Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Injector: Change daprd projected token audience to sentry SPIFFE ID #7041

Merged
merged 5 commits into from Jan 19, 2024
Merged

Injector: Change daprd projected token audience to sentry SPIFFE ID #7041

merged 5 commits into from Jan 19, 2024

Conversation

JoshVanL
Copy link
Contributor

@JoshVanL JoshVanL commented Oct 15, 2023
edited

Inject the SPIFFE ID of sentry as the daprd sentry token audience over the legacy dapr.io/sentry. More secure as it is more specific to the dapr cluster installation control plane trust domain and control plane namespace. The control plane components are already using the sentry SPIFFE ID of sentry as their identity token audience.

The legacy dapr.io/sentry audience continues to be accepted by sentry for backwards compatibility.

Part of #5756

@codecov
Copy link

codecov bot commented Oct 15, 2023
edited

Codecov Report

Attention: 1 lines in your changes are missing coverage. Please review.

Comparison is base (09b9292) 62.23% compared to head (9fbc05e) 62.26%.

Files Patch % Lines
pkg/injector/service/injector.go 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #7041      +/-   ##
==========================================
+ Coverage   62.23%   62.26%   +0.03%     
==========================================
  Files         240      240              
  Lines       22135    22137       +2     
==========================================
+ Hits        13776    13784       +8     
+ Misses       7209     7200       -9     
- Partials     1150     1153       +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@JoshVanL
Copy link
Contributor Author

/test-version-skew

@dapr-bot
Copy link
Collaborator

dapr-bot commented Oct 21, 2023
edited

Dapr Version Skew test (control-plane-master - 1.12.0)

🔗 Link to Action run

Commit ref: 8f4b117

✅ Version Skew tests passed

@dapr-bot
Copy link
Collaborator

dapr-bot commented Oct 21, 2023
edited

Dapr Version Skew test (dapr-sidecar-master - 1.12.0)

🔗 Link to Action run

Commit ref: 8f4b117

❌ Version Skew tests failed

Please check the logs for details on the error.

@JoshVanL JoshVanL added the autoupdate DaprBot will keep the Pull Request up to date with master branch label Oct 21, 2023
@JoshVanL JoshVanL marked this pull request as ready for review October 21, 2023 15:18
@JoshVanL JoshVanL requested review from a team as code owners October 21, 2023 15:18
@JoshVanL JoshVanL added this to the v1.13 milestone Nov 28, 2023
@JoshVanL JoshVanL added the P0 label Dec 7, 2023
@JoshVanL JoshVanL mentioned this pull request Dec 7, 2023
Closed
@JoshVanL JoshVanL force-pushed the injector-patcher-daprd-sentry-audience branch from cea11af to 52cae4b Compare January 14, 2024 16:33
@yaron2
Copy link
Member

yaron2 commented Jan 14, 2024

/test-version-skew

@dapr-bot
Copy link
Collaborator

dapr-bot commented Jan 14, 2024
edited

Dapr Version Skew integration test (control-plane-master - 1.12.3)

🔗 Link to Action run

Commit ref: 52cae4b

✅ Version Skew tests passed

@dapr-bot

This comment has been minimized.

Sign in to view
@dapr-bot
Copy link
Collaborator

dapr-bot commented Jan 14, 2024
edited

Dapr Version Skew e2e test (control-plane-master - 1.12.3)

🔗 Link to Action run

Commit ref: 52cae4b

✅ Version Skew tests passed

@dapr-bot
Copy link
Collaborator

dapr-bot commented Jan 14, 2024
edited

Dapr Version Skew integration test (dapr-sidecar-master - 1.12.3)

🔗 Link to Action run

Commit ref: 52cae4b

✅ Version Skew tests passed

@dapr-bot
Copy link
Collaborator

❌ Version Skew tests failed

Please check the logs for details on the error.

@JoshVanL
Injector: Change daprd projected token audience to sentry SPIFFE ID
98792c3 
Signed-off-by: joshvanl <me@joshvanl.dev>
@JoshVanL
Linting
ea6de1b 
Signed-off-by: joshvanl <me@joshvanl.dev>
@JoshVanL
Change SidecarConfig to use string type for SentrySPIFFEID
6973095 
Signed-off-by: joshvanl <me@joshvanl.dev>
@JoshVanL JoshVanL force-pushed the injector-patcher-daprd-sentry-audience branch from 08125f6 to 6973095 Compare January 18, 2024 16:40
@JoshVanL JoshVanL mentioned this pull request Jan 18, 2024
Open
@yaron2 yaron2 merged commit 8c5551d into dapr:master Jan 19, 2024
20 of 22 checks passed
whytem pushed a commit to whytem/dapr that referenced this pull request Jan 22, 2024
@JoshVanL @yaron2
@dapr-bot @whytem
Injector: Change daprd projected token audience to sentry SPIFFE ID (d…
50cc6ea 
…apr#7041)

* Injector: Change daprd projected token audience to sentry SPIFFE ID

Signed-off-by: joshvanl <me@joshvanl.dev>

* Linting

Signed-off-by: joshvanl <me@joshvanl.dev>

* Change SidecarConfig to use string type for SentrySPIFFEID

Signed-off-by: joshvanl <me@joshvanl.dev>

---------

Signed-off-by: joshvanl <me@joshvanl.dev>
Co-authored-by: Yaron Schneider <schneider.yaron@live.com>
Co-authored-by: Dapr Bot <56698301+dapr-bot@users.noreply.github.com>
elena-kolevska pushed a commit to elena-kolevska/dapr that referenced this pull request Jan 24, 2024
@JoshVanL @yaron2
@dapr-bot @elena-kolevska
Injector: Change daprd projected token audience to sentry SPIFFE ID (d…
c768741 
…apr#7041)

* Injector: Change daprd projected token audience to sentry SPIFFE ID

Signed-off-by: joshvanl <me@joshvanl.dev>

* Linting

Signed-off-by: joshvanl <me@joshvanl.dev>

* Change SidecarConfig to use string type for SentrySPIFFEID

Signed-off-by: joshvanl <me@joshvanl.dev>

---------

Signed-off-by: joshvanl <me@joshvanl.dev>
Co-authored-by: Yaron Schneider <schneider.yaron@live.com>
Co-authored-by: Dapr Bot <56698301+dapr-bot@users.noreply.github.com>
elena-kolevska added a commit to elena-kolevska/dapr that referenced this pull request Jan 24, 2024
@elena-kolevska
Revert "Injector: Change daprd projected token audience to sentry SPI…
127dfdc 
…FFE ID (dapr#7041)"

This reverts commit c768741.
elena-kolevska pushed a commit to elena-kolevska/dapr that referenced this pull request Jan 25, 2024
@JoshVanL @yaron2
@dapr-bot @elena-kolevska
Injector: Change daprd projected token audience to sentry SPIFFE ID (d…
8fe9c94 
…apr#7041)

* Injector: Change daprd projected token audience to sentry SPIFFE ID

Signed-off-by: joshvanl <me@joshvanl.dev>

* Linting

Signed-off-by: joshvanl <me@joshvanl.dev>

* Change SidecarConfig to use string type for SentrySPIFFEID

Signed-off-by: joshvanl <me@joshvanl.dev>

---------

Signed-off-by: joshvanl <me@joshvanl.dev>
Co-authored-by: Yaron Schneider <schneider.yaron@live.com>
Co-authored-by: Dapr Bot <56698301+dapr-bot@users.noreply.github.com>
Signed-off-by: Elena Kolevska <elena@kolevska.com>
elena-kolevska added a commit to elena-kolevska/dapr that referenced this pull request Jan 25, 2024
@elena-kolevska
Revert "Injector: Change daprd projected token audience to sentry SPI…
c71a53a 
…FFE ID (dapr#7041)"

This reverts commit c768741.

Signed-off-by: Elena Kolevska <elena@kolevska.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ItalyPaleAle ItalyPaleAle ItalyPaleAle requested changes

@yaron2 yaron2 yaron2 approved these changes

Assignees
No one assigned
Labels
autoupdate DaprBot will keep the Pull Request up to date with master branch P0
Projects
v1.13 Release Tracking Board
Status: Done
Milestone
v1.13
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@JoshVanL @dapr-bot @yaron2 @ItalyPaleAle