Comments (4)
@kfox1111's concern is valid. I've opened #5234 to cover adding a CLI command to address this.
from spire.
Thank you @kfox1111 for opening this issue. A related conversation is taking place in #5101.
One of the considerations for this is that we already have the AppendBundle RPC, which can be used to add X.509 and JWT authorities to the server's bundle. Could the use of the AppendBundle RPC handle the use cases that you have in mind?
from spire.
A regular user isn't going to be able to write code to call an rpc function.
There should be a mechanism that is idempotent/cicd friendly IMO.
from spire.
We had a use case where we needed to configure Envoy SDS to accept both SPIRE certs and non-SPIRE certs from a legacy system. This required adding the non-SPIRE cert to the trust bundle. I mention this so we can consider whether needs such as that and those of #5101 are best solved by a CLI command or whether a new server configuration would be more appropriate.
from spire.
Related Issues (20)
- k8s_psat node attestor: allow empty list of clusters HOT 2
- Update the docker image from golang:1.22.3-alpine3.18 to golang:1.22.4-alpine3.20
- Extend spire-server CLI with "append bundle" command HOT 2
- Downstream spire-server does not honour `ca_ttl` configurable. HOT 2
- Can support spire-agent use a proxy to invoke spire-server? HOT 2
- Extend the plugin Configurer interface to include a Validate func
- Remove deprecated ttl flag HOT 1
- Issue with JWT Key Type Change not Being Reflected on SPIRE Server Restarts HOT 2
- Feature Request: Enhance the "unix" workload attestor to allow discovery of symbols HOT 1
- Rework spire-server validate command to launch plugin instances for validation.
- Same SVID is pushed repeatedly on the FetchX509SVID stream by spire-agent with LRU cache
- Documentation / deployment walk through for SPIRE on TPM. HOT 1
- Agent health check reports ready prematurely HOT 1
- aws_iid attestation fails when ec2 network interfaces aren't listed in expected order
- Spire can support config activationThresholdCap? HOT 2
- Consider deprecating and removing usage of rsa-2048
- Consider using gRPC metrics from go-grpc-middleware
- Histogram instead of summary with quantile for latency metrics
- spire go.mod points at non-main branch of spire-api-sdk
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spire.