upstreamauthorityv1

package
v1.0.0-pre.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 24, 2021 License: Apache-2.0 Imports: 10 Imported by: 14

Documentation

Index

Constants

This section is empty.

Variables

View Source
var File_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto protoreflect.FileDescriptor
View Source
var UpstreamAuthority_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "spire.plugin.server.upstreamauthority.v1.UpstreamAuthority",
	HandlerType: (*UpstreamAuthorityServer)(nil),
	Methods:     []grpc.MethodDesc{},
	Streams: []grpc.StreamDesc{
		{
			StreamName:    "MintX509CAAndSubscribe",
			Handler:       _UpstreamAuthority_MintX509CAAndSubscribe_Handler,
			ServerStreams: true,
		},
		{
			StreamName:    "PublishJWTKeyAndSubscribe",
			Handler:       _UpstreamAuthority_PublishJWTKeyAndSubscribe_Handler,
			ServerStreams: true,
		},
	},
	Metadata: "spire/plugin/server/upstreamauthority/v1/upstreamauthority.proto",
}

UpstreamAuthority_ServiceDesc is the grpc.ServiceDesc for UpstreamAuthority service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func RegisterUpstreamAuthorityServer

func RegisterUpstreamAuthorityServer(s grpc.ServiceRegistrar, srv UpstreamAuthorityServer)

func UpstreamAuthorityPluginServer

func UpstreamAuthorityPluginServer(server UpstreamAuthorityServer) pluginsdk.PluginServer

Types

type MintX509CARequest

type MintX509CARequest struct {

	// Required. Certificate signing request (PKCS#10)
	Csr []byte `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"`
	// Optional. Preferred TTL is the TTL preferred by SPIRE Server for signed CA. If
	// zero, the plugin should determine its own TTL value. Plugins are free to
	// ignore this and use their own policies around TTLs.
	PreferredTtl int32 `protobuf:"varint,2,opt,name=preferred_ttl,json=preferredTtl,proto3" json:"preferred_ttl,omitempty"`
	// contains filtered or unexported fields
}

func (*MintX509CARequest) Descriptor deprecated

func (*MintX509CARequest) Descriptor() ([]byte, []int)

Deprecated: Use MintX509CARequest.ProtoReflect.Descriptor instead.

func (*MintX509CARequest) GetCsr

func (x *MintX509CARequest) GetCsr() []byte

func (*MintX509CARequest) GetPreferredTtl

func (x *MintX509CARequest) GetPreferredTtl() int32

func (*MintX509CARequest) ProtoMessage

func (*MintX509CARequest) ProtoMessage()

func (*MintX509CARequest) ProtoReflect

func (x *MintX509CARequest) ProtoReflect() protoreflect.Message

func (*MintX509CARequest) Reset

func (x *MintX509CARequest) Reset()

func (*MintX509CARequest) String

func (x *MintX509CARequest) String() string

type MintX509CAResponse

type MintX509CAResponse struct {

	// Required on the first response. Contains ASN.1 encoded certificates
	// representing the X.509 CA along with any intermediates necessary to
	// chain back to a certificate present in the upstream_x509_roots. The
	// first certificate in the chain is the newly minted X509 CA certificate.
	X509CaChain []*types.X509Certificate `protobuf:"bytes,1,rep,name=x509_ca_chain,json=x509CaChain,proto3" json:"x509_ca_chain,omitempty"`
	// Required. The trusted X.509 root authorities for the upstream authority.
	UpstreamX509Roots []*types.X509Certificate `protobuf:"bytes,2,rep,name=upstream_x509_roots,json=upstreamX509Roots,proto3" json:"upstream_x509_roots,omitempty"`
	// contains filtered or unexported fields
}

func (*MintX509CAResponse) Descriptor deprecated

func (*MintX509CAResponse) Descriptor() ([]byte, []int)

Deprecated: Use MintX509CAResponse.ProtoReflect.Descriptor instead.

func (*MintX509CAResponse) GetUpstreamX509Roots

func (x *MintX509CAResponse) GetUpstreamX509Roots() []*types.X509Certificate

func (*MintX509CAResponse) GetX509CaChain

func (x *MintX509CAResponse) GetX509CaChain() []*types.X509Certificate

func (*MintX509CAResponse) ProtoMessage

func (*MintX509CAResponse) ProtoMessage()

func (*MintX509CAResponse) ProtoReflect

func (x *MintX509CAResponse) ProtoReflect() protoreflect.Message

func (*MintX509CAResponse) Reset

func (x *MintX509CAResponse) Reset()

func (*MintX509CAResponse) String

func (x *MintX509CAResponse) String() string

type PublishJWTKeyRequest

type PublishJWTKeyRequest struct {

	// Required. The JWT signing key to publish upstream.
	JwtKey *types.JWTKey `protobuf:"bytes,1,opt,name=jwt_key,json=jwtKey,proto3" json:"jwt_key,omitempty"`
	// contains filtered or unexported fields
}

func (*PublishJWTKeyRequest) Descriptor deprecated

func (*PublishJWTKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use PublishJWTKeyRequest.ProtoReflect.Descriptor instead.

func (*PublishJWTKeyRequest) GetJwtKey

func (x *PublishJWTKeyRequest) GetJwtKey() *types.JWTKey

func (*PublishJWTKeyRequest) ProtoMessage

func (*PublishJWTKeyRequest) ProtoMessage()

func (*PublishJWTKeyRequest) ProtoReflect

func (x *PublishJWTKeyRequest) ProtoReflect() protoreflect.Message

func (*PublishJWTKeyRequest) Reset

func (x *PublishJWTKeyRequest) Reset()

func (*PublishJWTKeyRequest) String

func (x *PublishJWTKeyRequest) String() string

type PublishJWTKeyResponse

type PublishJWTKeyResponse struct {

	// Required. The upstream JWT signing keys.
	UpstreamJwtKeys []*types.JWTKey `protobuf:"bytes,1,rep,name=upstream_jwt_keys,json=upstreamJwtKeys,proto3" json:"upstream_jwt_keys,omitempty"`
	// contains filtered or unexported fields
}

func (*PublishJWTKeyResponse) Descriptor deprecated

func (*PublishJWTKeyResponse) Descriptor() ([]byte, []int)

Deprecated: Use PublishJWTKeyResponse.ProtoReflect.Descriptor instead.

func (*PublishJWTKeyResponse) GetUpstreamJwtKeys

func (x *PublishJWTKeyResponse) GetUpstreamJwtKeys() []*types.JWTKey

func (*PublishJWTKeyResponse) ProtoMessage

func (*PublishJWTKeyResponse) ProtoMessage()

func (*PublishJWTKeyResponse) ProtoReflect

func (x *PublishJWTKeyResponse) ProtoReflect() protoreflect.Message

func (*PublishJWTKeyResponse) Reset

func (x *PublishJWTKeyResponse) Reset()

func (*PublishJWTKeyResponse) String

func (x *PublishJWTKeyResponse) String() string

type UnimplementedUpstreamAuthorityServer

type UnimplementedUpstreamAuthorityServer struct {
}

UnimplementedUpstreamAuthorityServer must be embedded to have forward compatible implementations.

type UnsafeUpstreamAuthorityServer

type UnsafeUpstreamAuthorityServer interface {
	// contains filtered or unexported methods
}

UnsafeUpstreamAuthorityServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to UpstreamAuthorityServer will result in compilation errors.

type UpstreamAuthorityClient

type UpstreamAuthorityClient interface {
	// Mints an X.509 CA and responds with the signed X.509 CA certificate
	// chain and upstream X.509 roots. If supported by the implementation,
	// subsequent responses on the stream contain upstream X.509 root updates,
	// otherwise the stream is closed after the initial response.
	//
	// Implementation note:
	// The stream should be kept open in the face of transient errors
	// encountered while tracking changes to the upstream X.509 roots as SPIRE
	// Server will not reopen a closed stream until the next X.509 CA rotation.
	MintX509CAAndSubscribe(ctx context.Context, in *MintX509CARequest, opts ...grpc.CallOption) (UpstreamAuthority_MintX509CAAndSubscribeClient, error)
	// Publishes a JWT signing key upstream and responds with the upstream JWT
	// keys. If supported by the implementation, subsequent responses on the
	// stream contain upstream JWT key updates, otherwise the stream is closed
	// after the initial response.
	//
	// This RPC is optional and will return NotImplemented if unsupported.
	//
	// Implementation note:
	// The stream should be kept open in the face of transient errors
	// encountered while tracking changes to the upstream JWT keys as SPIRE
	// Server will not reopen a closed stream until the next JWT key rotation.
	PublishJWTKeyAndSubscribe(ctx context.Context, in *PublishJWTKeyRequest, opts ...grpc.CallOption) (UpstreamAuthority_PublishJWTKeyAndSubscribeClient, error)
}

UpstreamAuthorityClient is the client API for UpstreamAuthority service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

type UpstreamAuthorityPluginClient

type UpstreamAuthorityPluginClient struct {
	UpstreamAuthorityClient
}

func (*UpstreamAuthorityPluginClient) GRPCServiceName

func (c *UpstreamAuthorityPluginClient) GRPCServiceName() string

func (*UpstreamAuthorityPluginClient) InitClient

func (c *UpstreamAuthorityPluginClient) InitClient(conn grpc.ClientConnInterface) interface{}

func (*UpstreamAuthorityPluginClient) IsInitialized

func (c *UpstreamAuthorityPluginClient) IsInitialized() bool

func (UpstreamAuthorityPluginClient) Type

type UpstreamAuthorityServer

type UpstreamAuthorityServer interface {
	// Mints an X.509 CA and responds with the signed X.509 CA certificate
	// chain and upstream X.509 roots. If supported by the implementation,
	// subsequent responses on the stream contain upstream X.509 root updates,
	// otherwise the stream is closed after the initial response.
	//
	// Implementation note:
	// The stream should be kept open in the face of transient errors
	// encountered while tracking changes to the upstream X.509 roots as SPIRE
	// Server will not reopen a closed stream until the next X.509 CA rotation.
	MintX509CAAndSubscribe(*MintX509CARequest, UpstreamAuthority_MintX509CAAndSubscribeServer) error
	// Publishes a JWT signing key upstream and responds with the upstream JWT
	// keys. If supported by the implementation, subsequent responses on the
	// stream contain upstream JWT key updates, otherwise the stream is closed
	// after the initial response.
	//
	// This RPC is optional and will return NotImplemented if unsupported.
	//
	// Implementation note:
	// The stream should be kept open in the face of transient errors
	// encountered while tracking changes to the upstream JWT keys as SPIRE
	// Server will not reopen a closed stream until the next JWT key rotation.
	PublishJWTKeyAndSubscribe(*PublishJWTKeyRequest, UpstreamAuthority_PublishJWTKeyAndSubscribeServer) error
	// contains filtered or unexported methods
}

UpstreamAuthorityServer is the server API for UpstreamAuthority service. All implementations must embed UnimplementedUpstreamAuthorityServer for forward compatibility

type UpstreamAuthority_MintX509CAAndSubscribeClient

type UpstreamAuthority_MintX509CAAndSubscribeClient interface {
	Recv() (*MintX509CAResponse, error)
	grpc.ClientStream
}

type UpstreamAuthority_MintX509CAAndSubscribeServer

type UpstreamAuthority_MintX509CAAndSubscribeServer interface {
	Send(*MintX509CAResponse) error
	grpc.ServerStream
}

type UpstreamAuthority_PublishJWTKeyAndSubscribeClient

type UpstreamAuthority_PublishJWTKeyAndSubscribeClient interface {
	Recv() (*PublishJWTKeyResponse, error)
	grpc.ClientStream
}

type UpstreamAuthority_PublishJWTKeyAndSubscribeServer

type UpstreamAuthority_PublishJWTKeyAndSubscribeServer interface {
	Send(*PublishJWTKeyResponse) error
	grpc.ServerStream
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL