Skip to content

Add types and RPCs for WIT-SVID #80

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: next
Choose a base branch
from
Open

Add types and RPCs for WIT-SVID #80

wants to merge 2 commits into from

Conversation

@sorindumitru
Copy link
Contributor

This contains the types and RPCs for some basic functionality for WIT-SVIDs to work. Extra functionality is required for UpstreamAuthority spire to function and for tainting and revoking keys.

@sorindumitru sorindumitru changed the base branch from main to next October 23, 2025 12:45
@arndt-s arndt-s mentioned this pull request Oct 27, 2025
Open
arndt-s
arndt-s reviewed Oct 27, 2025
View reviewed changes
proto/spire/api/server/svid/v1/svid.proto Outdated
// Required. SPIFFE ID of the JWT-SVID.
spire.api.types.SPIFFEID id = 1;

// Required. Public key for the cnf claim.
Copy link

@arndt-s arndt-s Oct 27, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should specify the encoding. I propose either JWK incl. private key or ASN1 DER.

arndt-s
arndt-s reviewed Oct 27, 2025
View reviewed changes
proto/spire/api/server/svid/v1/svid.proto Outdated
// Required. The entry ID for the identity being requested.
string entry_id = 1;

// Required. The ASN.1 DER encoded Certificate Signing Request (CSR). The
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think a CSR should be required for requesting a WIT. Similar to comment above I propose to just require the key itself (JWK or ASN DER)

@sorindumitru
Add types and RPCs for WIT-SVID
abd227b 
This contains the types and RPCs for some basic functionality for WIT-SVIDs to work. Extra functionality is required for UpstreamAuthority spire to function and for tainting and revoking keys.

Signed-off-by: Sorin Dumitru <sorin@returnze.ro>
@sorindumitru sorindumitru force-pushed the wit-svid branch 2 times, most recently from 1d963a2 to 192769c Compare October 27, 2025 21:30
@sorindumitru
Specify desired protoc_gen_go_version on install
64018b1 
Signed-off-by: Sorin Dumitru <sorin@returnze.ro>
@sorindumitru sorindumitru mentioned this pull request Oct 28, 2025
Open
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arndt-s arndt-s arndt-s left review comments

@evan2645 evan2645 Awaiting requested review from evan2645 evan2645 is a code owner

@amartinezfayo amartinezfayo Awaiting requested review from amartinezfayo amartinezfayo is a code owner

@MarcosDY MarcosDY Awaiting requested review from MarcosDY

@rturner3 rturner3 Awaiting requested review from rturner3 rturner3 is a code owner

@azdagron azdagron Awaiting requested review from azdagron azdagron is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sorindumitru @arndt-s