consul/proto/pbpeering/peering.proto

syntax = "proto3";

package hashicorp.consul.internal.peering;

import "google/protobuf/timestamp.proto";

// PeeringService handles operations for establishing peering relationships
// between disparate Consul clusters.
service PeeringService {
  rpc GenerateToken(GenerateTokenRequest) returns (GenerateTokenResponse);
  rpc Establish(EstablishRequest) returns (EstablishResponse);
  rpc PeeringRead(PeeringReadRequest) returns (PeeringReadResponse);
  rpc PeeringList(PeeringListRequest) returns (PeeringListResponse);
  rpc PeeringDelete(PeeringDeleteRequest) returns (PeeringDeleteResponse);

  // TODO(peering): As of writing, this method is only used in tests to set up Peerings in the state store.
  // Consider removing if we can find another way to populate state store in peering_endpoint_test.go
  rpc PeeringWrite(PeeringWriteRequest) returns (PeeringWriteResponse);

  // TODO(peering): Rename this to PeeredServiceRoots? or something like that?
  rpc TrustBundleListByService(TrustBundleListByServiceRequest) returns (TrustBundleListByServiceResponse);

  rpc TrustBundleRead(TrustBundleReadRequest) returns (TrustBundleReadResponse);
}

// PeeringState enumerates all the states a peering can be in.
enum PeeringState {
  // Undefined represents an unset value for PeeringState during
  // writes.
  UNDEFINED = 0;

  // Pending means the peering was created by generating a peering token.
  // Peerings stay in a pending state until the peer uses the token to dial
  // the local cluster.
  PENDING = 1;

  // Establishing means the peering is being established from a peering token.
  // This is the initial state for dialing peers.
  ESTABLISHING = 2;

  // Active means that the peering connection is active and healthy.
  ACTIVE = 3;

  // Failing means the peering connection has been interrupted but has not yet
  // been terminated.
  FAILING = 4;

  // Deleting means a peering was marked for deletion and is in the process
  // of being deleted.
  DELETING = 5;

  // Terminated means the peering relationship has been removed.
  TERMINATED = 6;
}

message PeeringSecretsWriteRequest {
  enum Operation {
    OPERATION_UNSPECIFIED = 0;

    OPERATION_GENERATETOKEN = 1;

    OPERATION_EXCHANGESECRET = 2;

    OPERATION_PROMOTEPENDING = 3;
  }

  // Secret contains the peering secrets to write.
  PeeringSecrets secrets = 1;

  // Operation defines which action triggered the secrets write.
  Operation operation = 2;
}

// PeeringSecrets defines a secret used for authenticating/authorizing peer clusters.
message PeeringSecrets {
  // PeerID is the local UUID of the peering this secret was generated for.
  string PeerID = 1;

  message Establishment {
    // SecretID is the one-time-use peering establishment secret.
    string SecretID = 1;
  }

  message Stream {
    // ActiveSecretID is the active UUID-v4 secret being used for authorization at
    // the peering stream.
    string ActiveSecretID = 1;

    // PendingSecretID is a UUID-v4 secret introduced during secret rotation.
    // When a peering is established or re-established, both the active secret and
    // pending secret are considered valid. However, once the dialing peer uses
    // the pending secret then it transitions to active and the previously active
    // secret is discarded.
    //
    // Pending secret IDs are only valid for long-lived stream secrets.
    // Only one establishment secret can exist for a peer at a time since they
    // are designed for one-time use.
    string PendingSecretID = 2;
  }

  Establishment establishment = 2;

  Stream stream = 3;
}

// Peering defines a peering relationship between two disparate Consul clusters
//
// mog annotation:
//
// target=github.com/hashicorp/consul/api.Peering
// output=peering.gen.go
// name=API
message Peering {
  // ID is a datacenter-scoped UUID for the peering.
  // The ID is generated when a peering is first written to the state store.
  string ID = 1;

  // Name is the local alias for the peering relationship.
  string Name = 2;

  // Partition is the local partition connecting to the peer.
  string Partition = 3;

  // DeletedAt is the time when the Peering was marked for deletion
  // This is nullable so that we can omit if empty when encoding in JSON
  // mog: func-to=TimePtrFromProto func-from=TimePtrToProto
  google.protobuf.Timestamp DeletedAt = 4;

  // Meta is a mapping of some string value to any other string value
  map<string, string> Meta = 5;

  // State is one of the valid PeeringState values to represent the status of
  // peering relationship.
  //
  // mog: func-to=PeeringStateToAPI func-from=PeeringStateFromAPI
  PeeringState State = 6;

  // PeerID is the ID that our peer assigned to this peering.
  // This ID is to be used when dialing the peer, so that it can know who dialed it.
  string PeerID = 7;

  // PeerCAPems contains all the CA certificates for the remote peer.
  repeated string PeerCAPems = 8;

  // PeerServerName is the name of the remote server as it relates to TLS.
  string PeerServerName = 9;

  // PeerServerAddresses contains all the the connection addresses for the remote peer.
  repeated string PeerServerAddresses = 10;

  // ImportedServiceCount is the count of how many services are imported from this peering.
  uint64 ImportedServiceCount = 13;

  // ExportedServiceCount is the count of how many services are exported to this peering.
  uint64 ExportedServiceCount = 14;

  // CreateIndex is the Raft index at which the Peering was created.
  // @gotags: bexpr:"-"
  uint64 CreateIndex = 11;

  // ModifyIndex is the latest Raft index at which the Peering. was modified.
  // @gotags: bexpr:"-"
  uint64 ModifyIndex = 12;
}

// PeeringTrustBundle holds the trust information for validating requests from a peer.
message PeeringTrustBundle {
  // TrustDomain is the domain for the bundle, example.com, foo.bar.gov for example. Note that this must not have a prefix such as "spiffe://".
  string TrustDomain = 1;

  // PeerName associates the trust bundle with a peer.
  string PeerName = 2;

  // Partition isolates the bundle from other trust bundles in separate local partitions.
  string Partition = 3;

  // RootPEMs holds ASN.1 DER encoded X.509 certificate data for the trust bundle.
  repeated string RootPEMs = 4;

  // ExportedPartition references the remote partition of the peer
  // which sent this trust bundle. Used for generating SpiffeIDs.
  string ExportedPartition = 5;

  // CreateIndex is the Raft index at which the trust domain was created.
  // @gotags: bexpr:"-"
  uint64 CreateIndex = 6;

  // ModifyIndex is the latest Raft index at which the trust bundle was modified.
  // @gotags: bexpr:"-"
  uint64 ModifyIndex = 7;
}

// @consul-rpc-glue: LeaderReadTODO
message PeeringReadRequest {
  string Name = 1;
  string Partition = 2;
}

message PeeringReadResponse {
  Peering Peering = 1;
}

// @consul-rpc-glue: LeaderReadTODO
message PeeringListRequest {
  string Partition = 1;
}

message PeeringListResponse {
  repeated Peering Peerings = 1;
}

message PeeringWriteRequest {
  // Peering is the peering to write with the request.
  Peering Peering = 1;

  // Secret contains the optional peering secrets to persist
  // with the peering. Peering secrets are not embedded in the peering
  // object to avoid leaking them.
  PeeringSecretsWriteRequest SecretsRequest = 2;

  map<string, string> Meta = 3;
}

// TODO(peering): Consider returning Peering if we keep this endpoint around
message PeeringWriteResponse {}

message PeeringDeleteRequest {
  string Name = 1;

  string Partition = 2;
}

message PeeringDeleteResponse {}

message TrustBundleListByServiceRequest {
  string ServiceName = 1;
  string Namespace = 2;
  string Partition = 3;
  string Kind = 4;
}

message TrustBundleListByServiceResponse {
  uint64 Index = 1;
  repeated PeeringTrustBundle Bundles = 2;
}

message TrustBundleReadRequest {
  string Name = 1;
  string Partition = 2;
}

message TrustBundleReadResponse {
  uint64 Index = 1;
  PeeringTrustBundle Bundle = 2;
}

// This is a purely internal type and does not require query metadata.
message PeeringTerminateByIDRequest {
  string ID = 1;
}

message PeeringTerminateByIDResponse {}

message PeeringTrustBundleWriteRequest {
  PeeringTrustBundle PeeringTrustBundle = 1;
}

message PeeringTrustBundleWriteResponse {}

message PeeringTrustBundleDeleteRequest {
  string Name = 1;

  string Partition = 2;
}

message PeeringTrustBundleDeleteResponse {}

// mog annotation:
//
// target=github.com/hashicorp/consul/api.PeeringGenerateTokenRequest
// output=peering.gen.go
// name=API
message GenerateTokenRequest {
  // Name of the remote peer.
  string PeerName = 1;

  // Partition is the local partition being peered.
  string Partition = 2;

  // Meta is a mapping of some string value to any other string value
  map<string, string> Meta = 5;

  // ServerExternalAddresses is a list of addresses to put into the generated token. This could be used to specify
  // load balancer(s) or external IPs to reach the servers from the dialing side, and will override any server
  // addresses obtained from the "consul" service.
  repeated string ServerExternalAddresses = 6;
}

// mog annotation:
//
// target=github.com/hashicorp/consul/api.PeeringGenerateTokenResponse
// output=peering.gen.go
// name=API
message GenerateTokenResponse {
  // PeeringToken is an opaque string provided to the remote peer for it to complete
  // the peering initialization handshake.
  string PeeringToken = 1;
}

// mog annotation:
//
// target=github.com/hashicorp/consul/api.PeeringEstablishRequest
// output=peering.gen.go
// name=API
message EstablishRequest {
  // Name of the remote peer.
  string PeerName = 1;

  // The peering token returned from the peer's GenerateToken endpoint.
  string PeeringToken = 2;

  // Partition is the local partition being peered.
  string Partition = 3;

  // Meta is a mapping of some string value to any other string value
  map<string, string> Meta = 4;
}

// mog annotation:
//
// target=github.com/hashicorp/consul/api.PeeringEstablishResponse
// output=peering.gen.go
// name=API
message EstablishResponse {}