diff --git a/internal/pkg/spire/spire.go b/internal/pkg/spire/spire.go
index 4684c9f..4077e07 100644
--- a/internal/pkg/spire/spire.go
+++ b/internal/pkg/spire/spire.go
@@ -11,6 +11,7 @@ import (
"time"
kubeutil "github.com/cofide/cofidectl/internal/pkg/kube"
+ "github.com/spiffe/go-spiffe/v2/spiffeid"
types "github.com/spiffe/spire-api-sdk/proto/spire/api/types"
appsv1 "k8s.io/api/apps/v1"
v1 "k8s.io/api/core/v1"
@@ -218,7 +219,7 @@ func getPodsforDaemonSet(ctx context.Context, client *kubeutil.Client, daemonset
// RegisteredEntry contains details of a workload registered with SPIRE
type RegisteredEntry struct {
- Id *types.SPIFFEID
+ Id string
}
func GetRegistrationEntries(ctx context.Context, client *kubeutil.Client) (map[string]*RegisteredEntry, error) {
@@ -257,8 +258,25 @@ func GetRegistrationEntries(ctx context.Context, client *kubeutil.Client) (map[s
continue
}
- registrationEntriesMap[podUID] = &RegisteredEntry{registrationEntry.Id}
+ id, err := formatIdUrl(registrationEntry.Id)
+ if err != nil {
+ return nil, err
+ }
+ registrationEntriesMap[podUID] = &RegisteredEntry{Id: id}
}
return registrationEntriesMap, nil
}
+
+// formatIdUrl formats a SPIFFE ID as a URL string.
+func formatIdUrl(id *types.SPIFFEID) (string, error) {
+ trustDomain, err := spiffeid.TrustDomainFromString(id.TrustDomain)
+ if err != nil {
+ return "", err
+ }
+ if id, err := spiffeid.FromPath(trustDomain, id.Path); err != nil {
+ return "", err
+ } else {
+ return id.String(), nil
+ }
+}
diff --git a/internal/pkg/workload/workload.go b/internal/pkg/workload/workload.go
index 314caa3..72af4a5 100644
--- a/internal/pkg/workload/workload.go
+++ b/internal/pkg/workload/workload.go
@@ -54,7 +54,7 @@ func GetRegisteredWorkloads(ctx context.Context, kubeConfig string, kubeContext
registeredWorkload := &Workload{
Name: pod.Name,
Namespace: pod.Namespace,
- SPIFFEID: registeredEntry.Id.String(),
+ SPIFFEID: registeredEntry.Id,
Status: string(pod.Status.Phase),
Type: "Pod",
}