...

Package identity

import "github.com/linkerd/linkerd2-proxy-api/go/identity"
Overview
Index

Overview ▾

Constants

const (
    Identity_Certify_FullMethodName = "/io.linkerd.proxy.identity.Identity/Certify"
)

Variables

var File_identity_proto protoreflect.FileDescriptor

Identity_ServiceDesc is the grpc.ServiceDesc for Identity service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy) 

var Identity_ServiceDesc = grpc.ServiceDesc{
    ServiceName: "io.linkerd.proxy.identity.Identity",
    HandlerType: (*IdentityServer)(nil),
    Methods: []grpc.MethodDesc{
        {
            MethodName: "Certify",
            Handler:    _Identity_Certify_Handler,
        },
    },
    Streams:  []grpc.StreamDesc{},
    Metadata: "identity.proto",
}

func RegisterIdentityServer 

func RegisterIdentityServer(s grpc.ServiceRegistrar, srv IdentityServer)

type CertifyRequest 

type CertifyRequest struct {
    Identity string `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"`
    // Proof of the requester's identity.
    //
    // In Kubernetes, for instance, this is the contents of a service account
    // token.
    Token []byte `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"`
    // A PEM-encoded x509 Certificate Signing Request.
    CertificateSigningRequest []byte `protobuf:"bytes,3,opt,name=certificate_signing_request,json=certificateSigningRequest,proto3" json:"certificate_signing_request,omitempty"`
    // contains filtered or unexported fields
}

func (*CertifyRequest) Descriptor 

func (*CertifyRequest) Descriptor() ([]byte, []int)

Deprecated: Use CertifyRequest.ProtoReflect.Descriptor instead.

func (*CertifyRequest) GetCertificateSigningRequest 

func (x *CertifyRequest) GetCertificateSigningRequest() []byte

func (*CertifyRequest) GetIdentity 

func (x *CertifyRequest) GetIdentity() string

func (*CertifyRequest) GetToken 

func (x *CertifyRequest) GetToken() []byte

func (*CertifyRequest) ProtoMessage 

func (*CertifyRequest) ProtoMessage()

func (*CertifyRequest) ProtoReflect 

func (x *CertifyRequest) ProtoReflect() protoreflect.Message

func (*CertifyRequest) Reset 

func (x *CertifyRequest) Reset()

func (*CertifyRequest) String 

func (x *CertifyRequest) String() string

type CertifyResponse 

type CertifyResponse struct {

    // A PEM-encoded x509 Certificate.
    LeafCertificate []byte `protobuf:"bytes,1,opt,name=leaf_certificate,json=leafCertificate,proto3" json:"leaf_certificate,omitempty"`
    // A list of PEM-encoded x509 Certificates that establish the trust chain
    // between the leaf_certificate and the well-known trust anchors.
    IntermediateCertificates [][]byte             `protobuf:"bytes,2,rep,name=intermediate_certificates,json=intermediateCertificates,proto3" json:"intermediate_certificates,omitempty"`
    ValidUntil               *timestamp.Timestamp `protobuf:"bytes,3,opt,name=valid_until,json=validUntil,proto3" json:"valid_until,omitempty"`
    // contains filtered or unexported fields
}

func (*CertifyResponse) Descriptor 

func (*CertifyResponse) Descriptor() ([]byte, []int)

Deprecated: Use CertifyResponse.ProtoReflect.Descriptor instead.

func (*CertifyResponse) GetIntermediateCertificates 

func (x *CertifyResponse) GetIntermediateCertificates() [][]byte

func (*CertifyResponse) GetLeafCertificate 

func (x *CertifyResponse) GetLeafCertificate() []byte

func (*CertifyResponse) GetValidUntil 

func (x *CertifyResponse) GetValidUntil() *timestamp.Timestamp

func (*CertifyResponse) ProtoMessage 

func (*CertifyResponse) ProtoMessage()

func (*CertifyResponse) ProtoReflect 

func (x *CertifyResponse) ProtoReflect() protoreflect.Message

func (*CertifyResponse) Reset 

func (x *CertifyResponse) Reset()

func (*CertifyResponse) String 

func (x *CertifyResponse) String() string

type IdentityClient

IdentityClient is the client API for Identity service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. 

type IdentityClient interface {
    // Requests that a time-bounded certificate be signed.
    //
    // The requester must provide a token that verifies the client's identity and
    // a Certificate Signing Request that adheres to the service naming rules.
    //
    // Errors are returned when the provided request is invalid or when
    // authentication cannot be performed.
    Certify(ctx context.Context, in *CertifyRequest, opts ...grpc.CallOption) (*CertifyResponse, error)
}

func NewIdentityClient 

func NewIdentityClient(cc grpc.ClientConnInterface) IdentityClient

type IdentityServer

IdentityServer is the server API for Identity service. All implementations must embed UnimplementedIdentityServer for forward compatibility 

type IdentityServer interface {
    // Requests that a time-bounded certificate be signed.
    //
    // The requester must provide a token that verifies the client's identity and
    // a Certificate Signing Request that adheres to the service naming rules.
    //
    // Errors are returned when the provided request is invalid or when
    // authentication cannot be performed.
    Certify(context.Context, *CertifyRequest) (*CertifyResponse, error)
    // contains filtered or unexported methods
}

type UnimplementedIdentityServer

UnimplementedIdentityServer must be embedded to have forward compatible implementations. 

type UnimplementedIdentityServer struct {
}

func (UnimplementedIdentityServer) Certify 

func (UnimplementedIdentityServer) Certify(context.Context, *CertifyRequest) (*CertifyResponse, error)

type UnsafeIdentityServer

UnsafeIdentityServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to IdentityServer will result in compilation errors. 

type UnsafeIdentityServer interface {
    // contains filtered or unexported methods
}