptions) != 0 {
		return false
	}
	if len(x.CriticalOptions) != 0 {
		return false
	}
	if len(x.Principals) != 0 {
		return false
	}
	if x.TtlMin != 0 {
		return false
	}
	return true
}

func (x SshCertAuthorityBuilder) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct7); err != nil {
		return err
	}
	if x.CaPrivateKey != "" {
		if err := enc.NextFieldValueString(0, vdl.StringType, x.CaPrivateKey); err != nil {
			return err
		}
	}
	if x.CaCertificate != "" {
		if err := enc.NextFieldValueString(1, vdl.StringType, x.CaCertificate); err != nil {
			return err
		}
	}
	if x.PublicKey != "" {
		if err := enc.NextFieldValueString(2, vdl.StringType, x.PublicKey); err != nil {
			return err
		}
	}
	if len(x.ExtensionsOptions) != 0 {
		if err := enc.NextField(3); err != nil {
			return err
		}
		if err := vdlWriteAnonList1(enc, x.ExtensionsOptions); err != nil {
			return err
		}
	}
	if len(x.CriticalOptions) != 0 {
		if err := enc.NextField(4); err != nil {
			return err
		}
		if err := vdlWriteAnonList1(enc, x.CriticalOptions); err != nil {
			return err
		}
	}
	if len(x.Principals) != 0 {
		if err := enc.NextField(5); err != nil {
			return err
		}
		if err := vdlWriteAnonList1(enc, x.Principals); err != nil {
			return err
		}
	}
	if x.TtlMin != 0 {
		if err := enc.NextFieldValueInt(6, vdl.Int32Type, int64(x.TtlMin)); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *SshCertAuthorityBuilder) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = SshCertAuthorityBuilder{}
	if err := dec.StartValue(vdlTypeStruct7); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct7 {
			index = vdlTypeStruct7.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.CaPrivateKey = value
			}
		case 1:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.CaCertificate = value
			}
		case 2:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.PublicKey = value
			}
		case 3:
			if err := vdlReadAnonList1(dec, &x.ExtensionsOptions); err != nil {
				return err
			}
		case 4:
			if err := vdlReadAnonList1(dec, &x.CriticalOptions); err != nil {
				return err
			}
		case 5:
			if err := vdlReadAnonList1(dec, &x.Principals); err != nil {
				return err
			}
		case 6:
			switch value, err := dec.ReadValueInt(32); {
			case err != nil:
				return err
			default:
				x.TtlMin = int32(value)
			}
		}
	}
}

// B2AccountAuthorizationBuilder describes the information required to
// obtain a B2 account authorization.
type B2AccountAuthorizationBuilder struct {
	AccountId      string
	ApplicationKey string
}

func (B2AccountAuthorizationBuilder) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.B2AccountAuthorizationBuilder"`
}) {
}

func (x B2AccountAuthorizationBuilder) VDLIsZero() bool { //nolint:gocyclo
	return x == B2AccountAuthorizationBuilder{}
}

func (x B2AccountAuthorizationBuilder) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct8); err != nil {
		return err
	}
	if x.AccountId != "" {
		if err := enc.NextFieldValueString(0, vdl.StringType, x.AccountId); err != nil {
			return err
		}
	}
	if x.ApplicationKey != "" {
		if err := enc.NextFieldValueString(1, vdl.StringType, x.ApplicationKey); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *B2AccountAuthorizationBuilder) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = B2AccountAuthorizationBuilder{}
	if err := dec.StartValue(vdlTypeStruct8); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct8 {
			index = vdlTypeStruct8.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.AccountId = value
			}
		case 1:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.ApplicationKey = value
			}
		}
	}
}

// VanadiumBuilder describes the information required to build Vanadium
// blessings.
type VanadiumBuilder struct {
	BlessingName string
}

func (VanadiumBuilder) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.VanadiumBuilder"`
}) {
}

func (x VanadiumBuilder) VDLIsZero() bool { //nolint:gocyclo
	return x == VanadiumBuilder{}
}

func (x VanadiumBuilder) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct9); err != nil {
		return err
	}
	if x.BlessingName != "" {
		if err := enc.NextFieldValueString(0, vdl.StringType, x.BlessingName); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *VanadiumBuilder) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = VanadiumBuilder{}
	if err := dec.StartValue(vdlTypeStruct9); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct9 {
			index = vdlTypeStruct9.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		if index == 0 {

			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.BlessingName = value
			}
		}
	}
}

// AwsTicket is a ticket that contains a set of (potentially temporary)
// AWS credentials.
type AwsTicket struct {
	AwsAssumeRoleBuilder *AwsAssumeRoleBuilder
	AwsSessionBuilder    *AwsSessionBuilder
	AwsCredentials       AwsCredentials
}

func (AwsTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.AwsTicket"`
}) {
}

func (x AwsTicket) VDLIsZero() bool { //nolint:gocyclo
	return x == AwsTicket{}
}

func (x AwsTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct10); err != nil {
		return err
	}
	if x.AwsAssumeRoleBuilder != nil {
		if err := enc.NextField(0); err != nil {
			return err
		}
		enc.SetNextStartValueIsOptional()
		if err := x.AwsAssumeRoleBuilder.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.AwsSessionBuilder != nil {
		if err := enc.NextField(1); err != nil {
			return err
		}
		enc.SetNextStartValueIsOptional()
		if err := x.AwsSessionBuilder.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.AwsCredentials != (AwsCredentials{}) {
		if err := enc.NextField(2); err != nil {
			return err
		}
		if err := x.AwsCredentials.VDLWrite(enc); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *AwsTicket) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = AwsTicket{}
	if err := dec.StartValue(vdlTypeStruct10); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct10 {
			index = vdlTypeStruct10.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			if err := dec.StartValue(vdlTypeOptional11); err != nil {
				return err
			}
			if dec.IsNil() {
				x.AwsAssumeRoleBuilder = nil
				if err := dec.FinishValue(); err != nil {
					return err
				}
			} else {
				x.AwsAssumeRoleBuilder = new(AwsAssumeRoleBuilder)
				dec.IgnoreNextStartValue()
				if err := x.AwsAssumeRoleBuilder.VDLRead(dec); err != nil {
					return err
				}
			}
		case 1:
			if err := dec.StartValue(vdlTypeOptional12); err != nil {
				return err
			}
			if dec.IsNil() {
				x.AwsSessionBuilder = nil
				if err := dec.FinishValue(); err != nil {
					return err
				}
			} else {
				x.AwsSessionBuilder = new(AwsSessionBuilder)
				dec.IgnoreNextStartValue()
				if err := x.AwsSessionBuilder.VDLRead(dec); err != nil {
					return err
				}
			}
		case 2:
			if err := x.AwsCredentials.VDLRead(dec); err != nil {
				return err
			}
		}
	}
}

// S3Ticket describes an AWS S3 object or prefix.
type S3Ticket struct {
	AwsAssumeRoleBuilder *AwsAssumeRoleBuilder
	AwsSessionBuilder    *AwsSessionBuilder
	AwsCredentials       AwsCredentials
	Endpoint             string
	Bucket               string
	Prefix               string
}

func (S3Ticket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.S3Ticket"`
}) {
}

func (x S3Ticket) VDLIsZero() bool { //nolint:gocyclo
	return x == S3Ticket{}
}

func (x S3Ticket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct13); err != nil {
		return err
	}
	if x.AwsAssumeRoleBuilder != nil {
		if err := enc.NextField(0); err != nil {
			return err
		}
		enc.SetNextStartValueIsOptional()
		if err := x.AwsAssumeRoleBuilder.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.AwsSessionBuilder != nil {
		if err := enc.NextField(1); err != nil {
			return err
		}
		enc.SetNextStartValueIsOptional()
		if err := x.AwsSessionBuilder.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.AwsCredentials != (AwsCredentials{}) {
		if err := enc.NextField(2); err != nil {
			return err
		}
		if err := x.AwsCredentials.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.Endpoint != "" {
		if err := enc.NextFieldValueString(3, vdl.StringType, x.Endpoint); err != nil {
			return err
		}
	}
	if x.Bucket != "" {
		if err := enc.NextFieldValueString(4, vdl.StringType, x.Bucket); err != nil {
			return err
		}
	}
	if x.Prefix != "" {
		if err := enc.NextFieldValueString(5, vdl.StringType, x.Prefix); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *S3Ticket) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = S3Ticket{}
	if err := dec.StartValue(vdlTypeStruct13); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct13 {
			index = vdlTypeStruct13.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			if err := dec.StartValue(vdlTypeOptional11); err != nil {
				return err
			}
			if dec.IsNil() {
				x.AwsAssumeRoleBuilder = nil
				if err := dec.FinishValue(); err != nil {
					return err
				}
			} else {
				x.AwsAssumeRoleBuilder = new(AwsAssumeRoleBuilder)
				dec.IgnoreNextStartValue()
				if err := x.AwsAssumeRoleBuilder.VDLRead(dec); err != nil {
					return err
				}
			}
		case 1:
			if err := dec.StartValue(vdlTypeOptional12); err != nil {
				return err
			}
			if dec.IsNil() {
				x.AwsSessionBuilder = nil
				if err := dec.FinishValue(); err != nil {
					return err
				}
			} else {
				x.AwsSessionBuilder = new(AwsSessionBuilder)
				dec.IgnoreNextStartValue()
				if err := x.AwsSessionBuilder.VDLRead(dec); err != nil {
					return err
				}
			}
		case 2:
			if err := x.AwsCredentials.VDLRead(dec); err != nil {
				return err
			}
		case 3:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Endpoint = value
			}
		case 4:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Bucket = value
			}
		case 5:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Prefix = value
			}
		}
	}
}

