Skip to main content

TrustBundle

zlayer_types::api::cluster

Struct TrustBundle

pub struct TrustBundle {
    pub v: u32,
    pub cluster_domain: String,
    pub ca_public_key_b64: String,
    pub ca_kid: String,
    pub generated_at: String,
}

Expand description

Public trust bundle for a cluster, distributable out-of-band so other clusters can import it and accept this cluster’s tokens.

Contains the long-lived cluster CA pubkey (not the per-rotation signing key). Federation works by:

Cluster A exports its bundle (GET /api/v1/cluster/trust-bundle).
Operator transports the bundle to cluster B (out-of-band).
Cluster B imports it via the admin endpoint, replicated through Raft so every node converges.
Tokens minted by A’s per-rotation key, carrying A’s ca_chain, now validate against A’s CA pubkey in B’s trusted-bundles map.

Fields§

§v: u32

Format version. 1 today.

§cluster_domain: String

Cluster identity this bundle represents (defaults to cluster UUID; may be a DNS-style domain like prod.zlayer.example).

§ca_public_key_b64: String

URL-safe no-pad base64 of the cluster CA’s Ed25519 verifying key.

§ca_kid: String

Short kid of the CA verifying key (8 hex chars).

§generated_at: String

RFC3339 timestamp of when this bundle snapshot was generated. Imports may compare timestamps to spot stale bundles.

Trait Implementations§

impl Clone for TrustBundle

fn clone(&self) -> TrustBundle

Returns a duplicate of the value. Read more

1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl ComposeSchema for TrustBundle

fn compose(generics: Vec<RefOr<Schema>>) -> RefOr<Schema>

impl Debug for TrustBundle

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl<'de> Deserialize<'de> for TrustBundle

fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more

impl Serialize for TrustBundle

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where S: Serializer,

Serialize this value into the given Serde serializer. Read more

impl ToSchema for TrustBundle

fn name() -> Cow<'static, str>

Return name of the schema. Read more

fn schemas(schemas: &mut Vec<(String, RefOr<Schema>)>)

Implement reference utoipa::openapi::schema::Schemas for this type. Read more

Auto Trait Implementations§

impl Freeze for TrustBundle

impl RefUnwindSafe for TrustBundle

impl Send for TrustBundle

impl Sync for TrustBundle

impl Unpin for TrustBundle

impl UnsafeUnpin for TrustBundle

impl UnwindSafe for TrustBundle

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T> FromBase64 for T
where T: for<'de> Deserialize<'de>,

fn from_base64<Input>(raw: &Input) -> Result<T, Error>
where Input: AsRef<[u8]> + ?Sized,

impl<T> Instrument for T

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> PartialSchema for T
where T: ComposeSchema + ?Sized,

fn schema() -> RefOr<Schema>

Return ref or schema of implementing type that can then be used to construct combined schemas.

impl<T> PolicyExt for T
where T: ?Sized,

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Sized + Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more

impl<T> Same for T

type Output = T

Should always be Self

impl<C> SignWithKey<String> for C
where C: ToBase64,

fn sign_with_key(self, key: &impl SigningAlgorithm) -> Result<String, Error>

impl<T> ToBase64 for T
where T: Serialize,

fn to_base64(&self) -> Result<Cow<'_, str>, Error>

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> WithSubscriber for T

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more