api/ca.proto
syntax = "proto3";
package docker.swarmkit.v1;
import "github.com/docker/swarmkit/api/types.proto";
import "github.com/docker/swarmkit/api/specs.proto";
import "gogoproto/gogo.proto";
import "github.com/docker/swarmkit/protobuf/plugin/plugin.proto";
// CA defines the RPC methods for requesting certificates from a CA.
service CA {
rpc GetRootCACertificate(GetRootCACertificateRequest) returns (GetRootCACertificateResponse) {
option (docker.protobuf.plugin.tls_authorization) = { insecure: true };
};
// GetUnlockKey returns the current unlock key for the cluster for the role of the client
// asking.
rpc GetUnlockKey(GetUnlockKeyRequest) returns (GetUnlockKeyResponse) {
option (docker.protobuf.plugin.tls_authorization) = { roles: ["swarm-manager"] };
};
}
service NodeCA {
rpc IssueNodeCertificate(IssueNodeCertificateRequest) returns (IssueNodeCertificateResponse) {
option (docker.protobuf.plugin.tls_authorization) = { insecure: true };
};
rpc NodeCertificateStatus(NodeCertificateStatusRequest) returns (NodeCertificateStatusResponse) {
option (docker.protobuf.plugin.tls_authorization) = { insecure: true };
};
}
message NodeCertificateStatusRequest {
string node_id = 1;
}
message NodeCertificateStatusResponse {
IssuanceStatus status = 1;
Certificate certificate = 2;
}
message IssueNodeCertificateRequest {
// DEPRECATED: Role is now selected based on which secret is matched.
NodeRole role = 1 [deprecated=true];
// CSR is the certificate signing request.
bytes csr = 2 [(gogoproto.customname) = "CSR"];
// Token represents a user-provided string that is necessary for new
// nodes to join the cluster
string token = 3;
// Availability allows a user to control the current scheduling status of a node
NodeSpec.Availability availability = 4;
}
message IssueNodeCertificateResponse {
string node_id = 1;
NodeSpec.Membership node_membership = 2;
}
message GetRootCACertificateRequest {}
message GetRootCACertificateResponse {
bytes certificate = 1;
}
message GetUnlockKeyRequest {}
message GetUnlockKeyResponse {
bytes unlock_key = 1;
Version version = 2 [(gogoproto.nullable) = false];
}