Documentation ¶
Overview ¶
Package v2 contains definition of kms-plugin's gRPC service.
Index ¶
- func RegisterKeyManagementServiceServer(s *grpc.Server, srv KeyManagementServiceServer)
- type DecryptRequest
- func (*DecryptRequest) Descriptor() ([]byte, []int)
- func (m *DecryptRequest) GetAnnotations() map[string][]byte
- func (m *DecryptRequest) GetCiphertext() []byte
- func (m *DecryptRequest) GetKeyId() string
- func (m *DecryptRequest) GetUid() string
- func (*DecryptRequest) ProtoMessage()
- func (m *DecryptRequest) Reset()
- func (m *DecryptRequest) String() string
- func (m *DecryptRequest) XXX_DiscardUnknown()
- func (m *DecryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *DecryptRequest) XXX_Merge(src proto.Message)
- func (m *DecryptRequest) XXX_Size() int
- func (m *DecryptRequest) XXX_Unmarshal(b []byte) error
- type DecryptResponse
- func (*DecryptResponse) Descriptor() ([]byte, []int)
- func (m *DecryptResponse) GetPlaintext() []byte
- func (*DecryptResponse) ProtoMessage()
- func (m *DecryptResponse) Reset()
- func (m *DecryptResponse) String() string
- func (m *DecryptResponse) XXX_DiscardUnknown()
- func (m *DecryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *DecryptResponse) XXX_Merge(src proto.Message)
- func (m *DecryptResponse) XXX_Size() int
- func (m *DecryptResponse) XXX_Unmarshal(b []byte) error
- type EncryptRequest
- func (*EncryptRequest) Descriptor() ([]byte, []int)
- func (m *EncryptRequest) GetPlaintext() []byte
- func (m *EncryptRequest) GetUid() string
- func (*EncryptRequest) ProtoMessage()
- func (m *EncryptRequest) Reset()
- func (m *EncryptRequest) String() string
- func (m *EncryptRequest) XXX_DiscardUnknown()
- func (m *EncryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *EncryptRequest) XXX_Merge(src proto.Message)
- func (m *EncryptRequest) XXX_Size() int
- func (m *EncryptRequest) XXX_Unmarshal(b []byte) error
- type EncryptResponse
- func (*EncryptResponse) Descriptor() ([]byte, []int)
- func (m *EncryptResponse) GetAnnotations() map[string][]byte
- func (m *EncryptResponse) GetCiphertext() []byte
- func (m *EncryptResponse) GetKeyId() string
- func (*EncryptResponse) ProtoMessage()
- func (m *EncryptResponse) Reset()
- func (m *EncryptResponse) String() string
- func (m *EncryptResponse) XXX_DiscardUnknown()
- func (m *EncryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *EncryptResponse) XXX_Merge(src proto.Message)
- func (m *EncryptResponse) XXX_Size() int
- func (m *EncryptResponse) XXX_Unmarshal(b []byte) error
- type KeyManagementServiceClient
- type KeyManagementServiceServer
- type StatusRequest
- func (*StatusRequest) Descriptor() ([]byte, []int)
- func (*StatusRequest) ProtoMessage()
- func (m *StatusRequest) Reset()
- func (m *StatusRequest) String() string
- func (m *StatusRequest) XXX_DiscardUnknown()
- func (m *StatusRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *StatusRequest) XXX_Merge(src proto.Message)
- func (m *StatusRequest) XXX_Size() int
- func (m *StatusRequest) XXX_Unmarshal(b []byte) error
- type StatusResponse
- func (*StatusResponse) Descriptor() ([]byte, []int)
- func (m *StatusResponse) GetHealthz() string
- func (m *StatusResponse) GetKeyId() string
- func (m *StatusResponse) GetVersion() string
- func (*StatusResponse) ProtoMessage()
- func (m *StatusResponse) Reset()
- func (m *StatusResponse) String() string
- func (m *StatusResponse) XXX_DiscardUnknown()
- func (m *StatusResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
- func (m *StatusResponse) XXX_Merge(src proto.Message)
- func (m *StatusResponse) XXX_Size() int
- func (m *StatusResponse) XXX_Unmarshal(b []byte) error
- type UnimplementedKeyManagementServiceServer
- func (*UnimplementedKeyManagementServiceServer) Decrypt(ctx context.Context, req *DecryptRequest) (*DecryptResponse, error)
- func (*UnimplementedKeyManagementServiceServer) Encrypt(ctx context.Context, req *EncryptRequest) (*EncryptResponse, error)
- func (*UnimplementedKeyManagementServiceServer) Status(ctx context.Context, req *StatusRequest) (*StatusResponse, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RegisterKeyManagementServiceServer ¶
func RegisterKeyManagementServiceServer(s *grpc.Server, srv KeyManagementServiceServer)
Types ¶
type DecryptRequest ¶
type DecryptRequest struct { // The data to be decrypted. Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` // UID is a unique identifier for the request. Uid string `protobuf:"bytes,2,opt,name=uid,proto3" json:"uid,omitempty"` // The keyID that was provided to the apiserver during encryption. // This represents the KMS KEK that was used to encrypt the data. KeyId string `protobuf:"bytes,3,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` // Additional metadata that was sent by the KMS plugin during encryption. Annotations map[string][]byte `` /* 163-byte string literal not displayed */ XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*DecryptRequest) Descriptor ¶
func (*DecryptRequest) Descriptor() ([]byte, []int)
func (*DecryptRequest) GetAnnotations ¶
func (m *DecryptRequest) GetAnnotations() map[string][]byte
func (*DecryptRequest) GetCiphertext ¶
func (m *DecryptRequest) GetCiphertext() []byte
func (*DecryptRequest) GetKeyId ¶
func (m *DecryptRequest) GetKeyId() string
func (*DecryptRequest) GetUid ¶
func (m *DecryptRequest) GetUid() string
func (*DecryptRequest) ProtoMessage ¶
func (*DecryptRequest) ProtoMessage()
func (*DecryptRequest) Reset ¶
func (m *DecryptRequest) Reset()
func (*DecryptRequest) String ¶
func (m *DecryptRequest) String() string
func (*DecryptRequest) XXX_DiscardUnknown ¶
func (m *DecryptRequest) XXX_DiscardUnknown()
func (*DecryptRequest) XXX_Marshal ¶
func (m *DecryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*DecryptRequest) XXX_Merge ¶
func (m *DecryptRequest) XXX_Merge(src proto.Message)
func (*DecryptRequest) XXX_Size ¶
func (m *DecryptRequest) XXX_Size() int
func (*DecryptRequest) XXX_Unmarshal ¶
func (m *DecryptRequest) XXX_Unmarshal(b []byte) error
type DecryptResponse ¶
type DecryptResponse struct { // The decrypted data. Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*DecryptResponse) Descriptor ¶
func (*DecryptResponse) Descriptor() ([]byte, []int)
func (*DecryptResponse) GetPlaintext ¶
func (m *DecryptResponse) GetPlaintext() []byte
func (*DecryptResponse) ProtoMessage ¶
func (*DecryptResponse) ProtoMessage()
func (*DecryptResponse) Reset ¶
func (m *DecryptResponse) Reset()
func (*DecryptResponse) String ¶
func (m *DecryptResponse) String() string
func (*DecryptResponse) XXX_DiscardUnknown ¶
func (m *DecryptResponse) XXX_DiscardUnknown()
func (*DecryptResponse) XXX_Marshal ¶
func (m *DecryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*DecryptResponse) XXX_Merge ¶
func (m *DecryptResponse) XXX_Merge(src proto.Message)
func (*DecryptResponse) XXX_Size ¶
func (m *DecryptResponse) XXX_Size() int
func (*DecryptResponse) XXX_Unmarshal ¶
func (m *DecryptResponse) XXX_Unmarshal(b []byte) error
type EncryptRequest ¶
type EncryptRequest struct { // The data to be encrypted. Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"` // UID is a unique identifier for the request. Uid string `protobuf:"bytes,2,opt,name=uid,proto3" json:"uid,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*EncryptRequest) Descriptor ¶
func (*EncryptRequest) Descriptor() ([]byte, []int)
func (*EncryptRequest) GetPlaintext ¶
func (m *EncryptRequest) GetPlaintext() []byte
func (*EncryptRequest) GetUid ¶
func (m *EncryptRequest) GetUid() string
func (*EncryptRequest) ProtoMessage ¶
func (*EncryptRequest) ProtoMessage()
func (*EncryptRequest) Reset ¶
func (m *EncryptRequest) Reset()
func (*EncryptRequest) String ¶
func (m *EncryptRequest) String() string
func (*EncryptRequest) XXX_DiscardUnknown ¶
func (m *EncryptRequest) XXX_DiscardUnknown()
func (*EncryptRequest) XXX_Marshal ¶
func (m *EncryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*EncryptRequest) XXX_Merge ¶
func (m *EncryptRequest) XXX_Merge(src proto.Message)
func (*EncryptRequest) XXX_Size ¶
func (m *EncryptRequest) XXX_Size() int
func (*EncryptRequest) XXX_Unmarshal ¶
func (m *EncryptRequest) XXX_Unmarshal(b []byte) error
type EncryptResponse ¶
type EncryptResponse struct { // The encrypted data. // ciphertext must satisfy the following constraints: // 1. The ciphertext is not empty. // 2. The ciphertext is less than 1 kB. Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` // The KMS key ID used to encrypt the data. This must always refer to the KMS KEK and not any local KEKs that may be in use. // This can be used to inform staleness of data updated via value.Transformer.TransformFromStorage. // keyID must satisfy the following constraints: // 1. The keyID is not empty. // 2. The size of keyID is less than 1 kB. KeyId string `protobuf:"bytes,2,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` // Additional metadata to be stored with the encrypted data. // This data is stored in plaintext in etcd. KMS plugin implementations are responsible for pre-encrypting any sensitive data. // Annotations must satisfy the following constraints: // 1. Annotation key must be a fully qualified domain name that conforms to the definition in DNS (RFC 1123). // 2. The size of annotations keys + values is less than 32 kB. Annotations map[string][]byte `` /* 163-byte string literal not displayed */ XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*EncryptResponse) Descriptor ¶
func (*EncryptResponse) Descriptor() ([]byte, []int)
func (*EncryptResponse) GetAnnotations ¶
func (m *EncryptResponse) GetAnnotations() map[string][]byte
func (*EncryptResponse) GetCiphertext ¶
func (m *EncryptResponse) GetCiphertext() []byte
func (*EncryptResponse) GetKeyId ¶
func (m *EncryptResponse) GetKeyId() string
func (*EncryptResponse) ProtoMessage ¶
func (*EncryptResponse) ProtoMessage()
func (*EncryptResponse) Reset ¶
func (m *EncryptResponse) Reset()
func (*EncryptResponse) String ¶
func (m *EncryptResponse) String() string
func (*EncryptResponse) XXX_DiscardUnknown ¶
func (m *EncryptResponse) XXX_DiscardUnknown()
func (*EncryptResponse) XXX_Marshal ¶
func (m *EncryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*EncryptResponse) XXX_Merge ¶
func (m *EncryptResponse) XXX_Merge(src proto.Message)
func (*EncryptResponse) XXX_Size ¶
func (m *EncryptResponse) XXX_Size() int
func (*EncryptResponse) XXX_Unmarshal ¶
func (m *EncryptResponse) XXX_Unmarshal(b []byte) error
type KeyManagementServiceClient ¶
type KeyManagementServiceClient interface { // this API is meant to be polled Status(ctx context.Context, in *StatusRequest, opts ...grpc.CallOption) (*StatusResponse, error) // Execute decryption operation in KMS provider. Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error) // Execute encryption operation in KMS provider. Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error) }
KeyManagementServiceClient is the client API for KeyManagementService service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewKeyManagementServiceClient ¶
func NewKeyManagementServiceClient(cc *grpc.ClientConn) KeyManagementServiceClient
type KeyManagementServiceServer ¶
type KeyManagementServiceServer interface { // this API is meant to be polled Status(context.Context, *StatusRequest) (*StatusResponse, error) // Execute decryption operation in KMS provider. Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error) // Execute encryption operation in KMS provider. Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error) }
KeyManagementServiceServer is the server API for KeyManagementService service.
type StatusRequest ¶
type StatusRequest struct { XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*StatusRequest) Descriptor ¶
func (*StatusRequest) Descriptor() ([]byte, []int)
func (*StatusRequest) ProtoMessage ¶
func (*StatusRequest) ProtoMessage()
func (*StatusRequest) Reset ¶
func (m *StatusRequest) Reset()
func (*StatusRequest) String ¶
func (m *StatusRequest) String() string
func (*StatusRequest) XXX_DiscardUnknown ¶
func (m *StatusRequest) XXX_DiscardUnknown()
func (*StatusRequest) XXX_Marshal ¶
func (m *StatusRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*StatusRequest) XXX_Merge ¶
func (m *StatusRequest) XXX_Merge(src proto.Message)
func (*StatusRequest) XXX_Size ¶
func (m *StatusRequest) XXX_Size() int
func (*StatusRequest) XXX_Unmarshal ¶
func (m *StatusRequest) XXX_Unmarshal(b []byte) error
type StatusResponse ¶
type StatusResponse struct { // Version of the KMS gRPC plugin API. Must equal v2 to v2beta1 (v2 is recommended, but both are equivalent). Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"` // Any value other than "ok" is failing healthz. On failure, the associated API server healthz endpoint will contain this value as part of the error message. Healthz string `protobuf:"bytes,2,opt,name=healthz,proto3" json:"healthz,omitempty"` // the current write key, used to determine staleness of data updated via value.Transformer.TransformFromStorage. // keyID must satisfy the following constraints: // 1. The keyID is not empty. // 2. The size of keyID is less than 1 kB. KeyId string `protobuf:"bytes,3,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` }
func (*StatusResponse) Descriptor ¶
func (*StatusResponse) Descriptor() ([]byte, []int)
func (*StatusResponse) GetHealthz ¶
func (m *StatusResponse) GetHealthz() string
func (*StatusResponse) GetKeyId ¶
func (m *StatusResponse) GetKeyId() string
func (*StatusResponse) GetVersion ¶
func (m *StatusResponse) GetVersion() string
func (*StatusResponse) ProtoMessage ¶
func (*StatusResponse) ProtoMessage()
func (*StatusResponse) Reset ¶
func (m *StatusResponse) Reset()
func (*StatusResponse) String ¶
func (m *StatusResponse) String() string
func (*StatusResponse) XXX_DiscardUnknown ¶
func (m *StatusResponse) XXX_DiscardUnknown()
func (*StatusResponse) XXX_Marshal ¶
func (m *StatusResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)
func (*StatusResponse) XXX_Merge ¶
func (m *StatusResponse) XXX_Merge(src proto.Message)
func (*StatusResponse) XXX_Size ¶
func (m *StatusResponse) XXX_Size() int
func (*StatusResponse) XXX_Unmarshal ¶
func (m *StatusResponse) XXX_Unmarshal(b []byte) error
type UnimplementedKeyManagementServiceServer ¶
type UnimplementedKeyManagementServiceServer struct { }
UnimplementedKeyManagementServiceServer can be embedded to have forward compatible implementations.
func (*UnimplementedKeyManagementServiceServer) Decrypt ¶
func (*UnimplementedKeyManagementServiceServer) Decrypt(ctx context.Context, req *DecryptRequest) (*DecryptResponse, error)
func (*UnimplementedKeyManagementServiceServer) Encrypt ¶
func (*UnimplementedKeyManagementServiceServer) Encrypt(ctx context.Context, req *EncryptRequest) (*EncryptResponse, error)
func (*UnimplementedKeyManagementServiceServer) Status ¶
func (*UnimplementedKeyManagementServiceServer) Status(ctx context.Context, req *StatusRequest) (*StatusResponse, error)
Click to show internal directories.
Click to hide internal directories.