Documentation ¶
Index ¶
- Variables
- type Agent
- func (*Agent) Descriptor() ([]byte, []int)deprecated
- func (x *Agent) GetAttestationType() string
- func (x *Agent) GetBanned() bool
- func (x *Agent) GetCanReattest() bool
- func (x *Agent) GetId() *SPIFFEID
- func (x *Agent) GetSelectors() []*Selector
- func (x *Agent) GetX509SvidExpiresAt() int64
- func (x *Agent) GetX509SvidSerialNumber() string
- func (*Agent) ProtoMessage()
- func (x *Agent) ProtoReflect() protoreflect.Message
- func (x *Agent) Reset()
- func (x *Agent) String() string
- type AgentMask
- func (*AgentMask) Descriptor() ([]byte, []int)deprecated
- func (x *AgentMask) GetAttestationType() bool
- func (x *AgentMask) GetBanned() bool
- func (x *AgentMask) GetCanReattest() bool
- func (x *AgentMask) GetSelectors() bool
- func (x *AgentMask) GetX509SvidExpiresAt() bool
- func (x *AgentMask) GetX509SvidSerialNumber() bool
- func (*AgentMask) ProtoMessage()
- func (x *AgentMask) ProtoReflect() protoreflect.Message
- func (x *AgentMask) Reset()
- func (x *AgentMask) String() string
- type AttestationData
- func (*AttestationData) Descriptor() ([]byte, []int)deprecated
- func (x *AttestationData) GetPayload() []byte
- func (x *AttestationData) GetType() string
- func (*AttestationData) ProtoMessage()
- func (x *AttestationData) ProtoReflect() protoreflect.Message
- func (x *AttestationData) Reset()
- func (x *AttestationData) String() string
- type Bundle
- func (*Bundle) Descriptor() ([]byte, []int)deprecated
- func (x *Bundle) GetJwtAuthorities() []*JWTKey
- func (x *Bundle) GetRefreshHint() int64
- func (x *Bundle) GetSequenceNumber() uint64
- func (x *Bundle) GetTrustDomain() string
- func (x *Bundle) GetX509Authorities() []*X509Certificate
- func (*Bundle) ProtoMessage()
- func (x *Bundle) ProtoReflect() protoreflect.Message
- func (x *Bundle) Reset()
- func (x *Bundle) String() string
- type BundleMask
- func (*BundleMask) Descriptor() ([]byte, []int)deprecated
- func (x *BundleMask) GetJwtAuthorities() bool
- func (x *BundleMask) GetRefreshHint() bool
- func (x *BundleMask) GetSequenceNumber() bool
- func (x *BundleMask) GetX509Authorities() bool
- func (*BundleMask) ProtoMessage()
- func (x *BundleMask) ProtoReflect() protoreflect.Message
- func (x *BundleMask) Reset()
- func (x *BundleMask) String() string
- type Entry
- func (*Entry) Descriptor() ([]byte, []int)deprecated
- func (x *Entry) GetAdmin() bool
- func (x *Entry) GetCreatedAt() int64
- func (x *Entry) GetDnsNames() []string
- func (x *Entry) GetDownstream() bool
- func (x *Entry) GetExpiresAt() int64
- func (x *Entry) GetFederatesWith() []string
- func (x *Entry) GetHint() string
- func (x *Entry) GetId() string
- func (x *Entry) GetJwtSvidTtl() int32
- func (x *Entry) GetParentId() *SPIFFEID
- func (x *Entry) GetRevisionNumber() int64
- func (x *Entry) GetSelectors() []*Selector
- func (x *Entry) GetSpiffeId() *SPIFFEID
- func (x *Entry) GetStoreSvid() bool
- func (x *Entry) GetX509SvidTtl() int32
- func (*Entry) ProtoMessage()
- func (x *Entry) ProtoReflect() protoreflect.Message
- func (x *Entry) Reset()
- func (x *Entry) String() string
- type EntryMask
- func (*EntryMask) Descriptor() ([]byte, []int)deprecated
- func (x *EntryMask) GetAdmin() bool
- func (x *EntryMask) GetCreatedAt() bool
- func (x *EntryMask) GetDnsNames() bool
- func (x *EntryMask) GetDownstream() bool
- func (x *EntryMask) GetExpiresAt() bool
- func (x *EntryMask) GetFederatesWith() bool
- func (x *EntryMask) GetHint() bool
- func (x *EntryMask) GetJwtSvidTtl() bool
- func (x *EntryMask) GetParentId() bool
- func (x *EntryMask) GetRevisionNumber() bool
- func (x *EntryMask) GetSelectors() bool
- func (x *EntryMask) GetSpiffeId() bool
- func (x *EntryMask) GetStoreSvid() bool
- func (x *EntryMask) GetX509SvidTtl() bool
- func (*EntryMask) ProtoMessage()
- func (x *EntryMask) ProtoReflect() protoreflect.Message
- func (x *EntryMask) Reset()
- func (x *EntryMask) String() string
- type FederatesWithMatch
- func (*FederatesWithMatch) Descriptor() ([]byte, []int)deprecated
- func (x *FederatesWithMatch) GetMatch() FederatesWithMatch_MatchBehavior
- func (x *FederatesWithMatch) GetTrustDomains() []string
- func (*FederatesWithMatch) ProtoMessage()
- func (x *FederatesWithMatch) ProtoReflect() protoreflect.Message
- func (x *FederatesWithMatch) Reset()
- func (x *FederatesWithMatch) String() string
- type FederatesWithMatch_MatchBehavior
- func (FederatesWithMatch_MatchBehavior) Descriptor() protoreflect.EnumDescriptor
- func (x FederatesWithMatch_MatchBehavior) Enum() *FederatesWithMatch_MatchBehavior
- func (FederatesWithMatch_MatchBehavior) EnumDescriptor() ([]byte, []int)deprecated
- func (x FederatesWithMatch_MatchBehavior) Number() protoreflect.EnumNumber
- func (x FederatesWithMatch_MatchBehavior) String() string
- func (FederatesWithMatch_MatchBehavior) Type() protoreflect.EnumType
- type FederationRelationship
- func (*FederationRelationship) Descriptor() ([]byte, []int)deprecated
- func (m *FederationRelationship) GetBundleEndpointProfile() isFederationRelationship_BundleEndpointProfile
- func (x *FederationRelationship) GetBundleEndpointUrl() string
- func (x *FederationRelationship) GetHttpsSpiffe() *HTTPSSPIFFEProfile
- func (x *FederationRelationship) GetHttpsWeb() *HTTPSWebProfile
- func (x *FederationRelationship) GetTrustDomain() string
- func (x *FederationRelationship) GetTrustDomainBundle() *Bundle
- func (*FederationRelationship) ProtoMessage()
- func (x *FederationRelationship) ProtoReflect() protoreflect.Message
- func (x *FederationRelationship) Reset()
- func (x *FederationRelationship) String() string
- type FederationRelationshipMask
- func (*FederationRelationshipMask) Descriptor() ([]byte, []int)deprecated
- func (x *FederationRelationshipMask) GetBundleEndpointProfile() bool
- func (x *FederationRelationshipMask) GetBundleEndpointUrl() bool
- func (x *FederationRelationshipMask) GetTrustDomainBundle() bool
- func (*FederationRelationshipMask) ProtoMessage()
- func (x *FederationRelationshipMask) ProtoReflect() protoreflect.Message
- func (x *FederationRelationshipMask) Reset()
- func (x *FederationRelationshipMask) String() string
- type FederationRelationship_HttpsSpiffe
- type FederationRelationship_HttpsWeb
- type HTTPSSPIFFEProfile
- func (*HTTPSSPIFFEProfile) Descriptor() ([]byte, []int)deprecated
- func (x *HTTPSSPIFFEProfile) GetEndpointSpiffeId() string
- func (*HTTPSSPIFFEProfile) ProtoMessage()
- func (x *HTTPSSPIFFEProfile) ProtoReflect() protoreflect.Message
- func (x *HTTPSSPIFFEProfile) Reset()
- func (x *HTTPSSPIFFEProfile) String() string
- type HTTPSWebProfile
- type JWTKey
- func (*JWTKey) Descriptor() ([]byte, []int)deprecated
- func (x *JWTKey) GetExpiresAt() int64
- func (x *JWTKey) GetKeyId() string
- func (x *JWTKey) GetPublicKey() []byte
- func (x *JWTKey) GetTainted() bool
- func (*JWTKey) ProtoMessage()
- func (x *JWTKey) ProtoReflect() protoreflect.Message
- func (x *JWTKey) Reset()
- func (x *JWTKey) String() string
- type JWTSVID
- func (*JWTSVID) Descriptor() ([]byte, []int)deprecated
- func (x *JWTSVID) GetExpiresAt() int64
- func (x *JWTSVID) GetHint() string
- func (x *JWTSVID) GetId() *SPIFFEID
- func (x *JWTSVID) GetIssuedAt() int64
- func (x *JWTSVID) GetToken() string
- func (*JWTSVID) ProtoMessage()
- func (x *JWTSVID) ProtoReflect() protoreflect.Message
- func (x *JWTSVID) Reset()
- func (x *JWTSVID) String() string
- type JoinToken
- type LogLevel
- type Logger
- type PermissionDeniedDetails
- func (*PermissionDeniedDetails) Descriptor() ([]byte, []int)deprecated
- func (x *PermissionDeniedDetails) GetReason() PermissionDeniedDetails_Reason
- func (*PermissionDeniedDetails) ProtoMessage()
- func (x *PermissionDeniedDetails) ProtoReflect() protoreflect.Message
- func (x *PermissionDeniedDetails) Reset()
- func (x *PermissionDeniedDetails) String() string
- type PermissionDeniedDetails_Reason
- func (PermissionDeniedDetails_Reason) Descriptor() protoreflect.EnumDescriptor
- func (x PermissionDeniedDetails_Reason) Enum() *PermissionDeniedDetails_Reason
- func (PermissionDeniedDetails_Reason) EnumDescriptor() ([]byte, []int)deprecated
- func (x PermissionDeniedDetails_Reason) Number() protoreflect.EnumNumber
- func (x PermissionDeniedDetails_Reason) String() string
- func (PermissionDeniedDetails_Reason) Type() protoreflect.EnumType
- type SPIFFEID
- type Selector
- type SelectorMatch
- func (*SelectorMatch) Descriptor() ([]byte, []int)deprecated
- func (x *SelectorMatch) GetMatch() SelectorMatch_MatchBehavior
- func (x *SelectorMatch) GetSelectors() []*Selector
- func (*SelectorMatch) ProtoMessage()
- func (x *SelectorMatch) ProtoReflect() protoreflect.Message
- func (x *SelectorMatch) Reset()
- func (x *SelectorMatch) String() string
- type SelectorMatch_MatchBehavior
- func (SelectorMatch_MatchBehavior) Descriptor() protoreflect.EnumDescriptor
- func (x SelectorMatch_MatchBehavior) Enum() *SelectorMatch_MatchBehavior
- func (SelectorMatch_MatchBehavior) EnumDescriptor() ([]byte, []int)deprecated
- func (x SelectorMatch_MatchBehavior) Number() protoreflect.EnumNumber
- func (x SelectorMatch_MatchBehavior) String() string
- func (SelectorMatch_MatchBehavior) Type() protoreflect.EnumType
- type Status
- type X509Certificate
- func (*X509Certificate) Descriptor() ([]byte, []int)deprecated
- func (x *X509Certificate) GetAsn1() []byte
- func (x *X509Certificate) GetTainted() bool
- func (*X509Certificate) ProtoMessage()
- func (x *X509Certificate) ProtoReflect() protoreflect.Message
- func (x *X509Certificate) Reset()
- func (x *X509Certificate) String() string
- type X509SVID
- func (*X509SVID) Descriptor() ([]byte, []int)deprecated
- func (x *X509SVID) GetCertChain() [][]byte
- func (x *X509SVID) GetExpiresAt() int64
- func (x *X509SVID) GetHint() string
- func (x *X509SVID) GetId() *SPIFFEID
- func (*X509SVID) ProtoMessage()
- func (x *X509SVID) ProtoReflect() protoreflect.Message
- func (x *X509SVID) Reset()
- func (x *X509SVID) String() string
Constants ¶
This section is empty.
Variables ¶
var ( FederatesWithMatch_MatchBehavior_name = map[int32]string{ 0: "MATCH_EXACT", 1: "MATCH_SUBSET", 2: "MATCH_SUPERSET", 3: "MATCH_ANY", } FederatesWithMatch_MatchBehavior_value = map[string]int32{ "MATCH_EXACT": 0, "MATCH_SUBSET": 1, "MATCH_SUPERSET": 2, "MATCH_ANY": 3, } )
Enum value maps for FederatesWithMatch_MatchBehavior.
var ( LogLevel_name = map[int32]string{ 0: "UNSPECIFIED", 1: "PANIC", 2: "FATAL", 3: "ERROR", 4: "WARN", 5: "INFO", 6: "DEBUG", 7: "TRACE", } LogLevel_value = map[string]int32{ "UNSPECIFIED": 0, "PANIC": 1, "FATAL": 2, "ERROR": 3, "WARN": 4, "INFO": 5, "DEBUG": 6, "TRACE": 7, } )
Enum value maps for LogLevel.
var ( SelectorMatch_MatchBehavior_name = map[int32]string{ 0: "MATCH_EXACT", 1: "MATCH_SUBSET", 2: "MATCH_SUPERSET", 3: "MATCH_ANY", } SelectorMatch_MatchBehavior_value = map[string]int32{ "MATCH_EXACT": 0, "MATCH_SUBSET": 1, "MATCH_SUPERSET": 2, "MATCH_ANY": 3, } )
Enum value maps for SelectorMatch_MatchBehavior.
var ( PermissionDeniedDetails_Reason_name = map[int32]string{ 0: "UNKNOWN", 1: "AGENT_EXPIRED", 2: "AGENT_NOT_ATTESTED", 3: "AGENT_NOT_ACTIVE", 4: "AGENT_BANNED", 5: "AGENT_MUST_REATTEST", } PermissionDeniedDetails_Reason_value = map[string]int32{ "UNKNOWN": 0, "AGENT_EXPIRED": 1, "AGENT_NOT_ATTESTED": 2, "AGENT_NOT_ACTIVE": 3, "AGENT_BANNED": 4, "AGENT_MUST_REATTEST": 5, } )
Enum value maps for PermissionDeniedDetails_Reason.
var File_spire_api_types_agent_proto protoreflect.FileDescriptor
var File_spire_api_types_attestation_proto protoreflect.FileDescriptor
var File_spire_api_types_bundle_proto protoreflect.FileDescriptor
var File_spire_api_types_entry_proto protoreflect.FileDescriptor
var File_spire_api_types_federateswith_proto protoreflect.FileDescriptor
var File_spire_api_types_federationrelationship_proto protoreflect.FileDescriptor
var File_spire_api_types_jointoken_proto protoreflect.FileDescriptor
var File_spire_api_types_jwtsvid_proto protoreflect.FileDescriptor
var File_spire_api_types_logger_proto protoreflect.FileDescriptor
var File_spire_api_types_selector_proto protoreflect.FileDescriptor
var File_spire_api_types_spiffeid_proto protoreflect.FileDescriptor
var File_spire_api_types_status_proto protoreflect.FileDescriptor
var File_spire_api_types_x509svid_proto protoreflect.FileDescriptor
Functions ¶
This section is empty.
Types ¶
type Agent ¶
type Agent struct { // Output only. SPIFFE ID of the agent. Id *SPIFFEID `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // Output only. The method by which the agent attested. AttestationType string `protobuf:"bytes,2,opt,name=attestation_type,json=attestationType,proto3" json:"attestation_type,omitempty"` // Output only. The X509-SVID serial number. X509SvidSerialNumber string `protobuf:"bytes,3,opt,name=x509svid_serial_number,json=x509svidSerialNumber,proto3" json:"x509svid_serial_number,omitempty"` // Output only. The X509-SVID expiration (seconds since Unix epoch). X509SvidExpiresAt int64 `protobuf:"varint,4,opt,name=x509svid_expires_at,json=x509svidExpiresAt,proto3" json:"x509svid_expires_at,omitempty"` // Output only. The selectors attributed to the agent during attestation. Selectors []*Selector `protobuf:"bytes,5,rep,name=selectors,proto3" json:"selectors,omitempty"` // Output only. Whether or not the agent is banned. Banned bool `protobuf:"varint,6,opt,name=banned,proto3" json:"banned,omitempty"` // Output only. Whether or not the agent can re-attest. CanReattest bool `protobuf:"varint,7,opt,name=can_reattest,json=canReattest,proto3" json:"can_reattest,omitempty"` // contains filtered or unexported fields }
func (*Agent) Descriptor
deprecated
func (*Agent) GetAttestationType ¶
func (*Agent) GetCanReattest ¶ added in v1.6.3
func (*Agent) GetSelectors ¶
func (*Agent) GetX509SvidExpiresAt ¶
func (*Agent) GetX509SvidSerialNumber ¶
func (*Agent) ProtoMessage ¶
func (*Agent) ProtoMessage()
func (*Agent) ProtoReflect ¶
func (x *Agent) ProtoReflect() protoreflect.Message
type AgentMask ¶
type AgentMask struct { // attestation_type field mask AttestationType bool `protobuf:"varint,2,opt,name=attestation_type,json=attestationType,proto3" json:"attestation_type,omitempty"` // x509svid_serial_number field mask X509SvidSerialNumber bool `protobuf:"varint,3,opt,name=x509svid_serial_number,json=x509svidSerialNumber,proto3" json:"x509svid_serial_number,omitempty"` // x509svid_expires_at field mask X509SvidExpiresAt bool `protobuf:"varint,4,opt,name=x509svid_expires_at,json=x509svidExpiresAt,proto3" json:"x509svid_expires_at,omitempty"` // selectors field mask Selectors bool `protobuf:"varint,5,opt,name=selectors,proto3" json:"selectors,omitempty"` // banned field mask Banned bool `protobuf:"varint,6,opt,name=banned,proto3" json:"banned,omitempty"` // can_reattest field mask CanReattest bool `protobuf:"varint,7,opt,name=can_reattest,json=canReattest,proto3" json:"can_reattest,omitempty"` // contains filtered or unexported fields }
func (*AgentMask) Descriptor
deprecated
func (*AgentMask) GetAttestationType ¶
func (*AgentMask) GetCanReattest ¶ added in v1.6.3
func (*AgentMask) GetSelectors ¶
func (*AgentMask) GetX509SvidExpiresAt ¶
func (*AgentMask) GetX509SvidSerialNumber ¶
func (*AgentMask) ProtoMessage ¶
func (*AgentMask) ProtoMessage()
func (*AgentMask) ProtoReflect ¶
func (x *AgentMask) ProtoReflect() protoreflect.Message
type AttestationData ¶
type AttestationData struct { // The type of attestation data. This is typically the name of the plugin // that produced that data. Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` // The attestation data payload. Payload []byte `protobuf:"bytes,2,opt,name=payload,proto3" json:"payload,omitempty"` // contains filtered or unexported fields }
func (*AttestationData) Descriptor
deprecated
func (*AttestationData) Descriptor() ([]byte, []int)
Deprecated: Use AttestationData.ProtoReflect.Descriptor instead.
func (*AttestationData) GetPayload ¶
func (x *AttestationData) GetPayload() []byte
func (*AttestationData) GetType ¶
func (x *AttestationData) GetType() string
func (*AttestationData) ProtoMessage ¶
func (*AttestationData) ProtoMessage()
func (*AttestationData) ProtoReflect ¶
func (x *AttestationData) ProtoReflect() protoreflect.Message
func (*AttestationData) Reset ¶
func (x *AttestationData) Reset()
func (*AttestationData) String ¶
func (x *AttestationData) String() string
type Bundle ¶
type Bundle struct { // The name of the trust domain the bundle belongs to (e.g., "example.org"). TrustDomain string `protobuf:"bytes,1,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"` // X.509 authorities for authenticating X509-SVIDs. X509Authorities []*X509Certificate `protobuf:"bytes,2,rep,name=x509_authorities,json=x509Authorities,proto3" json:"x509_authorities,omitempty"` // JWT authorities for authenticating JWT-SVIDs. JwtAuthorities []*JWTKey `protobuf:"bytes,3,rep,name=jwt_authorities,json=jwtAuthorities,proto3" json:"jwt_authorities,omitempty"` // A hint on how often the bundle should be refreshed from the bundle // provider, in seconds. Can be zero (meaning no hint available). RefreshHint int64 `protobuf:"varint,4,opt,name=refresh_hint,json=refreshHint,proto3" json:"refresh_hint,omitempty"` // The sequence number of the bundle. SequenceNumber uint64 `protobuf:"varint,5,opt,name=sequence_number,json=sequenceNumber,proto3" json:"sequence_number,omitempty"` // contains filtered or unexported fields }
func (*Bundle) Descriptor
deprecated
func (*Bundle) GetJwtAuthorities ¶
func (*Bundle) GetRefreshHint ¶
func (*Bundle) GetSequenceNumber ¶
func (*Bundle) GetTrustDomain ¶
func (*Bundle) GetX509Authorities ¶
func (x *Bundle) GetX509Authorities() []*X509Certificate
func (*Bundle) ProtoMessage ¶
func (*Bundle) ProtoMessage()
func (*Bundle) ProtoReflect ¶
func (x *Bundle) ProtoReflect() protoreflect.Message
type BundleMask ¶
type BundleMask struct { // x509_authorities field mask. X509Authorities bool `protobuf:"varint,2,opt,name=x509_authorities,json=x509Authorities,proto3" json:"x509_authorities,omitempty"` // jwt_authorities field mask. JwtAuthorities bool `protobuf:"varint,3,opt,name=jwt_authorities,json=jwtAuthorities,proto3" json:"jwt_authorities,omitempty"` // refresh_hint field mask. RefreshHint bool `protobuf:"varint,4,opt,name=refresh_hint,json=refreshHint,proto3" json:"refresh_hint,omitempty"` // sequence_number field mask. SequenceNumber bool `protobuf:"varint,5,opt,name=sequence_number,json=sequenceNumber,proto3" json:"sequence_number,omitempty"` // contains filtered or unexported fields }
func (*BundleMask) Descriptor
deprecated
func (*BundleMask) Descriptor() ([]byte, []int)
Deprecated: Use BundleMask.ProtoReflect.Descriptor instead.
func (*BundleMask) GetJwtAuthorities ¶
func (x *BundleMask) GetJwtAuthorities() bool
func (*BundleMask) GetRefreshHint ¶
func (x *BundleMask) GetRefreshHint() bool
func (*BundleMask) GetSequenceNumber ¶
func (x *BundleMask) GetSequenceNumber() bool
func (*BundleMask) GetX509Authorities ¶
func (x *BundleMask) GetX509Authorities() bool
func (*BundleMask) ProtoMessage ¶
func (*BundleMask) ProtoMessage()
func (*BundleMask) ProtoReflect ¶
func (x *BundleMask) ProtoReflect() protoreflect.Message
func (*BundleMask) Reset ¶
func (x *BundleMask) Reset()
func (*BundleMask) String ¶
func (x *BundleMask) String() string
type Entry ¶
type Entry struct { // Globally unique ID for the entry. Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` // The SPIFFE ID of the identity described by this entry. SpiffeId *SPIFFEID `protobuf:"bytes,2,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"` // Who the entry is delegated to. If the entry describes a node, this is // set to the SPIFFE ID of the SPIRE server of the trust domain (e.g. // spiffe://example.org/spire/server). Otherwise, it will be set to a node // SPIFFE ID. ParentId *SPIFFEID `protobuf:"bytes,3,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"` // The selectors which identify which entities match this entry. If this is // an entry for a node, these selectors represent selectors produced by // node attestation. Otherwise, these selectors represent those produced by // workload attestation. Selectors []*Selector `protobuf:"bytes,4,rep,name=selectors,proto3" json:"selectors,omitempty"` // The time to live for X509-SVID identities issued for this entry (in seconds). // Previously called ttl X509SvidTtl int32 `protobuf:"varint,5,opt,name=x509_svid_ttl,json=x509SvidTtl,proto3" json:"x509_svid_ttl,omitempty"` // The names of trust domains the identity described by this entry // federates with. FederatesWith []string `protobuf:"bytes,6,rep,name=federates_with,json=federatesWith,proto3" json:"federates_with,omitempty"` // Whether or not the identity described by this entry is an administrative // workload. Administrative workloads are granted additional access to // various managerial server APIs, such as entry registration. Admin bool `protobuf:"varint,7,opt,name=admin,proto3" json:"admin,omitempty"` // Whether or not the identity described by this entry represents a // downstream SPIRE server. Downstream SPIRE servers have additional access // to various signing APIs, such as those used to sign X.509 CA // certificates and publish JWT signing keys. Downstream bool `protobuf:"varint,8,opt,name=downstream,proto3" json:"downstream,omitempty"` // When the entry expires (seconds since Unix epoch). ExpiresAt int64 `protobuf:"varint,9,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` // A list of DNS names associated with the identity described by this entry. DnsNames []string `protobuf:"bytes,10,rep,name=dns_names,json=dnsNames,proto3" json:"dns_names,omitempty"` // Revision number is bumped every time the entry is updated RevisionNumber int64 `protobuf:"varint,11,opt,name=revision_number,json=revisionNumber,proto3" json:"revision_number,omitempty"` // Determines if the issued identity is exportable to a store StoreSvid bool `protobuf:"varint,12,opt,name=store_svid,json=storeSvid,proto3" json:"store_svid,omitempty"` // The time to live for JWT-SVID identities issued for this entry (in seconds), overrides ttl if set. JwtSvidTtl int32 `protobuf:"varint,13,opt,name=jwt_svid_ttl,json=jwtSvidTtl,proto3" json:"jwt_svid_ttl,omitempty"` // An operator-specified string used to provide guidance on how this // identity should be used by a workload when more than one SVID is returned. Hint string `protobuf:"bytes,14,opt,name=hint,proto3" json:"hint,omitempty"` // When the entry was created (seconds since Unix epoch). CreatedAt int64 `protobuf:"varint,15,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"` // contains filtered or unexported fields }
func (*Entry) Descriptor
deprecated
func (*Entry) GetCreatedAt ¶ added in v1.6.3
func (*Entry) GetDnsNames ¶
func (*Entry) GetDownstream ¶
func (*Entry) GetExpiresAt ¶
func (*Entry) GetFederatesWith ¶
func (*Entry) GetJwtSvidTtl ¶ added in v1.5.0
func (*Entry) GetParentId ¶
func (*Entry) GetRevisionNumber ¶
func (*Entry) GetSelectors ¶
func (*Entry) GetSpiffeId ¶
func (*Entry) GetStoreSvid ¶ added in v1.1.0
func (*Entry) GetX509SvidTtl ¶ added in v1.5.0
func (*Entry) ProtoMessage ¶
func (*Entry) ProtoMessage()
func (*Entry) ProtoReflect ¶
func (x *Entry) ProtoReflect() protoreflect.Message
type EntryMask ¶
type EntryMask struct { // spiffe_id field mask SpiffeId bool `protobuf:"varint,2,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"` // parent_id field mask ParentId bool `protobuf:"varint,3,opt,name=parent_id,json=parentId,proto3" json:"parent_id,omitempty"` // selectors field mask Selectors bool `protobuf:"varint,4,opt,name=selectors,proto3" json:"selectors,omitempty"` // x509_svid_ttl field mask X509SvidTtl bool `protobuf:"varint,5,opt,name=x509_svid_ttl,json=x509SvidTtl,proto3" json:"x509_svid_ttl,omitempty"` // federates_with field mask FederatesWith bool `protobuf:"varint,6,opt,name=federates_with,json=federatesWith,proto3" json:"federates_with,omitempty"` // admin field mask Admin bool `protobuf:"varint,7,opt,name=admin,proto3" json:"admin,omitempty"` // downstream field mask Downstream bool `protobuf:"varint,8,opt,name=downstream,proto3" json:"downstream,omitempty"` // expires_at field mask ExpiresAt bool `protobuf:"varint,9,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` // dns_names field mask DnsNames bool `protobuf:"varint,10,opt,name=dns_names,json=dnsNames,proto3" json:"dns_names,omitempty"` // revision_number field mask RevisionNumber bool `protobuf:"varint,11,opt,name=revision_number,json=revisionNumber,proto3" json:"revision_number,omitempty"` // store_svid field mask StoreSvid bool `protobuf:"varint,12,opt,name=store_svid,json=storeSvid,proto3" json:"store_svid,omitempty"` // jwt_svid_ttl field mask JwtSvidTtl bool `protobuf:"varint,13,opt,name=jwt_svid_ttl,json=jwtSvidTtl,proto3" json:"jwt_svid_ttl,omitempty"` // hint field mask Hint bool `protobuf:"varint,14,opt,name=hint,proto3" json:"hint,omitempty"` // created_at field mask CreatedAt bool `protobuf:"varint,15,opt,name=created_at,json=createdAt,proto3" json:"created_at,omitempty"` // contains filtered or unexported fields }
Field mask for Entry fields
func (*EntryMask) Descriptor
deprecated
func (*EntryMask) GetCreatedAt ¶ added in v1.6.3
func (*EntryMask) GetDnsNames ¶
func (*EntryMask) GetDownstream ¶
func (*EntryMask) GetExpiresAt ¶
func (*EntryMask) GetFederatesWith ¶
func (*EntryMask) GetJwtSvidTtl ¶ added in v1.5.0
func (*EntryMask) GetParentId ¶
func (*EntryMask) GetRevisionNumber ¶
func (*EntryMask) GetSelectors ¶
func (*EntryMask) GetSpiffeId ¶
func (*EntryMask) GetStoreSvid ¶ added in v1.1.0
func (*EntryMask) GetX509SvidTtl ¶ added in v1.5.0
func (*EntryMask) ProtoMessage ¶
func (*EntryMask) ProtoMessage()
func (*EntryMask) ProtoReflect ¶
func (x *EntryMask) ProtoReflect() protoreflect.Message
type FederatesWithMatch ¶
type FederatesWithMatch struct { // The set of trust domain names to match on (e.g., "example.org"). TrustDomains []string `protobuf:"bytes,1,rep,name=trust_domains,json=trustDomains,proto3" json:"trust_domains,omitempty"` // How to match the trust domains. Match FederatesWithMatch_MatchBehavior `protobuf:"varint,2,opt,name=match,proto3,enum=spire.api.types.FederatesWithMatch_MatchBehavior" json:"match,omitempty"` // contains filtered or unexported fields }
func (*FederatesWithMatch) Descriptor
deprecated
func (*FederatesWithMatch) Descriptor() ([]byte, []int)
Deprecated: Use FederatesWithMatch.ProtoReflect.Descriptor instead.
func (*FederatesWithMatch) GetMatch ¶
func (x *FederatesWithMatch) GetMatch() FederatesWithMatch_MatchBehavior
func (*FederatesWithMatch) GetTrustDomains ¶
func (x *FederatesWithMatch) GetTrustDomains() []string
func (*FederatesWithMatch) ProtoMessage ¶
func (*FederatesWithMatch) ProtoMessage()
func (*FederatesWithMatch) ProtoReflect ¶
func (x *FederatesWithMatch) ProtoReflect() protoreflect.Message
func (*FederatesWithMatch) Reset ¶
func (x *FederatesWithMatch) Reset()
func (*FederatesWithMatch) String ¶
func (x *FederatesWithMatch) String() string
type FederatesWithMatch_MatchBehavior ¶
type FederatesWithMatch_MatchBehavior int32
const ( // Indicates that the federated trust domains in this match are // equal to the candidate trust domains, independent of ordering. // Example: // Given: // - e1 { FederatesWith: ["spiffe://td1", "spiffe://td2", "spiffe://td3"]} // - e2 { FederatesWith: ["spiffe://td1", "spiffe://td2"]} // - e3 { FederatesWith: ["spiffe://td1"]} // Operation: // - MATCH_EXACT ["spiffe://td1", "spiffe://td2"] // Entries that match: // - 'e2' FederatesWithMatch_MATCH_EXACT FederatesWithMatch_MatchBehavior = 0 // Indicates that all candidates which have a non-empty subset // of the provided set of trust domains will match. // Example: // Given: // - e1 { FederatesWith: ["spiffe://td1", "spiffe://td2", "spiffe://td3"]} // - e2 { FederatesWith: ["spiffe://td1", "spiffe://td2"]} // - e3 { FederatesWith: ["spiffe://td1"]} // Operation: // - MATCH_SUBSET ["spiffe://td1"] // Entries that match: // - 'e1' FederatesWithMatch_MATCH_SUBSET FederatesWithMatch_MatchBehavior = 1 // Indicate that all candidates which are a superset // of the provided set of trust domains will match. // Example: // Given: // - e1 { FederatesWith: ["spiffe://td1", "spiffe://td2", "spiffe://td3"]} // - e2 { FederatesWith: ["spiffe://td1", "spiffe://td2"]} // - e3 { FederatesWith: ["spiffe://td1"]} // Operation: // - MATCH_SUPERSET ["spiffe://td1", "spiffe://td2"] // Entries that match: // - 'e1' // - 'e2' FederatesWithMatch_MATCH_SUPERSET FederatesWithMatch_MatchBehavior = 2 // Indicates that all candidates which have at least one // of the provided set of trust domains will match. // Example: // Given: // - e1 { FederatesWith: ["spiffe://td1", "spiffe://td2", "spiffe://td3"]} // - e2 { FederatesWith: ["spiffe://td1", "spiffe://td2"]} // - e3 { FederatesWith: ["spiffe://td1"]} // Operation: // - MATCH_ANY ["spiffe://td1"] // Entries that match: // - 'e1' // - 'e2' // - 'e3' FederatesWithMatch_MATCH_ANY FederatesWithMatch_MatchBehavior = 3 )
func (FederatesWithMatch_MatchBehavior) Descriptor ¶
func (FederatesWithMatch_MatchBehavior) Descriptor() protoreflect.EnumDescriptor
func (FederatesWithMatch_MatchBehavior) Enum ¶
func (x FederatesWithMatch_MatchBehavior) Enum() *FederatesWithMatch_MatchBehavior
func (FederatesWithMatch_MatchBehavior) EnumDescriptor
deprecated
func (FederatesWithMatch_MatchBehavior) EnumDescriptor() ([]byte, []int)
Deprecated: Use FederatesWithMatch_MatchBehavior.Descriptor instead.
func (FederatesWithMatch_MatchBehavior) Number ¶
func (x FederatesWithMatch_MatchBehavior) Number() protoreflect.EnumNumber
func (FederatesWithMatch_MatchBehavior) String ¶
func (x FederatesWithMatch_MatchBehavior) String() string
func (FederatesWithMatch_MatchBehavior) Type ¶
func (FederatesWithMatch_MatchBehavior) Type() protoreflect.EnumType
type FederationRelationship ¶ added in v1.1.0
type FederationRelationship struct { // Required. The trust domain name (e.g., "example.org") to federate with. TrustDomain string `protobuf:"bytes,1,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"` // Required. URL of the SPIFFE bundle endpoint that provides the trust // bundle to federate with. Must use the HTTPS protocol. BundleEndpointUrl string `protobuf:"bytes,2,opt,name=bundle_endpoint_url,json=bundleEndpointUrl,proto3" json:"bundle_endpoint_url,omitempty"` // Required. The endpoint profile type. // // Types that are assignable to BundleEndpointProfile: // *FederationRelationship_HttpsWeb // *FederationRelationship_HttpsSpiffe BundleEndpointProfile isFederationRelationship_BundleEndpointProfile `protobuf_oneof:"bundle_endpoint_profile"` // Optional. The bundle for the trust domain. This field can be used to // create or replace the referenced trust domains' bundle when the // relationship is created or updated. When the relationship is retrieved, // it will be set to the referenced trust domain's latest bundle (if // available). Please note that the `https_spiffe` profile requires an // existing trust domain bundle in order to function correctly. The // required bundle must match the trust domain specified in the bundle // endpoint SPIFFE ID. If the bundle endpoint SPIFFE ID resides in the same // trust domain that you're trying to federate with, you may optionally // specify that trust domain bundle here. If the bundle endpoint SPIFFE ID // _does not_ reside in the same trust domain that you're federating with, // please ensure that the trust domain bundle for that trust domain has // been configured separately (e.g. configured via another federation // relationship or manually set via the Bundle API). TrustDomainBundle *Bundle `protobuf:"bytes,5,opt,name=trust_domain_bundle,json=trustDomainBundle,proto3" json:"trust_domain_bundle,omitempty"` // contains filtered or unexported fields }
func (*FederationRelationship) Descriptor
deprecated
added in
v1.1.0
func (*FederationRelationship) Descriptor() ([]byte, []int)
Deprecated: Use FederationRelationship.ProtoReflect.Descriptor instead.
