istio: istio.io/istio/pilot/pkg/security/trustdomain Index | Files

package trustdomain

import "istio.io/istio/pilot/pkg/security/trustdomain"

Index

Package Files

bundle.go util.go

type Bundle Uses

type Bundle struct {
    // Contain the local trust domain and its aliases.
    // The trust domain corresponds to the trust root of a system.
    // Refer to [SPIFFE-ID](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain)
    // The trust domain aliases represent the aliases of `trust_domain`.
    // For example, if we have
    // trustDomain: td1, trustDomainAliases: ["td2", "td3"]
    // Any service with the identity `td1/ns/foo/sa/a-service-account`, `td2/ns/foo/sa/a-service-account`,
    // or `td3/ns/foo/sa/a-service-account` will be treated the same in the Istio mesh.
    TrustDomains []string
}

func NewBundle Uses

func NewBundle(trustDomain string, trustDomainAliases []string) Bundle

NewBundle returns a new trust domain bundle.

func (Bundle) ReplaceTrustDomainAliases Uses

func (t Bundle) ReplaceTrustDomainAliases(principals []string) []string

ReplaceTrustDomainAliases checks the existing principals and returns a list of new principals with the current trust domain and its aliases. For example, for a user "bar" in namespace "foo". If the local trust domain is "td2" and its alias is "td1" (migrating from td1 to td2), replaceTrustDomainAliases returns ["td2/ns/foo/sa/bar", "td1/ns/foo/sa/bar]].

Package trustdomain imports 3 packages (graph) and is imported by 6 packages. Updated 2020-04-02. Refresh now. Tools for package owners.