tking/guildhouse-proto
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
guildhouse-proto/quartermaster/v1/credentials.proto
Tyler King 2720a631b8 Initial: Guildhouse protobuf definitions 
14 proto files across 5 gRPC service domains:
- quartermaster/v1 (6): governance, registry, notary, credentials, capabilities, pipelines
- bascule/v1 (4): session, command, gateway, ceremony
- workspace/v1 (1): workspace management
- runner/v1 (2): pipeline execution
- schematic/v1 (1): composite meta-artifacts

Consumed as a git submodule by guildhouse-platform (Rust) and guildhouse-dashboard (Python).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 10:29:06 -05:00

121 lines
3.3 KiB
Protocol Buffer
Raw Blame History

syntax = "proto3";
package quartermaster.v1;
import "google/protobuf/timestamp.proto";
service QuartermasterCredentials {
rpc ProvisionDatabase (ProvisionDatabaseRequest) returns (ProvisionDatabaseResponse);
rpc RotateCredential (RotateCredentialRequest) returns (RotateCredentialResponse);
rpc RevokeCredential (RevokeCredentialRequest) returns (RevokeCredentialResponse);
rpc GetCredentialRef (GetCredentialRefRequest) returns (GetCredentialRefResponse);
rpc ListCredentials (ListCredentialsRequest) returns (ListCredentialsResponse);
// Phase 8: Cloud credential provisioning via STS AssumeRole.
rpc ProvisionCloudCredential (ProvisionCloudCredentialRequest) returns (ProvisionCloudCredentialResponse);
rpc RevokeCloudCredential (RevokeCloudCredentialRequest) returns (RevokeCloudCredentialResponse);
rpc GetCloudCredential (GetCloudCredentialRequest) returns (GetCloudCredentialResponse);
}
message ProvisionDatabaseRequest {
string cluster_id = 1;
string service_name = 2;
string database_name = 3;
}
message ProvisionDatabaseResponse {
string credential_id = 1;
string secret_ref = 2;
string secret_namespace = 3;
google.protobuf.Timestamp issued_at = 4;
bytes merkle_leaf = 5;
}
message RotateCredentialRequest {
string credential_id = 1;
}
message RotateCredentialResponse {
string new_credential_id = 1;
string secret_ref = 2;
google.protobuf.Timestamp issued_at = 3;
bytes merkle_leaf = 4;
}
message RevokeCredentialRequest {
string credential_id = 1;
}
message RevokeCredentialResponse {
google.protobuf.Timestamp revoked_at = 1;
}
message GetCredentialRefRequest {
string credential_id = 1;
}
message GetCredentialRefResponse {
string credential_id = 1;
string cluster_id = 2;
string service_name = 3;
string credential_type = 4;
string username = 5;
string database_name = 6;
string secret_ref = 7;
string secret_namespace = 8;
google.protobuf.Timestamp issued_at = 9;
google.protobuf.Timestamp expires_at = 10;
bool revoked = 11;
}
message ListCredentialsRequest {
string cluster_id = 1;
}
message ListCredentialsResponse {
repeated GetCredentialRefResponse credentials = 1;
}
// Phase 8: Cloud credential provisioning messages.
message ProvisionCloudCredentialRequest {
string tenant_id = 1;
string workspace_name = 2;
string operation_id = 3;
string provider_type = 4;
string role_arn = 5;
string session_policy = 6;
uint32 duration_seconds = 7;
string external_id = 8;
}
message ProvisionCloudCredentialResponse {
string credential_ref_id = 1;
map<string, string> credentials = 2;
google.protobuf.Timestamp expires_at = 3;
string session_name = 4;
bytes merkle_leaf = 5;
}
message RevokeCloudCredentialRequest {
string credential_ref_id = 1;
}
message RevokeCloudCredentialResponse {
google.protobuf.Timestamp revoked_at = 1;
}
message GetCloudCredentialRequest {
string credential_ref_id = 1;
}
message GetCloudCredentialResponse {
string credential_ref_id = 1;
string tenant_id = 2;
string provider_type = 3;
string role_arn = 4;
string session_name = 5;
google.protobuf.Timestamp issued_at = 6;
google.protobuf.Timestamp expires_at = 7;
bool revoked = 8;
bytes merkle_leaf = 9;
}
Reference in a new issue View git blame Copy permalink