service/cluster: Add Cluster and Pod Agents
This change implements the Cluster Agent described in
https://docs.google.com/document/d/1fHZC9F3lyFo7v4bl5o9Bs1uNjE8-TvBD5PCl36UFlyg/view#heading=h.gvse1ra7h9wn
The Cluster Agent keeps a list of Secret Keys, one for each Service,
and Blessings associated with them. It issues new Blessings to whoever
presents a valid Secret Key. The new Blessings are extensions of the
Blessings associated with the Secret Key.
The Pod Agent implements the normal Agent interface (i.e. with
V23_AGENT_PATH and a unix socket), but internally talks to the Cluster
Agent to get its blessings. The Principal served by this Agent is
read-only.
Change-Id: Id9976603689b479db40e8afd35b3e67e9b1f4c91
diff --git a/services/cluster/service.vdl b/services/cluster/service.vdl
new file mode 100644
index 0000000..d6afe57
--- /dev/null
+++ b/services/cluster/service.vdl
@@ -0,0 +1,32 @@
+// Copyright 2015 The Vanadium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cluster
+
+import (
+ "v.io/v23/security"
+ "v.io/v23/security/access"
+)
+
+type ClusterAgentAdmin interface {
+ // Creates a new "secret" that can be used to retrieve extensions
+ // of the blessings granted on this RPC, e.g. with the rpc.Granter
+ // ClientCallOpt in Go.
+ NewSecret() (secret string | error) {access.Admin}
+
+ // Forgets a secret and its associated blessings.
+ ForgetSecret(secret string) error {access.Admin}
+
+ ClusterAgent
+}
+
+type ClusterAgent interface {
+ // Retrieves all the blessings associated with a particular secret.
+ // The only authorization required to access this method is the secret
+ // itself.
+ // TODO(rthellend): Consider adding other side-channel authorization
+ // mechanisms, e.g. verify that the IP address of the client belongs to
+ // an authorized user.
+ SeekBlessings(secret string) (security.WireBlessings | error)
+}
