Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use auth to decrypt signature and use container name for audience #9775

Merged
merged 9 commits into from
Jan 11, 2024
Merged

Use auth to decrypt signature and use container name for audience #9775

merged 9 commits into from
Jan 11, 2024

Conversation

Tonewall
Copy link
Contributor

@Tonewall Tonewall commented Jan 8, 2024
edited
Loading

Backporting parts of #9325 and #9348

Issue describing the changes in this PR

Uses Container name as the valid audience for placeholders in Linux Consumption because sitename are not present when in placeholder mode. This PR also includes changes to accept signature as part of the token for container assignment.

Pull request checklist

  • My changes do not require documentation changes
    • Otherwise: Documentation issue linked to PR
  • My changes should not be added to the release notes for the next release
    • Otherwise: I've added my notes to release_notes.md
  • My changes do not need to be backported to a previous version
    • Otherwise: Backport tracked by issue/PR #issue_or_pr
  • My changes do not require diagnostic events changes
    • Otherwise: I have added/updated all related diagnostic events and their documentation (Documentation issue linked to PR)
  • I have added all required tests (Unit tests, E2E tests)

@mathewc mathewc mentioned this pull request Jan 9, 2024
Merged
8 tasks
@mathewc
Copy link
Member

mathewc commented Jan 10, 2024

The description of this PR should be updated so it describes the actual change being made. Also, it doesn't seem you're linking to the actual changes you're backporting from. I think you're trying to backport a portion of #9348?

@Tonewall Tonewall changed the title U/tonychoi/v3.x backport Use auth to decrypt signature and use container name for audience Jan 10, 2024
@Tonewall
Copy link
Contributor Author

The description of this PR should be updated so it describes the actual change being made. Also, it doesn't seem you're linking to the actual changes you're backporting from. I think you're trying to backport a portion of #9348?

Updated the PR name and linked the PRs backporting from

fabiocav
fabiocav requested changes Jan 10, 2024
View reviewed changes
Copy link
Member

@fabiocav fabiocav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you please make sure all PR details and information about the change are present?

mathewc
mathewc previously approved these changes Jan 10, 2024
View reviewed changes
@Tonewall
Copy link
Contributor Author

Can you please make sure all PR details and information about the change are present?

Filled out the PR description with the changes in the PR

@Tonewall
Copy link
Contributor Author

@fabiocav could you have another look?

fabiocav
fabiocav reviewed Jan 11, 2024
View reviewed changes
Copy link
Member

@fabiocav fabiocav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing change request, but would like to make sure @mathewc approves as well

@fabiocav fabiocav self-requested a review January 11, 2024 02:39
@Tonewall Tonewall merged commit 0848b70 into v3.x Jan 11, 2024
6 checks passed
@Tonewall Tonewall deleted the u/tonychoi/v3.x-backport branch January 11, 2024 17:40
VpOfEngineering pushed a commit that referenced this pull request Jan 11, 2024
@Tonewall
Use auth to decrypt signature and use container name for audience (#9775
e7a5bbd 
)

* Update valid audience for legion applications during specialization

* Update valid audience for legion applications during specialization P2

* fix inden

* Use auth to decrypt signature

* missed commit

* Adding logger and audience/issuer validator back

* fixing indentation

* Revert indentation

* Unit test to validate audience

---------

Co-authored-by: Tony Choi <tonychoi@microsoft.com>
@VpOfEngineering VpOfEngineering mentioned this pull request Jan 11, 2024
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mathewc mathewc mathewc approved these changes

@fabiocav fabiocav fabiocav approved these changes

@pragnagopa pragnagopa Awaiting requested review from pragnagopa

@yojagad yojagad Awaiting requested review from yojagad

@balag0 balag0 Awaiting requested review from balag0

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Tonewall @mathewc @fabiocav