constellation/bootstrapper/initproto/init.proto

syntax = "proto3";

package init;

import "internal/versions/components/components.proto";

option go_package = "github.com/edgelesssys/constellation/v2/bootstrapper/initproto";

service API {
  rpc Init(InitRequest) returns (stream InitResponse);
}

// InitRequest is the rpc message sent to the Constellation bootstrapper to initiate the cluster bootstrapping.
message InitRequest {
  reserved 4;
  reserved "cloud_service_account_uri";
  // KmsUri is an URI encoding access to the KMS service or master secret.
  string kms_uri = 1;
  // StorageUri is an URI encoding access to the storage service.
  string storage_uri = 2;
  // MeasurementSalt is a salt used to generate the clusterID for the initial bootstrapping node.
  bytes measurement_salt = 3;
  // KubernetesVersion is the version of Kubernetes to install.
  string kubernetes_version = 5;
  // ConformanceMode is a flag to indicate whether the cluster should be bootstrapped for Kubernetes conformance testing.
  bool conformance_mode = 6;
  // KubernetesComponents is a list of Kubernetes components to install.
  repeated components.Component kubernetes_components = 7;
  // InitSecret is a secret used to authenticate the initial bootstrapping node.
  bytes init_secret = 8;
  // ClusterName is the name of the cluster.
  string cluster_name = 9;
  // ApiserverCertSans is a list of Subject Alternative Names to add to the apiserver certificate.
  repeated string apiserver_cert_sans = 10;
  // ServiceCIDR is the CIDR to use for Kubernetes ClusterIPs.
  string service_cidr = 11;
}

// InitResponse is the rpc message sent by the Constellation bootstrapper in response to the InitRequest.
message InitResponse {
  oneof kind {
    InitSuccessResponse init_success = 1;
    InitFailureResponse init_failure = 2;
    LogResponseType log = 3;
  }
}

// InitSuccessResponse is the rpc message sent by the Constellation bootstrapper in response to the InitRequest when the bootstrapping was successful.
message InitSuccessResponse {
  // Kubeconfig is the kubeconfig for the bootstrapped cluster.
  bytes kubeconfig = 1;
  // OwnerID is the owner ID of the bootstrapped cluster.
  bytes owner_id = 2;
  // ClusterID is the cluster ID of the bootstrapped cluster.
  bytes cluster_id = 3;
}

// InitFailureResponse is the rpc message sent by the Constellation bootstrapper in response to the InitRequest when the bootstrapping failed.
message InitFailureResponse {
  // Error is the error message.
  string error = 1;
}

// LogResponseType is the rpc message sent by the Constellation bootstrapper to stream log messages.
message LogResponseType {
  // Log are the journald logs of the node.
  bytes log = 1;
}

// KubernetesComponent is a Kubernetes component to install.
message KubernetesComponent {
  // Url to the component.
  string url = 1;
  // Hash of the component.
  string hash = 2;
  // InstallPath is the path to install the component to.
  string install_path = 3;
  // Extract is a flag to indicate whether the component should be extracted.
  bool extract = 4;
}
Delete Coordinator core and apis 2022-06-21 11:59:12 -04:00			`syntax = "proto3";`

			`package init;`

versions: consolidate various types of Components There used to be three definitions of a Component type, and conversion routines between the three. Since the use case is always the same, and the Component semantics are defined by versions.go and the installer, it seems appropriate to define the Component type there and import it in the necessary places. 2023-12-11 02:08:55 -05:00			`import "internal/versions/components/components.proto";`

Update proto files to v2 2022-09-22 02:48:30 -04:00			`option go_package = "github.com/edgelesssys/constellation/v2/bootstrapper/initproto";`
Delete Coordinator core and apis 2022-06-21 11:59:12 -04:00
			`service API {`
bootstrapper: collect journald logs on failure (#1618) 2023-05-30 07:47:36 -04:00			`rpc Init(InitRequest) returns (stream InitResponse);`
Delete Coordinator core and apis 2022-06-21 11:59:12 -04:00			`}`

cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169) * Fix incorrect use of masterSecret salt for clusterID generation Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-08-07 09:24:46 -04:00			`// InitRequest is the rpc message sent to the Constellation bootstrapper to initiate the cluster bootstrapping.`
Delete Coordinator core and apis 2022-06-21 11:59:12 -04:00			`message InitRequest {`
remove unused CloudServiceAccountUri from init request (#2182) 2023-08-09 08:16:45 -04:00			`reserved 4;`
			`reserved "cloud_service_account_uri";`
cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169) * Fix incorrect use of masterSecret salt for clusterID generation Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-08-07 09:24:46 -04:00			`// KmsUri is an URI encoding access to the KMS service or master secret.`
			`string kms_uri = 1;`
			`// StorageUri is an URI encoding access to the storage service.`
			`string storage_uri = 2;`
			`// MeasurementSalt is a salt used to generate the clusterID for the initial bootstrapping node.`
			`bytes measurement_salt = 3;`
			`// KubernetesVersion is the version of Kubernetes to install.`
			`string kubernetes_version = 5;`
			`// ConformanceMode is a flag to indicate whether the cluster should be bootstrapped for Kubernetes conformance testing.`
			`bool conformance_mode = 6;`
			`// KubernetesComponents is a list of Kubernetes components to install.`
versions: consolidate various types of Components There used to be three definitions of a Component type, and conversion routines between the three. Since the use case is always the same, and the Component semantics are defined by versions.go and the installer, it seems appropriate to define the Component type there and import it in the necessary places. 2023-12-11 02:08:55 -05:00			`repeated components.Component kubernetes_components = 7;`
cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169) * Fix incorrect use of masterSecret salt for clusterID generation Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-08-07 09:24:46 -04:00			`// InitSecret is a secret used to authenticate the initial bootstrapping node.`
			`bytes init_secret = 8;`
			`// ClusterName is the name of the cluster.`
			`string cluster_name = 9;`
			`// ApiserverCertSans is a list of Subject Alternative Names to add to the apiserver certificate.`
			`repeated string apiserver_cert_sans = 10;`
Make Kubernetes serviceCIDR configurable in config (#2660) * config: pass serviceCIDR to kubeadm init * terraform: add serviceCIDR 2023-12-01 08:39:05 -05:00			`// ServiceCIDR is the CIDR to use for Kubernetes ClusterIPs.`
			`string service_cidr = 11;`
Delete Coordinator core and apis 2022-06-21 11:59:12 -04:00			`}`

cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169) * Fix incorrect use of masterSecret salt for clusterID generation Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-08-07 09:24:46 -04:00			`// InitResponse is the rpc message sent by the Constellation bootstrapper in response to the InitRequest.`
Delete Coordinator core and apis 2022-06-21 11:59:12 -04:00			`message InitResponse {`
bootstrapper: collect journald logs on failure (#1618) 2023-05-30 07:47:36 -04:00			`oneof kind {`
			`InitSuccessResponse init_success = 1;`
			`InitFailureResponse init_failure = 2;`
			`LogResponseType log = 3;`
			`}`
			`}`

cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169) * Fix incorrect use of masterSecret salt for clusterID generation Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-08-07 09:24:46 -04:00			`// InitSuccessResponse is the rpc message sent by the Constellation bootstrapper in response to the InitRequest when the bootstrapping was successful.`
bootstrapper: collect journald logs on failure (#1618) 2023-05-30 07:47:36 -04:00			`message InitSuccessResponse {`
cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169) * Fix incorrect use of masterSecret salt for clusterID generation Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-08-07 09:24:46 -04:00			`// Kubeconfig is the kubeconfig for the bootstrapped cluster.`
Refactor enforced/expected PCRs (#553) * Merge enforced and expected measurements * Update measurement generation to new format * Write expected measurements hex encoded by default * Allow hex or base64 encoded expected measurements * Allow hex or base64 encoded clusterID * Allow security upgrades to warnOnly flag * Upload signed measurements in JSON format * Fetch measurements either from JSON or YAML * Use yaml.v3 instead of yaml.v2 * Error on invalid enforced selection * Add placeholder measurements to config * Update e2e test to new measurement format Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-11-24 04:57:58 -05:00			`bytes kubeconfig = 1;`
cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169) * Fix incorrect use of masterSecret salt for clusterID generation Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-08-07 09:24:46 -04:00			`// OwnerID is the owner ID of the bootstrapped cluster.`
Refactor enforced/expected PCRs (#553) * Merge enforced and expected measurements * Update measurement generation to new format * Write expected measurements hex encoded by default * Allow hex or base64 encoded expected measurements * Allow hex or base64 encoded clusterID * Allow security upgrades to warnOnly flag * Upload signed measurements in JSON format * Fetch measurements either from JSON or YAML * Use yaml.v3 instead of yaml.v2 * Error on invalid enforced selection * Add placeholder measurements to config * Update e2e test to new measurement format Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-11-24 04:57:58 -05:00			`bytes owner_id = 2;`
cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169) * Fix incorrect use of masterSecret salt for clusterID generation Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-08-07 09:24:46 -04:00			`// ClusterID is the cluster ID of the bootstrapped cluster.`
Refactor enforced/expected PCRs (#553) * Merge enforced and expected measurements * Update measurement generation to new format * Write expected measurements hex encoded by default * Allow hex or base64 encoded expected measurements * Allow hex or base64 encoded clusterID * Allow security upgrades to warnOnly flag * Upload signed measurements in JSON format * Fetch measurements either from JSON or YAML * Use yaml.v3 instead of yaml.v2 * Error on invalid enforced selection * Add placeholder measurements to config * Update e2e test to new measurement format Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2022-11-24 04:57:58 -05:00			`bytes cluster_id = 3;`
Delete Coordinator core and apis 2022-06-21 11:59:12 -04:00			`}`
kubernetes: verify Kubernetes components 2022-11-14 13:09:49 -05:00
cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169) * Fix incorrect use of masterSecret salt for clusterID generation Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-08-07 09:24:46 -04:00			`// InitFailureResponse is the rpc message sent by the Constellation bootstrapper in response to the InitRequest when the bootstrapping failed.`
bootstrapper: collect journald logs on failure (#1618) 2023-05-30 07:47:36 -04:00			`message InitFailureResponse {`
cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169) * Fix incorrect use of masterSecret salt for clusterID generation Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-08-07 09:24:46 -04:00			`// Error is the error message.`
bootstrapper: collect journald logs on failure (#1618) 2023-05-30 07:47:36 -04:00			`string error = 1;`
			`}`

cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169) * Fix incorrect use of masterSecret salt for clusterID generation Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-08-07 09:24:46 -04:00			`// LogResponseType is the rpc message sent by the Constellation bootstrapper to stream log messages.`
bootstrapper: collect journald logs on failure (#1618) 2023-05-30 07:47:36 -04:00			`message LogResponseType {`
cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169) * Fix incorrect use of masterSecret salt for clusterID generation Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-08-07 09:24:46 -04:00			`// Log are the journald logs of the node.`
bootstrapper: collect journald logs on failure (#1618) 2023-05-30 07:47:36 -04:00			`bytes log = 1;`
			`}`

cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169) * Fix incorrect use of masterSecret salt for clusterID generation Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-08-07 09:24:46 -04:00			`// KubernetesComponent is a Kubernetes component to install.`
kubernetes: verify Kubernetes components 2022-11-14 13:09:49 -05:00			`message KubernetesComponent {`
cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169) * Fix incorrect use of masterSecret salt for clusterID generation Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-08-07 09:24:46 -04:00			`// Url to the component.`
kubernetes: verify Kubernetes components 2022-11-14 13:09:49 -05:00			`string url = 1;`
cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169) * Fix incorrect use of masterSecret salt for clusterID generation Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-08-07 09:24:46 -04:00			`// Hash of the component.`
kubernetes: verify Kubernetes components 2022-11-14 13:09:49 -05:00			`string hash = 2;`
cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169) * Fix incorrect use of masterSecret salt for clusterID generation Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-08-07 09:24:46 -04:00			`// InstallPath is the path to install the component to.`
kubernetes: verify Kubernetes components 2022-11-14 13:09:49 -05:00			`string install_path = 3;`
cli: fix incorrect usage of masterSecret salt for clusterID generation (#2169) * Fix incorrect use of masterSecret salt for clusterID generation Signed-off-by: Daniel Weiße <dw@edgeless.systems> --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Leonard Cohnen <lc@edgeless.systems> 2023-08-07 09:24:46 -04:00			`// Extract is a flag to indicate whether the component should be extracted.`
kubernetes: verify Kubernetes components 2022-11-14 13:09:49 -05:00			`bool extract = 4;`
			`}`