mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
3b8d36d064
Updating swarmkit dependencies. Add more parameters for the secret driver API. Signed-off-by: Liron Levin <liron@twistlock.com>
554 lines
17 KiB
Protocol Buffer
554 lines
17 KiB
Protocol Buffer
syntax = "proto3";
|
|
|
|
package docker.swarmkit.v1;
|
|
|
|
import "github.com/docker/swarmkit/api/specs.proto";
|
|
import "github.com/docker/swarmkit/api/objects.proto";
|
|
import "github.com/docker/swarmkit/api/types.proto";
|
|
import "gogoproto/gogo.proto";
|
|
import "github.com/docker/swarmkit/protobuf/plugin/plugin.proto";
|
|
|
|
// Control defines the RPC methods for controlling a cluster.
|
|
service Control {
|
|
rpc GetNode(GetNodeRequest) returns (GetNodeResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
rpc ListNodes(ListNodesRequest) returns (ListNodesResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
rpc UpdateNode(UpdateNodeRequest) returns (UpdateNodeResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
rpc RemoveNode(RemoveNodeRequest) returns (RemoveNodeResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
|
|
rpc GetTask(GetTaskRequest) returns (GetTaskResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
rpc ListTasks(ListTasksRequest) returns (ListTasksResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
rpc RemoveTask(RemoveTaskRequest) returns (RemoveTaskResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
|
|
rpc GetService(GetServiceRequest) returns (GetServiceResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
rpc ListServices(ListServicesRequest) returns (ListServicesResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
rpc CreateService(CreateServiceRequest) returns (CreateServiceResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
rpc UpdateService(UpdateServiceRequest) returns (UpdateServiceResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
rpc RemoveService(RemoveServiceRequest) returns (RemoveServiceResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
|
|
rpc GetNetwork(GetNetworkRequest) returns (GetNetworkResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
rpc ListNetworks(ListNetworksRequest) returns (ListNetworksResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
rpc CreateNetwork(CreateNetworkRequest) returns (CreateNetworkResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
rpc RemoveNetwork(RemoveNetworkRequest) returns (RemoveNetworkResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
|
|
rpc GetCluster(GetClusterRequest) returns (GetClusterResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
rpc ListClusters(ListClustersRequest) returns (ListClustersResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
rpc UpdateCluster(UpdateClusterRequest) returns (UpdateClusterResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
|
|
// --- secret APIs ---
|
|
|
|
// GetSecret returns a `GetSecretResponse` with a `Secret` with the same
|
|
// id as `GetSecretRequest.SecretID`
|
|
// - Returns `NotFound` if the Secret with the given id is not found.
|
|
// - Returns `InvalidArgument` if the `GetSecretRequest.SecretID` is empty.
|
|
// - Returns an error if getting fails.
|
|
rpc GetSecret(GetSecretRequest) returns (GetSecretResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
}
|
|
|
|
// UpdateSecret returns a `UpdateSecretResponse` with a `Secret` with the same
|
|
// id as `GetSecretRequest.SecretID`
|
|
// - Returns `NotFound` if the Secret with the given id is not found.
|
|
// - Returns `InvalidArgument` if the `GetSecretRequest.SecretID` is empty.
|
|
// - Returns an error if updating fails.
|
|
rpc UpdateSecret(UpdateSecretRequest) returns (UpdateSecretResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
|
|
// ListSecrets returns a `ListSecretResponse` with a list of all non-internal `Secret`s being
|
|
// managed, or all secrets matching any name in `ListSecretsRequest.Names`, any
|
|
// name prefix in `ListSecretsRequest.NamePrefixes`, any id in
|
|
// `ListSecretsRequest.SecretIDs`, or any id prefix in `ListSecretsRequest.IDPrefixes`.
|
|
// - Returns an error if listing fails.
|
|
rpc ListSecrets(ListSecretsRequest) returns (ListSecretsResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
}
|
|
// CreateSecret creates and return a `CreateSecretResponse` with a `Secret` based
|
|
// on the provided `CreateSecretRequest.SecretSpec`.
|
|
// - Returns `InvalidArgument` if the `CreateSecretRequest.SecretSpec` is malformed,
|
|
// or if the secret data is too long or contains invalid characters.
|
|
// - Returns an error if the creation fails.
|
|
rpc CreateSecret(CreateSecretRequest) returns (CreateSecretResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
}
|
|
|
|
// RemoveSecret removes the secret referenced by `RemoveSecretRequest.ID`.
|
|
// - Returns `InvalidArgument` if `RemoveSecretRequest.ID` is empty.
|
|
// - Returns `NotFound` if the a secret named `RemoveSecretRequest.ID` is not found.
|
|
// - Returns an error if the deletion fails.
|
|
rpc RemoveSecret(RemoveSecretRequest) returns (RemoveSecretResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
}
|
|
|
|
// --- config APIs ---
|
|
|
|
// GetConfig returns a `GetConfigResponse` with a `Config` with the same
|
|
// id as `GetConfigRequest.ConfigID`
|
|
// - Returns `NotFound` if the Config with the given id is not found.
|
|
// - Returns `InvalidArgument` if the `GetConfigRequest.ConfigID` is empty.
|
|
// - Returns an error if getting fails.
|
|
rpc GetConfig(GetConfigRequest) returns (GetConfigResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
}
|
|
|
|
// UpdateConfig returns a `UpdateConfigResponse` with a `Config` with the same
|
|
// id as `GetConfigRequest.ConfigID`
|
|
// - Returns `NotFound` if the Config with the given id is not found.
|
|
// - Returns `InvalidArgument` if the `GetConfigRequest.ConfigID` is empty.
|
|
// - Returns an error if updating fails.
|
|
rpc UpdateConfig(UpdateConfigRequest) returns (UpdateConfigResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
};
|
|
|
|
// ListConfigs returns a `ListConfigResponse` with a list of `Config`s being
|
|
// managed, or all configs matching any name in `ListConfigsRequest.Names`, any
|
|
// name prefix in `ListConfigsRequest.NamePrefixes`, any id in
|
|
// `ListConfigsRequest.ConfigIDs`, or any id prefix in `ListConfigsRequest.IDPrefixes`.
|
|
// - Returns an error if listing fails.
|
|
rpc ListConfigs(ListConfigsRequest) returns (ListConfigsResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
}
|
|
// CreateConfig creates and return a `CreateConfigResponse` with a `Config` based
|
|
// on the provided `CreateConfigRequest.ConfigSpec`.
|
|
// - Returns `InvalidArgument` if the `CreateConfigRequest.ConfigSpec` is malformed,
|
|
// or if the config data is too long or contains invalid characters.
|
|
// - Returns an error if the creation fails.
|
|
rpc CreateConfig(CreateConfigRequest) returns (CreateConfigResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
}
|
|
|
|
// RemoveConfig removes the config referenced by `RemoveConfigRequest.ID`.
|
|
// - Returns `InvalidArgument` if `RemoveConfigRequest.ID` is empty.
|
|
// - Returns `NotFound` if the a config named `RemoveConfigRequest.ID` is not found.
|
|
// - Returns an error if the deletion fails.
|
|
rpc RemoveConfig(RemoveConfigRequest) returns (RemoveConfigResponse) {
|
|
option (docker.protobuf.plugin.tls_authorization) = { roles: "swarm-manager" };
|
|
}
|
|
}
|
|
|
|
message GetNodeRequest {
|
|
string node_id = 1;
|
|
}
|
|
|
|
message GetNodeResponse {
|
|
Node node = 1;
|
|
}
|
|
|
|
message ListNodesRequest {
|
|
message Filters {
|
|
repeated string names = 1;
|
|
repeated string id_prefixes = 2;
|
|
map<string, string> labels = 3;
|
|
repeated NodeSpec.Membership memberships = 4 [packed=false];
|
|
repeated NodeRole roles = 5 [packed=false];
|
|
// NamePrefixes matches all objects with the given prefixes
|
|
repeated string name_prefixes = 6;
|
|
}
|
|
|
|
Filters filters = 1;
|
|
}
|
|
|
|
message ListNodesResponse {
|
|
repeated Node nodes = 1;
|
|
}
|
|
|
|
// UpdateNodeRequest requests an update to the specified node. This may be used
|
|
// to request a new availability for a node, such as PAUSE. Invalid updates
|
|
// will be denied and cause an error.
|
|
message UpdateNodeRequest {
|
|
string node_id = 1;
|
|
Version node_version = 2;
|
|
NodeSpec spec = 3;
|
|
}
|
|
|
|
message UpdateNodeResponse {
|
|
Node node = 1;
|
|
}
|
|
|
|
// RemoveNodeRequest requests to delete the specified node from store.
|
|
message RemoveNodeRequest {
|
|
string node_id = 1;
|
|
bool force = 2;
|
|
}
|
|
|
|
message RemoveNodeResponse {
|
|
}
|
|
|
|
message GetTaskRequest {
|
|
string task_id = 1;
|
|
}
|
|
|
|
message GetTaskResponse {
|
|
Task task = 1;
|
|
}
|
|
|
|
message RemoveTaskRequest {
|
|
string task_id = 1;
|
|
}
|
|
|
|
message RemoveTaskResponse {
|
|
}
|
|
|
|
message ListTasksRequest {
|
|
message Filters {
|
|
repeated string names = 1;
|
|
repeated string id_prefixes = 2;
|
|
map<string, string> labels = 3;
|
|
repeated string service_ids = 4;
|
|
repeated string node_ids = 5;
|
|
repeated docker.swarmkit.v1.TaskState desired_states = 6 [packed=false];
|
|
// NamePrefixes matches all objects with the given prefixes
|
|
repeated string name_prefixes = 7;
|
|
repeated string runtimes = 9;
|
|
|
|
// UpToDate matches tasks that are consistent with the current
|
|
// service definition.
|
|
// Note: this is intended for internal status reporting rather
|
|
// than being exposed to users. It may be removed in the future.
|
|
bool up_to_date = 8;
|
|
}
|
|
|
|
Filters filters = 1;
|
|
}
|
|
|
|
message ListTasksResponse {
|
|
repeated Task tasks = 1;
|
|
}
|
|
|
|
message CreateServiceRequest {
|
|
ServiceSpec spec = 1;
|
|
}
|
|
|
|
message CreateServiceResponse {
|
|
Service service = 1;
|
|
}
|
|
|
|
message GetServiceRequest {
|
|
string service_id = 1;
|
|
bool insert_defaults = 2;
|
|
}
|
|
|
|
message GetServiceResponse {
|
|
Service service = 1;
|
|
}
|
|
|
|
message UpdateServiceRequest {
|
|
string service_id = 1;
|
|
Version service_version = 2;
|
|
ServiceSpec spec = 3;
|
|
|
|
enum Rollback {
|
|
// This is not a rollback. The spec field of the request will
|
|
// be honored.
|
|
NONE = 0;
|
|
|
|
// Roll back the service - get spec from the service's
|
|
// previous_spec.
|
|
PREVIOUS = 1;
|
|
}
|
|
|
|
// Rollback may be set to PREVIOUS to request a rollback (the service's
|
|
// spec will be set to the value of its previous_spec field). In this
|
|
// case, the spec field of this request is ignored.
|
|
Rollback rollback = 4;
|
|
}
|
|
|
|
message UpdateServiceResponse {
|
|
Service service = 1;
|
|
}
|
|
|
|
message RemoveServiceRequest {
|
|
string service_id = 1;
|
|
}
|
|
|
|
message RemoveServiceResponse {
|
|
}
|
|
|
|
message ListServicesRequest {
|
|
message Filters {
|
|
repeated string names = 1;
|
|
repeated string id_prefixes = 2;
|
|
map<string, string> labels = 3;
|
|
// NamePrefixes matches all objects with the given prefixes
|
|
repeated string name_prefixes = 4;
|
|
repeated string runtimes = 5;
|
|
}
|
|
|
|
Filters filters = 1;
|
|
}
|
|
|
|
message ListServicesResponse {
|
|
repeated Service services = 1;
|
|
}
|
|
|
|
message CreateNetworkRequest {
|
|
NetworkSpec spec = 1;
|
|
}
|
|
|
|
message CreateNetworkResponse {
|
|
Network network = 1;
|
|
}
|
|
|
|
message GetNetworkRequest {
|
|
string name = 1;
|
|
string network_id = 2;
|
|
}
|
|
|
|
message GetNetworkResponse {
|
|
Network network = 1;
|
|
}
|
|
|
|
message RemoveNetworkRequest {
|
|
string name = 1;
|
|
string network_id = 2;
|
|
}
|
|
|
|
message RemoveNetworkResponse {}
|
|
|
|
message ListNetworksRequest {
|
|
message Filters {
|
|
repeated string names = 1;
|
|
repeated string id_prefixes = 2;
|
|
map<string, string> labels = 3;
|
|
// NamePrefixes matches all objects with the given prefixes
|
|
repeated string name_prefixes = 4;
|
|
}
|
|
|
|
Filters filters = 1;
|
|
}
|
|
|
|
message ListNetworksResponse {
|
|
repeated Network networks = 1;
|
|
}
|
|
|
|
message GetClusterRequest {
|
|
string cluster_id = 1;
|
|
}
|
|
|
|
message GetClusterResponse {
|
|
Cluster cluster = 1;
|
|
}
|
|
|
|
message ListClustersRequest {
|
|
message Filters {
|
|
repeated string names = 1;
|
|
repeated string id_prefixes = 2;
|
|
map<string, string> labels = 3;
|
|
// NamePrefixes matches all objects with the given prefixes
|
|
repeated string name_prefixes = 4;
|
|
}
|
|
|
|
Filters filters = 1;
|
|
}
|
|
|
|
message ListClustersResponse {
|
|
repeated Cluster clusters = 1;
|
|
}
|
|
|
|
// KeyRotation tells UpdateCluster what items to rotate
|
|
message KeyRotation {
|
|
// WorkerJoinToken tells UpdateCluster to rotate the worker secret token.
|
|
bool worker_join_token = 1;
|
|
|
|
// ManagerJoinToken tells UpdateCluster to rotate the manager secret token.
|
|
bool manager_join_token = 2;
|
|
|
|
// ManagerUnlockKey tells UpdateCluster to rotate the manager unlock key
|
|
bool manager_unlock_key = 3;
|
|
|
|
}
|
|
|
|
message UpdateClusterRequest {
|
|
// ClusterID is the cluster ID to update.
|
|
string cluster_id = 1;
|
|
|
|
// ClusterVersion is the version of the cluster being updated.
|
|
Version cluster_version = 2;
|
|
|
|
// Spec is the new spec to apply to the cluster.
|
|
ClusterSpec spec = 3;
|
|
|
|
// Rotation contains flags for join token and unlock key rotation
|
|
KeyRotation rotation = 4 [(gogoproto.nullable) = false];
|
|
}
|
|
|
|
message UpdateClusterResponse {
|
|
Cluster cluster = 1;
|
|
}
|
|
|
|
// GetSecretRequest is the request to get a `Secret` object given a secret id.
|
|
message GetSecretRequest {
|
|
string secret_id = 1;
|
|
}
|
|
|
|
// GetSecretResponse contains the Secret corresponding to the id in
|
|
// `GetSecretRequest`, but the `Secret.Spec.Data` field in each `Secret`
|
|
// object should be nil instead of actually containing the secret bytes.
|
|
message GetSecretResponse {
|
|
Secret secret = 1;
|
|
}
|
|
|
|
message UpdateSecretRequest {
|
|
// SecretID is the secret ID to update.
|
|
string secret_id = 1;
|
|
|
|
// SecretVersion is the version of the secret being updated.
|
|
Version secret_version = 2;
|
|
|
|
// Spec is the new spec to apply to the Secret
|
|
// Only some fields are allowed to be updated.
|
|
SecretSpec spec = 3;
|
|
}
|
|
|
|
message UpdateSecretResponse {
|
|
Secret secret = 1;
|
|
}
|
|
|
|
// ListSecretRequest is the request to list all non-internal secrets in the secret store,
|
|
// or all secrets filtered by (name or name prefix or id prefix) and labels.
|
|
message ListSecretsRequest {
|
|
message Filters {
|
|
repeated string names = 1;
|
|
repeated string id_prefixes = 2;
|
|
map<string, string> labels = 3;
|
|
repeated string name_prefixes = 4;
|
|
}
|
|
|
|
Filters filters = 1;
|
|
}
|
|
|
|
// ListSecretResponse contains a list of all the secrets that match the name or
|
|
// name prefix filters provided in `ListSecretRequest`. The `Secret.Spec.Data`
|
|
// field in each `Secret` object should be nil instead of actually containing
|
|
// the secret bytes.
|
|
message ListSecretsResponse {
|
|
repeated Secret secrets = 1;
|
|
}
|
|
|
|
// CreateSecretRequest specifies a new secret (it will not update an existing
|
|
// secret) to create.
|
|
message CreateSecretRequest {
|
|
SecretSpec spec = 1;
|
|
}
|
|
|
|
// CreateSecretResponse contains the newly created `Secret` corresponding to the
|
|
// name in `CreateSecretRequest`. The `Secret.Spec.Data` field should be nil instead
|
|
// of actually containing the secret bytes.
|
|
message CreateSecretResponse {
|
|
Secret secret = 1;
|
|
}
|
|
|
|
// RemoveSecretRequest contains the ID of the secret that should be removed. This
|
|
// removes all versions of the secret.
|
|
message RemoveSecretRequest {
|
|
string secret_id = 1;
|
|
}
|
|
|
|
// RemoveSecretResponse is an empty object indicating the successful removal of
|
|
// a secret.
|
|
message RemoveSecretResponse {}
|
|
|
|
// GetConfigRequest is the request to get a `Config` object given a config id.
|
|
message GetConfigRequest {
|
|
string config_id = 1;
|
|
}
|
|
|
|
// GetConfigResponse contains the Config corresponding to the id in
|
|
// `GetConfigRequest`.
|
|
message GetConfigResponse {
|
|
Config config = 1;
|
|
}
|
|
|
|
message UpdateConfigRequest {
|
|
// ConfigID is the config ID to update.
|
|
string config_id = 1;
|
|
|
|
// ConfigVersion is the version of the config being updated.
|
|
Version config_version = 2;
|
|
|
|
// Spec is the new spec to apply to the Config
|
|
// Only some fields are allowed to be updated.
|
|
ConfigSpec spec = 3;
|
|
}
|
|
|
|
message UpdateConfigResponse {
|
|
Config config = 1;
|
|
}
|
|
|
|
// ListConfigRequest is the request to list all configs in the config store,
|
|
// or all configs filtered by (name or name prefix or id prefix) and labels.
|
|
message ListConfigsRequest {
|
|
message Filters {
|
|
repeated string names = 1;
|
|
repeated string id_prefixes = 2;
|
|
map<string, string> labels = 3;
|
|
repeated string name_prefixes = 4;
|
|
}
|
|
|
|
Filters filters = 1;
|
|
}
|
|
|
|
// ListConfigResponse contains a list of all the configs that match the name or
|
|
// name prefix filters provided in `ListConfigRequest`.
|
|
message ListConfigsResponse {
|
|
repeated Config configs = 1;
|
|
}
|
|
|
|
// CreateConfigRequest specifies a new config (it will not update an existing
|
|
// config) to create.
|
|
message CreateConfigRequest {
|
|
ConfigSpec spec = 1;
|
|
}
|
|
|
|
// CreateConfigResponse contains the newly created `Config` corresponding to the
|
|
// name in `CreateConfigRequest`.
|
|
message CreateConfigResponse {
|
|
Config config = 1;
|
|
}
|
|
|
|
// RemoveConfigRequest contains the ID of the config that should be removed. This
|
|
// removes all versions of the config.
|
|
message RemoveConfigRequest {
|
|
string config_id = 1;
|
|
}
|
|
|
|
// RemoveConfigResponse is an empty object indicating the successful removal of
|
|
// a config.
|
|
message RemoveConfigResponse {}
|