-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Write go-spiffe compatible keys #12
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: charlieegan3, jakexks The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a test to ensure that the x509.Load
function call will work on written key pairs from this function.
Signed-off-by: Charlie Egan <charlieegan3@users.noreply.github.com>
This test has been added to show that the generated PEM encoded key file can be loaded by go-spiffe Signed-off-by: Charlie Egan <charlieegan3@users.noreply.github.com>
I tried to create a driver and test the Let me know what you think. |
@charlieegan3 can we not write a unit test that unit tests the
|
@charlieegan3: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Perhaps I can fashion one without using New. Let me have a play. |
@charlieegan3: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Closing in favour of #13 |
We have been using csi-driver-spiffe with a workload based on go-spiffe and found that the EC private key created by the driver is not compatible. go-spiffe uses https://cs.opensource.google/go/go/+/go1.18.1:src/crypto/x509/pkcs8.go;l=33
We are calling Load:
https://github.com/spiffe/go-spiffe/blob/31de176038793c17cf7e77f23e61401160c7d6c9/v2/svid/x509svid/svid.go#L33
This eventually calls:
https://github.com/spiffe/go-spiffe/blob/31de176038793c17cf7e77f23e61401160c7d6c9/v2/internal/pemutil/pem.go#L110-L114
This PR when complete will have the csi driver write a compatible key format instead so that keys can be used by go-spiffe based workloads.
Signed-off-by: Charlie Egan charlieegan3@users.noreply.github.com