protos

package
v0.1.0-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2024 License: MIT Imports: 8 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	SecureTLSBootstrapService_GetNonce_FullMethodName      = "/azure.aks.securetlsbootstrap.SecureTLSBootstrapService/GetNonce"
	SecureTLSBootstrapService_GetCredential_FullMethodName = "/azure.aks.securetlsbootstrap.SecureTLSBootstrapService/GetCredential"
	SecureTLSBootstrapService_GetToken_FullMethodName      = "/azure.aks.securetlsbootstrap.SecureTLSBootstrapService/GetToken"
)

Variables

View Source 
var File_service_protos_bootstrap_proto protoreflect.FileDescriptor
View Source 
var SecureTLSBootstrapService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "azure.aks.securetlsbootstrap.SecureTLSBootstrapService",
	HandlerType: (*SecureTLSBootstrapServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "GetNonce",
			Handler:    _SecureTLSBootstrapService_GetNonce_Handler,
		},
		{
			MethodName: "GetCredential",
			Handler:    _SecureTLSBootstrapService_GetCredential_Handler,
		},
		{
			MethodName: "GetToken",
			Handler:    _SecureTLSBootstrapService_GetToken_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "service/protos/bootstrap.proto",
}

SecureTLSBootstrapService_ServiceDesc is the grpc.ServiceDesc for SecureTLSBootstrapService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func RegisterSecureTLSBootstrapServiceServer 

func RegisterSecureTLSBootstrapServiceServer(s grpc.ServiceRegistrar, srv SecureTLSBootstrapServiceServer)

Types

type CredentialRequest 

type CredentialRequest struct {
	ResourceID    string `protobuf:"bytes,1,opt,name=ResourceID,proto3" json:"ResourceID,omitempty"`
	Nonce         string `protobuf:"bytes,2,opt,name=Nonce,proto3" json:"Nonce,omitempty"`
	AttestedData  string `protobuf:"bytes,3,opt,name=AttestedData,proto3" json:"AttestedData,omitempty"`
	EncodedCSRPEM string `protobuf:"bytes,4,opt,name=EncodedCSRPEM,proto3" json:"EncodedCSRPEM,omitempty"`
	// contains filtered or unexported fields
}

A CredentialRequest contains: 1. The resource ID of the bootstrapping VM 2. The Nonce received from the GetNonce RPC 3. The AttestedData blob retrieved from IMDS using the said nonce 4. The PEM of a new TLS CSR generated by the client to be created against the apiserver by the bootstrap server The bootstrap server will validate these before generating and returning a valid kubelet client credential

func (*CredentialRequest) Descriptor deprecated 

func (*CredentialRequest) Descriptor() ([]byte, []int)

Deprecated: Use CredentialRequest.ProtoReflect.Descriptor instead.

func (*CredentialRequest) GetAttestedData 

func (x *CredentialRequest) GetAttestedData() string

func (*CredentialRequest) GetEncodedCSRPEM 

func (x *CredentialRequest) GetEncodedCSRPEM() string

func (*CredentialRequest) GetNonce 

func (x *CredentialRequest) GetNonce() string

func (*CredentialRequest) GetResourceID 

func (x *CredentialRequest) GetResourceID() string

func (*CredentialRequest) ProtoMessage 

func (*CredentialRequest) ProtoMessage()

func (*CredentialRequest) ProtoReflect 

func (x *CredentialRequest) ProtoReflect() protoreflect.Message

func (*CredentialRequest) Reset 

func (x *CredentialRequest) Reset()

func (*CredentialRequest) String 

func (x *CredentialRequest) String() string

type CredentialResponse 

type CredentialResponse struct {
	EncodedCertPEM string `protobuf:"bytes,1,opt,name=EncodedCertPEM,proto3" json:"EncodedCertPEM,omitempty"`
	// contains filtered or unexported fields
}

A CredentialResponse contains the PEM of the signed kubelet client certificate the client will use to create a kubeconfig for the kubelet.

func (*CredentialResponse) Descriptor deprecated 

func (*CredentialResponse) Descriptor() ([]byte, []int)

Deprecated: Use CredentialResponse.ProtoReflect.Descriptor instead.

func (*CredentialResponse) GetEncodedCertPEM 

func (x *CredentialResponse) GetEncodedCertPEM() string

func (*CredentialResponse) ProtoMessage 

func (*CredentialResponse) ProtoMessage()

func (*CredentialResponse) ProtoReflect 

func (x *CredentialResponse) ProtoReflect() protoreflect.Message

func (*CredentialResponse) Reset 

func (x *CredentialResponse) Reset()

func (*CredentialResponse) String 

func (x *CredentialResponse) String() string

type NonceRequest 

type NonceRequest struct {
	ResourceID string `protobuf:"bytes,1,opt,name=ResourceID,proto3" json:"ResourceID,omitempty"`
	// contains filtered or unexported fields
}

A NonceRequest contains the resource ID of the bootstrapping VM. The bootstrap server will associate the newly-generated nonce with this resource ID.

func (*NonceRequest) Descriptor deprecated 

func (*NonceRequest) Descriptor() ([]byte, []int)

Deprecated: Use NonceRequest.ProtoReflect.Descriptor instead.

func (*NonceRequest) GetResourceID 

func (x *NonceRequest) GetResourceID() string

func (*NonceRequest) ProtoMessage 

func (*NonceRequest) ProtoMessage()

func (*NonceRequest) ProtoReflect 

func (x *NonceRequest) ProtoReflect() protoreflect.Message

func (*NonceRequest) Reset 

func (x *NonceRequest) Reset()

func (*NonceRequest) String 

func (x *NonceRequest) String() string

type NonceResponse 

type NonceResponse struct {
	Nonce string `protobuf:"bytes,1,opt,name=Nonce,proto3" json:"Nonce,omitempty"`
	// contains filtered or unexported fields
}

A NonceResponse contains the nonce for the client to use when requesting attested data.

func (*NonceResponse) Descriptor deprecated 

func (*NonceResponse) Descriptor() ([]byte, []int)

Deprecated: Use NonceResponse.ProtoReflect.Descriptor instead.

func (*NonceResponse) GetNonce 

func (x *NonceResponse) GetNonce() string

func (*NonceResponse) ProtoMessage 

func (*NonceResponse) ProtoMessage()

func (*NonceResponse) ProtoReflect 

func (x *NonceResponse) ProtoReflect() protoreflect.Message

func (*NonceResponse) Reset 

func (x *NonceResponse) Reset()

func (*NonceResponse) String 

func (x *NonceResponse) String() string

type SecureTLSBootstrapServiceClient 

type SecureTLSBootstrapServiceClient interface {
	// Step 1 of retrieving a kubelet client credential; generates a nonce to be used by the
	// client when requesting attested data from IMDS.
	GetNonce(ctx context.Context, in *NonceRequest, opts ...grpc.CallOption) (*NonceResponse, error)
	// Step 2 of retrieving a kubelet client credential; validates the attested data and the
	// nonce, then generates and returns the bootstrap token to the client.
	GetCredential(ctx context.Context, in *CredentialRequest, opts ...grpc.CallOption) (*CredentialResponse, error)
	// DEPRECATED: Step 2 of retrieving a bootstrap token; validates the attested data and the
	// nonce, then generates and returns the bootstrap token to the client.
	GetToken(ctx context.Context, in *TokenRequest, opts ...grpc.CallOption) (*TokenResponse, error)
}

SecureTLSBootstrapServiceClient is the client API for SecureTLSBootstrapService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewSecureTLSBootstrapServiceClient 

func NewSecureTLSBootstrapServiceClient(cc grpc.ClientConnInterface) SecureTLSBootstrapServiceClient

type SecureTLSBootstrapServiceServer 

type SecureTLSBootstrapServiceServer interface {
	// Step 1 of retrieving a kubelet client credential; generates a nonce to be used by the
	// client when requesting attested data from IMDS.
	GetNonce(context.Context, *NonceRequest) (*NonceResponse, error)
	// Step 2 of retrieving a kubelet client credential; validates the attested data and the
	// nonce, then generates and returns the bootstrap token to the client.
	GetCredential(context.Context, *CredentialRequest) (*CredentialResponse, error)
	// DEPRECATED: Step 2 of retrieving a bootstrap token; validates the attested data and the
	// nonce, then generates and returns the bootstrap token to the client.
	GetToken(context.Context, *TokenRequest) (*TokenResponse, error)
	// contains filtered or unexported methods
}

SecureTLSBootstrapServiceServer is the server API for SecureTLSBootstrapService service. All implementations must embed UnimplementedSecureTLSBootstrapServiceServer for forward compatibility

type TokenRequest 

type TokenRequest struct {
	ResourceId   string `protobuf:"bytes,1,opt,name=ResourceId,proto3" json:"ResourceId,omitempty"`
	Nonce        string `protobuf:"bytes,2,opt,name=Nonce,proto3" json:"Nonce,omitempty"`
	AttestedData string `protobuf:"bytes,3,opt,name=AttestedData,proto3" json:"AttestedData,omitempty"`
	// contains filtered or unexported fields
}

DEPRECATED: A token request has to match a valid generated nonce and auth data.

func (*TokenRequest) Descriptor deprecated 

func (*TokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use TokenRequest.ProtoReflect.Descriptor instead.

func (*TokenRequest) GetAttestedData 

func (x *TokenRequest) GetAttestedData() string

func (*TokenRequest) GetNonce 

func (x *TokenRequest) GetNonce() string

func (*TokenRequest) GetResourceId 

func (x *TokenRequest) GetResourceId() string

func (*TokenRequest) ProtoMessage 

func (*TokenRequest) ProtoMessage()

func (*TokenRequest) ProtoReflect 

func (x *TokenRequest) ProtoReflect() protoreflect.Message

func (*TokenRequest) Reset 

func (x *TokenRequest) Reset()

func (*TokenRequest) String 

func (x *TokenRequest) String() string

type TokenResponse 

type TokenResponse struct {
	Token      string `protobuf:"bytes,1,opt,name=Token,proto3" json:"Token,omitempty"`
	Expiration string `protobuf:"bytes,2,opt,name=Expiration,proto3" json:"Expiration,omitempty"`
	// contains filtered or unexported fields
}

DEPRECATED: The response token is used by kubelet to bootstrap itself.

func (*TokenResponse) Descriptor deprecated 

func (*TokenResponse) Descriptor() ([]byte, []int)

Deprecated: Use TokenResponse.ProtoReflect.Descriptor instead.

func (*TokenResponse) GetExpiration 

func (x *TokenResponse) GetExpiration() string

func (*TokenResponse) GetToken 

func (x *TokenResponse) GetToken() string

func (*TokenResponse) ProtoMessage 

func (*TokenResponse) ProtoMessage()

func (*TokenResponse) ProtoReflect 

func (x *TokenResponse) ProtoReflect() protoreflect.Message

func (*TokenResponse) Reset 

func (x *TokenResponse) Reset()

func (*TokenResponse) String 

func (x *TokenResponse) String() string

type UnimplementedSecureTLSBootstrapServiceServer 

type UnimplementedSecureTLSBootstrapServiceServer struct {
}

UnimplementedSecureTLSBootstrapServiceServer must be embedded to have forward compatible implementations.

func (UnimplementedSecureTLSBootstrapServiceServer) GetCredential 

func (UnimplementedSecureTLSBootstrapServiceServer) GetCredential(context.Context, *CredentialRequest) (*CredentialResponse, error)

func (UnimplementedSecureTLSBootstrapServiceServer) GetNonce 

func (UnimplementedSecureTLSBootstrapServiceServer) GetNonce(context.Context, *NonceRequest) (*NonceResponse, error)

func (UnimplementedSecureTLSBootstrapServiceServer) GetToken 

func (UnimplementedSecureTLSBootstrapServiceServer) GetToken(context.Context, *TokenRequest) (*TokenResponse, error)

type UnsafeSecureTLSBootstrapServiceServer 

type UnsafeSecureTLSBootstrapServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeSecureTLSBootstrapServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to SecureTLSBootstrapServiceServer will result in compilation errors.

Source Files

View all Source files

Directories

Path Synopsis
Package mocks is a generated GoMock package.
 Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.