node

package
v0.12.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 17, 2021 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Max burst values for ratelimiting
	// Requests containing more than this number of
	// operations will always be rejected
	AttestLimit     int = 1
	CSRLimit        int = 500
	JSRLimit        int = 500
	PushJWTKeyLimit int = 500
)

Variables

View Source 
var File_spire_api_node_node_proto protoreflect.FileDescriptor

Functions

func RegisterNodeServer 

func RegisterNodeServer(s grpc.ServiceRegistrar, srv NodeServer)

Types

type AttestRequest 

type AttestRequest struct {

	// A type which contains attestation data for specific platform.
	AttestationData *common.AttestationData `protobuf:"bytes,1,opt,name=attestation_data,json=attestationData,proto3" json:"attestation_data,omitempty"`
	// Certificate signing request.
	Csr []byte `protobuf:"bytes,2,opt,name=csr,proto3" json:"csr,omitempty"`
	// Attestation challenge response
	Response []byte `protobuf:"bytes,3,opt,name=response,proto3" json:"response,omitempty"`
	// contains filtered or unexported fields
}

Represents a request to attest the node.

func (*AttestRequest) Descriptor deprecated 

func (*AttestRequest) Descriptor() ([]byte, []int)

Deprecated: Use AttestRequest.ProtoReflect.Descriptor instead.

func (*AttestRequest) GetAttestationData 

func (x *AttestRequest) GetAttestationData() *common.AttestationData

func (*AttestRequest) GetCsr 

func (x *AttestRequest) GetCsr() []byte

func (*AttestRequest) GetResponse 

func (x *AttestRequest) GetResponse() []byte

func (*AttestRequest) ProtoMessage 

func (*AttestRequest) ProtoMessage()

func (*AttestRequest) ProtoReflect added in v0.12.0 

func (x *AttestRequest) ProtoReflect() protoreflect.Message

func (*AttestRequest) Reset 

func (x *AttestRequest) Reset()

func (*AttestRequest) String 

func (x *AttestRequest) String() string

type AttestResponse 

type AttestResponse struct {

	// It includes a map of signed SVIDs and an array of all current
	// Registration Entries which are relevant to the caller SPIFFE ID.
	SvidUpdate *X509SVIDUpdate `protobuf:"bytes,1,opt,name=svid_update,json=svidUpdate,proto3" json:"svid_update,omitempty"`
	// This is a challenge issued by the server to the node. If populated, the
	// node is expected to respond with another AttestRequest with the response.
	// This field is mutually exclusive with the update field.
	Challenge []byte `protobuf:"bytes,2,opt,name=challenge,proto3" json:"challenge,omitempty"`
	// contains filtered or unexported fields
}

Represents a response that contains map of signed SVIDs and an array of all current Registration Entries which are relevant to the caller SPIFFE ID

func (*AttestResponse) Descriptor deprecated 

func (*AttestResponse) Descriptor() ([]byte, []int)

Deprecated: Use AttestResponse.ProtoReflect.Descriptor instead.

func (*AttestResponse) GetChallenge 

func (x *AttestResponse) GetChallenge() []byte

func (*AttestResponse) GetSvidUpdate 

func (x *AttestResponse) GetSvidUpdate() *X509SVIDUpdate

func (*AttestResponse) ProtoMessage 

func (*AttestResponse) ProtoMessage()

func (*AttestResponse) ProtoReflect added in v0.12.0 

func (x *AttestResponse) ProtoReflect() protoreflect.Message

func (*AttestResponse) Reset 

func (x *AttestResponse) Reset()

func (*AttestResponse) String 

func (x *AttestResponse) String() string

type Bundle 

type Bundle struct {

	// bundle identifier, i.e. the SPIFFE ID for the trust domain
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// bundle data (ASN.1 encoded X.509 certificates)
	CaCerts []byte `protobuf:"bytes,2,opt,name=ca_certs,json=caCerts,proto3" json:"ca_certs,omitempty"`
	// contains filtered or unexported fields
}

* Trust domain bundle

func (*Bundle) Descriptor deprecated 

func (*Bundle) Descriptor() ([]byte, []int)

Deprecated: Use Bundle.ProtoReflect.Descriptor instead.

func (*Bundle) GetCaCerts 

func (x *Bundle) GetCaCerts() []byte

func (*Bundle) GetId 

func (x *Bundle) GetId() string

func (*Bundle) ProtoMessage 

func (*Bundle) ProtoMessage()

func (*Bundle) ProtoReflect added in v0.12.0 

func (x *Bundle) ProtoReflect() protoreflect.Message

func (*Bundle) Reset 

func (x *Bundle) Reset()

func (*Bundle) String 

func (x *Bundle) String() string

type FetchBundleRequest added in v0.10.0 

type FetchBundleRequest struct {
	// contains filtered or unexported fields
}

func (*FetchBundleRequest) Descriptor deprecated added in v0.10.0 

func (*FetchBundleRequest) Descriptor() ([]byte, []int)

Deprecated: Use FetchBundleRequest.ProtoReflect.Descriptor instead.

func (*FetchBundleRequest) ProtoMessage added in v0.10.0 

func (*FetchBundleRequest) ProtoMessage()

func (*FetchBundleRequest) ProtoReflect added in v0.12.0 

func (x *FetchBundleRequest) ProtoReflect() protoreflect.Message

func (*FetchBundleRequest) Reset added in v0.10.0 

func (x *FetchBundleRequest) Reset()

func (*FetchBundleRequest) String added in v0.10.0 

func (x *FetchBundleRequest) String() string

type FetchBundleResponse added in v0.10.0 

type FetchBundleResponse struct {
	Bundle *common.Bundle `protobuf:"bytes,1,opt,name=bundle,proto3" json:"bundle,omitempty"`
	// contains filtered or unexported fields
}

func (*FetchBundleResponse) Descriptor deprecated added in v0.10.0 

func (*FetchBundleResponse) Descriptor() ([]byte, []int)

Deprecated: Use FetchBundleResponse.ProtoReflect.Descriptor instead.

func (*FetchBundleResponse) GetBundle added in v0.10.0 

func (x *FetchBundleResponse) GetBundle() *common.Bundle

func (*FetchBundleResponse) ProtoMessage added in v0.10.0 

func (*FetchBundleResponse) ProtoMessage()

func (*FetchBundleResponse) ProtoReflect added in v0.12.0 

func (x *FetchBundleResponse) ProtoReflect() protoreflect.Message

func (*FetchBundleResponse) Reset added in v0.10.0 

func (x *FetchBundleResponse) Reset()

func (*FetchBundleResponse) String added in v0.10.0 

func (x *FetchBundleResponse) String() string

type FetchJWTSVIDRequest 

type FetchJWTSVIDRequest struct {

	// The JWT signing request
	Jsr *JSR `protobuf:"bytes,1,opt,name=jsr,proto3" json:"jsr,omitempty"`
	// contains filtered or unexported fields
}

func (*FetchJWTSVIDRequest) Descriptor deprecated 

func (*FetchJWTSVIDRequest) Descriptor() ([]byte, []int)

Deprecated: Use FetchJWTSVIDRequest.ProtoReflect.Descriptor instead.

func (*FetchJWTSVIDRequest) GetJsr 

func (x *FetchJWTSVIDRequest) GetJsr() *JSR

func (*FetchJWTSVIDRequest) ProtoMessage 

func (*FetchJWTSVIDRequest) ProtoMessage()

func (*FetchJWTSVIDRequest) ProtoReflect added in v0.12.0 

func (x *FetchJWTSVIDRequest) ProtoReflect() protoreflect.Message

func (*FetchJWTSVIDRequest) Reset 

func (x *FetchJWTSVIDRequest) Reset()

func (*FetchJWTSVIDRequest) String 

func (x *FetchJWTSVIDRequest) String() string

type FetchJWTSVIDResponse 

type FetchJWTSVIDResponse struct {

	// The signed JWT-SVID
	Svid *JWTSVID `protobuf:"bytes,1,opt,name=svid,proto3" json:"svid,omitempty"`
	// contains filtered or unexported fields
}

func (*FetchJWTSVIDResponse) Descriptor deprecated 

func (*FetchJWTSVIDResponse) Descriptor() ([]byte, []int)

Deprecated: Use FetchJWTSVIDResponse.ProtoReflect.Descriptor instead.

func (*FetchJWTSVIDResponse) GetSvid 

func (x *FetchJWTSVIDResponse) GetSvid() *JWTSVID

func (*FetchJWTSVIDResponse) ProtoMessage 

func (*FetchJWTSVIDResponse) ProtoMessage()

func (*FetchJWTSVIDResponse) ProtoReflect added in v0.12.0 

func (x *FetchJWTSVIDResponse) ProtoReflect() protoreflect.Message

func (*FetchJWTSVIDResponse) Reset 

func (x *FetchJWTSVIDResponse) Reset()

func (*FetchJWTSVIDResponse) String 

func (x *FetchJWTSVIDResponse) String() string

type FetchX509CASVIDRequest 

type FetchX509CASVIDRequest struct {
	Csr []byte `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"`
	// contains filtered or unexported fields
}

func (*FetchX509CASVIDRequest) Descriptor deprecated 

func (*FetchX509CASVIDRequest) Descriptor() ([]byte, []int)

Deprecated: Use FetchX509CASVIDRequest.ProtoReflect.Descriptor instead.

func (*FetchX509CASVIDRequest) GetCsr 

func (x *FetchX509CASVIDRequest) GetCsr() []byte

func (*FetchX509CASVIDRequest) ProtoMessage 

func (*FetchX509CASVIDRequest) ProtoMessage()

func (*FetchX509CASVIDRequest) ProtoReflect added in v0.12.0 

func (x *FetchX509CASVIDRequest) ProtoReflect() protoreflect.Message

func (*FetchX509CASVIDRequest) Reset 

func (x *FetchX509CASVIDRequest) Reset()

func (*FetchX509CASVIDRequest) String 

func (x *FetchX509CASVIDRequest) String() string

type FetchX509CASVIDResponse 

type FetchX509CASVIDResponse struct {
	Svid   *X509SVID      `protobuf:"bytes,1,opt,name=svid,proto3" json:"svid,omitempty"`
	Bundle *common.Bundle `protobuf:"bytes,2,opt,name=bundle,proto3" json:"bundle,omitempty"`
	// contains filtered or unexported fields
}

func (*FetchX509CASVIDResponse) Descriptor deprecated 

func (*FetchX509CASVIDResponse) Descriptor() ([]byte, []int)

Deprecated: Use FetchX509CASVIDResponse.ProtoReflect.Descriptor instead.

func (*FetchX509CASVIDResponse) GetBundle 

func (x *FetchX509CASVIDResponse) GetBundle() *common.Bundle

func (*FetchX509CASVIDResponse) GetSvid 

func (x *FetchX509CASVIDResponse) GetSvid() *X509SVID

func (*FetchX509CASVIDResponse) ProtoMessage 

func (*FetchX509CASVIDResponse) ProtoMessage()

func (*FetchX509CASVIDResponse) ProtoReflect added in v0.12.0 

func (x *FetchX509CASVIDResponse) ProtoReflect() protoreflect.Message

func (*FetchX509CASVIDResponse) Reset 

func (x *FetchX509CASVIDResponse) Reset()

func (*FetchX509CASVIDResponse) String 

func (x *FetchX509CASVIDResponse) String() string

type FetchX509SVIDRequest 

type FetchX509SVIDRequest struct {

	// A map of CSRs keyed by entry ID
	Csrs map[string][]byte `` /* 149-byte string literal not displayed */
	// contains filtered or unexported fields
}

Represents a request with a list of CSR.

func (*FetchX509SVIDRequest) Descriptor deprecated 

func (*FetchX509SVIDRequest) Descriptor() ([]byte, []int)

Deprecated: Use FetchX509SVIDRequest.ProtoReflect.Descriptor instead.

