Add and generate majordomo protos.

3 years ago · 64ce4e5c91
parent 9bfb1c2e7b
commit 64ce4e5c91
6 changed files with 3730 additions and 0 deletions
--- a/majordomo/doc.go
+++ b/majordomo/doc.go
@ -0,0 +1,3 @@
+package majordomo
+
+//go:generate protoc --proto_path=.. --go_out=.. --go-grpc_out=.. --go_opt=paths=source_relative --go-grpc_opt=paths=source_relative majordomo/provisioners.proto majordomo/majordomo.proto
--- a/majordomo/majordomo.pb.go
+++ b/majordomo/majordomo.pb.go
--- a/majordomo/majordomo.proto
+++ b/majordomo/majordomo.proto
@ -0,0 +1,102 @@
+syntax = "proto3";
+
+package majordomo;
+
+option go_package = "github.com/smallstep/certificates/majordomo";
+
+import "majordomo/provisioners.proto";
+
+// Majordomo is the public service used to sync configurations to CA's and post
+// certificates.
+service Majordomo {
+    // Login creates signs a given CSR and returns the certificate that will be
+    // used for authentication.
+    rpc Login(LoginRequest) returns (LoginResponse);
+
+    // GetConfiguration returns the full configuration of an authority.
+    rpc GetConfiguration(ConfigurationRequest) returns (ConfigurationResponse);
+    // StreamConfiguration streams the full configuration of an authority. This
+    // method is not yet supported.
+    rpc StreamConfiguration(ConfigurationRequest) returns (stream ConfigurationResponse);
+
+    // CreateProvisioner adds a new provisioner to the majordomo authority and
+    // returns the proto representation.
+    rpc CreateProvisioner(CreateProvisionerRequest) returns (Provisioner);
+    // DeleteProvisioner deletes a previously created provisioner.
+    rpc DeleteProvisioner(DeleteProvisionerRequest) returns (Provisioner);
+
+    // CreateAdministrator adds a new admin user to the majordomo authority.
+    // Admin users can add or delete provisioners.
+    rpc CreateAdministrator(CreateAdministratorRequest) returns (Administrator);
+    // DeleteAdministrator deletes a previously created admin user.
+    rpc DeleteAdministrator(DeleteAdministratorRequest) returns (Administrator);
+
+    // PostCertificate sends a signed X.509 certificate to majordomo.
+    rpc PostCertificate(CertificateRequest) returns (CertificateResponse);
+    // PostSSHCertificate sends a signed SSH certificate to majordomo.
+    rpc PostSSHCertificate(SSHCertificateRequest) returns (SSHCertificateResponse);
+    // RevokeCertificate marks an X.509 certificate as revoked.
+    rpc RevokeCertificate(TODO) returns (TODO);
+    // RevokeSSHCertificate marks an SSH certificate as revoked.
+    rpc RevokeSSHCertificate(TODO) returns (TODO);
+}
+
+message TODO {}
+
+message LoginRequest {
+    string authority_id = 1;
+    string username = 2;
+    string password = 3;
+    string pem_certificate_request = 4;
+}
+
+message LoginResponse {
+    string pem_certificate = 1;
+    string pem_certificate_chain = 2;
+}
+
+message ConfigurationRequest {
+    // todo
+}
+
+message ConfigurationResponse {
+    repeated Provisioner provisioners = 1;
+    repeated Administrator admins = 2;
+}
+
+message CreateProvisionerRequest {
+    Provisioner.Type type = 1;
+    string name = 2;
+    ProvisionerDetails details = 3;
+    Claims claims = 4;
+}
+
+message DeleteProvisionerRequest {
+    string id = 1;
+}
+
+message CreateAdministratorRequest {
+    string name = 1;
+    string provisioner_id = 2;
+    Administrator.Type type = 3;
+}
+
+message DeleteAdministratorRequest {
+    string id = 1;
+}
+message CertificateRequest {
+    string pem_certificate = 1;
+    string pem_certificate_chain = 2;
+}
+
+message CertificateResponse {
+    string id = 1;
+}
+
+message SSHCertificateRequest {
+    string certificate = 1;
+}
+
+message SSHCertificateResponse {
+    string id = 1;
+}
--- a/majordomo/majordomo_grpc.pb.go
+++ b/majordomo/majordomo_grpc.pb.go
@ -0,0 +1,519 @@
+// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
+
+package majordomo
+
+import (
+	context "context"
+	grpc "google.golang.org/grpc"
+	codes "google.golang.org/grpc/codes"
+	status "google.golang.org/grpc/status"
+)
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+// Requires gRPC-Go v1.32.0 or later.
