*: developer machine HSPKI credentials
In addition to k8s certificates, prodaccess now issues HSPKI
certificates, with DN=$username.sso.hswaw.net. These are installed into
XDG_CONFIG_HOME (or os equiv).
//go/pki will now automatically attempt to load these certificates. This
means you can now run any pki-dependant tool with -hspki_disable, and
with automatic mTLS!
Change-Id: I5b28e193e7c968d621bab0d42aabd6f0510fed6d
diff --git a/cluster/prodvider/proto/prodvider.proto b/cluster/prodvider/proto/prodvider.proto
index 1ae2798..ba5bf9d 100644
--- a/cluster/prodvider/proto/prodvider.proto
+++ b/cluster/prodvider/proto/prodvider.proto
@@ -15,6 +15,7 @@
}
Result result = 1;
KubernetesKeys kubernetes_keys = 2;
+ HSPKIKeys hspki_keys = 3;
}
message KubernetesKeys {
@@ -24,6 +25,13 @@
bytes key = 4;
}
+message HSPKIKeys {
+ bytes ca = 1;
+ bytes cert = 2;
+ bytes key = 3;
+ string principal = 4;
+}
+
service Prodvider {
rpc Authenticate(AuthenticateRequest) returns (AuthenticateResponse);
}