types

package
v1.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 21, 2023 License: Apache-2.0 Imports: 5 Imported by: 95

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	FederatesWithMatch_MatchBehavior_name = map[int32]string{
		0: "MATCH_EXACT",
		1: "MATCH_SUBSET",
		2: "MATCH_SUPERSET",
		3: "MATCH_ANY",
	}
	FederatesWithMatch_MatchBehavior_value = map[string]int32{
		"MATCH_EXACT":    0,
		"MATCH_SUBSET":   1,
		"MATCH_SUPERSET": 2,
		"MATCH_ANY":      3,
	}
)

Enum value maps for FederatesWithMatch_MatchBehavior.

View Source 
var (
	SelectorMatch_MatchBehavior_name = map[int32]string{
		0: "MATCH_EXACT",
		1: "MATCH_SUBSET",
		2: "MATCH_SUPERSET",
		3: "MATCH_ANY",
	}
	SelectorMatch_MatchBehavior_value = map[string]int32{
		"MATCH_EXACT":    0,
		"MATCH_SUBSET":   1,
		"MATCH_SUPERSET": 2,
		"MATCH_ANY":      3,
	}
)

Enum value maps for SelectorMatch_MatchBehavior.

View Source 
var (
	PermissionDeniedDetails_Reason_name = map[int32]string{
		0: "UNKNOWN",
		1: "AGENT_EXPIRED",
		2: "AGENT_NOT_ATTESTED",
		3: "AGENT_NOT_ACTIVE",
		4: "AGENT_BANNED",
		5: "AGENT_MUST_REATTEST",
	}
	PermissionDeniedDetails_Reason_value = map[string]int32{
		"UNKNOWN":             0,
		"AGENT_EXPIRED":       1,
		"AGENT_NOT_ATTESTED":  2,
		"AGENT_NOT_ACTIVE":    3,
		"AGENT_BANNED":        4,
		"AGENT_MUST_REATTEST": 5,
	}
)

Enum value maps for PermissionDeniedDetails_Reason.

View Source 
var File_spire_api_types_agent_proto protoreflect.FileDescriptor
View Source 
var File_spire_api_types_attestation_proto protoreflect.FileDescriptor
View Source 
var File_spire_api_types_bundle_proto protoreflect.FileDescriptor
View Source 
var File_spire_api_types_entry_proto protoreflect.FileDescriptor
View Source 
var File_spire_api_types_federateswith_proto protoreflect.FileDescriptor
View Source 
var File_spire_api_types_federationrelationship_proto protoreflect.FileDescriptor
View Source 
var File_spire_api_types_jointoken_proto protoreflect.FileDescriptor
View Source 
var File_spire_api_types_jwtsvid_proto protoreflect.FileDescriptor
View Source 
var File_spire_api_types_selector_proto protoreflect.FileDescriptor
View Source 
var File_spire_api_types_spiffeid_proto protoreflect.FileDescriptor
View Source 
var File_spire_api_types_status_proto protoreflect.FileDescriptor
View Source 
var File_spire_api_types_x509svid_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Agent 

type Agent struct {

	// Output only. SPIFFE ID of the agent.
	Id *SPIFFEID `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// Output only. The method by which the agent attested.
	AttestationType string `protobuf:"bytes,2,opt,name=attestation_type,json=attestationType,proto3" json:"attestation_type,omitempty"`
	// Output only. The X509-SVID serial number.
	X509SvidSerialNumber string `protobuf:"bytes,3,opt,name=x509svid_serial_number,json=x509svidSerialNumber,proto3" json:"x509svid_serial_number,omitempty"`
	// Output only. The X509-SVID expiration (seconds since Unix epoch).
	X509SvidExpiresAt int64 `protobuf:"varint,4,opt,name=x509svid_expires_at,json=x509svidExpiresAt,proto3" json:"x509svid_expires_at,omitempty"`
	// Output only. The selectors attributed to the agent during attestation.
	Selectors []*Selector `protobuf:"bytes,5,rep,name=selectors,proto3" json:"selectors,omitempty"`
	// Output only. Whether or not the agent is banned.
	Banned bool `protobuf:"varint,6,opt,name=banned,proto3" json:"banned,omitempty"`
	// Output only. Whether or not the agent can re-attest.
	CanReattest bool `protobuf:"varint,7,opt,name=can_reattest,json=canReattest,proto3" json:"can_reattest,omitempty"`
	// contains filtered or unexported fields
}

func (*Agent) Descriptor deprecated 

func (*Agent) Descriptor() ([]byte, []int)

Deprecated: Use Agent.ProtoReflect.Descriptor instead.

func (*Agent) GetAttestationType 

func (x *Agent) GetAttestationType() string

func (*Agent) GetBanned 

func (x *Agent) GetBanned() bool

func (*Agent) GetCanReattest added in v1.6.3 

func (x *Agent) GetCanReattest() bool

func (*Agent) GetId 

func (x *Agent) GetId() *SPIFFEID

func (*Agent) GetSelectors 

func (x *Agent) GetSelectors() []*Selector

func (*Agent) GetX509SvidExpiresAt 

func (x *Agent) GetX509SvidExpiresAt() int64

func (*Agent) GetX509SvidSerialNumber 

func (x *Agent) GetX509SvidSerialNumber() string

func (*Agent) ProtoMessage 

func (*Agent) ProtoMessage()

func (*Agent) ProtoReflect 

func (x *Agent) ProtoReflect() protoreflect.Message

func (*Agent) Reset 

func (x *Agent) Reset()

func (*Agent) String 

func (x *Agent) String() string

type AgentMask 

type AgentMask struct {

	// attestation_type field mask
	AttestationType bool `protobuf:"varint,2,opt,name=attestation_type,json=attestationType,proto3" json:"attestation_type,omitempty"`
	// x509svid_serial_number field mask
	X509SvidSerialNumber bool `protobuf:"varint,3,opt,name=x509svid_serial_number,json=x509svidSerialNumber,proto3" json:"x509svid_serial_number,omitempty"`
	// x509svid_expires_at field mask
	X509SvidExpiresAt bool `protobuf:"varint,4,opt,name=x509svid_expires_at,json=x509svidExpiresAt,proto3" json:"x509svid_expires_at,omitempty"`
	// selectors field mask
	Selectors bool `protobuf:"varint,5,opt,name=selectors,proto3" json:"selectors,omitempty"`
	// banned field mask
	Banned bool `protobuf:"varint,6,opt,name=banned,proto3" json:"banned,omitempty"`
	// can_reattest field mask
	CanReattest bool `protobuf:"varint,7,opt,name=can_reattest,json=canReattest,proto3" json:"can_reattest,omitempty"`
	// contains filtered or unexported fields
}

func (*AgentMask) Descriptor deprecated 

func (*AgentMask) Descriptor() ([]byte, []int)

Deprecated: Use AgentMask.ProtoReflect.Descriptor instead.

func (*AgentMask) GetAttestationType 

func (x *AgentMask) GetAttestationType() bool

func (*AgentMask) GetBanned 

func (x *AgentMask) GetBanned() bool

func (*AgentMask) GetCanReattest added in v1.6.3 

func (x *AgentMask) GetCanReattest() bool

func (*AgentMask) GetSelectors 

func (x *AgentMask) GetSelectors() bool

func (*AgentMask) GetX509SvidExpiresAt 

func (x *AgentMask) GetX509SvidExpiresAt() bool

func (*AgentMask) GetX509SvidSerialNumber 

func (x *AgentMask) GetX509SvidSerialNumber() bool

func (*AgentMask) ProtoMessage 

func (*AgentMask) ProtoMessage()

func (*AgentMask) ProtoReflect 

func (x *AgentMask) ProtoReflect() protoreflect.Message

func (*AgentMask) Reset 

func (x *AgentMask) Reset()

func (*AgentMask) String 

func (x *AgentMask) String() string

type AttestationData 

type AttestationData struct {

	// The type of attestation data. This is typically the name of the plugin
	// that produced that data.
	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
	// The attestation data payload.
	Payload []byte `protobuf:"bytes,2,opt,name=payload,proto3" json:"payload,omitempty"`
	// contains filtered or unexported fields
}

func (*AttestationData) Descriptor deprecated 

func (*AttestationData) Descriptor() ([]byte, []int)

Deprecated: Use AttestationData.ProtoReflect.Descriptor instead.

func (*AttestationData) GetPayload 

func (x *AttestationData) GetPayload() []byte

func (*AttestationData) GetType 

func (x *AttestationData) GetType() string

func (*AttestationData) ProtoMessage 

func (*AttestationData) ProtoMessage()

func (*AttestationData) ProtoReflect 

func (x *AttestationData) ProtoReflect() protoreflect.Message

func (*AttestationData) Reset 

func (x *AttestationData) Reset()

func (*AttestationData) String 

func (x *AttestationData) String() string

type Bundle 

type Bundle struct {

	// The name of the trust domain the bundle belongs to (e.g., "example.org").
	TrustDomain string `protobuf:"bytes,1,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"`
	// X.509 authorities for authenticating X509-SVIDs.
	X509Authorities []*X509Certificate `protobuf:"bytes,2,rep,name=x509_authorities,json=x509Authorities,proto3" json:"x509_authorities,omitempty"`
	// JWT authorities for authenticating JWT-SVIDs.
	JwtAuthorities []*JWTKey `protobuf:"bytes,3,rep,name=jwt_authorities,json=jwtAuthorities,proto3" json:"jwt_authorities,omitempty"`
	// A hint on how often the bundle should be refreshed from the bundle
	// provider, in seconds. Can be zero (meaning no hint available).
	RefreshHint int64 `protobuf:"varint,4,opt,name=refresh_hint,json=refreshHint,proto3" json:"refresh_hint,omitempty"`
	// The sequence number of the bundle.
	SequenceNumber uint64 `protobuf:"varint,5,opt,name=sequence_number,json=sequenceNumber,proto3" json:"sequence_number,omitempty"`
	// contains filtered or unexported fields
}

func (*Bundle) Descriptor deprecated 

func (*Bundle) Descriptor() ([]byte, []int)

Deprecated: Use Bundle.ProtoReflect.Descriptor instead.

func (*Bundle) GetJwtAuthorities 

func (x *Bundle) GetJwtAuthorities() []*JWTKey

func (*Bundle) GetRefreshHint 

func (x *Bundle) GetRefreshHint() int64

func (*Bundle) GetSequenceNumber 

func (x *Bundle) GetSequenceNumber() uint64

func (*Bundle) GetTrustDomain 

func (x *Bundle) GetTrustDomain() string

func (*Bundle) GetX509Authorities 

func (x *Bundle) GetX509Authorities() []*X509Certificate

func (*Bundle) ProtoMessage 

func (*Bundle) ProtoMessage()

func (*Bundle) ProtoReflect 

func (x *Bundle) ProtoReflect() protoreflect.Message

func (*Bundle) Reset 

func (x *Bundle) Reset()

func (*Bundle) String 

func (x *Bundle) String() string

type BundleMask 

type BundleMask struct {

	// x509_authorities field mask.
	X509Authorities bool `protobuf:"varint,2,opt,name=x509_authorities,json=x509Authorities,proto3" json:"x509_authorities,omitempty"`
	// jwt_authorities field mask.
	JwtAuthorities bool `protobuf:"varint,3,opt,name=jwt_authorities,json=jwtAuthorities,proto3" json:"jwt_authorities,omitempty"`
	// refresh_hint field mask.
	RefreshHint bool `protobuf:"varint,4,opt,name=refresh_hint,json=refreshHint,proto3" json:"refresh_hint,omitempty"`
	// sequence_number field mask.
	SequenceNumber bool `protobuf:"varint,5,opt,name=sequence_number,json=sequenceNumber,proto3" json:"sequence_number,omitempty"`
	// contains filtered or unexported fields
}

func (*BundleMask) Descriptor deprecated 

func (*BundleMask) Descriptor() ([]byte, []int)

Deprecated: Use BundleMask.ProtoReflect.Descriptor instead.

func (*BundleMask) GetJwtAuthorities 

func (x *BundleMask) GetJwtAuthorities() bool

func (*BundleMask) GetRefreshHint 

func (x *BundleMask) GetRefreshHint() bool

func (*BundleMask) GetSequenceNumber 

func (x *BundleMask) GetSequenceNumber() bool

func (*BundleMask) GetX509Authorities 

func (x *BundleMask) GetX509Authorities() bool

func (*BundleMask) ProtoMessage 

func (*BundleMask) ProtoMessage()

func (*BundleMask) ProtoReflect 

func (x *BundleMask) ProtoReflect() protoreflect.Message

func (*BundleMask) Reset 

func (x *BundleMask) Reset()