+const _ = grpc.SupportPackageIsVersion7
+
+// MajordomoClient is the client API for Majordomo service.
+//
+// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
+type MajordomoClient interface {
+	// Login creates signs a given CSR and returns the certificate that will be
+	// used for authentication.
+	Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error)
+	// GetConfiguration returns the full configuration of an authority.
+	GetConfiguration(ctx context.Context, in *ConfigurationRequest, opts ...grpc.CallOption) (*ConfigurationResponse, error)
+	// StreamConfiguration streams the full configuration of an authority. This
+	// method is not yet supported.
+	StreamConfiguration(ctx context.Context, in *ConfigurationRequest, opts ...grpc.CallOption) (Majordomo_StreamConfigurationClient, error)
+	// CreateProvisioner adds a new provisioner to the majordomo authority and
+	// returns the proto representation.
+	CreateProvisioner(ctx context.Context, in *CreateProvisionerRequest, opts ...grpc.CallOption) (*Provisioner, error)
+	// DeleteProvisioner deletes a previously created provisioner.
+	DeleteProvisioner(ctx context.Context, in *DeleteProvisionerRequest, opts ...grpc.CallOption) (*Provisioner, error)
+	// CreateAdministrator adds a new admin user to the majordomo authority.
+	// Admin users can add or delete provisioners.
+	CreateAdministrator(ctx context.Context, in *CreateAdministratorRequest, opts ...grpc.CallOption) (*Administrator, error)
+	// DeleteAdministrator deletes a previously created admin user.
+	DeleteAdministrator(ctx context.Context, in *DeleteAdministratorRequest, opts ...grpc.CallOption) (*Administrator, error)
+	// PostCertificate sends a signed X.509 certificate to majordomo.
+	PostCertificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error)
+	// PostSSHCertificate sends a signed SSH certificate to majordomo.
+	PostSSHCertificate(ctx context.Context, in *SSHCertificateRequest, opts ...grpc.CallOption) (*SSHCertificateResponse, error)
+	// RevokeCertificate marks an X.509 certificate as revoked.
+	RevokeCertificate(ctx context.Context, in *TODO, opts ...grpc.CallOption) (*TODO, error)
+	// RevokeSSHCertificate marks an SSH certificate as revoked.
+	RevokeSSHCertificate(ctx context.Context, in *TODO, opts ...grpc.CallOption) (*TODO, error)
+}
+
+type majordomoClient struct {
+	cc grpc.ClientConnInterface
+}
+
+func NewMajordomoClient(cc grpc.ClientConnInterface) MajordomoClient {
+	return &majordomoClient{cc}
+}
+
+func (c *majordomoClient) Login(ctx context.Context, in *LoginRequest, opts ...grpc.CallOption) (*LoginResponse, error) {
+	out := new(LoginResponse)
+	err := c.cc.Invoke(ctx, "/majordomo.Majordomo/Login", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *majordomoClient) GetConfiguration(ctx context.Context, in *ConfigurationRequest, opts ...grpc.CallOption) (*ConfigurationResponse, error) {
+	out := new(ConfigurationResponse)
+	err := c.cc.Invoke(ctx, "/majordomo.Majordomo/GetConfiguration", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *majordomoClient) StreamConfiguration(ctx context.Context, in *ConfigurationRequest, opts ...grpc.CallOption) (Majordomo_StreamConfigurationClient, error) {
+	stream, err := c.cc.NewStream(ctx, &Majordomo_ServiceDesc.Streams[0], "/majordomo.Majordomo/StreamConfiguration", opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &majordomoStreamConfigurationClient{stream}
+	if err := x.ClientStream.SendMsg(in); err != nil {
+		return nil, err
+	}
+	if err := x.ClientStream.CloseSend(); err != nil {
+		return nil, err
+	}
+	return x, nil
+}
+
+type Majordomo_StreamConfigurationClient interface {
+	Recv() (*ConfigurationResponse, error)
+	grpc.ClientStream
+}
+
+type majordomoStreamConfigurationClient struct {
+	grpc.ClientStream
+}
+
+func (x *majordomoStreamConfigurationClient) Recv() (*ConfigurationResponse, error) {
+	m := new(ConfigurationResponse)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+func (c *majordomoClient) CreateProvisioner(ctx context.Context, in *CreateProvisionerRequest, opts ...grpc.CallOption) (*Provisioner, error) {
+	out := new(Provisioner)
+	err := c.cc.Invoke(ctx, "/majordomo.Majordomo/CreateProvisioner", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *majordomoClient) DeleteProvisioner(ctx context.Context, in *DeleteProvisionerRequest, opts ...grpc.CallOption) (*Provisioner, error) {
+	out := new(Provisioner)
+	err := c.cc.Invoke(ctx, "/majordomo.Majordomo/DeleteProvisioner", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *majordomoClient) CreateAdministrator(ctx context.Context, in *CreateAdministratorRequest, opts ...grpc.CallOption) (*Administrator, error) {
+	out := new(Administrator)
+	err := c.cc.Invoke(ctx, "/majordomo.Majordomo/CreateAdministrator", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *majordomoClient) DeleteAdministrator(ctx context.Context, in *DeleteAdministratorRequest, opts ...grpc.CallOption) (*Administrator, error) {
+	out := new(Administrator)
+	err := c.cc.Invoke(ctx, "/majordomo.Majordomo/DeleteAdministrator", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *majordomoClient) PostCertificate(ctx context.Context, in *CertificateRequest, opts ...grpc.CallOption) (*CertificateResponse, error) {
+	out := new(CertificateResponse)
+	err := c.cc.Invoke(ctx, "/majordomo.Majordomo/PostCertificate", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *majordomoClient) PostSSHCertificate(ctx context.Context, in *SSHCertificateRequest, opts ...grpc.CallOption) (*SSHCertificateResponse, error) {
+	out := new(SSHCertificateResponse)
+	err := c.cc.Invoke(ctx, "/majordomo.Majordomo/PostSSHCertificate", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *majordomoClient) RevokeCertificate(ctx context.Context, in *TODO, opts ...grpc.CallOption) (*TODO, error) {
+	out := new(TODO)
+	err := c.cc.Invoke(ctx, "/majordomo.Majordomo/RevokeCertificate", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+func (c *majordomoClient) RevokeSSHCertificate(ctx context.Context, in *TODO, opts ...grpc.CallOption) (*TODO, error) {
+	out := new(TODO)
+	err := c.cc.Invoke(ctx, "/majordomo.Majordomo/RevokeSSHCertificate", in, out, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// MajordomoServer is the server API for Majordomo service.
+// All implementations must embed UnimplementedMajordomoServer
+// for forward compatibility
+type MajordomoServer interface {
+	// Login creates signs a given CSR and returns the certificate that will be
+	// used for authentication.
+	Login(context.Context, *LoginRequest) (*LoginResponse, error)
+	// GetConfiguration returns the full configuration of an authority.
+	GetConfiguration(context.Context, *ConfigurationRequest) (*ConfigurationResponse, error)
+	// StreamConfiguration streams the full configuration of an authority. This
+	// method is not yet supported.
+	StreamConfiguration(*ConfigurationRequest, Majordomo_StreamConfigurationServer) error
+	// CreateProvisioner adds a new provisioner to the majordomo authority and
+	// returns the proto representation.
+	CreateProvisioner(context.Context, *CreateProvisionerRequest) (*Provisioner, error)
+	// DeleteProvisioner deletes a previously created provisioner.
+	DeleteProvisioner(context.Context, *DeleteProvisionerRequest) (*Provisioner, error)
+	// CreateAdministrator adds a new admin user to the majordomo authority.
+	// Admin users can add or delete provisioners.
+	CreateAdministrator(context.Context, *CreateAdministratorRequest) (*Administrator, error)
+	// DeleteAdministrator deletes a previously created admin user.
