Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func K8SServiceAdded ¶
K8SServiceAdded is a handler used by k8s service controller to monitor new services and to add their service accounts to registry, if exist
func K8SServiceDeleted ¶
K8SServiceDeleted is a handler used by k8s service controller to monitor deleted services and to remove their service accounts from registry
func K8SServiceUpdated ¶
K8SServiceUpdated is a handler used by k8s service controller to monitor service updates and update the registry
Types ¶
type IdentityRegistry ¶
IdentityRegistry is a naive registry that maintains a mapping between identities (as strings): id1 -> id2, id3 -> id4, etc. The method call Check(id1, id2) will succeed only if there is a mapping id1 -> id2 stored in this registry.
CA can make authorization decisions based on this registry. By creating a mapping id1 -> id2, CA will approve CSRs sent only by services running as id1 for identity id2.
func (*IdentityRegistry) AddMapping ¶
func (reg *IdentityRegistry) AddMapping(id1, id2 string)
AddMapping adds a mapping id1 -> id2
func (*IdentityRegistry) Check ¶
func (reg *IdentityRegistry) Check(id1, id2 string) bool
Check checks whether id1 is mapped to id2
func (*IdentityRegistry) DeleteMapping ¶
func (reg *IdentityRegistry) DeleteMapping(id1, id2 string)
DeleteMapping attempts to delete mapping id1 -> id2. If id1 is already mapped to a different identity, deletion fails
type Registry ¶
type Registry interface {
Check(string, string) bool
AddMapping(string, string)
DeleteMapping(string, string)
}
Registry is the standard interface for identity registry implementation
func GetIdentityRegistry ¶
func GetIdentityRegistry() Registry
GetIdentityRegistry returns the identity registry object
Source Files