search

spiffe / spiffe-helper

The SPIFFE Helper is a tool that can be used to retrieve and manage SVIDs on behalf of a workload
Apache License 2.0
40 stars 39 forks source link

Add support for federated mode #124

Closed edurra closed 5 months ago

edurra commented 6 months ago

As stated on Issue 89 , SPIFFE Helper does not support federated mode, meaning that a trust bundle from a federated domain is not retrieved.

This pull request includes two configuration options to support fetching a federated domain trust bundle:

include_federated_domains: if true, it will include CA certificates from federated trust domains in the ca bundle.

The committed code does the following:

  1. Check if the include_federated_domains parameter is true
  2. Fetch the bundle in the same way it is currently done for the SVID bundle: 2.1. Fetch the bundle associated to the federated trust domains from the svidResponse object 2.2. Store the append the bundles to the CA trust bundle
MarcosDY commented 6 months ago

@edurra chabges looks good, but can you solve DCO? so we can merge, thanks!!!

edurra commented 6 months ago

@edurra chabges looks good, but can you solve DCO? so we can merge, thanks!!!

sure! done, let me know if I have to do anything else.

faisal-memon commented 6 months ago

@edurra Got some linter errors. Can you take a look? https://github.com/spiffe/spiffe-helper/actions/runs/7545693167/job/20541900458?pr=124

edurra commented 6 months ago

@edurra Got some linter errors. Can you take a look? https://github.com/spiffe/spiffe-helper/actions/runs/7545693167/job/20541900458?pr=124

done, I just tested locally and it should be fixed