idutil

package
v0.11.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 4, 2021 License: Apache-2.0 Imports: 8 Imported by: 6

Documentation

Index

Constants

View Source
const (
	ServerIDPath = "/spire/server"
)

Variables

This section is empty.

Functions

func AgentID

func AgentID(trustDomain, p string) string

AgentID creates an agent SPIFFE ID given a trust domain and a path. The /spire/agent prefix in the path is implied.

func AgentURI

func AgentURI(trustDomain, p string) *url.URL

AgentURI creates an agent SPIFFE URI given a trust domain and a path. The /spire/agent prefix in the path is implied.

func CheckAgentIDStringNormalization added in v0.11.3

func CheckAgentIDStringNormalization(agentID string) error

CheckAgentIDStringNormalization ensures the provided agent ID string is properly normalized. It also ensures it is not a server ID.

func CheckIDProtoNormalization added in v0.11.3

func CheckIDProtoNormalization(in *types.SPIFFEID) error

CheckIDProtoNormalization ensures the the provided ID is properly normalized.

func CheckIDStringNormalization added in v0.11.3

func CheckIDStringNormalization(id string) error

CheckIDStringNormalization ensures the the provided ID is properly normalized.

func CheckIDURLNormalization added in v0.11.3

func CheckIDURLNormalization(u *url.URL) error

CheckIDURLNormalization returns if a URL is normalized or not. It relies on behavior and fields populated by url.Parse(). DO NOT call it with a URL that has not gone through url.Parse().

func FormatPath added in v0.11.3

func FormatPath(format string, args ...interface{}) string

FormatPath formats a path string. The function ensures a leading slash is present.

func IDFromProto added in v0.11.3

func IDFromProto(id *types.SPIFFEID) (spiffeid.ID, error)

IDFromProto returns SPIFFE ID from the proto representation

func IDProtoFromString added in v0.11.3

func IDProtoFromString(id string) (*types.SPIFFEID, error)

IDProtoFromString parses a SPIFFE ID string into the raw ID proto components. It does not attempt to escape/unescape any portion of the ID.

func IDProtoString added in v0.11.3

func IDProtoString(id *types.SPIFFEID) (string, error)

IDProtoString constructs a URL string for the given ID protobuf. It does not interpret the contents of the trust domain or path with the exception of adding a leading slash on the path where necessary.

func IsAgentPath added in v0.11.0

func IsAgentPath(path string) bool

IsAgentPath returns true if the given string is an SPIRE agent ID path. SPIRE agent IDs are prefixed with "/spire/agent/".

func IsReservedPath added in v0.11.0

func IsReservedPath(path string) bool

func JoinPathSegments added in v0.11.3

func JoinPathSegments(segments ...string) string

JoinPathSegments escapes path segments and joins them together. The function also ensures a leading slash is present.

func NormalizeSpiffeID

func NormalizeSpiffeID(id string, mode ValidationMode) (string, error)

NormalizeSpiffeID normalizes the SPIFFE ID so it can be directly compared for equality.

func NormalizeSpiffeIDURL

func NormalizeSpiffeIDURL(u *url.URL, mode ValidationMode) (*url.URL, error)

NormalizeSpiffeIDURL normalizes the SPIFFE ID URL so it can be directly compared for equality.

func ParseSpiffeID

func ParseSpiffeID(spiffeID string, mode ValidationMode) (*url.URL, error)

ParseSpiffeID parses the SPIFFE ID and makes sure it is valid according to the specified validation mode.

func ServerID

func ServerID(trustDomain string) string

ServerID creates a server SPIFFE ID string given a trustDomain.

func ServerURI

func ServerURI(trustDomain string) *url.URL

ServerURI creates a server SPIFFE URI given a trustDomain.

func SetAllowUnsafeIDs added in v0.11.3

func SetAllowUnsafeIDs(allow bool)

SetAllowUnsafeIDs effectively removes all safety checks provided by the "safety" functions in this source file. It is a switch to allow turning off the safety valve for deployments that need time to adjust API usage to conform to the restrictions.

func TrustDomainID

func TrustDomainID(trustDomain string) string

TrustDomainID creates a trust domain SPIFFE ID given a trust domain name. If the passed trust domain already is a trust domain ID, it is returned unchanged.

func TrustDomainURI

func TrustDomainURI(trustDomain string) *url.URL

TrustDomainURI creates a trust domain SPIFFE URI given a trust domain name or trust domain ID.

func ValidateSpiffeID

func ValidateSpiffeID(spiffeID string, mode ValidationMode) error

ValidateSpiffeID validates the SPIFFE ID according to the SPIFFE specification. The validation mode controls the type of validation.

func ValidateSpiffeIDURL

func ValidateSpiffeIDURL(id *url.URL, mode ValidationMode) error

ValidateSpiffeIDURL validates the SPIFFE ID according to the SPIFFE specification, namely: - spiffe id is not empty - spiffe id is a valid url - scheme is 'spiffe' - user info is not allowed - host is not empty - port is not allowed - query values are not allowed - fragment is not allowed - path does not start with '/spire' since it is reserved for agent, server, etc. In addition, the validation mode is used to control what kind of SPIFFE ID is expected. For more information: [https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md]

func ValidateTrustDomainWorkload added in v0.10.1

func ValidateTrustDomainWorkload(id spiffeid.ID, td spiffeid.TrustDomain) error

ValidateTrustDomainWorkload validates if the given SPIFFE ID is a SPIFFE ID for a workload belonging to the specified trust domain (e.g. spiffe://domain.test/workload)

Types

type ValidationMode

type ValidationMode interface {
	// contains filtered or unexported methods
}

func AllowAny

func AllowAny() ValidationMode

Allows any well-formed SPIFFE ID

func AllowAnyInTrustDomain

func AllowAnyInTrustDomain(trustDomain string) ValidationMode

Allows any well-formed SPIFFE ID belonging to a specific trust domain, excluding the trust domain ID itself.

func AllowAnyTrustDomain

func AllowAnyTrustDomain() ValidationMode

Allows a well-formed SPIFFE ID for any trust domain.

func AllowAnyTrustDomainAgent

func AllowAnyTrustDomainAgent() ValidationMode

func AllowAnyTrustDomainServer

func AllowAnyTrustDomainServer() ValidationMode

func AllowAnyTrustDomainWorkload

func AllowAnyTrustDomainWorkload() ValidationMode

Allows a well-formed SPIFFE ID for a workload belonging to any trust domain.

func AllowTrustDomain

func AllowTrustDomain(trustDomain string) ValidationMode

Allows a well-formed SPIFFE ID for the specific trust domain.

func AllowTrustDomainAgent

func AllowTrustDomainAgent(trustDomain string) ValidationMode

func AllowTrustDomainServer

func AllowTrustDomainServer(trustDomain string) ValidationMode

func AllowTrustDomainWorkload

func AllowTrustDomainWorkload(trustDomain string) ValidationMode

Allows a well-formed SPIFFE ID for a workload belonging to a specific trust domain.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL