spire_api/
lib.rs

1#![deny(missing_docs)]
2#![deny(unsafe_code)]
3#![warn(missing_debug_implementations)]
4#![warn(clippy::all)]
5#![warn(clippy::pedantic)]
6#![allow(clippy::module_name_repetitions)]
7#![allow(clippy::must_use_candidate)]
8
9//! Rust client bindings for SPIRE gRPC APIs.
10//!
11//! This crate provides ergonomic wrappers around SPIRE's gRPC APIs (generated from protobuf)
12//! with strongly-typed request helpers.
13//!
14//! ## Endpoints and transport
15//!
16//! SPIRE exposes multiple gRPC APIs (e.g. the Agent API) over a local endpoint. In most
17//! deployments this is a Unix domain socket.
18//!
19//! The high-level clients in this crate typically accept a pre-built `tonic::transport::Channel`.
20//! This keeps transport configuration explicit and composable (timeouts, TLS, interceptors, etc).
21//!
22//! ## Quick start
23//!
24//! ```no_run
25//! use spire_api::{DelegatedIdentityClient, DelegateAttestationRequest};
26//! use spire_api::selectors;
27//!
28//! # async fn demo() -> Result<(), spire_api::DelegatedIdentityError> {
29//! // Connect using the SPIRE_ADMIN_ENDPOINT_SOCKET environment variable
30//! let client = DelegatedIdentityClient::connect_env().await?;
31//!
32//! // Or connect to a specific endpoint
33//! // let client = DelegatedIdentityClient::connect_to("unix:///tmp/spire-agent/public/admin.sock").await?;
34//!
35//! let svid = client
36//!     .fetch_x509_svid(DelegateAttestationRequest::Selectors(vec![
37//!         selectors::Selector::Unix(selectors::Unix::Uid(1000)),
38//!     ]))
39//!     .await?;
40//!
41//! println!("SPIFFE ID: {}", svid.spiffe_id());
42//! # Ok(())
43//! # }
44//! ```
45//!
46//! ## Generated protobuf types
47//!
48//! Protobuf-generated types are available under [`pb`]. Most users should not need to use these
49//! directly, but they are exposed for advanced use-cases.
50
51/// Protobuf-generated types for SPIRE APIs.
52///
53/// These bindings are generated from SPIRE's protobuf definitions and are considered a
54/// lower-level interface than the high-level clients in this crate.
55pub mod pb {
56    #[allow(
57        missing_docs,
58        clippy::all,
59        clippy::pedantic,
60        clippy::module_name_repetitions,
61        dead_code,
62        non_camel_case_types,
63        non_snake_case,
64        non_upper_case_globals,
65        unused_imports,
66        unused_qualifications
67    )]
68
69    pub mod spire {
70        pub mod api {
71            pub mod agent {
72                pub mod delegatedidentity {
73                    pub mod v1 {
74                        include!("pb/spire.api.agent.delegatedidentity.v1.rs");
75                    }
76                }
77            }
78
79            pub mod types {
80                include!("pb/spire.api.types.rs");
81            }
82        }
83    }
84}
85
86/// SPIRE Agent API clients.
87pub mod agent;
88
89/// Selector types used by SPIRE APIs.
90pub mod selectors;
91
92/// Common re-exports for convenience.
93pub mod prelude {
94    /// Common imports for SPIRE client usage.
95    pub use crate::agent::delegated_identity::{
96        DelegateAttestationRequest, DelegatedIdentityClient, DelegatedIdentityError,
97    };
98    pub use crate::selectors;
99}
100
101pub use agent::delegated_identity::{
102    DelegateAttestationRequest, DelegatedIdentityClient, DelegatedIdentityError,
103};