func (*FetchX509SVIDRequest) GetCsrs 

func (x *FetchX509SVIDRequest) GetCsrs() map[string][]byte

func (*FetchX509SVIDRequest) ProtoMessage 

func (*FetchX509SVIDRequest) ProtoMessage()

func (*FetchX509SVIDRequest) ProtoReflect added in v0.12.0 

func (x *FetchX509SVIDRequest) ProtoReflect() protoreflect.Message

func (*FetchX509SVIDRequest) Reset 

func (x *FetchX509SVIDRequest) Reset()

func (*FetchX509SVIDRequest) String 

func (x *FetchX509SVIDRequest) String() string

type FetchX509SVIDResponse 

type FetchX509SVIDResponse struct {

	// It includes a map of signed SVIDs and an array of all current Registration
	// Entries which are relevant to the caller SPIFFE ID.
	SvidUpdate *X509SVIDUpdate `protobuf:"bytes,1,opt,name=svid_update,json=svidUpdate,proto3" json:"svid_update,omitempty"`
	// contains filtered or unexported fields
}

Represents a response that contains map of signed SVIDs and an array of all current Registration Entries which are relevant to the caller SPIFFE ID.

func (*FetchX509SVIDResponse) Descriptor deprecated 

func (*FetchX509SVIDResponse) Descriptor() ([]byte, []int)

Deprecated: Use FetchX509SVIDResponse.ProtoReflect.Descriptor instead.

func (*FetchX509SVIDResponse) GetSvidUpdate 

func (x *FetchX509SVIDResponse) GetSvidUpdate() *X509SVIDUpdate

func (*FetchX509SVIDResponse) ProtoMessage 

func (*FetchX509SVIDResponse) ProtoMessage()

func (*FetchX509SVIDResponse) ProtoReflect added in v0.12.0 

func (x *FetchX509SVIDResponse) ProtoReflect() protoreflect.Message

func (*FetchX509SVIDResponse) Reset 

func (x *FetchX509SVIDResponse) Reset()

func (*FetchX509SVIDResponse) String 

func (x *FetchX509SVIDResponse) String() string

type JSR 

type JSR struct {

	// SPIFFE ID of the workload
	SpiffeId string `protobuf:"bytes,1,opt,name=spiffe_id,json=spiffeId,proto3" json:"spiffe_id,omitempty"`
	// List of intended audience
	Audience []string `protobuf:"bytes,2,rep,name=audience,proto3" json:"audience,omitempty"`
	// Time-to-live in seconds. If unspecified the JWT SVID will be assigned
	// a default time-to-live by the server.
	Ttl int32 `protobuf:"varint,3,opt,name=ttl,proto3" json:"ttl,omitempty"`
	// contains filtered or unexported fields
}

JSR is a JWT SVID signing request.

func (*JSR) Descriptor deprecated 

func (*JSR) Descriptor() ([]byte, []int)

Deprecated: Use JSR.ProtoReflect.Descriptor instead.

func (*JSR) GetAudience 

func (x *JSR) GetAudience() []string

func (*JSR) GetSpiffeId 

func (x *JSR) GetSpiffeId() string

func (*JSR) GetTtl 

func (x *JSR) GetTtl() int32

func (*JSR) ProtoMessage 

func (*JSR) ProtoMessage()

func (*JSR) ProtoReflect added in v0.12.0 

func (x *JSR) ProtoReflect() protoreflect.Message

func (*JSR) Reset 

func (x *JSR) Reset()

func (*JSR) String 

func (x *JSR) String() string

type JWTSVID 

type JWTSVID struct {

	// JWT-SVID JWT token
	Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	// SVID expiration timestamp (seconds since Unix epoch)
	ExpiresAt int64 `protobuf:"varint,2,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	// SVID issuance timestamp (seconds since Unix epoch)
	IssuedAt int64 `protobuf:"varint,3,opt,name=issued_at,json=issuedAt,proto3" json:"issued_at,omitempty"`
	// contains filtered or unexported fields
}

JWTSVID is a signed JWT-SVID with fields lifted out for convenience.

func (*JWTSVID) Descriptor deprecated 

func (*JWTSVID) Descriptor() ([]byte, []int)

Deprecated: Use JWTSVID.ProtoReflect.Descriptor instead.

func (*JWTSVID) GetExpiresAt 

func (x *JWTSVID) GetExpiresAt() int64

func (*JWTSVID) GetIssuedAt 

func (x *JWTSVID) GetIssuedAt() int64

func (*JWTSVID) GetToken 

func (x *JWTSVID) GetToken() string

func (*JWTSVID) ProtoMessage 

func (*JWTSVID) ProtoMessage()

func (*JWTSVID) ProtoReflect added in v0.12.0 

func (x *JWTSVID) ProtoReflect() protoreflect.Message

func (*JWTSVID) Reset 

func (x *JWTSVID) Reset()

func (*JWTSVID) String 

func (x *JWTSVID) String() string

type NodeClient 

type NodeClient interface {
	// Attest the node, get base node SVID.
	Attest(ctx context.Context, opts ...grpc.CallOption) (Node_AttestClient, error)
	// Get Workload, Node Agent certs and CA trust bundles. Also used for rotation
	// Base Node SVID or the Registered Node SVID used for this call)
	// List can be empty to allow Node Agent cache refresh).
	FetchX509SVID(ctx context.Context, opts ...grpc.CallOption) (Node_FetchX509SVIDClient, error)
	// Fetches a signed JWT-SVID for a workload intended for a specific audience.
	FetchJWTSVID(ctx context.Context, in *FetchJWTSVIDRequest, opts ...grpc.CallOption) (*FetchJWTSVIDResponse, error)
	// Fetches an X509 CA SVID for a downstream SPIRE server.
	FetchX509CASVID(ctx context.Context, in *FetchX509CASVIDRequest, opts ...grpc.CallOption) (*FetchX509CASVIDResponse, error)
	// PushJWTKeyUpstream pushes new public JWKs to upstream SPIRE Server, unless this
	// is the root server, in which case it stores the JWK in its bundle. Returns an
	// up-to-date list of the JWT signing keys stored in the bundle.
	PushJWTKeyUpstream(ctx context.Context, in *PushJWTKeyUpstreamRequest, opts ...grpc.CallOption) (*PushJWTKeyUpstreamResponse, error)
	// FetchBundle fetches the bundle of the local trust domain
	FetchBundle(ctx context.Context, in *FetchBundleRequest, opts ...grpc.CallOption) (*FetchBundleResponse, error)
}

NodeClient is the client API for Node service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewNodeClient 

func NewNodeClient(cc grpc.ClientConnInterface) NodeClient

type NodeServer 

type NodeServer interface {
	// Attest the node, get base node SVID.
	Attest(Node_AttestServer) error
	// Get Workload, Node Agent certs and CA trust bundles. Also used for rotation
	// Base Node SVID or the Registered Node SVID used for this call)
	// List can be empty to allow Node Agent cache refresh).
	FetchX509SVID(Node_FetchX509SVIDServer) error
	// Fetches a signed JWT-SVID for a workload intended for a specific audience.
	FetchJWTSVID(context.Context, *FetchJWTSVIDRequest) (*FetchJWTSVIDResponse, error)
	// Fetches an X509 CA SVID for a downstream SPIRE server.
	FetchX509CASVID(context.Context, *FetchX509CASVIDRequest) (*FetchX509CASVIDResponse, error)
	// PushJWTKeyUpstream pushes new public JWKs to upstream SPIRE Server, unless this
	// is the root server, in which case it stores the JWK in its bundle. Returns an
	// up-to-date list of the JWT signing keys stored in the bundle.
	PushJWTKeyUpstream(context.Context, *PushJWTKeyUpstreamRequest) (*PushJWTKeyUpstreamResponse, error)
	// FetchBundle fetches the bundle of the local trust domain
	FetchBundle(context.Context, *FetchBundleRequest) (*FetchBundleResponse, error)
	// contains filtered or unexported methods
}

NodeServer is the server API for Node service. All implementations must embed UnimplementedNodeServer for forward compatibility

type Node_AttestClient 

type Node_AttestClient interface {
	Send(*AttestRequest) error
	Recv() (*AttestResponse, error)
	grpc.ClientStream
}

type Node_AttestServer 

type Node_AttestServer interface {
	Send(*AttestResponse) error
	Recv() (*AttestRequest, error)
	grpc.ServerStream
}

type Node_FetchX509SVIDClient 

type Node_FetchX509SVIDClient interface {
	Send(*FetchX509SVIDRequest) error
	Recv() (*FetchX509SVIDResponse, error)
	grpc.ClientStream
}

type Node_FetchX509SVIDServer 

type Node_FetchX509SVIDServer interface {
	Send(*FetchX509SVIDResponse) error
	Recv() (*FetchX509SVIDRequest, error)
	grpc.ServerStream
}

type PushJWTKeyUpstreamRequest added in v0.10.0 

type PushJWTKeyUpstreamRequest struct {
	JwtKey *common.PublicKey `protobuf:"bytes,1,opt,name=jwt_key,json=jwtKey,proto3" json:"jwt_key,omitempty"`
	// contains filtered or unexported fields
}

func (*PushJWTKeyUpstreamRequest) Descriptor deprecated added in v0.10.0 

func (*PushJWTKeyUpstreamRequest) Descriptor() ([]byte, []int)

Deprecated: Use PushJWTKeyUpstreamRequest.ProtoReflect.Descriptor instead.

func (*PushJWTKeyUpstreamRequest) GetJwtKey added in v0.10.0 

func (x *PushJWTKeyUpstreamRequest) GetJwtKey() *common.PublicKey

func (*PushJWTKeyUpstreamRequest) ProtoMessage added in v0.10.0 

func (*PushJWTKeyUpstreamRequest) ProtoMessage()

func (*PushJWTKeyUpstreamRequest) ProtoReflect added in v0.12.0 

func (x *PushJWTKeyUpstreamRequest) ProtoReflect() protoreflect.Message

func (*PushJWTKeyUpstreamRequest) Reset added in v0.10.0 

func (x *PushJWTKeyUpstreamRequest) Reset()

func (*PushJWTKeyUpstreamRequest) String added in v0.10.0 

func (x *PushJWTKeyUpstreamRequest) String() string

type PushJWTKeyUpstreamResponse added in v0.10.0 

type PushJWTKeyUpstreamResponse struct {

	// up-to-date bundle of JWT signing keys
	JwtSigningKeys []*common.PublicKey `protobuf:"bytes,1,rep,name=jwt_signing_keys,json=jwtSigningKeys,proto3" json:"jwt_signing_keys,omitempty"`
	// contains filtered or unexported fields
}

func (*PushJWTKeyUpstreamResponse) Descriptor deprecated added in v0.10.0 

func (*PushJWTKeyUpstreamResponse) Descriptor() ([]byte, []int)

Deprecated: Use PushJWTKeyUpstreamResponse.ProtoReflect.Descriptor instead.

func (*PushJWTKeyUpstreamResponse) GetJwtSigningKeys added in v0.10.0 

func (x *PushJWTKeyUpstreamResponse) GetJwtSigningKeys() []*common.PublicKey

func (*PushJWTKeyUpstreamResponse) ProtoMessage added in v0.10.0 

func (*PushJWTKeyUpstreamResponse) ProtoMessage()

func (*PushJWTKeyUpstreamResponse) ProtoReflect added in v0.12.0 

func (x *PushJWTKeyUpstreamResponse) ProtoReflect() protoreflect.Message

func (*PushJWTKeyUpstreamResponse) Reset added in v0.10.0 

func (x *PushJWTKeyUpstreamResponse) Reset()

func (*PushJWTKeyUpstreamResponse) String added in v0.10.0 

func (x *PushJWTKeyUpstreamResponse) String() string

type UnimplementedNodeServer 

type UnimplementedNodeServer struct {
}

UnimplementedNodeServer must be embedded to have forward compatible implementations.

func (UnimplementedNodeServer) Attest 

func (UnimplementedNodeServer) Attest(Node_AttestServer) error

func (UnimplementedNodeServer) FetchBundle added in v0.10.0 

func (UnimplementedNodeServer) FetchBundle(context.Context, *FetchBundleRequest) (*FetchBundleResponse, error)

func (UnimplementedNodeServer) FetchJWTSVID 

func (UnimplementedNodeServer) FetchJWTSVID(context.Context, *FetchJWTSVIDRequest) (*FetchJWTSVIDResponse, error)

func (UnimplementedNodeServer) FetchX509CASVID 

func (UnimplementedNodeServer) FetchX509CASVID(context.Context, *FetchX509CASVIDRequest) (*FetchX509CASVIDResponse, error)

func (UnimplementedNodeServer) FetchX509SVID 

func (UnimplementedNodeServer) FetchX509SVID(Node_FetchX509SVIDServer) error

func (UnimplementedNodeServer) PushJWTKeyUpstream added in v0.10.0 

func (UnimplementedNodeServer) PushJWTKeyUpstream(context.Context, *PushJWTKeyUpstreamRequest) (*PushJWTKeyUpstreamResponse, error)

type UnsafeNodeServer added in v0.12.0 

type UnsafeNodeServer interface {
	// contains filtered or unexported methods
}

UnsafeNodeServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to NodeServer will result in compilation errors.

type X509SVID 

type X509SVID struct {

	// X509 SVID and intermediates necessary to form a chain of trust back
	// to a root CA in the bundle.
	CertChain []byte `protobuf:"bytes,3,opt,name=cert_chain,json=certChain,proto3" json:"cert_chain,omitempty"`
	// SVID expiration timestamp (in seconds since Unix epoch)
	ExpiresAt int64 `protobuf:"varint,2,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	// contains filtered or unexported fields
}

A type which contains the "Spiffe Verifiable Identity Document" and a TTL indicating when the SVID expires.

func (*X509SVID) Descriptor deprecated 

func (*X509SVID) Descriptor() ([]byte, []int)

Deprecated: Use X509SVID.ProtoReflect.Descriptor instead.

func (*X509SVID) GetCertChain 

func (x *X509SVID) GetCertChain() []byte

func (*X509SVID) GetExpiresAt 

func (x *X509SVID) GetExpiresAt() int64

func (*X509SVID) ProtoMessage 

func (*X509SVID) ProtoMessage()

func (*X509SVID) ProtoReflect added in v0.12.0 

func (x *X509SVID) ProtoReflect() protoreflect.Message

func (*X509SVID) Reset 

func (x *X509SVID) Reset()

func (*X509SVID) String 

func (x *X509SVID) String() string

type X509SVIDUpdate 

type X509SVIDUpdate struct {

	// A map containing SVID values keyed by:
	//  - SPIFFE ID in message 'AttestResponse'        (Map[SPIFFE_ID] => SVID)
	//  - Entry  ID in message 'FetchX509SVIDResponse' (Map[Entry_ID]  => SVID)
	Svids map[string]*X509SVID `` /* 151-byte string literal not displayed */
	// A type representing a curated record that the Spire Server uses to set up
	// and manage the various registered nodes and workloads that are controlled by it.
	RegistrationEntries []*common.RegistrationEntry `protobuf:"bytes,3,rep,name=registration_entries,json=registrationEntries,proto3" json:"registration_entries,omitempty"`
	// Trust bundles associated with the SVIDs, keyed by trust domain SPIFFE
	// ID. Bundles included are the trust bundle for the server trust domain
	// and any federated trust domain bundles applicable to the SVIDs.
	Bundles map[string]*common.Bundle `` /* 155-byte string literal not displayed */
	// contains filtered or unexported fields
}

A message returned by the Spire Server, which includes a map of signed SVIDs and a list of all current Registration Entries which are relevant to the caller SPIFFE ID.

func (*X509SVIDUpdate) Descriptor deprecated 

func (*X509SVIDUpdate) Descriptor() ([]byte, []int)

Deprecated: Use X509SVIDUpdate.ProtoReflect.Descriptor instead.

func (*X509SVIDUpdate) GetBundles 

func (x *X509SVIDUpdate) GetBundles() map[string]*common.Bundle

func (*X509SVIDUpdate) GetRegistrationEntries 

func (x *X509SVIDUpdate) GetRegistrationEntries() []*common.RegistrationEntry

func (*X509SVIDUpdate) GetSvids 

func (x *X509SVIDUpdate) GetSvids() map[string]*X509SVID

func (*X509SVIDUpdate) ProtoMessage 

func (*X509SVIDUpdate) ProtoMessage()

func (*X509SVIDUpdate) ProtoReflect added in v0.12.0 

func (x *X509SVIDUpdate) ProtoReflect() protoreflect.Message

func (*X509SVIDUpdate) Reset 

func (x *X509SVIDUpdate) Reset()

func (*X509SVIDUpdate) String 

func (x *X509SVIDUpdate) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.