pbconnectca

package
v1.13.0-alpha1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 15, 2022 License: MPL-2.0 Imports: 10 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ConnectCAService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "connectca.ConnectCAService",
	HandlerType: (*ConnectCAServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "Sign",
			Handler:    _ConnectCAService_Sign_Handler,
		},
	},
	Streams: []grpc.StreamDesc{
		{
			StreamName:    "WatchRoots",
			Handler:       _ConnectCAService_WatchRoots_Handler,
			ServerStreams: true,
		},
	},
	Metadata: "proto-public/pbconnectca/ca.proto",
}

ConnectCAService_ServiceDesc is the grpc.ServiceDesc for ConnectCAService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var File_proto_public_pbconnectca_ca_proto protoreflect.FileDescriptor

Functions

func RegisterConnectCAServiceServer 

func RegisterConnectCAServiceServer(s grpc.ServiceRegistrar, srv ConnectCAServiceServer)

Types

type CARoot 

type CARoot struct {

	// id is a globally unique ID (UUID) representing this CA root.
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// name is a human-friendly name for this CA root. This value is opaque to
	// Consul and is not used for anything internally.
	Name string `protobuf:"bytes,2,opt,name=name,proto3" json:"name,omitempty"`
	// serial_number is the x509 serial number of the certificate.
	SerialNumber uint64 `protobuf:"varint,3,opt,name=serial_number,json=serialNumber,proto3" json:"serial_number,omitempty"`
	// signing_key_id is the connect.HexString encoded id of the public key that
	// corresponds to the private key used to sign leaf certificates in the
	// local datacenter.
	//
	// The value comes from x509.Certificate.SubjectKeyId of the local leaf
	// signing cert.
	//
	// See https://www.rfc-editor.org/rfc/rfc3280#section-4.2.1.1 for more detail.
	SigningKeyId string `protobuf:"bytes,4,opt,name=signing_key_id,json=signingKeyId,proto3" json:"signing_key_id,omitempty"`
	// root_cert is the PEM-encoded public certificate.
	RootCert string `protobuf:"bytes,5,opt,name=root_cert,json=rootCert,proto3" json:"root_cert,omitempty"`
	// intermediate_certs is a list of PEM-encoded intermediate certs to
	// attach to any leaf certs signed by this CA.
	IntermediateCerts []string `protobuf:"bytes,6,rep,name=intermediate_certs,json=intermediateCerts,proto3" json:"intermediate_certs,omitempty"`
	// active is true if this is the current active CA. This must only
	// be true for exactly one CA.
	Active bool `protobuf:"varint,7,opt,name=active,proto3" json:"active,omitempty"`
	// rotated_out_at is the time at which this CA was removed from the state.
	// This will only be set on roots that have been rotated out from being the
	// active root.
	RotatedOutAt *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=rotated_out_at,json=rotatedOutAt,proto3" json:"rotated_out_at,omitempty"`
	// contains filtered or unexported fields
}

func (*CARoot) Descriptor deprecated 

func (*CARoot) Descriptor() ([]byte, []int)

Deprecated: Use CARoot.ProtoReflect.Descriptor instead.

func (*CARoot) GetActive 

func (x *CARoot) GetActive() bool

func (*CARoot) GetId 

func (x *CARoot) GetId() string

func (*CARoot) GetIntermediateCerts 

func (x *CARoot) GetIntermediateCerts() []string

func (*CARoot) GetName 

func (x *CARoot) GetName() string

func (*CARoot) GetRootCert 

func (x *CARoot) GetRootCert() string

func (*CARoot) GetRotatedOutAt 

func (x *CARoot) GetRotatedOutAt() *timestamppb.Timestamp

func (*CARoot) GetSerialNumber 

func (x *CARoot) GetSerialNumber() uint64

func (*CARoot) GetSigningKeyId 

func (x *CARoot) GetSigningKeyId() string

func (*CARoot) MarshalBinary 

func (msg *CARoot) MarshalBinary() ([]byte, error)

MarshalBinary implements encoding.BinaryMarshaler

func (*CARoot) ProtoMessage 

func (*CARoot) ProtoMessage()

func (*CARoot) ProtoReflect 

func (x *CARoot) ProtoReflect() protoreflect.Message

func (*CARoot) Reset 

func (x *CARoot) Reset()

func (*CARoot) String 

func (x *CARoot) String() string

func (*CARoot) UnmarshalBinary 

func (msg *CARoot) UnmarshalBinary(b []byte) error

UnmarshalBinary implements encoding.BinaryUnmarshaler

type ConnectCAServiceClient 

type ConnectCAServiceClient interface {
	// WatchRoots provides a stream on which you can receive the list of active
	// Connect CA roots. Current roots are sent immediately at the start of the
	// stream, and new lists will be sent whenever the roots are rotated.
	WatchRoots(ctx context.Context, in *WatchRootsRequest, opts ...grpc.CallOption) (ConnectCAService_WatchRootsClient, error)
	// Sign a leaf certificate for the service or agent identified by the SPIFFE
	// ID in the given CSR's SAN.
	Sign(ctx context.Context, in *SignRequest, opts ...grpc.CallOption) (*SignResponse, error)
}

ConnectCAServiceClient is the client API for ConnectCAService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewConnectCAServiceClient 

func NewConnectCAServiceClient(cc grpc.ClientConnInterface) ConnectCAServiceClient

type ConnectCAServiceServer 

type ConnectCAServiceServer interface {
	// WatchRoots provides a stream on which you can receive the list of active
	// Connect CA roots. Current roots are sent immediately at the start of the
	// stream, and new lists will be sent whenever the roots are rotated.
	WatchRoots(*WatchRootsRequest, ConnectCAService_WatchRootsServer) error
	// Sign a leaf certificate for the service or agent identified by the SPIFFE
	// ID in the given CSR's SAN.
	Sign(context.Context, *SignRequest) (*SignResponse, error)
}

ConnectCAServiceServer is the server API for ConnectCAService service. All implementations should embed UnimplementedConnectCAServiceServer for forward compatibility

type ConnectCAService_WatchRootsClient 

type ConnectCAService_WatchRootsClient interface {
	Recv() (*WatchRootsResponse, error)
	grpc.ClientStream
}

type ConnectCAService_WatchRootsServer 

type ConnectCAService_WatchRootsServer interface {
	Send(*WatchRootsResponse) error
	grpc.ServerStream
}

type SignRequest added in v1.13.0 

type SignRequest struct {

	// csr is the PEM-encoded Certificate Signing Request (CSR).
	//
	// The CSR's SAN must include a SPIFFE ID that identifies a service or agent
	// to which the ACL token provided in the `x-consul-token` metadata has write
	// access.
	Csr string `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"`
	// contains filtered or unexported fields
}

func (*SignRequest) Descriptor deprecated added in v1.13.0 

func (*SignRequest) Descriptor() ([]byte, []int)

Deprecated: Use SignRequest.ProtoReflect.Descriptor instead.

func (*SignRequest) GetCsr added in v1.13.0 

func (x *SignRequest) GetCsr() string

func (*SignRequest) MarshalBinary added in v1.13.0 

func (msg *SignRequest) MarshalBinary() ([]byte, error)

MarshalBinary implements encoding.BinaryMarshaler

func (*SignRequest) ProtoMessage added in v1.13.0 

func (*SignRequest) ProtoMessage()

func (*SignRequest) ProtoReflect added in v1.13.0 

func (x *SignRequest) ProtoReflect() protoreflect.Message

func (*SignRequest) Reset added in v1.13.0 

func (x *SignRequest) Reset()

func (*SignRequest) String added in v1.13.0 

func (x *SignRequest) String() string

func (*SignRequest) UnmarshalBinary added in v1.13.0 

func (msg *SignRequest) UnmarshalBinary(b []byte) error

UnmarshalBinary implements encoding.BinaryUnmarshaler

type SignResponse added in v1.13.0 

type SignResponse struct {

	// cert_pem is the PEM-encoded leaf certificate.
	CertPem string `protobuf:"bytes,2,opt,name=cert_pem,json=certPem,proto3" json:"cert_pem,omitempty"`
	// contains filtered or unexported fields
}

func (*SignResponse) Descriptor deprecated added in v1.13.0 

func (*SignResponse) Descriptor() ([]byte, []int)

Deprecated: Use SignResponse.ProtoReflect.Descriptor instead.

func (*SignResponse) GetCertPem added in v1.13.0 

func (x *SignResponse) GetCertPem() string

func (*SignResponse) MarshalBinary added in v1.13.0 

func (msg *SignResponse) MarshalBinary() ([]byte, error)

MarshalBinary implements encoding.BinaryMarshaler

func (*SignResponse) ProtoMessage added in v1.13.0 

func (*SignResponse) ProtoMessage()

func (*SignResponse) ProtoReflect added in v1.13.0 

func (x *SignResponse) ProtoReflect() protoreflect.Message

func (*SignResponse) Reset added in v1.13.0 

func (x *SignResponse) Reset()

func (*SignResponse) String added in v1.13.0 

func (x *SignResponse) String() string

func (*SignResponse) UnmarshalBinary added in v1.13.0 

func (msg *SignResponse) UnmarshalBinary(b []byte) error

UnmarshalBinary implements encoding.BinaryUnmarshaler

type UnimplementedConnectCAServiceServer 

type UnimplementedConnectCAServiceServer struct {
}

UnimplementedConnectCAServiceServer should be embedded to have forward compatible implementations.

func (UnimplementedConnectCAServiceServer) Sign added in v1.13.0 

func (UnimplementedConnectCAServiceServer) Sign(context.Context, *SignRequest) (*SignResponse, error)

func (UnimplementedConnectCAServiceServer) WatchRoots 

func (UnimplementedConnectCAServiceServer) WatchRoots(*WatchRootsRequest, ConnectCAService_WatchRootsServer) error

type UnsafeConnectCAServiceServer added in v1.13.0 

type UnsafeConnectCAServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeConnectCAServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to ConnectCAServiceServer will result in compilation errors.

type WatchRootsRequest added in v1.13.0 

type WatchRootsRequest struct {
	// contains filtered or unexported fields
}

func (*WatchRootsRequest) Descriptor deprecated added in v1.13.0 

func (*WatchRootsRequest) Descriptor() ([]byte, []int)

Deprecated: Use WatchRootsRequest.ProtoReflect.Descriptor instead.

func (*WatchRootsRequest) MarshalBinary added in v1.13.0 

func (msg *WatchRootsRequest) MarshalBinary() ([]byte, error)

MarshalBinary implements encoding.BinaryMarshaler

func (*WatchRootsRequest) ProtoMessage added in v1.13.0 

func (*WatchRootsRequest) ProtoMessage()

func (*WatchRootsRequest) ProtoReflect added in v1.13.0 

func (x *WatchRootsRequest) ProtoReflect() protoreflect.Message

func (*WatchRootsRequest) Reset added in v1.13.0 

func (x *WatchRootsRequest) Reset()

func (*WatchRootsRequest) String added in v1.13.0 

func (x *WatchRootsRequest) String() string

func (*WatchRootsRequest) UnmarshalBinary added in v1.13.0 

func (msg *WatchRootsRequest) UnmarshalBinary(b []byte) error

UnmarshalBinary implements encoding.BinaryUnmarshaler

type WatchRootsResponse 

type WatchRootsResponse struct {

	// active_root_id is the ID of a root in Roots that is the active CA root.
	// Other roots are still valid if they're in the Roots list but are in the
	// process of being rotated out.
	ActiveRootId string `protobuf:"bytes,1,opt,name=active_root_id,json=activeRootId,proto3" json:"active_root_id,omitempty"`
	// trust_domain is the identification root for this Consul cluster. All
	// certificates signed by the cluster's CA must have their identifying URI
	// in this domain.
	//
	// This does not include the protocol (currently spiffe://) since we may
	// implement other protocols in future with equivalent semantics. It should
	// be compared against the "authority" section of a URI (i.e. host:port).
	TrustDomain string `protobuf:"bytes,2,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"`
	// roots is a list of root CA certs to trust.
	Roots []*CARoot `protobuf:"bytes,3,rep,name=roots,proto3" json:"roots,omitempty"`
	// contains filtered or unexported fields
}

func (*WatchRootsResponse) Descriptor deprecated 

func (*WatchRootsResponse) Descriptor() ([]byte, []int)

Deprecated: Use WatchRootsResponse.ProtoReflect.Descriptor instead.

func (*WatchRootsResponse) GetActiveRootId 

func (x *WatchRootsResponse) GetActiveRootId() string

func (*WatchRootsResponse) GetRoots 

func (x *WatchRootsResponse) GetRoots() []*CARoot

func (*WatchRootsResponse) GetTrustDomain 

func (x *WatchRootsResponse) GetTrustDomain() string

func (*WatchRootsResponse) MarshalBinary 

func (msg *WatchRootsResponse) MarshalBinary() ([]byte, error)

MarshalBinary implements encoding.BinaryMarshaler

func (*WatchRootsResponse) ProtoMessage 

func (*WatchRootsResponse) ProtoMessage()

func (*WatchRootsResponse) ProtoReflect 

func (x *WatchRootsResponse) ProtoReflect() protoreflect.Message

func (*WatchRootsResponse) Reset 

func (x *WatchRootsResponse) Reset()

func (*WatchRootsResponse) String 

func (x *WatchRootsResponse) String() string

func (*WatchRootsResponse) UnmarshalBinary 

func (msg *WatchRootsResponse) UnmarshalBinary(b []byte) error

UnmarshalBinary implements encoding.BinaryUnmarshaler

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.