1/* This proto file contains the service and structures for implementing
2 * a Consul CA provider plugin. For clearer documentation on what each
3 * RPC method should do, please refer to the Go interface documentation
4 * for `agent/connect/ca.Provider`.
5 *
6 * After implementing this service, the plugin must also output the proper
7 * format to stdout for the plugin handshake. Please refer to the Consul
8 * documentation for more information.
9 */
10
11syntax = "proto3";
12
13option go_package = "github.com/hashicorp/consul/agent/connect/ca/plugin";
14
15package plugin;
16
17service CA {
18    rpc Configure(ConfigureRequest) returns (Empty);
19    rpc GenerateRoot(Empty) returns (Empty);
20    rpc ActiveRoot(Empty) returns (ActiveRootResponse);
21    rpc GenerateIntermediateCSR(Empty) returns (GenerateIntermediateCSRResponse);
22    rpc SetIntermediate(SetIntermediateRequest) returns (Empty);
23    rpc ActiveIntermediate(Empty) returns (ActiveIntermediateResponse);
24    rpc GenerateIntermediate(Empty) returns (GenerateIntermediateResponse);
25    rpc Sign(SignRequest) returns (SignResponse);
26    rpc SignIntermediate(SignIntermediateRequest) returns (SignIntermediateResponse);
27    rpc CrossSignCA(CrossSignCARequest) returns (CrossSignCAResponse);
28    rpc Cleanup(Empty) returns (Empty);
29}
30
31message ConfigureRequest {
32    string cluster_id = 1;
33    bool is_root = 2;
34    bytes config = 3; // JSON-encoded structure
35}
36
37message SetIntermediateRequest {
38    string intermediate_pem = 1;
39    string root_pem = 2;
40}
41
42message SignRequest {
43    bytes csr = 1;
44}
45
46message SignIntermediateRequest {
47    bytes csr = 1;
48}
49
50message CrossSignCARequest {
51    bytes crt = 1;
52}
53
54message ActiveRootResponse {
55    string crt_pem = 1;
56}
57
58message GenerateIntermediateCSRResponse {
59    string csr_pem = 1;
60}
61
62message ActiveIntermediateResponse {
63    string crt_pem = 1;
64}
65
66message GenerateIntermediateResponse {
67    string crt_pem = 1;
68}
69
70message SignResponse {
71    string crt_pem = 1;
72}
73
74message SignIntermediateResponse {
75    string crt_pem = 1;
76}
77
78message CrossSignCAResponse {
79    string crt_pem = 1;
80}
81
82// Protobufs doesn't allow no req/resp so in the cases where there are
83// no arguments we use the Empty message.
84message Empty {}
85