ca.proto 2.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172
  1. syntax = "proto3";
  2. package docker.swarmkit.v1;
  3. import "types.proto";
  4. import "specs.proto";
  5. import "gogoproto/gogo.proto";
  6. import "plugin/plugin.proto";
  7. // CA defines the RPC methods for requesting certificates from a CA.
  8. service CA {
  9. rpc GetRootCACertificate(GetRootCACertificateRequest) returns (GetRootCACertificateResponse) {
  10. option (docker.protobuf.plugin.tls_authorization) = { insecure: true };
  11. };
  12. // GetUnlockKey returns the current unlock key for the cluster for the role of the client
  13. // asking.
  14. rpc GetUnlockKey(GetUnlockKeyRequest) returns (GetUnlockKeyResponse) {
  15. option (docker.protobuf.plugin.tls_authorization) = { roles: ["swarm-manager"] };
  16. };
  17. }
  18. service NodeCA {
  19. rpc IssueNodeCertificate(IssueNodeCertificateRequest) returns (IssueNodeCertificateResponse) {
  20. option (docker.protobuf.plugin.tls_authorization) = { insecure: true };
  21. };
  22. rpc NodeCertificateStatus(NodeCertificateStatusRequest) returns (NodeCertificateStatusResponse) {
  23. option (docker.protobuf.plugin.tls_authorization) = { insecure: true };
  24. };
  25. }
  26. message NodeCertificateStatusRequest {
  27. string node_id = 1;
  28. }
  29. message NodeCertificateStatusResponse {
  30. IssuanceStatus status = 1;
  31. Certificate certificate = 2;
  32. }
  33. message IssueNodeCertificateRequest {
  34. // DEPRECATED: Role is now selected based on which secret is matched.
  35. NodeRole role = 1 [deprecated=true];
  36. // CSR is the certificate signing request.
  37. bytes csr = 2 [(gogoproto.customname) = "CSR"];
  38. // Token represents a user-provided string that is necessary for new
  39. // nodes to join the cluster
  40. string token = 3;
  41. // Availability allows a user to control the current scheduling status of a node
  42. NodeSpec.Availability availability = 4;
  43. }
  44. message IssueNodeCertificateResponse {
  45. string node_id = 1;
  46. NodeSpec.Membership node_membership = 2;
  47. }
  48. message GetRootCACertificateRequest {}
  49. message GetRootCACertificateResponse {
  50. bytes certificate = 1;
  51. }
  52. message GetUnlockKeyRequest {}
  53. message GetUnlockKeyResponse {
  54. bytes unlock_key = 1;
  55. Version version = 2 [(gogoproto.nullable) = false];
  56. }