Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add tainted field to upstream authority messages #39

Merged
merged 5 commits into from
May 2, 2023

Conversation

MarcosDY
Copy link
Collaborator

@MarcosDY MarcosDY commented Feb 20, 2023

Update messages used on upstream authority plugins to propagate tainted keys

Fixes: spiffe/spire#3886

Signed-off-by: Marcos Yacob <[email protected]>
Signed-off-by: Marcos Yacob <[email protected]>
Signed-off-by: Marcos Yacob <[email protected]>
@MarcosDY MarcosDY changed the base branch from main to next February 20, 2023 16:45
Copy link
Member

@amartinezfayo amartinezfayo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. I have some suggestions for the comments.

@@ -12,4 +12,7 @@ message JWTKey {
// When the key expires (seconds since Unix epoch). If zero, the key does
// not expire.
int64 expires_at = 3;

// This key is no longer secure and must not be used
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// This key is no longer secure and must not be used
// Indicates if the key has been tainted. A tainted key is not safe to be used anymore.

@@ -5,4 +5,7 @@ option go_package = "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/types
message X509Certificate {
// The ASN.1 DER encoded bytes of the X.509 certificate.
bytes asn1 = 1;

// This authority is no longer secure and must not be used
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// This authority is no longer secure and must not be used
// Indicates if the authority has been tainted. A tainted authority is not safe to be used anymore.

Signed-off-by: Marcos Yacob <[email protected]>
@MarcosDY MarcosDY merged commit b364a36 into spiffe:next May 2, 2023
@MarcosDY MarcosDY deleted the update-uptream-authority branch May 2, 2023 17:40
MarcosDY added a commit that referenced this pull request Sep 10, 2024
* Add tainted propagation to upstream authorities.

Signed-off-by: Marcos Yacob <[email protected]>
MarcosDY added a commit that referenced this pull request Sep 10, 2024
* Add tainted propagation to upstream authorities.

Signed-off-by: Marcos Yacob <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants