idutil

package

v0.10.2 Latest Latest Go to latest Published: Mar 4, 2021 License: Apache-2.0 Imports: 6 Imported by: 6

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/spiffe/spire

Links

Open Source Insights

Documentation ¶

Index ¶

func AgentID(trustDomain, p string) string
func AgentURI(trustDomain, p string) *url.URL
func NormalizeSpiffeID(id string, mode ValidationMode) (string, error)
func NormalizeSpiffeIDURL(u *url.URL, mode ValidationMode) (*url.URL, error)
func ParseSpiffeID(spiffeID string, mode ValidationMode) (*url.URL, error)
func ServerID(trustDomain string) string
func ServerURI(trustDomain string) *url.URL
func TrustDomainID(trustDomain string) string
func TrustDomainURI(trustDomain string) *url.URL
func ValidateSpiffeID(spiffeID string, mode ValidationMode) error
func ValidateSpiffeIDURL(id *url.URL, mode ValidationMode) error
func ValidateTrustDomainWorkload(id spiffeid.ID, td spiffeid.TrustDomain) error
type ValidationMode

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AgentID ¶

func AgentID(trustDomain, p string) string

AgentID creates an agent SPIFFE ID given a trust domain and a path. The /spire/agent prefix in the path is implied.

func AgentURI ¶

func AgentURI(trustDomain, p string) *url.URL

AgentURI creates an agent SPIFFE URI given a trust domain and a path. The /spire/agent prefix in the path is implied.

func NormalizeSpiffeID ¶

func NormalizeSpiffeID(id string, mode ValidationMode) (string, error)

NormalizeSpiffeID normalizes the SPIFFE ID so it can be directly compared for equality.

func NormalizeSpiffeIDURL ¶

func NormalizeSpiffeIDURL(u *url.URL, mode ValidationMode) (*url.URL, error)

NormalizeSpiffeIDURL normalizes the SPIFFE ID URL so it can be directly compared for equality.

func ParseSpiffeID ¶

func ParseSpiffeID(spiffeID string, mode ValidationMode) (*url.URL, error)

ParseSpiffeID parses the SPIFFE ID and makes sure it is valid according to the specified validation mode.

func ServerID ¶

func ServerID(trustDomain string) string

ServerID creates a server SPIFFE ID string given a trustDomain.

func ServerURI ¶

func ServerURI(trustDomain string) *url.URL

ServerURI creates a server SPIFFE URI given a trustDomain.

func TrustDomainID ¶

func TrustDomainID(trustDomain string) string

TrustDomainID creates an trust domain SPIFFE ID given a trust domain.

func TrustDomainURI ¶

func TrustDomainURI(trustDomain string) *url.URL

TrustDomainURI creates an trust domain SPIFFE URI given a trust domain.

func ValidateSpiffeID ¶

func ValidateSpiffeID(spiffeID string, mode ValidationMode) error

ValidateSpiffeID validates the SPIFFE ID according to the SPIFFE specification. The validation mode controls the type of validation.

func ValidateSpiffeIDURL ¶

func ValidateSpiffeIDURL(id *url.URL, mode ValidationMode) error

ValidateSpiffeIDURL validates the SPIFFE ID according to the SPIFFE specification, namely: - spiffe id is not empty - spiffe id is a valid url - scheme is 'spiffe' - user info is not allowed - host is not empty - port is not allowed - query values are not allowed - fragment is not allowed - path does not start with '/spire' since it is reserved for agent, server, etc. In addition, the validation mode is used to control what kind of SPIFFE ID is expected. For more information: [https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md]

func ValidateTrustDomainWorkload ¶ added in v0.10.1

func ValidateTrustDomainWorkload(id spiffeid.ID, td spiffeid.TrustDomain) error

ValidateTrustDomainWorkload validates if the given SPIFFE ID is a SPIFFE ID for a workload belonging to the specified trust domain (e.g. spiffe://domain.test/workload)

Types ¶

type ValidationMode ¶

type ValidationMode interface {
	// contains filtered or unexported methods
}

func AllowAny ¶

func AllowAny() ValidationMode

Allows any well-formed SPIFFE ID

func AllowAnyInTrustDomain ¶

func AllowAnyInTrustDomain(trustDomain string) ValidationMode

Allows any well-formed SPIFFE ID belonging to a specific trust domain, excluding the trust domain ID itself.

func AllowAnyTrustDomain ¶

func AllowAnyTrustDomain() ValidationMode

Allows a well-formed SPIFFE ID for any trust domain.

func AllowAnyTrustDomainAgent ¶

func AllowAnyTrustDomainAgent() ValidationMode

func AllowAnyTrustDomainServer ¶

func AllowAnyTrustDomainServer() ValidationMode

func AllowAnyTrustDomainWorkload ¶

func AllowAnyTrustDomainWorkload() ValidationMode

Allows a well-formed SPIFFE ID for a workload belonging to any trust domain.

func AllowTrustDomain ¶

func AllowTrustDomain(trustDomain string) ValidationMode

Allows a well-formed SPIFFE ID for the specific trust domain.

func AllowTrustDomainAgent ¶

func AllowTrustDomainAgent(trustDomain string) ValidationMode

func AllowTrustDomainServer ¶

func AllowTrustDomainServer(trustDomain string) ValidationMode

func AllowTrustDomainWorkload ¶

func AllowTrustDomainWorkload(trustDomain string) ValidationMode

Allows a well-formed SPIFFE ID for a workload belonging to a specific trust domain.

Source Files ¶

View all Source files

spiffeid.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL