-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add tainted field to upstream authority messages #39
Conversation
Signed-off-by: Marcos Yacob <[email protected]>
Signed-off-by: Marcos Yacob <[email protected]>
Signed-off-by: Marcos Yacob <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good. I have some suggestions for the comments.
@@ -12,4 +12,7 @@ message JWTKey { | |||
// When the key expires (seconds since Unix epoch). If zero, the key does | |||
// not expire. | |||
int64 expires_at = 3; | |||
|
|||
// This key is no longer secure and must not be used |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// This key is no longer secure and must not be used | |
// Indicates if the key has been tainted. A tainted key is not safe to be used anymore. |
@@ -5,4 +5,7 @@ option go_package = "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/types | |||
message X509Certificate { | |||
// The ASN.1 DER encoded bytes of the X.509 certificate. | |||
bytes asn1 = 1; | |||
|
|||
// This authority is no longer secure and must not be used |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// This authority is no longer secure and must not be used | |
// Indicates if the authority has been tainted. A tainted authority is not safe to be used anymore. |
Signed-off-by: Marcos Yacob <[email protected]>
* Add tainted propagation to upstream authorities. Signed-off-by: Marcos Yacob <[email protected]>
* Add tainted propagation to upstream authorities. Signed-off-by: Marcos Yacob <[email protected]>
Update messages used on upstream authority plugins to propagate tainted keys
Fixes: spiffe/spire#3886