Documentation
¶
Index ¶
- Variables
- func CARootFromStructsCARoot(t *structs.CARoot, s *CARoot)
- func CARootToStructs(in *CARoot) (*structs.CARoot, error)
- func CARootToStructsCARoot(s *CARoot, t *structs.CARoot)
- func CARootsFromStructsIndexedCARoots(t *structs.IndexedCARoots, s *CARoots)
- func CARootsToStructs(in *CARoots) (*structs.IndexedCARoots, error)
- func CARootsToStructsIndexedCARoots(s *CARoots, t *structs.IndexedCARoots)
- func EnterpriseMetaFrom(f acl.EnterpriseMeta) *pbcommon.EnterpriseMeta
- func EnterpriseMetaTo(f *pbcommon.EnterpriseMeta) acl.EnterpriseMeta
- func IssuedCertFromStructsIssuedCert(t *structs.IssuedCert, s *IssuedCert)
- func IssuedCertToStructs(in *IssuedCert) (*structs.IssuedCert, error)
- func IssuedCertToStructsIssuedCert(s *IssuedCert, t *structs.IssuedCert)
- func QueryMetaFrom(f structs.QueryMeta) *pbcommon.QueryMeta
- func QueryMetaTo(f *pbcommon.QueryMeta) structs.QueryMeta
- func RaftIndexFrom(f structs.RaftIndex) *pbcommon.RaftIndex
- func RaftIndexTo(f *pbcommon.RaftIndex) structs.RaftIndex
- type CARoot
- func (*CARoot) Descriptor() ([]byte, []int)deprecated
- func (x *CARoot) GetActive() bool
- func (x *CARoot) GetExternalTrustDomain() string
- func (x *CARoot) GetID() string
- func (x *CARoot) GetIntermediateCerts() []string
- func (x *CARoot) GetName() string
- func (x *CARoot) GetNotAfter() *timestamppb.Timestamp
- func (x *CARoot) GetNotBefore() *timestamppb.Timestamp
- func (x *CARoot) GetPrivateKeyBits() int32
- func (x *CARoot) GetPrivateKeyType() string
- func (x *CARoot) GetRaftIndex() *pbcommon.RaftIndex
- func (x *CARoot) GetRootCert() string
- func (x *CARoot) GetRotatedOutAt() *timestamppb.Timestamp
- func (x *CARoot) GetSerialNumber() uint64
- func (x *CARoot) GetSigningCert() string
- func (x *CARoot) GetSigningKey() string
- func (x *CARoot) GetSigningKeyID() string
- func (msg *CARoot) MarshalBinary() ([]byte, error)
- func (*CARoot) ProtoMessage()
- func (x *CARoot) ProtoReflect() protoreflect.Message
- func (x *CARoot) Reset()
- func (x *CARoot) String() string
- func (msg *CARoot) UnmarshalBinary(b []byte) error
- type CARoots
- func (*CARoots) Descriptor() ([]byte, []int)deprecated
- func (x *CARoots) GetActiveRootID() string
- func (x *CARoots) GetQueryMeta() *pbcommon.QueryMeta
- func (x *CARoots) GetRoots() []*CARoot
- func (x *CARoots) GetTrustDomain() string
- func (msg *CARoots) MarshalBinary() ([]byte, error)
- func (*CARoots) ProtoMessage()
- func (x *CARoots) ProtoReflect() protoreflect.Message
- func (x *CARoots) Reset()
- func (x *CARoots) String() string
- func (msg *CARoots) UnmarshalBinary(b []byte) error
- type IssuedCert
- func (*IssuedCert) Descriptor() ([]byte, []int)deprecated
- func (x *IssuedCert) GetAgent() string
- func (x *IssuedCert) GetAgentURI() string
- func (x *IssuedCert) GetCertPEM() string
- func (x *IssuedCert) GetEnterpriseMeta() *pbcommon.EnterpriseMeta
- func (x *IssuedCert) GetKind() string
- func (x *IssuedCert) GetKindURI() string
- func (x *IssuedCert) GetPrivateKeyPEM() string
- func (x *IssuedCert) GetRaftIndex() *pbcommon.RaftIndex
- func (x *IssuedCert) GetSerialNumber() string
- func (x *IssuedCert) GetServerURI() string
- func (x *IssuedCert) GetService() string
- func (x *IssuedCert) GetServiceURI() string
- func (x *IssuedCert) GetValidAfter() *timestamppb.Timestamp
- func (x *IssuedCert) GetValidBefore() *timestamppb.Timestamp
- func (msg *IssuedCert) MarshalBinary() ([]byte, error)
- func (*IssuedCert) ProtoMessage()
- func (x *IssuedCert) ProtoReflect() protoreflect.Message
- func (x *IssuedCert) Reset()
- func (x *IssuedCert) String() string
- func (msg *IssuedCert) UnmarshalBinary(b []byte) error
Constants ¶
This section is empty.
Variables ¶
View Source
var File_private_pbconnect_connect_proto protoreflect.FileDescriptor
Functions ¶
func CARootFromStructsCARoot ¶
func CARootToStructsCARoot ¶
func CARootsFromStructsIndexedCARoots ¶
func CARootsFromStructsIndexedCARoots(t *structs.IndexedCARoots, s *CARoots)
func CARootsToStructs ¶
func CARootsToStructs(in *CARoots) (*structs.IndexedCARoots, error)
func CARootsToStructsIndexedCARoots ¶
func CARootsToStructsIndexedCARoots(s *CARoots, t *structs.IndexedCARoots)
func EnterpriseMetaFrom ¶
func EnterpriseMetaFrom(f acl.EnterpriseMeta) *pbcommon.EnterpriseMeta
func EnterpriseMetaTo ¶
func EnterpriseMetaTo(f *pbcommon.EnterpriseMeta) acl.EnterpriseMeta
func IssuedCertFromStructsIssuedCert ¶
func IssuedCertFromStructsIssuedCert(t *structs.IssuedCert, s *IssuedCert)
func IssuedCertToStructs ¶
func IssuedCertToStructs(in *IssuedCert) (*structs.IssuedCert, error)
func IssuedCertToStructsIssuedCert ¶
func IssuedCertToStructsIssuedCert(s *IssuedCert, t *structs.IssuedCert)
Types ¶
type CARoot ¶
type CARoot struct {
// ID is a globally unique ID (UUID) representing this CA root.
ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"`
// Name is a human-friendly name for this CA root. This value is
// opaque to Consul and is not used for anything internally.
Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"Name,omitempty"`
// SerialNumber is the x509 serial number of the certificate.
SerialNumber uint64 `protobuf:"varint,3,opt,name=SerialNumber,proto3" json:"SerialNumber,omitempty"`
// SigningKeyID is the ID of the public key that corresponds to the private
// key used to sign leaf certificates. Is is the HexString format of the
// raw AuthorityKeyID bytes.
SigningKeyID string `protobuf:"bytes,4,opt,name=SigningKeyID,proto3" json:"SigningKeyID,omitempty"`
// ExternalTrustDomain is the trust domain this root was generated under. It
// is usually empty implying "the current cluster trust-domain". It is set
// only in the case that a cluster changes trust domain and then all old roots
// that are still trusted have the old trust domain set here.
//
// We currently DON'T validate these trust domains explicitly anywhere, see
// IndexedRoots.TrustDomain doc. We retain this information for debugging and
// future flexibility.
ExternalTrustDomain string `protobuf:"bytes,5,opt,name=ExternalTrustDomain,proto3" json:"ExternalTrustDomain,omitempty"`
// Time validity bounds.
// mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto
NotBefore *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=NotBefore,proto3" json:"NotBefore,omitempty"`
// mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto
NotAfter *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=NotAfter,proto3" json:"NotAfter,omitempty"`
// RootCert is the PEM-encoded public certificate.
RootCert string `protobuf:"bytes,8,opt,name=RootCert,proto3" json:"RootCert,omitempty"`
// IntermediateCerts is a list of PEM-encoded intermediate certs to
// attach to any leaf certs signed by this CA.
IntermediateCerts []string `protobuf:"bytes,9,rep,name=IntermediateCerts,proto3" json:"IntermediateCerts,omitempty"`
// SigningCert is the PEM-encoded signing certificate and SigningKey
// is the PEM-encoded private key for the signing certificate. These
// may actually be empty if the CA plugin in use manages these for us.
SigningCert string `protobuf:"bytes,10,opt,name=SigningCert,proto3" json:"SigningCert,omitempty"`
SigningKey string `protobuf:"bytes,11,opt,name=SigningKey,proto3" json:"SigningKey,omitempty"`
// Active is true if this is the current active CA. This must only
// be true for exactly one CA. For any method that modifies roots in the
// state store, tests should be written to verify that multiple roots
// cannot be active.
Active bool `protobuf:"varint,12,opt,name=Active,proto3" json:"Active,omitempty"`
// RotatedOutAt is the time at which this CA was removed from the state.
// This will only be set on roots that have been rotated out from being the
// active root.
// mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto
RotatedOutAt *timestamppb.Timestamp `protobuf:"bytes,13,opt,name=RotatedOutAt,proto3" json:"RotatedOutAt,omitempty"`
// PrivateKeyType is the type of the private key used to sign certificates. It
// may be "rsa" or "ec". This is provided as a convenience to avoid parsing
// the public key to from the certificate to infer the type.
PrivateKeyType string `protobuf:"bytes,14,opt,name=PrivateKeyType,proto3" json:"PrivateKeyType,omitempty"`
// PrivateKeyBits is the length of the private key used to sign certificates.
// This is provided as a convenience to avoid parsing the public key from the
// certificate to infer the type.
// mog: func-to=int func-from=int32
PrivateKeyBits int32 `protobuf:"varint,15,opt,name=PrivateKeyBits,proto3" json:"PrivateKeyBits,omitempty"`
// mog: func-to=RaftIndexTo func-from=RaftIndexFrom
RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,16,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"`
// contains filtered or unexported fields
}
CARoot is the trusted CA Root.
mog annotation:
target=github.com/hernad/consul/agent/structs.CARoot output=connect.gen.go name=StructsCARoot
func (*CARoot) Descriptor
deprecated
func (*CARoot) GetExternalTrustDomain ¶
func (*CARoot) GetIntermediateCerts ¶
func (*CARoot) GetNotAfter ¶
func (x *CARoot) GetNotAfter() *timestamppb.Timestamp
func (*CARoot) GetNotBefore ¶
func (x *CARoot) GetNotBefore() *timestamppb.Timestamp
func (*CARoot) GetPrivateKeyBits ¶
func (*CARoot) GetPrivateKeyType ¶
func (*CARoot) GetRaftIndex ¶
func (*CARoot) GetRootCert ¶
func (*CARoot) GetRotatedOutAt ¶
func (x *CARoot) GetRotatedOutAt() *timestamppb.Timestamp
func (*CARoot) GetSerialNumber ¶
func (*CARoot) GetSigningCert ¶
func (*CARoot) GetSigningKey ¶
func (*CARoot) GetSigningKeyID ¶
func (*CARoot) MarshalBinary ¶
MarshalBinary implements encoding.BinaryMarshaler
func (*CARoot) ProtoMessage ¶
func (*CARoot) ProtoMessage()
func (*CARoot) ProtoReflect ¶
func (x *CARoot) ProtoReflect() protoreflect.Message
func (*CARoot) UnmarshalBinary ¶
UnmarshalBinary implements encoding.BinaryUnmarshaler
type CARoots ¶
type CARoots struct {
// ActiveRootID is the ID of a root in Roots that is the active CA root.
// Other roots are still valid if they're in the Roots list but are in
// the process of being rotated out.
ActiveRootID string `protobuf:"bytes,1,opt,name=ActiveRootID,proto3" json:"ActiveRootID,omitempty"`
// TrustDomain is the identification root for this Consul cluster. All
// certificates signed by the cluster's CA must have their identifying URI in
// this domain.
//
// This does not include the protocol (currently spiffe://) since we may
// implement other protocols in future with equivalent semantics. It should be
// compared against the "authority" section of a URI (i.e. host:port).
//
// We need to support migrating a cluster between trust domains to support
// Multi-DC migration in Enterprise. In this case the current trust domain is
// here but entries in Roots may also have ExternalTrustDomain set to a
// non-empty value implying they were previous roots that are still trusted
// but under a different trust domain.
//
// Note that we DON'T validate trust domain during AuthZ since it causes
// issues of loss of connectivity during migration between trust domains. The
// only time the additional validation adds value is where the cluster shares
// an external root (e.g. organization-wide root) with another distinct Consul
// cluster or PKI system. In this case, x509 Name Constraints can be added to
// enforce that Consul's CA can only validly sign or trust certs within the
// same trust-domain. Name constraints as enforced by TLS handshake also allow
// seamless rotation between trust domains thanks to cross-signing.
TrustDomain string `protobuf:"bytes,2,opt,name=TrustDomain,proto3" json:"TrustDomain,omitempty"`
// Roots is a list of root CA certs to trust.
Roots []*CARoot `protobuf:"bytes,3,rep,name=Roots,proto3" json:"Roots,omitempty"`
// QueryMeta here is mainly used to contain the latest Raft Index that could
// be used to perform a blocking query.
// mog: func-to=QueryMetaTo func-from=QueryMetaFrom
QueryMeta *pbcommon.QueryMeta `protobuf:"bytes,4,opt,name=QueryMeta,proto3" json:"QueryMeta,omitempty"`
// contains filtered or unexported fields
}
CARoots is the list of all currently trusted CA Roots.
mog annotation:
target=github.com/hernad/consul/agent/structs.IndexedCARoots output=connect.gen.go name=StructsIndexedCARoots
func NewCARootsFromStructs ¶
func NewCARootsFromStructs(in *structs.IndexedCARoots) (*CARoots, error)
func (*CARoots) Descriptor
deprecated
func (*CARoots) GetActiveRootID ¶
func (*CARoots) GetQueryMeta ¶
func (*CARoots) GetTrustDomain ¶
func (*CARoots) MarshalBinary ¶
MarshalBinary implements encoding.BinaryMarshaler
func (*CARoots) ProtoMessage ¶
func (*CARoots) ProtoMessage()
func (*CARoots) ProtoReflect ¶
func (x *CARoots) ProtoReflect() protoreflect.Message
func (*CARoots) UnmarshalBinary ¶
UnmarshalBinary implements encoding.BinaryUnmarshaler
type IssuedCert ¶
type IssuedCert struct {
// SerialNumber is the unique serial number for this certificate.
// This is encoded in standard hex separated by :.
SerialNumber string `protobuf:"bytes,1,opt,name=SerialNumber,proto3" json:"SerialNumber,omitempty"`
// CertPEM and PrivateKeyPEM are the PEM-encoded certificate and private
// key for that cert, respectively. This should not be stored in the
// state store, but is present in the sign API response.
CertPEM string `protobuf:"bytes,2,opt,name=CertPEM,proto3" json:"CertPEM,omitempty"`
PrivateKeyPEM string `protobuf:"bytes,3,opt,name=PrivateKeyPEM,proto3" json:"PrivateKeyPEM,omitempty"`
// Service is the name of the service for which the cert was issued.
Service string `protobuf:"bytes,4,opt,name=Service,proto3" json:"Service,omitempty"`
// ServiceURI is the cert URI value.
ServiceURI string `protobuf:"bytes,5,opt,name=ServiceURI,proto3" json:"ServiceURI,omitempty"`
// Agent is the name of the node for which the cert was issued.
Agent string `protobuf:"bytes,6,opt,name=Agent,proto3" json:"Agent,omitempty"`
// AgentURI is the cert URI value.
AgentURI string `protobuf:"bytes,7,opt,name=AgentURI,proto3" json:"AgentURI,omitempty"`
// Kind is the kind of service for which the cert was issued.
// mog: func-to=structs.ServiceKind func-from=string
Kind string `protobuf:"bytes,12,opt,name=Kind,proto3" json:"Kind,omitempty"`
// KindURI is the cert URI value.
KindURI string `protobuf:"bytes,13,opt,name=KindURI,proto3" json:"KindURI,omitempty"`
// ServerURI is the URI value of a cert issued for a server agent.
// The same URI is shared by all servers in a Consul datacenter.
ServerURI string `protobuf:"bytes,14,opt,name=ServerURI,proto3" json:"ServerURI,omitempty"`
// ValidAfter and ValidBefore are the validity periods for the
// certificate.
// mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto
ValidAfter *timestamppb.Timestamp `protobuf:"bytes,8,opt,name=ValidAfter,proto3" json:"ValidAfter,omitempty"`
// mog: func-to=structs.TimeFromProto func-from=structs.TimeToProto
ValidBefore *timestamppb.Timestamp `protobuf:"bytes,9,opt,name=ValidBefore,proto3" json:"ValidBefore,omitempty"`
// EnterpriseMeta is the Consul Enterprise specific metadata
// mog: func-to=EnterpriseMetaTo func-from=EnterpriseMetaFrom
EnterpriseMeta *pbcommon.EnterpriseMeta `protobuf:"bytes,10,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"`
// mog: func-to=RaftIndexTo func-from=RaftIndexFrom
RaftIndex *pbcommon.RaftIndex `protobuf:"bytes,11,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"`
// contains filtered or unexported fields
}
RaftIndex is used to track the index used while creating or modifying a given struct type.
mog annotation:
target=github.com/hernad/consul/agent/structs.IssuedCert output=connect.gen.go name=StructsIssuedCert
func NewIssuedCertFromStructs ¶
func NewIssuedCertFromStructs(in *structs.IssuedCert) (*IssuedCert, error)
func (*IssuedCert) Descriptor
deprecated
func (*IssuedCert) Descriptor() ([]byte, []int)
Deprecated: Use IssuedCert.ProtoReflect.Descriptor instead.
func (*IssuedCert) GetAgent ¶
func (x *IssuedCert) GetAgent() string
func (*IssuedCert) GetAgentURI ¶
func (x *IssuedCert) GetAgentURI() string
func (*IssuedCert) GetCertPEM ¶
func (x *IssuedCert) GetCertPEM() string
func (*IssuedCert) GetEnterpriseMeta ¶
func (x *IssuedCert) GetEnterpriseMeta() *pbcommon.EnterpriseMeta
func (*IssuedCert) GetKind ¶
func (x *IssuedCert) GetKind() string
func (*IssuedCert) GetKindURI ¶
func (x *IssuedCert) GetKindURI() string
func (*IssuedCert) GetPrivateKeyPEM ¶
func (x *IssuedCert) GetPrivateKeyPEM() string
func (*IssuedCert) GetRaftIndex ¶
func (x *IssuedCert) GetRaftIndex() *pbcommon.RaftIndex
func (*IssuedCert) GetSerialNumber ¶
func (x *IssuedCert) GetSerialNumber() string
func (*IssuedCert) GetServerURI ¶
func (x *IssuedCert) GetServerURI() string
func (*IssuedCert) GetService ¶
func (x *IssuedCert) GetService() string
func (*IssuedCert) GetServiceURI ¶
func (x *IssuedCert) GetServiceURI() string
func (*IssuedCert) GetValidAfter ¶
func (x *IssuedCert) GetValidAfter() *timestamppb.Timestamp
func (*IssuedCert) GetValidBefore ¶
func (x *IssuedCert) GetValidBefore() *timestamppb.Timestamp
func (*IssuedCert) MarshalBinary ¶
func (msg *IssuedCert) MarshalBinary() ([]byte, error)
MarshalBinary implements encoding.BinaryMarshaler
func (*IssuedCert) ProtoMessage ¶
func (*IssuedCert) ProtoMessage()
func (*IssuedCert) ProtoReflect ¶
func (x *IssuedCert) ProtoReflect() protoreflect.Message
func (*IssuedCert) Reset ¶
func (x *IssuedCert) Reset()
func (*IssuedCert) String ¶
func (x *IssuedCert) String() string
func (*IssuedCert) UnmarshalBinary ¶
func (msg *IssuedCert) UnmarshalBinary(b []byte) error
UnmarshalBinary implements encoding.BinaryUnmarshaler
Source Files
Click to show internal directories.
Click to hide internal directories.