mirror of
https://github.com/status-im/consul.git
synced 2025-02-06 10:54:11 +00:00
3e6f1c1fe1
* remove v2 tenancy, catalog, and mesh - Inline the v2tenancy experiment to false - Inline the resource-apis experiment to false - Inline the hcp-v2-resource-apis experiment to false - Remove ACL policy templates and rule language changes related to workload identities (a v2-only concept) (e.g. identity and identity_prefix) - Update the gRPC endpoint used by consul-dataplane to no longer respond specially for v2 - Remove stray v2 references scattered throughout the DNS v1.5 newer implementation. * changelog * go mod tidy on consul containers * lint fixes from ENT --------- Co-authored-by: John Murret <john.murret@hashicorp.com>
55 lines
1.3 KiB
Go
55 lines
1.3 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package connect
|
|
|
|
import (
|
|
"fmt"
|
|
"net/url"
|
|
|
|
"github.com/hashicorp/consul/acl"
|
|
)
|
|
|
|
// SpiffeIDService is the structure to represent the SPIFFE ID for a service.
|
|
type SpiffeIDService struct {
|
|
Host string
|
|
Partition string
|
|
Namespace string
|
|
Datacenter string
|
|
Service string
|
|
}
|
|
|
|
func (id SpiffeIDService) NamespaceOrDefault() string {
|
|
return acl.NamespaceOrDefault(id.Namespace)
|
|
}
|
|
|
|
func (id SpiffeIDService) MatchesPartition(partition string) bool {
|
|
return id.PartitionOrDefault() == acl.PartitionOrDefault(partition)
|
|
}
|
|
|
|
// URI returns the *url.URL for this SPIFFE ID.
|
|
func (id SpiffeIDService) URI() *url.URL {
|
|
var result url.URL
|
|
result.Scheme = "spiffe"
|
|
result.Host = id.Host
|
|
result.Path = id.uriPath()
|
|
return &result
|
|
}
|
|
|
|
func (id SpiffeIDService) uriPath() string {
|
|
path := fmt.Sprintf("/ns/%s/dc/%s/svc/%s",
|
|
id.NamespaceOrDefault(),
|
|
id.Datacenter,
|
|
id.Service,
|
|
)
|
|
|
|
// Although CE has no support for partitions, it still needs to be able to
|
|
// handle exportedPartition from peered Consul Enterprise clusters in order
|
|
// to generate the correct SpiffeID.
|
|
// We intentionally avoid using pbpartition.DefaultName here to be CE friendly.
|
|
if ap := id.PartitionOrDefault(); ap != "" && ap != "default" {
|
|
return "/ap/" + ap + path
|
|
}
|
|
return path
|
|
}
|