devicetrustv1

package
v0.0.0-...-df39993 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 3, 2024 License: Apache-2.0 Imports: 12 Imported by: 10

Documentation

Index

Constants

View Source 
const (
	DeviceTrustService_CreateDevice_FullMethodName                   = "/teleport.devicetrust.v1.DeviceTrustService/CreateDevice"
	DeviceTrustService_UpdateDevice_FullMethodName                   = "/teleport.devicetrust.v1.DeviceTrustService/UpdateDevice"
	DeviceTrustService_UpsertDevice_FullMethodName                   = "/teleport.devicetrust.v1.DeviceTrustService/UpsertDevice"
	DeviceTrustService_DeleteDevice_FullMethodName                   = "/teleport.devicetrust.v1.DeviceTrustService/DeleteDevice"
	DeviceTrustService_FindDevices_FullMethodName                    = "/teleport.devicetrust.v1.DeviceTrustService/FindDevices"
	DeviceTrustService_GetDevice_FullMethodName                      = "/teleport.devicetrust.v1.DeviceTrustService/GetDevice"
	DeviceTrustService_ListDevices_FullMethodName                    = "/teleport.devicetrust.v1.DeviceTrustService/ListDevices"
	DeviceTrustService_BulkCreateDevices_FullMethodName              = "/teleport.devicetrust.v1.DeviceTrustService/BulkCreateDevices"
	DeviceTrustService_CreateDeviceEnrollToken_FullMethodName        = "/teleport.devicetrust.v1.DeviceTrustService/CreateDeviceEnrollToken"
	DeviceTrustService_EnrollDevice_FullMethodName                   = "/teleport.devicetrust.v1.DeviceTrustService/EnrollDevice"
	DeviceTrustService_AuthenticateDevice_FullMethodName             = "/teleport.devicetrust.v1.DeviceTrustService/AuthenticateDevice"
	DeviceTrustService_ConfirmDeviceWebAuthentication_FullMethodName = "/teleport.devicetrust.v1.DeviceTrustService/ConfirmDeviceWebAuthentication"
	DeviceTrustService_SyncInventory_FullMethodName                  = "/teleport.devicetrust.v1.DeviceTrustService/SyncInventory"
	DeviceTrustService_GetDevicesUsage_FullMethodName                = "/teleport.devicetrust.v1.DeviceTrustService/GetDevicesUsage"
)

Variables

View Source 
var (
	DeviceAttestationType_name = map[int32]string{
		0: "DEVICE_ATTESTATION_TYPE_UNSPECIFIED",
		1: "DEVICE_ATTESTATION_TYPE_TPM_EKPUB",
		2: "DEVICE_ATTESTATION_TYPE_TPM_EKCERT",
		3: "DEVICE_ATTESTATION_TYPE_TPM_EKCERT_TRUSTED",
	}
	DeviceAttestationType_value = map[string]int32{
		"DEVICE_ATTESTATION_TYPE_UNSPECIFIED":        0,
		"DEVICE_ATTESTATION_TYPE_TPM_EKPUB":          1,
		"DEVICE_ATTESTATION_TYPE_TPM_EKCERT":         2,
		"DEVICE_ATTESTATION_TYPE_TPM_EKCERT_TRUSTED": 3,
	}
)

Enum value maps for DeviceAttestationType.

View Source 
var (
	DeviceEnrollStatus_name = map[int32]string{
		0: "DEVICE_ENROLL_STATUS_UNSPECIFIED",
		1: "DEVICE_ENROLL_STATUS_NOT_ENROLLED",
		2: "DEVICE_ENROLL_STATUS_ENROLLED",
	}
	DeviceEnrollStatus_value = map[string]int32{
		"DEVICE_ENROLL_STATUS_UNSPECIFIED":  0,
		"DEVICE_ENROLL_STATUS_NOT_ENROLLED": 1,
		"DEVICE_ENROLL_STATUS_ENROLLED":     2,
	}
)

Enum value maps for DeviceEnrollStatus.

View Source 
var (
	DeviceOrigin_name = map[int32]string{
		0: "DEVICE_ORIGIN_UNSPECIFIED",
		1: "DEVICE_ORIGIN_API",
		2: "DEVICE_ORIGIN_JAMF",
		3: "DEVICE_ORIGIN_INTUNE",
	}
	DeviceOrigin_value = map[string]int32{
		"DEVICE_ORIGIN_UNSPECIFIED": 0,
		"DEVICE_ORIGIN_API":         1,
		"DEVICE_ORIGIN_JAMF":        2,
		"DEVICE_ORIGIN_INTUNE":      3,
	}
)

Enum value maps for DeviceOrigin.

View Source 
var (
	DeviceView_name = map[int32]string{
		0: "DEVICE_VIEW_UNSPECIFIED",
		1: "DEVICE_VIEW_LIST",
		2: "DEVICE_VIEW_RESOURCE",
	}
	DeviceView_value = map[string]int32{
		"DEVICE_VIEW_UNSPECIFIED": 0,
		"DEVICE_VIEW_LIST":        1,
		"DEVICE_VIEW_RESOURCE":    2,
	}
)

Enum value maps for DeviceView.

View Source 
var (
	OSType_name = map[int32]string{
		0: "OS_TYPE_UNSPECIFIED",
		1: "OS_TYPE_LINUX",
		2: "OS_TYPE_MACOS",
		3: "OS_TYPE_WINDOWS",
	}
	OSType_value = map[string]int32{
		"OS_TYPE_UNSPECIFIED": 0,
		"OS_TYPE_LINUX":       1,
		"OS_TYPE_MACOS":       2,
		"OS_TYPE_WINDOWS":     3,
	}
)

Enum value maps for OSType.

View Source 
var (
	AccountUsageType_name = map[int32]string{
		0: "ACCOUNT_USAGE_TYPE_UNSPECIFIED",
		1: "ACCOUNT_USAGE_TYPE_UNLIMITED",
		2: "ACCOUNT_USAGE_TYPE_USAGE_BASED",
	}
	AccountUsageType_value = map[string]int32{
		"ACCOUNT_USAGE_TYPE_UNSPECIFIED": 0,
		"ACCOUNT_USAGE_TYPE_UNLIMITED":   1,
		"ACCOUNT_USAGE_TYPE_USAGE_BASED": 2,
	}
)

Enum value maps for AccountUsageType.

View Source 
var DeviceTrustService_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "teleport.devicetrust.v1.DeviceTrustService",
	HandlerType: (*DeviceTrustServiceServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "CreateDevice",
			Handler:    _DeviceTrustService_CreateDevice_Handler,
		},
		{
			MethodName: "UpdateDevice",
			Handler:    _DeviceTrustService_UpdateDevice_Handler,
		},
		{
			MethodName: "UpsertDevice",
			Handler:    _DeviceTrustService_UpsertDevice_Handler,
		},
		{
			MethodName: "DeleteDevice",
			Handler:    _DeviceTrustService_DeleteDevice_Handler,
		},
		{
			MethodName: "FindDevices",
			Handler:    _DeviceTrustService_FindDevices_Handler,
		},
		{
			MethodName: "GetDevice",
			Handler:    _DeviceTrustService_GetDevice_Handler,
		},
		{
			MethodName: "ListDevices",
			Handler:    _DeviceTrustService_ListDevices_Handler,
		},
		{
			MethodName: "BulkCreateDevices",
			Handler:    _DeviceTrustService_BulkCreateDevices_Handler,
		},
		{
			MethodName: "CreateDeviceEnrollToken",
			Handler:    _DeviceTrustService_CreateDeviceEnrollToken_Handler,
		},
		{
			MethodName: "ConfirmDeviceWebAuthentication",
			Handler:    _DeviceTrustService_ConfirmDeviceWebAuthentication_Handler,
		},
		{
			MethodName: "GetDevicesUsage",
			Handler:    _DeviceTrustService_GetDevicesUsage_Handler,
		},
	},
	Streams: []grpc.StreamDesc{
		{
			StreamName:    "EnrollDevice",
			Handler:       _DeviceTrustService_EnrollDevice_Handler,
			ServerStreams: true,
			ClientStreams: true,
		},
		{
			StreamName:    "AuthenticateDevice",
			Handler:       _DeviceTrustService_AuthenticateDevice_Handler,
			ServerStreams: true,
			ClientStreams: true,
		},
		{
			StreamName:    "SyncInventory",
			Handler:       _DeviceTrustService_SyncInventory_Handler,
			ServerStreams: true,
			ClientStreams: true,
		},
	},
	Metadata: "teleport/devicetrust/v1/devicetrust_service.proto",
}

DeviceTrustService_ServiceDesc is the grpc.ServiceDesc for DeviceTrustService service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

View Source 
var File_teleport_devicetrust_v1_device_collected_data_proto protoreflect.FileDescriptor
View Source 
var File_teleport_devicetrust_v1_device_confirmation_token_proto protoreflect.FileDescriptor
View Source 
var File_teleport_devicetrust_v1_device_enroll_token_proto protoreflect.FileDescriptor
View Source 
var File_teleport_devicetrust_v1_device_profile_proto protoreflect.FileDescriptor
View Source 
var File_teleport_devicetrust_v1_device_proto protoreflect.FileDescriptor
View Source 
var File_teleport_devicetrust_v1_device_source_proto protoreflect.FileDescriptor
View Source 
var File_teleport_devicetrust_v1_device_web_token_proto protoreflect.FileDescriptor
View Source 
var File_teleport_devicetrust_v1_devicetrust_service_proto protoreflect.FileDescriptor
View Source 
var File_teleport_devicetrust_v1_os_type_proto protoreflect.FileDescriptor
View Source 
var File_teleport_devicetrust_v1_tpm_proto protoreflect.FileDescriptor
View Source 
var File_teleport_devicetrust_v1_usage_proto protoreflect.FileDescriptor
View Source 
var File_teleport_devicetrust_v1_user_certificates_proto protoreflect.FileDescriptor

Functions

func RegisterDeviceTrustServiceServer 

func RegisterDeviceTrustServiceServer(s grpc.ServiceRegistrar, srv DeviceTrustServiceServer)

Types

type AccountUsageType 

type AccountUsageType int32

Superseded by ResourceUsageService.GetUsage. 

const (
	AccountUsageType_ACCOUNT_USAGE_TYPE_UNSPECIFIED AccountUsageType = 0
	AccountUsageType_ACCOUNT_USAGE_TYPE_UNLIMITED   AccountUsageType = 1
	AccountUsageType_ACCOUNT_USAGE_TYPE_USAGE_BASED AccountUsageType = 2
)

func (AccountUsageType) Descriptor 

func (AccountUsageType) Descriptor() protoreflect.EnumDescriptor

func (AccountUsageType) Enum 

func (x AccountUsageType) Enum() *AccountUsageType

func (AccountUsageType) EnumDescriptor deprecated 

func (AccountUsageType) EnumDescriptor() ([]byte, []int)

Deprecated: Use AccountUsageType.Descriptor instead.

func (AccountUsageType) Number 

func (x AccountUsageType) Number() protoreflect.EnumNumber

func (AccountUsageType) String 

func (x AccountUsageType) String() string

func (AccountUsageType) Type 

func (AccountUsageType) Type() protoreflect.EnumType

type AuthenticateDeviceChallenge 

type AuthenticateDeviceChallenge struct {

	// Randomly-generated, opaque challenge to be signed using the device key.
	Challenge []byte `protobuf:"bytes,1,opt,name=challenge,proto3" json:"challenge,omitempty"`
	// contains filtered or unexported fields
}

AuthenticateDeviceChallenge carries the authentication challenge.

func (*AuthenticateDeviceChallenge) Descriptor deprecated 

func (*AuthenticateDeviceChallenge) Descriptor() ([]byte, []int)

Deprecated: Use AuthenticateDeviceChallenge.ProtoReflect.Descriptor instead.

func (*AuthenticateDeviceChallenge) GetChallenge 

func (x *AuthenticateDeviceChallenge) GetChallenge() []byte

func (*AuthenticateDeviceChallenge) ProtoMessage 

func (*AuthenticateDeviceChallenge) ProtoMessage()

func (*AuthenticateDeviceChallenge) ProtoReflect 

func (x *AuthenticateDeviceChallenge) ProtoReflect() protoreflect.Message

func (*AuthenticateDeviceChallenge) Reset 

func (x *AuthenticateDeviceChallenge) Reset()

func (*AuthenticateDeviceChallenge) String 

func (x *AuthenticateDeviceChallenge) String() string

type AuthenticateDeviceChallengeResponse 

type AuthenticateDeviceChallengeResponse struct {

	// Signature over the challenge, using the device key.
	Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
	// contains filtered or unexported fields
}

AuthenticateDeviceChallengeResponse carries the authentication challenge response.

func (*AuthenticateDeviceChallengeResponse) Descriptor deprecated 

func (*AuthenticateDeviceChallengeResponse) Descriptor() ([]byte, []int)

Deprecated: Use AuthenticateDeviceChallengeResponse.ProtoReflect.Descriptor instead.

func (*AuthenticateDeviceChallengeResponse) GetSignature 

func (x *AuthenticateDeviceChallengeResponse) GetSignature() []byte

func (*AuthenticateDeviceChallengeResponse) ProtoMessage 

func (*AuthenticateDeviceChallengeResponse) ProtoMessage()

func (*AuthenticateDeviceChallengeResponse) ProtoReflect 

func (x *AuthenticateDeviceChallengeResponse) ProtoReflect() protoreflect.Message

func (*AuthenticateDeviceChallengeResponse) Reset 

func (x *AuthenticateDeviceChallengeResponse) Reset()

func (*AuthenticateDeviceChallengeResponse) String 

func (x *AuthenticateDeviceChallengeResponse) String() string

type AuthenticateDeviceInit 

type AuthenticateDeviceInit struct {

	// In-band user certificates to augment with device extensions.
	//   - The x509 certificate is acquired from the mTLS connection, thus the
	//     in-band certificate is ignored.
	//   - All certificates must be valid and issued by the Teleport CA.
	//   - All certificates must match (same public key, same Teleport user, plus
	//     whatever additional checks the backend sees fit).
	//   - Augmented certificates have the same expiration as the original
	//     certificates.
	UserCertificates *UserCertificates `protobuf:"bytes,1,opt,name=user_certificates,json=userCertificates,proto3" json:"user_certificates,omitempty"`
	// ID of the enrolled device credential.
	CredentialId string `protobuf:"bytes,2,opt,name=credential_id,json=credentialId,proto3" json:"credential_id,omitempty"`
	// Device collected data.
	// Matched against the device registration information and any previously
	// collected data.
	DeviceData *DeviceCollectedData `protobuf:"bytes,3,opt,name=device_data,json=deviceData,proto3" json:"device_data,omitempty"`
	// If present, on-behalf-of device authentication is performed.
	// The user_certificates input field is ignored and no certificate data is
	// returned to the caller, instead a confirmation_token is returned in
	// the last step.
	//
	// See ConfirmDeviceWebAuthentication.
	DeviceWebToken *DeviceWebToken `protobuf:"bytes,4,opt,name=device_web_token,json=deviceWebToken,proto3" json:"device_web_token,omitempty"`
	// contains filtered or unexported fields
}

AuthenticateDeviceInit initiates the device authentication ceremony.

func (*AuthenticateDeviceInit) Descriptor deprecated 

func (*AuthenticateDeviceInit) Descriptor() ([]byte, []int)

Deprecated: Use AuthenticateDeviceInit.ProtoReflect.Descriptor instead.

func (*AuthenticateDeviceInit) GetCredentialId 

func (x *AuthenticateDeviceInit) GetCredentialId() string

func (*AuthenticateDeviceInit) GetDeviceData 

func (x *AuthenticateDeviceInit) GetDeviceData() *DeviceCollectedData

func (*AuthenticateDeviceInit) GetDeviceWebToken 

func (x *AuthenticateDeviceInit) GetDeviceWebToken() *DeviceWebToken

func (*AuthenticateDeviceInit) GetUserCertificates 

func (x *AuthenticateDeviceInit) GetUserCertificates() *UserCertificates

func (*AuthenticateDeviceInit) ProtoMessage 

func (*AuthenticateDeviceInit) ProtoMessage()

func (*AuthenticateDeviceInit) ProtoReflect 

func (x *AuthenticateDeviceInit) ProtoReflect() protoreflect.Message

func (*AuthenticateDeviceInit) Reset 

func (x *AuthenticateDeviceInit) Reset()

func (*AuthenticateDeviceInit) String 

func (x *AuthenticateDeviceInit) String() string

type AuthenticateDeviceRequest 

type AuthenticateDeviceRequest struct {

	// Types that are assignable to Payload:
	//
	//	*AuthenticateDeviceRequest_Init
	//	*AuthenticateDeviceRequest_ChallengeResponse
	//	*AuthenticateDeviceRequest_TpmChallengeResponse
	Payload isAuthenticateDeviceRequest_Payload `protobuf_oneof:"payload"`
	// contains filtered or unexported fields
}

Request for AuthenticateDevice.

