m/proto: switch from CA pubkey to CA certificate in ClusterDirectory/Register A CA certificate is a strict superset of the public key, and using it instead of a public key allows us to connect to the cluster securely by reusing standard/existing x509 CA auth, instead of having to implement a check based on just a public key. Backwards-incompatible proto change, but we're pre-MVP, and this flow is just being implemented. Change-Id: I014780a6ec3e5e8c6e81532531b18ad1438c8258 Reviewed-on: https://review.monogon.dev/c/monogon/+/424 Reviewed-by: Lorenz Brun <lorenz@monogon.tech>

commit: fbd38e280916f0883263cf0b566984d3fea4ff39 [log] [tgz]
author: Serge Bazanski <serge@monogon.tech> Fri Oct 08 14:41:16 2021 +0200
committer: Sergiusz Bazanski <serge@monogon.tech> Thu Nov 18 13:01:16 2021 +0000
tree: 44abb583a39606b61940523e873af4d92a787be4
parent: 579015afff6be9d6c87c867b0645f254b9aeb2d8 [diff] [blame]
diff --git a/metropolis/proto/api/management.proto b/metropolis/proto/api/management.proto
index 9f0e646..44db0c5 100644
--- a/metropolis/proto/api/management.proto
+++ b/metropolis/proto/api/management.proto

@@ -45,6 +45,6 @@
     // cluster that can be used to dial the cluster's services.
     metropolis.proto.common.ClusterDirectory cluster_directory = 1;
 
-    // ca_public_key is the Ed25519 public key of the CA of the cluster.
-    bytes ca_public_key = 2;
+    // ca_certificate is the x509 DER encoded CA certificate of the cluster.
+    bytes ca_certificate = 2;
 }
commit	fbd38e280916f0883263cf0b566984d3fea4ff39	[log] [tgz]
author	Serge Bazanski <serge@monogon.tech>	Fri Oct 08 14:41:16 2021 +0200
committer	Sergiusz Bazanski <serge@monogon.tech>	Thu Nov 18 13:01:16 2021 +0000
tree	44abb583a39606b61940523e873af4d92a787be4
parent	579015afff6be9d6c87c867b0645f254b9aeb2d8 [diff] [blame]