nodeattestorv1

package
v1.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 21, 2024 License: Apache-2.0 Imports: 9 Imported by: 24

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var File_spire_plugin_server_nodeattestor_v1_nodeattestor_proto protoreflect.FileDescriptor
View Source 
var NodeAttestor_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "spire.plugin.server.nodeattestor.v1.NodeAttestor",
	HandlerType: (*NodeAttestorServer)(nil),
	Methods:     []grpc.MethodDesc{},
	Streams: []grpc.StreamDesc{
		{
			StreamName:    "Attest",
			Handler:       _NodeAttestor_Attest_Handler,
			ServerStreams: true,
			ClientStreams: true,
		},
	},
	Metadata: "spire/plugin/server/nodeattestor/v1/nodeattestor.proto",
}

NodeAttestor_ServiceDesc is the grpc.ServiceDesc for NodeAttestor service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func NodeAttestorPluginServer 

func NodeAttestorPluginServer(server NodeAttestorServer) pluginsdk.PluginServer

func RegisterNodeAttestorServer 

func RegisterNodeAttestorServer(s grpc.ServiceRegistrar, srv NodeAttestorServer)

Types

type AgentAttributes 

type AgentAttributes struct {

	// The ID to assign to the agent. Each agent in SPIRE must have a unique ID.
	// The convention for agent IDs is as follows:
	//
	// spiffe://<trust-domain>/spire/agent/<plugin-name>/<unique-suffix>
	//
	// with:
	// <trust-domain>  = the trust domain that the server belongs to
	// <plugin-name>   = the name of the plugin which attested the agent
	// <unique-suffix> = a unique suffix for this agent
	//
	// As of SPIRE 1.2.1, a warning is emitted when plugins return agent IDs
	// that do not follow the convention. Future SPIRE releases will enforce
	// the convention (see SPIRE issue #2712).
	SpiffeId string `protobuf:"bytes,1,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"`
	// Optional. Selectors values to ascribe to the agent. The type of the
	// selectors will be inferred from the plugin name.
	SelectorValues []string `protobuf:"bytes,2,rep,name=selector_values,json=selectorValues,proto3" json:"selector_values,omitempty"`
	// Optional. If can_reattest is true, then this attestation method
	// allows an agent to attest multiple times with the same
	// attestation payload without operator intervention.
	// This also allows the server to clear out old entries automatically
	// since they can be easily recreated.
	CanReattest bool `protobuf:"varint,3,opt,name=can_reattest,json=canReattest,proto3" json:"can_reattest,omitempty"`
	// contains filtered or unexported fields
}

func (*AgentAttributes) Descriptor deprecated 

func (*AgentAttributes) Descriptor() ([]byte, []int)

Deprecated: Use AgentAttributes.ProtoReflect.Descriptor instead.

func (*AgentAttributes) GetCanReattest added in v1.2.0 

func (x *AgentAttributes) GetCanReattest() bool

func (*AgentAttributes) GetSelectorValues 

func (x *AgentAttributes) GetSelectorValues() []string

func (*AgentAttributes) GetSpiffeId 

func (x *AgentAttributes) GetSpiffeId() string

func (*AgentAttributes) ProtoMessage 

func (*AgentAttributes) ProtoMessage()

func (*AgentAttributes) ProtoReflect 

func (x *AgentAttributes) ProtoReflect() protoreflect.Message

func (*AgentAttributes) Reset 

func (x *AgentAttributes) Reset()

func (*AgentAttributes) String 

func (x *AgentAttributes) String() string

type AttestRequest 

type AttestRequest struct {

	// Types that are assignable to Request:
	//	*AttestRequest_Payload
	//	*AttestRequest_ChallengeResponse
	Request isAttestRequest_Request `protobuf_oneof:"request"`
	// contains filtered or unexported fields
}

func (*AttestRequest) Descriptor deprecated 

func (*AttestRequest) Descriptor() ([]byte, []int)

Deprecated: Use AttestRequest.ProtoReflect.Descriptor instead.

func (*AttestRequest) GetChallengeResponse 

func (x *AttestRequest) GetChallengeResponse() []byte

func (*AttestRequest) GetPayload 

func (x *AttestRequest) GetPayload() []byte

func (*AttestRequest) GetRequest 

func (m *AttestRequest) GetRequest() isAttestRequest_Request

func (*AttestRequest) ProtoMessage 

func (*AttestRequest) ProtoMessage()

func (*AttestRequest) ProtoReflect 

func (x *AttestRequest) ProtoReflect() protoreflect.Message

func (*AttestRequest) Reset 

func (x *AttestRequest) Reset()

func (*AttestRequest) String 

func (x *AttestRequest) String() string

type AttestRequest_ChallengeResponse 

type AttestRequest_ChallengeResponse struct {
	// Required in subsequent requests. The response to a plugin issued
	// challenge. See the Attest RPC for details.
	ChallengeResponse []byte `protobuf:"bytes,2,opt,name=challenge_response,json=challengeResponse,proto3,oneof"`
}

type AttestRequest_Payload 

type AttestRequest_Payload struct {
	// Required in the first request. The attestation payload. See the
	// Attest RPC for details.
	Payload []byte `protobuf:"bytes,1,opt,name=payload,proto3,oneof"`
}

type AttestResponse 

type AttestResponse struct {

	// Types that are assignable to Response:
	//	*AttestResponse_Challenge
	//	*AttestResponse_AgentAttributes
	Response isAttestResponse_Response `protobuf_oneof:"response"`
	// contains filtered or unexported fields
}

func (*AttestResponse) Descriptor deprecated 

func (*AttestResponse) Descriptor() ([]byte, []int)

Deprecated: Use AttestResponse.ProtoReflect.Descriptor instead.

func (*AttestResponse) GetAgentAttributes 

func (x *AttestResponse) GetAgentAttributes() *AgentAttributes

func (*AttestResponse) GetChallenge 

func (x *AttestResponse) GetChallenge() []byte

func (*AttestResponse) GetResponse 

func (m *AttestResponse) GetResponse() isAttestResponse_Response

func (*AttestResponse) ProtoMessage 

func (*AttestResponse) ProtoMessage()

func (*AttestResponse) ProtoReflect 

func (x *AttestResponse) ProtoReflect() protoreflect.Message

func (*AttestResponse) Reset 

func (x *AttestResponse) Reset()

func (*AttestResponse) String 

func (x *AttestResponse) String() string

type AttestResponse_AgentAttributes 

type AttestResponse_AgentAttributes struct {
	// Required as the last response. The agent attributes resulting from
	// the attestation. See the Attest RPC for details.
	AgentAttributes *AgentAttributes `protobuf:"bytes,2,opt,name=agent_attributes,json=agentAttributes,proto3,oneof"`
}

type AttestResponse_Challenge 

type AttestResponse_Challenge struct {
	// Required in all but the last response. The challenge to issue the
	// agent. See the Attest RPC for details.
	Challenge []byte `protobuf:"bytes,1,opt,name=challenge,proto3,oneof"`
}

type NodeAttestorClient 

type NodeAttestorClient interface {
	// Attest attests attestation payload received from the agent and
	// optionally participates in challenge/response attestation mechanics.
	//
	// The attestation flow is as follows:
	// 1. SPIRE Server opens up a stream to the plugin via Attest.
	// 2. SPIRE Server sends a request containing the attestation payload
	//    received from the agent.
	// 3. Optionally, the plugin responds with a challenge:
	//    3a. SPIRE Server sends the challenge to the agent.
	//    3b. SPIRE Agent responds with the challenge response.
	//    3c. SPIRE Server sends the challenge response to the plugin.
	//    3d. Step 3 is repeated until the plugin is satisfied and does
	//        not respond with an additional challenge.
	// 4. The plugin returns the attestation results to SPIRE Server and closes
	//    the stream.
	Attest(ctx context.Context, opts ...grpc.CallOption) (NodeAttestor_AttestClient, error)
}

NodeAttestorClient is the client API for NodeAttestor service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewNodeAttestorClient 

func NewNodeAttestorClient(cc grpc.ClientConnInterface) NodeAttestorClient

type NodeAttestorPluginClient 

type NodeAttestorPluginClient struct {
	NodeAttestorClient
}

func (*NodeAttestorPluginClient) GRPCServiceName 

func (c *NodeAttestorPluginClient) GRPCServiceName() string

func (*NodeAttestorPluginClient) InitClient 

func (c *NodeAttestorPluginClient) InitClient(conn grpc.ClientConnInterface) interface{}

func (*NodeAttestorPluginClient) IsInitialized 

func (c *NodeAttestorPluginClient) IsInitialized() bool

func (NodeAttestorPluginClient) Type 

func (s NodeAttestorPluginClient) Type() string

type NodeAttestorServer 

type NodeAttestorServer interface {
	// Attest attests attestation payload received from the agent and
	// optionally participates in challenge/response attestation mechanics.
	//
	// The attestation flow is as follows:
	// 1. SPIRE Server opens up a stream to the plugin via Attest.
	// 2. SPIRE Server sends a request containing the attestation payload
	//    received from the agent.
	// 3. Optionally, the plugin responds with a challenge:
	//    3a. SPIRE Server sends the challenge to the agent.
	//    3b. SPIRE Agent responds with the challenge response.
	//    3c. SPIRE Server sends the challenge response to the plugin.
	//    3d. Step 3 is repeated until the plugin is satisfied and does
	//        not respond with an additional challenge.
	// 4. The plugin returns the attestation results to SPIRE Server and closes
	//    the stream.
	Attest(NodeAttestor_AttestServer) error
	// contains filtered or unexported methods
}

NodeAttestorServer is the server API for NodeAttestor service. All implementations must embed UnimplementedNodeAttestorServer for forward compatibility

type NodeAttestor_AttestClient 

type NodeAttestor_AttestClient interface {
	Send(*AttestRequest) error
	Recv() (*AttestResponse, error)
	grpc.ClientStream
}

type NodeAttestor_AttestServer 

type NodeAttestor_AttestServer interface {
	Send(*AttestResponse) error
	Recv() (*AttestRequest, error)
	grpc.ServerStream
}

type UnimplementedNodeAttestorServer 

type UnimplementedNodeAttestorServer struct {
}

UnimplementedNodeAttestorServer must be embedded to have forward compatible implementations.

func (UnimplementedNodeAttestorServer) Attest 

func (UnimplementedNodeAttestorServer) Attest(NodeAttestor_AttestServer) error

type UnsafeNodeAttestorServer 

type UnsafeNodeAttestorServer interface {
	// contains filtered or unexported methods
}

UnsafeNodeAttestorServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to NodeAttestorServer will result in compilation errors.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.