v2

package

v0.30.0 Latest Latest Go to latest Published: Apr 17, 2024 License: Apache-2.0 Imports: 7 Imported by: 8

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes/kms

Links

Open Source Insights

Documentation ¶

Overview ¶

Package v2 contains definition of kms-plugin's gRPC service.

Index ¶

func RegisterKeyManagementServiceServer(s *grpc.Server, srv KeyManagementServiceServer)
type DecryptRequest
type DecryptResponse
type EncryptRequest
type EncryptResponse
type KeyManagementServiceClient
- func NewKeyManagementServiceClient(cc *grpc.ClientConn) KeyManagementServiceClient
type KeyManagementServiceServer
type StatusRequest
type StatusResponse
type UnimplementedKeyManagementServiceServer

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func RegisterKeyManagementServiceServer ¶

func RegisterKeyManagementServiceServer(s *grpc.Server, srv KeyManagementServiceServer)

Types ¶

type DecryptRequest ¶

type DecryptRequest struct {
	// The data to be decrypted.
	Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// UID is a unique identifier for the request.
	Uid string `protobuf:"bytes,2,opt,name=uid,proto3" json:"uid,omitempty"`
	// The keyID that was provided to the apiserver during encryption.
	// This represents the KMS KEK that was used to encrypt the data.
	KeyId string `protobuf:"bytes,3,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// Additional metadata that was sent by the KMS plugin during encryption.
	Annotations          map[string][]byte `` /* 163-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

func (*DecryptRequest) Descriptor ¶

func (*DecryptRequest) Descriptor() ([]byte, []int)

func (*DecryptRequest) GetAnnotations ¶

func (m *DecryptRequest) GetAnnotations() map[string][]byte

func (*DecryptRequest) GetCiphertext ¶

func (m *DecryptRequest) GetCiphertext() []byte

func (*DecryptRequest) GetKeyId ¶

func (m *DecryptRequest) GetKeyId() string

func (*DecryptRequest) GetUid ¶

func (m *DecryptRequest) GetUid() string

func (*DecryptRequest) ProtoMessage ¶

func (*DecryptRequest) ProtoMessage()

func (*DecryptRequest) Reset ¶

func (m *DecryptRequest) Reset()

func (*DecryptRequest) String ¶

func (m *DecryptRequest) String() string

func (*DecryptRequest) XXX_DiscardUnknown ¶

func (m *DecryptRequest) XXX_DiscardUnknown()

func (*DecryptRequest) XXX_Marshal ¶

func (m *DecryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DecryptRequest) XXX_Merge ¶

func (m *DecryptRequest) XXX_Merge(src proto.Message)

func (*DecryptRequest) XXX_Size ¶

func (m *DecryptRequest) XXX_Size() int

func (*DecryptRequest) XXX_Unmarshal ¶

func (m *DecryptRequest) XXX_Unmarshal(b []byte) error

type DecryptResponse ¶

type DecryptResponse struct {
	// The decrypted data.
	Plaintext            []byte   `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*DecryptResponse) Descriptor ¶

func (*DecryptResponse) Descriptor() ([]byte, []int)

func (*DecryptResponse) GetPlaintext ¶

func (m *DecryptResponse) GetPlaintext() []byte

func (*DecryptResponse) ProtoMessage ¶

func (*DecryptResponse) ProtoMessage()

func (*DecryptResponse) Reset ¶

func (m *DecryptResponse) Reset()

func (*DecryptResponse) String ¶

func (m *DecryptResponse) String() string

func (*DecryptResponse) XXX_DiscardUnknown ¶

func (m *DecryptResponse) XXX_DiscardUnknown()

func (*DecryptResponse) XXX_Marshal ¶

func (m *DecryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*DecryptResponse) XXX_Merge ¶

func (m *DecryptResponse) XXX_Merge(src proto.Message)

func (*DecryptResponse) XXX_Size ¶

func (m *DecryptResponse) XXX_Size() int

func (*DecryptResponse) XXX_Unmarshal ¶

func (m *DecryptResponse) XXX_Unmarshal(b []byte) error

type EncryptRequest ¶

type EncryptRequest struct {
	// The data to be encrypted.
	Plaintext []byte `protobuf:"bytes,1,opt,name=plaintext,proto3" json:"plaintext,omitempty"`
	// UID is a unique identifier for the request.
	Uid                  string   `protobuf:"bytes,2,opt,name=uid,proto3" json:"uid,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*EncryptRequest) Descriptor ¶

