kuma

1
package issuer
2

3
import (
4
	"context"
5
	"time"
6

7
	"github.com/golang-jwt/jwt/v4"
8

9
	"github.com/kumahq/kuma/pkg/core/tokens"
10
)
11

12
// DataplaneTokenIssuer issues Dataplane Tokens used then for proving identity of the dataplanes.
13
// Issued token can be bound by name, mesh or tags so you can pick your level of security.
14
type DataplaneTokenIssuer interface {
15
	Generate(ctx context.Context, identity DataplaneIdentity, validFor time.Duration) (tokens.Token, error)
16
}
17

18
func NewDataplaneTokenIssuer(issuers func(string) tokens.Issuer) DataplaneTokenIssuer {
19
	return &jwtTokenIssuer{
20
		issuers: issuers,
21
	}
22
}
23

24
var _ DataplaneTokenIssuer = &jwtTokenIssuer{}
25

26
type jwtTokenIssuer struct {
27
	issuers func(string) tokens.Issuer
28
}
29

30
func (i *jwtTokenIssuer) Generate(ctx context.Context, identity DataplaneIdentity, validFor time.Duration) (tokens.Token, error) {
31
	tags := map[string][]string{}
32
	for tagName := range identity.Tags {
33
		tags[tagName] = identity.Tags.Values(tagName)
34
	}
35

36
	claims := &DataplaneClaims{
37
		Name:             identity.Name,
38
		Mesh:             identity.Mesh,
39
		Tags:             tags,
40
		Type:             string(identity.Type),
41
		RegisteredClaims: jwt.RegisteredClaims{},
42
	}
43

44
	return i.issuers(identity.Mesh).Generate(ctx, claims, validFor)
45
}
46

47
type DisabledIssuer struct{}
48

49
var _ DataplaneTokenIssuer = &DisabledIssuer{}
50

51
func (d DisabledIssuer) Generate(context.Context, DataplaneIdentity, time.Duration) (tokens.Token, error) {
52
	return "", tokens.IssuerDisabled
53
}
54