pbconnect

package
v1.8.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 21, 2021 License: MPL-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidLengthConnect = fmt.Errorf("proto: negative length found during unmarshaling")
	ErrIntOverflowConnect   = fmt.Errorf("proto: integer overflow")
)

Functions

This section is empty.

Types

type CARoot 

type CARoot struct {
	// ID is a globally unique ID (UUID) representing this CA root.
	ID string `protobuf:"bytes,1,opt,name=ID,proto3" json:"ID,omitempty"`
	// Name is a human-friendly name for this CA root. This value is
	// opaque to Consul and is not used for anything internally.
	Name string `protobuf:"bytes,2,opt,name=Name,proto3" json:"Name,omitempty"`
	// SerialNumber is the x509 serial number of the certificate.
	SerialNumber uint64 `protobuf:"varint,3,opt,name=SerialNumber,proto3" json:"SerialNumber,omitempty"`
	// SigningKeyID is the ID of the public key that corresponds to the private
	// key used to sign leaf certificates. Is is the HexString format of the
	// raw AuthorityKeyID bytes.
	SigningKeyID string `protobuf:"bytes,4,opt,name=SigningKeyID,proto3" json:"SigningKeyID,omitempty"`
	// ExternalTrustDomain is the trust domain this root was generated under. It
	// is usually empty implying "the current cluster trust-domain". It is set
	// only in the case that a cluster changes trust domain and then all old roots
	// that are still trusted have the old trust domain set here.
	//
	// We currently DON'T validate these trust domains explicitly anywhere, see
	// IndexedRoots.TrustDomain doc. We retain this information for debugging and
	// future flexibility.
	ExternalTrustDomain string `protobuf:"bytes,5,opt,name=ExternalTrustDomain,proto3" json:"ExternalTrustDomain,omitempty"`
	// Time validity bounds.
	NotBefore *types.Timestamp `protobuf:"bytes,6,opt,name=NotBefore,proto3" json:"NotBefore,omitempty"`
	NotAfter  *types.Timestamp `protobuf:"bytes,7,opt,name=NotAfter,proto3" json:"NotAfter,omitempty"`
	// RootCert is the PEM-encoded public certificate.
	RootCert string `protobuf:"bytes,8,opt,name=RootCert,proto3" json:"RootCert,omitempty"`
	// IntermediateCerts is a list of PEM-encoded intermediate certs to
	// attach to any leaf certs signed by this CA.
	IntermediateCerts []string `protobuf:"bytes,9,rep,name=IntermediateCerts,proto3" json:"IntermediateCerts,omitempty"`
	// SigningCert is the PEM-encoded signing certificate and SigningKey
	// is the PEM-encoded private key for the signing certificate. These
	// may actually be empty if the CA plugin in use manages these for us.
	SigningCert string `protobuf:"bytes,10,opt,name=SigningCert,proto3" json:"SigningCert,omitempty"`
	SigningKey  string `protobuf:"bytes,11,opt,name=SigningKey,proto3" json:"SigningKey,omitempty"`
	// Active is true if this is the current active CA. This must only
	// be true for exactly one CA. For any method that modifies roots in the
	// state store, tests should be written to verify that multiple roots
	// cannot be active.
	Active bool `protobuf:"varint,12,opt,name=Active,proto3" json:"Active,omitempty"`
	// RotatedOutAt is the time at which this CA was removed from the state.
	// This will only be set on roots that have been rotated out from being the
	// active root.
	RotatedOutAt *types.Timestamp `protobuf:"bytes,13,opt,name=RotatedOutAt,proto3" json:"RotatedOutAt,omitempty"`
	// PrivateKeyType is the type of the private key used to sign certificates. It
	// may be "rsa" or "ec". This is provided as a convenience to avoid parsing
	// the public key to from the certificate to infer the type.
	PrivateKeyType string `protobuf:"bytes,14,opt,name=PrivateKeyType,proto3" json:"PrivateKeyType,omitempty"`
	// PrivateKeyBits is the length of the private key used to sign certificates.
	// This is provided as a convenience to avoid parsing the public key from the
	// certificate to infer the type.
	PrivateKeyBits       int32               `protobuf:"varint,15,opt,name=PrivateKeyBits,proto3" json:"PrivateKeyBits,omitempty"`
	RaftIndex            *pbcommon.RaftIndex `protobuf:"bytes,16,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

