cluster/prodvider: emit crdb certs
This emits short-lived user credentials for a `dev-user` in crdb-waw1
any time someone prodaccesses.
Change-Id: I0266a05c1f02225d762cfd2ca61976af0658639d
diff --git a/cluster/prodvider/proto/prodvider.proto b/cluster/prodvider/proto/prodvider.proto
index ba5bf9d..3987f9a 100644
--- a/cluster/prodvider/proto/prodvider.proto
+++ b/cluster/prodvider/proto/prodvider.proto
@@ -16,6 +16,7 @@
Result result = 1;
KubernetesKeys kubernetes_keys = 2;
HSPKIKeys hspki_keys = 3;
+ CockroachDBKeys crdb_keys = 4;
}
message KubernetesKeys {
@@ -32,6 +33,17 @@
string principal = 4;
}
+message CockroachDBKeys {
+ message Cluster {
+ string name = 1;
+ bytes ca = 2;
+ bytes cert = 3;
+ bytes key = 4;
+ string username = 5;
+ }
+ repeated Cluster clusters = 2;
+}
+
service Prodvider {
rpc Authenticate(AuthenticateRequest) returns (AuthenticateResponse);
}