+	DeleteAdministrator(context.Context, *DeleteAdministratorRequest) (*Administrator, error)
+	// PostCertificate sends a signed X.509 certificate to majordomo.
+	PostCertificate(context.Context, *CertificateRequest) (*CertificateResponse, error)
+	// PostSSHCertificate sends a signed SSH certificate to majordomo.
+	PostSSHCertificate(context.Context, *SSHCertificateRequest) (*SSHCertificateResponse, error)
+	// RevokeCertificate marks an X.509 certificate as revoked.
+	RevokeCertificate(context.Context, *TODO) (*TODO, error)
+	// RevokeSSHCertificate marks an SSH certificate as revoked.
+	RevokeSSHCertificate(context.Context, *TODO) (*TODO, error)
+	mustEmbedUnimplementedMajordomoServer()
+}
+
+// UnimplementedMajordomoServer must be embedded to have forward compatible implementations.
+type UnimplementedMajordomoServer struct {
+}
+
+func (UnimplementedMajordomoServer) Login(context.Context, *LoginRequest) (*LoginResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method Login not implemented")
+}
+func (UnimplementedMajordomoServer) GetConfiguration(context.Context, *ConfigurationRequest) (*ConfigurationResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method GetConfiguration not implemented")
+}
+func (UnimplementedMajordomoServer) StreamConfiguration(*ConfigurationRequest, Majordomo_StreamConfigurationServer) error {
+	return status.Errorf(codes.Unimplemented, "method StreamConfiguration not implemented")
+}
+func (UnimplementedMajordomoServer) CreateProvisioner(context.Context, *CreateProvisionerRequest) (*Provisioner, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateProvisioner not implemented")
+}
+func (UnimplementedMajordomoServer) DeleteProvisioner(context.Context, *DeleteProvisionerRequest) (*Provisioner, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteProvisioner not implemented")
+}
+func (UnimplementedMajordomoServer) CreateAdministrator(context.Context, *CreateAdministratorRequest) (*Administrator, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method CreateAdministrator not implemented")
+}
+func (UnimplementedMajordomoServer) DeleteAdministrator(context.Context, *DeleteAdministratorRequest) (*Administrator, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method DeleteAdministrator not implemented")
+}
+func (UnimplementedMajordomoServer) PostCertificate(context.Context, *CertificateRequest) (*CertificateResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method PostCertificate not implemented")
+}
+func (UnimplementedMajordomoServer) PostSSHCertificate(context.Context, *SSHCertificateRequest) (*SSHCertificateResponse, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method PostSSHCertificate not implemented")
+}
+func (UnimplementedMajordomoServer) RevokeCertificate(context.Context, *TODO) (*TODO, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method RevokeCertificate not implemented")
+}
+func (UnimplementedMajordomoServer) RevokeSSHCertificate(context.Context, *TODO) (*TODO, error) {
+	return nil, status.Errorf(codes.Unimplemented, "method RevokeSSHCertificate not implemented")
+}
+func (UnimplementedMajordomoServer) mustEmbedUnimplementedMajordomoServer() {}
+
+// UnsafeMajordomoServer may be embedded to opt out of forward compatibility for this service.
+// Use of this interface is not recommended, as added methods to MajordomoServer will
+// result in compilation errors.
+type UnsafeMajordomoServer interface {
+	mustEmbedUnimplementedMajordomoServer()
+}
+
+func RegisterMajordomoServer(s grpc.ServiceRegistrar, srv MajordomoServer) {
+	s.RegisterService(&Majordomo_ServiceDesc, srv)
+}
+
+func _Majordomo_Login_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(LoginRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(MajordomoServer).Login(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/majordomo.Majordomo/Login",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(MajordomoServer).Login(ctx, req.(*LoginRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Majordomo_GetConfiguration_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(ConfigurationRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(MajordomoServer).GetConfiguration(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/majordomo.Majordomo/GetConfiguration",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(MajordomoServer).GetConfiguration(ctx, req.(*ConfigurationRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Majordomo_StreamConfiguration_Handler(srv interface{}, stream grpc.ServerStream) error {
+	m := new(ConfigurationRequest)
+	if err := stream.RecvMsg(m); err != nil {
+		return err
+	}
+	return srv.(MajordomoServer).StreamConfiguration(m, &majordomoStreamConfigurationServer{stream})
+}
+
+type Majordomo_StreamConfigurationServer interface {
+	Send(*ConfigurationResponse) error
+	grpc.ServerStream
+}
+
+type majordomoStreamConfigurationServer struct {
+	grpc.ServerStream
+}
+
+func (x *majordomoStreamConfigurationServer) Send(m *ConfigurationResponse) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+func _Majordomo_CreateProvisioner_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateProvisionerRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(MajordomoServer).CreateProvisioner(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/majordomo.Majordomo/CreateProvisioner",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(MajordomoServer).CreateProvisioner(ctx, req.(*CreateProvisionerRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Majordomo_DeleteProvisioner_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteProvisionerRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(MajordomoServer).DeleteProvisioner(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/majordomo.Majordomo/DeleteProvisioner",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(MajordomoServer).DeleteProvisioner(ctx, req.(*DeleteProvisionerRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Majordomo_CreateAdministrator_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CreateAdministratorRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(MajordomoServer).CreateAdministrator(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/majordomo.Majordomo/CreateAdministrator",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(MajordomoServer).CreateAdministrator(ctx, req.(*CreateAdministratorRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Majordomo_DeleteAdministrator_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(DeleteAdministratorRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(MajordomoServer).DeleteAdministrator(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/majordomo.Majordomo/DeleteAdministrator",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(MajordomoServer).DeleteAdministrator(ctx, req.(*DeleteAdministratorRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Majordomo_PostCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(CertificateRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(MajordomoServer).PostCertificate(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/majordomo.Majordomo/PostCertificate",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(MajordomoServer).PostCertificate(ctx, req.(*CertificateRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Majordomo_PostSSHCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(SSHCertificateRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(MajordomoServer).PostSSHCertificate(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/majordomo.Majordomo/PostSSHCertificate",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(MajordomoServer).PostSSHCertificate(ctx, req.(*SSHCertificateRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Majordomo_RevokeCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(TODO)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(MajordomoServer).RevokeCertificate(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/majordomo.Majordomo/RevokeCertificate",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(MajordomoServer).RevokeCertificate(ctx, req.(*TODO))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+func _Majordomo_RevokeSSHCertificate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(TODO)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(MajordomoServer).RevokeSSHCertificate(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/majordomo.Majordomo/RevokeSSHCertificate",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(MajordomoServer).RevokeSSHCertificate(ctx, req.(*TODO))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+// Majordomo_ServiceDesc is the grpc.ServiceDesc for Majordomo service.
+// It's only intended for direct use with grpc.RegisterService,
+// and not to be introspected or modified (even as a copy)
+var Majordomo_ServiceDesc = grpc.ServiceDesc{
+	ServiceName: "majordomo.Majordomo",
+	HandlerType: (*MajordomoServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "Login",
+			Handler:    _Majordomo_Login_Handler,
+		},
+		{
+			MethodName: "GetConfiguration",
+			Handler:    _Majordomo_GetConfiguration_Handler,
+		},
+		{
+			MethodName: "CreateProvisioner",
+			Handler:    _Majordomo_CreateProvisioner_Handler,
+		},
+		{
+			MethodName: "DeleteProvisioner",
+			Handler:    _Majordomo_DeleteProvisioner_Handler,
+		},
+		{
+			MethodName: "CreateAdministrator",
+			Handler:    _Majordomo_CreateAdministrator_Handler,
+		},
+		{
+			MethodName: "DeleteAdministrator",
+			Handler:    _Majordomo_DeleteAdministrator_Handler,
+		},
+		{
+			MethodName: "PostCertificate",
+			Handler:    _Majordomo_PostCertificate_Handler,
+		},
+		{
+			MethodName: "PostSSHCertificate",
+			Handler:    _Majordomo_PostSSHCertificate_Handler,
+		},
+		{
+			MethodName: "RevokeCertificate",
+			Handler:    _Majordomo_RevokeCertificate_Handler,
+		},
+		{
+			MethodName: "RevokeSSHCertificate",
+			Handler:    _Majordomo_RevokeSSHCertificate_Handler,
+		},
+	},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "StreamConfiguration",
+			Handler:       _Majordomo_StreamConfiguration_Handler,
+			ServerStreams: true,
+		},
+	},
+	Metadata: "majordomo/majordomo.proto",
+}
--- a/majordomo/provisioners.pb.go
+++ b/majordomo/provisioners.pb.go
--- a/majordomo/provisioners.proto
+++ b/majordomo/provisioners.proto
@ -0,0 +1,137 @@
+syntax = "proto3";
+
+package majordomo;
+
+option go_package = "github.com/smallstep/certificates/majordomo";
+
+message Administrator {
+    enum Type {
+        UNKNOWN = 0;
+        ADMIN = 1;
+        SUPER_ADMIN = 2;
+    }
+    string id = 1;
+    string authority_id = 2;
+    string subject = 3;
+    string provisioner_id = 4;
+    Type type = 5;
+}
+
+message Provisioner {
+    enum Type {
+        NOOP = 0;
+        JWK = 1;
+        OIDC = 2;
+        GCP = 3;
+        AWS = 4;
+        AZURE = 5;
+        ACME = 6;
+        X5C = 7;
+        K8SSA = 8;
+        SSHPOP = 9;
+    }
+    string id = 1;
+    string authority_id = 2;
+    Type type = 3;
+    string name = 4;
+    ProvisionerDetails details = 5;
+    Claims claims = 6;
+    bytes x509_template = 7;
+    bytes x509_template_data = 8;
+    bytes ssh_template = 9;
+    bytes ssh_template_data = 10;
+}
+
+message ProvisionerDetails {
+	oneof data {
+		JWKProvisioner JWK = 20;
+		OIDCProvisioner OIDC = 21;
+		GCPProvisioner GCP = 22;
+		AWSProvisioner AWS = 23;
+		AzureProvisioner Azure = 24;
+		ACMEProvisioner ACME = 25;
+		X5CProvisioner X5C = 26;
+		K8sSAProvisioner K8sSA = 27;
+		SSHPOPProvisioner SSHPOP = 28;
+	}
+}
+
+message ProvisionerList {
+    repeated Provisioner provisioners = 1;
+}
+
+message Claims {
+    X509Claims x509 = 1;
+    SSHClaims ssh = 2;
+    bool disable_renewal = 3;
+}
+
+message X509Claims {
+    bool enabled = 1;
+    Durations durations = 2;
+}
+
+message SSHClaims {
+    bool enabled = 1;
+    Durations user_durations = 2;
+    Durations host_durations = 3;
+}
+
+message Durations {
+    string default = 1;
+    string min = 2;
+    string max = 3;
+}
+
+message JWKProvisioner {
+    bytes public_key = 1;
+    bytes encrypted_private_key = 2;
+}
+
+message OIDCProvisioner {
+    string client_id = 1;
+    string client_secret = 2;
+    string configuration_endpoint = 3;
+    repeated string admins = 4;
+    repeated string domains = 5;
+    repeated string groups = 6;
+    string listen_address = 7;
+    string tenant_id = 8;
+}
+
+message GCPProvisioner {
+    repeated string service_accounts = 1;
+    repeated string project_ids = 2;
+    bool disable_custom_sans = 3;
+    bool disable_trust_on_first_use = 4;
+    string instance_age = 5;
+}
+
+message AWSProvisioner {
+    repeated string accounts = 1;
+    bool disable_custom_sans = 2;
+    bool disable_trust_on_first_use = 3;
+    string instance_age = 4;
+}
+
+message AzureProvisioner {
+    string tenant_id = 1;
+    repeated string resource_groups = 2;
+    string audience = 3;
+    bool disable_custom_sans = 4;
+    bool disable_trust_on_first_use = 5;
+}
+
+message ACMEProvisioner {
+    bool force_cn = 1;
+}
+
+message X5CProvisioner {
+    repeated bytes roots = 1;
+}
+
+message K8sSAProvisioner {
+    repeated bytes public_keys = 1;
+}
+
+message SSHPOPProvisioner {}