Authentication ceremony flow: -> AuthenticateDeviceInit (client) <- AuthenticateDeviceChallenge (server) -> AuthenticateDeviceChallengeResponse <- UserCertificates (regular authn) or ConfirmationToken (web authn)

func (*AuthenticateDeviceRequest) Descriptor deprecated 

func (*AuthenticateDeviceRequest) Descriptor() ([]byte, []int)

Deprecated: Use AuthenticateDeviceRequest.ProtoReflect.Descriptor instead.

func (*AuthenticateDeviceRequest) GetChallengeResponse 

func (x *AuthenticateDeviceRequest) GetChallengeResponse() *AuthenticateDeviceChallengeResponse

func (*AuthenticateDeviceRequest) GetInit 

func (x *AuthenticateDeviceRequest) GetInit() *AuthenticateDeviceInit

func (*AuthenticateDeviceRequest) GetPayload 

func (m *AuthenticateDeviceRequest) GetPayload() isAuthenticateDeviceRequest_Payload

func (*AuthenticateDeviceRequest) GetTpmChallengeResponse 

func (x *AuthenticateDeviceRequest) GetTpmChallengeResponse() *TPMAuthenticateDeviceChallengeResponse

func (*AuthenticateDeviceRequest) ProtoMessage 

func (*AuthenticateDeviceRequest) ProtoMessage()

func (*AuthenticateDeviceRequest) ProtoReflect 

func (x *AuthenticateDeviceRequest) ProtoReflect() protoreflect.Message

func (*AuthenticateDeviceRequest) Reset 

func (x *AuthenticateDeviceRequest) Reset()

func (*AuthenticateDeviceRequest) String 

func (x *AuthenticateDeviceRequest) String() string

type AuthenticateDeviceRequest_ChallengeResponse 

type AuthenticateDeviceRequest_ChallengeResponse struct {
	ChallengeResponse *AuthenticateDeviceChallengeResponse `protobuf:"bytes,2,opt,name=challenge_response,json=challengeResponse,proto3,oneof"`
}

type AuthenticateDeviceRequest_Init 

type AuthenticateDeviceRequest_Init struct {
	Init *AuthenticateDeviceInit `protobuf:"bytes,1,opt,name=init,proto3,oneof"`
}

type AuthenticateDeviceRequest_TpmChallengeResponse 

type AuthenticateDeviceRequest_TpmChallengeResponse struct {
	TpmChallengeResponse *TPMAuthenticateDeviceChallengeResponse `protobuf:"bytes,3,opt,name=tpm_challenge_response,json=tpmChallengeResponse,proto3,oneof"`
}

type AuthenticateDeviceResponse 

type AuthenticateDeviceResponse struct {

	// Types that are assignable to Payload:
	//
	//	*AuthenticateDeviceResponse_Challenge
	//	*AuthenticateDeviceResponse_UserCertificates
	//	*AuthenticateDeviceResponse_TpmChallenge
	//	*AuthenticateDeviceResponse_ConfirmationToken
	Payload isAuthenticateDeviceResponse_Payload `protobuf_oneof:"payload"`
	// contains filtered or unexported fields
}

Response for AuthenticateDevice.

func (*AuthenticateDeviceResponse) Descriptor deprecated 

func (*AuthenticateDeviceResponse) Descriptor() ([]byte, []int)

Deprecated: Use AuthenticateDeviceResponse.ProtoReflect.Descriptor instead.

func (*AuthenticateDeviceResponse) GetChallenge 

func (x *AuthenticateDeviceResponse) GetChallenge() *AuthenticateDeviceChallenge

func (*AuthenticateDeviceResponse) GetConfirmationToken 

func (x *AuthenticateDeviceResponse) GetConfirmationToken() *DeviceConfirmationToken

func (*AuthenticateDeviceResponse) GetPayload 

func (m *AuthenticateDeviceResponse) GetPayload() isAuthenticateDeviceResponse_Payload

func (*AuthenticateDeviceResponse) GetTpmChallenge 

func (x *AuthenticateDeviceResponse) GetTpmChallenge() *TPMAuthenticateDeviceChallenge

func (*AuthenticateDeviceResponse) GetUserCertificates 

func (x *AuthenticateDeviceResponse) GetUserCertificates() *UserCertificates

func (*AuthenticateDeviceResponse) ProtoMessage 

func (*AuthenticateDeviceResponse) ProtoMessage()

func (*AuthenticateDeviceResponse) ProtoReflect 

func (x *AuthenticateDeviceResponse) ProtoReflect() protoreflect.Message

func (*AuthenticateDeviceResponse) Reset 

func (x *AuthenticateDeviceResponse) Reset()

func (*AuthenticateDeviceResponse) String 

func (x *AuthenticateDeviceResponse) String() string

type AuthenticateDeviceResponse_Challenge 

type AuthenticateDeviceResponse_Challenge struct {
	Challenge *AuthenticateDeviceChallenge `protobuf:"bytes,1,opt,name=challenge,proto3,oneof"`
}

type AuthenticateDeviceResponse_ConfirmationToken 

type AuthenticateDeviceResponse_ConfirmationToken struct {
	// A confirmation token is returned as the result of a successful device web
	// authentication.
	//
	// See AuthenticateDeviceInit.device_web_token.
	ConfirmationToken *DeviceConfirmationToken `protobuf:"bytes,4,opt,name=confirmation_token,json=confirmationToken,proto3,oneof"`
}

type AuthenticateDeviceResponse_TpmChallenge 

type AuthenticateDeviceResponse_TpmChallenge struct {
	TpmChallenge *TPMAuthenticateDeviceChallenge `protobuf:"bytes,3,opt,name=tpm_challenge,json=tpmChallenge,proto3,oneof"`
}

type AuthenticateDeviceResponse_UserCertificates 

type AuthenticateDeviceResponse_UserCertificates struct {
	// User certificates are returned as the result of a successful device
	// authentication attempt ("regular" or non-web authentication).
	UserCertificates *UserCertificates `protobuf:"bytes,2,opt,name=user_certificates,json=userCertificates,proto3,oneof"`
}

type BulkCreateDevicesRequest 

type BulkCreateDevicesRequest struct {

	// Devices to create.
	Devices []*Device `protobuf:"bytes,1,rep,name=devices,proto3" json:"devices,omitempty"`
	// If true, create the device as a Teleport resource, meaning that fields that
	// are usually considered read-only or system managed are copied as provided
	// to storage.
	// Prefer using non-resource creation semantics if possible.
	CreateAsResource bool `protobuf:"varint,2,opt,name=create_as_resource,json=createAsResource,proto3" json:"create_as_resource,omitempty"`
	// contains filtered or unexported fields
}

Request for BulkCreateDevices.

func (*BulkCreateDevicesRequest) Descriptor deprecated 

func (*BulkCreateDevicesRequest) Descriptor() ([]byte, []int)

Deprecated: Use BulkCreateDevicesRequest.ProtoReflect.Descriptor instead.

func (*BulkCreateDevicesRequest) GetCreateAsResource 

func (x *BulkCreateDevicesRequest) GetCreateAsResource() bool

func (*BulkCreateDevicesRequest) GetDevices 

func (x *BulkCreateDevicesRequest) GetDevices() []*Device

func (*BulkCreateDevicesRequest) ProtoMessage 

func (*BulkCreateDevicesRequest) ProtoMessage()

func (*BulkCreateDevicesRequest) ProtoReflect 

func (x *BulkCreateDevicesRequest) ProtoReflect() protoreflect.Message

func (*BulkCreateDevicesRequest) Reset 

func (x *BulkCreateDevicesRequest) Reset()

func (*BulkCreateDevicesRequest) String 

func (x *BulkCreateDevicesRequest) String() string

type BulkCreateDevicesResponse 

type BulkCreateDevicesResponse struct {

	// Created devices or a failure reason.
	// Responses are sorted according to the request.
	Devices []*DeviceOrStatus `protobuf:"bytes,1,rep,name=devices,proto3" json:"devices,omitempty"`
	// contains filtered or unexported fields
}

Response for BulkCreateDevices.

func (*BulkCreateDevicesResponse) Descriptor deprecated 

func (*BulkCreateDevicesResponse) Descriptor() ([]byte, []int)

Deprecated: Use BulkCreateDevicesResponse.ProtoReflect.Descriptor instead.

func (*BulkCreateDevicesResponse) GetDevices 

func (x *BulkCreateDevicesResponse) GetDevices() []*DeviceOrStatus

func (*BulkCreateDevicesResponse) ProtoMessage 

func (*BulkCreateDevicesResponse) ProtoMessage()

func (*BulkCreateDevicesResponse) ProtoReflect 

func (x *BulkCreateDevicesResponse) ProtoReflect() protoreflect.Message

func (*BulkCreateDevicesResponse) Reset 

func (x *BulkCreateDevicesResponse) Reset()

func (*BulkCreateDevicesResponse) String 

func (x *BulkCreateDevicesResponse) String() string

type ConfirmDeviceWebAuthenticationRequest 

type ConfirmDeviceWebAuthenticationRequest struct {

	// Confirmation token to be spent.
	ConfirmationToken *DeviceConfirmationToken `protobuf:"bytes,1,opt,name=confirmation_token,json=confirmationToken,proto3" json:"confirmation_token,omitempty"`
	// Web Session identifier of the session that started this request, via
	// Teleport Proxy.
	//
	// For the request to be successful the Web Session must match the session
	// that started the authentication attempt.
	CurrentWebSessionId string `protobuf:"bytes,2,opt,name=current_web_session_id,json=currentWebSessionId,proto3" json:"current_web_session_id,omitempty"`
	// contains filtered or unexported fields
}

Request for ConfirmDeviceWebAuthentication.

func (*ConfirmDeviceWebAuthenticationRequest) Descriptor deprecated 

func (*ConfirmDeviceWebAuthenticationRequest) Descriptor() ([]byte, []int)

Deprecated: Use ConfirmDeviceWebAuthenticationRequest.ProtoReflect.Descriptor instead.

func (*ConfirmDeviceWebAuthenticationRequest) GetConfirmationToken 

func (x *ConfirmDeviceWebAuthenticationRequest) GetConfirmationToken() *DeviceConfirmationToken

func (*ConfirmDeviceWebAuthenticationRequest) GetCurrentWebSessionId 

func (x *ConfirmDeviceWebAuthenticationRequest) GetCurrentWebSessionId() string

func (*ConfirmDeviceWebAuthenticationRequest) ProtoMessage 

func (*ConfirmDeviceWebAuthenticationRequest) ProtoMessage()

func (*ConfirmDeviceWebAuthenticationRequest) ProtoReflect 

func (x *ConfirmDeviceWebAuthenticationRequest) ProtoReflect() protoreflect.Message

func (*ConfirmDeviceWebAuthenticationRequest) Reset 

func (x *ConfirmDeviceWebAuthenticationRequest) Reset()

func (*ConfirmDeviceWebAuthenticationRequest) String 

func (x *ConfirmDeviceWebAuthenticationRequest) String() string

type ConfirmDeviceWebAuthenticationResponse 

type ConfirmDeviceWebAuthenticationResponse struct {
	// contains filtered or unexported fields
}

Response for ConfirmDeviceWebAuthentication.

func (*ConfirmDeviceWebAuthenticationResponse) Descriptor deprecated 

func (*ConfirmDeviceWebAuthenticationResponse) Descriptor() ([]byte, []int)

Deprecated: Use ConfirmDeviceWebAuthenticationResponse.ProtoReflect.Descriptor instead.

func (*ConfirmDeviceWebAuthenticationResponse) ProtoMessage 

func (*ConfirmDeviceWebAuthenticationResponse) ProtoMessage()

func (*ConfirmDeviceWebAuthenticationResponse) ProtoReflect 

func (x *ConfirmDeviceWebAuthenticationResponse) ProtoReflect() protoreflect.Message

func (*ConfirmDeviceWebAuthenticationResponse) Reset 

func (x *ConfirmDeviceWebAuthenticationResponse) Reset()

func (*ConfirmDeviceWebAuthenticationResponse) String 

func (x *ConfirmDeviceWebAuthenticationResponse) String() string

type CreateDeviceEnrollTokenRequest 

type CreateDeviceEnrollTokenRequest struct {

	// ID of the device.
	DeviceId string `protobuf:"bytes,1,opt,name=device_id,json=deviceId,proto3" json:"device_id,omitempty"`
	// Device collected data.
	// Used to authorize issuance of device enrollment tokens for auto-enrollment.
	// Not required otherwise.
	DeviceData *DeviceCollectedData `protobuf:"bytes,2,opt,name=device_data,json=deviceData,proto3" json:"device_data,omitempty"`
	// Custom expiration time for enrollment tokens.
	// A short (for humans) server default is used if unset.
	ExpireTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`
	// contains filtered or unexported fields
}

Request for CreateDeviceEnrollToken.

func (*CreateDeviceEnrollTokenRequest) Descriptor deprecated 

func (*CreateDeviceEnrollTokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateDeviceEnrollTokenRequest.ProtoReflect.Descriptor instead.

func (*CreateDeviceEnrollTokenRequest) GetDeviceData 

func (x *CreateDeviceEnrollTokenRequest) GetDeviceData() *DeviceCollectedData

func (*CreateDeviceEnrollTokenRequest) GetDeviceId 

func (x *CreateDeviceEnrollTokenRequest) GetDeviceId() string

func (*CreateDeviceEnrollTokenRequest) GetExpireTime 

func (x *CreateDeviceEnrollTokenRequest) GetExpireTime() *timestamppb.Timestamp

func (*CreateDeviceEnrollTokenRequest) ProtoMessage 

func (*CreateDeviceEnrollTokenRequest) ProtoMessage()

func (*CreateDeviceEnrollTokenRequest) ProtoReflect 

func (x *CreateDeviceEnrollTokenRequest) ProtoReflect() protoreflect.Message

func (*CreateDeviceEnrollTokenRequest) Reset 

func (x *CreateDeviceEnrollTokenRequest) Reset()

func (*CreateDeviceEnrollTokenRequest) String 

func (x *CreateDeviceEnrollTokenRequest) String() string

type CreateDeviceRequest 

type CreateDeviceRequest struct {

	// Device to create.
	Device *Device `protobuf:"bytes,1,opt,name=device,proto3" json:"device,omitempty"`
	// If true, a DeviceEnrollToken is created along with the Device.
	CreateEnrollToken bool `protobuf:"varint,2,opt,name=create_enroll_token,json=createEnrollToken,proto3" json:"create_enroll_token,omitempty"`
	// If true, create the device as a Teleport resource, meaning that fields that
	// are usually considered read-only or system managed are copied as provided
	// to storage.
	// Prefer using non-resource creation semantics if possible.
	CreateAsResource bool `protobuf:"varint,3,opt,name=create_as_resource,json=createAsResource,proto3" json:"create_as_resource,omitempty"`
	// Custom expiration time for enrollment tokens.
	// A short (for humans) server default is used if unset.
	EnrollTokenExpireTime *timestamppb.Timestamp `` /* 128-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request for CreateDevice.

func (*CreateDeviceRequest) Descriptor deprecated 

func (*CreateDeviceRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateDeviceRequest.ProtoReflect.Descriptor instead.

func (*CreateDeviceRequest) GetCreateAsResource 

func (x *CreateDeviceRequest) GetCreateAsResource() bool

func (*CreateDeviceRequest) GetCreateEnrollToken 

func (x *CreateDeviceRequest) GetCreateEnrollToken() bool

func (*CreateDeviceRequest) GetDevice 

func (x *CreateDeviceRequest) GetDevice() *Device

func (*CreateDeviceRequest) GetEnrollTokenExpireTime 

func (x *CreateDeviceRequest) GetEnrollTokenExpireTime() *timestamppb.Timestamp

func (*CreateDeviceRequest) ProtoMessage 

func (*CreateDeviceRequest) ProtoMessage()

func (*CreateDeviceRequest) ProtoReflect 

func (x *CreateDeviceRequest) ProtoReflect() protoreflect.Message

func (*CreateDeviceRequest) Reset 

func (x *CreateDeviceRequest) Reset()

func (*CreateDeviceRequest) String 

func (x *CreateDeviceRequest) String() string

type DeleteDeviceRequest 

type DeleteDeviceRequest struct {

	// ID of the Device to delete.
	DeviceId string `protobuf:"bytes,1,opt,name=device_id,json=deviceId,proto3" json:"device_id,omitempty"`
	// contains filtered or unexported fields
}

Request for DeleteDevice.

func (*DeleteDeviceRequest) Descriptor deprecated 

func (*DeleteDeviceRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteDeviceRequest.ProtoReflect.Descriptor instead.

func (*DeleteDeviceRequest) GetDeviceId 

func (x *DeleteDeviceRequest) GetDeviceId() string

func (*DeleteDeviceRequest) ProtoMessage 

func (*DeleteDeviceRequest) ProtoMessage()

func (*DeleteDeviceRequest) ProtoReflect 

func (x *DeleteDeviceRequest) ProtoReflect() protoreflect.Message

func (*DeleteDeviceRequest) Reset 

func (x *DeleteDeviceRequest) Reset()

func (*DeleteDeviceRequest) String 

func (x *DeleteDeviceRequest) String() string

type Device 

type Device struct {

	// API version of the Device definition, present for compatibility with
	// types.DeviceV1.
	// Always "v1".
	ApiVersion string `protobuf:"bytes,1,opt,name=api_version,json=apiVersion,proto3" json:"api_version,omitempty"`
	// Unique device identifier.
	// System managed.
	Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
	// Device operating system.
	// Required.
	OsType OSType `protobuf:"varint,3,opt,name=os_type,json=osType,proto3,enum=teleport.devicetrust.v1.OSType" json:"os_type,omitempty"`
	// Device inventory identifier.
	// Takes different meanings depending on the device and operating system.
	// For macOS devices it is the device serial number.
	// Required.
	AssetTag string `protobuf:"bytes,4,opt,name=asset_tag,json=assetTag,proto3" json:"asset_tag,omitempty"`
	// Create time.
	// System managed.
	CreateTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=create_time,json=createTime,proto3" json:"create_time,omitempty"`
	// Last update time.
	// System managed.
	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// Enrollment token for the device.
	// Only present in situations where device creation and enrollment are rolled
	// into a single operation.
	// Transient.
	EnrollToken *DeviceEnrollToken `protobuf:"bytes,7,opt,name=enroll_token,json=enrollToken,proto3" json:"enroll_token,omitempty"`
	// Enrollment status of the device.
	// May be changed to DEVICE_ENROLL_STATUS_NOT_ENROLLED at any time to
	// forcefully unenroll a device (server-side only).
	// System managed.
	EnrollStatus DeviceEnrollStatus `` /* 146-byte string literal not displayed */
	// Currently enrolled device credential.
	// Manually unenrolling a device clears the credential.
	// System managed.
	Credential *DeviceCredential `protobuf:"bytes,9,opt,name=credential,proto3" json:"credential,omitempty"`
	// Device data collected during enrollment and device authentication.
	// Enrollment data is always present, while authentication data is capped at N
	// most recent events.
	// Only present in certain read modes.
	// Transient.
	CollectedData []*DeviceCollectedData `protobuf:"bytes,10,rep,name=collected_data,json=collectedData,proto3" json:"collected_data,omitempty"`
	// Source of the device.
	// Devices managed directly via Teleport (`tctl`, Web UI, etc) have no
	// assigned source.
	Source *DeviceSource `protobuf:"bytes,11,opt,name=source,proto3" json:"source,omitempty"`
	// Device information acquired from an external source.
	Profile *DeviceProfile `protobuf:"bytes,12,opt,name=profile,proto3" json:"profile,omitempty"`
	// Device owner.
	// Usually the owner is the same user who performed the enrollment ceremony.
	// May be empty for legacy devices (Teleport v13.2 and older).
	// Manually unenrolling a device clears the owner.
	// System-managed.
	Owner string `protobuf:"bytes,13,opt,name=owner,proto3" json:"owner,omitempty"`
	// contains filtered or unexported fields
}

Device represents a registered device. Registered devices may be enrolled. Enrolled devices are allowed to perform device-aware actions.

func (*Device) Descriptor deprecated 

func (*Device) Descriptor() ([]byte, []int)

Deprecated: Use Device.ProtoReflect.Descriptor instead.

func (*Device) GetApiVersion 

func (x *Device) GetApiVersion() string

func (*Device) GetAssetTag 

func (x *Device) GetAssetTag() string

func (*Device) GetCollectedData 

func (x *Device) GetCollectedData() []*DeviceCollectedData

func (*Device) GetCreateTime 

func (x *Device) GetCreateTime() *timestamppb.Timestamp

func (*Device) GetCredential 

func (x *Device) GetCredential() *DeviceCredential

func (*Device) GetEnrollStatus 

func (x *Device) GetEnrollStatus() DeviceEnrollStatus

func (*Device) GetEnrollToken 

func (x *Device) GetEnrollToken() *DeviceEnrollToken

func (*Device) GetId 

func (x *Device) GetId() string

func (*Device) GetOsType 

func (x *Device) GetOsType() OSType

func (*Device) GetOwner 

func (x *Device) GetOwner() string

func (*Device) GetProfile 

func (x *Device) GetProfile() *DeviceProfile

func (*Device) GetSource 

func (x *Device) GetSource() *DeviceSource

func (*Device) GetUpdateTime 

func (x *Device) GetUpdateTime() *timestamppb.Timestamp

func (*Device) ProtoMessage 

func (*Device) ProtoMessage()

func (*Device) ProtoReflect 

func (x *Device) ProtoReflect() protoreflect.Message

func (*Device) Reset 

func (x *Device) Reset()

func (*Device) String 

func (x *Device) String() string

type DeviceAttestationType 

type DeviceAttestationType int32

AttestationType indicates the degree to which the device credential has been attested. 

const (
	// Bare public key which has only verified with proof of ownership.
	// Used on macOS.
	DeviceAttestationType_DEVICE_ATTESTATION_TYPE_UNSPECIFIED DeviceAttestationType = 0
	// Credential was verified through a TPM EK->AK chain on enrollment.
	DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM_EKPUB DeviceAttestationType = 1
	// Credential was verified through a TPM EKCert->AK chain on enrollment,
	// but no allow-listed CAs were configured to validate this EKCert against.
	DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM_EKCERT DeviceAttestationType = 2
	// Credential was verified through a TPM EKCert->AK chain on enrollment, and
	// the EKCert was signed by a configured allow-listed CA.
	DeviceAttestationType_DEVICE_ATTESTATION_TYPE_TPM_EKCERT_TRUSTED DeviceAttestationType = 3
)

func (DeviceAttestationType) Descriptor 

func (DeviceAttestationType) Descriptor() protoreflect.EnumDescriptor

func (DeviceAttestationType) Enum 

func (x DeviceAttestationType) Enum() *DeviceAttestationType

func (DeviceAttestationType) EnumDescriptor deprecated 

func (DeviceAttestationType) EnumDescriptor() ([]byte, []int)

Deprecated: Use DeviceAttestationType.Descriptor instead.

func (DeviceAttestationType) Number 

func (x DeviceAttestationType) Number() protoreflect.EnumNumber

func (DeviceAttestationType) String 

func (x DeviceAttestationType) String() string

func (DeviceAttestationType) Type 

func (DeviceAttestationType) Type() protoreflect.EnumType

type DeviceCollectedData 

type DeviceCollectedData struct {

	// Time of data collection, set by the client.
	// Required.
	CollectTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=collect_time,json=collectTime,proto3" json:"collect_time,omitempty"`
	// Time of data collection, as received by the server.
	// System managed.
	RecordTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=record_time,json=recordTime,proto3" json:"record_time,omitempty"`
	// Device operating system.
	// Required.
	OsType OSType `protobuf:"varint,3,opt,name=os_type,json=osType,proto3,enum=teleport.devicetrust.v1.OSType" json:"os_type,omitempty"`
	// Device serial number used to match the device with the inventory.
	// This field is one of the three following
	// values in this precedence:
	// - reported_asset_tag
	// - system_serial_number
	// - base_board_serial_number
	// Required.
	SerialNumber string `protobuf:"bytes,4,opt,name=serial_number,json=serialNumber,proto3" json:"serial_number,omitempty"`
	// Non-descriptive model identifier.
	// Example: "MacBookPro9,2".
	ModelIdentifier string `protobuf:"bytes,5,opt,name=model_identifier,json=modelIdentifier,proto3" json:"model_identifier,omitempty"`
	// OS version number, without the leading 'v'.
	// Example: "13.2.1".
	OsVersion string `protobuf:"bytes,6,opt,name=os_version,json=osVersion,proto3" json:"os_version,omitempty"`
	// OS build identifier. Augments the os_version.
	// May match either the DeviceProfile os_build or os_build_supplemental.
	// Example: "22D68" or "22F770820d".
	OsBuild string `protobuf:"bytes,7,opt,name=os_build,json=osBuild,proto3" json:"os_build,omitempty"`
	// OS username (distinct from the Teleport user).
	OsUsername string `protobuf:"bytes,8,opt,name=os_username,json=osUsername,proto3" json:"os_username,omitempty"`
	// Jamf binary version, without the leading 'v'.
	// Example: "9.27" or "10.44.1-t1677509507".
	JamfBinaryVersion string `protobuf:"bytes,9,opt,name=jamf_binary_version,json=jamfBinaryVersion,proto3" json:"jamf_binary_version,omitempty"`
	// Unmodified output of `/usr/bin/profiles status -type enrollment`.
	// Used to verify the presence of an enrollment profile.
	MacosEnrollmentProfiles string `` /* 133-byte string literal not displayed */
	// The asset tag of the device as reported by the BIOS DMI Type 3. Tools
	// used by customers to manage their fleet may set this value.
	ReportedAssetTag string `protobuf:"bytes,11,opt,name=reported_asset_tag,json=reportedAssetTag,proto3" json:"reported_asset_tag,omitempty"`
	// The serial number of the "system" as reported by the BIOS DMI Type 1.
	// This field can be empty if no value has been configured.
	SystemSerialNumber string `protobuf:"bytes,12,opt,name=system_serial_number,json=systemSerialNumber,proto3" json:"system_serial_number,omitempty"`
	// The serial number of the "base board" as reported by BIOS DMI Type 2.
	// This field can be empty if no value has been configured.
	BaseBoardSerialNumber string `` /* 129-byte string literal not displayed */
	// If during the collection of this device data, the device performed a TPM
	// platform attestation (e.g during enrollment or authentication), then this
	// field holds the record of this attestation. This allows the state of the
	// device to be compared to historical state, and allows for the platform
	// attestations to be revalidated at a later date.
	//
	// This field is not explicitly sent up by the client, and any DCD sent by a
	// client including this field should be rejected. The server should inject
	// this field once verifying that the submitted platform attestation during
	// the enrollment or authentication.
	//
	// System managed.
	TpmPlatformAttestation *TPMPlatformAttestation `` /* 130-byte string literal not displayed */
	// OS identifier.
	// Mainly used to differentiate Linux distros, as there is be no variation
	// for systems like macOS or Windows.
	// Example: "ubuntu", "centos", "fedora", "rhel".
	OsId string `protobuf:"bytes,15,opt,name=os_id,json=osId,proto3" json:"os_id,omitempty"`
	// contains filtered or unexported fields
}

DeviceCollectedData contains information gathered from the device during various ceremonies. Gathered information must match, within reason, the original registration data and previous instances of collected data.

func (*DeviceCollectedData) Descriptor deprecated 

func (*DeviceCollectedData) Descriptor() ([]byte, []int)

Deprecated: Use DeviceCollectedData.ProtoReflect.Descriptor instead.

func (*DeviceCollectedData) GetBaseBoardSerialNumber 

func (x *DeviceCollectedData) GetBaseBoardSerialNumber() string

func (*DeviceCollectedData) GetCollectTime 

func (x *DeviceCollectedData) GetCollectTime() *timestamppb.Timestamp

func (*DeviceCollectedData) GetJamfBinaryVersion 

func (x *DeviceCollectedData) GetJamfBinaryVersion() string

func (*DeviceCollectedData) GetMacosEnrollmentProfiles 

func (x *DeviceCollectedData) GetMacosEnrollmentProfiles() string

func (*DeviceCollectedData) GetModelIdentifier 

func (x *DeviceCollectedData) GetModelIdentifier() string

func (*DeviceCollectedData) GetOsBuild 

func (x *DeviceCollectedData) GetOsBuild() string

func (*DeviceCollectedData) GetOsId 

func (x *DeviceCollectedData) GetOsId() string

func (*DeviceCollectedData) GetOsType 

func (x *DeviceCollectedData) GetOsType() OSType

func (*DeviceCollectedData) GetOsUsername 

func (x *DeviceCollectedData) GetOsUsername() string

func (*DeviceCollectedData) GetOsVersion 

func (x *DeviceCollectedData) GetOsVersion() string

func (*DeviceCollectedData) GetRecordTime 

func (x *DeviceCollectedData) GetRecordTime() *timestamppb.Timestamp

func (*DeviceCollectedData) GetReportedAssetTag 

func (x *DeviceCollectedData) GetReportedAssetTag() string

func (*DeviceCollectedData) GetSerialNumber 

func (x *DeviceCollectedData) GetSerialNumber() string

func (*DeviceCollectedData) GetSystemSerialNumber 

func (x *DeviceCollectedData) GetSystemSerialNumber() string

func (*DeviceCollectedData) GetTpmPlatformAttestation 

func (x *DeviceCollectedData) GetTpmPlatformAttestation() *TPMPlatformAttestation

func (*DeviceCollectedData) ProtoMessage 

func (*DeviceCollectedData) ProtoMessage()

func (*DeviceCollectedData) ProtoReflect 

func (x *DeviceCollectedData) ProtoReflect() protoreflect.Message

func (*DeviceCollectedData) Reset 

func (x *DeviceCollectedData) Reset()

func (*DeviceCollectedData) String 

func (x *DeviceCollectedData) String() string

type DeviceConfirmationToken 

type DeviceConfirmationToken struct {

	// Opaque token identifier.
	// System-generated.
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// Opaque device confirmation token, in plaintext, encoded in
	// base64.RawURLEncoding (so it is inherently safe for URl use).
	// System-generated.
	Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"`
	// contains filtered or unexported fields
}

A device confirmation token marks the last step of device web authentication. It is acquired at the end of a successful AuthenticateDevice stream and exchanged during the ConfirmDeviceWebAuthentication RPC.

See https://github.com/gravitational/teleport.e/blob/master/rfd/0009e-device-trust-web-support.md#device-confirmation-token.

func (*DeviceConfirmationToken) Descriptor deprecated 

func (*DeviceConfirmationToken) Descriptor() ([]byte, []int)

Deprecated: Use DeviceConfirmationToken.ProtoReflect.Descriptor instead.

func (*DeviceConfirmationToken) GetId 

func (x *DeviceConfirmationToken) GetId() string

func (*DeviceConfirmationToken) GetToken 

func (x *DeviceConfirmationToken) GetToken() string

func (*DeviceConfirmationToken) ProtoMessage 

func (*DeviceConfirmationToken) ProtoMessage()

func (*DeviceConfirmationToken) ProtoReflect 

func (x *DeviceConfirmationToken) ProtoReflect() protoreflect.Message

func (*DeviceConfirmationToken) Reset 

func (x *DeviceConfirmationToken) Reset()

func (*DeviceConfirmationToken) String 

func (x *DeviceConfirmationToken) String() string

type DeviceCredential 

type DeviceCredential struct {

	// Unique identifier of the credential, defined client-side.
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// Device public key marshaled as a PKIX, ASN.1 DER. Used only on MacOS.
	PublicKeyDer []byte `protobuf:"bytes,2,opt,name=public_key_der,json=publicKeyDer,proto3" json:"public_key_der,omitempty"`
	// The degree to which the device credential is attested.
	DeviceAttestationType DeviceAttestationType `` /* 178-byte string literal not displayed */
	// For TPM devices, the serial number of the TPM endorsement certificate.
	TpmEkcertSerial string `protobuf:"bytes,4,opt,name=tpm_ekcert_serial,json=tpmEkcertSerial,proto3" json:"tpm_ekcert_serial,omitempty"`
	// For TPM devices, the encoded TPMT_PUBLIC structure containing the
	// attestation public key and signing parameters.
	TpmAkPublic []byte `protobuf:"bytes,5,opt,name=tpm_ak_public,json=tpmAkPublic,proto3" json:"tpm_ak_public,omitempty"`
	// contains filtered or unexported fields
}

DeviceCredential represents the current enrolled public key of a device.

func (*DeviceCredential) Descriptor deprecated 

func (*DeviceCredential) Descriptor() ([]byte, []int)

Deprecated: Use DeviceCredential.ProtoReflect.Descriptor instead.

func (*DeviceCredential) GetDeviceAttestationType 

func (x *DeviceCredential) GetDeviceAttestationType() DeviceAttestationType

func (*DeviceCredential) GetId 

func (x *DeviceCredential) GetId() string

func (*DeviceCredential) GetPublicKeyDer 

func (x *DeviceCredential) GetPublicKeyDer() []byte

func (*DeviceCredential) GetTpmAkPublic 

func (x *DeviceCredential) GetTpmAkPublic() []byte

func (*DeviceCredential) GetTpmEkcertSerial 

func (x *DeviceCredential) GetTpmEkcertSerial() string

func (*DeviceCredential) ProtoMessage 

func (*DeviceCredential) ProtoMessage()

func (*DeviceCredential) ProtoReflect 

func (x *DeviceCredential) ProtoReflect() protoreflect.Message

func (*DeviceCredential) Reset 

func (x *DeviceCredential) Reset()

func (*DeviceCredential) String 

func (x *DeviceCredential) String() string

type DeviceEnrollStatus 

type DeviceEnrollStatus int32

DeviceEnrollStatus represents the enrollment status of a device. 

const (
	DeviceEnrollStatus_DEVICE_ENROLL_STATUS_UNSPECIFIED DeviceEnrollStatus = 0
	// Device is registered but not enrolled.
	DeviceEnrollStatus_DEVICE_ENROLL_STATUS_NOT_ENROLLED DeviceEnrollStatus = 1
	// Device is registered and enrolled.
	DeviceEnrollStatus_DEVICE_ENROLL_STATUS_ENROLLED DeviceEnrollStatus = 2
)

func (DeviceEnrollStatus) Descriptor 

func (DeviceEnrollStatus) Descriptor() protoreflect.EnumDescriptor

func (DeviceEnrollStatus) Enum 

func (x DeviceEnrollStatus) Enum() *DeviceEnrollStatus

func (DeviceEnrollStatus) EnumDescriptor deprecated 

func (DeviceEnrollStatus) EnumDescriptor() ([]byte, []int)

Deprecated: Use DeviceEnrollStatus.Descriptor instead.

func (DeviceEnrollStatus) Number 

func (x DeviceEnrollStatus) Number() protoreflect.EnumNumber

func (DeviceEnrollStatus) String 

func (x DeviceEnrollStatus) String() string

func (DeviceEnrollStatus) Type 

func (DeviceEnrollStatus) Type() protoreflect.EnumType

type DeviceEnrollToken 

type DeviceEnrollToken struct {

	// Opaque enrollement token required by the EnrollDevice RPC.
	Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	// Expiration time for the token.
	ExpireTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=expire_time,json=expireTime,proto3" json:"expire_time,omitempty"`
	// contains filtered or unexported fields
}

