File: ca.proto

package info (click to toggle)
docker.io 26.1.5%2Bdfsg1-9
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 68,576 kB
  • sloc: sh: 5,748; makefile: 912; ansic: 664; asm: 228; python: 162
file content (72 lines) | stat: -rw-r--r-- 2,151 bytes parent folder | download | duplicates (9) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
syntax = "proto3";

package docker.swarmkit.v1;

import "github.com/docker/swarmkit/api/types.proto";
import "github.com/docker/swarmkit/api/specs.proto";
import "gogoproto/gogo.proto";
import "github.com/docker/swarmkit/protobuf/plugin/plugin.proto";

// CA defines the RPC methods for requesting certificates from a CA.

service CA {
	rpc GetRootCACertificate(GetRootCACertificateRequest) returns (GetRootCACertificateResponse) {
		option (docker.protobuf.plugin.tls_authorization) = { insecure: true };
	};
	// GetUnlockKey returns the current unlock key for the cluster for the role of the client
	// asking.
	rpc GetUnlockKey(GetUnlockKeyRequest) returns (GetUnlockKeyResponse) {
		option (docker.protobuf.plugin.tls_authorization) = { roles: ["swarm-manager"] };
	};
}

service NodeCA {
	rpc IssueNodeCertificate(IssueNodeCertificateRequest) returns (IssueNodeCertificateResponse) {
		option (docker.protobuf.plugin.tls_authorization) = { insecure: true };
	};
	rpc NodeCertificateStatus(NodeCertificateStatusRequest) returns (NodeCertificateStatusResponse) {
		option (docker.protobuf.plugin.tls_authorization) = { insecure: true };
	};
}

message NodeCertificateStatusRequest {
	string node_id = 1;
}

message NodeCertificateStatusResponse {
	IssuanceStatus status = 1;
	Certificate certificate = 2;
}

message IssueNodeCertificateRequest {
	// DEPRECATED: Role is now selected based on which secret is matched.
	NodeRole role = 1 [deprecated=true];

	// CSR is the certificate signing request.
	bytes csr = 2 [(gogoproto.customname) = "CSR"];

	// Token represents a user-provided string that is necessary for new
	// nodes to join the cluster
	string token = 3;

	// Availability allows a user to control the current scheduling status of a node
	NodeSpec.Availability availability = 4;
}

message IssueNodeCertificateResponse {
	string node_id = 1;
	NodeSpec.Membership node_membership = 2;
}

message GetRootCACertificateRequest {}

message GetRootCACertificateResponse {
	bytes certificate = 1;
}

message GetUnlockKeyRequest {}

message GetUnlockKeyResponse {
	bytes unlock_key = 1;
	Version version = 2 [(gogoproto.nullable) = false];
}