v1alpha1

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 28, 2024 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var File_security_v1alpha1_ca_proto protoreflect.FileDescriptor
View Source
var IstioCertificateService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "istio.v1.auth.IstioCertificateService",
	HandlerType: (*IstioCertificateServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "CreateCertificate",
			Handler:    _IstioCertificateService_CreateCertificate_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "security/v1alpha1/ca.proto",
}

IstioCertificateService_ServiceDesc is the grpc.ServiceDesc for IstioCertificateService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func RegisterIstioCertificateServiceServer

func RegisterIstioCertificateServiceServer(s grpc.ServiceRegistrar, srv IstioCertificateServiceServer)

Types

type IstioCertificateRequest

type IstioCertificateRequest struct {

	// PEM-encoded certificate request.
	// The public key in the CSR is used to generate the certificate,
	// and other fields in the generated certificate may be overwritten by the CA.
	Csr string `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"`
	// Optional: requested certificate validity period, in seconds.
	ValidityDuration int64 `protobuf:"varint,3,opt,name=validity_duration,json=validityDuration,proto3" json:"validity_duration,omitempty"`
	// $hide_from_docs
	// Optional: Opaque metadata provided by the XDS node to Istio.
	// Supported metadata: WorkloadName, WorkloadIP, ClusterID
	Metadata *_struct.Struct `protobuf:"bytes,4,opt,name=metadata,proto3" json:"metadata,omitempty"`
	// contains filtered or unexported fields
}

Certificate request message. The authentication should be based on: 1. Bearer tokens carried in the side channel; 2. Client-side certificate via Mutual TLS handshake. Note: the service implementation is REQUIRED to verify the authenticated caller is authorize to all SANs in the CSR. The server side may overwrite any requested certificate field based on its policies.

func (*IstioCertificateRequest) Descriptor deprecated

func (*IstioCertificateRequest) Descriptor() ([]byte, []int)

Deprecated: Use IstioCertificateRequest.ProtoReflect.Descriptor instead.

func (*IstioCertificateRequest) GetCsr

func (x *IstioCertificateRequest) GetCsr() string

func (*IstioCertificateRequest) GetMetadata

func (x *IstioCertificateRequest) GetMetadata() *_struct.Struct

func (*IstioCertificateRequest) GetValidityDuration

func (x *IstioCertificateRequest) GetValidityDuration() int64

func (*IstioCertificateRequest) ProtoMessage

func (*IstioCertificateRequest) ProtoMessage()

func (*IstioCertificateRequest) ProtoReflect

func (x *IstioCertificateRequest) ProtoReflect() protoreflect.Message

func (*IstioCertificateRequest) Reset

func (x *IstioCertificateRequest) Reset()

func (*IstioCertificateRequest) String

func (x *IstioCertificateRequest) String() string

type IstioCertificateResponse

type IstioCertificateResponse struct {

	// PEM-encoded certificate chain.
	// The leaf cert is the first element, and the root cert is the last element.
	CertChain []string `protobuf:"bytes,1,rep,name=cert_chain,json=certChain,proto3" json:"cert_chain,omitempty"`
	// contains filtered or unexported fields
}

Certificate response message.

func (*IstioCertificateResponse) Descriptor deprecated

func (*IstioCertificateResponse) Descriptor() ([]byte, []int)

Deprecated: Use IstioCertificateResponse.ProtoReflect.Descriptor instead.

func (*IstioCertificateResponse) GetCertChain

func (x *IstioCertificateResponse) GetCertChain() []string

func (*IstioCertificateResponse) ProtoMessage

func (*IstioCertificateResponse) ProtoMessage()

func (*IstioCertificateResponse) ProtoReflect

func (x *IstioCertificateResponse) ProtoReflect() protoreflect.Message

func (*IstioCertificateResponse) Reset

func (x *IstioCertificateResponse) Reset()

func (*IstioCertificateResponse) String

func (x *IstioCertificateResponse) String() string

type IstioCertificateServiceClient

type IstioCertificateServiceClient interface {
	// Using provided CSR, returns a signed certificate.
	CreateCertificate(ctx context.Context, in *IstioCertificateRequest, opts ...grpc.CallOption) (*IstioCertificateResponse, error)
}

IstioCertificateServiceClient is the client API for IstioCertificateService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

type IstioCertificateServiceServer

type IstioCertificateServiceServer interface {
	// Using provided CSR, returns a signed certificate.
	CreateCertificate(context.Context, *IstioCertificateRequest) (*IstioCertificateResponse, error)
	// contains filtered or unexported methods
}

IstioCertificateServiceServer is the server API for IstioCertificateService service. All implementations must embed UnimplementedIstioCertificateServiceServer for forward compatibility

type UnimplementedIstioCertificateServiceServer

type UnimplementedIstioCertificateServiceServer struct {
}

UnimplementedIstioCertificateServiceServer must be embedded to have forward compatible implementations.

func (UnimplementedIstioCertificateServiceServer) CreateCertificate

type UnsafeIstioCertificateServiceServer

type UnsafeIstioCertificateServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeIstioCertificateServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to IstioCertificateServiceServer will result in compilation errors.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL