istioca

package
v0.0.0-...-91af647 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 29, 2022 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// CertSigner info
	CertSigner = "CertSigner"
)

Variables

View Source 
var (
	NullValue_name = map[int32]string{
		0: "NULL_VALUE",
	}
	NullValue_value = map[string]int32{
		"NULL_VALUE": 0,
	}
)

Enum value maps for NullValue.

View Source 
var File_ca_proto protoreflect.FileDescriptor
View Source 
var IstioCertificateService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "istio.v1.auth.IstioCertificateService",
	HandlerType: (*IstioCertificateServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "CreateCertificate",
			Handler:    _IstioCertificateService_CreateCertificate_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "ca.proto",
}

IstioCertificateService_ServiceDesc is the grpc.ServiceDesc for IstioCertificateService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func RegisterIstioCertificateServiceServer 

func RegisterIstioCertificateServiceServer(s grpc.ServiceRegistrar, srv IstioCertificateServiceServer)

Types

type CitadelClient 

type CitadelClient struct {
	// contains filtered or unexported fields
}

func NewCitadelClient 

func NewCitadelClient(opts *Options) (*CitadelClient, error)

NewCitadelClient create a CA client for Citadel.

func (*CitadelClient) CSRSign 

func (c *CitadelClient) CSRSign(csrPEM []byte, certValidTTLInSec int64) ([]string, error)

CSR Sign calls Citadel to sign a CSR.

func (*CitadelClient) Close 

func (c *CitadelClient) Close()

func (*CitadelClient) GetRootCertBundle 

func (c *CitadelClient) GetRootCertBundle() ([]string, error)

GetRootCertBundle: Citadel (Istiod) CA doesn't publish any endpoint to retrieve CA certs

type IstioCertificateRequest 

type IstioCertificateRequest struct {

	// PEM-encoded certificate request.
	// The public key in the CSR is used to generate the certificate,
	// and other fields in the generated certificate may be overwritten by the CA.
	Csr string `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"`
	// Optional: requested certificate validity period, in seconds.
	ValidityDuration int64 `protobuf:"varint,3,opt,name=validity_duration,json=validityDuration,proto3" json:"validity_duration,omitempty"`
	// $hide_from_docs
	// Optional: Opaque metadata provided by the XDS node to Istio.
	// Supported metadata: WorkloadName, WorkloadIP, ClusterID
	Metadata *Struct `protobuf:"bytes,4,opt,name=metadata,proto3" json:"metadata,omitempty"`
	// contains filtered or unexported fields
}

Certificate request message. The authentication should be based on: 1. Bearer tokens carried in the side channel; 2. Client-side certificate via Mutual TLS handshake. Note: the service implementation is REQUIRED to verify the authenticated caller is authorize to all SANs in the CSR. The server side may overwrite any requested certificate field based on its policies.

func (*IstioCertificateRequest) Descriptor deprecated 

func (*IstioCertificateRequest) Descriptor() ([]byte, []int)

Deprecated: Use IstioCertificateRequest.ProtoReflect.Descriptor instead.

func (*IstioCertificateRequest) GetCsr 

func (x *IstioCertificateRequest) GetCsr() string

func (*IstioCertificateRequest) GetMetadata 

func (x *IstioCertificateRequest) GetMetadata() *Struct

func (*IstioCertificateRequest) GetValidityDuration 

func (x *IstioCertificateRequest) GetValidityDuration() int64

func (*IstioCertificateRequest) ProtoMessage 

func (*IstioCertificateRequest) ProtoMessage()

func (*IstioCertificateRequest) ProtoReflect 

func (x *IstioCertificateRequest) ProtoReflect() protoreflect.Message

func (*IstioCertificateRequest) Reset 

func (x *IstioCertificateRequest) Reset()

func (*IstioCertificateRequest) String 

func (x *IstioCertificateRequest) String() string

type IstioCertificateResponse 

type IstioCertificateResponse struct {

	// PEM-encoded certificate chain.
	// The leaf cert is the first element, and the root cert is the last element.
	CertChain []string `protobuf:"bytes,1,rep,name=cert_chain,json=certChain,proto3" json:"cert_chain,omitempty"`
	// contains filtered or unexported fields
}

Certificate response message.

func (*IstioCertificateResponse) Descriptor deprecated 

func (*IstioCertificateResponse) Descriptor() ([]byte, []int)

Deprecated: Use IstioCertificateResponse.ProtoReflect.Descriptor instead.

func (*IstioCertificateResponse) GetCertChain 

func (x *IstioCertificateResponse) GetCertChain() []string

func (*IstioCertificateResponse) ProtoMessage 

func (*IstioCertificateResponse) ProtoMessage()

func (*IstioCertificateResponse) ProtoReflect 

func (x *IstioCertificateResponse) ProtoReflect() protoreflect.Message

func (*IstioCertificateResponse) Reset 

func (x *IstioCertificateResponse) Reset()

func (*IstioCertificateResponse) String 

func (x *IstioCertificateResponse) String() string

type IstioCertificateServiceClient 

type IstioCertificateServiceClient interface {
	// Using provided CSR, returns a signed certificate.
	CreateCertificate(ctx context.Context, in *IstioCertificateRequest, opts ...grpc.CallOption) (*IstioCertificateResponse, error)
}

IstioCertificateServiceClient is the client API for IstioCertificateService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewIstioCertificateServiceClient 

func NewIstioCertificateServiceClient(cc grpc.ClientConnInterface) IstioCertificateServiceClient

type IstioCertificateServiceServer 

type IstioCertificateServiceServer interface {
	// Using provided CSR, returns a signed certificate.
	CreateCertificate(context.Context, *IstioCertificateRequest) (*IstioCertificateResponse, error)
	// contains filtered or unexported methods
}

IstioCertificateServiceServer is the server API for IstioCertificateService service. All implementations must embed UnimplementedIstioCertificateServiceServer for forward compatibility

type ListValue 

type ListValue struct {

	// Repeated field of dynamically typed values.
	Values []*Value `protobuf:"bytes,1,rep,name=values,proto3" json:"values,omitempty"`
	// contains filtered or unexported fields
}

`ListValue` is a wrapper around a repeated field of values.

The JSON representation for `ListValue` is JSON array.

func (*ListValue) Descriptor deprecated 

func (*ListValue) Descriptor() ([]byte, []int)

Deprecated: Use ListValue.ProtoReflect.Descriptor instead.

func (*ListValue) GetValues 

func (x *ListValue) GetValues() []*Value

func (*ListValue) ProtoMessage 

func (*ListValue) ProtoMessage()

func (*ListValue) ProtoReflect 

func (x *ListValue) ProtoReflect() protoreflect.Message

func (*ListValue) Reset 

func (x *ListValue) Reset()

func (*ListValue) String 

func (x *ListValue) String() string

type NullValue 

type NullValue int32

`NullValue` is a singleton enumeration to represent the null value for the `Value` type union. 

The JSON representation for `NullValue` is JSON `null`.

const (
	// Null value.
	NullValue_NULL_VALUE NullValue = 0
)

func (NullValue) Descriptor 

func (NullValue) Descriptor() protoreflect.EnumDescriptor

func (NullValue) Enum 

func (x NullValue) Enum() *NullValue

func (NullValue) EnumDescriptor deprecated 

func (NullValue) EnumDescriptor() ([]byte, []int)

Deprecated: Use NullValue.Descriptor instead.

func (NullValue) Number 

func (x NullValue) Number() protoreflect.EnumNumber

func (NullValue) String 

func (x NullValue) String() string

func (NullValue) Type 

func (NullValue) Type() protoreflect.EnumType

type Options 

type Options struct {
	CAEndpoint    string
	CAEndpointSAN string

	TokenProvider credentials.PerRPCCredentials
	GRPCOptions   []grpc.DialOption

	CertSigner string
	ClusterID  string

	TrustedRoots *x509.CertPool

	// ProvCert contains a long-lived 'provider' certificate that will be
	// exchanged with the workload certificate.
	// It is a cert signed by same CA (or a CA trusted by Istiod).
	// It is still exchanged because Istiod may add info to the cert.
	ProvCert string
}

type Struct 

type Struct struct {

	// Unordered map of dynamically typed values.
	Fields map[string]*Value `` /* 153-byte string literal not displayed */
	// contains filtered or unexported fields
}

Duplicated to avoid dependnecy to struct.proto `Struct` represents a structured data value, consisting of fields which map to dynamically typed values. In some languages, `Struct` might be supported by a native representation. For example, in scripting languages like JS a struct is represented as an object. The details of that representation are described together with the proto support for the language.

The JSON representation for `Struct` is JSON object.

func (*Struct) Descriptor deprecated 

func (*Struct) Descriptor() ([]byte, []int)

Deprecated: Use Struct.ProtoReflect.Descriptor instead.

func (*Struct) GetFields 

func (x *Struct) GetFields() map[string]*Value

func (*Struct) ProtoMessage 

func (*Struct) ProtoMessage()

func (*Struct) ProtoReflect 

func (x *Struct) ProtoReflect() protoreflect.Message

func (*Struct) Reset 

func (x *Struct) Reset()

func (*Struct) String 

func (x *Struct) String() string

type UnimplementedIstioCertificateServiceServer 

type UnimplementedIstioCertificateServiceServer struct {
}

UnimplementedIstioCertificateServiceServer must be embedded to have forward compatible implementations.

func (UnimplementedIstioCertificateServiceServer) CreateCertificate 

func (UnimplementedIstioCertificateServiceServer) CreateCertificate(context.Context, *IstioCertificateRequest) (*IstioCertificateResponse, error)

type UnsafeIstioCertificateServiceServer 

type UnsafeIstioCertificateServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeIstioCertificateServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to IstioCertificateServiceServer will result in compilation errors.

type Value 

type Value struct {

	// The kind of value.
	//
	// Types that are assignable to Kind:
	//	*Value_NullValue
	//	*Value_NumberValue
	//	*Value_StringValue
	//	*Value_BoolValue
	//	*Value_StructValue
	//	*Value_ListValue
	Kind isValue_Kind `protobuf_oneof:"kind"`
	// contains filtered or unexported fields
}

`Value` represents a dynamically typed value which can be either null, a number, a string, a boolean, a recursive struct value, or a list of values. A producer of value is expected to set one of that variants, absence of any variant indicates an error.

The JSON representation for `Value` is JSON value.

func (*Value) Descriptor deprecated 

func (*Value) Descriptor() ([]byte, []int)

Deprecated: Use Value.ProtoReflect.Descriptor instead.

func (*Value) GetBoolValue 

func (x *Value) GetBoolValue() bool

func (*Value) GetKind 

func (m *Value) GetKind() isValue_Kind

func (*Value) GetListValue 

func (x *Value) GetListValue() *ListValue

func (*Value) GetNullValue 

func (x *Value) GetNullValue() NullValue

func (*Value) GetNumberValue 

func (x *Value) GetNumberValue() float64

func (*Value) GetStringValue 

func (x *Value) GetStringValue() string

func (*Value) GetStructValue 

func (x *Value) GetStructValue() *Struct

func (*Value) ProtoMessage 

func (*Value) ProtoMessage()

func (*Value) ProtoReflect 

func (x *Value) ProtoReflect() protoreflect.Message

func (*Value) Reset 

func (x *Value) Reset()

func (*Value) String 

func (x *Value) String() string

type Value_BoolValue 

type Value_BoolValue struct {
	// Represents a boolean value.
	BoolValue bool `protobuf:"varint,4,opt,name=bool_value,json=boolValue,proto3,oneof"`
}

type Value_ListValue 

type Value_ListValue struct {
	// Represents a repeated `Value`.
	ListValue *ListValue `protobuf:"bytes,6,opt,name=list_value,json=listValue,proto3,oneof"`
}

type Value_NullValue 

type Value_NullValue struct {
	// Represents a null value.
	NullValue NullValue `protobuf:"varint,1,opt,name=null_value,json=nullValue,proto3,enum=istio.v1.auth.NullValue,oneof"`
}

type Value_NumberValue 

type Value_NumberValue struct {
	// Represents a double value.
	NumberValue float64 `protobuf:"fixed64,2,opt,name=number_value,json=numberValue,proto3,oneof"`
}

type Value_StringValue 

type Value_StringValue struct {
	// Represents a string value.
	StringValue string `protobuf:"bytes,3,opt,name=string_value,json=stringValue,proto3,oneof"`
}

type Value_StructValue 

type Value_StructValue struct {
	// Represents a structured value.
	StructValue *Struct `protobuf:"bytes,5,opt,name=struct_value,json=structValue,proto3,oneof"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.