credentialz

package
v1.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 31, 2023 License: Apache-2.0 Imports: 9 Imported by: 7

README

gNSI.credentialz

Bootstrap / Assumptions

The gNSI.credentialz API allows changing existing SSH credentials. Therefore credentials should be set up before credential RPCs are executed.

The following files are expected to be created during the bootstrap process:

  • Certificate Authority's public key
    • required for certificate-based client authentication
    • used to check if the client's certificate is valid
  • target's certificate
    • required for remote (this) host authentication by the clients
    • presented to the clients who validate it using CA's public key
  • target's public key
    • always required
  • target's private key
    • always required

Console access authentication

Using gNSI.credentialz API
  • Start streaming RPC call to the target device.
stream := RotateAccountCredentials()
  • Send a password change request message to the target device.
stream.Send(
    RotateAccountCredentialsRequest {
        password: PasswordRequest {
            accounts: Account {
                account: "user",
                password: Password {
                    value: {
                        plaintext: "password",
                    }
                },
                version: "v1.0",
                created_on: 3214451134,
            }
        }
    }
)

resp := stream.Receive()
  • Check if the new password 'works'

  • Finalize the operation

stream.Send(
    RotateAccountCredentialsRequest {
        finalize: FinalizeRequest {}
    }
)

SSH authentication

There are three authentication methods used with SSH:

  • password
  • public key
  • certificate
Method 1: Password-based

NOTE: The method is strongly discouraged.

Check out the "Console access authentication" section for information how to change account's password.

Method 2: Public key-based

In the case of public key based authentication users are authenticated by:

  • username
  • SSH public key
Update the client's credentials
Update the client's authorized key
  • Start streaming RPC call to the target device.
stream := RotateAccountCredentials()
  • Send a authorized keys change request message to the target device.

NOTE: The current list of authorized keys will be replaced.

stream.Send(
    RotateAccountCredentialsRequest {
        credential: AuthorizedKeysRequest {
            credentials: AccountCredentials {
                account: "user",
                authorized_keys: AuthorizedKey {
                    authorized_key: "A....=",
                },
                authorized_keys: AuthorizedKey {
                    authorized_key: "A....=",
                },
                version: "v1.0",
                created_on: 3214451134,
            }
        }
    }
)

resp := stream.Receive()
  • Check if the new SSH keys 'work'

  • Finalize the operation

stream.Send(
    RotateAccountCredentialsRequest {
        finalize: FinalizeRequest {}
    }
)
Update the host's keys with externally created keys
  • Start streaming RPC call to the target device.
stream := RotateHostParameters()
  • Send a server's keys change request message to the target device. The keys must be base64 encoded.
stream.Send(
    RotateHostParametersRequest {
        server_keys: ServerKeysRequest {
            auth_artifacts: []AuthenticationArtifacts{
                private_key: []bytes("...."),
            },
            version: "v1.0",
            created_on: 3214451134,
        }
    }
)

resp := stream.Receive()
  • Check if the new keys 'work'

  • Finalize the operation

stream.Send(
    RotateHostParametersResponse {
        finalize: FinalizeRequest {}
    }
)
Update the host's keys with generated keys
  • Start streaming RPC call to the target device.
stream := RotateHostParameters()
  • Send a server's keys change request message to the target device. The bytes are expected to be base64 encoded.
stream.Send(
    RotateHostParametersRequest {
        generate_keys: GenerateKeysRequest{
            key_params: KEY_GEN_SSH_KEY_TYPE_RSA_4096,
        }
    }
)
resp, err := stream.Receive()
  • Check if the new keys 'work'

  • Finalize the operation

stream.Send(
    RotateHostParametersResponse {
        finalize: FinalizeRequest {}
    }
)
Method 3: Certificate-based

In this method both ends of the connection present a certificate signed by the Certificate Authority. This method is better than the key-based one as both the client and the server can verify the credentials of the remote side and certificates can expire.

For this method to work the target's server has to have configured:

  • Certificate Authority public keys allowed to sign a client's certificate
  • A SSH host certificate singed by a Certificate Authority trusted by the client
  • server's private key

Similarly, the client has to have the following:

  • Certificate Authority public key of the CA that has signed the servers's certificate
  • A SSH certificate singed by a Certificate Authority trusted by the server
  • client's private key
Update the CA keys
  • Start streaming RPC call to the target device.
stream := RotateHostParameters()
  • Send a CA key change request message to the target device.
stream.Send(
    RotateHostParametersRequest {
        ssh_ca_public_key: CaPublicKeyRequest {
            ssh_ca_public_keys: "A....=",
            version: "v1.0",
            created_on: 3214451134,
        }
    }
)

resp := stream.Receive()
  • Check if the new CA key 'works'

  • Finalize the operation

stream.Send(
    RotateHostParametersResponse {
        finalize: FinalizeRequest {}
    }
)
Update the host's certificate
  • Start streaming RPC call to the target device.
stream := RotateHostParameters()
  • Send a server's certificate change request message to the target device. The bytes must be base64 encoded.
stream.Send(
    RotateHostParametersRequest {
        server_keys: ServerKeysRequest {
            auth_artifacts: []AuthenticationArtifacts{
                certificate: []bytes("...."),
            },
            version: "v1.0",
            created_on: 3214451134,
        }
    }
)

resp := stream.Receive()
  • Check if the new certificate 'works'

  • Finalize the operation

stream.Send(
    RotateHostParametersResponse {
        finalize: FinalizeRequest {}
    }
)
Update the account's authorized principal list
  • Start streaming RPC call to the target device.
stream := RotateAccountCredentials()
  • Send a authorized principal list change request message to the target device.

NOTE: The current list of authorized principals will be replaced.

stream.Send(
    RotateAccountCredentialsRequest {
        user: AuthorizedUsersRequest {
            policies: UserPolicy {
                account: "user",
                authorized_principals: SshAuthorizedPrincipal {
                    authorized_user: "alice",
                },
                authorized_principals: SshAuthorizedPrincipal {
                    authorized_user: "bob",
                },
                version: "v1.0",
                created_on: 3214451134,
            }
        }
    }
)

resp := stream.Receive()
  • Check if the new list of authorized principals 'works'

  • Finalize the operation

stream.Send(
    RotateAccountCredentialsRequest {
        finalize: FinalizeRequest {}
    }
)
Setting Allowed Authentication Types

The default sshd configuration generally allows for password, public key, and keyboard interactive authentication types. Certificate authentication is implied by way of setting a TrustedUserCaKeys file. In order to globally disable specific types, credentialz provides the AllowedAuthenticationRequest. Rather than operating with sshd defaults, this allows the operator to specify which authentication types are globally permissable.

  • Set the list of allowed authentication types.
stream.Send(
    RotateHostParametersRequest {
        authentication_allowed: AllowedAuthenticationRequest {
            authentication_types: AuthenticationType {
                AuthenticationType_PUBKEY.Enum(),
            }
        }
    }
)
  • Validate that new settings are working as expected.

  • Finalize request.

stream.Send(
    RotateHostParametersResponse {
        finalize: FinalizeRequest {}
    }
)
Setting AuthorizedPrincipalsCommand

OpenSSH allows for the use of an tool which can dynamically return the list of authorized principals for a given system role. This is a global setting and cannot be set at the same time as the role specific configuration authorized_principals in the UserPolicy.

  • Set the AuthorizedPrincipalsCommand tool
stream.Send(
    RotateHostParametersRequest {
        authorized_principal_check: AuthorizedPrincipalCheckRequest {
            tool: Tool_TOOL_HIBA_DEFAULT.Enum(),
        }
    }
)
  • Validate that new settings are working as expected.

  • Finalize request.

stream.Send(
    RotateHostParametersResponse {
        finalize: FinalizeRequest {}
    }
)

User Journeys

Rotate Certificate based on existing key

The most common operation we are expecting to require on devices is the rotation of certificates used for SSH access for devices. This operation expects to reuse the existing host key on the device.

  • Get the public key configured on the host.

resp, err := c.GetPublicKeys(&GetPublicKeyRequests{})
  • Generate certificate based on key.

  • Rotate certificate on device.

stream.Send(
    RotateHostParametersRequest {
        server_keys: ServerKeysRequest {
            certificate: "A....=",
            version: "v1.0",
            created_on: 3214451134,
        }
    }
)
  • Validate that new settings are working as expected.

  • Finalize request.

stream.Send(
    RotateHostParametersResponse {
        finalize: FinalizeRequest {}
    }
)
Generate new host key on device and rotate certificate based on the new key

This use case focuses on the rotation of a host key and then generation of the certificate based on the new public key.

  • Send request for generation of new private key.
stream.Send(
    RotateHostParametersRequest {
        generate_keys: []GenerateKeysRequest {{
            key_params: KeyGen.KEY_GEN_SSH_KEY_TYPE_EDDSA_ED25519 
        }}
    }
)
  • Get Response containing public key to generate the certificate.
resp, err := stream.Recv()
data := resp.PublicKeys
  • The caller will then use this data to generate a certificate.

  • Send generated cert to device to rotate.

stream.Send(
    RotateHostParametersRequest {
        server_keys: ServerKeysRequest {
            certificate: "A....=",
            version: "v1.0",
            created_on: 3214451134,
        }
    }
)
  • Validate the RotateCredentialsResponse.
if _, err := stream.Recv(); err != nil {
    ...
}
  • Validate that new settings are working as expected.

  • Finalize request

stream.Send(
    RotateHostParametersResponse {
        finalize: FinalizeRequest {}
    }
)

gNSI.credentialz Telemetry Extension

gnsi-credentialz.yang

An overview of the changes defined in the gnsi-credentialz.yang file are shown below.

module: gnsi-credentialz

  augment /oc-sys:system:
    +--rw console
       +--rw config
       +--ro state
          +--ro counters
             +--ro access-rejects?       oc-yang:counter64
             +--ro last-access-reject?   oc-types:timeticks64
             +--ro access-accepts?       oc-yang:counter64
             +--ro last-access-accept?   oc-types:timeticks64
  augment /oc-sys:system/oc-sys:ssh-server/oc-sys:state:
    +--ro active-trusted-user-ca-keys-version?      version
    +--ro active-trusted-user-ca-keys-created-on?   created-on
    +--ro active-host-certificate-version?          version
    +--ro active-host-certificate-created-on?       created-on
    +--ro active-host-key-version?                  version
    +--ro active-host-key-version-created-on?       created-on
    +--ro counters
       +--ro access-rejects?       oc-yang:counter64
       +--ro last-access-reject?   oc-types:timeticks64
       +--ro access-accepts?       oc-yang:counter64
       +--ro last-access-accept?   oc-types:timeticks64
  augment /oc-sys:system/oc-sys:aaa/oc-sys:authentication/oc-sys:users/oc-sys:user/oc-sys:state:
    +--ro password-version?                   version
    +--ro password-created-on?                created-on
    +--ro authorized-users-list-version?      version
    +--ro authorized-users-list-created-on?   created-on
    +--ro authorized-keys-list-version?       version
    +--ro authorized-keys-list-created-on?    created-on
openconfig-system tree

The openconfig-system subtree after augments defined in the gnsi-credentialz.yang file is shown below.

For interactive version click here.

The diagram of the tree.
module: openconfig-system
  +--rw system
     +--rw config
     |  +--rw hostname?       oc-inet:domain-name
     |  +--rw domain-name?    oc-inet:domain-name
     |  +--rw login-banner?   string
     |  +--rw motd-banner?    string
     +--ro state
     |  +--ro hostname?           oc-inet:domain-name
     |  +--ro domain-name?        oc-inet:domain-name
     |  +--ro login-banner?       string
     |  +--ro motd-banner?        string
     |  +--ro current-datetime?   oc-yang:date-and-time
     |  +--ro boot-time?          oc-types:timeticks64
     +--rw clock
     |  +--rw config
     |  |  +--rw timezone-name?   timezone-name-type
     |  +--ro state
     |     +--ro timezone-name?   timezone-name-type
     +--rw dns
     |  +--rw config
     |  |  +--rw search*   oc-inet:domain-name
     |  +--ro state
     |  |  +--ro search*   oc-inet:domain-name
     |  +--rw servers
     |  |  +--rw server* [address]
     |  |     +--rw address    -> ../config/address
     |  |     +--rw config
     |  |     |  +--rw address?   oc-inet:ip-address
     |  |     |  +--rw port?      oc-inet:port-number
     |  |     +--ro state
     |  |        +--ro address?   oc-inet:ip-address
     |  |        +--ro port?      oc-inet:port-number
     |  +--rw host-entries
     |     +--rw host-entry* [hostname]
     |        +--rw hostname    -> ../config/hostname
     |        +--rw config
     |        |  +--rw hostname?       string
     |        |  +--rw alias*          string
     |        |  +--rw ipv4-address*   oc-inet:ipv4-address
     |        |  +--rw ipv6-address*   oc-inet:ipv6-address
     |        +--ro state
     |           +--ro hostname?       string
     |           +--ro alias*          string
     |           +--ro ipv4-address*   oc-inet:ipv4-address
     |           +--ro ipv6-address*   oc-inet:ipv6-address
     +--rw ntp
     |  +--rw config
     |  |  +--rw enabled?              boolean
     |  |  +--rw ntp-source-address?   oc-inet:ip-address
     |  |  +--rw enable-ntp-auth?      boolean
     |  +--ro state
     |  |  +--ro enabled?              boolean
     |  |  +--ro ntp-source-address?   oc-inet:ip-address
     |  |  +--ro enable-ntp-auth?      boolean
     |  |  +--ro auth-mismatch?        oc-yang:counter64
     |  +--rw ntp-keys
     |  |  +--rw ntp-key* [key-id]
     |  |     +--rw key-id    -> ../config/key-id
     |  |     +--rw config
     |  |     |  +--rw key-id?      uint16
     |  |     |  +--rw key-type?    identityref
     |  |     |  +--rw key-value?   string
     |  |     +--ro state
     |  |        +--ro key-id?      uint16
     |  |        +--ro key-type?    identityref
     |  |        +--ro key-value?   string
     |  +--rw servers
     |     +--rw server* [address]
     |        +--rw address    -> ../config/address
     |        +--rw config
     |        |  +--rw address?            oc-inet:host
     |        |  +--rw port?               oc-inet:port-number
     |        |  +--rw version?            uint8
     |        |  +--rw association-type?   enumeration
     |        |  +--rw iburst?             boolean
     |        |  +--rw prefer?             boolean
     |        +--ro state
     |           +--ro address?            oc-inet:host
     |           +--ro port?               oc-inet:port-number
     |           +--ro version?            uint8
     |           +--ro association-type?   enumeration
     |           +--ro iburst?             boolean
     |           +--ro prefer?             boolean
     |           +--ro stratum?            uint8
     |           +--ro root-delay?         uint32
     |           +--ro root-dispersion?    uint64
     |           +--ro offset?             uint64
     |           +--ro poll-interval?      uint32
     +--rw ssh-server
     |  +--rw config
     |  |  +--rw enable?             boolean
     |  |  +--rw protocol-version?   enumeration
     |  |  +--rw timeout?            uint16
     |  |  +--rw rate-limit?         uint16
     |  |  +--rw session-limit?      uint16
     |  +--ro state
     |     +--ro enable?                                              boolean
     |     +--ro protocol-version?                                    enumeration
     |     +--ro timeout?                                             uint16
     |     +--ro rate-limit?                                          uint16
     |     +--ro session-limit?                                       uint16
     |     +--ro gnsi-credz:active-trusted-user-ca-keys-version?      version
     |     +--ro gnsi-credz:active-trusted-user-ca-keys-created-on?   created-on
     |     +--ro gnsi-credz:active-host-certificate-version?          version
     |     +--ro gnsi-credz:active-host-certificate-created-on?       created-on
     |     +--ro gnsi-credz:active-host-key-version?                  version
     |     +--ro gnsi-credz:active-host-key-version-created-on?       created-on
     |     +--ro gnsi-credz:counters
     |        +--ro gnsi-credz:access-rejects?       oc-yang:counter64
     |        +--ro gnsi-credz:last-access-reject?   oc-types:timeticks64
     |        +--ro gnsi-credz:access-accepts?       oc-yang:counter64
     |        +--ro gnsi-credz:last-access-accept?   oc-types:timeticks64
     +--rw telnet-server
     |  +--rw config
     |  |  +--rw enable?          boolean
     |  |  +--rw timeout?         uint16
     |  |  +--rw rate-limit?      uint16
     |  |  +--rw session-limit?   uint16
     |  +--ro state
     |     +--ro enable?          boolean
     |     +--ro timeout?         uint16
     |     +--ro rate-limit?      uint16
     |     +--ro session-limit?   uint16
     +--rw logging
     |  +--rw console
     |  |  +--rw config
     |  |  +--ro state
     |  |  +--rw selectors
     |  |     +--rw selector* [facility severity]
     |  |        +--rw facility    -> ../config/facility
     |  |        +--rw severity    -> ../config/severity
     |  |        +--rw config
     |  |        |  +--rw facility?   identityref
     |  |        |  +--rw severity?   syslog-severity
     |  |        +--ro state
     |  |           +--ro facility?   identityref
     |  |           +--ro severity?   syslog-severity
     |  +--rw remote-servers
     |     +--rw remote-server* [host]
     |        +--rw host         -> ../config/host
     |        +--rw config
     |        |  +--rw host?             oc-inet:host
     |        |  +--rw source-address?   oc-inet:ip-address
     |        |  +--rw remote-port?      oc-inet:port-number
     |        +--ro state
     |        |  +--ro host?             oc-inet:host
     |        |  +--ro source-address?   oc-inet:ip-address
     |        |  +--ro remote-port?      oc-inet:port-number
     |        +--rw selectors
     |           +--rw selector* [facility severity]
     |              +--rw facility    -> ../config/facility
     |              +--rw severity    -> ../config/severity
     |              +--rw config
     |              |  +--rw facility?   identityref
     |              |  +--rw severity?   syslog-severity
     |              +--ro state
     |                 +--ro facility?   identityref
     |                 +--ro severity?   syslog-severity
     +--rw aaa
     |  +--rw config
     |  +--ro state
     |  +--rw authentication
     |  |  +--rw config
     |  |  |  +--rw authentication-method*   union
     |  |  +--ro state
     |  |  |  +--ro authentication-method*   union
     |  |  +--rw admin-user
     |  |  |  +--rw config
     |  |  |  |  +--rw admin-password?          string
     |  |  |  |  +--rw admin-password-hashed?   oc-aaa-types:crypt-password-type
     |  |  |  +--ro state
     |  |  |     +--ro admin-password?          string
     |  |  |     +--ro admin-password-hashed?   oc-aaa-types:crypt-password-type
     |  |  |     +--ro admin-username?          string
     |  |  +--rw users
     |  |     +--rw user* [username]
     |  |        +--rw username    -> ../config/username
     |  |        +--rw config
     |  |        |  +--rw username?   string
     |  |        |  +--rw role?       union
     |  |        +--ro state
     |  |           +--ro username?                                      string
     |  |           +--ro password?                                      string
     |  |           +--ro password-hashed?                               oc-aaa-types:crypt-password-type
     |  |           +--ro role?                                          union
     |  |           +--ro gnsi-credz:password-version?                   version
     |  |           +--ro gnsi-credz:password-created-on?                created-on
     |  |           +--ro gnsi-credz:authorized-users-list-version?      version
     |  |           +--ro gnsi-credz:authorized-users-list-created-on?   created-on
     |  |           +--ro gnsi-credz:authorized-keys-list-version?       version
     |  |           +--ro gnsi-credz:authorized-keys-list-created-on?    created-on
     |  +--rw authorization
     |  |  +--rw config
     |  |  |  +--rw authorization-method*   union
     |  |  +--ro state
     |  |  |  +--ro authorization-method*   union
     |  |  +--rw events
     |  |     +--rw event* [event-type]
     |  |        +--rw event-type    -> ../config/event-type
     |  |        +--rw config
     |  |        |  +--rw event-type?   identityref
     |  |        +--ro state
     |  |           +--ro event-type?   identityref
     |  +--rw accounting
     |  |  +--rw config
     |  |  |  +--rw accounting-method*   union
     |  |  +--ro state
     |  |  |  +--ro accounting-method*   union
     |  |  +--rw events
     |  |     +--rw event* [event-type]
     |  |        +--rw event-type    -> ../config/event-type
     |  |        +--rw config
     |  |        |  +--rw event-type?   identityref
     |  |        |  +--rw record?       enumeration
     |  |        +--ro state
     |  |           +--ro event-type?   identityref
     |  |           +--ro record?       enumeration
     |  +--rw server-groups
     |     +--rw server-group* [name]
     |        +--rw name       -> ../config/name
     |        +--rw config
     |        |  +--rw name?   string
     |        |  +--rw type?   identityref
     |        +--ro state
     |        |  +--ro name?   string
     |        |  +--ro type?   identityref
     |        +--rw servers
     |           +--rw server* [address]
     |              +--rw address    -> ../config/address
     |              +--rw config
     |              |  +--rw name?      string
     |              |  +--rw address?   oc-inet:ip-address
     |              |  +--rw timeout?   uint16
     |              +--ro state
     |              |  +--ro name?                  string
     |              |  +--ro address?               oc-inet:ip-address
     |              |  +--ro timeout?               uint16
     |              |  +--ro connection-opens?      oc-yang:counter64
     |              |  +--ro connection-closes?     oc-yang:counter64
     |              |  +--ro connection-aborts?     oc-yang:counter64
     |              |  +--ro connection-failures?   oc-yang:counter64
     |              |  +--ro connection-timeouts?   oc-yang:counter64
     |              |  +--ro messages-sent?         oc-yang:counter64
     |              |  +--ro messages-received?     oc-yang:counter64
     |              |  +--ro errors-received?       oc-yang:counter64
     |              +--rw tacacs
     |              |  +--rw config
     |              |  |  +--rw port?                oc-inet:port-number
     |              |  |  +--rw secret-key?          oc-types:routing-password
     |              |  |  +--rw secret-key-hashed?   oc-aaa-types:crypt-password-type
     |              |  |  +--rw source-address?      oc-inet:ip-address
     |              |  +--ro state
     |              |     +--ro port?                oc-inet:port-number
     |              |     +--ro secret-key?          oc-types:routing-password
     |              |     +--ro secret-key-hashed?   oc-aaa-types:crypt-password-type
     |              |     +--ro source-address?      oc-inet:ip-address
     |              +--rw radius
     |                 +--rw config
     |                 |  +--rw auth-port?             oc-inet:port-number
     |                 |  +--rw acct-port?             oc-inet:port-number
     |                 |  +--rw secret-key?            oc-types:routing-password
     |                 |  +--rw secret-key-hashed?     oc-aaa-types:crypt-password-type
     |                 |  +--rw source-address?        oc-inet:ip-address
     |                 |  +--rw retransmit-attempts?   uint8
     |                 +--ro state
     |                    +--ro auth-port?             oc-inet:port-number
     |                    +--ro acct-port?             oc-inet:port-number
     |                    +--ro secret-key?            oc-types:routing-password
     |                    +--ro secret-key-hashed?     oc-aaa-types:crypt-password-type
     |                    +--ro source-address?        oc-inet:ip-address
     |                    +--ro retransmit-attempts?   uint8
     |                    +--ro counters
     |                       +--ro retried-access-requests?   oc-yang:counter64
     |                       +--ro access-accepts?            oc-yang:counter64
     |                       +--ro access-rejects?            oc-yang:counter64
     |                       +--ro timeout-access-requests?   oc-yang:counter64
     +--rw memory
     |  +--rw config
     |  +--ro state
     |     +--ro physical?   uint64
     |     +--ro reserved?   uint64
     +--ro cpus
     |  +--ro cpu* [index]
     |     +--ro index    -> ../state/index
     |     +--ro state
     |        +--ro index?                union
     |        +--ro total
     |        |  +--ro instant?    oc-types:percentage
     |        |  +--ro avg?        oc-types:percentage
     |        |  +--ro min?        oc-types:percentage
     |        |  +--ro max?        oc-types:percentage
     |        |  +--ro interval?   oc-types:stat-interval
     |        |  +--ro min-time?   oc-types:timeticks64
     |        |  +--ro max-time?   oc-types:timeticks64
     |        +--ro user
     |        |  +--ro instant?    oc-types:percentage
     |        |  +--ro avg?        oc-types:percentage
     |        |  +--ro min?        oc-types:percentage
     |        |  +--ro max?        oc-types:percentage
     |        |  +--ro interval?   oc-types:stat-interval
     |        |  +--ro min-time?   oc-types:timeticks64
     |        |  +--ro max-time?   oc-types:timeticks64
     |        +--ro kernel
     |        |  +--ro instant?    oc-types:percentage
     |        |  +--ro avg?        oc-types:percentage
     |        |  +--ro min?        oc-types:percentage
     |        |  +--ro max?        oc-types:percentage
     |        |  +--ro interval?   oc-types:stat-interval
     |        |  +--ro min-time?   oc-types:timeticks64
     |        |  +--ro max-time?   oc-types:timeticks64
     |        +--ro nice
     |        |  +--ro instant?    oc-types:percentage
     |        |  +--ro avg?        oc-types:percentage
     |        |  +--ro min?        oc-types:percentage
     |        |  +--ro max?        oc-types:percentage
     |        |  +--ro interval?   oc-types:stat-interval
     |        |  +--ro min-time?   oc-types:timeticks64
     |        |  +--ro max-time?   oc-types:timeticks64
     |        +--ro idle
     |        |  +--ro instant?    oc-types:percentage
     |        |  +--ro avg?        oc-types:percentage
     |        |  +--ro min?        oc-types:percentage
     |        |  +--ro max?        oc-types:percentage
     |        |  +--ro interval?   oc-types:stat-interval
     |        |  +--ro min-time?   oc-types:timeticks64
     |        |  +--ro max-time?   oc-types:timeticks64
     |        +--ro wait
     |        |  +--ro instant?    oc-types:percentage
     |        |  +--ro avg?        oc-types:percentage
     |        |  +--ro min?        oc-types:percentage
     |        |  +--ro max?        oc-types:percentage
     |        |  +--ro interval?   oc-types:stat-interval
     |        |  +--ro min-time?   oc-types:timeticks64
     |        |  +--ro max-time?   oc-types:timeticks64
     |        +--ro hardware-interrupt
     |        |  +--ro instant?    oc-types:percentage
     |        |  +--ro avg?        oc-types:percentage
     |        |  +--ro min?        oc-types:percentage
     |        |  +--ro max?        oc-types:percentage
     |        |  +--ro interval?   oc-types:stat-interval
     |        |  +--ro min-time?   oc-types:timeticks64
     |        |  +--ro max-time?   oc-types:timeticks64
     |        +--ro software-interrupt
     |           +--ro instant?    oc-types:percentage
     |           +--ro avg?        oc-types:percentage
     |           +--ro min?        oc-types:percentage
     |           +--ro max?        oc-types:percentage
     |           +--ro interval?   oc-types:stat-interval
     |           +--ro min-time?   oc-types:timeticks64
     |           +--ro max-time?   oc-types:timeticks64
     +--rw processes
     |  +--ro process* [pid]
     |     +--ro pid      -> ../state/pid
     |     +--ro state
     |        +--ro pid?                  uint64
     |        +--ro name?                 string
     |        +--ro args*                 string
     |        +--ro start-time?           oc-types:timeticks64
     |        +--ro cpu-usage-user?       oc-yang:counter64
     |        +--ro cpu-usage-system?     oc-yang:counter64
     |        +--ro cpu-utilization?      oc-types:percentage
     |        +--ro memory-usage?         uint64
     |        +--ro memory-utilization?   oc-types:percentage
     +--ro alarms
     |  +--ro alarm* [id]
     |     +--ro id        -> ../state/id
     |     +--ro config
     |     +--ro state
     |        +--ro id?             string
     |        +--ro resource?       string
     |        +--ro text?           string
     |        +--ro time-created?   oc-types:timeticks64
     |        +--ro severity?       identityref
     |        +--ro type-id?        union
     +--rw messages
     |  +--rw config
     |  |  +--rw severity?   oc-log:syslog-severity
     |  +--ro state
     |  |  +--ro severity?   oc-log:syslog-severity
     |  |  +--ro message
     |  |     +--ro msg?        string
     |  |     +--ro priority?   uint8
     |  |     +--ro app-name?   string
     |  |     +--ro procid?     string
     |  |     +--ro msgid?      string
     |  +--rw debug-entries
     |     +--rw debug-service* [service]
     |        +--rw service    -> ../config/service
     |        +--rw config
     |        |  +--rw service?   identityref
     |        |  +--rw enabled?   boolean
     |        +--ro state
     |           +--ro service?   identityref
     |           +--ro enabled?   boolean
     +--rw license
     |  +--rw licenses
     |     +--rw license* [license-id]
     |        +--rw license-id    -> ../config/license-id
     |        +--rw config
     |        |  +--rw license-id?     string
     |        |  +--rw license-data?   union
     |        |  +--rw active?         boolean
     |        +--ro state
     |           +--ro license-id?        string
     |           +--ro license-data?      union
     |           +--ro active?            boolean
     |           +--ro description?       string
     |           +--ro issue-date?        uint64
     |           +--ro expiration-date?   uint64
     |           +--ro in-use?            boolean
     |           +--ro expired?           boolean
     |           +--ro valid?             boolean
     +--rw oc-sys-grpc:grpc-servers
     |  +--rw oc-sys-grpc:grpc-server* [name]
     |     +--rw oc-sys-grpc:name      -> ../config/name
     |     +--rw oc-sys-grpc:config
     |     |  +--rw oc-sys-grpc:name?                      string
     |     |  +--rw oc-sys-grpc:services*                  identityref
     |     |  +--rw oc-sys-grpc:enable?                    boolean
     |     |  +--rw oc-sys-grpc:port?                      oc-inet:port-number
     |     |  +--rw oc-sys-grpc:transport-security?        boolean
     |     |  +--rw oc-sys-grpc:certificate-id?            string
     |     |  +--rw oc-sys-grpc:metadata-authentication?   boolean
     |     |  +--rw oc-sys-grpc:listen-addresses*          union
     |     |  +--rw oc-sys-grpc:network-instance?          oc-ni:network-instance-ref
     |     +--ro oc-sys-grpc:state
     |        +--ro oc-sys-grpc:name?                      string
     |        +--ro oc-sys-grpc:services*                  identityref
     |        +--ro oc-sys-grpc:enable?                    boolean
     |        +--ro oc-sys-grpc:port?                      oc-inet:port-number
     |        +--ro oc-sys-grpc:transport-security?        boolean
     |        +--ro oc-sys-grpc:certificate-id?            string
     |        +--ro oc-sys-grpc:metadata-authentication?   boolean
     |        +--ro oc-sys-grpc:listen-addresses*          union
     |        +--ro oc-sys-grpc:network-instance?          oc-ni:network-instance-ref
     +--rw gnsi-credz:console
        +--rw gnsi-credz:config
        +--ro gnsi-credz:state
           +--ro gnsi-credz:counters
              +--ro gnsi-credz:access-rejects?       oc-yang:counter64
              +--ro gnsi-credz:last-access-reject?   oc-types:timeticks64
              +--ro gnsi-credz:access-accepts?       oc-yang:counter64
              +--ro gnsi-credz:last-access-accept?   oc-types:timeticks64

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	KeyType_name = map[int32]string{
		0: "KEY_TYPE_UNSPECIFIED",
		1: "KEY_TYPE_ECDSA_P_256",
		2: "KEY_TYPE_ECDSA_P_521",
		3: "KEY_TYPE_ED25519",
		4: "KEY_TYPE_RSA_2048",
		5: "KEY_TYPE_RSA_4096",
	}
	KeyType_value = map[string]int32{
		"KEY_TYPE_UNSPECIFIED": 0,
		"KEY_TYPE_ECDSA_P_256": 1,
		"KEY_TYPE_ECDSA_P_521": 2,
		"KEY_TYPE_ED25519":     3,
		"KEY_TYPE_RSA_2048":    4,
		"KEY_TYPE_RSA_4096":    5,
	}
)

Enum value maps for KeyType.

View Source
var (
	KeyGen_name = map[int32]string{
		0: "KEY_GEN_SSH_KEY_UNSPECIFIED",
		1: "KEY_GEN_SSH_KEY_TYPE_RSA_2048",
		2: "KEY_GEN_SSH_KEY_TYPE_ECDSA_P_256",
		3: "KEY_GEN_SSH_KEY_TYPE_ECDSA_P_521",
		4: "KEY_GEN_SSH_KEY_TYPE_EDDSA_ED25519",
		5: "KEY_GEN_SSH_KEY_TYPE_RSA_4096",
	}
	KeyGen_value = map[string]int32{
		"KEY_GEN_SSH_KEY_UNSPECIFIED":        0,
		"KEY_GEN_SSH_KEY_TYPE_RSA_2048":      1,
		"KEY_GEN_SSH_KEY_TYPE_ECDSA_P_256":   2,
		"KEY_GEN_SSH_KEY_TYPE_ECDSA_P_521":   3,
		"KEY_GEN_SSH_KEY_TYPE_EDDSA_ED25519": 4,
		"KEY_GEN_SSH_KEY_TYPE_RSA_4096":      5,
	}
)

Enum value maps for KeyGen.

View Source
var (
	AuthenticationType_name = map[int32]string{
		0: "AUTHENTICATION_TYPE_UNSPECIFIED",
		1: "AUTHENTICATION_TYPE_PASSWORD",
		2: "AUTHENTICATION_TYPE_PUBKEY",
		3: "AUTHENTICATION_TYPE_KBDINTERACTIVE",
	}
	AuthenticationType_value = map[string]int32{
		"AUTHENTICATION_TYPE_UNSPECIFIED":    0,
		"AUTHENTICATION_TYPE_PASSWORD":       1,
		"AUTHENTICATION_TYPE_PUBKEY":         2,
		"AUTHENTICATION_TYPE_KBDINTERACTIVE": 3,
	}
)

Enum value maps for AuthenticationType.

View Source
var (
	Option_StandardOption_name = map[int32]string{
		0:  "STANDARD_OPTION_UNSPECIFIED",
		1:  "STANDARD_OPTION_AGENT_FORWARDING",
		2:  "STANDARD_OPTION_CERT_AUTHORITY",
		3:  "STANDARD_OPTION_COMMAND",
		4:  "STANDARD_OPTION_ENVIRONMENT",
		5:  "STANDARD_OPTION_EXPIRY_TIME",
		6:  "STANDARD_OPTION_FROM",
		7:  "STANDARD_OPTION_NO_AGENT_FORWARDING",
		8:  "STANDARD_OPTION_NO_PORT_FORWARDING",
		9:  "STANDARD_OPTION_NO_PTY",
		10: "STANDARD_OPTION_NO_USER_RC",
		11: "STANDARD_OPTION_NO_X11_FORWARDING",
		12: "STANDARD_OPTION_PERMITLISTEN",
		13: "STANDARD_OPTION_PERMITOPEN",
		14: "STANDARD_OPTION_PORT_FORWARDING",
		15: "STANDARD_OPTION_PRINCIPALS",
		16: "STANDARD_OPTION_PTY",
		17: "STANDARD_OPTION_NO_TOUCH_REQUIRED",
		18: "STANDARD_OPTION_VERIFY_REQUIRED",
		19: "STANDARD_OPTION_RESTRICT",
		20: "STANDARD_OPTION_TUNNEL",
		21: "STANDARD_OPTION_USER_RC",
		22: "STANDARD_OPTION_X11_FORWARDING",
	}
	Option_StandardOption_value = map[string]int32{
		"STANDARD_OPTION_UNSPECIFIED":         0,
		"STANDARD_OPTION_AGENT_FORWARDING":    1,
		"STANDARD_OPTION_CERT_AUTHORITY":      2,
		"STANDARD_OPTION_COMMAND":             3,
		"STANDARD_OPTION_ENVIRONMENT":         4,
		"STANDARD_OPTION_EXPIRY_TIME":         5,
		"STANDARD_OPTION_FROM":                6,
		"STANDARD_OPTION_NO_AGENT_FORWARDING": 7,
		"STANDARD_OPTION_NO_PORT_FORWARDING":  8,
		"STANDARD_OPTION_NO_PTY":              9,
		"STANDARD_OPTION_NO_USER_RC":          10,
		"STANDARD_OPTION_NO_X11_FORWARDING":   11,
		"STANDARD_OPTION_PERMITLISTEN":        12,
		"STANDARD_OPTION_PERMITOPEN":          13,
		"STANDARD_OPTION_PORT_FORWARDING":     14,
		"STANDARD_OPTION_PRINCIPALS":          15,
		"STANDARD_OPTION_PTY":                 16,
		"STANDARD_OPTION_NO_TOUCH_REQUIRED":   17,
		"STANDARD_OPTION_VERIFY_REQUIRED":     18,
		"STANDARD_OPTION_RESTRICT":            19,
		"STANDARD_OPTION_TUNNEL":              20,
		"STANDARD_OPTION_USER_RC":             21,
		"STANDARD_OPTION_X11_FORWARDING":      22,
	}
)

Enum value maps for Option_StandardOption.

View Source
var (
	PasswordRequest_CryptoHash_HashType_name = map[int32]string{
		0: "HASH_TYPE_UNSPECIFIED",
		1: "HASH_TYPE_CRYPT_MD5",
		2: "HASH_TYPE_CRYPT_SHA_2_512",
	}
	PasswordRequest_CryptoHash_HashType_value = map[string]int32{
		"HASH_TYPE_UNSPECIFIED":     0,
		"HASH_TYPE_CRYPT_MD5":       1,
		"HASH_TYPE_CRYPT_SHA_2_512": 2,
	}
)

Enum value maps for PasswordRequest_CryptoHash_HashType.

View Source
var (
	AuthorizedPrincipalCheckRequest_Tool_name = map[int32]string{
		0: "TOOL_UNSPECIFIED",
		1: "TOOL_HIBA_DEFAULT",
	}
	AuthorizedPrincipalCheckRequest_Tool_value = map[string]int32{
		"TOOL_UNSPECIFIED":  0,
		"TOOL_HIBA_DEFAULT": 1,
	}
)

Enum value maps for AuthorizedPrincipalCheckRequest_Tool.

View Source
var Credentialz_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "gnsi.credentialz.v1.Credentialz",
	HandlerType: (*CredentialzServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "CanGenerateKey",
			Handler:    _Credentialz_CanGenerateKey_Handler,
		},
		{
			MethodName: "GetPublicKeys",
			Handler:    _Credentialz_GetPublicKeys_Handler,
		},
	},
	Streams: []grpc.StreamDesc{
		{
			StreamName:    "RotateAccountCredentials",
			Handler:       _Credentialz_RotateAccountCredentials_Handler,
			ServerStreams: true,
			ClientStreams: true,
		},
		{
			StreamName:    "RotateHostParameters",
			Handler:       _Credentialz_RotateHostParameters_Handler,
			ServerStreams: true,
			ClientStreams: true,
		},
	},
	Metadata: "github.com/openconfig/gnsi/credentialz/credentialz.proto",
}

Credentialz_ServiceDesc is the grpc.ServiceDesc for Credentialz service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source
var File_github_com_openconfig_gnsi_credentialz_credentialz_proto protoreflect.FileDescriptor

Functions

func RegisterCredentialzServer

func RegisterCredentialzServer(s grpc.ServiceRegistrar, srv CredentialzServer)

Types

type AccountCredentials

type AccountCredentials struct {
	Account        string                              `protobuf:"bytes,1,opt,name=account,proto3" json:"account,omitempty"`
	AuthorizedKeys []*AccountCredentials_AuthorizedKey `protobuf:"bytes,2,rep,name=authorized_keys,json=authorizedKeys,proto3" json:"authorized_keys,omitempty"`
	Version        string                              `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
	CreatedOn      uint64                              `protobuf:"varint,4,opt,name=created_on,json=createdOn,proto3" json:"created_on,omitempty"`
	// contains filtered or unexported fields
}

func (*AccountCredentials) Descriptor deprecated

func (*AccountCredentials) Descriptor() ([]byte, []int)

Deprecated: Use AccountCredentials.ProtoReflect.Descriptor instead.

func (*AccountCredentials) GetAccount

func (x *AccountCredentials) GetAccount() string

func (*AccountCredentials) GetAuthorizedKeys

func (x *AccountCredentials) GetAuthorizedKeys() []*AccountCredentials_AuthorizedKey

func (*AccountCredentials) GetCreatedOn

func (x *AccountCredentials) GetCreatedOn() uint64

func (*AccountCredentials) GetVersion

func (x *AccountCredentials) GetVersion() string

func (*AccountCredentials) ProtoMessage

func (*AccountCredentials) ProtoMessage()

func (*AccountCredentials) ProtoReflect

func (x *AccountCredentials) ProtoReflect() protoreflect.Message

func (*AccountCredentials) Reset

func (x *AccountCredentials) Reset()

func (*AccountCredentials) String

func (x *AccountCredentials) String() string

type AccountCredentials_AuthorizedKey

type AccountCredentials_AuthorizedKey struct {
	AuthorizedKey []byte    `protobuf:"bytes,1,opt,name=authorized_key,json=authorizedKey,proto3" json:"authorized_key,omitempty"`
	Options       []*Option `protobuf:"bytes,2,rep,name=options,proto3" json:"options,omitempty"`
	KeyType       KeyType   `protobuf:"varint,3,opt,name=key_type,json=keyType,proto3,enum=gnsi.credentialz.v1.KeyType" json:"key_type,omitempty"`
	Description   string    `protobuf:"bytes,4,opt,name=description,proto3" json:"description,omitempty"`
	// contains filtered or unexported fields
}

func (*AccountCredentials_AuthorizedKey) Descriptor deprecated

func (*AccountCredentials_AuthorizedKey) Descriptor() ([]byte, []int)

Deprecated: Use AccountCredentials_AuthorizedKey.ProtoReflect.Descriptor instead.

func (*AccountCredentials_AuthorizedKey) GetAuthorizedKey

func (x *AccountCredentials_AuthorizedKey) GetAuthorizedKey() []byte

func (*AccountCredentials_AuthorizedKey) GetDescription

func (x *AccountCredentials_AuthorizedKey) GetDescription() string

func (*AccountCredentials_AuthorizedKey) GetKeyType

func (x *AccountCredentials_AuthorizedKey) GetKeyType() KeyType

func (*AccountCredentials_AuthorizedKey) GetOptions

func (x *AccountCredentials_AuthorizedKey) GetOptions() []*Option

func (*AccountCredentials_AuthorizedKey) ProtoMessage

func (*AccountCredentials_AuthorizedKey) ProtoMessage()

func (*AccountCredentials_AuthorizedKey) ProtoReflect

func (*AccountCredentials_AuthorizedKey) Reset

func (*AccountCredentials_AuthorizedKey) String

type AllowedAuthenticationRequest added in v1.2.2

type AllowedAuthenticationRequest struct {
	AuthenticationTypes []AuthenticationType `` /* 170-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*AllowedAuthenticationRequest) Descriptor deprecated added in v1.2.2

func (*AllowedAuthenticationRequest) Descriptor() ([]byte, []int)

Deprecated: Use AllowedAuthenticationRequest.ProtoReflect.Descriptor instead.

func (*AllowedAuthenticationRequest) GetAuthenticationTypes added in v1.2.2

func (x *AllowedAuthenticationRequest) GetAuthenticationTypes() []AuthenticationType

func (*AllowedAuthenticationRequest) ProtoMessage added in v1.2.2

func (*AllowedAuthenticationRequest) ProtoMessage()

func (*AllowedAuthenticationRequest) ProtoReflect added in v1.2.2

func (*AllowedAuthenticationRequest) Reset added in v1.2.2

func (x *AllowedAuthenticationRequest) Reset()

func (*AllowedAuthenticationRequest) String added in v1.2.2

type AllowedAuthenticationResponse added in v1.2.2

type AllowedAuthenticationResponse struct {
	// contains filtered or unexported fields
}

func (*AllowedAuthenticationResponse) Descriptor deprecated added in v1.2.2

func (*AllowedAuthenticationResponse) Descriptor() ([]byte, []int)

Deprecated: Use AllowedAuthenticationResponse.ProtoReflect.Descriptor instead.

func (*AllowedAuthenticationResponse) ProtoMessage added in v1.2.2

func (*AllowedAuthenticationResponse) ProtoMessage()

func (*AllowedAuthenticationResponse) ProtoReflect added in v1.2.2

func (*AllowedAuthenticationResponse) Reset added in v1.2.2

func (x *AllowedAuthenticationResponse) Reset()

func (*AllowedAuthenticationResponse) String added in v1.2.2

type AuthenticationType added in v1.2.2

type AuthenticationType int32
const (
	AuthenticationType_AUTHENTICATION_TYPE_UNSPECIFIED    AuthenticationType = 0
	AuthenticationType_AUTHENTICATION_TYPE_PASSWORD       AuthenticationType = 1
	AuthenticationType_AUTHENTICATION_TYPE_PUBKEY         AuthenticationType = 2
	AuthenticationType_AUTHENTICATION_TYPE_KBDINTERACTIVE AuthenticationType = 3
)

func (AuthenticationType) Descriptor added in v1.2.2

func (AuthenticationType) Enum added in v1.2.2

func (AuthenticationType) EnumDescriptor deprecated added in v1.2.2

func (AuthenticationType) EnumDescriptor() ([]byte, []int)

Deprecated: Use AuthenticationType.Descriptor instead.

func (AuthenticationType) Number added in v1.2.2

func (AuthenticationType) String added in v1.2.2

func (x AuthenticationType) String() string

func (AuthenticationType) Type added in v1.2.2

type AuthorizedKeysRequest

type AuthorizedKeysRequest struct {
	Credentials []*AccountCredentials `protobuf:"bytes,1,rep,name=credentials,proto3" json:"credentials,omitempty"`
	// contains filtered or unexported fields
}

func (*AuthorizedKeysRequest) Descriptor deprecated

func (*AuthorizedKeysRequest) Descriptor() ([]byte, []int)

Deprecated: Use AuthorizedKeysRequest.ProtoReflect.Descriptor instead.

func (*AuthorizedKeysRequest) GetCredentials

func (x *AuthorizedKeysRequest) GetCredentials() []*AccountCredentials

func (*AuthorizedKeysRequest) ProtoMessage

func (*AuthorizedKeysRequest) ProtoMessage()

func (*AuthorizedKeysRequest) ProtoReflect

func (x *AuthorizedKeysRequest) ProtoReflect() protoreflect.Message

func (*AuthorizedKeysRequest) Reset

func (x *AuthorizedKeysRequest) Reset()

func (*AuthorizedKeysRequest) String

func (x *AuthorizedKeysRequest) String() string

type AuthorizedKeysResponse

type AuthorizedKeysResponse struct {
	// contains filtered or unexported fields
}

func (*AuthorizedKeysResponse) Descriptor deprecated

func (*AuthorizedKeysResponse) Descriptor() ([]byte, []int)

Deprecated: Use AuthorizedKeysResponse.ProtoReflect.Descriptor instead.

func (*AuthorizedKeysResponse) ProtoMessage

func (*AuthorizedKeysResponse) ProtoMessage()

func (*AuthorizedKeysResponse) ProtoReflect

func (x *AuthorizedKeysResponse) ProtoReflect() protoreflect.Message

func (*AuthorizedKeysResponse) Reset

func (x *AuthorizedKeysResponse) Reset()

func (*AuthorizedKeysResponse) String

func (x *AuthorizedKeysResponse) String() string

type AuthorizedPrincipalCheckRequest added in v1.2.2

type AuthorizedPrincipalCheckRequest struct {
	Tool AuthorizedPrincipalCheckRequest_Tool `protobuf:"varint,1,opt,name=tool,proto3,enum=gnsi.credentialz.v1.AuthorizedPrincipalCheckRequest_Tool" json:"tool,omitempty"`
	// contains filtered or unexported fields
}

func (*AuthorizedPrincipalCheckRequest) Descriptor deprecated added in v1.2.2

func (*AuthorizedPrincipalCheckRequest) Descriptor() ([]byte, []int)

Deprecated: Use AuthorizedPrincipalCheckRequest.ProtoReflect.Descriptor instead.

func (*AuthorizedPrincipalCheckRequest) GetTool added in v1.2.2

func (*AuthorizedPrincipalCheckRequest) ProtoMessage added in v1.2.2

func (*AuthorizedPrincipalCheckRequest) ProtoMessage()

func (*AuthorizedPrincipalCheckRequest) ProtoReflect added in v1.2.2

func (*AuthorizedPrincipalCheckRequest) Reset added in v1.2.2

func (*AuthorizedPrincipalCheckRequest) String added in v1.2.2

type AuthorizedPrincipalCheckRequest_Tool added in v1.2.2

type AuthorizedPrincipalCheckRequest_Tool int32
const (
	AuthorizedPrincipalCheckRequest_TOOL_UNSPECIFIED  AuthorizedPrincipalCheckRequest_Tool = 0
	AuthorizedPrincipalCheckRequest_TOOL_HIBA_DEFAULT AuthorizedPrincipalCheckRequest_Tool = 1
)

func (AuthorizedPrincipalCheckRequest_Tool) Descriptor added in v1.2.2

func (AuthorizedPrincipalCheckRequest_Tool) Enum added in v1.2.2

func (AuthorizedPrincipalCheckRequest_Tool) EnumDescriptor deprecated added in v1.2.2

func (AuthorizedPrincipalCheckRequest_Tool) EnumDescriptor() ([]byte, []int)

Deprecated: Use AuthorizedPrincipalCheckRequest_Tool.Descriptor instead.

func (AuthorizedPrincipalCheckRequest_Tool) Number added in v1.2.2

func (AuthorizedPrincipalCheckRequest_Tool) String added in v1.2.2

func (AuthorizedPrincipalCheckRequest_Tool) Type added in v1.2.2

type AuthorizedPrincipalCheckResponse added in v1.2.2

type AuthorizedPrincipalCheckResponse struct {
	// contains filtered or unexported fields
}

func (*AuthorizedPrincipalCheckResponse) Descriptor deprecated added in v1.2.2

func (*AuthorizedPrincipalCheckResponse) Descriptor() ([]byte, []int)

Deprecated: Use AuthorizedPrincipalCheckResponse.ProtoReflect.Descriptor instead.

func (*AuthorizedPrincipalCheckResponse) ProtoMessage added in v1.2.2

func (*AuthorizedPrincipalCheckResponse) ProtoMessage()

func (*AuthorizedPrincipalCheckResponse) ProtoReflect added in v1.2.2

func (*AuthorizedPrincipalCheckResponse) Reset added in v1.2.2

func (*AuthorizedPrincipalCheckResponse) String added in v1.2.2

type AuthorizedUsersRequest

type AuthorizedUsersRequest struct {
	Policies []*UserPolicy `protobuf:"bytes,1,rep,name=policies,proto3" json:"policies,omitempty"`
	// contains filtered or unexported fields
}

func (*AuthorizedUsersRequest) Descriptor deprecated

func (*AuthorizedUsersRequest) Descriptor() ([]byte, []int)

Deprecated: Use AuthorizedUsersRequest.ProtoReflect.Descriptor instead.

func (*AuthorizedUsersRequest) GetPolicies

func (x *AuthorizedUsersRequest) GetPolicies() []*UserPolicy

func (*AuthorizedUsersRequest) ProtoMessage

func (*AuthorizedUsersRequest) ProtoMessage()

func (*AuthorizedUsersRequest) ProtoReflect

func (x *AuthorizedUsersRequest) ProtoReflect() protoreflect.Message

func (*AuthorizedUsersRequest) Reset

func (x *AuthorizedUsersRequest) Reset()

func (*AuthorizedUsersRequest) String

func (x *AuthorizedUsersRequest) String() string

type AuthorizedUsersResponse

type AuthorizedUsersResponse struct {
	// contains filtered or unexported fields
}

func (*AuthorizedUsersResponse) Descriptor deprecated

func (*AuthorizedUsersResponse) Descriptor() ([]byte, []int)

Deprecated: Use AuthorizedUsersResponse.ProtoReflect.Descriptor instead.

func (*AuthorizedUsersResponse) ProtoMessage

func (*AuthorizedUsersResponse) ProtoMessage()

func (*AuthorizedUsersResponse) ProtoReflect

func (x *AuthorizedUsersResponse) ProtoReflect() protoreflect.Message

func (*AuthorizedUsersResponse) Reset

func (x *AuthorizedUsersResponse) Reset()

func (*AuthorizedUsersResponse) String

func (x *AuthorizedUsersResponse) String() string

type CaPublicKeyRequest

type CaPublicKeyRequest struct {
	SshCaPublicKeys []*PublicKey `protobuf:"bytes,1,rep,name=ssh_ca_public_keys,json=sshCaPublicKeys,proto3" json:"ssh_ca_public_keys,omitempty"`
	Version         string       `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"`
	CreatedOn       uint64       `protobuf:"varint,3,opt,name=created_on,json=createdOn,proto3" json:"created_on,omitempty"`
	// contains filtered or unexported fields
}

func (*CaPublicKeyRequest) Descriptor deprecated

func (*CaPublicKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use CaPublicKeyRequest.ProtoReflect.Descriptor instead.

func (*CaPublicKeyRequest) GetCreatedOn

func (x *CaPublicKeyRequest) GetCreatedOn() uint64

func (*CaPublicKeyRequest) GetSshCaPublicKeys

func (x *CaPublicKeyRequest) GetSshCaPublicKeys() []*PublicKey

func (*CaPublicKeyRequest) GetVersion

func (x *CaPublicKeyRequest) GetVersion() string

func (*CaPublicKeyRequest) ProtoMessage

func (*CaPublicKeyRequest) ProtoMessage()

func (*CaPublicKeyRequest) ProtoReflect

func (x *CaPublicKeyRequest) ProtoReflect() protoreflect.Message

func (*CaPublicKeyRequest) Reset

func (x *CaPublicKeyRequest) Reset()

func (*CaPublicKeyRequest) String

func (x *CaPublicKeyRequest) String() string

type CaPublicKeyResponse

type CaPublicKeyResponse struct {
	// contains filtered or unexported fields
}

func (*CaPublicKeyResponse) Descriptor deprecated

func (*CaPublicKeyResponse) Descriptor() ([]byte, []int)

Deprecated: Use CaPublicKeyResponse.ProtoReflect.Descriptor instead.

func (*CaPublicKeyResponse) ProtoMessage

func (*CaPublicKeyResponse) ProtoMessage()

func (*CaPublicKeyResponse) ProtoReflect

func (x *CaPublicKeyResponse) ProtoReflect() protoreflect.Message

func (*CaPublicKeyResponse) Reset

func (x *CaPublicKeyResponse) Reset()

func (*CaPublicKeyResponse) String

func (x *CaPublicKeyResponse) String() string

type CanGenerateKeyRequest

type CanGenerateKeyRequest struct {
	KeyParams KeyGen `protobuf:"varint,1,opt,name=key_params,json=keyParams,proto3,enum=gnsi.credentialz.v1.KeyGen" json:"key_params,omitempty"`
	// contains filtered or unexported fields
}

func (*CanGenerateKeyRequest) Descriptor deprecated

func (*CanGenerateKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use CanGenerateKeyRequest.ProtoReflect.Descriptor instead.

func (*CanGenerateKeyRequest) GetKeyParams

func (x *CanGenerateKeyRequest) GetKeyParams() KeyGen

func (*CanGenerateKeyRequest) ProtoMessage

func (*CanGenerateKeyRequest) ProtoMessage()

func (*CanGenerateKeyRequest) ProtoReflect

func (x *CanGenerateKeyRequest) ProtoReflect() protoreflect.Message

func (*CanGenerateKeyRequest) Reset

func (x *CanGenerateKeyRequest) Reset()

func (*CanGenerateKeyRequest) String

func (x *CanGenerateKeyRequest) String() string

type CanGenerateKeyResponse

type CanGenerateKeyResponse struct {
	CanGenerate bool `protobuf:"varint,1,opt,name=can_generate,json=canGenerate,proto3" json:"can_generate,omitempty"`
	// contains filtered or unexported fields
}

func (*CanGenerateKeyResponse) Descriptor deprecated

func (*CanGenerateKeyResponse) Descriptor() ([]byte, []int)

Deprecated: Use CanGenerateKeyResponse.ProtoReflect.Descriptor instead.

func (*CanGenerateKeyResponse) GetCanGenerate

func (x *CanGenerateKeyResponse) GetCanGenerate() bool

func (*CanGenerateKeyResponse) ProtoMessage

func (*CanGenerateKeyResponse) ProtoMessage()

func (*CanGenerateKeyResponse) ProtoReflect

func (x *CanGenerateKeyResponse) ProtoReflect() protoreflect.Message

func (*CanGenerateKeyResponse) Reset

func (x *CanGenerateKeyResponse) Reset()

func (*CanGenerateKeyResponse) String

func (x *CanGenerateKeyResponse) String() string

type CredentialzClient

type CredentialzClient interface {
	RotateAccountCredentials(ctx context.Context, opts ...grpc.CallOption) (Credentialz_RotateAccountCredentialsClient, error)
	RotateHostParameters(ctx context.Context, opts ...grpc.CallOption) (Credentialz_RotateHostParametersClient, error)
	CanGenerateKey(ctx context.Context, in *CanGenerateKeyRequest, opts ...grpc.CallOption) (*CanGenerateKeyResponse, error)
	GetPublicKeys(ctx context.Context, in *GetPublicKeysRequest, opts ...grpc.CallOption) (*GetPublicKeysResponse, error)
}

CredentialzClient is the client API for Credentialz service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

type CredentialzServer

type CredentialzServer interface {
	RotateAccountCredentials(Credentialz_RotateAccountCredentialsServer) error
	RotateHostParameters(Credentialz_RotateHostParametersServer) error
	CanGenerateKey(context.Context, *CanGenerateKeyRequest) (*CanGenerateKeyResponse, error)
	GetPublicKeys(context.Context, *GetPublicKeysRequest) (*GetPublicKeysResponse, error)
	// contains filtered or unexported methods
}

CredentialzServer is the server API for Credentialz service. All implementations must embed UnimplementedCredentialzServer for forward compatibility

type Credentialz_RotateAccountCredentialsClient

type Credentialz_RotateAccountCredentialsClient interface {
	Send(*RotateAccountCredentialsRequest) error
	Recv() (*RotateAccountCredentialsResponse, error)
	grpc.ClientStream
}

type Credentialz_RotateAccountCredentialsServer

type Credentialz_RotateAccountCredentialsServer interface {
	Send(*RotateAccountCredentialsResponse) error
	Recv() (*RotateAccountCredentialsRequest, error)
	grpc.ServerStream
}

type Credentialz_RotateHostParametersClient added in v1.2.2

type Credentialz_RotateHostParametersClient interface {
	Send(*RotateHostParametersRequest) error
	Recv() (*RotateHostParametersResponse, error)
	grpc.ClientStream
}

type Credentialz_RotateHostParametersServer added in v1.2.2

type Credentialz_RotateHostParametersServer interface {
	Send(*RotateHostParametersResponse) error
	Recv() (*RotateHostParametersRequest, error)
	grpc.ServerStream
}

type FinalizeRequest

type FinalizeRequest struct {
	// contains filtered or unexported fields
}

func (*FinalizeRequest) Descriptor deprecated

func (*FinalizeRequest) Descriptor() ([]byte, []int)

Deprecated: Use FinalizeRequest.ProtoReflect.Descriptor instead.

func (*FinalizeRequest) ProtoMessage

func (*FinalizeRequest) ProtoMessage()

func (*FinalizeRequest) ProtoReflect

func (x *FinalizeRequest) ProtoReflect() protoreflect.Message

func (*FinalizeRequest) Reset

func (x *FinalizeRequest) Reset()

func (*FinalizeRequest) String

func (x *FinalizeRequest) String() string

type GenerateKeysRequest

type GenerateKeysRequest struct {
	KeyParams []KeyGen `` /* 128-byte string literal not displayed */
	// contains filtered or unexported fields
}

func (*GenerateKeysRequest) Descriptor deprecated

func (*GenerateKeysRequest) Descriptor() ([]byte, []int)

Deprecated: Use GenerateKeysRequest.ProtoReflect.Descriptor instead.

func (*GenerateKeysRequest) GetKeyParams

func (x *GenerateKeysRequest) GetKeyParams() []KeyGen

func (*GenerateKeysRequest) ProtoMessage

func (*GenerateKeysRequest) ProtoMessage()

func (*GenerateKeysRequest) ProtoReflect

func (x *GenerateKeysRequest) ProtoReflect() protoreflect.Message

func (*GenerateKeysRequest) Reset

func (x *GenerateKeysRequest) Reset()

func (*GenerateKeysRequest) String

func (x *GenerateKeysRequest) String() string

type GenerateKeysResponse

type GenerateKeysResponse struct {
	PublicKeys []*PublicKey `protobuf:"bytes,1,rep,name=public_keys,json=publicKeys,proto3" json:"public_keys,omitempty"`
	// contains filtered or unexported fields
}

func (*GenerateKeysResponse) Descriptor deprecated

func (*GenerateKeysResponse) Descriptor() ([]byte, []int)

Deprecated: Use GenerateKeysResponse.ProtoReflect.Descriptor instead.

func (*GenerateKeysResponse) GetPublicKeys added in v1.2.1

func (x *GenerateKeysResponse) GetPublicKeys() []*PublicKey

func (*GenerateKeysResponse) ProtoMessage

func (*GenerateKeysResponse) ProtoMessage()

func (*GenerateKeysResponse) ProtoReflect

func (x *GenerateKeysResponse) ProtoReflect() protoreflect.Message

func (*GenerateKeysResponse) Reset

func (x *GenerateKeysResponse) Reset()

func (*GenerateKeysResponse) String

func (x *GenerateKeysResponse) String() string

type GetPublicKeysRequest added in v1.2.1

type GetPublicKeysRequest struct {
	// contains filtered or unexported fields
}

func (*GetPublicKeysRequest) Descriptor deprecated added in v1.2.1

func (*GetPublicKeysRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetPublicKeysRequest.ProtoReflect.Descriptor instead.

func (*GetPublicKeysRequest) ProtoMessage added in v1.2.1

func (*GetPublicKeysRequest) ProtoMessage()

func (*GetPublicKeysRequest) ProtoReflect added in v1.2.1

func (x *GetPublicKeysRequest) ProtoReflect() protoreflect.Message

func (*GetPublicKeysRequest) Reset added in v1.2.1

func (x *GetPublicKeysRequest) Reset()

func (*GetPublicKeysRequest) String added in v1.2.1

func (x *GetPublicKeysRequest) String() string

type GetPublicKeysResponse added in v1.2.1

type GetPublicKeysResponse struct {
	PublicKeys []*PublicKey `protobuf:"bytes,1,rep,name=public_keys,json=publicKeys,proto3" json:"public_keys,omitempty"`
	// contains filtered or unexported fields
}

func (*GetPublicKeysResponse) Descriptor deprecated added in v1.2.1

func (*GetPublicKeysResponse) Descriptor() ([]byte, []int)

Deprecated: Use GetPublicKeysResponse.ProtoReflect.Descriptor instead.

func (*GetPublicKeysResponse) GetPublicKeys added in v1.2.1

func (x *GetPublicKeysResponse) GetPublicKeys() []*PublicKey

func (*GetPublicKeysResponse) ProtoMessage added in v1.2.1

func (*GetPublicKeysResponse) ProtoMessage()

func (*GetPublicKeysResponse) ProtoReflect added in v1.2.1

func (x *GetPublicKeysResponse) ProtoReflect() protoreflect.Message

func (*GetPublicKeysResponse) Reset added in v1.2.1

func (x *GetPublicKeysResponse) Reset()

func (*GetPublicKeysResponse) String added in v1.2.1

func (x *GetPublicKeysResponse) String() string

type KeyGen

type KeyGen int32
const (
	KeyGen_KEY_GEN_SSH_KEY_UNSPECIFIED        KeyGen = 0
	KeyGen_KEY_GEN_SSH_KEY_TYPE_RSA_2048      KeyGen = 1
	KeyGen_KEY_GEN_SSH_KEY_TYPE_ECDSA_P_256   KeyGen = 2
	KeyGen_KEY_GEN_SSH_KEY_TYPE_ECDSA_P_521   KeyGen = 3
	KeyGen_KEY_GEN_SSH_KEY_TYPE_EDDSA_ED25519 KeyGen = 4
	KeyGen_KEY_GEN_SSH_KEY_TYPE_RSA_4096      KeyGen = 5
)

func (KeyGen) Descriptor

func (KeyGen) Descriptor() protoreflect.EnumDescriptor

func (KeyGen) Enum

func (x KeyGen) Enum() *KeyGen

func (KeyGen) EnumDescriptor deprecated

func (KeyGen) EnumDescriptor() ([]byte, []int)

Deprecated: Use KeyGen.Descriptor instead.

func (KeyGen) Number

func (x KeyGen) Number() protoreflect.EnumNumber

func (KeyGen) String

func (x KeyGen) String() string

func (KeyGen) Type

func (KeyGen) Type() protoreflect.EnumType

type KeyType

type KeyType int32
const (
	KeyType_KEY_TYPE_UNSPECIFIED KeyType = 0
	KeyType_KEY_TYPE_ECDSA_P_256 KeyType = 1
	KeyType_KEY_TYPE_ECDSA_P_521 KeyType = 2
	KeyType_KEY_TYPE_ED25519     KeyType = 3
	KeyType_KEY_TYPE_RSA_2048    KeyType = 4
	KeyType_KEY_TYPE_RSA_4096    KeyType = 5
)

func (KeyType) Descriptor

func (KeyType) Descriptor() protoreflect.EnumDescriptor

func (KeyType) Enum

func (x KeyType) Enum() *KeyType

func (KeyType) EnumDescriptor deprecated

func (KeyType) EnumDescriptor() ([]byte, []int)

Deprecated: Use KeyType.Descriptor instead.

func (KeyType) Number

func (x KeyType) Number() protoreflect.EnumNumber

func (KeyType) String

func (x KeyType) String() string

func (KeyType) Type

func (KeyType) Type() protoreflect.EnumType

type Option

type Option struct {

	// Types that are assignable to Key:
	//	*Option_Name
	//	*Option_Id
	Key   isOption_Key `protobuf_oneof:"key"`
	Value string       `protobuf:"bytes,3,opt,name=value,proto3" json:"value,omitempty"`
	// contains filtered or unexported fields
}

func (*Option) Descriptor deprecated

func (*Option) Descriptor() ([]byte, []int)

Deprecated: Use Option.ProtoReflect.Descriptor instead.

func (*Option) GetId

func (x *Option) GetId() Option_StandardOption

func (*Option) GetKey

func (m *Option) GetKey() isOption_Key

func (*Option) GetName

func (x *Option) GetName() string

func (*Option) GetValue

func (x *Option) GetValue() string

func (*Option) ProtoMessage

func (*Option) ProtoMessage()

func (*Option) ProtoReflect

func (x *Option) ProtoReflect() protoreflect.Message

func (*Option) Reset

func (x *Option) Reset()

func (*Option) String

func (x *Option) String() string

type Option_Id

type Option_Id struct {
	Id Option_StandardOption `protobuf:"varint,2,opt,name=id,proto3,enum=gnsi.credentialz.v1.Option_StandardOption,oneof"`
}

type Option_Name

type Option_Name struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3,oneof"`
}

type Option_StandardOption

type Option_StandardOption int32
const (
	Option_STANDARD_OPTION_UNSPECIFIED         Option_StandardOption = 0
	Option_STANDARD_OPTION_AGENT_FORWARDING    Option_StandardOption = 1
	Option_STANDARD_OPTION_CERT_AUTHORITY      Option_StandardOption = 2
	Option_STANDARD_OPTION_COMMAND             Option_StandardOption = 3
	Option_STANDARD_OPTION_ENVIRONMENT         Option_StandardOption = 4
	Option_STANDARD_OPTION_EXPIRY_TIME         Option_StandardOption = 5
	Option_STANDARD_OPTION_FROM                Option_StandardOption = 6
	Option_STANDARD_OPTION_NO_AGENT_FORWARDING Option_StandardOption = 7
	Option_STANDARD_OPTION_NO_PORT_FORWARDING  Option_StandardOption = 8
	Option_STANDARD_OPTION_NO_PTY              Option_StandardOption = 9
	Option_STANDARD_OPTION_NO_USER_RC          Option_StandardOption = 10
	Option_STANDARD_OPTION_NO_X11_FORWARDING   Option_StandardOption = 11
	Option_STANDARD_OPTION_PERMITLISTEN        Option_StandardOption = 12
	Option_STANDARD_OPTION_PERMITOPEN          Option_StandardOption = 13
	Option_STANDARD_OPTION_PORT_FORWARDING     Option_StandardOption = 14
	Option_STANDARD_OPTION_PRINCIPALS          Option_StandardOption = 15
	Option_STANDARD_OPTION_PTY                 Option_StandardOption = 16
	Option_STANDARD_OPTION_NO_TOUCH_REQUIRED   Option_StandardOption = 17
	Option_STANDARD_OPTION_VERIFY_REQUIRED     Option_StandardOption = 18
	Option_STANDARD_OPTION_RESTRICT            Option_StandardOption = 19
	Option_STANDARD_OPTION_TUNNEL              Option_StandardOption = 20
	Option_STANDARD_OPTION_USER_RC             Option_StandardOption = 21
	Option_STANDARD_OPTION_X11_FORWARDING      Option_StandardOption = 22
)

func (Option_StandardOption) Descriptor

func (Option_StandardOption) Enum

func (Option_StandardOption) EnumDescriptor deprecated

func (Option_StandardOption) EnumDescriptor() ([]byte, []int)

Deprecated: Use Option_StandardOption.Descriptor instead.

func (Option_StandardOption) Number

func (Option_StandardOption) String

func (x Option_StandardOption) String() string

func (Option_StandardOption) Type

type PasswordRequest

type PasswordRequest struct {
	Accounts []*PasswordRequest_Account `protobuf:"bytes,1,rep,name=accounts,proto3" json:"accounts,omitempty"`
	// contains filtered or unexported fields
}

func (*PasswordRequest) Descriptor deprecated

func (*PasswordRequest) Descriptor() ([]byte, []int)

Deprecated: Use PasswordRequest.ProtoReflect.Descriptor instead.

func (*PasswordRequest) GetAccounts

func (x *PasswordRequest) GetAccounts() []*PasswordRequest_Account

func (*PasswordRequest) ProtoMessage

func (*PasswordRequest) ProtoMessage()

func (*PasswordRequest) ProtoReflect

func (x *PasswordRequest) ProtoReflect() protoreflect.Message

func (*PasswordRequest) Reset

func (x *PasswordRequest) Reset()

func (*PasswordRequest) String

func (x *PasswordRequest) String() string

type PasswordRequest_Account

type PasswordRequest_Account struct {
	Account   string                    `protobuf:"bytes,1,opt,name=account,proto3" json:"account,omitempty"`
	Password  *PasswordRequest_Password `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"`
	Version   string                    `protobuf:"bytes,3,opt,name=version,proto3" json:"version,omitempty"`
	CreatedOn uint64                    `protobuf:"varint,4,opt,name=created_on,json=createdOn,proto3" json:"created_on,omitempty"`
	// contains filtered or unexported fields
}

func (*PasswordRequest_Account) Descriptor deprecated

func (*PasswordRequest_Account) Descriptor() ([]byte, []int)

Deprecated: Use PasswordRequest_Account.ProtoReflect.Descriptor instead.

func (*PasswordRequest_Account) GetAccount

func (x *PasswordRequest_Account) GetAccount() string

func (*PasswordRequest_Account) GetCreatedOn

func (x *PasswordRequest_Account) GetCreatedOn() uint64

func (*PasswordRequest_Account) GetPassword

func (*PasswordRequest_Account) GetVersion

func (x *PasswordRequest_Account) GetVersion() string

func (*PasswordRequest_Account) ProtoMessage

func (*PasswordRequest_Account) ProtoMessage()

func (*PasswordRequest_Account) ProtoReflect

func (x *PasswordRequest_Account) ProtoReflect() protoreflect.Message

func (*PasswordRequest_Account) Reset

func (x *PasswordRequest_Account) Reset()

func (*PasswordRequest_Account) String

func (x *PasswordRequest_Account) String() string

type PasswordRequest_CryptoHash

type PasswordRequest_CryptoHash struct {
	HashType  PasswordRequest_CryptoHash_HashType `` /* 147-byte string literal not displayed */
	HashValue string                              `protobuf:"bytes,2,opt,name=hash_value,json=hashValue,proto3" json:"hash_value,omitempty"`
	// contains filtered or unexported fields
}

func (*PasswordRequest_CryptoHash) Descriptor deprecated

func (*PasswordRequest_CryptoHash) Descriptor() ([]byte, []int)

Deprecated: Use PasswordRequest_CryptoHash.ProtoReflect.Descriptor instead.

func (*PasswordRequest_CryptoHash) GetHashType

func (*PasswordRequest_CryptoHash) GetHashValue

func (x *PasswordRequest_CryptoHash) GetHashValue() string

func (*PasswordRequest_CryptoHash) ProtoMessage

func (*PasswordRequest_CryptoHash) ProtoMessage()

func (*PasswordRequest_CryptoHash) ProtoReflect

func (*PasswordRequest_CryptoHash) Reset

func (x *PasswordRequest_CryptoHash) Reset()

func (*PasswordRequest_CryptoHash) String

func (x *PasswordRequest_CryptoHash) String() string

type PasswordRequest_CryptoHash_HashType

type PasswordRequest_CryptoHash_HashType int32
const (
	PasswordRequest_CryptoHash_HASH_TYPE_UNSPECIFIED     PasswordRequest_CryptoHash_HashType = 0
	PasswordRequest_CryptoHash_HASH_TYPE_CRYPT_MD5       PasswordRequest_CryptoHash_HashType = 1
	PasswordRequest_CryptoHash_HASH_TYPE_CRYPT_SHA_2_512 PasswordRequest_CryptoHash_HashType = 2
)

func (PasswordRequest_CryptoHash_HashType) Descriptor

func (PasswordRequest_CryptoHash_HashType) Enum

func (PasswordRequest_CryptoHash_HashType) EnumDescriptor deprecated

func (PasswordRequest_CryptoHash_HashType) EnumDescriptor() ([]byte, []int)

Deprecated: Use PasswordRequest_CryptoHash_HashType.Descriptor instead.

func (PasswordRequest_CryptoHash_HashType) Number

func (PasswordRequest_CryptoHash_HashType) String

func (PasswordRequest_CryptoHash_HashType) Type

type PasswordRequest_Password

type PasswordRequest_Password struct {

	// Types that are assignable to Value:
	//	*PasswordRequest_Password_Plaintext
	//	*PasswordRequest_Password_CryptoHash
	Value isPasswordRequest_Password_Value `protobuf_oneof:"value"`
	// contains filtered or unexported fields
}

func (*PasswordRequest_Password) Descriptor deprecated

func (*PasswordRequest_Password) Descriptor() ([]byte, []int)

Deprecated: Use PasswordRequest_Password.ProtoReflect.Descriptor instead.

func (*PasswordRequest_Password) GetCryptoHash

func (*PasswordRequest_Password) GetPlaintext

func (x *PasswordRequest_Password) GetPlaintext() string

func (*PasswordRequest_Password) GetValue

func (m *PasswordRequest_Password) GetValue() isPasswordRequest_Password_Value

func (*PasswordRequest_Password) ProtoMessage

func (*PasswordRequest_Password) ProtoMessage()

func (*PasswordRequest_Password) ProtoReflect

func (x *PasswordRequest_Password) ProtoReflect() protoreflect.Message

func (*PasswordRequest_Password) Reset

func (x *PasswordRequest_Password) Reset()

func (*PasswordRequest_Password) String

func (x *PasswordRequest_Password) String() string

type PasswordRequest_Password_CryptoHash

type PasswordRequest_Password_CryptoHash struct {
	CryptoHash *PasswordRequest_CryptoHash `protobuf:"bytes,2,opt,name=crypto_hash,json=cryptoHash,proto3,oneof"`
}

type PasswordRequest_Password_Plaintext

type PasswordRequest_Password_Plaintext struct {
	Plaintext string `protobuf:"bytes,1,opt,name=plaintext,proto3,oneof"`
}

type PasswordResponse

type PasswordResponse struct {
	// contains filtered or unexported fields
}

func (*PasswordResponse) Descriptor deprecated

func (*PasswordResponse) Descriptor() ([]byte, []int)

Deprecated: Use PasswordResponse.ProtoReflect.Descriptor instead.

func (*PasswordResponse) ProtoMessage

func (*PasswordResponse) ProtoMessage()

func (*PasswordResponse) ProtoReflect

func (x *PasswordResponse) ProtoReflect() protoreflect.Message

func (*PasswordResponse) Reset

func (x *PasswordResponse) Reset()

func (*PasswordResponse) String

func (x *PasswordResponse) String() string

type PublicKey

type PublicKey struct {
	PublicKey   []byte  `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	KeyType     KeyType `protobuf:"varint,2,opt,name=key_type,json=keyType,proto3,enum=gnsi.credentialz.v1.KeyType" json:"key_type,omitempty"`
	Description string  `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
	// contains filtered or unexported fields
}

func (*PublicKey) Descriptor deprecated

func (*PublicKey) Descriptor() ([]byte, []int)

Deprecated: Use PublicKey.ProtoReflect.Descriptor instead.

func (*PublicKey) GetDescription

func (x *PublicKey) GetDescription() string

func (*PublicKey) GetKeyType

func (x *PublicKey) GetKeyType() KeyType

func (*PublicKey) GetPublicKey

func (x *PublicKey) GetPublicKey() []byte

func (*PublicKey) ProtoMessage

func (*PublicKey) ProtoMessage()

func (*PublicKey) ProtoReflect

func (x *PublicKey) ProtoReflect() protoreflect.Message

func (*PublicKey) Reset

func (x *PublicKey) Reset()

func (*PublicKey) String

func (x *PublicKey) String() string

type RotateAccountCredentialsRequest

type RotateAccountCredentialsRequest struct {

	// Types that are assignable to Request:
	//	*RotateAccountCredentialsRequest_Credential
	//	*RotateAccountCredentialsRequest_User
	//	*RotateAccountCredentialsRequest_Password
	//	*RotateAccountCredentialsRequest_Finalize
	Request isRotateAccountCredentialsRequest_Request `protobuf_oneof:"request"`
	// contains filtered or unexported fields
}

func (*RotateAccountCredentialsRequest) Descriptor deprecated

func (*RotateAccountCredentialsRequest) Descriptor() ([]byte, []int)

Deprecated: Use RotateAccountCredentialsRequest.ProtoReflect.Descriptor instead.

func (*RotateAccountCredentialsRequest) GetCredential

func (*RotateAccountCredentialsRequest) GetFinalize

func (*RotateAccountCredentialsRequest) GetPassword

func (*RotateAccountCredentialsRequest) GetRequest

func (m *RotateAccountCredentialsRequest) GetRequest() isRotateAccountCredentialsRequest_Request

func (*RotateAccountCredentialsRequest) GetUser

func (*RotateAccountCredentialsRequest) ProtoMessage

func (*RotateAccountCredentialsRequest) ProtoMessage()

func (*RotateAccountCredentialsRequest) ProtoReflect

func (*RotateAccountCredentialsRequest) Reset

func (*RotateAccountCredentialsRequest) String

type RotateAccountCredentialsRequest_Credential

type RotateAccountCredentialsRequest_Credential struct {
	Credential *AuthorizedKeysRequest `protobuf:"bytes,1,opt,name=credential,proto3,oneof"`
}

type RotateAccountCredentialsRequest_Finalize

type RotateAccountCredentialsRequest_Finalize struct {
	Finalize *FinalizeRequest `protobuf:"bytes,4,opt,name=finalize,proto3,oneof"`
}

type RotateAccountCredentialsRequest_Password

type RotateAccountCredentialsRequest_Password struct {
	Password *PasswordRequest `protobuf:"bytes,3,opt,name=password,proto3,oneof"`
}

type RotateAccountCredentialsRequest_User

type RotateAccountCredentialsRequest_User struct {
	User *AuthorizedUsersRequest `protobuf:"bytes,2,opt,name=user,proto3,oneof"`
}

type RotateAccountCredentialsResponse

type RotateAccountCredentialsResponse struct {

	// Types that are assignable to Response:
	//	*RotateAccountCredentialsResponse_Credential
	//	*RotateAccountCredentialsResponse_User
	//	*RotateAccountCredentialsResponse_Password
	Response isRotateAccountCredentialsResponse_Response `protobuf_oneof:"response"`
	// contains filtered or unexported fields
}

func (*RotateAccountCredentialsResponse) Descriptor deprecated

func (*RotateAccountCredentialsResponse) Descriptor() ([]byte, []int)

Deprecated: Use RotateAccountCredentialsResponse.ProtoReflect.Descriptor instead.

func (*RotateAccountCredentialsResponse) GetCredential

func (*RotateAccountCredentialsResponse) GetPassword

func (*RotateAccountCredentialsResponse) GetResponse

func (m *RotateAccountCredentialsResponse) GetResponse() isRotateAccountCredentialsResponse_Response

func (*RotateAccountCredentialsResponse) GetUser

func (*RotateAccountCredentialsResponse) ProtoMessage

func (*RotateAccountCredentialsResponse) ProtoMessage()

func (*RotateAccountCredentialsResponse) ProtoReflect

func (*RotateAccountCredentialsResponse) Reset

func (*RotateAccountCredentialsResponse) String

type RotateAccountCredentialsResponse_Credential

type RotateAccountCredentialsResponse_Credential struct {
	Credential *AuthorizedKeysResponse `protobuf:"bytes,1,opt,name=credential,proto3,oneof"`
}

type RotateAccountCredentialsResponse_Password

type RotateAccountCredentialsResponse_Password struct {
	Password *PasswordResponse `protobuf:"bytes,3,opt,name=password,proto3,oneof"`
}

type RotateAccountCredentialsResponse_User

type RotateAccountCredentialsResponse_User struct {
	User *AuthorizedUsersResponse `protobuf:"bytes,2,opt,name=user,proto3,oneof"`
}

type RotateHostParametersRequest added in v1.2.2

type RotateHostParametersRequest struct {

	// Types that are assignable to Request:
	//	*RotateHostParametersRequest_SshCaPublicKey
	//	*RotateHostParametersRequest_ServerKeys
	//	*RotateHostParametersRequest_Finalize
	//	*RotateHostParametersRequest_GenerateKeys
	//	*RotateHostParametersRequest_AuthenticationAllowed
	//	*RotateHostParametersRequest_AuthorizedPrincipalCheck
	Request isRotateHostParametersRequest_Request `protobuf_oneof:"request"`
	// contains filtered or unexported fields
}

func (*RotateHostParametersRequest) Descriptor deprecated added in v1.2.2

func (*RotateHostParametersRequest) Descriptor() ([]byte, []int)

Deprecated: Use RotateHostParametersRequest.ProtoReflect.Descriptor instead.

func (*RotateHostParametersRequest) GetAuthenticationAllowed added in v1.2.2

func (x *RotateHostParametersRequest) GetAuthenticationAllowed() *AllowedAuthenticationRequest

func (*RotateHostParametersRequest) GetAuthorizedPrincipalCheck added in v1.2.2

func (x *RotateHostParametersRequest) GetAuthorizedPrincipalCheck() *AuthorizedPrincipalCheckRequest

func (*RotateHostParametersRequest) GetFinalize added in v1.2.2

func (x *RotateHostParametersRequest) GetFinalize() *FinalizeRequest

func (*RotateHostParametersRequest) GetGenerateKeys added in v1.2.2

func (x *RotateHostParametersRequest) GetGenerateKeys() *GenerateKeysRequest

func (*RotateHostParametersRequest) GetRequest added in v1.2.2

func (m *RotateHostParametersRequest) GetRequest() isRotateHostParametersRequest_Request

func (*RotateHostParametersRequest) GetServerKeys added in v1.2.2

func (x *RotateHostParametersRequest) GetServerKeys() *ServerKeysRequest

func (*RotateHostParametersRequest) GetSshCaPublicKey added in v1.2.2

func (x *RotateHostParametersRequest) GetSshCaPublicKey() *CaPublicKeyRequest

func (*RotateHostParametersRequest) ProtoMessage added in v1.2.2

func (*RotateHostParametersRequest) ProtoMessage()

func (*RotateHostParametersRequest) ProtoReflect added in v1.2.2

func (*RotateHostParametersRequest) Reset added in v1.2.2

func (x *RotateHostParametersRequest) Reset()

func (*RotateHostParametersRequest) String added in v1.2.2

func (x *RotateHostParametersRequest) String() string

type RotateHostParametersRequest_AuthenticationAllowed added in v1.2.2

type RotateHostParametersRequest_AuthenticationAllowed struct {
	AuthenticationAllowed *AllowedAuthenticationRequest `protobuf:"bytes,5,opt,name=authentication_allowed,json=authenticationAllowed,proto3,oneof"`
}

type RotateHostParametersRequest_AuthorizedPrincipalCheck added in v1.2.2

type RotateHostParametersRequest_AuthorizedPrincipalCheck struct {
	AuthorizedPrincipalCheck *AuthorizedPrincipalCheckRequest `protobuf:"bytes,6,opt,name=authorized_principal_check,json=authorizedPrincipalCheck,proto3,oneof"`
}

type RotateHostParametersRequest_Finalize added in v1.2.2

type RotateHostParametersRequest_Finalize struct {
	Finalize *FinalizeRequest `protobuf:"bytes,3,opt,name=finalize,proto3,oneof"`
}

type RotateHostParametersRequest_GenerateKeys added in v1.2.2

type RotateHostParametersRequest_GenerateKeys struct {
	GenerateKeys *GenerateKeysRequest `protobuf:"bytes,4,opt,name=generate_keys,json=generateKeys,proto3,oneof"`
}

type RotateHostParametersRequest_ServerKeys added in v1.2.2

type RotateHostParametersRequest_ServerKeys struct {
	ServerKeys *ServerKeysRequest `protobuf:"bytes,2,opt,name=server_keys,json=serverKeys,proto3,oneof"`
}

type RotateHostParametersRequest_SshCaPublicKey added in v1.2.2

type RotateHostParametersRequest_SshCaPublicKey struct {
	SshCaPublicKey *CaPublicKeyRequest `protobuf:"bytes,1,opt,name=ssh_ca_public_key,json=sshCaPublicKey,proto3,oneof"`
}

type RotateHostParametersResponse added in v1.2.2

type RotateHostParametersResponse struct {

	// Types that are assignable to Response:
	//	*RotateHostParametersResponse_SshCaPublicKey
	//	*RotateHostParametersResponse_ServerKeys
	//	*RotateHostParametersResponse_GenerateKeys
	//	*RotateHostParametersResponse_AuthenticationAllowed
	//	*RotateHostParametersResponse_AuthorizedPrincipalCheck
	Response isRotateHostParametersResponse_Response `protobuf_oneof:"response"`
	// contains filtered or unexported fields
}

func (*RotateHostParametersResponse) Descriptor deprecated added in v1.2.2

func (*RotateHostParametersResponse) Descriptor() ([]byte, []int)

Deprecated: Use RotateHostParametersResponse.ProtoReflect.Descriptor instead.

func (*RotateHostParametersResponse) GetAuthenticationAllowed added in v1.2.2

func (x *RotateHostParametersResponse) GetAuthenticationAllowed() *AllowedAuthenticationResponse

func (*RotateHostParametersResponse) GetAuthorizedPrincipalCheck added in v1.2.2

func (x *RotateHostParametersResponse) GetAuthorizedPrincipalCheck() *AuthorizedPrincipalCheckResponse

func (*RotateHostParametersResponse) GetGenerateKeys added in v1.2.2

func (x *RotateHostParametersResponse) GetGenerateKeys() *GenerateKeysResponse

func (*RotateHostParametersResponse) GetResponse added in v1.2.2

func (m *RotateHostParametersResponse) GetResponse() isRotateHostParametersResponse_Response

func (*RotateHostParametersResponse) GetServerKeys added in v1.2.2

func (*RotateHostParametersResponse) GetSshCaPublicKey added in v1.2.2

func (x *RotateHostParametersResponse) GetSshCaPublicKey() *CaPublicKeyResponse

func (*RotateHostParametersResponse) ProtoMessage added in v1.2.2

func (*RotateHostParametersResponse) ProtoMessage()

func (*RotateHostParametersResponse) ProtoReflect added in v1.2.2

func (*RotateHostParametersResponse) Reset added in v1.2.2

func (x *RotateHostParametersResponse) Reset()

func (*RotateHostParametersResponse) String added in v1.2.2

type RotateHostParametersResponse_AuthenticationAllowed added in v1.2.2

type RotateHostParametersResponse_AuthenticationAllowed struct {
	AuthenticationAllowed *AllowedAuthenticationResponse `protobuf:"bytes,4,opt,name=authentication_allowed,json=authenticationAllowed,proto3,oneof"`
}

type RotateHostParametersResponse_AuthorizedPrincipalCheck added in v1.2.2

type RotateHostParametersResponse_AuthorizedPrincipalCheck struct {
	AuthorizedPrincipalCheck *AuthorizedPrincipalCheckResponse `protobuf:"bytes,5,opt,name=authorized_principal_check,json=authorizedPrincipalCheck,proto3,oneof"`
}

type RotateHostParametersResponse_GenerateKeys added in v1.2.2

type RotateHostParametersResponse_GenerateKeys struct {
	GenerateKeys *GenerateKeysResponse `protobuf:"bytes,3,opt,name=generate_keys,json=generateKeys,proto3,oneof"`
}

type RotateHostParametersResponse_ServerKeys added in v1.2.2

type RotateHostParametersResponse_ServerKeys struct {
	ServerKeys *ServerKeysResponse `protobuf:"bytes,2,opt,name=server_keys,json=serverKeys,proto3,oneof"`
}

type RotateHostParametersResponse_SshCaPublicKey added in v1.2.2

type RotateHostParametersResponse_SshCaPublicKey struct {
	SshCaPublicKey *CaPublicKeyResponse `protobuf:"bytes,1,opt,name=ssh_ca_public_key,json=sshCaPublicKey,proto3,oneof"`
}

type ServerKeysRequest

type ServerKeysRequest struct {
	AuthArtifacts []*ServerKeysRequest_AuthenticationArtifacts `protobuf:"bytes,1,rep,name=auth_artifacts,json=authArtifacts,proto3" json:"auth_artifacts,omitempty"`
	Version       string                                       `protobuf:"bytes,2,opt,name=version,proto3" json:"version,omitempty"`
	CreatedOn     uint64                                       `protobuf:"varint,3,opt,name=created_on,json=createdOn,proto3" json:"created_on,omitempty"`
	// contains filtered or unexported fields
}

func (*ServerKeysRequest) Descriptor deprecated

func (*ServerKeysRequest) Descriptor() ([]byte, []int)

Deprecated: Use ServerKeysRequest.ProtoReflect.Descriptor instead.

func (*ServerKeysRequest) GetAuthArtifacts

func (*ServerKeysRequest) GetCreatedOn

func (x *ServerKeysRequest) GetCreatedOn() uint64

func (*ServerKeysRequest) GetVersion

func (x *ServerKeysRequest) GetVersion() string

func (*ServerKeysRequest) ProtoMessage

func (*ServerKeysRequest) ProtoMessage()

func (*ServerKeysRequest) ProtoReflect

func (x *ServerKeysRequest) ProtoReflect() protoreflect.Message

func (*ServerKeysRequest) Reset

func (x *ServerKeysRequest) Reset()

func (*ServerKeysRequest) String

func (x *ServerKeysRequest) String() string

type ServerKeysRequest_AuthenticationArtifacts

type ServerKeysRequest_AuthenticationArtifacts struct {
	PrivateKey  []byte `protobuf:"bytes,1,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"`
	Certificate []byte `protobuf:"bytes,2,opt,name=certificate,proto3" json:"certificate,omitempty"`
	// contains filtered or unexported fields
}

func (*ServerKeysRequest_AuthenticationArtifacts) Descriptor deprecated

func (*ServerKeysRequest_AuthenticationArtifacts) Descriptor() ([]byte, []int)

Deprecated: Use ServerKeysRequest_AuthenticationArtifacts.ProtoReflect.Descriptor instead.

func (*ServerKeysRequest_AuthenticationArtifacts) GetCertificate

func (x *ServerKeysRequest_AuthenticationArtifacts) GetCertificate() []byte

func (*ServerKeysRequest_AuthenticationArtifacts) GetPrivateKey

func (x *ServerKeysRequest_AuthenticationArtifacts) GetPrivateKey() []byte

func (*ServerKeysRequest_AuthenticationArtifacts) ProtoMessage

func (*ServerKeysRequest_AuthenticationArtifacts) ProtoReflect

func (*ServerKeysRequest_AuthenticationArtifacts) Reset

func (*ServerKeysRequest_AuthenticationArtifacts) String

type ServerKeysResponse

type ServerKeysResponse struct {
	// contains filtered or unexported fields
}

func (*ServerKeysResponse) Descriptor deprecated

func (*ServerKeysResponse) Descriptor() ([]byte, []int)

Deprecated: Use ServerKeysResponse.ProtoReflect.Descriptor instead.

func (*ServerKeysResponse) ProtoMessage

func (*ServerKeysResponse) ProtoMessage()

func (*ServerKeysResponse) ProtoReflect

func (x *ServerKeysResponse) ProtoReflect() protoreflect.Message

func (*ServerKeysResponse) Reset

func (x *ServerKeysResponse) Reset()

func (*ServerKeysResponse) String

func (x *ServerKeysResponse) String() string

type UnimplementedCredentialzServer

type UnimplementedCredentialzServer struct {
}

UnimplementedCredentialzServer must be embedded to have forward compatible implementations.

func (UnimplementedCredentialzServer) CanGenerateKey

func (UnimplementedCredentialzServer) GetPublicKeys added in v1.2.1

func (UnimplementedCredentialzServer) RotateAccountCredentials

func (UnimplementedCredentialzServer) RotateHostParameters added in v1.2.2

type UnsafeCredentialzServer

type UnsafeCredentialzServer interface {
	// contains filtered or unexported methods
}

UnsafeCredentialzServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to CredentialzServer will result in compilation errors.

type UserPolicy

type UserPolicy struct {
	Account              string                              `protobuf:"bytes,1,opt,name=account,proto3" json:"account,omitempty"`
	AuthorizedPrincipals *UserPolicy_SshAuthorizedPrincipals `protobuf:"bytes,2,opt,name=authorized_principals,json=authorizedPrincipals,proto3" json:"authorized_principals,omitempty"`
	Version              string                              `protobuf:"bytes,4,opt,name=version,proto3" json:"version,omitempty"`
	CreatedOn            uint64                              `protobuf:"varint,5,opt,name=created_on,json=createdOn,proto3" json:"created_on,omitempty"`
	// contains filtered or unexported fields
}

func (*UserPolicy) Descriptor deprecated

func (*UserPolicy) Descriptor() ([]byte, []int)

Deprecated: Use UserPolicy.ProtoReflect.Descriptor instead.

func (*UserPolicy) GetAccount

func (x *UserPolicy) GetAccount() string

func (*UserPolicy) GetAuthorizedPrincipals added in v1.2.2

func (x *UserPolicy) GetAuthorizedPrincipals() *UserPolicy_SshAuthorizedPrincipals

func (*UserPolicy) GetCreatedOn

func (x *UserPolicy) GetCreatedOn() uint64

func (*UserPolicy) GetVersion

func (x *UserPolicy) GetVersion() string

func (*UserPolicy) ProtoMessage

func (*UserPolicy) ProtoMessage()

func (*UserPolicy) ProtoReflect

func (x *UserPolicy) ProtoReflect() protoreflect.Message

func (*UserPolicy) Reset

func (x *UserPolicy) Reset()

func (*UserPolicy) String

func (x *UserPolicy) String() string

type UserPolicy_SshAuthorizedPrincipal added in v1.2.2

type UserPolicy_SshAuthorizedPrincipal struct {
	AuthorizedUser string    `protobuf:"bytes,1,opt,name=authorized_user,json=authorizedUser,proto3" json:"authorized_user,omitempty"`
	Options        []*Option `protobuf:"bytes,2,rep,name=options,proto3" json:"options,omitempty"`
	// contains filtered or unexported fields
}

func (*UserPolicy_SshAuthorizedPrincipal) Descriptor deprecated added in v1.2.2

func (*UserPolicy_SshAuthorizedPrincipal) Descriptor() ([]byte, []int)

Deprecated: Use UserPolicy_SshAuthorizedPrincipal.ProtoReflect.Descriptor instead.

func (*UserPolicy_SshAuthorizedPrincipal) GetAuthorizedUser added in v1.2.2

func (x *UserPolicy_SshAuthorizedPrincipal) GetAuthorizedUser() string

func (*UserPolicy_SshAuthorizedPrincipal) GetOptions added in v1.2.2

func (x *UserPolicy_SshAuthorizedPrincipal) GetOptions() []*Option

func (*UserPolicy_SshAuthorizedPrincipal) ProtoMessage added in v1.2.2

func (*UserPolicy_SshAuthorizedPrincipal) ProtoMessage()

func (*UserPolicy_SshAuthorizedPrincipal) ProtoReflect added in v1.2.2

func (*UserPolicy_SshAuthorizedPrincipal) Reset added in v1.2.2

func (*UserPolicy_SshAuthorizedPrincipal) String added in v1.2.2

type UserPolicy_SshAuthorizedPrincipals added in v1.2.2

type UserPolicy_SshAuthorizedPrincipals struct {
	AuthorizedPrincipals []*UserPolicy_SshAuthorizedPrincipal `protobuf:"bytes,2,rep,name=authorized_principals,json=authorizedPrincipals,proto3" json:"authorized_principals,omitempty"`
	// contains filtered or unexported fields
}

func (*UserPolicy_SshAuthorizedPrincipals) Descriptor deprecated added in v1.2.2

func (*UserPolicy_SshAuthorizedPrincipals) Descriptor() ([]byte, []int)

Deprecated: Use UserPolicy_SshAuthorizedPrincipals.ProtoReflect.Descriptor instead.

func (*UserPolicy_SshAuthorizedPrincipals) GetAuthorizedPrincipals added in v1.2.2

func (*UserPolicy_SshAuthorizedPrincipals) ProtoMessage added in v1.2.2

func (*UserPolicy_SshAuthorizedPrincipals) ProtoMessage()

func (*UserPolicy_SshAuthorizedPrincipals) ProtoReflect added in v1.2.2

func (*UserPolicy_SshAuthorizedPrincipals) Reset added in v1.2.2

func (*UserPolicy_SshAuthorizedPrincipals) String added in v1.2.2

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL