Skip to main content

SecretsRaftOp

zlayer_types::api::internal

Enum SecretsRaftOp 

Source 
pub enum SecretsRaftOp {
    RegisterNode {
        identity: NodeIdentity,
    },
    RevokeNode {
        node_id: String,
    },
    RotateDek {
        new_wraps: WrappedDek,
    },
    PutSecret {
        secret: ReplicatedSecret,
    },
    DeleteSecret {
        storage_key: String,
    },
    RevokeToken {
        token_hash: String,
        expires_at: DateTime<Utc>,
    },
    ImportTrustBundle {
        bundle: TrustBundle,
    },
    RemoveTrustBundle {
        cluster_domain: String,
    },
    SetJwtAlgorithm {
        algorithm: JwtAlgorithm,
    },
    WipeJoinSecret,
}
Expand description

Op type for the secrets Raft state machine.

Replicated through openraft alongside the existing scheduler ops. zlayer-consensus carries the bytes; zlayer-secrets’s raft_sm.rs applies them. The variants intentionally mirror the structure of crate::storage::NodeIdentity, crate::storage::WrappedDek, and crate::storage::ReplicatedSecret so the wire shape is identical to the stored shape.

Variants§

§

RegisterNode

Register a new node. Triggers an automatic re-wrap of the current DEK so the new node can decrypt secrets going forward.

Fields

§identity: NodeIdentity

Identity payload (uuid, X25519 pubkey, WG pubkey, joined_at).

§

RevokeNode

Soft-revoke a node. Followers stop including it in DEK wraps; the next RotateDek excludes it permanently.

Fields

§node_id: String

Cluster-wide node UUID being revoked.

§

RotateDek

Rotate the cluster DEK. The leader proposes a new generation with fresh per-node wraps; followers re-encrypt every ReplicatedSecret from the previous generation to the new one.

Fields

§new_wraps: WrappedDek

New wrapped-DEK envelope (generation + per-node wraps).

§

PutSecret

Insert or update a secret. The ciphertext is encrypted under the dek_generation recorded inside the payload.

Fields

§secret: ReplicatedSecret

The full replicated secret record.

§

DeleteSecret

Remove a secret entirely. Hard delete — re-encryption skips it.

Fields

§storage_key: String

"{scope}:{name}" storage key, same shape as elsewhere.

§

RevokeToken

Revoke a specific issued join token (cannot be unrevoked).

The token is identified by token_hash, which is the lowercase hex SHA-256 of the full token envelope b64 string (same hash form regardless of token format — Ed25519-signed envelope, HS256-JWT, or future EdDSA-JWT). The entry auto-expires at expires_at so the revocation table stays bounded by the un-expired token horizon.

Fields

§token_hash: String

Lowercase hex SHA-256 of the full token b64 envelope string.

§expires_at: DateTime<Utc>

Wall-clock instant at which the revocation entry may be pruned. Should match the token’s own exp claim so the entry is no longer needed once the token would have expired anyway.

§

ImportTrustBundle

Import a foreign cluster’s trust bundle so its tokens can be accepted by validators on this cluster.

Idempotent: re-importing the same cluster_domain overwrites the previous entry. Keyed by cluster_domain to enforce one trust relationship per foreign cluster.

Fields

§bundle: TrustBundle

The bundle to record in SecretsState::trusted_bundles.

§

RemoveTrustBundle

Remove a previously-imported trust bundle.

No-op if cluster_domain was not present. Used by the operator when revoking trust in a federated cluster.

Fields

§cluster_domain: String

Cluster domain of the bundle to remove.

§

SetJwtAlgorithm

Set the cluster-wide JWT algorithm policy.

Replicated through Raft so every node enforces the same policy within one commit. Idempotent — re-applying with the same value is a no-op.

Fields

§algorithm: JwtAlgorithm

New policy.

§

WipeJoinSecret

Mark {data_dir}/join_secret as wiped on every node.

Operator-driven cleanup after migrating to eddsa. The actual file-system delete happens locally on each node when this op applies; the state machine records the wipe timestamp so re-applies are no-ops. Idempotent.

Trait Implementations§

Source§

impl Clone for SecretsRaftOp

Source§

fn clone(&self) -> SecretsRaftOp

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl ComposeSchema for SecretsRaftOp

Source§

fn compose(generics: Vec<RefOr<Schema>>) -> RefOr<Schema>

Source§

impl Debug for SecretsRaftOp

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for SecretsRaftOp

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for SecretsRaftOp

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more
Source§

impl ToSchema for SecretsRaftOp

Source§

fn name() -> Cow<'static, str>

Return name of the schema. Read more
Source§

fn schemas(schemas: &mut Vec<(String, RefOr<Schema>)>)

Implement reference utoipa::openapi::schema::Schemas for this type. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromBase64 for T
where T: for<'de> Deserialize<'de>,

Source§

fn from_base64<Input>(raw: &Input) -> Result<T, Error>
where Input: AsRef<[u8]> + ?Sized,

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PartialSchema for T
where T: ComposeSchema + ?Sized,

Source§

fn schema() -> RefOr<Schema>

Return ref or schema of implementing type that can then be used to construct combined schemas.
Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<C> SignWithKey<String> for C
where C: ToBase64,

Source§

fn sign_with_key(self, key: &impl SigningAlgorithm) -> Result<String, Error>

Source§

impl<T> ToBase64 for T
where T: Serialize,

Source§

fn to_base64(&self) -> Result<Cow<'_, str>, Error>

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more