Crate spire_api

Expand description

Rust client bindings for SPIRE gRPC APIs.

This crate provides ergonomic wrappers around SPIRE’s gRPC APIs (generated from protobuf) with strongly-typed request helpers.

§Endpoints and transport

SPIRE exposes multiple gRPC APIs (e.g. the Agent API) over a local endpoint. In most deployments this is a Unix domain socket.

The high-level clients in this crate typically accept a pre-built tonic::transport::Channel. This keeps transport configuration explicit and composable (timeouts, TLS, interceptors, etc).

§Quick start

use spire_api::{DelegatedIdentityClient, DelegateAttestationRequest};
use spire_api::selectors;

// Connect using the SPIRE_ADMIN_ENDPOINT_SOCKET environment variable
let client = DelegatedIdentityClient::connect_env().await?;

// Or connect to a specific endpoint
// let client = DelegatedIdentityClient::connect_to("unix:///tmp/spire-agent/public/admin.sock").await?;

let svid = client
    .fetch_x509_svid(DelegateAttestationRequest::Selectors(vec![
        selectors::Selector::Unix(selectors::Unix::Uid(1000)),
    ]))
    .await?;

println!("SPIFFE ID: {}", svid.spiffe_id());

§Generated protobuf types

Protobuf-generated types are available under pb. Most users should not need to use these directly, but they are exposed for advanced use-cases.

Re-exports§

pub use agent::delegated_identity::DelegateAttestationRequest;
pub use agent::delegated_identity::DelegatedIdentityClient;
pub use agent::delegated_identity::DelegatedIdentityError;

Modules§

agent: SPIRE Agent API clients. Agent API
pb: Protobuf-generated types for SPIRE APIs.
prelude: Common re-exports for convenience.
selectors: Selector types used by SPIRE APIs. Selectors conforming to SPIRE standards.

Crate spire_api

Crate spire_api Copy item path

§Endpoints and transport

§Quick start

§Generated protobuf types

Re-exports§

Modules§

Crate spire_api