consul/agent/connect/uri_service.go

55 lines
1.3 KiB
Go
Raw Normal View History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
2018-03-26 00:39:18 +00:00
package connect
import (
"fmt"
2018-03-26 00:39:18 +00:00
"net/url"
"github.com/hashicorp/consul/acl"
2018-03-26 00:39:18 +00:00
)
// SpiffeIDService is the structure to represent the SPIFFE ID for a service.
type SpiffeIDService struct {
Host string
Partition string
2018-03-26 00:39:18 +00:00
Namespace string
Datacenter string
Service string
}
func (id SpiffeIDService) NamespaceOrDefault() string {
return acl.NamespaceOrDefault(id.Namespace)
}
func (id SpiffeIDService) MatchesPartition(partition string) bool {
return id.PartitionOrDefault() == acl.PartitionOrDefault(partition)
}
2018-03-26 00:39:18 +00:00
// URI returns the *url.URL for this SPIFFE ID.
func (id SpiffeIDService) URI() *url.URL {
2018-03-26 00:39:18 +00:00
var result url.URL
result.Scheme = "spiffe"
result.Host = id.Host
result.Path = id.uriPath()
2018-03-26 00:39:18 +00:00
return &result
}
func (id SpiffeIDService) uriPath() string {
path := fmt.Sprintf("/ns/%s/dc/%s/svc/%s",
id.NamespaceOrDefault(),
id.Datacenter,
id.Service,
)
// Although CE has no support for partitions, it still needs to be able to
// handle exportedPartition from peered Consul Enterprise clusters in order
// to generate the correct SpiffeID.
// We intentionally avoid using pbpartition.DefaultName here to be CE friendly.
if ap := id.PartitionOrDefault(); ap != "" && ap != "default" {
return "/ap/" + ap + path
}
return path
}