syntax = "proto3";

package majordomo;

option go_package = "github.com/smallstep/certificates/majordomo";

import "majordomo/provisioners.proto";

// Majordomo is the public service used to sync configurations to CA's and post
// certificates.
service Majordomo {
    // Login creates signs a given CSR and returns the certificate that will be
    // used for authentication.
    rpc Login(LoginRequest) returns (LoginResponse);

    // GetConfiguration returns the full configuration of an authority.
    rpc GetConfiguration(ConfigurationRequest) returns (ConfigurationResponse);
    // StreamConfiguration streams the full configuration of an authority. This
    // method is not yet supported.
    rpc StreamConfiguration(ConfigurationRequest) returns (stream ConfigurationResponse);

    // CreateProvisioner adds a new provisioner to the majordomo authority and
    // returns the proto representation.
    rpc CreateProvisioner(CreateProvisionerRequest) returns (Provisioner);
    // DeleteProvisioner deletes a previously created provisioner.
    rpc DeleteProvisioner(DeleteProvisionerRequest) returns (Provisioner);

    // CreateAdministrator adds a new admin user to the majordomo authority.
    // Admin users can add or delete provisioners.
    rpc CreateAdministrator(CreateAdministratorRequest) returns (Administrator);
    // DeleteAdministrator deletes a previously created admin user.
    rpc DeleteAdministrator(DeleteAdministratorRequest) returns (Administrator);

    // PostCertificate sends a signed X.509 certificate to majordomo.
    rpc PostCertificate(CertificateRequest) returns (CertificateResponse);
    // PostSSHCertificate sends a signed SSH certificate to majordomo.
    rpc PostSSHCertificate(SSHCertificateRequest) returns (SSHCertificateResponse);
    // RevokeCertificate marks an X.509 certificate as revoked.
    rpc RevokeCertificate(TODO) returns (TODO);
    // RevokeSSHCertificate marks an SSH certificate as revoked.
    rpc RevokeSSHCertificate(TODO) returns (TODO);
}

message TODO {}

message LoginRequest {
    string authority_id = 1;
    string username = 2;
    string password = 3;
    string pem_certificate_request = 4;
}

message LoginResponse {
    string pem_certificate = 1;
    string pem_certificate_chain = 2;
}

message ConfigurationRequest {
    // todo
}

message ConfigurationResponse {
    repeated Provisioner provisioners = 1;
    repeated Administrator admins = 2;
}

message CreateProvisionerRequest {
    Provisioner.Type type = 1;
    string name = 2;
    ProvisionerDetails details = 3;
    Claims claims = 4;
}

message DeleteProvisionerRequest {
    string id = 1;
}

message CreateAdministratorRequest {
    string name = 1;
    string provisioner_id = 2;
    Administrator.Type type = 3;
}

message DeleteAdministratorRequest {
    string id = 1;
}
message CertificateRequest {
    string pem_certificate = 1;
    string pem_certificate_chain = 2;
}

message CertificateResponse {
    string id = 1;
}

message SSHCertificateRequest {
    string certificate = 1;
}

message SSHCertificateResponse {
    string id = 1;
}