workloadidentityv1

package
v0.0.0-...-c30debb Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source
const (
	WorkloadIdentityIssuanceService_IssueWorkloadIdentity_FullMethodName   = "/teleport.workloadidentity.v1.WorkloadIdentityIssuanceService/IssueWorkloadIdentity"
	WorkloadIdentityIssuanceService_IssueWorkloadIdentities_FullMethodName = "/teleport.workloadidentity.v1.WorkloadIdentityIssuanceService/IssueWorkloadIdentities"
)
View Source
const (
	WorkloadIdentityResourceService_CreateWorkloadIdentity_FullMethodName = "/teleport.workloadidentity.v1.WorkloadIdentityResourceService/CreateWorkloadIdentity"
	WorkloadIdentityResourceService_UpdateWorkloadIdentity_FullMethodName = "/teleport.workloadidentity.v1.WorkloadIdentityResourceService/UpdateWorkloadIdentity"
	WorkloadIdentityResourceService_UpsertWorkloadIdentity_FullMethodName = "/teleport.workloadidentity.v1.WorkloadIdentityResourceService/UpsertWorkloadIdentity"
	WorkloadIdentityResourceService_GetWorkloadIdentity_FullMethodName    = "/teleport.workloadidentity.v1.WorkloadIdentityResourceService/GetWorkloadIdentity"
	WorkloadIdentityResourceService_DeleteWorkloadIdentity_FullMethodName = "/teleport.workloadidentity.v1.WorkloadIdentityResourceService/DeleteWorkloadIdentity"
	WorkloadIdentityResourceService_ListWorkloadIdentities_FullMethodName = "/teleport.workloadidentity.v1.WorkloadIdentityResourceService/ListWorkloadIdentities"
)

Variables

View Source
var File_teleport_workloadidentity_v1_attrs_proto protoreflect.FileDescriptor
View Source
var File_teleport_workloadidentity_v1_issuance_service_proto protoreflect.FileDescriptor
View Source
var File_teleport_workloadidentity_v1_resource_proto protoreflect.FileDescriptor
View Source
var File_teleport_workloadidentity_v1_resource_service_proto protoreflect.FileDescriptor
View Source
var WorkloadIdentityIssuanceService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "teleport.workloadidentity.v1.WorkloadIdentityIssuanceService",
	HandlerType: (*WorkloadIdentityIssuanceServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "IssueWorkloadIdentity",
			Handler:    _WorkloadIdentityIssuanceService_IssueWorkloadIdentity_Handler,
		},
		{
			MethodName: "IssueWorkloadIdentities",
			Handler:    _WorkloadIdentityIssuanceService_IssueWorkloadIdentities_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "teleport/workloadidentity/v1/issuance_service.proto",
}

WorkloadIdentityIssuanceService_ServiceDesc is the grpc.ServiceDesc for WorkloadIdentityIssuanceService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source
var WorkloadIdentityResourceService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "teleport.workloadidentity.v1.WorkloadIdentityResourceService",
	HandlerType: (*WorkloadIdentityResourceServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "CreateWorkloadIdentity",
			Handler:    _WorkloadIdentityResourceService_CreateWorkloadIdentity_Handler,
		},
		{
			MethodName: "UpdateWorkloadIdentity",
			Handler:    _WorkloadIdentityResourceService_UpdateWorkloadIdentity_Handler,
		},
		{
			MethodName: "UpsertWorkloadIdentity",
			Handler:    _WorkloadIdentityResourceService_UpsertWorkloadIdentity_Handler,
		},
		{
			MethodName: "GetWorkloadIdentity",
			Handler:    _WorkloadIdentityResourceService_GetWorkloadIdentity_Handler,
		},
		{
			MethodName: "DeleteWorkloadIdentity",
			Handler:    _WorkloadIdentityResourceService_DeleteWorkloadIdentity_Handler,
		},
		{
			MethodName: "ListWorkloadIdentities",
			Handler:    _WorkloadIdentityResourceService_ListWorkloadIdentities_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "teleport/workloadidentity/v1/resource_service.proto",
}

WorkloadIdentityResourceService_ServiceDesc is the grpc.ServiceDesc for WorkloadIdentityResourceService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func RegisterWorkloadIdentityIssuanceServiceServer

func RegisterWorkloadIdentityIssuanceServiceServer(s grpc.ServiceRegistrar, srv WorkloadIdentityIssuanceServiceServer)

func RegisterWorkloadIdentityResourceServiceServer

func RegisterWorkloadIdentityResourceServiceServer(s grpc.ServiceRegistrar, srv WorkloadIdentityResourceServiceServer)

Types

type Attrs

type Attrs struct {

	// Attributes sourced by workload attestation performed by `tbot`.
	Workload *WorkloadAttrs `protobuf:"bytes,1,opt,name=workload,proto3" json:"workload,omitempty"`
	// Attributes sourced from the user/bot making the request for a workload
	// identity credential.
	User *UserAttrs `protobuf:"bytes,2,opt,name=user,proto3" json:"user,omitempty"`
	// contains filtered or unexported fields
}

The attributes of a principal requesting a workload identity. These attributes can be leveraged in rules, expressions and templating within the WorkloadIdentity resource.

func (*Attrs) Descriptor deprecated

func (*Attrs) Descriptor() ([]byte, []int)

Deprecated: Use Attrs.ProtoReflect.Descriptor instead.

func (*Attrs) GetUser

func (x *Attrs) GetUser() *UserAttrs

func (*Attrs) GetWorkload

func (x *Attrs) GetWorkload() *WorkloadAttrs

func (*Attrs) ProtoMessage

func (*Attrs) ProtoMessage()

func (*Attrs) ProtoReflect

func (x *Attrs) ProtoReflect() protoreflect.Message

func (*Attrs) Reset

func (x *Attrs) Reset()

func (*Attrs) String

func (x *Attrs) String() string

type CreateWorkloadIdentityRequest

type CreateWorkloadIdentityRequest struct {

	// The workload identity to create.
	WorkloadIdentity *WorkloadIdentity `protobuf:"bytes,1,opt,name=workload_identity,json=workloadIdentity,proto3" json:"workload_identity,omitempty"`
	// contains filtered or unexported fields
}

The request for CreateWorkloadIdentity.

func (*CreateWorkloadIdentityRequest) Descriptor deprecated

func (*CreateWorkloadIdentityRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateWorkloadIdentityRequest.ProtoReflect.Descriptor instead.

func (*CreateWorkloadIdentityRequest) GetWorkloadIdentity

func (x *CreateWorkloadIdentityRequest) GetWorkloadIdentity() *WorkloadIdentity

func (*CreateWorkloadIdentityRequest) ProtoMessage

func (*CreateWorkloadIdentityRequest) ProtoMessage()

func (*CreateWorkloadIdentityRequest) ProtoReflect

func (*CreateWorkloadIdentityRequest) Reset

func (x *CreateWorkloadIdentityRequest) Reset()

func (*CreateWorkloadIdentityRequest) String

type Credential

type Credential struct {

	// The TTL that was chosen by the server.
	Ttl *durationpb.Duration `protobuf:"bytes,1,opt,name=ttl,proto3" json:"ttl,omitempty"`
	// The time that the TTL is reached for this credential.
	ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	// The hint configured for this Workload Identity - if any. This is provided
	// to workloads using the SPIFFE Workload API to fetch credentials.
	Hint string `protobuf:"bytes,3,opt,name=hint,proto3" json:"hint,omitempty"`
	// The name of the Workload Identity resource used to issue this credential.
	WorkloadIdentityName string `protobuf:"bytes,4,opt,name=workload_identity_name,json=workloadIdentityName,proto3" json:"workload_identity_name,omitempty"`
	// The revision of the Workload Identity resource used to issue this
	// credential.
	WorkloadIdentityRevision string `` /* 135-byte string literal not displayed */
	// The fully qualified SPIFFE ID that was encoded into the SVID.
	SpiffeId string `protobuf:"bytes,6,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"`
	// Types that are valid to be assigned to Credential:
	//
	//	*Credential_X509Svid
	//	*Credential_JwtSvid
	Credential isCredential_Credential `protobuf_oneof:"credential"`
	// contains filtered or unexported fields
}

A credential, and its metadata, that has been issued by Teleport Workload Identity.

func (*Credential) Descriptor deprecated

func (*Credential) Descriptor() ([]byte, []int)

Deprecated: Use Credential.ProtoReflect.Descriptor instead.

func (*Credential) GetCredential

func (x *Credential) GetCredential() isCredential_Credential

func (*Credential) GetExpiresAt

func (x *Credential) GetExpiresAt() *timestamppb.Timestamp

func (*Credential) GetHint

func (x *Credential) GetHint() string

func (*Credential) GetJwtSvid

func (x *Credential) GetJwtSvid() *JWTSVIDCredential

func (*Credential) GetSpiffeId

func (x *Credential) GetSpiffeId() string

func (*Credential) GetTtl

func (x *Credential) GetTtl() *durationpb.Duration

func (*Credential) GetWorkloadIdentityName

func (x *Credential) GetWorkloadIdentityName() string

func (*Credential) GetWorkloadIdentityRevision

func (x *Credential) GetWorkloadIdentityRevision() string

func (*Credential) GetX509Svid

func (x *Credential) GetX509Svid() *X509SVIDCredential

func (*Credential) ProtoMessage

func (*Credential) ProtoMessage()

func (*Credential) ProtoReflect

func (x *Credential) ProtoReflect() protoreflect.Message

func (*Credential) Reset

func (x *Credential) Reset()

func (*Credential) String

func (x *Credential) String() string

type Credential_JwtSvid

type Credential_JwtSvid struct {
	// The JWT SVID that was issued.
	JwtSvid *JWTSVIDCredential `protobuf:"bytes,8,opt,name=jwt_svid,json=jwtSvid,proto3,oneof"`
}

type Credential_X509Svid

type Credential_X509Svid struct {
	// The X509 SVID that was issued.
	X509Svid *X509SVIDCredential `protobuf:"bytes,7,opt,name=x509_svid,json=x509Svid,proto3,oneof"`
}

type DeleteWorkloadIdentityRequest

type DeleteWorkloadIdentityRequest struct {

	// The name of the workload identity to delete.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

The request for DeleteWorkloadIdentity.

func (*DeleteWorkloadIdentityRequest) Descriptor deprecated

func (*DeleteWorkloadIdentityRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteWorkloadIdentityRequest.ProtoReflect.Descriptor instead.

func (*DeleteWorkloadIdentityRequest) GetName

func (*DeleteWorkloadIdentityRequest) ProtoMessage

func (*DeleteWorkloadIdentityRequest) ProtoMessage()

func (*DeleteWorkloadIdentityRequest) ProtoReflect

func (*DeleteWorkloadIdentityRequest) Reset

func (x *DeleteWorkloadIdentityRequest) Reset()

func (*DeleteWorkloadIdentityRequest) String

type GetWorkloadIdentityRequest

type GetWorkloadIdentityRequest struct {

	// The name of the workload identity to retrieve.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

The request for GetWorkloadIdentity.

func (*GetWorkloadIdentityRequest) Descriptor deprecated

func (*GetWorkloadIdentityRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetWorkloadIdentityRequest.ProtoReflect.Descriptor instead.

func (*GetWorkloadIdentityRequest) GetName

func (x *GetWorkloadIdentityRequest) GetName() string

func (*GetWorkloadIdentityRequest) ProtoMessage

func (*GetWorkloadIdentityRequest) ProtoMessage()

func (*GetWorkloadIdentityRequest) ProtoReflect

func (*GetWorkloadIdentityRequest) Reset

func (x *GetWorkloadIdentityRequest) Reset()

func (*GetWorkloadIdentityRequest) String

func (x *GetWorkloadIdentityRequest) String() string

type IssueWorkloadIdentitiesRequest

type IssueWorkloadIdentitiesRequest struct {

	// The label selectors to use for selecting WorkloadIdentity resources.
	// At least one selector must be provided.
	LabelSelectors []*LabelSelector `protobuf:"bytes,1,rep,name=label_selectors,json=labelSelectors,proto3" json:"label_selectors,omitempty"`
	// The parameters for issuing the credentials, varying by credential type.
	//
	// Types that are valid to be assigned to Credential:
	//
	//	*IssueWorkloadIdentitiesRequest_X509SvidParams
	//	*IssueWorkloadIdentitiesRequest_JwtSvidParams
	Credential isIssueWorkloadIdentitiesRequest_Credential `protobuf_oneof:"credential"`
	// The workload attributes to encode into the credentials.
	WorkloadAttrs *WorkloadAttrs `protobuf:"bytes,4,opt,name=workload_attrs,json=workloadAttrs,proto3" json:"workload_attrs,omitempty"`
	// The TTL that the client is requesting for the resulting credentials.
	// This may be adjusted by the server and therefore the client MUST check the
	// returned TTL rather than assuming that the requested TTL was granted.
	RequestedTtl *durationpb.Duration `protobuf:"bytes,5,opt,name=requested_ttl,json=requestedTtl,proto3" json:"requested_ttl,omitempty"`
	// contains filtered or unexported fields
}

The request for the IssueWorkloadIdentities RPC.

func (*IssueWorkloadIdentitiesRequest) Descriptor deprecated

func (*IssueWorkloadIdentitiesRequest) Descriptor() ([]byte, []int)

Deprecated: Use IssueWorkloadIdentitiesRequest.ProtoReflect.Descriptor instead.

func (*IssueWorkloadIdentitiesRequest) GetCredential

func (x *IssueWorkloadIdentitiesRequest) GetCredential() isIssueWorkloadIdentitiesRequest_Credential

func (*IssueWorkloadIdentitiesRequest) GetJwtSvidParams

func (x *IssueWorkloadIdentitiesRequest) GetJwtSvidParams() *JWTSVIDParams

func (*IssueWorkloadIdentitiesRequest) GetLabelSelectors

func (x *IssueWorkloadIdentitiesRequest) GetLabelSelectors() []*LabelSelector

func (*IssueWorkloadIdentitiesRequest) GetRequestedTtl

func (x *IssueWorkloadIdentitiesRequest) GetRequestedTtl() *durationpb.Duration

func (*IssueWorkloadIdentitiesRequest) GetWorkloadAttrs

func (x *IssueWorkloadIdentitiesRequest) GetWorkloadAttrs() *WorkloadAttrs

func (*IssueWorkloadIdentitiesRequest) GetX509SvidParams

func (x *IssueWorkloadIdentitiesRequest) GetX509SvidParams() *X509SVIDParams

func (*IssueWorkloadIdentitiesRequest) ProtoMessage

func (*IssueWorkloadIdentitiesRequest) ProtoMessage()

func (*IssueWorkloadIdentitiesRequest) ProtoReflect

func (*IssueWorkloadIdentitiesRequest) Reset

func (x *IssueWorkloadIdentitiesRequest) Reset()

func (*IssueWorkloadIdentitiesRequest) String

type IssueWorkloadIdentitiesRequest_JwtSvidParams

type IssueWorkloadIdentitiesRequest_JwtSvidParams struct {
	// The parameters for issuing a JWT SVID.
	JwtSvidParams *JWTSVIDParams `protobuf:"bytes,3,opt,name=jwt_svid_params,json=jwtSvidParams,proto3,oneof"`
}

type IssueWorkloadIdentitiesRequest_X509SvidParams

type IssueWorkloadIdentitiesRequest_X509SvidParams struct {
	// The parameters for issuing an X509 SVID.
	X509SvidParams *X509SVIDParams `protobuf:"bytes,2,opt,name=x509_svid_params,json=x509SvidParams,proto3,oneof"`
}

type IssueWorkloadIdentitiesResponse

type IssueWorkloadIdentitiesResponse struct {

	// The issued credentials.
	Credentials []*Credential `protobuf:"bytes,1,rep,name=credentials,proto3" json:"credentials,omitempty"`
	// contains filtered or unexported fields
}

The response for the IssueWorkloadIdentities RPC.

func (*IssueWorkloadIdentitiesResponse) Descriptor deprecated

func (*IssueWorkloadIdentitiesResponse) Descriptor() ([]byte, []int)

Deprecated: Use IssueWorkloadIdentitiesResponse.ProtoReflect.Descriptor instead.

func (*IssueWorkloadIdentitiesResponse) GetCredentials

func (x *IssueWorkloadIdentitiesResponse) GetCredentials() []*Credential

func (*IssueWorkloadIdentitiesResponse) ProtoMessage

func (*IssueWorkloadIdentitiesResponse) ProtoMessage()

func (*IssueWorkloadIdentitiesResponse) ProtoReflect

func (*IssueWorkloadIdentitiesResponse) Reset

func (*IssueWorkloadIdentitiesResponse) String

type IssueWorkloadIdentityRequest

type IssueWorkloadIdentityRequest struct {

	// The name of the WorkloadIdentity resource to use for issuing the credential.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// The parameters for issuing the credential, varying by credential type.
	//
	// Types that are valid to be assigned to Credential:
	//
	//	*IssueWorkloadIdentityRequest_X509SvidParams
	//	*IssueWorkloadIdentityRequest_JwtSvidParams
	Credential isIssueWorkloadIdentityRequest_Credential `protobuf_oneof:"credential"`
	// The workload attributes to encode into the credential.
	WorkloadAttrs *WorkloadAttrs `protobuf:"bytes,4,opt,name=workload_attrs,json=workloadAttrs,proto3" json:"workload_attrs,omitempty"`
	// The TTL that the client is requesting for the resulting credentials.
	// This may be adjusted by the server and therefore the client MUST check the
	// returned TTL rather than assuming that the requested TTL was granted.
	RequestedTtl *durationpb.Duration `protobuf:"bytes,5,opt,name=requested_ttl,json=requestedTtl,proto3" json:"requested_ttl,omitempty"`
	// contains filtered or unexported fields
}

The request for the IssueWorkloadIdentity RPC.

func (*IssueWorkloadIdentityRequest) Descriptor deprecated

func (*IssueWorkloadIdentityRequest) Descriptor() ([]byte, []int)

Deprecated: Use IssueWorkloadIdentityRequest.ProtoReflect.Descriptor instead.

func (*IssueWorkloadIdentityRequest) GetCredential

func (x *IssueWorkloadIdentityRequest) GetCredential() isIssueWorkloadIdentityRequest_Credential

func (*IssueWorkloadIdentityRequest) GetJwtSvidParams

func (x *IssueWorkloadIdentityRequest) GetJwtSvidParams() *JWTSVIDParams

func (*IssueWorkloadIdentityRequest) GetName

func (x *IssueWorkloadIdentityRequest) GetName() string

func (*IssueWorkloadIdentityRequest) GetRequestedTtl

func (x *IssueWorkloadIdentityRequest) GetRequestedTtl() *durationpb.Duration

func (*IssueWorkloadIdentityRequest) GetWorkloadAttrs

func (x *IssueWorkloadIdentityRequest) GetWorkloadAttrs() *WorkloadAttrs

func (*IssueWorkloadIdentityRequest) GetX509SvidParams

func (x *IssueWorkloadIdentityRequest) GetX509SvidParams() *X509SVIDParams

func (*IssueWorkloadIdentityRequest) ProtoMessage

func (*IssueWorkloadIdentityRequest) ProtoMessage()

func (*IssueWorkloadIdentityRequest) ProtoReflect

func (*IssueWorkloadIdentityRequest) Reset

func (x *IssueWorkloadIdentityRequest) Reset()

func (*IssueWorkloadIdentityRequest) String

type IssueWorkloadIdentityRequest_JwtSvidParams

type IssueWorkloadIdentityRequest_JwtSvidParams struct {
	// The parameters for issuing a JWT SVID.
	JwtSvidParams *JWTSVIDParams `protobuf:"bytes,3,opt,name=jwt_svid_params,json=jwtSvidParams,proto3,oneof"`
}

type IssueWorkloadIdentityRequest_X509SvidParams

type IssueWorkloadIdentityRequest_X509SvidParams struct {
	// The parameters for issuing an X509 SVID.
	X509SvidParams *X509SVIDParams `protobuf:"bytes,2,opt,name=x509_svid_params,json=x509SvidParams,proto3,oneof"`
}

type IssueWorkloadIdentityResponse

type IssueWorkloadIdentityResponse struct {

	// The issued credential.
	Credential *Credential `protobuf:"bytes,1,opt,name=credential,proto3" json:"credential,omitempty"`
	// contains filtered or unexported fields
}

The response for the IssueWorkloadIdentity RPC.

func (*IssueWorkloadIdentityResponse) Descriptor deprecated

func (*IssueWorkloadIdentityResponse) Descriptor() ([]byte, []int)

Deprecated: Use IssueWorkloadIdentityResponse.ProtoReflect.Descriptor instead.

func (*IssueWorkloadIdentityResponse) GetCredential

func (x *IssueWorkloadIdentityResponse) GetCredential() *Credential

func (*IssueWorkloadIdentityResponse) ProtoMessage

func (*IssueWorkloadIdentityResponse) ProtoMessage()

func (*IssueWorkloadIdentityResponse) ProtoReflect

func (*IssueWorkloadIdentityResponse) Reset

func (x *IssueWorkloadIdentityResponse) Reset()

func (*IssueWorkloadIdentityResponse) String

type JWTSVIDCredential

type JWTSVIDCredential struct {

	// The signed JWT
	Jwt string `protobuf:"bytes,1,opt,name=jwt,proto3" json:"jwt,omitempty"`
	// The JTI of the JWT
	Jti string `protobuf:"bytes,2,opt,name=jti,proto3" json:"jti,omitempty"`
	// contains filtered or unexported fields
}

The issued JWT SVID credential and any JWT SVID specific metadata.

func (*JWTSVIDCredential) Descriptor deprecated

func (*JWTSVIDCredential) Descriptor() ([]byte, []int)

Deprecated: Use JWTSVIDCredential.ProtoReflect.Descriptor instead.

func (*JWTSVIDCredential) GetJti

func (x *JWTSVIDCredential) GetJti() string

func (*JWTSVIDCredential) GetJwt

func (x *JWTSVIDCredential) GetJwt() string

func (*JWTSVIDCredential) ProtoMessage

func (*JWTSVIDCredential) ProtoMessage()

func (*JWTSVIDCredential) ProtoReflect

func (x *JWTSVIDCredential) ProtoReflect() protoreflect.Message

func (*JWTSVIDCredential) Reset

func (x *JWTSVIDCredential) Reset()

func (*JWTSVIDCredential) String

func (x *JWTSVIDCredential) String() string

type JWTSVIDParams

type JWTSVIDParams struct {

	// The audiences to encode into the JWT SVID as the `aud` claim.
	Audiences []string `protobuf:"bytes,1,rep,name=audiences,proto3" json:"audiences,omitempty"`
	// contains filtered or unexported fields
}

The parameters for issuing a JWT SVID.

func (*JWTSVIDParams) Descriptor deprecated

func (*JWTSVIDParams) Descriptor() ([]byte, []int)

Deprecated: Use JWTSVIDParams.ProtoReflect.Descriptor instead.

func (*JWTSVIDParams) GetAudiences

func (x *JWTSVIDParams) GetAudiences() []string

func (*JWTSVIDParams) ProtoMessage

func (*JWTSVIDParams) ProtoMessage()

func (*JWTSVIDParams) ProtoReflect

func (x *JWTSVIDParams) ProtoReflect() protoreflect.Message

func (*JWTSVIDParams) Reset

func (x *JWTSVIDParams) Reset()

func (*JWTSVIDParams) String

func (x *JWTSVIDParams) String() string

type LabelSelector

type LabelSelector struct {

	// The key to match.
	// If this is wildcard, then a single value of wildcard must also be provided.
	Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
	// Any of the acceptable matching values.
	Values []string `protobuf:"bytes,2,rep,name=values,proto3" json:"values,omitempty"`
	// contains filtered or unexported fields
}

A key-values pair for selecting WorkloadIdentity resources based on their labels.

func (*LabelSelector) Descriptor deprecated

func (*LabelSelector) Descriptor() ([]byte, []int)

Deprecated: Use LabelSelector.ProtoReflect.Descriptor instead.

func (*LabelSelector) GetKey

func (x *LabelSelector) GetKey() string

func (*LabelSelector) GetValues

func (x *LabelSelector) GetValues() []string

func (*LabelSelector) ProtoMessage

func (*LabelSelector) ProtoMessage()

func (*LabelSelector) ProtoReflect

func (x *LabelSelector) ProtoReflect() protoreflect.Message

func (*LabelSelector) Reset

func (x *LabelSelector) Reset()

func (*LabelSelector) String

func (x *LabelSelector) String() string

type ListWorkloadIdentitiesRequest

type ListWorkloadIdentitiesRequest struct {

	// The maximum number of items to return.
	// The server may impose a different page size at its discretion.
	PageSize int32 `protobuf:"varint,1,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// The page_token value returned from a previous ListWorkloadIdentities request, if any.
	PageToken string `protobuf:"bytes,2,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

The request for ListWorkloadIdentities.

func (*ListWorkloadIdentitiesRequest) Descriptor deprecated

func (*ListWorkloadIdentitiesRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListWorkloadIdentitiesRequest.ProtoReflect.Descriptor instead.

func (*ListWorkloadIdentitiesRequest) GetPageSize

func (x *ListWorkloadIdentitiesRequest) GetPageSize() int32

func (*ListWorkloadIdentitiesRequest) GetPageToken

func (x *ListWorkloadIdentitiesRequest) GetPageToken() string

func (*ListWorkloadIdentitiesRequest) ProtoMessage

func (*ListWorkloadIdentitiesRequest) ProtoMessage()

func (*ListWorkloadIdentitiesRequest) ProtoReflect

func (*ListWorkloadIdentitiesRequest) Reset

func (x *ListWorkloadIdentitiesRequest) Reset()

func (*ListWorkloadIdentitiesRequest) String

type ListWorkloadIdentitiesResponse

type ListWorkloadIdentitiesResponse struct {

	// The page of workload identities that matched the request.
	WorkloadIdentities []*WorkloadIdentity `protobuf:"bytes,1,rep,name=workload_identities,json=workloadIdentities,proto3" json:"workload_identities,omitempty"`
	// Token to retrieve the next page of results, or empty if there are no
	// more results in the list.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

The response for ListWorkloadIdentities.

func (*ListWorkloadIdentitiesResponse) Descriptor deprecated

func (*ListWorkloadIdentitiesResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListWorkloadIdentitiesResponse.ProtoReflect.Descriptor instead.

func (*ListWorkloadIdentitiesResponse) GetNextPageToken

func (x *ListWorkloadIdentitiesResponse) GetNextPageToken() string

func (*ListWorkloadIdentitiesResponse) GetWorkloadIdentities

func (x *ListWorkloadIdentitiesResponse) GetWorkloadIdentities() []*WorkloadIdentity

func (*ListWorkloadIdentitiesResponse) ProtoMessage

func (*ListWorkloadIdentitiesResponse) ProtoMessage()

func (*ListWorkloadIdentitiesResponse) ProtoReflect

func (*ListWorkloadIdentitiesResponse) Reset

func (x *ListWorkloadIdentitiesResponse) Reset()

func (*ListWorkloadIdentitiesResponse) String

type UnimplementedWorkloadIdentityIssuanceServiceServer

type UnimplementedWorkloadIdentityIssuanceServiceServer struct{}

UnimplementedWorkloadIdentityIssuanceServiceServer must be embedded to have forward compatible implementations.

NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.

func (UnimplementedWorkloadIdentityIssuanceServiceServer) IssueWorkloadIdentities

func (UnimplementedWorkloadIdentityIssuanceServiceServer) IssueWorkloadIdentity

type UnimplementedWorkloadIdentityResourceServiceServer

type UnimplementedWorkloadIdentityResourceServiceServer struct{}

UnimplementedWorkloadIdentityResourceServiceServer must be embedded to have forward compatible implementations.

NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.

func (UnimplementedWorkloadIdentityResourceServiceServer) CreateWorkloadIdentity

func (UnimplementedWorkloadIdentityResourceServiceServer) DeleteWorkloadIdentity

func (UnimplementedWorkloadIdentityResourceServiceServer) GetWorkloadIdentity

func (UnimplementedWorkloadIdentityResourceServiceServer) ListWorkloadIdentities

func (UnimplementedWorkloadIdentityResourceServiceServer) UpdateWorkloadIdentity

func (UnimplementedWorkloadIdentityResourceServiceServer) UpsertWorkloadIdentity

type UnsafeWorkloadIdentityIssuanceServiceServer

type UnsafeWorkloadIdentityIssuanceServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeWorkloadIdentityIssuanceServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to WorkloadIdentityIssuanceServiceServer will result in compilation errors.

type UnsafeWorkloadIdentityResourceServiceServer

type UnsafeWorkloadIdentityResourceServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeWorkloadIdentityResourceServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to WorkloadIdentityResourceServiceServer will result in compilation errors.

type UpdateWorkloadIdentityRequest

type UpdateWorkloadIdentityRequest struct {

	// The workload identity to update.
	WorkloadIdentity *WorkloadIdentity `protobuf:"bytes,1,opt,name=workload_identity,json=workloadIdentity,proto3" json:"workload_identity,omitempty"`
	// contains filtered or unexported fields
}

The request for UpdateWorkloadIdentity.

func (*UpdateWorkloadIdentityRequest) Descriptor deprecated

func (*UpdateWorkloadIdentityRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateWorkloadIdentityRequest.ProtoReflect.Descriptor instead.

func (*UpdateWorkloadIdentityRequest) GetWorkloadIdentity

func (x *UpdateWorkloadIdentityRequest) GetWorkloadIdentity() *WorkloadIdentity

func (*UpdateWorkloadIdentityRequest) ProtoMessage

func (*UpdateWorkloadIdentityRequest) ProtoMessage()

func (*UpdateWorkloadIdentityRequest) ProtoReflect

func (*UpdateWorkloadIdentityRequest) Reset

func (x *UpdateWorkloadIdentityRequest) Reset()

func (*UpdateWorkloadIdentityRequest) String

type UpsertWorkloadIdentityRequest

type UpsertWorkloadIdentityRequest struct {

	// The workload identity to upsert.
	WorkloadIdentity *WorkloadIdentity `protobuf:"bytes,1,opt,name=workload_identity,json=workloadIdentity,proto3" json:"workload_identity,omitempty"`
	// contains filtered or unexported fields
}

The request for UpsertWorkloadIdentityRequest.

func (*UpsertWorkloadIdentityRequest) Descriptor deprecated

func (*UpsertWorkloadIdentityRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpsertWorkloadIdentityRequest.ProtoReflect.Descriptor instead.

func (*UpsertWorkloadIdentityRequest) GetWorkloadIdentity

func (x *UpsertWorkloadIdentityRequest) GetWorkloadIdentity() *WorkloadIdentity

func (*UpsertWorkloadIdentityRequest) ProtoMessage

func (*UpsertWorkloadIdentityRequest) ProtoMessage()

func (*UpsertWorkloadIdentityRequest) ProtoReflect

func (*UpsertWorkloadIdentityRequest) Reset

func (x *UpsertWorkloadIdentityRequest) Reset()

func (*UpsertWorkloadIdentityRequest) String

type UserAttrs

type UserAttrs struct {

	// The name of the user.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Whether the user is a bot.
	IsBot bool `protobuf:"varint,2,opt,name=is_bot,json=isBot,proto3" json:"is_bot,omitempty"`
	// If the user is a bot, the name of the bot.
	BotName string `protobuf:"bytes,3,opt,name=bot_name,json=botName,proto3" json:"bot_name,omitempty"`
	// If the user is a bot, the instance ID of the bot.
	BotInstanceId string `protobuf:"bytes,4,opt,name=bot_instance_id,json=botInstanceId,proto3" json:"bot_instance_id,omitempty"`
	// Labels of the user.
	Labels map[string]string `` /* 139-byte string literal not displayed */
	// contains filtered or unexported fields
}

Attributes related to the user/bot making the request for a workload identity.

func (*UserAttrs) Descriptor deprecated

func (*UserAttrs) Descriptor() ([]byte, []int)

Deprecated: Use UserAttrs.ProtoReflect.Descriptor instead.

func (*UserAttrs) GetBotInstanceId

func (x *UserAttrs) GetBotInstanceId() string

func (*UserAttrs) GetBotName

func (x *UserAttrs) GetBotName() string

func (*UserAttrs) GetIsBot

func (x *UserAttrs) GetIsBot() bool

func (*UserAttrs) GetLabels

func (x *UserAttrs) GetLabels() map[string]string

func (*UserAttrs) GetName

func (x *UserAttrs) GetName() string

func (*UserAttrs) ProtoMessage

func (*UserAttrs) ProtoMessage()

func (*UserAttrs) ProtoReflect

func (x *UserAttrs) ProtoReflect() protoreflect.Message

func (*UserAttrs) Reset

func (x *UserAttrs) Reset()

func (*UserAttrs) String

func (x *UserAttrs) String() string

type WorkloadAttrs

type WorkloadAttrs struct {

	// The Unix-specific attributes.
	Unix *WorkloadAttrsUnix `protobuf:"bytes,1,opt,name=unix,proto3" json:"unix,omitempty"`
	// The Kubernetes-specific attributes.
	Kubernetes *WorkloadAttrsKubernetes `protobuf:"bytes,2,opt,name=kubernetes,proto3" json:"kubernetes,omitempty"`
	// contains filtered or unexported fields
}

The attributes provided by `tbot` regarding the workload's attestation. This will be mostly unset if the workload has not requested credentials via the SPIFFE Workload API.

func (*WorkloadAttrs) Descriptor deprecated

func (*WorkloadAttrs) Descriptor() ([]byte, []int)

Deprecated: Use WorkloadAttrs.ProtoReflect.Descriptor instead.

func (*WorkloadAttrs) GetKubernetes

func (x *WorkloadAttrs) GetKubernetes() *WorkloadAttrsKubernetes

func (*WorkloadAttrs) GetUnix

func (x *WorkloadAttrs) GetUnix() *WorkloadAttrsUnix

func (*WorkloadAttrs) ProtoMessage

func (*WorkloadAttrs) ProtoMessage()

func (*WorkloadAttrs) ProtoReflect

func (x *WorkloadAttrs) ProtoReflect() protoreflect.Message

func (*WorkloadAttrs) Reset

func (x *WorkloadAttrs) Reset()

func (*WorkloadAttrs) String

func (x *WorkloadAttrs) String() string

type WorkloadAttrsKubernetes

type WorkloadAttrsKubernetes struct {

	// Whether the workload passed Kubernetes attestation.
	Attested bool `protobuf:"varint,1,opt,name=attested,proto3" json:"attested,omitempty"`
	// The namespace of the workload pod.
	Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"`
	// The name of the workload pod.
	PodName string `protobuf:"bytes,3,opt,name=pod_name,json=podName,proto3" json:"pod_name,omitempty"`
	// The service account of the workload pod.
	ServiceAccount string `protobuf:"bytes,4,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"`
	// The UID of the workload pod.
	PodUid string `protobuf:"bytes,5,opt,name=pod_uid,json=podUid,proto3" json:"pod_uid,omitempty"`
	// The labels of the workload pod.
	Labels map[string]string `` /* 139-byte string literal not displayed */
	// contains filtered or unexported fields
}

Attributes sourced from the Kubernetes workload attestor.

func (*WorkloadAttrsKubernetes) Descriptor deprecated

func (*WorkloadAttrsKubernetes) Descriptor() ([]byte, []int)

Deprecated: Use WorkloadAttrsKubernetes.ProtoReflect.Descriptor instead.

func (*WorkloadAttrsKubernetes) GetAttested

func (x *WorkloadAttrsKubernetes) GetAttested() bool

func (*WorkloadAttrsKubernetes) GetLabels

func (x *WorkloadAttrsKubernetes) GetLabels() map[string]string

func (*WorkloadAttrsKubernetes) GetNamespace

func (x *WorkloadAttrsKubernetes) GetNamespace() string

func (*WorkloadAttrsKubernetes) GetPodName

func (x *WorkloadAttrsKubernetes) GetPodName() string

func (*WorkloadAttrsKubernetes) GetPodUid

func (x *WorkloadAttrsKubernetes) GetPodUid() string

func (*WorkloadAttrsKubernetes) GetServiceAccount

func (x *WorkloadAttrsKubernetes) GetServiceAccount() string

func (*WorkloadAttrsKubernetes) ProtoMessage

func (*WorkloadAttrsKubernetes) ProtoMessage()

func (*WorkloadAttrsKubernetes) ProtoReflect

func (x *WorkloadAttrsKubernetes) ProtoReflect() protoreflect.Message

func (*WorkloadAttrsKubernetes) Reset

func (x *WorkloadAttrsKubernetes) Reset()

func (*WorkloadAttrsKubernetes) String

func (x *WorkloadAttrsKubernetes) String() string

type WorkloadAttrsUnix

type WorkloadAttrsUnix struct {

	// Whether the workload passed Unix attestation.
	Attested bool `protobuf:"varint,1,opt,name=attested,proto3" json:"attested,omitempty"`
	// The PID of the workload process.
	Pid int32 `protobuf:"varint,2,opt,name=pid,proto3" json:"pid,omitempty"`
	// The primary user ID of the workload process.
	Gid uint32 `protobuf:"varint,3,opt,name=gid,proto3" json:"gid,omitempty"`
	// The primary group ID of the workload process.
	Uid uint32 `protobuf:"varint,4,opt,name=uid,proto3" json:"uid,omitempty"`
	// contains filtered or unexported fields
}

Attributes sourced from the Unix workload attestor.

func (*WorkloadAttrsUnix) Descriptor deprecated

func (*WorkloadAttrsUnix) Descriptor() ([]byte, []int)

Deprecated: Use WorkloadAttrsUnix.ProtoReflect.Descriptor instead.

func (*WorkloadAttrsUnix) GetAttested

func (x *WorkloadAttrsUnix) GetAttested() bool

func (*WorkloadAttrsUnix) GetGid

func (x *WorkloadAttrsUnix) GetGid() uint32

func (*WorkloadAttrsUnix) GetPid

func (x *WorkloadAttrsUnix) GetPid() int32

func (*WorkloadAttrsUnix) GetUid

func (x *WorkloadAttrsUnix) GetUid() uint32

func (*WorkloadAttrsUnix) ProtoMessage

func (*WorkloadAttrsUnix) ProtoMessage()

func (*WorkloadAttrsUnix) ProtoReflect

func (x *WorkloadAttrsUnix) ProtoReflect() protoreflect.Message

func (*WorkloadAttrsUnix) Reset

func (x *WorkloadAttrsUnix) Reset()

func (*WorkloadAttrsUnix) String

func (x *WorkloadAttrsUnix) String() string

type WorkloadIdentity

type WorkloadIdentity struct {

	// The kind of resource represented.
	Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"`
	// Differentiates variations of the same kind. All resources should
	// contain one, even if it is never populated.
	SubKind string `protobuf:"bytes,2,opt,name=sub_kind,json=subKind,proto3" json:"sub_kind,omitempty"`
	// The version of the resource being represented.
	Version string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
	// Common metadata that all resources share.
	Metadata *v1.Metadata `protobuf:"bytes,4,opt,name=metadata,proto3" json:"metadata,omitempty"`
	// The configured properties of the WorkloadIdentity
	Spec *WorkloadIdentitySpec `protobuf:"bytes,5,opt,name=spec,proto3" json:"spec,omitempty"`
	// contains filtered or unexported fields
}

WorkloadIdentity represents a single, or group of similar, workload identities and configures the structure of workload identity credentials and authorization rules. is a resource that represents the configuration of a trust domain federation.

func (*WorkloadIdentity) Descriptor deprecated

func (*WorkloadIdentity) Descriptor() ([]byte, []int)

Deprecated: Use WorkloadIdentity.ProtoReflect.Descriptor instead.

func (*WorkloadIdentity) GetKind

func (x *WorkloadIdentity) GetKind() string

func (*WorkloadIdentity) GetMetadata

func (x *WorkloadIdentity) GetMetadata() *v1.Metadata

func (*WorkloadIdentity) GetSpec

func (x *WorkloadIdentity) GetSpec() *WorkloadIdentitySpec

func (*WorkloadIdentity) GetSubKind

func (x *WorkloadIdentity) GetSubKind() string

func (*WorkloadIdentity) GetVersion

func (x *WorkloadIdentity) GetVersion() string

func (*WorkloadIdentity) ProtoMessage

func (*WorkloadIdentity) ProtoMessage()

func (*WorkloadIdentity) ProtoReflect

func (x *WorkloadIdentity) ProtoReflect() protoreflect.Message

func (*WorkloadIdentity) Reset

func (x *WorkloadIdentity) Reset()

func (*WorkloadIdentity) String

func (x *WorkloadIdentity) String() string

type WorkloadIdentityCondition

type WorkloadIdentityCondition struct {

	// The name of the attribute to evaluate the condition against.
	Attribute string `protobuf:"bytes,1,opt,name=attribute,proto3" json:"attribute,omitempty"`
	// An exact string that the attribute must match.
	Equals string `protobuf:"bytes,2,opt,name=equals,proto3" json:"equals,omitempty"`
	// contains filtered or unexported fields
}

The individual conditions that make up a rule.

func (*WorkloadIdentityCondition) Descriptor deprecated

func (*WorkloadIdentityCondition) Descriptor() ([]byte, []int)

Deprecated: Use WorkloadIdentityCondition.ProtoReflect.Descriptor instead.

func (*WorkloadIdentityCondition) GetAttribute

func (x *WorkloadIdentityCondition) GetAttribute() string

func (*WorkloadIdentityCondition) GetEquals

func (x *WorkloadIdentityCondition) GetEquals() string

func (*WorkloadIdentityCondition) ProtoMessage

func (*WorkloadIdentityCondition) ProtoMessage()

func (*WorkloadIdentityCondition) ProtoReflect

func (*WorkloadIdentityCondition) Reset

func (x *WorkloadIdentityCondition) Reset()

func (*WorkloadIdentityCondition) String

func (x *WorkloadIdentityCondition) String() string

type WorkloadIdentityIssuanceServiceClient

type WorkloadIdentityIssuanceServiceClient interface {
	// IssueWorkloadIdentity issues a workload identity credential for the named
	// WorkloadIdentity resource. If it is unable to issue a credential,
	// an error will be returned.
	IssueWorkloadIdentity(ctx context.Context, in *IssueWorkloadIdentityRequest, opts ...grpc.CallOption) (*IssueWorkloadIdentityResponse, error)
	// IssueWorkloadIdentities can issue multiple workload identity credentials
	// based on label selectors for the WorkloadIdentity resources.
	IssueWorkloadIdentities(ctx context.Context, in *IssueWorkloadIdentitiesRequest, opts ...grpc.CallOption) (*IssueWorkloadIdentitiesResponse, error)
}

WorkloadIdentityIssuanceServiceClient is the client API for WorkloadIdentityIssuanceService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

WorkloadIdentityIssuanceService is the service that issues workload identity credentials.

type WorkloadIdentityIssuanceServiceServer

type WorkloadIdentityIssuanceServiceServer interface {
	// IssueWorkloadIdentity issues a workload identity credential for the named
	// WorkloadIdentity resource. If it is unable to issue a credential,
	// an error will be returned.
	IssueWorkloadIdentity(context.Context, *IssueWorkloadIdentityRequest) (*IssueWorkloadIdentityResponse, error)
	// IssueWorkloadIdentities can issue multiple workload identity credentials
	// based on label selectors for the WorkloadIdentity resources.
	IssueWorkloadIdentities(context.Context, *IssueWorkloadIdentitiesRequest) (*IssueWorkloadIdentitiesResponse, error)
	// contains filtered or unexported methods
}

WorkloadIdentityIssuanceServiceServer is the server API for WorkloadIdentityIssuanceService service. All implementations must embed UnimplementedWorkloadIdentityIssuanceServiceServer for forward compatibility.

WorkloadIdentityIssuanceService is the service that issues workload identity credentials.

type WorkloadIdentityResourceServiceClient

type WorkloadIdentityResourceServiceClient interface {
	// CreateWorkloadIdentity creates a new workload identity, it will refuse to
	// create a workload identity if one already exists with the same name.
	CreateWorkloadIdentity(ctx context.Context, in *CreateWorkloadIdentityRequest, opts ...grpc.CallOption) (*WorkloadIdentity, error)
	// UpdateWorkloadIdentity updates an existing workload identity, it will refuse
	// to update a workload identity if one does not already exist with the same name.
	//
	// ConditionalUpdate semantics are applied, e.g, the update will only succeed
	// if the revision of the provided WorkloadIdentity matches the revision of
	// the existing WorkloadIdentity.
	UpdateWorkloadIdentity(ctx context.Context, in *UpdateWorkloadIdentityRequest, opts ...grpc.CallOption) (*WorkloadIdentity, error)
	// UpsertWorkloadIdentity creates or updates a workload identity. You should
	// prefer to call Create or Update.
	UpsertWorkloadIdentity(ctx context.Context, in *UpsertWorkloadIdentityRequest, opts ...grpc.CallOption) (*WorkloadIdentity, error)
	// GetWorkloadIdentity retrieves a workload identity by name.
	GetWorkloadIdentity(ctx context.Context, in *GetWorkloadIdentityRequest, opts ...grpc.CallOption) (*WorkloadIdentity, error)
	// DeleteWorkloadIdentity deletes a workload identity by name.
	DeleteWorkloadIdentity(ctx context.Context, in *DeleteWorkloadIdentityRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
	// ListWorkloadIdentities of all workload identities, pagination semantics are
	// applied.
	ListWorkloadIdentities(ctx context.Context, in *ListWorkloadIdentitiesRequest, opts ...grpc.CallOption) (*ListWorkloadIdentitiesResponse, error)
}

WorkloadIdentityResourceServiceClient is the client API for WorkloadIdentityResourceService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

WorkloadIdentityResourceService provides methods to manage the WorkloadIdentity resource.

type WorkloadIdentityResourceServiceServer

type WorkloadIdentityResourceServiceServer interface {
	// CreateWorkloadIdentity creates a new workload identity, it will refuse to
	// create a workload identity if one already exists with the same name.
	CreateWorkloadIdentity(context.Context, *CreateWorkloadIdentityRequest) (*WorkloadIdentity, error)
	// UpdateWorkloadIdentity updates an existing workload identity, it will refuse
	// to update a workload identity if one does not already exist with the same name.
	//
	// ConditionalUpdate semantics are applied, e.g, the update will only succeed
	// if the revision of the provided WorkloadIdentity matches the revision of
	// the existing WorkloadIdentity.
	UpdateWorkloadIdentity(context.Context, *UpdateWorkloadIdentityRequest) (*WorkloadIdentity, error)
	// UpsertWorkloadIdentity creates or updates a workload identity. You should
	// prefer to call Create or Update.
	UpsertWorkloadIdentity(context.Context, *UpsertWorkloadIdentityRequest) (*WorkloadIdentity, error)
	// GetWorkloadIdentity retrieves a workload identity by name.
	GetWorkloadIdentity(context.Context, *GetWorkloadIdentityRequest) (*WorkloadIdentity, error)
	// DeleteWorkloadIdentity deletes a workload identity by name.
	DeleteWorkloadIdentity(context.Context, *DeleteWorkloadIdentityRequest) (*emptypb.Empty, error)
	// ListWorkloadIdentities of all workload identities, pagination semantics are
	// applied.
	ListWorkloadIdentities(context.Context, *ListWorkloadIdentitiesRequest) (*ListWorkloadIdentitiesResponse, error)
	// contains filtered or unexported methods
}

WorkloadIdentityResourceServiceServer is the server API for WorkloadIdentityResourceService service. All implementations must embed UnimplementedWorkloadIdentityResourceServiceServer for forward compatibility.

WorkloadIdentityResourceService provides methods to manage the WorkloadIdentity resource.

type WorkloadIdentityRule

type WorkloadIdentityRule struct {

	// The conditions that must be met for this rule to be considered passed.
	Conditions []*WorkloadIdentityCondition `protobuf:"bytes,1,rep,name=conditions,proto3" json:"conditions,omitempty"`
	// contains filtered or unexported fields
}

An individual rule that is evaluated during the issuance of a WorkloadIdentity.

func (*WorkloadIdentityRule) Descriptor deprecated

func (*WorkloadIdentityRule) Descriptor() ([]byte, []int)

Deprecated: Use WorkloadIdentityRule.ProtoReflect.Descriptor instead.

func (*WorkloadIdentityRule) GetConditions

func (x *WorkloadIdentityRule) GetConditions() []*WorkloadIdentityCondition

func (*WorkloadIdentityRule) ProtoMessage

func (*WorkloadIdentityRule) ProtoMessage()

func (*WorkloadIdentityRule) ProtoReflect

func (x *WorkloadIdentityRule) ProtoReflect() protoreflect.Message

func (*WorkloadIdentityRule) Reset

func (x *WorkloadIdentityRule) Reset()

func (*WorkloadIdentityRule) String

func (x *WorkloadIdentityRule) String() string

type WorkloadIdentityRules

type WorkloadIdentityRules struct {

	// A list of rules used to determine if a WorkloadIdentity can be issued.
	// If none are provided, it will be considered a pass. If any are provided,
	// then at least one must pass for the rules to be considered passed.
	Allow []*WorkloadIdentityRule `protobuf:"bytes,1,rep,name=allow,proto3" json:"allow,omitempty"`
	// contains filtered or unexported fields
}

The rules which are evaluated before the WorkloadIdentity can be issued.

func (*WorkloadIdentityRules) Descriptor deprecated

func (*WorkloadIdentityRules) Descriptor() ([]byte, []int)

Deprecated: Use WorkloadIdentityRules.ProtoReflect.Descriptor instead.

func (*WorkloadIdentityRules) GetAllow

func (*WorkloadIdentityRules) ProtoMessage

func (*WorkloadIdentityRules) ProtoMessage()

func (*WorkloadIdentityRules) ProtoReflect

func (x *WorkloadIdentityRules) ProtoReflect() protoreflect.Message

func (*WorkloadIdentityRules) Reset

func (x *WorkloadIdentityRules) Reset()

func (*WorkloadIdentityRules) String

func (x *WorkloadIdentityRules) String() string

type WorkloadIdentitySPIFFE

type WorkloadIdentitySPIFFE struct {

	// The path of the SPIFFE ID that will be issued to the workload.
	//
	// This should be prefixed with a forward-slash ("/").
	//
	// This field supports templating using attributes.
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// A freeform text field which is provided to workloads along with a
	// credential produced by this WorkloadIdentity. This can be used to provide
	// additional context that can be used to select between multiple credentials.
	Hint string `protobuf:"bytes,2,opt,name=hint,proto3" json:"hint,omitempty"`
	// contains filtered or unexported fields
}

Configuration pertaining to the issuance of SPIFFE-compatible workload identity credentials.

func (*WorkloadIdentitySPIFFE) Descriptor deprecated

func (*WorkloadIdentitySPIFFE) Descriptor() ([]byte, []int)

Deprecated: Use WorkloadIdentitySPIFFE.ProtoReflect.Descriptor instead.

func (*WorkloadIdentitySPIFFE) GetHint

func (x *WorkloadIdentitySPIFFE) GetHint() string

func (*WorkloadIdentitySPIFFE) GetId

func (x *WorkloadIdentitySPIFFE) GetId() string

func (*WorkloadIdentitySPIFFE) ProtoMessage

func (*WorkloadIdentitySPIFFE) ProtoMessage()

func (*WorkloadIdentitySPIFFE) ProtoReflect

func (x *WorkloadIdentitySPIFFE) ProtoReflect() protoreflect.Message

func (*WorkloadIdentitySPIFFE) Reset

func (x *WorkloadIdentitySPIFFE) Reset()

func (*WorkloadIdentitySPIFFE) String

func (x *WorkloadIdentitySPIFFE) String() string

type WorkloadIdentitySpec

type WorkloadIdentitySpec struct {

	// The rules which are evaluated before the WorkloadIdentity can be issued.
	Rules *WorkloadIdentityRules `protobuf:"bytes,1,opt,name=rules,proto3" json:"rules,omitempty"`
	// Configuration pertaining to the issuance of SPIFFE-compatible workload
	// identity credentials.
	Spiffe *WorkloadIdentitySPIFFE `protobuf:"bytes,2,opt,name=spiffe,proto3" json:"spiffe,omitempty"`
	// contains filtered or unexported fields
}

The spec for the WorkloadIdentity resource.

func (*WorkloadIdentitySpec) Descriptor deprecated

func (*WorkloadIdentitySpec) Descriptor() ([]byte, []int)

Deprecated: Use WorkloadIdentitySpec.ProtoReflect.Descriptor instead.

func (*WorkloadIdentitySpec) GetRules

func (*WorkloadIdentitySpec) GetSpiffe

func (*WorkloadIdentitySpec) ProtoMessage

func (*WorkloadIdentitySpec) ProtoMessage()

func (*WorkloadIdentitySpec) ProtoReflect

func (x *WorkloadIdentitySpec) ProtoReflect() protoreflect.Message

func (*WorkloadIdentitySpec) Reset

func (x *WorkloadIdentitySpec) Reset()

func (*WorkloadIdentitySpec) String

func (x *WorkloadIdentitySpec) String() string

type X509SVIDCredential

type X509SVIDCredential struct {

	// The X509 SVID that was issued.
	// ASN.1 DER encoded X.509 certificate. No PEM.
	Cert []byte `protobuf:"bytes,1,opt,name=cert,proto3" json:"cert,omitempty"`
	// The serial number of the X509 SVID.
	SerialNumber string `protobuf:"bytes,2,opt,name=serial_number,json=serialNumber,proto3" json:"serial_number,omitempty"`
	// contains filtered or unexported fields
}

The issued X509 SVID credential and any X509 SVID specific metadata.

func (*X509SVIDCredential) Descriptor deprecated

func (*X509SVIDCredential) Descriptor() ([]byte, []int)

Deprecated: Use X509SVIDCredential.ProtoReflect.Descriptor instead.

func (*X509SVIDCredential) GetCert

func (x *X509SVIDCredential) GetCert() []byte

func (*X509SVIDCredential) GetSerialNumber

func (x *X509SVIDCredential) GetSerialNumber() string

func (*X509SVIDCredential) ProtoMessage

func (*X509SVIDCredential) ProtoMessage()

func (*X509SVIDCredential) ProtoReflect

func (x *X509SVIDCredential) ProtoReflect() protoreflect.Message

func (*X509SVIDCredential) Reset

func (x *X509SVIDCredential) Reset()

func (*X509SVIDCredential) String

func (x *X509SVIDCredential) String() string

type X509SVIDParams

type X509SVIDParams struct {

	// The PKIX, ASN.1 DER public key to encode into the X509 SVID.
	PublicKey []byte `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// contains filtered or unexported fields
}

The parameters for issuing an X509 SVID.

func (*X509SVIDParams) Descriptor deprecated

func (*X509SVIDParams) Descriptor() ([]byte, []int)

Deprecated: Use X509SVIDParams.ProtoReflect.Descriptor instead.

func (*X509SVIDParams) GetPublicKey

func (x *X509SVIDParams) GetPublicKey() []byte

func (*X509SVIDParams) ProtoMessage

func (*X509SVIDParams) ProtoMessage()

func (*X509SVIDParams) ProtoReflect

func (x *X509SVIDParams) ProtoReflect() protoreflect.Message

func (*X509SVIDParams) Reset

func (x *X509SVIDParams) Reset()

func (*X509SVIDParams) String

func (x *X509SVIDParams) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL