User Request
Update protobuf definitions to support the runner and app re-enrollment changes described in agynio/architecture change doc 2026-04-06-runner-app-re-enrollment.md. Service creation must move from enrollment to registration, identity cleanup must be idempotent, and missing RPCs must be added.
Specification
All changes are in two proto files:
proto/agynio/api/ziti_management/v1/ziti_management.protoproto/agynio/api/runners/v1/runners.proto
1. Add CreateService RPC to ZitiManagementService
Add a new RPC:
// Runners Service, Apps Service -> create a per-runner or per-app OpenZiti service.
rpc CreateService(CreateServiceRequest) returns (CreateServiceResponse);
Messages:
message CreateServiceRequest {
string name = 1; // e.g. "runner-{runnerId}" or "app-{slug}"
repeated string role_attributes = 2; // e.g. ["runner-services"] or ["app-services"]
}
message CreateServiceResponse {
string ziti_service_id = 1; // The OpenZiti service ID
string ziti_service_name = 2; // The service name (echoed back)
}2. Update CreateRunnerIdentityResponse
Remove ziti_service_id (field 3) and ziti_service_name (field 4). Service creation moves to RegisterRunner.
After change:
message CreateRunnerIdentityResponse {
string ziti_identity_id = 1;
bytes identity_json = 2;
}Mark removed field numbers as reserved to prevent reuse.
3. Update CreateAppIdentityResponse
Remove ziti_service_id (field 3). Service creation moves to CreateApp.
After change:
message CreateAppIdentityResponse {
string ziti_identity_id = 1;
bytes identity_json = 2;
}Mark removed field number as reserved.
4. Update DeleteRunnerIdentityRequest
Change from ziti_identity_id + ziti_service_id to identity_id (platform runner UUID) + ziti_service_id (OpenZiti service ID for service cleanup).
message DeleteRunnerIdentityRequest {
string identity_id = 1; // Platform runner UUID — for looking up managed identity
string ziti_service_id = 2; // OpenZiti service ID — for deleting the OpenZiti service
}Field 1 changes meaning from ziti_identity_id to identity_id. Field 2 (ziti_service_id) stays as-is.
5. Update DeleteAppIdentityRequest
Same pattern as runners.
message DeleteAppIdentityRequest {
string identity_id = 1; // Platform app identity UUID — for looking up managed identity
string ziti_service_id = 2; // OpenZiti service ID — for deleting the OpenZiti service
}Field 1 changes meaning from ziti_identity_id to identity_id. Field 2 stays as-is.
6. Add openziti_service_name to Runner message
message Runner {
EntityMeta meta = 1;
string name = 2;
optional string organization_id = 3;
string identity_id = 4;
RunnerStatus status = 5;
map<string, string> labels = 6;
string openziti_service_name = 7; // NEW — per-runner OpenZiti service name (e.g. "runner-{id}")
}7. Update comments
CreateRunnerIdentity comment: "Runners Service -> create and enroll an OpenZiti identity for a runner. If a previous identity exists, deletes it first. Returns enrolled credentials."CreateAppIdentity comment: "Apps Service -> create and enroll an OpenZiti identity for an app. If a previous identity exists, deletes it first. Returns enrolled credentials."DeleteRunnerIdentity comment: "Runners Service -> delete a runner's OpenZiti identity and its associated service. Looked up by platform identity_id."DeleteAppIdentity comment: "Apps Service -> delete an app's OpenZiti identity and its associated service. Looked up by platform identity_id."CreateService comment: "Runners Service, Apps Service -> create a per-runner or per-app OpenZiti service."
Summary of changes
| File |
Change |
ziti_management.proto |
Add CreateService RPC + request/response |
ziti_management.proto |
Remove fields 3,4 from CreateRunnerIdentityResponse, reserve them |
ziti_management.proto |
Remove field 3 from CreateAppIdentityResponse, reserve it |
ziti_management.proto |
Change DeleteRunnerIdentityRequest field 1 to identity_id |
ziti_management.proto |
Change DeleteAppIdentityRequest field 1 to identity_id |
ziti_management.proto |
Update RPC comments |
runners.proto |
Add openziti_service_name field 7 to Runner message |
No generated code changes needed — this repo only contains proto definitions.
User Request
Update protobuf definitions to support the runner and app re-enrollment changes described in
agynio/architecturechange doc2026-04-06-runner-app-re-enrollment.md. Service creation must move from enrollment to registration, identity cleanup must be idempotent, and missing RPCs must be added.Specification
All changes are in two proto files:
proto/agynio/api/ziti_management/v1/ziti_management.protoproto/agynio/api/runners/v1/runners.proto1. Add
CreateServiceRPC toZitiManagementServiceAdd a new RPC:
// Runners Service, Apps Service -> create a per-runner or per-app OpenZiti service. rpc CreateService(CreateServiceRequest) returns (CreateServiceResponse);Messages:
2. Update
CreateRunnerIdentityResponseRemove
ziti_service_id(field 3) andziti_service_name(field 4). Service creation moves toRegisterRunner.After change:
Mark removed field numbers as
reservedto prevent reuse.3. Update
CreateAppIdentityResponseRemove
ziti_service_id(field 3). Service creation moves toCreateApp.After change:
Mark removed field number as
reserved.4. Update
DeleteRunnerIdentityRequestChange from
ziti_identity_id+ziti_service_idtoidentity_id(platform runner UUID) +ziti_service_id(OpenZiti service ID for service cleanup).Field 1 changes meaning from
ziti_identity_idtoidentity_id. Field 2 (ziti_service_id) stays as-is.5. Update
DeleteAppIdentityRequestSame pattern as runners.
Field 1 changes meaning from
ziti_identity_idtoidentity_id. Field 2 stays as-is.6. Add
openziti_service_nametoRunnermessage7. Update comments
CreateRunnerIdentitycomment:"Runners Service -> create and enroll an OpenZiti identity for a runner. If a previous identity exists, deletes it first. Returns enrolled credentials."CreateAppIdentitycomment:"Apps Service -> create and enroll an OpenZiti identity for an app. If a previous identity exists, deletes it first. Returns enrolled credentials."DeleteRunnerIdentitycomment:"Runners Service -> delete a runner's OpenZiti identity and its associated service. Looked up by platform identity_id."DeleteAppIdentitycomment:"Apps Service -> delete an app's OpenZiti identity and its associated service. Looked up by platform identity_id."CreateServicecomment:"Runners Service, Apps Service -> create a per-runner or per-app OpenZiti service."Summary of changes
ziti_management.protoCreateServiceRPC + request/responseziti_management.protoCreateRunnerIdentityResponse, reserve themziti_management.protoCreateAppIdentityResponse, reserve itziti_management.protoDeleteRunnerIdentityRequestfield 1 toidentity_idziti_management.protoDeleteAppIdentityRequestfield 1 toidentity_idziti_management.protorunners.protoopenziti_service_namefield 7 toRunnermessageNo generated code changes needed — this repo only contains proto definitions.