Add and generate majordomo protos.

This commit is contained in:
Mariano Cano 2021-05-24 12:14:10 -07:00
parent 9bfb1c2e7b
commit 64ce4e5c91
6 changed files with 3730 additions and 0 deletions

3
majordomo/doc.go Normal file
View file

@ -0,0 +1,3 @@
package majordomo
//go:generate protoc --proto_path=.. --go_out=.. --go-grpc_out=.. --go_opt=paths=source_relative --go-grpc_opt=paths=source_relative majordomo/provisioners.proto majordomo/majordomo.proto

1094
majordomo/majordomo.pb.go Normal file

File diff suppressed because it is too large Load diff

102
majordomo/majordomo.proto Normal file
View file

@ -0,0 +1,102 @@
syntax = "proto3";
package majordomo;
option go_package = "github.com/smallstep/certificates/majordomo";
import "majordomo/provisioners.proto";
// Majordomo is the public service used to sync configurations to CA's and post
// certificates.
service Majordomo {
// Login creates signs a given CSR and returns the certificate that will be
// used for authentication.
rpc Login(LoginRequest) returns (LoginResponse);
// GetConfiguration returns the full configuration of an authority.
rpc GetConfiguration(ConfigurationRequest) returns (ConfigurationResponse);
// StreamConfiguration streams the full configuration of an authority. This
// method is not yet supported.
rpc StreamConfiguration(ConfigurationRequest) returns (stream ConfigurationResponse);
// CreateProvisioner adds a new provisioner to the majordomo authority and
// returns the proto representation.
rpc CreateProvisioner(CreateProvisionerRequest) returns (Provisioner);
// DeleteProvisioner deletes a previously created provisioner.
rpc DeleteProvisioner(DeleteProvisionerRequest) returns (Provisioner);
// CreateAdministrator adds a new admin user to the majordomo authority.
// Admin users can add or delete provisioners.
rpc CreateAdministrator(CreateAdministratorRequest) returns (Administrator);
// DeleteAdministrator deletes a previously created admin user.
rpc DeleteAdministrator(DeleteAdministratorRequest) returns (Administrator);
// PostCertificate sends a signed X.509 certificate to majordomo.
rpc PostCertificate(CertificateRequest) returns (CertificateResponse);
// PostSSHCertificate sends a signed SSH certificate to majordomo.
rpc PostSSHCertificate(SSHCertificateRequest) returns (SSHCertificateResponse);
// RevokeCertificate marks an X.509 certificate as revoked.
rpc RevokeCertificate(TODO) returns (TODO);
// RevokeSSHCertificate marks an SSH certificate as revoked.
rpc RevokeSSHCertificate(TODO) returns (TODO);
}
message TODO {}
message LoginRequest {
string authority_id = 1;
string username = 2;
string password = 3;
string pem_certificate_request = 4;
}
message LoginResponse {
string pem_certificate = 1;
string pem_certificate_chain = 2;
}
message ConfigurationRequest {
// todo
}
message ConfigurationResponse {
repeated Provisioner provisioners = 1;
repeated Administrator admins = 2;
}
message CreateProvisionerRequest {
Provisioner.Type type = 1;
string name = 2;
ProvisionerDetails details = 3;
Claims claims = 4;
}
message DeleteProvisionerRequest {
string id = 1;
}
message CreateAdministratorRequest {
string name = 1;
string provisioner_id = 2;
Administrator.Type type = 3;
}
message DeleteAdministratorRequest {
string id = 1;
}
message CertificateRequest {
string pem_certificate = 1;
string pem_certificate_chain = 2;
}
message CertificateResponse {
string id = 1;
}
message SSHCertificateRequest {
string certificate = 1;
}
message SSHCertificateResponse {
string id = 1;
}

View file

@ -0,0 +1,519 @@
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
package majordomo
import (
context "context"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
)
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
// Requires gRPC-Go v1.32.0 or later.
const _ = grpc.SupportPackageIsVersion7
// MajordomoClient is the client API for Majordomo service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
type MajordomoClient interface {
// Login creates signs a given CSR and returns the certificate that will be
// used for authentication.
Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error)
// GetConfiguration returns the full configuration of an authority.
GetConfiguration(ctx context.Context, in *ConfigurationRequest, opts ...grpc.CallOption) (*ConfigurationResponse, error)
// StreamConfiguration streams the full configuration of an authority. This
// method is not yet supported.
StreamConfiguration(ctx context.Context, in *ConfigurationRequest, opts ...grpc.CallOption) (Majordomo_StreamConfigurationClient, error)
// CreateProvisioner adds a new provisioner to the majordomo authority and
// returns the proto representation.
CreateProvisioner(ctx context.Context, in *CreateProvisionerRequest, opts ...grpc.CallOption) (*Provisioner, error)
// DeleteProvisioner deletes a previously created provisioner.
DeleteProvisioner(ctx context.Context, in *DeleteProvisionerRequest, opts ...grpc.CallOption) (*Provisioner, error)
// CreateAdministrator adds a new admin user to the majordomo authority.
// Admin users can add or delete provisioners.
CreateAdministrator(ctx context.Context, in *CreateAdministratorRequest, opts ...grpc.CallOption) (*Administrator, error)
// DeleteAdministrator deletes a previously created admin user.
DeleteAdministrator(ctx context.Context, in *DeleteAdministratorRequest, opts ...grpc.CallOption) (*Administrator, error)
// PostCertificate sends a signed X.509 certificate to majordomo.
PostCertificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error)
// PostSSHCertificate sends a signed SSH certificate to majordomo.
PostSSHCertificate(ctx context.Context, in *SSHCertificateRequest, opts ...grpc.CallOption) (*SSHCertificateResponse, error)
// RevokeCertificate marks an X.509 certificate as revoked.
RevokeCertificate(ctx context.Context, in *TODO, opts ...grpc.CallOption) (*TODO, error)
// RevokeSSHCertificate marks an SSH certificate as revoked.
RevokeSSHCertificate(ctx context.Context, in *TODO, opts ...grpc.CallOption) (*TODO, error)
}
type majordomoClient struct {
cc grpc.ClientConnInterface
}
func NewMajordomoClient(cc grpc.ClientConnInterface) MajordomoClient {
return &majordomoClient{cc}
}
func (c *majordomoClient) Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error) {
out := new(LoginResponse)
err := c.cc.Invoke(ctx, "/majordomo.Majordomo/Login", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *majordomoClient) GetConfiguration(ctx context.Context, in *ConfigurationRequest, opts ...grpc.CallOption) (*ConfigurationResponse, error) {
out := new(ConfigurationResponse)
err := c.cc.Invoke(ctx, "/majordomo.Majordomo/GetConfiguration", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *majordomoClient) StreamConfiguration(ctx context.Context, in *ConfigurationRequest, opts ...grpc.CallOption) (Majordomo_StreamConfigurationClient, error) {
stream, err := c.cc.NewStream(ctx, &Majordomo_ServiceDesc.Streams[0], "/majordomo.Majordomo/StreamConfiguration", opts...)
if err != nil {
return nil, err
}
x := &majordomoStreamConfigurationClient{stream}
if err := x.ClientStream.SendMsg(in); err != nil {
return nil, err
}
if err := x.ClientStream.CloseSend(); err != nil {
return nil, err
}
return x, nil
}
type Majordomo_StreamConfigurationClient interface {
Recv() (*ConfigurationResponse, error)
grpc.ClientStream
}
type majordomoStreamConfigurationClient struct {
grpc.ClientStream
}
func (x *majordomoStreamConfigurationClient) Recv() (*ConfigurationResponse, error) {
m := new(ConfigurationResponse)
if err := x.ClientStream.RecvMsg(m); err != nil {
return nil, err
}
return m, nil
}
func (c *majordomoClient) CreateProvisioner(ctx context.Context, in *CreateProvisionerRequest, opts ...grpc.CallOption) (*Provisioner, error) {
out := new(Provisioner)