func (*EncryptRequest) Descriptor() ([]byte, []int)

func (*EncryptRequest) GetPlaintext ¶

func (m *EncryptRequest) GetPlaintext() []byte

func (*EncryptRequest) GetUid ¶

func (m *EncryptRequest) GetUid() string

func (*EncryptRequest) ProtoMessage ¶

func (*EncryptRequest) ProtoMessage()

func (*EncryptRequest) Reset ¶

func (m *EncryptRequest) Reset()

func (*EncryptRequest) String ¶

func (m *EncryptRequest) String() string

func (*EncryptRequest) XXX_DiscardUnknown ¶

func (m *EncryptRequest) XXX_DiscardUnknown()

func (*EncryptRequest) XXX_Marshal ¶

func (m *EncryptRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EncryptRequest) XXX_Merge ¶

func (m *EncryptRequest) XXX_Merge(src proto.Message)

func (*EncryptRequest) XXX_Size ¶

func (m *EncryptRequest) XXX_Size() int

func (*EncryptRequest) XXX_Unmarshal ¶

func (m *EncryptRequest) XXX_Unmarshal(b []byte) error

type EncryptResponse ¶

type EncryptResponse struct {
	// The encrypted data.
	// ciphertext must satisfy the following constraints:
	// 1. The ciphertext is not empty.
	// 2. The ciphertext is less than 1 kB.
	Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"`
	// The KMS key ID used to encrypt the data. This must always refer to the KMS KEK and not any local KEKs that may be in use.
	// This can be used to inform staleness of data updated via value.Transformer.TransformFromStorage.
	// keyID must satisfy the following constraints:
	// 1. The keyID is not empty.
	// 2. The size of keyID is less than 1 kB.
	KeyId string `protobuf:"bytes,2,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	// Additional metadata to be stored with the encrypted data.
	// This data is stored in plaintext in etcd. KMS plugin implementations are responsible for pre-encrypting any sensitive data.
	// Annotations must satisfy the following constraints:
	//  1. Annotation key must be a fully qualified domain name that conforms to the definition in DNS (RFC 1123).
	//  2. The size of annotations keys + values is less than 32 kB.
	Annotations          map[string][]byte `` /* 163-byte string literal not displayed */
	XXX_NoUnkeyedLiteral struct{}          `json:"-"`
	XXX_unrecognized     []byte            `json:"-"`
	XXX_sizecache        int32             `json:"-"`
}

func (*EncryptResponse) Descriptor ¶

func (*EncryptResponse) Descriptor() ([]byte, []int)

func (*EncryptResponse) GetAnnotations ¶

func (m *EncryptResponse) GetAnnotations() map[string][]byte

func (*EncryptResponse) GetCiphertext ¶

func (m *EncryptResponse) GetCiphertext() []byte

func (*EncryptResponse) GetKeyId ¶

func (m *EncryptResponse) GetKeyId() string

func (*EncryptResponse) ProtoMessage ¶

func (*EncryptResponse) ProtoMessage()

func (*EncryptResponse) Reset ¶

func (m *EncryptResponse) Reset()

func (*EncryptResponse) String ¶

func (m *EncryptResponse) String() string

func (*EncryptResponse) XXX_DiscardUnknown ¶

func (m *EncryptResponse) XXX_DiscardUnknown()

func (*EncryptResponse) XXX_Marshal ¶

func (m *EncryptResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*EncryptResponse) XXX_Merge ¶

func (m *EncryptResponse) XXX_Merge(src proto.Message)

func (*EncryptResponse) XXX_Size ¶

func (m *EncryptResponse) XXX_Size() int

func (*EncryptResponse) XXX_Unmarshal ¶

func (m *EncryptResponse) XXX_Unmarshal(b []byte) error

type KeyManagementServiceClient ¶

type KeyManagementServiceClient interface {
	// this API is meant to be polled
	Status(ctx context.Context, in *StatusRequest, opts ...grpc.CallOption) (*StatusResponse, error)
	// Execute decryption operation in KMS provider.
	Decrypt(ctx context.Context, in *DecryptRequest, opts ...grpc.CallOption) (*DecryptResponse, error)
	// Execute encryption operation in KMS provider.
	Encrypt(ctx context.Context, in *EncryptRequest, opts ...grpc.CallOption) (*EncryptResponse, error)
}

