DelegatedIdentityClient

spire_api::agent::delegated_identity

Struct DelegatedIdentityClient 

Source 
pub struct DelegatedIdentityClient { /* private fields */ }
Expand description

Impl for DelegatedIdentity API

Implementations§

Source§

impl DelegatedIdentityClient

Constructors

Source

pub async fn connect_to( endpoint: impl AsRef<str>, ) -> Result<Self, DelegatedIdentityError>

Create a client by connecting to the given admin endpoint URI string (e.g. unix:///...).

§Arguments
  • endpoint - The path to the UNIX domain socket, which can optionally start with “unix:”.
§Returns
  • Result<Self, DelegatedIdentityError> - Returns an instance of DelegatedIdentityClient if successful, otherwise returns an error.
§Errors

This function will return an error if the provided socket path is invalid or if there are issues connecting.

Source

pub async fn connect_env() -> Result<Self, DelegatedIdentityError>

Creates a new DelegatedIdentityClient using the default socket endpoint address.

Requires that the environment variable SPIFFE_ENDPOINT_SOCKET be set with the path to the Workload API endpoint socket.

§Errors

The function returns a variant of DelegatedIdentityError if environment variable is not set or if the provided socket path is not valid.

Source

pub async fn connect(endpoint: Endpoint) -> Result<Self, DelegatedIdentityError>

Create a client by connecting to a parsed SPIFFE Endpoint.

§Errors

Returns [GrpcClientError] if the connection fails or the endpoint is unsupported.

Source

pub fn new(conn: Channel) -> Result<Self, DelegatedIdentityError>

Creates a new DelegatedIdentityClient from an established gRPC channel.

This constructor does not perform any network I/O. It only wraps the provided tonic::transport::Channel and prepares the client for use.

§Errors

Returns DelegatedIdentityError if the client could not be constructed from the provided channel (for example, due to an invalid configuration).

Source§

impl DelegatedIdentityClient

Source

pub async fn fetch_x509_svid( &self, attest_type: DelegateAttestationRequest, ) -> Result<X509Svid, DelegatedIdentityError>

Fetches a single X509 SPIFFE Verifiable Identity Document (SVID).

This method connects to the SPIFFE Workload API and returns the first X509 SVID in the response.

§Arguments
  • selectors - A list of selectors to filter the stream of X509Svid updates.
§Returns

On success, it returns a valid X509Svid which represents the parsed SVID. If the fetch operation or the parsing fails, it returns a DelegatedIdentityError.

§Errors

Returns DelegatedIdentityError if the gRPC call fails or if the SVID could not be parsed from the gRPC response.

Source

pub async fn stream_x509_svids( &self, attest_type: DelegateAttestationRequest, ) -> Result<impl Stream<Item = Result<X509Svid, DelegatedIdentityError>> + Send + '_, DelegatedIdentityError>

Watches the stream of X509Svid updates.

This function establishes a stream with the Workload API to continuously receive updates for the X509Svid. The returned stream can be used to asynchronously yield new X509Svid updates as they become available.

§Arguments
  • selectors - A list of selectors to filter the stream of X509Svid updates.
§Returns

Returns a stream of Result<X509Svid, DelegatedIdentityError>. Each item represents an updated X509Svid or an error if there was a problem processing an update from the stream.

§Errors

The function can return an error variant of DelegatedIdentityError in the following scenarios:

  • There’s an issue connecting to the Workload API.
  • An error occurs while setting up the stream.

Individual stream items might also be errors if there’s an issue processing the response for a specific update.

Source

pub async fn fetch_x509_bundles( &self, ) -> Result<X509BundleSet, DelegatedIdentityError>

Fetches X509BundleSet, that is a set of X509Bundle keyed by the trust domain to which they belong.

§Errors

The function returns a variant of DelegatedIdentityError if there is an error connecting to the Workload API or there is a problem processing the response.

Source

pub async fn stream_x509_bundles( &self, ) -> Result<impl Stream<Item = Result<X509BundleSet, DelegatedIdentityError>> + Send + 'static, DelegatedIdentityError>

Watches the stream of X509Bundle updates.

This function establishes a stream with the Workload API to continuously receive updates for the X509Bundle. The returned stream can be used to asynchronously yield new X509Bundle updates as they become available.

§Returns

Returns a stream of Result<X509BundleSet, DelegatedIdentityError>. Each item represents an updated X509BundleSet or an error if there was a problem processing an update from the stream.

§Errors

The function can return an error variant of DelegatedIdentityError in the following scenarios:

  • There’s an issue connecting to the Admin API.
  • An error occurs while setting up the stream.

Individual stream items might also be errors if there’s an issue processing the response for a specific update.

Source

pub async fn fetch_jwt_svids<T: AsRef<str> + ToString>( &self, audience: &[T], attest_type: DelegateAttestationRequest, ) -> Result<Vec<JwtSvid>, DelegatedIdentityError>

Fetches a list of JwtSvid parsing the JWT token in the Workload API response, for the given audience and selectors.

§Arguments
  • audience - A list of audiences to include in the JWT token. Cannot be empty nor contain only empty strings.
  • selectors - A list of selectors to filter the list of JwtSvid.
§Errors

The function returns a variant of DelegatedIdentityError if there is an error connecting to the Workload API or there is a problem processing the response.

Source

pub async fn stream_jwt_bundles( &self, ) -> Result<impl Stream<Item = Result<JwtBundleSet, DelegatedIdentityError>> + Send + 'static, DelegatedIdentityError>

Watches the stream of JwtBundleSet updates.

This function establishes a stream with the Workload API to continuously receive updates for the JwtBundleSet. The returned stream can be used to asynchronously yield new JwtBundleSet updates as they become available.

§Returns

Returns a stream of Result<JwtBundleSet, DelegatedIdentityError>. Each item represents an updated JwtBundleSet or an error if there was a problem processing an update from the stream.

§Errors

The function can return an error variant of DelegatedIdentityError in the following scenarios:

  • There’s an issue connecting to the Workload API.
  • An error occurs while setting up the stream.

Individual stream items might also be errors if there’s an issue processing the response for a specific update.

Source

pub async fn fetch_jwt_bundles( &self, ) -> Result<JwtBundleSet, DelegatedIdentityError>

Fetches JwtBundleSet that is a set of JwtBundle keyed by the trust domain to which they belong.

§Errors

The function returns a variant of DelegatedIdentityError if there is an error connecting to the Workload API or there is a problem processing the response.

Trait Implementations§

Source§

impl Clone for DelegatedIdentityClient

Source§

fn clone(&self) -> DelegatedIdentityClient

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for DelegatedIdentityClient

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<'a, T, E> AsTaggedExplicit<'a, E> for T
where T: 'a,

Source§

fn explicit(self, class: Class, tag: u32) -> TaggedParser<'a, Explicit, Self, E>

Source§

impl<'a, T, E> AsTaggedImplicit<'a, E> for T
where T: 'a,

Source§

fn implicit( self, class: Class, constructed: bool, tag: u32, ) -> TaggedParser<'a, Implicit, Self, E>

Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoRequest<T> for T

Source§

fn into_request(self) -> Request<T>

Wrap the input message T in a tonic::Request
Source§

impl<L> LayerExt<L> for L

Source§

fn named_layer<S>(&self, service: S) -> Layered<<L as Layer<S>>::Service, S>
where L: Layer<S>,

Applies the layer to a service and wraps it in Layered.
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more