err := c.cc.Invoke(ctx, "/majordomo.Majordomo/CreateProvisioner", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *majordomoClient) DeleteProvisioner(ctx context.Context, in *DeleteProvisionerRequest, opts ...grpc.CallOption) (*Provisioner, error) {
out := new(Provisioner)
err := c.cc.Invoke(ctx, "/majordomo.Majordomo/DeleteProvisioner", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *majordomoClient) CreateAdministrator(ctx context.Context, in *CreateAdministratorRequest, opts ...grpc.CallOption) (*Administrator, error) {
out := new(Administrator)
err := c.cc.Invoke(ctx, "/majordomo.Majordomo/CreateAdministrator", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *majordomoClient) DeleteAdministrator(ctx context.Context, in *DeleteAdministratorRequest, opts ...grpc.CallOption) (*Administrator, error) {
out := new(Administrator)
err := c.cc.Invoke(ctx, "/majordomo.Majordomo/DeleteAdministrator", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *majordomoClient) PostCertificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error) {
out := new(CertificateResponse)
err := c.cc.Invoke(ctx, "/majordomo.Majordomo/PostCertificate", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *majordomoClient) PostSSHCertificate(ctx context.Context, in *SSHCertificateRequest, opts ...grpc.CallOption) (*SSHCertificateResponse, error) {
out := new(SSHCertificateResponse)
err := c.cc.Invoke(ctx, "/majordomo.Majordomo/PostSSHCertificate", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *majordomoClient) RevokeCertificate(ctx context.Context, in *TODO, opts ...grpc.CallOption) (*TODO, error) {
out := new(TODO)
err := c.cc.Invoke(ctx, "/majordomo.Majordomo/RevokeCertificate", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *majordomoClient) RevokeSSHCertificate(ctx context.Context, in *TODO, opts ...grpc.CallOption) (*TODO, error) {
out := new(TODO)
err := c.cc.Invoke(ctx, "/majordomo.Majordomo/RevokeSSHCertificate", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// MajordomoServer is the server API for Majordomo service.
// All implementations must embed UnimplementedMajordomoServer
// for forward compatibility
type MajordomoServer interface {
// Login creates signs a given CSR and returns the certificate that will be
// used for authentication.
Login(context.Context, *LoginRequest) (*LoginResponse, error)
// GetConfiguration returns the full configuration of an authority.
GetConfiguration(context.Context, *ConfigurationRequest) (*ConfigurationResponse, error)
// StreamConfiguration streams the full configuration of an authority. This
// method is not yet supported.
StreamConfiguration(*ConfigurationRequest, Majordomo_StreamConfigurationServer) error
// CreateProvisioner adds a new provisioner to the majordomo authority and
// returns the proto representation.
CreateProvisioner(context.Context, *CreateProvisionerRequest) (*Provisioner, error)
// DeleteProvisioner deletes a previously created provisioner.
DeleteProvisioner(context.Context, *DeleteProvisionerRequest) (*Provisioner, error)
// CreateAdministrator adds a new admin user to the majordomo authority.
// Admin users can add or delete provisioners.
CreateAdministrator(context.Context, *CreateAdministratorRequest) (*Administrator, error)
// DeleteAdministrator deletes a previously created admin user.
DeleteAdministrator(context.Context, *DeleteAdministratorRequest) (*Administrator, error)
// PostCertificate sends a signed X.509 certificate to majordomo.
PostCertificate(context.Context, *CertificateRequest) (*CertificateResponse, error)
// PostSSHCertificate sends a signed SSH certificate to majordomo.
PostSSHCertificate(context.Context, *SSHCertificateRequest) (*SSHCertificateResponse, error)
// RevokeCertificate marks an X.509 certificate as revoked.
RevokeCertificate(context.Context, *TODO) (*TODO, error)
// RevokeSSHCertificate marks an SSH certificate as revoked.
RevokeSSHCertificate(context.Context, *TODO) (*TODO, error)
mustEmbedUnimplementedMajordomoServer()
}
// UnimplementedMajordomoServer must be embedded to have forward compatible implementations.
type UnimplementedMajordomoServer struct {
}
func (UnimplementedMajordomoServer) Login(context.Context, *LoginRequest) (*LoginResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Login not implemented")
}
func (UnimplementedMajordomoServer) GetConfiguration(context.Context, *ConfigurationRequest) (*ConfigurationResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method GetConfiguration not implemented")
}
func (UnimplementedMajordomoServer) StreamConfiguration(*ConfigurationRequest, Majordomo_StreamConfigurationServer) error {
return status.Errorf(codes.Unimplemented, "method StreamConfiguration not implemented")
}
func (UnimplementedMajordomoServer) CreateProvisioner(context.Context, *CreateProvisionerRequest) (*Provisioner, error) {
return nil, status.Errorf(codes.Unimplemented, "method CreateProvisioner not implemented")
}
func (UnimplementedMajordomoServer) DeleteProvisioner(context.Context, *DeleteProvisionerRequest) (*Provisioner, error) {
return nil, status.Errorf(codes.Unimplemented, "method DeleteProvisioner not implemented")
}
func (UnimplementedMajordomoServer) CreateAdministrator(context.Context, *CreateAdministratorRequest) (*Administrator, error) {
return nil, status.Errorf(codes.Unimplemented, "method CreateAdministrator not implemented")
}
func (UnimplementedMajordomoServer) DeleteAdministrator(context.Context, *DeleteAdministratorRequest) (*Administrator, error) {
return nil, status.Errorf(codes.Unimplemented, "method DeleteAdministrator not implemented")
}
func (UnimplementedMajordomoServer) PostCertificate(context.Context, *CertificateRequest) (*CertificateResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method PostCertificate not implemented")
}
func (UnimplementedMajordomoServer) PostSSHCertificate(context.Context, *SSHCertificateRequest) (*SSHCertificateResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method PostSSHCertificate not implemented")
}
func (UnimplementedMajordomoServer) RevokeCertificate(context.Context, *TODO) (*TODO, error) {
return nil, status.Errorf(codes.Unimplemented, "method RevokeCertificate not implemented")
}
func (UnimplementedMajordomoServer) RevokeSSHCertificate(context.Context, *TODO) (*TODO, error) {
return nil, status.Errorf(codes.Unimplemented, "method RevokeSSHCertificate not implemented")
}
func (UnimplementedMajordomoServer) mustEmbedUnimplementedMajordomoServer() {}
// UnsafeMajordomoServer may be embedded to opt out of forward compatibility for this service.
// Use of this interface is not recommended, as added methods to MajordomoServer will
// result in compilation errors.
type UnsafeMajordomoServer interface {
mustEmbedUnimplementedMajordomoServer()
}
func RegisterMajordomoServer(s grpc.ServiceRegistrar, srv MajordomoServer) {
s.RegisterService(&Majordomo_ServiceDesc, srv)
}
func _Majordomo_Login_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(LoginRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(MajordomoServer).Login(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/majordomo.Majordomo/Login",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(MajordomoServer).Login(ctx, req.(*LoginRequest))
}
return interceptor(ctx, in, info, handler)
}
func _Majordomo_GetConfiguration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(ConfigurationRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(MajordomoServer).GetConfiguration(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/majordomo.Majordomo/GetConfiguration",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(MajordomoServer).GetConfiguration(ctx, req.(*ConfigurationRequest))
}
return interceptor(ctx, in, info, handler)
}
func _Majordomo_StreamConfiguration_Handler(srv interface{}, stream grpc.ServerStream) error {
m := new(ConfigurationRequest)
if err := stream.RecvMsg(m); err != nil {
return err
}
return srv.(MajordomoServer).StreamConfiguration(m, &majordomoStreamConfigurationServer{stream})
}
type Majordomo_StreamConfigurationServer interface {
Send(*ConfigurationResponse) error
grpc.ServerStream
}
type majordomoStreamConfigurationServer struct {
grpc.ServerStream
}
func (x *majordomoStreamConfigurationServer) Send(m *ConfigurationResponse) error {
return x.ServerStream.SendMsg(m)
}
func _Majordomo_CreateProvisioner_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(CreateProvisionerRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(MajordomoServer).CreateProvisioner(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/majordomo.Majordomo/CreateProvisioner",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(MajordomoServer).CreateProvisioner(ctx, req.(*CreateProvisionerRequest))
}
return interceptor(ctx, in, info, handler)
}
func _Majordomo_DeleteProvisioner_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(DeleteProvisionerRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(MajordomoServer).DeleteProvisioner(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/majordomo.Majordomo/DeleteProvisioner",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(MajordomoServer).DeleteProvisioner(ctx, req.(*DeleteProvisionerRequest))
}
return interceptor(ctx, in, info, handler)
}
func _Majordomo_CreateAdministrator_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(CreateAdministratorRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(MajordomoServer).CreateAdministrator(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/majordomo.Majordomo/CreateAdministrator",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(MajordomoServer).CreateAdministrator(ctx, req.(*CreateAdministratorRequest))
}
return interceptor(ctx, in, info, handler)
}
func _Majordomo_DeleteAdministrator_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(DeleteAdministratorRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(MajordomoServer).DeleteAdministrator(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/majordomo.Majordomo/DeleteAdministrator",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(MajordomoServer).DeleteAdministrator(ctx, req.(*DeleteAdministratorRequest))
}
return interceptor(ctx, in, info, handler)
}
func _Majordomo_PostCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(CertificateRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(MajordomoServer).PostCertificate(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/majordomo.Majordomo/PostCertificate",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(MajordomoServer).PostCertificate(ctx, req.(*CertificateRequest))
}
return interceptor(ctx, in, info, handler)
}
func _Majordomo_PostSSHCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(SSHCertificateRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(MajordomoServer).PostSSHCertificate(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/majordomo.Majordomo/PostSSHCertificate",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(MajordomoServer).PostSSHCertificate(ctx, req.(*SSHCertificateRequest))
}
return interceptor(ctx, in, info, handler)
}
func _Majordomo_RevokeCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(TODO)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(MajordomoServer).RevokeCertificate(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/majordomo.Majordomo/RevokeCertificate",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(MajordomoServer).RevokeCertificate(ctx, req.(*TODO))
}
return interceptor(ctx, in, info, handler)
}
func _Majordomo_RevokeSSHCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(TODO)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(MajordomoServer).RevokeSSHCertificate(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/majordomo.Majordomo/RevokeSSHCertificate",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(MajordomoServer).RevokeSSHCertificate(ctx, req.(*TODO))
}
return interceptor(ctx, in, info, handler)
}
// Majordomo_ServiceDesc is the grpc.ServiceDesc for Majordomo service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
var Majordomo_ServiceDesc = grpc.ServiceDesc{
ServiceName: "majordomo.Majordomo",
HandlerType: (*MajordomoServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "Login",
Handler: _Majordomo_Login_Handler,
},
{
MethodName: "GetConfiguration",
Handler: _Majordomo_GetConfiguration_Handler,
},
{
MethodName: "CreateProvisioner",
Handler: _Majordomo_CreateProvisioner_Handler,
},
{
MethodName: "DeleteProvisioner",
Handler: _Majordomo_DeleteProvisioner_Handler,
},
{
MethodName: "CreateAdministrator",
Handler: _Majordomo_CreateAdministrator_Handler,
},
{
MethodName: "DeleteAdministrator",
Handler: _Majordomo_DeleteAdministrator_Handler,
},
{
MethodName: "PostCertificate",
Handler: _Majordomo_PostCertificate_Handler,
},
{
MethodName: "PostSSHCertificate",
Handler: _Majordomo_PostSSHCertificate_Handler,
},
{
MethodName: "RevokeCertificate",
Handler: _Majordomo_RevokeCertificate_Handler,
},
{
MethodName: "RevokeSSHCertificate",
Handler: _Majordomo_RevokeSSHCertificate_Handler,
},
},
Streams: []grpc.StreamDesc{
{
StreamName: "StreamConfiguration",
Handler: _Majordomo_StreamConfiguration_Handler,
ServerStreams: true,
},
},
Metadata: "majordomo/majordomo.proto",
}

1875
majordomo/provisioners.pb.go Normal file

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,137 @@
syntax = "proto3";
package majordomo;
option go_package = "github.com/smallstep/certificates/majordomo";
message Administrator {
enum Type {
UNKNOWN = 0;
ADMIN = 1;
SUPER_ADMIN = 2;
}
string id = 1;
string authority_id = 2;
string subject = 3;
string provisioner_id = 4;
Type type = 5;
}
message Provisioner {
enum Type {
NOOP = 0;
JWK = 1;
OIDC = 2;
GCP = 3;
AWS = 4;
AZURE = 5;
ACME = 6;
X5C = 7;
K8SSA = 8;
SSHPOP = 9;
}
string id = 1;
string authority_id = 2;
Type type = 3;
string name = 4;
ProvisionerDetails details = 5;
Claims claims = 6;
bytes x509_template = 7;
bytes x509_template_data = 8;
bytes ssh_template = 9;
bytes ssh_template_data = 10;
}
message ProvisionerDetails {
oneof data {
JWKProvisioner JWK = 20;
OIDCProvisioner OIDC = 21;
GCPProvisioner GCP = 22;
AWSProvisioner AWS = 23;
AzureProvisioner Azure = 24;
ACMEProvisioner ACME = 25;
X5CProvisioner X5C = 26;
K8sSAProvisioner K8sSA = 27;
SSHPOPProvisioner SSHPOP = 28;
}
}
message ProvisionerList {
repeated Provisioner provisioners = 1;
}
message Claims {
X509Claims x509 = 1;
SSHClaims ssh = 2;
bool disable_renewal = 3;
}
message X509Claims {
bool enabled = 1;
Durations durations = 2;
}
message SSHClaims {
bool enabled = 1;
Durations user_durations = 2;
Durations host_durations = 3;
}
message Durations {
string default = 1;
string min = 2;
string max = 3;
}
message JWKProvisioner {
bytes public_key = 1;
bytes encrypted_private_key = 2;
}
message OIDCProvisioner {
string client_id = 1;
string client_secret = 2;
string configuration_endpoint = 3;
repeated string admins = 4;
repeated string domains = 5;
repeated string groups = 6;
string listen_address = 7;
string tenant_id = 8;
}
message GCPProvisioner {
repeated string service_accounts = 1;
repeated string project_ids = 2;
bool disable_custom_sans = 3;
bool disable_trust_on_first_use = 4;
string instance_age = 5;
}
message AWSProvisioner {
repeated string accounts = 1;
bool disable_custom_sans = 2;
bool disable_trust_on_first_use = 3;
string instance_age = 4;
}
message AzureProvisioner {
string tenant_id = 1;
repeated string resource_groups = 2;
string audience = 3;
bool disable_custom_sans = 4;
bool disable_trust_on_first_use = 5;
}
message ACMEProvisioner {
bool force_cn = 1;
}
message X5CProvisioner {
repeated bytes roots = 1;
}
message K8sSAProvisioner {
repeated bytes public_keys = 1;
}
message SSHPOPProvisioner {}