// EcrTicket describes an AWS EC2 Container Registry.
type EcrTicket struct {
	AwsAssumeRoleBuilder *AwsAssumeRoleBuilder
	// The base64-encoded authorization token which can be presented directly to
	// the Docker registry.
	// Reference: https://docs.docker.com/registry/spec/auth/token/
	AuthorizationToken string
	// Expiration indicates the date on which the authorization token expire.
	Expiration string
	// The register URL ("https://${ACCOUNTID}.dkr.ecr.region.amazonaws.com").
	Endpoint string
}

func (EcrTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.EcrTicket"`
}) {
}

func (x EcrTicket) VDLIsZero() bool { //nolint:gocyclo
	return x == EcrTicket{}
}

func (x EcrTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct14); err != nil {
		return err
	}
	if x.AwsAssumeRoleBuilder != nil {
		if err := enc.NextField(0); err != nil {
			return err
		}
		enc.SetNextStartValueIsOptional()
		if err := x.AwsAssumeRoleBuilder.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.AuthorizationToken != "" {
		if err := enc.NextFieldValueString(1, vdl.StringType, x.AuthorizationToken); err != nil {
			return err
		}
	}
	if x.Expiration != "" {
		if err := enc.NextFieldValueString(2, vdl.StringType, x.Expiration); err != nil {
			return err
		}
	}
	if x.Endpoint != "" {
		if err := enc.NextFieldValueString(3, vdl.StringType, x.Endpoint); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *EcrTicket) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = EcrTicket{}
	if err := dec.StartValue(vdlTypeStruct14); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct14 {
			index = vdlTypeStruct14.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			if err := dec.StartValue(vdlTypeOptional11); err != nil {
				return err
			}
			if dec.IsNil() {
				x.AwsAssumeRoleBuilder = nil
				if err := dec.FinishValue(); err != nil {
					return err
				}
			} else {
				x.AwsAssumeRoleBuilder = new(AwsAssumeRoleBuilder)
				dec.IgnoreNextStartValue()
				if err := x.AwsAssumeRoleBuilder.VDLRead(dec); err != nil {
					return err
				}
			}
		case 1:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.AuthorizationToken = value
			}
		case 2:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Expiration = value
			}
		case 3:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Endpoint = value
			}
		}
	}
}

// SshCert describes a ssh public Certifcate
type SshCert struct {
	// ssh-encoded certificate (host or user).
	Cert string
}

func (SshCert) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.SshCert"`
}) {
}

func (x SshCert) VDLIsZero() bool { //nolint:gocyclo
	return x == SshCert{}
}

func (x SshCert) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct15); err != nil {
		return err
	}
	if x.Cert != "" {
		if err := enc.NextFieldValueString(0, vdl.StringType, x.Cert); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *SshCert) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = SshCert{}
	if err := dec.StartValue(vdlTypeStruct15); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct15 {
			index = vdlTypeStruct15.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		if index == 0 {

			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Cert = value
			}
		}
	}
}

// TlsCredentials describes a generic set of Tls credentials that include:
// the CA that accepted by the client (only peers that present a certificate
// sign by this CA are accepted), the client certificate and the client
// private key.
type TlsCredentials struct {
	// PEM-encoded public certificate of the Certificate Authority.
	AuthorityCert string
	// PEM-encoded client certificate.
	Cert string
	// PEM-encoded client private key.
	Key string
}

func (TlsCredentials) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.TlsCredentials"`
}) {
}

func (x TlsCredentials) VDLIsZero() bool { //nolint:gocyclo
	return x == TlsCredentials{}
}

func (x TlsCredentials) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct16); err != nil {
		return err
	}
	if x.AuthorityCert != "" {
		if err := enc.NextFieldValueString(0, vdl.StringType, x.AuthorityCert); err != nil {
			return err
		}
	}
	if x.Cert != "" {
		if err := enc.NextFieldValueString(1, vdl.StringType, x.Cert); err != nil {
			return err
		}
	}
	if x.Key != "" {
		if err := enc.NextFieldValueString(2, vdl.StringType, x.Key); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *TlsCredentials) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = TlsCredentials{}
	if err := dec.StartValue(vdlTypeStruct16); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct16 {
			index = vdlTypeStruct16.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.AuthorityCert = value
			}
		case 1:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Cert = value
			}
		case 2:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Key = value
			}
		}
	}
}

// TlsServerTicket describes a TLS server.
type TlsServerTicket struct {
	TlsCertAuthorityBuilder *TlsCertAuthorityBuilder
	Credentials             TlsCredentials
}

func (TlsServerTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.TlsServerTicket"`
}) {
}

func (x TlsServerTicket) VDLIsZero() bool { //nolint:gocyclo
	return x == TlsServerTicket{}
}

func (x TlsServerTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct17); err != nil {
		return err
	}
	if x.TlsCertAuthorityBuilder != nil {
		if err := enc.NextField(0); err != nil {
			return err
		}
		enc.SetNextStartValueIsOptional()
		if err := x.TlsCertAuthorityBuilder.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.Credentials != (TlsCredentials{}) {
		if err := enc.NextField(1); err != nil {
			return err
		}
		if err := x.Credentials.VDLWrite(enc); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *TlsServerTicket) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = TlsServerTicket{}
	if err := dec.StartValue(vdlTypeStruct17); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct17 {
			index = vdlTypeStruct17.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			if err := dec.StartValue(vdlTypeOptional18); err != nil {
				return err
			}
			if dec.IsNil() {
				x.TlsCertAuthorityBuilder = nil
				if err := dec.FinishValue(); err != nil {
					return err
				}
			} else {
				x.TlsCertAuthorityBuilder = new(TlsCertAuthorityBuilder)
				dec.IgnoreNextStartValue()
				if err := x.TlsCertAuthorityBuilder.VDLRead(dec); err != nil {
					return err
				}
			}
		case 1:
			if err := x.Credentials.VDLRead(dec); err != nil {
				return err
			}
		}
	}
}

// TlsClientTicket describes a TLS client.
type TlsClientTicket struct {
	TlsCertAuthorityBuilder *TlsCertAuthorityBuilder
	Credentials             TlsCredentials
	// Endpoints indicate the servers the client can connect to.
	Endpoints []string
}

func (TlsClientTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.TlsClientTicket"`
}) {
}

func (x TlsClientTicket) VDLIsZero() bool { //nolint:gocyclo
	if x.TlsCertAuthorityBuilder != nil {
		return false
	}
	if x.Credentials != (TlsCredentials{}) {
		return false
	}
	if len(x.Endpoints) != 0 {
		return false
	}
	return true
}

func (x TlsClientTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct19); err != nil {
		return err
	}
	if x.TlsCertAuthorityBuilder != nil {
		if err := enc.NextField(0); err != nil {
			return err
		}
		enc.SetNextStartValueIsOptional()
		if err := x.TlsCertAuthorityBuilder.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.Credentials != (TlsCredentials{}) {
		if err := enc.NextField(1); err != nil {
			return err
		}
		if err := x.Credentials.VDLWrite(enc); err != nil {
			return err
		}
	}
	if len(x.Endpoints) != 0 {
		if err := enc.NextField(2); err != nil {
			return err
		}
		if err := vdlWriteAnonList1(enc, x.Endpoints); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *TlsClientTicket) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = TlsClientTicket{}
	if err := dec.StartValue(vdlTypeStruct19); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct19 {
			index = vdlTypeStruct19.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			if err := dec.StartValue(vdlTypeOptional18); err != nil {
				return err
			}
			if dec.IsNil() {
				x.TlsCertAuthorityBuilder = nil
				if err := dec.FinishValue(); err != nil {
					return err
				}
			} else {
				x.TlsCertAuthorityBuilder = new(TlsCertAuthorityBuilder)
				dec.IgnoreNextStartValue()
				if err := x.TlsCertAuthorityBuilder.VDLRead(dec); err != nil {
					return err
				}
			}
		case 1:
			if err := x.Credentials.VDLRead(dec); err != nil {
				return err
			}
		case 2:
			if err := vdlReadAnonList1(dec, &x.Endpoints); err != nil {
				return err
			}
		}
	}
}

// DockerTicket instance represents a Docker repository and the TLS
// certificate material required to verify and authenticate to it.
// TODO(razvanm): Remove DockerTicket and replace with DockerServerTicket
//                and DockerClientTicket
type DockerTicket struct {
	TlsCertAuthorityBuilder *TlsCertAuthorityBuilder
	Credentials             TlsCredentials
	Url                     string
}

func (DockerTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.DockerTicket"`
}) {
}

func (x DockerTicket) VDLIsZero() bool { //nolint:gocyclo
	return x == DockerTicket{}
}

func (x DockerTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct20); err != nil {
		return err
	}
	if x.TlsCertAuthorityBuilder != nil {
		if err := enc.NextField(0); err != nil {
			return err
		}
		enc.SetNextStartValueIsOptional()
		if err := x.TlsCertAuthorityBuilder.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.Credentials != (TlsCredentials{}) {
		if err := enc.NextField(1); err != nil {
			return err
		}
		if err := x.Credentials.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.Url != "" {
		if err := enc.NextFieldValueString(2, vdl.StringType, x.Url); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *DockerTicket) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = DockerTicket{}
	if err := dec.StartValue(vdlTypeStruct20); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct20 {
			index = vdlTypeStruct20.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			if err := dec.StartValue(vdlTypeOptional18); err != nil {
				return err
			}
			if dec.IsNil() {
				x.TlsCertAuthorityBuilder = nil
				if err := dec.FinishValue(); err != nil {
					return err
				}
			} else {
				x.TlsCertAuthorityBuilder = new(TlsCertAuthorityBuilder)
				dec.IgnoreNextStartValue()
				if err := x.TlsCertAuthorityBuilder.VDLRead(dec); err != nil {
					return err
				}
			}
		case 1:
			if err := x.Credentials.VDLRead(dec); err != nil {
				return err
			}
		case 2:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Url = value
			}
		}
	}
}

// DockerServerTicket instance represents a Docker Server and the TLS
// certificate material required for clients to verify and authenticate it.
type DockerServerTicket struct {
	TlsCertAuthorityBuilder *TlsCertAuthorityBuilder
	Credentials             TlsCredentials
}

func (DockerServerTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.DockerServerTicket"`
}) {
}

func (x DockerServerTicket) VDLIsZero() bool { //nolint:gocyclo
	return x == DockerServerTicket{}
}

func (x DockerServerTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct21); err != nil {
		return err
	}
	if x.TlsCertAuthorityBuilder != nil {
		if err := enc.NextField(0); err != nil {
			return err
		}
		enc.SetNextStartValueIsOptional()
		if err := x.TlsCertAuthorityBuilder.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.Credentials != (TlsCredentials{}) {
		if err := enc.NextField(1); err != nil {
			return err
		}
		if err := x.Credentials.VDLWrite(enc); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *DockerServerTicket) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = DockerServerTicket{}
	if err := dec.StartValue(vdlTypeStruct21); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct21 {
			index = vdlTypeStruct21.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			if err := dec.StartValue(vdlTypeOptional18); err != nil {
				return err
			}
			if dec.IsNil() {
				x.TlsCertAuthorityBuilder = nil
				if err := dec.FinishValue(); err != nil {
					return err
				}
			} else {
				x.TlsCertAuthorityBuilder = new(TlsCertAuthorityBuilder)
				dec.IgnoreNextStartValue()
				if err := x.TlsCertAuthorityBuilder.VDLRead(dec); err != nil {
					return err
				}
			}
		case 1:
			if err := x.Credentials.VDLRead(dec); err != nil {
				return err
			}
		}
	}
}

// DockerClientTicket instance represents the TLS certificate material required
// for clients to authenticate against a specific DockerServer.
type DockerClientTicket struct {
	TlsCertAuthorityBuilder *TlsCertAuthorityBuilder
	Credentials             TlsCredentials
	// Url indicates the Docker host the client can connect to.
	Url string
}

func (DockerClientTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.DockerClientTicket"`
}) {
}

func (x DockerClientTicket) VDLIsZero() bool { //nolint:gocyclo
	return x == DockerClientTicket{}
}

func (x DockerClientTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct22); err != nil {
		return err
	}
	if x.TlsCertAuthorityBuilder != nil {
		if err := enc.NextField(0); err != nil {
			return err
		}
		enc.SetNextStartValueIsOptional()
		if err := x.TlsCertAuthorityBuilder.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.Credentials != (TlsCredentials{}) {
		if err := enc.NextField(1); err != nil {
			return err
		}
		if err := x.Credentials.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.Url != "" {
		if err := enc.NextFieldValueString(2, vdl.StringType, x.Url); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *DockerClientTicket) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = DockerClientTicket{}
	if err := dec.StartValue(vdlTypeStruct22); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct22 {
			index = vdlTypeStruct22.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			if err := dec.StartValue(vdlTypeOptional18); err != nil {
				return err
			}
			if dec.IsNil() {
				x.TlsCertAuthorityBuilder = nil
				if err := dec.FinishValue(); err != nil {
					return err
				}
			} else {
				x.TlsCertAuthorityBuilder = new(TlsCertAuthorityBuilder)
				dec.IgnoreNextStartValue()
				if err := x.TlsCertAuthorityBuilder.VDLRead(dec); err != nil {
					return err
				}
			}
		case 1:
			if err := x.Credentials.VDLRead(dec); err != nil {
				return err
			}
		case 2:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Url = value
			}
		}
	}
}

// Key/Value pair that can be passed into the GET request.
type Parameter struct {
	Key   string
	Value string
}

func (Parameter) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.Parameter"`
}) {
}

func (x Parameter) VDLIsZero() bool { //nolint:gocyclo
	return x == Parameter{}
}

func (x Parameter) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct23); err != nil {
		return err
	}
	if x.Key != "" {
		if err := enc.NextFieldValueString(0, vdl.StringType, x.Key); err != nil {
			return err
		}
	}
	if x.Value != "" {
		if err := enc.NextFieldValueString(1, vdl.StringType, x.Value); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *Parameter) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = Parameter{}
	if err := dec.StartValue(vdlTypeStruct23); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct23 {
			index = vdlTypeStruct23.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Key = value
			}
		case 1:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Value = value
			}
		}
	}
}

type AwsComputeInstancesBuilder struct {
	// Instance Filters that will produce a list of instance IDs and related information
	// https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html
	InstanceFilters []Parameter
	// AWS ARN for a role that should be used to perform the instance lookups
	AwsAccountLookupRole string
	// AWS region to use for the lookup
	Region string
}

func (AwsComputeInstancesBuilder) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.AwsComputeInstancesBuilder"`
}) {
}

func (x AwsComputeInstancesBuilder) VDLIsZero() bool { //nolint:gocyclo
	if len(x.InstanceFilters) != 0 {
		return false
	}
	if x.AwsAccountLookupRole != "" {
		return false
	}
	if x.Region != "" {
		return false
	}
	return true
}

func (x AwsComputeInstancesBuilder) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct24); err != nil {
		return err
	}
	if len(x.InstanceFilters) != 0 {
		if err := enc.NextField(0); err != nil {
			return err
		}
		if err := vdlWriteAnonList2(enc, x.InstanceFilters); err != nil {
			return err
		}
	}
	if x.AwsAccountLookupRole != "" {
		if err := enc.NextFieldValueString(1, vdl.StringType, x.AwsAccountLookupRole); err != nil {
			return err
		}
	}
	if x.Region != "" {
		if err := enc.NextFieldValueString(2, vdl.StringType, x.Region); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func vdlWriteAnonList2(enc vdl.Encoder, x []Parameter) error {
	if err := enc.StartValue(vdlTypeList25); err != nil {
		return err
	}
	if err := enc.SetLenHint(len(x)); err != nil {
		return err
	}
	for _, elem := range x {
		if err := enc.NextEntry(false); err != nil {
			return err
		}
		if err := elem.VDLWrite(enc); err != nil {
			return err
		}
	}
	if err := enc.NextEntry(true); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *AwsComputeInstancesBuilder) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = AwsComputeInstancesBuilder{}
	if err := dec.StartValue(vdlTypeStruct24); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct24 {
			index = vdlTypeStruct24.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			if err := vdlReadAnonList2(dec, &x.InstanceFilters); err != nil {
				return err
			}
		case 1:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.AwsAccountLookupRole = value
			}
		case 2:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Region = value
			}
		}
	}
}

func vdlReadAnonList2(dec vdl.Decoder, x *[]Parameter) error {
	if err := dec.StartValue(vdlTypeList25); err != nil {
		return err
	}
	if len := dec.LenHint(); len > 0 {
		*x = make([]Parameter, 0, len)
	} else {
		*x = nil
	}
	for {
		switch done, err := dec.NextEntry(); {
		case err != nil:
			return err
		case done:
			return dec.FinishValue()
		default:
			var elem Parameter
			if err := elem.VDLRead(dec); err != nil {
				return err
			}
			*x = append(*x, elem)
		}
	}
}

// Simplification of describeInstance data to provide to ticket-server users
type ComputeInstance struct {
	PublicIp   string
	PrivateIp  string
	InstanceId string
	Tags       []Parameter
}

func (ComputeInstance) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.ComputeInstance"`
}) {
}

func (x ComputeInstance) VDLIsZero() bool { //nolint:gocyclo
	if x.PublicIp != "" {
		return false
	}
	if x.PrivateIp != "" {
		return false
	}
	if x.InstanceId != "" {
		return false
	}
	if len(x.Tags) != 0 {
		return false
	}
	return true
}

func (x ComputeInstance) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct26); err != nil {
		return err
	}
	if x.PublicIp != "" {
		if err := enc.NextFieldValueString(0, vdl.StringType, x.PublicIp); err != nil {
			return err
		}
	}
	if x.PrivateIp != "" {
		if err := enc.NextFieldValueString(1, vdl.StringType, x.PrivateIp); err != nil {
			return err
		}
	}
	if x.InstanceId != "" {
		if err := enc.NextFieldValueString(2, vdl.StringType, x.InstanceId); err != nil {
			return err
		}
	}
	if len(x.Tags) != 0 {
		if err := enc.NextField(3); err != nil {
			return err
		}
		if err := vdlWriteAnonList2(enc, x.Tags); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *ComputeInstance) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = ComputeInstance{}
	if err := dec.StartValue(vdlTypeStruct26); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct26 {
			index = vdlTypeStruct26.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.PublicIp = value
			}
		case 1:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.PrivateIp = value
			}
		case 2:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.InstanceId = value
			}
		case 3:
			if err := vdlReadAnonList2(dec, &x.Tags); err != nil {
				return err
			}
		}
	}
}

// SshCertificateTicket describes a SSH Signed Certificate.
// SSH Certificates are essentially a version of TLS certs but they have additional
// optional parameters and can take a public key as part of their signing request.
type SshCertificateTicket struct {
	SshCertAuthorityBuilder    *SshCertAuthorityBuilder
	AwsComputeInstancesBuilder *AwsComputeInstancesBuilder
	ComputeInstances           []ComputeInstance
	Credentials                SshCert
	// Recommended username to use
	Username string
}

func (SshCertificateTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.SshCertificateTicket"`
}) {
}

func (x SshCertificateTicket) VDLIsZero() bool { //nolint:gocyclo
	if x.SshCertAuthorityBuilder != nil {
		return false
	}
	if x.AwsComputeInstancesBuilder != nil {
		return false
	}
	if len(x.ComputeInstances) != 0 {
		return false
	}
	if x.Credentials != (SshCert{}) {
		return false
	}
	if x.Username != "" {
		return false
	}
	return true
}

func (x SshCertificateTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct27); err != nil {
		return err
	}
	if x.SshCertAuthorityBuilder != nil {
		if err := enc.NextField(0); err != nil {
			return err
		}
		enc.SetNextStartValueIsOptional()
		if err := x.SshCertAuthorityBuilder.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.AwsComputeInstancesBuilder != nil {
		if err := enc.NextField(1); err != nil {
			return err
		}
		enc.SetNextStartValueIsOptional()
		if err := x.AwsComputeInstancesBuilder.VDLWrite(enc); err != nil {
			return err
		}
	}
	if len(x.ComputeInstances) != 0 {
		if err := enc.NextField(2); err != nil {
			return err
		}
		if err := vdlWriteAnonList3(enc, x.ComputeInstances); err != nil {
			return err
		}
	}
	if x.Credentials != (SshCert{}) {
		if err := enc.NextField(3); err != nil {
			return err
		}
		if err := x.Credentials.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.Username != "" {
		if err := enc.NextFieldValueString(4, vdl.StringType, x.Username); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func vdlWriteAnonList3(enc vdl.Encoder, x []ComputeInstance) error {
	if err := enc.StartValue(vdlTypeList30); err != nil {
		return err
	}
	if err := enc.SetLenHint(len(x)); err != nil {
		return err
	}
	for _, elem := range x {
		if err := enc.NextEntry(false); err != nil {
			return err
		}
		if err := elem.VDLWrite(enc); err != nil {
			return err
		}
	}
	if err := enc.NextEntry(true); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *SshCertificateTicket) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = SshCertificateTicket{}
	if err := dec.StartValue(vdlTypeStruct27); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct27 {
			index = vdlTypeStruct27.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			if err := dec.StartValue(vdlTypeOptional28); err != nil {
				return err
			}
			if dec.IsNil() {
				x.SshCertAuthorityBuilder = nil
				if err := dec.FinishValue(); err != nil {
					return err
				}
			} else {
				x.SshCertAuthorityBuilder = new(SshCertAuthorityBuilder)
				dec.IgnoreNextStartValue()
				if err := x.SshCertAuthorityBuilder.VDLRead(dec); err != nil {
					return err
				}
			}
		case 1:
			if err := dec.StartValue(vdlTypeOptional29); err != nil {
				return err
			}
			if dec.IsNil() {
				x.AwsComputeInstancesBuilder = nil
				if err := dec.FinishValue(); err != nil {
					return err
				}
			} else {
				x.AwsComputeInstancesBuilder = new(AwsComputeInstancesBuilder)
				dec.IgnoreNextStartValue()
				if err := x.AwsComputeInstancesBuilder.VDLRead(dec); err != nil {
					return err
				}
			}
		case 2:
			if err := vdlReadAnonList3(dec, &x.ComputeInstances); err != nil {
				return err
			}
		case 3:
			if err := x.Credentials.VDLRead(dec); err != nil {
				return err
			}
		case 4:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Username = value
			}
		}
	}
}

func vdlReadAnonList3(dec vdl.Decoder, x *[]ComputeInstance) error {
	if err := dec.StartValue(vdlTypeList30); err != nil {
		return err
	}
	if len := dec.LenHint(); len > 0 {
		*x = make([]ComputeInstance, 0, len)
	} else {
		*x = nil
	}
	for {
		switch done, err := dec.NextEntry(); {
		case err != nil:
			return err
		case done:
			return dec.FinishValue()
		default:
			var elem ComputeInstance
			if err := elem.VDLRead(dec); err != nil {
				return err
			}
			*x = append(*x, elem)
		}
	}
}

// B2Ticket instance contains a B2 account level authorization
// token plus URLs and configuration values for the account.
type B2Ticket struct {
	B2AccountAuthorizationBuilder *B2AccountAuthorizationBuilder
	AccountId                     string
	AuthorizationToken            string
	ApiUrl                        string
	DownloadUrl                   string
	RecommendedPartSize           int64
	AbsoluteMinimumPartSize       int64
}

func (B2Ticket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.B2Ticket"`
}) {
}

func (x B2Ticket) VDLIsZero() bool { //nolint:gocyclo
	return x == B2Ticket{}
}

func (x B2Ticket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct31); err != nil {
		return err
	}
	if x.B2AccountAuthorizationBuilder != nil {
		if err := enc.NextField(0); err != nil {
			return err
		}
		enc.SetNextStartValueIsOptional()
		if err := x.B2AccountAuthorizationBuilder.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.AccountId != "" {
		if err := enc.NextFieldValueString(1, vdl.StringType, x.AccountId); err != nil {
			return err
		}
	}
	if x.AuthorizationToken != "" {
		if err := enc.NextFieldValueString(2, vdl.StringType, x.AuthorizationToken); err != nil {
			return err
		}
	}
	if x.ApiUrl != "" {
		if err := enc.NextFieldValueString(3, vdl.StringType, x.ApiUrl); err != nil {
			return err
		}
	}
	if x.DownloadUrl != "" {
		if err := enc.NextFieldValueString(4, vdl.StringType, x.DownloadUrl); err != nil {
			return err
		}
	}
	if x.RecommendedPartSize != 0 {
		if err := enc.NextFieldValueInt(5, vdl.Int64Type, x.RecommendedPartSize); err != nil {
			return err
		}
	}
	if x.AbsoluteMinimumPartSize != 0 {
		if err := enc.NextFieldValueInt(6, vdl.Int64Type, x.AbsoluteMinimumPartSize); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *B2Ticket) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = B2Ticket{}
	if err := dec.StartValue(vdlTypeStruct31); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct31 {
			index = vdlTypeStruct31.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			if err := dec.StartValue(vdlTypeOptional32); err != nil {
				return err
			}
			if dec.IsNil() {
				x.B2AccountAuthorizationBuilder = nil
				if err := dec.FinishValue(); err != nil {
					return err
				}
			} else {
				x.B2AccountAuthorizationBuilder = new(B2AccountAuthorizationBuilder)
				dec.IgnoreNextStartValue()
				if err := x.B2AccountAuthorizationBuilder.VDLRead(dec); err != nil {
					return err
				}
			}
		case 1:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.AccountId = value
			}
		case 2:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.AuthorizationToken = value
			}
		case 3:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.ApiUrl = value
			}
		case 4:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.DownloadUrl = value
			}
		case 5:
			switch value, err := dec.ReadValueInt(64); {
			case err != nil:
				return err
			default:
				x.RecommendedPartSize = value
			}
		case 6:
			switch value, err := dec.ReadValueInt(64); {
			case err != nil:
				return err
			default:
				x.AbsoluteMinimumPartSize = value
			}
		}
	}
}

// VanadiumTicket describes a set of Vanadium blessings. This allows
// obtaining a completely new blessings (role blessings) by the owners
// of certain blessings.
type VanadiumTicket struct {
	VanadiumBuilder *VanadiumBuilder
	// v.io/v23/security.WireBlessings in VOM + Base64 format.
	Blessing string
}

func (VanadiumTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.VanadiumTicket"`
}) {
}

func (x VanadiumTicket) VDLIsZero() bool { //nolint:gocyclo
	return x == VanadiumTicket{}
}

func (x VanadiumTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct33); err != nil {
		return err
	}
	if x.VanadiumBuilder != nil {
		if err := enc.NextField(0); err != nil {
			return err
		}
		enc.SetNextStartValueIsOptional()
		if err := x.VanadiumBuilder.VDLWrite(enc); err != nil {
			return err
		}
	}
	if x.Blessing != "" {
		if err := enc.NextFieldValueString(1, vdl.StringType, x.Blessing); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *VanadiumTicket) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = VanadiumTicket{}
	if err := dec.StartValue(vdlTypeStruct33); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct33 {
			index = vdlTypeStruct33.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			if err := dec.StartValue(vdlTypeOptional34); err != nil {
				return err
			}
			if dec.IsNil() {
				x.VanadiumBuilder = nil
				if err := dec.FinishValue(); err != nil {
					return err
				}
			} else {
				x.VanadiumBuilder = new(VanadiumBuilder)
				dec.IgnoreNextStartValue()
				if err := x.VanadiumBuilder.VDLRead(dec); err != nil {
					return err
				}
			}
		case 1:
			switch value, err := dec.ReadValueString(); {
			case err != nil:
				return err
			default:
				x.Blessing = value
			}
		}
	}
}

// GenericTicket describes a generic unstructured piece of data. This
// can be used to store arbitrary secrets for example.
type GenericTicket struct {
	Data []byte
}

func (GenericTicket) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.GenericTicket"`
}) {
}

func (x GenericTicket) VDLIsZero() bool { //nolint:gocyclo
	return len(x.Data) == 0
}

func (x GenericTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct35); err != nil {
		return err
	}
	if len(x.Data) != 0 {
		if err := enc.NextFieldValueBytes(0, vdlTypeList36, x.Data); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *GenericTicket) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = GenericTicket{}
	if err := dec.StartValue(vdlTypeStruct35); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct35 {
			index = vdlTypeStruct35.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		if index == 0 {

			if err := dec.ReadValueBytes(-1, &x.Data); err != nil {
				return err
			}
		}
	}
}

type (
	// Ticket represents any single field of the Ticket union type.
	//
	// Ticket is a union of all our tickets.
	Ticket interface {
		// Index returns the field index.
		Index() int
		// Interface returns the field value as an interface.
		Interface() interface{}
		// Name returns the field name.
		Name() string
		// VDLReflect describes the Ticket union type.
		VDLReflect(vdlTicketReflect)
		VDLIsZero() bool
		VDLWrite(vdl.Encoder) error
	}
	// TicketAwsTicket represents field AwsTicket of the Ticket union type.
	TicketAwsTicket struct{ Value AwsTicket }
	// TicketS3Ticket represents field S3Ticket of the Ticket union type.
	TicketS3Ticket struct{ Value S3Ticket }
	// TicketSshCertificateTicket represents field SshCertificateTicket of the Ticket union type.
	TicketSshCertificateTicket struct{ Value SshCertificateTicket }
	// TicketEcrTicket represents field EcrTicket of the Ticket union type.
	TicketEcrTicket struct{ Value EcrTicket }
	// TicketTlsServerTicket represents field TlsServerTicket of the Ticket union type.
	TicketTlsServerTicket struct{ Value TlsServerTicket }
	// TicketTlsClientTicket represents field TlsClientTicket of the Ticket union type.
	TicketTlsClientTicket struct{ Value TlsClientTicket }
	// TicketDockerTicket represents field DockerTicket of the Ticket union type.
	TicketDockerTicket struct{ Value DockerTicket }
	// TicketDockerServerTicket represents field DockerServerTicket of the Ticket union type.
	TicketDockerServerTicket struct{ Value DockerServerTicket }
	// TicketDockerClientTicket represents field DockerClientTicket of the Ticket union type.
	TicketDockerClientTicket struct{ Value DockerClientTicket }
	// TicketB2Ticket represents field B2Ticket of the Ticket union type.
	TicketB2Ticket struct{ Value B2Ticket }
	// TicketVanadiumTicket represents field VanadiumTicket of the Ticket union type.
	TicketVanadiumTicket struct{ Value VanadiumTicket }
	// TicketGenericTicket represents field GenericTicket of the Ticket union type.
	TicketGenericTicket struct{ Value GenericTicket }
	// vdlTicketReflect describes the Ticket union type.
	vdlTicketReflect struct {
		Name  string `vdl:"github.com/grailbio/base/security/ticket.Ticket"`
		Type  Ticket
		Union struct {
			AwsTicket            TicketAwsTicket
			S3Ticket             TicketS3Ticket
			SshCertificateTicket TicketSshCertificateTicket
			EcrTicket            TicketEcrTicket
			TlsServerTicket      TicketTlsServerTicket
			TlsClientTicket      TicketTlsClientTicket
			DockerTicket         TicketDockerTicket
			DockerServerTicket   TicketDockerServerTicket
			DockerClientTicket   TicketDockerClientTicket
			B2Ticket             TicketB2Ticket
			VanadiumTicket       TicketVanadiumTicket
			GenericTicket        TicketGenericTicket
		}
	}
)

func (x TicketAwsTicket) Index() int                  { return 0 }
func (x TicketAwsTicket) Interface() interface{}      { return x.Value }
func (x TicketAwsTicket) Name() string                { return "AwsTicket" }
func (x TicketAwsTicket) VDLReflect(vdlTicketReflect) {}

func (x TicketS3Ticket) Index() int                  { return 1 }
func (x TicketS3Ticket) Interface() interface{}      { return x.Value }
func (x TicketS3Ticket) Name() string                { return "S3Ticket" }
func (x TicketS3Ticket) VDLReflect(vdlTicketReflect) {}

func (x TicketSshCertificateTicket) Index() int                  { return 2 }
func (x TicketSshCertificateTicket) Interface() interface{}      { return x.Value }
func (x TicketSshCertificateTicket) Name() string                { return "SshCertificateTicket" }
func (x TicketSshCertificateTicket) VDLReflect(vdlTicketReflect) {}

func (x TicketEcrTicket) Index() int                  { return 3 }
func (x TicketEcrTicket) Interface() interface{}      { return x.Value }
func (x TicketEcrTicket) Name() string                { return "EcrTicket" }
func (x TicketEcrTicket) VDLReflect(vdlTicketReflect) {}

func (x TicketTlsServerTicket) Index() int                  { return 4 }
func (x TicketTlsServerTicket) Interface() interface{}      { return x.Value }
func (x TicketTlsServerTicket) Name() string                { return "TlsServerTicket" }
func (x TicketTlsServerTicket) VDLReflect(vdlTicketReflect) {}

func (x TicketTlsClientTicket) Index() int                  { return 5 }
func (x TicketTlsClientTicket) Interface() interface{}      { return x.Value }
func (x TicketTlsClientTicket) Name() string                { return "TlsClientTicket" }
func (x TicketTlsClientTicket) VDLReflect(vdlTicketReflect) {}

func (x TicketDockerTicket) Index() int                  { return 6 }
func (x TicketDockerTicket) Interface() interface{}      { return x.Value }
func (x TicketDockerTicket) Name() string                { return "DockerTicket" }
func (x TicketDockerTicket) VDLReflect(vdlTicketReflect) {}

func (x TicketDockerServerTicket) Index() int                  { return 7 }
func (x TicketDockerServerTicket) Interface() interface{}      { return x.Value }
func (x TicketDockerServerTicket) Name() string                { return "DockerServerTicket" }
func (x TicketDockerServerTicket) VDLReflect(vdlTicketReflect) {}

func (x TicketDockerClientTicket) Index() int                  { return 8 }
func (x TicketDockerClientTicket) Interface() interface{}      { return x.Value }
func (x TicketDockerClientTicket) Name() string                { return "DockerClientTicket" }
func (x TicketDockerClientTicket) VDLReflect(vdlTicketReflect) {}

func (x TicketB2Ticket) Index() int                  { return 9 }
func (x TicketB2Ticket) Interface() interface{}      { return x.Value }
func (x TicketB2Ticket) Name() string                { return "B2Ticket" }
func (x TicketB2Ticket) VDLReflect(vdlTicketReflect) {}

func (x TicketVanadiumTicket) Index() int                  { return 10 }
func (x TicketVanadiumTicket) Interface() interface{}      { return x.Value }
func (x TicketVanadiumTicket) Name() string                { return "VanadiumTicket" }
func (x TicketVanadiumTicket) VDLReflect(vdlTicketReflect) {}

func (x TicketGenericTicket) Index() int                  { return 11 }
func (x TicketGenericTicket) Interface() interface{}      { return x.Value }
func (x TicketGenericTicket) Name() string                { return "GenericTicket" }
func (x TicketGenericTicket) VDLReflect(vdlTicketReflect) {}

func (x TicketAwsTicket) VDLIsZero() bool { //nolint:gocyclo
	return x.Value == AwsTicket{}
}

