Documentation
¶
Index ¶
- Variables
- func RegisterIstioCertificateServiceServer(s grpc.ServiceRegistrar, srv IstioCertificateServiceServer)
- type IstioCertificateRequest
- func (*IstioCertificateRequest) Descriptor() ([]byte, []int)deprecated
- func (x *IstioCertificateRequest) GetCsr() string
- func (x *IstioCertificateRequest) GetMetadata() *_struct.Struct
- func (x *IstioCertificateRequest) GetValidityDuration() int64
- func (*IstioCertificateRequest) ProtoMessage()
- func (x *IstioCertificateRequest) ProtoReflect() protoreflect.Message
- func (x *IstioCertificateRequest) Reset()
- func (x *IstioCertificateRequest) String() string
- type IstioCertificateResponse
- func (*IstioCertificateResponse) Descriptor() ([]byte, []int)deprecated
- func (x *IstioCertificateResponse) GetCertChain() []string
- func (*IstioCertificateResponse) ProtoMessage()
- func (x *IstioCertificateResponse) ProtoReflect() protoreflect.Message
- func (x *IstioCertificateResponse) Reset()
- func (x *IstioCertificateResponse) String() string
- type IstioCertificateServiceClient
- type IstioCertificateServiceServer
- type UnimplementedIstioCertificateServiceServer
- type UnsafeIstioCertificateServiceServer
Constants ¶
This section is empty.
Variables ¶
var File_security_v1alpha1_ca_proto protoreflect.FileDescriptor
var IstioCertificateService_ServiceDesc = grpc.ServiceDesc{ ServiceName: "istio.v1.auth.IstioCertificateService", HandlerType: (*IstioCertificateServiceServer)(nil), Methods: []grpc.MethodDesc{ { MethodName: "CreateCertificate", Handler: _IstioCertificateService_CreateCertificate_Handler, }, }, Streams: []grpc.StreamDesc{}, Metadata: "security/v1alpha1/ca.proto", }
IstioCertificateService_ServiceDesc is the grpc.ServiceDesc for IstioCertificateService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)
Functions ¶
func RegisterIstioCertificateServiceServer ¶
func RegisterIstioCertificateServiceServer(s grpc.ServiceRegistrar, srv IstioCertificateServiceServer)
Types ¶
type IstioCertificateRequest ¶
type IstioCertificateRequest struct {
// PEM-encoded certificate request.
// The public key in the CSR is used to generate the certificate,
// and other fields in the generated certificate may be overwritten by the CA.
Csr string `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"`
// Optional: requested certificate validity period, in seconds.
ValidityDuration int64 `protobuf:"varint,3,opt,name=validity_duration,json=validityDuration,proto3" json:"validity_duration,omitempty"`
// $hide_from_docs
// Optional: Opaque metadata provided by the XDS node to Istio.
// Supported metadata: WorkloadName, WorkloadIP, ClusterID
Metadata *_struct.Struct `protobuf:"bytes,4,opt,name=metadata,proto3" json:"metadata,omitempty"`
// contains filtered or unexported fields
}
Certificate request message. The authentication should be based on: 1. Bearer tokens carried in the side channel; 2. Client-side certificate via Mutual TLS handshake. Note: the service implementation is REQUIRED to verify the authenticated caller is authorize to all SANs in the CSR. The server side may overwrite any requested certificate field based on its policies.
func (*IstioCertificateRequest) Descriptor
deprecated
func (*IstioCertificateRequest) Descriptor() ([]byte, []int)
Deprecated: Use IstioCertificateRequest.ProtoReflect.Descriptor instead.
func (*IstioCertificateRequest) GetCsr ¶
func (x *IstioCertificateRequest) GetCsr() string
func (*IstioCertificateRequest) GetMetadata ¶
func (x *IstioCertificateRequest) GetMetadata() *_struct.Struct
func (*IstioCertificateRequest) GetValidityDuration ¶
func (x *IstioCertificateRequest) GetValidityDuration() int64
func (*IstioCertificateRequest) ProtoMessage ¶
func (*IstioCertificateRequest) ProtoMessage()
func (*IstioCertificateRequest) ProtoReflect ¶
func (x *IstioCertificateRequest) ProtoReflect() protoreflect.Message
func (*IstioCertificateRequest) Reset ¶
func (x *IstioCertificateRequest) Reset()
func (*IstioCertificateRequest) String ¶
func (x *IstioCertificateRequest) String() string
type IstioCertificateResponse ¶
type IstioCertificateResponse struct {
// PEM-encoded certificate chain.
// The leaf cert is the first element, and the root cert is the last element.
CertChain []string `protobuf:"bytes,1,rep,name=cert_chain,json=certChain,proto3" json:"cert_chain,omitempty"`
// contains filtered or unexported fields
}
Certificate response message.
func (*IstioCertificateResponse) Descriptor
deprecated
func (*IstioCertificateResponse) Descriptor() ([]byte, []int)
Deprecated: Use IstioCertificateResponse.ProtoReflect.Descriptor instead.
func (*IstioCertificateResponse) GetCertChain ¶
func (x *IstioCertificateResponse) GetCertChain() []string
func (*IstioCertificateResponse) ProtoMessage ¶
func (*IstioCertificateResponse) ProtoMessage()
func (*IstioCertificateResponse) ProtoReflect ¶
func (x *IstioCertificateResponse) ProtoReflect() protoreflect.Message
func (*IstioCertificateResponse) Reset ¶
func (x *IstioCertificateResponse) Reset()
func (*IstioCertificateResponse) String ¶
func (x *IstioCertificateResponse) String() string
type IstioCertificateServiceClient ¶
type IstioCertificateServiceClient interface {
// Using provided CSR, returns a signed certificate.
CreateCertificate(ctx context.Context, in *IstioCertificateRequest, opts ...grpc.CallOption) (*IstioCertificateResponse, error)
}
IstioCertificateServiceClient is the client API for IstioCertificateService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
func NewIstioCertificateServiceClient ¶
func NewIstioCertificateServiceClient(cc grpc.ClientConnInterface) IstioCertificateServiceClient
type IstioCertificateServiceServer ¶
type IstioCertificateServiceServer interface {
// Using provided CSR, returns a signed certificate.
CreateCertificate(context.Context, *IstioCertificateRequest) (*IstioCertificateResponse, error)
// contains filtered or unexported methods
}
IstioCertificateServiceServer is the server API for IstioCertificateService service. All implementations must embed UnimplementedIstioCertificateServiceServer for forward compatibility
type UnimplementedIstioCertificateServiceServer ¶
type UnimplementedIstioCertificateServiceServer struct {
}
UnimplementedIstioCertificateServiceServer must be embedded to have forward compatible implementations.
func (UnimplementedIstioCertificateServiceServer) CreateCertificate ¶
func (UnimplementedIstioCertificateServiceServer) CreateCertificate(context.Context, *IstioCertificateRequest) (*IstioCertificateResponse, error)
type UnsafeIstioCertificateServiceServer ¶
type UnsafeIstioCertificateServiceServer interface {
// contains filtered or unexported methods
}
UnsafeIstioCertificateServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to IstioCertificateServiceServer will result in compilation errors.
Source Files