Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func EnsureSafe ¶ added in v0.25.2
func EnsureSafe(source *workloadapi.X509Source)
EnsureSafe checks the safety of the SPIFFE ID from the provided X509Source. It retrieves an X.509 SVID (SPIFFE Verifiable Identity Document) from the source, and validates the SPIFFE ID against a predefined safety check.
If the X509Source fails to provide an SVID, the function will panic with an error message specifying the inability to retrieve the SVID.
Similarly, if the SPIFFE ID from the retrieved SVID does not pass the safety check, the function will panic with an error message indicating that the SPIFFE ID is not recognized.
Panicking in this function indicates severe issues with identity verification that require immediate attention and resolution.
Usage:
var source *workloadapi.X509Source // Assume source is properly initialized EnsureSafe(source)
func IsSafe ¶
IsSafe checks if a given SPIFFE ID belongs to VSecM Safe.
A SPIFFE ID (SPIFFE IDentifier) is a URI that uniquely identifies a workload in a secure, interoperable way. This function verifies if the provided SPIFFE ID meets the criteria to be classified as a workload ID based on certain environmental settings.
The function performs the following checks:
- If the `spiffeid` starts with a "^", it assumed that it is a regular expression pattern, it compiles the expression and checks if the SPIFFE ID matches it.
- Otherwise, it checks if the SPIFFE ID starts with the proper prefix.
Parameters:
spiffeid (string): The SPIFFE ID to be checked.
Returns:
bool: `true` if the SPIFFE ID belongs to VSecM Safe, `false` otherwise.
func IsSentinel ¶
IsSentinel checks if a given SPIFFE ID belongs to VSecM Sentinel.
A SPIFFE ID (SPIFFE IDentifier) is a URI that uniquely identifies a workload in a secure, interoperable way. This function verifies if the provided SPIFFE ID meets the criteria to be classified as a workload ID based on certain environmental settings.
The function performs the following checks:
- If the `spiffeid` starts with a "^", it assumed that it is a regular expression pattern, it compiles the expression and checks if the SPIFFE ID matches it.
- Otherwise, it checks if the SPIFFE ID starts with the proper prefix.
Parameters:
spiffeid (string): The SPIFFE ID to be checked.
Returns:
bool: `true` if the SPIFFE ID belongs to VSecM Sentinel, `false` otherwise.
func IsWorkload ¶
IsWorkload checks if a given SPIFFE ID belongs to a workload.
A SPIFFE ID (SPIFFE IDentifier) is a URI that uniquely identifies a workload in a secure, interoperable way. This function verifies if the provided SPIFFE ID meets the criteria to be classified as a workload ID based on certain environmental settings.
The function performs the following checks:
- If the `spiffeid` starts with a "^", it assumed that it is a regular expression pattern, it compiles the expression and checks if the SPIFFE ID matches it.
- Otherwise, it checks if the SPIFFE ID starts with the proper prefix.
Parameters:
spiffeid (string): The SPIFFE ID to be checked.
Returns:
bool: `true` if the SPIFFE ID belongs to a workload, `false` otherwise.
Types ¶
This section is empty.
Source Files