From f9b746846fa070dea4dae1b5a483598e29de7d87 Mon Sep 17 00:00:00 2001
From: Tom DNetto <tom@tailscale.com>
Date: Fri, 10 Feb 2023 11:41:45 -0800
Subject: [PATCH] tailcfg: add RPC structs for /tka/affected-sigs

These RPCs will be used to power the future 'tailscale lock remove' default behavior
of resigning signatures for which trust is about to be removed.

Signed-off-by: Tom DNetto <tom@tailscale.com>
---
 tailcfg/tka.go | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/tailcfg/tka.go b/tailcfg/tka.go
index 890dfa325..97fdcc0db 100644
--- a/tailcfg/tka.go
+++ b/tailcfg/tka.go
@@ -238,3 +238,27 @@ type TKASubmitSignatureRequest struct {
 type TKASubmitSignatureResponse struct {
 	// Nothing. (yet?)
 }
+
+// TKASignaturesUsingKeyRequest asks the control plane for
+// all signatures which are signed by the provided keyID.
+//
+// This is the request schema for a /tka/affected-sigs RPC.
+type TKASignaturesUsingKeyRequest struct {
+	// Version is the client's capabilities.
+	Version CapabilityVersion
+
+	// NodeKey is the client's current node key.
+	NodeKey key.NodePublic
+
+	// KeyID is the key we are querying using.
+	KeyID tkatype.KeyID
+}
+
+// TKASignaturesUsingKeyResponse is the JSON response to
+// a /tka/affected-sigs RPC.
+//
+// It enumerates all signatures which are signed by the
+// queried keyID.
+type TKASignaturesUsingKeyResponse struct {
+	Signatures []tkatype.MarshaledSignature
+}