m/node: add Management service, implement GetRegisterTicket RPC
This follows the Cluster Lifecycle design document.
DO NOT MERGE: this needs a stacked CL on top which implements
authentication for the Management service.
Change-Id: I19422a63b9dbf2fc0c7f4cbe204851af35b4dbdf
Reviewed-on: https://review.monogon.dev/c/monogon/+/307
Reviewed-by: Mateusz Zalega <mateusz@monogon.tech>
diff --git a/metropolis/proto/api/management.proto b/metropolis/proto/api/management.proto
new file mode 100644
index 0000000..c0b8332
--- /dev/null
+++ b/metropolis/proto/api/management.proto
@@ -0,0 +1,22 @@
+syntax = "proto3";
+package metropolis.proto.api;
+option go_package = "source.monogon.dev/metropolis/proto/api";
+
+// Management service available to Cluster Managers.
+service Management {
+ // GetRegisterTicket retrieves the current RegisterTicket which is required
+ // for new nodes to register into the cluster. Presenting this ticket on
+ // registration does not automatically grant access to arbitrary node
+ // registration. Instead, it is used to guard the API surface of the
+ // Register RPC from potential denial of service attacks, and can be
+ // regenerated at any time in case it leaks.
+ rpc GetRegisterTicket(GetRegisterTicketRequest) returns (GetRegisterTicketResponse);
+}
+
+message GetRegisterTicketRequest {
+}
+
+message GetRegisterTicketResponse {
+ // Opaque bytes that comprise the RegisterTicket.
+ bytes ticket = 1;
+}
\ No newline at end of file