Documentation ¶
Index ¶
- Constants
- Variables
- func RegisterWorkloadIdentityIssuanceServiceServer(s grpc.ServiceRegistrar, srv WorkloadIdentityIssuanceServiceServer)
- func RegisterWorkloadIdentityResourceServiceServer(s grpc.ServiceRegistrar, srv WorkloadIdentityResourceServiceServer)
- type Attrs
- type CreateWorkloadIdentityRequest
- func (*CreateWorkloadIdentityRequest) Descriptor() ([]byte, []int)deprecated
- func (x *CreateWorkloadIdentityRequest) GetWorkloadIdentity() *WorkloadIdentity
- func (*CreateWorkloadIdentityRequest) ProtoMessage()
- func (x *CreateWorkloadIdentityRequest) ProtoReflect() protoreflect.Message
- func (x *CreateWorkloadIdentityRequest) Reset()
- func (x *CreateWorkloadIdentityRequest) String() string
- type Credential
- func (*Credential) Descriptor() ([]byte, []int)deprecated
- func (x *Credential) GetCredential() isCredential_Credential
- func (x *Credential) GetExpiresAt() *timestamppb.Timestamp
- func (x *Credential) GetHint() string
- func (x *Credential) GetJwtSvid() *JWTSVIDCredential
- func (x *Credential) GetSpiffeId() string
- func (x *Credential) GetTtl() *durationpb.Duration
- func (x *Credential) GetWorkloadIdentityName() string
- func (x *Credential) GetWorkloadIdentityRevision() string
- func (x *Credential) GetX509Svid() *X509SVIDCredential
- func (*Credential) ProtoMessage()
- func (x *Credential) ProtoReflect() protoreflect.Message
- func (x *Credential) Reset()
- func (x *Credential) String() string
- type Credential_JwtSvid
- type Credential_X509Svid
- type DeleteWorkloadIdentityRequest
- func (*DeleteWorkloadIdentityRequest) Descriptor() ([]byte, []int)deprecated
- func (x *DeleteWorkloadIdentityRequest) GetName() string
- func (*DeleteWorkloadIdentityRequest) ProtoMessage()
- func (x *DeleteWorkloadIdentityRequest) ProtoReflect() protoreflect.Message
- func (x *DeleteWorkloadIdentityRequest) Reset()
- func (x *DeleteWorkloadIdentityRequest) String() string
- type GetWorkloadIdentityRequest
- func (*GetWorkloadIdentityRequest) Descriptor() ([]byte, []int)deprecated
- func (x *GetWorkloadIdentityRequest) GetName() string
- func (*GetWorkloadIdentityRequest) ProtoMessage()
- func (x *GetWorkloadIdentityRequest) ProtoReflect() protoreflect.Message
- func (x *GetWorkloadIdentityRequest) Reset()
- func (x *GetWorkloadIdentityRequest) String() string
- type IssueWorkloadIdentitiesRequest
- func (*IssueWorkloadIdentitiesRequest) Descriptor() ([]byte, []int)deprecated
- func (x *IssueWorkloadIdentitiesRequest) GetCredential() isIssueWorkloadIdentitiesRequest_Credential
- func (x *IssueWorkloadIdentitiesRequest) GetJwtSvidParams() *JWTSVIDParams
- func (x *IssueWorkloadIdentitiesRequest) GetLabelSelectors() []*LabelSelector
- func (x *IssueWorkloadIdentitiesRequest) GetRequestedTtl() *durationpb.Duration
- func (x *IssueWorkloadIdentitiesRequest) GetWorkloadAttrs() *WorkloadAttrs
- func (x *IssueWorkloadIdentitiesRequest) GetX509SvidParams() *X509SVIDParams
- func (*IssueWorkloadIdentitiesRequest) ProtoMessage()
- func (x *IssueWorkloadIdentitiesRequest) ProtoReflect() protoreflect.Message
- func (x *IssueWorkloadIdentitiesRequest) Reset()
- func (x *IssueWorkloadIdentitiesRequest) String() string
- type IssueWorkloadIdentitiesRequest_JwtSvidParams
- type IssueWorkloadIdentitiesRequest_X509SvidParams
- type IssueWorkloadIdentitiesResponse
- func (*IssueWorkloadIdentitiesResponse) Descriptor() ([]byte, []int)deprecated
- func (x *IssueWorkloadIdentitiesResponse) GetCredentials() []*Credential
- func (*IssueWorkloadIdentitiesResponse) ProtoMessage()
- func (x *IssueWorkloadIdentitiesResponse) ProtoReflect() protoreflect.Message
- func (x *IssueWorkloadIdentitiesResponse) Reset()
- func (x *IssueWorkloadIdentitiesResponse) String() string
- type IssueWorkloadIdentityRequest
- func (*IssueWorkloadIdentityRequest) Descriptor() ([]byte, []int)deprecated
- func (x *IssueWorkloadIdentityRequest) GetCredential() isIssueWorkloadIdentityRequest_Credential
- func (x *IssueWorkloadIdentityRequest) GetJwtSvidParams() *JWTSVIDParams
- func (x *IssueWorkloadIdentityRequest) GetName() string
- func (x *IssueWorkloadIdentityRequest) GetRequestedTtl() *durationpb.Duration
- func (x *IssueWorkloadIdentityRequest) GetWorkloadAttrs() *WorkloadAttrs
- func (x *IssueWorkloadIdentityRequest) GetX509SvidParams() *X509SVIDParams
- func (*IssueWorkloadIdentityRequest) ProtoMessage()
- func (x *IssueWorkloadIdentityRequest) ProtoReflect() protoreflect.Message
- func (x *IssueWorkloadIdentityRequest) Reset()
- func (x *IssueWorkloadIdentityRequest) String() string
- type IssueWorkloadIdentityRequest_JwtSvidParams
- type IssueWorkloadIdentityRequest_X509SvidParams
- type IssueWorkloadIdentityResponse
- func (*IssueWorkloadIdentityResponse) Descriptor() ([]byte, []int)deprecated
- func (x *IssueWorkloadIdentityResponse) GetCredential() *Credential
- func (*IssueWorkloadIdentityResponse) ProtoMessage()
- func (x *IssueWorkloadIdentityResponse) ProtoReflect() protoreflect.Message
- func (x *IssueWorkloadIdentityResponse) Reset()
- func (x *IssueWorkloadIdentityResponse) String() string
- type JWTSVIDCredential
- func (*JWTSVIDCredential) Descriptor() ([]byte, []int)deprecated
- func (x *JWTSVIDCredential) GetJti() string
- func (x *JWTSVIDCredential) GetJwt() string
- func (*JWTSVIDCredential) ProtoMessage()
- func (x *JWTSVIDCredential) ProtoReflect() protoreflect.Message
- func (x *JWTSVIDCredential) Reset()
- func (x *JWTSVIDCredential) String() string
- type JWTSVIDParams
- type LabelSelector
- func (*LabelSelector) Descriptor() ([]byte, []int)deprecated
- func (x *LabelSelector) GetKey() string
- func (x *LabelSelector) GetValues() []string
- func (*LabelSelector) ProtoMessage()
- func (x *LabelSelector) ProtoReflect() protoreflect.Message
- func (x *LabelSelector) Reset()
- func (x *LabelSelector) String() string
- type ListWorkloadIdentitiesRequest
- func (*ListWorkloadIdentitiesRequest) Descriptor() ([]byte, []int)deprecated
- func (x *ListWorkloadIdentitiesRequest) GetPageSize() int32
- func (x *ListWorkloadIdentitiesRequest) GetPageToken() string
- func (*ListWorkloadIdentitiesRequest) ProtoMessage()
- func (x *ListWorkloadIdentitiesRequest) ProtoReflect() protoreflect.Message
- func (x *ListWorkloadIdentitiesRequest) Reset()
- func (x *ListWorkloadIdentitiesRequest) String() string
- type ListWorkloadIdentitiesResponse
- func (*ListWorkloadIdentitiesResponse) Descriptor() ([]byte, []int)deprecated
- func (x *ListWorkloadIdentitiesResponse) GetNextPageToken() string
- func (x *ListWorkloadIdentitiesResponse) GetWorkloadIdentities() []*WorkloadIdentity
- func (*ListWorkloadIdentitiesResponse) ProtoMessage()
- func (x *ListWorkloadIdentitiesResponse) ProtoReflect() protoreflect.Message
- func (x *ListWorkloadIdentitiesResponse) Reset()
- func (x *ListWorkloadIdentitiesResponse) String() string
- type UnimplementedWorkloadIdentityIssuanceServiceServer
- func (UnimplementedWorkloadIdentityIssuanceServiceServer) IssueWorkloadIdentities(context.Context, *IssueWorkloadIdentitiesRequest) (*IssueWorkloadIdentitiesResponse, error)
- func (UnimplementedWorkloadIdentityIssuanceServiceServer) IssueWorkloadIdentity(context.Context, *IssueWorkloadIdentityRequest) (*IssueWorkloadIdentityResponse, error)
- type UnimplementedWorkloadIdentityResourceServiceServer
- func (UnimplementedWorkloadIdentityResourceServiceServer) CreateWorkloadIdentity(context.Context, *CreateWorkloadIdentityRequest) (*WorkloadIdentity, error)
- func (UnimplementedWorkloadIdentityResourceServiceServer) DeleteWorkloadIdentity(context.Context, *DeleteWorkloadIdentityRequest) (*emptypb.Empty, error)
- func (UnimplementedWorkloadIdentityResourceServiceServer) GetWorkloadIdentity(context.Context, *GetWorkloadIdentityRequest) (*WorkloadIdentity, error)
- func (UnimplementedWorkloadIdentityResourceServiceServer) ListWorkloadIdentities(context.Context, *ListWorkloadIdentitiesRequest) (*ListWorkloadIdentitiesResponse, error)
- func (UnimplementedWorkloadIdentityResourceServiceServer) UpdateWorkloadIdentity(context.Context, *UpdateWorkloadIdentityRequest) (*WorkloadIdentity, error)
- func (UnimplementedWorkloadIdentityResourceServiceServer) UpsertWorkloadIdentity(context.Context, *UpsertWorkloadIdentityRequest) (*WorkloadIdentity, error)
- type UnsafeWorkloadIdentityIssuanceServiceServer
- type UnsafeWorkloadIdentityResourceServiceServer
- type UpdateWorkloadIdentityRequest
- func (*UpdateWorkloadIdentityRequest) Descriptor() ([]byte, []int)deprecated
- func (x *UpdateWorkloadIdentityRequest) GetWorkloadIdentity() *WorkloadIdentity
- func (*UpdateWorkloadIdentityRequest) ProtoMessage()
- func (x *UpdateWorkloadIdentityRequest) ProtoReflect() protoreflect.Message
- func (x *UpdateWorkloadIdentityRequest) Reset()
- func (x *UpdateWorkloadIdentityRequest) String() string
- type UpsertWorkloadIdentityRequest
- func (*UpsertWorkloadIdentityRequest) Descriptor() ([]byte, []int)deprecated
- func (x *UpsertWorkloadIdentityRequest) GetWorkloadIdentity() *WorkloadIdentity
- func (*UpsertWorkloadIdentityRequest) ProtoMessage()
- func (x *UpsertWorkloadIdentityRequest) ProtoReflect() protoreflect.Message
- func (x *UpsertWorkloadIdentityRequest) Reset()
- func (x *UpsertWorkloadIdentityRequest) String() string
- type UserAttrs
- func (*UserAttrs) Descriptor() ([]byte, []int)deprecated
- func (x *UserAttrs) GetBotInstanceId() string
- func (x *UserAttrs) GetBotName() string
- func (x *UserAttrs) GetIsBot() bool
- func (x *UserAttrs) GetLabels() map[string]string
- func (x *UserAttrs) GetName() string
- func (*UserAttrs) ProtoMessage()
- func (x *UserAttrs) ProtoReflect() protoreflect.Message
- func (x *UserAttrs) Reset()
- func (x *UserAttrs) String() string
- type WorkloadAttrs
- func (*WorkloadAttrs) Descriptor() ([]byte, []int)deprecated
- func (x *WorkloadAttrs) GetKubernetes() *WorkloadAttrsKubernetes
- func (x *WorkloadAttrs) GetUnix() *WorkloadAttrsUnix
- func (*WorkloadAttrs) ProtoMessage()
- func (x *WorkloadAttrs) ProtoReflect() protoreflect.Message
- func (x *WorkloadAttrs) Reset()
- func (x *WorkloadAttrs) String() string
- type WorkloadAttrsKubernetes
- func (*WorkloadAttrsKubernetes) Descriptor() ([]byte, []int)deprecated
- func (x *WorkloadAttrsKubernetes) GetAttested() bool
- func (x *WorkloadAttrsKubernetes) GetLabels() map[string]string
- func (x *WorkloadAttrsKubernetes) GetNamespace() string
- func (x *WorkloadAttrsKubernetes) GetPodName() string
- func (x *WorkloadAttrsKubernetes) GetPodUid() string
- func (x *WorkloadAttrsKubernetes) GetServiceAccount() string
- func (*WorkloadAttrsKubernetes) ProtoMessage()
- func (x *WorkloadAttrsKubernetes) ProtoReflect() protoreflect.Message
- func (x *WorkloadAttrsKubernetes) Reset()
- func (x *WorkloadAttrsKubernetes) String() string
- type WorkloadAttrsUnix
- func (*WorkloadAttrsUnix) Descriptor() ([]byte, []int)deprecated
- func (x *WorkloadAttrsUnix) GetAttested() bool
- func (x *WorkloadAttrsUnix) GetGid() uint32
- func (x *WorkloadAttrsUnix) GetPid() int32
- func (x *WorkloadAttrsUnix) GetUid() uint32
- func (*WorkloadAttrsUnix) ProtoMessage()
- func (x *WorkloadAttrsUnix) ProtoReflect() protoreflect.Message
- func (x *WorkloadAttrsUnix) Reset()
- func (x *WorkloadAttrsUnix) String() string
- type WorkloadIdentity
- func (*WorkloadIdentity) Descriptor() ([]byte, []int)deprecated
- func (x *WorkloadIdentity) GetKind() string
- func (x *WorkloadIdentity) GetMetadata() *v1.Metadata
- func (x *WorkloadIdentity) GetSpec() *WorkloadIdentitySpec
- func (x *WorkloadIdentity) GetSubKind() string
- func (x *WorkloadIdentity) GetVersion() string
- func (*WorkloadIdentity) ProtoMessage()
- func (x *WorkloadIdentity) ProtoReflect() protoreflect.Message
- func (x *WorkloadIdentity) Reset()
- func (x *WorkloadIdentity) String() string
- type WorkloadIdentityCondition
- func (*WorkloadIdentityCondition) Descriptor() ([]byte, []int)deprecated
- func (x *WorkloadIdentityCondition) GetAttribute() string
- func (x *WorkloadIdentityCondition) GetEquals() string
- func (*WorkloadIdentityCondition) ProtoMessage()
- func (x *WorkloadIdentityCondition) ProtoReflect() protoreflect.Message
- func (x *WorkloadIdentityCondition) Reset()
- func (x *WorkloadIdentityCondition) String() string
- type WorkloadIdentityIssuanceServiceClient
- type WorkloadIdentityIssuanceServiceServer
- type WorkloadIdentityResourceServiceClient
- type WorkloadIdentityResourceServiceServer
- type WorkloadIdentityRule
- func (*WorkloadIdentityRule) Descriptor() ([]byte, []int)deprecated
- func (x *WorkloadIdentityRule) GetConditions() []*WorkloadIdentityCondition
- func (*WorkloadIdentityRule) ProtoMessage()
- func (x *WorkloadIdentityRule) ProtoReflect() protoreflect.Message
- func (x *WorkloadIdentityRule) Reset()
- func (x *WorkloadIdentityRule) String() string
- type WorkloadIdentityRules
- func (*WorkloadIdentityRules) Descriptor() ([]byte, []int)deprecated
- func (x *WorkloadIdentityRules) GetAllow() []*WorkloadIdentityRule
- func (*WorkloadIdentityRules) ProtoMessage()
- func (x *WorkloadIdentityRules) ProtoReflect() protoreflect.Message
- func (x *WorkloadIdentityRules) Reset()
- func (x *WorkloadIdentityRules) String() string
- type WorkloadIdentitySPIFFE
- func (*WorkloadIdentitySPIFFE) Descriptor() ([]byte, []int)deprecated
- func (x *WorkloadIdentitySPIFFE) GetHint() string
- func (x *WorkloadIdentitySPIFFE) GetId() string
- func (*WorkloadIdentitySPIFFE) ProtoMessage()
- func (x *WorkloadIdentitySPIFFE) ProtoReflect() protoreflect.Message
- func (x *WorkloadIdentitySPIFFE) Reset()
- func (x *WorkloadIdentitySPIFFE) String() string
- type WorkloadIdentitySpec
- func (*WorkloadIdentitySpec) Descriptor() ([]byte, []int)deprecated
- func (x *WorkloadIdentitySpec) GetRules() *WorkloadIdentityRules
- func (x *WorkloadIdentitySpec) GetSpiffe() *WorkloadIdentitySPIFFE
- func (*WorkloadIdentitySpec) ProtoMessage()
- func (x *WorkloadIdentitySpec) ProtoReflect() protoreflect.Message
- func (x *WorkloadIdentitySpec) Reset()
- func (x *WorkloadIdentitySpec) String() string
- type X509SVIDCredential
- func (*X509SVIDCredential) Descriptor() ([]byte, []int)deprecated
- func (x *X509SVIDCredential) GetCert() []byte
- func (x *X509SVIDCredential) GetSerialNumber() string
- func (*X509SVIDCredential) ProtoMessage()
- func (x *X509SVIDCredential) ProtoReflect() protoreflect.Message
- func (x *X509SVIDCredential) Reset()
- func (x *X509SVIDCredential) String() string
- type X509SVIDParams
Constants ¶
const ( WorkloadIdentityIssuanceService_IssueWorkloadIdentity_FullMethodName = "/teleport.workloadidentity.v1.WorkloadIdentityIssuanceService/IssueWorkloadIdentity" WorkloadIdentityIssuanceService_IssueWorkloadIdentities_FullMethodName = "/teleport.workloadidentity.v1.WorkloadIdentityIssuanceService/IssueWorkloadIdentities" )
const ( WorkloadIdentityResourceService_CreateWorkloadIdentity_FullMethodName = "/teleport.workloadidentity.v1.WorkloadIdentityResourceService/CreateWorkloadIdentity" WorkloadIdentityResourceService_UpdateWorkloadIdentity_FullMethodName = "/teleport.workloadidentity.v1.WorkloadIdentityResourceService/UpdateWorkloadIdentity" WorkloadIdentityResourceService_UpsertWorkloadIdentity_FullMethodName = "/teleport.workloadidentity.v1.WorkloadIdentityResourceService/UpsertWorkloadIdentity" WorkloadIdentityResourceService_GetWorkloadIdentity_FullMethodName = "/teleport.workloadidentity.v1.WorkloadIdentityResourceService/GetWorkloadIdentity" WorkloadIdentityResourceService_DeleteWorkloadIdentity_FullMethodName = "/teleport.workloadidentity.v1.WorkloadIdentityResourceService/DeleteWorkloadIdentity" WorkloadIdentityResourceService_ListWorkloadIdentities_FullMethodName = "/teleport.workloadidentity.v1.WorkloadIdentityResourceService/ListWorkloadIdentities" )
Variables ¶
var File_teleport_workloadidentity_v1_attrs_proto protoreflect.FileDescriptor
var File_teleport_workloadidentity_v1_issuance_service_proto protoreflect.FileDescriptor
var File_teleport_workloadidentity_v1_resource_proto protoreflect.FileDescriptor
var File_teleport_workloadidentity_v1_resource_service_proto protoreflect.FileDescriptor
var WorkloadIdentityIssuanceService_ServiceDesc = grpc.ServiceDesc{ ServiceName: "teleport.workloadidentity.v1.WorkloadIdentityIssuanceService", HandlerType: (*WorkloadIdentityIssuanceServiceServer)(nil), Methods: []grpc.MethodDesc{ { MethodName: "IssueWorkloadIdentity", Handler: _WorkloadIdentityIssuanceService_IssueWorkloadIdentity_Handler, }, { MethodName: "IssueWorkloadIdentities", Handler: _WorkloadIdentityIssuanceService_IssueWorkloadIdentities_Handler, }, }, Streams: []grpc.StreamDesc{}, Metadata: "teleport/workloadidentity/v1/issuance_service.proto", }
WorkloadIdentityIssuanceService_ServiceDesc is the grpc.ServiceDesc for WorkloadIdentityIssuanceService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)
var WorkloadIdentityResourceService_ServiceDesc = grpc.ServiceDesc{ ServiceName: "teleport.workloadidentity.v1.WorkloadIdentityResourceService", HandlerType: (*WorkloadIdentityResourceServiceServer)(nil), Methods: []grpc.MethodDesc{ { MethodName: "CreateWorkloadIdentity", Handler: _WorkloadIdentityResourceService_CreateWorkloadIdentity_Handler, }, { MethodName: "UpdateWorkloadIdentity", Handler: _WorkloadIdentityResourceService_UpdateWorkloadIdentity_Handler, }, { MethodName: "UpsertWorkloadIdentity", Handler: _WorkloadIdentityResourceService_UpsertWorkloadIdentity_Handler, }, { MethodName: "GetWorkloadIdentity", Handler: _WorkloadIdentityResourceService_GetWorkloadIdentity_Handler, }, { MethodName: "DeleteWorkloadIdentity", Handler: _WorkloadIdentityResourceService_DeleteWorkloadIdentity_Handler, }, { MethodName: "ListWorkloadIdentities", Handler: _WorkloadIdentityResourceService_ListWorkloadIdentities_Handler, }, }, Streams: []grpc.StreamDesc{}, Metadata: "teleport/workloadidentity/v1/resource_service.proto", }
WorkloadIdentityResourceService_ServiceDesc is the grpc.ServiceDesc for WorkloadIdentityResourceService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)
Functions ¶
func RegisterWorkloadIdentityIssuanceServiceServer ¶
func RegisterWorkloadIdentityIssuanceServiceServer(s grpc.ServiceRegistrar, srv WorkloadIdentityIssuanceServiceServer)
func RegisterWorkloadIdentityResourceServiceServer ¶
func RegisterWorkloadIdentityResourceServiceServer(s grpc.ServiceRegistrar, srv WorkloadIdentityResourceServiceServer)
Types ¶
type Attrs ¶
type Attrs struct { // Attributes sourced by workload attestation performed by `tbot`. Workload *WorkloadAttrs `protobuf:"bytes,1,opt,name=workload,proto3" json:"workload,omitempty"` // Attributes sourced from the user/bot making the request for a workload // identity credential. User *UserAttrs `protobuf:"bytes,2,opt,name=user,proto3" json:"user,omitempty"` // contains filtered or unexported fields }
The attributes of a principal requesting a workload identity. These attributes can be leveraged in rules, expressions and templating within the WorkloadIdentity resource.
func (*Attrs) Descriptor
deprecated
func (*Attrs) GetWorkload ¶
func (x *Attrs) GetWorkload() *WorkloadAttrs
func (*Attrs) ProtoMessage ¶
func (*Attrs) ProtoMessage()
func (*Attrs) ProtoReflect ¶
func (x *Attrs) ProtoReflect() protoreflect.Message
type CreateWorkloadIdentityRequest ¶
type CreateWorkloadIdentityRequest struct { // The workload identity to create. WorkloadIdentity *WorkloadIdentity `protobuf:"bytes,1,opt,name=workload_identity,json=workloadIdentity,proto3" json:"workload_identity,omitempty"` // contains filtered or unexported fields }
The request for CreateWorkloadIdentity.
func (*CreateWorkloadIdentityRequest) Descriptor
deprecated
func (*CreateWorkloadIdentityRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateWorkloadIdentityRequest.ProtoReflect.Descriptor instead.
func (*CreateWorkloadIdentityRequest) GetWorkloadIdentity ¶
func (x *CreateWorkloadIdentityRequest) GetWorkloadIdentity() *WorkloadIdentity
func (*CreateWorkloadIdentityRequest) ProtoMessage ¶
func (*CreateWorkloadIdentityRequest) ProtoMessage()
func (*CreateWorkloadIdentityRequest) ProtoReflect ¶
func (x *CreateWorkloadIdentityRequest) ProtoReflect() protoreflect.Message
func (*CreateWorkloadIdentityRequest) Reset ¶
func (x *CreateWorkloadIdentityRequest) Reset()
func (*CreateWorkloadIdentityRequest) String ¶
func (x *CreateWorkloadIdentityRequest) String() string
type Credential ¶
type Credential struct { // The TTL that was chosen by the server. Ttl *durationpb.Duration `protobuf:"bytes,1,opt,name=ttl,proto3" json:"ttl,omitempty"` // The time that the TTL is reached for this credential. ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` // The hint configured for this Workload Identity - if any. This is provided // to workloads using the SPIFFE Workload API to fetch credentials. Hint string `protobuf:"bytes,3,opt,name=hint,proto3" json:"hint,omitempty"` // The name of the Workload Identity resource used to issue this credential. WorkloadIdentityName string `protobuf:"bytes,4,opt,name=workload_identity_name,json=workloadIdentityName,proto3" json:"workload_identity_name,omitempty"` // The revision of the Workload Identity resource used to issue this // credential. WorkloadIdentityRevision string `` /* 135-byte string literal not displayed */ // The fully qualified SPIFFE ID that was encoded into the SVID. SpiffeId string `protobuf:"bytes,6,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"` // Types that are valid to be assigned to Credential: // // *Credential_X509Svid // *Credential_JwtSvid Credential isCredential_Credential `protobuf_oneof:"credential"` // contains filtered or unexported fields }
A credential, and its metadata, that has been issued by Teleport Workload Identity.
func (*Credential) Descriptor
deprecated
func (*Credential) Descriptor() ([]byte, []int)
Deprecated: Use Credential.ProtoReflect.Descriptor instead.
func (*Credential) GetCredential ¶
func (x *Credential) GetCredential() isCredential_Credential
func (*Credential) GetExpiresAt ¶
func (x *Credential) GetExpiresAt() *timestamppb.Timestamp
func (*Credential) GetHint ¶
func (x *Credential) GetHint() string
func (*Credential) GetJwtSvid ¶
func (x *Credential) GetJwtSvid() *JWTSVIDCredential
func (*Credential) GetSpiffeId ¶
func (x *Credential) GetSpiffeId() string
func (*Credential) GetTtl ¶
func (x *Credential) GetTtl() *durationpb.Duration
func (*Credential) GetWorkloadIdentityName ¶
func (x *Credential) GetWorkloadIdentityName() string
func (*Credential) GetWorkloadIdentityRevision ¶
func (x *Credential) GetWorkloadIdentityRevision() string
func (*Credential) GetX509Svid ¶
func (x *Credential) GetX509Svid() *X509SVIDCredential
func (*Credential) ProtoMessage ¶
func (*Credential) ProtoMessage()
func (*Credential) ProtoReflect ¶
func (x *Credential) ProtoReflect() protoreflect.Message
func (*Credential) Reset ¶
func (x *Credential) Reset()
func (*Credential) String ¶
func (x *Credential) String() string
type Credential_JwtSvid ¶
type Credential_JwtSvid struct { // The JWT SVID that was issued. JwtSvid *JWTSVIDCredential `protobuf:"bytes,8,opt,name=jwt_svid,json=jwtSvid,proto3,oneof"` }
type Credential_X509Svid ¶
type Credential_X509Svid struct { // The X509 SVID that was issued. X509Svid *X509SVIDCredential `protobuf:"bytes,7,opt,name=x509_svid,json=x509Svid,proto3,oneof"` }
type DeleteWorkloadIdentityRequest ¶
type DeleteWorkloadIdentityRequest struct { // The name of the workload identity to delete. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // contains filtered or unexported fields }
The request for DeleteWorkloadIdentity.
func (*DeleteWorkloadIdentityRequest) Descriptor
deprecated
func (*DeleteWorkloadIdentityRequest) Descriptor() ([]byte, []int)
Deprecated: Use DeleteWorkloadIdentityRequest.ProtoReflect.Descriptor instead.
func (*DeleteWorkloadIdentityRequest) GetName ¶
func (x *DeleteWorkloadIdentityRequest) GetName() string
func (*DeleteWorkloadIdentityRequest) ProtoMessage ¶
func (*DeleteWorkloadIdentityRequest) ProtoMessage()
func (*DeleteWorkloadIdentityRequest) ProtoReflect ¶
func (x *DeleteWorkloadIdentityRequest) ProtoReflect() protoreflect.Message
func (*DeleteWorkloadIdentityRequest) Reset ¶
func (x *DeleteWorkloadIdentityRequest) Reset()
func (*DeleteWorkloadIdentityRequest) String ¶
func (x *DeleteWorkloadIdentityRequest) String() string
type GetWorkloadIdentityRequest ¶
type GetWorkloadIdentityRequest struct { // The name of the workload identity to retrieve. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // contains filtered or unexported fields }
The request for GetWorkloadIdentity.
func (*GetWorkloadIdentityRequest) Descriptor
deprecated
func (*GetWorkloadIdentityRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetWorkloadIdentityRequest.ProtoReflect.Descriptor instead.
func (*GetWorkloadIdentityRequest) GetName ¶
func (x *GetWorkloadIdentityRequest) GetName() string
func (*GetWorkloadIdentityRequest) ProtoMessage ¶
func (*GetWorkloadIdentityRequest) ProtoMessage()
func (*GetWorkloadIdentityRequest) ProtoReflect ¶
func (x *GetWorkloadIdentityRequest) ProtoReflect() protoreflect.Message
func (*GetWorkloadIdentityRequest) Reset ¶
func (x *GetWorkloadIdentityRequest) Reset()
func (*GetWorkloadIdentityRequest) String ¶
func (x *GetWorkloadIdentityRequest) String() string
type IssueWorkloadIdentitiesRequest ¶
type IssueWorkloadIdentitiesRequest struct { // The label selectors to use for selecting WorkloadIdentity resources. // At least one selector must be provided. LabelSelectors []*LabelSelector `protobuf:"bytes,1,rep,name=label_selectors,json=labelSelectors,proto3" json:"label_selectors,omitempty"` // The parameters for issuing the credentials, varying by credential type. // // Types that are valid to be assigned to Credential: // // *IssueWorkloadIdentitiesRequest_X509SvidParams // *IssueWorkloadIdentitiesRequest_JwtSvidParams Credential isIssueWorkloadIdentitiesRequest_Credential `protobuf_oneof:"credential"` // The workload attributes to encode into the credentials. WorkloadAttrs *WorkloadAttrs `protobuf:"bytes,4,opt,name=workload_attrs,json=workloadAttrs,proto3" json:"workload_attrs,omitempty"` // The TTL that the client is requesting for the resulting credentials. // This may be adjusted by the server and therefore the client MUST check the // returned TTL rather than assuming that the requested TTL was granted. RequestedTtl *durationpb.Duration `protobuf:"bytes,5,opt,name=requested_ttl,json=requestedTtl,proto3" json:"requested_ttl,omitempty"` // contains filtered or unexported fields }
The request for the IssueWorkloadIdentities RPC.
func (*IssueWorkloadIdentitiesRequest) Descriptor
deprecated
func (*IssueWorkloadIdentitiesRequest) Descriptor() ([]byte, []int)
Deprecated: Use IssueWorkloadIdentitiesRequest.ProtoReflect.Descriptor instead.
func (*IssueWorkloadIdentitiesRequest) GetCredential ¶
func (x *IssueWorkloadIdentitiesRequest) GetCredential() isIssueWorkloadIdentitiesRequest_Credential
func (*IssueWorkloadIdentitiesRequest) GetJwtSvidParams ¶
func (x *IssueWorkloadIdentitiesRequest) GetJwtSvidParams() *JWTSVIDParams
func (*IssueWorkloadIdentitiesRequest) GetLabelSelectors ¶
func (x *IssueWorkloadIdentitiesRequest) GetLabelSelectors() []*LabelSelector
func (*IssueWorkloadIdentitiesRequest) GetRequestedTtl ¶
func (x *IssueWorkloadIdentitiesRequest) GetRequestedTtl() *durationpb.Duration
func (*IssueWorkloadIdentitiesRequest) GetWorkloadAttrs ¶
func (x *IssueWorkloadIdentitiesRequest) GetWorkloadAttrs() *WorkloadAttrs
func (*IssueWorkloadIdentitiesRequest) GetX509SvidParams ¶
func (x *IssueWorkloadIdentitiesRequest) GetX509SvidParams() *X509SVIDParams
func (*IssueWorkloadIdentitiesRequest) ProtoMessage ¶
func (*IssueWorkloadIdentitiesRequest) ProtoMessage()
func (*IssueWorkloadIdentitiesRequest) ProtoReflect ¶
func (x *IssueWorkloadIdentitiesRequest) ProtoReflect() protoreflect.Message
func (*IssueWorkloadIdentitiesRequest) Reset ¶
func (x *IssueWorkloadIdentitiesRequest) Reset()
func (*IssueWorkloadIdentitiesRequest) String ¶
func (x *IssueWorkloadIdentitiesRequest) String() string
type IssueWorkloadIdentitiesRequest_JwtSvidParams ¶
type IssueWorkloadIdentitiesRequest_JwtSvidParams struct { // The parameters for issuing a JWT SVID. JwtSvidParams *JWTSVIDParams `protobuf:"bytes,3,opt,name=jwt_svid_params,json=jwtSvidParams,proto3,oneof"` }
type IssueWorkloadIdentitiesRequest_X509SvidParams ¶
type IssueWorkloadIdentitiesRequest_X509SvidParams struct { // The parameters for issuing an X509 SVID. X509SvidParams *X509SVIDParams `protobuf:"bytes,2,opt,name=x509_svid_params,json=x509SvidParams,proto3,oneof"` }
type IssueWorkloadIdentitiesResponse ¶
type IssueWorkloadIdentitiesResponse struct { // The issued credentials. Credentials []*Credential `protobuf:"bytes,1,rep,name=credentials,proto3" json:"credentials,omitempty"` // contains filtered or unexported fields }
The response for the IssueWorkloadIdentities RPC.
func (*IssueWorkloadIdentitiesResponse) Descriptor
deprecated
func (*IssueWorkloadIdentitiesResponse) Descriptor() ([]byte, []int)
Deprecated: Use IssueWorkloadIdentitiesResponse.ProtoReflect.Descriptor instead.
func (*IssueWorkloadIdentitiesResponse) GetCredentials ¶
func (x *IssueWorkloadIdentitiesResponse) GetCredentials() []*Credential
func (*IssueWorkloadIdentitiesResponse) ProtoMessage ¶
func (*IssueWorkloadIdentitiesResponse) ProtoMessage()
func (*IssueWorkloadIdentitiesResponse) ProtoReflect ¶
func (x *IssueWorkloadIdentitiesResponse) ProtoReflect() protoreflect.Message
func (*IssueWorkloadIdentitiesResponse) Reset ¶
func (x *IssueWorkloadIdentitiesResponse) Reset()
func (*IssueWorkloadIdentitiesResponse) String ¶
func (x *IssueWorkloadIdentitiesResponse) String() string
type IssueWorkloadIdentityRequest ¶
type IssueWorkloadIdentityRequest struct { // The name of the WorkloadIdentity resource to use for issuing the credential. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The parameters for issuing the credential, varying by credential type. // // Types that are valid to be assigned to Credential: // // *IssueWorkloadIdentityRequest_X509SvidParams // *IssueWorkloadIdentityRequest_JwtSvidParams Credential isIssueWorkloadIdentityRequest_Credential `protobuf_oneof:"credential"` // The workload attributes to encode into the credential. WorkloadAttrs *WorkloadAttrs `protobuf:"bytes,4,opt,name=workload_attrs,json=workloadAttrs,proto3" json:"workload_attrs,omitempty"` // The TTL that the client is requesting for the resulting credentials. // This may be adjusted by the server and therefore the client MUST check the // returned TTL rather than assuming that the requested TTL was granted. RequestedTtl *durationpb.Duration `protobuf:"bytes,5,opt,name=requested_ttl,json=requestedTtl,proto3" json:"requested_ttl,omitempty"` // contains filtered or unexported fields }
The request for the IssueWorkloadIdentity RPC.
func (*IssueWorkloadIdentityRequest) Descriptor
deprecated
func (*IssueWorkloadIdentityRequest) Descriptor() ([]byte, []int)
Deprecated: Use IssueWorkloadIdentityRequest.ProtoReflect.Descriptor instead.
func (*IssueWorkloadIdentityRequest) GetCredential ¶
func (x *IssueWorkloadIdentityRequest) GetCredential() isIssueWorkloadIdentityRequest_Credential
func (*IssueWorkloadIdentityRequest) GetJwtSvidParams ¶
func (x *IssueWorkloadIdentityRequest) GetJwtSvidParams() *JWTSVIDParams
func (*IssueWorkloadIdentityRequest) GetName ¶
func (x *IssueWorkloadIdentityRequest) GetName() string
func (*IssueWorkloadIdentityRequest) GetRequestedTtl ¶
func (x *IssueWorkloadIdentityRequest) GetRequestedTtl() *durationpb.Duration
func (*IssueWorkloadIdentityRequest) GetWorkloadAttrs ¶
func (x *IssueWorkloadIdentityRequest) GetWorkloadAttrs() *WorkloadAttrs
func (*IssueWorkloadIdentityRequest) GetX509SvidParams ¶
func (x *IssueWorkloadIdentityRequest) GetX509SvidParams() *X509SVIDParams
func (*IssueWorkloadIdentityRequest) ProtoMessage ¶
func (*IssueWorkloadIdentityRequest) ProtoMessage()
func (*IssueWorkloadIdentityRequest) ProtoReflect ¶
func (x *IssueWorkloadIdentityRequest) ProtoReflect() protoreflect.Message
func (*IssueWorkloadIdentityRequest) Reset ¶
func (x *IssueWorkloadIdentityRequest) Reset()
func (*IssueWorkloadIdentityRequest) String ¶
func (x *IssueWorkloadIdentityRequest) String() string
type IssueWorkloadIdentityRequest_JwtSvidParams ¶
type IssueWorkloadIdentityRequest_JwtSvidParams struct { // The parameters for issuing a JWT SVID. JwtSvidParams *JWTSVIDParams `protobuf:"bytes,3,opt,name=jwt_svid_params,json=jwtSvidParams,proto3,oneof"` }
type IssueWorkloadIdentityRequest_X509SvidParams ¶
type IssueWorkloadIdentityRequest_X509SvidParams struct { // The parameters for issuing an X509 SVID. X509SvidParams *X509SVIDParams `protobuf:"bytes,2,opt,name=x509_svid_params,json=x509SvidParams,proto3,oneof"` }
type IssueWorkloadIdentityResponse ¶
type IssueWorkloadIdentityResponse struct { // The issued credential. Credential *Credential `protobuf:"bytes,1,opt,name=credential,proto3" json:"credential,omitempty"` // contains filtered or unexported fields }
The response for the IssueWorkloadIdentity RPC.
