istio

authentication.go
117 строк · 3.5 Кб
Перенос по словам
1
// Copyright Istio Authors
2
//
3
// Licensed under the Apache License, Version 2.0 (the "License");
4
// you may not use this file except in compliance with the License.
5
// You may obtain a copy of the License at
6
//
7
//     http://www.apache.org/licenses/LICENSE-2.0
8
//
9
// Unless required by applicable law or agreed to in writing, software
10
// distributed under the License is distributed on an "AS IS" BASIS,
11
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
// See the License for the specific language governing permissions and
13
// limitations under the License.
14

15
package model
16

17
import (
18
	"time"
19

20
	core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
21
	tls "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3"
22
	"google.golang.org/protobuf/types/known/durationpb"
23
)
24

25
const (
26
	// SDSClusterName is the name of the cluster for SDS connections
27
	SDSClusterName = "sds-grpc"
28

29
	// SDSDefaultResourceName is the default name in sdsconfig, used for fetching normal key/cert.
30
	SDSDefaultResourceName = "default"
31

32
	// SDSRootResourceName is the sdsconfig name for root CA, used for fetching root cert.
33
	SDSRootResourceName = "ROOTCA"
34
)
35

36
// Preconfigured SDS configs to avoid excessive memory allocations
37
var (
38
	defaultSDSConfig = &tls.SdsSecretConfig{
39
		Name: SDSDefaultResourceName,
40
		SdsConfig: &core.ConfigSource{
41
			ConfigSourceSpecifier: &core.ConfigSource_ApiConfigSource{
42
				ApiConfigSource: &core.ApiConfigSource{
43
					ApiType:                   core.ApiConfigSource_GRPC,
44
					SetNodeOnFirstMessageOnly: true,
45
					TransportApiVersion:       core.ApiVersion_V3,
46
					GrpcServices: []*core.GrpcService{
47
						{
48
							TargetSpecifier: &core.GrpcService_EnvoyGrpc_{
49
								EnvoyGrpc: &core.GrpcService_EnvoyGrpc{ClusterName: SDSClusterName},
50
							},
51
						},
52
					},
53
				},
54
			},
55
			ResourceApiVersion:  core.ApiVersion_V3,
56
			InitialFetchTimeout: durationpb.New(time.Second * 0),
57
		},
58
	}
59
	rootSDSConfig = &tls.SdsSecretConfig{
60
		Name: SDSRootResourceName,
61
		SdsConfig: &core.ConfigSource{
62
			ConfigSourceSpecifier: &core.ConfigSource_ApiConfigSource{
63
				ApiConfigSource: &core.ApiConfigSource{
64
					ApiType:                   core.ApiConfigSource_GRPC,
65
					SetNodeOnFirstMessageOnly: true,
66
					TransportApiVersion:       core.ApiVersion_V3,
67
					GrpcServices: []*core.GrpcService{
68
						{
69
							TargetSpecifier: &core.GrpcService_EnvoyGrpc_{
70
								EnvoyGrpc: &core.GrpcService_EnvoyGrpc{ClusterName: SDSClusterName},
71
							},
72
						},
73
					},
74
				},
75
			},
76
			ResourceApiVersion:  core.ApiVersion_V3,
77
			InitialFetchTimeout: durationpb.New(time.Second * 0),
78
		},
79
	}
80
)
81

82
// ConstructSdsSecretConfig constructs SDS Secret Configuration for workload proxy.
83
func ConstructSdsSecretConfig(name string) *tls.SdsSecretConfig {
84
	if name == "" {
85
		return nil
86
	}
87

88
	if name == SDSDefaultResourceName {
89
		return defaultSDSConfig
90
	}
91
	if name == SDSRootResourceName {
92
		return rootSDSConfig
93
	}
94

95
	cfg := &tls.SdsSecretConfig{
96
		Name: name,
97
		SdsConfig: &core.ConfigSource{
98
			ConfigSourceSpecifier: &core.ConfigSource_ApiConfigSource{
99
				ApiConfigSource: &core.ApiConfigSource{
100
					SetNodeOnFirstMessageOnly: true,
101
					ApiType:                   core.ApiConfigSource_GRPC,
102
					TransportApiVersion:       core.ApiVersion_V3,
103
					GrpcServices: []*core.GrpcService{
104
						{
105
							TargetSpecifier: &core.GrpcService_EnvoyGrpc_{
106
								EnvoyGrpc: &core.GrpcService_EnvoyGrpc{ClusterName: SDSClusterName},
107
							},
108
						},
109
					},
110
				},
111
			},
112
			ResourceApiVersion: core.ApiVersion_V3,
113
		},
114
	}
115

116
	return cfg
117
}
118
istio

Использование cookies
