Documentation
¶
Overview ¶
Copyright 2019, Verizon Media Inc. Licensed under the terms of the 3-Clause BSD license. See LICENSE file in github.com/yahoo/k8s-athenz-istio-auth for terms.
Copyright 2019, Verizon Media Inc. Licensed under the terms of the 3-Clause BSD license. See LICENSE file in github.com/yahoo/k8s-athenz-istio-auth for terms.
Copyright 2019, Verizon Media Inc. Licensed under the terms of the 3-Clause BSD license. See LICENSE file in github.com/yahoo/k8s-athenz-istio-auth for terms.
Index ¶
- Constants
- func ConvertAthenzRoleNameToK8sName(roleName string) string
- func GetServiceRoleBindingSpec(k8sRoleName string, members []*zms.RoleMember) (*v1alpha1.ServiceRoleBinding, error)
- func GetServiceRoleSpec(domainName zms.DomainName, roleName string, assertions []*zms.Assertion) (*v1alpha1.ServiceRole, error)
- func NewConfig(configType string, namespace string, name string, spec proto.Message) model.Config
- func ParseRoleFQDN(domainName zms.DomainName, roleFQDN string) (string, error)
- func PrincipalToSpiffe(principal string) (string, error)
Constants ¶
const ( WildCardAll = "*" ServiceRoleKind = "ServiceRole" )
const ConstraintSvcKey = "destination.labels[svc]"
Variables ¶
This section is empty.
Functions ¶
func ConvertAthenzRoleNameToK8sName ¶
ConvertAthenzRoleNameToK8sName replaces the '_' in the Athenz role name to a '--' as Kubernetes resource name needs to follow a DNS-1123 subdomain format which must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character
func GetServiceRoleBindingSpec ¶
func GetServiceRoleBindingSpec(k8sRoleName string, members []*zms.RoleMember) (*v1alpha1.ServiceRoleBinding, error)
GetServiceRoleBindingSpec returns the ServiceRoleBindingSpec for a given Athenz role and its members
func GetServiceRoleSpec ¶
func GetServiceRoleSpec(domainName zms.DomainName, roleName string, assertions []*zms.Assertion) (*v1alpha1.ServiceRole, error)
GetServiceRoleSpec returns the ServiceRoleSpec for a given Athenz role and the associated assertions
func NewConfig ¶
NewConfig returns a new model.Config resource for the passed-in type with the given namespace/name and spec
func ParseRoleFQDN ¶
func ParseRoleFQDN(domainName zms.DomainName, roleFQDN string) (string, error)
ParseRoleFQDN parses the Athenz role full name in the format <domainName>:role.<roleName> to roleName e.g. app-domain:role.reader -> reader
func PrincipalToSpiffe ¶
PrincipalToSpiffe converts the Athenz principal into a SPIFFE compliant format e.g. client-domain.frontend.some-app -> client-domain.frontend/sa/some-app
Types ¶
This section is empty.
Source Files