Gitiles
Code Review Sign In
gerrit-dev.monogon.dev / monogon / 08cb464d60f859ad029a52abe161cae02a0bf405 / . / metropolis / proto / api / management.proto
blob: ba50849ebc6d500f446affee2b0f192933060c2e [file] [log] [blame]
Serge Bazanski6bd41592021-08-23 13:18:37 +0200[diff] [blame]1syntax = "proto3";
2package metropolis.proto.api;
3option go_package = "source.monogon.dev/metropolis/proto/api";
4
Serge Bazanskibc671d02021-10-05 17:53:32 +0200[diff] [blame]5import "metropolis/proto/common/common.proto";
Serge Bazanski9ffa1f92021-09-01 15:42:23 +0200[diff] [blame]6import "metropolis/proto/ext/authorization.proto";
7
Serge Bazanski56114472021-10-11 14:47:54 +0200[diff] [blame]8// Management service available to Cluster Managers, allowing operational work
9// to be performed on the cluster (eg. adding nodes, retrieving information
10// about a running cluster, etc.).
Serge Bazanski6bd41592021-08-23 13:18:37 +0200[diff] [blame]11service Management {
12 // GetRegisterTicket retrieves the current RegisterTicket which is required
13 // for new nodes to register into the cluster. Presenting this ticket on
14 // registration does not automatically grant access to arbitrary node
15 // registration. Instead, it is used to guard the API surface of the
16 // Register RPC from potential denial of service attacks, and can be
17 // regenerated at any time in case it leaks.
Serge Bazanski9ffa1f92021-09-01 15:42:23 +0200[diff] [blame]18 rpc GetRegisterTicket(GetRegisterTicketRequest) returns (GetRegisterTicketResponse) {
19 option (metropolis.proto.ext.authorization) = {
20 need: PERMISSION_GET_REGISTER_TICKET
21 };
22 }
Serge Bazanski56114472021-10-11 14:47:54 +0200[diff] [blame]23
Serge Bazanskibc671d02021-10-05 17:53:32 +0200[diff] [blame]24 // GetClusterInfo retrieves publicly available summary information about
25 // this cluster, notably data required for nodes to register into a cluster
26 // or join it (other than the Register Ticket, which is gated by an
27 // additional permission).
28 rpc GetClusterInfo(GetClusterInfoRequest) returns (GetClusterInfoResponse) {
29 option (metropolis.proto.ext.authorization) = {
30 need: PERMISSION_READ_CLUSTER_STATUS
31 };
32 }
Serge Bazanski56114472021-10-11 14:47:54 +0200[diff] [blame]33
34 // GetNodes retrieves information about nodes in the cluster. Currently,
35 // it returns all available data about all nodes.
36 rpc GetNodes(GetNodesRequest) returns (stream Node) {
37 option (metropolis.proto.ext.authorization) = {
38 need: PERMISSION_READ_CLUSTER_STATUS
39 };
40 }
Serge Bazanski1612d4b2021-11-12 13:54:15 +0100[diff] [blame]41
42 // ApproveNode progresses a node's registration process by changing its state
43 // in the cluster from NEW to STANDBY, if not yet STANDBY. This is required
44 // for the node to fully become part of the cluster (ie. have an UP state),
45 // and is required to be called by a manager manually.
46 //
47 // Managers can find out what nodes require approval by performing
48 // a GetNodes call and filtering for nodes in the NEW state. This call is
49 // idempotent and can be executed multiple times, and is a no-op if the node
50 // is already in the STANDBY or even UP states.
51 //
52 // In the future, approval process will be governed by cluster policy, but
53 // currently any node can be approved by a manager, and the manager is
54 // responsible for performing an out-of-band attestation of the node being/
55 // approved (eg. by verifying that the node that is being approved has the
56 // same public key as what the registering node displays in its startup
57 // logs).
58 rpc ApproveNode(ApproveNodeRequest) returns (ApproveNodeResponse) {
59 option (metropolis.proto.ext.authorization) = {
60 need: PERMISSION_APPROVE_NODE
61 };
62 }
Serge Bazanski6bd41592021-08-23 13:18:37 +0200[diff] [blame]63}
64
65message GetRegisterTicketRequest {
66}
67
68message GetRegisterTicketResponse {
69 // Opaque bytes that comprise the RegisterTicket.
70 bytes ticket = 1;
Serge Bazanski2893e982021-09-09 13:06:16 +0200[diff] [blame]71}
Serge Bazanskibc671d02021-10-05 17:53:32 +0200[diff] [blame]72
73message GetClusterInfoRequest {
74}
75
76message GetClusterInfoResponse {
77 // cluster_directory contains information about individual nodes in the
78 // cluster that can be used to dial the cluster's services.
79 metropolis.proto.common.ClusterDirectory cluster_directory = 1;
Serge Bazanski2f58ac02021-10-05 11:47:20 +0200[diff] [blame]80
Serge Bazanskifbd38e22021-10-08 14:41:16 +0200[diff] [blame]81 // ca_certificate is the x509 DER encoded CA certificate of the cluster.
82 bytes ca_certificate = 2;
Serge Bazanskibc671d02021-10-05 17:53:32 +0200[diff] [blame]83}
Serge Bazanski56114472021-10-11 14:47:54 +0200[diff] [blame]84
85message GetNodesRequest {
86}
87
88// Node in a Metropolis cluster, streamed by Management.GetNodes. For each node
89// in the cluster, this message will be emitted and will contain information
90// about that node.
91//
92// The fields contained are node fields that PERMISSION_READ_CLUSTER_STATUS
93// allows access to, ie. 'non-private' fields, ones that might be internal to
94// the cluster and possibly considered sensitive information about the
95// infrastructure, but whose knowledge does not allow to escalate privileges
96// within the cluster.
97message Node {
98 // Raw Ed25519 public key of this node, which can be used to generate
99 // the node's ID. This is always set.
100 bytes pubkey = 1;
101 // State of the node from the point of view of the cluster. This is
102 // always set.
103 metropolis.proto.common.NodeState state = 2;
104 // Last reported status by the Node, absent if a node hasn't yet reported
105 // its status.
106 metropolis.proto.common.NodeStatus status = 3;
107 // Roles assigned by the cluster. This is always set.
108 metropolis.proto.common.NodeRoles roles = 4;
109}
Serge Bazanski1612d4b2021-11-12 13:54:15 +0100[diff] [blame]110
111
112message ApproveNodeRequest {
113 // Raw public key of the node being approved, has to correspond to a node
114 // currently in the cluster.
115 bytes pubkey = 1;
116}
117
118message ApproveNodeResponse {
119}