func (*BundleMask) String 

func (x *BundleMask) String() string

type Entry 

type Entry struct {

	// Globally unique ID for the entry.
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// The SPIFFE ID of the identity described by this entry.
	SpiffeId *SPIFFEID `protobuf:"bytes,2,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"`
	// Who the entry is delegated to. If the entry describes a node, this is
	// set to the SPIFFE ID of the SPIRE server of the trust domain (e.g.
	// spiffe://example.org/spire/server). Otherwise, it will be set to a node
	// SPIFFE ID.
	ParentId *SPIFFEID `protobuf:"bytes,3,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"`
	// The selectors which identify which entities match this entry. If this is
	// an entry for a node, these selectors represent selectors produced by
	// node attestation. Otherwise, these selectors represent those produced by
	// workload attestation.
	Selectors []*Selector `protobuf:"bytes,4,rep,name=selectors,proto3" json:"selectors,omitempty"`
	// The time to live for X509-SVID identities issued for this entry (in seconds).
	// Previously called ttl
	X509SvidTtl int32 `protobuf:"varint,5,opt,name=x509_svid_ttl,json=x509SvidTtl,proto3" json:"x509_svid_ttl,omitempty"`
	// The names of trust domains the identity described by this entry
	// federates with.
	FederatesWith []string `protobuf:"bytes,6,rep,name=federates_with,json=federatesWith,proto3" json:"federates_with,omitempty"`
	// Whether or not the identity described by this entry is an administrative
	// workload. Administrative workloads are granted additional access to
	// various managerial server APIs, such as entry registration.
	Admin bool `protobuf:"varint,7,opt,name=admin,proto3" json:"admin,omitempty"`
	// Whether or not the identity described by this entry represents a
	// downstream SPIRE server. Downstream SPIRE servers have additional access
	// to various signing APIs, such as those used to sign X.509 CA
	// certificates and publish JWT signing keys.
	Downstream bool `protobuf:"varint,8,opt,name=downstream,proto3" json:"downstream,omitempty"`
	// When the entry expires (seconds since Unix epoch).
	ExpiresAt int64 `protobuf:"varint,9,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	// A list of DNS names associated with the identity described by this entry.
	DnsNames []string `protobuf:"bytes,10,rep,name=dns_names,json=dnsNames,proto3" json:"dns_names,omitempty"`
	// Revision number is bumped every time the entry is updated
	RevisionNumber int64 `protobuf:"varint,11,opt,name=revision_number,json=revisionNumber,proto3" json:"revision_number,omitempty"`
	// Determines if the issued identity is exportable to a store
	StoreSvid bool `protobuf:"varint,12,opt,name=store_svid,json=storeSvid,proto3" json:"store_svid,omitempty"`
	// The time to live for JWT-SVID identities issued for this entry (in seconds), overrides ttl if set.
	JwtSvidTtl int32 `protobuf:"varint,13,opt,name=jwt_svid_ttl,json=jwtSvidTtl,proto3" json:"jwt_svid_ttl,omitempty"`
	// An operator-specified string used to provide guidance on how this
	// identity should be used by a workload when more than one SVID is returned.
	Hint string `protobuf:"bytes,14,opt,name=hint,proto3" json:"hint,omitempty"`
	// When the entry was created (seconds since Unix epoch).
	CreatedAt int64 `protobuf:"varint,15,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
	// contains filtered or unexported fields
}

func (*Entry) Descriptor deprecated 

func (*Entry) Descriptor() ([]byte, []int)

Deprecated: Use Entry.ProtoReflect.Descriptor instead.

func (*Entry) GetAdmin 

func (x *Entry) GetAdmin() bool

func (*Entry) GetCreatedAt added in v1.6.3 

func (x *Entry) GetCreatedAt() int64

func (*Entry) GetDnsNames 

func (x *Entry) GetDnsNames() []string

func (*Entry) GetDownstream 

func (x *Entry) GetDownstream() bool

func (*Entry) GetExpiresAt 

func (x *Entry) GetExpiresAt() int64

func (*Entry) GetFederatesWith 

func (x *Entry) GetFederatesWith() []string

func (*Entry) GetHint added in v1.6.3 

func (x *Entry) GetHint() string

func (*Entry) GetId 

func (x *Entry) GetId() string

func (*Entry) GetJwtSvidTtl added in v1.5.0 

func (x *Entry) GetJwtSvidTtl() int32

func (*Entry) GetParentId 

func (x *Entry) GetParentId() *SPIFFEID

func (*Entry) GetRevisionNumber 

func (x *Entry) GetRevisionNumber() int64

func (*Entry) GetSelectors 

func (x *Entry) GetSelectors() []*Selector

func (*Entry) GetSpiffeId 

func (x *Entry) GetSpiffeId() *SPIFFEID

func (*Entry) GetStoreSvid added in v1.1.0 

func (x *Entry) GetStoreSvid() bool

func (*Entry) GetX509SvidTtl added in v1.5.0 

func (x *Entry) GetX509SvidTtl() int32

func (*Entry) ProtoMessage 

func (*Entry) ProtoMessage()

func (*Entry) ProtoReflect 

func (x *Entry) ProtoReflect() protoreflect.Message

func (*Entry) Reset 

func (x *Entry) Reset()

func (*Entry) String 

func (x *Entry) String() string

type EntryMask 

type EntryMask struct {

	// spiffe_id field mask
	SpiffeId bool `protobuf:"varint,2,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"`
	// parent_id field mask
	ParentId bool `protobuf:"varint,3,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"`
	// selectors field mask
	Selectors bool `protobuf:"varint,4,opt,name=selectors,proto3" json:"selectors,omitempty"`
	// x509_svid_ttl field mask
	X509SvidTtl bool `protobuf:"varint,5,opt,name=x509_svid_ttl,json=x509SvidTtl,proto3" json:"x509_svid_ttl,omitempty"`
	// federates_with field mask
	FederatesWith bool `protobuf:"varint,6,opt,name=federates_with,json=federatesWith,proto3" json:"federates_with,omitempty"`
	// admin field mask
	Admin bool `protobuf:"varint,7,opt,name=admin,proto3" json:"admin,omitempty"`
	// downstream field mask
	Downstream bool `protobuf:"varint,8,opt,name=downstream,proto3" json:"downstream,omitempty"`
	// expires_at field mask
	ExpiresAt bool `protobuf:"varint,9,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	// dns_names field mask
	DnsNames bool `protobuf:"varint,10,opt,name=dns_names,json=dnsNames,proto3" json:"dns_names,omitempty"`
	// revision_number field mask
	RevisionNumber bool `protobuf:"varint,11,opt,name=revision_number,json=revisionNumber,proto3" json:"revision_number,omitempty"`
	// store_svid field mask
	StoreSvid bool `protobuf:"varint,12,opt,name=store_svid,json=storeSvid,proto3" json:"store_svid,omitempty"`
	// jwt_svid_ttl field mask
	JwtSvidTtl bool `protobuf:"varint,13,opt,name=jwt_svid_ttl,json=jwtSvidTtl,proto3" json:"jwt_svid_ttl,omitempty"`
	// hint field mask
	Hint bool `protobuf:"varint,14,opt,name=hint,proto3" json:"hint,omitempty"`
	// created_at field mask
	CreatedAt bool `protobuf:"varint,15,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"`
	// contains filtered or unexported fields
}

Field mask for Entry fields

func (*EntryMask) Descriptor deprecated 

func (*EntryMask) Descriptor() ([]byte, []int)

Deprecated: Use EntryMask.ProtoReflect.Descriptor instead.

