types

package
v1.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 28, 2021 License: Apache-2.0 Imports: 4 Imported by: 97

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	FederatesWithMatch_MatchBehavior_name = map[int32]string{
		0: "MATCH_EXACT",
		1: "MATCH_SUBSET",
		2: "MATCH_SUPERSET",
		3: "MATCH_ANY",
	}
	FederatesWithMatch_MatchBehavior_value = map[string]int32{
		"MATCH_EXACT":    0,
		"MATCH_SUBSET":   1,
		"MATCH_SUPERSET": 2,
		"MATCH_ANY":      3,
	}
)

Enum value maps for FederatesWithMatch_MatchBehavior.

View Source
var (
	SelectorMatch_MatchBehavior_name = map[int32]string{
		0: "MATCH_EXACT",
		1: "MATCH_SUBSET",
		2: "MATCH_SUPERSET",
		3: "MATCH_ANY",
	}
	SelectorMatch_MatchBehavior_value = map[string]int32{
		"MATCH_EXACT":    0,
		"MATCH_SUBSET":   1,
		"MATCH_SUPERSET": 2,
		"MATCH_ANY":      3,
	}
)

Enum value maps for SelectorMatch_MatchBehavior.

View Source
var (
	PermissionDeniedDetails_Reason_name = map[int32]string{
		0: "UNKNOWN",
		1: "AGENT_EXPIRED",
		2: "AGENT_NOT_ATTESTED",
		3: "AGENT_NOT_ACTIVE",
		4: "AGENT_BANNED",
	}
	PermissionDeniedDetails_Reason_value = map[string]int32{
		"UNKNOWN":            0,
		"AGENT_EXPIRED":      1,
		"AGENT_NOT_ATTESTED": 2,
		"AGENT_NOT_ACTIVE":   3,
		"AGENT_BANNED":       4,
	}
)

Enum value maps for PermissionDeniedDetails_Reason.

View Source
var File_spire_api_types_agent_proto protoreflect.FileDescriptor
View Source
var File_spire_api_types_attestation_proto protoreflect.FileDescriptor
View Source
var File_spire_api_types_bundle_proto protoreflect.FileDescriptor
View Source
var File_spire_api_types_entry_proto protoreflect.FileDescriptor
View Source
var File_spire_api_types_federateswith_proto protoreflect.FileDescriptor
View Source
var File_spire_api_types_federationrelationship_proto protoreflect.FileDescriptor
View Source
var File_spire_api_types_jointoken_proto protoreflect.FileDescriptor
View Source
var File_spire_api_types_jwtsvid_proto protoreflect.FileDescriptor
View Source
var File_spire_api_types_selector_proto protoreflect.FileDescriptor
View Source
var File_spire_api_types_spiffeid_proto protoreflect.FileDescriptor
View Source
var File_spire_api_types_status_proto protoreflect.FileDescriptor
View Source
var File_spire_api_types_x509svid_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Agent

type Agent struct {

	// Output only. SPIFFE ID of the agent.
	Id *SPIFFEID `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// Output only. The method by which the agent attested.
	AttestationType string `protobuf:"bytes,2,opt,name=attestation_type,json=attestationType,proto3" json:"attestation_type,omitempty"`
	// Output only. The X509-SVID serial number.
	X509SvidSerialNumber string `protobuf:"bytes,3,opt,name=x509svid_serial_number,json=x509svidSerialNumber,proto3" json:"x509svid_serial_number,omitempty"`
	// Output only. The X509-SVID expiration (seconds since Unix epoch).
	X509SvidExpiresAt int64 `protobuf:"varint,4,opt,name=x509svid_expires_at,json=x509svidExpiresAt,proto3" json:"x509svid_expires_at,omitempty"`
	// Output only. The selectors attributed to the agent during attestation.
	Selectors []*Selector `protobuf:"bytes,5,rep,name=selectors,proto3" json:"selectors,omitempty"`
	// Output only. Whether or not the agent is banned.
	Banned bool `protobuf:"varint,6,opt,name=banned,proto3" json:"banned,omitempty"`
	// contains filtered or unexported fields
}

func (*Agent) Descriptor deprecated

func (*Agent) Descriptor() ([]byte, []int)

Deprecated: Use Agent.ProtoReflect.Descriptor instead.

func (*Agent) GetAttestationType

func (x *Agent) GetAttestationType() string

func (*Agent) GetBanned

func (x *Agent) GetBanned() bool

func (*Agent) GetId

func (x *Agent) GetId() *SPIFFEID

func (*Agent) GetSelectors

func (x *Agent) GetSelectors() []*Selector

func (*Agent) GetX509SvidExpiresAt

func (x *Agent) GetX509SvidExpiresAt() int64

func (*Agent) GetX509SvidSerialNumber

func (x *Agent) GetX509SvidSerialNumber() string

func (*Agent) ProtoMessage

func (*Agent) ProtoMessage()

func (*Agent) ProtoReflect

func (x *Agent) ProtoReflect() protoreflect.Message

func (*Agent) Reset

func (x *Agent) Reset()

func (*Agent) String

func (x *Agent) String() string

type AgentMask

type AgentMask struct {

	// attestation_type field mask
	AttestationType bool `protobuf:"varint,2,opt,name=attestation_type,json=attestationType,proto3" json:"attestation_type,omitempty"`
	// x509svid_serial_number field mask
	X509SvidSerialNumber bool `protobuf:"varint,3,opt,name=x509svid_serial_number,json=x509svidSerialNumber,proto3" json:"x509svid_serial_number,omitempty"`
	// x509svid_expires_at field mask
	X509SvidExpiresAt bool `protobuf:"varint,4,opt,name=x509svid_expires_at,json=x509svidExpiresAt,proto3" json:"x509svid_expires_at,omitempty"`
	// selectors field mask
	Selectors bool `protobuf:"varint,5,opt,name=selectors,proto3" json:"selectors,omitempty"`
	// banned field mask
	Banned bool `protobuf:"varint,6,opt,name=banned,proto3" json:"banned,omitempty"`
	// contains filtered or unexported fields
}

func (*AgentMask) Descriptor deprecated

func (*AgentMask) Descriptor() ([]byte, []int)

Deprecated: Use AgentMask.ProtoReflect.Descriptor instead.

func (*AgentMask) GetAttestationType

func (x *AgentMask) GetAttestationType() bool

func (*AgentMask) GetBanned

func (x *AgentMask) GetBanned() bool

func (*AgentMask) GetSelectors

func (x *AgentMask) GetSelectors() bool

func (*AgentMask) GetX509SvidExpiresAt

func (x *AgentMask) GetX509SvidExpiresAt() bool

func (*AgentMask) GetX509SvidSerialNumber

func (x *AgentMask) GetX509SvidSerialNumber() bool

func (*AgentMask) ProtoMessage

func (*AgentMask) ProtoMessage()

func (*AgentMask) ProtoReflect

func (x *AgentMask) ProtoReflect() protoreflect.Message

func (*AgentMask) Reset

func (x *AgentMask) Reset()

func (*AgentMask) String

func (x *AgentMask) String() string

type AttestationData

type AttestationData struct {

	// The type of attestation data. This is typically the name of the plugin
	// that produced that data.
	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
	// The attestation data payload.
	Payload []byte `protobuf:"bytes,2,opt,name=payload,proto3" json:"payload,omitempty"`
	// contains filtered or unexported fields
}

func (*AttestationData) Descriptor deprecated

func (*AttestationData) Descriptor() ([]byte, []int)

Deprecated: Use AttestationData.ProtoReflect.Descriptor instead.

func (*AttestationData) GetPayload

func (x *AttestationData) GetPayload() []byte

func (*AttestationData) GetType

func (x *AttestationData) GetType() string

func (*AttestationData) ProtoMessage

func (*AttestationData) ProtoMessage()

func (*AttestationData) ProtoReflect

func (x *AttestationData) ProtoReflect() protoreflect.Message

func (*AttestationData) Reset

func (x *AttestationData) Reset()

func (*AttestationData) String

func (x *AttestationData) String() string

type Bundle

type Bundle struct {

	// The name of the trust domain the bundle belongs to (e.g., "example.org").
	TrustDomain string `protobuf:"bytes,1,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"`
	// X.509 authorities for authenticating X509-SVIDs.
	X509Authorities []*X509Certificate `protobuf:"bytes,2,rep,name=x509_authorities,json=x509Authorities,proto3" json:"x509_authorities,omitempty"`
	// JWT authorities for authenticating JWT-SVIDs.
	JwtAuthorities []*JWTKey `protobuf:"bytes,3,rep,name=jwt_authorities,json=jwtAuthorities,proto3" json:"jwt_authorities,omitempty"`
	// A hint on how often the bundle should be refreshed from the bundle
	// provider, in seconds. Can be zero (meaning no hint available).
	RefreshHint int64 `protobuf:"varint,4,opt,name=refresh_hint,json=refreshHint,proto3" json:"refresh_hint,omitempty"`
	// The sequence number of the bundle.
	SequenceNumber uint64 `protobuf:"varint,5,opt,name=sequence_number,json=sequenceNumber,proto3" json:"sequence_number,omitempty"`
	// contains filtered or unexported fields
}

func (*Bundle) Descriptor deprecated

func (*Bundle) Descriptor() ([]byte, []int)

Deprecated: Use Bundle.ProtoReflect.Descriptor instead.

func (*Bundle) GetJwtAuthorities

func (x *Bundle) GetJwtAuthorities() []*JWTKey

func (*Bundle) GetRefreshHint

func (x *Bundle) GetRefreshHint() int64

func (*Bundle) GetSequenceNumber

func (x *Bundle) GetSequenceNumber() uint64

func (*Bundle) GetTrustDomain

func (x *Bundle) GetTrustDomain() string

func (*Bundle) GetX509Authorities

func (x *Bundle) GetX509Authorities() []*X509Certificate

func (*Bundle) ProtoMessage

func (*Bundle) ProtoMessage()

func (*Bundle) ProtoReflect

func (x *Bundle) ProtoReflect() protoreflect.Message

func (*Bundle) Reset

func (x *Bundle) Reset()

func (*Bundle) String

func (x *Bundle) String() string

type BundleMask

type BundleMask struct {

	// x509_authorities field mask.
	X509Authorities bool `protobuf:"varint,2,opt,name=x509_authorities,json=x509Authorities,proto3" json:"x509_authorities,omitempty"`
	// jwt_authorities field mask.
	JwtAuthorities bool `protobuf:"varint,3,opt,name=jwt_authorities,json=jwtAuthorities,proto3" json:"jwt_authorities,omitempty"`
	// refresh_hint field mask.
	RefreshHint bool `protobuf:"varint,4,opt,name=refresh_hint,json=refreshHint,proto3" json:"refresh_hint,omitempty"`
	// sequence_number field mask.
	SequenceNumber bool `protobuf:"varint,5,opt,name=sequence_number,json=sequenceNumber,proto3" json:"sequence_number,omitempty"`
	// contains filtered or unexported fields
}

func (*BundleMask) Descriptor deprecated

func (*BundleMask) Descriptor() ([]byte, []int)

Deprecated: Use BundleMask.ProtoReflect.Descriptor instead.

func (*BundleMask) GetJwtAuthorities

func (x *BundleMask) GetJwtAuthorities() bool

func (*BundleMask) GetRefreshHint

func (x *BundleMask) GetRefreshHint() bool

func (*BundleMask) GetSequenceNumber

func (x *BundleMask) GetSequenceNumber() bool

func (*BundleMask) GetX509Authorities

func (x *BundleMask) GetX509Authorities() bool

func (*BundleMask) ProtoMessage

func (*BundleMask) ProtoMessage()

func (*BundleMask) ProtoReflect

func (x *BundleMask) ProtoReflect() protoreflect.Message

func (*BundleMask) Reset

func (x *BundleMask) Reset()

func (*BundleMask) String

func (x *BundleMask) String() string

type Entry

type Entry struct {

	// Globally unique ID for the entry.
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// The SPIFFE ID of the identity described by this entry.
	SpiffeId *SPIFFEID `protobuf:"bytes,2,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"`
	// Who the entry is delegated to. If the entry describes a node, this is
	// set to the SPIFFE ID of the SPIRE server of the trust domain (e.g.
	// spiffe://example.org/spire/server). Otherwise, it will be set to a node
	// SPIFFE ID.
	ParentId *SPIFFEID `protobuf:"bytes,3,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"`
	// The selectors which identify which entities match this entry. If this is
	// an entry for a node, these selectors represent selectors produced by
	// node attestation. Otherwise, these selectors represent those produced by
	// workload attestation.
	Selectors []*Selector `protobuf:"bytes,4,rep,name=selectors,proto3" json:"selectors,omitempty"`
	// The time to live for identities issued for this entry (in seconds).
	Ttl int32 `protobuf:"varint,5,opt,name=ttl,proto3" json:"ttl,omitempty"`
	// The names of trust domains the identity described by this entry
	// federates with.
	FederatesWith []string `protobuf:"bytes,6,rep,name=federates_with,json=federatesWith,proto3" json:"federates_with,omitempty"`
	// Whether or not the identity described by this entry is an administrative
	// workload. Administrative workloads are granted additional access to
	// various managerial server APIs, such as entry registration.
	Admin bool `protobuf:"varint,7,opt,name=admin,proto3" json:"admin,omitempty"`
	// Whether or not the identity described by this entry represents a
	// downstream SPIRE server. Downstream SPIRE servers have additional access
	// to various signing APIs, such as those used to sign X.509 CA
	// certificates and publish JWT signing keys.
	Downstream bool `protobuf:"varint,8,opt,name=downstream,proto3" json:"downstream,omitempty"`
	// When the entry expires (seconds since Unix epoch).
	ExpiresAt int64 `protobuf:"varint,9,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	// A list of DNS names associated with the identity described by this entry.
	DnsNames []string `protobuf:"bytes,10,rep,name=dns_names,json=dnsNames,proto3" json:"dns_names,omitempty"`
	// Revision number is bumped every time the entry is updated
	RevisionNumber int64 `protobuf:"varint,11,opt,name=revision_number,json=revisionNumber,proto3" json:"revision_number,omitempty"`
	// Determines if the issued identity is exportable to a store
	StoreSvid bool `protobuf:"varint,12,opt,name=store_svid,json=storeSvid,proto3" json:"store_svid,omitempty"`
	// contains filtered or unexported fields
}

func (*Entry) Descriptor deprecated

func (*Entry) Descriptor() ([]byte, []int)

Deprecated: Use Entry.ProtoReflect.Descriptor instead.

func (*Entry) GetAdmin

func (x *Entry) GetAdmin() bool

func (*Entry) GetDnsNames

func (x *Entry) GetDnsNames() []string

func (*Entry) GetDownstream

func (x *Entry) GetDownstream() bool

func (*Entry) GetExpiresAt

func (x *Entry) GetExpiresAt() int64

func (*Entry) GetFederatesWith

func (x *Entry) GetFederatesWith() []string

func (*Entry) GetId

func (x *Entry) GetId() string

func (*Entry) GetParentId

func (x *Entry) GetParentId() *SPIFFEID

func (*Entry) GetRevisionNumber

func (x *Entry) GetRevisionNumber() int64

func (*Entry) GetSelectors

func (x *Entry) GetSelectors() []*Selector

func (*Entry) GetSpiffeId

func (x *Entry) GetSpiffeId() *SPIFFEID

func (*Entry) GetStoreSvid added in v1.1.0

func (x *Entry) GetStoreSvid() bool

func (*Entry) GetTtl

func (x *Entry) GetTtl() int32

func (*Entry) ProtoMessage

func (*Entry) ProtoMessage()

func (*Entry) ProtoReflect

func (x *Entry) ProtoReflect() protoreflect.Message

func (*Entry) Reset

func (x *Entry) Reset()

func (*Entry) String

func (x *Entry) String() string

type EntryMask

type EntryMask struct {

	// spiffe_id field mask
	SpiffeId bool `protobuf:"varint,2,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"`
	// parent_id field mask
	ParentId bool `protobuf:"varint,3,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"`
	// selectors field mask
	Selectors bool `protobuf:"varint,4,opt,name=selectors,proto3" json:"selectors,omitempty"`
	// ttl field mask
	Ttl bool `protobuf:"varint,5,opt,name=ttl,proto3" json:"ttl,omitempty"`
	// federates_with field mask
	FederatesWith bool `protobuf:"varint,6,opt,name=federates_with,json=federatesWith,proto3" json:"federates_with,omitempty"`
	// admin field mask
	Admin bool `protobuf:"varint,7,opt,name=admin,proto3" json:"admin,omitempty"`
	// downstream field mask
	Downstream bool `protobuf:"varint,8,opt,name=downstream,proto3" json:"downstream,omitempty"`
	// expires_at field mask
	ExpiresAt bool `protobuf:"varint,9,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	// dns_names field mask
	DnsNames bool `protobuf:"varint,10,opt,name=dns_names,json=dnsNames,proto3" json:"dns_names,omitempty"`
	// revision_number field mask
	RevisionNumber bool `protobuf:"varint,11,opt,name=revision_number,json=revisionNumber,proto3" json:"revision_number,omitempty"`
	// store_svid field mask
	StoreSvid bool `protobuf:"varint,12,opt,name=store_svid,json=storeSvid,proto3" json:"store_svid,omitempty"`
	// contains filtered or unexported fields
}

Field mask for Entry fields

func (*EntryMask) Descriptor deprecated

func (*EntryMask) Descriptor() ([]byte, []int)

Deprecated: Use EntryMask.ProtoReflect.Descriptor instead.

func (*EntryMask) GetAdmin

func (x *EntryMask) GetAdmin() bool

func (*EntryMask) GetDnsNames

func (x *EntryMask) GetDnsNames() bool

func (*EntryMask) GetDownstream

func (x *EntryMask) GetDownstream() bool

func (*EntryMask) GetExpiresAt

func (x *EntryMask) GetExpiresAt() bool

func (*EntryMask) GetFederatesWith

func (x *EntryMask) GetFederatesWith() bool

func (*EntryMask) GetParentId

func (x *EntryMask) GetParentId() bool

func (*EntryMask) GetRevisionNumber

func (x *EntryMask) GetRevisionNumber() bool

func (*EntryMask) GetSelectors

func (x *EntryMask) GetSelectors() bool

func (*EntryMask) GetSpiffeId

func (x *EntryMask) GetSpiffeId() bool

func (*EntryMask) GetStoreSvid added in v1.1.0

func (x *EntryMask) GetStoreSvid() bool

func (*EntryMask) GetTtl

func (x *EntryMask) GetTtl() bool

func (*EntryMask) ProtoMessage

func (*EntryMask) ProtoMessage()

func (*EntryMask) ProtoReflect

func (x *EntryMask) ProtoReflect() protoreflect.Message

func (*EntryMask) Reset

func (x *EntryMask) Reset()

func (*EntryMask) String

func (x *EntryMask) String() string

type FederatesWithMatch

type FederatesWithMatch struct {

	// The set of trust domain names to match on (e.g., "example.org").
	TrustDomains []string `protobuf:"bytes,1,rep,name=trust_domains,json=trustDomains,proto3" json:"trust_domains,omitempty"`
	// How to match the trust domains.
	Match FederatesWithMatch_MatchBehavior `protobuf:"varint,2,opt,name=match,proto3,enum=spire.api.types.FederatesWithMatch_MatchBehavior" json:"match,omitempty"`
	// contains filtered or unexported fields
}

func (*FederatesWithMatch) Descriptor deprecated

func (*FederatesWithMatch) Descriptor() ([]byte, []int)

Deprecated: Use FederatesWithMatch.ProtoReflect.Descriptor instead.

func (*FederatesWithMatch) GetMatch

func (*FederatesWithMatch) GetTrustDomains

func (x *FederatesWithMatch) GetTrustDomains() []string

func (*FederatesWithMatch) ProtoMessage

func (*FederatesWithMatch) ProtoMessage()

func (*FederatesWithMatch) ProtoReflect

func (x *FederatesWithMatch) ProtoReflect() protoreflect.Message

func (*FederatesWithMatch) Reset

func (x *FederatesWithMatch) Reset()

func (*FederatesWithMatch) String

func (x *FederatesWithMatch) String() string

type FederatesWithMatch_MatchBehavior

type FederatesWithMatch_MatchBehavior int32
const (
	// Indicates that the federated trust domains in this match are
	// equal to the candidate trust domains, independent of ordering.
	// Example:
	//   Given:
	//     - e1 { FederatesWith: ["spiffe://td1", "spiffe://td2", "spiffe://td3"]}
	//     - e2 { FederatesWith: ["spiffe://td1", "spiffe://td2"]}
	//     - e3 { FederatesWith: ["spiffe://td1"]}
	//   Operation:
	//     - MATCH_EXACT ["spiffe://td1", "spiffe://td2"]
	//   Entries that match:
	//     - 'e2'
	FederatesWithMatch_MATCH_EXACT FederatesWithMatch_MatchBehavior = 0
	// Indicates that all candidates which have a non-empty subset
	// of the provided set of trust domains will match.
	// Example:
	//   Given:
	//     - e1 { FederatesWith: ["spiffe://td1", "spiffe://td2", "spiffe://td3"]}
	//     - e2 { FederatesWith: ["spiffe://td1", "spiffe://td2"]}
	//     - e3 { FederatesWith: ["spiffe://td1"]}
	//   Operation:
	//     - MATCH_SUBSET ["spiffe://td1"]
	//   Entries that match:
	//     - 'e1'
	FederatesWithMatch_MATCH_SUBSET FederatesWithMatch_MatchBehavior = 1
	// Indicate that all candidates which are a superset
	// of the provided set of trust domains will match.
	// Example:
	//   Given:
	//     - e1 { FederatesWith: ["spiffe://td1", "spiffe://td2", "spiffe://td3"]}
	//     - e2 { FederatesWith: ["spiffe://td1", "spiffe://td2"]}
	//     - e3 { FederatesWith: ["spiffe://td1"]}
	//   Operation:
	//     - MATCH_SUPERSET ["spiffe://td1", "spiffe://td2"]
	//   Entries that match:
	//     - 'e1'
	//     - 'e2'
	FederatesWithMatch_MATCH_SUPERSET FederatesWithMatch_MatchBehavior = 2
	// Indicates that all candidates which have at least one
	// of the provided set of trust domains will match.
	// Example:
	//   Given:
	//     - e1 { FederatesWith: ["spiffe://td1", "spiffe://td2", "spiffe://td3"]}
	//     - e2 { FederatesWith: ["spiffe://td1", "spiffe://td2"]}
	//     - e3 { FederatesWith: ["spiffe://td1"]}
	//   Operation:
	//     - MATCH_ANY ["spiffe://td1"]
	//   Entries that match:
	//     - 'e1'
	//     - 'e2'
	//     - 'e3'
	FederatesWithMatch_MATCH_ANY FederatesWithMatch_MatchBehavior = 3
)

func (FederatesWithMatch_MatchBehavior) Descriptor

func (FederatesWithMatch_MatchBehavior) Enum

func (FederatesWithMatch_MatchBehavior) EnumDescriptor deprecated

func (FederatesWithMatch_MatchBehavior) EnumDescriptor() ([]byte, []int)

Deprecated: Use FederatesWithMatch_MatchBehavior.Descriptor instead.

func (FederatesWithMatch_MatchBehavior) Number

func (FederatesWithMatch_MatchBehavior) String

func (FederatesWithMatch_MatchBehavior) Type

type FederationRelationship added in v1.1.0

type FederationRelationship struct {

	// Required. The trust domain name (e.g., "example.org") to federate with.
	TrustDomain string `protobuf:"bytes,1,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"`
	// Required. URL of the SPIFFE bundle endpoint that provides the trust
	// bundle to federate with. Must use the HTTPS protocol.
	BundleEndpointUrl string `protobuf:"bytes,2,opt,name=bundle_endpoint_url,json=bundleEndpointUrl,proto3" json:"bundle_endpoint_url,omitempty"`
	// Required. The endpoint profile type.
	//
	// Types that are assignable to BundleEndpointProfile:
	//	*FederationRelationship_HttpsWeb
	//	*FederationRelationship_HttpsSpiffe
	BundleEndpointProfile isFederationRelationship_BundleEndpointProfile `protobuf_oneof:"bundle_endpoint_profile"`
	// Optional. The bundle for the trust domain. This field can be used to
	// create or replace the referenced trust domains' bundle when the
	// relationship is created or updated.  When the relationship is retrieved,
	// it will be set to the referenced trust domain's latest bundle (if
	// available). Please note that the `https_spiffe` profile requires an
	// existing trust domain bundle in order to function correctly. The
	// required bundle must match the trust domain specified in the bundle
	// endpoint SPIFFE ID. If the bundle endpoint SPIFFE ID resides in the same
	// trust domain that you're trying to federate with, you may optionally
	// specify that trust domain bundle here. If the bundle endpoint SPIFFE ID
	// _does not_ reside in the same trust domain that you're federating with,
	// please ensure that the trust domain bundle for that trust domain has
	// been configured separately (e.g. configured via another federation
	// relationship or manually set via the Bundle API).
	TrustDomainBundle *Bundle `protobuf:"bytes,5,opt,name=trust_domain_bundle,json=trustDomainBundle,proto3" json:"trust_domain_bundle,omitempty"`
	// contains filtered or unexported fields
}

func (*FederationRelationship) Descriptor deprecated added in v1.1.0

func (*FederationRelationship) Descriptor() ([]byte, []int)

Deprecated: Use FederationRelationship.ProtoReflect.Descriptor instead.

func (*FederationRelationship) GetBundleEndpointProfile added in v1.1.0

func (m *FederationRelationship) GetBundleEndpointProfile() isFederationRelationship_BundleEndpointProfile

func (*FederationRelationship) GetBundleEndpointUrl added in v1.1.0

func (x *FederationRelationship) GetBundleEndpointUrl() string

func (*FederationRelationship) GetHttpsSpiffe added in v1.1.0

func (x *FederationRelationship) GetHttpsSpiffe() *HTTPSSPIFFEProfile

func (*FederationRelationship) GetHttpsWeb added in v1.1.0

func (x *FederationRelationship) GetHttpsWeb() *HTTPSWebProfile

func (*FederationRelationship) GetTrustDomain added in v1.1.0

func (x *FederationRelationship) GetTrustDomain() string

func (*FederationRelationship) GetTrustDomainBundle added in v1.1.0

func (x *FederationRelationship) GetTrustDomainBundle() *Bundle

func (*FederationRelationship) ProtoMessage added in v1.1.0

func (*FederationRelationship) ProtoMessage()

func (*FederationRelationship) ProtoReflect added in v1.1.0

func (x *FederationRelationship) ProtoReflect() protoreflect.Message

func (*FederationRelationship) Reset added in v1.1.0

func (x *FederationRelationship) Reset()

func (*FederationRelationship) String added in v1.1.0

func (x *FederationRelationship) String() string

type FederationRelationshipMask added in v1.1.0

type FederationRelationshipMask struct {

	// bundle_endpoint_url field mask.
	BundleEndpointUrl bool `protobuf:"varint,1,opt,name=bundle_endpoint_url,json=bundleEndpointUrl,proto3" json:"bundle_endpoint_url,omitempty"`
	// bundle_endpoint_profile field mask.
	BundleEndpointProfile bool `` /* 127-byte string literal not displayed */
	// trust_domain_bundle field mask.
	TrustDomainBundle bool `protobuf:"varint,3,opt,name=trust_domain_bundle,json=trustDomainBundle,proto3" json:"trust_domain_bundle,omitempty"`
	// contains filtered or unexported fields
}

func (*FederationRelationshipMask) Descriptor deprecated added in v1.1.0

func (*FederationRelationshipMask) Descriptor() ([]byte, []int)

Deprecated: Use FederationRelationshipMask.ProtoReflect.Descriptor instead.

func (*FederationRelationshipMask) GetBundleEndpointProfile added in v1.1.0

func (x *FederationRelationshipMask) GetBundleEndpointProfile() bool

func (*FederationRelationshipMask) GetBundleEndpointUrl added in v1.1.0

func (x *FederationRelationshipMask) GetBundleEndpointUrl() bool

func (*FederationRelationshipMask) GetTrustDomainBundle added in v1.1.0

func (x *FederationRelationshipMask) GetTrustDomainBundle() bool

func (*FederationRelationshipMask) ProtoMessage added in v1.1.0

func (*FederationRelationshipMask) ProtoMessage()

func (*FederationRelationshipMask) ProtoReflect added in v1.1.0

func (*FederationRelationshipMask) Reset added in v1.1.0

func (x *FederationRelationshipMask) Reset()

func (*FederationRelationshipMask) String added in v1.1.0

func (x *FederationRelationshipMask) String() string

type FederationRelationship_HttpsSpiffe added in v1.1.0

type FederationRelationship_HttpsSpiffe struct {
	// Use SPIFFE Authentication endpoint profile.
	HttpsSpiffe *HTTPSSPIFFEProfile `protobuf:"bytes,4,opt,name=https_spiffe,json=httpsSpiffe,proto3,oneof"`
}

type FederationRelationship_HttpsWeb added in v1.1.0

type FederationRelationship_HttpsWeb struct {
	// Use Web PKI endpoint profile.
	HttpsWeb *HTTPSWebProfile `protobuf:"bytes,3,opt,name=https_web,json=httpsWeb,proto3,oneof"`
}

type HTTPSSPIFFEProfile added in v1.1.0

type HTTPSSPIFFEProfile struct {

	// Required. Specifies the expected SPIFFE ID of the SPIFFE bundle endpoint
	// server.
	EndpointSpiffeId string `protobuf:"bytes,1,opt,name=endpoint_spiffe_id,json=endpointSpiffeId,proto3" json:"endpoint_spiffe_id,omitempty"`
	// contains filtered or unexported fields
}

func (*HTTPSSPIFFEProfile) Descriptor deprecated added in v1.1.0

func (*HTTPSSPIFFEProfile) Descriptor() ([]byte, []int)

Deprecated: Use HTTPSSPIFFEProfile.ProtoReflect.Descriptor instead.

func (*HTTPSSPIFFEProfile) GetEndpointSpiffeId added in v1.1.0

func (x *HTTPSSPIFFEProfile) GetEndpointSpiffeId() string

func (*HTTPSSPIFFEProfile) ProtoMessage added in v1.1.0

func (*HTTPSSPIFFEProfile) ProtoMessage()

func (*HTTPSSPIFFEProfile) ProtoReflect added in v1.1.0

func (x *HTTPSSPIFFEProfile) ProtoReflect() protoreflect.Message

func (*HTTPSSPIFFEProfile) Reset added in v1.1.0

func (x *HTTPSSPIFFEProfile) Reset()

func (*HTTPSSPIFFEProfile) String added in v1.1.0

func (x *HTTPSSPIFFEProfile) String() string

type HTTPSWebProfile added in v1.1.0

type HTTPSWebProfile struct {
	// contains filtered or unexported fields
}

func (*HTTPSWebProfile) Descriptor deprecated added in v1.1.0

func (*HTTPSWebProfile) Descriptor() ([]byte, []int)

Deprecated: Use HTTPSWebProfile.ProtoReflect.Descriptor instead.

func (*HTTPSWebProfile) ProtoMessage added in v1.1.0

func (*HTTPSWebProfile) ProtoMessage()

func (*HTTPSWebProfile) ProtoReflect added in v1.1.0

func (x *HTTPSWebProfile) ProtoReflect() protoreflect.Message

func (*HTTPSWebProfile) Reset added in v1.1.0

func (x *HTTPSWebProfile) Reset()

func (*HTTPSWebProfile) String added in v1.1.0

func (x *HTTPSWebProfile) String() string

type JWTKey

type JWTKey struct {

	// The PKIX encoded public key.
	PublicKey []byte `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// The key identifier.
	KeyId string `protobuf:"bytes,2,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// When the key expires (seconds since Unix epoch). If zero, the key does
	// not expire.
	ExpiresAt int64 `protobuf:"varint,3,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	// contains filtered or unexported fields
}

func (*JWTKey) Descriptor deprecated

func (*JWTKey) Descriptor() ([]byte, []int)

Deprecated: Use JWTKey.ProtoReflect.Descriptor instead.

func (*JWTKey) GetExpiresAt

func (x *JWTKey) GetExpiresAt() int64

func (*JWTKey) GetKeyId

func (x *JWTKey) GetKeyId() string

func (*JWTKey) GetPublicKey

func (x *JWTKey) GetPublicKey() []byte

func (*JWTKey) ProtoMessage

func (*JWTKey) ProtoMessage()

func (*JWTKey) ProtoReflect

func (x *JWTKey) ProtoReflect() protoreflect.Message

func (*JWTKey) Reset

func (x *JWTKey) Reset()

func (*JWTKey) String

func (x *JWTKey) String() string

type JWTSVID

type JWTSVID struct {

	// The serialized JWT token.
	Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	// The SPIFFE ID of the JWT-SVID.
	Id *SPIFFEID `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
	// Expiration timestamp (seconds since Unix epoch).
	ExpiresAt int64 `protobuf:"varint,3,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	// Issuance timestamp (seconds since Unix epoch).
	IssuedAt int64 `protobuf:"varint,4,opt,name=issued_at,json=issuedAt,proto3" json:"issued_at,omitempty"`
	// contains filtered or unexported fields
}

JWT SPIFFE Verifiable Identity Document. It contains the raw JWT token as well as a few denormalized fields for convenience.

func (*JWTSVID) Descriptor deprecated

func (*JWTSVID) Descriptor() ([]byte, []int)

Deprecated: Use JWTSVID.ProtoReflect.Descriptor instead.

func (*JWTSVID) GetExpiresAt

func (x *JWTSVID) GetExpiresAt() int64

func (*JWTSVID) GetId

func (x *JWTSVID) GetId() *SPIFFEID

func (*JWTSVID) GetIssuedAt

func (x *JWTSVID) GetIssuedAt() int64

func (*JWTSVID) GetToken

func (x *JWTSVID) GetToken() string

func (*JWTSVID) ProtoMessage

func (*JWTSVID) ProtoMessage()

func (*JWTSVID) ProtoReflect

func (x *JWTSVID) ProtoReflect() protoreflect.Message

func (*JWTSVID) Reset

func (x *JWTSVID) Reset()

func (*JWTSVID) String

func (x *JWTSVID) String() string

type JoinToken

type JoinToken struct {

	// The value of the token.
	Value string `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"`
	// The token expiration (seconds since Unix epoch).
	ExpiresAt int64 `protobuf:"varint,2,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	// contains filtered or unexported fields
}

func (*JoinToken) Descriptor deprecated

func (*JoinToken) Descriptor() ([]byte, []int)

Deprecated: Use JoinToken.ProtoReflect.Descriptor instead.

func (*JoinToken) GetExpiresAt

func (x *JoinToken) GetExpiresAt() int64

func (*JoinToken) GetValue

func (x *JoinToken) GetValue() string

func (*JoinToken) ProtoMessage

func (*JoinToken) ProtoMessage()

func (*JoinToken) ProtoReflect

func (x *JoinToken) ProtoReflect() protoreflect.Message

func (*JoinToken) Reset

func (x *JoinToken) Reset()

func (*JoinToken) String

func (x *JoinToken) String() string

type PermissionDeniedDetails

type PermissionDeniedDetails struct {
	Reason PermissionDeniedDetails_Reason `protobuf:"varint,1,opt,name=reason,proto3,enum=spire.api.types.PermissionDeniedDetails_Reason" json:"reason,omitempty"`
	// contains filtered or unexported fields
}

func (*PermissionDeniedDetails) Descriptor deprecated

func (*PermissionDeniedDetails) Descriptor() ([]byte, []int)

Deprecated: Use PermissionDeniedDetails.ProtoReflect.Descriptor instead.

func (*PermissionDeniedDetails) GetReason

func (*PermissionDeniedDetails) ProtoMessage

func (*PermissionDeniedDetails) ProtoMessage()

func (*PermissionDeniedDetails) ProtoReflect

func (x *PermissionDeniedDetails) ProtoReflect() protoreflect.Message

func (*PermissionDeniedDetails) Reset

func (x *PermissionDeniedDetails) Reset()

func (*PermissionDeniedDetails) String

func (x *PermissionDeniedDetails) String() string

type PermissionDeniedDetails_Reason

type PermissionDeniedDetails_Reason int32
const (
	// Reason unknown.
	PermissionDeniedDetails_UNKNOWN PermissionDeniedDetails_Reason = 0
	// Agent identity has expired.
	PermissionDeniedDetails_AGENT_EXPIRED PermissionDeniedDetails_Reason = 1
	// Identity is not an attested agent.
	PermissionDeniedDetails_AGENT_NOT_ATTESTED PermissionDeniedDetails_Reason = 2
	// Identity is not the active agent identity.
	PermissionDeniedDetails_AGENT_NOT_ACTIVE PermissionDeniedDetails_Reason = 3
	// Agent has been banned.
	PermissionDeniedDetails_AGENT_BANNED PermissionDeniedDetails_Reason = 4
)

func (PermissionDeniedDetails_Reason) Descriptor

func (PermissionDeniedDetails_Reason) Enum

func (PermissionDeniedDetails_Reason) EnumDescriptor deprecated

func (PermissionDeniedDetails_Reason) EnumDescriptor() ([]byte, []int)

Deprecated: Use PermissionDeniedDetails_Reason.Descriptor instead.

func (PermissionDeniedDetails_Reason) Number

func (PermissionDeniedDetails_Reason) String

func (PermissionDeniedDetails_Reason) Type

type SPIFFEID

type SPIFFEID struct {

	// Trust domain portion the SPIFFE ID (e.g. "example.org")
	TrustDomain string `protobuf:"bytes,1,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"`
	// The path component of the SPIFFE ID (e.g. "/foo/bar/baz"). The path
	// SHOULD have a leading slash. Consumers MUST normalize the path before
	// making any sort of comparison between IDs.
	Path string `protobuf:"bytes,2,opt,name=path,proto3" json:"path,omitempty"`
	// contains filtered or unexported fields
}

A SPIFFE ID, consisting of the trust domain name and a path portions of the SPIFFE ID URI.

func (*SPIFFEID) Descriptor deprecated

func (*SPIFFEID) Descriptor() ([]byte, []int)

Deprecated: Use SPIFFEID.ProtoReflect.Descriptor instead.

func (*SPIFFEID) GetPath

func (x *SPIFFEID) GetPath() string

func (*SPIFFEID) GetTrustDomain

func (x *SPIFFEID) GetTrustDomain() string

func (*SPIFFEID) ProtoMessage

func (*SPIFFEID) ProtoMessage()

func (*SPIFFEID) ProtoReflect

func (x *SPIFFEID) ProtoReflect() protoreflect.Message

func (*SPIFFEID) Reset

func (x *SPIFFEID) Reset()

func (*SPIFFEID) String

func (x *SPIFFEID) String() string

type Selector

type Selector struct {

	// The type of the selector. This is typically the name of the plugin that
	// produces the selector.
	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
	// The value of the selector.
	Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
	// contains filtered or unexported fields
}

func (*Selector) Descriptor deprecated

func (*Selector) Descriptor() ([]byte, []int)

Deprecated: Use Selector.ProtoReflect.Descriptor instead.

func (*Selector) GetType

func (x *Selector) GetType() string

func (*Selector) GetValue

func (x *Selector) GetValue() string

func (*Selector) ProtoMessage

func (*Selector) ProtoMessage()

func (*Selector) ProtoReflect

func (x *Selector) ProtoReflect() protoreflect.Message

func (*Selector) Reset

func (x *Selector) Reset()

func (*Selector) String

func (x *Selector) String() string

type SelectorMatch

type SelectorMatch struct {

	// The set of selectors to match on.
	Selectors []*Selector `protobuf:"bytes,1,rep,name=selectors,proto3" json:"selectors,omitempty"`
	// How to match the selectors.
	Match SelectorMatch_MatchBehavior `protobuf:"varint,2,opt,name=match,proto3,enum=spire.api.types.SelectorMatch_MatchBehavior" json:"match,omitempty"`
	// contains filtered or unexported fields
}

func (*SelectorMatch) Descriptor deprecated

func (*SelectorMatch) Descriptor() ([]byte, []int)

Deprecated: Use SelectorMatch.ProtoReflect.Descriptor instead.

func (*SelectorMatch) GetMatch

func (*SelectorMatch) GetSelectors

func (x *SelectorMatch) GetSelectors() []*Selector

func (*SelectorMatch) ProtoMessage

func (*SelectorMatch) ProtoMessage()

func (*SelectorMatch) ProtoReflect

func (x *SelectorMatch) ProtoReflect() protoreflect.Message

func (*SelectorMatch) Reset

func (x *SelectorMatch) Reset()

func (*SelectorMatch) String

func (x *SelectorMatch) String() string

type SelectorMatch_MatchBehavior

type SelectorMatch_MatchBehavior int32
const (
	// Indicates that the selectors in this match are equal to the
	// candidate selectors, independent of ordering.
	// Example:
	//   Given:
	//     - 'e1 { Selectors: ["a:1", "b:2", "c:3"]}'
	//     - 'e2 { Selectors: ["a:1", "b:2"]}'
	//     - 'e3 { Selectors: ["a:1"]}'
	//   Operation:
	//     - MATCH_EXACT ["a:1", "b:2"]
	//   Entries that match:
	//     - 'e2'
	SelectorMatch_MATCH_EXACT SelectorMatch_MatchBehavior = 0
	// Indicates that all candidates which have a non-empty subset
	// of the provided set of selectors will match.
	// Example:
	//   Given:
	//     - 'e1 { Selectors: ["a:1", "b:2", "c:3"]}'
	//     - 'e2 { Selectors: ["a:1", "b:2"]}'
	//     - 'e3 { Selectors: ["a:1"]}'
	//   Operation:
	//     - MATCH_SUBSET ["a:1"]
	//   Entries that match:
	//     - 'e1'
	SelectorMatch_MATCH_SUBSET SelectorMatch_MatchBehavior = 1
	// Indicates that all candidates which are a superset
	// of the provided selectors will match.
	// Example:
	//   Given:
	//     - 'e1 { Selectors: ["a:1", "b:2", "c:3"]}'
	//     - 'e2 { Selectors: ["a:1", "b:2"]}'
	//     - 'e3 { Selectors: ["a:1"]}'
	//   Operation:
	//     - MATCH_SUPERSET ["a:1", "b:2"]
	//   Entries that match:
	//     - 'e1'
	//     - 'e2'
	SelectorMatch_MATCH_SUPERSET SelectorMatch_MatchBehavior = 2
	// Indicates that all candidates which have at least one
	// of the provided set of selectors will match.
	// Example:
	//   Given:
	//     - 'e1 { Selectors: ["a:1", "b:2", "c:3"]}'
	//     - 'e2 { Selectors: ["a:1", "b:2"]}'
	//     - 'e3 { Selectors: ["a:1"]}'
	//   Operation:
	//     - MATCH_ANY ["a:1"]
	//   Entries that match:
	//     - 'e1'
	//     - 'e2'
	//     - 'e3'
	SelectorMatch_MATCH_ANY SelectorMatch_MatchBehavior = 3
)

func (SelectorMatch_MatchBehavior) Descriptor

func (SelectorMatch_MatchBehavior) Enum

func (SelectorMatch_MatchBehavior) EnumDescriptor deprecated

func (SelectorMatch_MatchBehavior) EnumDescriptor() ([]byte, []int)

Deprecated: Use SelectorMatch_MatchBehavior.Descriptor instead.

func (SelectorMatch_MatchBehavior) Number

func (SelectorMatch_MatchBehavior) String

func (SelectorMatch_MatchBehavior) Type

type Status

type Status struct {

	// A status code, which should be an enum value of google.rpc.Code.
	Code int32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
	// A developer-facing error message.
	Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
	// contains filtered or unexported fields
}

func (*Status) Descriptor deprecated

func (*Status) Descriptor() ([]byte, []int)

Deprecated: Use Status.ProtoReflect.Descriptor instead.

func (*Status) GetCode

func (x *Status) GetCode() int32

func (*Status) GetMessage

func (x *Status) GetMessage() string

func (*Status) ProtoMessage

func (*Status) ProtoMessage()

func (*Status) ProtoReflect

func (x *Status) ProtoReflect() protoreflect.Message

func (*Status) Reset

func (x *Status) Reset()

func (*Status) String

func (x *Status) String() string

type X509Certificate

type X509Certificate struct {

	// The ASN.1 DER encoded bytes of the X.509 certificate.
	Asn1 []byte `protobuf:"bytes,1,opt,name=asn1,proto3" json:"asn1,omitempty"`
	// contains filtered or unexported fields
}

func (*X509Certificate) Descriptor deprecated

func (*X509Certificate) Descriptor() ([]byte, []int)

Deprecated: Use X509Certificate.ProtoReflect.Descriptor instead.

func (*X509Certificate) GetAsn1

func (x *X509Certificate) GetAsn1() []byte

func (*X509Certificate) ProtoMessage

func (*X509Certificate) ProtoMessage()

func (*X509Certificate) ProtoReflect

func (x *X509Certificate) ProtoReflect() protoreflect.Message

func (*X509Certificate) Reset

func (x *X509Certificate) Reset()

func (*X509Certificate) String

func (x *X509Certificate) String() string

type X509SVID

type X509SVID struct {

	// Certificate and intermediates required to form a chain of trust back to
	// the X.509 authorities of the trust domain (ASN.1 DER encoded).
	CertChain [][]byte `protobuf:"bytes,1,rep,name=cert_chain,json=certChain,proto3" json:"cert_chain,omitempty"`
	// SPIFFE ID of the SVID.
	Id *SPIFFEID `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
	// Expiration timestamp (seconds since Unix epoch).
	ExpiresAt int64 `protobuf:"varint,3,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	// contains filtered or unexported fields
}

X.509 SPIFFE Verifiable Identity Document. It contains the raw X.509 certificate data as well as a few denormalized fields for convenience.

func (*X509SVID) Descriptor deprecated

func (*X509SVID) Descriptor() ([]byte, []int)

Deprecated: Use X509SVID.ProtoReflect.Descriptor instead.

func (*X509SVID) GetCertChain

func (x *X509SVID) GetCertChain() [][]byte

func (*X509SVID) GetExpiresAt

func (x *X509SVID) GetExpiresAt() int64

func (*X509SVID) GetId

func (x *X509SVID) GetId() *SPIFFEID

func (*X509SVID) ProtoMessage

func (*X509SVID) ProtoMessage()

func (*X509SVID) ProtoReflect

func (x *X509SVID) ProtoReflect() protoreflect.Message

func (*X509SVID) Reset

func (x *X509SVID) Reset()

func (*X509SVID) String

func (x *X509SVID) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL