core/api: move to core/proto
This is keeping in line with conventions that protobuf files generally
live in a 'proto/' directory. Even without that, a lot of the protos in
there aren't actually part of an API, so keeping them in `api/` is a bit
of a misnomer.
We also remove unused protos that were part of the old
integrity/lifecycle flow. Again, these will make a comeback.
Test Plan: this should fail. part of a larger stack. D590 is the first tip of the stack that should work.
X-Origin-Diff: phab/D588
GitOrigin-RevId: 4a7af494810348f6bcabd49e63902b4c47e6ec35
diff --git a/core/api/api/schema.proto b/core/api/api/schema.proto
deleted file mode 100644
index d614740..0000000
--- a/core/api/api/schema.proto
+++ /dev/null
@@ -1,384 +0,0 @@
-// Copyright 2020 The Monogon Project Authors.
-//
-// SPDX-License-Identifier: Apache-2.0
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-syntax = "proto3";
-package api;
-
-option go_package = "git.monogon.dev/source/nexantic.git/core/generated/api";
-
-// TODO(leo): A "cluster" in terms of this API is an etcd cluster. We have
-// since realized that we will need multiple kinds of nodes in a Smalltown cluster
-// (like worker nodes), which aren't etcd members. This API is pretty strongly
-// coupled to etcd at this point. How do we handle cluster membership for
-// workers?
-
-// The ClusterManagement service is used by an authenticated administrative user
-// to manage node membership in an existing Smalltown cluster.
-service ClusterManagement {
- // Add a node to the cluster, subject to successful remote attestation.
- rpc AddNode (AddNodeRequest) returns (AddNodeResponse) {
- }
-
- // Remove a node from the cluster.
- rpc RemoveNode (RemoveNodeRequest) returns (RemoveNodeRequest) {
- }
-
- // List all cluster nodes.
- rpc ListNodes (ListNodesRequest) returns (ListNodesResponse) {
- }
-
- // NewEnrolmentConfig generates a new enrolment config for adding new nodes to
- // the cluster.
- rpc NewEnrolmentConfig (NewEnrolmentConfigRequest) returns (NewEnrolmentConfigResponse) {
- }
-
- rpc ListEnrolmentConfigs (ListEnrolmentConfigsRequest) returns (ListEnrolmentConfigsResponse) {
- }
-
- rpc RemoveEnrolmentConfig (RemoveEnrolmentConfigRequest) returns (RemoveEnrolmentConfigResponse) {
- }
-}
-
-message NewEnrolmentConfigRequest {
- string name = 1;
-}
-message NewEnrolmentConfigResponse {
- EnrolmentConfig enrolment_config = 1;
-}
-
-message ListEnrolmentConfigsRequest {
-}
-message ListEnrolmentConfigsResponse {
- repeated EnrolmentConfig enrolment_config = 1;
-}
-
-message RemoveEnrolmentConfigRequest {
- // TODO(lorenz): How do we want to remove EnrolmentConfigs?
-}
-message RemoveEnrolmentConfigResponse {
-}
-
-// NodeService runs on all nodes and allows active masters to perform operations
-// like attestation or requesting other system state. Callers are authenticated via
-// TLS using the certificate from the EnrolmentConfig. Any client needs to
-// authenticate the node it's talking to by getting the public key from the
-// consensus service to verify against.
-service NodeService {
- rpc JoinCluster (JoinClusterRequest) returns (JoinClusterResponse) {
- }
-}
-
-message GetDebugKubeconfigRequest {
- string id = 1; // Kubernetes identity (user)
- repeated string groups = 2; // Kubernetes groups
-}
-
-message GetDebugKubeconfigResponse {
- string debug_kubeconfig = 1;
-}
-
-message GetComponentLogsRequest {
- // For supported paths see core/internal/node/debug.go
- repeated string component_path = 1;
- uint32 tail_lines = 2; // 0 = whole ring buffer
-}
-
-message GetComponentLogsResponse {
- repeated string line = 1;
-}
-
-message GetConditionRequest {
- string name = 1;
-}
-
-message GetConditionResponse {
- bool ok = 1;
-}
-// NodeDebugService exposes debug and testing endpoints that allow introspection into a running Smalltown instance.
-// It is not authenticated and will be disabled in production. It is currently consumed by core/cmd/dbg and
-// by tests. For exact documentation of the available parameters please look at core/internal/node/debug.go.
-service NodeDebugService {
- // GetDebugKubeconfig issues kubeconfigs with arbitrary identities and groups for debugging
- rpc GetDebugKubeconfig(GetDebugKubeconfigRequest) returns (GetDebugKubeconfigResponse) {
- }
- // GetComponentLogs dumps various log ringbuffers for binaries that we run.
- rpc GetComponentLogs(GetComponentLogsRequest) returns (GetComponentLogsResponse) {
- }
- // GetCondition gives the current status of various conditions inside Smalltown. Mainly used for testing.
- rpc GetCondition(GetConditionRequest) returns (GetConditionResponse) {
- }
-}
-
-// NodeManagementService runs on all masters, is identified by the
-// NodeManagementService TLS certificate. It is used by nodes to
-// initially join the cluster or subsequently request the cluster unlock secret
-// (refer to EnrolmentConfig for the various node provisioning states).
-service NodeManagementService {
- // NewTPM2NodeRegister is called by a node as soon as it is properly
- // initialized. Then any number of policies can determine whether and when to
- // add the node to the cluster.
- //
- // The idea behind this is that we just deliver everything we have trust-wise
- // and then it's up to the customer or his policies to either adopt this node.
- //
- // TPM trust hierarchies highly vary between vendors and can require complex
- // policy decisions. The NMS cannot determine on its own whether a given TPM
- // meets customer policy, therefore, the decision is configurable via the policy engine.
- rpc NewTPM2NodeRegister (stream TPM2FlowRequest) returns (stream TPM2FlowResponse) {
- }
-
- // Nodes that were rebooted request their global unlock secret subject to attestation.
- rpc TPM2Unlock (stream TPM2UnlockFlowRequeset) returns (stream TPM2UnlockFlowResponse) {
- }
-}
-
-// TPM2FlowRequest is a bidirectional stream that is used for the attestation state machine.
-//
-// gRPC with TLS guarantees ordered delivery and channel binding, ensuring that other
-// nodes cannot inject messages related to an in-progress attestation flow.
-//
-// TPM2RegisterRequest ------>
-// <------ TPM2AttestRequest
-// TPM2AttestResponse ------>
-// NewNodeInfo ------>
-//
-message TPM2FlowRequest {
- oneof Stage {
- TPM2RegisterRequest register = 1;
- TPM2AttestResponse attest_response = 2;
- NewNodeInfo new_node_info = 3;
- }
-}
-
-message TPM2FlowResponse {
- oneof Stage {
- TPM2AttestRequest attest_request = 1;
- }
-}
-
-// EnrolmentConfig is attached to an installation payload. It represents a node's only
-// unencrypted state outside of the secure partition.
-//
-// - If no EnrolmentConfig is found, a new node is bootstrapped.
-//
-// - If an EnrolmentConfig is present and contains a secret, it will attempt to register
-// with the master hosts and will subsequently clear its enrolment secret.
-//
-// - If an EnrolmentConfig is found and does not contain a secret, the node is presumed
-// to be registered and will attempt to retrieve the cluster unlock key.
-//
-// The EnrolmentConfig is one of the inputs for the integrity mechanism. This ensures
-// that masters_cert has not been tampered with.
-message EnrolmentConfig {
- // Present only during initialization.
- bytes enrolment_secret = 1;
-
- // X.509 DER certificate of the NodeManagement service.
- // The certificate will never change during a cluster's lifetime.
- bytes masters_cert = 2;
-
- // IPs where the NodeManagement service runs. We hardcode the list of
- // master hosts to sidestep the bootstrap discovery (external DNS? multicast? ...).
- // IPs are the lowest common denominator across all deployment targets and have
- // zero external dependencies, but they can change. We cannot assume the existence
- // of a properly-managed external discovery service.
- //
- // TODO(leo): We will have to figure out how to update these in a running cluster
- // without breaking attestation.
- repeated bytes master_ips = 3;
-
- // Filled in by node after it is enrolled
- string node_id = 4;
-}
-
-// TPM2RegisterRequest is the first message in the attestation state machine,
-// sent by the node to the master (see flowchart).
-message TPM2RegisterRequest {
- // AK public portion, TPM2_PUBLIC. The AK is a new key we create in the node's TPM
- // endorsement hierarchy (see core/pkg/tpm). It is derived from the TPM's
- // unique and permanent endorsment hierarchy primary seed using a specific template.
