Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions protect/control/v1/common.proto
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,17 @@ package protect.control.v1;
import "google/protobuf/struct.proto";
import "google/protobuf/timestamp.proto";

message ResourceOrigin {
string zone_id = 1;
string workload_id = 2;
string user_agent = 3;
}

message Zone {
string id = 1;
ZoneSpec spec = 2;
ZoneStatus status = 3;
ResourceOrigin origin = 4;
}

// Represents a Zone.
Expand All @@ -29,6 +36,22 @@ message ZoneSpec {
// When set, this zone is a fork of the named parent zone; the reconciler
// forks the child from the parent rather than building it from scratch.
string fork_parent_zone_id = 12;
// Configures Control API access for the zone.
ZoneControlApiSpec control_api = 13;
}

// Access control specification on the Control API for a zone.
enum ZoneControlApiAccess {
// Deny access to the Control API for this zone.
ZONE_CONTROL_API_ACCESS_DENY = 0;
// Allow access to the Control API for this zone.
ZONE_CONTROL_API_ACCESS_ALLOW = 1;
}

// Configures the Control API for a zone.
message ZoneControlApiSpec {
// Controls access to the Control API.
ZoneControlApiAccess access = 1;
}

enum ZoneResourceAdjustmentPolicy {
Expand Down Expand Up @@ -447,6 +470,7 @@ message Workload {
string id = 1;
WorkloadSpec spec = 2;
WorkloadStatus status = 3;
ResourceOrigin origin = 4;
}

enum HostCpuTopologyClass {
Expand Down
40 changes: 40 additions & 0 deletions protect/control/v1/control.proto
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,9 @@ import "protect/control/v1/common.proto";
service ControlService {
rpc GetHostStatus(GetHostStatusRequest) returns (GetHostStatusReply);
rpc SnoopIdm(SnoopIdmRequest) returns (stream SnoopIdmReply);
// Snoops on the Control API, returning a stream of live Control API packets.
// Other control API snoops will be skipped from the responses.
rpc SnoopControl(SnoopControlRequest) returns (stream SnoopControlReply);
rpc GetHostCpuTopology(GetHostCpuTopologyRequest) returns (GetHostCpuTopologyReply);

rpc ListDevices(ListDevicesRequest) returns (ListDevicesReply);
Expand Down Expand Up @@ -549,6 +552,43 @@ message SnoopIdmPacket {
bytes packet = 3;
}

// Request to snoop the Control API traffic for this host.
message SnoopControlRequest {}

// Reply for the SnoopControl RPC, contains a batch of packets from the Control API.
message SnoopControlReply {
// Snooped packets that were received from the Control API.
repeated SnoopControlPacket packets = 1;
// Number of packets that were skipped due to buffer constraints.
uint64 skipped = 2;
}

/// Represents the form of a packet in the Control API.
enum SnoopControlPacketForm {
SNOOP_CONTROL_PACKET_FORM_UNKNOWN = 0;
SNOOP_CONTROL_PACKET_FORM_REQUEST = 1;
SNOOP_CONTROL_PACKET_FORM_ERROR = 2;
SNOOP_CONTROL_PACKET_FORM_RESPONSE = 3;
}

/// Represents a packet of data in/out of the Control API.
message SnoopControlPacket {
// Unique identifier for the packet.
uint64 id = 1;
// Origin of the RPC.
ResourceOrigin origin = 2;
// Service name of the RPC.
string service = 3;
// Method name of the RPC.
string method = 4;
// Form of the packet.
SnoopControlPacketForm form = 5;
// Payload of the packet.
string payload = 6;
// Whether the stream is closed.
bool closed = 7;
}

// Pulls an OCI image into the local image cache, packing it into the requested `format`.
// `overwrite_cache` forces a fresh pull and repack even if the image is already cached.
// `update` re-resolves the image reference against the registry (picking up new content
Expand Down
Loading