workload

package
v2.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 28, 2023 License: Apache-2.0 Imports: 9 Imported by: 5

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var File_workload_proto protoreflect.FileDescriptor

Functions

func RegisterSpiffeWorkloadAPIServer 

func RegisterSpiffeWorkloadAPIServer(s grpc.ServiceRegistrar, srv SpiffeWorkloadAPIServer)

Types

type JWTBundlesRequest 

type JWTBundlesRequest struct {
	// contains filtered or unexported fields
}

The JWTBundlesRequest message conveys parameters for requesting JWT bundles. There are currently no such parameters.

func (*JWTBundlesRequest) Descriptor deprecated 

func (*JWTBundlesRequest) Descriptor() ([]byte, []int)

Deprecated: Use JWTBundlesRequest.ProtoReflect.Descriptor instead.

func (*JWTBundlesRequest) ProtoMessage 

func (*JWTBundlesRequest) ProtoMessage()

func (*JWTBundlesRequest) ProtoReflect 

func (x *JWTBundlesRequest) ProtoReflect() protoreflect.Message

func (*JWTBundlesRequest) Reset 

func (x *JWTBundlesRequest) Reset()

func (*JWTBundlesRequest) String 

func (x *JWTBundlesRequest) String() string

type JWTBundlesResponse 

type JWTBundlesResponse struct {

	// Required. JWK encoded JWT bundles, keyed by the SPIFFE ID of the trust
	// domain.
	Bundles map[string][]byte `` /* 155-byte string literal not displayed */
	// contains filtered or unexported fields
}

The JWTBundlesReponse conveys JWT bundles.

func (*JWTBundlesResponse) Descriptor deprecated 

func (*JWTBundlesResponse) Descriptor() ([]byte, []int)

Deprecated: Use JWTBundlesResponse.ProtoReflect.Descriptor instead.

func (*JWTBundlesResponse) GetBundles 

func (x *JWTBundlesResponse) GetBundles() map[string][]byte

func (*JWTBundlesResponse) ProtoMessage 

func (*JWTBundlesResponse) ProtoMessage()

func (*JWTBundlesResponse) ProtoReflect 

func (x *JWTBundlesResponse) ProtoReflect() protoreflect.Message

func (*JWTBundlesResponse) Reset 

func (x *JWTBundlesResponse) Reset()

func (*JWTBundlesResponse) String 

func (x *JWTBundlesResponse) String() string

type JWTSVID 

type JWTSVID struct {

	// Required. The SPIFFE ID of the JWT-SVID.
	SpiffeId string `protobuf:"bytes,1,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"`
	// Required. Encoded JWT using JWS Compact Serialization.
	Svid string `protobuf:"bytes,2,opt,name=svid,proto3" json:"svid,omitempty"`
	// contains filtered or unexported fields
}

The JWTSVID message carries the JWT-SVID token and associated metadata.

func (*JWTSVID) Descriptor deprecated 

func (*JWTSVID) Descriptor() ([]byte, []int)

Deprecated: Use JWTSVID.ProtoReflect.Descriptor instead.

func (*JWTSVID) GetSpiffeId 

func (x *JWTSVID) GetSpiffeId() string

func (*JWTSVID) GetSvid 

func (x *JWTSVID) GetSvid() string

func (*JWTSVID) ProtoMessage 

func (*JWTSVID) ProtoMessage()

func (*JWTSVID) ProtoReflect 

func (x *JWTSVID) ProtoReflect() protoreflect.Message

func (*JWTSVID) Reset 

func (x *JWTSVID) Reset()

func (*JWTSVID) String 

func (x *JWTSVID) String() string

type JWTSVIDRequest 

type JWTSVIDRequest struct {

	// Required. The audience(s) the workload intends to authenticate against.
	Audience []string `protobuf:"bytes,1,rep,name=audience,proto3" json:"audience,omitempty"`
	// Optional. The requested SPIFFE ID for the JWT-SVID. If unset, all
	// JWT-SVIDs to which the workload is entitled are requested.
	SpiffeId string `protobuf:"bytes,2,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"`
	// contains filtered or unexported fields
}

func (*JWTSVIDRequest) Descriptor deprecated 

func (*JWTSVIDRequest) Descriptor() ([]byte, []int)

Deprecated: Use JWTSVIDRequest.ProtoReflect.Descriptor instead.

func (*JWTSVIDRequest) GetAudience 

func (x *JWTSVIDRequest) GetAudience() []string

func (*JWTSVIDRequest) GetSpiffeId 

func (x *JWTSVIDRequest) GetSpiffeId() string

func (*JWTSVIDRequest) ProtoMessage 

func (*JWTSVIDRequest) ProtoMessage()

func (*JWTSVIDRequest) ProtoReflect 

func (x *JWTSVIDRequest) ProtoReflect() protoreflect.Message

func (*JWTSVIDRequest) Reset 

func (x *JWTSVIDRequest) Reset()

func (*JWTSVIDRequest) String 

func (x *JWTSVIDRequest) String() string

type JWTSVIDResponse 

type JWTSVIDResponse struct {

	// Required. The list of returned JWT-SVIDs.
	Svids []*JWTSVID `protobuf:"bytes,1,rep,name=svids,proto3" json:"svids,omitempty"`
	// contains filtered or unexported fields
}

The JWTSVIDResponse message conveys JWT-SVIDs.

func (*JWTSVIDResponse) Descriptor deprecated 

func (*JWTSVIDResponse) Descriptor() ([]byte, []int)

Deprecated: Use JWTSVIDResponse.ProtoReflect.Descriptor instead.

func (*JWTSVIDResponse) GetSvids 

func (x *JWTSVIDResponse) GetSvids() []*JWTSVID

func (*JWTSVIDResponse) ProtoMessage 

func (*JWTSVIDResponse) ProtoMessage()

func (*JWTSVIDResponse) ProtoReflect 

func (x *JWTSVIDResponse) ProtoReflect() protoreflect.Message

func (*JWTSVIDResponse) Reset 

func (x *JWTSVIDResponse) Reset()

func (*JWTSVIDResponse) String 

func (x *JWTSVIDResponse) String() string

type SpiffeWorkloadAPIClient 

type SpiffeWorkloadAPIClient interface {
	// Fetch X.509-SVIDs for all SPIFFE identities the workload is entitled to,
	// as well as related information like trust bundles and CRLs. As this
	// information changes, subsequent messages will be streamed from the
	// server.
	FetchX509SVID(ctx context.Context, in *X509SVIDRequest, opts ...grpc.CallOption) (SpiffeWorkloadAPI_FetchX509SVIDClient, error)
	// Fetch trust bundles and CRLs. Useful for clients that only need to
	// validate SVIDs without obtaining an SVID for themself. As this
	// information changes, subsequent messages will be streamed from the
	// server.
	FetchX509Bundles(ctx context.Context, in *X509BundlesRequest, opts ...grpc.CallOption) (SpiffeWorkloadAPI_FetchX509BundlesClient, error)
	// Fetch JWT-SVIDs for all SPIFFE identities the workload is entitled to,
	// for the requested audience. If an optional SPIFFE ID is requested, only
	// the JWT-SVID for that SPIFFE ID is returned.
	FetchJWTSVID(ctx context.Context, in *JWTSVIDRequest, opts ...grpc.CallOption) (*JWTSVIDResponse, error)
	// Fetches the JWT bundles, formatted as JWKS documents, keyed by the
	// SPIFFE ID of the trust domain. As this information changes, subsequent
	// messages will be streamed from the server.
	FetchJWTBundles(ctx context.Context, in *JWTBundlesRequest, opts ...grpc.CallOption) (SpiffeWorkloadAPI_FetchJWTBundlesClient, error)
	// Validates a JWT-SVID against the requested audience. Returns the SPIFFE
	// ID of the JWT-SVID and JWT claims.
	ValidateJWTSVID(ctx context.Context, in *ValidateJWTSVIDRequest, opts ...grpc.CallOption) (*ValidateJWTSVIDResponse, error)
}

SpiffeWorkloadAPIClient is the client API for SpiffeWorkloadAPI service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewSpiffeWorkloadAPIClient 

func NewSpiffeWorkloadAPIClient(cc grpc.ClientConnInterface) SpiffeWorkloadAPIClient

type SpiffeWorkloadAPIServer 

type SpiffeWorkloadAPIServer interface {
	// Fetch X.509-SVIDs for all SPIFFE identities the workload is entitled to,
	// as well as related information like trust bundles and CRLs. As this
	// information changes, subsequent messages will be streamed from the
	// server.
	FetchX509SVID(*X509SVIDRequest, SpiffeWorkloadAPI_FetchX509SVIDServer) error
	// Fetch trust bundles and CRLs. Useful for clients that only need to
	// validate SVIDs without obtaining an SVID for themself. As this
	// information changes, subsequent messages will be streamed from the
	// server.
	FetchX509Bundles(*X509BundlesRequest, SpiffeWorkloadAPI_FetchX509BundlesServer) error
	// Fetch JWT-SVIDs for all SPIFFE identities the workload is entitled to,
	// for the requested audience. If an optional SPIFFE ID is requested, only
	// the JWT-SVID for that SPIFFE ID is returned.
	FetchJWTSVID(context.Context, *JWTSVIDRequest) (*JWTSVIDResponse, error)
	// Fetches the JWT bundles, formatted as JWKS documents, keyed by the
	// SPIFFE ID of the trust domain. As this information changes, subsequent
	// messages will be streamed from the server.
	FetchJWTBundles(*JWTBundlesRequest, SpiffeWorkloadAPI_FetchJWTBundlesServer) error
	// Validates a JWT-SVID against the requested audience. Returns the SPIFFE
	// ID of the JWT-SVID and JWT claims.
	ValidateJWTSVID(context.Context, *ValidateJWTSVIDRequest) (*ValidateJWTSVIDResponse, error)
	// contains filtered or unexported methods
}

SpiffeWorkloadAPIServer is the server API for SpiffeWorkloadAPI service. All implementations must embed UnimplementedSpiffeWorkloadAPIServer for forward compatibility

type SpiffeWorkloadAPI_FetchJWTBundlesClient 

type SpiffeWorkloadAPI_FetchJWTBundlesClient interface {
	Recv() (*JWTBundlesResponse, error)
	grpc.ClientStream
}

type SpiffeWorkloadAPI_FetchJWTBundlesServer 

type SpiffeWorkloadAPI_FetchJWTBundlesServer interface {
	Send(*JWTBundlesResponse) error
	grpc.ServerStream
}

type SpiffeWorkloadAPI_FetchX509BundlesClient 

type SpiffeWorkloadAPI_FetchX509BundlesClient interface {
	Recv() (*X509BundlesResponse, error)
	grpc.ClientStream
}

type SpiffeWorkloadAPI_FetchX509BundlesServer 

type SpiffeWorkloadAPI_FetchX509BundlesServer interface {
	Send(*X509BundlesResponse) error
	grpc.ServerStream
}

type SpiffeWorkloadAPI_FetchX509SVIDClient 

type SpiffeWorkloadAPI_FetchX509SVIDClient interface {
	Recv() (*X509SVIDResponse, error)
	grpc.ClientStream
}

type SpiffeWorkloadAPI_FetchX509SVIDServer 

type SpiffeWorkloadAPI_FetchX509SVIDServer interface {
	Send(*X509SVIDResponse) error
	grpc.ServerStream
}

type UnimplementedSpiffeWorkloadAPIServer 

type UnimplementedSpiffeWorkloadAPIServer struct {
}

UnimplementedSpiffeWorkloadAPIServer must be embedded to have forward compatible implementations.

func (UnimplementedSpiffeWorkloadAPIServer) FetchJWTBundles 

func (UnimplementedSpiffeWorkloadAPIServer) FetchJWTBundles(*JWTBundlesRequest, SpiffeWorkloadAPI_FetchJWTBundlesServer) error

func (UnimplementedSpiffeWorkloadAPIServer) FetchJWTSVID 

func (UnimplementedSpiffeWorkloadAPIServer) FetchJWTSVID(context.Context, *JWTSVIDRequest) (*JWTSVIDResponse, error)

func (UnimplementedSpiffeWorkloadAPIServer) FetchX509Bundles 

func (UnimplementedSpiffeWorkloadAPIServer) FetchX509Bundles(*X509BundlesRequest, SpiffeWorkloadAPI_FetchX509BundlesServer) error

func (UnimplementedSpiffeWorkloadAPIServer) FetchX509SVID 

func (UnimplementedSpiffeWorkloadAPIServer) FetchX509SVID(*X509SVIDRequest, SpiffeWorkloadAPI_FetchX509SVIDServer) error

func (UnimplementedSpiffeWorkloadAPIServer) ValidateJWTSVID 

func (UnimplementedSpiffeWorkloadAPIServer) ValidateJWTSVID(context.Context, *ValidateJWTSVIDRequest) (*ValidateJWTSVIDResponse, error)

type UnsafeSpiffeWorkloadAPIServer 

type UnsafeSpiffeWorkloadAPIServer interface {
	// contains filtered or unexported methods
}

UnsafeSpiffeWorkloadAPIServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to SpiffeWorkloadAPIServer will result in compilation errors.

type ValidateJWTSVIDRequest 

type ValidateJWTSVIDRequest struct {

	// Required. The audience of the validating party. The JWT-SVID must
	// contain an audience claim which contains this value in order to
	// succesfully validate.
	Audience string `protobuf:"bytes,1,opt,name=audience,proto3" json:"audience,omitempty"`
	// Required. The JWT-SVID to validate, encoded using JWS Compact
	// Serialization.
	Svid string `protobuf:"bytes,2,opt,name=svid,proto3" json:"svid,omitempty"`
	// contains filtered or unexported fields
}

The ValidateJWTSVIDRequest message conveys request parameters for JWT-SVID validation.

func (*ValidateJWTSVIDRequest) Descriptor deprecated 

func (*ValidateJWTSVIDRequest) Descriptor() ([]byte, []int)

Deprecated: Use ValidateJWTSVIDRequest.ProtoReflect.Descriptor instead.

func (*ValidateJWTSVIDRequest) GetAudience 

func (x *ValidateJWTSVIDRequest) GetAudience() string

func (*ValidateJWTSVIDRequest) GetSvid 

func (x *ValidateJWTSVIDRequest) GetSvid() string

func (*ValidateJWTSVIDRequest) ProtoMessage 

func (*ValidateJWTSVIDRequest) ProtoMessage()

func (*ValidateJWTSVIDRequest) ProtoReflect 

func (x *ValidateJWTSVIDRequest) ProtoReflect() protoreflect.Message

func (*ValidateJWTSVIDRequest) Reset 

func (x *ValidateJWTSVIDRequest) Reset()

func (*ValidateJWTSVIDRequest) String 

func (x *ValidateJWTSVIDRequest) String() string

type ValidateJWTSVIDResponse 

type ValidateJWTSVIDResponse struct {

	// Required. The SPIFFE ID of the validated JWT-SVID.
	SpiffeId string `protobuf:"bytes,1,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"`
	// Optional. Arbitrary claims contained within the payload of the validated
	// JWT-SVID.
	Claims *structpb.Struct `protobuf:"bytes,2,opt,name=claims,proto3" json:"claims,omitempty"`
	// contains filtered or unexported fields
}

The ValidateJWTSVIDReponse message conveys the JWT-SVID validation results.

func (*ValidateJWTSVIDResponse) Descriptor deprecated 

func (*ValidateJWTSVIDResponse) Descriptor() ([]byte, []int)

Deprecated: Use ValidateJWTSVIDResponse.ProtoReflect.Descriptor instead.

func (*ValidateJWTSVIDResponse) GetClaims 

func (x *ValidateJWTSVIDResponse) GetClaims() *structpb.Struct

func (*ValidateJWTSVIDResponse) GetSpiffeId 

func (x *ValidateJWTSVIDResponse) GetSpiffeId() string

func (*ValidateJWTSVIDResponse) ProtoMessage 

func (*ValidateJWTSVIDResponse) ProtoMessage()

func (*ValidateJWTSVIDResponse) ProtoReflect 

func (x *ValidateJWTSVIDResponse) ProtoReflect() protoreflect.Message

func (*ValidateJWTSVIDResponse) Reset 

func (x *ValidateJWTSVIDResponse) Reset()

func (*ValidateJWTSVIDResponse) String 

func (x *ValidateJWTSVIDResponse) String() string

type X509BundlesRequest 

type X509BundlesRequest struct {
	Meta map[string]string `` /* 149-byte string literal not displayed */
	// contains filtered or unexported fields
}

The X509BundlesRequest message conveys parameters for requesting X.509 bundles. There are currently no such parameters.

func (*X509BundlesRequest) Descriptor deprecated 

func (*X509BundlesRequest) Descriptor() ([]byte, []int)

Deprecated: Use X509BundlesRequest.ProtoReflect.Descriptor instead.

func (*X509BundlesRequest) GetMeta 

func (x *X509BundlesRequest) GetMeta() map[string]string

func (*X509BundlesRequest) ProtoMessage 

func (*X509BundlesRequest) ProtoMessage()

func (*X509BundlesRequest) ProtoReflect 

func (x *X509BundlesRequest) ProtoReflect() protoreflect.Message

func (*X509BundlesRequest) Reset 

func (x *X509BundlesRequest) Reset()

func (*X509BundlesRequest) String 

func (x *X509BundlesRequest) String() string

type X509BundlesResponse 

type X509BundlesResponse struct {

	// Optional. ASN.1 DER encoded certificate revocation lists.
	Crl [][]byte `protobuf:"bytes,1,rep,name=crl,proto3" json:"crl,omitempty"`
	// Required. CA certificate bundles belonging to trust domains that the
	// workload should trust, keyed by the SPIFFE ID of the trust domain.
	// Bundles are ASN.1 DER encoded.
	Bundles map[string][]byte `` /* 155-byte string literal not displayed */
	// contains filtered or unexported fields
}

The X509BundlesResponse message carries a set of global CRLs and a map of trust bundles the workload should trust.

func (*X509BundlesResponse) Descriptor deprecated 

func (*X509BundlesResponse) Descriptor() ([]byte, []int)

Deprecated: Use X509BundlesResponse.ProtoReflect.Descriptor instead.

func (*X509BundlesResponse) GetBundles 

func (x *X509BundlesResponse) GetBundles() map[string][]byte

func (*X509BundlesResponse) GetCrl 

func (x *X509BundlesResponse) GetCrl() [][]byte

func (*X509BundlesResponse) ProtoMessage 

func (*X509BundlesResponse) ProtoMessage()

func (*X509BundlesResponse) ProtoReflect 

func (x *X509BundlesResponse) ProtoReflect() protoreflect.Message

func (*X509BundlesResponse) Reset 

func (x *X509BundlesResponse) Reset()

func (*X509BundlesResponse) String 

func (x *X509BundlesResponse) String() string

type X509SVID 

type X509SVID struct {

	// Required. The SPIFFE ID of the SVID in this entry
	SpiffeId string `protobuf:"bytes,1,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"`
	// Required. ASN.1 DER encoded certificate chain. MAY include
	// intermediates, the leaf certificate (or SVID itself) MUST come first.
	X509Svid []byte `protobuf:"bytes,2,opt,name=x509_svid,json=x509Svid,proto3" json:"x509_svid,omitempty"`
	// Required. ASN.1 DER encoded PKCS#8 private key. MUST be unencrypted.
	X509SvidKey []byte `protobuf:"bytes,3,opt,name=x509_svid_key,json=x509SvidKey,proto3" json:"x509_svid_key,omitempty"`
	// Required. ASN.1 DER encoded X.509 bundle for the trust domain.
	Bundle []byte `protobuf:"bytes,4,opt,name=bundle,proto3" json:"bundle,omitempty"`
	// contains filtered or unexported fields
}

The X509SVID message carries a single SVID and all associated information, including the X.509 bundle for the trust domain.

func (*X509SVID) Descriptor deprecated 

func (*X509SVID) Descriptor() ([]byte, []int)

Deprecated: Use X509SVID.ProtoReflect.Descriptor instead.

func (*X509SVID) GetBundle 

func (x *X509SVID) GetBundle() []byte

func (*X509SVID) GetSpiffeId 

func (x *X509SVID) GetSpiffeId() string

func (*X509SVID) GetX509Svid 

func (x *X509SVID) GetX509Svid() []byte

func (*X509SVID) GetX509SvidKey 

func (x *X509SVID) GetX509SvidKey() []byte

func (*X509SVID) ProtoMessage 

func (*X509SVID) ProtoMessage()

func (*X509SVID) ProtoReflect 

func (x *X509SVID) ProtoReflect() protoreflect.Message

func (*X509SVID) Reset 

func (x *X509SVID) Reset()

func (*X509SVID) String 

func (x *X509SVID) String() string

type X509SVIDRequest 

type X509SVIDRequest struct {
	Meta map[string]string `` /* 149-byte string literal not displayed */
	// contains filtered or unexported fields
}

The X509SVIDRequest message conveys parameters for requesting an X.509-SVID. There are currently no request parameters.

func (*X509SVIDRequest) Descriptor deprecated 

func (*X509SVIDRequest) Descriptor() ([]byte, []int)

Deprecated: Use X509SVIDRequest.ProtoReflect.Descriptor instead.

func (*X509SVIDRequest) GetMeta 

func (x *X509SVIDRequest) GetMeta() map[string]string

func (*X509SVIDRequest) ProtoMessage 

func (*X509SVIDRequest) ProtoMessage()

func (*X509SVIDRequest) ProtoReflect 

func (x *X509SVIDRequest) ProtoReflect() protoreflect.Message

func (*X509SVIDRequest) Reset 

func (x *X509SVIDRequest) Reset()

func (*X509SVIDRequest) String 

func (x *X509SVIDRequest) String() string

type X509SVIDResponse 

type X509SVIDResponse struct {

	// Required. A list of X509SVID messages, each of which includes a single
	// X.509-SVID, its private key, and the bundle for the trust domain.
	Svids []*X509SVID `protobuf:"bytes,1,rep,name=svids,proto3" json:"svids,omitempty"`
	// Optional. ASN.1 DER encoded certificate revocation lists.
	Crl [][]byte `protobuf:"bytes,2,rep,name=crl,proto3" json:"crl,omitempty"`
	// Optional. CA certificate bundles belonging to foreign trust domains that
	// the workload should trust, keyed by the SPIFFE ID of the foreign trust
	// domain. Bundles are ASN.1 DER encoded.
	FederatedBundles map[string][]byte `` /* 197-byte string literal not displayed */
	// contains filtered or unexported fields
}

The X509SVIDResponse message carries X.509-SVIDs and related information, including a set of global CRLs and a list of bundles the workload may use for federating with foreign trust domains.

func (*X509SVIDResponse) Descriptor deprecated 

func (*X509SVIDResponse) Descriptor() ([]byte, []int)

Deprecated: Use X509SVIDResponse.ProtoReflect.Descriptor instead.

func (*X509SVIDResponse) GetCrl 

func (x *X509SVIDResponse) GetCrl() [][]byte

func (*X509SVIDResponse) GetFederatedBundles 

func (x *X509SVIDResponse) GetFederatedBundles() map[string][]byte

func (*X509SVIDResponse) GetSvids 

func (x *X509SVIDResponse) GetSvids() []*X509SVID

func (*X509SVIDResponse) ProtoMessage 

func (*X509SVIDResponse) ProtoMessage()

func (*X509SVIDResponse) ProtoReflect 

func (x *X509SVIDResponse) ProtoReflect() protoreflect.Message

func (*X509SVIDResponse) Reset 

func (x *X509SVIDResponse) Reset()

func (*X509SVIDResponse) String 

func (x *X509SVIDResponse) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.