compiler

package

v0.0.0 Latest Latest Go to latest Published: May 14, 2023 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/loicsikidi/wif-go

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type Compiler
- func (c *Compiler) Run() (map[string]any, error)
type Input

Constants ¶

View Source

const (
	// Attribute representing an unique identifier of an identity.
	GoogleSubject = "google.subject"
	// Attribute representing a set of groups that the identity belongs to.
	GoogleGroups = "google.groups"
)

Standard google attributes defined by Google Cloud Platform.

View Source

const (
	// google.subject can't exceed 127 bytes
	MaximumSubjectLengthInBytes = 127
	// custom attributes can't exceed 100 characters
	MaximumCustomAttributeNameSize = 100
	// Custom attributes can't exceed 8192 bytes
	MaximumCustomAttributesLengthInBytes = 8192
	// Attribute mapping expression can't exceed 2048 bytes
	MaximumAttributeExpressionLengthInBytes = 2048
	// Attribute condition expression can't exceed 4096 bytes
	MaximumAttributeConditionLengthInBytes = 4096
	// Workload identity federation can't exceed 50 custom attributes
	MaximumCustomAttributes = 50
)

Limitations set by Google Cloud Platform.

(See more at https://cloud.google.com/iam/quotas#limits)

Variables ¶

View Source

var ErrAttrConditionFailed = errors.New("the given credential is rejected by the attribute condition")

ErrAttrConditionFailed means that a credential was rejected by the attribute condition.

Functions ¶

This section is empty.

Types ¶

type Compiler ¶

type Compiler struct {
	// Input used to compile a Workload Identity Federation expression
	Input *Input
	// Target Provider supported by Workload Identity Federation  (eg. OIDC, SAML, etc.)
	Provider provider.Provider
}

Compiler is the main struct used to compile a WIF expression

func (*Compiler) Run ¶

func (c *Compiler) Run() (map[string]any, error)

Run compiles a Workload Identity Federation expression and returns a map of derived attributes

type Input ¶

type Input struct {
	// [Required] Payload is the source of the expression, in this project it's an external token (eg. a JWT, a SAML2.0 response, etc.)
	Payload string
	// [Required] AttributeMapping defines how to derive the value from an external token into attributes interpretable by GCP IAM.
	// The map key is the target attribute (eg. google.subject, google.groups, etc.).
	// The map value is a Common Expression Language (CEL) expression that transforms one or more attributes from the external token (.
	AttributeMapping map[string]string
	// [Optional] AttributeCondition is CEL expression that can check assertion attributes and target attributes (eg. 'admins' in google.groups).
	// If the attribute condition evaluates to true for a given credential, the credential is accepted.
	// Otherwise, the credential is rejected.
	AttributeCondition string
}

Input used to compile a Workload Identity Federation (WIF) expression

Source Files ¶

View all Source files

compiler.go

Directories ¶

Path	Synopsis
functions
all
extract
join
split
provider
attribute
oidc

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL