| Robin Thellend | efe48ef | 2015-10-13 09:52:03 -0700 | [diff] [blame] | 1 | // Copyright 2015 The Vanadium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style |
| 3 | // license that can be found in the LICENSE file. |
| 4 | |
| 5 | package cluster |
| 6 | |
| 7 | import ( |
| 8 | "v.io/v23/security" |
| 9 | "v.io/v23/security/access" |
| 10 | ) |
| 11 | |
| 12 | type ClusterAgentAdmin interface { |
| 13 | // Creates a new "secret" that can be used to retrieve extensions |
| 14 | // of the blessings granted on this RPC, e.g. with the rpc.Granter |
| 15 | // ClientCallOpt in Go. |
| 16 | NewSecret() (secret string | error) {access.Admin} |
| 17 | |
| 18 | // Forgets a secret and its associated blessings. |
| 19 | ForgetSecret(secret string) error {access.Admin} |
| 20 | |
| 21 | ClusterAgent |
| 22 | } |
| 23 | |
| 24 | type ClusterAgent interface { |
| 25 | // Retrieves all the blessings associated with a particular secret. |
| 26 | // The only authorization required to access this method is the secret |
| 27 | // itself. |
| 28 | // TODO(rthellend): Consider adding other side-channel authorization |
| 29 | // mechanisms, e.g. verify that the IP address of the client belongs to |
| 30 | // an authorized user. |
| 31 | SeekBlessings(secret string) (security.WireBlessings | error) |
| 32 | } |
