Expand description
A Workload API client implementation to fetch X.509 and JWT materials.
§Examples
use spiffe::{WorkloadApiClient, X509BundleSet, X509Context, X509Svid};
use std::error::Error;
use tokio_stream::StreamExt;
let mut client =
WorkloadApiClient::new_from_path("unix:/tmp/spire-agent/public/api.sock").await?;
let target_audience = &["service1", "service2"];
// fetch a jwt token for the default identity with the target audience
let jwt_token = client.fetch_jwt_token(target_audience, None).await?;
// fetch the jwt token for the default identity and parses it as a `JwtSvid`
let jwt_svid = client.fetch_jwt_svid(target_audience, None).await?;
// fetch a set of jwt bundles (public keys for validating jwt token)
let jwt_bundles = client.fetch_jwt_bundles().await?;
// fetch the default X.509 SVID
let x509_svid: X509Svid = client.fetch_x509_svid().await?;
// fetch a set of X.509 bundles (X.509 public key authorities)
let x509_bundles: X509BundleSet = client.fetch_x509_bundles().await?;
// fetch all the X.509 materials (SVIDs and bundles)
let x509_context: X509Context = client.fetch_x509_context().await?;
// watch for updates on the X.509 context
let mut x509_context_stream = client.stream_x509_contexts().await?;
while let Some(x509_context_update) = x509_context_stream.next().await {
match x509_context_update {
Ok(context) => {
// handle the updated X509Context
}
Err(e) => {
// handle the error
}
}
}
Structs§
- This type represents a client to interact with the Workload API.