Skip to main content

BlockingClient

Struct BlockingClient 

Source
pub struct BlockingClient { /* private fields */ }
Expand description

A blocking wrapper around the async gRPC client.

Implementations§

Source§

impl BlockingClient

Source

pub fn connect(path: &str) -> Result<Self>

Connect to the agent listening at path.

Source

pub fn connect_with_timeout(path: &str, default_timeout: u64) -> Result<Self>

Connect with an explicit default per-request timeout in seconds.

Source

pub fn new_key(&mut self, key_id: &str, key_type: KeyType) -> Result<KeyHandle>

Create a key under catalog name key_id.

Source

pub fn import( &mut self, key_id: &str, key_type: KeyType, material: KeyMaterial, ) -> Result<KeyHandle>

Import caller-provided key material.

Source

pub fn import_set( &mut self, entries: Vec<ImportEntry>, ) -> Result<Vec<KeyHandle>>

Import several keys in one call (e.g. an nsc-init bundle). See Client::import_set.

Source

pub fn sign(&mut self, key_id: &str, message: &[u8]) -> Result<Vec<u8>>

Sign message with key_id, returning the raw signature. message is the raw bytes to be signed, not a precomputed digest, and can be a NATS server nonce or JWT signing input (see Client::sign).

Source

pub fn verify( &mut self, key_id: &str, message: &[u8], signature: &[u8], ) -> Result<bool>

Verify signature over message with key_id.

Source

pub fn get_public_key( &mut self, key_id: &str, version: Option<u32>, ) -> Result<GetPublicKeyResponse>

Fetch a public key by catalog name and optional version.

Source

pub fn encrypt( &mut self, key_id: &str, algorithm: AeadAlgorithm, plaintext: &[u8], aad: Option<&[u8]>, ) -> Result<CiphertextEnvelope>

Encrypt plaintext. Basil owns nonce generation.

Source

pub fn decrypt( &mut self, key_id: &str, envelope: CiphertextEnvelope, aad: Option<&[u8]>, ) -> Result<Vec<u8>>

Decrypt a Basil ciphertext envelope.

Source

pub fn wrap_envelope( &mut self, key_id: &str, kem_algorithm: KemAlgorithm, envelope_algorithm: EnvelopeAlgorithm, plaintext: &[u8], aad: Option<&[u8]>, ) -> Result<KemEnvelope>

Wrap plaintext with a KEM/envelope operation.

Source

pub fn unwrap_envelope( &mut self, key_id: &str, envelope: KemEnvelope, aad: Option<&[u8]>, ) -> Result<Vec<u8>>

Unwrap a KEM/envelope ciphertext.

Source

pub fn get_secret( &mut self, secret_id: &str, version: Option<u32>, ) -> Result<SecretValue>

Fetch a secret payload.

Source

pub fn set_secret(&mut self, secret_id: &str, value: &[u8]) -> Result<u32>

Store a secret payload, returning the new version.

Source

pub fn rotate_secret(&mut self, secret_id: &str) -> Result<u32>

Rotate a secret, returning the new version.

Source

pub fn list_catalog( &mut self, prefix: Option<&str>, ) -> Result<Vec<CatalogEntry>>

List visible catalog entries, optionally filtered by prefix.

Source

pub fn mint_jwt( &mut self, key_id: &str, sub: &str, ttl_secs: Option<u64>, claims: impl Serialize, ) -> Result<MintedJwt>

Mint a generic JWT credential.

Source

pub fn mint_jwt_json( &mut self, key_id: &str, sub: &str, ttl_secs: Option<u64>, extra_claims_json: impl Into<Vec<u8>>, ) -> Result<MintedJwt>

Mint a generic JWT credential from pre-encoded additional claim JSON.

Source

pub fn mint_nats_user( &mut self, key_id: &str, subject_user_nkey: &str, issuer_account: Option<&str>, name: &str, ttl_secs: Option<u64>, permissions: NatsUserPermissions, ) -> Result<String>

Mint a NATS user JWT signed by an account key held by Basil.

issuer_account is the owning account’s identity public NKey (A…), required when key_id is an account signing key (it sets nats.issuer_account); pass None when key_id is the account identity key itself.

Source

pub fn mint_nats_account( &mut self, signing_key_id: &str, subject_account_nkey: &str, name: &str, signing_keys: &[String], expires_in_secs: Option<u64>, ) -> Result<String>

Mint a NATS account JWT signed by an operator key (or self-signed) held by Basil.

Source

pub fn mint_nats_operator( &mut self, signing_key_id: &str, subject_operator_nkey: Option<&str>, name: &str, signing_keys: &[String], account_server_url: Option<&str>, system_account: Option<&str>, expires_in_secs: Option<u64>, ) -> Result<String>

Mint a NATS operator JWT. With subject_operator_nkey set to None the issuer self-signs.

Source

pub fn mint_nats_signer( &mut self, signing_key_id: &str, subject_nkey: &str, name: &str, expires_in_secs: Option<u64>, ) -> Result<String>

Mint a NATS account-signing-key JWT (subject is an N-prefixed signer nkey).

Source

pub fn mint_nats_server( &mut self, signing_key_id: &str, subject_server_nkey: &str, name: &str, expires_in_secs: Option<u64>, ) -> Result<String>

Mint a NATS server JWT (subject is an N-prefixed server nkey).

Source

pub fn mint_nats_curve( &mut self, signing_key_id: &str, subject_curve_nkey: &str, name: &str, expires_in_secs: Option<u64>, ) -> Result<String>

Mint a NATS curve (x25519) JWT (subject is an X-prefixed curve nkey).

Source

pub fn encrypt_nats_curve( &mut self, key_id: &str, recipient_public_xkey: &str, plaintext: &[u8], ) -> Result<Vec<u8>>

Encrypt with a custodied NATS curve xkey to a recipient public xkey.

Source

pub fn decrypt_nats_curve( &mut self, key_id: &str, sender_public_xkey: &str, ciphertext: &[u8], ) -> Result<Vec<u8>>

Decrypt a NATS curve xkey box from a sender public xkey.

Source

pub fn sign_nats_jwt( &mut self, key_id: &str, claims: impl Serialize, options: SignNatsJwtOptions, ) -> Result<MintedJwt>

Validate and sign a caller-supplied NATS JWT claim document.

Source

pub fn sign_nats_jwt_json( &mut self, key_id: &str, claims_json: impl Into<Vec<u8>>, options: SignNatsJwtOptions, ) -> Result<MintedJwt>

Validate and sign a pre-encoded NATS JWT claim document.

Source

pub fn validate_nats_jwt( &mut self, jwt: &str, allowed_signers: impl IntoIterator<Item = AllowedNatsSigner>, expected_type: Option<NatsJwtType>, ) -> Result<NatsJwtValidation>

Validate a presented NATS JWT against candidate catalog keys or public NKeys.

Source

pub fn issue_certificate( &mut self, issuer_key_id: &str, common_name: &str, dns_sans: &[String], ip_sans: &[String], ttl_secs: u64, ) -> Result<IssuedCertificate>

Issue a DNS/IP-SAN X.509 leaf (TLS cert). See Client::issue_certificate.

Source

pub fn status(&mut self) -> Result<AgentStatus>

The broker’s backend identifier, build version, and wire protocol version.

Source

pub fn health(&mut self) -> Result<AgentHealth>

Broker liveness: is the daemon up and serving the socket? No backend I/O.

Source

pub fn readiness(&mut self) -> Result<AgentReadiness>

Broker readiness: can the broker actually serve? Returns a non-secret summary (counts, coarse reason, active generation id).

Source

pub fn reload(&mut self, check: bool) -> Result<AgentReload>

Trigger a permission-gated catalog/policy hot reload from disk (basil-atq). check = true is a dry-run (validate, do not swap). The config is read from the broker’s on-disk paths only, never the wire.

Source

pub fn explain( &mut self, subject: &str, op: &str, key: &str, ) -> Result<AgentExplanation>

Explain a policy decision against the broker’s serving generation.

Source

pub fn revoke( &mut self, trust_domain: &str, jti: &str, expires_at_unix: u64, ) -> Result<AgentRevocation>

Revoke a JWT-SVID by trust-domain/jti tuple.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
Source§

impl<L> LayerExt<L> for L

Source§

fn named_layer<S>(&self, service: S) -> Layered<<L as Layer<S>>::Service, S>
where L: Layer<S>,

Applies the layer to a service and wraps it in Layered.
Source§

impl<T> Read<Exclusive, BecauseExclusive> for T
where T: ?Sized,

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more