consul/proto/pbautoconf/auto_config.proto
Matt Keeler e813445e57 Agent Auto Config: Implement Certificate Generation (#8360)
Most of the groundwork was laid in previous PRs between adding the cert-monitor package to extracting the logic of signing certificates out of the connect_ca_endpoint.go code and into a method on the server.

This also refactors the auto-config package a bit to split things out into multiple files.
2020-07-28 19:32:22 +00:00

51 lines
1.8 KiB
Protocol Buffer

syntax = "proto3";
package autoconf;
option go_package = "github.com/hashicorp/consul/proto/pbautoconf";
import "proto/pbconfig/config.proto";
import "proto/pbconnect/connect.proto";
// AutoConfigRequest is the data structure to be sent along with the
// AutoConfig.InitialConfiguration RPC
message AutoConfigRequest {
// Datacenter is the local datacenter name. This wont actually be set by clients
// but rather will be set by the servers to allow for forwarding to
// the leader. If it ever happens to be set and differs from the local datacenters
// name then an error should be returned.
string Datacenter = 1;
// Node is the node name that the requester would like to assume
// the identity of.
string Node = 2;
// Segment is the network segment that the requester would like to join
string Segment = 4;
// JWT is a signed JSON Web Token used to authorize the request
string JWT = 5;
// ConsulToken is a Consul ACL token that the agent requesting the
// configuration already has.
string ConsulToken = 6;
// CSR is a certificate signing request to be used when generating the
// agents TLS certificate
string CSR = 7;
}
// AutoConfigResponse is the data structure sent in response to a AutoConfig.InitialConfiguration request
message AutoConfigResponse {
// Config is the partial Consul configuration to inject into the agents own configuration
config.Config Config = 1;
// CARoots is the current list of Connect CA Roots
connect.CARoots CARoots = 2;
// Certificate is the TLS certificate issued for the agent
connect.IssuedCert Certificate = 3;
// ExtraCACertificates holds non-Connect certificates that may be necessary
// to verify TLS connections with the Consul servers
repeated string ExtraCACertificates = 4;
}