func (*IssueWorkloadIdentityResponse) Descriptor
deprecated
func (*IssueWorkloadIdentityResponse) Descriptor() ([]byte, []int)
Deprecated: Use IssueWorkloadIdentityResponse.ProtoReflect.Descriptor instead.
func (*IssueWorkloadIdentityResponse) GetCredential ¶
func (x *IssueWorkloadIdentityResponse) GetCredential() *Credential
func (*IssueWorkloadIdentityResponse) ProtoMessage ¶
func (*IssueWorkloadIdentityResponse) ProtoMessage()
func (*IssueWorkloadIdentityResponse) ProtoReflect ¶
func (x *IssueWorkloadIdentityResponse) ProtoReflect() protoreflect.Message
func (*IssueWorkloadIdentityResponse) Reset ¶
func (x *IssueWorkloadIdentityResponse) Reset()
func (*IssueWorkloadIdentityResponse) String ¶
func (x *IssueWorkloadIdentityResponse) String() string
type JWTSVIDCredential ¶
type JWTSVIDCredential struct { // The signed JWT Jwt string `protobuf:"bytes,1,opt,name=jwt,proto3" json:"jwt,omitempty"` // The JTI of the JWT Jti string `protobuf:"bytes,2,opt,name=jti,proto3" json:"jti,omitempty"` // contains filtered or unexported fields }
The issued JWT SVID credential and any JWT SVID specific metadata.
func (*JWTSVIDCredential) Descriptor
deprecated
func (*JWTSVIDCredential) Descriptor() ([]byte, []int)
Deprecated: Use JWTSVIDCredential.ProtoReflect.Descriptor instead.
func (*JWTSVIDCredential) GetJti ¶
func (x *JWTSVIDCredential) GetJti() string
func (*JWTSVIDCredential) GetJwt ¶
func (x *JWTSVIDCredential) GetJwt() string
func (*JWTSVIDCredential) ProtoMessage ¶
func (*JWTSVIDCredential) ProtoMessage()
func (*JWTSVIDCredential) ProtoReflect ¶
func (x *JWTSVIDCredential) ProtoReflect() protoreflect.Message
func (*JWTSVIDCredential) Reset ¶
func (x *JWTSVIDCredential) Reset()
func (*JWTSVIDCredential) String ¶
func (x *JWTSVIDCredential) String() string
type JWTSVIDParams ¶
type JWTSVIDParams struct { // The audiences to encode into the JWT SVID as the `aud` claim. Audiences []string `protobuf:"bytes,1,rep,name=audiences,proto3" json:"audiences,omitempty"` // contains filtered or unexported fields }
The parameters for issuing a JWT SVID.
func (*JWTSVIDParams) Descriptor
deprecated
func (*JWTSVIDParams) Descriptor() ([]byte, []int)
Deprecated: Use JWTSVIDParams.ProtoReflect.Descriptor instead.
func (*JWTSVIDParams) GetAudiences ¶
func (x *JWTSVIDParams) GetAudiences() []string
func (*JWTSVIDParams) ProtoMessage ¶
func (*JWTSVIDParams) ProtoMessage()
func (*JWTSVIDParams) ProtoReflect ¶
func (x *JWTSVIDParams) ProtoReflect() protoreflect.Message
func (*JWTSVIDParams) Reset ¶
func (x *JWTSVIDParams) Reset()
func (*JWTSVIDParams) String ¶
func (x *JWTSVIDParams) String() string
type LabelSelector ¶
type LabelSelector struct { // The key to match. // If this is wildcard, then a single value of wildcard must also be provided. Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` // Any of the acceptable matching values. Values []string `protobuf:"bytes,2,rep,name=values,proto3" json:"values,omitempty"` // contains filtered or unexported fields }
A key-values pair for selecting WorkloadIdentity resources based on their labels.
func (*LabelSelector) Descriptor
deprecated
func (*LabelSelector) Descriptor() ([]byte, []int)
Deprecated: Use LabelSelector.ProtoReflect.Descriptor instead.
func (*LabelSelector) GetKey ¶
func (x *LabelSelector) GetKey() string
func (*LabelSelector) GetValues ¶
func (x *LabelSelector) GetValues() []string
func (*LabelSelector) ProtoMessage ¶
func (*LabelSelector) ProtoMessage()
func (*LabelSelector) ProtoReflect ¶
func (x *LabelSelector) ProtoReflect() protoreflect.Message
func (*LabelSelector) Reset ¶
func (x *LabelSelector) Reset()
func (*LabelSelector) String ¶
func (x *LabelSelector) String() string
type ListWorkloadIdentitiesRequest ¶
type ListWorkloadIdentitiesRequest struct { // The maximum number of items to return. // The server may impose a different page size at its discretion. PageSize int32 `protobuf:"varint,1,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"` // The page_token value returned from a previous ListWorkloadIdentities request, if any. PageToken string `protobuf:"bytes,2,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"` // contains filtered or unexported fields }
The request for ListWorkloadIdentities.
func (*ListWorkloadIdentitiesRequest) Descriptor
deprecated
func (*ListWorkloadIdentitiesRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListWorkloadIdentitiesRequest.ProtoReflect.Descriptor instead.
func (*ListWorkloadIdentitiesRequest) GetPageSize ¶
func (x *ListWorkloadIdentitiesRequest) GetPageSize() int32
func (*ListWorkloadIdentitiesRequest) GetPageToken ¶
func (x *ListWorkloadIdentitiesRequest) GetPageToken() string
func (*ListWorkloadIdentitiesRequest) ProtoMessage ¶
func (*ListWorkloadIdentitiesRequest) ProtoMessage()
func (*ListWorkloadIdentitiesRequest) ProtoReflect ¶
func (x *ListWorkloadIdentitiesRequest) ProtoReflect() protoreflect.Message
func (*ListWorkloadIdentitiesRequest) Reset ¶
func (x *ListWorkloadIdentitiesRequest) Reset()
func (*ListWorkloadIdentitiesRequest) String ¶
func (x *ListWorkloadIdentitiesRequest) String() string
type ListWorkloadIdentitiesResponse ¶
type ListWorkloadIdentitiesResponse struct { // The page of workload identities that matched the request. WorkloadIdentities []*WorkloadIdentity `protobuf:"bytes,1,rep,name=workload_identities,json=workloadIdentities,proto3" json:"workload_identities,omitempty"` // Token to retrieve the next page of results, or empty if there are no // more results in the list. NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"` // contains filtered or unexported fields }
The response for ListWorkloadIdentities.
func (*ListWorkloadIdentitiesResponse) Descriptor
deprecated
func (*ListWorkloadIdentitiesResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListWorkloadIdentitiesResponse.ProtoReflect.Descriptor instead.
func (*ListWorkloadIdentitiesResponse) GetNextPageToken ¶
func (x *ListWorkloadIdentitiesResponse) GetNextPageToken() string
func (*ListWorkloadIdentitiesResponse) GetWorkloadIdentities ¶
func (x *ListWorkloadIdentitiesResponse) GetWorkloadIdentities() []*WorkloadIdentity
func (*ListWorkloadIdentitiesResponse) ProtoMessage ¶
func (*ListWorkloadIdentitiesResponse) ProtoMessage()
func (*ListWorkloadIdentitiesResponse) ProtoReflect ¶
func (x *ListWorkloadIdentitiesResponse) ProtoReflect() protoreflect.Message
func (*ListWorkloadIdentitiesResponse) Reset ¶
func (x *ListWorkloadIdentitiesResponse) Reset()
func (*ListWorkloadIdentitiesResponse) String ¶
func (x *ListWorkloadIdentitiesResponse) String() string
type UnimplementedWorkloadIdentityIssuanceServiceServer ¶
type UnimplementedWorkloadIdentityIssuanceServiceServer struct{}
UnimplementedWorkloadIdentityIssuanceServiceServer must be embedded to have forward compatible implementations.
NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.
func (UnimplementedWorkloadIdentityIssuanceServiceServer) IssueWorkloadIdentities ¶
func (UnimplementedWorkloadIdentityIssuanceServiceServer) IssueWorkloadIdentities(context.Context, *IssueWorkloadIdentitiesRequest) (*IssueWorkloadIdentitiesResponse, error)
func (UnimplementedWorkloadIdentityIssuanceServiceServer) IssueWorkloadIdentity ¶
func (UnimplementedWorkloadIdentityIssuanceServiceServer) IssueWorkloadIdentity(context.Context, *IssueWorkloadIdentityRequest) (*IssueWorkloadIdentityResponse, error)
type UnimplementedWorkloadIdentityResourceServiceServer ¶
type UnimplementedWorkloadIdentityResourceServiceServer struct{}
UnimplementedWorkloadIdentityResourceServiceServer must be embedded to have forward compatible implementations.
NOTE: this should be embedded by value instead of pointer to avoid a nil pointer dereference when methods are called.
func (UnimplementedWorkloadIdentityResourceServiceServer) CreateWorkloadIdentity ¶
func (UnimplementedWorkloadIdentityResourceServiceServer) CreateWorkloadIdentity(context.Context, *CreateWorkloadIdentityRequest) (*WorkloadIdentity, error)
func (UnimplementedWorkloadIdentityResourceServiceServer) DeleteWorkloadIdentity ¶
func (UnimplementedWorkloadIdentityResourceServiceServer) DeleteWorkloadIdentity(context.Context, *DeleteWorkloadIdentityRequest) (*emptypb.Empty, error)
func (UnimplementedWorkloadIdentityResourceServiceServer) GetWorkloadIdentity ¶
func (UnimplementedWorkloadIdentityResourceServiceServer) GetWorkloadIdentity(context.Context, *GetWorkloadIdentityRequest) (*WorkloadIdentity, error)
func (UnimplementedWorkloadIdentityResourceServiceServer) ListWorkloadIdentities ¶
func (UnimplementedWorkloadIdentityResourceServiceServer) ListWorkloadIdentities(context.Context, *ListWorkloadIdentitiesRequest) (*ListWorkloadIdentitiesResponse, error)
func (UnimplementedWorkloadIdentityResourceServiceServer) UpdateWorkloadIdentity ¶
func (UnimplementedWorkloadIdentityResourceServiceServer) UpdateWorkloadIdentity(context.Context, *UpdateWorkloadIdentityRequest) (*WorkloadIdentity, error)
func (UnimplementedWorkloadIdentityResourceServiceServer) UpsertWorkloadIdentity ¶
func (UnimplementedWorkloadIdentityResourceServiceServer) UpsertWorkloadIdentity(context.Context, *UpsertWorkloadIdentityRequest) (*WorkloadIdentity, error)
type UnsafeWorkloadIdentityIssuanceServiceServer ¶
type UnsafeWorkloadIdentityIssuanceServiceServer interface {
// contains filtered or unexported methods
}
UnsafeWorkloadIdentityIssuanceServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to WorkloadIdentityIssuanceServiceServer will result in compilation errors.
type UnsafeWorkloadIdentityResourceServiceServer ¶
type UnsafeWorkloadIdentityResourceServiceServer interface {
// contains filtered or unexported methods
}
UnsafeWorkloadIdentityResourceServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to WorkloadIdentityResourceServiceServer will result in compilation errors.
type UpdateWorkloadIdentityRequest ¶
type UpdateWorkloadIdentityRequest struct { // The workload identity to update. WorkloadIdentity *WorkloadIdentity `protobuf:"bytes,1,opt,name=workload_identity,json=workloadIdentity,proto3" json:"workload_identity,omitempty"` // contains filtered or unexported fields }
The request for UpdateWorkloadIdentity.
func (*UpdateWorkloadIdentityRequest) Descriptor
deprecated
func (*UpdateWorkloadIdentityRequest) Descriptor() ([]byte, []int)
Deprecated: Use UpdateWorkloadIdentityRequest.ProtoReflect.Descriptor instead.
func (*UpdateWorkloadIdentityRequest) GetWorkloadIdentity ¶
func (x *UpdateWorkloadIdentityRequest) GetWorkloadIdentity() *WorkloadIdentity
func (*UpdateWorkloadIdentityRequest) ProtoMessage ¶
func (*UpdateWorkloadIdentityRequest) ProtoMessage()
func (*UpdateWorkloadIdentityRequest) ProtoReflect ¶
func (x *UpdateWorkloadIdentityRequest) ProtoReflect() protoreflect.Message
func (*UpdateWorkloadIdentityRequest) Reset ¶
func (x *UpdateWorkloadIdentityRequest) Reset()
func (*UpdateWorkloadIdentityRequest) String ¶
func (x *UpdateWorkloadIdentityRequest) String() string
type UpsertWorkloadIdentityRequest ¶
type UpsertWorkloadIdentityRequest struct { // The workload identity to upsert. WorkloadIdentity *WorkloadIdentity `protobuf:"bytes,1,opt,name=workload_identity,json=workloadIdentity,proto3" json:"workload_identity,omitempty"` // contains filtered or unexported fields }
The request for UpsertWorkloadIdentityRequest.
func (*UpsertWorkloadIdentityRequest) Descriptor
deprecated
func (*UpsertWorkloadIdentityRequest) Descriptor() ([]byte, []int)
Deprecated: Use UpsertWorkloadIdentityRequest.ProtoReflect.Descriptor instead.
func (*UpsertWorkloadIdentityRequest) GetWorkloadIdentity ¶
func (x *UpsertWorkloadIdentityRequest) GetWorkloadIdentity() *WorkloadIdentity
func (*UpsertWorkloadIdentityRequest) ProtoMessage ¶
func (*UpsertWorkloadIdentityRequest) ProtoMessage()
func (*UpsertWorkloadIdentityRequest) ProtoReflect ¶
func (x *UpsertWorkloadIdentityRequest) ProtoReflect() protoreflect.Message
func (*UpsertWorkloadIdentityRequest) Reset ¶
func (x *UpsertWorkloadIdentityRequest) Reset()
func (*UpsertWorkloadIdentityRequest) String ¶
func (x *UpsertWorkloadIdentityRequest) String() string
type UserAttrs ¶
type UserAttrs struct { // The name of the user. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Whether the user is a bot. IsBot bool `protobuf:"varint,2,opt,name=is_bot,json=isBot,proto3" json:"is_bot,omitempty"` // If the user is a bot, the name of the bot. BotName string `protobuf:"bytes,3,opt,name=bot_name,json=botName,proto3" json:"bot_name,omitempty"` // If the user is a bot, the instance ID of the bot. BotInstanceId string `protobuf:"bytes,4,opt,name=bot_instance_id,json=botInstanceId,proto3" json:"bot_instance_id,omitempty"` // Labels of the user. Labels map[string]string `` /* 139-byte string literal not displayed */ // contains filtered or unexported fields }
Attributes related to the user/bot making the request for a workload identity.
func (*UserAttrs) Descriptor
deprecated
func (*UserAttrs) GetBotInstanceId ¶
func (*UserAttrs) GetBotName ¶
func (*UserAttrs) ProtoMessage ¶
func (*UserAttrs) ProtoMessage()
func (*UserAttrs) ProtoReflect ¶
func (x *UserAttrs) ProtoReflect() protoreflect.Message
type WorkloadAttrs ¶
type WorkloadAttrs struct { // The Unix-specific attributes. Unix *WorkloadAttrsUnix `protobuf:"bytes,1,opt,name=unix,proto3" json:"unix,omitempty"` // The Kubernetes-specific attributes. Kubernetes *WorkloadAttrsKubernetes `protobuf:"bytes,2,opt,name=kubernetes,proto3" json:"kubernetes,omitempty"` // contains filtered or unexported fields }
The attributes provided by `tbot` regarding the workload's attestation. This will be mostly unset if the workload has not requested credentials via the SPIFFE Workload API.
func (*WorkloadAttrs) Descriptor
deprecated
func (*WorkloadAttrs) Descriptor() ([]byte, []int)
Deprecated: Use WorkloadAttrs.ProtoReflect.Descriptor instead.
func (*WorkloadAttrs) GetKubernetes ¶
func (x *WorkloadAttrs) GetKubernetes() *WorkloadAttrsKubernetes
func (*WorkloadAttrs) GetUnix ¶
func (x *WorkloadAttrs) GetUnix() *WorkloadAttrsUnix
func (*WorkloadAttrs) ProtoMessage ¶
func (*WorkloadAttrs) ProtoMessage()
func (*WorkloadAttrs) ProtoReflect ¶
func (x *WorkloadAttrs) ProtoReflect() protoreflect.Message
func (*WorkloadAttrs) Reset ¶
func (x *WorkloadAttrs) Reset()
func (*WorkloadAttrs) String ¶
func (x *WorkloadAttrs) String() string
type WorkloadAttrsKubernetes ¶
type WorkloadAttrsKubernetes struct { // Whether the workload passed Kubernetes attestation. Attested bool `protobuf:"varint,1,opt,name=attested,proto3" json:"attested,omitempty"` // The namespace of the workload pod. Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` // The name of the workload pod. PodName string `protobuf:"bytes,3,opt,name=pod_name,json=podName,proto3" json:"pod_name,omitempty"` // The service account of the workload pod. ServiceAccount string `protobuf:"bytes,4,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"` // The UID of the workload pod. PodUid string `protobuf:"bytes,5,opt,name=pod_uid,json=podUid,proto3" json:"pod_uid,omitempty"` // The labels of the workload pod. Labels map[string]string `` /* 139-byte string literal not displayed */ // contains filtered or unexported fields }
Attributes sourced from the Kubernetes workload attestor.
func (*WorkloadAttrsKubernetes) Descriptor
deprecated
func (*WorkloadAttrsKubernetes) Descriptor() ([]byte, []int)
Deprecated: Use WorkloadAttrsKubernetes.ProtoReflect.Descriptor instead.
func (*WorkloadAttrsKubernetes) GetAttested ¶
func (x *WorkloadAttrsKubernetes) GetAttested() bool
func (*WorkloadAttrsKubernetes) GetLabels ¶
func (x *WorkloadAttrsKubernetes) GetLabels() map[string]string
func (*WorkloadAttrsKubernetes) GetNamespace ¶
func (x *WorkloadAttrsKubernetes) GetNamespace() string
func (*WorkloadAttrsKubernetes) GetPodName ¶
func (x *WorkloadAttrsKubernetes) GetPodName() string
func (*WorkloadAttrsKubernetes) GetPodUid ¶
func (x *WorkloadAttrsKubernetes) GetPodUid() string
func (*WorkloadAttrsKubernetes) GetServiceAccount ¶
func (x *WorkloadAttrsKubernetes) GetServiceAccount() string
func (*WorkloadAttrsKubernetes) ProtoMessage ¶
func (*WorkloadAttrsKubernetes) ProtoMessage()
func (*WorkloadAttrsKubernetes) ProtoReflect ¶
func (x *WorkloadAttrsKubernetes) ProtoReflect() protoreflect.Message
func (*WorkloadAttrsKubernetes) Reset ¶
func (x *WorkloadAttrsKubernetes) Reset()
func (*WorkloadAttrsKubernetes) String ¶
func (x *WorkloadAttrsKubernetes) String() string
type WorkloadAttrsUnix ¶
type WorkloadAttrsUnix struct { // Whether the workload passed Unix attestation. Attested bool `protobuf:"varint,1,opt,name=attested,proto3" json:"attested,omitempty"` // The PID of the workload process. Pid int32 `protobuf:"varint,2,opt,name=pid,proto3" json:"pid,omitempty"` // The primary user ID of the workload process. Gid uint32 `protobuf:"varint,3,opt,name=gid,proto3" json:"gid,omitempty"` // The primary group ID of the workload process. Uid uint32 `protobuf:"varint,4,opt,name=uid,proto3" json:"uid,omitempty"` // contains filtered or unexported fields }
Attributes sourced from the Unix workload attestor.
func (*WorkloadAttrsUnix) Descriptor
deprecated
func (*WorkloadAttrsUnix) Descriptor() ([]byte, []int)
Deprecated: Use WorkloadAttrsUnix.ProtoReflect.Descriptor instead.
func (*WorkloadAttrsUnix) GetAttested ¶
func (x *WorkloadAttrsUnix) GetAttested() bool
func (*WorkloadAttrsUnix) GetGid ¶
func (x *WorkloadAttrsUnix) GetGid() uint32
func (*WorkloadAttrsUnix) GetPid ¶
func (x *WorkloadAttrsUnix) GetPid() int32
func (*WorkloadAttrsUnix) GetUid ¶
func (x *WorkloadAttrsUnix) GetUid() uint32
func (*WorkloadAttrsUnix) ProtoMessage ¶
func (*WorkloadAttrsUnix) ProtoMessage()
func (*WorkloadAttrsUnix) ProtoReflect ¶
func (x *WorkloadAttrsUnix) ProtoReflect() protoreflect.Message
func (*WorkloadAttrsUnix) Reset ¶
func (x *WorkloadAttrsUnix) Reset()
func (*WorkloadAttrsUnix) String ¶
func (x *WorkloadAttrsUnix) String() string
type WorkloadIdentity ¶
type WorkloadIdentity struct { // The kind of resource represented. Kind string `protobuf:"bytes,1,opt,name=kind,proto3" json:"kind,omitempty"` // Differentiates variations of the same kind. All resources should // contain one, even if it is never populated. SubKind string `protobuf:"bytes,2,opt,name=sub_kind,json=subKind,proto3" json:"sub_kind,omitempty"` // The version of the resource being represented. Version string `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"` // Common metadata that all resources share. Metadata *v1.Metadata `protobuf:"bytes,4,opt,name=metadata,proto3" json:"metadata,omitempty"` // The configured properties of the WorkloadIdentity Spec *WorkloadIdentitySpec `protobuf:"bytes,5,opt,name=spec,proto3" json:"spec,omitempty"` // contains filtered or unexported fields }
WorkloadIdentity represents a single, or group of similar, workload identities and configures the structure of workload identity credentials and authorization rules. is a resource that represents the configuration of a trust domain federation.
func (*WorkloadIdentity) Descriptor
deprecated
func (*WorkloadIdentity) Descriptor() ([]byte, []int)
Deprecated: Use WorkloadIdentity.ProtoReflect.Descriptor instead.
func (*WorkloadIdentity) GetKind ¶
func (x *WorkloadIdentity) GetKind() string
func (*WorkloadIdentity) GetMetadata ¶
func (x *WorkloadIdentity) GetMetadata() *v1.Metadata
func (*WorkloadIdentity) GetSpec ¶
func (x *WorkloadIdentity) GetSpec() *WorkloadIdentitySpec
func (*WorkloadIdentity) GetSubKind ¶
func (x *WorkloadIdentity) GetSubKind() string
func (*WorkloadIdentity) GetVersion ¶
func (x *WorkloadIdentity) GetVersion() string
func (*WorkloadIdentity) ProtoMessage ¶
func (*WorkloadIdentity) ProtoMessage()
func (*WorkloadIdentity) ProtoReflect ¶
func (x *WorkloadIdentity) ProtoReflect() protoreflect.Message
func (*WorkloadIdentity) Reset ¶
func (x *WorkloadIdentity) Reset()
func (*WorkloadIdentity) String ¶
func (x *WorkloadIdentity) String() string
type WorkloadIdentityCondition ¶
type WorkloadIdentityCondition struct { // The name of the attribute to evaluate the condition against. Attribute string `protobuf:"bytes,1,opt,name=attribute,proto3" json:"attribute,omitempty"` // An exact string that the attribute must match. Equals string `protobuf:"bytes,2,opt,name=equals,proto3" json:"equals,omitempty"` // contains filtered or unexported fields }
The individual conditions that make up a rule.
func (*WorkloadIdentityCondition) Descriptor
deprecated
func (*WorkloadIdentityCondition) Descriptor() ([]byte, []int)
Deprecated: Use WorkloadIdentityCondition.ProtoReflect.Descriptor instead.
func (*WorkloadIdentityCondition) GetAttribute ¶
func (x *WorkloadIdentityCondition) GetAttribute() string
func (*WorkloadIdentityCondition) GetEquals ¶
func (x *WorkloadIdentityCondition) GetEquals() string
func (*WorkloadIdentityCondition) ProtoMessage ¶
func (*WorkloadIdentityCondition) ProtoMessage()
func (*WorkloadIdentityCondition) ProtoReflect ¶
func (x *WorkloadIdentityCondition) ProtoReflect() protoreflect.Message
func (*WorkloadIdentityCondition) Reset ¶
func (x *WorkloadIdentityCondition) Reset()
func (*WorkloadIdentityCondition) String ¶
func (x *WorkloadIdentityCondition) String() string
type WorkloadIdentityIssuanceServiceClient ¶
type WorkloadIdentityIssuanceServiceClient interface { // IssueWorkloadIdentity issues a workload identity credential for the named // WorkloadIdentity resource. If it is unable to issue a credential, // an error will be returned. IssueWorkloadIdentity(ctx context.Context, in *IssueWorkloadIdentityRequest, opts ...grpc.CallOption) (*IssueWorkloadIdentityResponse, error) // IssueWorkloadIdentities can issue multiple workload identity credentials // based on label selectors for the WorkloadIdentity resources. IssueWorkloadIdentities(ctx context.Context, in *IssueWorkloadIdentitiesRequest, opts ...grpc.CallOption) (*IssueWorkloadIdentitiesResponse, error) }
WorkloadIdentityIssuanceServiceClient is the client API for WorkloadIdentityIssuanceService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
WorkloadIdentityIssuanceService is the service that issues workload identity credentials.
func NewWorkloadIdentityIssuanceServiceClient ¶
func NewWorkloadIdentityIssuanceServiceClient(cc grpc.ClientConnInterface) WorkloadIdentityIssuanceServiceClient
type WorkloadIdentityIssuanceServiceServer ¶
type WorkloadIdentityIssuanceServiceServer interface { // IssueWorkloadIdentity issues a workload identity credential for the named // WorkloadIdentity resource. If it is unable to issue a credential, // an error will be returned. IssueWorkloadIdentity(context.Context, *IssueWorkloadIdentityRequest) (*IssueWorkloadIdentityResponse, error) // IssueWorkloadIdentities can issue multiple workload identity credentials // based on label selectors for the WorkloadIdentity resources. IssueWorkloadIdentities(context.Context, *IssueWorkloadIdentitiesRequest) (*IssueWorkloadIdentitiesResponse, error) // contains filtered or unexported methods }
WorkloadIdentityIssuanceServiceServer is the server API for WorkloadIdentityIssuanceService service. All implementations must embed UnimplementedWorkloadIdentityIssuanceServiceServer for forward compatibility.
WorkloadIdentityIssuanceService is the service that issues workload identity credentials.
type WorkloadIdentityResourceServiceClient ¶
type WorkloadIdentityResourceServiceClient interface { // CreateWorkloadIdentity creates a new workload identity, it will refuse to // create a workload identity if one already exists with the same name. CreateWorkloadIdentity(ctx context.Context, in *CreateWorkloadIdentityRequest, opts ...grpc.CallOption) (*WorkloadIdentity, error) // UpdateWorkloadIdentity updates an existing workload identity, it will refuse // to update a workload identity if one does not already exist with the same name. // // ConditionalUpdate semantics are applied, e.g, the update will only succeed // if the revision of the provided WorkloadIdentity matches the revision of // the existing WorkloadIdentity. UpdateWorkloadIdentity(ctx context.Context, in *UpdateWorkloadIdentityRequest, opts ...grpc.CallOption) (*WorkloadIdentity, error) // UpsertWorkloadIdentity creates or updates a workload identity. You should // prefer to call Create or Update. UpsertWorkloadIdentity(ctx context.Context, in *UpsertWorkloadIdentityRequest, opts ...grpc.CallOption) (*WorkloadIdentity, error) // GetWorkloadIdentity retrieves a workload identity by name. GetWorkloadIdentity(ctx context.Context, in *GetWorkloadIdentityRequest, opts ...grpc.CallOption) (*WorkloadIdentity, error) // DeleteWorkloadIdentity deletes a workload identity by name. DeleteWorkloadIdentity(ctx context.Context, in *DeleteWorkloadIdentityRequest, opts ...grpc.CallOption) (*emptypb.Empty, error) // ListWorkloadIdentities of all workload identities, pagination semantics are // applied. ListWorkloadIdentities(ctx context.Context, in *ListWorkloadIdentitiesRequest, opts ...grpc.CallOption) (*ListWorkloadIdentitiesResponse, error) }
WorkloadIdentityResourceServiceClient is the client API for WorkloadIdentityResourceService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
WorkloadIdentityResourceService provides methods to manage the WorkloadIdentity resource.
func NewWorkloadIdentityResourceServiceClient ¶
func NewWorkloadIdentityResourceServiceClient(cc grpc.ClientConnInterface) WorkloadIdentityResourceServiceClient
type WorkloadIdentityResourceServiceServer ¶
type WorkloadIdentityResourceServiceServer interface { // CreateWorkloadIdentity creates a new workload identity, it will refuse to // create a workload identity if one already exists with the same name. CreateWorkloadIdentity(context.Context, *CreateWorkloadIdentityRequest) (*WorkloadIdentity, error) // UpdateWorkloadIdentity updates an existing workload identity, it will refuse // to update a workload identity if one does not already exist with the same name. // // ConditionalUpdate semantics are applied, e.g, the update will only succeed // if the revision of the provided WorkloadIdentity matches the revision of // the existing WorkloadIdentity. UpdateWorkloadIdentity(context.Context, *UpdateWorkloadIdentityRequest) (*WorkloadIdentity, error) // UpsertWorkloadIdentity creates or updates a workload identity. You should // prefer to call Create or Update. UpsertWorkloadIdentity(context.Context, *UpsertWorkloadIdentityRequest) (*WorkloadIdentity, error) // GetWorkloadIdentity retrieves a workload identity by name. GetWorkloadIdentity(context.Context, *GetWorkloadIdentityRequest) (*WorkloadIdentity, error) // DeleteWorkloadIdentity deletes a workload identity by name. DeleteWorkloadIdentity(context.Context, *DeleteWorkloadIdentityRequest) (*emptypb.Empty, error) // ListWorkloadIdentities of all workload identities, pagination semantics are // applied. ListWorkloadIdentities(context.Context, *ListWorkloadIdentitiesRequest) (*ListWorkloadIdentitiesResponse, error) // contains filtered or unexported methods }
WorkloadIdentityResourceServiceServer is the server API for WorkloadIdentityResourceService service. All implementations must embed UnimplementedWorkloadIdentityResourceServiceServer for forward compatibility.
WorkloadIdentityResourceService provides methods to manage the WorkloadIdentity resource.
type WorkloadIdentityRule ¶
type WorkloadIdentityRule struct { // The conditions that must be met for this rule to be considered passed. Conditions []*WorkloadIdentityCondition `protobuf:"bytes,1,rep,name=conditions,proto3" json:"conditions,omitempty"` // contains filtered or unexported fields }
An individual rule that is evaluated during the issuance of a WorkloadIdentity.
func (*WorkloadIdentityRule) Descriptor
deprecated
func (*WorkloadIdentityRule) Descriptor() ([]byte, []int)
Deprecated: Use WorkloadIdentityRule.ProtoReflect.Descriptor instead.
func (*WorkloadIdentityRule) GetConditions ¶
func (x *WorkloadIdentityRule) GetConditions() []*WorkloadIdentityCondition
func (*WorkloadIdentityRule) ProtoMessage ¶
func (*WorkloadIdentityRule) ProtoMessage()
func (*WorkloadIdentityRule) ProtoReflect ¶
func (x *WorkloadIdentityRule) ProtoReflect() protoreflect.Message
func (*WorkloadIdentityRule) Reset ¶
func (x *WorkloadIdentityRule) Reset()
func (*WorkloadIdentityRule) String ¶
func (x *WorkloadIdentityRule) String() string
type WorkloadIdentityRules ¶
type WorkloadIdentityRules struct { // A list of rules used to determine if a WorkloadIdentity can be issued. // If none are provided, it will be considered a pass. If any are provided, // then at least one must pass for the rules to be considered passed. Allow []*WorkloadIdentityRule `protobuf:"bytes,1,rep,name=allow,proto3" json:"allow,omitempty"` // contains filtered or unexported fields }
The rules which are evaluated before the WorkloadIdentity can be issued.
func (*WorkloadIdentityRules) Descriptor
deprecated
func (*WorkloadIdentityRules) Descriptor() ([]byte, []int)
Deprecated: Use WorkloadIdentityRules.ProtoReflect.Descriptor instead.
func (*WorkloadIdentityRules) GetAllow ¶
func (x *WorkloadIdentityRules) GetAllow() []*WorkloadIdentityRule
func (*WorkloadIdentityRules) ProtoMessage ¶
func (*WorkloadIdentityRules) ProtoMessage()
func (*WorkloadIdentityRules) ProtoReflect ¶
func (x *WorkloadIdentityRules) ProtoReflect() protoreflect.Message
func (*WorkloadIdentityRules) Reset ¶
func (x *WorkloadIdentityRules) Reset()
func (*WorkloadIdentityRules) String ¶
func (x *WorkloadIdentityRules) String() string
type WorkloadIdentitySPIFFE ¶
type WorkloadIdentitySPIFFE struct { // The path of the SPIFFE ID that will be issued to the workload. // // This should be prefixed with a forward-slash ("/"). // // This field supports templating using attributes. Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // A freeform text field which is provided to workloads along with a // credential produced by this WorkloadIdentity. This can be used to provide // additional context that can be used to select between multiple credentials. Hint string `protobuf:"bytes,2,opt,name=hint,proto3" json:"hint,omitempty"` // contains filtered or unexported fields }
Configuration pertaining to the issuance of SPIFFE-compatible workload identity credentials.
func (*WorkloadIdentitySPIFFE) Descriptor
deprecated
func (*WorkloadIdentitySPIFFE) Descriptor() ([]byte, []int)
Deprecated: Use WorkloadIdentitySPIFFE.ProtoReflect.Descriptor instead.
func (*WorkloadIdentitySPIFFE) GetHint ¶
func (x *WorkloadIdentitySPIFFE) GetHint() string
func (*WorkloadIdentitySPIFFE) GetId ¶
func (x *WorkloadIdentitySPIFFE) GetId() string
func (*WorkloadIdentitySPIFFE) ProtoMessage ¶
func (*WorkloadIdentitySPIFFE) ProtoMessage()
func (*WorkloadIdentitySPIFFE) ProtoReflect ¶
func (x *WorkloadIdentitySPIFFE) ProtoReflect() protoreflect.Message
func (*WorkloadIdentitySPIFFE) Reset ¶
func (x *WorkloadIdentitySPIFFE) Reset()
func (*WorkloadIdentitySPIFFE) String ¶
func (x *WorkloadIdentitySPIFFE) String() string
type WorkloadIdentitySpec ¶
type WorkloadIdentitySpec struct { // The rules which are evaluated before the WorkloadIdentity can be issued. Rules *WorkloadIdentityRules `protobuf:"bytes,1,opt,name=rules,proto3" json:"rules,omitempty"` // Configuration pertaining to the issuance of SPIFFE-compatible workload // identity credentials. Spiffe *WorkloadIdentitySPIFFE `protobuf:"bytes,2,opt,name=spiffe,proto3" json:"spiffe,omitempty"` // contains filtered or unexported fields }
The spec for the WorkloadIdentity resource.
func (*WorkloadIdentitySpec) Descriptor
deprecated
func (*WorkloadIdentitySpec) Descriptor() ([]byte, []int)
Deprecated: Use WorkloadIdentitySpec.ProtoReflect.Descriptor instead.
func (*WorkloadIdentitySpec) GetRules ¶
func (x *WorkloadIdentitySpec) GetRules() *WorkloadIdentityRules
func (*WorkloadIdentitySpec) GetSpiffe ¶
func (x *WorkloadIdentitySpec) GetSpiffe() *WorkloadIdentitySPIFFE
func (*WorkloadIdentitySpec) ProtoMessage ¶
func (*WorkloadIdentitySpec) ProtoMessage()
func (*WorkloadIdentitySpec) ProtoReflect ¶
func (x *WorkloadIdentitySpec) ProtoReflect() protoreflect.Message
func (*WorkloadIdentitySpec) Reset ¶
func (x *WorkloadIdentitySpec) Reset()
func (*WorkloadIdentitySpec) String ¶
func (x *WorkloadIdentitySpec) String() string
type X509SVIDCredential ¶
type X509SVIDCredential struct { // The X509 SVID that was issued. // ASN.1 DER encoded X.509 certificate. No PEM. Cert []byte `protobuf:"bytes,1,opt,name=cert,proto3" json:"cert,omitempty"` // The serial number of the X509 SVID. SerialNumber string `protobuf:"bytes,2,opt,name=serial_number,json=serialNumber,proto3" json:"serial_number,omitempty"` // contains filtered or unexported fields }
The issued X509 SVID credential and any X509 SVID specific metadata.
func (*X509SVIDCredential) Descriptor
deprecated
func (*X509SVIDCredential) Descriptor() ([]byte, []int)
Deprecated: Use X509SVIDCredential.ProtoReflect.Descriptor instead.
func (*X509SVIDCredential) GetCert ¶
func (x *X509SVIDCredential) GetCert() []byte
func (*X509SVIDCredential) GetSerialNumber ¶
func (x *X509SVIDCredential) GetSerialNumber() string
func (*X509SVIDCredential) ProtoMessage ¶
func (*X509SVIDCredential) ProtoMessage()
func (*X509SVIDCredential) ProtoReflect ¶
func (x *X509SVIDCredential) ProtoReflect() protoreflect.Message
func (*X509SVIDCredential) Reset ¶
func (x *X509SVIDCredential) Reset()
func (*X509SVIDCredential) String ¶
func (x *X509SVIDCredential) String() string
type X509SVIDParams ¶
type X509SVIDParams struct { // The PKIX, ASN.1 DER public key to encode into the X509 SVID. PublicKey []byte `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` // contains filtered or unexported fields }
The parameters for issuing an X509 SVID.
func (*X509SVIDParams) Descriptor
deprecated
func (*X509SVIDParams) Descriptor() ([]byte, []int)
Deprecated: Use X509SVIDParams.ProtoReflect.Descriptor instead.
func (*X509SVIDParams) GetPublicKey ¶
func (x *X509SVIDParams) GetPublicKey() []byte
func (*X509SVIDParams) ProtoMessage ¶
func (*X509SVIDParams) ProtoMessage()
func (*X509SVIDParams) ProtoReflect ¶
func (x *X509SVIDParams) ProtoReflect() protoreflect.Message
func (*X509SVIDParams) Reset ¶
func (x *X509SVIDParams) Reset()
func (*X509SVIDParams) String ¶
func (x *X509SVIDParams) String() string