syntax = "proto3";

package join;

option go_package = "github.com/edgelesssys/constellation/v2/joinservice/joinproto";

service API {
  // IssueJoinTicket issues a join ticket for a new node.
  rpc IssueJoinTicket(IssueJoinTicketRequest) returns (IssueJoinTicketResponse);
  // IssueRejoinTicket issues a join ticket for a node that has previously joined the cluster.
  rpc IssueRejoinTicket(IssueRejoinTicketRequest) returns (IssueRejoinTicketResponse);
}

message IssueJoinTicketRequest {
  // disk_uuid is the UUID of a node's state disk.
  string disk_uuid = 1;
  // certificate_request is a certificate request for the node's kubelet certificate.
  bytes certificate_request = 2;
  // is_control_plane indicates whether the node is a control-plane node.
  bool is_control_plane = 3;
}

message IssueJoinTicketResponse {
  // state_disk_key is the key used to encrypt the state disk.
  bytes state_disk_key = 1;
  // measurement_salt is a salt used to derive the node's ClusterID.
  // This value is persisted on the state disk.
  bytes measurement_salt = 2;
  // measurement_secret is a secret used to derive the node's ClusterID.
  // This value is NOT persisted on the state disk.
  bytes measurement_secret = 3;
  // kubelet_cert is the certificate to be used by the kubelet.
  bytes kubelet_cert = 4;
  // api_server_endpoint is the endpoint of Constellation's API server.
  string api_server_endpoint = 5;
  // token is the Kubernetes Join Token to be used by the node to join the cluster.
  string token = 6;
  // discovery_token_ca_cert_hash is a hash of the root certificate authority presented by the Kubernetes control-plane.
  string discovery_token_ca_cert_hash = 7;
  // control_plane_files is a list of control-plane certificates and keys.
  repeated control_plane_cert_or_key control_plane_files = 8;
  // kubernetes_version is the Kubernetes version to install on the node.
  string kubernetes_version = 9;
  // kubernetes_components is a list of components to install on the node.
  repeated KubernetesComponent kubernetes_components = 10;
}

message control_plane_cert_or_key {
  // name of the certificate or key.
  string name = 1;
  // data of the certificate or key.
  bytes data = 2;
}

message IssueRejoinTicketRequest {
  // disk_uuid is the UUID of a node's state disk.
  string disk_uuid = 1;
}

message IssueRejoinTicketResponse {
  // state_disk_key is the key to decrypt the state disk.
  bytes state_disk_key = 1;
  // measurement_secret is a secret used to derive the node's ClusterID.
  // This value is NOT persisted on the state disk.
  bytes measurement_secret = 2;
}

// Discuss if we want to import the init proto instead of duplicating it
message KubernetesComponent {
  // url to download the component from.
  string url = 1;
  // hash of the component.
  string hash = 2;
  // install_path is the path to install the component to.
  string install_path = 3;
  // extract indicates whether the component is an archive and needs to be extracted.
  bool extract = 4;
}