github.com/outbrain/consul@v1.4.5/agent/connect/uri_service.go

github.com/outbrain/consul@v1.4.5/agent/connect/uri_service.go (about)

     1  package connect
     2  
     3  import (
     4  	"fmt"
     5  	"net/url"
     6  
     7  	"github.com/hashicorp/consul/agent/structs"
     8  )
     9  
    10  // SpiffeIDService is the structure to represent the SPIFFE ID for a service.
    11  type SpiffeIDService struct {
    12  	Host       string
    13  	Namespace  string
    14  	Datacenter string
    15  	Service    string
    16  }
    17  
    18  // URI returns the *url.URL for this SPIFFE ID.
    19  func (id *SpiffeIDService) URI() *url.URL {
    20  	var result url.URL
    21  	result.Scheme = "spiffe"
    22  	result.Host = id.Host
    23  	result.Path = fmt.Sprintf("/ns/%s/dc/%s/svc/%s",
    24  		id.Namespace, id.Datacenter, id.Service)
    25  	return &result
    26  }
    27  
    28  // CertURI impl.
    29  func (id *SpiffeIDService) Authorize(ixn *structs.Intention) (bool, bool) {
    30  	if ixn.SourceNS != structs.IntentionWildcard && ixn.SourceNS != id.Namespace {
    31  		// Non-matching namespace
    32  		return false, false
    33  	}
    34  
    35  	if ixn.SourceName != structs.IntentionWildcard && ixn.SourceName != id.Service {
    36  		// Non-matching name
    37  		return false, false
    38  	}
    39  
    40  	// Match, return allow value
    41  	return ixn.Action == structs.IntentionActionAllow, true
    42  }