spiffe/workload_api/pb/
workload.rs

1// This file is @generated by prost-build.
2/// The X509SVIDRequest message conveys parameters for requesting an X.509-SVID.
3/// There are currently no request parameters.
4#[derive(Clone, Copy, PartialEq, Eq, Hash, ::prost::Message)]
5pub struct X509svidRequest {}
6/// The X509SVIDResponse message carries X.509-SVIDs and related information,
7/// including a set of global CRLs and a list of bundles the workload may use
8/// for federating with foreign trust domains.
9#[derive(Clone, PartialEq, ::prost::Message)]
10pub struct X509svidResponse {
11    /// Required. A list of X509SVID messages, each of which includes a single
12    /// X.509-SVID, its private key, and the bundle for the trust domain.
13    #[prost(message, repeated, tag = "1")]
14    pub svids: ::prost::alloc::vec::Vec<X509svid>,
15    /// Optional. ASN.1 DER encoded certificate revocation lists.
16    #[prost(bytes = "bytes", repeated, tag = "2")]
17    pub crl: ::prost::alloc::vec::Vec<::prost::bytes::Bytes>,
18    /// Optional. CA certificate bundles belonging to foreign trust domains that
19    /// the workload should trust, keyed by the SPIFFE ID of the foreign trust
20    /// domain. Bundles are ASN.1 DER encoded.
21    #[prost(map = "string, bytes", tag = "3")]
22    pub federated_bundles:
23        ::std::collections::HashMap<::prost::alloc::string::String, ::prost::bytes::Bytes>,
24}
25/// The X509SVID message carries a single SVID and all associated information,
26/// including the X.509 bundle for the trust domain.
27#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
28pub struct X509svid {
29    /// Required. The SPIFFE ID of the SVID in this entry
30    #[prost(string, tag = "1")]
31    pub spiffe_id: ::prost::alloc::string::String,
32    /// Required. ASN.1 DER encoded certificate chain. MAY include
33    /// intermediates, the leaf certificate (or SVID itself) MUST come first.
34    #[prost(bytes = "bytes", tag = "2")]
35    pub x509_svid: ::prost::bytes::Bytes,
36    /// Required. ASN.1 DER encoded PKCS#8 private key. MUST be unencrypted.
37    #[prost(bytes = "bytes", tag = "3")]
38    pub x509_svid_key: ::prost::bytes::Bytes,
39    /// Required. ASN.1 DER encoded X.509 bundle for the trust domain.
40    #[prost(bytes = "bytes", tag = "4")]
41    pub bundle: ::prost::bytes::Bytes,
42}
43/// The X509BundlesRequest message conveys parameters for requesting X.509
44/// bundles. There are currently no such parameters.
45#[derive(Clone, Copy, PartialEq, Eq, Hash, ::prost::Message)]
46pub struct X509BundlesRequest {}
47/// The X509BundlesResponse message carries a set of global CRLs and a map of
48/// trust bundles the workload should trust.
49#[derive(Clone, PartialEq, ::prost::Message)]
50pub struct X509BundlesResponse {
51    /// Optional. ASN.1 DER encoded certificate revocation lists.
52    #[prost(bytes = "bytes", repeated, tag = "1")]
53    pub crl: ::prost::alloc::vec::Vec<::prost::bytes::Bytes>,
54    /// Required. CA certificate bundles belonging to trust domains that the
55    /// workload should trust, keyed by the SPIFFE ID of the trust domain.
56    /// Bundles are ASN.1 DER encoded.
57    #[prost(map = "string, bytes", tag = "2")]
58    pub bundles: ::std::collections::HashMap<::prost::alloc::string::String, ::prost::bytes::Bytes>,
59}
60#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
61pub struct JwtsvidRequest {
62    /// Required. The audience(s) the workload intends to authenticate against.
63    #[prost(string, repeated, tag = "1")]
64    pub audience: ::prost::alloc::vec::Vec<::prost::alloc::string::String>,
65    /// Optional. The requested SPIFFE ID for the JWT-SVID. If unset, all
66    /// JWT-SVIDs to which the workload is entitled are requested.
