github.com/choria-io/go-choria@v0.28.1-0.20240416190746-b3bf9c7d5a45/internal/fs/ddl/cache/agent/choria_provision.ddl (about)

     1  --  Copyright (c) 2024, R.I. Pienaar and the Choria Project contributors
     2  --
     3  --  SPDX-License-Identifier: Apache-2.0
     4  
     5  --  Copyright (c) 2024, R.I. Pienaar and the Choria Project contributors
     6  --
     7  --  SPDX-License-Identifier: Apache-2.0
     8  
     9  metadata :name        => "choria_provision",
    10           :description => "Choria Provisioner",
    11           :author      => "R.I.Pienaar <rip@devco.net>",
    12           :license     => "Apache-2.0",
    13           :version     => "0.28.0",
    14           :url         => "https://choria.io",
    15           :timeout     => 20
    16  
    17  
    18  action "configure", :description => "Configure the Choria Server" do
    19    display :failed
    20  
    21    input :action_policies,
    22          :prompt      => "Action Policy Documents",
    23          :description => "Map of Action Policy documents indexed by file name",
    24          :type        => :hash,
    25          :optional    => true
    26  
    27  
    28    input :ca,
    29          :prompt      => "CA Bundle",
    30          :description => "PEM text block for the CA",
    31          :type        => :string,
    32          :validation  => '^-----BEGIN CERTIFICATE-----',
    33          :maxlength   => 20480,
    34          :optional    => true
    35  
    36  
    37    input :certificate,
    38          :prompt      => "Certificate",
    39          :description => "PEM text block for the certificate",
    40          :type        => :string,
    41          :validation  => '^-----BEGIN CERTIFICATE-----',
    42          :maxlength   => 10240,
    43          :optional    => true
    44  
    45  
    46    input :config,
    47          :prompt      => "Configuration",
    48          :description => "The configuration to apply to this node",
    49          :type        => :string,
    50          :validation  => '^{.+}$',
    51          :maxlength   => 2048,
    52          :optional    => false
    53  
    54  
    55    input :ecdh_public,
    56          :prompt      => "ECDH Public Key",
    57          :description => "Required when sending a private key",
    58          :type        => :string,
    59          :validation  => '.',
    60          :maxlength   => 64,
    61          :optional    => true
    62  
    63  
    64    input :key,
    65          :prompt      => "PEM text block for the private key",
    66          :description => "A RSA private key",
    67          :type        => :string,
    68          :validation  => '-----BEGIN RSA PRIVATE KEY-----',
    69          :maxlength   => 10240,
    70          :optional    => true
    71  
    72  
    73    input :opa_policies,
    74          :prompt      => "Open Policy Agent Policy Documents",
    75          :description => "Map of Open Policy Agent Policy documents indexed by file name",
    76          :type        => :hash,
    77          :optional    => true
    78  
    79  
    80    input :server_jwt,
    81          :prompt      => "Server JWT",
    82          :description => "JWT file used to identify the server to the broker for ed25519 based authentication",
    83          :type        => :string,
    84          :validation  => '.',
    85          :maxlength   => 2048,
    86          :optional    => true
    87  
    88  
    89    input :ssldir,
    90          :prompt      => "SSL Dir",
    91          :description => "Directory for storing the certificate in",
    92          :type        => :string,
    93          :validation  => '.',
    94          :maxlength   => 500,
    95          :optional    => true
    96  
    97  
    98    input :token,
    99          :prompt      => "Token",
   100          :description => "Authentication token to pass to the server",
   101          :type        => :string,
   102          :validation  => '.',
   103          :maxlength   => 128,
   104          :optional    => true
   105  
   106  
   107  
   108  
   109    output :message,
   110           :description => "Status message from the Provisioner",
   111           :type        => "string",
   112           :display_as  => "Message"
   113  
   114  end
   115  
   116  action "gen25519", :description => "Generates a new ED25519 keypair" do
   117    display :always
   118  
   119    input :nonce,
   120          :prompt      => "Nonce",
   121          :description => "Single use token to be signed by the private key being generated",
   122          :type        => :string,
   123          :validation  => '.',
   124          :maxlength   => 64,
   125          :optional    => false
   126  
   127  
   128    input :token,
   129          :prompt      => "Token",
   130          :description => "Authentication token to pass to the server",
   131          :type        => :string,
   132          :validation  => '.',
   133          :maxlength   => 128,
   134          :optional    => false
   135  
   136  
   137  
   138  
   139    output :directory,
   140           :description => "The directory where server.key and server.pub is written to",
   141           :type        => "string",
   142           :display_as  => "Directory"
   143  
   144    output :public_key,
   145           :description => "The ED255519 public key hex encoded",
   146           :type        => "string",
   147           :display_as  => "Public Key"
   148  
   149    output :signature,
   150           :description => "The signature of the nonce made using the new private key, hex encoded",
   151           :type        => "string",
   152           :display_as  => "Signature"
   153  
   154  end
   155  
   156  action "gencsr", :description => "Request a CSR from the Choria Server" do
   157    display :always
   158  
   159    input :C,
   160          :prompt      => "Country",
   161          :description => "Country Code",
   162          :type        => :string,
   163          :validation  => '^[A-Z]{2}$',
   164          :maxlength   => 2,
   165          :optional    => true
   166  
   167  
   168    input :L,
   169          :prompt      => "Locality",
   170          :description => "Locality or municipality (such as city or town name)",
   171          :type        => :string,
   172          :validation  => '^[\w\s-]+$',
   173          :maxlength   => 50,
   174          :optional    => true
   175  
   176  
   177    input :O,
   178          :prompt      => "Organization",
   179          :description => "Organization",
   180          :type        => :string,
   181          :validation  => '^[\w\s-]+$',
   182          :maxlength   => 50,
   183          :optional    => true
   184  
   185  
   186    input :OU,
   187          :prompt      => "Organizational Unit",
   188          :description => "Organizational Unit",
   189          :type        => :string,
   190          :validation  => '^[\w\s-]+$',
   191          :maxlength   => 50,
   192          :optional    => true
   193  
   194  
   195    input :ST,
   196          :prompt      => "State",
   197          :description => "State",
   198          :type        => :string,
   199          :validation  => '^[\w\s-]+$',
   200          :maxlength   => 50,
   201          :optional    => true
   202  
   203  
   204    input :cn,
   205          :prompt      => "Common Name",
   206          :description => "The certificate Common Name to place in the CSR",
   207          :type        => :string,
   208          :validation  => '^(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]).)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9-]*[A-Za-z0-9])$',
   209          :maxlength   => 80,
   210          :optional    => true
   211  
   212  
   213    input :token,
   214          :prompt      => "Token",
   215          :description => "Authentication token to pass to the server",
   216          :type        => :string,
   217          :validation  => '.',
   218          :maxlength   => 128,
   219          :optional    => false
   220  
   221  
   222  
   223  
   224    output :csr,
   225           :description => "PEM text block for the CSR",
   226           :type        => "string",
   227           :display_as  => "CSR"
   228  
   229    output :public_key,
   230           :description => "PEM text block of the public key that made the CSR",
   231           :type        => "string",
   232           :display_as  => "Public Key"
   233  
   234    output :ssldir,
   235           :description => "SSL directory as determined by the server",
   236           :type        => "string",
   237           :display_as  => "SSL Dir"
   238  
   239  end
   240  
   241  action "jwt", :description => "Re-enable provision mode in a running Choria Server" do
   242    display :always
   243  
   244    input :token,
   245          :prompt      => "Token",
   246          :description => "Authentication token to pass to the server",
   247          :type        => :string,
   248          :validation  => '.',
   249          :maxlength   => 128,
   250          :optional    => false
   251  
   252  
   253  
   254  
   255    output :ecdh_public,
   256           :description => "The ECDH public key for calculating shared secrets",
   257           :type        => "string",
   258           :display_as  => "ECDH Public Key"
   259  
   260    output :jwt,
   261           :description => "The contents of the JWT token",
   262           :type        => "string",
   263           :display_as  => "JWT Token"
   264  
   265  end
   266  
   267  action "reprovision", :description => "Reenable provision mode in a running Choria Server" do
   268    display :always
   269  
   270    input :token,
   271          :prompt      => "Token",
   272          :description => "Authentication token to pass to the server",
   273          :type        => :string,
   274          :validation  => '.',
   275          :maxlength   => 128,
   276          :optional    => false
   277  
   278  
   279  
   280  
   281    output :message,
   282           :description => "Status message from the Provisioner",
   283           :type        => "string",
   284           :display_as  => "Message"
   285  
   286  end
   287  
   288  action "restart", :description => "Restart the Choria Server" do
   289    display :failed
   290  
   291    input :splay,
   292          :prompt      => "Splay time",
   293          :description => "The configuration to apply to this node",
   294          :type        => :number,
   295          :optional    => true
   296  
   297  
   298    input :token,
   299          :prompt      => "Token",
   300          :description => "Authentication token to pass to the server",
   301          :type        => :string,
   302          :validation  => '.',
   303          :maxlength   => 128,
   304          :optional    => false
   305  
   306  
   307  
   308  
   309    output :message,
   310           :description => "Status message from the Provisioner",
   311           :type        => "string",
   312           :display_as  => "Message"
   313  
   314  end
   315  
   316  action "release_update", :description => "Performs an in-place binary update and restarts Choria" do
   317    display :always
   318  
   319    input :repository,
   320          :prompt      => "Repository URL",
   321          :description => "HTTP(S) server hosting the update repository",
   322          :type        => :string,
   323          :validation  => '^http(s*)://',
   324          :maxlength   => 512,
   325          :optional    => false
   326  
   327  
   328    input :token,
   329          :prompt      => "Token",
   330          :description => "Authentication token to pass to the server",
   331          :type        => :string,
   332          :validation  => '.',
   333          :maxlength   => 128,
   334          :optional    => false
   335  
   336  
   337    input :version,
   338          :prompt      => "Version to update to",
   339          :description => "Package version to update to",
   340          :type        => :string,
   341          :validation  => '.+',
   342          :maxlength   => 32,
   343          :optional    => false
   344  
   345  
   346  
   347  
   348    output :message,
   349           :description => "Status message from the Provisioner",
   350           :type        => "string",
   351           :display_as  => "Message"
   352  
   353  end
   354  
   355  action "shutdown", :description => "Shut the Choria Server down cleanly" do
   356    display :failed
   357  
   358    input :token,
   359          :prompt      => "Token",
   360          :description => "Authentication token to pass to the server",
   361          :type        => :string,
   362          :validation  => '.',
   363          :maxlength   => 128,
   364          :optional    => false
   365  
   366  
   367  
   368  
   369    output :message,
   370           :description => "Status message from the Provisioner",
   371           :type        => "string",
   372           :display_as  => "Message"
   373  
   374  end
   375