CP-36097 REQ-403 add pems to cluster config

Motivation: if we add a 'pems' field to the cluster config, each cluster
member will know about a common pem file, and they can use this to
perform certificate checking

The 'blobs' field is a list, so that a cluster can trust multiple
certificates at the same time. This may be helpful in the future
if we need to implement certificate rotation inside a cluster.

We add a 'pems' parameter to the join API, so that joiners can use the
same pem file as the cluster they are trying to join.

Signed-off-by: Ben Anson <[email protected]>

Author: Ben Anson

cluster/cluster_interface.ml

@@ -36,13 +36,18 @@ type node = {addr: address; id: nodeid} [@@deriving rpcty]
 
 type all_members = node list [@@deriving rpcty]
 
+type pems = {cn: string; blobs: string list} [@@deriving rpcty]
+
+type pems_opt = pems option [@@deriving rpcty]
+
 (** This type contains all of the information required to initialise the
     cluster. All optional params will have the recommended defaults if None. *)
 type init_config = {
     local_ip: address
   ; token_timeout_ms: int64 option
   ; token_coefficient_ms: int64 option
   ; name: string option
+  ; pems: pems option
 }
 [@@deriving rpcty]
 
@@ -57,6 +62,7 @@ type cluster_config = {
   ; config_version: int64
   ; cluster_token_timeout_ms: int64
   ; cluster_token_coefficient_ms: int64
+  ; pems: pems option
 }
 [@@deriving rpcty]
 
@@ -119,6 +125,11 @@ let debug_info_p =
     ~description:["An uninterpreted string to associate with the operation."]
     debug_info
 
+let pems_opt_p =
+  Param.mk ~name:"pems"
+    ~description:["keys and certs cluster node should use"]
+    pems_opt
+
 type remove = bool [@@deriving rpcty]
 
 module LocalAPI (R : RPC) = struct
@@ -198,6 +209,7 @@ module LocalAPI (R : RPC) = struct
       @-> token_p
       @-> new_p
       @-> existing_p
+      @-> pems_opt_p
       @-> returning unit_p err
       )