github.com/kaisenlinux/docker@v0.0.0-20230510090727-ea55db55fac7/swarmkit/api/ca.proto

github.com/kaisenlinux/docker@v0.0.0-20230510090727-ea55db55fac7/swarmkit/api/ca.proto (about)

     1  syntax = "proto3";
     2  
     3  package docker.swarmkit.v1;
     4  
     5  import "github.com/docker/swarmkit/api/types.proto";
     6  import "github.com/docker/swarmkit/api/specs.proto";
     7  import "gogoproto/gogo.proto";
     8  import "github.com/docker/swarmkit/protobuf/plugin/plugin.proto";
     9  
    10  // CA defines the RPC methods for requesting certificates from a CA.
    11  
    12  service CA {
    13  	rpc GetRootCACertificate(GetRootCACertificateRequest) returns (GetRootCACertificateResponse) {
    14  		option (docker.protobuf.plugin.tls_authorization) = { insecure: true };
    15  	};
    16  	// GetUnlockKey returns the current unlock key for the cluster for the role of the client
    17  	// asking.
    18  	rpc GetUnlockKey(GetUnlockKeyRequest) returns (GetUnlockKeyResponse) {
    19  		option (docker.protobuf.plugin.tls_authorization) = { roles: ["swarm-manager"] };
    20  	};
    21  }
    22  
    23  service NodeCA {
    24  	rpc IssueNodeCertificate(IssueNodeCertificateRequest) returns (IssueNodeCertificateResponse) {
    25  		option (docker.protobuf.plugin.tls_authorization) = { insecure: true };
    26  	};
    27  	rpc NodeCertificateStatus(NodeCertificateStatusRequest) returns (NodeCertificateStatusResponse) {
    28  		option (docker.protobuf.plugin.tls_authorization) = { insecure: true };
    29  	};
    30  }
    31  
    32  message NodeCertificateStatusRequest {
    33  	string node_id = 1;
    34  }
    35  
    36  message NodeCertificateStatusResponse {
    37  	IssuanceStatus status = 1;
    38  	Certificate certificate = 2;
    39  }
    40  
    41  message IssueNodeCertificateRequest {
    42  	// DEPRECATED: Role is now selected based on which secret is matched.
    43  	NodeRole role = 1 [deprecated=true];
    44  
    45  	// CSR is the certificate signing request.
    46  	bytes csr = 2 [(gogoproto.customname) = "CSR"];
    47  
    48  	// Token represents a user-provided string that is necessary for new
    49  	// nodes to join the cluster
    50  	string token = 3;
    51  
    52  	// Availability allows a user to control the current scheduling status of a node
    53  	NodeSpec.Availability availability = 4;
    54  }
    55  
    56  message IssueNodeCertificateResponse {
    57  	string node_id = 1;
    58  	NodeSpec.Membership node_membership = 2;
    59  }
    60  
    61  message GetRootCACertificateRequest {}
    62  
    63  message GetRootCACertificateResponse {
    64  	bytes certificate = 1;
    65  }
    66  
    67  message GetUnlockKeyRequest {}
    68  
    69  message GetUnlockKeyResponse {
    70  	bytes unlock_key = 1;
    71  	Version version = 2 [(gogoproto.nullable) = false];
    72  }