idutil

Documentation

Index

• func NormalizeSpiffeID(id string, mode ValidationMode) (string, error)
• func NormalizeSpiffeIDURL(u *url.URL, mode ValidationMode) (*url.URL, error)
• func ParseSpiffeID(spiffeID string, mode ValidationMode) (*url.URL, error)
• func ValidateSpiffeID(spiffeID string, mode ValidationMode) error
• func ValidateSpiffeIDURL(id *url.URL, mode ValidationMode) error
• type ValidationMode
  • func AllowAny() ValidationMode
  • func AllowAnyInTrustDomain(trustDomain string) ValidationMode
  • func AllowAnyTrustDomain() ValidationMode
  • func AllowAnyTrustDomainAgent() ValidationMode
  • func AllowAnyTrustDomainServer() ValidationMode
  • func AllowAnyTrustDomainWorkload() ValidationMode
  • func AllowTrustDomain(trustDomain string) ValidationMode
  • func AllowTrustDomainAgent(trustDomain string) ValidationMode
  • func AllowTrustDomainServer(trustDomain string) ValidationMode
  • func AllowTrustDomainWorkload(trustDomain string) ValidationMode

Functions

func NormalizeSpiffeID

func NormalizeSpiffeID(id string, mode ValidationMode) (string, error)

NormalizeSpiffeID normalizes the SPIFFE ID so it can be directly compared for equality.

func NormalizeSpiffeIDURL

func NormalizeSpiffeIDURL(u *url.URL, mode ValidationMode) (*url.URL, error)

NormalizeSpiffeIDURL normalizes the SPIFFE ID URL so it can be directly compared for equality.

func ParseSpiffeID

func ParseSpiffeID(spiffeID string, mode ValidationMode) (*url.URL, error)

ParseSpiffeID parses the SPIFFE ID and makes sure it is valid according to the specified validation mode.

func ValidateSpiffeID

func ValidateSpiffeID(spiffeID string, mode ValidationMode) error

ValidateSpiffeID validates the SPIFFE ID according to the SPIFFE specification. The validation mode controls the type of validation.

func ValidateSpiffeIDURL

func ValidateSpiffeIDURL(id *url.URL, mode ValidationMode) error

ValidateSpiffeIDURL validates the SPIFFE ID according to the SPIFFE specification, namely: - spiffe id is not empty - spiffe id is a valid url - scheme is 'spiffe' - user info is not allowed - host is not empty - port is not allowed - query values are not allowed - fragment is not allowed - path does not start with '/spire' since it is reserved for agent, server, etc. In addition, the validation mode is used to control what kind of SPIFFE ID is expected. For more information: [https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md]

Types

type ValidationMode

type ValidationMode interface {
	// contains filtered or unexported methods
}

func AllowAny

func AllowAny() ValidationMode

Allows any well-formed SPIFFE ID

func AllowAnyInTrustDomain

func AllowAnyInTrustDomain(trustDomain string) ValidationMode

Allows any well-formed SPIFFE ID either for, or belonging to, a specific trust domain.

func AllowAnyTrustDomain

func AllowAnyTrustDomain() ValidationMode

Allows a well-formed SPIFFE ID for any trust domain.

func AllowAnyTrustDomainAgent

func AllowAnyTrustDomainAgent() ValidationMode

func AllowAnyTrustDomainServer

func AllowAnyTrustDomainServer() ValidationMode

func AllowAnyTrustDomainWorkload

func AllowAnyTrustDomainWorkload() ValidationMode

Allows a well-formed SPIFFE ID for a workload belonging to any trust domain.

func AllowTrustDomain

func AllowTrustDomain(trustDomain string) ValidationMode

Allows a well-formed SPIFFE ID for the specific trust domain.

func AllowTrustDomainAgent

func AllowTrustDomainAgent(trustDomain string) ValidationMode

func AllowTrustDomainServer

func AllowTrustDomainServer(trustDomain string) ValidationMode

func AllowTrustDomainWorkload

func AllowTrustDomainWorkload(trustDomain string) ValidationMode

Allows a well-formed SPIFFE ID for a workload belonging to a specific trust domain.