commit 6bd415920b84bd695038caeb386f1e97184f0c51
author Serge Bazanski <serge@monogon.tech> Mon Aug 23 13:18:37 2021 +0200
committer Sergiusz Bazanski <serge@monogon.tech> Wed Sep 01 12:56:15 2021 +0000
tree 60a125e0a299663c392218ed8b80cf33ea31aabd
parent 68dcee136984e2e16b7682e0c0758c1df831a84c

m/node: add Management service, implement GetRegisterTicket RPC

This follows the Cluster Lifecycle design document.

DO NOT MERGE: this needs a stacked CL on top which implements
authentication for the Management service.

Change-Id: I19422a63b9dbf2fc0c7f4cbe204851af35b4dbdf
Reviewed-on: https://review.monogon.dev/c/monogon/+/307
Reviewed-by: Mateusz Zalega <mateusz@monogon.tech>

metropolis/proto/api/BUILD.bazel

diff --git a/metropolis/proto/api/BUILD.bazel b/metropolis/proto/api/BUILD.bazel
index 5004440..61d14fb 100644
--- a/metropolis/proto/api/BUILD.bazel
+++ b/metropolis/proto/api/BUILD.bazel
@@ -8,6 +8,7 @@
         "aaa.proto",
         "configuration.proto",
         "debug.proto",
+        "management.proto",
     ],
     visibility = ["//visibility:public"],
 )

metropolis/proto/api/management.proto

diff --git a/metropolis/proto/api/management.proto b/metropolis/proto/api/management.proto
new file mode 100644
index 0000000..c0b8332
--- /dev/null
+++ b/metropolis/proto/api/management.proto
@@ -0,0 +1,22 @@
+syntax = "proto3";
+package metropolis.proto.api;
+option go_package = "source.monogon.dev/metropolis/proto/api";
+
+// Management service available to Cluster Managers.
+service Management {
+    // GetRegisterTicket retrieves the current RegisterTicket which is required
+    // for new nodes to register into the cluster. Presenting this ticket on
+    // registration does not automatically grant access to arbitrary node
+    // registration. Instead, it is used to guard the API surface of the
+    // Register RPC from potential denial of service attacks, and can be
+    // regenerated at any time in case it leaks.
+    rpc GetRegisterTicket(GetRegisterTicketRequest) returns (GetRegisterTicketResponse);
+}
+
+message GetRegisterTicketRequest {
+}
+
+message GetRegisterTicketResponse {
+    // Opaque bytes that comprise the RegisterTicket.
+    bytes ticket = 1;
+}
\ No newline at end of file