func (*FederationRelationship) GetBundleEndpointProfile ¶ added in v1.1.0
func (m *FederationRelationship) GetBundleEndpointProfile() isFederationRelationship_BundleEndpointProfile
func (*FederationRelationship) GetBundleEndpointUrl ¶ added in v1.1.0
func (x *FederationRelationship) GetBundleEndpointUrl() string
func (*FederationRelationship) GetHttpsSpiffe ¶ added in v1.1.0
func (x *FederationRelationship) GetHttpsSpiffe() *HTTPSSPIFFEProfile
func (*FederationRelationship) GetHttpsWeb ¶ added in v1.1.0
func (x *FederationRelationship) GetHttpsWeb() *HTTPSWebProfile
func (*FederationRelationship) GetTrustDomain ¶ added in v1.1.0
func (x *FederationRelationship) GetTrustDomain() string
func (*FederationRelationship) GetTrustDomainBundle ¶ added in v1.1.0
func (x *FederationRelationship) GetTrustDomainBundle() *Bundle
func (*FederationRelationship) ProtoMessage ¶ added in v1.1.0
func (*FederationRelationship) ProtoMessage()
func (*FederationRelationship) ProtoReflect ¶ added in v1.1.0
func (x *FederationRelationship) ProtoReflect() protoreflect.Message
func (*FederationRelationship) Reset ¶ added in v1.1.0
func (x *FederationRelationship) Reset()
func (*FederationRelationship) String ¶ added in v1.1.0
func (x *FederationRelationship) String() string
type FederationRelationshipMask ¶ added in v1.1.0
type FederationRelationshipMask struct { // bundle_endpoint_url field mask. BundleEndpointUrl bool `protobuf:"varint,1,opt,name=bundle_endpoint_url,json=bundleEndpointUrl,proto3" json:"bundle_endpoint_url,omitempty"` // bundle_endpoint_profile field mask. BundleEndpointProfile bool `` /* 127-byte string literal not displayed */ // trust_domain_bundle field mask. TrustDomainBundle bool `protobuf:"varint,3,opt,name=trust_domain_bundle,json=trustDomainBundle,proto3" json:"trust_domain_bundle,omitempty"` // contains filtered or unexported fields }
func (*FederationRelationshipMask) Descriptor
deprecated
added in
v1.1.0
func (*FederationRelationshipMask) Descriptor() ([]byte, []int)
Deprecated: Use FederationRelationshipMask.ProtoReflect.Descriptor instead.
func (*FederationRelationshipMask) GetBundleEndpointProfile ¶ added in v1.1.0
func (x *FederationRelationshipMask) GetBundleEndpointProfile() bool
func (*FederationRelationshipMask) GetBundleEndpointUrl ¶ added in v1.1.0
func (x *FederationRelationshipMask) GetBundleEndpointUrl() bool
func (*FederationRelationshipMask) GetTrustDomainBundle ¶ added in v1.1.0
func (x *FederationRelationshipMask) GetTrustDomainBundle() bool
func (*FederationRelationshipMask) ProtoMessage ¶ added in v1.1.0
func (*FederationRelationshipMask) ProtoMessage()
func (*FederationRelationshipMask) ProtoReflect ¶ added in v1.1.0
func (x *FederationRelationshipMask) ProtoReflect() protoreflect.Message
func (*FederationRelationshipMask) Reset ¶ added in v1.1.0
func (x *FederationRelationshipMask) Reset()
func (*FederationRelationshipMask) String ¶ added in v1.1.0
func (x *FederationRelationshipMask) String() string
type FederationRelationship_HttpsSpiffe ¶ added in v1.1.0
type FederationRelationship_HttpsSpiffe struct { // Use SPIFFE Authentication endpoint profile. HttpsSpiffe *HTTPSSPIFFEProfile `protobuf:"bytes,4,opt,name=https_spiffe,json=httpsSpiffe,proto3,oneof"` }
type FederationRelationship_HttpsWeb ¶ added in v1.1.0
type FederationRelationship_HttpsWeb struct { // Use Web PKI endpoint profile. HttpsWeb *HTTPSWebProfile `protobuf:"bytes,3,opt,name=https_web,json=httpsWeb,proto3,oneof"` }
type HTTPSSPIFFEProfile ¶ added in v1.1.0
type HTTPSSPIFFEProfile struct { // Required. Specifies the expected SPIFFE ID of the SPIFFE bundle endpoint // server. EndpointSpiffeId string `protobuf:"bytes,1,opt,name=endpoint_spiffe_id,json=endpointSpiffeId,proto3" json:"endpoint_spiffe_id,omitempty"` // contains filtered or unexported fields }
func (*HTTPSSPIFFEProfile) Descriptor
deprecated
added in
v1.1.0
func (*HTTPSSPIFFEProfile) Descriptor() ([]byte, []int)
Deprecated: Use HTTPSSPIFFEProfile.ProtoReflect.Descriptor instead.
func (*HTTPSSPIFFEProfile) GetEndpointSpiffeId ¶ added in v1.1.0
func (x *HTTPSSPIFFEProfile) GetEndpointSpiffeId() string
func (*HTTPSSPIFFEProfile) ProtoMessage ¶ added in v1.1.0
func (*HTTPSSPIFFEProfile) ProtoMessage()
func (*HTTPSSPIFFEProfile) ProtoReflect ¶ added in v1.1.0
func (x *HTTPSSPIFFEProfile) ProtoReflect() protoreflect.Message
func (*HTTPSSPIFFEProfile) Reset ¶ added in v1.1.0
func (x *HTTPSSPIFFEProfile) Reset()
func (*HTTPSSPIFFEProfile) String ¶ added in v1.1.0
func (x *HTTPSSPIFFEProfile) String() string
type HTTPSWebProfile ¶ added in v1.1.0
type HTTPSWebProfile struct {
// contains filtered or unexported fields
}
func (*HTTPSWebProfile) Descriptor
deprecated
added in
v1.1.0
func (*HTTPSWebProfile) Descriptor() ([]byte, []int)
Deprecated: Use HTTPSWebProfile.ProtoReflect.Descriptor instead.
func (*HTTPSWebProfile) ProtoMessage ¶ added in v1.1.0
func (*HTTPSWebProfile) ProtoMessage()
func (*HTTPSWebProfile) ProtoReflect ¶ added in v1.1.0
func (x *HTTPSWebProfile) ProtoReflect() protoreflect.Message
func (*HTTPSWebProfile) Reset ¶ added in v1.1.0
func (x *HTTPSWebProfile) Reset()
func (*HTTPSWebProfile) String ¶ added in v1.1.0
func (x *HTTPSWebProfile) String() string
type JWTKey ¶
type JWTKey struct { // The PKIX encoded public key. PublicKey []byte `protobuf:"bytes,1,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"` // The key identifier. KeyId string `protobuf:"bytes,2,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` // When the key expires (seconds since Unix epoch). If zero, the key does // not expire. ExpiresAt int64 `protobuf:"varint,3,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` // This authority is no longer secure and must not be used Tainted bool `protobuf:"varint,4,opt,name=tainted,proto3" json:"tainted,omitempty"` // contains filtered or unexported fields }
func (*JWTKey) Descriptor
deprecated
func (*JWTKey) GetExpiresAt ¶
func (*JWTKey) GetPublicKey ¶
func (*JWTKey) GetTainted ¶ added in v1.7.2
func (*JWTKey) ProtoMessage ¶
func (*JWTKey) ProtoMessage()
func (*JWTKey) ProtoReflect ¶
func (x *JWTKey) ProtoReflect() protoreflect.Message
type JWTSVID ¶
type JWTSVID struct { // The serialized JWT token. Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"` // The SPIFFE ID of the JWT-SVID. Id *SPIFFEID `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` // Expiration timestamp (seconds since Unix epoch). ExpiresAt int64 `protobuf:"varint,3,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` // Issuance timestamp (seconds since Unix epoch). IssuedAt int64 `protobuf:"varint,4,opt,name=issued_at,json=issuedAt,proto3" json:"issued_at,omitempty"` // Optional. An operator-specified string used to provide guidance on how this // identity should be used by a workload when more than one SVID is returned. // For example, `internal` and `external` to indicate an SVID for internal or // external use, respectively. Hint string `protobuf:"bytes,5,opt,name=hint,proto3" json:"hint,omitempty"` // contains filtered or unexported fields }
JWT SPIFFE Verifiable Identity Document. It contains the raw JWT token as well as a few denormalized fields for convenience.
func (*JWTSVID) Descriptor
deprecated
func (*JWTSVID) GetExpiresAt ¶
func (*JWTSVID) GetIssuedAt ¶
func (*JWTSVID) ProtoMessage ¶
func (*JWTSVID) ProtoMessage()
func (*JWTSVID) ProtoReflect ¶
func (x *JWTSVID) ProtoReflect() protoreflect.Message
type JoinToken ¶
type JoinToken struct { // The value of the token. Value string `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"` // The token expiration (seconds since Unix epoch). ExpiresAt int64 `protobuf:"varint,2,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` // contains filtered or unexported fields }
func (*JoinToken) Descriptor
deprecated
func (*JoinToken) GetExpiresAt ¶
func (*JoinToken) ProtoMessage ¶
func (*JoinToken) ProtoMessage()
func (*JoinToken) ProtoReflect ¶
func (x *JoinToken) ProtoReflect() protoreflect.Message
type LogLevel ¶ added in v1.9.2
type LogLevel int32
The logger log levels.
func (LogLevel) Descriptor ¶ added in v1.9.2
func (LogLevel) Descriptor() protoreflect.EnumDescriptor
func (LogLevel) EnumDescriptor
deprecated
added in
v1.9.2
func (LogLevel) Number ¶ added in v1.9.2
func (x LogLevel) Number() protoreflect.EnumNumber
func (LogLevel) Type ¶ added in v1.9.2
func (LogLevel) Type() protoreflect.EnumType
type Logger ¶ added in v1.9.2
type Logger struct { // Output only. The logger's current log level. CurrentLevel LogLevel `` /* 128-byte string literal not displayed */ // Output only. The logger's log level at process launch. LaunchLevel LogLevel `protobuf:"varint,2,opt,name=launch_level,json=launchLevel,proto3,enum=spire.api.types.LogLevel" json:"launch_level,omitempty"` // contains filtered or unexported fields }
Represents the current Logger settings.
func (*Logger) Descriptor
deprecated
added in
v1.9.2
func (*Logger) GetCurrentLevel ¶ added in v1.9.2
func (*Logger) GetLaunchLevel ¶ added in v1.9.2
func (*Logger) ProtoMessage ¶ added in v1.9.2
func (*Logger) ProtoMessage()
func (*Logger) ProtoReflect ¶ added in v1.9.2
func (x *Logger) ProtoReflect() protoreflect.Message
type PermissionDeniedDetails ¶
type PermissionDeniedDetails struct { Reason PermissionDeniedDetails_Reason `protobuf:"varint,1,opt,name=reason,proto3,enum=spire.api.types.PermissionDeniedDetails_Reason" json:"reason,omitempty"` // contains filtered or unexported fields }
func (*PermissionDeniedDetails) Descriptor
deprecated
func (*PermissionDeniedDetails) Descriptor() ([]byte, []int)
Deprecated: Use PermissionDeniedDetails.ProtoReflect.Descriptor instead.
func (*PermissionDeniedDetails) GetReason ¶
func (x *PermissionDeniedDetails) GetReason() PermissionDeniedDetails_Reason
func (*PermissionDeniedDetails) ProtoMessage ¶
func (*PermissionDeniedDetails) ProtoMessage()
func (*PermissionDeniedDetails) ProtoReflect ¶
func (x *PermissionDeniedDetails) ProtoReflect() protoreflect.Message
func (*PermissionDeniedDetails) Reset ¶
func (x *PermissionDeniedDetails) Reset()
func (*PermissionDeniedDetails) String ¶
func (x *PermissionDeniedDetails) String() string
type PermissionDeniedDetails_Reason ¶
type PermissionDeniedDetails_Reason int32
const ( // Reason unknown. PermissionDeniedDetails_UNKNOWN PermissionDeniedDetails_Reason = 0 // Agent identity has expired. PermissionDeniedDetails_AGENT_EXPIRED PermissionDeniedDetails_Reason = 1 // Identity is not an attested agent. PermissionDeniedDetails_AGENT_NOT_ATTESTED PermissionDeniedDetails_Reason = 2 // Identity is not the active agent identity. PermissionDeniedDetails_AGENT_NOT_ACTIVE PermissionDeniedDetails_Reason = 3 // Agent has been banned. PermissionDeniedDetails_AGENT_BANNED PermissionDeniedDetails_Reason = 4 // Agent attempted to renew SVID, but should reattest instead PermissionDeniedDetails_AGENT_MUST_REATTEST PermissionDeniedDetails_Reason = 5 )
func (PermissionDeniedDetails_Reason) Descriptor ¶
func (PermissionDeniedDetails_Reason) Descriptor() protoreflect.EnumDescriptor
func (PermissionDeniedDetails_Reason) Enum ¶
func (x PermissionDeniedDetails_Reason) Enum() *PermissionDeniedDetails_Reason
func (PermissionDeniedDetails_Reason) EnumDescriptor
deprecated
func (PermissionDeniedDetails_Reason) EnumDescriptor() ([]byte, []int)
Deprecated: Use PermissionDeniedDetails_Reason.Descriptor instead.
func (PermissionDeniedDetails_Reason) Number ¶
func (x PermissionDeniedDetails_Reason) Number() protoreflect.EnumNumber
func (PermissionDeniedDetails_Reason) String ¶
func (x PermissionDeniedDetails_Reason) String() string
func (PermissionDeniedDetails_Reason) Type ¶
func (PermissionDeniedDetails_Reason) Type() protoreflect.EnumType
type SPIFFEID ¶
type SPIFFEID struct { // Trust domain portion the SPIFFE ID (e.g. "example.org") TrustDomain string `protobuf:"bytes,1,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"` // The path component of the SPIFFE ID (e.g. "/foo/bar/baz"). The path // SHOULD have a leading slash. Consumers MUST normalize the path before // making any sort of comparison between IDs. Path string `protobuf:"bytes,2,opt,name=path,proto3" json:"path,omitempty"` // contains filtered or unexported fields }
A SPIFFE ID, consisting of the trust domain name and a path portions of the SPIFFE ID URI.
func (*SPIFFEID) Descriptor
deprecated
func (*SPIFFEID) GetTrustDomain ¶
func (*SPIFFEID) ProtoMessage ¶
func (*SPIFFEID) ProtoMessage()
func (*SPIFFEID) ProtoReflect ¶
func (x *SPIFFEID) ProtoReflect() protoreflect.Message
type Selector ¶
type Selector struct { // The type of the selector. This is typically the name of the plugin that // produces the selector. Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` // The value of the selector. Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` // contains filtered or unexported fields }
func (*Selector) Descriptor
deprecated
func (*Selector) ProtoMessage ¶
func (*Selector) ProtoMessage()
func (*Selector) ProtoReflect ¶
func (x *Selector) ProtoReflect() protoreflect.Message
type SelectorMatch ¶
type SelectorMatch struct { // The set of selectors to match on. Selectors []*Selector `protobuf:"bytes,1,rep,name=selectors,proto3" json:"selectors,omitempty"` // How to match the selectors. Match SelectorMatch_MatchBehavior `protobuf:"varint,2,opt,name=match,proto3,enum=spire.api.types.SelectorMatch_MatchBehavior" json:"match,omitempty"` // contains filtered or unexported fields }
func (*SelectorMatch) Descriptor
deprecated
func (*SelectorMatch) Descriptor() ([]byte, []int)
Deprecated: Use SelectorMatch.ProtoReflect.Descriptor instead.
func (*SelectorMatch) GetMatch ¶
func (x *SelectorMatch) GetMatch() SelectorMatch_MatchBehavior
func (*SelectorMatch) GetSelectors ¶
func (x *SelectorMatch) GetSelectors() []*Selector
func (*SelectorMatch) ProtoMessage ¶
func (*SelectorMatch) ProtoMessage()
func (*SelectorMatch) ProtoReflect ¶
func (x *SelectorMatch) ProtoReflect() protoreflect.Message
func (*SelectorMatch) Reset ¶
func (x *SelectorMatch) Reset()
func (*SelectorMatch) String ¶
func (x *SelectorMatch) String() string
type SelectorMatch_MatchBehavior ¶
type SelectorMatch_MatchBehavior int32
const ( // Indicates that the selectors in this match are equal to the // candidate selectors, independent of ordering. // Example: // Given: // - 'e1 { Selectors: ["a:1", "b:2", "c:3"]}' // - 'e2 { Selectors: ["a:1", "b:2"]}' // - 'e3 { Selectors: ["a:1"]}' // Operation: // - MATCH_EXACT ["a:1", "b:2"] // Entries that match: // - 'e2' SelectorMatch_MATCH_EXACT SelectorMatch_MatchBehavior = 0 // Indicates that all candidates which have a non-empty subset // of the provided set of selectors will match. // Example: // Given: // - 'e1 { Selectors: ["a:1", "b:2", "c:3"]}' // - 'e2 { Selectors: ["a:1", "b:2"]}' // - 'e3 { Selectors: ["a:1"]}' // Operation: // - MATCH_SUBSET ["a:1"] // Entries that match: // - 'e1' SelectorMatch_MATCH_SUBSET SelectorMatch_MatchBehavior = 1 // Indicates that all candidates which are a superset // of the provided selectors will match. // Example: // Given: // - 'e1 { Selectors: ["a:1", "b:2", "c:3"]}' // - 'e2 { Selectors: ["a:1", "b:2"]}' // - 'e3 { Selectors: ["a:1"]}' // Operation: // - MATCH_SUPERSET ["a:1", "b:2"] // Entries that match: // - 'e1' // - 'e2' SelectorMatch_MATCH_SUPERSET SelectorMatch_MatchBehavior = 2 // Indicates that all candidates which have at least one // of the provided set of selectors will match. // Example: // Given: // - 'e1 { Selectors: ["a:1", "b:2", "c:3"]}' // - 'e2 { Selectors: ["a:1", "b:2"]}' // - 'e3 { Selectors: ["a:1"]}' // Operation: // - MATCH_ANY ["a:1"] // Entries that match: // - 'e1' // - 'e2' // - 'e3' SelectorMatch_MATCH_ANY SelectorMatch_MatchBehavior = 3 )
func (SelectorMatch_MatchBehavior) Descriptor ¶
func (SelectorMatch_MatchBehavior) Descriptor() protoreflect.EnumDescriptor
func (SelectorMatch_MatchBehavior) Enum ¶
func (x SelectorMatch_MatchBehavior) Enum() *SelectorMatch_MatchBehavior
func (SelectorMatch_MatchBehavior) EnumDescriptor
deprecated
func (SelectorMatch_MatchBehavior) EnumDescriptor() ([]byte, []int)
Deprecated: Use SelectorMatch_MatchBehavior.Descriptor instead.
func (SelectorMatch_MatchBehavior) Number ¶
func (x SelectorMatch_MatchBehavior) Number() protoreflect.EnumNumber
func (SelectorMatch_MatchBehavior) String ¶
func (x SelectorMatch_MatchBehavior) String() string
func (SelectorMatch_MatchBehavior) Type ¶
func (SelectorMatch_MatchBehavior) Type() protoreflect.EnumType
type Status ¶
type Status struct { // A status code, which should be an enum value of google.rpc.Code. Code int32 `protobuf:"varint,1,opt,name=code,proto3" json:"code,omitempty"` // A developer-facing error message. Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"` // contains filtered or unexported fields }
func (*Status) Descriptor
deprecated
func (*Status) GetMessage ¶
func (*Status) ProtoMessage ¶
func (*Status) ProtoMessage()
func (*Status) ProtoReflect ¶
func (x *Status) ProtoReflect() protoreflect.Message
type X509Certificate ¶
type X509Certificate struct { // The ASN.1 DER encoded bytes of the X.509 certificate. Asn1 []byte `protobuf:"bytes,1,opt,name=asn1,proto3" json:"asn1,omitempty"` // This authority is no longer secure and must not be used. Tainted bool `protobuf:"varint,2,opt,name=tainted,proto3" json:"tainted,omitempty"` // contains filtered or unexported fields }
func (*X509Certificate) Descriptor
deprecated
func (*X509Certificate) Descriptor() ([]byte, []int)
Deprecated: Use X509Certificate.ProtoReflect.Descriptor instead.
func (*X509Certificate) GetAsn1 ¶
func (x *X509Certificate) GetAsn1() []byte
func (*X509Certificate) GetTainted ¶ added in v1.7.2
func (x *X509Certificate) GetTainted() bool
func (*X509Certificate) ProtoMessage ¶
func (*X509Certificate) ProtoMessage()
func (*X509Certificate) ProtoReflect ¶
func (x *X509Certificate) ProtoReflect() protoreflect.Message
func (*X509Certificate) Reset ¶
func (x *X509Certificate) Reset()
func (*X509Certificate) String ¶
func (x *X509Certificate) String() string
type X509SVID ¶
type X509SVID struct { // Certificate and intermediates required to form a chain of trust back to // the X.509 authorities of the trust domain (ASN.1 DER encoded). CertChain [][]byte `protobuf:"bytes,1,rep,name=cert_chain,json=certChain,proto3" json:"cert_chain,omitempty"` // SPIFFE ID of the SVID. Id *SPIFFEID `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"` // Expiration timestamp (seconds since Unix epoch). ExpiresAt int64 `protobuf:"varint,3,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"` // Optional. An operator-specified string used to provide guidance on how this // identity should be used by a workload when more than one SVID is returned. // For example, `internal` and `external` to indicate an SVID for internal or // external use, respectively. Hint string `protobuf:"bytes,4,opt,name=hint,proto3" json:"hint,omitempty"` // contains filtered or unexported fields }
X.509 SPIFFE Verifiable Identity Document. It contains the raw X.509 certificate data as well as a few denormalized fields for convenience.
func (*X509SVID) Descriptor
deprecated
func (*X509SVID) GetCertChain ¶
func (*X509SVID) GetExpiresAt ¶
func (*X509SVID) ProtoMessage ¶
func (*X509SVID) ProtoMessage()
func (*X509SVID) ProtoReflect ¶
func (x *X509SVID) ProtoReflect() protoreflect.Message