Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updates node API to support JWT SVID #544

Merged
merged 1 commit into from
Jul 23, 2018
Merged

Updates node API to support JWT SVID #544

merged 1 commit into from
Jul 23, 2018

Conversation

azdagron
Copy link
Member

  • Adds JWT methods to node API and renames things to clearly distinguish
    between JWT and X509
  • Updates agent client to support fetching JWT SVIDs
  • Provides server stub

Fixes #495

@azdagron
Updates node API to support JWT SVID
5005aaf 
- Adds JWT methods to node API and renames things to clearly distinguish
between JWT and X509
- Updates agent client to support fetching JWT SVIDs
- Provides server stub

Signed-off-by: Andrew Harding <azdagron@gmail.com>
evan2645
evan2645 approved these changes Jul 23, 2018
View reviewed changes
Copy link
Member

@evan2645 evan2645 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

proto/api/node/node.proto
string spiffe_id = 1;

// List of intended audience
repeated string audience = 2;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Side note: any thoughts on where token lifetime might get configured?

Copy link
Member Author

@azdagron azdagron Jul 23, 2018
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

expiration isn't part of x509-SVID CSR's and the expiration is configured in one of two ways:

  1. Agent SVID's get the default TTL
  2. Workload SVID's get a TTL based on the registration entry.

I intended JWT-SVID's to follow suit.

@azdagron azdagron merged commit 79c6a7c into spiffe:master Jul 23, 2018
@azdagron azdagron deleted the node-api-jwt-svid-support branch July 23, 2018 20:13
@skdwriting skdwriting mentioned this pull request Dec 3, 2018
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evan2645 evan2645 evan2645 approved these changes

@amartinezfayo amartinezfayo Awaiting requested review from amartinezfayo

@MarcosDY MarcosDY Awaiting requested review from MarcosDY

@martincapello martincapello Awaiting requested review from martincapello

@walmav walmav Awaiting requested review from walmav

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@azdagron @evan2645