forked from linkerd/linkerd2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
domain.go
36 lines (29 loc) · 1023 Bytes
/
domain.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
package identity
import (
"fmt"
"k8s.io/apimachinery/pkg/util/validation"
)
// TrustDomain is a namespace for identities.
type TrustDomain struct {
controlNS, domain string
}
// NewTrustDomain creates a new identity namespace.
func NewTrustDomain(controlNS, domain string) (*TrustDomain, error) {
if errs := validation.IsDNS1123Label(controlNS); len(errs) > 0 {
return nil, fmt.Errorf("invalid label '%s': %s", controlNS, errs[0])
}
if errs := validation.IsDNS1123Subdomain(domain); len(errs) > 0 {
return nil, fmt.Errorf("invalid domain '%s': %s", domain, errs[0])
}
return &TrustDomain{controlNS, domain}, nil
}
// Identity formats the identity for a K8s user.
func (d *TrustDomain) Identity(typ, nm, ns string) (string, error) {
for _, l := range []string{typ, nm, ns} {
if errs := validation.IsDNS1123Label(l); len(errs) > 0 {
return "", fmt.Errorf("invalid label '%s': %s", l, errs[0])
}
}
id := fmt.Sprintf("%s.%s.%s.identity.%s.%s", nm, ns, typ, d.controlNS, d.domain)
return id, nil
}