func (x TicketS3Ticket) VDLIsZero() bool {
	return false
}

func (x TicketSshCertificateTicket) VDLIsZero() bool {
	return false
}

func (x TicketEcrTicket) VDLIsZero() bool {
	return false
}

func (x TicketTlsServerTicket) VDLIsZero() bool {
	return false
}

func (x TicketTlsClientTicket) VDLIsZero() bool {
	return false
}

func (x TicketDockerTicket) VDLIsZero() bool {
	return false
}

func (x TicketDockerServerTicket) VDLIsZero() bool {
	return false
}

func (x TicketDockerClientTicket) VDLIsZero() bool {
	return false
}

func (x TicketB2Ticket) VDLIsZero() bool {
	return false
}

func (x TicketVanadiumTicket) VDLIsZero() bool {
	return false
}

func (x TicketGenericTicket) VDLIsZero() bool {
	return false
}

func (x TicketAwsTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeUnion37); err != nil {
		return err
	}
	if err := enc.NextField(0); err != nil {
		return err
	}
	if err := x.Value.VDLWrite(enc); err != nil {
		return err
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x TicketS3Ticket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeUnion37); err != nil {
		return err
	}
	if err := enc.NextField(1); err != nil {
		return err
	}
	if err := x.Value.VDLWrite(enc); err != nil {
		return err
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x TicketSshCertificateTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeUnion37); err != nil {
		return err
	}
	if err := enc.NextField(2); err != nil {
		return err
	}
	if err := x.Value.VDLWrite(enc); err != nil {
		return err
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x TicketEcrTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeUnion37); err != nil {
		return err
	}
	if err := enc.NextField(3); err != nil {
		return err
	}
	if err := x.Value.VDLWrite(enc); err != nil {
		return err
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x TicketTlsServerTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeUnion37); err != nil {
		return err
	}
	if err := enc.NextField(4); err != nil {
		return err
	}
	if err := x.Value.VDLWrite(enc); err != nil {
		return err
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x TicketTlsClientTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeUnion37); err != nil {
		return err
	}
	if err := enc.NextField(5); err != nil {
		return err
	}
	if err := x.Value.VDLWrite(enc); err != nil {
		return err
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x TicketDockerTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeUnion37); err != nil {
		return err
	}
	if err := enc.NextField(6); err != nil {
		return err
	}
	if err := x.Value.VDLWrite(enc); err != nil {
		return err
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x TicketDockerServerTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeUnion37); err != nil {
		return err
	}
	if err := enc.NextField(7); err != nil {
		return err
	}
	if err := x.Value.VDLWrite(enc); err != nil {
		return err
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x TicketDockerClientTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeUnion37); err != nil {
		return err
	}
	if err := enc.NextField(8); err != nil {
		return err
	}
	if err := x.Value.VDLWrite(enc); err != nil {
		return err
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x TicketB2Ticket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeUnion37); err != nil {
		return err
	}
	if err := enc.NextField(9); err != nil {
		return err
	}
	if err := x.Value.VDLWrite(enc); err != nil {
		return err
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x TicketVanadiumTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeUnion37); err != nil {
		return err
	}
	if err := enc.NextField(10); err != nil {
		return err
	}
	if err := x.Value.VDLWrite(enc); err != nil {
		return err
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x TicketGenericTicket) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeUnion37); err != nil {
		return err
	}
	if err := enc.NextField(11); err != nil {
		return err
	}
	if err := x.Value.VDLWrite(enc); err != nil {
		return err
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func VDLReadTicket(dec vdl.Decoder, x *Ticket) error { //nolint:gocyclo
	if err := dec.StartValue(vdlTypeUnion37); err != nil {
		return err
	}
	decType := dec.Type()
	index, err := dec.NextField()
	switch {
	case err != nil:
		return err
	case index == -1:
		return fmt.Errorf("missing field in union %T, from %v", x, decType)
	}
	if decType != vdlTypeUnion37 {
		name := decType.Field(index).Name
		index = vdlTypeUnion37.FieldIndexByName(name)
		if index == -1 {
			return fmt.Errorf("field %q not in union %T, from %v", name, x, decType)
		}
	}
	switch index {
	case 0:
		var field TicketAwsTicket
		if err := field.Value.VDLRead(dec); err != nil {
			return err
		}
		*x = field
	case 1:
		var field TicketS3Ticket
		if err := field.Value.VDLRead(dec); err != nil {
			return err
		}
		*x = field
	case 2:
		var field TicketSshCertificateTicket
		if err := field.Value.VDLRead(dec); err != nil {
			return err
		}
		*x = field
	case 3:
		var field TicketEcrTicket
		if err := field.Value.VDLRead(dec); err != nil {
			return err
		}
		*x = field
	case 4:
		var field TicketTlsServerTicket
		if err := field.Value.VDLRead(dec); err != nil {
			return err
		}
		*x = field
	case 5:
		var field TicketTlsClientTicket
		if err := field.Value.VDLRead(dec); err != nil {
			return err
		}
		*x = field
	case 6:
		var field TicketDockerTicket
		if err := field.Value.VDLRead(dec); err != nil {
			return err
		}
		*x = field
	case 7:
		var field TicketDockerServerTicket
		if err := field.Value.VDLRead(dec); err != nil {
			return err
		}
		*x = field
	case 8:
		var field TicketDockerClientTicket
		if err := field.Value.VDLRead(dec); err != nil {
			return err
		}
		*x = field
	case 9:
		var field TicketB2Ticket
		if err := field.Value.VDLRead(dec); err != nil {
			return err
		}
		*x = field
	case 10:
		var field TicketVanadiumTicket
		if err := field.Value.VDLRead(dec); err != nil {
			return err
		}
		*x = field
	case 11:
		var field TicketGenericTicket
		if err := field.Value.VDLRead(dec); err != nil {
			return err
		}
		*x = field
	}
	switch index, err := dec.NextField(); {
	case err != nil:
		return err
	case index != -1:
		return fmt.Errorf("extra field %d in union %T, from %v", index, x, dec.Type())
	}
	return dec.FinishValue()
}

// TicketConfig describes a ticket and its associated permissions.
type TicketConfig struct {
	Ticket      Ticket
	Permissions access.Permissions
	Controls    map[Control]bool
}

func (TicketConfig) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.TicketConfig"`
}) {
}

func (x TicketConfig) VDLIsZero() bool { //nolint:gocyclo
	if x.Ticket != nil && !x.Ticket.VDLIsZero() {
		return false
	}
	if len(x.Permissions) != 0 {
		return false
	}
	if len(x.Controls) != 0 {
		return false
	}
	return true
}

func (x TicketConfig) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct38); err != nil {
		return err
	}
	if x.Ticket != nil && !x.Ticket.VDLIsZero() {
		if err := enc.NextField(0); err != nil {
			return err
		}
		if err := x.Ticket.VDLWrite(enc); err != nil {
			return err
		}
	}
	if len(x.Permissions) != 0 {
		if err := enc.NextField(1); err != nil {
			return err
		}
		if err := x.Permissions.VDLWrite(enc); err != nil {
			return err
		}
	}
	if len(x.Controls) != 0 {
		if err := enc.NextField(2); err != nil {
			return err
		}
		if err := vdlWriteAnonMap4(enc, x.Controls); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func vdlWriteAnonMap4(enc vdl.Encoder, x map[Control]bool) error {
	if err := enc.StartValue(vdlTypeMap40); err != nil {
		return err
	}
	if err := enc.SetLenHint(len(x)); err != nil {
		return err
	}
	for key, elem := range x {
		if err := enc.NextEntryValueString(vdlTypeEnum1, key.String()); err != nil {
			return err
		}
		if err := enc.WriteValueBool(vdl.BoolType, elem); err != nil {
			return err
		}
	}
	if err := enc.NextEntry(true); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *TicketConfig) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = TicketConfig{
		Ticket: TicketAwsTicket{},
	}
	if err := dec.StartValue(vdlTypeStruct38); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct38 {
			index = vdlTypeStruct38.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			if err := VDLReadTicket(dec, &x.Ticket); err != nil {
				return err
			}
		case 1:
			if err := x.Permissions.VDLRead(dec); err != nil {
				return err
			}
		case 2:
			if err := vdlReadAnonMap4(dec, &x.Controls); err != nil {
				return err
			}
		}
	}
}

func vdlReadAnonMap4(dec vdl.Decoder, x *map[Control]bool) error {
	if err := dec.StartValue(vdlTypeMap40); err != nil {
		return err
	}
	var tmpMap map[Control]bool
	if len := dec.LenHint(); len > 0 {
		tmpMap = make(map[Control]bool, len)
	}
	for {
		switch done, key, err := dec.NextEntryValueString(); {
		case err != nil:
			return err
		case done:
			*x = tmpMap
			return dec.FinishValue()
		default:
			var keyEnum Control
			if err := keyEnum.Set(key); err != nil {
				return err
			}
			var elem bool
			switch value, err := dec.ReadValueBool(); {
			case err != nil:
				return err
			default:
				elem = value
			}
			if tmpMap == nil {
				tmpMap = make(map[Control]bool)
			}
			tmpMap[keyEnum] = elem
		}
	}
}

type Config struct {
	Tickets     map[string]TicketConfig
	Permissions access.Permissions
}

func (Config) VDLReflect(struct {
	Name string `vdl:"github.com/grailbio/base/security/ticket.Config"`
}) {
}

func (x Config) VDLIsZero() bool { //nolint:gocyclo
	if len(x.Tickets) != 0 {
		return false
	}
	if len(x.Permissions) != 0 {
		return false
	}
	return true
}

func (x Config) VDLWrite(enc vdl.Encoder) error { //nolint:gocyclo
	if err := enc.StartValue(vdlTypeStruct41); err != nil {
		return err
	}
	if len(x.Tickets) != 0 {
		if err := enc.NextField(0); err != nil {
			return err
		}
		if err := vdlWriteAnonMap5(enc, x.Tickets); err != nil {
			return err
		}
	}
	if len(x.Permissions) != 0 {
		if err := enc.NextField(1); err != nil {
			return err
		}
		if err := x.Permissions.VDLWrite(enc); err != nil {
			return err
		}
	}
	if err := enc.NextField(-1); err != nil {
		return err
	}
	return enc.FinishValue()
}

func vdlWriteAnonMap5(enc vdl.Encoder, x map[string]TicketConfig) error {
	if err := enc.StartValue(vdlTypeMap42); err != nil {
		return err
	}
	if err := enc.SetLenHint(len(x)); err != nil {
		return err
	}
	for key, elem := range x {
		if err := enc.NextEntryValueString(vdl.StringType, key); err != nil {
			return err
		}
		if err := elem.VDLWrite(enc); err != nil {
			return err
		}
	}
	if err := enc.NextEntry(true); err != nil {
		return err
	}
	return enc.FinishValue()
}

func (x *Config) VDLRead(dec vdl.Decoder) error { //nolint:gocyclo
	*x = Config{}
	if err := dec.StartValue(vdlTypeStruct41); err != nil {
		return err
	}
	decType := dec.Type()
	for {
		index, err := dec.NextField()
		switch {
		case err != nil:
			return err
		case index == -1:
			return dec.FinishValue()
		}
		if decType != vdlTypeStruct41 {
			index = vdlTypeStruct41.FieldIndexByName(decType.Field(index).Name)
			if index == -1 {
				if err := dec.SkipValue(); err != nil {
					return err
				}
				continue
			}
		}
		switch index {
		case 0:
			if err := vdlReadAnonMap5(dec, &x.Tickets); err != nil {
				return err
			}
		case 1:
			if err := x.Permissions.VDLRead(dec); err != nil {
				return err
			}
		}
	}
}

func vdlReadAnonMap5(dec vdl.Decoder, x *map[string]TicketConfig) error {
	if err := dec.StartValue(vdlTypeMap42); err != nil {
		return err
	}
	var tmpMap map[string]TicketConfig
	if len := dec.LenHint(); len > 0 {
		tmpMap = make(map[string]TicketConfig, len)
	}
	for {
		switch done, key, err := dec.NextEntryValueString(); {
		case err != nil:
			return err
		case done:
			*x = tmpMap
			return dec.FinishValue()
		default:
			var elem TicketConfig
			if err := elem.VDLRead(dec); err != nil {
				return err
			}
			if tmpMap == nil {
				tmpMap = make(map[string]TicketConfig)
			}
			tmpMap[key] = elem
		}
	}
}

// Interface definitions
// =====================

// TicketServiceClientMethods is the client interface
// containing TicketService methods.
//
// TicketService provides a way to obtain a ticket. The access can be
// restricted by setting the permissions appropriately.
type TicketServiceClientMethods interface {
	GetPermissions(*context.T, ...rpc.CallOpt) (perms access.Permissions, version string, _ error)
	SetPermissions(_ *context.T, perms access.Permissions, version string, _ ...rpc.CallOpt) error
	Get(*context.T, ...rpc.CallOpt) (Ticket, error)
	GetWithParameters(_ *context.T, parameters []Parameter, _ ...rpc.CallOpt) (Ticket, error)
	GetWithArgs(_ *context.T, args map[string]string, _ ...rpc.CallOpt) (Ticket, error)
}

// TicketServiceClientStub embeds TicketServiceClientMethods and is a
// placeholder for additional management operations.
type TicketServiceClientStub interface {
	TicketServiceClientMethods
}

// TicketServiceClient returns a client stub for TicketService.
func TicketServiceClient(name string) TicketServiceClientStub {
	return implTicketServiceClientStub{name}
}

type implTicketServiceClientStub struct {
	name string
}

func (c implTicketServiceClientStub) GetPermissions(ctx *context.T, opts ...rpc.CallOpt) (o0 access.Permissions, o1 string, err error) {
	err = v23.GetClient(ctx).Call(ctx, c.name, "GetPermissions", nil, []interface{}{&o0, &o1}, opts...)
	return
}

func (c implTicketServiceClientStub) SetPermissions(ctx *context.T, i0 access.Permissions, i1 string, opts ...rpc.CallOpt) (err error) {
	err = v23.GetClient(ctx).Call(ctx, c.name, "SetPermissions", []interface{}{i0, i1}, nil, opts...)
	return
}

func (c implTicketServiceClientStub) Get(ctx *context.T, opts ...rpc.CallOpt) (o0 Ticket, err error) {
	err = v23.GetClient(ctx).Call(ctx, c.name, "Get", nil, []interface{}{&o0}, opts...)
	return
}

func (c implTicketServiceClientStub) GetWithParameters(ctx *context.T, i0 []Parameter, opts ...rpc.CallOpt) (o0 Ticket, err error) {
	err = v23.GetClient(ctx).Call(ctx, c.name, "GetWithParameters", []interface{}{i0}, []interface{}{&o0}, opts...)
	return
}

func (c implTicketServiceClientStub) GetWithArgs(ctx *context.T, i0 map[string]string, opts ...rpc.CallOpt) (o0 Ticket, err error) {
	err = v23.GetClient(ctx).Call(ctx, c.name, "GetWithArgs", []interface{}{i0}, []interface{}{&o0}, opts...)
	return
}

// TicketServiceServerMethods is the interface a server writer
// implements for TicketService.
//
// TicketService provides a way to obtain a ticket. The access can be
// restricted by setting the permissions appropriately.
type TicketServiceServerMethods interface {
	GetPermissions(*context.T, rpc.ServerCall) (perms access.Permissions, version string, _ error)
	SetPermissions(_ *context.T, _ rpc.ServerCall, perms access.Permissions, version string) error
	Get(*context.T, rpc.ServerCall) (Ticket, error)
	GetWithParameters(_ *context.T, _ rpc.ServerCall, parameters []Parameter) (Ticket, error)
	GetWithArgs(_ *context.T, _ rpc.ServerCall, args map[string]string) (Ticket, error)
}

// TicketServiceServerStubMethods is the server interface containing
// TicketService methods, as expected by rpc.Server.
// There is no difference between this interface and TicketServiceServerMethods
// since there are no streaming methods.
type TicketServiceServerStubMethods TicketServiceServerMethods

// TicketServiceServerStub adds universal methods to TicketServiceServerStubMethods.
type TicketServiceServerStub interface {
	TicketServiceServerStubMethods
	// DescribeInterfaces the TicketService interfaces.
	Describe__() []rpc.InterfaceDesc
}

// TicketServiceServer returns a server stub for TicketService.
// It converts an implementation of TicketServiceServerMethods into
// an object that may be used by rpc.Server.
func TicketServiceServer(impl TicketServiceServerMethods) TicketServiceServerStub {
	stub := implTicketServiceServerStub{
		impl: impl,
	}
	// Initialize GlobState; always check the stub itself first, to handle the
	// case where the user has the Glob method defined in their VDL source.
	if gs := rpc.NewGlobState(stub); gs != nil {
		stub.gs = gs
	} else if gs := rpc.NewGlobState(impl); gs != nil {
		stub.gs = gs
	}
	return stub
}

type implTicketServiceServerStub struct {
	impl TicketServiceServerMethods
	gs   *rpc.GlobState
}

func (s implTicketServiceServerStub) GetPermissions(ctx *context.T, call rpc.ServerCall) (access.Permissions, string, error) {
	return s.impl.GetPermissions(ctx, call)
}

func (s implTicketServiceServerStub) SetPermissions(ctx *context.T, call rpc.ServerCall, i0 access.Permissions, i1 string) error {
	return s.impl.SetPermissions(ctx, call, i0, i1)
}

func (s implTicketServiceServerStub) Get(ctx *context.T, call rpc.ServerCall) (Ticket, error) {
	return s.impl.Get(ctx, call)
}

func (s implTicketServiceServerStub) GetWithParameters(ctx *context.T, call rpc.ServerCall, i0 []Parameter) (Ticket, error) {
	return s.impl.GetWithParameters(ctx, call, i0)
}

func (s implTicketServiceServerStub) GetWithArgs(ctx *context.T, call rpc.ServerCall, i0 map[string]string) (Ticket, error) {
	return s.impl.GetWithArgs(ctx, call, i0)
}

func (s implTicketServiceServerStub) Globber() *rpc.GlobState {
	return s.gs
}

func (s implTicketServiceServerStub) Describe__() []rpc.InterfaceDesc {
	return []rpc.InterfaceDesc{TicketServiceDesc}
}

// TicketServiceDesc describes the TicketService interface.
var TicketServiceDesc rpc.InterfaceDesc = descTicketService

// descTicketService hides the desc to keep godoc clean.
var descTicketService = rpc.InterfaceDesc{
	Name:    "TicketService",
	PkgPath: "github.com/grailbio/base/security/ticket",
	Doc:     "// TicketService provides a way to obtain a ticket. The access can be\n// restricted by setting the permissions appropriately.",
	Methods: []rpc.MethodDesc{
		{
			Name: "GetPermissions",
			OutArgs: []rpc.ArgDesc{
				{Name: "perms", Doc: ``},   // access.Permissions
				{Name: "version", Doc: ``}, // string
			},
			Tags: []*vdl.Value{vdl.ValueOf(access.Tag("Read"))},
		},
		{
			Name: "SetPermissions",
			InArgs: []rpc.ArgDesc{
				{Name: "perms", Doc: ``},   // access.Permissions
				{Name: "version", Doc: ``}, // string
			},
			Tags: []*vdl.Value{vdl.ValueOf(access.Tag("Admin"))},
		},
		{
			Name: "Get",
			OutArgs: []rpc.ArgDesc{
				{Name: "", Doc: ``}, // Ticket
			},
			Tags: []*vdl.Value{vdl.ValueOf(access.Tag("Read"))},
		},
		{
			Name: "GetWithParameters",
			InArgs: []rpc.ArgDesc{
				{Name: "parameters", Doc: ``}, // []Parameter
			},
			OutArgs: []rpc.ArgDesc{
				{Name: "", Doc: ``}, // Ticket
			},
			Tags: []*vdl.Value{vdl.ValueOf(access.Tag("Read"))},
		},
		{
			Name: "GetWithArgs",
			InArgs: []rpc.ArgDesc{
				{Name: "args", Doc: ``}, // map[string]string
			},
			OutArgs: []rpc.ArgDesc{
				{Name: "", Doc: ``}, // Ticket
			},
			Tags: []*vdl.Value{vdl.ValueOf(access.Tag("Read"))},
		},
	},
}

// ListServiceClientMethods is the client interface
// containing ListService methods.
type ListServiceClientMethods interface {
	List(*context.T, ...rpc.CallOpt) ([]string, error)
}

// ListServiceClientStub embeds ListServiceClientMethods and is a
// placeholder for additional management operations.
type ListServiceClientStub interface {
	ListServiceClientMethods
}

// ListServiceClient returns a client stub for ListService.
func ListServiceClient(name string) ListServiceClientStub {
	return implListServiceClientStub{name}
}

type implListServiceClientStub struct {
	name string
}

func (c implListServiceClientStub) List(ctx *context.T, opts ...rpc.CallOpt) (o0 []string, err error) {
	err = v23.GetClient(ctx).Call(ctx, c.name, "List", nil, []interface{}{&o0}, opts...)
	return
}

// ListServiceServerMethods is the interface a server writer
// implements for ListService.
type ListServiceServerMethods interface {
	List(*context.T, rpc.ServerCall) ([]string, error)
}

// ListServiceServerStubMethods is the server interface containing
// ListService methods, as expected by rpc.Server.
// There is no difference between this interface and ListServiceServerMethods
// since there are no streaming methods.
type ListServiceServerStubMethods ListServiceServerMethods

// ListServiceServerStub adds universal methods to ListServiceServerStubMethods.
type ListServiceServerStub interface {
	ListServiceServerStubMethods
	// DescribeInterfaces the ListService interfaces.
	Describe__() []rpc.InterfaceDesc
}

// ListServiceServer returns a server stub for ListService.
// It converts an implementation of ListServiceServerMethods into
// an object that may be used by rpc.Server.
func ListServiceServer(impl ListServiceServerMethods) ListServiceServerStub {
	stub := implListServiceServerStub{
		impl: impl,
	}
	// Initialize GlobState; always check the stub itself first, to handle the
	// case where the user has the Glob method defined in their VDL source.
	if gs := rpc.NewGlobState(stub); gs != nil {
		stub.gs = gs
	} else if gs := rpc.NewGlobState(impl); gs != nil {
		stub.gs = gs
	}
	return stub
}

type implListServiceServerStub struct {
	impl ListServiceServerMethods
	gs   *rpc.GlobState
}

func (s implListServiceServerStub) List(ctx *context.T, call rpc.ServerCall) ([]string, error) {
	return s.impl.List(ctx, call)
}

func (s implListServiceServerStub) Globber() *rpc.GlobState {
	return s.gs
}

func (s implListServiceServerStub) Describe__() []rpc.InterfaceDesc {
	return []rpc.InterfaceDesc{ListServiceDesc}
}

// ListServiceDesc describes the ListService interface.
var ListServiceDesc rpc.InterfaceDesc = descListService

// descListService hides the desc to keep godoc clean.
var descListService = rpc.InterfaceDesc{
	Name:    "ListService",
	PkgPath: "github.com/grailbio/base/security/ticket",
	Methods: []rpc.MethodDesc{
		{
			Name: "List",
			OutArgs: []rpc.ArgDesc{
				{Name: "", Doc: ``}, // []string
			},
			Tags: []*vdl.Value{vdl.ValueOf(access.Tag("Read"))},
		},
	},
}

// Hold type definitions in package-level variables, for better performance.
//nolint:unused
var (
	vdlTypeEnum1      *vdl.Type
	vdlTypeStruct2    *vdl.Type
	vdlTypeStruct3    *vdl.Type
	vdlTypeStruct4    *vdl.Type
	vdlTypeStruct5    *vdl.Type
	vdlTypeList6      *vdl.Type
	vdlTypeStruct7    *vdl.Type
	vdlTypeStruct8    *vdl.Type
	vdlTypeStruct9    *vdl.Type
	vdlTypeStruct10   *vdl.Type
	vdlTypeOptional11 *vdl.Type
	vdlTypeOptional12 *vdl.Type
	vdlTypeStruct13   *vdl.Type
	vdlTypeStruct14   *vdl.Type
	vdlTypeStruct15   *vdl.Type
	vdlTypeStruct16   *vdl.Type
	vdlTypeStruct17   *vdl.Type
	vdlTypeOptional18 *vdl.Type
	vdlTypeStruct19   *vdl.Type
	vdlTypeStruct20   *vdl.Type
	vdlTypeStruct21   *vdl.Type
	vdlTypeStruct22   *vdl.Type
	vdlTypeStruct23   *vdl.Type
	vdlTypeStruct24   *vdl.Type
	vdlTypeList25     *vdl.Type
	vdlTypeStruct26   *vdl.Type
	vdlTypeStruct27   *vdl.Type
	vdlTypeOptional28 *vdl.Type
	vdlTypeOptional29 *vdl.Type
	vdlTypeList30     *vdl.Type
	vdlTypeStruct31   *vdl.Type
	vdlTypeOptional32 *vdl.Type
	vdlTypeStruct33   *vdl.Type
	vdlTypeOptional34 *vdl.Type
	vdlTypeStruct35   *vdl.Type
	vdlTypeList36     *vdl.Type
	vdlTypeUnion37    *vdl.Type
	vdlTypeStruct38   *vdl.Type
	vdlTypeMap39      *vdl.Type
	vdlTypeMap40      *vdl.Type
	vdlTypeStruct41   *vdl.Type
	vdlTypeMap42      *vdl.Type
)

var initializeVDLCalled bool

// initializeVDL performs vdl initialization.  It is safe to call multiple times.
// If you have an init ordering issue, just insert the following line verbatim
// into your source files in this package, right after the "package foo" clause:
//
//    var _ = initializeVDL()
//
// The purpose of this function is to ensure that vdl initialization occurs in
// the right order, and very early in the init sequence.  In particular, vdl
// registration and package variable initialization needs to occur before
// functions like vdl.TypeOf will work properly.
//
// This function returns a dummy value, so that it can be used to initialize the
// first var in the file, to take advantage of Go's defined init order.
func initializeVDL() struct{} {
	if initializeVDLCalled {
		return struct{}{}
	}
	initializeVDLCalled = true

	// Register types.
	vdl.Register((*Control)(nil))
	vdl.Register((*AwsCredentials)(nil))
	vdl.Register((*AwsAssumeRoleBuilder)(nil))
	vdl.Register((*AwsSessionBuilder)(nil))
	vdl.Register((*TlsCertAuthorityBuilder)(nil))
	vdl.Register((*SshCertAuthorityBuilder)(nil))
	vdl.Register((*B2AccountAuthorizationBuilder)(nil))
	vdl.Register((*VanadiumBuilder)(nil))
	vdl.Register((*AwsTicket)(nil))
	vdl.Register((*S3Ticket)(nil))
	vdl.Register((*EcrTicket)(nil))
	vdl.Register((*SshCert)(nil))
	vdl.Register((*TlsCredentials)(nil))
	vdl.Register((*TlsServerTicket)(nil))
	vdl.Register((*TlsClientTicket)(nil))
	vdl.Register((*DockerTicket)(nil))
	vdl.Register((*DockerServerTicket)(nil))
	vdl.Register((*DockerClientTicket)(nil))
	vdl.Register((*Parameter)(nil))
	vdl.Register((*AwsComputeInstancesBuilder)(nil))
	vdl.Register((*ComputeInstance)(nil))
	vdl.Register((*SshCertificateTicket)(nil))
	vdl.Register((*B2Ticket)(nil))
	vdl.Register((*VanadiumTicket)(nil))
	vdl.Register((*GenericTicket)(nil))
	vdl.Register((*Ticket)(nil))
	vdl.Register((*TicketConfig)(nil))
	vdl.Register((*Config)(nil))

	// Initialize type definitions.
	vdlTypeEnum1 = vdl.TypeOf((*Control)(nil))
	vdlTypeStruct2 = vdl.TypeOf((*AwsCredentials)(nil)).Elem()
	vdlTypeStruct3 = vdl.TypeOf((*AwsAssumeRoleBuilder)(nil)).Elem()
	vdlTypeStruct4 = vdl.TypeOf((*AwsSessionBuilder)(nil)).Elem()
	vdlTypeStruct5 = vdl.TypeOf((*TlsCertAuthorityBuilder)(nil)).Elem()
	vdlTypeList6 = vdl.TypeOf((*[]string)(nil))
	vdlTypeStruct7 = vdl.TypeOf((*SshCertAuthorityBuilder)(nil)).Elem()
	vdlTypeStruct8 = vdl.TypeOf((*B2AccountAuthorizationBuilder)(nil)).Elem()
	vdlTypeStruct9 = vdl.TypeOf((*VanadiumBuilder)(nil)).Elem()
	vdlTypeStruct10 = vdl.TypeOf((*AwsTicket)(nil)).Elem()
	vdlTypeOptional11 = vdl.TypeOf((*AwsAssumeRoleBuilder)(nil))
	vdlTypeOptional12 = vdl.TypeOf((*AwsSessionBuilder)(nil))
	vdlTypeStruct13 = vdl.TypeOf((*S3Ticket)(nil)).Elem()
	vdlTypeStruct14 = vdl.TypeOf((*EcrTicket)(nil)).Elem()
	vdlTypeStruct15 = vdl.TypeOf((*SshCert)(nil)).Elem()
	vdlTypeStruct16 = vdl.TypeOf((*TlsCredentials)(nil)).Elem()
	vdlTypeStruct17 = vdl.TypeOf((*TlsServerTicket)(nil)).Elem()
	vdlTypeOptional18 = vdl.TypeOf((*TlsCertAuthorityBuilder)(nil))
	vdlTypeStruct19 = vdl.TypeOf((*TlsClientTicket)(nil)).Elem()
	vdlTypeStruct20 = vdl.TypeOf((*DockerTicket)(nil)).Elem()
	vdlTypeStruct21 = vdl.TypeOf((*DockerServerTicket)(nil)).Elem()
	vdlTypeStruct22 = vdl.TypeOf((*DockerClientTicket)(nil)).Elem()
	vdlTypeStruct23 = vdl.TypeOf((*Parameter)(nil)).Elem()
	vdlTypeStruct24 = vdl.TypeOf((*AwsComputeInstancesBuilder)(nil)).Elem()
	vdlTypeList25 = vdl.TypeOf((*[]Parameter)(nil))
	vdlTypeStruct26 = vdl.TypeOf((*ComputeInstance)(nil)).Elem()
	vdlTypeStruct27 = vdl.TypeOf((*SshCertificateTicket)(nil)).Elem()
	vdlTypeOptional28 = vdl.TypeOf((*SshCertAuthorityBuilder)(nil))
	vdlTypeOptional29 = vdl.TypeOf((*AwsComputeInstancesBuilder)(nil))
	vdlTypeList30 = vdl.TypeOf((*[]ComputeInstance)(nil))
	vdlTypeStruct31 = vdl.TypeOf((*B2Ticket)(nil)).Elem()
	vdlTypeOptional32 = vdl.TypeOf((*B2AccountAuthorizationBuilder)(nil))
	vdlTypeStruct33 = vdl.TypeOf((*VanadiumTicket)(nil)).Elem()
	vdlTypeOptional34 = vdl.TypeOf((*VanadiumBuilder)(nil))
	vdlTypeStruct35 = vdl.TypeOf((*GenericTicket)(nil)).Elem()
	vdlTypeList36 = vdl.TypeOf((*[]byte)(nil))
	vdlTypeUnion37 = vdl.TypeOf((*Ticket)(nil))
	vdlTypeStruct38 = vdl.TypeOf((*TicketConfig)(nil)).Elem()
	vdlTypeMap39 = vdl.TypeOf((*access.Permissions)(nil))
	vdlTypeMap40 = vdl.TypeOf((*map[Control]bool)(nil))
	vdlTypeStruct41 = vdl.TypeOf((*Config)(nil)).Elem()
	vdlTypeMap42 = vdl.TypeOf((*map[string]TicketConfig)(nil))

	return struct{}{}
}