v1

package
v0.1.28 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 18, 2024 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Overview

Package v1 contains the v1 GRPC client and server definitions for implementing Auth interactions for the Console.

Index

Constants

View Source 
const (
	Auth_Validate_FullMethodName           = "/chainguard.platform.auth.Auth/Validate"
	Auth_Register_FullMethodName           = "/chainguard.platform.auth.Auth/Register"
	Auth_GetHeadlessSession_FullMethodName = "/chainguard.platform.auth.Auth/GetHeadlessSession"
)

Variables

View Source 
var Auth_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "chainguard.platform.auth.Auth",
	HandlerType: (*AuthServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "Validate",
			Handler:    _Auth_Validate_Handler,
		},
		{
			MethodName: "Register",
			Handler:    _Auth_Register_Handler,
		},
		{
			MethodName: "GetHeadlessSession",
			Handler:    _Auth_GetHeadlessSession_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "auth.platform.proto",
}

Auth_ServiceDesc is the grpc.ServiceDesc for Auth service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var File_auth_platform_proto protoreflect.FileDescriptor

Functions

func RegisterAuthHandler 

func RegisterAuthHandler(ctx context.Context, mux *runtime.ServeMux, conn *grpc.ClientConn) error

RegisterAuthHandler registers the http handlers for service Auth to "mux". The handlers forward requests to the grpc endpoint over "conn".

func RegisterAuthHandlerClient 

func RegisterAuthHandlerClient(ctx context.Context, mux *runtime.ServeMux, client AuthClient) error

RegisterAuthHandlerClient registers the http handlers for service Auth to "mux". The handlers forward requests to the grpc endpoint over the given implementation of "AuthClient". Note: the gRPC framework executes interceptors within the gRPC handler. If the passed in "AuthClient" doesn't go through the normal gRPC flow (creating a gRPC client etc.) then it will be up to the passed in "AuthClient" to call the correct interceptors. This client ignores the HTTP middlewares.

func RegisterAuthHandlerFromEndpoint 

func RegisterAuthHandlerFromEndpoint(ctx context.Context, mux *runtime.ServeMux, endpoint string, opts []grpc.DialOption) (err error)

RegisterAuthHandlerFromEndpoint is same as RegisterAuthHandler but automatically dials to "endpoint" and closes the connection when "ctx" gets done.

func RegisterAuthHandlerServer 

func RegisterAuthHandlerServer(ctx context.Context, mux *runtime.ServeMux, server AuthServer) error

RegisterAuthHandlerServer registers the http handlers for service Auth to "mux". UnaryRPC :call AuthServer directly. StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. Note that using this registration option will cause many gRPC library features to stop working. Consider using RegisterAuthHandlerFromEndpoint instead. GRPC interceptors will not work for this type of registration. To use interceptors, you must use the "runtime.WithMiddlewares" option in the "runtime.NewServeMux" call.

func RegisterAuthServer 

func RegisterAuthServer(s grpc.ServiceRegistrar, srv AuthServer)

Types

type AuthClient 

type AuthClient interface {
	Validate(ctx context.Context, in *emptypb.Empty, opts ...grpc.CallOption) (*WhoAmI, error)
	Register(ctx context.Context, in *RegistrationRequest, opts ...grpc.CallOption) (*Session, error)
	GetHeadlessSession(ctx context.Context, in *GetHeadlessSessionRequest, opts ...grpc.CallOption) (*HeadlessSession, error)
}

AuthClient is the client API for Auth service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewAuthClient 

func NewAuthClient(cc grpc.ClientConnInterface) AuthClient

type AuthServer 

type AuthServer interface {
	Validate(context.Context, *emptypb.Empty) (*WhoAmI, error)
	Register(context.Context, *RegistrationRequest) (*Session, error)
	GetHeadlessSession(context.Context, *GetHeadlessSessionRequest) (*HeadlessSession, error)
	// contains filtered or unexported methods
}

AuthServer is the server API for Auth service. All implementations must embed UnimplementedAuthServer for forward compatibility.

type GetHeadlessSessionRequest added in v0.1.25 

type GetHeadlessSessionRequest struct {
	Code string `protobuf:"bytes,1,opt,name=code,proto3" json:"code,omitempty"`
	// contains filtered or unexported fields
}

func (*GetHeadlessSessionRequest) Descriptor deprecated added in v0.1.25 

func (*GetHeadlessSessionRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetHeadlessSessionRequest.ProtoReflect.Descriptor instead.

func (*GetHeadlessSessionRequest) GetCode added in v0.1.25 

func (x *GetHeadlessSessionRequest) GetCode() string

func (*GetHeadlessSessionRequest) ProtoMessage added in v0.1.25 

func (*GetHeadlessSessionRequest) ProtoMessage()

func (*GetHeadlessSessionRequest) ProtoReflect added in v0.1.25 

func (x *GetHeadlessSessionRequest) ProtoReflect() protoreflect.Message

func (*GetHeadlessSessionRequest) Reset added in v0.1.25 

func (x *GetHeadlessSessionRequest) Reset()

func (*GetHeadlessSessionRequest) String added in v0.1.25 

func (x *GetHeadlessSessionRequest) String() string

type HeadlessSession added in v0.1.25 

type HeadlessSession struct {

	// When establishing a headless session, the client must first provide
	// their ECDH public key. The server will then generate an ephemeral
	// ECHD keypair and use the client's public key to establish a symmetric
	// key.
	//
	// This symmetric key will be used to encrypt the idtoken and stored the
	// encrypted idtoken in the database for a short period, as well as
	// returning it to the client.
	//
	// After the idtoken is encrypted, the server will discard both the shared
	// symmetric key and the ephemeral ECDH private key. The server ECDH will
	// be sent back to the client.
	//
	// The client, with their private key, can use this public key to
	// establish the same symmetric key, which can be used to decrypt
	// the idtoken.
	//
	// echd_public_key is the client's ECDH public key.
	EcdhPublicKey []byte `protobuf:"bytes,1,opt,name=ecdh_public_key,json=ecdhPublicKey,proto3" json:"ecdh_public_key,omitempty"`
	// encrypted_idtoken is the encrypted idtoken.
	EncryptedIdtoken []byte `protobuf:"bytes,2,opt,name=encrypted_idtoken,json=encryptedIdtoken,proto3" json:"encrypted_idtoken,omitempty"`
	// contains filtered or unexported fields
}

func (*HeadlessSession) Descriptor deprecated added in v0.1.25 

func (*HeadlessSession) Descriptor() ([]byte, []int)

Deprecated: Use HeadlessSession.ProtoReflect.Descriptor instead.

func (*HeadlessSession) GetEcdhPublicKey added in v0.1.25 

func (x *HeadlessSession) GetEcdhPublicKey() []byte

func (*HeadlessSession) GetEncryptedIdtoken added in v0.1.25 

func (x *HeadlessSession) GetEncryptedIdtoken() []byte

func (*HeadlessSession) ProtoMessage added in v0.1.25 

func (*HeadlessSession) ProtoMessage()

func (*HeadlessSession) ProtoReflect added in v0.1.25 

func (x *HeadlessSession) ProtoReflect() protoreflect.Message

func (*HeadlessSession) Reset added in v0.1.25 

func (x *HeadlessSession) Reset()

func (*HeadlessSession) String added in v0.1.25 

func (x *HeadlessSession) String() string

type RegistrationRequest 

type RegistrationRequest struct {

	// code is an optional encoded invite code, which allows us to register
	// the caller's identity as a member of a particular group as a particular
	// role.
	// +optional
	Code string `protobuf:"bytes,1,opt,name=code,proto3" json:"code,omitempty"`
	// identity_id is an optional identity id. If the user already exists, this
	// by-passes identity registration and continues on to cluster registration
	// (if applicable)
	IdentityId string `protobuf:"bytes,3,opt,name=identity_id,json=identityId,proto3" json:"identity_id,omitempty"`
	// contains filtered or unexported fields
}

func (*RegistrationRequest) Descriptor deprecated 

func (*RegistrationRequest) Descriptor() ([]byte, []int)

Deprecated: Use RegistrationRequest.ProtoReflect.Descriptor instead.

func (*RegistrationRequest) GetCode 

func (x *RegistrationRequest) GetCode() string

func (*RegistrationRequest) GetIdentityId 

func (x *RegistrationRequest) GetIdentityId() string

func (*RegistrationRequest) ProtoMessage 

func (*RegistrationRequest) ProtoMessage()

func (*RegistrationRequest) ProtoReflect 

func (x *RegistrationRequest) ProtoReflect() protoreflect.Message

func (*RegistrationRequest) Reset 

func (x *RegistrationRequest) Reset()

func (*RegistrationRequest) String 

func (x *RegistrationRequest) String() string

type Session 

type Session struct {

	// identity, the Chainguard identity id.
	Identity string `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
	// group, the group this identity has joined by invitation, when an invite
	// code was supplied.
	Group string `protobuf:"bytes,2,opt,name=group,proto3" json:"group,omitempty"`
	// contains filtered or unexported fields
}

func (*Session) CloudEventsExtension 

func (x *Session) CloudEventsExtension(key string) (string, bool)

CloudEventsExtension implements chainguard.dev/sdk/events/Extendable.CloudEventsExtension

func (*Session) CloudEventsSubject 

func (x *Session) CloudEventsSubject() string

CloudEventsSubject implements chainguard.dev/sdk/events/Eventable.CloudEventsSubject.

func (*Session) Descriptor deprecated 

func (*Session) Descriptor() ([]byte, []int)

Deprecated: Use Session.ProtoReflect.Descriptor instead.

func (*Session) GetGroup 

func (x *Session) GetGroup() string

func (*Session) GetIdentity 

func (x *Session) GetIdentity() string

func (*Session) ProtoMessage 

func (*Session) ProtoMessage()

func (*Session) ProtoReflect 

func (x *Session) ProtoReflect() protoreflect.Message

func (*Session) Reset 

func (x *Session) Reset()

func (*Session) String 

func (x *Session) String() string

type UnimplementedAuthServer 

type UnimplementedAuthServer struct{}

UnimplementedAuthServer must be embedded to have forward compatible implementations.

NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.

func (UnimplementedAuthServer) GetHeadlessSession added in v0.1.25 

func (UnimplementedAuthServer) GetHeadlessSession(context.Context, *GetHeadlessSessionRequest) (*HeadlessSession, error)

func (UnimplementedAuthServer) Register 

func (UnimplementedAuthServer) Register(context.Context, *RegistrationRequest) (*Session, error)

func (UnimplementedAuthServer) Validate 

func (UnimplementedAuthServer) Validate(context.Context, *emptypb.Empty) (*WhoAmI, error)

type UnsafeAuthServer 

type UnsafeAuthServer interface {
	// contains filtered or unexported methods
}

UnsafeAuthServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to AuthServer will result in compilation errors.

type WhoAmI 

type WhoAmI struct {

	// Issuer is the issuer of the token.
	Issuer string `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"`
	// The subject of the token.
	Subject string `protobuf:"bytes,2,opt,name=subject,proto3" json:"subject,omitempty"`
	// Audience is who the token is intended for.
	Audience []string `protobuf:"bytes,3,rep,name=audience,proto3" json:"audience,omitempty"`
	// When the token expires.
	Expiry *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=expiry,proto3" json:"expiry,omitempty"`
	// With the token was issued.
	IssuedAt *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=issued_at,json=issuedAt,proto3" json:"issued_at,omitempty"`
	// The capabilities referenced in the token.
	Capabilities []*WhoAmI_Capability `protobuf:"bytes,101,rep,name=capabilities,proto3" json:"capabilities,omitempty"`
	// The upstream email for this token.
	Email string `protobuf:"bytes,102,opt,name=email,proto3" json:"email,omitempty"`
	// contains filtered or unexported fields
}

func (*WhoAmI) Descriptor deprecated 

func (*WhoAmI) Descriptor() ([]byte, []int)

Deprecated: Use WhoAmI.ProtoReflect.Descriptor instead.

func (*WhoAmI) GetAudience 

func (x *WhoAmI) GetAudience() []string

func (*WhoAmI) GetCapabilities 

func (x *WhoAmI) GetCapabilities() []*WhoAmI_Capability

func (*WhoAmI) GetEmail 

func (x *WhoAmI) GetEmail() string

func (*WhoAmI) GetExpiry 

func (x *WhoAmI) GetExpiry() *timestamppb.Timestamp

func (*WhoAmI) GetIssuedAt 

func (x *WhoAmI) GetIssuedAt() *timestamppb.Timestamp

func (*WhoAmI) GetIssuer 

func (x *WhoAmI) GetIssuer() string

func (*WhoAmI) GetSubject 

func (x *WhoAmI) GetSubject() string

func (*WhoAmI) ProtoMessage 

func (*WhoAmI) ProtoMessage()

func (*WhoAmI) ProtoReflect 

func (x *WhoAmI) ProtoReflect() protoreflect.Message

func (*WhoAmI) Reset 

func (x *WhoAmI) Reset()

func (*WhoAmI) String 

func (x *WhoAmI) String() string

type WhoAmI_Capability 

type WhoAmI_Capability struct {

	// group of the bound role.
	Group *v1.Group `protobuf:"bytes,1,opt,name=group,proto3" json:"group,omitempty"`
	// role of the bound identity.
	Role *v1.Role `protobuf:"bytes,2,opt,name=role,proto3" json:"role,omitempty"`
	// contains filtered or unexported fields
}

--- Upstream fields ---

func (*WhoAmI_Capability) Descriptor deprecated 

func (*WhoAmI_Capability) Descriptor() ([]byte, []int)

Deprecated: Use WhoAmI_Capability.ProtoReflect.Descriptor instead.

func (*WhoAmI_Capability) GetGroup 

func (x *WhoAmI_Capability) GetGroup() *v1.Group

func (*WhoAmI_Capability) GetRole 

func (x *WhoAmI_Capability) GetRole() *v1.Role

func (*WhoAmI_Capability) ProtoMessage 

func (*WhoAmI_Capability) ProtoMessage()

func (*WhoAmI_Capability) ProtoReflect 

func (x *WhoAmI_Capability) ProtoReflect() protoreflect.Message

func (*WhoAmI_Capability) Reset 

func (x *WhoAmI_Capability) Reset()

func (*WhoAmI_Capability) String 

func (x *WhoAmI_Capability) String() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.