Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add tainted field to upstream authority messages #39

Merged
merged 5 commits into from
May 2, 2023
Merged

Add tainted field to upstream authority messages #39

merged 5 commits into from
May 2, 2023

Conversation

MarcosDY
Copy link
Collaborator

@MarcosDY MarcosDY commented Feb 20, 2023
edited
Loading

Update messages used on upstream authority plugins to propagate tainted keys

Fixes: spiffe/spire#3886

@MarcosDY
Add tainted bool
b5009e0 
Signed-off-by: Marcos Yacob <marcos.yacob@hpe.com>
@MarcosDY
Add status to JWT key
bc7a13f 
Signed-off-by: Marcos Yacob <marcos.yacob@hpe.com>
@MarcosDY
Revert
fc80556 
Signed-off-by: Marcos Yacob <marcos.yacob@hpe.com>
@MarcosDY MarcosDY changed the base branch from main to next February 20, 2023 16:45
amartinezfayo
amartinezfayo reviewed Feb 21, 2023
View reviewed changes
Copy link
Member

@amartinezfayo amartinezfayo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. I have some suggestions for the comments.

proto/spire/plugin/types/jwtkey.proto Outdated
@@ -12,4 +12,7 @@ message JWTKey {
// When the key expires (seconds since Unix epoch). If zero, the key does
// not expire.
int64 expires_at = 3;

// This key is no longer secure and must not be used
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// This key is no longer secure and must not be used
// Indicates if the key has been tainted. A tainted key is not safe to be used anymore.

proto/spire/plugin/types/x509certificate.proto Outdated
@@ -5,4 +5,7 @@ option go_package = "github.com/spiffe/spire-plugin-sdk/proto/spire/plugin/types
message X509Certificate {
// The ASN.1 DER encoded bytes of the X.509 certificate.
bytes asn1 = 1;

// This authority is no longer secure and must not be used
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// This authority is no longer secure and must not be used
// Indicates if the authority has been tainted. A tainted authority is not safe to be used anymore.

@MarcosDY MarcosDY mentioned this pull request Feb 21, 2023
Closed
@MarcosDY
PR changes
014c987 
Signed-off-by: Marcos Yacob <marcos.yacob@hpe.com>
@MarcosDY MarcosDY merged commit b364a36 into spiffe:next May 2, 2023
@MarcosDY MarcosDY deleted the update-uptream-authority branch May 2, 2023 17:40
MarcosDY added a commit that referenced this pull request Sep 10, 2024
@MarcosDY
Add tainted field to upstream authority messages (#39)
c5bd211 
* Add tainted propagation to upstream authorities.

Signed-off-by: Marcos Yacob <marcos.yacob@hpe.com>
MarcosDY added a commit that referenced this pull request Sep 10, 2024
@MarcosDY
Add tainted field to upstream authority messages (#39)
3f1b22c 
* Add tainted propagation to upstream authorities.

Signed-off-by: Marcos Yacob <marcos.yacob@hpe.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@amartinezfayo amartinezfayo amartinezfayo left review comments

@evan2645 evan2645 evan2645 approved these changes

@azdagron azdagron Awaiting requested review from azdagron azdagron is a code owner

@rturner3 rturner3 Awaiting requested review from rturner3 rturner3 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MarcosDY @evan2645 @amartinezfayo