svidv1

package
v1.11.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 21, 2024 License: Apache-2.0 Imports: 9 Imported by: 22

Documentation

Index

Constants

This section is empty.

Variables

View Source
var File_spire_api_server_svid_v1_svid_proto protoreflect.FileDescriptor

Functions

func RegisterSVIDServer

func RegisterSVIDServer(s grpc.ServiceRegistrar, srv SVIDServer)

Types

type BatchNewX509SVIDRequest

type BatchNewX509SVIDRequest struct {

	// Required. One or more X509-SVID parameters for X509-SVID entries to
	// be signed.
	Params []*NewX509SVIDParams `protobuf:"bytes,1,rep,name=params,proto3" json:"params,omitempty"`
	// contains filtered or unexported fields
}

func (*BatchNewX509SVIDRequest) Descriptor deprecated

func (*BatchNewX509SVIDRequest) Descriptor() ([]byte, []int)

Deprecated: Use BatchNewX509SVIDRequest.ProtoReflect.Descriptor instead.

func (*BatchNewX509SVIDRequest) GetParams

func (x *BatchNewX509SVIDRequest) GetParams() []*NewX509SVIDParams

func (*BatchNewX509SVIDRequest) ProtoMessage

func (*BatchNewX509SVIDRequest) ProtoMessage()

func (*BatchNewX509SVIDRequest) ProtoReflect

func (x *BatchNewX509SVIDRequest) ProtoReflect() protoreflect.Message

func (*BatchNewX509SVIDRequest) Reset

func (x *BatchNewX509SVIDRequest) Reset()

func (*BatchNewX509SVIDRequest) String

func (x *BatchNewX509SVIDRequest) String() string

type BatchNewX509SVIDResponse

type BatchNewX509SVIDResponse struct {

	// Result for each X509-SVID requested (order is maintained).
	Results []*BatchNewX509SVIDResponse_Result `protobuf:"bytes,1,rep,name=results,proto3" json:"results,omitempty"`
	// contains filtered or unexported fields
}

func (*BatchNewX509SVIDResponse) Descriptor deprecated

func (*BatchNewX509SVIDResponse) Descriptor() ([]byte, []int)

Deprecated: Use BatchNewX509SVIDResponse.ProtoReflect.Descriptor instead.

func (*BatchNewX509SVIDResponse) GetResults

func (*BatchNewX509SVIDResponse) ProtoMessage

func (*BatchNewX509SVIDResponse) ProtoMessage()

func (*BatchNewX509SVIDResponse) ProtoReflect

func (x *BatchNewX509SVIDResponse) ProtoReflect() protoreflect.Message

func (*BatchNewX509SVIDResponse) Reset

func (x *BatchNewX509SVIDResponse) Reset()

func (*BatchNewX509SVIDResponse) String

func (x *BatchNewX509SVIDResponse) String() string

type BatchNewX509SVIDResponse_Result

type BatchNewX509SVIDResponse_Result struct {

	// The status of creating the X509-SVID.
	Status *types.Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
	// The newly created X509-SVID. This will be set if the status is OK.
	Svid *types.X509SVID `protobuf:"bytes,2,opt,name=svid,proto3" json:"svid,omitempty"`
	// contains filtered or unexported fields
}

func (*BatchNewX509SVIDResponse_Result) Descriptor deprecated

func (*BatchNewX509SVIDResponse_Result) Descriptor() ([]byte, []int)

Deprecated: Use BatchNewX509SVIDResponse_Result.ProtoReflect.Descriptor instead.

func (*BatchNewX509SVIDResponse_Result) GetStatus

func (*BatchNewX509SVIDResponse_Result) GetSvid

func (*BatchNewX509SVIDResponse_Result) ProtoMessage

func (*BatchNewX509SVIDResponse_Result) ProtoMessage()

func (*BatchNewX509SVIDResponse_Result) ProtoReflect

func (*BatchNewX509SVIDResponse_Result) Reset

func (*BatchNewX509SVIDResponse_Result) String

type MintJWTSVIDRequest

type MintJWTSVIDRequest struct {

	// Required. SPIFFE ID of the JWT-SVID.
	Id *types.SPIFFEID `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// Required. List of audience claims to include in the JWT-SVID. At least one must
	// be set.
	Audience []string `protobuf:"bytes,2,rep,name=audience,proto3" json:"audience,omitempty"`
	// Desired TTL of the JWT-SVID, in seconds. The server default will be used
	// if unset. The TTL is advisory only. The actual lifetime of the JWT-SVID
	// may be lower depending on the remaining lifetime of the active SPIRE
	// Server CA.
	Ttl int32 `protobuf:"varint,3,opt,name=ttl,proto3" json:"ttl,omitempty"`
	// contains filtered or unexported fields
}

func (*MintJWTSVIDRequest) Descriptor deprecated

func (*MintJWTSVIDRequest) Descriptor() ([]byte, []int)

Deprecated: Use MintJWTSVIDRequest.ProtoReflect.Descriptor instead.

func (*MintJWTSVIDRequest) GetAudience

func (x *MintJWTSVIDRequest) GetAudience() []string

func (*MintJWTSVIDRequest) GetId

func (x *MintJWTSVIDRequest) GetId() *types.SPIFFEID

func (*MintJWTSVIDRequest) GetTtl

func (x *MintJWTSVIDRequest) GetTtl() int32

func (*MintJWTSVIDRequest) ProtoMessage

func (*MintJWTSVIDRequest) ProtoMessage()

func (*MintJWTSVIDRequest) ProtoReflect

func (x *MintJWTSVIDRequest) ProtoReflect() protoreflect.Message

func (*MintJWTSVIDRequest) Reset

func (x *MintJWTSVIDRequest) Reset()

func (*MintJWTSVIDRequest) String

func (x *MintJWTSVIDRequest) String() string

type MintJWTSVIDResponse

type MintJWTSVIDResponse struct {

	// The newly issued JWT-SVID.
	Svid *types.JWTSVID `protobuf:"bytes,1,opt,name=svid,proto3" json:"svid,omitempty"`
	// contains filtered or unexported fields
}

func (*MintJWTSVIDResponse) Descriptor deprecated

func (*MintJWTSVIDResponse) Descriptor() ([]byte, []int)

Deprecated: Use MintJWTSVIDResponse.ProtoReflect.Descriptor instead.

func (*MintJWTSVIDResponse) GetSvid

func (x *MintJWTSVIDResponse) GetSvid() *types.JWTSVID

func (*MintJWTSVIDResponse) ProtoMessage

func (*MintJWTSVIDResponse) ProtoMessage()

func (*MintJWTSVIDResponse) ProtoReflect

func (x *MintJWTSVIDResponse) ProtoReflect() protoreflect.Message

func (*MintJWTSVIDResponse) Reset

func (x *MintJWTSVIDResponse) Reset()

func (*MintJWTSVIDResponse) String

func (x *MintJWTSVIDResponse) String() string

type MintX509SVIDRequest

type MintX509SVIDRequest struct {

	// Required. ASN.1 DER encoded CSR. The CSR is used to convey the public
	// key and the SPIFFE ID (via the URI SAN). Only one URI SAN can be set.
	// Optionally, the subject and any number of DNS SANs can also be set.
	Csr []byte `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"`
	// The desired TTL of the X509-SVID, in seconds. The server default will be
	// used if unset. The TTL is advisory only. The actual lifetime of the
	// X509-SVID may be lower depending on the remaining lifetime of the active
	// SPIRE Server CA.
	Ttl int32 `protobuf:"varint,2,opt,name=ttl,proto3" json:"ttl,omitempty"`
	// contains filtered or unexported fields
}

func (*MintX509SVIDRequest) Descriptor deprecated

func (*MintX509SVIDRequest) Descriptor() ([]byte, []int)

Deprecated: Use MintX509SVIDRequest.ProtoReflect.Descriptor instead.

func (*MintX509SVIDRequest) GetCsr

func (x *MintX509SVIDRequest) GetCsr() []byte

func (*MintX509SVIDRequest) GetTtl

func (x *MintX509SVIDRequest) GetTtl() int32

func (*MintX509SVIDRequest) ProtoMessage

func (*MintX509SVIDRequest) ProtoMessage()

func (*MintX509SVIDRequest) ProtoReflect

func (x *MintX509SVIDRequest) ProtoReflect() protoreflect.Message

func (*MintX509SVIDRequest) Reset

func (x *MintX509SVIDRequest) Reset()

func (*MintX509SVIDRequest) String

func (x *MintX509SVIDRequest) String() string

type MintX509SVIDResponse

type MintX509SVIDResponse struct {

	// The newly issued X509-SVID.
	Svid *types.X509SVID `protobuf:"bytes,1,opt,name=svid,proto3" json:"svid,omitempty"`
	// contains filtered or unexported fields
}

func (*MintX509SVIDResponse) Descriptor deprecated

func (*MintX509SVIDResponse) Descriptor() ([]byte, []int)

Deprecated: Use MintX509SVIDResponse.ProtoReflect.Descriptor instead.

func (*MintX509SVIDResponse) GetSvid

func (x *MintX509SVIDResponse) GetSvid() *types.X509SVID

func (*MintX509SVIDResponse) ProtoMessage

func (*MintX509SVIDResponse) ProtoMessage()

func (*MintX509SVIDResponse) ProtoReflect

func (x *MintX509SVIDResponse) ProtoReflect() protoreflect.Message

func (*MintX509SVIDResponse) Reset

func (x *MintX509SVIDResponse) Reset()

func (*MintX509SVIDResponse) String

func (x *MintX509SVIDResponse) String() string

type NewDownstreamX509CARequest

type NewDownstreamX509CARequest struct {

	// Required. The ASN.1 DER encoded Certificate Signing Request (CSR). The
	// CSR is only used to convey the public key; other fields in the CSR are
	// ignored. The X509-SVID attributes are determined by the downstream entry.
	Csr []byte `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"`
	// Optional. The TTL preferred by the downstream SPIRE Server for the
	// signed intermediate CA. If zero, the upstream SPIRE Server will use its
	// own default.
	PreferredTtl int32 `protobuf:"varint,2,opt,name=preferred_ttl,json=preferredTtl,proto3" json:"preferred_ttl,omitempty"`
	// contains filtered or unexported fields
}

func (*NewDownstreamX509CARequest) Descriptor deprecated

func (*NewDownstreamX509CARequest) Descriptor() ([]byte, []int)

Deprecated: Use NewDownstreamX509CARequest.ProtoReflect.Descriptor instead.

func (*NewDownstreamX509CARequest) GetCsr

func (x *NewDownstreamX509CARequest) GetCsr() []byte

func (*NewDownstreamX509CARequest) GetPreferredTtl added in v1.10.1

func (x *NewDownstreamX509CARequest) GetPreferredTtl() int32

func (*NewDownstreamX509CARequest) ProtoMessage

func (*NewDownstreamX509CARequest) ProtoMessage()

func (*NewDownstreamX509CARequest) ProtoReflect

func (*NewDownstreamX509CARequest) Reset

func (x *NewDownstreamX509CARequest) Reset()

func (*NewDownstreamX509CARequest) String

func (x *NewDownstreamX509CARequest) String() string

type NewDownstreamX509CAResponse

type NewDownstreamX509CAResponse struct {

	// CA certificate and any intermediates required to form a chain of trust
	// back to the X.509 authorities (DER encoded). The CA certificate is the
	// first.
	CaCertChain [][]byte `protobuf:"bytes,1,rep,name=ca_cert_chain,json=caCertChain,proto3" json:"ca_cert_chain,omitempty"`
	// X.509 authorities (DER encoded).
	X509Authorities [][]byte `protobuf:"bytes,2,rep,name=x509_authorities,json=x509Authorities,proto3" json:"x509_authorities,omitempty"`
	// contains filtered or unexported fields
}

func (*NewDownstreamX509CAResponse) Descriptor deprecated

func (*NewDownstreamX509CAResponse) Descriptor() ([]byte, []int)

Deprecated: Use NewDownstreamX509CAResponse.ProtoReflect.Descriptor instead.

func (*NewDownstreamX509CAResponse) GetCaCertChain

func (x *NewDownstreamX509CAResponse) GetCaCertChain() [][]byte

func (*NewDownstreamX509CAResponse) GetX509Authorities

func (x *NewDownstreamX509CAResponse) GetX509Authorities() [][]byte

func (*NewDownstreamX509CAResponse) ProtoMessage

func (*NewDownstreamX509CAResponse) ProtoMessage()

func (*NewDownstreamX509CAResponse) ProtoReflect

func (*NewDownstreamX509CAResponse) Reset

func (x *NewDownstreamX509CAResponse) Reset()

func (*NewDownstreamX509CAResponse) String

func (x *NewDownstreamX509CAResponse) String() string

type NewJWTSVIDRequest

type NewJWTSVIDRequest struct {

	// Required. The entry ID of the identity being requested.
	EntryId string `protobuf:"bytes,1,opt,name=entry_id,json=entryId,proto3" json:"entry_id,omitempty"`
	// Required. List of audience claims to include in the JWT-SVID. At least
	// one must be set.
	Audience []string `protobuf:"bytes,2,rep,name=audience,proto3" json:"audience,omitempty"`
	// contains filtered or unexported fields
}

func (*NewJWTSVIDRequest) Descriptor deprecated

func (*NewJWTSVIDRequest) Descriptor() ([]byte, []int)

Deprecated: Use NewJWTSVIDRequest.ProtoReflect.Descriptor instead.

func (*NewJWTSVIDRequest) GetAudience

func (x *NewJWTSVIDRequest) GetAudience() []string

func (*NewJWTSVIDRequest) GetEntryId

func (x *NewJWTSVIDRequest) GetEntryId() string

func (*NewJWTSVIDRequest) ProtoMessage

func (*NewJWTSVIDRequest) ProtoMessage()

func (*NewJWTSVIDRequest) ProtoReflect

func (x *NewJWTSVIDRequest) ProtoReflect() protoreflect.Message

func (*NewJWTSVIDRequest) Reset

func (x *NewJWTSVIDRequest) Reset()

func (*NewJWTSVIDRequest) String

func (x *NewJWTSVIDRequest) String() string

type NewJWTSVIDResponse

type NewJWTSVIDResponse struct {

	// The newly issued JWT-SVID
	Svid *types.JWTSVID `protobuf:"bytes,1,opt,name=svid,proto3" json:"svid,omitempty"`
	// contains filtered or unexported fields
}

func (*NewJWTSVIDResponse) Descriptor deprecated

func (*NewJWTSVIDResponse) Descriptor() ([]byte, []int)

Deprecated: Use NewJWTSVIDResponse.ProtoReflect.Descriptor instead.

func (*NewJWTSVIDResponse) GetSvid

func (x *NewJWTSVIDResponse) GetSvid() *types.JWTSVID

func (*NewJWTSVIDResponse) ProtoMessage

func (*NewJWTSVIDResponse) ProtoMessage()

func (*NewJWTSVIDResponse) ProtoReflect

func (x *NewJWTSVIDResponse) ProtoReflect() protoreflect.Message

func (*NewJWTSVIDResponse) Reset

func (x *NewJWTSVIDResponse) Reset()

func (*NewJWTSVIDResponse) String

func (x *NewJWTSVIDResponse) String() string

type NewX509SVIDParams

type NewX509SVIDParams struct {

	// Required. The entry ID for the identity being requested.
	EntryId string `protobuf:"bytes,1,opt,name=entry_id,json=entryId,proto3" json:"entry_id,omitempty"`
	// Required. The ASN.1 DER encoded Certificate Signing Request (CSR). The
	// CSR is only used to convey the public key; other fields in the CSR are
	// ignored. The X509-SVID attributes are determined by the entry.
	Csr []byte `protobuf:"bytes,2,opt,name=csr,proto3" json:"csr,omitempty"`
	// contains filtered or unexported fields
}

func (*NewX509SVIDParams) Descriptor deprecated

func (*NewX509SVIDParams) Descriptor() ([]byte, []int)

Deprecated: Use NewX509SVIDParams.ProtoReflect.Descriptor instead.

func (*NewX509SVIDParams) GetCsr

func (x *NewX509SVIDParams) GetCsr() []byte

func (*NewX509SVIDParams) GetEntryId

func (x *NewX509SVIDParams) GetEntryId() string

func (*NewX509SVIDParams) ProtoMessage

func (*NewX509SVIDParams) ProtoMessage()

func (*NewX509SVIDParams) ProtoReflect

func (x *NewX509SVIDParams) ProtoReflect() protoreflect.Message

func (*NewX509SVIDParams) Reset

func (x *NewX509SVIDParams) Reset()

func (*NewX509SVIDParams) String

func (x *NewX509SVIDParams) String() string

type SVIDClient

type SVIDClient interface {
	// Mints a one-off X509-SVID outside of the normal node/workload
	// registration process.
	//
	// The caller must be local or present an admin X509-SVID.
	MintX509SVID(ctx context.Context, in *MintX509SVIDRequest, opts ...grpc.CallOption) (*MintX509SVIDResponse, error)
	// Mints a one-off JWT-SVID outside of the normal node/workload
	// registration process.
	//
	// The caller must be local or present an admin X509-SVID.
	MintJWTSVID(ctx context.Context, in *MintJWTSVIDRequest, opts ...grpc.CallOption) (*MintJWTSVIDResponse, error)
	// Creates one or more X509-SVIDs from registration entries.
	//
	// The caller must present an active agent X509-SVID that is authorized
	// to mint the requested entries. See the Entry GetAuthorizedEntries RPC.
	BatchNewX509SVID(ctx context.Context, in *BatchNewX509SVIDRequest, opts ...grpc.CallOption) (*BatchNewX509SVIDResponse, error)
	// Creates an JWT-SVID from a registration entry.
	//
	// The caller must present an active agent X509-SVID that is authorized
	// to mint the requested entry. See the Entry GetAuthorizedEntries RPC.
	NewJWTSVID(ctx context.Context, in *NewJWTSVIDRequest, opts ...grpc.CallOption) (*NewJWTSVIDResponse, error)
	// Creates an X509 CA certificate appropriate for use by a downstream
	// entity to mint X509-SVIDs.
	//
	// The caller must present a downstream X509-SVID.
	NewDownstreamX509CA(ctx context.Context, in *NewDownstreamX509CARequest, opts ...grpc.CallOption) (*NewDownstreamX509CAResponse, error)
}

SVIDClient is the client API for SVID service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewSVIDClient

func NewSVIDClient(cc grpc.ClientConnInterface) SVIDClient

type SVIDServer

type SVIDServer interface {
	// Mints a one-off X509-SVID outside of the normal node/workload
	// registration process.
	//
	// The caller must be local or present an admin X509-SVID.
	MintX509SVID(context.Context, *MintX509SVIDRequest) (*MintX509SVIDResponse, error)
	// Mints a one-off JWT-SVID outside of the normal node/workload
	// registration process.
	//
	// The caller must be local or present an admin X509-SVID.
	MintJWTSVID(context.Context, *MintJWTSVIDRequest) (*MintJWTSVIDResponse, error)
	// Creates one or more X509-SVIDs from registration entries.
	//
	// The caller must present an active agent X509-SVID that is authorized
	// to mint the requested entries. See the Entry GetAuthorizedEntries RPC.
	BatchNewX509SVID(context.Context, *BatchNewX509SVIDRequest) (*BatchNewX509SVIDResponse, error)
	// Creates an JWT-SVID from a registration entry.
	//
	// The caller must present an active agent X509-SVID that is authorized
	// to mint the requested entry. See the Entry GetAuthorizedEntries RPC.
	NewJWTSVID(context.Context, *NewJWTSVIDRequest) (*NewJWTSVIDResponse, error)
	// Creates an X509 CA certificate appropriate for use by a downstream
	// entity to mint X509-SVIDs.
	//
	// The caller must present a downstream X509-SVID.
	NewDownstreamX509CA(context.Context, *NewDownstreamX509CARequest) (*NewDownstreamX509CAResponse, error)
	// contains filtered or unexported methods
}

SVIDServer is the server API for SVID service. All implementations must embed UnimplementedSVIDServer for forward compatibility

type UnimplementedSVIDServer

type UnimplementedSVIDServer struct {
}

UnimplementedSVIDServer must be embedded to have forward compatible implementations.

func (UnimplementedSVIDServer) MintJWTSVID

func (UnimplementedSVIDServer) MintX509SVID

func (UnimplementedSVIDServer) NewJWTSVID

type UnsafeSVIDServer

type UnsafeSVIDServer interface {
	// contains filtered or unexported methods
}

UnsafeSVIDServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to SVIDServer will result in compilation errors.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL