spiffe::workload_api::client

Struct WorkloadApiClient

Source 
pub struct WorkloadApiClient { /* private fields */ }
Expand description

This type represents a client to interact with the Workload API.

Supports one-shot calls and streaming updates for X.509 and JWT SVIDs and bundles. The client can be used to fetch the current SVIDs and bundles, as well as to subscribe for updates whenever the SVIDs or bundles change.

Implementations§

Source§

impl WorkloadApiClient

Source

pub async fn new_from_path(path: &str) -> Result<Self, GrpcClientError>

Creates a new instance of WorkloadApiClient by connecting to the specified socket path.

§Arguments
  • path - The path to the UNIX domain socket, which can optionally start with “unix:”.
§Returns
  • Result<Self, ClientError> - Returns an instance of WorkloadApiClient if successful, otherwise returns an error.
§Errors

This function will return an error if the provided socket path is invalid or if there are issues connecting.

Source

pub async fn default() -> Result<Self, GrpcClientError>

Creates a new WorkloadApiClient using the default socket endpoint address.

Requires that the environment variable SPIFFE_ENDPOINT_SOCKET be set with the path to the Workload API endpoint socket.

§Errors

The function returns a variant of GrpcClientError if environment variable is not set or if the provided socket path is not valid.

Source

pub fn new(conn: Channel) -> Result<Self, GrpcClientError>

Constructs a new WorkloadApiClient using the provided Tonic transport channel.

§Arguments
  • conn: A tonic::transport::Channel used for gRPC communication.
§Returns

A Result containing a WorkloadApiClient if successful, or a ClientError if an error occurs.

Source

pub async fn fetch_x509_svid(&mut self) -> Result<X509Svid, GrpcClientError>

Fetches a single X509 SPIFFE Verifiable Identity Document (SVID).

This method connects to the SPIFFE Workload API and returns the first X509 SVID in the response.

§Returns

On success, it returns a valid X509Svid which represents the parsed SVID. If the fetch operation or the parsing fails, it returns a GrpcClientError.

§Errors

Returns GrpcClientError if the gRPC call fails or if the SVID could not be parsed from the gRPC response.

Source

pub async fn fetch_all_x509_svids( &mut self, ) -> Result<Vec<X509Svid>, GrpcClientError>

Fetches all X509 SPIFFE Verifiable Identity Documents (SVIDs) available to the workload.

This method sends a request to the SPIFFE Workload API, retrieving a stream of X509 SVID responses. All SVIDs are then parsed and returned as a list.

§Returns

On success, it returns a Vec containing valid X509Svid instances, each representing a parsed SVID. If the fetch operation or any parsing fails, it returns a GrpcClientError.

§Errors

Returns GrpcClientError if the gRPC call fails, if the SVIDs could not be parsed from the gRPC response, or if the stream unexpectedly terminates.

Source

pub async fn fetch_x509_bundles( &mut self, ) -> Result<X509BundleSet, GrpcClientError>

Fetches X509BundleSet, that is a set of X509Bundle keyed by the trust domain to which they belong.

§Errors

The function returns a variant of GrpcClientError if there is en error connecting to the Workload API or there is a problem processing the response.

Source

pub async fn fetch_jwt_bundles( &mut self, ) -> Result<JwtBundleSet, GrpcClientError>

Fetches JwtBundleSet that is a set of JwtBundle keyed by the trust domain to which they belong.

§Errors

The function returns a variant of GrpcClientError if there is en error connecting to the Workload API or there is a problem processing the response.

Source

pub async fn fetch_x509_context( &mut self, ) -> Result<X509Context, GrpcClientError>

Fetches the X509Context, which contains all the X.509 materials, i.e. X509-SVIDs and X.509 bundles.

§Errors

The function returns a variant of GrpcClientError if there is en error connecting to the Workload API or there is a problem processing the response.

Source

pub async fn fetch_jwt_svid<T: AsRef<str> + ToString>( &mut self, audience: &[T], spiffe_id: Option<&SpiffeId>, ) -> Result<JwtSvid, GrpcClientError>

Fetches a JwtSvid parsing the JWT token in the Workload API response, for the given audience and spiffe_id.

§Arguments
  • audience - A list of audiences to include in the JWT token. Cannot be empty nor contain only empty strings.
  • spiffe_id - Optional SpiffeId for the token ‘sub’ claim. If not provided, the Workload API returns the default identity.
§Errors

The function returns a variant of GrpcClientError if there is en error connecting to the Workload API or there is a problem processing the response.

IMPORTANT: If there’s no registration entries with the requested SpiffeId mapped to the calling workload, it will return a GrpcClientError::EmptyResponse.

Source

pub async fn fetch_jwt_token<T: AsRef<str> + ToString>( &mut self, audience: &[T], spiffe_id: Option<&SpiffeId>, ) -> Result<String, GrpcClientError>

Fetches a JWT token for the given audience and SpiffeId.

§Arguments
  • audience - A list of audiences to include in the JWT token. Cannot be empty nor contain only empty strings.
  • spiffe_id - Optional reference SpiffeId for the token ‘sub’ claim. If not provided, the Workload API returns the default identity,
§Errors

The function returns a variant of GrpcClientError if there is en error connecting to the Workload API or there is a problem processing the response.

IMPORTANT: If there’s no registration entries with the requested SpiffeId mapped to the calling workload, it will return a GrpcClientError::EmptyResponse.

Source

pub async fn validate_jwt_token<T: AsRef<str> + ToString>( &mut self, audience: T, jwt_token: &str, ) -> Result<JwtSvid, GrpcClientError>

Validates a JWT SVID token against the given audience. Returns the JwtSvid parsed from the validated token.

§Arguments
  • audience - The audience of the validating party. Cannot be empty nor contain an empty string.
  • jwt_token - The JWT token to validate.
§Errors

The function returns a variant of GrpcClientError if there is en error connecting to the Workload API or there is a problem processing the response.

Source

pub async fn stream_x509_contexts( &mut self, ) -> Result<impl Stream<Item = Result<X509Context, GrpcClientError>>, GrpcClientError>

Watches the stream of X509Context updates.

This function establishes a stream with the Workload API to continuously receive updates for the X509Context. The returned stream can be used to asynchronously yield new X509Context updates as they become available.

§Returns

Returns a stream of Result<X509Context, ClientError>. Each item represents an updated X509Context or an error if there was a problem processing an update from the stream.

§Errors

The function can return an error variant of GrpcClientError in the following scenarios:

  • There’s an issue connecting to the Workload API.
  • An error occurs while setting up the stream.

Individual stream items might also be errors if there’s an issue processing the response for a specific update.

Source

pub async fn stream_x509_svids( &mut self, ) -> Result<impl Stream<Item = Result<X509Svid, GrpcClientError>>, GrpcClientError>

Watches the stream of X509Svid updates.

This function establishes a stream with the Workload API to continuously receive updates for the X509Svid. The returned stream can be used to asynchronously yield new X509Svid updates as they become available.

§Returns

Returns a stream of Result<X509Svid, ClientError>. Each item represents an updated X509Svid or an error if there was a problem processing an update from the stream.

§Errors

The function can return an error variant of GrpcClientError in the following scenarios:

  • There’s an issue connecting to the Workload API.
  • An error occurs while setting up the stream.

Individual stream items might also be errors if there’s an issue processing the response for a specific update.

Source

pub async fn stream_x509_bundles( &mut self, ) -> Result<impl Stream<Item = Result<X509BundleSet, GrpcClientError>>, GrpcClientError>

Watches the stream of X509BundleSet updates.

This function establishes a stream with the Workload API to continuously receive updates for the X509BundleSet. The returned stream can be used to asynchronously yield new X509BundleSet updates as they become available.

§Returns

Returns a stream of Result<X509BundleSet, ClientError>. Each item represents an updated X509BundleSet or an error if there was a problem processing an update from the stream.

§Errors

The function can return an error variant of GrpcClientError in the following scenarios:

  • There’s an issue connecting to the Workload API.
  • An error occurs while setting up the stream.

Individual stream items might also be errors if there’s an issue processing the response for a specific update.

Source

pub async fn stream_jwt_bundles( &mut self, ) -> Result<impl Stream<Item = Result<JwtBundleSet, GrpcClientError>>, GrpcClientError>

Watches the stream of JwtBundleSet updates.

This function establishes a stream with the Workload API to continuously receive updates for the JwtBundleSet. The returned stream can be used to asynchronously yield new JwtBundleSet updates as they become available.

§Returns

Returns a stream of Result<JwtBundleSet, ClientError>. Each item represents an updated JwtBundleSet or an error if there was a problem processing an update from the stream.

§Errors

The function can return an error variant of GrpcClientError in the following scenarios:

  • There’s an issue connecting to the Workload API.
  • An error occurs while setting up the stream.

Individual stream items might also be errors if there’s an issue processing the response for a specific update.

Trait Implementations§

Source§

impl Clone for WorkloadApiClient

Source§

fn clone(&self) -> WorkloadApiClient

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for WorkloadApiClient

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dst: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> FromRef<T> for T
where T: Clone,

Source§

fn from_ref(input: &T) -> T

Converts to this type from a reference to the input type.
Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> ErasedDestructor for T
where T: 'static,

Source§

impl<T> MaybeSendSync for T