- // The master verifies that the AK matches the expected template and is generated
- // on the same TPM as the given EK (binding EK and AK).
- bytes ak_public = 9;
-
- // TPM EK public key, PKIX. Derived from the primary seed like the AK, but using
- // a standardized template (rather than a custom template like the AK) such that
- // it can be used for endorsement. The EK cannot sign things, only the AK can.
- bytes ek_pubkey = 5;
-
- // TPM EK certificate, X.509 DER (only if available in TPM).
- //
- // Some vendors issue an EK certificate for a TPM's EK that proves
- // that the given TPM has in fact been manufactured by them. Unfortunately, this
- // certificate is not always embedded in the TPM (see T578).
- bytes ek_cert = 6;
-}
-
-// The master issues a TPM2AttestRequest after verifying the AK in the TPM2RegisterRequest.
-message TPM2AttestRequest {
- // A challenge encrypted with the node's EK. The node decrypts the challenge, verifies
- // that it matches the key that is being attested (i.e. the AK, using the EK) and
- // returns the decrypted challenge.
- //
- // What actually happens is a LOT more complex than that, bordering on insanity.
- // Start reading in credactivation_compat.go.
- bytes ak_challenge = 1;
- bytes ak_challenge_secret = 2;
-
- // Replay protection nonce used in the next step.
- bytes quote_nonce = 3;
-}
-
-// TPM2AttestResponse is returned the node's attestation response.
-message TPM2AttestResponse {
- // Internal hash of all PCRs and a number of other TPM states.
- bytes quote = 1;
- // Signature for quote using the node's AK.
- bytes quote_signature = 4;
- // Solution for ak_challenge (nonce) decrypted using the node's AK.
- bytes ak_challenge_solution = 2;
- // All 16 SHA256 SRTM PCRs in order. Verified by comparing to the
- // hash included in the quote (see VerifyAttestPlatform).
- repeated bytes pcrs = 3;
-}
-
-// NewNodeInfo is submitted by the node along with its TPM2AttestResponse.
-// The data returned is then persisted by the master after verifying the
-// attestation response. The info is channel bound to the successful attestation.
-message NewNodeInfo {
- EnrolmentConfig enrolment_config = 1;
-
- bytes ip = 11; // IP of the node
-
- bytes id_cert = 4; // ID certificate, X.509 DER
-
- // Part of the encryption key for cluster unlock (32 byte), to be XOR'ed with
- // the node-local part on the TPM. Each nodes has its individual cluster unlock key.
- bytes global_unlock_key = 7;
-}
-
-message TPM2UnlockInit {
- bytes nonce = 1;
-}
-
-message TPM2UnlockRequest {
- string node_id = 4;
- repeated bytes pcrs = 1;
- bytes quote = 2;
- bytes quote_signature = 3;
-}
-
-message TPM2UnlockResponse {
- bytes global_unlock_key = 1;
-}
-
-message TPM2UnlockFlowRequeset {
- oneof Stage {
- TPM2UnlockRequest unlock_request = 1;
- }
-}
-
-message TPM2UnlockFlowResponse {
- oneof Stage {
- TPM2UnlockInit unlock_init = 1;
- TPM2UnlockResponse unlock_response = 2;
- }
-}
-
-// ConsensusCertificates is a node's individual etcd certificates.
-// When provisioning a new node, the existing node sends the new node
-// its certificates after authenticating it.
-message ConsensusCertificates {
- bytes ca = 1;
- bytes crl = 2;
- bytes cert = 3;
- bytes key = 4;
-}
-
-message JoinClusterRequest {
- // Cluster bootstrap URI for etcd. The caller will set this to the
- // list of existing nodes in the cluster. This value is only used during bootstrap.
- string initialCluster = 2;
- // New node's etcd client certificates.
- ConsensusCertificates certs = 3;
-}
-
-message JoinClusterResponse {
-}
-
-message AddNodeRequest {
- string node_id = 1;
- // TODO: Add things like role
-}
-
-message AddNodeResponse {
-}
-
-message RemoveNodeRequest {
-}
-
-message RemoveNodeResponse {
-}
-
-message ListNodesRequest {
-}
-
-message ListNodesResponse {
- repeated Node nodes = 1;
-}
-
-message NodeTPM2 {
- bytes ak_pub = 1; // TPM2T_PUBLIC
- bytes ek_pubkey = 2; // PKIX DER
- bytes ek_cert = 3; // X.509 DER
-}
-
-// Node describes a single node's state in etcd
-message Node {
- // Individual node service certificate.
- bytes id_cert = 1;
- // Node's individual cluster part of the disk encryption key.
- bytes global_unlock_key = 2;
- // Node address. This is currently an IPv4 address because that is what the
- // network service uses, but would also support IPv6. See EnrolmentConfig for a
- // discussion on why we use IP addresses rather than some kind of resolver.
- bytes address = 3;
-
- enum State {
- // WARNING: In this state the node has not been adopted and thus cannot be fully trusted
- UNININITALIZED = 0;
- // A full master node with Consensus, NMS & Kubernetes control plane
- MASTER = 1;
- // A worker node with just Kubelet and supporting services
- WORKER = 2;
- }
- State state = 9;
-
- // Which integrity mechanism is used to verify this node's state.
- oneof integrity {
- NodeTPM2 tpm2 = 6;
- }
-
- // etcd State (might later be moved to a separate type)
- // We will separate etcd state from nodes and remove this.
-
- // etcd member ID
- uint64 id = 20;
- // etcd member name
- string name = 21;
- // Whether the etcd member is synced with the cluster.
- bool synced = 22;
-}
diff --git a/core/cmd/dbg/BUILD.bazel b/core/cmd/dbg/BUILD.bazel
index 7088ea1..3ca06d0 100644
--- a/core/cmd/dbg/BUILD.bazel
+++ b/core/cmd/dbg/BUILD.bazel
@@ -6,7 +6,7 @@
importpath = "git.monogon.dev/source/nexantic.git/core/cmd/dbg",
visibility = ["//visibility:private"],
deps = [
- "//core/api/api:go_default_library",
+ "//core/proto/api:go_default_library",
"@com_github_spf13_pflag//:go_default_library",
"@io_k8s_component_base//cli/flag:go_default_library",
"@io_k8s_kubectl//pkg/cmd/plugin:go_default_library",
diff --git a/core/cmd/dbg/main.go b/core/cmd/dbg/main.go
index 44803ec..bfa7871 100644
--- a/core/cmd/dbg/main.go
+++ b/core/cmd/dbg/main.go
@@ -33,17 +33,18 @@
"k8s.io/kubectl/pkg/util/logs"
"k8s.io/kubernetes/pkg/kubectl/cmd"
- apipb "git.monogon.dev/source/nexantic.git/core/generated/api"
+ apb "git.monogon.dev/source/nexantic.git/core/proto/api"
)
func main() {
+ ctx := context.Background()
// Hardcode localhost since this should never be used to interface with a production node because of missing
// encryption & authentication
grpcClient, err := grpc.Dial("localhost:7837", grpc.WithInsecure())
if err != nil {
fmt.Printf("Failed to dial debug service (is it running): %v\n", err)
}
- debugClient := apipb.NewNodeDebugServiceClient(grpcClient)
+ debugClient := apb.NewNodeDebugServiceClient(grpcClient)
if len(os.Args) < 2 {
fmt.Println("Please specify a subcommand")
os.Exit(1)
@@ -68,7 +69,7 @@
case "logs":
logsCmd.Parse(os.Args[2:])
componentPath := strings.Split(logsCmd.Arg(0), ".")
- res, err := debugClient.GetComponentLogs(context.Background(), &apipb.GetComponentLogsRequest{ComponentPath: componentPath, TailLines: uint32(*logsTailN)})
+ res, err := debugClient.GetComponentLogs(ctx, &apb.GetComponentLogsRequest{ComponentPath: componentPath, TailLines: uint32(*logsTailN)})
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to get logs: %v\n", err)
os.Exit(1)
@@ -80,7 +81,7 @@
case "condition":
conditionCmd.Parse(os.Args[2:])
condition := conditionCmd.Arg(0)
- res, err := debugClient.GetCondition(context.Background(), &apipb.GetConditionRequest{Name: condition})
+ res, err := debugClient.GetCondition(ctx, &apb.GetConditionRequest{Name: condition})
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to get condition: %v\n", err)
os.Exit(1)
@@ -96,7 +97,7 @@
defer kubeconfigFile.Close()
defer os.Remove(kubeconfigFile.Name())
- res, err := debugClient.GetDebugKubeconfig(context.Background(), &apipb.GetDebugKubeconfigRequest{Id: "debug-user", Groups: []string{"system:masters"}})
+ res, err := debugClient.GetDebugKubeconfig(ctx, &apb.GetDebugKubeconfigRequest{Id: "debug-user", Groups: []string{"system:masters"}})
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to get kubeconfig: %v\n", err)
os.Exit(1)
diff --git a/core/cmd/launch-multi2/BUILD.bazel b/core/cmd/launch-multi2/BUILD.bazel
index 3e3e570..87f4c88 100644
--- a/core/cmd/launch-multi2/BUILD.bazel
+++ b/core/cmd/launch-multi2/BUILD.bazel
@@ -6,9 +6,9 @@
importpath = "git.monogon.dev/source/nexantic.git/core/cmd/launch-multi2",
visibility = ["//visibility:private"],
deps = [
- "//core/api/api:go_default_library",
"//core/internal/common:go_default_library",
"//core/internal/launch:go_default_library",
+ "//core/proto/api:go_default_library",
"@com_github_grpc_ecosystem_go_grpc_middleware//retry:go_default_library",
"@org_golang_google_grpc//:go_default_library",
],
diff --git a/core/cmd/launch-multi2/main.go b/core/cmd/launch-multi2/main.go
index 0b7ef4e..f8c9035 100644
--- a/core/cmd/launch-multi2/main.go
+++ b/core/cmd/launch-multi2/main.go
@@ -27,9 +27,9 @@
grpcretry "github.com/grpc-ecosystem/go-grpc-middleware/retry"
"google.golang.org/grpc"
- "git.monogon.dev/source/nexantic.git/core/generated/api"
"git.monogon.dev/source/nexantic.git/core/internal/common"
"git.monogon.dev/source/nexantic.git/core/internal/launch"
+ apb "git.monogon.dev/source/nexantic.git/core/proto/api"
)
func main() {
diff --git a/core/internal/launch/BUILD.bazel b/core/internal/launch/BUILD.bazel
index 47cbc95..b57c016 100644
--- a/core/internal/launch/BUILD.bazel
+++ b/core/internal/launch/BUILD.bazel
@@ -6,8 +6,8 @@
importpath = "git.monogon.dev/source/nexantic.git/core/internal/launch",
visibility = ["//core:__subpackages__"],
deps = [
- "//core/api/api:go_default_library",
"//core/internal/common:go_default_library",
+ "//core/proto/api:go_default_library",
"//golibs/common:go_default_library",
"@com_github_golang_protobuf//proto:go_default_library",
"@org_golang_google_grpc//:go_default_library",
diff --git a/core/internal/launch/launch.go b/core/internal/launch/launch.go
index d08117d..90eb00b 100644
--- a/core/internal/launch/launch.go
+++ b/core/internal/launch/launch.go
@@ -37,8 +37,8 @@
"golang.org/x/sys/unix"
"google.golang.org/grpc"
- apipb "git.monogon.dev/source/nexantic.git/core/generated/api"
"git.monogon.dev/source/nexantic.git/core/internal/common"
+ apb "git.monogon.dev/source/nexantic.git/core/proto/api"
freeport "git.monogon.dev/source/nexantic.git/golibs/common"
)
@@ -130,7 +130,7 @@
SerialPort *os.File
// EnrolmentConfig is passed into the VM and subsequently used for bootstrapping if no enrolment config is built-in
- EnrolmentConfig *apipb.EnrolmentConfig
+ EnrolmentConfig *apb.EnrolmentConfig
}
var requiredPorts = []uint16{common.ConsensusPort, common.NodeServicePort, common.MasterServicePort,
diff --git a/core/api/api/BUILD.bazel b/core/proto/api/BUILD.bazel
similarity index 67%
rename from core/api/api/BUILD.bazel
rename to core/proto/api/BUILD.bazel
index 70764cc..88569f3 100644
--- a/core/api/api/BUILD.bazel
+++ b/core/proto/api/BUILD.bazel
@@ -4,14 +4,18 @@
proto_library(
name = "api_proto",
- srcs = ["schema.proto"],
+ srcs = [
+ "debug.proto",
+ "enrolment.proto",
+ ],
visibility = ["//visibility:public"],
)
go_proto_library(
name = "api_go_proto",
compilers = ["@io_bazel_rules_go//proto:go_grpc"],
- importpath = "git.monogon.dev/source/nexantic.git/core/generated/api",
+ #compilers = ["@io_bazel_rules_go//proto:go_grpc"],
+ importpath = "git.monogon.dev/source/nexantic.git/core/proto/api",
proto = ":api_proto",
visibility = ["//visibility:public"],
)
@@ -19,6 +23,6 @@
go_library(
name = "go_default_library",
embed = [":api_go_proto"],
- importpath = "git.monogon.dev/source/nexantic.git/core/generated/api",
+ importpath = "git.monogon.dev/source/nexantic.git/core/proto/api",
visibility = ["//visibility:public"],
)
diff --git a/core/proto/api/debug.proto b/core/proto/api/debug.proto
new file mode 100644
index 0000000..b036989
--- /dev/null
+++ b/core/proto/api/debug.proto
@@ -0,0 +1,61 @@
+// Copyright 2020 The Monogon Project Authors.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+package smalltown.core.proto.api;
+option go_package = "git.monogon.dev/source/nexantic.git/core/proto/api";
+
+import "core/proto/api/enrolment.proto";
+
+// NodeDebugService exposes debug and testing endpoints that allow introspection into a running Smalltown instance.
+// It is not authenticated and will be disabled in production. It is currently consumed by core/cmd/dbg and
+// by tests. For exact documentation of the available parameters please look at core/internal/node/debug.go.
+service NodeDebugService {
+ // GetDebugKubeconfig issues kubeconfigs with arbitrary identities and groups for debugging
+ rpc GetDebugKubeconfig(GetDebugKubeconfigRequest) returns (GetDebugKubeconfigResponse);
+ // GetComponentLogs dumps various log ringbuffers for binaries that we run.
+ rpc GetComponentLogs(GetComponentLogsRequest) returns (GetComponentLogsResponse);
+ // GetCondition gives the current status of various conditions inside Smalltown. Mainly used for testing.
+ rpc GetCondition(GetConditionRequest) returns (GetConditionResponse);
+}
+
+
+message GetDebugKubeconfigRequest {
+ string id = 1; // Kubernetes identity (user)
+ repeated string groups = 2; // Kubernetes groups
+}
+
+message GetDebugKubeconfigResponse {
+ string debug_kubeconfig = 1;
+}
+
+message GetComponentLogsRequest {
+ // For supported paths see core/internal/node/debug.go
+ repeated string component_path = 1;
+ uint32 tail_lines = 2; // 0 = whole ring buffer
+}
+
+message GetComponentLogsResponse {
+ repeated string line = 1;
+}
+
+message GetConditionRequest {
+ string name = 1;
+}
+
+message GetConditionResponse {
+ bool ok = 1;
+}
diff --git a/core/api/common/main.proto b/core/proto/api/enrolment.proto
similarity index 70%
copy from core/api/common/main.proto
copy to core/proto/api/enrolment.proto
index dbc7b8e..cf109ad 100644
--- a/core/api/common/main.proto
+++ b/core/proto/api/enrolment.proto
@@ -15,11 +15,11 @@
// limitations under the License.
syntax = "proto3";
+package smalltown.core.proto.api;
+option go_package = "git.monogon.dev/source/nexantic.git/core/proto/api";
-option go_package = "git.monogon.dev/source/nexantic.git/core/generated/common";
-package smalltown.common;
-
-enum TrustBackend {
- DUMMY = 0;
- TPM = 1;
+// The EnrolmentConfig is one of the inputs for the integrity mechanism.
+message EnrolmentConfig {
+ // Filled in by node after it is enrolled
+ string node_id = 1;
}
diff --git a/core/api/common/BUILD.bazel b/core/proto/common/BUILD.bazel
similarity index 73%
rename from core/api/common/BUILD.bazel
rename to core/proto/common/BUILD.bazel
index 6786431..69b93af 100644
--- a/core/api/common/BUILD.bazel
+++ b/core/proto/common/BUILD.bazel
@@ -4,13 +4,13 @@
proto_library(
name = "common_proto",
- srcs = ["main.proto"],
+ srcs = ["common.proto"],
visibility = ["//visibility:public"],
)
go_proto_library(
name = "common_go_proto",
- importpath = "git.monogon.dev/source/nexantic.git/core/generated/common",
+ importpath = "git.monogon.dev/source/nexantic.git/core/proto/common",
proto = ":common_proto",
visibility = ["//visibility:public"],
)
@@ -18,6 +18,6 @@
go_library(
name = "go_default_library",
embed = [":common_go_proto"],
- importpath = "git.monogon.dev/source/nexantic.git/core/generated/common",
+ importpath = "git.monogon.dev/source/nexantic.git/core/proto/common",
visibility = ["//visibility:public"],
)
diff --git a/core/api/common/main.proto b/core/proto/common/common.proto
similarity index 85%
rename from core/api/common/main.proto
rename to core/proto/common/common.proto
index dbc7b8e..5616103 100644
--- a/core/api/common/main.proto
+++ b/core/proto/common/common.proto
@@ -15,9 +15,8 @@
// limitations under the License.
syntax = "proto3";
-
-option go_package = "git.monogon.dev/source/nexantic.git/core/generated/common";
-package smalltown.common;
+package smalltown.core.proto.common;
+option go_package = "git.monogon.dev/source/nexantic.git/core/proto/common";
enum TrustBackend {
DUMMY = 0;
diff --git a/core/proto/internal/BUILD.bazel b/core/proto/internal/BUILD.bazel
new file mode 100644
index 0000000..aa16e97
--- /dev/null
+++ b/core/proto/internal/BUILD.bazel
@@ -0,0 +1,23 @@
+load("@rules_proto//proto:defs.bzl", "proto_library")
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+load("@io_bazel_rules_go//proto:def.bzl", "go_proto_library")
+
+proto_library(
+ name = "internal_proto",
+ srcs = ["internal.proto"],
+ visibility = ["//core:__subpackages__"],
+)
+
+go_proto_library(
+ name = "internal_go_proto",
+ importpath = "git.monogon.dev/source/nexantic.git/core/proto/internal",
+ proto = ":internal_proto",
+ visibility = ["//core:__subpackages__"],
+)
+
+go_library(
+ name = "go_default_library",
+ embed = [":internal_go_proto"],
+ importpath = "git.monogon.dev/source/nexantic.git/core/proto/internal",
+ visibility = ["//core:__subpackages__"],
+)
diff --git a/core/proto/internal/internal.proto b/core/proto/internal/internal.proto
new file mode 100644
index 0000000..6811017
--- /dev/null
+++ b/core/proto/internal/internal.proto
@@ -0,0 +1,43 @@
+// Copyright 2020 The Monogon Project Authors.
+//
+// SPDX-License-Identifier: Apache-2.0
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+option go_package = "git.monogon.dev/source/nexantic.git/core/proto/internal";
+package smalltown.core.proto.internal;
+
+// Node describes a single node's state in etcd
+message Node {
+ // Individual node service certificate.
+ bytes certificate = 1;
+ // Node's individual cluster part of the disk encryption key.
+ bytes cluster_unlock_key = 2;
+ // Node address. This is currently an IPv4 address because that is what the
+ // network service uses, but would also support IPv6. See EnrolmentConfig for a
+ // discussion on why we use IP addresses rather than some kind of resolver.
+ string address = 3;
+
+ message Roles {
+ message ConsensusMember {
+ string etcd_member_name = 1;
+ }
+ ConsensusMember consensus_member = 1;
+ message KubernetesWorker {
+ string node_name = 1;
+ }
+ KubernetesWorker kubernetes_worker = 2;
+ }
+ Roles roles = 4;
+}
diff --git a/core/tests/e2e/BUILD.bazel b/core/tests/e2e/BUILD.bazel
index e2983bc..a0cc433 100644
--- a/core/tests/e2e/BUILD.bazel
+++ b/core/tests/e2e/BUILD.bazel
@@ -10,7 +10,7 @@
importpath = "git.monogon.dev/source/nexantic.git/core/tests/e2e",
visibility = ["//visibility:private"],
deps = [
- "//core/api/api:go_default_library",
+ "//core/proto/api:go_default_library",
"@io_k8s_api//apps/v1:go_default_library",
"@io_k8s_api//core/v1:go_default_library",
"@io_k8s_apimachinery//pkg/api/resource:go_default_library",
@@ -33,9 +33,9 @@
embed = [":go_default_library"],
rundir = ".",
deps = [
- "//core/api/api:go_default_library",
"//core/internal/common:go_default_library",
"//core/internal/launch:go_default_library",
+ "//core/proto/api:go_default_library",
"@io_k8s_api//core/v1:go_default_library",
"@io_k8s_apimachinery//pkg/apis/meta/v1:go_default_library",
"@io_k8s_kubernetes//pkg/api/v1/pod:go_default_library",
diff --git a/core/tests/e2e/condition_helpers.go b/core/tests/e2e/condition_helpers.go
index df5d38c..7f9bc63 100644
--- a/core/tests/e2e/condition_helpers.go
+++ b/core/tests/e2e/condition_helpers.go
@@ -21,15 +21,15 @@
"errors"
"time"
- apipb "git.monogon.dev/source/nexantic.git/core/generated/api"
+ apb "git.monogon.dev/source/nexantic.git/core/proto/api"
)
-func waitForCondition(ctx context.Context, client apipb.NodeDebugServiceClient, condition string) error {
+func waitForCondition(ctx context.Context, client apb.NodeDebugServiceClient, condition string) error {
var lastErr = errors.New("No RPC for checking condition completed")
for {
- reqCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
+ reqT, cancel := context.WithTimeout(ctx, 5*time.Second)
defer cancel()
- res, err := client.GetCondition(reqCtx, &apipb.GetConditionRequest{Name: condition})
+ res, err := client.GetCondition(reqT, &apb.GetConditionRequest{Name: condition})
if err != nil {
if err == ctx.Err() {
return err
diff --git a/core/tests/e2e/kubernetes_helpers.go b/core/tests/e2e/kubernetes_helpers.go
index e633538..d0337e6 100644
--- a/core/tests/e2e/kubernetes_helpers.go
+++ b/core/tests/e2e/kubernetes_helpers.go
@@ -30,17 +30,17 @@
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/tools/clientcmd"
- apipb "git.monogon.dev/source/nexantic.git/core/generated/api"
+ apb "git.monogon.dev/source/nexantic.git/core/proto/api"
)
// getKubeClientSet gets a Kubeconfig from the debug API and creates a K8s ClientSet using it. The identity used has
// the system:masters group and thus has RBAC access to everything.
-func getKubeClientSet(ctx context.Context, client apipb.NodeDebugServiceClient, port uint16) (kubernetes.Interface, error) {
+func getKubeClientSet(ctx context.Context, client apb.NodeDebugServiceClient, port uint16) (kubernetes.Interface, error) {
var lastErr = errors.New("context canceled before any operation completed")
for {
- reqCtx, cancel := context.WithTimeout(ctx, 5*time.Second)
+ reqT, cancel := context.WithTimeout(ctx, 5*time.Second)
defer cancel()
- res, err := client.GetDebugKubeconfig(reqCtx, &apipb.GetDebugKubeconfigRequest{Id: "debug-user", Groups: []string{"system:masters"}})
+ res, err := client.GetDebugKubeconfig(reqT, &apb.GetDebugKubeconfigRequest{Id: "debug-user", Groups: []string{"system:masters"}})
if err == nil {
rawClientConfig, err := clientcmd.NewClientConfigFromBytes([]byte(res.DebugKubeconfig))
if err != nil {
diff --git a/core/tests/e2e/main_test.go b/core/tests/e2e/main_test.go
index 3ab03df..ae14a9a 100644
--- a/core/tests/e2e/main_test.go
+++ b/core/tests/e2e/main_test.go
@@ -34,9 +34,9 @@
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
podv1 "k8s.io/kubernetes/pkg/api/v1/pod"
- apipb "git.monogon.dev/source/nexantic.git/core/generated/api"
"git.monogon.dev/source/nexantic.git/core/internal/common"
"git.monogon.dev/source/nexantic.git/core/internal/launch"
+ apb "git.monogon.dev/source/nexantic.git/core/proto/api"
)
const (
@@ -90,7 +90,7 @@
if err != nil {
fmt.Printf("Failed to dial debug service (is it running): %v\n", err)
}
- debugClient := apipb.NewNodeDebugServiceClient(grpcClient)
+ debugClient := apb.NewNodeDebugServiceClient(grpcClient)
// This exists to keep the parent around while all the children race
// It currently tests both a set of OS-level conditions and Kubernetes Deployments and StatefulSets