Skip to content
Cofide Cofide

Cofide Connect API Reference (v0.47.0)

Protocol Documentation

Section titled “Protocol Documentation”

Table of Contents

Section titled “Table of Contents”

Top

proto/agent/v1alpha1/agent.proto

Section titled “proto/agent/v1alpha1/agent.proto”

Agent

Section titled “Agent”
FieldTypeLabelDescription
idstringoptional
cluster_idstringoptional
trust_zone_idstringoptional

AgentStatus

Section titled “AgentStatus”
FieldTypeLabelDescription
statusAgentStatusCodeoptional
status_messagestringoptional
last_updatedint64optional

AgentStatusCode

Section titled “AgentStatusCode”
NameNumberDescription
AGENT_STATUS_CODE_UNSPECIFIED0
AGENT_STATUS_CODE_RUNNING1
AGENT_STATUS_CODE_STOPPED2
AGENT_STATUS_CODE_ERROR3
AGENT_STATUS_CODE_STARTING4

Top

proto/ap_binding/v1alpha1/ap_binding.proto

Section titled “proto/ap_binding/v1alpha1/ap_binding.proto”

APBinding

Section titled “APBinding”
FieldTypeLabelDescription
idstringoptional
org_idstringoptional
trust_zone_idstringoptional
policy_idstringoptional
federationsAPBindingFederationrepeated

APBindingFederation

Section titled “APBindingFederation”
FieldTypeLabelDescription
trust_zone_idstringoptional

Top

proto/spire/api/types/selector.proto

Section titled “proto/spire/api/types/selector.proto”

Selector

Section titled “Selector”
FieldTypeLabelDescription
typestringThe type of the selector. This is typically the name of the plugin that produces the selector.
valuestringThe value of the selector.

SelectorMatch

Section titled “SelectorMatch”
FieldTypeLabelDescription
selectorsSelectorrepeatedThe set of selectors to match on.
matchSelectorMatch.MatchBehaviorHow to match the selectors.

SelectorMatch.MatchBehavior

Section titled “SelectorMatch.MatchBehavior”
NameNumberDescription
MATCH_BEHAVIOR_EXACT_UNSPECIFIED0Indicates that the selectors in this match are equal to the candidate selectors, independent of ordering. Example: Given: - ‘e1 { Selectors: [“a:1”, “b:2”, “c:3”]}’ - ‘e2 { Selectors: [“a:1”, “b:2”]}’ - ‘e3 { Selectors: [“a:1”]}’ Operation: - MATCH_EXACT [“a:1”, “b:2”] Entries that match: - ‘e2’
MATCH_BEHAVIOR_SUBSET1Indicates that all candidates which have a non-empty subset of the provided set of selectors will match. Example: Given: - ‘e1 { Selectors: [“a:1”, “b:2”, “c:3”]}’ - ‘e2 { Selectors: [“a:1”, “b:2”]}’ - ‘e3 { Selectors: [“a:1”]}’ Operation: - MATCH_SUBSET [“a:1”] Entries that match: - ‘e1’
MATCH_BEHAVIOR_SUPERSET2Indicates that all candidates which are a superset of the provided selectors will match. Example: Given: - ‘e1 { Selectors: [“a:1”, “b:2”, “c:3”]}’ - ‘e2 { Selectors: [“a:1”, “b:2”]}’ - ‘e3 { Selectors: [“a:1”]}’ Operation: - MATCH_SUPERSET [“a:1”, “b:2”] Entries that match: - ‘e1’ - ‘e2’
MATCH_BEHAVIOR_ANY3Indicates that all candidates which have at least one of the provided set of selectors will match. Example: Given: - ‘e1 { Selectors: [“a:1”, “b:2”, “c:3”]}’ - ‘e2 { Selectors: [“a:1”, “b:2”]}’ - ‘e3 { Selectors: [“a:1”]}’ Operation: - MATCH_ANY [“a:1”] Entries that match: - ‘e1’ - ‘e2’ - ‘e3’

Top

proto/attestation_policy/v1alpha1/attestation_policy.proto

Section titled “proto/attestation_policy/v1alpha1/attestation_policy.proto”

APKubernetes

Section titled “APKubernetes”
FieldTypeLabelDescription
namespace_selectorAPLabelSelectoroptional
pod_selectorAPLabelSelectoroptional
dns_name_templatesstringrepeated
spiffe_id_path_templatestringoptionalCustom SPIFFE ID path format for Connect identity issuance This defines the identity path appended to domain of the trust zone it is bound to

An example spiffe_id_path_template and corresponding SPIFFE ID: ns/{{ .PodMeta.Namespace }}/sa/{{ .PodSpec.ServiceAccountName }} => spiffe://<trust_domain_of_trust_zone>/ns/…/sa/…

This is supported in both Connect and OSS SPIRE via spire-controller-manager Note that the supported templates are a subset of those in the SCM

Valid template components: {{ .ClusterName }} - Name of cluster {{ .PodMeta.Namespace }} - Namespace of the pod {{ index .PodMeta.Labels “key” }} - Pod label value of a provided key {{ index .PodMeta.Annotations “key” }} - Pod annotation value of a provided key {{ .PodSpec.ServiceAccountName }} - Service account of the pod |

APLabelSelector

Section titled “APLabelSelector”

This definition has been adapted from the LabelSelector message in Kubernetes. https://github.com/kubernetes/apimachinery/blob/master/pkg/apis/meta/v1/generated.proto

FieldTypeLabelDescription
match_labelsAPLabelSelector.MatchLabelsEntryrepeated
match_expressionsAPMatchExpressionrepeated

APLabelSelector.MatchLabelsEntry

Section titled “APLabelSelector.MatchLabelsEntry”
FieldTypeLabelDescription
keystring
valuestring

APMatchExpression

Section titled “APMatchExpression”
FieldTypeLabelDescription
keystring
operatorstring
valuesstringrepeated

APStatic

Section titled “APStatic”

APStatic represents a static attestation policy

FieldTypeLabelDescription
spiffe_idstringoptionalDeprecated.
spiffe_id_pathstringoptional
parent_id_pathstringoptional
selectorsspire.api.types.Selectorrepeated
dns_namesstringrepeated

APTPMNode

Section titled “APTPMNode”

APTPMNode represents a node (agent) attesting using a Trusted Platform Module (TPM).

FieldTypeLabelDescription
attestationTPMAttestation
selector_valuesstringrepeatedselector_values are the values of node selectors to use for this node. The key of the selectors will be “tpm”.

AttestationPolicy

Section titled “AttestationPolicy”
FieldTypeLabelDescription
idstringoptional
namestring
org_idstringoptional
kubernetesAPKubernetes
staticAPStatic
tpm_nodeAPTPMNode

TPMAttestation

Section titled “TPMAttestation”

TPMAttestation represents attestation requirements for a node (agent) attesting using a Trusted Platform Module (TPM).

FieldTypeLabelDescription
ek_hashstringoptionalek_hash is the SHA256 hash of the TPM’s Endorsement Key (EK).

Top

proto/trust_provider/v1alpha1/trust_provider.proto

Section titled “proto/trust_provider/v1alpha1/trust_provider.proto”

K8sPsatConfig

Section titled “K8sPsatConfig”
FieldTypeLabelDescription
enabledboolWhether to enable the k8s psat node attestor plugin with a Connect datasource.
allowed_service_accountsK8sPsatConfig.ServiceAccountrepeatedNamespace and name of service accounts agents can use tokens from to attest nodes in this cluster. At least 1 must be provided if the SPIRE server is outside the cluster.
allowed_node_label_keysstringrepeatedNode labels that can be used as selectors in this cluster.
allowed_pod_label_keysstringrepeatedPod labels that can be used as selectors in this cluster.
api_server_ca_certbytesCA certificate of the cluster’s API server. Optional, but required if the SPIRE server is outside the cluster and the cluster’s API server CA is not already trusted by the SPIRE server (very likely).
api_server_urlstringCluster’s API server URL. Required if the SPIRE server is outside the cluster.
api_server_tls_server_namestringAlternative TLS server name to verify the presented certificate with if the hostname of the API server URL is not in the presented certificate.
api_server_proxy_urlstringProxy URL of the API server (if running behind a proxy).
spire_server_audiencestringAudience the SPIRE server should use in the JWT presented to the cluster’s API server. Required if the SPIRE server is outside the cluster.

K8sPsatConfig.ServiceAccount

Section titled “K8sPsatConfig.ServiceAccount”
FieldTypeLabelDescription
namespacestring
service_account_namestring

TrustProvider

Section titled “TrustProvider”
FieldTypeLabelDescription
kindstringoptional
k8s_psat_configK8sPsatConfigConfiguration for the k8s psat node attestor plugin when using a Connect datasource with remote clusters.

Configuration for additional server plugins goes here. More than one may be enabled, to allow node attestation in a cluster to be done in multiple different ways. |

TrustProviderKind

Section titled “TrustProviderKind”
NameNumberDescription
TRUST_PROVIDER_KIND_UNSPECIFIED0
TRUST_PROVIDER_KIND_KUBERNETES1

Top

proto/cluster/v1alpha1/cluster.proto

Section titled “proto/cluster/v1alpha1/cluster.proto”

Cluster

Section titled “Cluster”
FieldTypeLabelDescription
idstringoptional
namestringoptional
org_idstringoptional
trust_zone_idstringoptional
kubernetes_contextstringoptional
trust_providerproto.trust_provider.v1alpha1.TrustProvideroptional
extra_helm_valuesgoogle.protobuf.Structoptional
profilestringoptional
external_serverbooloptional
oidc_issuer_urlstringoptional
oidc_issuer_ca_certbytesoptional

Top

proto/federation/v1alpha1/federation.proto

Section titled “proto/federation/v1alpha1/federation.proto”

Federation

Section titled “Federation”
FieldTypeLabelDescription
idstringoptional
org_idstringoptional
trust_zone_idstringoptional
remote_trust_zone_idstringoptional

Top

proto/spire/api/types/bundle.proto

Section titled “proto/spire/api/types/bundle.proto”

Bundle

Section titled “Bundle”
FieldTypeLabelDescription
trust_domainstringThe name of the trust domain the bundle belongs to (e.g., “example.org”).
x509_authoritiesX509CertificaterepeatedX.509 authorities for authenticating X509-SVIDs.
jwt_authoritiesJWTKeyrepeatedJWT authorities for authenticating JWT-SVIDs.
refresh_hintint64A hint on how often the bundle should be refreshed from the bundle provider, in seconds. Can be zero (meaning no hint available).
sequence_numberuint64The sequence number of the bundle.

BundleMask

Section titled “BundleMask”
FieldTypeLabelDescription
x509_authoritiesboolx509_authorities field mask.
jwt_authoritiesbooljwt_authorities field mask.
refresh_hintboolrefresh_hint field mask.
sequence_numberboolsequence_number field mask.

JWTKey

Section titled “JWTKey”
FieldTypeLabelDescription
public_keybytesThe PKIX encoded public key.
key_idstringThe key identifier.
expires_atint64When the key expires (seconds since Unix epoch). If zero, the key does not expire.
taintedboolThis authority is no longer secure and must not be used

X509Certificate

Section titled “X509Certificate”
FieldTypeLabelDescription
asn1bytesThe ASN.1 DER encoded bytes of the X.509 certificate.
taintedboolThis authority is no longer secure and must not be used.

Top

proto/trust_zone/v1alpha1/trust_zone.proto

Section titled “proto/trust_zone/v1alpha1/trust_zone.proto”

TrustZone

Section titled “TrustZone”
FieldTypeLabelDescription
namestring
trust_domainstring
bundle_endpoint_urlstringoptional
bundlespire.api.types.Bundleoptional
jwt_issuerstringoptional
bundle_endpoint_profileBundleEndpointProfileoptional
idstringoptional
is_management_zonebool
org_idstringoptional

BundleEndpointProfile

Section titled “BundleEndpointProfile”
NameNumberDescription
BUNDLE_ENDPOINT_PROFILE_UNSPECIFIED0
BUNDLE_ENDPOINT_PROFILE_HTTPS_SPIFFE1
BUNDLE_ENDPOINT_PROFILE_HTTPS_WEB2

Top

proto/cofidectl/datasource_plugin/v1alpha2/plugin.proto

Section titled “proto/cofidectl/datasource_plugin/v1alpha2/plugin.proto”

AddAPBindingRequest

Section titled “AddAPBindingRequest”
FieldTypeLabelDescription
bindingproto.ap_binding.v1alpha1.APBindingoptional

AddAPBindingResponse

Section titled “AddAPBindingResponse”
FieldTypeLabelDescription
bindingproto.ap_binding.v1alpha1.APBindingoptional

AddAttestationPolicyRequest

Section titled “AddAttestationPolicyRequest”
FieldTypeLabelDescription
policyproto.attestation_policy.v1alpha1.AttestationPolicyoptional

AddAttestationPolicyResponse

Section titled “AddAttestationPolicyResponse”
FieldTypeLabelDescription
policyproto.attestation_policy.v1alpha1.AttestationPolicyoptional

AddClusterRequest

Section titled “AddClusterRequest”
FieldTypeLabelDescription
clusterproto.cluster.v1alpha1.Clusteroptional

AddClusterResponse

Section titled “AddClusterResponse”
FieldTypeLabelDescription
clusterproto.cluster.v1alpha1.Clusteroptional

AddFederationRequest

Section titled “AddFederationRequest”
FieldTypeLabelDescription
federationproto.federation.v1alpha1.Federationoptional

AddFederationResponse

Section titled “AddFederationResponse”
FieldTypeLabelDescription
federationproto.federation.v1alpha1.Federationoptional

AddTrustZoneRequest

Section titled “AddTrustZoneRequest”
FieldTypeLabelDescription
trust_zoneproto.trust_zone.v1alpha1.TrustZoneoptional

AddTrustZoneResponse

Section titled “AddTrustZoneResponse”
FieldTypeLabelDescription
trust_zoneproto.trust_zone.v1alpha1.TrustZoneoptional

DestroyAPBindingRequest

Section titled “DestroyAPBindingRequest”
FieldTypeLabelDescription
idstringoptional

DestroyAPBindingResponse

Section titled “DestroyAPBindingResponse”

DestroyAttestationPolicyRequest

Section titled “DestroyAttestationPolicyRequest”
FieldTypeLabelDescription
idstringoptional

DestroyAttestationPolicyResponse

Section titled “DestroyAttestationPolicyResponse”

DestroyClusterRequest

Section titled “DestroyClusterRequest”
FieldTypeLabelDescription
idstringoptional

DestroyClusterResponse

Section titled “DestroyClusterResponse”

DestroyFederationRequest

Section titled “DestroyFederationRequest”
FieldTypeLabelDescription
idstringoptional

DestroyFederationResponse

Section titled “DestroyFederationResponse”

DestroyTrustZoneRequest

Section titled “DestroyTrustZoneRequest”
FieldTypeLabelDescription
idstringoptional

DestroyTrustZoneResponse

Section titled “DestroyTrustZoneResponse”

GetAttestationPolicyByNameRequest

Section titled “GetAttestationPolicyByNameRequest”
FieldTypeLabelDescription
namestringoptional

GetAttestationPolicyByNameResponse

Section titled “GetAttestationPolicyByNameResponse”
FieldTypeLabelDescription
policyproto.attestation_policy.v1alpha1.AttestationPolicy

GetAttestationPolicyRequest

Section titled “GetAttestationPolicyRequest”
FieldTypeLabelDescription
idstringoptional

GetAttestationPolicyResponse

Section titled “GetAttestationPolicyResponse”
FieldTypeLabelDescription
policyproto.attestation_policy.v1alpha1.AttestationPolicy

GetClusterByNameRequest

Section titled “GetClusterByNameRequest”
FieldTypeLabelDescription
namestringoptional
trust_zone_idstringoptional

GetClusterByNameResponse

Section titled “GetClusterByNameResponse”
FieldTypeLabelDescription
clusterproto.cluster.v1alpha1.Clusteroptional

GetClusterRequest

Section titled “GetClusterRequest”
FieldTypeLabelDescription
idstringoptional

GetClusterResponse

Section titled “GetClusterResponse”
FieldTypeLabelDescription
clusterproto.cluster.v1alpha1.Clusteroptional

GetTrustZoneByNameRequest

Section titled “GetTrustZoneByNameRequest”
FieldTypeLabelDescription
namestringoptional

GetTrustZoneByNameResponse

Section titled “GetTrustZoneByNameResponse”
FieldTypeLabelDescription
trust_zoneproto.trust_zone.v1alpha1.TrustZoneoptional

GetTrustZoneRequest

Section titled “GetTrustZoneRequest”
FieldTypeLabelDescription
idstringoptional

GetTrustZoneResponse

Section titled “GetTrustZoneResponse”
FieldTypeLabelDescription
trust_zoneproto.trust_zone.v1alpha1.TrustZoneoptional

ListAPBindingsRequest

Section titled “ListAPBindingsRequest”
FieldTypeLabelDescription
filterListAPBindingsRequest.Filteroptional

ListAPBindingsRequest.Filter

Section titled “ListAPBindingsRequest.Filter”
FieldTypeLabelDescription
trust_zone_idstringoptional
policy_idstringoptional

ListAPBindingsResponse

Section titled “ListAPBindingsResponse”
FieldTypeLabelDescription
bindingsproto.ap_binding.v1alpha1.APBindingrepeated

ListAttestationPoliciesRequest

Section titled “ListAttestationPoliciesRequest”

ListAttestationPoliciesResponse

Section titled “ListAttestationPoliciesResponse”
FieldTypeLabelDescription
policiesproto.attestation_policy.v1alpha1.AttestationPolicyrepeated

ListClustersRequest

Section titled “ListClustersRequest”
FieldTypeLabelDescription
filterListClustersRequest.Filteroptional

ListClustersRequest.Filter

Section titled “ListClustersRequest.Filter”
FieldTypeLabelDescription
trust_zone_idstringoptional

ListClustersResponse

Section titled “ListClustersResponse”
FieldTypeLabelDescription
clustersproto.cluster.v1alpha1.Clusterrepeated

ListFederationsRequest

Section titled “ListFederationsRequest”
FieldTypeLabelDescription
filterListFederationsRequest.Filteroptional

ListFederationsRequest.Filter

Section titled “ListFederationsRequest.Filter”
FieldTypeLabelDescription
trust_zone_idstringoptional

ListFederationsResponse

Section titled “ListFederationsResponse”
FieldTypeLabelDescription
federationsproto.federation.v1alpha1.Federationrepeated

ListTrustZonesRequest

Section titled “ListTrustZonesRequest”

ListTrustZonesResponse

Section titled “ListTrustZonesResponse”
FieldTypeLabelDescription
trust_zonesproto.trust_zone.v1alpha1.TrustZonerepeated

UpdateClusterRequest

Section titled “UpdateClusterRequest”
FieldTypeLabelDescription
clusterproto.cluster.v1alpha1.Clusteroptional

UpdateClusterResponse

Section titled “UpdateClusterResponse”
FieldTypeLabelDescription
clusterproto.cluster.v1alpha1.Clusteroptional

UpdateTrustZoneRequest

Section titled “UpdateTrustZoneRequest”
FieldTypeLabelDescription
trust_zoneproto.trust_zone.v1alpha1.TrustZoneoptional

UpdateTrustZoneResponse

Section titled “UpdateTrustZoneResponse”
FieldTypeLabelDescription
trust_zoneproto.trust_zone.v1alpha1.TrustZoneoptional

ValidateRequest

Section titled “ValidateRequest”

ValidateResponse

Section titled “ValidateResponse”

DataSourcePluginService

Section titled “DataSourcePluginService”
Method NameRequest TypeResponse TypeDescription
ValidateValidateRequestValidateResponse
AddTrustZoneAddTrustZoneRequestAddTrustZoneResponse
DestroyTrustZoneDestroyTrustZoneRequestDestroyTrustZoneResponse
GetTrustZoneGetTrustZoneRequestGetTrustZoneResponse
GetTrustZoneByNameGetTrustZoneByNameRequestGetTrustZoneByNameResponse
ListTrustZonesListTrustZonesRequestListTrustZonesResponse
UpdateTrustZoneUpdateTrustZoneRequestUpdateTrustZoneResponse
AddClusterAddClusterRequestAddClusterResponse
DestroyClusterDestroyClusterRequestDestroyClusterResponse
GetClusterGetClusterRequestGetClusterResponse
GetClusterByNameGetClusterByNameRequestGetClusterByNameResponse
ListClustersListClustersRequestListClustersResponse
UpdateClusterUpdateClusterRequestUpdateClusterResponse
AddAttestationPolicyAddAttestationPolicyRequestAddAttestationPolicyResponse
DestroyAttestationPolicyDestroyAttestationPolicyRequestDestroyAttestationPolicyResponse
GetAttestationPolicyGetAttestationPolicyRequestGetAttestationPolicyResponse
GetAttestationPolicyByNameGetAttestationPolicyByNameRequestGetAttestationPolicyByNameResponse
ListAttestationPoliciesListAttestationPoliciesRequestListAttestationPoliciesResponse
AddAPBindingAddAPBindingRequestAddAPBindingResponse
DestroyAPBindingDestroyAPBindingRequestDestroyAPBindingResponse
ListAPBindingsListAPBindingsRequestListAPBindingsResponse
AddFederationAddFederationRequestAddFederationResponse
DestroyFederationDestroyFederationRequestDestroyFederationResponse
ListFederationsListFederationsRequestListFederationsResponse

Top

proto/cofidectl/provision_plugin/v1alpha2/plugin.proto

Section titled “proto/cofidectl/provision_plugin/v1alpha2/plugin.proto”

DeployRequest

Section titled “DeployRequest”
FieldTypeLabelDescription
data_sourceuint32optional
kube_cfg_filestringoptional
trust_zone_idsstringrepeated

DeployResponse

Section titled “DeployResponse”
FieldTypeLabelDescription
statusStatusoptional

GetHelmValuesRequest

Section titled “GetHelmValuesRequest”
FieldTypeLabelDescription
data_sourceuint32optional
cluster_idstringoptional

GetHelmValuesResponse

Section titled “GetHelmValuesResponse”
FieldTypeLabelDescription
helm_valuesgoogle.protobuf.Structoptional

Status

Section titled “Status”
FieldTypeLabelDescription
stagestringoptional
messagestringoptional
donebooloptional
errorstringoptional

TearDownRequest

Section titled “TearDownRequest”
FieldTypeLabelDescription
data_sourceuint32optional
kube_cfg_filestringoptional
trust_zone_idsstringrepeated

TearDownResponse

Section titled “TearDownResponse”
FieldTypeLabelDescription
statusStatusoptional

ValidateRequest

Section titled “ValidateRequest”

ValidateResponse

Section titled “ValidateResponse”

ProvisionPluginService

Section titled “ProvisionPluginService”
Method NameRequest TypeResponse TypeDescription
ValidateValidateRequestValidateResponse
DeployDeployRequestDeployResponse stream
TearDownTearDownRequestTearDownResponse stream
GetHelmValuesGetHelmValuesRequestGetHelmValuesResponse

Top

proto/cofidectl_plugin/v1alpha1/plugin.proto

Section titled “proto/cofidectl_plugin/v1alpha1/plugin.proto”

AddAPBindingRequest

Section titled “AddAPBindingRequest”
FieldTypeLabelDescription
bindingproto.ap_binding.v1alpha1.APBindingoptional

AddAPBindingResponse

Section titled “AddAPBindingResponse”
FieldTypeLabelDescription
bindingproto.ap_binding.v1alpha1.APBindingoptional

AddAttestationPolicyRequest

Section titled “AddAttestationPolicyRequest”
FieldTypeLabelDescription
policyproto.attestation_policy.v1alpha1.AttestationPolicyoptional

AddAttestationPolicyResponse

Section titled “AddAttestationPolicyResponse”
FieldTypeLabelDescription
policyproto.attestation_policy.v1alpha1.AttestationPolicyoptional

AddClusterRequest

Section titled “AddClusterRequest”
FieldTypeLabelDescription
clusterproto.cluster.v1alpha1.Clusteroptional

AddClusterResponse

Section titled “AddClusterResponse”
FieldTypeLabelDescription
clusterproto.cluster.v1alpha1.Clusteroptional

AddFederationRequest

Section titled “AddFederationRequest”
FieldTypeLabelDescription
federationproto.federation.v1alpha1.Federationoptional

AddFederationResponse

Section titled “AddFederationResponse”
FieldTypeLabelDescription
federationproto.federation.v1alpha1.Federationoptional

AddTrustZoneRequest

Section titled “AddTrustZoneRequest”
FieldTypeLabelDescription
trust_zoneproto.trust_zone.v1alpha1.TrustZoneoptional

AddTrustZoneResponse

Section titled “AddTrustZoneResponse”
FieldTypeLabelDescription
trust_zoneproto.trust_zone.v1alpha1.TrustZoneoptional

DestroyAPBindingRequest

Section titled “DestroyAPBindingRequest”
FieldTypeLabelDescription
bindingproto.ap_binding.v1alpha1.APBindingoptional

DestroyAPBindingResponse

Section titled “DestroyAPBindingResponse”

DestroyAttestationPolicyRequest

Section titled “DestroyAttestationPolicyRequest”
FieldTypeLabelDescription
namestringoptional

DestroyAttestationPolicyResponse

Section titled “DestroyAttestationPolicyResponse”

DestroyClusterRequest

Section titled “DestroyClusterRequest”
FieldTypeLabelDescription
namestringoptional
trust_zonestringoptional

DestroyClusterResponse

Section titled “DestroyClusterResponse”

DestroyFederationRequest

Section titled “DestroyFederationRequest”
FieldTypeLabelDescription
federationproto.federation.v1alpha1.Federationoptional

DestroyFederationResponse

Section titled “DestroyFederationResponse”

DestroyTrustZoneRequest

Section titled “DestroyTrustZoneRequest”
FieldTypeLabelDescription
namestringoptional

DestroyTrustZoneResponse

Section titled “DestroyTrustZoneResponse”

GetAttestationPolicyRequest

Section titled “GetAttestationPolicyRequest”
FieldTypeLabelDescription
namestringoptional

GetAttestationPolicyResponse

Section titled “GetAttestationPolicyResponse”
FieldTypeLabelDescription
policyproto.attestation_policy.v1alpha1.AttestationPolicy

GetClusterRequest

Section titled “GetClusterRequest”
FieldTypeLabelDescription
namestringoptional
trust_zonestringoptional

GetClusterResponse

Section titled “GetClusterResponse”
FieldTypeLabelDescription
clusterproto.cluster.v1alpha1.Clusteroptional

GetTrustZoneRequest

Section titled “GetTrustZoneRequest”
FieldTypeLabelDescription
namestringoptional

GetTrustZoneResponse

Section titled “GetTrustZoneResponse”
FieldTypeLabelDescription
trust_zoneproto.trust_zone.v1alpha1.TrustZoneoptional

ListAPBindingsRequest

Section titled “ListAPBindingsRequest”
FieldTypeLabelDescription
filterListAPBindingsRequest.Filteroptional

ListAPBindingsRequest.Filter

Section titled “ListAPBindingsRequest.Filter”
FieldTypeLabelDescription
trust_zone_namestringoptional
policy_namestringoptional

ListAPBindingsResponse

Section titled “ListAPBindingsResponse”
FieldTypeLabelDescription
bindingsproto.ap_binding.v1alpha1.APBindingrepeated

ListAttestationPoliciesRequest

Section titled “ListAttestationPoliciesRequest”

ListAttestationPoliciesResponse

Section titled “ListAttestationPoliciesResponse”
FieldTypeLabelDescription
policiesproto.attestation_policy.v1alpha1.AttestationPolicyrepeated

ListClustersRequest

Section titled “ListClustersRequest”
FieldTypeLabelDescription
trust_zonestringoptional

ListClustersResponse

Section titled “ListClustersResponse”
FieldTypeLabelDescription
clustersproto.cluster.v1alpha1.Clusterrepeated

ListFederationsByTrustZoneRequest

Section titled “ListFederationsByTrustZoneRequest”
FieldTypeLabelDescription
trust_zone_namestringoptional

ListFederationsByTrustZoneResponse

Section titled “ListFederationsByTrustZoneResponse”
FieldTypeLabelDescription
federationsproto.federation.v1alpha1.Federationrepeated

ListFederationsRequest

Section titled “ListFederationsRequest”

ListFederationsResponse

Section titled “ListFederationsResponse”
FieldTypeLabelDescription
federationsproto.federation.v1alpha1.Federationrepeated

ListTrustZonesRequest

Section titled “ListTrustZonesRequest”

ListTrustZonesResponse

Section titled “ListTrustZonesResponse”
FieldTypeLabelDescription
trust_zonesproto.trust_zone.v1alpha1.TrustZonerepeated

UpdateClusterRequest

Section titled “UpdateClusterRequest”
FieldTypeLabelDescription
clusterproto.cluster.v1alpha1.Clusteroptional

UpdateClusterResponse

Section titled “UpdateClusterResponse”
FieldTypeLabelDescription
clusterproto.cluster.v1alpha1.Clusteroptional

UpdateTrustZoneRequest

Section titled “UpdateTrustZoneRequest”
FieldTypeLabelDescription
trust_zoneproto.trust_zone.v1alpha1.TrustZoneoptional

UpdateTrustZoneResponse

Section titled “UpdateTrustZoneResponse”
FieldTypeLabelDescription
trust_zoneproto.trust_zone.v1alpha1.TrustZoneoptional

ValidateRequest

Section titled “ValidateRequest”

ValidateResponse

Section titled “ValidateResponse”

DataSourcePluginService

Section titled “DataSourcePluginService”
Method NameRequest TypeResponse TypeDescription
ValidateValidateRequestValidateResponse
AddTrustZoneAddTrustZoneRequestAddTrustZoneResponse
DestroyTrustZoneDestroyTrustZoneRequestDestroyTrustZoneResponse
GetTrustZoneGetTrustZoneRequestGetTrustZoneResponse
ListTrustZonesListTrustZonesRequestListTrustZonesResponse
UpdateTrustZoneUpdateTrustZoneRequestUpdateTrustZoneResponse
AddClusterAddClusterRequestAddClusterResponse
DestroyClusterDestroyClusterRequestDestroyClusterResponse
GetClusterGetClusterRequestGetClusterResponse
ListClustersListClustersRequestListClustersResponse
UpdateClusterUpdateClusterRequestUpdateClusterResponse
AddAttestationPolicyAddAttestationPolicyRequestAddAttestationPolicyResponse
DestroyAttestationPolicyDestroyAttestationPolicyRequestDestroyAttestationPolicyResponse
GetAttestationPolicyGetAttestationPolicyRequestGetAttestationPolicyResponse
ListAttestationPoliciesListAttestationPoliciesRequestListAttestationPoliciesResponse
AddAPBindingAddAPBindingRequestAddAPBindingResponse
DestroyAPBindingDestroyAPBindingRequestDestroyAPBindingResponse
ListAPBindingsListAPBindingsRequestListAPBindingsResponse
AddFederationAddFederationRequestAddFederationResponse
DestroyFederationDestroyFederationRequestDestroyFederationResponse
ListFederationsListFederationsRequestListFederationsResponse
ListFederationsByTrustZoneListFederationsByTrustZoneRequestListFederationsByTrustZoneResponse

Top

proto/plugins/v1alpha1/plugins.proto

Section titled “proto/plugins/v1alpha1/plugins.proto”

Plugins

Section titled “Plugins”
FieldTypeLabelDescription
data_sourcestringoptional
provisionstringoptional

Top

proto/config/v1alpha1/config.proto

Section titled “proto/config/v1alpha1/config.proto”

Config

Section titled “Config”
FieldTypeLabelDescription
trust_zonesproto.trust_zone.v1alpha1.TrustZonerepeated
clustersproto.cluster.v1alpha1.Clusterrepeated
attestation_policiesproto.attestation_policy.v1alpha1.AttestationPolicyrepeated
plugin_configConfig.PluginConfigEntryrepeated
pluginsproto.plugins.v1alpha1.Pluginsoptional
federationsproto.federation.v1alpha1.Federationrepeated
ap_bindingsproto.ap_binding.v1alpha1.APBindingrepeated

Config.PluginConfigEntry

Section titled “Config.PluginConfigEntry”
FieldTypeLabelDescription
keystring
valuegoogle.protobuf.Struct

Top

proto/federated_service/v1alpha1/federated_service.proto

Section titled “proto/federated_service/v1alpha1/federated_service.proto”

FederatedService

Section titled “FederatedService”
FieldTypeLabelDescription
idstring
namestring
namespacestring
cluster_namestring
trust_domainstring
workload_labelsFederatedService.WorkloadLabelsEntryrepeated
exported_trust_domainsstringrepeated
portuint32
gateway_entriesGatewayEntryrepeated
gateway_specsGatewaySpecrepeated
tls_modeTLSMode

FederatedService.WorkloadLabelsEntry

Section titled “FederatedService.WorkloadLabelsEntry”
FieldTypeLabelDescription
keystring
valuestring

GatewayEntry

Section titled “GatewayEntry”
FieldTypeLabelDescription
hostnamestring
typestring
ipstring
portint32

GatewaySpec

Section titled “GatewaySpec”
FieldTypeLabelDescription
hostnamestring
typestring
ipstring
portint32

TLSMode

Section titled “TLSMode”
NameNumberDescription
TLS_MODE_UNSPECIFIED0
TLS_MODE_MTLS1
TLS_MODE_ISTIO_MTLS2

Top

proto/connect/agent_service/v1alpha1/agent_service.proto

Section titled “proto/connect/agent_service/v1alpha1/agent_service.proto”

CreateAgentJoinTokenRequest

Section titled “CreateAgentJoinTokenRequest”
FieldTypeLabelDescription
trust_zone_idstringoptional
cluster_idstringoptional

CreateAgentJoinTokenResponse

Section titled “CreateAgentJoinTokenResponse”
FieldTypeLabelDescription
agent_tokenstringoptional

DeregisterFederatedServiceRequest

Section titled “DeregisterFederatedServiceRequest”
FieldTypeLabelDescription
service_idstring

DeregisterFederatedServiceResponse

Section titled “DeregisterFederatedServiceResponse”
FieldTypeLabelDescription
service_idstring

GetFederatedServiceRequest

Section titled “GetFederatedServiceRequest”
FieldTypeLabelDescription
service_idstring

GetFederatedServiceResponse

Section titled “GetFederatedServiceResponse”
FieldTypeLabelDescription
serviceproto.federated_service.v1alpha1.FederatedService

ListFederatedServicesRequest

Section titled “ListFederatedServicesRequest”
FieldTypeLabelDescription
org_idstring

ListFederatedServicesResponse

Section titled “ListFederatedServicesResponse”
FieldTypeLabelDescription
servicesproto.federated_service.v1alpha1.FederatedServicerepeated

RegisterFederatedServiceRequest

Section titled “RegisterFederatedServiceRequest”
FieldTypeLabelDescription
serviceproto.federated_service.v1alpha1.FederatedService

RegisterFederatedServiceResponse

Section titled “RegisterFederatedServiceResponse”
FieldTypeLabelDescription
service_idstring

UpdateAgentStatusRequest

Section titled “UpdateAgentStatusRequest”
FieldTypeLabelDescription
statusproto.agent.v1alpha1.AgentStatus

UpdateAgentStatusResponse

Section titled “UpdateAgentStatusResponse”

UpdateFederatedServiceRequest

Section titled “UpdateFederatedServiceRequest”
FieldTypeLabelDescription
serviceproto.federated_service.v1alpha1.FederatedService

UpdateFederatedServiceResponse

Section titled “UpdateFederatedServiceResponse”
FieldTypeLabelDescription
service_idstring

AgentService

Section titled “AgentService”
Method NameRequest TypeResponse TypeDescription
CreateAgentJoinTokenCreateAgentJoinTokenRequestCreateAgentJoinTokenResponse
UpdateAgentStatusUpdateAgentStatusRequestUpdateAgentStatusResponse
RegisterFederatedServiceRegisterFederatedServiceRequestRegisterFederatedServiceResponse
DeregisterFederatedServiceDeregisterFederatedServiceRequestDeregisterFederatedServiceResponse
UpdateFederatedServiceUpdateFederatedServiceRequestUpdateFederatedServiceResponse
GetFederatedServiceGetFederatedServiceRequestGetFederatedServiceResponse
ListFederatedServicesListFederatedServicesRequestListFederatedServicesResponse

Top

proto/connect/ap_binding_service/v1alpha1/ap_binding_service.proto

Section titled “proto/connect/ap_binding_service/v1alpha1/ap_binding_service.proto”

CreateAPBindingRequest

Section titled “CreateAPBindingRequest”
FieldTypeLabelDescription
bindingproto.ap_binding.v1alpha1.APBindingoptional

CreateAPBindingResponse

Section titled “CreateAPBindingResponse”
FieldTypeLabelDescription
bindingproto.ap_binding.v1alpha1.APBindingoptional

DestroyAPBindingRequest

Section titled “DestroyAPBindingRequest”
FieldTypeLabelDescription
binding_idstringoptional

DestroyAPBindingResponse

Section titled “DestroyAPBindingResponse”

GetAPBindingRequest

Section titled “GetAPBindingRequest”
FieldTypeLabelDescription
binding_idstringoptional

GetAPBindingResponse

Section titled “GetAPBindingResponse”
FieldTypeLabelDescription
bindingproto.ap_binding.v1alpha1.APBindingoptional

ListAPBindingsRequest

Section titled “ListAPBindingsRequest”
FieldTypeLabelDescription
filterListAPBindingsRequest.Filteroptional

ListAPBindingsRequest.Filter

Section titled “ListAPBindingsRequest.Filter”
FieldTypeLabelDescription
org_idstringoptional
trust_zone_idstringoptional
policy_idstringoptional

ListAPBindingsResponse

Section titled “ListAPBindingsResponse”
FieldTypeLabelDescription
bindingsproto.ap_binding.v1alpha1.APBindingrepeated

UpdateAPBindingRequest

Section titled “UpdateAPBindingRequest”
FieldTypeLabelDescription
bindingproto.ap_binding.v1alpha1.APBindingoptional

UpdateAPBindingResponse

Section titled “UpdateAPBindingResponse”
FieldTypeLabelDescription
bindingproto.ap_binding.v1alpha1.APBindingoptional

APBindingService

Section titled “APBindingService”
Method NameRequest TypeResponse TypeDescription
CreateAPBindingCreateAPBindingRequestCreateAPBindingResponse
DestroyAPBindingDestroyAPBindingRequestDestroyAPBindingResponse
GetAPBindingGetAPBindingRequestGetAPBindingResponse
ListAPBindingsListAPBindingsRequestListAPBindingsResponse
UpdateAPBindingUpdateAPBindingRequestUpdateAPBindingResponse

Top

proto/connect/attestation_policy_service/v1alpha1/attestation_policy_service.proto

Section titled “proto/connect/attestation_policy_service/v1alpha1/attestation_policy_service.proto”

CreateAttestationPolicyRequest

Section titled “CreateAttestationPolicyRequest”
FieldTypeLabelDescription
policyproto.attestation_policy.v1alpha1.AttestationPolicyoptional

CreateAttestationPolicyResponse

Section titled “CreateAttestationPolicyResponse”
FieldTypeLabelDescription
policyproto.attestation_policy.v1alpha1.AttestationPolicyoptional

DestroyAttestationPolicyRequest

Section titled “DestroyAttestationPolicyRequest”
FieldTypeLabelDescription
policy_idstringoptional

DestroyAttestationPolicyResponse

Section titled “DestroyAttestationPolicyResponse”

GetAttestationPolicyRequest

Section titled “GetAttestationPolicyRequest”
FieldTypeLabelDescription
policy_idstringoptional

GetAttestationPolicyResponse

Section titled “GetAttestationPolicyResponse”
FieldTypeLabelDescription
policyproto.attestation_policy.v1alpha1.AttestationPolicyoptional

ListAttestationPoliciesRequest

Section titled “ListAttestationPoliciesRequest”
FieldTypeLabelDescription
filterListAttestationPoliciesRequest.Filteroptional

ListAttestationPoliciesRequest.Filter

Section titled “ListAttestationPoliciesRequest.Filter”
FieldTypeLabelDescription
namestringoptional
org_idstringoptional
trust_zone_idstringoptional
kindAttestationPolicyKindoptional
tpm_nodeListAttestationPoliciesRequest.TPMNodeFilteroptional

ListAttestationPoliciesRequest.TPMNodeFilter

Section titled “ListAttestationPoliciesRequest.TPMNodeFilter”
FieldTypeLabelDescription
ek_hashstringoptional

ListAttestationPoliciesResponse

Section titled “ListAttestationPoliciesResponse”
FieldTypeLabelDescription
policiesproto.attestation_policy.v1alpha1.AttestationPolicyrepeated

UpdateAttestationPolicyRequest

Section titled “UpdateAttestationPolicyRequest”
FieldTypeLabelDescription
policyproto.attestation_policy.v1alpha1.AttestationPolicyoptional

UpdateAttestationPolicyResponse

Section titled “UpdateAttestationPolicyResponse”
FieldTypeLabelDescription
policyproto.attestation_policy.v1alpha1.AttestationPolicyoptional

AttestationPolicyKind

Section titled “AttestationPolicyKind”
NameNumberDescription
ATTESTATION_POLICY_KIND_UNSPECIFIED0
ATTESTATION_POLICY_KIND_KUBERNETES1
ATTESTATION_POLICY_KIND_STATIC2
ATTESTATION_POLICY_KIND_TPM_NODE3

AttestationPolicyService

Section titled “AttestationPolicyService”
Method NameRequest TypeResponse TypeDescription
CreateAttestationPolicyCreateAttestationPolicyRequestCreateAttestationPolicyResponse
DestroyAttestationPolicyDestroyAttestationPolicyRequestDestroyAttestationPolicyResponse
GetAttestationPolicyGetAttestationPolicyRequestGetAttestationPolicyResponse
ListAttestationPoliciesListAttestationPoliciesRequestListAttestationPoliciesResponse
UpdateAttestationPolicyUpdateAttestationPolicyRequestUpdateAttestationPolicyResponse

Top

proto/connect/cluster_service/v1alpha1/cluster_service.proto

Section titled “proto/connect/cluster_service/v1alpha1/cluster_service.proto”

CreateClusterRequest

Section titled “CreateClusterRequest”
FieldTypeLabelDescription
clusterproto.cluster.v1alpha1.Clusteroptional

CreateClusterResponse

Section titled “CreateClusterResponse”
FieldTypeLabelDescription
clusterproto.cluster.v1alpha1.Clusteroptional

DestroyClusterRequest

Section titled “DestroyClusterRequest”
FieldTypeLabelDescription
cluster_idstringoptional

DestroyClusterResponse

Section titled “DestroyClusterResponse”

GetClusterRequest

Section titled “GetClusterRequest”
FieldTypeLabelDescription
cluster_idstringoptional

GetClusterResponse

Section titled “GetClusterResponse”
FieldTypeLabelDescription
clusterproto.cluster.v1alpha1.Clusteroptional

ListClustersRequest

Section titled “ListClustersRequest”
FieldTypeLabelDescription
filterListClustersRequest.Filteroptional

ListClustersRequest.Filter

Section titled “ListClustersRequest.Filter”
FieldTypeLabelDescription
namestringoptional
org_idstringoptional
trust_zone_idstringoptional

ListClustersResponse

Section titled “ListClustersResponse”
FieldTypeLabelDescription
clustersproto.cluster.v1alpha1.Clusterrepeated

UpdateClusterRequest

Section titled “UpdateClusterRequest”
FieldTypeLabelDescription
clusterproto.cluster.v1alpha1.Clusteroptional

UpdateClusterResponse

Section titled “UpdateClusterResponse”
FieldTypeLabelDescription
clusterproto.cluster.v1alpha1.Clusteroptional

ClusterService

Section titled “ClusterService”
Method NameRequest TypeResponse TypeDescription
CreateClusterCreateClusterRequestCreateClusterResponse
DestroyClusterDestroyClusterRequestDestroyClusterResponse
GetClusterGetClusterRequestGetClusterResponse
ListClustersListClustersRequestListClustersResponse
UpdateClusterUpdateClusterRequestUpdateClusterResponse

Top

proto/connect/datastore_service/v1alpha1/datastore.proto

Section titled “proto/connect/datastore_service/v1alpha1/datastore.proto”

AttestedNode

Section titled “AttestedNode”

Represents an attested SPIRE agent

FieldTypeLabelDescription
org_idstringOrganisation ID
trust_zone_idstringTrust zone ID
spiffe_idstringNode SPIFFE ID
attestation_data_typestringAttestation data type
cert_serial_numberstringNode certificate serial number
cert_not_afterint64Node certificate not_after (seconds since unix epoch)
new_cert_serial_numberstringNode certificate serial number
new_cert_not_afterint64Node certificate not_after (seconds since unix epoch)
selectorsSelectorrepeatedNode selectors
can_reattestboolCanReattest field (can the attestation safely be deleted and recreated automatically)

Selector

Section titled “Selector”

A type which describes the conditions under which a registration entry is matched.

FieldTypeLabelDescription
typestringA selector type represents the type of attestation used in attesting the entity (Eg: AWS, K8).
valuestringThe value to be attested.

Selectors

Section titled “Selectors”

Represents a type with a list of Selector.

FieldTypeLabelDescription
entriesSelectorrepeatedA list of Selector.

Top

proto/connect/datastore_service/v1alpha1/datastore_service.proto

Section titled “proto/connect/datastore_service/v1alpha1/datastore_service.proto”

AttestedNodeMask

Section titled “AttestedNodeMask”
FieldTypeLabelDescription
attestation_data_typebool
cert_serial_numberbool
cert_not_afterbool
new_cert_serial_numberbool
new_cert_not_afterbool
can_reattestbool

CountAttestedNodesRequest

Section titled “CountAttestedNodesRequest”

Node operations request/response messages

FieldTypeLabelDescription
trust_zone_idstringoptional

CountAttestedNodesResponse

Section titled “CountAttestedNodesResponse”
FieldTypeLabelDescription
countint32

CreateAttestedNodeRequest

Section titled “CreateAttestedNodeRequest”
FieldTypeLabelDescription
nodeAttestedNode
trust_zone_idstringoptional

CreateAttestedNodeResponse

Section titled “CreateAttestedNodeResponse”
FieldTypeLabelDescription
nodeAttestedNode

DeleteAttestedNodeRequest

Section titled “DeleteAttestedNodeRequest”
FieldTypeLabelDescription
spiffe_idstring
trust_zone_idstringoptional

DeleteAttestedNodeResponse

Section titled “DeleteAttestedNodeResponse”
FieldTypeLabelDescription
nodeAttestedNodeoptional

FetchAttestedNodeRequest

Section titled “FetchAttestedNodeRequest”
FieldTypeLabelDescription
spiffe_idstring
trust_zone_idstringoptional

FetchAttestedNodeResponse

Section titled “FetchAttestedNodeResponse”
FieldTypeLabelDescription
nodeAttestedNodeoptional

GetNodeSelectorsRequest

Section titled “GetNodeSelectorsRequest”

Node Selector operations request/response messages

FieldTypeLabelDescription
spiffe_idstring
trust_zone_idstringoptional

GetNodeSelectorsResponse

Section titled “GetNodeSelectorsResponse”
FieldTypeLabelDescription
spiffe_idstring
selectorsSelectorrepeated

ListAttestedNodesRequest

Section titled “ListAttestedNodesRequest”
FieldTypeLabelDescription
by_attestation_typestringoptionalFilters nodes by attestation type
by_bannedbooloptionalFilters nodes by banned status
by_expires_beforeint64optionalFilters nodes that expire before the specified timestamp
by_selector_matchListAttestedNodesRequest.BySelectorsoptional
fetch_selectorsbooloptionalWhether to fetch selectors with nodes
by_can_reattestbooloptionalFilters nodes by ability to re-attest
trust_zone_idstringoptional

ListAttestedNodesRequest.BySelectors

Section titled “ListAttestedNodesRequest.BySelectors”

Filters nodes by selectors

FieldTypeLabelDescription
selectorsSelectorrepeated
matchListAttestedNodesRequest.MatchBehavior

ListAttestedNodesResponse

Section titled “ListAttestedNodesResponse”
FieldTypeLabelDescription
nodesAttestedNoderepeated

ListNodeSelectorsRequest

Section titled “ListNodeSelectorsRequest”
FieldTypeLabelDescription
valid_atint64optional
trust_zone_idstringoptional

ListNodeSelectorsResponse

Section titled “ListNodeSelectorsResponse”
FieldTypeLabelDescription
selectorsListNodeSelectorsResponse.SelectorsEntryrepeated

ListNodeSelectorsResponse.NodeSelectors

Section titled “ListNodeSelectorsResponse.NodeSelectors”
FieldTypeLabelDescription
selectorsSelectorrepeated

ListNodeSelectorsResponse.SelectorsEntry

Section titled “ListNodeSelectorsResponse.SelectorsEntry”
FieldTypeLabelDescription
keystring
valueListNodeSelectorsResponse.NodeSelectors

PruneAttestedExpiredNodesRequest

Section titled “PruneAttestedExpiredNodesRequest”
FieldTypeLabelDescription
trust_zone_idstring
expired_beforegoogle.protobuf.Timestamp
include_non_reattestablebool

PruneAttestedExpiredNodesResponse

Section titled “PruneAttestedExpiredNodesResponse”

SetNodeSelectorsRequest

Section titled “SetNodeSelectorsRequest”
FieldTypeLabelDescription
spiffe_idstring
selectorsSelectorrepeated
trust_zone_idstringoptional

SetNodeSelectorsResponse

Section titled “SetNodeSelectorsResponse”

UpdateAttestedNodeRequest

Section titled “UpdateAttestedNodeRequest”
FieldTypeLabelDescription
nodeAttestedNode
maskAttestedNodeMask
trust_zone_idstringoptional

UpdateAttestedNodeResponse

Section titled “UpdateAttestedNodeResponse”
FieldTypeLabelDescription
nodeAttestedNodeoptional

ListAttestedNodesRequest.MatchBehavior

Section titled “ListAttestedNodesRequest.MatchBehavior”
NameNumberDescription
MATCH_BEHAVIOR_EXACT_UNSPECIFIED0
MATCH_BEHAVIOR_SUBSET1
MATCH_BEHAVIOR_SUPERSET2
MATCH_BEHAVIOR_MATCH_ANY3

DataStoreService

Section titled “DataStoreService”

DataStoreService defines the gRPC service for the SPIRE server DataStore interface

Method NameRequest TypeResponse TypeDescription
CountAttestedNodesCountAttestedNodesRequestCountAttestedNodesResponseNode operations
CreateAttestedNodeCreateAttestedNodeRequestCreateAttestedNodeResponse
DeleteAttestedNodeDeleteAttestedNodeRequestDeleteAttestedNodeResponse
FetchAttestedNodeFetchAttestedNodeRequestFetchAttestedNodeResponse
UpdateAttestedNodeUpdateAttestedNodeRequestUpdateAttestedNodeResponse
ListAttestedNodesListAttestedNodesRequestListAttestedNodesResponse
PruneAttestedExpiredNodesPruneAttestedExpiredNodesRequestPruneAttestedExpiredNodesResponse
GetNodeSelectorsGetNodeSelectorsRequestGetNodeSelectorsResponseNode Selector operations
SetNodeSelectorsSetNodeSelectorsRequestSetNodeSelectorsResponse
ListNodeSelectorsListNodeSelectorsRequestListNodeSelectorsResponse

Top

proto/exchange_policy/v1alpha1/exchange_policy.proto

Section titled “proto/exchange_policy/v1alpha1/exchange_policy.proto”

ExchangePolicy

Section titled “ExchangePolicy”

ExchangePolicy defines a rule for permitting or denying Credex token exchanges within a trust zone

FieldTypeLabelDescription
idstringThe unique ID of the exchange policy. Generated by the server.
org_idstringOrganization to which the exchange policy belongs. Derived from the trust zone by the API service.
namestring
trust_zone_idstringTrust zone to which this policy applies. Immutable after creation.
actionExchangePolicyActionoptionalAction to take when all conditions match. Defaults to ALLOW when unset.
subject_identityStringSetMatch conditions on the inbound subject token
subject_issuerStringSet
actor_identityStringSetMatch conditions on the optional inbound actor
actor_issuerStringSet
client_idStringSetMatch condition on the OAuth client_id presenting the exchange request
target_audienceStringSetMatch condition on the requested target audience
outbound_scopesstringrepeatedOutbound scopes to grant. Only relevant when action is ALLOW.

StringMatcher

Section titled “StringMatcher”
FieldTypeLabelDescription
exactstringExact string equality.
globstringGlob pattern (e.g. spiffe://trust.domain/ns//sa/).

StringSet

Section titled “StringSet”

StringSet holds a collection of StringMatchers evaluated with OR semantics.

FieldTypeLabelDescription
matchersStringMatcherrepeated

ExchangePolicyAction

Section titled “ExchangePolicyAction”
NameNumberDescription
EXCHANGE_POLICY_ACTION_UNSPECIFIED0treated as ALLOW
EXCHANGE_POLICY_ACTION_ALLOW1
EXCHANGE_POLICY_ACTION_DENY2

Top

proto/connect/exchange_policy_service/v1alpha1/exchange_policy_service.proto

Section titled “proto/connect/exchange_policy_service/v1alpha1/exchange_policy_service.proto”

CreateExchangePolicyRequest

Section titled “CreateExchangePolicyRequest”
FieldTypeLabelDescription
exchange_policyproto.exchange_policy.v1alpha1.ExchangePolicy

CreateExchangePolicyResponse

Section titled “CreateExchangePolicyResponse”
FieldTypeLabelDescription
exchange_policyproto.exchange_policy.v1alpha1.ExchangePolicy

DestroyExchangePolicyRequest

Section titled “DestroyExchangePolicyRequest”
FieldTypeLabelDescription
exchange_policy_idstring

DestroyExchangePolicyResponse

Section titled “DestroyExchangePolicyResponse”

GetExchangePolicyRequest

Section titled “GetExchangePolicyRequest”
FieldTypeLabelDescription
exchange_policy_idstring

GetExchangePolicyResponse

Section titled “GetExchangePolicyResponse”
FieldTypeLabelDescription
exchange_policyproto.exchange_policy.v1alpha1.ExchangePolicyoptional

ListExchangePoliciesRequest

Section titled “ListExchangePoliciesRequest”
FieldTypeLabelDescription
filterListExchangePoliciesRequest.Filter

ListExchangePoliciesRequest.Filter

Section titled “ListExchangePoliciesRequest.Filter”
FieldTypeLabelDescription
namestring
org_idstring
trust_zone_idstring

ListExchangePoliciesResponse

Section titled “ListExchangePoliciesResponse”
FieldTypeLabelDescription
exchange_policiesproto.exchange_policy.v1alpha1.ExchangePolicyrepeated

UpdateExchangePolicyRequest

Section titled “UpdateExchangePolicyRequest”
FieldTypeLabelDescription
exchange_policyproto.exchange_policy.v1alpha1.ExchangePolicy
update_maskUpdateExchangePolicyRequest.UpdateMaskoptionalThe list of fields to be updated. If not provided a full replacement will be made.

UpdateExchangePolicyRequest.UpdateMask

Section titled “UpdateExchangePolicyRequest.UpdateMask”
FieldTypeLabelDescription
nameboolSet to true to update the name field.
actionboolSet to true to update the action field.
subject_identityboolSet to true to update the subject_identity field.
subject_issuerboolSet to true to update the subject_issuer field.
actor_identityboolSet to true to update the actor_identity field.
actor_issuerboolSet to true to update the actor_issuer field.
client_idboolSet to true to update the client_id field.
target_audienceboolSet to true to update the target_audience field.
outbound_scopesboolSet to true to update the outbound_scopes field.

UpdateExchangePolicyResponse

Section titled “UpdateExchangePolicyResponse”
FieldTypeLabelDescription
exchange_policyproto.exchange_policy.v1alpha1.ExchangePolicy

ExchangePolicyService

Section titled “ExchangePolicyService”
Method NameRequest TypeResponse TypeDescription
CreateExchangePolicyCreateExchangePolicyRequestCreateExchangePolicyResponse
DestroyExchangePolicyDestroyExchangePolicyRequestDestroyExchangePolicyResponse
GetExchangePolicyGetExchangePolicyRequestGetExchangePolicyResponse
ListExchangePoliciesListExchangePoliciesRequestListExchangePoliciesResponse
UpdateExchangePolicyUpdateExchangePolicyRequestUpdateExchangePolicyResponse

Top

proto/connect/federation_service/v1alpha1/federation_service.proto

Section titled “proto/connect/federation_service/v1alpha1/federation_service.proto”

CreateFederationRequest

Section titled “CreateFederationRequest”
FieldTypeLabelDescription
federationproto.federation.v1alpha1.Federation

CreateFederationResponse

Section titled “CreateFederationResponse”
FieldTypeLabelDescription
federationproto.federation.v1alpha1.Federation

DestroyFederationRequest

Section titled “DestroyFederationRequest”
FieldTypeLabelDescription
federation_idstringoptional

DestroyFederationResponse

Section titled “DestroyFederationResponse”

GetFederationRequest

Section titled “GetFederationRequest”
FieldTypeLabelDescription
federation_idstring

GetFederationResponse

Section titled “GetFederationResponse”
FieldTypeLabelDescription
federationproto.federation.v1alpha1.Federation

ListFederationsRequest

Section titled “ListFederationsRequest”
FieldTypeLabelDescription
filterListFederationsRequest.Filteroptional

ListFederationsRequest.Filter

Section titled “ListFederationsRequest.Filter”
FieldTypeLabelDescription
org_idstringoptional
trust_zone_idstringoptional
remote_trust_zone_idstringoptional

ListFederationsResponse

Section titled “ListFederationsResponse”
FieldTypeLabelDescription
federationsproto.federation.v1alpha1.Federationrepeated

FederationService

Section titled “FederationService”
Method NameRequest TypeResponse TypeDescription
CreateFederationCreateFederationRequestCreateFederationResponse
DestroyFederationDestroyFederationRequestDestroyFederationResponse
ListFederationsListFederationsRequestListFederationsResponse
GetFederationGetFederationRequestGetFederationResponse

Top

proto/identity/v1alpha1/identity.proto

Section titled “proto/identity/v1alpha1/identity.proto”

Identity

Section titled “Identity”
FieldTypeLabelDescription
idstring
org_idstring
trust_zone_idstring
cluster_idstring
attestation_policy_idstring
ap_binding_idstring
workload_idstring
spiffe_idstring
parent_idstring
selectorsSelectorrepeated
dns_namesstringrepeated
federationsIdentityFederationrepeated
created_atgoogle.protobuf.Timestamp

IdentityFederation

Section titled “IdentityFederation”
FieldTypeLabelDescription
trust_zone_idstring
trust_domainstring

Selector

Section titled “Selector”
FieldTypeLabelDescription
typestring
valuestring

Top

proto/connect/identity_service/v1alpha1/identity_service.proto

Section titled “proto/connect/identity_service/v1alpha1/identity_service.proto”

GetIdentityRequest

Section titled “GetIdentityRequest”
FieldTypeLabelDescription
identity_idstring

GetIdentityResponse

Section titled “GetIdentityResponse”
FieldTypeLabelDescription
identityproto.identity.v1alpha1.Identity

ListIdentitiesRequest

Section titled “ListIdentitiesRequest”
FieldTypeLabelDescription
filterListIdentitiesRequest.Filteroptional

ListIdentitiesRequest.Filter

Section titled “ListIdentitiesRequest.Filter”
FieldTypeLabelDescription
org_idstringoptional
trust_zone_idstringoptional
cluster_idstringoptional
attestation_policy_idstringoptional
ap_binding_idstringoptional
workload_idstringoptional
spiffe_idstringoptional

ListIdentitiesResponse

Section titled “ListIdentitiesResponse”
FieldTypeLabelDescription
identitiesproto.identity.v1alpha1.Identityrepeated

IdentityService

Section titled “IdentityService”
Method NameRequest TypeResponse TypeDescription
GetIdentityGetIdentityRequestGetIdentityResponse
ListIdentitiesListIdentitiesRequestListIdentitiesResponse

Top

proto/organization/v1alpha1/organization.proto

Section titled “proto/organization/v1alpha1/organization.proto”

Organization

Section titled “Organization”
FieldTypeLabelDescription
idstring
namestring

Top

proto/connect/organization_service/v1alpha1/organization_service.proto

Section titled “proto/connect/organization_service/v1alpha1/organization_service.proto”

GetOrganizationRequest

Section titled “GetOrganizationRequest”
FieldTypeLabelDescription
org_idstringoptional

GetOrganizationResponse

Section titled “GetOrganizationResponse”
FieldTypeLabelDescription
organizationproto.organization.v1alpha1.Organizationoptional

ListOrganizationsRequest

Section titled “ListOrganizationsRequest”
FieldTypeLabelDescription
filterListOrganizationsRequest.Filteroptional

ListOrganizationsRequest.Filter

Section titled “ListOrganizationsRequest.Filter”
FieldTypeLabelDescription
namestringoptional

ListOrganizationsResponse

Section titled “ListOrganizationsResponse”
FieldTypeLabelDescription
organizationsproto.organization.v1alpha1.Organizationrepeated

OrganizationService

Section titled “OrganizationService”
Method NameRequest TypeResponse TypeDescription
GetOrganizationGetOrganizationRequestGetOrganizationResponse
ListOrganizationsListOrganizationsRequestListOrganizationsResponse

Top

proto/role_binding/v1alpha1/role_binding.proto

Section titled “proto/role_binding/v1alpha1/role_binding.proto”

Group

Section titled “Group”
FieldTypeLabelDescription
claim_valuestringFor users this is matched against the list of values in the “groups” claim of the JWT presented by a user.

Resource

Section titled “Resource”
FieldTypeLabelDescription
typestringtype can be one of the following: AttestationPolicyBinding AttestationPolicy Cluster FederatedService Federation Organization System TrustZone
idstring

RoleBinding

Section titled “RoleBinding”
FieldTypeLabelDescription
idstring
role_idstring
userUser
groupGroup
resourceResource

User

Section titled “User”
FieldTypeLabelDescription
subjectstringThis is matched against the “sub” claim of the JWT presented by a user.

Top

proto/connect/role_binding_service/v1alpha1/role_binding_service.proto

Section titled “proto/connect/role_binding_service/v1alpha1/role_binding_service.proto”

CreateRoleBindingRequest

Section titled “CreateRoleBindingRequest”
FieldTypeLabelDescription
role_bindingproto.role_binding.v1alpha1.RoleBinding

CreateRoleBindingResponse

Section titled “CreateRoleBindingResponse”
FieldTypeLabelDescription
role_bindingproto.role_binding.v1alpha1.RoleBinding

DestroyRoleBindingRequest

Section titled “DestroyRoleBindingRequest”
FieldTypeLabelDescription
role_binding_idstring

DestroyRoleBindingResponse

Section titled “DestroyRoleBindingResponse”

GetRoleBindingRequest

Section titled “GetRoleBindingRequest”
FieldTypeLabelDescription
role_binding_idstring

GetRoleBindingResponse

Section titled “GetRoleBindingResponse”
FieldTypeLabelDescription
role_bindingproto.role_binding.v1alpha1.RoleBindingoptional

ListRoleBindingsRequest

Section titled “ListRoleBindingsRequest”
FieldTypeLabelDescription
filterListRoleBindingsRequest.Filteroptional

ListRoleBindingsRequest.Filter

Section titled “ListRoleBindingsRequest.Filter”
FieldTypeLabelDescription
role_idstringoptional
user_subjectstringoptional
group_claim_valuestringoptional
resource_typestringoptional
resource_idstringoptional

ListRoleBindingsResponse

Section titled “ListRoleBindingsResponse”
FieldTypeLabelDescription
role_bindingsproto.role_binding.v1alpha1.RoleBindingrepeated

UpdateRoleBindingRequest

Section titled “UpdateRoleBindingRequest”
FieldTypeLabelDescription
role_bindingproto.role_binding.v1alpha1.RoleBinding

UpdateRoleBindingResponse

Section titled “UpdateRoleBindingResponse”
FieldTypeLabelDescription
role_bindingproto.role_binding.v1alpha1.RoleBinding

RoleBindingService

Section titled “RoleBindingService”
Method NameRequest TypeResponse TypeDescription
CreateRoleBindingCreateRoleBindingRequestCreateRoleBindingResponse
DestroyRoleBindingDestroyRoleBindingRequestDestroyRoleBindingResponse
GetRoleBindingGetRoleBindingRequestGetRoleBindingResponse
ListRoleBindingsListRoleBindingsRequestListRoleBindingsResponse
UpdateRoleBindingUpdateRoleBindingRequestUpdateRoleBindingResponse

Top

proto/trust_zone_server/v1alpha1/trust_zone_server.proto

Section titled “proto/trust_zone_server/v1alpha1/trust_zone_server.proto”

ConnectK8sPsatConfig

Section titled “ConnectK8sPsatConfig”
FieldTypeLabelDescription
audiencesstringrepeatedAudiences that can be presented by SPIRE agents in remote clusters to perform node attestation when this server is using the k8s psat plugin with the Connect datasource. At least 1 must be provided if there are remote clusters in the trust zone.
spire_server_spiffe_id_pathstringPath to use for the SPIFFE ID in the JWT presented by the SPIRE server to the cluster’s API server when this server is using the k8s psat plugin with the Connect datasource. This must be configured to be an allowed subject in the remote cluster’s API server.

TrustZoneServer

Section titled “TrustZoneServer”

TrustZoneServer defines how the server managing a trust zone should be deployed.

FieldTypeLabelDescription
idstringThe unique ID of the server. Generated by the server.
trust_zone_idstringTrust Zone managed by this server. Immutable after creation.
cluster_idstringCluster in which the server should be deployed. Immutable after creation.
kubernetes_namespacestringKubernetes namespace in which the server should be deployed. If not provided the API service should set this.
kubernetes_service_accountstringName of kubernetes service account to deploy with the server. If not provided the API service should set this.
org_idstringOrganization to which the server belongs. Derived from the trust zone by the API service.
helm_valuesgoogle.protobuf.StructHelm values to configure the server install with.
statusTrustZoneServer.StatusCurrent status of the trust zone server
created_atgoogle.protobuf.TimestampTime of resource creation by user.
last_updated_atgoogle.protobuf.TimestampTimes of last resource update by user.
deleted_atgoogle.protobuf.TimestampTime of resource deletion by user.
connect_k8s_psat_configConnectK8sPsatConfigConfiguration for the k8s psat node attestor plugin when using a Connect datasource with remote clusters.

TrustZoneServer.Status

Section titled “TrustZoneServer.Status”
FieldTypeLabelDescription
statusTrustZoneServerStatusLast reported status of the trust zone server.
last_transition_timegoogle.protobuf.TimestampWhen the status of the trust zone server last changed.

TrustZoneServerStatus

Section titled “TrustZoneServerStatus”

Status of a trust zone server

NameNumberDescription
TRUST_ZONE_SERVER_STATUS_UNSPECIFIED0
TRUST_ZONE_SERVER_STATUS_PROVISIONING1Provisioning / Deleting statuses are only applicable for managed trust zone servers
TRUST_ZONE_SERVER_STATUS_PROVISIONED2
TRUST_ZONE_SERVER_STATUS_PROVISIONING_ERROR3
TRUST_ZONE_SERVER_STATUS_DELETING4
TRUST_ZONE_SERVER_STATUS_DELETED5
TRUST_ZONE_SERVER_STATUS_DELETING_ERROR6

Top

proto/connect/trust_zone_server_service/v1alpha1/trust_zone_server_service.proto

Section titled “proto/connect/trust_zone_server_service/v1alpha1/trust_zone_server_service.proto”

CreateTrustZoneServerRequest

Section titled “CreateTrustZoneServerRequest”
FieldTypeLabelDescription
trust_zone_serverproto.trust_zone_server.v1alpha1.TrustZoneServer

CreateTrustZoneServerResponse

Section titled “CreateTrustZoneServerResponse”
FieldTypeLabelDescription
trust_zone_serverproto.trust_zone_server.v1alpha1.TrustZoneServer

DestroyTrustZoneServerRequest

Section titled “DestroyTrustZoneServerRequest”
FieldTypeLabelDescription
trust_zone_server_idstring

DestroyTrustZoneServerResponse

Section titled “DestroyTrustZoneServerResponse”

GetTrustZoneServerRequest

Section titled “GetTrustZoneServerRequest”
FieldTypeLabelDescription
trust_zone_server_idstring

GetTrustZoneServerResponse

Section titled “GetTrustZoneServerResponse”
FieldTypeLabelDescription
trust_zone_serverproto.trust_zone_server.v1alpha1.TrustZoneServeroptional

ListTrustZoneServersRequest

Section titled “ListTrustZoneServersRequest”
FieldTypeLabelDescription
filterListTrustZoneServersRequest.Filter

ListTrustZoneServersRequest.Filter

Section titled “ListTrustZoneServersRequest.Filter”
FieldTypeLabelDescription
trust_zone_idstring
cluster_idstring
org_idstring

ListTrustZoneServersResponse

Section titled “ListTrustZoneServersResponse”
FieldTypeLabelDescription
trust_zone_serversproto.trust_zone_server.v1alpha1.TrustZoneServerrepeated

UpdateTrustZoneServerRequest

Section titled “UpdateTrustZoneServerRequest”
FieldTypeLabelDescription
trust_zone_serverproto.trust_zone_server.v1alpha1.TrustZoneServer
update_maskUpdateTrustZoneServerRequest.UpdateMaskoptionalThe list of fields to be updated. If not provided a full replacement will be made.

UpdateTrustZoneServerRequest.UpdateMask

Section titled “UpdateTrustZoneServerRequest.UpdateMask”
FieldTypeLabelDescription
helm_valuesboolSet to true to update helm values of trust zone server to those provided.

UpdateTrustZoneServerResponse

Section titled “UpdateTrustZoneServerResponse”
FieldTypeLabelDescription
trust_zone_serverproto.trust_zone_server.v1alpha1.TrustZoneServer

UpdateTrustZoneServerStatusRequest

Section titled “UpdateTrustZoneServerStatusRequest”
FieldTypeLabelDescription
trust_zone_server_idstring
statusproto.trust_zone_server.v1alpha1.TrustZoneServerStatus

UpdateTrustZoneServerStatusResponse

Section titled “UpdateTrustZoneServerStatusResponse”

TrustZoneServerService

Section titled “TrustZoneServerService”

TrustZoneServerService manages TrustZoneServers.

Method NameRequest TypeResponse TypeDescription
CreateTrustZoneServerCreateTrustZoneServerRequestCreateTrustZoneServerResponseCreate a TrustZoneServer for the given trust zone in the specified cluster. In the submitted resource the ID should not be set and will be generated by the server API.
DestroyTrustZoneServerDestroyTrustZoneServerRequestDestroyTrustZoneServerResponseDestroy a TrustZoneServer. For managed TrustZoneServers this should soft delete the API resource until the managed server is deprovisioned.
GetTrustZoneServerGetTrustZoneServerRequestGetTrustZoneServerResponseGet a TrustZoneServer by ID.
ListTrustZoneServersListTrustZoneServersRequestListTrustZoneServersResponseList TrustZoneServers.
UpdateTrustZoneServerUpdateTrustZoneServerRequestUpdateTrustZoneServerResponseUpdate a TrustZoneServer. Server implementations may prevent some fields from being updated.
UpdateTrustZoneServerStatusUpdateTrustZoneServerStatusRequestUpdateTrustZoneServerStatusResponseUpdate the status of a trust zone server.

Top

proto/connect/trust_zone_service/v1alpha1/trust_zone_service.proto

Section titled “proto/connect/trust_zone_service/v1alpha1/trust_zone_service.proto”

Agent

Section titled “Agent”
FieldTypeLabelDescription
agent_idstring
cluster_idstring
trust_zone_idstring

CreateTrustZoneRequest

Section titled “CreateTrustZoneRequest”
FieldTypeLabelDescription
trust_zoneproto.trust_zone.v1alpha1.TrustZone

CreateTrustZoneResponse

Section titled “CreateTrustZoneResponse”
FieldTypeLabelDescription
trust_zoneproto.trust_zone.v1alpha1.TrustZone

DestroyTrustZoneRequest

Section titled “DestroyTrustZoneRequest”
FieldTypeLabelDescription
trust_zone_idstringoptional

DestroyTrustZoneResponse

Section titled “DestroyTrustZoneResponse”

GetTrustZoneRequest

Section titled “GetTrustZoneRequest”
FieldTypeLabelDescription
trust_zone_idstringoptional

GetTrustZoneResponse

Section titled “GetTrustZoneResponse”
FieldTypeLabelDescription
trust_zoneproto.trust_zone.v1alpha1.TrustZoneoptional

ListTrustZonesRequest

Section titled “ListTrustZonesRequest”
FieldTypeLabelDescription
filterListTrustZonesRequest.Filteroptional

ListTrustZonesRequest.Filter

Section titled “ListTrustZonesRequest.Filter”
FieldTypeLabelDescription
namestringoptional
org_idstringoptional
trust_domainstringoptional

ListTrustZonesResponse

Section titled “ListTrustZonesResponse”
FieldTypeLabelDescription
trust_zonesproto.trust_zone.v1alpha1.TrustZonerepeated

RegisterAgentRequest

Section titled “RegisterAgentRequest”
FieldTypeLabelDescription
agentAgent
agent_tokenstring
bundlespire.api.types.Bundle

RegisterAgentResponse

Section titled “RegisterAgentResponse”
FieldTypeLabelDescription
agent_idstring

RegisterTrustZoneServerRequest

Section titled “RegisterTrustZoneServerRequest”
FieldTypeLabelDescription
trust_zone_serverTrustZoneServerTo be deprecated, registration of a trust zone server by just specifying the cluster ID Consumers should provide a trust zone server ID instead
bundlespire.api.types.Bundle
trust_zone_server_idstring

RegisterTrustZoneServerResponse

Section titled “RegisterTrustZoneServerResponse”

Empty for the moment

TrustZoneServer

Section titled “TrustZoneServer”
FieldTypeLabelDescription
cluster_idstring

UpdateTrustZoneBundleRequest

Section titled “UpdateTrustZoneBundleRequest”
FieldTypeLabelDescription
bundlespire.api.types.Bundle
trust_zone_idstring

UpdateTrustZoneBundleResponse

Section titled “UpdateTrustZoneBundleResponse”

UpdateTrustZoneRequest

Section titled “UpdateTrustZoneRequest”
FieldTypeLabelDescription
trust_zoneproto.trust_zone.v1alpha1.TrustZone

UpdateTrustZoneResponse

Section titled “UpdateTrustZoneResponse”
FieldTypeLabelDescription
trust_zoneproto.trust_zone.v1alpha1.TrustZone

TrustZoneService

Section titled “TrustZoneService”
Method NameRequest TypeResponse TypeDescription
CreateTrustZoneCreateTrustZoneRequestCreateTrustZoneResponse
DestroyTrustZoneDestroyTrustZoneRequestDestroyTrustZoneResponse
GetTrustZoneGetTrustZoneRequestGetTrustZoneResponse
ListTrustZonesListTrustZonesRequestListTrustZonesResponse
UpdateTrustZoneUpdateTrustZoneRequestUpdateTrustZoneResponse
RegisterAgentRegisterAgentRequestRegisterAgentResponse
RegisterTrustZoneServerRegisterTrustZoneServerRequestRegisterTrustZoneServerResponse
UpdateTrustZoneBundleUpdateTrustZoneBundleRequestUpdateTrustZoneBundleResponse

Top

proto/workload/v1alpha1/workload.proto

Section titled “proto/workload/v1alpha1/workload.proto”

KubernetesContainer

Section titled “KubernetesContainer”
FieldTypeLabelDescription
namestring
imagestring

KubernetesMetadata

Section titled “KubernetesMetadata”
FieldTypeLabelDescription
uidstring
namestring
namespacestring
labelsKubernetesMetadata.LabelsEntryrepeated
annotationsKubernetesMetadata.AnnotationsEntryrepeated
creation_timestampgoogle.protobuf.Timestamp

KubernetesMetadata.AnnotationsEntry

Section titled “KubernetesMetadata.AnnotationsEntry”
FieldTypeLabelDescription
keystring
valuestring

KubernetesMetadata.LabelsEntry

Section titled “KubernetesMetadata.LabelsEntry”
FieldTypeLabelDescription
keystring
valuestring

KubernetesPod

Section titled “KubernetesPod”
FieldTypeLabelDescription
metadataKubernetesMetadata
service_account_namestring
node_namestring
node_uidstring
containersKubernetesContainerrepeated
start_timegoogle.protobuf.Timestamp

Observation

Section titled “Observation”
FieldTypeLabelDescription
type_urlstring
valuegoogle.protobuf.Value

Workload

Section titled “Workload”
FieldTypeLabelDescription
idstring
org_idstring
trust_zone_idstring
cluster_idstring
typeWorkloadType
kubernetes_podKubernetesPod
observationsObservationrepeated
observed_timestampgoogle.protobuf.Timestamp
deletedbool

WorkloadType

Section titled “WorkloadType”
NameNumberDescription
WORKLOAD_TYPE_UNSPECIFIED0
WORKLOAD_TYPE_KUBERNETES_POD1

Top

proto/connect/workload_service/v1alpha1/workload_service.proto

Section titled “proto/connect/workload_service/v1alpha1/workload_service.proto”

ListWorkloadsRequest

Section titled “ListWorkloadsRequest”
FieldTypeLabelDescription
filterListWorkloadsRequest.Filteroptional

ListWorkloadsRequest.Filter

Section titled “ListWorkloadsRequest.Filter”
FieldTypeLabelDescription
org_idstringoptional
trust_zone_idstringoptional
cluster_idstringoptional
max_agegoogle.protobuf.Durationoptionalmax_age filters workloads to those last observed within this duration.

ListWorkloadsResponse

Section titled “ListWorkloadsResponse”
FieldTypeLabelDescription
workloadsproto.workload.v1alpha1.Workloadrepeated

PublishWorkloadsRequest

Section titled “PublishWorkloadsRequest”
FieldTypeLabelDescription
workloadsproto.workload.v1alpha1.Workloadrepeated

PublishWorkloadsResponse

Section titled “PublishWorkloadsResponse”

WorkloadService

Section titled “WorkloadService”
Method NameRequest TypeResponse TypeDescription
ListWorkloadsListWorkloadsRequestListWorkloadsResponse
PublishWorkloadsPublishWorkloadsRequest streamPublishWorkloadsResponse

Top

proto/provision_plugin/v1alpha1/plugin.proto

Section titled “proto/provision_plugin/v1alpha1/plugin.proto”

DeployRequest

Section titled “DeployRequest”
FieldTypeLabelDescription
data_sourceuint32optional
kube_cfg_filestringoptional
trust_zone_namesstringrepeated

DeployResponse

Section titled “DeployResponse”
FieldTypeLabelDescription
statusStatusoptional

GetHelmValuesRequest

Section titled “GetHelmValuesRequest”
FieldTypeLabelDescription
data_sourceuint32optional
trust_zone_namestringoptional
cluster_namestringoptional

GetHelmValuesResponse

Section titled “GetHelmValuesResponse”
FieldTypeLabelDescription
helm_valuesgoogle.protobuf.Structoptional

Status

Section titled “Status”
FieldTypeLabelDescription
stagestringoptional
messagestringoptional
donebooloptional
errorstringoptional

TearDownRequest

Section titled “TearDownRequest”
FieldTypeLabelDescription
data_sourceuint32optional
kube_cfg_filestringoptional
trust_zone_namesstringrepeated

TearDownResponse

Section titled “TearDownResponse”
FieldTypeLabelDescription
statusStatusoptional

ValidateRequest

Section titled “ValidateRequest”

ValidateResponse

Section titled “ValidateResponse”

ProvisionPluginService

Section titled “ProvisionPluginService”
Method NameRequest TypeResponse TypeDescription
ValidateValidateRequestValidateResponse
DeployDeployRequestDeployResponse stream
TearDownTearDownRequestTearDownResponse stream
GetHelmValuesGetHelmValuesRequestGetHelmValuesResponse

Scalar Value Types

Section titled “Scalar Value Types”
.proto TypeNotesC++JavaPythonGoC#PHPRuby
doubledoubledoublefloatfloat64doublefloatFloat
floatfloatfloatfloatfloat32floatfloatFloat
int32Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead.int32intintint32intintegerBignum or Fixnum (as required)
int64Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead.int64longint/longint64longinteger/stringBignum
uint32Uses variable-length encoding.uint32intint/longuint32uintintegerBignum or Fixnum (as required)
uint64Uses variable-length encoding.uint64longint/longuint64ulonginteger/stringBignum or Fixnum (as required)
sint32Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s.int32intintint32intintegerBignum or Fixnum (as required)
sint64Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s.int64longint/longint64longinteger/stringBignum
fixed32Always four bytes. More efficient than uint32 if values are often greater than 2^28.uint32intintuint32uintintegerBignum or Fixnum (as required)
fixed64Always eight bytes. More efficient than uint64 if values are often greater than 2^56.uint64longint/longuint64ulonginteger/stringBignum
sfixed32Always four bytes.int32intintint32intintegerBignum or Fixnum (as required)
sfixed64Always eight bytes.int64longint/longint64longinteger/stringBignum
boolboolbooleanbooleanboolboolbooleanTrueClass/FalseClass
stringA string must always contain UTF-8 encoded or 7-bit ASCII text.stringStringstr/unicodestringstringstringString (UTF-8)
bytesMay contain any arbitrary sequence of bytes.stringByteStringstr[]byteByteStringstringString (ASCII-8BIT)

© 2026 Cofide Limited. All rights reserved.