svidv1

package
v1.3.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 12, 2022 License: Apache-2.0 Imports: 9 Imported by: 22

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var File_spire_api_server_svid_v1_svid_proto protoreflect.FileDescriptor

Functions

func RegisterSVIDServer 

func RegisterSVIDServer(s grpc.ServiceRegistrar, srv SVIDServer)

Types

type BatchNewX509SVIDRequest 

type BatchNewX509SVIDRequest struct {

	// Required. One or more X509-SVID parameters for X509-SVID entries to
	// be signed.
	Params []*NewX509SVIDParams `protobuf:"bytes,1,rep,name=params,proto3" json:"params,omitempty"`
	// contains filtered or unexported fields
}

func (*BatchNewX509SVIDRequest) Descriptor deprecated 

func (*BatchNewX509SVIDRequest) Descriptor() ([]byte, []int)

Deprecated: Use BatchNewX509SVIDRequest.ProtoReflect.Descriptor instead.

func (*BatchNewX509SVIDRequest) GetParams 

func (x *BatchNewX509SVIDRequest) GetParams() []*NewX509SVIDParams

func (*BatchNewX509SVIDRequest) ProtoMessage 

func (*BatchNewX509SVIDRequest) ProtoMessage()

func (*BatchNewX509SVIDRequest) ProtoReflect 

func (x *BatchNewX509SVIDRequest) ProtoReflect() protoreflect.Message

func (*BatchNewX509SVIDRequest) Reset 

func (x *BatchNewX509SVIDRequest) Reset()

func (*BatchNewX509SVIDRequest) String 

func (x *BatchNewX509SVIDRequest) String() string

type BatchNewX509SVIDResponse 

type BatchNewX509SVIDResponse struct {

	// Result for each X509-SVID requested (order is maintained).
	Results []*BatchNewX509SVIDResponse_Result `protobuf:"bytes,1,rep,name=results,proto3" json:"results,omitempty"`
	// contains filtered or unexported fields
}

func (*BatchNewX509SVIDResponse) Descriptor deprecated 

func (*BatchNewX509SVIDResponse) Descriptor() ([]byte, []int)

Deprecated: Use BatchNewX509SVIDResponse.ProtoReflect.Descriptor instead.

func (*BatchNewX509SVIDResponse) GetResults 

func (x *BatchNewX509SVIDResponse) GetResults() []*BatchNewX509SVIDResponse_Result

func (*BatchNewX509SVIDResponse) ProtoMessage 

func (*BatchNewX509SVIDResponse) ProtoMessage()

func (*BatchNewX509SVIDResponse) ProtoReflect 

func (x *BatchNewX509SVIDResponse) ProtoReflect() protoreflect.Message

func (*BatchNewX509SVIDResponse) Reset 

func (x *BatchNewX509SVIDResponse) Reset()

func (*BatchNewX509SVIDResponse) String 

func (x *BatchNewX509SVIDResponse) String() string

type BatchNewX509SVIDResponse_Result 

type BatchNewX509SVIDResponse_Result struct {

	// The status of creating the X509-SVID.
	Status *types.Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
	// The newly created X509-SVID. This will be set if the status is OK.
	Svid *types.X509SVID `protobuf:"bytes,2,opt,name=svid,proto3" json:"svid,omitempty"`
	// contains filtered or unexported fields
}

func (*BatchNewX509SVIDResponse_Result) Descriptor deprecated 

func (*BatchNewX509SVIDResponse_Result) Descriptor() ([]byte, []int)

Deprecated: Use BatchNewX509SVIDResponse_Result.ProtoReflect.Descriptor instead.

func (*BatchNewX509SVIDResponse_Result) GetStatus 

func (x *BatchNewX509SVIDResponse_Result) GetStatus() *types.Status

func (*BatchNewX509SVIDResponse_Result) GetSvid 

func (x *BatchNewX509SVIDResponse_Result) GetSvid() *types.X509SVID

func (*BatchNewX509SVIDResponse_Result) ProtoMessage 

func (*BatchNewX509SVIDResponse_Result) ProtoMessage()

func (*BatchNewX509SVIDResponse_Result) ProtoReflect 

func (x *BatchNewX509SVIDResponse_Result) ProtoReflect() protoreflect.Message

func (*BatchNewX509SVIDResponse_Result) Reset 

func (x *BatchNewX509SVIDResponse_Result) Reset()

func (*BatchNewX509SVIDResponse_Result) String 

func (x *BatchNewX509SVIDResponse_Result) String() string

type MintJWTSVIDRequest 

type MintJWTSVIDRequest struct {

	// Required. SPIFFE ID of the JWT-SVID.
	Id *types.SPIFFEID `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// Required. List of audience claims to include in the JWT-SVID. At least one must
	// be set.
	Audience []string `protobuf:"bytes,2,rep,name=audience,proto3" json:"audience,omitempty"`
	// Desired TTL of the JWT-SVID, in seconds. The server default will be used
	// if unset. The TTL is advisory only. The actual lifetime of the JWT-SVID
	// may be lower depending on the remaining lifetime of the active SPIRE
	// Server CA.
	Ttl int32 `protobuf:"varint,3,opt,name=ttl,proto3" json:"ttl,omitempty"`
	// contains filtered or unexported fields
}

func (*MintJWTSVIDRequest) Descriptor deprecated 

func (*MintJWTSVIDRequest) Descriptor() ([]byte, []int)

Deprecated: Use MintJWTSVIDRequest.ProtoReflect.Descriptor instead.

func (*MintJWTSVIDRequest) GetAudience 

func (x *MintJWTSVIDRequest) GetAudience() []string

func (*MintJWTSVIDRequest) GetId 

func (x *MintJWTSVIDRequest) GetId() *types.SPIFFEID

func (*MintJWTSVIDRequest) GetTtl 

func (x *MintJWTSVIDRequest) GetTtl() int32

func (*MintJWTSVIDRequest) ProtoMessage 

func (*MintJWTSVIDRequest) ProtoMessage()

func (*MintJWTSVIDRequest) ProtoReflect 

func (x *MintJWTSVIDRequest) ProtoReflect() protoreflect.Message

func (*MintJWTSVIDRequest) Reset 

func (x *MintJWTSVIDRequest) Reset()

func (*MintJWTSVIDRequest) String 

func (x *MintJWTSVIDRequest) String() string

type MintJWTSVIDResponse 

type MintJWTSVIDResponse struct {

	// The newly issued JWT-SVID.
	Svid *types.JWTSVID `protobuf:"bytes,1,opt,name=svid,proto3" json:"svid,omitempty"`
	// contains filtered or unexported fields
}

func (*MintJWTSVIDResponse) Descriptor deprecated 

func (*MintJWTSVIDResponse) Descriptor() ([]byte, []int)

Deprecated: Use MintJWTSVIDResponse.ProtoReflect.Descriptor instead.

func (*MintJWTSVIDResponse) GetSvid 

func (x *MintJWTSVIDResponse) GetSvid() *types.JWTSVID

func (*MintJWTSVIDResponse) ProtoMessage 

func (*MintJWTSVIDResponse) ProtoMessage()

func (*MintJWTSVIDResponse) ProtoReflect 

func (x *MintJWTSVIDResponse) ProtoReflect() protoreflect.Message

func (*MintJWTSVIDResponse) Reset 

func (x *MintJWTSVIDResponse) Reset()

func (*MintJWTSVIDResponse) String 

func (x *MintJWTSVIDResponse) String() string

type MintX509SVIDRequest 

type MintX509SVIDRequest struct {

	// Required. ASN.1 DER encoded CSR. The CSR is used to convey the public
	// key and the SPIFFE ID (via the URI SAN). Only one URI SAN can be set.
	// Optionally, the subject and any number of DNS SANs can also be set.
	Csr []byte `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"`
	// The desired TTL of the X509-SVID, in seconds. The server default will be
	// used if unset. The TTL is advisory only. The actual lifetime of the
	// X509-SVID may be lower depending on the remaining lifetime of the active
	// SPIRE Server CA.
	Ttl int32 `protobuf:"varint,2,opt,name=ttl,proto3" json:"ttl,omitempty"`
	// contains filtered or unexported fields
}

func (*MintX509SVIDRequest) Descriptor deprecated 

func (*MintX509SVIDRequest) Descriptor() ([]byte, []int)

Deprecated: Use MintX509SVIDRequest.ProtoReflect.Descriptor instead.

func (*MintX509SVIDRequest) GetCsr 

func (x *MintX509SVIDRequest) GetCsr() []byte

func (*MintX509SVIDRequest) GetTtl 

func (x *MintX509SVIDRequest) GetTtl() int32

func (*MintX509SVIDRequest) ProtoMessage 

func (*MintX509SVIDRequest) ProtoMessage()

func (*MintX509SVIDRequest) ProtoReflect 

func (x *MintX509SVIDRequest) ProtoReflect() protoreflect.Message

func (*MintX509SVIDRequest) Reset 

func (x *MintX509SVIDRequest) Reset()

func (*MintX509SVIDRequest) String 

func (x *MintX509SVIDRequest) String() string

type MintX509SVIDResponse 

type MintX509SVIDResponse struct {

	// The newly issued X509-SVID.
	Svid *types.X509SVID `protobuf:"bytes,1,opt,name=svid,proto3" json:"svid,omitempty"`
	// contains filtered or unexported fields
}

func (*MintX509SVIDResponse) Descriptor deprecated 

func (*MintX509SVIDResponse) Descriptor() ([]byte, []int)

Deprecated: Use MintX509SVIDResponse.ProtoReflect.Descriptor instead.

func (*MintX509SVIDResponse) GetSvid 

func (x *MintX509SVIDResponse) GetSvid() *types.X509SVID

func (*MintX509SVIDResponse) ProtoMessage 

func (*MintX509SVIDResponse) ProtoMessage()

func (*MintX509SVIDResponse) ProtoReflect 

func (x *MintX509SVIDResponse) ProtoReflect() protoreflect.Message

func (*MintX509SVIDResponse) Reset 

func (x *MintX509SVIDResponse) Reset()

func (*MintX509SVIDResponse) String 

func (x *MintX509SVIDResponse) String() string

type NewDownstreamX509CARequest 

type NewDownstreamX509CARequest struct {

	// Required. The ASN.1 DER encoded Certificate Signing Request (CSR). The
	// CSR is only used to convey the public key; other fields in the CSR are
	// ignored. The X509-SVID attributes are determined by the downstream entry.
	Csr []byte `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"`
	// contains filtered or unexported fields
}

func (*NewDownstreamX509CARequest) Descriptor deprecated 

func (*NewDownstreamX509CARequest) Descriptor() ([]byte, []int)

Deprecated: Use NewDownstreamX509CARequest.ProtoReflect.Descriptor instead.

func (*NewDownstreamX509CARequest) GetCsr 

func (x *NewDownstreamX509CARequest) GetCsr() []byte

func (*NewDownstreamX509CARequest) ProtoMessage 

func (*NewDownstreamX509CARequest) ProtoMessage()

func (*NewDownstreamX509CARequest) ProtoReflect 

func (x *NewDownstreamX509CARequest) ProtoReflect() protoreflect.Message

func (*NewDownstreamX509CARequest) Reset 

func (x *NewDownstreamX509CARequest) Reset()

func (*NewDownstreamX509CARequest) String 

func (x *NewDownstreamX509CARequest) String() string

type NewDownstreamX509CAResponse 

type NewDownstreamX509CAResponse struct {

	// CA certificate and any intermediates required to form a chain of trust
	// back to the X.509 authorities (DER encoded). The CA certificate is the
	// first.
	CaCertChain [][]byte `protobuf:"bytes,1,rep,name=ca_cert_chain,json=caCertChain,proto3" json:"ca_cert_chain,omitempty"`
	// X.509 authorities (DER encoded).
	X509Authorities [][]byte `protobuf:"bytes,2,rep,name=x509_authorities,json=x509Authorities,proto3" json:"x509_authorities,omitempty"`
	// contains filtered or unexported fields
}

func (*NewDownstreamX509CAResponse) Descriptor deprecated 

func (*NewDownstreamX509CAResponse) Descriptor() ([]byte, []int)

Deprecated: Use NewDownstreamX509CAResponse.ProtoReflect.Descriptor instead.

func (*NewDownstreamX509CAResponse) GetCaCertChain 

func (x *NewDownstreamX509CAResponse) GetCaCertChain() [][]byte

func (*NewDownstreamX509CAResponse) GetX509Authorities 

func (x *NewDownstreamX509CAResponse) GetX509Authorities() [][]byte

func (*NewDownstreamX509CAResponse) ProtoMessage 

func (*NewDownstreamX509CAResponse) ProtoMessage()

func (*NewDownstreamX509CAResponse) ProtoReflect 

func (x *NewDownstreamX509CAResponse) ProtoReflect() protoreflect.Message

func (*NewDownstreamX509CAResponse) Reset 

func (x *NewDownstreamX509CAResponse) Reset()

func (*NewDownstreamX509CAResponse) String 

func (x *NewDownstreamX509CAResponse) String() string

type NewJWTSVIDRequest 

type NewJWTSVIDRequest struct {

	// Required. The entry ID of the identity being requested.
	EntryId string `protobuf:"bytes,1,opt,name=entry_id,json=entryId,proto3" json:"entry_id,omitempty"`
	// Required. List of audience claims to include in the JWT-SVID. At least
	// one must be set.
	Audience []string `protobuf:"bytes,2,rep,name=audience,proto3" json:"audience,omitempty"`
	// contains filtered or unexported fields
}

func (*NewJWTSVIDRequest) Descriptor deprecated 

func (*NewJWTSVIDRequest) Descriptor() ([]byte, []int)

Deprecated: Use NewJWTSVIDRequest.ProtoReflect.Descriptor instead.

func (*NewJWTSVIDRequest) GetAudience 

func (x *NewJWTSVIDRequest) GetAudience() []string

func (*NewJWTSVIDRequest) GetEntryId 

func (x *NewJWTSVIDRequest) GetEntryId() string

func (*NewJWTSVIDRequest) ProtoMessage 

func (*NewJWTSVIDRequest) ProtoMessage()

func (*NewJWTSVIDRequest) ProtoReflect 

func (x *NewJWTSVIDRequest) ProtoReflect() protoreflect.Message

func (*NewJWTSVIDRequest) Reset 

func (x *NewJWTSVIDRequest) Reset()

func (*NewJWTSVIDRequest) String 

func (x *NewJWTSVIDRequest) String() string

type NewJWTSVIDResponse 

type NewJWTSVIDResponse struct {

	// The newly issued JWT-SVID
	Svid *types.JWTSVID `protobuf:"bytes,1,opt,name=svid,proto3" json:"svid,omitempty"`
	// contains filtered or unexported fields
}

func (*NewJWTSVIDResponse) Descriptor deprecated 

func (*NewJWTSVIDResponse) Descriptor() ([]byte, []int)

Deprecated: Use NewJWTSVIDResponse.ProtoReflect.Descriptor instead.

func (*NewJWTSVIDResponse) GetSvid 

func (x *NewJWTSVIDResponse) GetSvid() *types.JWTSVID

func (*NewJWTSVIDResponse) ProtoMessage 

func (*NewJWTSVIDResponse) ProtoMessage()

func (*NewJWTSVIDResponse) ProtoReflect 

func (x *NewJWTSVIDResponse) ProtoReflect() protoreflect.Message

func (*NewJWTSVIDResponse) Reset 

func (x *NewJWTSVIDResponse) Reset()

func (*NewJWTSVIDResponse) String 

func (x *NewJWTSVIDResponse) String() string

type NewX509SVIDParams 

type NewX509SVIDParams struct {

	// Required. The entry ID for the identity being requested.
	EntryId string `protobuf:"bytes,1,opt,name=entry_id,json=entryId,proto3" json:"entry_id,omitempty"`
	// Required. The ASN.1 DER encoded Certificate Signing Request (CSR). The
	// CSR is only used to convey the public key; other fields in the CSR are
	// ignored. The X509-SVID attributes are determined by the entry.
	Csr []byte `protobuf:"bytes,2,opt,name=csr,proto3" json:"csr,omitempty"`
	// contains filtered or unexported fields
}

func (*NewX509SVIDParams) Descriptor deprecated 

func (*NewX509SVIDParams) Descriptor() ([]byte, []int)

Deprecated: Use NewX509SVIDParams.ProtoReflect.Descriptor instead.

func (*NewX509SVIDParams) GetCsr 

func (x *NewX509SVIDParams) GetCsr() []byte

func (*NewX509SVIDParams) GetEntryId 

func (x *NewX509SVIDParams) GetEntryId() string

func (*NewX509SVIDParams) ProtoMessage 

func (*NewX509SVIDParams) ProtoMessage()

func (*NewX509SVIDParams) ProtoReflect 

func (x *NewX509SVIDParams) ProtoReflect() protoreflect.Message

func (*NewX509SVIDParams) Reset 

func (x *NewX509SVIDParams) Reset()

func (*NewX509SVIDParams) String 

func (x *NewX509SVIDParams) String() string

type SVIDClient 

type SVIDClient interface {
	// Mints a one-off X509-SVID outside of the normal node/workload
	// registration process.
	//
	// The caller must be local or present an admin X509-SVID.
	MintX509SVID(ctx context.Context, in *MintX509SVIDRequest, opts ...grpc.CallOption) (*MintX509SVIDResponse, error)
	// Mints a one-off JWT-SVID outside of the normal node/workload
	// registration process.
	//
	// The caller must be local or present an admin X509-SVID.
	MintJWTSVID(ctx context.Context, in *MintJWTSVIDRequest, opts ...grpc.CallOption) (*MintJWTSVIDResponse, error)
	// Creates one or more X509-SVIDs from registration entries.
	//
	// The caller must present an active agent X509-SVID that is authorized
	// to mint the requested entries. See the Entry GetAuthorizedEntries RPC.
	BatchNewX509SVID(ctx context.Context, in *BatchNewX509SVIDRequest, opts ...grpc.CallOption) (*BatchNewX509SVIDResponse, error)
	// Creates an JWT-SVID from a registration entry.
	//
	// The caller must present an active agent X509-SVID that is authorized
	// to mint the requested entry. See the Entry GetAuthorizedEntries RPC.
	NewJWTSVID(ctx context.Context, in *NewJWTSVIDRequest, opts ...grpc.CallOption) (*NewJWTSVIDResponse, error)
	// Creates an X509 CA certificate appropriate for use by a downstream
	// entity to mint X509-SVIDs.
	//
	// The caller must present a downstream X509-SVID.
	NewDownstreamX509CA(ctx context.Context, in *NewDownstreamX509CARequest, opts ...grpc.CallOption) (*NewDownstreamX509CAResponse, error)
}

SVIDClient is the client API for SVID service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewSVIDClient 

func NewSVIDClient(cc grpc.ClientConnInterface) SVIDClient

type SVIDServer 

type SVIDServer interface {
	// Mints a one-off X509-SVID outside of the normal node/workload
	// registration process.
	//
	// The caller must be local or present an admin X509-SVID.
	MintX509SVID(context.Context, *MintX509SVIDRequest) (*MintX509SVIDResponse, error)
	// Mints a one-off JWT-SVID outside of the normal node/workload
	// registration process.
	//
	// The caller must be local or present an admin X509-SVID.
	MintJWTSVID(context.Context, *MintJWTSVIDRequest) (*MintJWTSVIDResponse, error)
	// Creates one or more X509-SVIDs from registration entries.
	//
	// The caller must present an active agent X509-SVID that is authorized
	// to mint the requested entries. See the Entry GetAuthorizedEntries RPC.
	BatchNewX509SVID(context.Context, *BatchNewX509SVIDRequest) (*BatchNewX509SVIDResponse, error)
	// Creates an JWT-SVID from a registration entry.
	//
	// The caller must present an active agent X509-SVID that is authorized
	// to mint the requested entry. See the Entry GetAuthorizedEntries RPC.
	NewJWTSVID(context.Context, *NewJWTSVIDRequest) (*NewJWTSVIDResponse, error)
	// Creates an X509 CA certificate appropriate for use by a downstream
	// entity to mint X509-SVIDs.
	//
	// The caller must present a downstream X509-SVID.
	NewDownstreamX509CA(context.Context, *NewDownstreamX509CARequest) (*NewDownstreamX509CAResponse, error)
	// contains filtered or unexported methods
}

SVIDServer is the server API for SVID service. All implementations must embed UnimplementedSVIDServer for forward compatibility

type UnimplementedSVIDServer 

type UnimplementedSVIDServer struct {
}

UnimplementedSVIDServer must be embedded to have forward compatible implementations.

func (UnimplementedSVIDServer) BatchNewX509SVID 

func (UnimplementedSVIDServer) BatchNewX509SVID(context.Context, *BatchNewX509SVIDRequest) (*BatchNewX509SVIDResponse, error)

func (UnimplementedSVIDServer) MintJWTSVID 

func (UnimplementedSVIDServer) MintJWTSVID(context.Context, *MintJWTSVIDRequest) (*MintJWTSVIDResponse, error)

func (UnimplementedSVIDServer) MintX509SVID 

func (UnimplementedSVIDServer) MintX509SVID(context.Context, *MintX509SVIDRequest) (*MintX509SVIDResponse, error)

func (UnimplementedSVIDServer) NewDownstreamX509CA 

func (UnimplementedSVIDServer) NewDownstreamX509CA(context.Context, *NewDownstreamX509CARequest) (*NewDownstreamX509CAResponse, error)

func (UnimplementedSVIDServer) NewJWTSVID 

func (UnimplementedSVIDServer) NewJWTSVID(context.Context, *NewJWTSVIDRequest) (*NewJWTSVIDResponse, error)

type UnsafeSVIDServer 

type UnsafeSVIDServer interface {
	// contains filtered or unexported methods
}

UnsafeSVIDServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to SVIDServer will result in compilation errors.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.