func (*EntryMask) GetAdmin 

func (x *EntryMask) GetAdmin() bool

func (*EntryMask) GetCreatedAt added in v1.6.3 

func (x *EntryMask) GetCreatedAt() bool

func (*EntryMask) GetDnsNames 

func (x *EntryMask) GetDnsNames() bool

func (*EntryMask) GetDownstream 

func (x *EntryMask) GetDownstream() bool

func (*EntryMask) GetExpiresAt 

func (x *EntryMask) GetExpiresAt() bool

func (*EntryMask) GetFederatesWith 

func (x *EntryMask) GetFederatesWith() bool

func (*EntryMask) GetHint added in v1.6.3 

func (x *EntryMask) GetHint() bool

func (*EntryMask) GetJwtSvidTtl added in v1.5.0 

func (x *EntryMask) GetJwtSvidTtl() bool

func (*EntryMask) GetParentId 

func (x *EntryMask) GetParentId() bool

func (*EntryMask) GetRevisionNumber 

func (x *EntryMask) GetRevisionNumber() bool

func (*EntryMask) GetSelectors 

func (x *EntryMask) GetSelectors() bool

func (*EntryMask) GetSpiffeId 

func (x *EntryMask) GetSpiffeId() bool

func (*EntryMask) GetStoreSvid added in v1.1.0 

func (x *EntryMask) GetStoreSvid() bool

func (*EntryMask) GetX509SvidTtl added in v1.5.0 

func (x *EntryMask) GetX509SvidTtl() bool

func (*EntryMask) ProtoMessage 

func (*EntryMask) ProtoMessage()

func (*EntryMask) ProtoReflect 

func (x *EntryMask) ProtoReflect() protoreflect.Message

func (*EntryMask) Reset 

func (x *EntryMask) Reset()

func (*EntryMask) String 

func (x *EntryMask) String() string

type FederatesWithMatch 

type FederatesWithMatch struct {

	// The set of trust domain names to match on (e.g., "example.org").
	TrustDomains []string `protobuf:"bytes,1,rep,name=trust_domains,json=trustDomains,proto3" json:"trust_domains,omitempty"`
	// How to match the trust domains.
	Match FederatesWithMatch_MatchBehavior `protobuf:"varint,2,opt,name=match,proto3,enum=spire.api.types.FederatesWithMatch_MatchBehavior" json:"match,omitempty"`
	// contains filtered or unexported fields
}

func (*FederatesWithMatch) Descriptor deprecated 

func (*FederatesWithMatch) Descriptor() ([]byte, []int)

Deprecated: Use FederatesWithMatch.ProtoReflect.Descriptor instead.

func (*FederatesWithMatch) GetMatch 

func (x *FederatesWithMatch) GetMatch() FederatesWithMatch_MatchBehavior

func (*FederatesWithMatch) GetTrustDomains 

func (x *FederatesWithMatch) GetTrustDomains() []string

func (*FederatesWithMatch) ProtoMessage 

func (*FederatesWithMatch) ProtoMessage()

func (*FederatesWithMatch) ProtoReflect 

func (x *FederatesWithMatch) ProtoReflect() protoreflect.Message

func (*FederatesWithMatch) Reset 

func (x *FederatesWithMatch) Reset()

func (*FederatesWithMatch) String 

func (x *FederatesWithMatch) String() string

type FederatesWithMatch_MatchBehavior 

type FederatesWithMatch_MatchBehavior int32
const (
	// Indicates that the federated trust domains in this match are
	// equal to the candidate trust domains, independent of ordering.
	// Example:
	//   Given:
	//     - e1 { FederatesWith: ["spiffe://td1", "spiffe://td2", "spiffe://td3"]}
	//     - e2 { FederatesWith: ["spiffe://td1", "spiffe://td2"]}
	//     - e3 { FederatesWith: ["spiffe://td1"]}
	//   Operation:
	//     - MATCH_EXACT ["spiffe://td1", "spiffe://td2"]
	//   Entries that match:
	//     - 'e2'
	FederatesWithMatch_MATCH_EXACT FederatesWithMatch_MatchBehavior = 0
	// Indicates that all candidates which have a non-empty subset
	// of the provided set of trust domains will match.
	// Example:
	//   Given:
	//     - e1 { FederatesWith: ["spiffe://td1", "spiffe://td2", "spiffe://td3"]}
	//     - e2 { FederatesWith: ["spiffe://td1", "spiffe://td2"]}
	//     - e3 { FederatesWith: ["spiffe://td1"]}
	//   Operation:
	//     - MATCH_SUBSET ["spiffe://td1"]
	//   Entries that match:
	//     - 'e1'
	FederatesWithMatch_MATCH_SUBSET FederatesWithMatch_MatchBehavior = 1
	// Indicate that all candidates which are a superset
	// of the provided set of trust domains will match.
	// Example:
	//   Given:
	//     - e1 { FederatesWith: ["spiffe://td1", "spiffe://td2", "spiffe://td3"]}
	//     - e2 { FederatesWith: ["spiffe://td1", "spiffe://td2"]}
	//     - e3 { FederatesWith: ["spiffe://td1"]}
	//   Operation:
	//     - MATCH_SUPERSET ["spiffe://td1", "spiffe://td2"]
	//   Entries that match:
	//     - 'e1'
	//     - 'e2'
	FederatesWithMatch_MATCH_SUPERSET FederatesWithMatch_MatchBehavior = 2
	// Indicates that all candidates which have at least one
	// of the provided set of trust domains will match.
	// Example:
	//   Given:
	//     - e1 { FederatesWith: ["spiffe://td1", "spiffe://td2", "spiffe://td3"]}
	//     - e2 { FederatesWith: ["spiffe://td1", "spiffe://td2"]}
	//     - e3 { FederatesWith: ["spiffe://td1"]}
	//   Operation:
	//     - MATCH_ANY ["spiffe://td1"]
	//   Entries that match:
	//     - 'e1'
	//     - 'e2'
	//     - 'e3'
	FederatesWithMatch_MATCH_ANY FederatesWithMatch_MatchBehavior = 3
)

func (FederatesWithMatch_MatchBehavior) Descriptor 

func (FederatesWithMatch_MatchBehavior) Descriptor() protoreflect.EnumDescriptor

func (FederatesWithMatch_MatchBehavior) Enum 

func (x FederatesWithMatch_MatchBehavior) Enum() *FederatesWithMatch_MatchBehavior

func (FederatesWithMatch_MatchBehavior) EnumDescriptor deprecated 

func (FederatesWithMatch_MatchBehavior) EnumDescriptor() ([]byte, []int)

Deprecated: Use FederatesWithMatch_MatchBehavior.Descriptor instead.

func (FederatesWithMatch_MatchBehavior) Number 

func (x FederatesWithMatch_MatchBehavior) Number() protoreflect.EnumNumber

func (FederatesWithMatch_MatchBehavior) String 

func (x FederatesWithMatch_MatchBehavior) String() string

func (FederatesWithMatch_MatchBehavior) Type 

func (FederatesWithMatch_MatchBehavior) Type() protoreflect.EnumType

type FederationRelationship added in v1.1.0 

type FederationRelationship struct {

	// Required. The trust domain name (e.g., "example.org") to federate with.
	TrustDomain string `protobuf:"bytes,1,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"`
	// Required. URL of the SPIFFE bundle endpoint that provides the trust
	// bundle to federate with. Must use the HTTPS protocol.
	BundleEndpointUrl string `protobuf:"bytes,2,opt,name=bundle_endpoint_url,json=bundleEndpointUrl,proto3" json:"bundle_endpoint_url,omitempty"`
	// Required. The endpoint profile type.
	//
	// Types that are assignable to BundleEndpointProfile:
	//	*FederationRelationship_HttpsWeb
	//	*FederationRelationship_HttpsSpiffe
	BundleEndpointProfile isFederationRelationship_BundleEndpointProfile `protobuf_oneof:"bundle_endpoint_profile"`
	// Optional. The bundle for the trust domain. This field can be used to
	// create or replace the referenced trust domains' bundle when the
	// relationship is created or updated.  When the relationship is retrieved,
	// it will be set to the referenced trust domain's latest bundle (if
	// available). Please note that the `https_spiffe` profile requires an
	// existing trust domain bundle in order to function correctly. The
	// required bundle must match the trust domain specified in the bundle
	// endpoint SPIFFE ID. If the bundle endpoint SPIFFE ID resides in the same
	// trust domain that you're trying to federate with, you may optionally
	// specify that trust domain bundle here. If the bundle endpoint SPIFFE ID
	// _does not_ reside in the same trust domain that you're federating with,
	// please ensure that the trust domain bundle for that trust domain has
	// been configured separately (e.g. configured via another federation
	// relationship or manually set via the Bundle API).
	TrustDomainBundle *Bundle `protobuf:"bytes,5,opt,name=trust_domain_bundle,json=trustDomainBundle,proto3" json:"trust_domain_bundle,omitempty"`
	// contains filtered or unexported fields
}

func (*FederationRelationship) Descriptor deprecated added in v1.1.0 

func (*FederationRelationship) Descriptor() ([]byte, []int)

Deprecated: Use FederationRelationship.ProtoReflect.Descriptor instead.

func (*FederationRelationship) GetBundleEndpointProfile added in v1.1.0 

func (m *FederationRelationship) GetBundleEndpointProfile() isFederationRelationship_BundleEndpointProfile

func (*FederationRelationship) GetBundleEndpointUrl added in v1.1.0 

func (x *FederationRelationship) GetBundleEndpointUrl() string

func (*FederationRelationship) GetHttpsSpiffe added in v1.1.0 

func (x *FederationRelationship) GetHttpsSpiffe() *HTTPSSPIFFEProfile

func (*FederationRelationship) GetHttpsWeb added in v1.1.0 

func (x *FederationRelationship) GetHttpsWeb() *HTTPSWebProfile

func (*FederationRelationship) GetTrustDomain added in v1.1.0 

func (x *FederationRelationship) GetTrustDomain() string

func (*FederationRelationship) GetTrustDomainBundle added in v1.1.0 

func (x *FederationRelationship) GetTrustDomainBundle() *Bundle

func (*FederationRelationship) ProtoMessage added in v1.1.0 

func (*FederationRelationship) ProtoMessage()

func (*FederationRelationship) ProtoReflect added in v1.1.0 

func (x *FederationRelationship) ProtoReflect() protoreflect.Message

func (*FederationRelationship) Reset added in v1.1.0 

func (x *FederationRelationship) Reset()

func (*FederationRelationship) String added in v1.1.0 

func (x *FederationRelationship) String() string

type FederationRelationshipMask added in v1.1.0 

type FederationRelationshipMask struct {

	// bundle_endpoint_url field mask.
	BundleEndpointUrl bool `protobuf:"varint,1,opt,name=bundle_endpoint_url,json=bundleEndpointUrl,proto3" json:"bundle_endpoint_url,omitempty"`
	// bundle_endpoint_profile field mask.
	BundleEndpointProfile bool `` /* 127-byte string literal not displayed */
	// trust_domain_bundle field mask.
	TrustDomainBundle bool `protobuf:"varint,3,opt,name=trust_domain_bundle,json=trustDomainBundle,proto3" json:"trust_domain_bundle,omitempty"`
	// contains filtered or unexported fields
}

func (*FederationRelationshipMask) Descriptor deprecated added in v1.1.0 

func (*FederationRelationshipMask) Descriptor() ([]byte, []int)

Deprecated: Use FederationRelationshipMask.ProtoReflect.Descriptor instead.

func (*FederationRelationshipMask) GetBundleEndpointProfile added in v1.1.0 

func (x *FederationRelationshipMask) GetBundleEndpointProfile() bool

func (*FederationRelationshipMask) GetBundleEndpointUrl added in v1.1.0 

func (x *FederationRelationshipMask) GetBundleEndpointUrl() bool

func (*FederationRelationshipMask) GetTrustDomainBundle added in v1.1.0 

func (x *FederationRelationshipMask) GetTrustDomainBundle() bool

func (*FederationRelationshipMask) ProtoMessage added in v1.1.0 

func (*FederationRelationshipMask) ProtoMessage()

func (*FederationRelationshipMask) ProtoReflect added in v1.1.0 

func (x *FederationRelationshipMask) ProtoReflect() protoreflect.Message

func (*FederationRelationshipMask) Reset added in v1.1.0 

func (x *FederationRelationshipMask) Reset()

func (*FederationRelationshipMask) String added in v1.1.0 

func (x *FederationRelationshipMask) String() string

type FederationRelationship_HttpsSpiffe added in v1.1.0 

type FederationRelationship_HttpsSpiffe struct {
	// Use SPIFFE Authentication endpoint profile.
	HttpsSpiffe *HTTPSSPIFFEProfile `protobuf:"bytes,4,opt,name=https_spiffe,json=httpsSpiffe,proto3,oneof"`
}

type FederationRelationship_HttpsWeb added in v1.1.0 

type FederationRelationship_HttpsWeb struct {
	// Use Web PKI endpoint profile.
	HttpsWeb *HTTPSWebProfile `protobuf:"bytes,3,opt,name=https_web,json=httpsWeb,proto3,oneof"`
}

type HTTPSSPIFFEProfile added in v1.1.0 

type HTTPSSPIFFEProfile struct {

	// Required. Specifies the expected SPIFFE ID of the SPIFFE bundle endpoint
	// server.
	EndpointSpiffeId string `protobuf:"bytes,1,opt,name=endpoint_spiffe_id,json=endpointSpiffeId,proto3" json:"endpoint_spiffe_id,omitempty"`
	// contains filtered or unexported fields
}

func (*HTTPSSPIFFEProfile) Descriptor deprecated added in v1.1.0 

func (*HTTPSSPIFFEProfile) Descriptor() ([]byte, []int)

Deprecated: Use HTTPSSPIFFEProfile.ProtoReflect.Descriptor instead.

func (*HTTPSSPIFFEProfile) GetEndpointSpiffeId added in v1.1.0 

func (x *HTTPSSPIFFEProfile) GetEndpointSpiffeId() string

func (*HTTPSSPIFFEProfile) ProtoMessage added in v1.1.0 

func (*HTTPSSPIFFEProfile) ProtoMessage()

func (*HTTPSSPIFFEProfile) ProtoReflect added in v1.1.0 

func (x *HTTPSSPIFFEProfile) ProtoReflect() protoreflect.Message

func (*HTTPSSPIFFEProfile) Reset added in v1.1.0 

func (x *HTTPSSPIFFEProfile) Reset()

func (*HTTPSSPIFFEProfile) String added in v1.1.0 

func (x *HTTPSSPIFFEProfile) String() string

type HTTPSWebProfile added in v1.1.0 

type HTTPSWebProfile struct {
	// contains filtered or unexported fields
}

func (*HTTPSWebProfile) Descriptor deprecated added in v1.1.0 

func (*HTTPSWebProfile) Descriptor() ([]byte, []int)

Deprecated: Use HTTPSWebProfile.ProtoReflect.Descriptor instead.

func (*HTTPSWebProfile) ProtoMessage added in v1.1.0 

func (*HTTPSWebProfile) ProtoMessage()

func (*HTTPSWebProfile) ProtoReflect added in v1.1.0 

func (x *HTTPSWebProfile) ProtoReflect() protoreflect.Message

func (*HTTPSWebProfile) Reset added in v1.1.0 

func (x *HTTPSWebProfile) Reset()

func (*HTTPSWebProfile) String added in v1.1.0 

func (x *HTTPSWebProfile) String() string

type JWTKey 

type JWTKey struct {

	// The PKIX encoded public key.
	PublicKey []byte `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
	// The key identifier.
	KeyId string `protobuf:"bytes,2,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// When the key expires (seconds since Unix epoch). If zero, the key does
	// not expire.
	ExpiresAt int64 `protobuf:"varint,3,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	// This authority is no longer secure and must not be used
	Tainted bool `protobuf:"varint,4,opt,name=tainted,proto3" json:"tainted,omitempty"`
	// contains filtered or unexported fields
}

func (*JWTKey) Descriptor deprecated 

func (*JWTKey) Descriptor() ([]byte, []int)

Deprecated: Use JWTKey.ProtoReflect.Descriptor instead.

func (*JWTKey) GetExpiresAt 

func (x *JWTKey) GetExpiresAt() int64

func (*JWTKey) GetKeyId 

func (x *JWTKey) GetKeyId() string

func (*JWTKey) GetPublicKey 

func (x *JWTKey) GetPublicKey() []byte

func (*JWTKey) GetTainted added in v1.7.2 

func (x *JWTKey) GetTainted() bool

func (*JWTKey) ProtoMessage 

func (*JWTKey) ProtoMessage()

func (*JWTKey) ProtoReflect 

func (x *JWTKey) ProtoReflect() protoreflect.Message

func (*JWTKey) Reset 

func (x *JWTKey) Reset()

func (*JWTKey) String 

func (x *JWTKey) String() string

type JWTSVID 

type JWTSVID struct {

	// The serialized JWT token.
	Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	// The SPIFFE ID of the JWT-SVID.
	Id *SPIFFEID `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
	// Expiration timestamp (seconds since Unix epoch).
	ExpiresAt int64 `protobuf:"varint,3,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	// Issuance timestamp (seconds since Unix epoch).
	IssuedAt int64 `protobuf:"varint,4,opt,name=issued_at,json=issuedAt,proto3" json:"issued_at,omitempty"`
	// Optional. An operator-specified string used to provide guidance on how this
	// identity should be used by a workload when more than one SVID is returned.
	// For example, `internal` and `external` to indicate an SVID for internal or
	// external use, respectively.
	Hint string `protobuf:"bytes,5,opt,name=hint,proto3" json:"hint,omitempty"`
	// contains filtered or unexported fields
}

JWT SPIFFE Verifiable Identity Document. It contains the raw JWT token as well as a few denormalized fields for convenience.

func (*JWTSVID) Descriptor deprecated 

func (*JWTSVID) Descriptor() ([]byte, []int)

Deprecated: Use JWTSVID.ProtoReflect.Descriptor instead.

func (*JWTSVID) GetExpiresAt 

func (x *JWTSVID) GetExpiresAt() int64

func (*JWTSVID) GetHint added in v1.6.4 

func (x *JWTSVID) GetHint() string

func (*JWTSVID) GetId 

func (x *JWTSVID) GetId() *SPIFFEID

func (*JWTSVID) GetIssuedAt 

func (x *JWTSVID) GetIssuedAt() int64

func (*JWTSVID) GetToken 

func (x *JWTSVID) GetToken() string

func (*JWTSVID) ProtoMessage 

func (*JWTSVID) ProtoMessage()

func (*JWTSVID) ProtoReflect 

func (x *JWTSVID) ProtoReflect() protoreflect.Message

func (*JWTSVID) Reset 

func (x *JWTSVID) Reset()

func (*JWTSVID) String 

func (x *JWTSVID) String() string

type JoinToken 

type JoinToken struct {

	// The value of the token.
	Value string `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"`
	// The token expiration (seconds since Unix epoch).
	ExpiresAt int64 `protobuf:"varint,2,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	// contains filtered or unexported fields
}

func (*JoinToken) Descriptor deprecated 

func (*JoinToken) Descriptor() ([]byte, []int)

Deprecated: Use JoinToken.ProtoReflect.Descriptor instead.

func (*JoinToken) GetExpiresAt 

func (x *JoinToken) GetExpiresAt() int64

func (*JoinToken) GetValue 

func (x *JoinToken) GetValue() string

func (*JoinToken) ProtoMessage 

func (*JoinToken) ProtoMessage()

func (*JoinToken) ProtoReflect 

func (x *JoinToken) ProtoReflect() protoreflect.Message

func (*JoinToken) Reset 

func (x *JoinToken) Reset()

func (*JoinToken) String 

func (x *JoinToken) String() string

type PermissionDeniedDetails 

type PermissionDeniedDetails struct {
	Reason PermissionDeniedDetails_Reason `protobuf:"varint,1,opt,name=reason,proto3,enum=spire.api.types.PermissionDeniedDetails_Reason" json:"reason,omitempty"`
	// contains filtered or unexported fields
}

func (*PermissionDeniedDetails) Descriptor deprecated 

func (*PermissionDeniedDetails) Descriptor() ([]byte, []int)

Deprecated: Use PermissionDeniedDetails.ProtoReflect.Descriptor instead.

func (*PermissionDeniedDetails) GetReason 

func (x *PermissionDeniedDetails) GetReason() PermissionDeniedDetails_Reason

func (*PermissionDeniedDetails) ProtoMessage 

func (*PermissionDeniedDetails) ProtoMessage()

func (*PermissionDeniedDetails) ProtoReflect 

func (x *PermissionDeniedDetails) ProtoReflect() protoreflect.Message

func (*PermissionDeniedDetails) Reset 

func (x *PermissionDeniedDetails) Reset()

func (*PermissionDeniedDetails) String 

func (x *PermissionDeniedDetails) String() string

type PermissionDeniedDetails_Reason 

type PermissionDeniedDetails_Reason int32
const (
	// Reason unknown.
	PermissionDeniedDetails_UNKNOWN PermissionDeniedDetails_Reason = 0
	// Agent identity has expired.
	PermissionDeniedDetails_AGENT_EXPIRED PermissionDeniedDetails_Reason = 1
	// Identity is not an attested agent.
	PermissionDeniedDetails_AGENT_NOT_ATTESTED PermissionDeniedDetails_Reason = 2
	// Identity is not the active agent identity.
	PermissionDeniedDetails_AGENT_NOT_ACTIVE PermissionDeniedDetails_Reason = 3
	// Agent has been banned.
	PermissionDeniedDetails_AGENT_BANNED PermissionDeniedDetails_Reason = 4
	// Agent attempted to renew SVID, but should reattest instead
	PermissionDeniedDetails_AGENT_MUST_REATTEST PermissionDeniedDetails_Reason = 5
)

func (PermissionDeniedDetails_Reason) Descriptor 

func (PermissionDeniedDetails_Reason) Descriptor() protoreflect.EnumDescriptor

func (PermissionDeniedDetails_Reason) Enum 

func (x PermissionDeniedDetails_Reason) Enum() *PermissionDeniedDetails_Reason

func (PermissionDeniedDetails_Reason) EnumDescriptor deprecated 

func (PermissionDeniedDetails_Reason) EnumDescriptor() ([]byte, []int)

Deprecated: Use PermissionDeniedDetails_Reason.Descriptor instead.

func (PermissionDeniedDetails_Reason) Number 

func (x PermissionDeniedDetails_Reason) Number() protoreflect.EnumNumber

func (PermissionDeniedDetails_Reason) String 

func (x PermissionDeniedDetails_Reason) String() string

func (PermissionDeniedDetails_Reason) Type 

func (PermissionDeniedDetails_Reason) Type() protoreflect.EnumType

type SPIFFEID 

type SPIFFEID struct {

	// Trust domain portion the SPIFFE ID (e.g. "example.org")
	TrustDomain string `protobuf:"bytes,1,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"`
	// The path component of the SPIFFE ID (e.g. "/foo/bar/baz"). The path
	// SHOULD have a leading slash. Consumers MUST normalize the path before
	// making any sort of comparison between IDs.
	Path string `protobuf:"bytes,2,opt,name=path,proto3" json:"path,omitempty"`
	// contains filtered or unexported fields
}

A SPIFFE ID, consisting of the trust domain name and a path portions of the SPIFFE ID URI.

func (*SPIFFEID) Descriptor deprecated 

func (*SPIFFEID) Descriptor() ([]byte, []int)

Deprecated: Use SPIFFEID.ProtoReflect.Descriptor instead.

func (*SPIFFEID) GetPath 

func (x *SPIFFEID) GetPath() string

func (*SPIFFEID) GetTrustDomain 

func (x *SPIFFEID) GetTrustDomain() string

func (*SPIFFEID) ProtoMessage 

func (*SPIFFEID) ProtoMessage()

func (*SPIFFEID) ProtoReflect 

func (x *SPIFFEID) ProtoReflect() protoreflect.Message

func (*SPIFFEID) Reset 

func (x *SPIFFEID) Reset()

func (*SPIFFEID) String 

func (x *SPIFFEID) String() string

type Selector 

type Selector struct {

	// The type of the selector. This is typically the name of the plugin that
	// produces the selector.
	Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"`
	// The value of the selector.
	Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
	// contains filtered or unexported fields
}

func (*Selector) Descriptor deprecated 

func (*Selector) Descriptor() ([]byte, []int)

Deprecated: Use Selector.ProtoReflect.Descriptor instead.

func (*Selector) GetType 

func (x *Selector) GetType() string

func (*Selector) GetValue 

func (x *Selector) GetValue() string

func (*Selector) ProtoMessage 

func (*Selector) ProtoMessage()

func (*Selector) ProtoReflect 

func (x *Selector) ProtoReflect() protoreflect.Message

func (*Selector) Reset 

func (x *Selector) Reset()

func (*Selector) String 

func (x *Selector) String() string

type SelectorMatch 

type SelectorMatch struct {

	// The set of selectors to match on.
	Selectors []*Selector `protobuf:"bytes,1,rep,name=selectors,proto3" json:"selectors,omitempty"`
	// How to match the selectors.
	Match SelectorMatch_MatchBehavior `protobuf:"varint,2,opt,name=match,proto3,enum=spire.api.types.SelectorMatch_MatchBehavior" json:"match,omitempty"`
	// contains filtered or unexported fields
}

func (*SelectorMatch) Descriptor deprecated 

func (*SelectorMatch) Descriptor() ([]byte, []int)

Deprecated: Use SelectorMatch.ProtoReflect.Descriptor instead.

func (*SelectorMatch) GetMatch 

func (x *SelectorMatch) GetMatch() SelectorMatch_MatchBehavior

func (*SelectorMatch) GetSelectors 

func (x *SelectorMatch) GetSelectors() []*Selector

func (*SelectorMatch) ProtoMessage 

func (*SelectorMatch) ProtoMessage()

func (*SelectorMatch) ProtoReflect 

func (x *SelectorMatch) ProtoReflect() protoreflect.Message

func (*SelectorMatch) Reset 

func (x *SelectorMatch) Reset()

func (*SelectorMatch) String 

func (x *SelectorMatch) String() string

type SelectorMatch_MatchBehavior 

type SelectorMatch_MatchBehavior int32
const (
	// Indicates that the selectors in this match are equal to the
	// candidate selectors, independent of ordering.
	// Example:
	//   Given:
	//     - 'e1 { Selectors: ["a:1", "b:2", "c:3"]}'
	//     - 'e2 { Selectors: ["a:1", "b:2"]}'
	//     - 'e3 { Selectors: ["a:1"]}'
	//   Operation:
	//     - MATCH_EXACT ["a:1", "b:2"]
	//   Entries that match:
	//     - 'e2'
	SelectorMatch_MATCH_EXACT SelectorMatch_MatchBehavior = 0
	// Indicates that all candidates which have a non-empty subset
	// of the provided set of selectors will match.
	// Example:
	//   Given:
	//     - 'e1 { Selectors: ["a:1", "b:2", "c:3"]}'
	//     - 'e2 { Selectors: ["a:1", "b:2"]}'
	//     - 'e3 { Selectors: ["a:1"]}'
	//   Operation:
	//     - MATCH_SUBSET ["a:1"]
	//   Entries that match:
	//     - 'e1'
	SelectorMatch_MATCH_SUBSET SelectorMatch_MatchBehavior = 1
	// Indicates that all candidates which are a superset
	// of the provided selectors will match.
	// Example:
	//   Given:
	//     - 'e1 { Selectors: ["a:1", "b:2", "c:3"]}'
	//     - 'e2 { Selectors: ["a:1", "b:2"]}'
	//     - 'e3 { Selectors: ["a:1"]}'
	//   Operation:
	//     - MATCH_SUPERSET ["a:1", "b:2"]
	//   Entries that match:
	//     - 'e1'
	//     - 'e2'
	SelectorMatch_MATCH_SUPERSET SelectorMatch_MatchBehavior = 2
	// Indicates that all candidates which have at least one
	// of the provided set of selectors will match.
	// Example:
	//   Given:
	//     - 'e1 { Selectors: ["a:1", "b:2", "c:3"]}'
	//     - 'e2 { Selectors: ["a:1", "b:2"]}'
	//     - 'e3 { Selectors: ["a:1"]}'
	//   Operation:
	//     - MATCH_ANY ["a:1"]
	//   Entries that match:
	//     - 'e1'
	//     - 'e2'
	//     - 'e3'
	SelectorMatch_MATCH_ANY SelectorMatch_MatchBehavior = 3
)

func (SelectorMatch_MatchBehavior) Descriptor 

func (SelectorMatch_MatchBehavior) Descriptor() protoreflect.EnumDescriptor

func (SelectorMatch_MatchBehavior) Enum 

func (x SelectorMatch_MatchBehavior) Enum() *SelectorMatch_MatchBehavior

func (SelectorMatch_MatchBehavior) EnumDescriptor deprecated 

func (SelectorMatch_MatchBehavior) EnumDescriptor() ([]byte, []int)

Deprecated: Use SelectorMatch_MatchBehavior.Descriptor instead.

func (SelectorMatch_MatchBehavior) Number 

func (x SelectorMatch_MatchBehavior) Number() protoreflect.EnumNumber

func (SelectorMatch_MatchBehavior) String 

func (x SelectorMatch_MatchBehavior) String() string

func (SelectorMatch_MatchBehavior) Type 

func (SelectorMatch_MatchBehavior) Type() protoreflect.EnumType

type Status 

type Status struct {

	// A status code, which should be an enum value of google.rpc.Code.
	Code int32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"`
	// A developer-facing error message.
	Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"`
	// contains filtered or unexported fields
}

func (*Status) Descriptor deprecated 

func (*Status) Descriptor() ([]byte, []int)

Deprecated: Use Status.ProtoReflect.Descriptor instead.

func (*Status) GetCode 

func (x *Status) GetCode() int32

func (*Status) GetMessage 

func (x *Status) GetMessage() string

func (*Status) ProtoMessage 

func (*Status) ProtoMessage()

func (*Status) ProtoReflect 

func (x *Status) ProtoReflect() protoreflect.Message

func (*Status) Reset 

func (x *Status) Reset()

func (*Status) String 

func (x *Status) String() string

type X509Certificate 

type X509Certificate struct {

	// The ASN.1 DER encoded bytes of the X.509 certificate.
	Asn1 []byte `protobuf:"bytes,1,opt,name=asn1,proto3" json:"asn1,omitempty"`
	// This authority is no longer secure and must not be used.
	Tainted bool `protobuf:"varint,2,opt,name=tainted,proto3" json:"tainted,omitempty"`
	// contains filtered or unexported fields
}

func (*X509Certificate) Descriptor deprecated 

func (*X509Certificate) Descriptor() ([]byte, []int)

Deprecated: Use X509Certificate.ProtoReflect.Descriptor instead.

func (*X509Certificate) GetAsn1 

func (x *X509Certificate) GetAsn1() []byte

func (*X509Certificate) GetTainted added in v1.7.2 

func (x *X509Certificate) GetTainted() bool

func (*X509Certificate) ProtoMessage 

func (*X509Certificate) ProtoMessage()

func (*X509Certificate) ProtoReflect 

func (x *X509Certificate) ProtoReflect() protoreflect.Message

func (*X509Certificate) Reset 

func (x *X509Certificate) Reset()

func (*X509Certificate) String 

func (x *X509Certificate) String() string

type X509SVID 

type X509SVID struct {

	// Certificate and intermediates required to form a chain of trust back to
	// the X.509 authorities of the trust domain (ASN.1 DER encoded).
	CertChain [][]byte `protobuf:"bytes,1,rep,name=cert_chain,json=certChain,proto3" json:"cert_chain,omitempty"`
	// SPIFFE ID of the SVID.
	Id *SPIFFEID `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
	// Expiration timestamp (seconds since Unix epoch).
	ExpiresAt int64 `protobuf:"varint,3,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	// Optional. An operator-specified string used to provide guidance on how this
	// identity should be used by a workload when more than one SVID is returned.
	// For example, `internal` and `external` to indicate an SVID for internal or
	// external use, respectively.
	Hint string `protobuf:"bytes,4,opt,name=hint,proto3" json:"hint,omitempty"`
	// contains filtered or unexported fields
}

X.509 SPIFFE Verifiable Identity Document. It contains the raw X.509 certificate data as well as a few denormalized fields for convenience.

func (*X509SVID) Descriptor deprecated 

func (*X509SVID) Descriptor() ([]byte, []int)

Deprecated: Use X509SVID.ProtoReflect.Descriptor instead.

func (*X509SVID) GetCertChain 

func (x *X509SVID) GetCertChain() [][]byte

func (*X509SVID) GetExpiresAt 

func (x *X509SVID) GetExpiresAt() int64

func (*X509SVID) GetHint added in v1.6.4 

func (x *X509SVID) GetHint() string

func (*X509SVID) GetId 

func (x *X509SVID) GetId() *SPIFFEID

func (*X509SVID) ProtoMessage 

func (*X509SVID) ProtoMessage()

func (*X509SVID) ProtoReflect 

func (x *X509SVID) ProtoReflect() protoreflect.Message

func (*X509SVID) Reset 

func (x *X509SVID) Reset()

func (*X509SVID) String 

func (x *X509SVID) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.