New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Injector: Change daprd projected token audience to sentry SPIFFE ID #7041
Injector: Change daprd projected token audience to sentry SPIFFE ID #7041
Conversation
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## master #7041 +/- ##
==========================================
+ Coverage 62.23% 62.26% +0.03%
==========================================
Files 240 240
Lines 22135 22137 +2
==========================================
+ Hits 13776 13784 +8
+ Misses 7209 7200 -9
- Partials 1150 1153 +3 ☔ View full report in Codecov by Sentry. |
/test-version-skew |
Dapr Version Skew test (control-plane-master - 1.12.0)Commit ref: 8f4b117 ✅ Version Skew tests passed |
Dapr Version Skew test (dapr-sidecar-master - 1.12.0)Commit ref: 8f4b117 ❌ Version Skew tests failedPlease check the logs for details on the error. |
cea11af
to
52cae4b
Compare
/test-version-skew |
Dapr Version Skew integration test (control-plane-master - 1.12.3)Commit ref: 52cae4b ✅ Version Skew tests passed |
This comment has been minimized.
This comment has been minimized.
Dapr Version Skew e2e test (control-plane-master - 1.12.3)Commit ref: 52cae4b ✅ Version Skew tests passed |
Dapr Version Skew integration test (dapr-sidecar-master - 1.12.3)Commit ref: 52cae4b ✅ Version Skew tests passed |
❌ Version Skew tests failedPlease check the logs for details on the error. |
Signed-off-by: joshvanl <me@joshvanl.dev>
Signed-off-by: joshvanl <me@joshvanl.dev>
08125f6
to
6973095
Compare
…apr#7041) * Injector: Change daprd projected token audience to sentry SPIFFE ID Signed-off-by: joshvanl <me@joshvanl.dev> * Linting Signed-off-by: joshvanl <me@joshvanl.dev> * Change SidecarConfig to use string type for SentrySPIFFEID Signed-off-by: joshvanl <me@joshvanl.dev> --------- Signed-off-by: joshvanl <me@joshvanl.dev> Co-authored-by: Yaron Schneider <schneider.yaron@live.com> Co-authored-by: Dapr Bot <56698301+dapr-bot@users.noreply.github.com>
…apr#7041) * Injector: Change daprd projected token audience to sentry SPIFFE ID Signed-off-by: joshvanl <me@joshvanl.dev> * Linting Signed-off-by: joshvanl <me@joshvanl.dev> * Change SidecarConfig to use string type for SentrySPIFFEID Signed-off-by: joshvanl <me@joshvanl.dev> --------- Signed-off-by: joshvanl <me@joshvanl.dev> Co-authored-by: Yaron Schneider <schneider.yaron@live.com> Co-authored-by: Dapr Bot <56698301+dapr-bot@users.noreply.github.com>
…apr#7041) * Injector: Change daprd projected token audience to sentry SPIFFE ID Signed-off-by: joshvanl <me@joshvanl.dev> * Linting Signed-off-by: joshvanl <me@joshvanl.dev> * Change SidecarConfig to use string type for SentrySPIFFEID Signed-off-by: joshvanl <me@joshvanl.dev> --------- Signed-off-by: joshvanl <me@joshvanl.dev> Co-authored-by: Yaron Schneider <schneider.yaron@live.com> Co-authored-by: Dapr Bot <56698301+dapr-bot@users.noreply.github.com> Signed-off-by: Elena Kolevska <elena@kolevska.com>
Inject the SPIFFE ID of sentry as the daprd sentry token audience over the legacy
dapr.io/sentry
. More secure as it is more specific to the dapr cluster installation control plane trust domain and control plane namespace. The control plane components are already using the sentry SPIFFE ID of sentry as their identity token audience.The legacy
dapr.io/sentry
audience continues to be accepted by sentry for backwards compatibility.Part of #5756