DeviceEnrollToken encapsulates the permission, granted by a device administrator to an user, to enroll a device. An enrolled device allows its user to perform device-aware actions.

func (*DeviceEnrollToken) Descriptor deprecated 

func (*DeviceEnrollToken) Descriptor() ([]byte, []int)

Deprecated: Use DeviceEnrollToken.ProtoReflect.Descriptor instead.

func (*DeviceEnrollToken) GetExpireTime 

func (x *DeviceEnrollToken) GetExpireTime() *timestamppb.Timestamp

func (*DeviceEnrollToken) GetToken 

func (x *DeviceEnrollToken) GetToken() string

func (*DeviceEnrollToken) ProtoMessage 

func (*DeviceEnrollToken) ProtoMessage()

func (*DeviceEnrollToken) ProtoReflect 

func (x *DeviceEnrollToken) ProtoReflect() protoreflect.Message

func (*DeviceEnrollToken) Reset 

func (x *DeviceEnrollToken) Reset()

func (*DeviceEnrollToken) String 

func (x *DeviceEnrollToken) String() string

type DeviceOrStatus 

type DeviceOrStatus struct {

	// Status of the operation.
	// May either be absent or contain the OK code for successes, at the
	// implementation's discretion.
	Status *status.Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"`
	// ID of the created device.
	// Only present if the status is OK.
	Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
	// If true the action attempted against the device was a delete, instead of a
	// create or update.
	Deleted bool `protobuf:"varint,3,opt,name=deleted,proto3" json:"deleted,omitempty"`
	// contains filtered or unexported fields
}

DeviceOrStatus contains either a device ID, in case of success, or a status in case of failures.

func (*DeviceOrStatus) Descriptor deprecated 

func (*DeviceOrStatus) Descriptor() ([]byte, []int)

Deprecated: Use DeviceOrStatus.ProtoReflect.Descriptor instead.

func (*DeviceOrStatus) GetDeleted 

func (x *DeviceOrStatus) GetDeleted() bool

func (*DeviceOrStatus) GetId 

func (x *DeviceOrStatus) GetId() string

func (*DeviceOrStatus) GetStatus 

func (x *DeviceOrStatus) GetStatus() *status.Status

func (*DeviceOrStatus) ProtoMessage 

func (*DeviceOrStatus) ProtoMessage()

func (*DeviceOrStatus) ProtoReflect 

func (x *DeviceOrStatus) ProtoReflect() protoreflect.Message

func (*DeviceOrStatus) Reset 

func (x *DeviceOrStatus) Reset()

func (*DeviceOrStatus) String 

func (x *DeviceOrStatus) String() string

type DeviceOrigin 

type DeviceOrigin int32

Origin of a device. 

const (
	// Unspecified or absent origin.
	DeviceOrigin_DEVICE_ORIGIN_UNSPECIFIED DeviceOrigin = 0
	// Devices originated from direct API usage.
	DeviceOrigin_DEVICE_ORIGIN_API DeviceOrigin = 1
	// Devices originated from Jamf sync.
	DeviceOrigin_DEVICE_ORIGIN_JAMF DeviceOrigin = 2
	// Source originated from Microsoft Intune sync.
	DeviceOrigin_DEVICE_ORIGIN_INTUNE DeviceOrigin = 3
)

func (DeviceOrigin) Descriptor 

func (DeviceOrigin) Descriptor() protoreflect.EnumDescriptor

func (DeviceOrigin) Enum 

func (x DeviceOrigin) Enum() *DeviceOrigin

func (DeviceOrigin) EnumDescriptor deprecated 

func (DeviceOrigin) EnumDescriptor() ([]byte, []int)

Deprecated: Use DeviceOrigin.Descriptor instead.

func (DeviceOrigin) Number 

func (x DeviceOrigin) Number() protoreflect.EnumNumber

func (DeviceOrigin) String 

func (x DeviceOrigin) String() string

func (DeviceOrigin) Type 

func (DeviceOrigin) Type() protoreflect.EnumType

type DeviceProfile 

type DeviceProfile struct {

	// Latest profile update time.
	// System managed.
	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// Non-descriptive model identifier.
	// Example: "MacBookPro9,2".
	ModelIdentifier string `protobuf:"bytes,2,opt,name=model_identifier,json=modelIdentifier,proto3" json:"model_identifier,omitempty"`
	// OS version number, without the leading 'v'.
	// See the Device's os_type for the general OS category.
	// Example: "13.2.1".
	OsVersion string `protobuf:"bytes,3,opt,name=os_version,json=osVersion,proto3" json:"os_version,omitempty"`
	// OS build identifier. Augments the os_version.
	// Example: "22D68".
	OsBuild string `protobuf:"bytes,4,opt,name=os_build,json=osBuild,proto3" json:"os_build,omitempty"`
	// Known OS users (distinct from the Teleport user).
	OsUsernames []string `protobuf:"bytes,5,rep,name=os_usernames,json=osUsernames,proto3" json:"os_usernames,omitempty"`
	// Jamf binary version, without the leading 'v'.
	// Example: "9.27" or "10.44.1-t1677509507".
	JamfBinaryVersion string `protobuf:"bytes,6,opt,name=jamf_binary_version,json=jamfBinaryVersion,proto3" json:"jamf_binary_version,omitempty"`
	// External device identifier, for example the Jamf or Intune ID.
	ExternalId string `protobuf:"bytes,7,opt,name=external_id,json=externalId,proto3" json:"external_id,omitempty"`
	// OS build supplemental number.
	// May match `sw_vers` BuildVersion more closely in certain situations, like
	// macOS rapid security response builds.
	// Example: "22F770820d".
	OsBuildSupplemental string `protobuf:"bytes,8,opt,name=os_build_supplemental,json=osBuildSupplemental,proto3" json:"os_build_supplemental,omitempty"`
	// OS identifier.
	// Mainly used to differentiate Linux distros, as there is be no variation
	// for systems like macOS or Windows.
	// Example: "ubuntu", "centos", "fedora", "rhel".
	OsId string `protobuf:"bytes,9,opt,name=os_id,json=osId,proto3" json:"os_id,omitempty"`
	// contains filtered or unexported fields
}

Device profile information acquired from an external source. If present, it's used to further validate collected data.

func (*DeviceProfile) Descriptor deprecated 

func (*DeviceProfile) Descriptor() ([]byte, []int)

Deprecated: Use DeviceProfile.ProtoReflect.Descriptor instead.

func (*DeviceProfile) GetExternalId 

func (x *DeviceProfile) GetExternalId() string

func (*DeviceProfile) GetJamfBinaryVersion 

func (x *DeviceProfile) GetJamfBinaryVersion() string

func (*DeviceProfile) GetModelIdentifier 

func (x *DeviceProfile) GetModelIdentifier() string

func (*DeviceProfile) GetOsBuild 

func (x *DeviceProfile) GetOsBuild() string

func (*DeviceProfile) GetOsBuildSupplemental 

func (x *DeviceProfile) GetOsBuildSupplemental() string

func (*DeviceProfile) GetOsId 

func (x *DeviceProfile) GetOsId() string

func (*DeviceProfile) GetOsUsernames 

func (x *DeviceProfile) GetOsUsernames() []string

func (*DeviceProfile) GetOsVersion 

func (x *DeviceProfile) GetOsVersion() string

func (*DeviceProfile) GetUpdateTime 

func (x *DeviceProfile) GetUpdateTime() *timestamppb.Timestamp

func (*DeviceProfile) ProtoMessage 

func (*DeviceProfile) ProtoMessage()

func (*DeviceProfile) ProtoReflect 

func (x *DeviceProfile) ProtoReflect() protoreflect.Message

func (*DeviceProfile) Reset 

func (x *DeviceProfile) Reset()

func (*DeviceProfile) String 

func (x *DeviceProfile) String() string

type DeviceSource 

type DeviceSource struct {

	// Name of the source.
	// Matches the name of the corresponding MDM service, if applicable.
	// Readonly.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Origin of the source.
	// Readonly.
	Origin DeviceOrigin `protobuf:"varint,2,opt,name=origin,proto3,enum=teleport.devicetrust.v1.DeviceOrigin" json:"origin,omitempty"`
	// contains filtered or unexported fields
}

Source of device, for devices that are managed by external systems (for example, MDMs).

func (*DeviceSource) Descriptor deprecated 

func (*DeviceSource) Descriptor() ([]byte, []int)

Deprecated: Use DeviceSource.ProtoReflect.Descriptor instead.

func (*DeviceSource) GetName 

func (x *DeviceSource) GetName() string

func (*DeviceSource) GetOrigin 

func (x *DeviceSource) GetOrigin() DeviceOrigin

func (*DeviceSource) ProtoMessage 

func (*DeviceSource) ProtoMessage()

func (*DeviceSource) ProtoReflect 

func (x *DeviceSource) ProtoReflect() protoreflect.Message

func (*DeviceSource) Reset 

func (x *DeviceSource) Reset()

func (*DeviceSource) String 

func (x *DeviceSource) String() string

type DeviceTrustServiceClient 

type DeviceTrustServiceClient interface {
	// CreateDevice creates a device, effectively registering it on Teleport.
	// Devices need to be registered before they can be enrolled.
	//
	// It is possible to create both a Device and a DeviceEnrollToken in a
	// single invocation, see CreateDeviceRequest.create_enroll_token.
	CreateDevice(ctx context.Context, in *CreateDeviceRequest, opts ...grpc.CallOption) (*Device, error)
	// UpdateDevice is a masked device update.
	//
	// Only certain fields may be updated, see Device for details.
	UpdateDevice(ctx context.Context, in *UpdateDeviceRequest, opts ...grpc.CallOption) (*Device, error)
	// UpsertDevice creates or updates a device.
	//
	// UpsertDevice attempts a write of all mutable fields on updates, therefore
	// reading a fresh copy of the device is recommended. Update semantics still
	// apply.
	UpsertDevice(ctx context.Context, in *UpsertDeviceRequest, opts ...grpc.CallOption) (*Device, error)
	// DeleteDevice hard-deletes a device, removing it and all collected data
	// history from the system.
	//
	// Prefer locking the device instead (see the `tctl lock` command). Deleting a
	// device doesn't invalidate existing device certificates, but does prevent
	// new device authentication ceremonies from occurring.
	//
	// Use with caution.
	DeleteDevice(ctx context.Context, in *DeleteDeviceRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
	// FindDevices retrieves devices by device ID and/or asset tag.
	//
	// It provides an in-between search between fetching a device by ID and
	// listing all devices.
	//
	// ID matches are guaranteed to be present in the response.
	FindDevices(ctx context.Context, in *FindDevicesRequest, opts ...grpc.CallOption) (*FindDevicesResponse, error)
	// GetDevice retrieves a device by ID.
	GetDevice(ctx context.Context, in *GetDeviceRequest, opts ...grpc.CallOption) (*Device, error)
	// ListDevices lists all registered devices.
	ListDevices(ctx context.Context, in *ListDevicesRequest, opts ...grpc.CallOption) (*ListDevicesResponse, error)
	// BulkCreateDevices is a bulk variant of CreateDevice.
	//
	// Unlike CreateDevice, it does not support creation of enrollment tokens, as
	// it is meant for bulk inventory registration.
	BulkCreateDevices(ctx context.Context, in *BulkCreateDevicesRequest, opts ...grpc.CallOption) (*BulkCreateDevicesResponse, error)
	// CreateDeviceEnrollToken creates a DeviceEnrollToken for a Device.
	// An enrollment token is required for the enrollment ceremony. See
	// EnrollDevice.
	CreateDeviceEnrollToken(ctx context.Context, in *CreateDeviceEnrollTokenRequest, opts ...grpc.CallOption) (*DeviceEnrollToken, error)
	// EnrollDevice performs the device enrollment ceremony.
	//
	// Enrollment requires a previously-registered Device and a DeviceEnrollToken,
	// see CreateDevice and CreateDeviceEnrollToken.
	//
	// An enrolled device is allowed, via AuthenticateDevice, to acquire
	// certificates containing device extensions, thus gaining access to
	// device-aware actions.
	//
	// macOS enrollment flow:
	// -> EnrollDeviceInit (client)
	// <- MacOSEnrollChallenge (server)
	// -> MacOSEnrollChallengeResponse
	// <- EnrollDeviceSuccess
	//
	// TPM enrollment flow:
	// -> EnrollDeviceInit (client)
	// <- TPMEnrollChallenge (server)
	// -> TPMEnrollChallengeResponse
	// <- EnrollDeviceSuccess
	EnrollDevice(ctx context.Context, opts ...grpc.CallOption) (DeviceTrustService_EnrollDeviceClient, error)
	// AuthenticateDevice performs the device authentication ceremony.
	//
	// Device authentication exchanges existing user certificates without device
	// extensions for certificates augmented with device extensions. The new
	// certificates allow the user to perform device-aware actions.
	//
	// Only registered and enrolled devices may perform device authentication.
	AuthenticateDevice(ctx context.Context, opts ...grpc.CallOption) (DeviceTrustService_AuthenticateDeviceClient, error)
	// ConfirmDeviceWebAuthentication finalizes the device web authentication
	// ceremony started by the creation of a DeviceWebToken and subsequent
	// AuthenticateDevice call.
	//
	// The DeviceConfirmationToken issued by AuthenticateDevice is spent in this
	// method, which consequently augments the corresponding Web Session
	// certificates with device extensions.
	//
	// This method must be called by the Teleport Proxy, and the Proxy itself must
	// be called by the same browser that started the on-behalf-of authentication
	// attempt. See the /webapi/device/webconfirm endpoint.
	//
	// See
	// https://github.com/gravitational/teleport.e/blob/master/rfd/0009e-device-trust-web-support.md#device-web-authentication.
	ConfirmDeviceWebAuthentication(ctx context.Context, in *ConfirmDeviceWebAuthenticationRequest, opts ...grpc.CallOption) (*ConfirmDeviceWebAuthenticationResponse, error)
	// Syncs device inventory from a source exterior to Teleport, for example an
	// MDM.
	// Allows both partial and full syncs; for the latter, devices missing from
	// the external inventory are handled as specified.
	// Authorized either by a valid MDM service certificate or the appropriate
	// "device" permissions (create/update/delete).
	SyncInventory(ctx context.Context, opts ...grpc.CallOption) (DeviceTrustService_SyncInventoryClient, error)
	// Deprecated: Do not use.
	// Superseded by ResourceUsageService.GetUsage.
	GetDevicesUsage(ctx context.Context, in *GetDevicesUsageRequest, opts ...grpc.CallOption) (*DevicesUsage, error)
}

DeviceTrustServiceClient is the client API for DeviceTrustService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewDeviceTrustServiceClient 

func NewDeviceTrustServiceClient(cc grpc.ClientConnInterface) DeviceTrustServiceClient