KeyManagementServiceClient is the client API for KeyManagementService service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewKeyManagementServiceClient ¶

func NewKeyManagementServiceClient(cc *grpc.ClientConn) KeyManagementServiceClient

type KeyManagementServiceServer ¶

type KeyManagementServiceServer interface {
	// this API is meant to be polled
	Status(context.Context, *StatusRequest) (*StatusResponse, error)
	// Execute decryption operation in KMS provider.
	Decrypt(context.Context, *DecryptRequest) (*DecryptResponse, error)
	// Execute encryption operation in KMS provider.
	Encrypt(context.Context, *EncryptRequest) (*EncryptResponse, error)
}

KeyManagementServiceServer is the server API for KeyManagementService service.

type StatusRequest ¶

type StatusRequest struct {
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*StatusRequest) Descriptor ¶

func (*StatusRequest) Descriptor() ([]byte, []int)

func (*StatusRequest) ProtoMessage ¶

func (*StatusRequest) ProtoMessage()

func (*StatusRequest) Reset ¶

func (m *StatusRequest) Reset()

func (*StatusRequest) String ¶

func (m *StatusRequest) String() string

func (*StatusRequest) XXX_DiscardUnknown ¶

func (m *StatusRequest) XXX_DiscardUnknown()

func (*StatusRequest) XXX_Marshal ¶

func (m *StatusRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*StatusRequest) XXX_Merge ¶

func (m *StatusRequest) XXX_Merge(src proto.Message)

func (*StatusRequest) XXX_Size ¶

func (m *StatusRequest) XXX_Size() int

func (*StatusRequest) XXX_Unmarshal ¶

func (m *StatusRequest) XXX_Unmarshal(b []byte) error

type StatusResponse ¶

type StatusResponse struct {
	// Version of the KMS gRPC plugin API. Must equal v2 to v2beta1 (v2 is recommended, but both are equivalent).
	Version string `protobuf:"bytes,1,opt,name=version,proto3" json:"version,omitempty"`
	// Any value other than "ok" is failing healthz.  On failure, the associated API server healthz endpoint will contain this value as part of the error message.
	Healthz string `protobuf:"bytes,2,opt,name=healthz,proto3" json:"healthz,omitempty"`
	// the current write key, used to determine staleness of data updated via value.Transformer.TransformFromStorage.
	// keyID must satisfy the following constraints:
	// 1. The keyID is not empty.
	// 2. The size of keyID is less than 1 kB.
	KeyId                string   `protobuf:"bytes,3,opt,name=key_id,json=keyId,proto3" json:"key_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*StatusResponse) Descriptor ¶

func (*StatusResponse) Descriptor() ([]byte, []int)

func (*StatusResponse) GetHealthz ¶

func (m *StatusResponse) GetHealthz() string

func (*StatusResponse) GetKeyId ¶

func (m *StatusResponse) GetKeyId() string

func (*StatusResponse) GetVersion ¶

func (m *StatusResponse) GetVersion() string

func (*StatusResponse) ProtoMessage ¶

func (*StatusResponse) ProtoMessage()

func (*StatusResponse) Reset ¶

func (m *StatusResponse) Reset()

func (*StatusResponse) String ¶

func (m *StatusResponse) String() string

func (*StatusResponse) XXX_DiscardUnknown ¶

func (m *StatusResponse) XXX_DiscardUnknown()

func (*StatusResponse) XXX_Marshal ¶

func (m *StatusResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*StatusResponse) XXX_Merge ¶

func (m *StatusResponse) XXX_Merge(src proto.Message)

func (*StatusResponse) XXX_Size ¶

func (m *StatusResponse) XXX_Size() int

func (*StatusResponse) XXX_Unmarshal ¶

func (m *StatusResponse) XXX_Unmarshal(b []byte) error

type UnimplementedKeyManagementServiceServer ¶

type UnimplementedKeyManagementServiceServer struct {
}

UnimplementedKeyManagementServiceServer can be embedded to have forward compatible implementations.

func (*UnimplementedKeyManagementServiceServer) Decrypt ¶

func (*UnimplementedKeyManagementServiceServer) Decrypt(ctx context.Context, req *DecryptRequest) (*DecryptResponse, error)

func (*UnimplementedKeyManagementServiceServer) Encrypt ¶

func (*UnimplementedKeyManagementServiceServer) Encrypt(ctx context.Context, req *EncryptRequest) (*EncryptResponse, error)

func (*UnimplementedKeyManagementServiceServer) Status ¶

func (*UnimplementedKeyManagementServiceServer) Status(ctx context.Context, req *StatusRequest) (*StatusResponse, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL