Affected by GO-2024-2653 and 8 other vulnerabilities

GO-2024-2653: HTTP policy bypass in github.com/cilium/cilium

GO-2024-2656: Unencrypted traffic between nodes with IPsec in github.com/cilium/cilium

GO-2024-2657: Unencrypted traffic between nodes with WireGuard in github.com/cilium/cilium

GO-2024-2666: Insecure IPsec transparent encryption in github.com/cilium/cilium

GO-2024-2922: Cilium leaks sensitive information in cilium-bugtool in github.com/cilium/cilium

GO-2024-3071: Gateway API route matching order contradicts specification in github.com/cilium/cilium

GO-2024-3072: Policy bypass for Host Firewall policy due to race condition in Cilium agent in github.com/cilium/cilium

GO-2024-3074: Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API in github.com/cilium/cilium

GO-2024-3208: Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present in github.com/cilium/cilium

auth

package

v1.15.0 Latest Latest Go to latest Published: Jan 31, 2024 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cilium/cilium

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth provides routines to manage mutual authentication identities in Cilium. If enabled, the operator will watch for CiliumIdentity resources and provision corresponding external identities such as SPIFFE identities.

Index ¶

Variables
type Config
- func (cfg Config) Flags(flags *pflag.FlagSet)
type IdentityWatcher

Constants ¶

This section is empty.

Variables ¶

View Source

var Cell = cell.Module(
	"auth-identity",
	"Cilium Mutual Authentication Identity management",
	spire.Cell,
	cell.Config(Config{}),
	cell.Invoke(registerIdentityWatcher),
)

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	Enabled bool `mapstructure:"mesh-auth-mutual-enabled"`
}

Config contains the configuration for the identity-gc.

func (Config) Flags ¶

func (cfg Config) Flags(flags *pflag.FlagSet)

Flags implements cell.Flagger interface.

type IdentityWatcher ¶

type IdentityWatcher struct {
	// contains filtered or unexported fields
}

IdentityWatcher represents the Cilium identities watcher. It watches for Cilium identities and upserts or deletes them in Spire.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
identity
spire

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL