*: developer machine HSPKI credentials In addition to k8s certificates, prodaccess now issues HSPKI certificates, with DN=$username.sso.hswaw.net. These are installed into XDG_CONFIG_HOME (or os equiv). //go/pki will now automatically attempt to load these certificates. This means you can now run any pki-dependant tool with -hspki_disable, and with automatic mTLS! Change-Id: I5b28e193e7c968d621bab0d42aabd6f0510fed6d

commit: f3312ef77ed0db94e20944efc6395750072f54d5 [log] [tgz]
author: Serge Bazanski <q3k@hackerspace.pl> Sat Aug 01 17:15:52 2020 +0200
committer: Serge Bazanski <q3k@hackerspace.pl> Sat Aug 01 17:15:52 2020 +0200
tree: f82574f21b6f7415e4aea49ea92b7785eb7c6aba
parent: 1e1a4ddfc88008465aa38e4c037d2ba5d6ec8130 [diff] [blame]
diff --git a/cluster/prodvider/proto/prodvider.proto b/cluster/prodvider/proto/prodvider.proto
index 1ae2798..ba5bf9d 100644
--- a/cluster/prodvider/proto/prodvider.proto
+++ b/cluster/prodvider/proto/prodvider.proto

@@ -15,6 +15,7 @@
     }
     Result result = 1;
     KubernetesKeys kubernetes_keys = 2;
+    HSPKIKeys hspki_keys = 3;
 }
 
 message KubernetesKeys {
@@ -24,6 +25,13 @@
     bytes key = 4;
 }
 
+message HSPKIKeys {
+    bytes ca = 1;
+    bytes cert = 2;
+    bytes key = 3;
+    string principal = 4;
+}
+
 service Prodvider {
     rpc Authenticate(AuthenticateRequest) returns (AuthenticateResponse);
 }
commit	f3312ef77ed0db94e20944efc6395750072f54d5	[log] [tgz]
author	Serge Bazanski <q3k@hackerspace.pl>	Sat Aug 01 17:15:52 2020 +0200
committer	Serge Bazanski <q3k@hackerspace.pl>	Sat Aug 01 17:15:52 2020 +0200
tree	f82574f21b6f7415e4aea49ea92b7785eb7c6aba
parent	1e1a4ddfc88008465aa38e4c037d2ba5d6ec8130 [diff] [blame]