nodeattestorv1

package
v1.11.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 21, 2024 License: Apache-2.0 Imports: 9 Imported by: 24

Documentation

Index

Constants

This section is empty.

Variables

View Source
var File_spire_plugin_server_nodeattestor_v1_nodeattestor_proto protoreflect.FileDescriptor
View Source
var NodeAttestor_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "spire.plugin.server.nodeattestor.v1.NodeAttestor",
	HandlerType: (*NodeAttestorServer)(nil),
	Methods:     []grpc.MethodDesc{},
	Streams: []grpc.StreamDesc{
		{
			StreamName:    "Attest",
			Handler:       _NodeAttestor_Attest_Handler,
			ServerStreams: true,
			ClientStreams: true,
		},
	},
	Metadata: "spire/plugin/server/nodeattestor/v1/nodeattestor.proto",
}

NodeAttestor_ServiceDesc is the grpc.ServiceDesc for NodeAttestor service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func NodeAttestorPluginServer

func NodeAttestorPluginServer(server NodeAttestorServer) pluginsdk.PluginServer

func RegisterNodeAttestorServer

func RegisterNodeAttestorServer(s grpc.ServiceRegistrar, srv NodeAttestorServer)

Types

type AgentAttributes

type AgentAttributes struct {

	// The ID to assign to the agent. Each agent in SPIRE must have a unique ID.
	// The convention for agent IDs is as follows:
	//
	// spiffe://<trust-domain>/spire/agent/<plugin-name>/<unique-suffix>
	//
	// with:
	// <trust-domain>  = the trust domain that the server belongs to
	// <plugin-name>   = the name of the plugin which attested the agent
	// <unique-suffix> = a unique suffix for this agent
	//
	// As of SPIRE 1.2.1, a warning is emitted when plugins return agent IDs
	// that do not follow the convention. Future SPIRE releases will enforce
	// the convention (see SPIRE issue #2712).
	SpiffeId string `protobuf:"bytes,1,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"`
	// Optional. Selectors values to ascribe to the agent. The type of the
	// selectors will be inferred from the plugin name.
	SelectorValues []string `protobuf:"bytes,2,rep,name=selector_values,json=selectorValues,proto3" json:"selector_values,omitempty"`
	// Optional. If can_reattest is true, then this attestation method
	// allows an agent to attest multiple times with the same
	// attestation payload without operator intervention.
	// This also allows the server to clear out old entries automatically
	// since they can be easily recreated.
	CanReattest bool `protobuf:"varint,3,opt,name=can_reattest,json=canReattest,proto3" json:"can_reattest,omitempty"`
	// contains filtered or unexported fields
}

func (*AgentAttributes) Descriptor deprecated

func (*AgentAttributes) Descriptor() ([]byte, []int)

Deprecated: Use AgentAttributes.ProtoReflect.Descriptor instead.

func (*AgentAttributes) GetCanReattest added in v1.2.0

func (x *AgentAttributes) GetCanReattest() bool

func (*AgentAttributes) GetSelectorValues

func (x *AgentAttributes) GetSelectorValues() []string

func (*AgentAttributes) GetSpiffeId

func (x *AgentAttributes) GetSpiffeId() string

func (*AgentAttributes) ProtoMessage

func (*AgentAttributes) ProtoMessage()

func (*AgentAttributes) ProtoReflect

func (x *AgentAttributes) ProtoReflect() protoreflect.Message

func (*AgentAttributes) Reset

func (x *AgentAttributes) Reset()

func (*AgentAttributes) String

func (x *AgentAttributes) String() string

type AttestRequest

type AttestRequest struct {

	// Types that are assignable to Request:
	//	*AttestRequest_Payload
	//	*AttestRequest_ChallengeResponse
	Request isAttestRequest_Request `protobuf_oneof:"request"`
	// contains filtered or unexported fields
}

func (*AttestRequest) Descriptor deprecated

func (*AttestRequest) Descriptor() ([]byte, []int)

Deprecated: Use AttestRequest.ProtoReflect.Descriptor instead.

func (*AttestRequest) GetChallengeResponse

func (x *AttestRequest) GetChallengeResponse() []byte

func (*AttestRequest) GetPayload

func (x *AttestRequest) GetPayload() []byte

func (*AttestRequest) GetRequest

func (m *AttestRequest) GetRequest() isAttestRequest_Request

func (*AttestRequest) ProtoMessage

func (*AttestRequest) ProtoMessage()

func (*AttestRequest) ProtoReflect

func (x *AttestRequest) ProtoReflect() protoreflect.Message

func (*AttestRequest) Reset

func (x *AttestRequest) Reset()

func (*AttestRequest) String

func (x *AttestRequest) String() string

type AttestRequest_ChallengeResponse

type AttestRequest_ChallengeResponse struct {
	// Required in subsequent requests. The response to a plugin issued
	// challenge. See the Attest RPC for details.
	ChallengeResponse []byte `protobuf:"bytes,2,opt,name=challenge_response,json=challengeResponse,proto3,oneof"`
}

type AttestRequest_Payload

type AttestRequest_Payload struct {
	// Required in the first request. The attestation payload. See the
	// Attest RPC for details.
	Payload []byte `protobuf:"bytes,1,opt,name=payload,proto3,oneof"`
}

type AttestResponse

type AttestResponse struct {

	// Types that are assignable to Response:
	//	*AttestResponse_Challenge
	//	*AttestResponse_AgentAttributes
	Response isAttestResponse_Response `protobuf_oneof:"response"`
	// contains filtered or unexported fields
}

func (*AttestResponse) Descriptor deprecated

func (*AttestResponse) Descriptor() ([]byte, []int)

Deprecated: Use AttestResponse.ProtoReflect.Descriptor instead.

func (*AttestResponse) GetAgentAttributes

func (x *AttestResponse) GetAgentAttributes() *AgentAttributes

func (*AttestResponse) GetChallenge

func (x *AttestResponse) GetChallenge() []byte

func (*AttestResponse) GetResponse

func (m *AttestResponse) GetResponse() isAttestResponse_Response

func (*AttestResponse) ProtoMessage

func (*AttestResponse) ProtoMessage()

func (*AttestResponse) ProtoReflect

func (x *AttestResponse) ProtoReflect() protoreflect.Message

func (*AttestResponse) Reset

func (x *AttestResponse) Reset()

func (*AttestResponse) String

func (x *AttestResponse) String() string

type AttestResponse_AgentAttributes

type AttestResponse_AgentAttributes struct {
	// Required as the last response. The agent attributes resulting from
	// the attestation. See the Attest RPC for details.
	AgentAttributes *AgentAttributes `protobuf:"bytes,2,opt,name=agent_attributes,json=agentAttributes,proto3,oneof"`
}

type AttestResponse_Challenge

type AttestResponse_Challenge struct {
	// Required in all but the last response. The challenge to issue the
	// agent. See the Attest RPC for details.
	Challenge []byte `protobuf:"bytes,1,opt,name=challenge,proto3,oneof"`
}

type NodeAttestorClient

type NodeAttestorClient interface {
	// Attest attests attestation payload received from the agent and
	// optionally participates in challenge/response attestation mechanics.
	//
	// The attestation flow is as follows:
	// 1. SPIRE Server opens up a stream to the plugin via Attest.
	// 2. SPIRE Server sends a request containing the attestation payload
	//    received from the agent.
	// 3. Optionally, the plugin responds with a challenge:
	//    3a. SPIRE Server sends the challenge to the agent.
	//    3b. SPIRE Agent responds with the challenge response.
	//    3c. SPIRE Server sends the challenge response to the plugin.
	//    3d. Step 3 is repeated until the plugin is satisfied and does
	//        not respond with an additional challenge.
	// 4. The plugin returns the attestation results to SPIRE Server and closes
	//    the stream.
	Attest(ctx context.Context, opts ...grpc.CallOption) (NodeAttestor_AttestClient, error)
}

NodeAttestorClient is the client API for NodeAttestor service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

type NodeAttestorPluginClient

type NodeAttestorPluginClient struct {
	NodeAttestorClient
}

func (*NodeAttestorPluginClient) GRPCServiceName

func (c *NodeAttestorPluginClient) GRPCServiceName() string

func (*NodeAttestorPluginClient) InitClient

func (c *NodeAttestorPluginClient) InitClient(conn grpc.ClientConnInterface) interface{}

func (*NodeAttestorPluginClient) IsInitialized

func (c *NodeAttestorPluginClient) IsInitialized() bool

func (NodeAttestorPluginClient) Type

type NodeAttestorServer

type NodeAttestorServer interface {
	// Attest attests attestation payload received from the agent and
	// optionally participates in challenge/response attestation mechanics.
	//
	// The attestation flow is as follows:
	// 1. SPIRE Server opens up a stream to the plugin via Attest.
	// 2. SPIRE Server sends a request containing the attestation payload
	//    received from the agent.
	// 3. Optionally, the plugin responds with a challenge:
	//    3a. SPIRE Server sends the challenge to the agent.
	//    3b. SPIRE Agent responds with the challenge response.
	//    3c. SPIRE Server sends the challenge response to the plugin.
	//    3d. Step 3 is repeated until the plugin is satisfied and does
	//        not respond with an additional challenge.
	// 4. The plugin returns the attestation results to SPIRE Server and closes
	//    the stream.
	Attest(NodeAttestor_AttestServer) error
	// contains filtered or unexported methods
}

NodeAttestorServer is the server API for NodeAttestor service. All implementations must embed UnimplementedNodeAttestorServer for forward compatibility

type NodeAttestor_AttestClient

type NodeAttestor_AttestClient interface {
	Send(*AttestRequest) error
	Recv() (*AttestResponse, error)
	grpc.ClientStream
}

type NodeAttestor_AttestServer

type NodeAttestor_AttestServer interface {
	Send(*AttestResponse) error
	Recv() (*AttestRequest, error)
	grpc.ServerStream
}

type UnimplementedNodeAttestorServer

type UnimplementedNodeAttestorServer struct {
}

UnimplementedNodeAttestorServer must be embedded to have forward compatible implementations.

func (UnimplementedNodeAttestorServer) Attest

type UnsafeNodeAttestorServer

type UnsafeNodeAttestorServer interface {
	// contains filtered or unexported methods
}

UnsafeNodeAttestorServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to NodeAttestorServer will result in compilation errors.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL