idutil

package

v1.1.4 Latest Latest Go to latest Published: Apr 13, 2022 License: Apache-2.0 Imports: 6 Imported by: 6

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/spiffe/spire

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func AgentID(trustDomain, p string) string
func AgentURI(trustDomain, p string) *url.URL
func CheckAgentIDStringNormalization(agentID string) error
func CheckIDProtoNormalization(in *types.SPIFFEID) error
func CheckIDStringNormalization(id string) error
func CheckIDURLNormalization(u *url.URL) error
func FormatPath(format string, args ...interface{}) string
func IDFromProto(id *types.SPIFFEID) (spiffeid.ID, error)
func IDProtoFromString(id string) (*types.SPIFFEID, error)
func IDProtoString(id *types.SPIFFEID) (string, error)
func IsAgentPath(path string) bool
func IsReservedPath(path string) bool
func JoinPathSegments(segments ...string) string
func NormalizeSpiffeID(id string, mode ValidationMode) (string, error)
func NormalizeSpiffeIDURL(u *url.URL, mode ValidationMode) (*url.URL, error)
func ParseSpiffeID(spiffeID string, mode ValidationMode) (*url.URL, error)
func ServerID(trustDomain spiffeid.TrustDomain) spiffeid.ID
func SetAllowUnsafeIDs(allow bool)
func TrustDomainFromString(s string) (spiffeid.TrustDomain, error)
func TrustDomainID(trustDomain string) string
func TrustDomainURI(trustDomain string) *url.URL
func ValidateSpiffeID(spiffeID string, mode ValidationMode) error
func ValidateSpiffeIDURL(id *url.URL, mode ValidationMode) error
type ValidationMode
- func AllowAny() ValidationMode
- func AllowAnyInTrustDomain(trustDomain spiffeid.TrustDomain) ValidationMode
- func AllowAnyTrustDomain() ValidationMode
- func AllowAnyTrustDomainAgent() ValidationMode
- func AllowAnyTrustDomainServer() ValidationMode
- func AllowAnyTrustDomainWorkload() ValidationMode
- func AllowTrustDomain(trustDomain spiffeid.TrustDomain) ValidationMode
- func AllowTrustDomainAgent(trustDomain spiffeid.TrustDomain) ValidationMode
- func AllowTrustDomainServer(trustDomain spiffeid.TrustDomain) ValidationMode
- func AllowTrustDomainWorkload(trustDomain spiffeid.TrustDomain) ValidationMode

Constants ¶

View Source

const (
	ServerIDPath = "/spire/server"
)

Variables ¶

This section is empty.

Functions ¶

func AgentID ¶

func AgentID(trustDomain, p string) string

AgentID creates an agent SPIFFE ID given a trust domain and a path. The /spire/agent prefix in the path is implied.

func AgentURI ¶

func AgentURI(trustDomain, p string) *url.URL

AgentURI creates an agent SPIFFE URI given a trust domain and a path. The /spire/agent prefix in the path is implied.

func CheckAgentIDStringNormalization ¶ added in v0.11.3

func CheckAgentIDStringNormalization(agentID string) error

CheckAgentIDStringNormalization ensures the provided agent ID string is properly normalized. It also ensures it is not a server ID.

func CheckIDProtoNormalization ¶ added in v0.11.3

func CheckIDProtoNormalization(in *types.SPIFFEID) error

CheckIDProtoNormalization ensures the the provided ID is properly normalized.

func CheckIDStringNormalization ¶ added in v0.11.3

func CheckIDStringNormalization(id string) error

CheckIDStringNormalization ensures the the provided ID is properly normalized.

func CheckIDURLNormalization ¶ added in v0.11.3

func CheckIDURLNormalization(u *url.URL) error

CheckIDURLNormalization returns if a URL is normalized or not. It relies on behavior and fields populated by url.Parse(). DO NOT call it with a URL that has not gone through url.Parse().

func FormatPath ¶ added in v0.11.3

func FormatPath(format string, args ...interface{}) string

FormatPath formats a path string. The function ensures a leading slash is present.

func IDFromProto ¶ added in v0.11.3

func IDFromProto(id *types.SPIFFEID) (spiffeid.ID, error)

IDFromProto returns SPIFFE ID from the proto representation

func IDProtoFromString ¶ added in v0.11.3

func IDProtoFromString(id string) (*types.SPIFFEID, error)

IDProtoFromString parses a SPIFFE ID string into the raw ID proto components. It does not attempt to escape/unescape any portion of the ID.

func IDProtoString ¶ added in v0.11.3

func IDProtoString(id *types.SPIFFEID) (string, error)

IDProtoString constructs a URL string for the given ID protobuf. It does not interpret the contents of the trust domain or path with the exception of adding a leading slash on the path where necessary.

func IsAgentPath ¶ added in v0.11.0

func IsAgentPath(path string) bool

IsAgentPath returns true if the given string is an SPIRE agent ID path. SPIRE agent IDs are prefixed with "/spire/agent/".

func IsReservedPath ¶ added in v0.11.0

func IsReservedPath(path string) bool

func JoinPathSegments ¶ added in v0.11.3

func JoinPathSegments(segments ...string) string

JoinPathSegments escapes path segments and joins them together. The function also ensures a leading slash is present.

func NormalizeSpiffeID ¶

func NormalizeSpiffeID(id string, mode ValidationMode) (string, error)

NormalizeSpiffeID normalizes the SPIFFE ID so it can be directly compared for equality.

func NormalizeSpiffeIDURL ¶

func NormalizeSpiffeIDURL(u *url.URL, mode ValidationMode) (*url.URL, error)

NormalizeSpiffeIDURL normalizes the SPIFFE ID URL so it can be directly compared for equality.

func ParseSpiffeID ¶

func ParseSpiffeID(spiffeID string, mode ValidationMode) (*url.URL, error)

ParseSpiffeID parses the SPIFFE ID and makes sure it is valid according to the specified validation mode.

func ServerID ¶

func ServerID(trustDomain spiffeid.TrustDomain) spiffeid.ID

ServerID creates a server SPIFFE ID string given a trustDomain.

func SetAllowUnsafeIDs ¶ added in v0.11.3

func SetAllowUnsafeIDs(allow bool)

SetAllowUnsafeIDs effectively removes all safety checks provided by the "safety" functions in this source file. It is a switch to allow turning off the safety valve for deployments that need time to adjust API usage to conform to the restrictions.

func TrustDomainFromString ¶ added in v1.0.0

func TrustDomainFromString(s string) (spiffeid.TrustDomain, error)

TrustDomainFromString parses a trust domain from a string.

func TrustDomainID ¶

func TrustDomainID(trustDomain string) string

TrustDomainID creates a trust domain SPIFFE ID given a trust domain name. If the passed trust domain already is a trust domain ID, it is returned unchanged.

func TrustDomainURI ¶

func TrustDomainURI(trustDomain string) *url.URL

TrustDomainURI creates a trust domain SPIFFE URI given a trust domain name or trust domain ID.

func ValidateSpiffeID ¶

func ValidateSpiffeID(spiffeID string, mode ValidationMode) error

ValidateSpiffeID validates the SPIFFE ID according to the SPIFFE specification. The validation mode controls the type of validation.

func ValidateSpiffeIDURL ¶

func ValidateSpiffeIDURL(id *url.URL, mode ValidationMode) error

ValidateSpiffeIDURL validates the SPIFFE ID according to the SPIFFE specification, namely: - spiffe id is not empty - spiffe id is a valid url - scheme is 'spiffe' - user info is not allowed - host is not empty - port is not allowed - query values are not allowed - fragment is not allowed - path does not start with '/spire' since it is reserved for agent, server, etc. In addition, the validation mode is used to control what kind of SPIFFE ID is expected. For more information: [https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md]

Types ¶

type ValidationMode ¶

type ValidationMode interface {
	// contains filtered or unexported methods
}

func AllowAny ¶

func AllowAny() ValidationMode

Allows any well-formed SPIFFE ID

func AllowAnyInTrustDomain ¶

func AllowAnyInTrustDomain(trustDomain spiffeid.TrustDomain) ValidationMode

Allows any well-formed SPIFFE ID belonging to a specific trust domain, excluding the trust domain ID itself.

func AllowAnyTrustDomain ¶

func AllowAnyTrustDomain() ValidationMode

Allows a well-formed SPIFFE ID for any trust domain.

func AllowAnyTrustDomainAgent ¶

func AllowAnyTrustDomainAgent() ValidationMode

func AllowAnyTrustDomainServer ¶

func AllowAnyTrustDomainServer() ValidationMode

func AllowAnyTrustDomainWorkload ¶

func AllowAnyTrustDomainWorkload() ValidationMode

Allows a well-formed SPIFFE ID for a workload belonging to any trust domain.

func AllowTrustDomain ¶

func AllowTrustDomain(trustDomain spiffeid.TrustDomain) ValidationMode

Allows a well-formed SPIFFE ID for the specific trust domain.

func AllowTrustDomainAgent ¶

func AllowTrustDomainAgent(trustDomain spiffeid.TrustDomain) ValidationMode

func AllowTrustDomainServer ¶

func AllowTrustDomainServer(trustDomain spiffeid.TrustDomain) ValidationMode

func AllowTrustDomainWorkload ¶

func AllowTrustDomainWorkload(trustDomain spiffeid.TrustDomain) ValidationMode

Allows a well-formed SPIFFE ID for a workload belonging to a specific trust domain.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL