upstreamauthorityv1

package
v1.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 28, 2021 License: Apache-2.0 Imports: 10 Imported by: 14

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var File_spire_plugin_server_upstreamauthority_v1_upstreamauthority_proto protoreflect.FileDescriptor
View Source 
var UpstreamAuthority_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "spire.plugin.server.upstreamauthority.v1.UpstreamAuthority",
	HandlerType: (*UpstreamAuthorityServer)(nil),
	Methods:     []grpc.MethodDesc{},
	Streams: []grpc.StreamDesc{
		{
			StreamName:    "MintX509CAAndSubscribe",
			Handler:       _UpstreamAuthority_MintX509CAAndSubscribe_Handler,
			ServerStreams: true,
		},
		{
			StreamName:    "PublishJWTKeyAndSubscribe",
			Handler:       _UpstreamAuthority_PublishJWTKeyAndSubscribe_Handler,
			ServerStreams: true,
		},
	},
	Metadata: "spire/plugin/server/upstreamauthority/v1/upstreamauthority.proto",
}

UpstreamAuthority_ServiceDesc is the grpc.ServiceDesc for UpstreamAuthority service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func RegisterUpstreamAuthorityServer 

func RegisterUpstreamAuthorityServer(s grpc.ServiceRegistrar, srv UpstreamAuthorityServer)

func UpstreamAuthorityPluginServer 

func UpstreamAuthorityPluginServer(server UpstreamAuthorityServer) pluginsdk.PluginServer

Types

type MintX509CARequest 

type MintX509CARequest struct {

	// Required. Certificate signing request (PKCS#10)
	Csr []byte `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"`
	// Optional. Preferred TTL is the TTL preferred by SPIRE Server for signed CA. If
	// zero, the plugin should determine its own TTL value. Plugins are free to
	// ignore this and use their own policies around TTLs.
	PreferredTtl int32 `protobuf:"varint,2,opt,name=preferred_ttl,json=preferredTtl,proto3" json:"preferred_ttl,omitempty"`
	// contains filtered or unexported fields
}

func (*MintX509CARequest) Descriptor deprecated 

func (*MintX509CARequest) Descriptor() ([]byte, []int)

Deprecated: Use MintX509CARequest.ProtoReflect.Descriptor instead.

func (*MintX509CARequest) GetCsr 

func (x *MintX509CARequest) GetCsr() []byte

func (*MintX509CARequest) GetPreferredTtl 

func (x *MintX509CARequest) GetPreferredTtl() int32

func (*MintX509CARequest) ProtoMessage 

func (*MintX509CARequest) ProtoMessage()

func (*MintX509CARequest) ProtoReflect 

func (x *MintX509CARequest) ProtoReflect() protoreflect.Message

func (*MintX509CARequest) Reset 

func (x *MintX509CARequest) Reset()

func (*MintX509CARequest) String 

func (x *MintX509CARequest) String() string

type MintX509CAResponse 

type MintX509CAResponse struct {

	// Required on the first response. Contains ASN.1 encoded certificates
	// representing the X.509 CA along with any intermediates necessary to
	// chain back to a certificate present in the upstream_x509_roots. The
	// first certificate in the chain is the newly minted X509 CA certificate.
	X509CaChain []*types.X509Certificate `protobuf:"bytes,1,rep,name=x509_ca_chain,json=x509CaChain,proto3" json:"x509_ca_chain,omitempty"`
	// Required. The trusted X.509 root authorities for the upstream authority.
	UpstreamX509Roots []*types.X509Certificate `protobuf:"bytes,2,rep,name=upstream_x509_roots,json=upstreamX509Roots,proto3" json:"upstream_x509_roots,omitempty"`
	// contains filtered or unexported fields
}

func (*MintX509CAResponse) Descriptor deprecated 

func (*MintX509CAResponse) Descriptor() ([]byte, []int)

Deprecated: Use MintX509CAResponse.ProtoReflect.Descriptor instead.

func (*MintX509CAResponse) GetUpstreamX509Roots 

func (x *MintX509CAResponse) GetUpstreamX509Roots() []*types.X509Certificate

func (*MintX509CAResponse) GetX509CaChain 

func (x *MintX509CAResponse) GetX509CaChain() []*types.X509Certificate

func (*MintX509CAResponse) ProtoMessage 

func (*MintX509CAResponse) ProtoMessage()

func (*MintX509CAResponse) ProtoReflect 

func (x *MintX509CAResponse) ProtoReflect() protoreflect.Message

func (*MintX509CAResponse) Reset 

func (x *MintX509CAResponse) Reset()

func (*MintX509CAResponse) String 

func (x *MintX509CAResponse) String() string

type PublishJWTKeyRequest 

type PublishJWTKeyRequest struct {

	// Required. The JWT signing key to publish upstream.
	JwtKey *types.JWTKey `protobuf:"bytes,1,opt,name=jwt_key,json=jwtKey,proto3" json:"jwt_key,omitempty"`
	// contains filtered or unexported fields
}

func (*PublishJWTKeyRequest) Descriptor deprecated 

func (*PublishJWTKeyRequest) Descriptor() ([]byte, []int)

Deprecated: Use PublishJWTKeyRequest.ProtoReflect.Descriptor instead.

func (*PublishJWTKeyRequest) GetJwtKey 

func (x *PublishJWTKeyRequest) GetJwtKey() *types.JWTKey

func (*PublishJWTKeyRequest) ProtoMessage 

func (*PublishJWTKeyRequest) ProtoMessage()

func (*PublishJWTKeyRequest) ProtoReflect 

func (x *PublishJWTKeyRequest) ProtoReflect() protoreflect.Message

func (*PublishJWTKeyRequest) Reset 

func (x *PublishJWTKeyRequest) Reset()

func (*PublishJWTKeyRequest) String 

func (x *PublishJWTKeyRequest) String() string

type PublishJWTKeyResponse 

type PublishJWTKeyResponse struct {

	// Required. The upstream JWT signing keys.
	UpstreamJwtKeys []*types.JWTKey `protobuf:"bytes,1,rep,name=upstream_jwt_keys,json=upstreamJwtKeys,proto3" json:"upstream_jwt_keys,omitempty"`
	// contains filtered or unexported fields
}

func (*PublishJWTKeyResponse) Descriptor deprecated 

func (*PublishJWTKeyResponse) Descriptor() ([]byte, []int)

Deprecated: Use PublishJWTKeyResponse.ProtoReflect.Descriptor instead.

func (*PublishJWTKeyResponse) GetUpstreamJwtKeys 

func (x *PublishJWTKeyResponse) GetUpstreamJwtKeys() []*types.JWTKey

func (*PublishJWTKeyResponse) ProtoMessage 

func (*PublishJWTKeyResponse) ProtoMessage()

func (*PublishJWTKeyResponse) ProtoReflect 

func (x *PublishJWTKeyResponse) ProtoReflect() protoreflect.Message

func (*PublishJWTKeyResponse) Reset 

func (x *PublishJWTKeyResponse) Reset()

func (*PublishJWTKeyResponse) String 

func (x *PublishJWTKeyResponse) String() string

type UnimplementedUpstreamAuthorityServer 

type UnimplementedUpstreamAuthorityServer struct {
}

UnimplementedUpstreamAuthorityServer must be embedded to have forward compatible implementations.

func (UnimplementedUpstreamAuthorityServer) MintX509CAAndSubscribe 

func (UnimplementedUpstreamAuthorityServer) MintX509CAAndSubscribe(*MintX509CARequest, UpstreamAuthority_MintX509CAAndSubscribeServer) error

func (UnimplementedUpstreamAuthorityServer) PublishJWTKeyAndSubscribe 

func (UnimplementedUpstreamAuthorityServer) PublishJWTKeyAndSubscribe(*PublishJWTKeyRequest, UpstreamAuthority_PublishJWTKeyAndSubscribeServer) error

type UnsafeUpstreamAuthorityServer 

type UnsafeUpstreamAuthorityServer interface {
	// contains filtered or unexported methods
}

UnsafeUpstreamAuthorityServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to UpstreamAuthorityServer will result in compilation errors.

type UpstreamAuthorityClient 

type UpstreamAuthorityClient interface {
	// Mints an X.509 CA and responds with the signed X.509 CA certificate
	// chain and upstream X.509 roots. If supported by the implementation,
	// subsequent responses on the stream contain upstream X.509 root updates,
	// otherwise the stream is closed after the initial response.
	//
	// Implementation note:
	// The stream should be kept open in the face of transient errors
	// encountered while tracking changes to the upstream X.509 roots as SPIRE
	// Server will not reopen a closed stream until the next X.509 CA rotation.
	MintX509CAAndSubscribe(ctx context.Context, in *MintX509CARequest, opts ...grpc.CallOption) (UpstreamAuthority_MintX509CAAndSubscribeClient, error)
	// Publishes a JWT signing key upstream and responds with the upstream JWT
	// keys. If supported by the implementation, subsequent responses on the
	// stream contain upstream JWT key updates, otherwise the stream is closed
	// after the initial response.
	//
	// This RPC is optional and will return NotImplemented if unsupported.
	//
	// Implementation note:
	// The stream should be kept open in the face of transient errors
	// encountered while tracking changes to the upstream JWT keys as SPIRE
	// Server will not reopen a closed stream until the next JWT key rotation.
	PublishJWTKeyAndSubscribe(ctx context.Context, in *PublishJWTKeyRequest, opts ...grpc.CallOption) (UpstreamAuthority_PublishJWTKeyAndSubscribeClient, error)
}

UpstreamAuthorityClient is the client API for UpstreamAuthority service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewUpstreamAuthorityClient 

func NewUpstreamAuthorityClient(cc grpc.ClientConnInterface) UpstreamAuthorityClient

type UpstreamAuthorityPluginClient 

type UpstreamAuthorityPluginClient struct {
	UpstreamAuthorityClient
}

func (*UpstreamAuthorityPluginClient) GRPCServiceName 

func (c *UpstreamAuthorityPluginClient) GRPCServiceName() string

func (*UpstreamAuthorityPluginClient) InitClient 

func (c *UpstreamAuthorityPluginClient) InitClient(conn grpc.ClientConnInterface) interface{}

func (*UpstreamAuthorityPluginClient) IsInitialized 

func (c *UpstreamAuthorityPluginClient) IsInitialized() bool

func (UpstreamAuthorityPluginClient) Type 

func (s UpstreamAuthorityPluginClient) Type() string

type UpstreamAuthorityServer 

type UpstreamAuthorityServer interface {
	// Mints an X.509 CA and responds with the signed X.509 CA certificate
	// chain and upstream X.509 roots. If supported by the implementation,
	// subsequent responses on the stream contain upstream X.509 root updates,
	// otherwise the stream is closed after the initial response.
	//
	// Implementation note:
	// The stream should be kept open in the face of transient errors
	// encountered while tracking changes to the upstream X.509 roots as SPIRE
	// Server will not reopen a closed stream until the next X.509 CA rotation.
	MintX509CAAndSubscribe(*MintX509CARequest, UpstreamAuthority_MintX509CAAndSubscribeServer) error
	// Publishes a JWT signing key upstream and responds with the upstream JWT
	// keys. If supported by the implementation, subsequent responses on the
	// stream contain upstream JWT key updates, otherwise the stream is closed
	// after the initial response.
	//
	// This RPC is optional and will return NotImplemented if unsupported.
	//
	// Implementation note:
	// The stream should be kept open in the face of transient errors
	// encountered while tracking changes to the upstream JWT keys as SPIRE
	// Server will not reopen a closed stream until the next JWT key rotation.
	PublishJWTKeyAndSubscribe(*PublishJWTKeyRequest, UpstreamAuthority_PublishJWTKeyAndSubscribeServer) error
	// contains filtered or unexported methods
}

UpstreamAuthorityServer is the server API for UpstreamAuthority service. All implementations must embed UnimplementedUpstreamAuthorityServer for forward compatibility

type UpstreamAuthority_MintX509CAAndSubscribeClient 

type UpstreamAuthority_MintX509CAAndSubscribeClient interface {
	Recv() (*MintX509CAResponse, error)
	grpc.ClientStream
}

type UpstreamAuthority_MintX509CAAndSubscribeServer 

type UpstreamAuthority_MintX509CAAndSubscribeServer interface {
	Send(*MintX509CAResponse) error
	grpc.ServerStream
}

type UpstreamAuthority_PublishJWTKeyAndSubscribeClient 

type UpstreamAuthority_PublishJWTKeyAndSubscribeClient interface {
	Recv() (*PublishJWTKeyResponse, error)
	grpc.ClientStream
}

type UpstreamAuthority_PublishJWTKeyAndSubscribeServer 

type UpstreamAuthority_PublishJWTKeyAndSubscribeServer interface {
	Send(*PublishJWTKeyResponse) error
	grpc.ServerStream
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.