istio: istio.io/istio/security/pkg/registry Index | Files | Directories

package registry

import "istio.io/istio/security/pkg/registry"

Index

Package Files

registry.go

type IdentityRegistry Uses

type IdentityRegistry struct {
    sync.RWMutex
    Map map[string]string
}

IdentityRegistry is a naive registry that maintains a mapping between identities (as strings): id1 -> id2, id3 -> id4, etc. The method call Check(id1, id2) will succeed only if there is a mapping id1 -> id2 stored in this registry.

CA can make authorization decisions based on this registry. By creating a mapping id1 -> id2, CA will approve CSRs sent only by services running as id1 for identity id2.

func (*IdentityRegistry) AddMapping Uses

func (reg *IdentityRegistry) AddMapping(id1, id2 string) error

AddMapping adds a mapping id1 -> id2. If id1 is already mapped to something else, add fails.

func (*IdentityRegistry) Check Uses

func (reg *IdentityRegistry) Check(id1, id2 string) bool

Check checks whether id1 is mapped to id2

func (*IdentityRegistry) DeleteMapping Uses

func (reg *IdentityRegistry) DeleteMapping(id1, id2 string) error

DeleteMapping attempts to delete mapping id1 -> id2. If id1 is already mapped to a different identity, deletion fails

type Registry Uses

type Registry interface {
    Check(string, string) bool
    AddMapping(string, string) error
    DeleteMapping(string, string) error
}

Registry is the standard interface for identity registry implementation

func GetIdentityRegistry Uses

func GetIdentityRegistry() Registry

GetIdentityRegistry returns the identity registry object.

Directories

PathSynopsis
kube

Package registry imports 3 packages (graph) and is imported by 2 packages. Updated 2019-09-28. Refresh now. Tools for package owners.