mirror of https://github.com/hashicorp/consul
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
349 lines
10 KiB
349 lines
10 KiB
syntax = "proto3"; |
|
|
|
package peering; |
|
|
|
import "google/protobuf/any.proto"; |
|
// TODO(peering): Handle this some other way |
|
import "proto/pbstatus/status.proto"; |
|
|
|
// PeeringService handles operations for establishing peering relationships |
|
// between disparate Consul clusters. |
|
service PeeringService { |
|
rpc GenerateToken(GenerateTokenRequest) returns (GenerateTokenResponse); |
|
rpc Initiate(InitiateRequest) returns (InitiateResponse); |
|
rpc PeeringRead(PeeringReadRequest) returns (PeeringReadResponse); |
|
rpc PeeringList(PeeringListRequest) returns (PeeringListResponse); |
|
rpc PeeringDelete(PeeringDeleteRequest) returns (PeeringDeleteResponse); |
|
|
|
// TODO(peering): As of writing, this method is only used in tests to set up Peerings in the state store. |
|
// Consider removing if we can find another way to populate state store in peering_endpoint_test.go |
|
rpc PeeringWrite(PeeringWriteRequest) returns (PeeringWriteResponse); |
|
|
|
// TODO(peering): Rename this to PeeredServiceRoots? or something like that? |
|
rpc TrustBundleListByService(TrustBundleListByServiceRequest) returns (TrustBundleListByServiceResponse); |
|
|
|
// StreamResources opens an event stream for resources to share between peers, such as services. |
|
// Events are streamed as they happen. |
|
// buf:lint:ignore RPC_REQUEST_STANDARD_NAME |
|
// buf:lint:ignore RPC_RESPONSE_STANDARD_NAME |
|
// buf:lint:ignore RPC_REQUEST_RESPONSE_UNIQUE |
|
rpc StreamResources(stream ReplicationMessage) returns (stream ReplicationMessage); |
|
} |
|
|
|
// PeeringState enumerates all the states a peering can be in |
|
enum PeeringState { |
|
// Undefined represents an unset value for PeeringState during |
|
// writes. |
|
UNDEFINED = 0; |
|
|
|
// Initial means a Peering has been initialized and is awaiting |
|
// acknowledgement from a remote peer. |
|
INITIAL = 1; |
|
|
|
// Active means that the peering connection is active and healthy. |
|
ACTIVE = 2; |
|
|
|
// Failing means the peering connection has been interrupted but has not yet |
|
// been terminated. |
|
FAILING = 3; |
|
|
|
// Terminated means the peering relationship has been removed. |
|
TERMINATED = 4; |
|
} |
|
|
|
// Peering defines a peering relationship between two disparate Consul clusters |
|
// |
|
// mog annotation: |
|
// |
|
// target=github.com/hashicorp/consul/api.Peering |
|
// output=peering.gen.go |
|
// name=API |
|
message Peering { |
|
// ID is a datacenter-scoped UUID for the peering. |
|
// The ID is generated when a peering is first written to the state store. |
|
string ID = 1; |
|
|
|
// Name is the local alias for the peering relationship. |
|
string Name = 2; |
|
|
|
// Partition is the local partition connecting to the peer. |
|
string Partition = 3; |
|
|
|
// Meta is a mapping of some string value to any other string value |
|
map<string, string> Meta = 11; |
|
|
|
// State is one of the valid PeeringState values to represent the status of |
|
// peering relationship. |
|
// |
|
// mog: func-to=PeeringStateToAPI func-from=PeeringStateFromAPI |
|
PeeringState State = 4; |
|
|
|
// PeerID is the ID that our peer assigned to this peering. |
|
// This ID is to be used when dialing the peer, so that it can know who dialed it. |
|
string PeerID = 5; |
|
|
|
// PeerCAPems contains all the CA certificates for the remote peer. |
|
repeated string PeerCAPems = 6; |
|
|
|
// PeerServerName is the name of the remote server as it relates to TLS. |
|
string PeerServerName = 7; |
|
|
|
// PeerServerAddresses contains all the the connection addresses for the remote peer. |
|
repeated string PeerServerAddresses = 8; |
|
|
|
// CreateIndex is the Raft index at which the Peering was created. |
|
uint64 CreateIndex = 9; |
|
|
|
// ModifyIndex is the latest Raft index at which the Peering. was modified. |
|
uint64 ModifyIndex = 10; |
|
} |
|
|
|
// PeeringTrustBundle holds the trust information for validating requests from a peer. |
|
message PeeringTrustBundle { |
|
// TrustDomain is the domain for the bundle, example.com, foo.bar.gov for example. Note that this must not have a prefix such as "spiffe://". |
|
string TrustDomain = 1; |
|
|
|
// PeerName associates the trust bundle with a peer. |
|
string PeerName = 2; |
|
|
|
// Partition isolates the bundle from other trust bundles in separate partitions. |
|
string Partition = 3; |
|
|
|
// RootPEMs holds ASN.1 DER encoded X.509 certificate data for the trust bundle. |
|
repeated string RootPEMs = 4; |
|
|
|
// CreateIndex is the Raft index at which the trust domain was created. |
|
uint64 CreateIndex = 5; |
|
|
|
// ModifyIndex is the latest Raft index at which the trust bundle was modified. |
|
uint64 ModifyIndex = 6; |
|
} |
|
|
|
// @consul-rpc-glue: Datacenter,ReadTODO |
|
message PeeringReadRequest { |
|
string Name = 1; |
|
string Partition = 2; |
|
|
|
string Datacenter = 3; |
|
|
|
//TODO(peering) query metadata |
|
} |
|
|
|
message PeeringReadResponse { |
|
Peering Peering = 1; |
|
|
|
//TODO(peering) query metadata |
|
} |
|
|
|
// @consul-rpc-glue: Datacenter,ReadTODO |
|
message PeeringListRequest { |
|
string Partition = 1; |
|
|
|
string Datacenter = 2; |
|
|
|
//TODO(peering) query metadata |
|
} |
|
|
|
message PeeringListResponse { |
|
repeated Peering Peerings = 1; |
|
|
|
//TODO(peering) query metadata |
|
} |
|
|
|
// @consul-rpc-glue: Datacenter,WriteTODO |
|
message PeeringWriteRequest { |
|
Peering Peering = 1; |
|
|
|
//TODO(peering): what to do with embedded write request? |
|
string Datacenter = 2; |
|
|
|
// Meta is a mapping of some string value to any other string value |
|
map<string, string> Meta = 3; |
|
} |
|
|
|
// TODO(peering): Consider returning Peering if we keep this endpoint around |
|
message PeeringWriteResponse {} |
|
|
|
// @consul-rpc-glue: Datacenter,WriteTODO |
|
message PeeringDeleteRequest { |
|
string Name = 1; |
|
|
|
string Partition = 2; |
|
|
|
//TODO(peering): what to do with embedded write request? |
|
string Datacenter = 3; |
|
} |
|
|
|
message PeeringDeleteResponse {} |
|
|
|
// @consul-rpc-glue: Datacenter,ReadTODO |
|
message TrustBundleListByServiceRequest { |
|
string ServiceName = 1; |
|
string Partition = 2; |
|
|
|
// these are common fields required for implementing structs.RPCInfo methods |
|
// that are used to forward requests |
|
string Datacenter = 3; |
|
} |
|
|
|
message TrustBundleListByServiceResponse { |
|
repeated PeeringTrustBundle Bundles = 1; |
|
} |
|
|
|
message PeeringTerminateByIDRequest { |
|
string ID = 1; |
|
} |
|
|
|
message PeeringTerminateByIDResponse {} |
|
|
|
// @consul-rpc-glue: Datacenter |
|
message PeeringTrustBundleWriteRequest { |
|
PeeringTrustBundle PeeringTrustBundle = 1; |
|
|
|
//TODO(peering): what to do with embedded write request? |
|
string Datacenter = 2; |
|
} |
|
|
|
message PeeringTrustBundleWriteResponse {} |
|
|
|
// @consul-rpc-glue: Datacenter |
|
message PeeringTrustBundleDeleteRequest { |
|
string Name = 1; |
|
|
|
string Partition = 2; |
|
|
|
//TODO(peering): what to do with embedded write request? |
|
string Datacenter = 3; |
|
} |
|
|
|
message PeeringTrustBundleDeleteResponse {} |
|
|
|
// mog annotation: |
|
// |
|
// target=github.com/hashicorp/consul/api.PeeringGenerateTokenRequest |
|
// output=peering.gen.go |
|
// name=API |
|
message GenerateTokenRequest { |
|
// Name of the remote peer. |
|
string PeerName = 1; |
|
|
|
// Partition is the local partition being peered. |
|
string Partition = 2; |
|
|
|
// these are common fields required for implementing structs.RPCInfo methods |
|
// that are used to forward requests |
|
string Datacenter = 3; |
|
string Token = 4; |
|
|
|
// Meta is a mapping of some string value to any other string value |
|
map<string, string> Meta = 5; |
|
} |
|
|
|
// mog annotation: |
|
// |
|
// target=github.com/hashicorp/consul/api.PeeringGenerateTokenResponse |
|
// output=peering.gen.go |
|
// name=API |
|
message GenerateTokenResponse { |
|
// PeeringToken is an opaque string provided to the remote peer for it to complete |
|
// the peering initialization handshake. |
|
string PeeringToken = 1; |
|
} |
|
|
|
// @consul-rpc-glue: Datacenter |
|
// |
|
// mog annotation: |
|
// |
|
// target=github.com/hashicorp/consul/api.PeeringInitiateRequest |
|
// output=peering.gen.go |
|
// name=API |
|
message InitiateRequest { |
|
// Name of the remote peer. |
|
string PeerName = 1; |
|
|
|
// The peering token returned from the peer's GenerateToken endpoint. |
|
string PeeringToken = 2; |
|
|
|
// Partition is the local partition being peered. |
|
string Partition = 3; |
|
|
|
// these are common fields required for implementing structs.RPCInfo methods |
|
// that are used to forward requests |
|
string Datacenter = 4; |
|
string Token = 5; |
|
|
|
// Meta is a mapping of some string value to any other string value |
|
map<string, string> Meta = 6; |
|
} |
|
|
|
// |
|
// mog annotation: |
|
// |
|
// target=github.com/hashicorp/consul/api.PeeringInitiateResponse |
|
// output=peering.gen.go |
|
// name=API |
|
message InitiateResponse { |
|
} |
|
|
|
message ReplicationMessage { |
|
oneof Payload { |
|
Request request = 1; |
|
Response response = 2; |
|
Terminated terminated = 3; |
|
} |
|
|
|
// A Request requests to subscribe to a resource of a given type. |
|
message Request { |
|
// An identifier for the peer making the request. |
|
// This identifier is provisioned by the serving peer prior to the request from the dialing peer. |
|
string PeerID = 1; |
|
|
|
// Nonce corresponding to that of the response being ACKed or NACKed. |
|
// Initial subscription requests will have an empty nonce. |
|
// The nonce is generated and incremented by the exporting peer. |
|
string Nonce = 2; |
|
|
|
// The type URL for the resource being requested or ACK/NACKed. |
|
string ResourceURL = 3; |
|
|
|
// The error if the previous response was not applied successfully. |
|
// This field is empty in the first subscription request. |
|
status.Status Error = 4; |
|
} |
|
|
|
// A Response contains resources corresponding to a subscription request. |
|
message Response { |
|
// Nonce identifying a response in a stream. |
|
string Nonce = 1; |
|
|
|
// The type URL of resource being returned. |
|
string ResourceURL = 2; |
|
|
|
// An identifier for the resource being returned. |
|
// This could be the SPIFFE ID of the service. |
|
string ResourceID = 3; |
|
|
|
// The resource being returned. |
|
google.protobuf.Any Resource = 4; |
|
|
|
// Operation enumerates supported operations for replicated resources. |
|
enum Operation { |
|
Unknown = 0; |
|
|
|
// UPSERT represents a create or update event. |
|
UPSERT = 1; |
|
|
|
// DELETE indicates the resource should be deleted. |
|
// In DELETE operations no Resource will be returned. |
|
// Deletion by an importing peer must be done with the type URL and ID. |
|
DELETE = 2; |
|
} |
|
|
|
// REQUIRED. The operation to be performed in relation to the resource. |
|
Operation operation = 5; |
|
} |
|
|
|
// Terminated is sent when a peering is deleted locally. |
|
// This message signals to the peer that they should clean up their local state about the peering. |
|
message Terminated {} |
|
}
|
|
|