type DeviceTrustServiceServer 

type DeviceTrustServiceServer interface {
	// CreateDevice creates a device, effectively registering it on Teleport.
	// Devices need to be registered before they can be enrolled.
	//
	// It is possible to create both a Device and a DeviceEnrollToken in a
	// single invocation, see CreateDeviceRequest.create_enroll_token.
	CreateDevice(context.Context, *CreateDeviceRequest) (*Device, error)
	// UpdateDevice is a masked device update.
	//
	// Only certain fields may be updated, see Device for details.
	UpdateDevice(context.Context, *UpdateDeviceRequest) (*Device, error)
	// UpsertDevice creates or updates a device.
	//
	// UpsertDevice attempts a write of all mutable fields on updates, therefore
	// reading a fresh copy of the device is recommended. Update semantics still
	// apply.
	UpsertDevice(context.Context, *UpsertDeviceRequest) (*Device, error)
	// DeleteDevice hard-deletes a device, removing it and all collected data
	// history from the system.
	//
	// Prefer locking the device instead (see the `tctl lock` command). Deleting a
	// device doesn't invalidate existing device certificates, but does prevent
	// new device authentication ceremonies from occurring.
	//
	// Use with caution.
	DeleteDevice(context.Context, *DeleteDeviceRequest) (*emptypb.Empty, error)
	// FindDevices retrieves devices by device ID and/or asset tag.
	//
	// It provides an in-between search between fetching a device by ID and
	// listing all devices.
	//
	// ID matches are guaranteed to be present in the response.
	FindDevices(context.Context, *FindDevicesRequest) (*FindDevicesResponse, error)
	// GetDevice retrieves a device by ID.
	GetDevice(context.Context, *GetDeviceRequest) (*Device, error)
	// ListDevices lists all registered devices.
	ListDevices(context.Context, *ListDevicesRequest) (*ListDevicesResponse, error)
	// BulkCreateDevices is a bulk variant of CreateDevice.
	//
	// Unlike CreateDevice, it does not support creation of enrollment tokens, as
	// it is meant for bulk inventory registration.
	BulkCreateDevices(context.Context, *BulkCreateDevicesRequest) (*BulkCreateDevicesResponse, error)
	// CreateDeviceEnrollToken creates a DeviceEnrollToken for a Device.
	// An enrollment token is required for the enrollment ceremony. See
	// EnrollDevice.
	CreateDeviceEnrollToken(context.Context, *CreateDeviceEnrollTokenRequest) (*DeviceEnrollToken, error)
	// EnrollDevice performs the device enrollment ceremony.
	//
	// Enrollment requires a previously-registered Device and a DeviceEnrollToken,
	// see CreateDevice and CreateDeviceEnrollToken.
	//
	// An enrolled device is allowed, via AuthenticateDevice, to acquire
	// certificates containing device extensions, thus gaining access to
	// device-aware actions.
	//
	// macOS enrollment flow:
	// -> EnrollDeviceInit (client)
	// <- MacOSEnrollChallenge (server)
	// -> MacOSEnrollChallengeResponse
	// <- EnrollDeviceSuccess
	//
	// TPM enrollment flow:
	// -> EnrollDeviceInit (client)
	// <- TPMEnrollChallenge (server)
	// -> TPMEnrollChallengeResponse
	// <- EnrollDeviceSuccess
	EnrollDevice(DeviceTrustService_EnrollDeviceServer) error
	// AuthenticateDevice performs the device authentication ceremony.
	//
	// Device authentication exchanges existing user certificates without device
	// extensions for certificates augmented with device extensions. The new
	// certificates allow the user to perform device-aware actions.
	//
	// Only registered and enrolled devices may perform device authentication.
	AuthenticateDevice(DeviceTrustService_AuthenticateDeviceServer) error
	// ConfirmDeviceWebAuthentication finalizes the device web authentication
	// ceremony started by the creation of a DeviceWebToken and subsequent
	// AuthenticateDevice call.
	//
	// The DeviceConfirmationToken issued by AuthenticateDevice is spent in this
	// method, which consequently augments the corresponding Web Session
	// certificates with device extensions.
	//
	// This method must be called by the Teleport Proxy, and the Proxy itself must
	// be called by the same browser that started the on-behalf-of authentication
	// attempt. See the /webapi/device/webconfirm endpoint.
	//
	// See
	// https://github.com/gravitational/teleport.e/blob/master/rfd/0009e-device-trust-web-support.md#device-web-authentication.
	ConfirmDeviceWebAuthentication(context.Context, *ConfirmDeviceWebAuthenticationRequest) (*ConfirmDeviceWebAuthenticationResponse, error)
	// Syncs device inventory from a source exterior to Teleport, for example an
	// MDM.
	// Allows both partial and full syncs; for the latter, devices missing from
	// the external inventory are handled as specified.
	// Authorized either by a valid MDM service certificate or the appropriate
	// "device" permissions (create/update/delete).
	SyncInventory(DeviceTrustService_SyncInventoryServer) error
	// Deprecated: Do not use.
	// Superseded by ResourceUsageService.GetUsage.
	GetDevicesUsage(context.Context, *GetDevicesUsageRequest) (*DevicesUsage, error)
	// contains filtered or unexported methods
}

DeviceTrustServiceServer is the server API for DeviceTrustService service. All implementations must embed UnimplementedDeviceTrustServiceServer for forward compatibility

type DeviceTrustService_AuthenticateDeviceClient 

type DeviceTrustService_AuthenticateDeviceClient interface {
	Send(*AuthenticateDeviceRequest) error
	Recv() (*AuthenticateDeviceResponse, error)
	grpc.ClientStream
}

type DeviceTrustService_AuthenticateDeviceServer 

type DeviceTrustService_AuthenticateDeviceServer interface {
	Send(*AuthenticateDeviceResponse) error
	Recv() (*AuthenticateDeviceRequest, error)
	grpc.ServerStream
}

type DeviceTrustService_EnrollDeviceClient 

type DeviceTrustService_EnrollDeviceClient interface {
	Send(*EnrollDeviceRequest) error
	Recv() (*EnrollDeviceResponse, error)
	grpc.ClientStream
}

type DeviceTrustService_EnrollDeviceServer 

type DeviceTrustService_EnrollDeviceServer interface {
	Send(*EnrollDeviceResponse) error
	Recv() (*EnrollDeviceRequest, error)
	grpc.ServerStream
}

type DeviceTrustService_SyncInventoryClient 

type DeviceTrustService_SyncInventoryClient interface {
	Send(*SyncInventoryRequest) error
	Recv() (*SyncInventoryResponse, error)
	grpc.ClientStream
}

type DeviceTrustService_SyncInventoryServer 

type DeviceTrustService_SyncInventoryServer interface {
	Send(*SyncInventoryResponse) error
	Recv() (*SyncInventoryRequest, error)
	grpc.ServerStream
}

type DeviceView 

type DeviceView int32

DeviceView specifies which fields of returned devices should be present. 

const (
	DeviceView_DEVICE_VIEW_UNSPECIFIED DeviceView = 0
	// View for general device listings, like `tctl devices ls`.
	// Contains only basic information, such as IDs and enrollment status.
	DeviceView_DEVICE_VIEW_LIST DeviceView = 1
	// View for detailed device queries, like `tctl get devices`.
	// Presents a complete view of the device.
	DeviceView_DEVICE_VIEW_RESOURCE DeviceView = 2
)

func (DeviceView) Descriptor 

func (DeviceView) Descriptor() protoreflect.EnumDescriptor

func (DeviceView) Enum 

func (x DeviceView) Enum() *DeviceView

func (DeviceView) EnumDescriptor deprecated 

func (DeviceView) EnumDescriptor() ([]byte, []int)

Deprecated: Use DeviceView.Descriptor instead.

func (DeviceView) Number 

func (x DeviceView) Number() protoreflect.EnumNumber

func (DeviceView) String 

func (x DeviceView) String() string

func (DeviceView) Type 

func (DeviceView) Type() protoreflect.EnumType

type DeviceWebToken 

type DeviceWebToken struct {

	// Opaque token identifier.
	// Required for token usage.
	// System-generated.
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// Opaque device web token, in plaintext, encoded in base64.RawURLEncoding
	// (so it is inherently safe for URl use).
	// Required for token usage.
	// System-generated.
	Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"`
	// Identifier for the Web Session being device-authorized.
	// Required for creation.
	WebSessionId string `protobuf:"bytes,3,opt,name=web_session_id,json=webSessionId,proto3" json:"web_session_id,omitempty"`
	// Browser user agent, as acquired from the Web UI browser.
	// Used as part of expected device checks.
	// Required for creation.
	BrowserUserAgent string `protobuf:"bytes,4,opt,name=browser_user_agent,json=browserUserAgent,proto3" json:"browser_user_agent,omitempty"`
	// Browser public IP, as acquired from the Web UI browser.
	// Used as part of expected device checks.
	// Required for creation.
	BrowserIp string `protobuf:"bytes,5,opt,name=browser_ip,json=browserIp,proto3" json:"browser_ip,omitempty"`
	// Owner of the Web Session and trusted device.
	// Used internally by the Device Trust system.
	// Transient.
	User string `protobuf:"bytes,6,opt,name=user,proto3" json:"user,omitempty"`
	// ID of the devices allowed to perform on-behalf-of device authentication.
	// Used internally by the Device Trust system.
	// Transient.
	ExpectedDeviceIds []string `protobuf:"bytes,7,rep,name=expected_device_ids,json=expectedDeviceIds,proto3" json:"expected_device_ids,omitempty"`
	// contains filtered or unexported fields
}

A device web token is a token used to device-authenticate a Web UI session.

Tokens are generally acquired on login and exchanged for a single on-behalf-of device authentication attempt, performed by Connect.

See https://github.com/gravitational/teleport.e/blob/master/rfd/0009e-device-trust-web-support.md#device-web-token.

func (*DeviceWebToken) Descriptor deprecated 

func (*DeviceWebToken) Descriptor() ([]byte, []int)

Deprecated: Use DeviceWebToken.ProtoReflect.Descriptor instead.

func (*DeviceWebToken) GetBrowserIp 

func (x *DeviceWebToken) GetBrowserIp() string

func (*DeviceWebToken) GetBrowserUserAgent 

func (x *DeviceWebToken) GetBrowserUserAgent() string

func (*DeviceWebToken) GetExpectedDeviceIds 

func (x *DeviceWebToken) GetExpectedDeviceIds() []string

func (*DeviceWebToken) GetId 

func (x *DeviceWebToken) GetId() string

func (*DeviceWebToken) GetToken 

func (x *DeviceWebToken) GetToken() string

func (*DeviceWebToken) GetUser 

func (x *DeviceWebToken) GetUser() string

func (*DeviceWebToken) GetWebSessionId 

func (x *DeviceWebToken) GetWebSessionId() string

func (*DeviceWebToken) ProtoMessage 

func (*DeviceWebToken) ProtoMessage()

func (*DeviceWebToken) ProtoReflect 

func (x *DeviceWebToken) ProtoReflect() protoreflect.Message

func (*DeviceWebToken) Reset 

func (x *DeviceWebToken) Reset()

func (*DeviceWebToken) String 

func (x *DeviceWebToken) String() string

type DevicesUsage 

type DevicesUsage struct {
	// contains filtered or unexported fields
}

Superseded by ResourceUsageService.GetUsage.

func (*DevicesUsage) Descriptor deprecated 

func (*DevicesUsage) Descriptor() ([]byte, []int)

Deprecated: Use DevicesUsage.ProtoReflect.Descriptor instead.

func (*DevicesUsage) ProtoMessage 

func (*DevicesUsage) ProtoMessage()

func (*DevicesUsage) ProtoReflect 

func (x *DevicesUsage) ProtoReflect() protoreflect.Message

func (*DevicesUsage) Reset 

func (x *DevicesUsage) Reset()

func (*DevicesUsage) String 

func (x *DevicesUsage) String() string

type EnrollDeviceInit 

type EnrollDeviceInit struct {

	// Device enrollment token.
	// See CreateDevice or CreateDeviceEnrollToken.
	Token string `protobuf:"bytes,1,opt,name=token,proto3" json:"token,omitempty"`
	// ID of the device credential.
	CredentialId string `protobuf:"bytes,2,opt,name=credential_id,json=credentialId,proto3" json:"credential_id,omitempty"`
	// Device collected data.
	// Matched against the device registration information and any previously
	// collected data.
	DeviceData *DeviceCollectedData `protobuf:"bytes,3,opt,name=device_data,json=deviceData,proto3" json:"device_data,omitempty"`
	// Payload for macOS-specific data.
	Macos *MacOSEnrollPayload `protobuf:"bytes,4,opt,name=macos,proto3" json:"macos,omitempty"`
	// Payload for TPM-specific data. Used for Windows/Linux.
	Tpm *TPMEnrollPayload `protobuf:"bytes,5,opt,name=tpm,proto3" json:"tpm,omitempty"`
	// contains filtered or unexported fields
}

EnrollDeviceInit initiates the enrollment ceremony.

func (*EnrollDeviceInit) Descriptor deprecated 

func (*EnrollDeviceInit) Descriptor() ([]byte, []int)

Deprecated: Use EnrollDeviceInit.ProtoReflect.Descriptor instead.

func (*EnrollDeviceInit) GetCredentialId 

func (x *EnrollDeviceInit) GetCredentialId() string

func (*EnrollDeviceInit) GetDeviceData 

func (x *EnrollDeviceInit) GetDeviceData() *DeviceCollectedData

func (*EnrollDeviceInit) GetMacos 

func (x *EnrollDeviceInit) GetMacos() *MacOSEnrollPayload

func (*EnrollDeviceInit) GetToken 

func (x *EnrollDeviceInit) GetToken() string

func (*EnrollDeviceInit) GetTpm 

func (x *EnrollDeviceInit) GetTpm() *TPMEnrollPayload

func (*EnrollDeviceInit) ProtoMessage 

func (*EnrollDeviceInit) ProtoMessage()

func (*EnrollDeviceInit) ProtoReflect 

func (x *EnrollDeviceInit) ProtoReflect() protoreflect.Message

func (*EnrollDeviceInit) Reset 

func (x *EnrollDeviceInit) Reset()

func (*EnrollDeviceInit) String 

func (x *EnrollDeviceInit) String() string

type EnrollDeviceRequest 

type EnrollDeviceRequest struct {

	// Types that are assignable to Payload:
	//
	//	*EnrollDeviceRequest_Init
	//	*EnrollDeviceRequest_MacosChallengeResponse
	//	*EnrollDeviceRequest_TpmChallengeResponse
	Payload isEnrollDeviceRequest_Payload `protobuf_oneof:"payload"`
	// contains filtered or unexported fields
}

Request for EnrollDevice.

func (*EnrollDeviceRequest) Descriptor deprecated 

func (*EnrollDeviceRequest) Descriptor() ([]byte, []int)

Deprecated: Use EnrollDeviceRequest.ProtoReflect.Descriptor instead.

func (*EnrollDeviceRequest) GetInit 

func (x *EnrollDeviceRequest) GetInit() *EnrollDeviceInit

func (*EnrollDeviceRequest) GetMacosChallengeResponse 

func (x *EnrollDeviceRequest) GetMacosChallengeResponse() *MacOSEnrollChallengeResponse

func (*EnrollDeviceRequest) GetPayload 

func (m *EnrollDeviceRequest) GetPayload() isEnrollDeviceRequest_Payload

func (*EnrollDeviceRequest) GetTpmChallengeResponse 

func (x *EnrollDeviceRequest) GetTpmChallengeResponse() *TPMEnrollChallengeResponse

func (*EnrollDeviceRequest) ProtoMessage 

func (*EnrollDeviceRequest) ProtoMessage()

func (*EnrollDeviceRequest) ProtoReflect 

func (x *EnrollDeviceRequest) ProtoReflect() protoreflect.Message

func (*EnrollDeviceRequest) Reset 

func (x *EnrollDeviceRequest) Reset()

func (*EnrollDeviceRequest) String 

func (x *EnrollDeviceRequest) String() string

type EnrollDeviceRequest_Init 

type EnrollDeviceRequest_Init struct {
	Init *EnrollDeviceInit `protobuf:"bytes,1,opt,name=init,proto3,oneof"`
}

type EnrollDeviceRequest_MacosChallengeResponse 

type EnrollDeviceRequest_MacosChallengeResponse struct {
	MacosChallengeResponse *MacOSEnrollChallengeResponse `protobuf:"bytes,2,opt,name=macos_challenge_response,json=macosChallengeResponse,proto3,oneof"`
}

type EnrollDeviceRequest_TpmChallengeResponse 

type EnrollDeviceRequest_TpmChallengeResponse struct {
	TpmChallengeResponse *TPMEnrollChallengeResponse `protobuf:"bytes,3,opt,name=tpm_challenge_response,json=tpmChallengeResponse,proto3,oneof"`
}

type EnrollDeviceResponse 

type EnrollDeviceResponse struct {

	// Types that are assignable to Payload:
	//
	//	*EnrollDeviceResponse_Success
	//	*EnrollDeviceResponse_MacosChallenge
	//	*EnrollDeviceResponse_TpmChallenge
	Payload isEnrollDeviceResponse_Payload `protobuf_oneof:"payload"`
	// contains filtered or unexported fields
}

Response for EnrollDevice.

func (*EnrollDeviceResponse) Descriptor deprecated 

func (*EnrollDeviceResponse) Descriptor() ([]byte, []int)

Deprecated: Use EnrollDeviceResponse.ProtoReflect.Descriptor instead.

func (*EnrollDeviceResponse) GetMacosChallenge 

func (x *EnrollDeviceResponse) GetMacosChallenge() *MacOSEnrollChallenge

func (*EnrollDeviceResponse) GetPayload 

func (m *EnrollDeviceResponse) GetPayload() isEnrollDeviceResponse_Payload

func (*EnrollDeviceResponse) GetSuccess 

func (x *EnrollDeviceResponse) GetSuccess() *EnrollDeviceSuccess

func (*EnrollDeviceResponse) GetTpmChallenge 

func (x *EnrollDeviceResponse) GetTpmChallenge() *TPMEnrollChallenge

func (*EnrollDeviceResponse) ProtoMessage 

func (*EnrollDeviceResponse) ProtoMessage()

func (*EnrollDeviceResponse) ProtoReflect 

func (x *EnrollDeviceResponse) ProtoReflect() protoreflect.Message

func (*EnrollDeviceResponse) Reset 

func (x *EnrollDeviceResponse) Reset()

func (*EnrollDeviceResponse) String 

func (x *EnrollDeviceResponse) String() string

type EnrollDeviceResponse_MacosChallenge 

type EnrollDeviceResponse_MacosChallenge struct {
	MacosChallenge *MacOSEnrollChallenge `protobuf:"bytes,2,opt,name=macos_challenge,json=macosChallenge,proto3,oneof"`
}

type EnrollDeviceResponse_Success 

type EnrollDeviceResponse_Success struct {
	Success *EnrollDeviceSuccess `protobuf:"bytes,1,opt,name=success,proto3,oneof"`
}

type EnrollDeviceResponse_TpmChallenge 

type EnrollDeviceResponse_TpmChallenge struct {
	TpmChallenge *TPMEnrollChallenge `protobuf:"bytes,3,opt,name=tpm_challenge,json=tpmChallenge,proto3,oneof"`
}

type EnrollDeviceSuccess 

type EnrollDeviceSuccess struct {

	// The enrolled device.
	Device *Device `protobuf:"bytes,1,opt,name=device,proto3" json:"device,omitempty"`
	// contains filtered or unexported fields
}

EnrollDeviceSuccess marks a successful device enrollment ceremony.

func (*EnrollDeviceSuccess) Descriptor deprecated 

func (*EnrollDeviceSuccess) Descriptor() ([]byte, []int)

Deprecated: Use EnrollDeviceSuccess.ProtoReflect.Descriptor instead.

func (*EnrollDeviceSuccess) GetDevice 

func (x *EnrollDeviceSuccess) GetDevice() *Device

func (*EnrollDeviceSuccess) ProtoMessage 

func (*EnrollDeviceSuccess) ProtoMessage()

func (*EnrollDeviceSuccess) ProtoReflect 

func (x *EnrollDeviceSuccess) ProtoReflect() protoreflect.Message

func (*EnrollDeviceSuccess) Reset 

func (x *EnrollDeviceSuccess) Reset()

func (*EnrollDeviceSuccess) String 

func (x *EnrollDeviceSuccess) String() string

type FindDevicesRequest 

type FindDevicesRequest struct {

	// Device ID or asset tag.
	IdOrTag string `protobuf:"bytes,1,opt,name=id_or_tag,json=idOrTag,proto3" json:"id_or_tag,omitempty"`
	// contains filtered or unexported fields
}

Request for FindDevices.