func (*CARoot) Descriptor 

func (*CARoot) Descriptor() ([]byte, []int)

func (*CARoot) GetActive 

func (m *CARoot) GetActive() bool

func (*CARoot) GetExternalTrustDomain 

func (m *CARoot) GetExternalTrustDomain() string

func (*CARoot) GetID 

func (m *CARoot) GetID() string

func (*CARoot) GetIntermediateCerts 

func (m *CARoot) GetIntermediateCerts() []string

func (*CARoot) GetName 

func (m *CARoot) GetName() string

func (*CARoot) GetNotAfter 

func (m *CARoot) GetNotAfter() *types.Timestamp

func (*CARoot) GetNotBefore 

func (m *CARoot) GetNotBefore() *types.Timestamp

func (*CARoot) GetPrivateKeyBits 

func (m *CARoot) GetPrivateKeyBits() int32

func (*CARoot) GetPrivateKeyType 

func (m *CARoot) GetPrivateKeyType() string

func (*CARoot) GetRaftIndex 

func (m *CARoot) GetRaftIndex() *pbcommon.RaftIndex

func (*CARoot) GetRootCert 

func (m *CARoot) GetRootCert() string

func (*CARoot) GetRotatedOutAt 

func (m *CARoot) GetRotatedOutAt() *types.Timestamp

func (*CARoot) GetSerialNumber 

func (m *CARoot) GetSerialNumber() uint64

func (*CARoot) GetSigningCert 

func (m *CARoot) GetSigningCert() string

func (*CARoot) GetSigningKey 

func (m *CARoot) GetSigningKey() string

func (*CARoot) GetSigningKeyID 

func (m *CARoot) GetSigningKeyID() string

func (*CARoot) Marshal 

func (m *CARoot) Marshal() (dAtA []byte, err error)

func (*CARoot) MarshalBinary 

func (msg *CARoot) MarshalBinary() ([]byte, error)

MarshalBinary implements encoding.BinaryMarshaler

func (*CARoot) MarshalTo 

func (m *CARoot) MarshalTo(dAtA []byte) (int, error)

func (*CARoot) MarshalToSizedBuffer added in v1.8.2 

func (m *CARoot) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CARoot) ProtoMessage 

func (*CARoot) ProtoMessage()

func (*CARoot) Reset 

func (m *CARoot) Reset()

func (*CARoot) Size 

func (m *CARoot) Size() (n int)

func (*CARoot) String 

func (m *CARoot) String() string

func (*CARoot) Unmarshal 

func (m *CARoot) Unmarshal(dAtA []byte) error

func (*CARoot) UnmarshalBinary 

func (msg *CARoot) UnmarshalBinary(b []byte) error

UnmarshalBinary implements encoding.BinaryUnmarshaler

func (*CARoot) XXX_DiscardUnknown 

func (m *CARoot) XXX_DiscardUnknown()

func (*CARoot) XXX_Marshal 

func (m *CARoot) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CARoot) XXX_Merge 

func (m *CARoot) XXX_Merge(src proto.Message)

func (*CARoot) XXX_Size 

func (m *CARoot) XXX_Size() int

func (*CARoot) XXX_Unmarshal 

func (m *CARoot) XXX_Unmarshal(b []byte) error

type CARoots 

type CARoots struct {
	// ActiveRootID is the ID of a root in Roots that is the active CA root.
	// Other roots are still valid if they're in the Roots list but are in
	// the process of being rotated out.
	ActiveRootID string `protobuf:"bytes,1,opt,name=ActiveRootID,proto3" json:"ActiveRootID,omitempty"`
	// TrustDomain is the identification root for this Consul cluster. All
	// certificates signed by the cluster's CA must have their identifying URI in
	// this domain.
	//
	// This does not include the protocol (currently spiffe://) since we may
	// implement other protocols in future with equivalent semantics. It should be
	// compared against the "authority" section of a URI (i.e. host:port).
	//
	// We need to support migrating a cluster between trust domains to support
	// Multi-DC migration in Enterprise. In this case the current trust domain is
	// here but entries in Roots may also have ExternalTrustDomain set to a
	// non-empty value implying they were previous roots that are still trusted
	// but under a different trust domain.
	//
	// Note that we DON'T validate trust domain during AuthZ since it causes
	// issues of loss of connectivity during migration between trust domains. The
	// only time the additional validation adds value is where the cluster shares
	// an external root (e.g. organization-wide root) with another distinct Consul
	// cluster or PKI system. In this case, x509 Name Constraints can be added to
	// enforce that Consul's CA can only validly sign or trust certs within the
	// same trust-domain. Name constraints as enforced by TLS handshake also allow
	// seamless rotation between trust domains thanks to cross-signing.
	TrustDomain string `protobuf:"bytes,2,opt,name=TrustDomain,proto3" json:"TrustDomain,omitempty"`
	// Roots is a list of root CA certs to trust.
	Roots []*CARoot `protobuf:"bytes,3,rep,name=Roots,proto3" json:"Roots,omitempty"`
	// QueryMeta here is mainly used to contain the latest Raft Index that could
	// be used to perform a blocking query.
	QueryMeta            *pbcommon.QueryMeta `protobuf:"bytes,4,opt,name=QueryMeta,proto3" json:"QueryMeta,omitempty"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

CARoots is the list of all currently trusted CA Roots.

func (*CARoots) Descriptor 

func (*CARoots) Descriptor() ([]byte, []int)

func (*CARoots) GetActiveRootID 

func (m *CARoots) GetActiveRootID() string

func (*CARoots) GetQueryMeta 

func (m *CARoots) GetQueryMeta() *pbcommon.QueryMeta

func (*CARoots) GetRoots 

func (m *CARoots) GetRoots() []*CARoot

func (*CARoots) GetTrustDomain 

func (m *CARoots) GetTrustDomain() string

func (*CARoots) Marshal 

func (m *CARoots) Marshal() (dAtA []byte, err error)

func (*CARoots) MarshalBinary 

func (msg *CARoots) MarshalBinary() ([]byte, error)

MarshalBinary implements encoding.BinaryMarshaler

func (*CARoots) MarshalTo 

func (m *CARoots) MarshalTo(dAtA []byte) (int, error)

func (*CARoots) MarshalToSizedBuffer added in v1.8.2 

func (m *CARoots) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*CARoots) ProtoMessage 

func (*CARoots) ProtoMessage()

func (*CARoots) Reset 

func (m *CARoots) Reset()

func (*CARoots) Size 

func (m *CARoots) Size() (n int)

func (*CARoots) String 

func (m *CARoots) String() string

func (*CARoots) Unmarshal 

func (m *CARoots) Unmarshal(dAtA []byte) error

func (*CARoots) UnmarshalBinary 

func (msg *CARoots) UnmarshalBinary(b []byte) error

UnmarshalBinary implements encoding.BinaryUnmarshaler

func (*CARoots) XXX_DiscardUnknown 

func (m *CARoots) XXX_DiscardUnknown()

func (*CARoots) XXX_Marshal 

func (m *CARoots) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*CARoots) XXX_Merge 

func (m *CARoots) XXX_Merge(src proto.Message)

func (*CARoots) XXX_Size 

func (m *CARoots) XXX_Size() int

func (*CARoots) XXX_Unmarshal 

func (m *CARoots) XXX_Unmarshal(b []byte) error

type IssuedCert 

type IssuedCert struct {
	// SerialNumber is the unique serial number for this certificate.
	// This is encoded in standard hex separated by :.
	SerialNumber string `protobuf:"bytes,1,opt,name=SerialNumber,proto3" json:"SerialNumber,omitempty"`
	// CertPEM and PrivateKeyPEM are the PEM-encoded certificate and private
	// key for that cert, respectively. This should not be stored in the
	// state store, but is present in the sign API response.
	CertPEM       string `protobuf:"bytes,2,opt,name=CertPEM,proto3" json:"CertPEM,omitempty"`
	PrivateKeyPEM string `protobuf:"bytes,3,opt,name=PrivateKeyPEM,proto3" json:"PrivateKeyPEM,omitempty"`
	// Service is the name of the service for which the cert was issued.
	// ServiceURI is the cert URI value.
	Service    string `protobuf:"bytes,4,opt,name=Service,proto3" json:"Service,omitempty"`
	ServiceURI string `protobuf:"bytes,5,opt,name=ServiceURI,proto3" json:"ServiceURI,omitempty"`
	// Agent is the name of the node for which the cert was issued.
	// AgentURI is the cert URI value.
	Agent    string `protobuf:"bytes,6,opt,name=Agent,proto3" json:"Agent,omitempty"`
	AgentURI string `protobuf:"bytes,7,opt,name=AgentURI,proto3" json:"AgentURI,omitempty"`
	// ValidAfter and ValidBefore are the validity periods for the
	// certificate.
	ValidAfter  *types.Timestamp `protobuf:"bytes,8,opt,name=ValidAfter,proto3" json:"ValidAfter,omitempty"`
	ValidBefore *types.Timestamp `protobuf:"bytes,9,opt,name=ValidBefore,proto3" json:"ValidBefore,omitempty"`
	// EnterpriseMeta is the Consul Enterprise specific metadata
	EnterpriseMeta       *pbcommon.EnterpriseMeta `protobuf:"bytes,10,opt,name=EnterpriseMeta,proto3" json:"EnterpriseMeta,omitempty"`
	RaftIndex            *pbcommon.RaftIndex      `protobuf:"bytes,11,opt,name=RaftIndex,proto3" json:"RaftIndex,omitempty"`
	XXX_NoUnkeyedLiteral struct{}                 `json:"-"`
	XXX_unrecognized     []byte                   `json:"-"`
	XXX_sizecache        int32                    `json:"-"`
}

func (*IssuedCert) Descriptor 

func (*IssuedCert) Descriptor() ([]byte, []int)

func (*IssuedCert) GetAgent 

func (m *IssuedCert) GetAgent() string

func (*IssuedCert) GetAgentURI 

func (m *IssuedCert) GetAgentURI() string

func (*IssuedCert) GetCertPEM 

func (m *IssuedCert) GetCertPEM() string

func (*IssuedCert) GetEnterpriseMeta 

func (m *IssuedCert) GetEnterpriseMeta() *pbcommon.EnterpriseMeta

func (*IssuedCert) GetPrivateKeyPEM 

func (m *IssuedCert) GetPrivateKeyPEM() string

func (*IssuedCert) GetRaftIndex 

func (m *IssuedCert) GetRaftIndex() *pbcommon.RaftIndex

func (*IssuedCert) GetSerialNumber 

func (m *IssuedCert) GetSerialNumber() string

func (*IssuedCert) GetService 

func (m *IssuedCert) GetService() string

func (*IssuedCert) GetServiceURI 

func (m *IssuedCert) GetServiceURI() string

func (*IssuedCert) GetValidAfter 

func (m *IssuedCert) GetValidAfter() *types.Timestamp

func (*IssuedCert) GetValidBefore 

func (m *IssuedCert) GetValidBefore() *types.Timestamp

func (*IssuedCert) Marshal 

func (m *IssuedCert) Marshal() (dAtA []byte, err error)

func (*IssuedCert) MarshalBinary 

func (msg *IssuedCert) MarshalBinary() ([]byte, error)

MarshalBinary implements encoding.BinaryMarshaler

func (*IssuedCert) MarshalTo 

func (m *IssuedCert) MarshalTo(dAtA []byte) (int, error)

func (*IssuedCert) MarshalToSizedBuffer added in v1.8.2 

func (m *IssuedCert) MarshalToSizedBuffer(dAtA []byte) (int, error)

func (*IssuedCert) ProtoMessage 

func (*IssuedCert) ProtoMessage()

func (*IssuedCert) Reset 

func (m *IssuedCert) Reset()

func (*IssuedCert) Size 

func (m *IssuedCert) Size() (n int)

func (*IssuedCert) String 

func (m *IssuedCert) String() string

func (*IssuedCert) Unmarshal 

func (m *IssuedCert) Unmarshal(dAtA []byte) error

func (*IssuedCert) UnmarshalBinary 

func (msg *IssuedCert) UnmarshalBinary(b []byte) error

UnmarshalBinary implements encoding.BinaryUnmarshaler

func (*IssuedCert) XXX_DiscardUnknown 

func (m *IssuedCert) XXX_DiscardUnknown()

func (*IssuedCert) XXX_Marshal 

func (m *IssuedCert) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*IssuedCert) XXX_Merge 

func (m *IssuedCert) XXX_Merge(src proto.Message)

func (*IssuedCert) XXX_Size 

func (m *IssuedCert) XXX_Size() int

func (*IssuedCert) XXX_Unmarshal 

func (m *IssuedCert) XXX_Unmarshal(b []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.