7
"github.com/golang-jwt/jwt/v4"
9
"github.com/kumahq/kuma/pkg/core/tokens"
12
// DataplaneTokenIssuer issues Dataplane Tokens used then for proving identity of the dataplanes.
13
// Issued token can be bound by name, mesh or tags so you can pick your level of security.
14
type DataplaneTokenIssuer interface {
15
Generate(ctx context.Context, identity DataplaneIdentity, validFor time.Duration) (tokens.Token, error)
18
func NewDataplaneTokenIssuer(issuers func(string) tokens.Issuer) DataplaneTokenIssuer {
19
return &jwtTokenIssuer{
24
var _ DataplaneTokenIssuer = &jwtTokenIssuer{}
26
type jwtTokenIssuer struct {
27
issuers func(string) tokens.Issuer
30
func (i *jwtTokenIssuer) Generate(ctx context.Context, identity DataplaneIdentity, validFor time.Duration) (tokens.Token, error) {
31
tags := map[string][]string{}
32
for tagName := range identity.Tags {
33
tags[tagName] = identity.Tags.Values(tagName)
36
claims := &DataplaneClaims{
40
Type: string(identity.Type),
41
RegisteredClaims: jwt.RegisteredClaims{},
44
return i.issuers(identity.Mesh).Generate(ctx, claims, validFor)
47
type DisabledIssuer struct{}
49
var _ DataplaneTokenIssuer = &DisabledIssuer{}
51
func (d DisabledIssuer) Generate(context.Context, DataplaneIdentity, time.Duration) (tokens.Token, error) {
52
return "", tokens.IssuerDisabled