forked from TrueCloudLab/certificates
124 lines
2.4 KiB
Protocol Buffer
124 lines
2.4 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package linkedca;
|
|
|
|
option go_package = "github.com/smallstep/certificates/linkedca";
|
|
|
|
message Provisioner {
|
|
enum Type {
|
|
NOOP = 0;
|
|
JWK = 1;
|
|
OIDC = 2;
|
|
GCP = 3;
|
|
AWS = 4;
|
|
AZURE = 5;
|
|
ACME = 6;
|
|
X5C = 7;
|
|
K8SSA = 8;
|
|
SSHPOP = 9;
|
|
}
|
|
string id = 1;
|
|
string authority_id = 2;
|
|
Type type = 3;
|
|
string name = 4;
|
|
ProvisionerDetails details = 5;
|
|
Claims claims = 6;
|
|
bytes x509_template = 7;
|
|
bytes x509_template_data = 8;
|
|
bytes ssh_template = 9;
|
|
bytes ssh_template_data = 10;
|
|
}
|
|
|
|
message ProvisionerDetails {
|
|
oneof data {
|
|
JWKProvisioner JWK = 20;
|
|
OIDCProvisioner OIDC = 21;
|
|
GCPProvisioner GCP = 22;
|
|
AWSProvisioner AWS = 23;
|
|
AzureProvisioner Azure = 24;
|
|
ACMEProvisioner ACME = 25;
|
|
X5CProvisioner X5C = 26;
|
|
K8sSAProvisioner K8sSA = 27;
|
|
SSHPOPProvisioner SSHPOP = 28;
|
|
}
|
|
}
|
|
|
|
message ProvisionerList {
|
|
repeated Provisioner provisioners = 1;
|
|
}
|
|
|
|
message Claims {
|
|
X509Claims x509 = 1;
|
|
SSHClaims ssh = 2;
|
|
bool disable_renewal = 3;
|
|
}
|
|
|
|
message X509Claims {
|
|
bool enabled = 1;
|
|
Durations durations = 2;
|
|
}
|
|
|
|
message SSHClaims {
|
|
bool enabled = 1;
|
|
Durations user_durations = 2;
|
|
Durations host_durations = 3;
|
|
}
|
|
|
|
message Durations {
|
|
string default = 1;
|
|
string min = 2;
|
|
string max = 3;
|
|
}
|
|
|
|
message JWKProvisioner {
|
|
bytes public_key = 1;
|
|
bytes encrypted_private_key = 2;
|
|
}
|
|
|
|
message OIDCProvisioner {
|
|
string client_id = 1;
|
|
string client_secret = 2;
|
|
string configuration_endpoint = 3;
|
|
repeated string admins = 4;
|
|
repeated string domains = 5;
|
|
repeated string groups = 6;
|
|
string listen_address = 7;
|
|
string tenant_id = 8;
|
|
}
|
|
|
|
message GCPProvisioner {
|
|
repeated string service_accounts = 1;
|
|
repeated string project_ids = 2;
|
|
bool disable_custom_sans = 3;
|
|
bool disable_trust_on_first_use = 4;
|
|
string instance_age = 5;
|
|
}
|
|
|
|
message AWSProvisioner {
|
|
repeated string accounts = 1;
|
|
bool disable_custom_sans = 2;
|
|
bool disable_trust_on_first_use = 3;
|
|
string instance_age = 4;
|
|
}
|
|
|
|
message AzureProvisioner {
|
|
string tenant_id = 1;
|
|
repeated string resource_groups = 2;
|
|
string audience = 3;
|
|
bool disable_custom_sans = 4;
|
|
bool disable_trust_on_first_use = 5;
|
|
}
|
|
|
|
message ACMEProvisioner {
|
|
bool force_cn = 1;
|
|
}
|
|
|
|
message X5CProvisioner {
|
|
repeated bytes roots = 1;
|
|
}
|
|
|
|
message K8sSAProvisioner {
|
|
repeated bytes public_keys = 1;
|
|
}
|
|
|
|
message SSHPOPProvisioner {}
|