kuma

1
package zoneingress
2

3
import (
4
	"context"
5
	"time"
6

7
	"github.com/kumahq/kuma/pkg/core/tokens"
8
)
9

10
type Token = string
11

12
type Identity struct {
13
	Zone string
14
}
15

16
// TokenIssuer issues Zone Ingress Tokens used then for proving identity of the zone ingresses.
17
// Issued token can be bound by zone name.
18
// See pkg/sds/auth/universal/authenticator.go to check algorithm for authentication
19
type TokenIssuer interface {
20
	Generate(ctx context.Context, identity Identity, validFor time.Duration) (tokens.Token, error)
21
}
22

23
var _ TokenIssuer = &jwtTokenIssuer{}
24

25
func NewTokenIssuer(issuer tokens.Issuer) TokenIssuer {
26
	return &jwtTokenIssuer{
27
		issuer: issuer,
28
	}
29
}
30

31
type jwtTokenIssuer struct {
32
	issuer tokens.Issuer
33
}
34

35
func (j *jwtTokenIssuer) Generate(ctx context.Context, identity Identity, validFor time.Duration) (Token, error) {
36
	claims := &ZoneIngressClaims{
37
		Zone: identity.Zone,
38
	}
39
	return j.issuer.Generate(ctx, claims, validFor)
40
}
41