Inspect the returned devices to determine whether the match was by ID or asset tag.

func (*FindDevicesRequest) Descriptor deprecated 

func (*FindDevicesRequest) Descriptor() ([]byte, []int)

Deprecated: Use FindDevicesRequest.ProtoReflect.Descriptor instead.

func (*FindDevicesRequest) GetIdOrTag 

func (x *FindDevicesRequest) GetIdOrTag() string

func (*FindDevicesRequest) ProtoMessage 

func (*FindDevicesRequest) ProtoMessage()

func (*FindDevicesRequest) ProtoReflect 

func (x *FindDevicesRequest) ProtoReflect() protoreflect.Message

func (*FindDevicesRequest) Reset 

func (x *FindDevicesRequest) Reset()

func (*FindDevicesRequest) String 

func (x *FindDevicesRequest) String() string

type FindDevicesResponse 

type FindDevicesResponse struct {

	// Devices that matched the search.
	// The number of resulting devices is expected to be low and may be
	// artificially capped by the server otherwise.
	Devices []*Device `protobuf:"bytes,1,rep,name=devices,proto3" json:"devices,omitempty"`
	// contains filtered or unexported fields
}

Response for FindDevices.

func (*FindDevicesResponse) Descriptor deprecated 

func (*FindDevicesResponse) Descriptor() ([]byte, []int)

Deprecated: Use FindDevicesResponse.ProtoReflect.Descriptor instead.

func (*FindDevicesResponse) GetDevices 

func (x *FindDevicesResponse) GetDevices() []*Device

func (*FindDevicesResponse) ProtoMessage 

func (*FindDevicesResponse) ProtoMessage()

func (*FindDevicesResponse) ProtoReflect 

func (x *FindDevicesResponse) ProtoReflect() protoreflect.Message

func (*FindDevicesResponse) Reset 

func (x *FindDevicesResponse) Reset()

func (*FindDevicesResponse) String 

func (x *FindDevicesResponse) String() string

type GetDeviceRequest 

type GetDeviceRequest struct {

	// ID of the device.
	DeviceId string `protobuf:"bytes,1,opt,name=device_id,json=deviceId,proto3" json:"device_id,omitempty"`
	// contains filtered or unexported fields
}

Request for GetDevice.

func (*GetDeviceRequest) Descriptor deprecated 

func (*GetDeviceRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetDeviceRequest.ProtoReflect.Descriptor instead.

func (*GetDeviceRequest) GetDeviceId 

func (x *GetDeviceRequest) GetDeviceId() string

func (*GetDeviceRequest) ProtoMessage 

func (*GetDeviceRequest) ProtoMessage()

func (*GetDeviceRequest) ProtoReflect 

func (x *GetDeviceRequest) ProtoReflect() protoreflect.Message

func (*GetDeviceRequest) Reset 

func (x *GetDeviceRequest) Reset()

func (*GetDeviceRequest) String 

func (x *GetDeviceRequest) String() string

type GetDevicesUsageRequest 

type GetDevicesUsageRequest struct {
	// contains filtered or unexported fields
}

Superseded by ResourceUsageService.GetUsage.

func (*GetDevicesUsageRequest) Descriptor deprecated 

func (*GetDevicesUsageRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetDevicesUsageRequest.ProtoReflect.Descriptor instead.

func (*GetDevicesUsageRequest) ProtoMessage 

func (*GetDevicesUsageRequest) ProtoMessage()

func (*GetDevicesUsageRequest) ProtoReflect 

func (x *GetDevicesUsageRequest) ProtoReflect() protoreflect.Message

func (*GetDevicesUsageRequest) Reset 

func (x *GetDevicesUsageRequest) Reset()

func (*GetDevicesUsageRequest) String 

func (x *GetDevicesUsageRequest) String() string

type ListDevicesRequest 

type ListDevicesRequest struct {

	// The maximum number of items to return.
	// The server may impose a different page size at its discretion.
	PageSize int32 `protobuf:"varint,1,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// The next_page_token value returned from a previous List request, if any.
	PageToken string `protobuf:"bytes,2,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// Specifies which fields of the resource should be returned in the response.
	// Defaults to DEVICE_VIEW_LIST.
	View DeviceView `protobuf:"varint,3,opt,name=view,proto3,enum=teleport.devicetrust.v1.DeviceView" json:"view,omitempty"`
	// contains filtered or unexported fields
}

Request for ListDevices.

Follows the pagination semantics of https://cloud.google.com/apis/design/standard_methods#list.

func (*ListDevicesRequest) Descriptor deprecated 

func (*ListDevicesRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListDevicesRequest.ProtoReflect.Descriptor instead.

func (*ListDevicesRequest) GetPageSize 

func (x *ListDevicesRequest) GetPageSize() int32

func (*ListDevicesRequest) GetPageToken 

func (x *ListDevicesRequest) GetPageToken() string

func (*ListDevicesRequest) GetView 

func (x *ListDevicesRequest) GetView() DeviceView

func (*ListDevicesRequest) ProtoMessage 

func (*ListDevicesRequest) ProtoMessage()

func (*ListDevicesRequest) ProtoReflect 

func (x *ListDevicesRequest) ProtoReflect() protoreflect.Message

func (*ListDevicesRequest) Reset 

func (x *ListDevicesRequest) Reset()

func (*ListDevicesRequest) String 

func (x *ListDevicesRequest) String() string

type ListDevicesResponse 

type ListDevicesResponse struct {

	// Devices that matched the search.
	Devices []*Device `protobuf:"bytes,1,rep,name=devices,proto3" json:"devices,omitempty"`
	// Token to retrieve the next page of results, or empty if there are no
	// more results in the list.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

Response for ListDevices.

func (*ListDevicesResponse) Descriptor deprecated 

func (*ListDevicesResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListDevicesResponse.ProtoReflect.Descriptor instead.

func (*ListDevicesResponse) GetDevices 

func (x *ListDevicesResponse) GetDevices() []*Device

func (*ListDevicesResponse) GetNextPageToken 

func (x *ListDevicesResponse) GetNextPageToken() string

func (*ListDevicesResponse) ProtoMessage 

func (*ListDevicesResponse) ProtoMessage()

func (*ListDevicesResponse) ProtoReflect 

func (x *ListDevicesResponse) ProtoReflect() protoreflect.Message

func (*ListDevicesResponse) Reset 

func (x *ListDevicesResponse) Reset()

func (*ListDevicesResponse) String 

func (x *ListDevicesResponse) String() string

type MacOSEnrollChallenge 

type MacOSEnrollChallenge struct {

	// Randomly-generated, opaque challenge to be signed using the device key.
	Challenge []byte `protobuf:"bytes,1,opt,name=challenge,proto3" json:"challenge,omitempty"`
	// contains filtered or unexported fields
}

MacOSEnrollChallenge is a macOS enrollment challenge.

func (*MacOSEnrollChallenge) Descriptor deprecated 

func (*MacOSEnrollChallenge) Descriptor() ([]byte, []int)

Deprecated: Use MacOSEnrollChallenge.ProtoReflect.Descriptor instead.

func (*MacOSEnrollChallenge) GetChallenge 

func (x *MacOSEnrollChallenge) GetChallenge() []byte

func (*MacOSEnrollChallenge) ProtoMessage 

func (*MacOSEnrollChallenge) ProtoMessage()

func (*MacOSEnrollChallenge) ProtoReflect 

func (x *MacOSEnrollChallenge) ProtoReflect() protoreflect.Message

func (*MacOSEnrollChallenge) Reset 

func (x *MacOSEnrollChallenge) Reset()

func (*MacOSEnrollChallenge) String 

func (x *MacOSEnrollChallenge) String() string

type MacOSEnrollChallengeResponse 

type MacOSEnrollChallengeResponse struct {

	// Signature over the challenge, using the device key.
	Signature []byte `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
	// contains filtered or unexported fields
}

MacOSEnrollChallengeResponse is a macOS enrollment challenge response.

func (*MacOSEnrollChallengeResponse) Descriptor deprecated 

func (*MacOSEnrollChallengeResponse) Descriptor() ([]byte, []int)

Deprecated: Use MacOSEnrollChallengeResponse.ProtoReflect.Descriptor instead.

func (*MacOSEnrollChallengeResponse) GetSignature 

func (x *MacOSEnrollChallengeResponse) GetSignature() []byte

func (*MacOSEnrollChallengeResponse) ProtoMessage 

func (*MacOSEnrollChallengeResponse) ProtoMessage()

func (*MacOSEnrollChallengeResponse) ProtoReflect 

func (x *MacOSEnrollChallengeResponse) ProtoReflect() protoreflect.Message

func (*MacOSEnrollChallengeResponse) Reset 

func (x *MacOSEnrollChallengeResponse) Reset()

func (*MacOSEnrollChallengeResponse) String 

func (x *MacOSEnrollChallengeResponse) String() string

type MacOSEnrollPayload 

type MacOSEnrollPayload struct {

	// Device public key marshaled as a PKIX, ASN.1 DER.
	PublicKeyDer []byte `protobuf:"bytes,2,opt,name=public_key_der,json=publicKeyDer,proto3" json:"public_key_der,omitempty"`
	// contains filtered or unexported fields
}

MacOSEnrollPayload is the macOS-specific enrollment payload.

func (*MacOSEnrollPayload) Descriptor deprecated 

func (*MacOSEnrollPayload) Descriptor() ([]byte, []int)

Deprecated: Use MacOSEnrollPayload.ProtoReflect.Descriptor instead.

func (*MacOSEnrollPayload) GetPublicKeyDer 

func (x *MacOSEnrollPayload) GetPublicKeyDer() []byte

func (*MacOSEnrollPayload) ProtoMessage 

func (*MacOSEnrollPayload) ProtoMessage()

func (*MacOSEnrollPayload) ProtoReflect 

func (x *MacOSEnrollPayload) ProtoReflect() protoreflect.Message

func (*MacOSEnrollPayload) Reset 

func (x *MacOSEnrollPayload) Reset()

func (*MacOSEnrollPayload) String 

func (x *MacOSEnrollPayload) String() string

type OSType 

type OSType int32

OSType represents the operating system of a device. 

const (
	OSType_OS_TYPE_UNSPECIFIED OSType = 0
	// Linux.
	OSType_OS_TYPE_LINUX OSType = 1
	// macOS.
	OSType_OS_TYPE_MACOS OSType = 2
	// Windows.
	OSType_OS_TYPE_WINDOWS OSType = 3
)

func (OSType) Descriptor 

func (OSType) Descriptor() protoreflect.EnumDescriptor

func (OSType) Enum 

func (x OSType) Enum() *OSType

func (OSType) EnumDescriptor deprecated 

func (OSType) EnumDescriptor() ([]byte, []int)

Deprecated: Use OSType.Descriptor instead.

func (OSType) Number 

func (x OSType) Number() protoreflect.EnumNumber

func (OSType) String 

func (x OSType) String() string

func (OSType) Type 

func (OSType) Type() protoreflect.EnumType

type SyncInventoryAck 

type SyncInventoryAck struct {
	// contains filtered or unexported fields
}

SyncInventoryAck is used to confirm successful processing of messages that lack a more specific response.

func (*SyncInventoryAck) Descriptor deprecated 

func (*SyncInventoryAck) Descriptor() ([]byte, []int)

Deprecated: Use SyncInventoryAck.ProtoReflect.Descriptor instead.

func (*SyncInventoryAck) ProtoMessage 

func (*SyncInventoryAck) ProtoMessage()

func (*SyncInventoryAck) ProtoReflect 

func (x *SyncInventoryAck) ProtoReflect() protoreflect.Message

func (*SyncInventoryAck) Reset 

func (x *SyncInventoryAck) Reset()

func (*SyncInventoryAck) String 

func (x *SyncInventoryAck) String() string

type SyncInventoryDevices 

type SyncInventoryDevices struct {

	// Devices to sync.
	Devices []*Device `protobuf:"bytes,1,rep,name=devices,proto3" json:"devices,omitempty"`
	// contains filtered or unexported fields
}

SyncInventoryDevices transports devices to add/update/remove. Removals only need identifying fields to be set.

func (*SyncInventoryDevices) Descriptor deprecated 

func (*SyncInventoryDevices) Descriptor() ([]byte, []int)

Deprecated: Use SyncInventoryDevices.ProtoReflect.Descriptor instead.

func (*SyncInventoryDevices) GetDevices 

func (x *SyncInventoryDevices) GetDevices() []*Device

func (*SyncInventoryDevices) ProtoMessage 

func (*SyncInventoryDevices) ProtoMessage()

func (*SyncInventoryDevices) ProtoReflect 

func (x *SyncInventoryDevices) ProtoReflect() protoreflect.Message

func (*SyncInventoryDevices) Reset 

func (x *SyncInventoryDevices) Reset()

func (*SyncInventoryDevices) String 

func (x *SyncInventoryDevices) String() string

type SyncInventoryEnd 

type SyncInventoryEnd struct {
	// contains filtered or unexported fields
}

SyncInventoryEnd ends the inventory sync, signaling that no more SyncInventoryDevices messages will be sent by the client.

func (*SyncInventoryEnd) Descriptor deprecated 

func (*SyncInventoryEnd) Descriptor() ([]byte, []int)

Deprecated: Use SyncInventoryEnd.ProtoReflect.Descriptor instead.

func (*SyncInventoryEnd) ProtoMessage 

func (*SyncInventoryEnd) ProtoMessage()

func (*SyncInventoryEnd) ProtoReflect 

func (x *SyncInventoryEnd) ProtoReflect() protoreflect.Message

func (*SyncInventoryEnd) Reset 

func (x *SyncInventoryEnd) Reset()

func (*SyncInventoryEnd) String 

func (x *SyncInventoryEnd) String() string

type SyncInventoryMissingDevices 

type SyncInventoryMissingDevices struct {

	// Devices missing from the client-side sync.
	// Guaranteed to have the following fields: id, os_type, asset_tag and
	// profile.external_id.
	Devices []*Device `protobuf:"bytes,1,rep,name=devices,proto3" json:"devices,omitempty"`
	// contains filtered or unexported fields
}

SyncInventoryMissingDevices informs the sync client of all stored devices that were not observed in upserts during the sync.

Requires `track_missing_devices` to be set in the SyncInventoryStart message.

The client must follow up with a SyncInventoryDevices message, including any devices to be deleted.

func (*SyncInventoryMissingDevices) Descriptor deprecated 

func (*SyncInventoryMissingDevices) Descriptor() ([]byte, []int)

Deprecated: Use SyncInventoryMissingDevices.ProtoReflect.Descriptor instead.

func (*SyncInventoryMissingDevices) GetDevices 

func (x *SyncInventoryMissingDevices) GetDevices() []*Device

func (*SyncInventoryMissingDevices) ProtoMessage 

func (*SyncInventoryMissingDevices) ProtoMessage()

func (*SyncInventoryMissingDevices) ProtoReflect 

func (x *SyncInventoryMissingDevices) ProtoReflect() protoreflect.Message

func (*SyncInventoryMissingDevices) Reset 

func (x *SyncInventoryMissingDevices) Reset()

func (*SyncInventoryMissingDevices) String 

func (x *SyncInventoryMissingDevices) String() string

type SyncInventoryRequest 

type SyncInventoryRequest struct {

	// Types that are assignable to Payload:
	//
	//	*SyncInventoryRequest_Start
	//	*SyncInventoryRequest_End
	//	*SyncInventoryRequest_DevicesToUpsert
	//	*SyncInventoryRequest_DevicesToRemove
	Payload isSyncInventoryRequest_Payload `protobuf_oneof:"payload"`
	// contains filtered or unexported fields
}

Request for SyncInventory.

A typical message sequence is as follows: (-> means client-to-server, <- means server-to-client) -> SyncInventoryStart <- SyncInventoryAck (loop) -> SyncInventoryDevices (add/remove devices) <- SyncInventoryResult (end loop) -> SyncInventoryEnd (loop until server closes the stream, zero or more times) <- SyncInventoryMissingDevices -> SyncInventoryDevices (removals only) <- SyncInventoryResult (end loop)

func (*SyncInventoryRequest) Descriptor deprecated 

func (*SyncInventoryRequest) Descriptor() ([]byte, []int)

Deprecated: Use SyncInventoryRequest.ProtoReflect.Descriptor instead.

func (*SyncInventoryRequest) GetDevicesToRemove 

func (x *SyncInventoryRequest) GetDevicesToRemove() *SyncInventoryDevices

func (*SyncInventoryRequest) GetDevicesToUpsert 

func (x *SyncInventoryRequest) GetDevicesToUpsert() *SyncInventoryDevices

func (*SyncInventoryRequest) GetEnd 

func (x *SyncInventoryRequest) GetEnd() *SyncInventoryEnd

func (*SyncInventoryRequest) GetPayload 

func (m *SyncInventoryRequest) GetPayload() isSyncInventoryRequest_Payload

func (*SyncInventoryRequest) GetStart 

func (x *SyncInventoryRequest) GetStart() *SyncInventoryStart

func (*SyncInventoryRequest) ProtoMessage 

func (*SyncInventoryRequest) ProtoMessage()

func (*SyncInventoryRequest) ProtoReflect 

func (x *SyncInventoryRequest) ProtoReflect() protoreflect.Message

func (*SyncInventoryRequest) Reset 

func (x *SyncInventoryRequest) Reset()

func (*SyncInventoryRequest) String 

func (x *SyncInventoryRequest) String() string

type SyncInventoryRequest_DevicesToRemove 

type SyncInventoryRequest_DevicesToRemove struct {
	DevicesToRemove *SyncInventoryDevices `protobuf:"bytes,4,opt,name=devices_to_remove,json=devicesToRemove,proto3,oneof"`
}

type SyncInventoryRequest_DevicesToUpsert 

type SyncInventoryRequest_DevicesToUpsert struct {
	DevicesToUpsert *SyncInventoryDevices `protobuf:"bytes,3,opt,name=devices_to_upsert,json=devicesToUpsert,proto3,oneof"`
}

type SyncInventoryRequest_End 

type SyncInventoryRequest_End struct {
	End *SyncInventoryEnd `protobuf:"bytes,2,opt,name=end,proto3,oneof"`
}

type SyncInventoryRequest_Start 

type SyncInventoryRequest_Start struct {
	Start *SyncInventoryStart `protobuf:"bytes,1,opt,name=start,proto3,oneof"`
}

type SyncInventoryResponse 

type SyncInventoryResponse struct {

	// Types that are assignable to Payload:
	//
	//	*SyncInventoryResponse_Ack
	//	*SyncInventoryResponse_Result
	//	*SyncInventoryResponse_MissingDevices
	Payload isSyncInventoryResponse_Payload `protobuf_oneof:"payload"`
	// contains filtered or unexported fields
}

Response for SyncInventory.

func (*SyncInventoryResponse) Descriptor deprecated 

func (*SyncInventoryResponse) Descriptor() ([]byte, []int)

Deprecated: Use SyncInventoryResponse.ProtoReflect.Descriptor instead.

func (*SyncInventoryResponse) GetAck 

func (x *SyncInventoryResponse) GetAck() *SyncInventoryAck

func (*SyncInventoryResponse) GetMissingDevices 

func (x *SyncInventoryResponse) GetMissingDevices() *SyncInventoryMissingDevices

func (*SyncInventoryResponse) GetPayload 

func (m *SyncInventoryResponse) GetPayload() isSyncInventoryResponse_Payload

func (*SyncInventoryResponse) GetResult 

func (x *SyncInventoryResponse) GetResult() *SyncInventoryResult

func (*SyncInventoryResponse) ProtoMessage 

func (*SyncInventoryResponse) ProtoMessage()

func (*SyncInventoryResponse) ProtoReflect 

func (x *SyncInventoryResponse) ProtoReflect() protoreflect.Message

func (*SyncInventoryResponse) Reset 

func (x *SyncInventoryResponse) Reset()

func (*SyncInventoryResponse) String 

func (x *SyncInventoryResponse) String() string

type SyncInventoryResponse_Ack 

type SyncInventoryResponse_Ack struct {
	Ack *SyncInventoryAck `protobuf:"bytes,1,opt,name=ack,proto3,oneof"`
}

type SyncInventoryResponse_MissingDevices 

type SyncInventoryResponse_MissingDevices struct {
	MissingDevices *SyncInventoryMissingDevices `protobuf:"bytes,3,opt,name=missing_devices,json=missingDevices,proto3,oneof"`
}

type SyncInventoryResponse_Result 

type SyncInventoryResponse_Result struct {
	Result *SyncInventoryResult `protobuf:"bytes,2,opt,name=result,proto3,oneof"`
}

type SyncInventoryResult 

type SyncInventoryResult struct {

	// Devices modified, in the same order as the input when applicable.
	Devices []*DeviceOrStatus `protobuf:"bytes,1,rep,name=devices,proto3" json:"devices,omitempty"`
	// contains filtered or unexported fields
}

SyncInventoryResult is the response for SyncInventoryDevices or SyncInventoryEnd It lists all synced/deleted devices.

func (*SyncInventoryResult) Descriptor deprecated 

func (*SyncInventoryResult) Descriptor() ([]byte, []int)

Deprecated: Use SyncInventoryResult.ProtoReflect.Descriptor instead.

func (*SyncInventoryResult) GetDevices 

func (x *SyncInventoryResult) GetDevices() []*DeviceOrStatus

func (*SyncInventoryResult) ProtoMessage 

func (*SyncInventoryResult) ProtoMessage()

func (*SyncInventoryResult) ProtoReflect 

func (x *SyncInventoryResult) ProtoReflect() protoreflect.Message

func (*SyncInventoryResult) Reset 

func (x *SyncInventoryResult) Reset()

func (*SyncInventoryResult) String 

func (x *SyncInventoryResult) String() string

type SyncInventoryStart 

type SyncInventoryStart struct {

	// Source of the inventory sync.
	// Used for all devices. The `source` field in individual devices is ignored
	// by this RPC.
	Source *DeviceSource `protobuf:"bytes,1,opt,name=source,proto3" json:"source,omitempty"`
	// If true, the server keeps track of the devices upserted during the sync.
	// After receiving the [SyncInventoryEnd] message, the server informs the
	// client of all devices that are present in storage but not observed in the
	// upserts.
	// See [SyncInventoryRequest] and [SyncInventoryMissingDevices] for details.
	TrackMissingDevices bool `protobuf:"varint,4,opt,name=track_missing_devices,json=trackMissingDevices,proto3" json:"track_missing_devices,omitempty"`
	// contains filtered or unexported fields
}

SyncInventoryStart starts the inventory sync.

func (*SyncInventoryStart) Descriptor deprecated 

func (*SyncInventoryStart) Descriptor() ([]byte, []int)

Deprecated: Use SyncInventoryStart.ProtoReflect.Descriptor instead.

func (*SyncInventoryStart) GetSource 

func (x *SyncInventoryStart) GetSource() *DeviceSource

func (*SyncInventoryStart) GetTrackMissingDevices 

func (x *SyncInventoryStart) GetTrackMissingDevices() bool

func (*SyncInventoryStart) ProtoMessage 

func (*SyncInventoryStart) ProtoMessage()

func (*SyncInventoryStart) ProtoReflect 

func (x *SyncInventoryStart) ProtoReflect() protoreflect.Message

func (*SyncInventoryStart) Reset 

func (x *SyncInventoryStart) Reset()

func (*SyncInventoryStart) String 

func (x *SyncInventoryStart) String() string

type TPMAttestationParameters 

type TPMAttestationParameters struct {

	// The encoded TPMT_PUBLIC structure containing the attestation public key
	// and signing parameters.
	Public []byte `protobuf:"bytes,1,opt,name=public,proto3" json:"public,omitempty"`
	// The properties of the attestation key, encoded as a TPMS_CREATION_DATA
	// structure.
	CreateData []byte `protobuf:"bytes,2,opt,name=create_data,json=createData,proto3" json:"create_data,omitempty"`
	// An assertion as to the details of the key, encoded as a TPMS_ATTEST
	// structure.
	CreateAttestation []byte `protobuf:"bytes,3,opt,name=create_attestation,json=createAttestation,proto3" json:"create_attestation,omitempty"`
	// A signature of create_attestation, encoded as a TPMT_SIGNATURE structure.
	CreateSignature []byte `protobuf:"bytes,4,opt,name=create_signature,json=createSignature,proto3" json:"create_signature,omitempty"`
	// contains filtered or unexported fields
}

The attestation key and the parameters necessary to remotely verify it as related to the endorsement key. See https://pkg.go.dev/github.com/google/go-attestation/attest#AttestationParameters. This message excludes the `UseTCSDActivationFormat` field from the link above as it is TMP 1.x specific and always false.

func (*TPMAttestationParameters) Descriptor deprecated 

func (*TPMAttestationParameters) Descriptor() ([]byte, []int)

Deprecated: Use TPMAttestationParameters.ProtoReflect.Descriptor instead.

func (*TPMAttestationParameters) GetCreateAttestation 

func (x *TPMAttestationParameters) GetCreateAttestation() []byte

func (*TPMAttestationParameters) GetCreateData 

func (x *TPMAttestationParameters) GetCreateData() []byte

func (*TPMAttestationParameters) GetCreateSignature 

func (x *TPMAttestationParameters) GetCreateSignature() []byte

func (*TPMAttestationParameters) GetPublic 

func (x *TPMAttestationParameters) GetPublic() []byte

func (*TPMAttestationParameters) ProtoMessage 

func (*TPMAttestationParameters) ProtoMessage()

func (*TPMAttestationParameters) ProtoReflect 

func (x *TPMAttestationParameters) ProtoReflect() protoreflect.Message

func (*TPMAttestationParameters) Reset 

func (x *TPMAttestationParameters) Reset()

func (*TPMAttestationParameters) String 

func (x *TPMAttestationParameters) String() string

type TPMAuthenticateDeviceChallenge 

type TPMAuthenticateDeviceChallenge struct {

	// Randomly-generated nonce to be used during platform attestation by the
	// TPM.
	AttestationNonce []byte `protobuf:"bytes,1,opt,name=attestation_nonce,json=attestationNonce,proto3" json:"attestation_nonce,omitempty"`
	// contains filtered or unexported fields
}

TPMAuthenticateDeviceChallenge carries the authentication challenge specific to TPMs.

func (*TPMAuthenticateDeviceChallenge) Descriptor deprecated 

func (*TPMAuthenticateDeviceChallenge) Descriptor() ([]byte, []int)

Deprecated: Use TPMAuthenticateDeviceChallenge.ProtoReflect.Descriptor instead.

func (*TPMAuthenticateDeviceChallenge) GetAttestationNonce 

func (x *TPMAuthenticateDeviceChallenge) GetAttestationNonce() []byte

func (*TPMAuthenticateDeviceChallenge) ProtoMessage 

func (*TPMAuthenticateDeviceChallenge) ProtoMessage()

func (*TPMAuthenticateDeviceChallenge) ProtoReflect 

func (x *TPMAuthenticateDeviceChallenge) ProtoReflect() protoreflect.Message

func (*TPMAuthenticateDeviceChallenge) Reset 

func (x *TPMAuthenticateDeviceChallenge) Reset()

func (*TPMAuthenticateDeviceChallenge) String 

func (x *TPMAuthenticateDeviceChallenge) String() string

type TPMAuthenticateDeviceChallengeResponse 

type TPMAuthenticateDeviceChallengeResponse struct {

	// The result of the client's platform attestation with the nonce provided
	// in `TPMAuthenticateDeviceChallenge`.
	PlatformParameters *TPMPlatformParameters `protobuf:"bytes,1,opt,name=platform_parameters,json=platformParameters,proto3" json:"platform_parameters,omitempty"`
	// contains filtered or unexported fields
}

TPMAuthenticateDeviceChallengeResponse carries the authentication challenge response specific to TPMs.

func (*TPMAuthenticateDeviceChallengeResponse) Descriptor deprecated 

func (*TPMAuthenticateDeviceChallengeResponse) Descriptor() ([]byte, []int)

Deprecated: Use TPMAuthenticateDeviceChallengeResponse.ProtoReflect.Descriptor instead.

func (*TPMAuthenticateDeviceChallengeResponse) GetPlatformParameters 

func (x *TPMAuthenticateDeviceChallengeResponse) GetPlatformParameters() *TPMPlatformParameters

func (*TPMAuthenticateDeviceChallengeResponse) ProtoMessage 

func (*TPMAuthenticateDeviceChallengeResponse) ProtoMessage()

func (*TPMAuthenticateDeviceChallengeResponse) ProtoReflect 

func (x *TPMAuthenticateDeviceChallengeResponse) ProtoReflect() protoreflect.Message

func (*TPMAuthenticateDeviceChallengeResponse) Reset 

func (x *TPMAuthenticateDeviceChallengeResponse) Reset()

func (*TPMAuthenticateDeviceChallengeResponse) String 

func (x *TPMAuthenticateDeviceChallengeResponse) String() string

type TPMEncryptedCredential 

type TPMEncryptedCredential struct {

	// The `credential_blob` parameter to be used with the `ActivateCredential`
	// command. This is used with the decrypted value of `secret` in a
	// cryptographic process to decrypt the solution.
	CredentialBlob []byte `protobuf:"bytes,1,opt,name=credential_blob,json=credentialBlob,proto3" json:"credential_blob,omitempty"`
	// The `secret` parameter to be used with `ActivateCredential`. This is a
	// seed which can be decrypted with the EK. The decrypted seed is then used
	// when decrypting `credential_blob`.
	Secret []byte `protobuf:"bytes,2,opt,name=secret,proto3" json:"secret,omitempty"`
	// contains filtered or unexported fields
}

These values are used by the TPM2.0 `ActivateCredential` command to produce the solution which proves possession of the EK and AK.

For a more in-depth description see: - https://pkg.go.dev/github.com/google/go-attestation/attest#EncryptedCredential - https://trustedcomputinggroup.org/wp-content/uploads/TCG_TPM2_r1p59_Part3_Commands_code_pub.pdf (Heading 12.5.1 "TPM2_ActivateCredential" "General Description") - https://github.com/google/go-attestation/blob/v0.4.3/attest/activation.go#L199 - https://github.com/google/go-tpm/blob/v0.3.3/tpm2/credactivation/credential_activation.go#L61

func (*TPMEncryptedCredential) Descriptor deprecated 

func (*TPMEncryptedCredential) Descriptor() ([]byte, []int)

Deprecated: Use TPMEncryptedCredential.ProtoReflect.Descriptor instead.

func (*TPMEncryptedCredential) GetCredentialBlob 

func (x *TPMEncryptedCredential) GetCredentialBlob() []byte

func (*TPMEncryptedCredential) GetSecret 

func (x *TPMEncryptedCredential) GetSecret() []byte

func (*TPMEncryptedCredential) ProtoMessage 

func (*TPMEncryptedCredential) ProtoMessage()

func (*TPMEncryptedCredential) ProtoReflect 

func (x *TPMEncryptedCredential) ProtoReflect() protoreflect.Message

func (*TPMEncryptedCredential) Reset 

func (x *TPMEncryptedCredential) Reset()

func (*TPMEncryptedCredential) String 

func (x *TPMEncryptedCredential) String() string

type TPMEnrollChallenge 

type TPMEnrollChallenge struct {

	// The encrypted credential for the client to prove possession of the EK and
	// AK.
	EncryptedCredential *TPMEncryptedCredential `protobuf:"bytes,1,opt,name=encrypted_credential,json=encryptedCredential,proto3" json:"encrypted_credential,omitempty"`
	// The nonce to use when producing the quotes over the PCRs with the TPM
	// during the platform attestation.
	AttestationNonce []byte `protobuf:"bytes,2,opt,name=attestation_nonce,json=attestationNonce,proto3" json:"attestation_nonce,omitempty"`
	// contains filtered or unexported fields
}

The challenge sent to the client by the server during enrollment. The challenge involves two parts: - Solving an encrypted credential with `ActivateCredential`. - Producing a platform attestation using the provided nonce.

func (*TPMEnrollChallenge) Descriptor deprecated 

func (*TPMEnrollChallenge) Descriptor() ([]byte, []int)

Deprecated: Use TPMEnrollChallenge.ProtoReflect.Descriptor instead.

func (*TPMEnrollChallenge) GetAttestationNonce 

func (x *TPMEnrollChallenge) GetAttestationNonce() []byte

func (*TPMEnrollChallenge) GetEncryptedCredential 

func (x *TPMEnrollChallenge) GetEncryptedCredential() *TPMEncryptedCredential

func (*TPMEnrollChallenge) ProtoMessage 

func (*TPMEnrollChallenge) ProtoMessage()

func (*TPMEnrollChallenge) ProtoReflect 

func (x *TPMEnrollChallenge) ProtoReflect() protoreflect.Message

func (*TPMEnrollChallenge) Reset 

func (x *TPMEnrollChallenge) Reset()

func (*TPMEnrollChallenge) String 

func (x *TPMEnrollChallenge) String() string

type TPMEnrollChallengeResponse 

type TPMEnrollChallengeResponse struct {

	// The client's solution to `TPMEncryptedCredential` included in
	// `TPMEnrollChallenge` using ActivateCredential.
	Solution []byte `protobuf:"bytes,1,opt,name=solution,proto3" json:"solution,omitempty"`
	// The result of the client's platform attestation with the nonce provided
	// in `TPMEnrollChallenge`.
	PlatformParameters *TPMPlatformParameters `protobuf:"bytes,2,opt,name=platform_parameters,json=platformParameters,proto3" json:"platform_parameters,omitempty"`
	// contains filtered or unexported fields
}

The enrollment challenge response containing the solution returned by calling the TPM2.0 `ActivateCredential` command on the client with the parameters provided in `TPMEnrollChallenge`.

func (*TPMEnrollChallengeResponse) Descriptor deprecated 

func (*TPMEnrollChallengeResponse) Descriptor() ([]byte, []int)

Deprecated: Use TPMEnrollChallengeResponse.ProtoReflect.Descriptor instead.

func (*TPMEnrollChallengeResponse) GetPlatformParameters 

func (x *TPMEnrollChallengeResponse) GetPlatformParameters() *TPMPlatformParameters

func (*TPMEnrollChallengeResponse) GetSolution 

func (x *TPMEnrollChallengeResponse) GetSolution() []byte

func (*TPMEnrollChallengeResponse) ProtoMessage 

func (*TPMEnrollChallengeResponse) ProtoMessage()

func (*TPMEnrollChallengeResponse) ProtoReflect 

func (x *TPMEnrollChallengeResponse) ProtoReflect() protoreflect.Message

func (*TPMEnrollChallengeResponse) Reset 

func (x *TPMEnrollChallengeResponse) Reset()

func (*TPMEnrollChallengeResponse) String 

func (x *TPMEnrollChallengeResponse) String() string

type TPMEnrollPayload 

type TPMEnrollPayload struct {

	// Types that are assignable to Ek:
	//
	//	*TPMEnrollPayload_EkCert
	//	*TPMEnrollPayload_EkKey
	Ek isTPMEnrollPayload_Ek `protobuf_oneof:"ek"`
	// The attestation key and the parameters necessary to remotely verify it as
	// related to the endorsement key.
	AttestationParameters *TPMAttestationParameters `protobuf:"bytes,3,opt,name=attestation_parameters,json=attestationParameters,proto3" json:"attestation_parameters,omitempty"`
	// contains filtered or unexported fields
}

The payload containing TPM specific information required on device enrollment.

func (*TPMEnrollPayload) Descriptor deprecated 

func (*TPMEnrollPayload) Descriptor() ([]byte, []int)

Deprecated: Use TPMEnrollPayload.ProtoReflect.Descriptor instead.

func (*TPMEnrollPayload) GetAttestationParameters 

func (x *TPMEnrollPayload) GetAttestationParameters() *TPMAttestationParameters

func (*TPMEnrollPayload) GetEk 

func (m *TPMEnrollPayload) GetEk() isTPMEnrollPayload_Ek

func (*TPMEnrollPayload) GetEkCert 

func (x *TPMEnrollPayload) GetEkCert() []byte

func (*TPMEnrollPayload) GetEkKey 

func (x *TPMEnrollPayload) GetEkKey() []byte

func (*TPMEnrollPayload) ProtoMessage 

func (*TPMEnrollPayload) ProtoMessage()

func (*TPMEnrollPayload) ProtoReflect 

func (x *TPMEnrollPayload) ProtoReflect() protoreflect.Message

func (*TPMEnrollPayload) Reset 

func (x *TPMEnrollPayload) Reset()

func (*TPMEnrollPayload) String 

func (x *TPMEnrollPayload) String() string

type TPMEnrollPayload_EkCert 

type TPMEnrollPayload_EkCert struct {
	// The device's endorsement certificate in X509, ASN.1 DER form. This
	// certificate contains the public key of the endorsement key. This is
	// preferred to ek_key.
	EkCert []byte `protobuf:"bytes,1,opt,name=ek_cert,json=ekCert,proto3,oneof"`
}

type TPMEnrollPayload_EkKey 

type TPMEnrollPayload_EkKey struct {
	// The device's public endorsement key in PKIX, ASN.1 DER form. This is
	// used when a TPM does not contain any endorsement certificates.
	EkKey []byte `protobuf:"bytes,2,opt,name=ek_key,json=ekKey,proto3,oneof"`
}

type TPMPCR 

type TPMPCR struct {

	// the PCR index in the PCR bank
	Index int32 `protobuf:"varint,1,opt,name=index,proto3" json:"index,omitempty"`
	// the digest currently held in the PCR
	Digest []byte `protobuf:"bytes,2,opt,name=digest,proto3" json:"digest,omitempty"`
	// the hash algorithm used to produce the digest in this PCR bank. This value
	// is the underlying value of the Go crypto.Hash type.
	DigestAlg uint64 `protobuf:"varint,3,opt,name=digest_alg,json=digestAlg,proto3" json:"digest_alg,omitempty"`
	// contains filtered or unexported fields
}

Encapsulates the value of a PCR at a point at time. See https://pkg.go.dev/github.com/google/go-attestation/attest#PCR

func (*TPMPCR) Descriptor deprecated 

func (*TPMPCR) Descriptor() ([]byte, []int)

Deprecated: Use TPMPCR.ProtoReflect.Descriptor instead.

func (*TPMPCR) GetDigest 

func (x *TPMPCR) GetDigest() []byte

func (*TPMPCR) GetDigestAlg 

func (x *TPMPCR) GetDigestAlg() uint64

func (*TPMPCR) GetIndex 

func (x *TPMPCR) GetIndex() int32

func (*TPMPCR) ProtoMessage 

func (*TPMPCR) ProtoMessage()

func (*TPMPCR) ProtoReflect 

func (x *TPMPCR) ProtoReflect() protoreflect.Message

func (*TPMPCR) Reset 

func (x *TPMPCR) Reset()

func (*TPMPCR) String 

func (x *TPMPCR) String() string

type TPMPlatformAttestation 

type TPMPlatformAttestation struct {
	Nonce              []byte                 `protobuf:"bytes,1,opt,name=nonce,proto3" json:"nonce,omitempty"`
	PlatformParameters *TPMPlatformParameters `protobuf:"bytes,2,opt,name=platform_parameters,json=platformParameters,proto3" json:"platform_parameters,omitempty"`
	// contains filtered or unexported fields
}

Holds the record of a TPM platform attestation, including the platform parameters sent by the device and the nonce the server generated. This allows a historical platform attestation to be revalidated and allows us to compare the incoming state of a device (e.g during authentication) against the historical state in order to detect potentially malicious actions.

func (*TPMPlatformAttestation) Descriptor deprecated 

func (*TPMPlatformAttestation) Descriptor() ([]byte, []int)

Deprecated: Use TPMPlatformAttestation.ProtoReflect.Descriptor instead.

func (*TPMPlatformAttestation) GetNonce 

func (x *TPMPlatformAttestation) GetNonce() []byte

func (*TPMPlatformAttestation) GetPlatformParameters 

func (x *TPMPlatformAttestation) GetPlatformParameters() *TPMPlatformParameters

func (*TPMPlatformAttestation) ProtoMessage 

func (*TPMPlatformAttestation) ProtoMessage()

func (*TPMPlatformAttestation) ProtoReflect 

func (x *TPMPlatformAttestation) ProtoReflect() protoreflect.Message

func (*TPMPlatformAttestation) Reset 

func (x *TPMPlatformAttestation) Reset()

func (*TPMPlatformAttestation) String 

func (x *TPMPlatformAttestation) String() string

type TPMPlatformParameters 

type TPMPlatformParameters struct {
	Quotes   []*TPMQuote `protobuf:"bytes,1,rep,name=quotes,proto3" json:"quotes,omitempty"`
	Pcrs     []*TPMPCR   `protobuf:"bytes,2,rep,name=pcrs,proto3" json:"pcrs,omitempty"`
	EventLog []byte      `protobuf:"bytes,3,opt,name=event_log,json=eventLog,proto3" json:"event_log,omitempty"`
	// contains filtered or unexported fields
}

The quotes, PCRs and event log from a TPM that attest to the booted state of the machine. See https://pkg.go.dev/github.com/google/go-attestation/attest#PlatformParameters Excludes TPMVersion and Public since these are already known values.

func (*TPMPlatformParameters) Descriptor deprecated 

func (*TPMPlatformParameters) Descriptor() ([]byte, []int)

Deprecated: Use TPMPlatformParameters.ProtoReflect.Descriptor instead.

func (*TPMPlatformParameters) GetEventLog 

func (x *TPMPlatformParameters) GetEventLog() []byte

func (*TPMPlatformParameters) GetPcrs 

func (x *TPMPlatformParameters) GetPcrs() []*TPMPCR

func (*TPMPlatformParameters) GetQuotes 

func (x *TPMPlatformParameters) GetQuotes() []*TPMQuote

func (*TPMPlatformParameters) ProtoMessage 

func (*TPMPlatformParameters) ProtoMessage()

func (*TPMPlatformParameters) ProtoReflect 

func (x *TPMPlatformParameters) ProtoReflect() protoreflect.Message

func (*TPMPlatformParameters) Reset 

func (x *TPMPlatformParameters) Reset()

func (*TPMPlatformParameters) String 

func (x *TPMPlatformParameters) String() string

type TPMQuote 

type TPMQuote struct {
	Quote     []byte `protobuf:"bytes,1,opt,name=quote,proto3" json:"quote,omitempty"`
	Signature []byte `protobuf:"bytes,2,opt,name=signature,proto3" json:"signature,omitempty"`
	// contains filtered or unexported fields
}

Encapsulates the result of a quote operation against the TPM over a PCR using an attestation key. See https://pkg.go.dev/github.com/google/go-attestation/attest#Quote

func (*TPMQuote) Descriptor deprecated 

func (*TPMQuote) Descriptor() ([]byte, []int)

Deprecated: Use TPMQuote.ProtoReflect.Descriptor instead.

func (*TPMQuote) GetQuote 

func (x *TPMQuote) GetQuote() []byte

func (*TPMQuote) GetSignature 

func (x *TPMQuote) GetSignature() []byte

func (*TPMQuote) ProtoMessage 

func (*TPMQuote) ProtoMessage()

func (*TPMQuote) ProtoReflect 

func (x *TPMQuote) ProtoReflect() protoreflect.Message

func (*TPMQuote) Reset 

func (x *TPMQuote) Reset()

func (*TPMQuote) String 

func (x *TPMQuote) String() string

type UnimplementedDeviceTrustServiceServer 

type UnimplementedDeviceTrustServiceServer struct {
}

UnimplementedDeviceTrustServiceServer must be embedded to have forward compatible implementations.

func (UnimplementedDeviceTrustServiceServer) AuthenticateDevice 

func (UnimplementedDeviceTrustServiceServer) AuthenticateDevice(DeviceTrustService_AuthenticateDeviceServer) error

func (UnimplementedDeviceTrustServiceServer) BulkCreateDevices 

func (UnimplementedDeviceTrustServiceServer) BulkCreateDevices(context.Context, *BulkCreateDevicesRequest) (*BulkCreateDevicesResponse, error)

func (UnimplementedDeviceTrustServiceServer) ConfirmDeviceWebAuthentication 

func (UnimplementedDeviceTrustServiceServer) ConfirmDeviceWebAuthentication(context.Context, *ConfirmDeviceWebAuthenticationRequest) (*ConfirmDeviceWebAuthenticationResponse, error)

func (UnimplementedDeviceTrustServiceServer) CreateDevice 

func (UnimplementedDeviceTrustServiceServer) CreateDevice(context.Context, *CreateDeviceRequest) (*Device, error)

func (UnimplementedDeviceTrustServiceServer) CreateDeviceEnrollToken 

func (UnimplementedDeviceTrustServiceServer) CreateDeviceEnrollToken(context.Context, *CreateDeviceEnrollTokenRequest) (*DeviceEnrollToken, error)

func (UnimplementedDeviceTrustServiceServer) DeleteDevice 

func (UnimplementedDeviceTrustServiceServer) DeleteDevice(context.Context, *DeleteDeviceRequest) (*emptypb.Empty, error)

func (UnimplementedDeviceTrustServiceServer) EnrollDevice 

func (UnimplementedDeviceTrustServiceServer) EnrollDevice(DeviceTrustService_EnrollDeviceServer) error

func (UnimplementedDeviceTrustServiceServer) FindDevices 

func (UnimplementedDeviceTrustServiceServer) FindDevices(context.Context, *FindDevicesRequest) (*FindDevicesResponse, error)

func (UnimplementedDeviceTrustServiceServer) GetDevice 

func (UnimplementedDeviceTrustServiceServer) GetDevice(context.Context, *GetDeviceRequest) (*Device, error)

func (UnimplementedDeviceTrustServiceServer) GetDevicesUsage 

func (UnimplementedDeviceTrustServiceServer) GetDevicesUsage(context.Context, *GetDevicesUsageRequest) (*DevicesUsage, error)

func (UnimplementedDeviceTrustServiceServer) ListDevices 

func (UnimplementedDeviceTrustServiceServer) ListDevices(context.Context, *ListDevicesRequest) (*ListDevicesResponse, error)

func (UnimplementedDeviceTrustServiceServer) SyncInventory 

func (UnimplementedDeviceTrustServiceServer) SyncInventory(DeviceTrustService_SyncInventoryServer) error

func (UnimplementedDeviceTrustServiceServer) UpdateDevice 

func (UnimplementedDeviceTrustServiceServer) UpdateDevice(context.Context, *UpdateDeviceRequest) (*Device, error)

func (UnimplementedDeviceTrustServiceServer) UpsertDevice 

func (UnimplementedDeviceTrustServiceServer) UpsertDevice(context.Context, *UpsertDeviceRequest) (*Device, error)

type UnsafeDeviceTrustServiceServer 

type UnsafeDeviceTrustServiceServer interface {
	// contains filtered or unexported methods
}

UnsafeDeviceTrustServiceServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to DeviceTrustServiceServer will result in compilation errors.

type UpdateDeviceRequest 

type UpdateDeviceRequest struct {

	// Device to update.
	Device *Device `protobuf:"bytes,1,opt,name=device,proto3" json:"device,omitempty"`
	// Update mask applied to the resource.
	// Fields are masked according to their proto name.
	UpdateMask *fieldmaskpb.FieldMask `protobuf:"bytes,2,opt,name=update_mask,json=updateMask,proto3" json:"update_mask,omitempty"`
	// contains filtered or unexported fields
}

Request for UpdateDevice.

func (*UpdateDeviceRequest) Descriptor deprecated 

func (*UpdateDeviceRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateDeviceRequest.ProtoReflect.Descriptor instead.

func (*UpdateDeviceRequest) GetDevice 

func (x *UpdateDeviceRequest) GetDevice() *Device

func (*UpdateDeviceRequest) GetUpdateMask 

func (x *UpdateDeviceRequest) GetUpdateMask() *fieldmaskpb.FieldMask

func (*UpdateDeviceRequest) ProtoMessage 

func (*UpdateDeviceRequest) ProtoMessage()

func (*UpdateDeviceRequest) ProtoReflect 

func (x *UpdateDeviceRequest) ProtoReflect() protoreflect.Message

func (*UpdateDeviceRequest) Reset 

func (x *UpdateDeviceRequest) Reset()

func (*UpdateDeviceRequest) String 

func (x *UpdateDeviceRequest) String() string

type UpsertDeviceRequest 

type UpsertDeviceRequest struct {

	// Device to create or update.
	Device *Device `protobuf:"bytes,1,opt,name=device,proto3" json:"device,omitempty"`
	// If true, creates the device using resource semantics.
	// Has no effect on device updates.
	// See create_as_resource in CreateDeviceRequest.
	CreateAsResource bool `protobuf:"varint,2,opt,name=create_as_resource,json=createAsResource,proto3" json:"create_as_resource,omitempty"`
	// contains filtered or unexported fields
}

Request for UpsertDevice.

func (*UpsertDeviceRequest) Descriptor deprecated 

func (*UpsertDeviceRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpsertDeviceRequest.ProtoReflect.Descriptor instead.

func (*UpsertDeviceRequest) GetCreateAsResource 

func (x *UpsertDeviceRequest) GetCreateAsResource() bool

func (*UpsertDeviceRequest) GetDevice 

func (x *UpsertDeviceRequest) GetDevice() *Device

func (*UpsertDeviceRequest) ProtoMessage 

func (*UpsertDeviceRequest) ProtoMessage()

func (*UpsertDeviceRequest) ProtoReflect 

func (x *UpsertDeviceRequest) ProtoReflect() protoreflect.Message

func (*UpsertDeviceRequest) Reset 

func (x *UpsertDeviceRequest) Reset()

func (*UpsertDeviceRequest) String 

func (x *UpsertDeviceRequest) String() string

type UserCertificates 

type UserCertificates struct {

	// DER-encoded X.509 user certificate.
	X509Der []byte `protobuf:"bytes,1,opt,name=x509_der,json=x509Der,proto3" json:"x509_der,omitempty"`
	// SSH certificate marshaled in the authorized key format.
	SshAuthorizedKey []byte `protobuf:"bytes,2,opt,name=ssh_authorized_key,json=sshAuthorizedKey,proto3" json:"ssh_authorized_key,omitempty"`
	// contains filtered or unexported fields
}

UserCertificates is used to transport X.509 and SSH certificates during device authentication. See the AuthenticateDevice RPC.

func (*UserCertificates) Descriptor deprecated 

func (*UserCertificates) Descriptor() ([]byte, []int)

Deprecated: Use UserCertificates.ProtoReflect.Descriptor instead.

func (*UserCertificates) GetSshAuthorizedKey 

func (x *UserCertificates) GetSshAuthorizedKey() []byte

func (*UserCertificates) GetX509Der 

func (x *UserCertificates) GetX509Der() []byte

func (*UserCertificates) ProtoMessage 

func (*UserCertificates) ProtoMessage()

func (*UserCertificates) ProtoReflect 

func (x *UserCertificates) ProtoReflect() protoreflect.Message

func (*UserCertificates) Reset 

func (x *UserCertificates) Reset()

func (*UserCertificates) String 

func (x *UserCertificates) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.