linkerd2-proxy-api 0.18.0

Linkerd Proxy API gRPC bindings and utilities
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

syntax = "proto3";

package io.linkerd.proxy.identity;

option go_package = "github.com/linkerd/linkerd2-proxy-api/go/identity";

import "google/protobuf/timestamp/timestamp.proto";

service Identity {
  // Requests that a time-bounded certificate be signed.
  //
  // The requester must provide a token that verifies the client's identity and
  // a Certificate Signing Request that adheres to the service naming rules.
  //
  // Errors are returned when the provided request is invalid or when
  // authentication cannot be performed.
  rpc Certify(CertifyRequest) returns (CertifyResponse) {}
}

message CertifyRequest {
  string identity = 1;

  // Proof of the requester's identity.
  //
  // In Kubernetes, for instance, this is the contents of a service account
  // token.
  bytes token = 2;

  // A PEM-encoded x509 Certificate Signing Request.
  bytes certificate_signing_request = 3;
}

message CertifyResponse {
  // A PEM-encoded x509 Certificate.
  bytes leaf_certificate = 1;

  // A list of PEM-encoded x509 Certificates that establish the trust chain
  // between the leaf_certificate and the well-known trust anchors.
  repeated bytes intermediate_certificates = 2;

  google.protobuf.Timestamp valid_until = 3;
}