istio

principal.go
112 строк · 2.8 Кб
Перенос по словам
1
// Copyright Istio Authors
2
//
3
// Licensed under the Apache License, Version 2.0 (the "License");
4
// you may not use this file except in compliance with the License.
5
// You may obtain a copy of the License at
6
//
7
//     http://www.apache.org/licenses/LICENSE-2.0
8
//
9
// Unless required by applicable law or agreed to in writing, software
10
// distributed under the License is distributed on an "AS IS" BASIS,
11
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
// See the License for the specific language governing permissions and
13
// limitations under the License.
14

15
package model
16

17
import (
18
	core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
19
	rbacpb "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3"
20
	routepb "github.com/envoyproxy/go-control-plane/envoy/config/route/v3"
21
	matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
22
)
23

24
func principalAny() *rbacpb.Principal {
25
	return &rbacpb.Principal{
26
		Identifier: &rbacpb.Principal_Any{
27
			Any: true,
28
		},
29
	}
30
}
31

32
func principalOr(principals []*rbacpb.Principal) *rbacpb.Principal {
33
	return &rbacpb.Principal{
34
		Identifier: &rbacpb.Principal_OrIds{
35
			OrIds: &rbacpb.Principal_Set{
36
				Ids: principals,
37
			},
38
		},
39
	}
40
}
41

42
func principalAnd(principals []*rbacpb.Principal) *rbacpb.Principal {
43
	return &rbacpb.Principal{
44
		Identifier: &rbacpb.Principal_AndIds{
45
			AndIds: &rbacpb.Principal_Set{
46
				Ids: principals,
47
			},
48
		},
49
	}
50
}
51

52
func principalNot(principal *rbacpb.Principal) *rbacpb.Principal {
53
	return &rbacpb.Principal{
54
		Identifier: &rbacpb.Principal_NotId{
55
			NotId: principal,
56
		},
57
	}
58
}
59

60
func principalAuthenticated(name *matcher.StringMatcher, useAuthenticated bool) *rbacpb.Principal {
61
	if useAuthenticated {
62
		return &rbacpb.Principal{
63
			Identifier: &rbacpb.Principal_Authenticated_{
64
				Authenticated: &rbacpb.Principal_Authenticated{
65
					PrincipalName: name,
66
				},
67
			},
68
		}
69
	}
70
	return &rbacpb.Principal{
71
		Identifier: &rbacpb.Principal_FilterState{
72
			FilterState: &matcher.FilterStateMatcher{
73
				Key: "io.istio.peer_principal",
74
				Matcher: &matcher.FilterStateMatcher_StringMatch{
75
					StringMatch: name,
76
				},
77
			},
78
		},
79
	}
80
}
81

82
func principalDirectRemoteIP(cidr *core.CidrRange) *rbacpb.Principal {
83
	return &rbacpb.Principal{
84
		Identifier: &rbacpb.Principal_DirectRemoteIp{
85
			DirectRemoteIp: cidr,
86
		},
87
	}
88
}
89

90
func principalRemoteIP(cidr *core.CidrRange) *rbacpb.Principal {
91
	return &rbacpb.Principal{
92
		Identifier: &rbacpb.Principal_RemoteIp{
93
			RemoteIp: cidr,
94
		},
95
	}
96
}
97

98
func principalMetadata(metadata *matcher.MetadataMatcher) *rbacpb.Principal {
99
	return &rbacpb.Principal{
100
		Identifier: &rbacpb.Principal_Metadata{
101
			Metadata: metadata,
102
		},
103
	}
104
}
105

106
func principalHeader(header *routepb.HeaderMatcher) *rbacpb.Principal {
107
	return &rbacpb.Principal{
108
		Identifier: &rbacpb.Principal_Header{
109
			Header: header,
110
		},
111
	}
112
}
113
istio

Использование cookies
