Skip to main content

spire_api/
lib.rs

1//! Client bindings for SPIRE gRPC APIs.
2//!
3//! Provides wrappers around SPIRE's gRPC APIs (generated from protobuf)
4//! with strongly-typed request helpers.
5//!
6//! SPIRE exposes multiple gRPC APIs over a local endpoint (typically a Unix domain socket).
7//! High-level clients accept a pre-built `tonic::transport::Channel` for
8//! explicit transport configuration (timeouts, TLS, interceptors, etc).
9//!
10//! ## Quick start
11//!
12//! ```no_run
13//! use spire_api::{DelegatedIdentityClient, DelegateAttestationRequest};
14//! use spire_api::selectors;
15//!
16//! # async fn demo() -> Result<(), spire_api::DelegatedIdentityError> {
17//! // Connect using the SPIRE_ADMIN_ENDPOINT_SOCKET environment variable
18//! let client = DelegatedIdentityClient::connect_env().await?;
19//!
20//! // Or connect to a specific endpoint
21//! // let client = DelegatedIdentityClient::connect_to("unix:///tmp/spire-agent/public/admin.sock").await?;
22//!
23//! let svid = client
24//!     .fetch_x509_svid(DelegateAttestationRequest::Selectors(vec![
25//!         selectors::Selector::Unix(selectors::Unix::Uid(1000)),
26//!     ]))
27//!     .await?;
28//!
29//! println!("SPIFFE ID: {}", svid.spiffe_id());
30//! # Ok(())
31//! # }
32//! ```
33//!
34//! ## Generated protobuf types
35//!
36//! Protobuf-generated types are available under [`pb`]. Most users should not need to use these
37//! directly, but they are exposed for advanced use-cases.
38
39#![cfg_attr(
40    test,
41    expect(unused_crate_dependencies, reason = "used in the integration tests")
42)]
43
44/// Generated protobuf bindings for SPIRE APIs.
45///
46/// **This module contains generated code. Do not edit these files manually.**
47///
48/// Regenerate with: `cargo run -p xtask -- gen spire-api` from the repo root.
49///
50/// ## Lint Suppressions
51///
52/// The following lint suppressions are applied to this module because the generated code
53/// from `prost`/`tonic-build` does not always conform to our linting standards:
54///
55/// - `clippy::all` and `clippy::pedantic`: Generated code may not follow all clippy rules
56/// - `missing_docs`: Generated types may lack documentation
57/// - `dead_code`, `unused_imports`, etc.: Generated code may include unused items depending on features
58///
59/// These suppressions are intentional and scoped to this generated code module only.
60#[expect(
61    clippy::allow_attributes_without_reason,
62    clippy::derive_partial_eq_without_eq,
63    clippy::doc_lazy_continuation,
64    clippy::doc_markdown,
65    clippy::empty_structs_with_brackets,
66    clippy::missing_const_for_fn,
67    clippy::missing_errors_doc,
68    clippy::too_long_first_doc_paragraph,
69    missing_docs,
70    unused_qualifications,
71    unused_results
72)]
73pub mod pb {
74    pub mod spire {
75        pub mod api {
76            pub mod agent {
77                pub mod delegatedidentity {
78                    pub mod v1 {
79                        include!("pb/spire.api.agent.delegatedidentity.v1.rs");
80                    }
81                }
82            }
83
84            pub mod types {
85                include!("pb/spire.api.types.rs");
86            }
87        }
88    }
89}
90
91/// SPIRE Agent API clients.
92pub mod agent;
93
94/// Selector types used by SPIRE APIs.
95pub mod selectors;
96
97/// Common re-exports.
98pub mod prelude {
99    /// Common imports for SPIRE client usage.
100    pub use crate::agent::delegated_identity::{
101        DelegateAttestationRequest, DelegatedIdentityClient, DelegatedIdentityError,
102    };
103    pub use crate::selectors;
104}
105
106pub use agent::delegated_identity::{
107    DelegateAttestationRequest, DelegatedIdentityClient, DelegatedIdentityError,
108};