DataChannelNegotiation is the message for communicating data channels to nodes.
| Field | Type | Label | Description |
| proto | string | Proto is the protocol of the traffic. |
|
| src | string | Src is the address of the client that initiated the request. |
|
| dst | string | Dst is the destination address of the traffic. |
|
| port | uint32 | Port is the destination port of the traffic. |
|
| offer | string | Offer is the offer for the node to use as its local description. |
|
| answer | string | Answer is the answer for the node to use as its remote description. |
|
| candidate | string | Candidate is an ICE candidate. |
|
| stunServers | string | repeated | StunServers is the list of STUN servers to use. |
FeaturePort describes a feature and the port it is advertised on.
| Field | Type | Label | Description |
| feature | Feature | Feature is the feature advertised on the port. |
|
| port | int32 | Port is the port the feature is advertised on. |
GetStatusRequest is a request to get the status of a node.
| Field | Type | Label | Description |
| id | string | ID is the ID of the node. If unset, the status of the local node is returned. |
InterfaceMetrics is the metrics for the WireGuard interface on a node.
| Field | Type | Label | Description |
| deviceName | string | DeviceName is the name of the device. |
|
| publicKey | string | PublicKey is the public key of the node. |
|
| addressV4 | string | AddressV4 is the IPv4 address of the node. |
|
| addressV6 | string | AddressV6 is the IPv6 address of the node. |
|
| type | string | Type is the type of interface being used for wireguard. |
|
| listenPort | int32 | ListenPort is the port wireguard is listening on. |
|
| totalReceiveBytes | uint64 | TotalReceiveBytes is the total number of bytes received. |
|
| totalTransmitBytes | uint64 | TotalTransmitBytes is the total number of bytes transmitted. |
|
| numPeers | int32 | NumPeers is the number of peers connected to the node. |
|
| peers | PeerMetrics | repeated | Peers are the per-peer statistics. |
MeshNode is a node that has been registered with the mesh.
| Field | Type | Label | Description |
| id | string | ID is the ID of the node. |
|
| publicKey | string | PublicKey is the public key of the node. |
|
| primaryEndpoint | string | PrimaryEndpoint is the primary endpoint of the node. |
|
| wireguardEndpoints | string | repeated | WireguardEndpoints is a list of WireGuard endpoints for the node. |
| zoneAwarenessID | string | ZoneAwarenessID is the zone awareness ID of the node. |
|
| privateIPv4 | string | PrivateIPv4 is the private IPv4 address of the node. |
|
| privateIPv6 | string | PrivateIPv6 is the private IPv6 address of the node. |
|
| features | FeaturePort | repeated | Features are a list of features and the ports they are advertised on. |
| multiaddrs | string | repeated | Multiaddrs are the multiaddrs of the node. |
| joinedAt | google.protobuf.Timestamp | JoinedAt is the time the node joined the cluster. |
NodeList is a list of nodes.
| Field | Type | Label | Description |
| nodes | MeshNode | repeated | Nodes is the list of nodes. |
PeerMetrics are the metrics for a node's peer.
| Field | Type | Label | Description |
| publicKey | string | PublicKey is the public key of the peer. |
|
| endpoint | string | Endpoint is the connected endpoint of the peer. |
|
| persistentKeepAlive | string | PersistentKeepAlive is the persistent keep alive interval for the peer. |
|
| lastHandshakeTime | string | LastHandshakeTime is the last handshake time for the peer. |
|
| allowedIPs | string | repeated | AllowedIPs is the list of allowed IPs for the peer. |
| protocolVersion | int64 | ProtocolVersion is the version of the wireguard protocol negotiated with the peer. |
|
| receiveBytes | uint64 | ReceiveBytes is the bytes received from the peer. |
|
| transmitBytes | uint64 | TransmitBytes is the bytes transmitted to the peer. |
Status represents the status of a node.
| Field | Type | Label | Description |
| id | string | ID is the ID of the node. |
|
| description | string | Description is an optional description provided by the node. |
|
| version | string | Version is the version of the node. |
|
| gitCommit | string | GitCommit is the git commit of the node. |
|
| buildDate | string | BuildDate is the build date of the node. |
|
| uptime | string | Uptime is the uptime of the node. |
|
| startedAt | google.protobuf.Timestamp | StartedAt is the time the node started. |
|
| features | FeaturePort | repeated | Features is the list of features currently enabled. |
| clusterStatus | ClusterStatus | ClusterStatus is the status of the node in the cluster. |
|
| currentLeader | string | CurrentLeader is the current leader of the cluster. |
|
| interfaceMetrics | InterfaceMetrics | InterfaceMetrics are the metrics for the node's interfaces. |
WebRTCSignal is a signal sent to a remote peer over the WebRTC API.
| Field | Type | Label | Description |
| nodeID | string | NodeID is the ID of the node to send the signal to. This is set by the original sender. On the node that receives the ReceiveSignalChannel request, this will be set to the ID of the node that sent the request. |
|
| candidate | string | Candidate is an ICE candidate. |
|
| description | string | Description is a session description. |
ClusterStatus is the status of the node in the cluster.
| Name | Number | Description |
| CLUSTER_STATUS_UNKNOWN | 0 | CLUSTER_STATUS_UNKNOWN is the default status. |
| CLUSTER_LEADER | 1 | CLUSTER_LEADER is the status for the leader node. |
| CLUSTER_VOTER | 2 | CLUSTER_VOTER is the status for a voter node. |
| CLUSTER_OBSERVER | 3 | CLUSTER_OBSERVER is the status for a non-voter node. |
| CLUSTER_NODE | 4 | CLUSTER_NODE is the status of a node that is not a part of the storage consensus. |
DataChannel are the data channels used when communicating over ICE
with a node.
| Name | Number | Description |
| CHANNELS | 0 | CHANNELS is the data channel used for negotiating new channels. This is the first channel that is opened. The ID of the channel should be 0. |
| CONNECTIONS | 1 | CONNECTIONS is the data channel used for negotiating new connections. This is a channel that is opened for each incoming connection from a client. The ID should start at 0 and be incremented for each new connection. |
EdgeAttribute are pre-defined edge attributes. They should
be used as their string values.
| Name | Number | Description |
| EDGE_ATTRIBUTE_UNKNOWN | 0 | EDGE_ATTRIBUTE_UNKNOWN is an unknown edge attribute. |
| EDGE_ATTRIBUTE_NATIVE | 1 | EDGE_ATTRIBUTE_NATIVE is a native edge attribute. |
| EDGE_ATTRIBUTE_ICE | 2 | EDGE_ATTRIBUTE_ICE is an ICE edge attribute. |
| EDGE_ATTRIBUTE_LIBP2P | 3 | EDGE_ATTRIBUTE_LIBP2P is a libp2p edge attribute. |
Feature is a list of features supported by a node.
| Name | Number | Description |
| FEATURE_NONE | 0 | FEATURE_NONE is the default feature set. |
| NODES | 1 | NODES is the feature for nodes. This is always supported. |
| LEADER_PROXY | 2 | LEADER_PROXY is the feature for leader proxying. |
| MESH_API | 3 | MESH_API is the feature for the mesh API. This will be deprecated in favor of the MEMBERSHIP feature. |
| ADMIN_API | 4 | ADMIN_API is the feature for the admin API. |
| MEMBERSHIP | 5 | MEMBERSHIP is the feature for membership. This is always supported on storage-providing members. |
| METRICS | 6 | METRICS is the feature for exposing metrics. |
| ICE_NEGOTIATION | 7 | ICE_NEGOTIATION is the feature for ICE negotiation. |
| TURN_SERVER | 8 | TURN_SERVER is the feature for TURN server. |
| MESH_DNS | 9 | MESH_DNS is the feature for mesh DNS. |
| FORWARD_MESH_DNS | 10 | FORWARD_MESH_DNS is the feature for forwarding mesh DNS lookups to other meshes. |
| STORAGE_QUERIER | 11 | STORAGE_QUERIER is the feature for querying, publishing, and subscribing to mesh state. |
| STORAGE_PROVIDER | 12 | STORAGE_PROVIDER is the feature for being able to provide distributed storage. |
| REGISTRAR | 13 | REGISTRAR is the feature for being able to register aliases to node IDs and/or public keys. |
Node is the service exposed on every node in the mesh to communicate network
information amongst themselves and facilitate inbound/outbound connections.
| Method Name | Request Type | Response Type | Description |
| GetStatus | GetStatusRequest | Status | GetStatus gets the status of a node in the cluster. If the node is not able to return the status of the ID requested, it should return an error. |
| NegotiateDataChannel | DataChannelNegotiation stream | DataChannelNegotiation stream | NegotiateDataChannel is used to negotiate a WebRTC connection between a webmesh client and a node in the cluster. The handling server will send the target node the source address, the destination for traffic, and STUN/TURN servers to use for the negotiation. The node responds with an offer to be forwarded to the client. When the handler receives an answer from the client, it forwards it to the node. Once the node receives the answer, the stream can optionally be used to exchange ICE candidates. |
| ReceiveSignalChannel | WebRTCSignal stream | WebRTCSignal stream | ReceiveSignalChannel is used to receive a request to start a WebRTC connection between a remote node and this node. The node should wait for the client to send an offer, and then respond with an answer. Once the node receives the answer, the stream can optionally be used to exchange ICE candidates. |
GetNodeRequest is a request to get a node.
| Field | Type | Label | Description |
| id | string | ID is the ID of the node. |
MeshEdge is an edge between two nodes.
| Field | Type | Label | Description |
| source | string | Source is the source node. |
|
| target | string | Target is the target node. |
|
| weight | int32 | Weight is the weight of the edge. |
|
| attributes | MeshEdge.AttributesEntry | repeated | Attributes is a list of attributes for the edge. |
| Field | Type | Label | Description |
| key | string |
|
|
| value | string |
|
MeshEdges is a list of edges.
| Field | Type | Label | Description |
| items | MeshEdge | repeated | Items is the list of edges. |
MeshGraph is a graph of nodes.
| Field | Type | Label | Description |
| nodes | string | repeated | Nodes is the list of nodes. |
| edges | MeshEdge | repeated | Edges is the list of edges. |
| dot | string | DOT is the DOT representation of the graph. |
Mesh is a service that can optionally be exposed by a node. It provides methods for
interfacing with the webmesh from the outside.
| Method Name | Request Type | Response Type | Description |
| GetNode | GetNodeRequest | MeshNode | GetNode gets a node by ID. |
| ListNodes | .google.protobuf.Empty | NodeList | ListNodes lists all nodes. |
| GetMeshGraph | .google.protobuf.Empty | MeshGraph | GetMeshGraph fetches the mesh graph. It returns a list of nodes, edges, and a rendering in the dot format. |
NetworkACL is a network ACL.
| Field | Type | Label | Description |
| name | string | Name is the name of the ACL. |
|
| priority | int32 | Priority is the priority of the ACL. ACLs with higher priority are evaluated first. |
|
| action | ACLAction | Action is the action to take when a request matches the ACL. |
|
| sourceNodes | string | repeated | SourceNodes is a list of source nodes to match against. If empty, all nodes are matched. Groups can be specified with the prefix "group:". If one or more of the nodes is '*', all nodes are matched. |
| destinationNodes | string | repeated | DestinationNodes is a list of destination nodes to match against. If empty, all nodes are matched. Groups can be specified with the prefix "group:". If one or more of the nodes is '*', all nodes are matched. |
| sourceCIDRs | string | repeated | SourceCIDRs is a list of source CIDRs to match against. If empty, all CIDRs are matched. If one or more of the CIDRs is '*', all CIDRs are matched. |
| destinationCIDRs | string | repeated | DestinationCIDRs is a list of destination CIDRs to match against. If empty, all CIDRs are matched. If one or more of the CIDRs is '*', all CIDRs are matched. |
NetworkACLs is a list of network ACLs.
| Field | Type | Label | Description |
| items | NetworkACL | repeated | Items is the list of network ACLs. |
NetworkAction is an action that can be performed on a network resource. It is used
by implementations to evaluate network ACLs.
| Field | Type | Label | Description |
| srcNode | string | SrcNode is the source node of the action. |
|
| srcCIDR | string | SrcCIDR is the source CIDR of the action. |
|
| dstNode | string | DstNode is the destination node of the action. |
|
| dstCIDR | string | DstCIDR is the destination CIDR of the action. |
Route is a route that is broadcasted by one or more nodes.
| Field | Type | Label | Description |
| name | string | Name is the name of the route. |
|
| node | string | Node is the node that broadcasts the route. A group can be specified with the prefix "group:". |
|
| destinationCIDRs | string | repeated | DestinationCIDRs are the destination CIDRs of the route. |
| nextHopNode | string | NextHopNode is an optional node that is used as the next hop for the route. This field is not currentl used. |
Routes is a list of routes.
| Field | Type | Label | Description |
| items | Route | repeated | Items is the list of routes. |
ACLAction is the action to take when a request matches an ACL.
| Name | Number | Description |
| ACTION_UNKNOWN | 0 | ACTION_UNKNOWN is the default action for ACLs. It is synonymous with ACTION_DENY. |
| ACTION_ACCEPT | 1 | ACTION_ACCEPT allows the request to proceed. |
| ACTION_DENY | 2 | ACTION_DENY denies the request. |
Group is a group of subjects.
| Field | Type | Label | Description |
| name | string | Name is the name of the group. |
|
| subjects | Subject | repeated | Subjects is the list of subjects in the group. |
Groups is a list of groups.
| Field | Type | Label | Description |
| items | Group | repeated | Items is the list of groups. |
RBACAction is an action that can be performed on a resource. It is used by implementations
to evaluate rules.
| Field | Type | Label | Description |
| resource | RuleResource | Resource is the resource on which the action is performed. |
|
| resourceName | string | ResourceName is the name of the resource on which the action is performed. |
|
| verb | RuleVerb | Verb is the verb that is performed on the resource. |
Role is a role that can be assigned to a subject.
| Field | Type | Label | Description |
| name | string | Name is the name of the role. |
|
| rules | Rule | repeated | Rules is the list of rules that apply to the role. |
RoleBinding is a binding of a role to one or more subjects.
| Field | Type | Label | Description |
| name | string | Name is the name of the role binding. |
|
| role | string | Role is the name of the role to which the binding applies. |
|
| subjects | Subject | repeated | Subjects is the list of subjects to which the binding applies. |
RoleBindings is a list of role bindings.
| Field | Type | Label | Description |
| items | RoleBinding | repeated | Items is the list of role bindings. |
Roles is a list of roles.
| Field | Type | Label | Description |
| items | Role | repeated | Items is the list of roles. |
Rule is a rule that applies to a resource.
| Field | Type | Label | Description |
| resources | RuleResource | repeated | Resources is the resources to which the rule applies. |
| resourceNames | string | repeated | ResourceNames is the list of resource names to which the rule applies. |
| verbs | RuleVerb | repeated | Verbs is the list of verbs that apply to the resource. |
Subject is a subject to which a role can be bound.
| Field | Type | Label | Description |
| name | string | Name is the name of the subject. |
|
| type | SubjectType | Type is the type of the subject. |
RuleResource is the resource type for a rule.
| Name | Number | Description |
| RESOURCE_UNKNOWN | 0 | RESOURCE_UNKNOWN is an unknown resource. |
| RESOURCE_VOTES | 1 | RESOURCE_VOTES is the resource for voting in storage elections. The only verb evaluated for this resource is PUT. |
| RESOURCE_ROLES | 2 | RESOURCE_ROLES is the resource for managing roles. |
| RESOURCE_ROLE_BINDINGS | 3 | RESOURCE_ROLE_BINDINGS is the resource for managing role bindings. |
| RESOURCE_GROUPS | 4 | RESOURCE_GROUPS is the resource for managing groups. |
| RESOURCE_NETWORK_ACLS | 5 | RESOURCE_NETWORK_ACLS is the resource for managing network ACLs. |
| RESOURCE_ROUTES | 6 | RESOURCE_ROUTES is the resource for managing routes. |
| RESOURCE_DATA_CHANNELS | 7 | RESOURCE_DATA_CHANNELS is the resource for creating data channels. |
| RESOURCE_EDGES | 8 | RESOURCE_EDGES is the resource for managing edges between nodes. |
| RESOURCE_OBSERVERS | 9 | RESOURCE_OBSERVERS is the resource for managing observers. The only verb evaluated for this resource is PUT. |
| RESOURCE_PUBSUB | 10 | RESOURCE_PUBSUB is the resource for managing pubsub topics. |
| RESOURCE_ALL | 999 | RESOURCE_ALL is a wildcard resource that matches all resources. |
RuleVerb is the verb type for a rule.
| Name | Number | Description |
| VERB_UNKNOWN | 0 | VERB_UNKNOWN is an unknown verb. |
| VERB_PUT | 1 | VERB_PUT is the verb for creating or updating a resource. |
| VERB_GET | 2 | VERB_GET is the verb for getting a resource. |
| VERB_DELETE | 3 | VERB_DELETE is the verb for deleting a resource. |
| VERB_ALL | 999 | VERB_ALL is a wildcard verb that matches all verbs. |
SubjectType is the type of a subject.
| Name | Number | Description |
| SUBJECT_UNKNOWN | 0 | SUBJECT_UNKNOWN is an unknown subject type. |
| SUBJECT_NODE | 1 | SUBJECT_NODE is a subject type for a node. |
| SUBJECT_USER | 2 | SUBJECT_USER is a subject type for a user. |
| SUBJECT_GROUP | 3 | SUBJECT_GROUP is a subject type for a group. |
| SUBJECT_ALL | 999 | SUBJECT_ALL is a wildcard subject type that matches all subject types. It can be used with a subject named '*' to match all subjects. |
Admin is the service that provides cluster admin operations. Most methods
require the leader to be contacted.
| Method Name | Request Type | Response Type | Description |
| PutRole | Role | .google.protobuf.Empty | PutRole creates or updates a role. |
| DeleteRole | Role | .google.protobuf.Empty | DeleteRole deletes a role. |
| GetRole | Role | Role | GetRole gets a role. |
| ListRoles | .google.protobuf.Empty | Roles | ListRoles gets all roles. |
| PutRoleBinding | RoleBinding | .google.protobuf.Empty | PutRoleBinding creates or updates a role binding. |
| DeleteRoleBinding | RoleBinding | .google.protobuf.Empty | DeleteRoleBinding deletes a role binding. |
| GetRoleBinding | RoleBinding | RoleBinding | GetRoleBinding gets a role binding. |
| ListRoleBindings | .google.protobuf.Empty | RoleBindings | ListRoleBindings gets all role bindings. |
| PutGroup | Group | .google.protobuf.Empty | PutGroup creates or updates a group. |
| DeleteGroup | Group | .google.protobuf.Empty | DeleteGroup deletes a group. |
| GetGroup | Group | Group | GetGroup gets a group. |
| ListGroups | .google.protobuf.Empty | Groups | ListGroups gets all groups. |
| PutNetworkACL | NetworkACL | .google.protobuf.Empty | PutNetworkACL creates or updates a network ACL. |
| DeleteNetworkACL | NetworkACL | .google.protobuf.Empty | DeleteNetworkACL deletes a network ACL. |
| GetNetworkACL | NetworkACL | NetworkACL | GetNetworkACL gets a network ACL. |
| ListNetworkACLs | .google.protobuf.Empty | NetworkACLs | ListNetworkACLs gets all network ACLs. |
| PutRoute | Route | .google.protobuf.Empty | PutRoute creates or updates a route. |
| DeleteRoute | Route | .google.protobuf.Empty | DeleteRoute deletes a route. |
| GetRoute | Route | Route | GetRoute gets a route. |
| ListRoutes | .google.protobuf.Empty | Routes | ListRoutes gets all routes. |
| PutEdge | MeshEdge | .google.protobuf.Empty | PutEdge creates or updates an edge between two nodes. |
| DeleteEdge | MeshEdge | .google.protobuf.Empty | DeleteEdge deletes an edge between two nodes. |
| GetEdge | MeshEdge | MeshEdge | GetEdge gets an edge between two nodes. |
| ListEdges | .google.protobuf.Empty | MeshEdges | ListEdges gets all current edges. |
NetworkState represents the full network state as returned by
a network state query.
| Field | Type | Label | Description |
| networkV4 | string |
|
|
| networkV6 | string |
|
|
| domain | string |
|
PublishRequest is sent by the application to the node to publish events.
This currently only supports database events.
| Field | Type | Label | Description |
| key | bytes | Key is the key of the event. |
|
| value | bytes | Value is the value of the event. This will be the raw value of the key. |
|
| ttl | google.protobuf.Duration | TTL is the time for the event to live in the database. |
PublishResponse is the response to a publish request. This is currently
empty.
QueryRequest is sent by the application to the node to query the mesh for
information.
| Field | Type | Label | Description |
| command | QueryRequest.QueryCommand | Command is the command of the query. |
|
| type | QueryRequest.QueryType | Type is the type of resource for the query. |
|
| query | string | Query is the string of the query. This follows the format of a comma-separted label selector and is only applicable for certain queries. For get queries this will usually be an ID. For list queries this will usually be one or more filters. On put or delete queries, this should be an ID. |
|
| item | bytes | Item is an item to put. This is only applicable for PUT queries. It should be a protobuf-JSON encoded object of the given query type. |
QueryResponse is the message containing a mesh query result.
| Field | Type | Label | Description |
| items | bytes | repeated | Items contain the results of the query. These will be protobuf json-encoded objects of the given query type. |
| error | string | Error is an error that happened during the query. This will always be populated on errors, but single-flight queries will return a coded error instead. |
SubscribeRequest is sent by the application to the node to subscribe to
events. This currently only supports database events.
| Field | Type | Label | Description |
| prefix | bytes | Prefix is the prefix of the events to subscribe to. |
SubscriptionEvent is a message containing a subscription event.
| Field | Type | Label | Description |
| key | bytes | Key is the key of the event. |
|
| value | bytes | Value is the value of the event. This will be the raw value of the key. |
QueryCommand is the type of the query.
| Name | Number | Description |
| GET | 0 | GET is the command to get a value. |
| LIST | 1 | LIST is the command to list keys with an optional prefix. |
| PUT | 2 | PUT is the command to put a value. |
| DELETE | 3 | DELETE is the command to delete a value. |
QueryType is the type of object being queried.
| Name | Number | Description |
| VALUE | 0 | VALUE represents a raw value query at a supplied key. |
| KEYS | 1 | KEYS is the type for querying keys. |
| PEERS | 2 | PEERS is the type for querying peers. |
| EDGES | 3 | EDGES is the type for querying edges. |
| ROUTES | 4 | ROUTES is the type for querying routes. |
| ACLS | 5 | ACLS is the type for querying ACLs. |
| ROLES | 6 | ROLES is the type for querying roles. |
| ROLEBINDINGS | 7 | ROLEBINDINGS is the type for querying role bindings. |
| GROUPS | 8 | GROUPS is the type for querying groups. |
| NETWORK_STATE | 9 | NETWORK_STATE is the type for querying network configuration. |
| RBAC_STATE | 10 | RBAC_STATE is the type for querying RBAC configuration. This will return a single item of true or false. |
StorageQueryService is the service for querying information about the mesh state.
| Method Name | Request Type | Response Type | Description |
| Query | QueryRequest | QueryResponse | Query is used to query the mesh for information. |
| Publish | PublishRequest | PublishResponse | Publish is used to publish events to the mesh database. A restricted set of keys are allowed to be published to. This is only available on nodes that are able to provide storage. |
| Subscribe | SubscribeRequest | SubscriptionEvent stream | Subscribe is used to subscribe to events at a particular prefix. This is only available on nodes that are able to provide storage. |
AppQueryRequest is sent by the application to a daemon to query a mesh's storage.
| Field | Type | Label | Description |
| id | string | ID is the unique identifier of this connection. |
|
| query | QueryRequest | Query is the query to execute. |
ConnectRequest is sent by an application to a daemon to connect to a mesh.
| Field | Type | Label | Description |
| id | string | ID is the unique identifier of the connection. |
ConnectResponse is returned by the Connect RPC.
| Field | Type | Label | Description |
| id | string | ID is the unique identifier of this connection. |
|
| nodeID | string | Node id is the unique identifier of the node. |
|
| meshDomain | string | Mesh domain is the domain of the mesh. |
|
| ipv4Address | string | IPv4Address is the IPv4 address of the node. |
|
| ipv6Address | string | IPv6Address is the IPv6 address of the node. |
|
| ipv4Network | string | IPv4Network is the IPv4 network of the mesh. |
|
| ipv6Network | string | IPv6Network is the IPv6 network of the mesh. |
ConnectionParameters are the parameters for a mesh connection.
| Field | Type | Label | Description |
| authMethod | NetworkAuthMethod | AuthMethod is the type of authentication to use. |
|
| authCredentials | ConnectionParameters.AuthCredentialsEntry | repeated | AuthCredentials are additional credentials as required by the authType. |
| addrType | ConnectionParameters.AddrType | AddrType is the type of join addresses in the addrs list. |
|
| addrs | string | repeated | Addrs are the join addresses to use to connect to the mesh. |
| networking | MeshConnNetworking | Networking is the networking configuration to use. |
|
| services | MeshConnServices | Services are the services to expose to other nodes on the mesh. |
|
| bootstrap | MeshConnBootstrap | Bootstrap are options for bootstrapping a new mesh. |
|
| tls | MeshConnTLS | TLS are TLS configurations for the mesh connection. |
| Field | Type | Label | Description |
| key | string |
|
|
| value | string |
|
DaemonStatus contains the information about the daemon.
| Field | Type | Label | Description |
| nodeID | string | NodeID is the unique identifier of the daemon. This is used for mesh connections from the daemon. |
|
| publicKey | string | PublicKey is the public key of the daemon. |
|
| description | string | Description is a description of the daemon. |
|
| version | string | Version is the version of the daemon. |
|
| gitCommit | string | GitCommit is the git commit of the daemon. |
|
| buildDate | string | BuildDate is the build date of the daemon. |
|
| uptime | string | Uptime is the uptime of the daemon. |
|
| startedAt | google.protobuf.Timestamp | StartedAt is the time the daemon started. |
|
| connections | DaemonStatus.ConnectionsEntry | repeated | Connections are a map of known connections to the daemon and their statuses. |
| Field | Type | Label | Description |
| key | string |
|
|
| value | DaemonConnStatus |
|
DisconnectRequest is sent by an application to a daemon to disconnect from a mesh.
| Field | Type | Label | Description |
| id | string | ID is the unique identifier of the connection. |
DisconnectResponse is returned by the Disconnect RPC.
DropConnectionRequest is sent by the application to a daemon to drop all storage
and information for a mesh connection.
| Field | Type | Label | Description |
| id | string | ID is the unique identifier of this connection. |
DropConnectionResponse is a message returned for a drop request.
GetConnectionRequest is sent by an application to a daemon to retrieve the parameters
and current status of a mesh connection.
| Field | Type | Label | Description |
| id | string | ID is the unique identifier of the connection. |
GetConnectionResponse is returned by the GetConnection RPC.
| Field | Type | Label | Description |
| status | DaemonConnStatus | Status is the status of the connection. |
|
| parameters | ConnectionParameters | Parameters are the parameters for the connection. |
|
| metadata | google.protobuf.Struct | Metadata are arbitrary key/value pairs stored with the connection. |
|
| node | MeshNode | Node is the node information for the connection. This is only populated when the connection is connected. |
|
| ipv4Network | string | IPv4Network is the IPv4 network of the mesh. This is only populated when the connection is connected. |
|
| ipv6Network | string | IPv6Network is the IPv6 network of the mesh. This is only populated when the connection is connected. |
|
| domain | string | Domain is the domain of the mesh. This is only populated when the connection is connected. |
ListConnectionsRequest is sent by an application to a daemon to retrieve the parameters
and current status of all mesh connections.
| Field | Type | Label | Description |
| ids | string | repeated | IDs are the unique identifiers of the connections to retrieve information for. If not provided, metrics for all known connections will be returned. |
ListConnectionsResponse is returned by the ListConnections RPC.
| Field | Type | Label | Description |
| connections | ListConnectionsResponse.ConnectionsEntry | repeated | Connections are the parameters and statuses of all connections. |
| Field | Type | Label | Description |
| key | string |
|
|
| value | GetConnectionResponse |
|
MeshConnBootstrap are configurations for bootstrapping a new mesh.
| Field | Type | Label | Description |
| enabled | bool | Enabled indicates whether or not to bootstrap a new mesh. |
|
| domain | string | Domain is the domain of the mesh. Defaults to "webmesh.internal". |
|
| ipv4Network | string | IPv4Network is the IPv4 network of the mesh. Defaults to 172.16.0.0/12. |
|
| rbacEnabled | bool | RBACEnabled indicates whether or not to enable RBAC on the mesh. |
|
| defaultNetworkACL | MeshConnBootstrap.DefaultNetworkACL | DefaultNetworkACL is the default network ACL to use for the mesh. |
MeshConnNetworking are configurations for networking on a mesh.
| Field | Type | Label | Description |
| useDNS | bool | UseDNS indicates whether or not to use the DNS servers of the mesh. |
|
| endpoints | string | repeated | Endpoints are wireguard endpoints to broadcast to the mesh. |
| detectEndpoints | bool | DetectEndpoints enables endpoint detection. |
|
| detectPrivateEndpoints | bool | DetectPrivateEndpoints enables endpoint detection for private addresses. This only makes sense when DetectEndpoints is enabled. |
MeshConnServices are configurations for exposing services to other nodes on a mesh.
| Field | Type | Label | Description |
| enabled | bool | Enabled indicates whether or not to expose services to other nodes. |
|
| enableLibP2P | bool | EnableLibP2P indicates whether or not to serve the API over libp2p. |
|
| enableTLS | bool | EnableTLS indicates whether or not to use TLS for the API. |
|
| rendezvous | string | Rendezvous is an optional rendezvous string to use for anouncing the service on the IPFS DHT. |
|
| listenAddress | string | ListenAddress is a raw IP address and port to listen on. |
|
| listenMultiaddrs | string | repeated | ListenMultiaddrs are multiaddrs to listen on. If not provided and EnableLibP2P is set, the default listen addresses will be used. |
| authMethod | NetworkAuthMethod | AuthMetod is the of authentication to enable for the services. Only mTLS and ID are supported. |
|
| features | Feature | repeated | Features are which features to enable on the API. |
| dns | MeshDNSService | DNS are configurations for running a MeshDNS server. |
MeshhConnTLS are TLS configurations for a mesh connection.
| Field | Type | Label | Description |
| enabled | bool | Enabled indicates whether or not to use TLS. |
|
| caCertData | string | CACert is a base64 and PEM encoded CA certificate to use for TLS. |
|
| certData | string | CertData is a base64 and PEM encoded certificate to use for TLS. |
|
| keyData | string | KeyData is a base64 and PEM encoded private key to use for TLS. |
|
| verifyChainOnly | bool | VerifyChainOnly indicates whether or not to only verify the certificate chain. |
|
| skipVerify | bool | SkipVerify indicates whether or not to skip verification of the server certificate. |
MeshDNSService are configurations for running a MeshDNS server.
| Field | Type | Label | Description |
| enabled | bool | Enabled indicates whether or not to run a MeshDNS server. |
|
| listenUDP | string | ListenUDP is a raw IP address and port to listen on for UDP. Defaults to :53. Set to an empty string to disable. |
|
| listenTCP | string | ListenTCP is a raw IP address and port to listen on for TCP. Defaults to :53. Set to an empty string to disable. |
MetricsRequest is sent by the application to a daemon to retrieve interface metrics for a mesh connection.
| Field | Type | Label | Description |
| ids | string | repeated | IDs are the unique identifiers of the connections to retrieve metrics for. If not provided, metrics for all known connections will be returned. |
MetricsResponse is a message containing interface metrics.
| Field | Type | Label | Description |
| interfaces | MetricsResponse.InterfacesEntry | repeated | Interfaces is a map of network IDs to their interface metrics. |
| Field | Type | Label | Description |
| key | string |
|
|
| value | InterfaceMetrics |
|
PutConnectionRequest is sent by an application to a daemon to store the parameters
for a mesh connection.
| Field | Type | Label | Description |
| id | string | ID is the unique identifier of the connection. If not provided one will be generated. |
|
| parameters | ConnectionParameters | Parameters are the parameters for the connection. |
|
| metadata | google.protobuf.Struct | Metadata are arbitrary key/value pairs to store with the connection. |
PutConnectionResponse is returned by the PutConnection RPC.
| Field | Type | Label | Description |
| id | string | ID is the unique identifier of the connection. |
StatusRequest is sent by the application to a daemon to retrieve the status of the daemon.
AddrType is the type of join addresses included in the request.
| Name | Number | Description |
| ADDR | 0 | ADDR is used to join a mesh using an IP or DNS address. |
| MULTIADDR | 1 | MULTIADDR is used to join a mesh using a multiaddr. |
| RENDEZVOUS | 2 | RENDEZVOUS is used to join a mesh using a rendezvous string. |
AuthHeader is an enumeration of headers that coorespond to the AuthMethod.
They are used to pass authentication credentials to the daemon. Enums
cannot be used as map keys, so their string values are used instead.
| Name | Number | Description |
| BASIC_USERNAME | 0 | BASIC_USERNAME is the username for basic authentication. |
| BASIC_PASSWORD | 1 | BASIC_PASSWORD is the password for basic authentication. |
| LDAP_USERNAME | 2 | LDAP_USERNAME is the username for LDAP authentication. |
| LDAP_PASSWORD | 3 | LDAP_PASSWORD is the password for LDAP authentication. |
| ADDRS_ENVELOPE | 4 | ADDRS_ENVELOPE is the header for a signed envelope containing the join addresses to use to connect to the mesh. |
DaemonConnStatus are the statuses of a mesh connection.
| Name | Number | Description |
| DISCONNECTED | 0 | DISCONNECTED indicates that the node is not connected to a mesh. |
| CONNECTING | 1 | CONNECTING indicates that the node is in the process of connecting to a mesh. |
| CONNECTED | 2 | CONNECTED indicates that the node is connected to a mesh. |
| Name | Number | Description |
| ACCEPT | 0 | |
| DROP | 1 |
NetworkAuthMethod are types of RPC credentials to supply to mesh nodes.
| Name | Number | Description |
| NO_AUTH | 0 | NO_AUTH is used to indicate that no authentication is required. |
| BASIC | 1 | BASIC is used to indicate that basic authentication is required. |
| LDAP | 2 | LDAP is used to indicate that LDAP authentication is required. |
| ID | 3 | ID is used to indicate that an identity is required. |
| MTLS | 4 | MTLS is used to indicate that mutual TLS authentication is required. The TLS object should be used to configure the TLS connection. |
AppDaemon is exposed by nodes running in the daemon mode.
This mode allows the node to run in an idle state and be controlled by an application.
The application can send commands to the node to execute tasks and receive responses.
| Method Name | Request Type | Response Type | Description |
| PutConnection | PutConnectionRequest | PutConnectionResponse | PutConnection stores the parameters for a connection in the daemon. |
| GetConnection | GetConnectionRequest | GetConnectionResponse | GetConnection retrieves the parameters and current status of a connection in the daemon. |
| DropConnection | DropConnectionRequest | DropConnectionResponse | DropConnection deletes all data stored for a given mesh connection. |
| ListConnections | ListConnectionsRequest | ListConnectionsResponse | ListConnections retrieves the parameters and current status of all connections in the daemon. |
| Connect | ConnectRequest | ConnectResponse | Connect is used to establish a connection between the node and a mesh. |
| Disconnect | DisconnectRequest | DisconnectResponse | Disconnect is used to disconnect the node from a mesh. |
| Metrics | MetricsRequest | MetricsResponse | Metrics is used to retrieve interface metrics for one or more mesh connections. |
| Query | AppQueryRequest | QueryResponse | Query is used to query a mesh connection for information. |
| Status | StatusRequest | DaemonStatus | Status is used to retrieve the status of the daemon. This includes a map of known connections and their statuses. |
RaftApplyResponse is the response to an apply request. It
contains the result of applying the log entry.
| Field | Type | Label | Description |
| time | string | Time is the total time it took to apply the log entry. |
|
| error | string | Error is an error that occurred during the apply. |
RaftDataItem represents a value in the Raft data store.
| Field | Type | Label | Description |
| key | bytes | Key is the key of the data item. |
|
| value | bytes | Value is the value of the data item. |
|
| ttl | google.protobuf.Duration | TTL is the time to live of the data item. |
RaftLogEntry is the data of an entry in the Raft log.
| Field | Type | Label | Description |
| type | RaftCommandType | Type is the type of the log entry. |
|
| key | bytes | Key is the key of the log entry. |
|
| value | bytes | Value is the value of the log entry. |
|
| ttl | google.protobuf.Duration | TTL is the time to live of the log entry. |
RaftSnapshot is the data of a snapshot.
| Field | Type | Label | Description |
| kv | RaftDataItem | repeated | KV is the key/value pairs of the snapshot. |
RaftCommandType is the type of command being sent to the
Raft log.
| Name | Number | Description |
| UNKNOWN | 0 | UNKNOWN is the unknown command type. |
| PUT | 1 | PUT is the command for putting a key/value pair. |
| DELETE | 2 | DELETE is the command for deleting a key/value pair. |
JoinRequest is a request to join the cluster.
| Field | Type | Label | Description |
| id | string | ID is the ID of the node. |
|
| publicKey | string | PublicKey is the public key of the node to broadcast to peers. |
|
| primaryEndpoint | string | PrimaryEndpoint is a routable address for the node. If left unset, the node is assumed to be behind a NAT and not directly accessible. |
|
| wireguardEndpoints | string | repeated | WireguardEndpoints is a list of WireGuard endpoints for the node. |
| zoneAwarenessID | string | ZoneAwarenessID is the zone awareness ID of the node. |
|
| assignIPv4 | bool | AssignIPv4 is whether an IPv4 address should be assigned to the node. |
|
| preferStorageIPv6 | bool | PreferStorageIPv6 is whether IPv6 should be preferred over IPv4 for storage communication. This is only used if assign_ipv4 is true. |
|
| asVoter | bool | AsVoter is whether the node should receive a vote in elections. The request will be denied if the node is not allowed to vote. |
|
| asObserver | bool | AsObserver is whether the node should be added as an observer. They will receive updates to the storage, but not be able to vote in elections. |
|
| routes | string | repeated | Routes is a list of routes to advertise to peers. The request will be denied if the node is not allowed to put routes. |
| directPeers | JoinRequest.DirectPeersEntry | repeated | DirectPeers is a map of extra peers that should be connected to directly over relays. The provided edge attribute is the callers preference of how the relay should be created. The request will be denied if the node is not allowed to put data channels or edges. The default joining behavior creates direct links between the caller and the joiner. If the caller has a primary endpoint, the joiner will link the caller to all other nodes with a primary endpoint. If the caller has a zone awareness ID, the joiner will link the caller to all other nodes with the same zone awareness ID that also have a primary endpoint. |
| features | FeaturePort | repeated | Features is a list of features supported by the node that should be advertised to peers and the port they are available on. |
| multiaddrs | string | repeated | Multiaddrs are libp2p multiaddresses this node is listening on. |
| Field | Type | Label | Description |
| key | string |
|
|
| value | ConnectProtocol |
|
JoinResponse is a response to a join request.
| Field | Type | Label | Description |
| addressIPv4 | string | AddressIPv4 is the private IPv4 wireguard address of the node in CIDR format representing the network. This is only set if assign_ipv4 was set in the request or no network_ipv6 was provided. |
|
| addressIPv6 | string | AddressIPv6 is the IPv6 network assigned to the node. |
|
| networkIPv4 | string | NetworkIPv4 is the IPv4 network of the Mesh. |
|
| networkIPv6 | string | NetworkIPv6 is the IPv6 network of the Mesh. |
|
| peers | WireGuardPeer | repeated | Peers is a list of wireguard peers to connect to. |
| iceServers | string | repeated | ICEServers is a list of public nodes that can be used to negotiate ICE connections if required. This may only be populated when one of the peers has the ICE flag set. This must be set if the requestor specifies direct_peers. |
| dnsServers | string | repeated | DNSServers is a list of peers offering DNS services. |
| meshDomain | string | MeshDomain is the domain of the mesh. |
LeaveRequest is a request to leave the cluster.
| Field | Type | Label | Description |
| id | string | ID is the ID of the node. |
LeaveResponse is a response to a leave request. It is currently empty.
PeerConfigurations is a stream of peer configurations.
| Field | Type | Label | Description |
| peers | WireGuardPeer | repeated | Peers is a list of wireguard peers to connect to. |
| iceServers | string | repeated | ICEServers is a list of public nodes that can be used to negotiate ICE connections if required. This may only be populated when one of the peers has the ICE flag set. |
| dnsServers | string | repeated | DNSServers is a list of peers offering DNS services. |
StorageConsensusRequest is a request to get the current Storage configuration.
StorageConsensusResponse is a response to a Storage consensus request.
| Field | Type | Label | Description |
| servers | StorageServer | repeated | Servers is the list of servers in the storage configuration. |
StorageServer is a server in the Storage configuration.
| Field | Type | Label | Description |
| id | string | ID is the ID of the server. |
|
| suffrage | ClusterStatus | Suffrage is the suffrage of the server. |
|
| publicKey | string | PublicKey is the public key of this server. Not all storage providers track this field. |
|
| address | string | Address is the mesh address of the server. |
SubscribePeersRequest is a request to subscribe to peer updates.
| Field | Type | Label | Description |
| id | string | ID is the ID of the node. |
UpdateRequest contains most of the same fields as JoinRequest, but is
used to update the state of a node in the cluster.
| Field | Type | Label | Description |
| id | string | ID is the ID of the node. |
|
| publicKey | string | PublicKey is the public key of the node to broadcast to peers. |
|
| primaryEndpoint | string | PrimaryEndpoint is a routable address for the node. If left unset, the node is assumed to be behind a NAT and not directly accessible. |
|
| wireguardEndpoints | string | repeated | WireguardEndpoints is a list of WireGuard endpoints for the node. |
| zoneAwarenessID | string | ZoneAwarenessID is the zone awareness ID of the node. |
|
| asVoter | bool | AsVoter is whether the node should receive a vote in elections. The request will be denied if the node is not allowed to vote. |
|
| routes | string | repeated | Routes is a list of routes to advertise to peers. The request will be denied if the node is not allowed to put routes. |
| features | FeaturePort | repeated | Features is a list of features supported by the node that should be advertised to peers and the port they are available on. |
| multiaddrs | string | repeated | Multiaddrs are libp2p multiaddresses this node is listening on. |
UpdateResponse is a response to an update request. It is currently empty.
WireGuardPeer is a peer in the Wireguard network.
| Field | Type | Label | Description |
| node | MeshNode | Node is information about this node. |
|
| allowedIPs | string | repeated | AllowedIPs is the list of allowed IPs for the peer. |
| allowedRoutes | string | repeated | AllowedRoutes is the list of allowed routes for the peer. |
| proto | ConnectProtocol | Proto indicates the protocol to use to connect to the peer. |
ConnectProtocol is a type of protocol for establishing a connection into a mesh.
| Name | Number | Description |
| CONNECT_NATIVE | 0 | CONNECT_NATIVE indicates that the node should connect to other nodes via the native webmesh mechanisms. |
| CONNECT_ICE | 1 | CONNECT_ICE indicates that the node should connect to other nodes via ICE. |
| CONNECT_LIBP2P | 2 | CONNECT_LIBP2P indicates that the node should connect to other nodes via libp2p. |
The membership service is exposed on storage-providing nodes to allow nodes to join
and leave the cluster. This service is meant to be made available publicly
to allow people in from the outside.
| Method Name | Request Type | Response Type | Description |
| Join | JoinRequest | JoinResponse | Join is used to join a node to the mesh. |
| Update | UpdateRequest | UpdateResponse | Update is used by a node to update its state in the mesh. The node will be updated in the mesh and will be able to query the mesh state or vote in elections. Only non-empty fields will be updated. It is almost semantically equivalent to a join request with the same ID, but redefined to avoid confusion and to allow for expansion. |
| Leave | LeaveRequest | LeaveResponse | Leave is used to remove a node from the mesh. The node will be removed from the mesh and will no longer be able to query the mesh state or vote in elections. |
| SubscribePeers | SubscribePeersRequest | PeerConfigurations stream | SubscribePeers subscribes to the peer configuration for the given node. The node will receive updates to the peer configuration as it changes. |
| Apply | RaftLogEntry | RaftApplyResponse | Apply is used by voting nodes to request a log entry be applied to the state machine. This is only available on the leader, and can only be called by nodes that are allowed to vote. This is only used by the built-in raft storage implementation. |
| GetCurrentConsensus | StorageConsensusRequest | StorageConsensusResponse | GetCurrentConsensus returns the current Storage consensus configuration. |
AllocateIPRequest is the message containing an IP allocation request.
| Field | Type | Label | Description |
| nodeID | string | NodeID is the node that the IP should be allocated for. |
|
| subnet | string | Subnet is the subnet that the IP should be allocated from. |
AllocatedIP is the message containing an allocated IP.
| Field | Type | Label | Description |
| ip | string | IP is the allocated IP. It should be returned in CIDR notation. |
AuthenticationRequest is the message containing an authentication request.
| Field | Type | Label | Description |
| headers | AuthenticationRequest.HeadersEntry | repeated | Headers are the headers of the request. |
| certificates | bytes | repeated | Certificates are the DER encoded certificates of the request. |
| Field | Type | Label | Description |
| key | string |
|
|
| value | string |
|
AuthenticationResponse is the message containing an authentication response.
| Field | Type | Label | Description |
| id | string | ID is the id of the authenticated user. |
Event is the message containing a watch event.
| Field | Type | Label | Description |
| type | Event.WatchEvent | Type is the type of the watch event. |
|
| node | MeshNode | Node is the node that the event is about. |
NodeConfiguration is the message containing the configuration of the
node and the network that it is a part of.
| Field | Type | Label | Description |
| id | string | ID is the ID of the node. |
|
| networkIPv4 | string | NetworkIPv4 is the IPv4 network that the node is a part of. |
|
| networkIPv6 | string | NetworkIPv6 is the IPv6 network that the node is a part of. |
|
| addressIPv4 | string | AddressIPv4 is the IPv4 address of the node. |
|
| addressIPv6 | string | AddressIPv6 is the IPv6 address of the node. |
|
| domain | string | Domain is the domain of the network. |
|
| privateKey | bytes | PrivateKey is the private key of the node. |
PluginConfiguration is the message containing the configuration of a plugin.
| Field | Type | Label | Description |
| config | google.protobuf.Struct | Config is the configuration for the plugin. This will be specific for each plugin. |
|
| nodeConfig | NodeConfiguration | NodeConfig is the configuration of the node and the network that it is a part of. |
PluginInfo is the information of a plugin.
| Field | Type | Label | Description |
| name | string | Name is the name of the plugin. |
|
| version | string | Version is the version of the plugin. |
|
| description | string | Description is the description of the plugin. |
|
| capabilities | PluginInfo.PluginCapability | repeated | Capabilities is the capabilities of the plugin. |
ReleaseIPRequest is the message containing an IP release request.
| Field | Type | Label | Description |
| nodeID | string | NodeID is the node that the IP should be released for. |
|
| ip | string | IP is the IP that should be released. |
WatchEvent is the type of a watch event.
| Name | Number | Description |
| UNKNOWN | 0 | UNKNOWN is the default value of WatchEvent. |
| NODE_JOIN | 1 | NODE_JOIN indicates that a node has joined the cluster. |
| NODE_LEAVE | 2 | NODE_LEAVE indicates that a node has left the cluster. |
| LEADER_CHANGE | 3 | LEADER_CHANGE indicates that the leader of the cluster has changed. |
PluginCapability is the capabilities of a plugin.
| Name | Number | Description |
| UNKNOWN | 0 | UNKNOWN is the default value of PluginCapability. |
| STORAGE_PROVIDER | 1 | STORAGE_PROVIDER indicates that the plugin can provide storage and underlying consistency. |
| AUTH | 2 | AUTH indicates that the plugin is an auth plugin. |
| WATCH | 3 | WATCH indicates that the plugin wants to receive watch events. |
| IPAMV4 | 4 | IPAMV4 indicates that the plugin is an IPv4 IPAM plugin. |
| STORAGE_QUERIER | 5 | STORAGE_QUERIER indicates a plugin that wants to interact with storage. |
AuthPlugin is the service definition for a Webmesh auth plugin.
| Method Name | Request Type | Response Type | Description |
| Authenticate | AuthenticationRequest | AuthenticationResponse | Authenticate authenticates a request. |
IPAMPlugin is the service definition for a Webmesh IPAM plugin.
| Method Name | Request Type | Response Type | Description |
| Allocate | AllocateIPRequest | AllocatedIP | Allocate allocates an IP for a node. |
| Release | ReleaseIPRequest | .google.protobuf.Empty | Release releases an IP for a node. |
Plugin is the general service definition for a Webmesh plugin.
It must be implemented by all plugins.
| Method Name | Request Type | Response Type | Description |
| GetInfo | .google.protobuf.Empty | PluginInfo | GetInfo returns the information for the plugin. |
| Configure | PluginConfiguration | .google.protobuf.Empty | Configure starts and configures the plugin. |
| Close | .google.protobuf.Empty | .google.protobuf.Empty | Close closes the plugin. It is called when the node is shutting down. |
StorageQuerierPlugin is the service definition for a Webmesh storage querier plugin.
| Method Name | Request Type | Response Type | Description |
| InjectQuerier | QueryResponse stream | QueryRequest stream | InjectQuerier is a stream opened by the node to faciliate read operations against the mesh state. The signature is misleading, but it is required to be able to stream the query results back to the node. The node will open a stream to the plugin and send a PluginQueryResult message for every query that is received. |
WatchPlugin is the service definition for a Webmesh watch plugin.
| Method Name | Request Type | Response Type | Description |
| Emit | Event | .google.protobuf.Empty | Emit handles a watch event. |
LookupRequest is the request object for the Lookup RPC. One of the fields
must be provided.
| Field | Type | Label | Description |
| id | string | The ID derived from the public key to lookup. |
|
| publicKey | string | The public key to lookup. |
|
| alias | string | The alias of the public key to lookup. |
LookupResponse is the response object for the Lookup RPC.
| Field | Type | Label | Description |
| id | string | The ID of the public key that was looked up. |
|
| publicKey | string | The encoded public key that was looked up. |
|
| alias | string | Any alias associated with the public key. |
RegisterRequest is the request object for the Register RPC.
| Field | Type | Label | Description |
| publicKey | string | The encoded public key to register. |
|
| alias | string | An alias to associate with the public key. This can be used to lookup the public key later. |
|
| expiry | google.protobuf.Timestamp | Expiry is the time at which the public key and its associated aliases should be removed from the registrar. If not provided, a default value of 1 day from the time of registration will be used. |
RegisterResponse is the response object for the Register RPC.
| Field | Type | Label | Description |
| id | string | ID of the public key that was registered. |
The registrar service can be used as a means of providing off-network storage of public
keys and other information. This is useful for (and should only be used with) public-key
derived ID authentication where one might want to register simpler aliases for a public key.
This service could eventually evolve into a full key-server, but for now it is just a simple
registrar.
| Method Name | Request Type | Response Type | Description |
| Register | RegisterRequest | RegisterResponse | Register a public key with the registrar. An alias can be provided to make it easier to lookup the public key later. If the alias is already in use, the request will fail. This method can be used to change the alias of a public key by providing the same public key with a different alias. |
| Lookup | LookupRequest | LookupResponse | Lookup a public key by ID or alias. If the ID is not found, the request will fail. |
AddObserverResponse is the response object for the AddObserver RPC.
AddVoterResponse is the response object for the AddVoter RPC.
BootstrapRequest is the request object for the Bootstrap RPC.
BootstrapResponse is the response object for the Bootstrap RPC.
| Field | Type | Label | Description |
| status | StorageStatus | Status is the status of the storage after the bootstrap. |
DeleteValueRequest is the request object for the DeleteValue RPC.
| Field | Type | Label | Description |
| key | bytes | Key is the key to delete. |
DeleteValueResponse is the response object for the DeleteValue RPC.
DemoteVoterResponse is the response object for the DemoteVoter RPC.
GetLeaderRequest is the request object for the GetLeader RPC.
GetPeersRequest is the request object for the GetPeers RPC.
GetValueRequest is the request object for the GetValue RPC.
| Field | Type | Label | Description |
| key | bytes | Key is the key to get the value for. |
GetValueResponse is the response object for the GetValue RPC.
| Field | Type | Label | Description |
| value | StorageValue | Value is the value of the key. |
ListKeysRequest is the request object for the ListValues RPC.
| Field | Type | Label | Description |
| prefix | bytes | Prefix is the prefix to list values for. |
ListKeysResponse is the response object for the ListValues RPC.
| Field | Type | Label | Description |
| keys | bytes | repeated | Keys is the list of value keys for the prefix. |
ListValuesRequest is the request object for the ListValues RPC.
| Field | Type | Label | Description |
| prefix | bytes | Prefix is the prefix to list values for. |
ListValuesResponse is the response object for the ListValues RPC.
| Field | Type | Label | Description |
| values | StorageValue | repeated | Values is the list of values for the prefix. |
PrefixEvent is an event that is emitted when a value is added or removed
from the storage for a prefix.
| Field | Type | Label | Description |
| prefix | bytes | Prefix is the prefix that the event is for. |
|
| value | StorageValue | Value is the value that was added or removed. |
|
| eventType | PrefixEvent.EventType | EventType is the type of event. |
PutValueRequest is the request object for the PutValue RPC.
| Field | Type | Label | Description |
| value | StorageValue | Value is the value to put. |
|
| ttl | google.protobuf.Duration | TTL is the time to live for the value. |
PutValueResponse is the response object for the PutValue RPC.
RemoveServerResponse is the response object for the RemoveServer RPC.
StoragePeer is a server that is currently recognized by the storage plugin.
| Field | Type | Label | Description |
| id | string | ID is the id of the server. |
|
| publicKey | string | PublicKey is the encoded public key of the server. This is not required for demotion or removal RPCs. Not all implementations need to support this. |
|
| address | string | Address is the address of the server. This is not required for demotion or removal RPCs. |
|
| clusterStatus | ClusterStatus | ClusterStatus is the status of the server. This is only applicable during a GetStatus RPC. |
StoragePeers is a list of servers that are currently recognized by the storage plugin.
| Field | Type | Label | Description |
| peers | StoragePeer | repeated | Peers is the list of servers that are currently recognized as peers by the storage plugin. |
StorageStatus is the response object for the StorageStatus RPC.
| Field | Type | Label | Description |
| isWritable | bool | IsWritable is true if the storage can currently be written to. |
|
| clusterStatus | ClusterStatus | ClusterStatus is the status of the storage. The definitions applied to each status are implementation specific. |
|
| peers | StoragePeer | repeated | Peers is the list of servers that are currently recognized as peers by the storage plugin. This should include the current server. |
| message | string | Message is an implementation specific message that can be used to provide additional information about the storage status. |
StorageStatusRequest is the request object for the StorageStatus RPC.
StorageValue is a value stored in the storage.
| Field | Type | Label | Description |
| key | bytes | Key is the key of the value. |
|
| value | bytes | Value is the value of the key. |
SubscribePrefixRequest is the request object for the SubscribePrefix RPC.
| Field | Type | Label | Description |
| prefix | bytes | Prefix is the prefix to subscribe to. |
| Name | Number | Description |
| EventTypeUnknown | 0 | EventTypeUnknown is an unknown event type. |
| EventTypeUpdated | 1 | EventTypeUpdated is an event for when a value is added or updated. |
| EventTypeRemoved | 2 | EventTypeRemoved is an event for when a value is removed. |
StorageProviderPlugin is the service definition for a Webmesh storage provider.
| Method Name | Request Type | Response Type | Description |
| GetStatus | StorageStatusRequest | StorageStatus | GetStatus returns the status of the storage. |
| Bootstrap | BootstrapRequest | BootstrapResponse | Bootstrap is called when the storage is created for the first time. It is assumed that this node has been elected as the leader of the cluster. FailedPrecondition should be returned if the storage is already bootstrapped. |
| AddVoter | StoragePeer | AddVoterResponse | AddVoter adds a voter to the storage. The underlying implementation should ensure that the voter is added to the storage and that the storage is in a consistent state before returning. |
| AddObserver | StoragePeer | AddObserverResponse | AddObserver adds an observer to the storage. The underlying implementation should ensure that the observer is added to the storage and that the storage is in a consistent state before returning. If observers are not supported the underlying implementation can silently ignore this RPC, but it should keep track of the observer in the GetStatus RPC if possible. |
| DemoteVoter | StoragePeer | DemoteVoterResponse | DemoteVoter demotes a voter to an observer. The underlying implementation should ensure that the voter is demoted and that the storage is in a consistent state before returning. If observers are not supported the underlying implementation can silently ignore this RPC, but it should keep track of the observer in the GetStatus RPC if possible. |
| RemovePeer | StoragePeer | RemoveServerResponse | RemovePeer removes a peer from the storage. The underlying implementation should ensure that the server is removed and that the storage is in a consistent state before returning. When called with the current ID of the leader, the underlying implementation should relinquish leadership to another peer if possible. |
| GetLeader | GetLeaderRequest | StoragePeer | GetLeader returns the leader of the storage. Leader may be loosely defined by the implementation, but must be a node that can reliably be used to mutate the storage. |
| GetPeers | GetPeersRequest | StoragePeers | GetPeers returns all peers of the storage. Peer status may be loosely defined by the implementation, but must correlate to nodes that can reliably be used to mutate the storage. |
| GetValue | GetValueRequest | GetValueResponse | GetValue returns the value for a key. |
| PutValue | PutValueRequest | PutValueResponse | PutValue puts a value for a key. |
| DeleteValue | DeleteValueRequest | DeleteValueResponse | DeleteValue deletes a value for a key. |
| ListKeys | ListKeysRequest | ListKeysResponse | ListKeys lists all keys for a prefix. |
| ListValues | ListValuesRequest | ListValuesResponse | ListValues lists all values for a prefix. |
| SubscribePrefix | SubscribePrefixRequest | PrefixEvent stream | SubscribePrefix subscribes to events for a prefix. |
DataChannelOffer is an offer for a data channel. Candidates
are sent after the offer is sent.
| Field | Type | Label | Description |
| offer | string | Offer is the offer. |
|
| stunServers | string | repeated | STUNServers is the list of STUN servers to use. |
| candidate | string | Candidate is an ICE candidate. |
StartDataChannelRequest is a request to start a data channel.
The answer and candidate fields are populated after the offer
is received.
| Field | Type | Label | Description |
| nodeID | string | NodeID is the ID of the node to send the data to. |
|
| proto | string | Proto is the protocol of the traffic. |
|
| dst | string | Dst is the destination address of the traffic. |
|
| port | uint32 | Port is the destination port of the traffic. A port of 0 coupled with the udp protocol indicates forwarding to the WireGuard interface. |
|
| answer | string | Answer is the answer to the offer. |
|
| candidate | string | Candidate is an ICE candidate. |
WebRTC is a service for negotiating WebRTC connections to nodes in the mesh.
It is typically run alongside a TURN server, however the server can be configured
to use public STUN servers instead.
| Method Name | Request Type | Response Type | Description |
| StartDataChannel | StartDataChannelRequest stream | DataChannelOffer stream | StartDataChannel requests a new WebRTC connection to a node. The client speaks first with the request containing the node ID and where forwarded packets should be sent. The server responds with an offer and STUN servers to be used to establish a WebRTC connection. The client should then respond with an answer to the offer that matches the spec of the DataChannel.CHANNELS enum value. After the offer is accepted, the stream can be used to exchange ICE candidates to speed up the connection process. |
| StartSignalChannel | WebRTCSignal stream | WebRTCSignal stream | StartSignalChannel starts a signaling channel to a remote node. This can be used to negotiate WebRTC connections both inside and outside of the mesh. Messages on the wire are proxied to the remote node. |
| .proto Type | Notes | C++ | Java | Python | Go | C# | PHP | Ruby |
| double | double | double | float | float64 | double | float | Float | |
| float | float | float | float | float32 | float | float | Float | |
| int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int | int32 | int | integer | Bignum or Fixnum (as required) |
| int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long | int64 | long | integer/string | Bignum |
| uint32 | Uses variable-length encoding. | uint32 | int | int/long | uint32 | uint | integer | Bignum or Fixnum (as required) |
| uint64 | Uses variable-length encoding. | uint64 | long | int/long | uint64 | ulong | integer/string | Bignum or Fixnum (as required) |
| sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int | int32 | int | integer | Bignum or Fixnum (as required) |
| sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long | int64 | long | integer/string | Bignum |
| fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int | uint32 | uint | integer | Bignum or Fixnum (as required) |
| fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long | uint64 | ulong | integer/string | Bignum |
| sfixed32 | Always four bytes. | int32 | int | int | int32 | int | integer | Bignum or Fixnum (as required) |
| sfixed64 | Always eight bytes. | int64 | long | int/long | int64 | long | integer/string | Bignum |
| bool | bool | boolean | boolean | bool | bool | boolean | TrueClass/FalseClass | |
| string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode | string | string | string | String (UTF-8) |
| bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str | []byte | ByteString | string | String (ASCII-8BIT) |