diff --git a/protect/control/v1/common.proto b/protect/control/v1/common.proto index 3e63c2d..d24b79c 100644 --- a/protect/control/v1/common.proto +++ b/protect/control/v1/common.proto @@ -290,6 +290,11 @@ message ZoneNetworkNeighborEntry { uint32 kind = 6; } +message ZoneServiceConfig { + string zone_id = 1; + string service = 2; +} + message ZoneNetworkConfig { repeated ZoneNetworkInterfaceConfig interfaces = 1; repeated ZoneNetworkRoute routes = 2; @@ -366,6 +371,11 @@ message NetworkReservation { string gateway_mac = 7; } +message ServiceEntry { + string zone_id = 1; + string service_name = 2; +} + message WorkloadSpec { string name = 1; string zone_id = 2; diff --git a/protect/control/v1/control.proto b/protect/control/v1/control.proto index 8bc2548..531465c 100644 --- a/protect/control/v1/control.proto +++ b/protect/control/v1/control.proto @@ -33,10 +33,15 @@ service ControlService { rpc ResolveZoneIds(ResolveZoneIdsRequest) returns (ResolveZoneIdsReply); rpc GetZone(GetZoneRequest) returns (GetZoneReply); rpc ListZones(ListZonesRequest) returns (stream ListZonesReply); + rpc DiscoverServices(DiscoverServicesRequest) returns (stream DiscoverServicesReply); + rpc GetSpireBundle(SpireBundleRequest) returns (SpireBundleReply); rpc UpdateZoneResources(UpdateZoneResourcesRequest) returns (UpdateZoneResourcesReply); rpc ConfigureZoneNetwork(ConfigureZoneNetworkRequest) returns (ConfigureZoneNetworkReply); + rpc AdvertiseZoneService(AdvertiseZoneServiceRequest) returns (AdvertiseZoneServiceReply); + rpc UnadvertiseZoneService(UnadvertiseZoneServiceRequest) returns (UnadvertiseZoneServiceReply); + rpc AttachZoneConsole(stream ZoneConsoleRequest) returns (stream ZoneConsoleReply); rpc ExecuteZoneCommand(stream ExecuteZoneCommandRequest) returns (stream ExecuteZoneCommandReply); rpc ReadZoneMetrics(ReadZoneMetricsRequest) returns (ReadZoneMetricsReply); @@ -65,6 +70,8 @@ service ControlService { rpc DialObjectCapability(stream DialObjectCapabilityRequest) returns (stream DialObjectCapabilityReply); rpc ListObjectCapabilities(ListObjectCapabilitiesRequest) returns (stream ListObjectCapabilitiesReply); + + rpc SpireMetadata(SpireMetadataRequest) returns (SpireMetadataReply); } // Requests info about the current Edera daemon/host on this machine. @@ -217,6 +224,18 @@ message ZoneKernelEventStreamUpdate { // Stops the current syscall event stream subscription. message ZoneKernelEventStreamStop {} +message SpireMetadataRequest { + string zone_id = 1; +} + +message SpireMetadataReply { + string identifier = 1; + // The zone the identifier was resolved for. When the request omits zoneID, + // the daemon fills it from the authenticated in-zone control channel and + // echoes it here so the caller learns its own zone without a side channel. + string zone_id = 2; +} + // roughly maps to libscap's `scap_threadinfo` type. // See https://github.com/falcosecurity/libs/blob/af6e6f276bf3a847159b3cdfdbcc9efda9a620b9/userspace/libscap/scap.h#L244 message ZoneKernelThreadInfo { @@ -425,6 +444,18 @@ message ZoneKernelEventParam { string param_type_pretty = 5; } +message DiscoverServicesRequest {} + +message DiscoverServicesReply { + repeated ServiceEntry service_entry = 1; +} + +message SpireBundleRequest {} + +message SpireBundleReply { + string bundle = 1; +} + // Client stream message for `ExecuteZoneCommand`. The first message sent must be an // `ExecuteZoneCommandStart`; subsequent messages carry stdin data or terminal resizes. message ExecuteZoneCommandRequest { @@ -512,6 +543,8 @@ message WatchEventsReply { oneof event { ZoneChangedEvent zone_changed = 1; WorkloadChangedEvent workload_changed = 2; + AdvertiseServiceEvent advertise_service = 3; + UnadvertiseServiceEvent unadvertise_service = 4; } } @@ -525,6 +558,14 @@ message WorkloadChangedEvent { Workload workload = 1; } +message AdvertiseServiceEvent { + ServiceEntry service_entry = 1; +} + +message UnadvertiseServiceEvent { + string uuid = 1; +} + // Reads the most recently collected metrics (memory, CPU, etc.) for the given zone. // Metrics are served from a daemon-managed cache. message ReadZoneMetricsRequest { @@ -823,6 +864,19 @@ message ConfigureZoneNetworkRequest { message ConfigureZoneNetworkReply {} +message AdvertiseZoneServiceRequest { + string uuid = 1; + ZoneServiceConfig config = 2; +} + +message AdvertiseZoneServiceReply {} + +message UnadvertiseZoneServiceRequest { + ZoneServiceConfig config = 2; +} + +message UnadvertiseZoneServiceReply {} + // Client stream message for `DialNetworkSocket`. The first message must be a // `DialNetworkSocketStart`. Subsequent messages carry data to write to the connection. message DialNetworkSocketRequest {