67    #[prost(string, tag = "2")]
68    pub spiffe_id: ::prost::alloc::string::String,
69}
70/// The JWTSVIDResponse message conveys JWT-SVIDs.
71#[derive(Clone, PartialEq, ::prost::Message)]
72pub struct JwtsvidResponse {
73    /// Required. The list of returned JWT-SVIDs.
74    #[prost(message, repeated, tag = "1")]
75    pub svids: ::prost::alloc::vec::Vec<Jwtsvid>,
76}
77/// The JWTSVID message carries the JWT-SVID token and associated metadata.
78#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
79pub struct Jwtsvid {
80    /// Required. The SPIFFE ID of the JWT-SVID.
81    #[prost(string, tag = "1")]
82    pub spiffe_id: ::prost::alloc::string::String,
83    /// Required. Encoded JWT using JWS Compact Serialization.
84    #[prost(string, tag = "2")]
85    pub svid: ::prost::alloc::string::String,
86}
87/// The JWTBundlesRequest message conveys parameters for requesting JWT bundles.
88/// There are currently no such parameters.
89#[derive(Clone, Copy, PartialEq, Eq, Hash, ::prost::Message)]
90pub struct JwtBundlesRequest {}
91/// The JWTBundlesReponse conveys JWT bundles.
92#[derive(Clone, PartialEq, ::prost::Message)]
93pub struct JwtBundlesResponse {
94    /// Required. JWK encoded JWT bundles, keyed by the SPIFFE ID of the trust
95    /// domain.
96    #[prost(map = "string, bytes", tag = "1")]
97    pub bundles: ::std::collections::HashMap<::prost::alloc::string::String, ::prost::bytes::Bytes>,
98}
99/// The ValidateJWTSVIDRequest message conveys request parameters for
100/// JWT-SVID validation.
101#[derive(Clone, PartialEq, Eq, Hash, ::prost::Message)]
102pub struct ValidateJwtsvidRequest {
103    /// Required. The audience of the validating party. The JWT-SVID must
104    /// contain an audience claim which contains this value in order to
105    /// succesfully validate.
106    #[prost(string, tag = "1")]
107    pub audience: ::prost::alloc::string::String,
108    /// Required. The JWT-SVID to validate, encoded using JWS Compact
109    /// Serialization.
110    #[prost(string, tag = "2")]
111    pub svid: ::prost::alloc::string::String,
112}
113/// The ValidateJWTSVIDReponse message conveys the JWT-SVID validation results.
114#[derive(Clone, PartialEq, ::prost::Message)]
115pub struct ValidateJwtsvidResponse {
116    /// Required. The SPIFFE ID of the validated JWT-SVID.
117    #[prost(string, tag = "1")]
118    pub spiffe_id: ::prost::alloc::string::String,
119    /// Optional. Arbitrary claims contained within the payload of the validated
120    /// JWT-SVID.
121    #[prost(message, optional, tag = "2")]
122    pub claims: ::core::option::Option<::prost_types::Struct>,
123}
124/// Generated client implementations.
125pub mod spiffe_workload_api_client {
126    #![allow(
127        unused_variables,
128        dead_code,
129        missing_docs,
130        clippy::wildcard_imports,
131        clippy::let_unit_value
132    )]
133    use tonic::codegen::http::Uri;
134    use tonic::codegen::*;
135    #[derive(Debug, Clone)]
136    pub struct SpiffeWorkloadApiClient<T> {
137        inner: tonic::client::Grpc<T>,
138    }
139    impl SpiffeWorkloadApiClient<tonic::transport::Channel> {
140        /// Attempt to create a new client by connecting to a given endpoint.
141        pub async fn connect<D>(dst: D) -> Result<Self, tonic::transport::Error>
142        where
143            D: TryInto<tonic::transport::Endpoint>,
144            D::Error: Into<StdError>,
145        {
146            let conn = tonic::transport::Endpoint::new(dst)?.connect().await?;
147            Ok(Self::new(conn))
148        }
149    }
150    impl<T> SpiffeWorkloadApiClient<T>
151    where
152        T: tonic::client::GrpcService<tonic::body::Body>,
153        T::Error: Into<StdError>,
154        T::ResponseBody: Body<Data = Bytes> + std::marker::Send + 'static,
155        <T::ResponseBody as Body>::Error: Into<StdError> + std::marker::Send,
156    {
157        pub fn new(inner: T) -> Self {
158            let inner = tonic::client::Grpc::new(inner);
159            Self { inner }
160        }
161        pub fn with_origin(inner: T, origin: Uri) -> Self {
162            let inner = tonic::client::Grpc::with_origin(inner, origin);
163            Self { inner }
164        }
165        pub fn with_interceptor<F>(
166            inner: T,
167            interceptor: F,
168        ) -> SpiffeWorkloadApiClient<InterceptedService<T, F>>
169        where
170            F: tonic::service::Interceptor,
171            T::ResponseBody: Default,
172            T: tonic::codegen::Service<
173                http::Request<tonic::body::Body>,
174                Response = http::Response<
175                    <T as tonic::client::GrpcService<tonic::body::Body>>::ResponseBody,
176                >,
177            >,
178            <T as tonic::codegen::Service<http::Request<tonic::body::Body>>>::Error:
179                Into<StdError> + std::marker::Send + std::marker::Sync,
180        {
181            SpiffeWorkloadApiClient::new(InterceptedService::new(inner, interceptor))
182        }
183        /// Compress requests with the given encoding.
184        ///
185        /// This requires the server to support it otherwise it might respond with an
186        /// error.
187        #[must_use]
188        pub fn send_compressed(mut self, encoding: CompressionEncoding) -> Self {
189            self.inner = self.inner.send_compressed(encoding);
190            self
191        }
192        /// Enable decompressing responses.
193        #[must_use]
194        pub fn accept_compressed(mut self, encoding: CompressionEncoding) -> Self {
195            self.inner = self.inner.accept_compressed(encoding);
196            self
197        }
198        /// Limits the maximum size of a decoded message.
199        ///
200        /// Default: `4MB`
201        #[must_use]
202        pub fn max_decoding_message_size(mut self, limit: usize) -> Self {
203            self.inner = self.inner.max_decoding_message_size(limit);
204            self
205        }
206        /// Limits the maximum size of an encoded message.
207        ///
208        /// Default: `usize::MAX`
209        #[must_use]
210        pub fn max_encoding_message_size(mut self, limit: usize) -> Self {
211            self.inner = self.inner.max_encoding_message_size(limit);
212            self
213        }
214        /// Fetch X.509-SVIDs for all SPIFFE identities the workload is entitled to,
215        /// as well as related information like trust bundles and CRLs. As this
216        /// information changes, subsequent messages will be streamed from the
217        /// server.
218        pub async fn fetch_x509svid(
219            &mut self,
220            request: impl tonic::IntoRequest<super::X509svidRequest>,
221        ) -> std::result::Result<
222            tonic::Response<tonic::codec::Streaming<super::X509svidResponse>>,
223            tonic::Status,
224        > {
225            self.inner.ready().await.map_err(|e| {
226                tonic::Status::unknown(format!("Service was not ready: {}", e.into()))
227            })?;
228            let codec = tonic_prost::ProstCodec::default();
229            let path = http::uri::PathAndQuery::from_static("/SpiffeWorkloadAPI/FetchX509SVID");
230            let mut req = request.into_request();
231            req.extensions_mut()
232                .insert(GrpcMethod::new("SpiffeWorkloadAPI", "FetchX509SVID"));
233            self.inner.server_streaming(req, path, codec).await
234        }
235        /// Fetch trust bundles and CRLs. Useful for clients that only need to
236        /// validate SVIDs without obtaining an SVID for themself. As this
237        /// information changes, subsequent messages will be streamed from the
238        /// server.
239        pub async fn fetch_x509_bundles(
240            &mut self,
241            request: impl tonic::IntoRequest<super::X509BundlesRequest>,
242        ) -> std::result::Result<
243            tonic::Response<tonic::codec::Streaming<super::X509BundlesResponse>>,
244            tonic::Status,
245        > {
246            self.inner.ready().await.map_err(|e| {
247                tonic::Status::unknown(format!("Service was not ready: {}", e.into()))
248            })?;
249            let codec = tonic_prost::ProstCodec::default();
250            let path = http::uri::PathAndQuery::from_static("/SpiffeWorkloadAPI/FetchX509Bundles");
251            let mut req = request.into_request();
252            req.extensions_mut()
253                .insert(GrpcMethod::new("SpiffeWorkloadAPI", "FetchX509Bundles"));
254            self.inner.server_streaming(req, path, codec).await
255        }
256        /// Fetch JWT-SVIDs for all SPIFFE identities the workload is entitled to,
257        /// for the requested audience. If an optional SPIFFE ID is requested, only
258        /// the JWT-SVID for that SPIFFE ID is returned.
259        pub async fn fetch_jwtsvid(
260            &mut self,
261            request: impl tonic::IntoRequest<super::JwtsvidRequest>,
262        ) -> std::result::Result<tonic::Response<super::JwtsvidResponse>, tonic::Status> {
263            self.inner.ready().await.map_err(|e| {
264                tonic::Status::unknown(format!("Service was not ready: {}", e.into()))
265            })?;
266            let codec = tonic_prost::ProstCodec::default();
267            let path = http::uri::PathAndQuery::from_static("/SpiffeWorkloadAPI/FetchJWTSVID");
268            let mut req = request.into_request();
269            req.extensions_mut()
270                .insert(GrpcMethod::new("SpiffeWorkloadAPI", "FetchJWTSVID"));
271            self.inner.unary(req, path, codec).await
272        }
273        /// Fetches the JWT bundles, formatted as JWKS documents, keyed by the
274        /// SPIFFE ID of the trust domain. As this information changes, subsequent
275        /// messages will be streamed from the server.
276        pub async fn fetch_jwt_bundles(
277            &mut self,
278            request: impl tonic::IntoRequest<super::JwtBundlesRequest>,
279        ) -> std::result::Result<
280            tonic::Response<tonic::codec::Streaming<super::JwtBundlesResponse>>,
281            tonic::Status,
282        > {
283            self.inner.ready().await.map_err(|e| {
284                tonic::Status::unknown(format!("Service was not ready: {}", e.into()))
285            })?;
286            let codec = tonic_prost::ProstCodec::default();
287            let path = http::uri::PathAndQuery::from_static("/SpiffeWorkloadAPI/FetchJWTBundles");
288            let mut req = request.into_request();
289            req.extensions_mut()
290                .insert(GrpcMethod::new("SpiffeWorkloadAPI", "FetchJWTBundles"));
291            self.inner.server_streaming(req, path, codec).await
292        }
293        /// Validates a JWT-SVID against the requested audience. Returns the SPIFFE
294        /// ID of the JWT-SVID and JWT claims.
295        pub async fn validate_jwtsvid(
296            &mut self,
297            request: impl tonic::IntoRequest<super::ValidateJwtsvidRequest>,
298        ) -> std::result::Result<tonic::Response<super::ValidateJwtsvidResponse>, tonic::Status>
299        {
300            self.inner.ready().await.map_err(|e| {
301                tonic::Status::unknown(format!("Service was not ready: {}", e.into()))
302            })?;
303            let codec = tonic_prost::ProstCodec::default();
304            let path = http::uri::PathAndQuery::from_static("/SpiffeWorkloadAPI/ValidateJWTSVID");
305            let mut req = request.into_request();
306            req.extensions_mut()
307                .insert(GrpcMethod::new("SpiffeWorkloadAPI", "ValidateJWTSVID"));
308            self.inner.unary(req, path, codec).await
309        }
310    }
311}