Add TLS settings to all connection settings (#205)

Author: michel-laterman

proto/opamp.proto

@@ -323,6 +323,10 @@ message OpAMPConnectionSettings {
     // If this field has no value or is set to 0, the Agent should not send any heartbeats.
     // Status: [Development]
     uint64 heartbeat_interval_seconds = 4;
+
+    // Optional connection specific TLS settings.
+    // Status: [Development]
+    TLSConnectionSettings tls = 5;
 }
 
 // The TelemetryConnectionSettings message is a collection of fields which comprise an
@@ -349,6 +353,10 @@ message TelemetryConnectionSettings {
     // This field is optional: if omitted the client SHOULD NOT use a client-side certificate.
     // This field can be used to perform a client certificate revocation/rotation.
     TLSCertificate certificate = 3;
+
+    // Optional connection specific TLS settings.
+    // Status: [Development]
+    TLSConnectionSettings tls = 4;
 }
 
 // The OtherConnectionSettings message is a collection of fields which comprise an
@@ -394,6 +402,34 @@ message OtherConnectionSettings {
     // Other connection settings. These are Agent-specific and are up to the Agent
     // interpret.
     map<string, string> other_settings = 4;
+
+    // Optional connection specific TLS settings.
+    // Status: [Development]
+    TLSConnectionSettings tls = 5;
+}
+
+
+// TLSConnectionSettings are optional connection settings that can be passed to
+// the client in order to specify TLS configuration.
+// Status: [Development]
+message TLSConnectionSettings {
+  // Provides CA cert contents as a string.
+  string ca_pem_contents = 1;
+
+  // Load system CA pool alongside any passed CAs.
+  bool include_system_ca_certs_pool = 2;
+
+  // skip certificate verification.
+  bool insecure_skip_verify = 3;
+
+  // Miniumum accepted TLS version; default "1.2".
+  string min_version = 4;
+
+  // Maxiumum accepted TLS version; default "".
+  string max_version = 5;
+
+  // Explicit list of cipher suites.
+  repeated string cipher_suites = 6;
 }
 
 // Status: [Beta]

specification.md

@@ -114,15 +114,19 @@ Status: [Beta]
       - [OpAMPConnectionSettings.headers](#opampconnectionsettingsheaders)
       - [OpAMPConnectionSettings.certificate](#opampconnectionsettingscertificate)
       - [OpAMPConnectionSettings.heartbeat_interval_seconds](#opampconnectionsettingsheartbeat_interval_seconds)
+      - [OpAMPConnectionSettings.tls](#opampconnectionsettingstls)
     + [TelemetryConnectionSettings](#telemetryconnectionsettings)
       - [TelemetryConnectionSettings.destination_endpoint](#telemetryconnectionsettingsdestination_endpoint)
       - [TelemetryConnectionSettings.headers](#telemetryconnectionsettingsheaders)
       - [TelemetryConnectionSettings.certificate](#telemetryconnectionsettingscertificate)
+      - [TelemetryConnectionSettings.tls](#telemetryconnectionsettingstls)
     + [OtherConnectionSettings](#otherconnectionsettings)
       - [OtherConnectionSettings.destination_endpoint](#otherconnectionsettingsdestination_endpoint)
       - [OtherConnectionSettings.headers](#otherconnectionsettingsheaders)
       - [OtherConnectionSettings.certificate](#otherconnectionsettingscertificate)
       - [OtherConnectionSettings.other_settings](#otherconnectionsettingsother_settings)
+      - [OtherConnectionSettings.tls](#otherconnectionsettingstls)
+    + [TLSConnectionSettings Message](#tlsconnectionsettings-message)
     + [Headers Message](#headers-message)
     + [TLSCertificate Message](#tlscertificate-message)
       - [TLSCertificate.cert](#tlscertificatecert)
@@ -1904,6 +1908,7 @@ message OpAMPConnectionSettings {
     Headers headers = 2;
     TLSCertificate certificate = 3;
     uint64 heartbeat_interval_seconds = 4;
+    TLSConnectionSettings tls = 5;
 }
 ```
 
@@ -1979,6 +1984,12 @@ The flow for negotiating a heartbeat is described as so:
 
 The Agent can decide not to send heartbeats by not setting the ReportsHeartbeat capability. The Server can decide to not receive heartbeats by responding with a value of `0` seconds in the OpAMPConnectionSettings.heartbeat_interval_seconds field.
 
+##### OpAMPConnectionSettings.tls
+
+Status: [Development]
+
+Optional OpAMP specific TLS settings.
+
 #### TelemetryConnectionSettings
 
 The TelemetryConnectionSettings message is a collection of fields which comprise an
@@ -1990,6 +2001,7 @@ message TelemetryConnectionSettings {
     string destination_endpoint = 1;
     Headers headers = 2;
     TLSCertificate certificate = 3;
+    TLSConnectionSettings tls = 4;
 }
 ```
 
@@ -2016,6 +2028,12 @@ for this connection.
 This field is optional: if omitted the client SHOULD NOT use a client-side certificate.
 This field can be used to perform a client certificate revocation/rotation.
 
+##### TelemetryConnectionSettings.tls
+
+Status: [Development]
+
+Optional telemetry specific TLS settings.
+
 #### OtherConnectionSettings
 
 The OtherConnectionSettings message is a collection of fields which comprise an
@@ -2045,6 +2063,7 @@ message OtherConnectionSettings {
     Headers headers = 2;
     TLSCertificate certificate = 3;
     map<string, string> other_settings = 4;
+    TLSConnectionSettings tls = 5;
 }
 ```
 
@@ -2074,9 +2093,35 @@ This field can be used to perform a client certificate revocation/rotation.
 Other connection settings. These are Agent-specific and are up to the Agent
 interpret.
 
-#### Headers Message
+##### OtherConnectionSettings.tls
+
+Status: [Development]
 
+Optional connection specific TLS settings.
+
+#### TLSConnectionSettings Message
+
+Status: [Development]
+
+The message carries optional TLS settings that are used to configure a client's
+connection. If the Agent is able to validate the connection settings, the Agent
+SHOULD forget any previous TLS settings. If this message is not included, the
+client SHOULD use the agent's default TLS settings for the connection.
+
+```protobuf
+message TLSConnectionSettings {
+  string ca_pem_contents = 1;
+  bool include_system_ca_certs_pool = 2;
+  bool insecure_skip_verify = 3;
+  string min_version = 4;
+  string max_version = 5;
+  repeated string cipher_suites = 6;
+}
 ```
+
+#### Headers Message
+
+```protobuf
 message Headers {
     repeated Header headers = 1;
 }