Merge pull request #198 from algamaes/algamaes/add_tls_between_mochos…

…tagent_and_mocguestagent

Enable TLS communication between mochostagent and mocguestagent

go.mod

@@ -20,7 +20,7 @@ require (
 	github.com/kr/pretty v0.1.0 // indirect
 	golang.org/x/net v0.8.0 // indirect
 	golang.org/x/sys v0.6.0 // indirect
-	golang.org/x/text v0.11.0 // indirect
+	golang.org/x/text v0.12.0 // indirect
 	google.golang.org/genproto v0.0.0-20200128133413-58ce757ed39b // indirect
 	google.golang.org/protobuf v1.31.0 // indirect
 	gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 // indirect

go.sum

@@ -72,8 +72,8 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4=
-golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc=
+golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=

rpc/common/moc_common_common.proto

@@ -218,13 +218,14 @@ enum ProviderAccessOperation {
 	Key_Sign 						= 506; 
 	Key_Verify 						= 507; 
 
-	VirtualMachine_Create 			= 600; 
-	VirtualMachine_Update 			= 601; 
-	VirtualMachine_Delete			= 602; 
-	VirtualMachine_Validate			= 603; 
-	VirtualMachine_Start 			= 604;
-	VirtualMachine_Stop 			= 605;
-	VirtualMachine_Reset 			= 606;
+	VirtualMachine_Create 				= 600; 
+	VirtualMachine_Update 				= 601; 
+	VirtualMachine_Delete				= 602; 
+	VirtualMachine_Validate				= 603; 
+	VirtualMachine_Start 				= 604;
+	VirtualMachine_Stop 				= 605;
+	VirtualMachine_Reset 				= 606;
+	VirtualMachine_Repair_Guest_Agent		= 607;
 
 	Cluster_Create					= 700; 
 	Cluster_Update 					= 701; 

rpc/common/moc_common_computecommon.proto

@@ -122,6 +122,7 @@ enum VirtualMachineOperation {
 	START = 0;
 	STOP = 1;
 	RESET = 2;
+	REPAIR_GUEST_AGENT = 3;
 }
 
 enum VirtualMachineRunCommandExecutionState {

rpc/gen_proto.sh

@@ -118,12 +118,21 @@ protoc -I $Agent/$Module -I ./common $Agent/$Module/$ChildModule/moc_guestagent_
 
 Agent="mocguestagent"
 echo "Generating Protoc for $Agent"
+
+Module="admin"
+echo "Generating $Agent/$Module protoc"
+protoc -I $Agent/$Module/health -I ./common $Agent/$Module/health/moc_mocguestagent_health.proto --go_out=plugins=grpc:../bld/gen/
+
 Module="compute"
 echo "Generating $Module protoc"
 ChildModule="virtualmachine"
 echo "Generating $Module/$ChildModule protoc"
 protoc -I $Agent/$Module -I ./common $Agent/$Module/$ChildModule/moc_mocguestagent_${ChildModule}.proto --go_out=plugins=grpc:../bld/gen/
 
+Module="security"
+echo "Generating $Agent/$Module protoc"
+protoc -I $Agent/$Module/certificate -I ./common -I $Agent/$Module/certificate $Agent/$Module/certificate/moc_mocguestagent_certificate.proto --go_out=plugins=grpc:../bld/gen/
+
 ####
 
 Agent="cloudagent"

rpc/mocguestagent/admin/health/moc_mocguestagent_health.proto

@@ -0,0 +1,25 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the Apache v2.0 license.
+
+syntax = "proto3";
+option go_package = "github.com/microsoft/moc/rpc/mocguestagent/admin";
+package moc.mocguestagent.admin;
+
+import "google/protobuf/wrappers.proto";
+import "moc_common_common.proto";
+
+message HealthRequest{
+	uint32 timeoutSeconds = 1;
+}
+
+message HealthResponse {
+	google.protobuf.BoolValue Result = 1;
+	string  Error = 2;
+	HealthState State = 3;
+	google.protobuf.BoolValue CertificateNeedsRenewal = 4;
+}
+
+service HealthAgent {
+	rpc CheckHealth(HealthRequest) returns (HealthResponse) {}
+}
+

rpc/mocguestagent/security/certificate/moc_mocguestagent_certificate.proto

@@ -0,0 +1,53 @@
+// Copyright (c) Microsoft Corporation.
+// Licensed under the Apache v2.0 license.
+
+syntax = "proto3";
+option go_package = "github.com/microsoft/moc/rpc/mocguestagent/security";
+package moc.mocguestagent.security;
+import "google/protobuf/wrappers.proto";
+import "google/protobuf/empty.proto";
+import "moc_common_common.proto";
+
+message CertificateRequest {
+	repeated Certificate Certificates = 1;
+}
+
+message CertificateResponse {
+	google.protobuf.BoolValue Result = 1;
+	string Error = 2;
+}
+
+message Certificate {
+	string name = 1;
+	string id = 2;
+	int64 notBefore = 3; 
+	int64 notAfter = 4;
+	string certificate = 5 [(sensitive) = true];
+	Status status = 6;
+	Entity entity = 7;
+	Tags tags = 8;
+}
+
+message CSRRequest {
+	repeated CertificateSigningRequest CSRs = 1;
+}
+
+message CertificateSigningRequest {
+	string name = 1;
+	string csr = 2 [(sensitive) = true];
+	string oldCertificate = 3 [(sensitive) = true];
+	Status status = 4;
+	string caName = 5;
+	int64 validity = 6;
+}
+
+message RenewCSRResponse {
+	CertificateSigningRequest csr = 1;
+	google.protobuf.BoolValue Result = 2;
+	string Error = 3;
+}
+
+service CertificateAgent {
+	rpc GetRenewCSR(google.protobuf.Empty) returns (RenewCSRResponse) {}
+	rpc RotateCertificate(CertificateRequest) returns (CertificateResponse) {}
+}