48 lines
1.0 KiB
Go
48 lines
1.0 KiB
Go
package spiffeid
|
|
|
|
import "fmt"
|
|
|
|
// Matcher is used to match a SPIFFE ID.
|
|
type Matcher func(ID) error
|
|
|
|
// MatchAny matches any SPIFFE ID.
|
|
func MatchAny() Matcher {
|
|
return Matcher(func(actual ID) error {
|
|
return nil
|
|
})
|
|
}
|
|
|
|
// MatchID matches a specific SPIFFE ID.
|
|
func MatchID(expected ID) Matcher {
|
|
return Matcher(func(actual ID) error {
|
|
if actual != expected {
|
|
return fmt.Errorf("unexpected ID %q", actual)
|
|
}
|
|
return nil
|
|
})
|
|
}
|
|
|
|
// MatchOneOf matches any SPIFFE ID in the given list of IDs.
|
|
func MatchOneOf(expected ...ID) Matcher {
|
|
set := make(map[ID]struct{})
|
|
for _, id := range expected {
|
|
set[id] = struct{}{}
|
|
}
|
|
return Matcher(func(actual ID) error {
|
|
if _, ok := set[actual]; !ok {
|
|
return fmt.Errorf("unexpected ID %q", actual)
|
|
}
|
|
return nil
|
|
})
|
|
}
|
|
|
|
// MatchMemberOf matches any SPIFFE ID in the given trust domain.
|
|
func MatchMemberOf(expected TrustDomain) Matcher {
|
|
return Matcher(func(actual ID) error {
|
|
if !actual.MemberOf(expected) {
|
|
return fmt.Errorf("unexpected trust domain %q", actual.TrustDomain())
|
|
}
|
|
return nil
|
|
})
|
|
}
|